KeepAlive + nginx的配置记录

应用系统：

[root@db2 src]# lsb_release -a
LSB Version:	:base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID:	CentOS
Description:	CentOS release 6.10 (Final)
Release:	6.10
Codename:	Final
[root@db2 src]# uname -a
Linux db2 2.6.32-754.el6.x86_64 #1 SMP Tue Jun 19 21:26:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@db2 src]# 

关闭防火墙，设置SELINUX=disabled

SELINUX在/etc/sysconfig/selinux中设置，需要重启系统生效，如果不想重启系统，可以使用命令：setenforce 0， getenforce可以查看结果

[root@www init.d]# service iptables stop; service ip6tables stop
[root@www init.d]# cat /etc/sysconfig/selinux 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

安装过程：

yum install libnl libnl-devel openssl-devel -y
wget http://www.keepalived.org/software/keepalived-2.0.10.tar.gz
tar zxf keepalived-2.0.10.tar.gz
cd keepalived-2.0.10
./configure --prefix=/usr/local/keepalive
cp ./keepalived/etc/init.d/keepalived /etc/init.d/
cp /usr/local/keepalive/etc/sysconfig/keepalived /etc/sysconfig/
mkdir -p /etc/keepalived/
ln -s /usr/local/keepalive/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
ln -s /usr/local/keepalive/sbin/keepalived /usr/bin/
useradd keepalived_script
# service keepalived restart

keepalived.conf配置内容：

! Configuration File for keepalived

global_defs {
   router_id NGINX
   script_user root
   enable_script_security        # 注意脚本【check_nginx_pid.sh】权限的问题 
}

vrrp_script chk_http_port {
  script "/usr/local/src/check_nginx_pid.sh"
  interval 2
  weight -20
  fall 2
  rise 1
}

vrrp_instance VI_1 {
    state BACKUP                  # 主写MASTER
    nopreempt
    interface eth0
    virtual_router_id 87          # 数字要一样
    priority 100      # BACKUP的会低一些，设置的时候要注意，如果MASTER所在机器脚本[chk_http_port ]执行失败，这个数字会扣除weight 的值，这值要小于从机器的数字，VIP才会转移到BACKUP主机
    advert_int 1
    notify_fault "/usr/local/src/mail.sh fault db1" root
    notify_master "/usr/local/src/mail.sh master db1" root
    notify_backup "/usr/local/src/mail.sh backup db1" root
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
       192.168.202.10
    }
    track_script {                     
       chk_http_port                 
    }
}

nginx 监控脚本check_nginx_pid.sh

这个脚本在返回错误的情况下，会启动服务，并且返回错误1，keepalive服务会再进来检测，如果返回还是错误1，则认为是失败，参考keepalive配置fall 2

#!/bin/bash
/usr/bin/curl -s --connect-timeout 1 http://127.0.0.1/ > /dev/null
if [ "$?" != "0" ];then
    /usr/sbin/nginx -c /etc/nginx/nginx.conf
    exit 1
fi
exit 0

邮件报警脚本 mail.sh

在系统里面也要做一些配置：点击这里，查看参考资料

#!/bin/bash
if [ "$1" == "master" ];then
   strings="主机: $2, 成为: $1"
elif [ "$1" == "backup" ];then
   strings="主机: $2, 成为: $1"
elif [ "$1" == "fault" ];then
   strings="主机: $2, 成为: $1"
else
   strings="主机: $2, 参数未知[$*]"
fi
echo $strings | /bin/mail -s "keepalive状态变更"  2648628733@qq.com

查看VIP命令：

只能用ip addr 命令查看，用ifconfig是看不到的
inet 192.168.202.10/32 scope global eth0

[root@db2 src]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:53:00:b9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.202.129/24 brd 192.168.202.255 scope global eth0
    inet 192.168.202.10/32 scope global eth0
    inet6 fe80::20c:29ff:fe53:b9/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:50:56:2c:34:67 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.2/24 brd 192.168.100.255 scope global eth1
    inet6 fe80::250:56ff:fe2c:3467/64 scope link 
       valid_lft forever preferred_lft forever
[root@db2 src]# 

效果测试

• 把nginx停止，看一下keepalive的输出，效果是我们想要的：

[root@www init.d]# service nginx stop
Stopping nginx:                                            [  OK  ]
[root@www init.d]# service nginx stop
Stopping nginx:                                            [  OK  ]
[root@www init.d]# 
[root@www ~]# tailf /var/log/messages
Dec 21 11:45:33 www Keepalived_vrrp[53938]: Sending gratuitous ARP on eth0 for 192.168.202.10
Dec 21 11:45:33 www Keepalived_vrrp[53938]: (VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.202.10
Dec 21 11:45:33 www Keepalived_vrrp[53938]: Sending gratuitous ARP on eth0 for 192.168.202.10
Dec 21 11:45:33 www Keepalived_vrrp[53938]: Sending gratuitous ARP on eth0 for 192.168.202.10
Dec 21 11:45:33 www Keepalived_vrrp[53938]: Sending gratuitous ARP on eth0 for 192.168.202.10
Dec 21 11:45:33 www Keepalived_vrrp[53938]: Sending gratuitous ARP on eth0 for 192.168.202.10
Dec 21 11:46:14 www Keepalived_vrrp[53938]: Script `chk_http_port` now returning 1
Dec 21 11:46:16 www Keepalived_vrrp[53938]: Script `chk_http_port` now returning 0
Dec 21 11:46:28 www Keepalived_vrrp[53938]: Script `chk_http_port` now returning 1
Dec 21 11:46:30 www Keepalived_vrrp[53938]: Script `chk_http_port` now returning 0

• 邮件报警截图