【 Keepalived 】Nginx or Http 主-备模式
一、主-备模式:
操作系统:centos 6.4 x64
ka1: 192.168.2.10
ka2: 192.168.2.11
vip: 192.168.2.200
ka1-master服务器配置
[ka1 root@192.168.2.10 ~]#yum install httpd keepalived -y # 这里使用apache代替nginx,效果是一样的,然后直接yum安装keepalived [ka1 root@192.168.2.10 ~]#sed -i 's@#ServerName www.example.com:80@ServerName localhost:80@g' /etc/httpd/conf/httpd.conf [ka1 root@192.168.2.10 ~]#service httpd start # 启动httpd 正在启动 httpd: [确定] [ka1 root@192.168.2.10 ~]#echo "192.168.2.10" >> /var/www/html/index.html # 添加测试页面 [ka1 root@192.168.2.10 ~]#curl -I 192.168.2.10 # 测试访问http header 返回是否正常。这里为200 正常。 HTTP/1.1 200 OK Date: Sun, 06 Dec 2015 11:16:10 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sun, 06 Dec 2015 11:15:55 GMT ETag: "5ff81-d-52638dd3bc5ea" Accept-Ranges: bytes Content-Length: 13 Connection: close Content-Type: text/html; charset=UTF-8 [ka1 root@192.168.2.10 ~]#cd /etc/keepalived/ [ka1 root@192.168.2.10 /etc/keepalived]#ls keepalived.conf [ka1 root@192.168.2.10 /etc/keepalived]#cp -a keepalived.conf keepalived.conf_bak # 编写配置前一定要备份。 [ka1 root@192.168.2.10 /etc/keepalived]#vim keepalived.conf # keepalived配置如下: ! Configuration File for keepalived global_defs { notification_email { root@localhost # 故障发生时给谁发邮件通知。这里使用root用户发送给本机 } notification_email_from root@localhost # 通知邮件从哪个地址发出 smtp_server localhost # 通知邮件的smtp地址。 smtp_connect_timeout 30 # 连接smtp服务器的超时时间。 router_id NodeA # 标识本节点的字条串,通常为hostname,但不一定非得是hostname。故障发生时,邮件通知会用到。 } vrrp_script check_nginx { # 创建健康检测脚本 script "/etc/keepalived/bash/check_nginx.sh" # 脚本具体位置,这里注意:脚本是一定要有执行权限的。 interval 5 # 脚本运行间隔 weight -10 # 如果脚本执行失败,vrrp_instance的优先级会减少10个点。 } vrrp_instance VI_1 { # 用来定义对外提供服务的VIP区域及其相关属性。 state MASTER # 可以是MASTER或BACKUP,不过当其他节点keepalived启动时会将priority比较大的节点选举为MASTER,因此该项其实没有实质用途。 interface eth0 # 节点固有IP(非VIP)的网卡,用来发VRRP包。该网卡应该为vip绑定的网卡 virtual_router_id 51 # 取值在0-255之间,用来区分多个instance的VRRP组播。注意: 同一网段中virtual_router_id的值不能重复,否则会出错,相关错误信息如下。 priority 100 # 用来选举master的,要成为master,那么这个选项的值最好高于其他机器50个点,该项取值范围是1-255(在此范围之外会被识别成默认值100)。 advert_int 1 # 发VRRP包的时间间隔,即多久进行一次master选举(可以认为是健康查检时间间隔)。 authentication { # 认证区域,认证类型有PASS和HA(IPSEC),推荐使用PASS(密码只识别前8位)。 auth_type PASS auth_pass 1111 } track_script { # 在VI_1区域使用上面定义的check_nginx进行健康检测 check_nginx } virtual_ipaddress { # vip,不解释了。注意:这里设置VIP的时候一定要把掩码带上。 192.168.2.200/24 } } 以上红色部分为修改内容部分。
[ka1 root@192.168.2.10 /etc/keepalived]#mkdir bash [ka1 root@192.168.2.10 /etc/keepalived/bash]#vim check_nginx.sh # 编写脚本,内容如下,很简单,这里不多做解释。 #!/bin/bash pidfile=/var/lock/subsys/`basename $0`.pid if [ -f $pidfile ] && [ -e /proc/`cat $pidfile` ] ; then exit 1 fi trap "rm -rf $pidfile ; exit 0" 1 2 3 15 echo $$ > $pidfile maxfails=3 fails=0 success=0 while [ 1 ] do /usr/bin/wget --timeout=3 --tries=1 http://192.168.2.10/ -q -O /dev/null && ping -c1 192.168.2.1 &> /dev/null if [ $? -ne 0 ] ; then let fails=$[$fails+1] success=0 else fails=0 let success=$[$success+1] fi if [ $fails -ge $maxfails ] ; then fails=0 success=0 #check keepalived is running ? try to stop it /etc/init.d/keepalived status | grep running if [ $? -eq 0 ] ; then /bin/logger -is "local service fails $maxfails times ... try to stop keepalived." /etc/init.d/keepalived stop 2>&1 | /bin/logger fi fi if [ $success -gt $maxfails ] ; then #check keepalived is stopped ? try to start it /etc/init.d/keepalived status | grep 已停 # 脚本中这里要注意,如果系统是英文安装的为 grep stopped 如果是中文为 grep 已停 if [ $? -eq 0 ] ; then logger -is "service changes normal, try to start keepalived ." /etc/init.d/keepalived start fi success=0 fi sleep 3 done [ka1 root@192.168.2.10 /etc/keepalived/bash]#chmod +x check_nginx.sh [ka1 root@192.168.2.10 /etc/keepalived]#service keepalived start 正在启动 keepalived: [确定] [ka1 root@192.168.2.10 /etc/keepalived/bash]#ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:39:92:4f brd ff:ff:ff:ff:ff:ff inet 192.168.2.10/24 brd 192.168.2.255 scope global eth0 inet 192.168.2.200/24 scope global secondary eth0 # 这里就已经绑定上了VIP inet6 fe80::20c:29ff:fe39:924f/64 scope link valid_lft forever preferred_lft forever [ka1 root@192.168.2.10 /etc/keepalived/bash]#ps auxfww | grep check_nginx.sh # 查看配置文件中的脚本是否正常运行。 root 2596 0.0 0.0 103240 872 pts/1 S+ 11:14 0:00 \_ grep check_nginx.sh root 2473 0.0 0.1 108160 1504 ? S 11:13 0:00 /bin/bash /etc/keepalived/bash/check_nginx.sh [ka1 root@192.168.2.10 /etc/keepalived/bash]#service keepalived stop # 关闭keepalived进行测试。 停止 keepalived: [确定] [ka1 root@192.168.2.10 /etc/keepalived/bash]#service keepalived status # 等一会就可以看到keepalived keepalived (pid 2696) 正在运行...
