说明:本实验为双节点nginx为两台apache服务器提供负载均衡,本文不是做lvs,所以realserver不是配置在keepalived.conf而是在nginx的配置文件中upstream。
此架构需考虑的问题:
1)Master没挂,则Master占有vip且nginx运行在Master上
2)Master挂了,则backup抢占vip且在backup上运行nginx服务
3)如果master服务器上的nginx服务挂了,则vip资源转移到backup服务器上
4)检测后端服务器的健康状态
Master和Backup两边都开启nginx服务,无论Master还是Backup,当其中的一个keepalived服务停止后,vip都会漂移到keepalived服务还在的节点上,如果要想使nginx服务挂了,vip也漂移到另一个节点,则必须用脚本或者在配置文件里面用shell命令来控制。
配置步骤如下
1.初始化4台测试server,该关的关了
[root@host101 ~]# vim /etc/hosts 192.168.1.200 ng-vip 192.168.1.101 ng-master 192.168.1.102 ng-slave 192.168.1.161 web1 192.168.1.162 web2 [root@host101 ~]# yum clean all [root@host101 ~]# systemctl stop firewalld.service [root@host101 ~]# systemctl disable firewalld.service [root@host101 ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
2.配置web1,web2的apache服务,两台一样的方法
[root@host161 ~]# yum -y install httpd [root@host161 ~]# systemctl start httpd [root@host161 ~]# systemctl enable httpd ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multiuser.target.wants/httpd.service' [root@host161 ~]# cat /var/www/html/index.html hello this lvs-web1 [root@host162 ~]# yum -y install httpd [root@host162 ~]# systemctl start httpd [root@host162 ~]# systemctl enable httpd ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multiuser.target.wants/httpd.service' [root@host162 ~]# cat /var/www/html/index.html hello this lvs-web2
3.通过yum安装配置nginx节点,两台一样的方法
[root@host101 ~]# vim /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/7/x86_64/ gpgcheck=0 enabled=1 [root@host101 ~]# yum clean all [root@host101 ~]# yum -y install nginx [root@host101 ~]# vim /usr/share/nginx/html/index.html <h1>Welcome to ng-master!</h1> [root@host101 ~]# cd /etc/nginx/conf.d/ [root@host101 conf.d]# mv default.conf default.conf.1 [root@host101 ~]# vim /etc/nginx/conf.d/web.conf upstream myapp1 { server web1; server web2; } server { listen 80; location / { proxy_pass http://myapp1; } } [root@host101 ~]# systemctl restart nginx.service [root@host102 ~]# vim /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/7/x86_64/ gpgcheck=0 enabled=1 [root@host102 ~]# yum clean all [root@host102 ~]# yum -y install nginx [root@host102 ~]# vim /usr/share/nginx/html/index.html <h1>Welcome to ng-master!</h1> [root@host102 ~]# cd /etc/nginx/conf.d/ [root@host102 conf.d]# mv default.conf default.conf.1 [root@host102 ~]# vim /etc/nginx/conf.d/web.conf upstream myapp1 { server web1; server web2; } server { listen 80; location / { proxy_pass http://myapp1; } } [root@host102 ~]# systemctl restart nginx.service
4.在主nginx服务器上安装keepalived,并配置nginx服务健康检测脚本
[root@host101 conf.d]# yum -y install keepalived [root@host101 conf.d]# cd /etc/keepalived/ [root@host101 keepalived]# cp keepalived.conf keepalived.conf.1 [root@host101 keepalived]# vim keepalived.conf global_defs { notification_email { abc@mail.com } notification_email_from abc@mail.com smtp_server smtp.mail.com smtp_connect_timeout 30 router_id HA_MASTER1 #表示运行keepalived服务器的一个标识,发邮件时显示在邮件主题中的信息 } vrrp_script chk_http_port { script "/usr/local/keepalived/nginx.sh" ####检测nginx状态的脚本链接 interval 2 weight 2 } vrrp_instance VI_2 { #vrrp实例 state MASTER #MASTER/BACKUP interface eno16777736 ####HA 监测网络接口 virtual_router_id 51 #虚拟路由标识,是一个数字,同一个VRRP实例使用唯一的标识,master和backup要一样 priority 100 #用于主从模式,优先级主高于100,从低于100 advert_int 1 #主备之间的通告间隔秒数 authentication { #认证用于主从模式,mater和backup配置一样 auth_type PASS ###主备切换时的验证 auth_pass 1111 #密码 } track_script { chk_http_port ### 执行监控的服务 } virtual_ipaddress { 192.168.1.200/24 dev eno16777736 label eno16777736:1 ###########虚拟ip } } [root@host101 keepalived]# mkdir -p /usr/local/keepalived [root@host101 keepalived]# vim /usr/local/keepalived/nginx.sh #!