實現 nginx keepalived

Nginx+keepalived實現高可用負載均衡的主主模式

由於網站的訪問需求不斷加大，負載越來越高。現需要在web前端放置nginx負載均衡,同時結合keepalived對前端nginx實現HA高可用。
1、nginx進程基於Master+Slave(worker模式)多進程模型，自身具有非常穩定的子進程管理功能。在Master進程分配模式下，Master進程永遠不進行業務處理，只是進行任務分發，從而達到Master進程的存活高可靠性，Slave(worker)進程所有的業務信號都由主進程發出，Slave(worker)進程所有的超時任務都會被Master中止，屬於非阻塞式任務模型。
2、Keepalived是Linux下面實現VRRP備份路由的高可靠性運行件。基於Keepalived設計的服務模式能夠真正做到主服務器和備份服務器故障時IP瞬間無縫交接。二者結合，可以構架出比較穩定的軟件LB方案。

雙機高可用方法目前分為兩種：

1）雙機主從模式：即前端使用兩臺服務器，一臺主服務器和一臺熱備服務器，正常情況下，主服務器綁定一個公網虛擬IP，提供負載均衡服務，熱備服務器處於空閑狀態；當主服務器發生故障時，熱備服務器接管主服務器的公網虛擬IP，提供負載均衡服務；但是熱備服務器在主機器不出現故障的時候，永遠處於浪費狀態，對於服務器不多的網站，該方案不經濟實惠。
2）雙機主主模式：這種模式的效果很強大，即前端使用兩臺負載均衡服務器，互為主備，且都處於活動狀態（這樣達到不浪費服務器），同時各自綁定一個公網虛擬IP，提供負載均衡服務；當其中一臺發生故障時，另一臺接管發生故障服務器的公網虛擬IP（這時由非故障機器一臺負擔所有的請求）。這種方案，經濟實惠，非常適合於當前架構環境。

一、環境介紹：

操作系統：

[root@centos-4 ~]# cat /etc/redhat-release

CentOS release 6.9 (Final)

服務器對應關系：

KA1：192.168.5.129 centos-1

KA2：192.168.5.128 centos-4

Vip1：192.168.5.200 129master/128backup

VIP2：192.168.5.210 128master/129backup

Web1：192.168.5.131 centos-2

Web2：192.168.5.132 centos-3

二、環境安裝：

安裝依賴：

（在KA1和KA2機器上執行以下步驟）
[root@centos-4 ~]# yum -y install gcc pcre-devel zlib-devel openssl-devel

[root@centos-4~]# cd /usr/local/src/
[root@centos-4 src]# wget http://nginx.org/download/nginx-1.9.7.tar.gz

安裝nginx
[root@centos-4 src]# tar -zvxfnginx-1.9.7.tar.gz
[root@centos-4 src]# cd nginx-1.9.7

[root@centos-4 nginx-1.9.7]#./configure --prefix=/usr/local/nginx --user=nginx --group=nginx--with-http_ssl_module --with-http_flv_module --with-http_stub_status_module--with-http_gzip_static_module --with-pcre

[root@centos-4 nginx-1.9.7]# make &&make install

[root@centos-1 ~]# yum install -ykeepalived

(在web1服務器和web2服務器上安裝nginx)

[root@centos-2~]# yum -y install gcc pcre-devel zlib-devel openssl-devel

[root@centos-2~]# cd /usr/local/src/
[root@centos-2 src]# wget http://nginx.org/download/nginx-1.9.7.tar.gz

安裝nginx
[root@centos-2 src]# tar -zvxfnginx-1.9.7.tar.gz
[root@centos-2 src]# cd nginx-1.9.7

[root@centos-2 nginx-1.9.7]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx--with-http_ssl_module --with-http_flv_module --with-http_stub_status_module--with-http_gzip_static_module --with-pcre

