Keepalived+Nginx 高可用集群（双主模式）

1.基础环境配置

[root@lb1 ~]# systemctl stop firewalld         										 # 关闭防火墙
[root@lb1 ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/sysconfig/selinux           # 关闭selinux，重启生效
[root@lb1 ~]# setenforce 0        　　　　　　　　									  # 关闭selinux，临时生效
[root@lb1 ~]# yum -y install ntpdate.x86_64											# 安装 ntp 命令
[root@lb1 ~]# ntpdate 0.centos.pool.ntp.org    										# 时间同步
[root@lb1 ~]# yum install nginx -y        　　　									  # 安装nginx

2.web1，2服务器

[root@wb1 ~]# echo "web_1  221" > /usr/share/nginx/html/index.html
[root@wb2 ~]# echo "web_2  222" > /usr/share/nginx/html/index.html

# 修改server_name
[root@lb1 ~]# vim /etc/nginx/nginx.conf

server {
        listen       80;
        listen       [::]:80;
        server_name  www.example.com;
        root         /usr/share/nginx/html;
     
#启动并配置开机自启
[root@wb1 ~]# systemctl enable nginx  --now
[root@wb2 ~]# systemctl enable nginx  --now

3.配置lb1，lb2
这里两台机器是一致的，以lb1 举例操作一样

# 配置负载均衡模块
[root@lb1 ~]# mkdir /etc/nginx/conf.d/lb1.conf
[root@lb1 ~]# vim /etc/nginx/conf.d/lb1.conf
upstream backend {
    	server 192.168.29.221:80 weight=1 max_fails=3 fail_timeout=20s;
    	server 192.168.29.222:80 weight=1 max_fails=3 fail_timeout=20s;
    }
    server {
        listen       80;
        server_name  www.example.com;
        location / {
        proxy_pass http://backend;
        proxy_set_header Host $host:$proxy_port;
        proxy_set_header X-Forwarded-For $remote_addr;
        }
    }
[root@lb1 ~]# systemctl enable nginx  --now


#可在测试节点上curl 来验证负载均衡是否配置成功

4.配置高可用 Keepalived 服务器（lb1，lb2 ）

# 安装
[root@lb1 ~]# yum install keepalived -y

[root@lb1 ~]# vim /etc/keepalived/keepalived.conf

lb1:

! Configuration File for keepalived

global_defs {
   notification_email {
   343590279@qq.com
   }
   smtp_server 192.168.29.1
   smtp_connect_timeout 30
   router_id LVS_lb1
}

vrrp_script check_nginx {
   script "/shell/check-nginx.sh"
   interval 2
   weight -20
   timeout 10 
   user root root
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
    192.168.29.100/24 dev ens33 label ens33:1
    }
    track_script {
      check_nginx
    }
}
vrrp_instance VI_2 {
    state BACKUP
    interface ens33
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
    auth_type PASS
    auth_pass 2222
    }
    virtual_ipaddress {
    192.168.29.200/24 dev ens33 label ens33:2
    }
    
    track_script {
        check_nginx
    }
}


[root@lb1 ~]# mkdir /shell
[root@lb1 ~]# touch /shell/check-nginx.sh
#!/bin/bash
run=`curl -I -m 10 -o /dev/null -s -w %{http_code} localhost`
if [ $run -ne 200 ];then
        systemctl stop keepalived.service
fi

lb2:

! Configuration File for keepalived

global_defs {
   notification_email {
   		343590279@qq.com
   }
   smtp_server 192.168.29.1
   smtp_connect_timeout 30
   router_id LVS_lb2
}

vrrp_script check_nginx {
   script "/shell/check-nginx.sh"
   interval 2
   weight -20
   timeout 10 
   user root root
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
    192.168.29.100/24 dev ens33 label ens33:1
    }
    track_script {
      check_nginx
    }
}

vrrp_instance VI_2 {
    state MASTER
    interface ens33
    virtual_router_id 52
    priority 150
    advert_int 1
    authentication {
    auth_type PASS
    auth_pass 2222
    }
    virtual_ipaddress {
    192.168.29.200/24 dev ens33 label ens33:2
    }
    
    track_script {
        check_nginx
    }
}

[root@lb2 ~]# mkdir /shell
[root@lb2 ~]# touch /shell/check-nginx.sh
#!/bin/bash
run=`curl -I -m 10 -o /dev/null -s -w %{http_code} localhost`
if [ $run -ne 200 ];then
        systemctl stop keepalived.service
fi

5.配置dns域名解析 机器上都配置一下

[root@lb1 conf.d]# vim /etc/hosts
192.168.29.100 www.example.com
192.168.29.200 www.example.com

6.验证

可以看到lb1 现在是192.168.29.100

[root@lb1 conf.d]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:34:e8:e9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.29.145/24 brd 192.168.29.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.29.100/24 scope global secondary ens33:1
       valid_lft forever preferred_lft forever
    inet6 fe80::af4d:69e:aacf:f4e1/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

lb2 现在是192.168.29.200：

[root@lb2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:da:e1:59 brd ff:ff:ff:ff:ff:ff
    inet 192.168.29.220/24 brd 192.168.29.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.29.200/24 scope global secondary ens33:2
       valid_lft forever preferred_lft forever
    inet6 fe80::b09a:b99e:bc92:62ee/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::9073:a63f:e689:8462/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::7514:5e70:5d24:c66e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

如果此时在lb1 或者lb2 上 stop Keepalived 会看到100 或者200 飘到另一台机器上：

[root@lb2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:da:e1:59 brd ff:ff:ff:ff:ff:ff
    inet 192.168.29.220/24 brd 192.168.29.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.29.100/24 scope global secondary ens33:1
       valid_lft forever preferred_lft forever
    inet 192.168.29.200/24 scope global secondary ens33:2
       valid_lft forever preferred_lft forever
    inet6 fe80::b09a:b99e:bc92:62ee/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::9073:a63f:e689:8462/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::7514:5e70:5d24:c66e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

测试机器上测试：

[root@server ~]# curl 192.168.29.145
web1 221
[root@server ~]# curl 192.168.29.145
web1 221
[root@server ~]# curl 192.168.29.145
web2 222 
[root@server ~]# curl 192.168.29.145
web2 222 
[root@server ~]# curl 192.168.29.145
web1 221
[root@server ~]# curl 192.168.29.145
web1 221


[root@server ~]# curl www.example.com 
web2 222 
[root@server ~]# curl www.example.com 
web2 222 
[root@server ~]# curl www.example.com 
web1 221
[root@server ~]# curl www.example.com 
web2 222 
[root@server ~]# curl www.example.com 
web1 221
[root@server ~]# curl www.example.com 
web1 221
[root@server ~]# curl www.example.com 
web2 222