配置Keepalived+Nginx高可用
1 Keepalived 简介
1.1、简介
Keepalived 软件起初是专为LVS负载均衡软件设计的,用来管理并监控LVS集群系统中各个服务节点的状态,后来又加入了可以实现高可用的VRRP功能。VRRP是Virtual Router RedundancyProtocol(虚拟路由器冗余协议)的缩写,VRRP出现的目的就是为了解决静态路由单点故障问题的,它能够保证当个别节点宕机时,整个网络可以不间断地运行。
Keepalived软件主要是通过VRRP协议实现高可用功能的。
1.2、Keepalived 故障转移的原理
在 Keepalived 服务正常工作时,主 Master 节点会不断地向备节点发送(多播的方式)心跳消息,用以告诉备节点自己还活看,当主节点发生故障时,就无法发送心跳消息,备节点也就因此无法继续检测到来自主节点的心跳了,于是调用自身的接管程序,接管主节点的 IP 资源及服务。而当主节点恢复时,备节点又会释放自身接管的IP资源及服务,恢复到原来的备用角色。
2 Keepalived 配置文件详解
默认配置文件
[root@iZ8vb9s0vuz4tjn90xrzo2Z ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs { # 全局配置
notification_email { # 定义报警收件人邮件地址
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from xxx@xxx.com # 定义报警发件人邮箱
smtp_server 192.168.200.1 # 邮箱服务器地址
smtp_connect_timeout 30 # 定义邮箱超时时间
router_id LVS_DEVEL # 定义路由标识信息,同局域网内唯一
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 { # 定义实例
state MASTER # 指定keepalived节点的初始状态,可选值为MASTER|BACKUP
interface eth0 # VRRP实例绑定的网卡接口,用户发送VRRP包
virtual_router_id 51 # 虚拟路由的ID,同一集群要一致
priority 100 # 定义优先级,按优先级来决定主备角色,优先级越大越优先
nopreempt # 设置不抢占,默认是抢占
advert_int 1 # 主备通讯时间间隔
authentication { # 配置认证
auth_type PASS # 认证方式,此处为密码
auth_pass 1111 # 同一集群中keepalived配置里的此处必须一致,推荐使用8位随机数
}
virtual_ipaddress { # 虚拟 VIP 地址
192.168.200.16
}
}3 Keepalived 实现 Nginx 高可用
3.1 环境
OS | 角色 | IP | VIP |
|---|---|---|---|
CentOS7 | Master | 192.168.1.100 | 192.168.1.200 |
CentOS7 | Slave | 192.168.1.101 |
3.2 安装配置 Keepalived
在主备节点上安装 Keepalived
yum install keepalived -y在主备节点上安装 Nginx
yum install nginx -y配置 Master Keepalived
[root@iZ8vb9s0vuz4tjn90xrzo2Z ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01 # 标识本节点的名称
vrrp_gna_interval 0
vrrp_gna_interval 0
}
vrrp_script check_nginx { # 健康检测
script "/root/check_nginx.sh"
interval 2 # 间隔多久运行一次检测脚本
weight -20 # 脚本返回结果非0,优先级减20
fall 3 # 连续监测失败3次,才认为真的检查失败
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
mcast_src_ip 192.168.1.101 # 发送心跳包的源IP,本机IP
priority 100 # 优先级值越大越高
nopreempt # 非抢占模式,需要把state都设置为BACKUP,否则nopreempt无效
advert_int 1 # 主备之间通讯的间隔秒数,用于判断主节点是否存活
authentication {
auth_type PASS
auth_pass 123456
}
track_script {
check_nginx # 对应上面的检测脚本
}
virtual_ipaddress {
192.168.1.200
}
}配置 Slave Keepalived
[root@iZ8vb9s0vuz4tjn90xrzo2Z ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02 # 标识本节点的名称
vrrp_garp_interval 0
vrrp_garp_interval 0
}
vrrp_script check_nginx {
vrrp_script check_nginx {
interval 2
weight -20
fall 3
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
mcast_src_ip 192.168.1.102 # 发送心跳包的源IP,本机IP
priority 90
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
track_script {
check_nginx
}
virtual_ipaddress {
192.168.1.200
}
}3.3 Keepalived 监控 Nginx 负载均衡
Keepalived 通过脚本来监控 Nginx 负载均衡状态
在 Master 上编写脚本
创建检测 Nginx 状态脚本
[root@iZ8vb9s0vuz4tjn90xrzo2Z ~]# vim /etc/keepalived/scripts/check_nginx.sh
#!/bin/bash
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -lt 1 ];then
systemctl stop keepalived
fi添加执行权限
chmod +x /etc/keepalived/scripts/check_nginx.sh创建脚本
[root@iZ8vb9s0vuz4tjn90xrzo2Z ~]# vim /etc/keepalived/scripts/notify.sh
#!/bin/bash
VIP=$2
sendmail (){
subject="${VIP}'s server keepalived state is translate"
content="`date +'%F %T'`: `hostname`'s state change to master"
echo $content | mail -s "$subject" xxx@qq.com
}
case "$1" in
master)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -lt 1 ];then
systemctl start nginx
fi
sendmail
;;
backup)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -gt 0 ];then
systemctl stop nginx
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac添加执行权限
[root@iZ8vb9s0vuz4tjn90xrzo2Z ~]# chmod +x /etc/keepalived/scripts/notify.sh
在Slave 上缩写脚本
创建脚本
[root@iZ8vb9s0vuz4tjn90xrzo2Z ~]# vim /etc/keepalived/scripts/notify.sh
#!/bin/bash
VIP=$2
sendmail (){
subject="${VIP}'s server keepalived state is translate"
content="`date +'%F %T'`: `hostname`'s state change to master"
echo $content | mail -s "$subject" xxx@qq.com
}
case "$1" in
master)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -lt 1 ];then
systemctl start nginx
fi
sendmail
;;
backup)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -gt 0 ];then
systemctl stop nginx
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac添加执行权限
[root@iZ8vb9s0vuz4tjn90xrzo2Z ~]# chmod +x /etc/keepalived/scripts/notify.sh
3.4 配置 Keepalived 加入监控脚本
配置 Master
修改 keepalived.conf 配置文件
[root@iZ8vb9s0vuz4tjn90xrzo2Z ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script nginx_check {
script "/etc/keepalived/scripts/check_nginx.sh"
interval 1
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.1.200
}
track_script {
nginx_check
}
notify_master "/etc/keepalived/scripts/notify.sh master 192.168.1.200"
notify_backup "/etc/keepalived/scripts/notify.sh backup 192.168.1.200"
}启动 Keepalived 服务
systemctl start keepalived配置 Slave
SLave 无需检测 Nginx 进程是否正常,当升级为 Master 时启动 Nginx,当降为 Slave 时,关闭 Nginx
修改 keepalived.conf 配置文件
[root@iZ8vb9s0vuz4tjn90xrzo2Z ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.1.200
}
notify_master "/etc/keepalived/scripts/notify.sh master 192.168.1.200"
notify_backup "/etc/keepalived/scripts/notify.sh backup 192.168.1.200"
}启动 Keepalived 服务
systemctl start keepalived腾讯云开发者