[root@centos-2 nginx-1.9.7]# make &&make install

三、配置服務：

（所以服務器上配置）

[root@centos-1 ~]# cat/etc/sysconfig/selinux

SELINUX=disabled

[root@centos-1 ~]# getenforce

Disabled

[root@centos-1 ~]# service iptables stop

1、配置keepalived：

（KA1上操作）

[root@centos-1 ~]#cat /etc/keepalived/keepalived.conf
! Configuration Filefor keepalived  
  
global_defs {  
   notification_email {  
     [email protected]  
     #[email protected]  
     #[email protected]  
   }  
   router_id LVS_DEVEL  
}  
 vrrp_scriptchk_http_port {        
    script "/opt/check_nginx.sh"   
    interval 2                      
    weight -5                       
    fall 2                   
    rise 1                  
}
  
vrrp_instance VI_1{  
    state MASTER
    interface eth0  
    virtual_router_id 51  
    priority 100  
    advert_int 1  
    authentication {  
        auth_type PASS  
        auth_pass 1111  
    }  
    virtual_ipaddress {  
        192.168.5.200  
    }  
} 
 
vrrp_instance VI_2{  
    state BACKUP
    interface eth0
    virtual_router_id 50
    priority 90
    advert_int 1  
    authentication {  
        auth_type PASS
        auth_pass 1111  
    }
    virtual_ipaddress {
        192.168.5.210
}
track_script {                     
   chk_http_port                 
}
 
}

（KA2上操作）

[root@centos-2 ~]#cat /etc/keepalived/keepalived.conf
! Configuration Filefor keepalived  
  
global_defs {  
   notification_email {  
     [email protected]  
     #[email protected]  
     #[email protected]  
   }  
   router_id LVS_DEVEL  
}  
 vrrp_scriptchk_http_port {        
    script "/opt/check_nginx.sh"   
    interval 2                      
    weight -5                       
    fall 2                   
    rise 1                  
}
  
vrrp_instance VI_1{  
    state BACKUP
    interface eth0  
    virtual_router_id 51  
    priority 90 
    advert_int 1  
    authentication {  
        auth_type PASS  
        auth_pass 1111  
    }  
    virtual_ipaddress {  
        192.168.5.200  
    }  
} 
 
vrrp_instance VI_2{  
    state MASTER
    interface eth0
    virtual_router_id 50
    priority 100
    advert_int 1  
    authentication {  
        auth_type PASS
        auth_pass 1111  
    }
    virtual_ipaddress {
        192.168.5.210
}
track_script {                     
     chk_http_port                 
}
}

編寫一個監控nginx的腳本：

需要註意的是，要判斷本機nginx是否正常，如果發現nginx不正常，重啟之後，等待三秒在校驗，任然失敗則不嘗試，關閉keepalived，發送郵件，其他主機此時接管VIP；

[root@centos-4~]# cat /opt/check_nginx.sh
#!/bin/bash
check=$(ps-C nginx --no-heading|wc -l)
IP=`ipadd | grep eth0 | awk  ‘NR==2{print $2}‘| awk -F ‘/‘ ‘{print $1}‘`
if ["${check}" = "0" ]; then
    /usr/local/nginx/sbin/nginx
    sleep 2
    counter=$(ps -C nginx --no-heading|wc -l)
    if [ "${check}" = "0"]; then
        /etc/init.d/keepalived stop
       echo "check $IP nginx is down"| mail -s "check keepalived nginx" *********@qq.com
    fi
fi

(KA1一樣的監控腳本)

2、在兩臺前端服務器上啟動keepalived服務，對於192.168.5.200的vip centos-1是master/192.168.5.210的vip centos-1是backup。

[root@centos-1 ~]#service keepalived start

[root@centos-4 ~]# service keepalived start

查看日誌文件：

[root@centos-1 ~]# cat /var/log/messages

Oct 19 22:00:22 centos-1 Keepalived_vrrp[46184]: VRRP_Instance(VI_2)Sending gratuitous ARPs on eth0 for 192.168.5.210

