Nginx + Keepalived
阿新 • • 發佈:2017-12-26
ice var 外網訪問 listen tput dir ica aries ssa
通過ip地址漂移技術(keepalived)實現高可用和雙主節點負載均衡
Master:192.168.1.1 #提供負載均衡
Backup:192.168.1.2 #均衡備機
VIP:192.168.1.250 :虛IP
原理:虛IP 是外網訪問的IP地址,通過 keepalived 設置,以及 VRRP 將 VIP 綁定到主機和備機上,通過權重實現控制。當主機宕掉後,keepalived 釋放對主機的控制,備機接管虛IP。
1.安裝Nginx
http://www.cnblogs.com/wazy/p/8108824.html
2.安裝Keepalived
wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz
tar -zxf keepalived-1.2.7.tar.gz
cd keepalived-1.2.7
./configure --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/3.10.0-514.el7.x86_64/
#可能會出現configure: error: Popt libraries is required
解決方法:
yum -y install popt-devel
再次./configure
make && make install
設置成為服務並開機啟動:
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
cp /usr/local/keepalived/etc/keepalived/ /etc
/etc/rc.d/init.d/keepalived status
chkconfig --add keepalived
chkconfig keepalived on3.修改配置文件
1)Master
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
mcast_src_ip 192.168.1.1
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.250
}
}
2)Backup
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
mcast_src_ip 192.168.1.2
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.250
}
}
啟動keepalivd,然後查看Master的網卡,有兩個ip,一個本機ip一個VIP
這時候ping 192.168.1.250應該是通的
實際上這時候 108 是被綁到主機上的。在主機上:
查看系統日誌
#tailf /var/log/messages
Dec 26 15:30:59 localhost Keepalived_healthcheckers[38737]: Timeout connect, timeout server [192.168.201.100]:443.
Dec 26 15:30:59 localhost Keepalived_healthcheckers[38737]: Timeout connect, timeout server [192.168.200.2]:1358.
Dec 26 15:30:59 localhost Keepalived_healthcheckers[38737]: Timeout connect, timeout server [192.168.200.3]:1358.
Dec 26 15:30:59 localhost Keepalived_healthcheckers[38737]: Timeout connect, timeout server [192.168.200.4]:1358.
Dec 26 15:30:59 localhost Keepalived_healthcheckers[38737]: Timeout connect, timeout server [192.168.200.5]:1358.
Dec 26 15:31:05 localhost Keepalived_healthcheckers[38737]: Timeout connect, timeout server [192.168.201.100]:443.
Dec 26 15:31:05 localhost Keepalived_healthcheckers[38737]: Timeout connect, timeout server [192.168.200.2]:1358.
......
可以看到.VRRP(虛擬路由冗余協議)已經啟動.我們可以通過命令 ip addr 來檢查主 Nginx 上的 IP 分配情況.
#ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d4:83:a4 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.250/32 scope global eth0
inet6 fe80::20c:29ff:fed4:83a4/64 scope link
valid_lft forever preferred_lft forever
#tcpdump 抓包
tcpdump vrrp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:16:37.890619 IP ACA832B0.ipt.aol.com > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
22:16:38.892503 IP ACA832B0.ipt.aol.com > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
22:16:39.900436 IP ACA832B0.ipt.aol.com > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
22:16:40.902613 IP ACA832B0.ipt.aol.com > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
22:16:41.905640 IP ACA832B0.ipt.aol.com > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
22:16:42.907636 IP ACA832B0.ipt.aol.com > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
...
到這裏我們已經完成了一個 nginx + keepalived
接下來我們可以完善一下,做一個主備切換
加上實時監控,如果發現負載均衡的 Nginx 出現問題,就將該機器上的 Keepalived 服務停掉。
vi /etc/rc.d/init.d/nginxcheck
#!/bin/bash
#描述:這是用於監控nginx服務的腳本
#chkconfig: - 57 75
while :
do
nginxpid=`ps -C nginx --no-header | wc -l`
if [ $nginxpid -eq 0 ]; then
service keepalived stop
sleep 3
echo $nginxpid >> /tmp/nginx_info
elif [ $nginxpid -ne 0 ]; then
service keepalived start
sleep 3
echo $nginxpid >> /tmp/nginx_infoa
fi
done
chkconfig --add nginxcheck
chkconfig nginxcheck on
或者在/etc/rc.local 將腳本放進去
然後關閉nginx看看是否能訪問192.168.1.250,以及Backup的vip是否綁定
Nginx + Keepalived