Nginx+Keepalived高可用架构简述(beta)

 

架构简述

利用Keepalived构建虚拟VIP地址,通过访问虚拟ip链接nginx服务器打通外部访问链路;

利用Keepalived探活机制,切换可用服务,保证Nginx服务高可用;

 

服务器架构图

 

 //todo 添加keepalived工作原理简介

 

nginx+keepalived基础环境构建 

1台访问者主机+2台服务主机(一台master、一台backup)

1,利用docker构建nginx+keepalived镜像,通过运行多镜像方式模拟多台服务主机;

2,基于逻辑手动按照nginx+keepalived服务;具体安装流程不做介绍

 

Keepalived相关配置

1,keepalived基础配置文件(/etc/keepalived/keepalived.conf )

global_defs {
   router_id NKEEP_MASTER       #唯一标识,不能重复
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 1
   vrrp_gna_interval 1
}

vrrp_script chk_nginx {         
    script "/etc/keepalived/chk_nginx.sh"   
    interval 2             
}

vrrp_instance VI_1 {
    state MASTER   #备机为BACKUP
    interface eth0  #所属网络
    virtual_router_id 51
    priority 100  #权重,当state相同时以优先级高的当临时主机
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.17.0.100 #vip虚拟地址
    }
    track_script {
       chk_nginx #调用执行脚本的函数,上面已经定义该函数
    }
}

 

2,检查nginx运行情况的脚本(/etc/keepalived/chk_nginx.sh)

#!/bin/bash
run=`ps -C nginx --no-header | wc -l`
if [ $run -eq 0 ]; then
    systemctl stop start
    sleep 3
    if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then
        systemctl stop keepalived
    fi
fi

注:脚本需要授权命令如下:

chmod +x /etc/keepalived/chk_nginx.sh
 

高可用验证

两台主机:

keepalived MASTER ip=172.17.0.5 

keepalived BACKUP ip=172.17.0.2

虚拟IP(VIP) = 172.17.0.100 

为了便于识别信息,将两台nginx的index.html内容稍作变动,用于区分访问哪台服务器的nginx;

 

场景一,MASTER 和BACKUP都正常运行

操作:正常启动nginx和keepalived,保证在正常运转

 

MASTER主机绑定了虚拟IP172.17.0.100 

root@be4a8ad7d75c:/etc/keepalived# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0
3: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:05 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.5/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 172.17.0.100/32 scope global eth0
       valid_lft forever preferred_lft forever

BACKUP 没有绑定虚拟IP(虚拟IP只能绑定一台主机)

root@631558884d6d:/etc/keepalived# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0
3: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

 

此时访问172.17.0.100指向MASTER主机nginx

root@0f2e35110ab4:/# curl 172.17.0.100
省略
<h1>Welcome to nginx! +keepalived-master </h1>
省略

 

 

场景二,MASTER异常,BACKUP正常

操作:关闭MASTER主机上的nginx;命令:systemctl stop nginx ; BACKUP主机不动

MASTER主机未绑定虚拟ip

root@be4a8ad7d75c:/etc/keepalived# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0
3: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:05 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.5/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

 

BACKUP主机绑定了虚拟IP(172.17.0.100)

root@631558884d6d:/var/log# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0
3: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 172.17.0.100/32 scope global eth0
       valid_lft forever preferred_lft forever

 

此时访问172.17.0.100 指向 backup主机的nginx

root@0f2e35110ab4:/# curl 172.17.0.100
省略
<h1>Welcome to nginx! +keepalived-backup </h1>
省略

 

场景三,MASTER恢复正常,BAKCUP不动(接场景二的操作)

操作:收到告警通知后手动启动nginx和keepalived,命令如下

  systemctl start nginx

      systemctl start keepalived 

 

     正常启动服务恢复后,变成场景一的模式;虚拟IP回到MASTER主机上,BACKUP主机自动解绑虚拟IP;

 

 

 参考:

1,keepalived官网以及配置说明:https://www.keepalived.org/manpage.html

2,VRRP介绍:https://baike.baidu.com/item/%E8%99%9A%E6%8B%9F%E8%B7%AF%E7%94%B1%E5%99%A8%E5%86%97%E4%BD%99%E5%8D%8F%E8%AE%AE/2991482 

3,nginx官网:http://nginx.org/ 

 
 
posted @ 2020-09-13 13:32  whroid  阅读(504)  评论(0编辑  收藏  举报