简单原理
1、在两台服务器上分别部署主备keepalived,主keepalived会在当前服务器配置漂移IP用于nginx对外提供服务
2、在两台服务器分别部署主备Nginx用于故障时切换
3、当nginx服务器挂掉后,主keepalived会降低当前机器权重,备keepalived服务器会把漂移IP抢过来配置在备服务器上,使备服务器上的nginx能接替工作继续对外提供服务
4、由于keepalived只能检测服务器是否宕机来实现故障自动切换,不能针对应用级别(nginx)的检测,因此,需要编写脚本实时监测nginx服务是否运行正常,当检测nginx运行不正常时就降低权重来实现故障自动切换
角色分配:
IP地址 | 部署应用 |
---|---|
192.168.1.200 | nginx01,keepalived01 |
192.168.1.201 | nginx02,keepalived02 |
漂移IP192.168.1.100初始配置在keepalived01,无需手动配置,keepalived会自动配置
准备工作:
#关闭iptables
service iptables stop
chkconfig iptables off
#关闭selinux
setenforce 0
修改/etc/selinux/config文件,将SELINUX=enforcing改为SELINUX=disabled
#同步主机时间
ntpdate 202.120.2.101
======================================================================
一、部署keepalived
MASTER主节点:
#安装keepalived
yum -y install keepalived
#编辑配置文件
vi /etc/keepalived/keepalived.conf
================================
! Configuration File for keepalived
global_defs {
notification_email {
2011820123@qq.com
}
notification_email_from 2011820123@qq.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_DEVEL
}
vrrp_script check_nginx { #nginx检测脚本
script "/etc/keepalived/check.sh" #脚本的存放位置
interval 2 #间隔时间
weight -51 #权重,降权
}
vrrp_instance VI_1 {
state MASTER #主节点
interface eth0
virtual_router_id 101
priority 100 #优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
check_nginx #调用nginx进程检测脚本
}
virtual_ipaddress {
192.168.1.100 #漂移IP
}
}
================================
#启动服务
service keepalived start
BACKUP备节点:
#安装keepalived
yum -y install keepalived
#编辑配置文件
vi /etc/keepalived/keepalived.conf
================================
! Configuration File for keepalived
global_defs {
notification_email {
2011820123@qq.com
}
notification_email_from 2011820123@qq.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_DEVEL
}
vrrp_script check_nginx {
script "/etc/keepalived/check.sh"
interval 2
weight -51
}
vrrp_instance VI_1 {
state BACKUP #备节点
interface eth0
virtual_router_id 101
priority 98 #优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
check_nginx #调用nginx进程检测脚本
}
virtual_ipaddress {
192.168.1.100 #漂移IP,可以添加多个
}
}
================================
#启动服务
service keepalived start
二、搭建nginx
#创建nginx用户
groupadd -r nginx
useradd -r -g nginx -s /bin/false -M nginx
#安装依赖包
yum -y groupinstall "Development Tools" "Server Platform Development"
yum -y install gcc openssl-devel pcre-devel zlib-devel gcc-c++
#创建文件夹备用
mkdir -pv /usr/local/work/nginx/client
mkdir -pv /usr/local/work/nginx/proxy
#下载nginx编译安装
cd /usr/local/src
tar zxf nginx-1.9.3.tar.gz
cd /usr/local/src/nginx-1.9.3
./configure --prefix=/usr/local/work/nginx --conf-path=/usr/local/work/nginx/nginx.conf --user=nginx --group=nginx --error-log-path=/usr/local/work/nginx/logs/error.log --http-log-path=/usr/local/work/nginx/logs/access.log --pid-path=/usr/local/work/nginx/nginx.pid --lock-path=/usr/local/work/nginx/nginx.lock --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --http-client-body-temp-path=/usr/local/work/nginx/client --http-proxy-temp-path=/usr/local/work/nginx/proxy --http-fastcgi-temp-path=/usr/local/work/nginx
make && make install
#nginx的主配置文件
vi /usr/local/work/nginx/nginx.conf
================================
worker_processes 8;
worker_rlimit_nofile 102400;
events {
use epoll;
multi_accept on;
worker_connections 102400;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 60;
server_tokens off;
client_header_buffer_size 2k;
large_client_header_buffers 4 4k;
client_max_body_size 15m;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
server {
listen 80; #侦听端口
server_name open.ximucredit.com;
location / {
root /var/www/html; #网页的存放位置
index index.html;
}
}
}
================================
#添加服务启动脚本
vi /etc/rc.d/init.d/nginx
================================
#nx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/work/nginx/nginx.conf
# config: /etc/sysconfig/nginx #系统优先找到第一个配置文件,其次找此配置文件
# pidfile: /usr/local/work/nginx/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/work/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/work/nginx/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
================================
#添加至服务管理列表,并让其开机自启动
chkconfig --add nginx
chkconfig nginx on
#启动服务器测试
service nginx restart
三、编写nginx的监控脚本
vi /etc/keepalived/check.sh
================================
#!/bin/bash
ping=`ping 192.168.1.201 -c 4 | grep ttl=64 >> /dev/null && echo yes` #ping自己的IP,检查是否ping通,如果通,则输出yes
pid=`ps -C nginx --no-header | wc -l` #查看nginx的PID
if [ $ping = yes ];then #如果ping的结果返回yes,然后执行下步操作
if [ $pid -eq 0 ];then #如果返回PID的个数等于0,然后重启keepalived服务,退出
/etc/init.d/keepalived restart
exit 1
else
curl http://192.168.1.100 | grep "#网页中的关键字#" && exit 0 || /etc/init.d/keepalived restart && exit 1 #查看网页中关键字,如果匹配退出,否则重启keepalived服务
fi
fi
================================
#给脚本执行权限
chmod +x /etc/keepalived/check.sh
#检测步骤
1、在两台服务器上输入"ip a" ,一台会出现漂移IP192.168.1.100
2、向网页中追加信息(如:11111),然后访问,http://192.168.1.100,查看到11111
3、改变网页中的内容(如:22222),再次访问,如果不断刷新仍是11111,说明成功;否则,失败