架构设计:
1.1 keepalived原理
Keepalived:是Linux下面实现VRRP备份路由的高可靠性运行件。基于Keepalived设计的服务模式能够真正做到主服务器和备份服务器故障时IP瞬间无缝交接。
VRRP协议:全称 Virtual Router Redundancy Protocol。即虚拟路由冗余协议。可以认为它是实现路由器高可用的容错协议,即将N台提供相同功能的路由器组成一个路由器组(RouterGroup),这个组里面有一个master和多个backup,但在外界看来就像一台一样,构成虚拟路由器,拥有一个虚拟IP(vip,也就是路由器所在局域网内其他机器的默认路由),占有这个IP的master实际负责ARP相应和转发IP数据包,组中的其它路由器作为备份的角色处于待命状态。master会发组播消息,当backup在超时时间内收不到vrrp包时就认为master宕掉了,这时就需要根据VRRP的优先级来选举一个backup当master,保证路由器的高可用。
总结:两台主备机器通过keepalived,虚拟一个IP,也就是VIP(Virtual IP)。VIP开始为主机器所有,备份机为空闲状态,同时在两台keepalived之间通信相当于有一条心跳线,通过心跳线互相通信,只要主机器监控(通过脚本)到ngin服务停止,则主机器自己停止keepalived,将VIP交给备份机器处理web请求,直至主机器再次恢复正常,将VIP返还给主机器。
1.2 keepalived配置文件基础配置(yum安装位置)
配置文件位置:/etc/keepalived/keepalived.conf
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id lb111 #机器标识,通常可设为hostname。故障发生时,邮件通知会用到。
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance test { #实例名称
state MASTER #指定instance(Initial)的初始状态, MASTER 或者BACKUP,不是唯一性的,跟后面的优先级priority参数有关。
interface ens33 #根据实际网卡填写
virtual_router_id 51
priority 100 #优先级高的为master(1-255)
advert_int 1
authentication {
auth_type PASS #一组中认证,需保持一致才可通信
auth_pass 1111
}
virtual_ipaddress {
192.168.1.10 #虚拟化的VIP
}vrrp_script模块参数
告诉 keepalived 在什么情况下切换,所以尤为重要。可以有多个 vrrp_script
script : 自己写的检测脚本。也可以是一行命令如killall -0 nginx
interval 2: 每2s检测一次
weight -5 : 检测失败(脚本返回非0)则优先级 -5
fall 2: 检测连续 2 次失败才算确定是真失败。会用weight减少优先级(1-255之间)
rise 1 : 检测 1 次成功就算成功。但不修改优先级1.3.nginx.conf配置
upstream phpserver1 {
server 192.168.1.3:80;
server 192.168.1.4:80;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://phpserver1;
index index.html index.htm;
}
} 2.2 Nginx+keepalived双主实战
MASTER keepalived配置文件示例
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script "/usr/local/src/check_nginx_pid.sh"
interval 2 #(检测脚本执行的间隔)
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.96.138
}
}
vrrp_instance VI_2 {
state BACKUP
interface eno16777736
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.96.139
}
}
BACKUP keepalived配置文件示例
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script "/usr/local/src/check_nginx_pid.sh"
interval 2 #(检测脚本执行的间隔)
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777736
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.96.138
}
}
vrrp_instance VI_2 {
state MASTER
interface eno16777736
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.96.139
}
} 如果尝试失败两次就停止keepalived服务
#!/bin/bash
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
/usr/local/bin/nginx
sleep 2
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
/etc/init.d/keepalived stop
fi
fi