keepalived实现Nginx单主模式反向代理的高可用
环境准备
五台机器:
client:10.0.0.150/24
VIP:10.0.0.10
ka1+nginx:10.0.0.7/24 virtual router ID:66
ka2+nginx:10.0.0.17/24 virtual router ID:66
web1:10.0.0.27/24 httpd
web2:10.0.0.37/24 httpd
[root@ka1 conf.d]#pwd
/etc/keepalived/conf.d
[root@ka1 conf.d]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.100.101.33
}
vrrp_script check_down { #定义一个检测脚本,在global_defs 之外配置
script "[ ! -f /etc/keepalived/down ]" #shell命令或脚本路径(注意执行权限)
interval 1 #间隔时间,单位为秒,默认1秒
weight -30
fall 3 #执行脚本连续几次都失败,则转换为失败,建议设为2以上
rise 2 #执行脚本连续几次都成功,把服务器从失败标记为成功
timeout 2 #超时时间
}
include /etc/keepalived/conf.d/*.conf
[root@ka1 conf.d]#cat ka1_vrrp.conf
vrrp_instance ka1 {
state MASTER
interface eth0
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 6iWOIsiu
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:1
}
unicast_src_ip 10.0.0.7
unicast_peer{
10.0.0.17
}
track_script {
check_down #调用前面定义的脚本
}
}
[root@ka2 conf.d]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2
vrrp_mcast_group4 224.100.101.33
}
vrrp_script check_down {
script "[ ! -f /etc/keepalived/down ]"
interval 1
weight -30
fall 3
rise 2
timeout 2
}
include /etc/keepalived/conf.d/*.conf
[root@ka2 conf.d]#cat ka1_vrrp.conf
vrrp_instance ka1 {
state BACKUP
interface eth0
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 6iWOIsiu
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:1
}
unicast_src_ip 10.0.0.17
unicast_peer{
10.0.0.7
}
track_script {
check_down
}
}
[root@ka1 conf.d]#systemctl restart keepalived.service
[root@ka2 conf.d]#systemctl restart keepalived.service
[root@ka1 conf.d]#touch /etc/keepalived/down
[root@ka1 conf.d]#hostname -I
10.0.0.7
[root@ka2 conf.d]#hostname -I
10.0.0.17 10.0.0.10
#抓包分析
[root@client ~]#tcpdump -i eth0 -nn src host 10.0.0.17 and dst host 10.0.0.7
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:57:04.034918 IP 10.0.0.17 > 10.0.0.7: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
18:57:05.039176 IP 10.0.0.17 > 10.0.0.7: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
18:57:06.042256 IP 10.0.0.17 > 10.0.0.7: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
18:57:07.043879 IP 10.0.0.17 > 10.0.0.7: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
[root@ka1 conf.d]#rm -rf /etc/keepalived/down
[root@ka1 conf.d]#hostname -I
10.0.0.7 10.0.0.10
[root@ka2 conf.d]#hostname -I
10.0.0.17
[root@client ~]#tcpdump -i eth0 -nn src host 10.0.0.7 and dst host 10.0.0.17
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
19:23:29.842301 IP 10.0.0.7 > 10.0.0.17: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
19:23:30.828661 ARP, Request who-has 10.0.0.17 tell 10.0.0.7, length 46
19:23:30.850178 IP 10.0.0.7 > 10.0.0.17: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
19:23:31.851128 IP 10.0.0.7 > 10.0.0.17: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 2
#在两个节点都配置nginx反向代理
[root@ka1 conf.d]#vim /etc/nginx/nginx.conf
http {
upstream webservers {
server 10.0.0.27:80;
server 10.0.0.37:80;
}
server {
listen 80;
location / {
proxy_pass http://webservers;
}
}
}
[root@ka1 conf.d]#nginx -t
[root@ka1 conf.d]#nginx -s reload
#测试
[root@client ~]#curl http://10.0.0.10
10.0.0.27
[root@client ~]#curl http://10.0.0.10
10.0.0.37
[root@client ~]#curl http://10.0.0.10
10.0.0.27
[root@client ~]#curl http://10.0.0.10
10.0.0.27
[root@ka1 conf.d]#scp /etc/nginx/nginx.conf 10.0.0.17:/etc/nginx/
[root@ka2 conf.d]#nginx -s reload
[root@client ~]#curl http://10.0.0.7
10.0.0.37
[root@client ~]#curl http://10.0.0.7
10.0.0.27
[root@client ~]#curl http://10.0.0.7
10.0.0.37
[root@client ~]#curl http://10.0.0.7
10.0.0.27
[root@client ~]#curl http://10.0.0.17
10.0.0.27
[root@client ~]#curl http://10.0.0.17
10.0.0.37
[root@client ~]#curl http://10.0.0.17
10.0.0.27
[root@client ~]#curl http://10.0.0.17
10.0.0.37
