一、Keepalived简介
keepalived是一个类似于layer3, 4 & 5交换机制的软件,也就是我们平时说的第3层、第4层和第5层交换。Keepalived的作用是检测web服务器的状态,如果有一台web服务器死机,或工作出现故障,Keepalived将检测到,并将有故障的web服务器从系统中剔除,当web服务器工作正常后Keepalived自动将web服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的web服务器。
-----百科资料
二、规划
1
2
3
4
|
OS:CentOS7
Nginx_Master: 192.168.10.128 Nginx主机
Nginx_BackUp: 192.168.10.145 Nginx备机
Nginx_VIP1: 192.168.10.111 虚拟IP地址
|
说明:
虚拟IP是外网访问的IP地址,通过keepalived设置,以及VRRP将虚拟IP地址绑定到主机和备机上,通过权重实现控制。当主机挂掉后,keepalived 释放对主机的控制,备机接管虚拟IP地址。
三、下载相关软件包
1
2
3
|
# yum install -y gcc openssl openssl-devel
# wget http://www.keepalived.org/software/keepalived-1.2.19.tar.gz ##下载Keeplived
# wget http://nginx.org/download/nginx-1.9.4.tar.gz
|
四、编译Nginx
①编译
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
# groupadd -r nginx
# useradd -r -g nginx nginx
# tar -zxvf nginx-1.9.4.tar.gz
# cd nginx-1.9.4/
# ./configure \
--prefix=
/usr
\
--sbin-path=
/usr/sbin/nginx
\
--conf-path=
/etc/nginx/nginx
.conf \
--error-log-path=
/var/log/nginx/error
.log \
--http-log-path=
/var/log/nginx/access
.log \
--pid-path=
/var/run/nginx/nginx
.pid \
--lock-path=
/var/lock/nginx
.lock \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--http-client-body-temp-path=
/var/tmp/nginx/client/
\
--http-proxy-temp-path=
/var/tmp/nginx/proxy/
\
--http-fastcgi-temp-path=
/var/tmp/nginx/fcgi/
\
--http-uwsgi-temp-path=
/var/tmp/nginx/uwsgi
\
--http-scgi-temp-path=
/var/tmp/nginx/scgi
\
--with-pcre
# make
# make install
# /usr/sbin/nginx ##开启nginx
|
②简单配置nginx
1
2
3
4
|
# vi /etc/nginx/nginx.conf
server {
listen 80;
server_name www.zhi.com;
|
Master:
1
2
3
|
# vi /usr/html/index.html
<h1>Success!<
/h1
>
<p>Welcome to LINUX Keepalived System 1!<
/p
>
|
BackUp:
1
2
3
|
# vi /usr/html/index.html
<h1>Success!<
/h1
>
<p>Welcome to LINUX Keepalived System 2!<
/p
>
|
五、编译Keeplived
1
2
3
|
# tar -zxvf keepalived-1.2.19.tar.gz
# cd keepalived-1.2.19
# ./configure --sysconf=/etc --prefix=/usr/local/keepalived
|
1
2
|
# make
# make install
|
六、配置Keeplived
①设置开机自启动并配置服务脚本
1
2
3
|
# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
# /etc/init.d/keepalived start
# systemctl start keepalived ##以上皆可启动keepalived
|
1
2
|
# chkconfig --add keepalived
# chkconfig keepalived on
|
1
2
3
4
5
6
7
8
9
10
11
12
|
# vi /etc/keepalived/check_nginx.sh ##配置nginx服务监控脚本
!
/bin/bash
if
[ $(
ps
-C nginx --no-header |
wc
-l) -
eq
0 ]
then
/usr/sbin/nginx
fi
sleep
2
if
[ $(
ps
-C nginx --no-header |
wc
-l) -
eq
0 ]
then
/etc/init
.d
/keepalived
stop
fi
# chmod u+x /etc/keepalived/check_nginx.sh
|
注:该脚本检测nginx服务正常开启与否,使自动切换keepalived虚拟IP地址。如无该脚本,必须手动执行关闭keepalived方可切换。
②MASTER配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
# vi /etc/keepalived/keepalived.conf
! Configuration File
for
keepalived
global_defs {
notification_email {
root@localhost
##设置报警邮件地址,可以设置多个
}
notification_email_from zhi@zhi.com
##设置邮件发送地址
smtp_server 127.0.0.1
##设置SMTP-Server地址
smtp_connect_timeout 30
##设置连接超时时间
router_id LVS_DEVEL
##运行keepalived服务的标识,显示在邮件主题的信息
}
vrrp_script check_nginx {
script
"/etc/keepalived/check_nginx.sh"
##Nginx服务监控脚本
interval 2
##脚本执行间隔
weight 2
##脚本执行结果导致的优先级变更
}
vrrp_instance VI_1 {
state MASTER
##指定keepalived角色为主服务器
interface eno16777736
##指定HA监测网络的接口
virtual_router_id 51
##虚拟路由标识,同一个vrrp实例使用唯一的标识
priority 101
##定义优先级,数字越大,优先级越高
advert_int 1
##设定MASTER与BACKUP负载均衡器间同步检查的时间间隔,单位秒
authentication {
##设置验证类型和密码
auth_type PASS
##设置验证类型,主要有PASS和AH两种
auth_pass 1111
##设置验证密码,同一vrrp_instance密码必须相同
}
track_script {
check_nginx
##检测执行脚本
}
virtual_ipaddress {
192.168.10.111
/24
#设置虚拟IP地址,可设置多个虚拟IP地址
}
}
virtual_server 192.168.10.111 80 {
##设置虚拟服务器,指定虚拟IP地址和服务端口
delay_loop 6
##设置运行情况检查时间,单位秒
lb_algo rr
##设置负载调度算法,rr即轮询算法
lb_kind NAT
##设置LVS实现负载均衡的机制,有NAT、TUN、DR三个模式可选
nat_mask 255.255.255.0
persistence_timeout 50
##会话保持时间,单位秒
protocol TCP
##指定转发协议类型,有TCP和UDP两种
sorry_server 127.0.0.1 80
real_server 192.168.10.128 80 {
##配置服务节点1,指定real server的真实IP和端口
weight 1
##配置服务节点的权值,数字越大,权值越高
HTTP_GET {
url {
path /
status_code 200
##200状态码,表示服务器已成功处理请求
}
connect_timeout 3
##响应超时时间
nb_get_retry 3
##重试次数
delay_before_retry 3
##重试间隔
}
}
real_server 192.168.10.145 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
|
③BACKUP配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
# vi /etc/keepalived/keepalived.conf
! Configuration File
for
keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from zhi@zhi.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script check_nginx {
script
"/etc/keepalived/check_nginx.sh"
##Nginx服务监控脚本
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777736
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
check_nginx
##检测脚本
}
virtual_ipaddress {
192.168.10.111
/24
}
}
virtual_server 192.168.10.111 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.10.128 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.145 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
|
④查看系统日志
1
|
# tail /var/log/messages
|
注:这是192.168.10.145的日志(没有同步时间),由于更改配置后没有重启Master,所以BACKUP进行了抢占
Master:
1
2
|
# systemctl restart keepalived.service
# tail /var/log/messages
|
1
|
# ip addr
|
七、测试
浏览器输入www.zhi.com测试
Master:
1
|
# nginx -s stop
|
BackUp:
1
|
# ip addr
|
虚拟IP地址已切换至备机了
另:可配置nginx+keepalived主主模式,并在后端配置反向代理和负载均衡实现高可用
本文转自 结束的伤感 51CTO博客,原文链接:http://blog.51cto.com/wangzhijian/1701577