Nginx+Keepalived搭建高可用负载均衡集群

本文的重点是Keepalived的配置，Nginx的配置就简略带过。
软件：CentOS 7.2 / Nginx 1.12.2 / Keepalived 1.3.9

ha-01:192.168.1.97
ha-02:192.168.1.98
VIP:192.168.1.99

1、安装之前首先关闭SELinux(重启后生效)

[root@ha-01 /]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

2、增加防火墙规则：(192.168.1.99为虚IP)

[root@ha-01 /]# vim /etc/sysconfig/iptables
增加如下项目：
-A INPUT -d 192.168.1.99 -j ACCEPT
-A INPUT -p vrrp -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

3、安装系统常用工具：

[root@ha-01 /]# yum -y install vim tree curl wget git xz unzip htop iftop lshw

4、安装代码编译的依赖包：

[root@ha-01 /]# yum -y install gcc gcc-c++ make automake autoconf

5、安装Nginx相关依赖包：

[root@ha-01 /]# yum -y install pcre* zlib* openssl*

6、安装Keepalived相关依赖包：

[root@ha-01 /]# yum -y install libnl-devel libnl3-devel libnfnetlink-devel

7、下载、安装Nginx：

[root@ha-01 /]# wget -P/usr/local/src/ http://nginx.org/download/nginx-1.12.2.tar.gz
[root@ha-01 /]# tar -xzvf /usr/local/src/nginx-1.12.2.tar.gz -C /usr/local/src/
[root@ha-01 /]# cd /usr/local/src/nginx-1.12.2
[root@ha-01 /]# ./configure --prefix=/usr/local/nginx
[root@ha-01 /]# make -j 2
[root@ha-01 /]# make install

8、启动Nginx服务：

[root@ha-01 /]# /usr/local/nginx/sbin/nginx -t
[root@ha-01 /]# /usr/local/nginx/sbin/nginx

9、下载、安装Keepalived：

[root@ha-01 /]# wget -P/usr/local/src/ http://www.keepalived.org/software/keepalived-1.3.9.tar.gz
[root@ha-01 /]# tar -xzvf /usr/local/src/keepalived-1.3.9.tar.gz -C /usr/local/src/
[root@ha-01 /]# cd /usr/local/src/keepalived-1.3.9
[root@ha-01 /]# ./configure --prefix=/usr/local/keepalived
[root@ha-01 /]# make -j 2
[root@ha-01 /]# make install

10、编辑keepalived.conf配置文件：

[root@ha-01 /]# vim /usr/local/keepalived/etc/keepalived/keepalived.conf　　

　　[Master] ha-01(192.168.1.97)

! Configuration File for keepalived master

global_defs {
   notification_email {
      root@localhost
   }

   notification_email_from root@localhost
   smtp_server root
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   # vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_script chk_http_port {
    script "/usr/local/keepalived/etc/keepalived/chk_http_port.sh"
    interval 2
    weight -10
    fall 2
    rise 1
}

vrrp_instance VI_1 {
    state MASTER
    interface eno16777736
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.131
    }

    track_script {
       chk_http_port
    }
}

　　[Backup] ha-02(192.168.1.98)

! Configuration File for keepalived slave

global_defs {
   notification_email {
    root@localhost
   }

   notification_email_from root@localhost
   smtp_server localhost
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   # vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_script chk_http_port {
    script "/usr/local/keepalived/etc/keepalived/chk_http_port.sh"
    interval 2
    weight -10
    fall 2
    rise 1
}

vrrp_instance VI_1 {
    state BACKUP
    interface eno16777736
    virtual_router_id 51
    priority 95
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.99
     }

    track_script {
       chk_http_port
    }
}

11、编辑Nginx服务监控脚本:
　　[root@ha-01 /]# vim /usr/local/keepalived/etc/keepalived/chk_http_port.sh
　　[root@ha-01 /]# chmod +x /usr/local/keepalived/etc/keepalived/chk_http_port.sh　　

#!/bin/bash

count=0
for (( k=0; k<2; k++ ))
do
    check_code=$( curl --connect-timeout 3 -sL -w "%{http_code}\\n" http://localhost/ -o /dev/null )
    if [ "$check_code" != "200" ]; then
        count=$(expr $count + 1)
        sleep 3
        continue
    else
        count=0
        break
    fi
done

if [ "$count" != "0" ]; then
    systemctl stop keepalived
    exit 1
else
    exit 0
fi

12、编辑keepalived系统启动配置文件：

[root@ha-01 /]# vim /usr/local/keepalived/etc/sysconfig/keepalived
修改：
KEEPALIVED_OPTIONS="-D"
为：
KEEPALIVED_OPTIONS="-f /usr/local/keepalived/etc/keepalived/keepalived.conf -D -d -S 0"

13、修改keepalived日志文件路径：

[root@ha-01 /]# vim /etc/rsyslog.conf

　　添加如下项目：

#keepalived -S 0
local0.*/usr/local/keepalived/etc/keepalived/keepalived.log

　　重启rsyslog服务:

[root@ha-01 /]# systemctl restart rsyslog

14、拷贝keepalived启动文件至系统启动目录：

[root@ha-01 /]# cp /usr/local/src/keepalived-1.3.9/keepalived/etc/init.d/keepalived /etc/init.d/

15、编辑keepalived启动文件：

[root@ha-01 /]# vim /etc/init.d/keepalived

修改：
. /etc/sysconfig/keepalived
为：
. /usr/local/keepalived/etc/sysconfig/keepalived

并增加keepalived可执行文件至系统环境：
PATH="$PATH:/usr/local/keepalived/sbin"
export PATH

16、启动keepalived服务：

[root@ha-01 /]# systemctl enable keepalived
[root@ha-01 /]# systemctl start keepalived

17、查看keepalived进程：

[root@ha-01 /]# ps -ef | grep "keepalived"

[THE END]