Nginx + Keepalived
Nginx+Keepalived实现高可用
Master:192.168.1.1 #提供负载均衡
Backup:192.168.1.2 #均衡备机
VIP:192.168.1.250 #虚IP
原理:通过ip地址漂移技术实现高可用和双主节点负载均衡,虚IP 是外网访问的IP地址,通过 keepalived 设置,以及 VRRP 将 VIP 绑定到主机和备机上,通过权重实现控制。当主机宕掉后,keepalived 释放对主机的控制,备机接管虚IP。
1.安装Nginx
http://www.cnblogs.com/wazy/p/8108824.html
2.安装Keepalived
wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz tar -zxf keepalived-1.2.7.tar.gz cd keepalived-1.2.7 ./configure --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/3.10.0-514.el7.x86_64/ #可能会出现configure: error: Popt libraries is required 解决方法: yum -y install popt-devel 再次./configure make && make install 设置成为服务并开机启动: cp /usr/local/keepalived/sbin/keepalived /usr/sbin/ cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/ cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ cp /usr/local/keepalived/etc/keepalived/ /etc /etc/rc.d/init.d/keepalived status chkconfig --add keepalived chkconfig keepalived on
3.修改配置文件
1)Master
vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 mcast_src_ip 192.168.1.1 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.250 } }
2)Backup
vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 mcast_src_ip 192.168.1.2 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.250 } }
启动keepalivd,然后查看Master的网卡,有两个ip,一个本机ip一个VIP
这时候ping 192.168.1.250应该是通的 实际上这时候 108 是被绑到主机上的。在主机上: 查看系统日志 #tailf /var/log/messages Dec 26 15:30:59 localhost Keepalived_healthcheckers[38737]: Timeout connect, timeout server [192.168.201.100]:443. Dec 26 15:30:59 localhost Keepalived_healthcheckers[38737]: Timeout connect, timeout server [192.168.200.2]:1358. Dec 26 15:30:59 localhost Keepalived_healthcheckers[38737]: Timeout connect, timeout server [192.168.200.3]:1358. Dec 26 15:30:59 localhost Keepalived_healthcheckers[38737]: Timeout connect, timeout server [192.168.200.4]:1358. Dec 26 15:30:59 localhost Keepalived_healthcheckers[38737]: Timeout connect, timeout server [192.168.200.5]:1358. Dec 26 15:31:05 localhost Keepalived_healthcheckers[38737]: Timeout connect, timeout server [192.168.201.100]:443. Dec 26 15:31:05 localhost Keepalived_healthcheckers[38737]: Timeout connect, timeout server [192.168.200.2]:1358. ...... 可以看到.VRRP(虚拟路由冗余协议)已经启动.我们可以通过命令 ip addr 来检查主 Nginx 上的 IP 分配情况. #ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:d4:83:a4 brd ff:ff:ff:ff:ff:ff inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0 inet 192.168.1.250/32 scope global eth0 inet6 fe80::20c:29ff:fed4:83a4/64 scope link valid_lft forever preferred_lft forever #tcpdump 抓包 tcpdump vrrp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 22:16:37.890619 IP ACA832B0.ipt.aol.com > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 22:16:38.892503 IP ACA832B0.ipt.aol.com > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 22:16:39.900436 IP ACA832B0.ipt.aol.com > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 22:16:40.902613 IP ACA832B0.ipt.aol.com > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 22:16:41.905640 IP ACA832B0.ipt.aol.com > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 22:16:42.907636 IP ACA832B0.ipt.aol.com > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 ... 到这里我们已经完成了一个 nginx + keepalived
接下来我们可以完善一下,做一个主备切换
加上实时监控,如果发现负载均衡的 Nginx 出现问题,就将该机器上的 Keepalived 服务停掉。
vi /etc/rc.d/init.d/nginxcheck #!/bin/bash #描述:这是用于监控nginx服务的脚本 #chkconfig: - 57 75 while : do nginxpid=`ps -C nginx --no-header | wc -l` if [ $nginxpid -eq 0 ]; then service keepalived stop sleep 3 echo $nginxpid >> /tmp/nginx_info elif [ $nginxpid -ne 0 ]; then service keepalived start sleep 3 echo $nginxpid >> /tmp/nginx_infoa fi done chkconfig --add nginxcheck chkconfig nginxcheck on 或者在/etc/rc.local 将脚本放进去
然后关闭nginx看看是否能访问192.168.1.250,以及Backup的vip是否绑定