nginx+keepalived实现双机热备的高可用

时间:2022-12-19 09:42:04

这篇文章简单介绍利用keepalived软件,实现对nginx服务器的高可用,即实现故障自动切换。假设你已经安装好nginx,下面介绍keepalived的安装和使用。

keepalived安装

  1. yum install openssl-devel
  2. cd /tmp
  3. wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz
  4. tar xzf keepalived-1.2.2.tar.gz
  5. cd keepalived-1.2.2
  6. ./configure
  7. make && make install
  8. cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
  9. cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
  10. chmod +x /etc/init.d/keepalived
  11. chkconfig --add keepalived
  12. chkconfig keepalived on
  13. mkdir /etc/keepalived
  14. ln -s /usr/local/sbin/keepalived /usr/sbin/

keepalived的配置

更详细的keepalived配置文件说明可以执行man keepalived.conf查看。
我们假设主服务器IP:192.168.1.103,从服务器ip:192.168.1.101 虚拟ip:192.168.1.110
下面对主服务器的keepalived进行配置:

  1. vi /etc/keepalived/keepalived.conf
  1. global_defs {
  2.    notification_email {
  3.      admin@centos.bz
  4.    }
  5.    notification_email_from keepalived@domain.com
  6.    smtp_server 127.0.0.1
  7.    smtp_connect_timeout 30
  8.    router_id LVS_DEVEL
  9. }
  10. vrrp_script chk_http_port {
  11.                 script "/opt/nginx_pid.sh"
  12.                 interval 2
  13.                 weight 2
  14. }
  15. vrrp_instance VI_1 {
  16.     state MASTER        ############ 辅机为 BACKUP
  17.     interface eth0
  18.     virtual_router_id 51
  19.     mcast_src_ip 192.168.1.103
  20.     priority 102                  ########### 权值要比 back 高
  21.     advert_int 1
  22.     authentication {
  23.         auth_type PASS
  24.         auth_pass 1111
  25.     }
  26. track_script { 
  27.         chk_http_port ### 执行监控的服务 
  28.         }
  29.     virtual_ipaddress {
  30.        192.168.1.110
  31.     }
  32. }

从服务器:

  1. global_defs {
  2.    notification_email {
  3.      admin@centos.bz
  4.    }
  5.    notification_email_from keepalived@domain.com
  6.    smtp_server 127.0.0.1
  7.    smtp_connect_timeout 30
  8.    router_id LVS_DEVEL
  9. }
  10. vrrp_script chk_http_port {
  11.                 script "/opt/nginx_pid.sh"
  12.                 interval 2
  13.                 weight 2
  14. }
  15. vrrp_instance VI_1 {
  16.     state BACKUP
  17.     interface eth0
  18.     virtual_router_id 51
  19.     mcast_src_ip 192.168.1.101
  20.     priority 101              ##########权值 要比 master 低。。
  21.     advert_int 1
  22.     authentication {
  23.         auth_type PASS
  24.         auth_pass 1111
  25.     }
  26. track_script { 
  27.         chk_http_port ### 执行监控的服务 
  28.         }
  29.     virtual_ipaddress {
  30.        192.168.1.110
  31.     }
  32. }

之后分别在主从服务器建立nginx的监控脚本:

  1. vi /opt/nginx_pid.sh
  1. #!/bin/bash
  2. A=`ps -C nginx --no-header |wc -l`               
  3. if [ $A -eq 0 ];then                                       
  4.                 /usr/local/nginx/sbin/nginx
  5.                 sleep 3
  6.                 if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
  7.                        killall keepalived
  8.                 fi
  9. fi

然后分别启动主从服务器的keepalived:

  1. service keepalived start

keepalived的测试

我们在主服务器上执行命令ip a,显示如下:

  1. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
  2.     link/ether 00:0c:29:aa:a1:e4 brd ff:ff:ff:ff:ff:ff
  3.     inet 192.168.1.103/24 brd 255.255.255.255 scope global eth0
  4.     inet 192.168.1.110/32 scope global eth0

证明主服务器已经绑定了虚拟ip 192.168.1.110
在从服务器上执行命令ip a,显示如下:

  1. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
  2.     link/ether 00:0c:29:2b:94:3b brd ff:ff:ff:ff:ff:ff
  3.     inet 192.168.1.101/24 brd 255.255.255.255 scope global eth0

显示表明从服务器上没有绑定vip 192.168.1.110,只有本机真实ip192.168.1.101
下面我们停止主服务器的nginx进程,再看看ip绑定情况:
主服务器的情况:

  1. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
  2.     link/ether 00:0c:29:aa:a1:e4 brd ff:ff:ff:ff:ff:ff
  3.     inet 192.168.1.103/24 brd 255.255.255.255 scope global eth0

从服务器的情况:

  1. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
  2.     link/ether 00:0c:29:2b:94:3b brd ff:ff:ff:ff:ff:ff
  3.     inet 192.168.1.101/24 brd 255.255.255.255 scope global eth0
  4.     inet 192.168.1.110/32 scope global eth0

由此可见vip已经指向了从服务器。
参考:http://www.keepalived.org/pdf/UserGuide.pdf