Oct 19 22:00:22 centos-1 Keepalived_healthcheckers[46183]: Netlinkreflector reports IP 192.168.5.210 added

Oct 19 22:00:24 centos-1 Keepalived_vrrp[46184]: VRRP_Instance(VI_1)Sending gratuitous ARPs on eth0 for 192.168.5.200

Oct 19 22:00:27 centos-1 Keepalived_vrrp[46184]: VRRP_Instance(VI_2)Sending gratuitous ARPs on eth0 for 192.168.5.210

（因為KA1先啟動keepalived服務所以兩個vip都會在KA1上，但第二臺keepaliver服務起來後vip2就會被KA2搶占回來。）

[root@centos-4 ~]# cat /var/log/messages

Oct 19 22:01:38 centos-4 Keepalived_healthcheckers[15009]: Netlinkreflector reports IP 192.168.5.210 added

Oct 19 22:01:38 centos-4 avahi-daemon[1513]: Registering new addressrecord for 192.168.5.210 on eth0.IPv4.

Oct 19 22:01:38 centos-4 Keepalived_vrrp[15010]: VRRP_Instance(VI_2)Sending gratuitous ARPs on eth0 for 192.168.5.210

Oct 19 22:01:43 centos-4 Keepalived_vrrp[15010]: VRRP_Instance(VI_2)Sending gratuitous ARPs on eth0 for 192.168.5.210

查看ip addr：

[root@centos-1 keepalived]# ip add

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_faststate UP qlen 1000

link/ether00:0c:29:0d:f3:5d brd ff:ff:ff:ff:ff:ff

inet 192.168.5.129/24 brd192.168.5.255 scope global eth0

inet 192.168.5.200/32scope global eth0

[root@centos-4 keepalived]#ip addr

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UP qlen 1000

link/ether00:50:56:3a:84:30 brd ff:ff:ff:ff:ff:ff

inet 192.168.5.128/24 brd192.168.5.255 scope global eth0

inet 192.168.5.210/32 scope global eth0

3、配置nginx的反向代理

（在web1和web2服務器上配置兩個web服務（可以http或者nginx）用來測試使用，這裏就不一一演示了。）

[root@centos-2 ~]# curl localhost

1. 2

[root@centos-3 ~]# curl localhost

1. 3

（在兩臺前端服務器上配置）

[root@centos-1 ~]# vim/usr/local/nginx/conf/nginx.conf
……
……
……
upstreambackend {
      ip_hash;
      server 192.168.5.131:80 max_fails=2fail_timeout=30s;
      server 192.168.5.132:80 max_fails=2fail_timeout=30s;
#ip_hash: 每個請求按訪問ip的hash結果分配，這樣每個訪客固定訪問一個後端服務器，可以解決session的問題。
#max_fails=2 為允許失敗的次數，默認值為1
#fail_timeout=30s 當max_fails次失敗後，暫停將請求分發到該後端服務器的時間
}
 
   proxy_temp_path   /usr/local/nginx/cache/tmp 1 2;
   proxy_cache_path  /usr/local/nginx/cache  levels=1:2 keys_zone=cache1:100m inactive=1dmax_size=10g;
……
……
……
    server {
        listen       80;
        server_name  localhost;
 
        #charset koi8-r;
 
        #access_log  logs/host.access.log  main;
 
        location / {
          proxy_pass http://backend;
         proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
 
        proxy_cache cache1;
        add_header X-Cache$upstream_cache_status;
        proxy_cache_key $host$uri$is_args$args;
        proxy_cache_valid 200 304 10m;
        expires 30d;
 
#            root   /web;
            index  index.php index.html index.htm;
        }

[root@centos-2 ~]# vim/usr/local/nginx/conf/nginx.conf
……
……
……
upstreambackend {
      ip_hash;
      server 192.168.5.131:80 max_fails=2fail_timeout=30s;
      server 192.168.5.132:80 max_fails=2fail_timeout=30s;
}
 
   proxy_temp_path   /usr/local/nginx/cache/tmp 1 2;
   proxy_cache_path  /usr/local/nginx/cache  levels=1:2 keys_zone=cache1:100m inactive=1dmax_size=10g;
……
……
……
    server {
        listen       80;
        server_name  localhost;
 