ka1 master主机配置完毕,ka2配置如下:
[ka2 root@192.168.2.11 ~]#yum install httpd keepalived -y [ka2 root@192.168.2.11 ~]#sed -i 's@#ServerName www.example.com:80@ServerName localhost:80@g' /etc/httpd/conf/httpd.conf [ka2 root@192.168.2.11 ~]#service httpd start 正在启动 httpd: [确定] [ka2 root@192.168.2.11 ~]#curl -I 192.168.2.11 HTTP/1.1 200 OK Date: Sun, 06 Dec 2015 11:56:58 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sun, 06 Dec 2015 11:56:47 GMT ETag: "5fe4e-d-526396f6ac030" Accept-Ranges: bytes Content-Length: 13 Connection: close Content-Type: text/html; charset=UTF-8 [ka2 root@192.168.2.11 ~]#cd /etc/keepalived/ [ka2 root@192.168.2.11 /etc/keepalived]#ls keepalived.conf [ka2 root@192.168.2.11 /etc/keepalived]#cp -a keepalived.conf keepalived.conf_bak [ka2 root@192.168.2.11 /etc/keepalived]#scp 192.168.2.10:/etc/keepalived/keepalived.conf . The authenticity of host '192.168.2.10 (192.168.2.10)' can't be established. RSA key fingerprint is be:e8:09:ba:fd:95:29:ed:33:40:f5:81:75:22:03:90. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.2.10' (RSA) to the list of known hosts. root@192.168.2.10's password: keepalived.conf 100% 606 0.6KB/s 00:00 [ka2 root@192.168.2.11 /etc/keepalived]#vim keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from root@localhost smtp_server localhost smtp_connect_timeout 30 router_id NodeB } vrrp_script check_nginx { script "/etc/keepalived/bash/check_nginx.sh" interval 5 weight -10 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 1111 } track_script { check_nginx } virtual_ipaddress { 192.168.2.200/24 } } 红色部分为修改内容 [ka2 root@192.168.2.11 /etc/keepalived]#mkdir bash [ka2 root@192.168.2.11 /etc/keepalived]#cd bash [ka2 root@192.168.2.11 /etc/keepalived/bash]#scp 192.168.2.10:/etc/keepalived/bash/check_nginx.sh . # 这里脚本拷贝过来以后,需要修改下IP地址。 root@192.168.2.10's password: check_nginx.sh 100% 1224 1.2KB/s 00:00 [ka2 root@192.168.2.11 /etc/keepalived]#service keepalived restart 停止 keepalived: [确定] 正在启动 keepalived: [确定] [ka2 root@192.168.2.11 /etc/keepalived]#ps auxfww | grep check_nginx.sh root 2233 0.0 0.0 103240 868 pts/1 S+ 20:09 0:00 | \_ grep check_nginx.sh root 2204 0.0 0.1 108160 1500 ? S 20:08 0:00 /bin/bash /etc/keepalived/bash/check_nginx.sh [ka2 root@192.168.2.11 /var]#service keepalived stop 停止 keepalived: [确定] [ka2 root@192.168.2.11 /etc/keepalived]#service keepalived status keepalived (pid 2479) 正在运行...
两台keepalived主机配置完毕,测试如下:
keepalived设置ka1为Master IP: 192.168.2.10
接下来down掉 ka1的httpd服务,再次访问:
当ka1 master 主机故障解除,启动httpd进程后,再次访问:
这种主备模式的使用,BACKUP主机只是作为备用主机,一旦MASTER主机故障解除,就要拿回主权。在配置过程中,如果出现问题,多查看/var/log/messages 日志文件,我在配置过程中曾出现过问题。
如果在测试环节出现问题,请使用 sh -x 脚本名来排查脚本问题。
