很多时候我们会用nginx做应用服务的负载均衡,但这只是保证应用服务能力的一项措施,如果nginx是单机的是不是也有可能服务没挂,但nginx出问题了,那相当于你的服务也没法访问了,所以在一些场景中也需要保证nginx的高可用。一般我们会用keepalived做nginx的高可用,采用策略有:主备策略或者主主策略,这里我介绍下主备策略,它的思想是:假如有AB两台主机+虚拟IP地址一个,A作为主一直处于工作状态,B一直处于备胎状态,向外暴露虚拟IP地址访问,只有A出现故障才迁移到B上,B才开始上位工作。下面介绍下操作方式。
安装keepalived
安装详细步骤如下:
#提前安装依赖包
yum install -y gcc openssl-devel popt-devel ipvsadm
wget http://www.keepalived.org/software/keepalived-2.1.4.tar.gz
tar zxvf keepalived-2.1.4.tar.gz
cd keepalived-2.1.4
#指定安装目录
./configure --prefix=/usr/local/keepalived
make && make install
#配置
mkdir /etc/keepalived/
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
#修改keepalived.conf配置,具体见下面的“配置keepalived”
#启动前需要先配置keepalived.conf,要不然报错:PID file /run/keepalived.pid not readable (yet?) after start
systemctl enable keepalived.service #设置开机启动
systemctl start keepalived.service
systemctl status keepalived.service
journalctl -xe #查看启动日志
tail -100f /var/log/messages #查看日志
pkill keepalived #杀掉所有进程
配置主keepalived
修改keepalived.conf配置
cd /etc/keepalived/
vim keepalived.conf
#具体配置内容
#全局定义
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
#notification_email_from Alexandre.Cassen@firewall.loc
#smtp_server 192.168.235.129 #改这里了
#smtp_connect_timeout 30
router_id nginx_master #唯一的值,也可以改成IP
}
#检测脚本定义
vrrp_script chk_http_port {
script "/etc/keepalived/nginx_check.sh"
interval 2 # 检测脚本执行的间隔
weight -20 # 权重等级
}
#虚拟实例定义
vrrp_instance VI_1 {
state MASTER #主机为MASTER,备用机为BACKUP
interface eno1 #网卡名,用ifconfig查看
virtual_router_id 66 #主、备机的virtual_router_id必须相同
priority 100 #主、备机取不同的优先级,主机值较大,备份机值较小
advert_int 1 #心跳,每隔1秒钟检测一下服务器是否还活着
mcast_src_ip 192.115.206.144 #主nginx的ip地址
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.115.206.146 # 暴露给外界的虚拟IP地址,切记要与实际服务器处于同一网段
}
}
配置从keepalived
修改keepalived.conf配置
cd /etc/keepalived/
vim keepalived.conf
#具体配置内容
#全局定义
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
#notification_email_from Alexandre.Cassen@firewall.loc
#smtp_server 192.168.235.129 #改这里了
#smtp_connect_timeout 30
router_id nginx_master #唯一的值,也可以改成IP
}
#检测脚本定义
vrrp_script chk_http_port {
script "/etc/keepalived/nginx_check.sh"
interval 2 # 检测脚本执行的间隔
weight -20 # 权重等级
}
#虚拟实例定义
vrrp_instance VI_1 {
state BACKUP #主机为MASTER,备用机为BACKUP
interface eno1 #网卡名,用ifconfig查看
virtual_router_id 66 #主、备机的virtual_router_id必须相同
priority 99 #主、备机取不同的优先级,主机值较大,备份机值较小
advert_int 1 #心跳,每隔1秒钟检测一下服务器是否还活着
mcast_src_ip 192.115.206.145 #从nginx的ip地址
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.115.206.146 # 暴露给外界的虚拟IP地址,切记要与实际服务器处于同一网段
}
}
添加nginx_check.sh脚本
cd /etc/keepalived/
touch nginx_check.sh
chmod +x nginx_check.sh
vim nginx_check.sh
#添加如下内容
#!/bin/bash
A=`ps -C nginx -no-header |wc -l`
if [ $A -eq 0 ];then
/usr/local/nginx/sbin/nginx
sleep 2
if [ `ps -C nginx --no-header |wc -l` -eq 0];then
killall keepalived
fi
fi
保存配置后启动
systemctl start keepalived.service
做完以上部署配置,ng就暴露一个虚拟IP就可以,如果主IP的ng挂了keepalived会去做切换,去访问从IP的ng,这样就做到ng的高可用。