        #charset koi8-r;
 
        #access_log  logs/host.access.log  main;
 
        location / {
          proxy_pass http://backend;
         proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
 
        proxy_cache cache1;
        add_header X-Cache$upstream_cache_status;
        proxy_cache_key $host$uri$is_args$args;
        proxy_cache_valid 200 304 10m;
        expires 30d;
 
#            root   /web;
            index  index.php index.html index.htm;
        }

（兩臺KA1和KA2服務器重啟nginx、keepalived服務）

[root@centos-1~]# /usr/local/nginx/sbin/nginx -t

nginx:the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx:configuration file /usr/local/nginx/conf/nginx.conf test is successful ###檢查配置文件沒問題後再執行重啟nginx。

[root@centos-1~]# /usr/local/nginx/sbin/nginx -s reload

[root@centos-4~]# /usr/local/nginx/sbin/nginx -t

nginx:the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx:configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@centos-4~]# /usr/local/nginx/sbin/nginx -s reload

[root@centos-1~]# service keepalived restart

停止keepalived： [確定]

正在啟動keepalived： [確定]

[root@centos-4~]# service keepalived restart

停止keepalived： [確定]

正在啟動keepalived： [確定]

四、測試：

驗證方法（保證從負載均衡器本機到後端真實服務器之間能正常通信）：

（1）、先測試完成後的效果訪問vip1、vip2

[root@centos-1 ~]# curl 192.168.5.200

10.2

[root@centos-1 ~]# curl 192.168.5.210

10.3

（註意在KA1、KA2上做了緩存和ip_hash）

（2）、把KA1keepalived stop掉（模擬KA1主機的keepalived故障）

[root@centos-1 ~]# service keepalived stop

停止 keepalived：

[root@centos-1 ~]# ip addr

2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000

link/ether 00:0c:29:0d:f3:5d brd ff:ff:ff:ff:ff:ff

inet 192.168.5.129/24 brd 192.168.5.255 scope global eth0

inet6 fe80::20c:29ff:fe0d:f35d/64 scope link

valid_lft forever preferred_lft forever

（KA1主機上查看ip addr已經沒有vip了。）

在KA2主機上查看日誌文件：

[root@centos-4 ~]# cat /var/log/messages

Oct 19 23:20:46 centos-4Keepalived_vrrp[15412]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for192.168.5.200

Oct 19 23:20:46 centos-4avahi-daemon[1513]: Registering new address record for 192.168.5.200 oneth0.IPv4.

Oct 19 23:20:46 centos-4 Keepalived_healthcheckers[15411]:Netlink reflector reports IP 192.168.5.200 added

Oct 19 23:20:51 centos-4Keepalived_vrrp[15412]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for192.168.5.200

（日誌文件顯示已經把vip：192.168.5.200接管了）

查看KA2主機的ip addr

[root@centos-4 ~]# ip addr

2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000

link/ether 00:50:56:3a:84:30 brd ff:ff:ff:ff:ff:ff

inet 192.168.5.128/24 brd 192.168.5.255 scope global eth0

inet 192.168.5.210/32 scope global eth0

inet 192.168.5.200/32 scope global eth0

（可以看到已經有兩個vip）

檢查nginx服務是否被KA2接管且不中斷

[root@centos-1 ~]# curl 192.168.5.210

10.3

[root@centos-1 ~]# curl 192.168.5.200

10.2

（可以看到服務還是進行的而且緩存還在。ip_hash的作用）

本文出自 “第一個legehappy51cto博客” 博客，請務必保留此出處http://legehappy.blog.51cto.com/13251607/1974468

Nginx+keepalived雙機熱備（主主模式）