[root@ka1 conf.d]#cat check_nginx.sh
#!/bin/bash
killall -0 nginx &> /dev/null
[root@ka1 conf.d]#chmod +x check_nginx.sh
[root@ka1 conf.d]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.100.101.33
}
vrrp_script check_down {
script "[ ! -f /etc/keepalived/down ]"
interval 1
weight -30
fall 3
rise 2
timeout 2
}
vrrp_script check_nginx {
script "/etc/keepalived/conf.d/check_nginx.sh"
interval 1
weight -30
fall 3
rise 2
timeout 2
}
include /etc/keepalived/conf.d/*.conf
[root@ka1 conf.d]#cat ka1_vrrp.conf
vrrp_instance ka1 {
state MASTER
interface eth0
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 6iWOIsiu
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:1
}
unicast_src_ip 10.0.0.7
unicast_peer{
10.0.0.17
}
track_script {
check_down
check_nginx
}
}
[root@ka1 conf.d]#scp check_nginx.sh 10.0.0.17:/etc/keepalived/conf.d/
[root@ka2 ~]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2
vrrp_mcast_group4 224.100.101.33
}
vrrp_script check_down {
script "[ ! -f /etc/keepalived/down ]"
interval 1
weight -30
fall 3
rise 2
timeout 2
}
vrrp_script check_nginx {
script "/etc/keepalived/conf.d/check_nginx.sh"
interval 1
weight -30
fall 3
rise 2
timeout 2
}
include /etc/keepalived/conf.d/*.conf
[root@ka2 conf.d]#cat ka1_vrrp.conf
vrrp_instance ka1 {
state BACKUP
interface eth0
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 6iWOIsiu
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:1
}
unicast_src_ip 10.0.0.17
unicast_peer{
10.0.0.7
}
track_script {
check_down
check_nginx
}
}
[root@ka1 conf.d]#systemctl restart keepalived.service
[root@ka2 conf.d]#systemctl restart keepalived.service
[root@ka1 conf.d]#hostname -I
10.0.0.7 10.0.0.10
[root@client ~]#tcpdump -i eth0 -nn src host 10.0.0.7 and dst host 10.0.0.17
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:45:17.787720 IP 10.0.0.7 > 10.0.0.17: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
21:45:18.791075 IP 10.0.0.7 > 10.0.0.17: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
21:45:19.813535 IP 10.0.0.7 > 10.0.0.17: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 2
[root@ka1 conf.d]#systemctl stop keepalived.service
[root@client ~]#tcpdump -i eth0 -nn src host 10.0.0.17 and dst host 10.0.0.7
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:50:04.521889 IP 10.0.0.17 > 10.0.0.7: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
21:50:05.524361 IP 10.0.0.17 > 10.0.0.7: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
21:50:06.527239 IP 10.0.0.17 > 10.0.0.7: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
#测试
[root@client ~]#curl 10.0.0.10
10.0.0.27
[root@client ~]#curl 10.0.0.10
10.0.0.37
[root@client ~]#curl 10.0.0.10
10.0.0.27
[root@client ~]#curl 10.0.0.10
10.0.0.27
[root@client ~]#curl 10.0.0.10
10.0.0.37
[root@ka2 conf.d]#hostname -I
10.0.0.17 10.0.0.10
[root@ka1 conf.d]#systemctl start keepalived.service
[root@client ~]#tcpdump -i eth0 -nn src host 10.0.0.7 and dst host 10.0.0.17
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:55:27.708874 IP 10.0.0.7 > 10.0.0.17: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
21:55:28.719734 IP 10.0.0.7 > 10.0.0.17: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
21:55:29.525266 ARP, Reply 10.0.0.7 is-at 00:0c:29:33:b7:af, length 46
21:55:29.736392 IP 10.0.0.7 > 10.0.0.17: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
[root@client ~]#curl 10.0.0.10
10.0.0.27
[root@client ~]#curl 10.0.0.10
10.0.0.37
[root@client ~]#curl 10.0.0.10
10.0.0.27
[root@client ~]#curl 10.0.0.10
10.0.0.37
[root@ka1 conf.d]#hostname -I
10.0.0.7 10.0.0.10
[root@ka1 conf.d]#killall -9 nginx
[root@ka2 conf.d]#hostname -I
10.0.0.17 10.0.0.10
[root@client ~]#curl 10.0.0.10
10.0.0.27
[root@client ~]#curl 10.0.0.10
10.0.0.37
[root@client ~]#curl 10.0.0.10
10.0.0.37
[root@client ~]#curl 10.0.0.10
10.0.0.27