/bin/bash if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then killall keepalived fi [root@host101 keepalived]# chmod 755 /usr/local/keepalived/nginx.sh [root@host101 keepalived]# systemctl start keepalived [root@host101 keepalived]# ifconfig -a eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.101 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::20c:29ff:fefe:6f3 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:fe:06:f3 txqueuelen 1000 (Ethernet) eno16777736:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.200 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:fe:06:f3 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback)
5.在备nginx服务器上安装keepalived,并配置nginx服务健康检测脚本,与主略有不同
[root@host102 conf.d]# yum -y install keepalived [root@host102 conf.d]# cd /etc/keepalived/ [root@host102 keepalived]# cp keepalived.conf keepalived.conf.1 [root@host102 keepalived]# vim keepalived.conf global_defs { notification_email { abc@mail.com } notification_email_from abc@mail.com smtp_server smtp.mail.com smtp_connect_timeout 30 router_id HA_MASTER1 #表示运行keepalived服务器的一个标识,发邮件时显示在邮件主题中的信息 } vrrp_script chk_http_port { script "/usr/local/keepalived/nginx.sh" ####检测nginx状态的脚本链接 interval 2 weight 2 } vrrp_instance VI_2 { #vrrp实例 state BACKUP #MASTER/BACKUP interface eno16777736 ####HA 监测网络接口 virtual_router_id 51 #虚拟路由标识,是一个数字,同一个VRRP实例使用唯一的标识,master和backup要一样 priority 80 #用于主从模式,优先级主高于100,从低于100 advert_int 1 #主备之间的通告间隔秒数 authentication { #认证用于主从模式,mater和backup配置一样 auth_type PASS ###主备切换时的验证 auth_pass 1111 #密码 } track_script { chk_http_port ### 执行监控的服务 } virtual_ipaddress { 192.168.1.200/24 dev eno16777736 label eno16777736:1 ###########虚拟ip } } [root@host102 keepalived]# mkdir -p /usr/local/keepalived [root@host102 keepalived]# vim /usr/local/keepalived/nginx.sh #!/bin/bash if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then killall keepalived fi [root@host102 keepalived]# chmod 755 /usr/local/keepalived/nginx.sh [root@host102 keepalived]# systemctl start keepalived [root@host102 keepalived]# ifconfig -a eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.102 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::20c:29ff:fe87:fd0e prefixlen 64 scopeid 0x20<link> ether 00:0c:29:87:fd:0e txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback)
6.测试:通过浏览器访问测试http://192.168.1.200/,可发现流量在web1和web2之间跳转.
6.1测试关闭主nginx节点上的keepalived服务器,发绑定的vip在主节点消失
[root@host101 keepalived]# systemctl stop keepalived.service [root@host101 keepalived]# ifconfig -a eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.101 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::20c:29ff:fefe:6f3 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:fe:06:f3 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) vip在却在备节点上出现 [root@host102 keepalived]# ifconfig -a eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.102 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::20c:29ff:fe87:fd0e prefixlen 64 scopeid 0x20<link> ether 00:0c:29:87:fd:0e txqueuelen 1000 (Ethernet) eno16777736:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.200 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:87:fd:0e txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) 通过浏览器访问测试http://192.168.1.200/,可发现流量依然在web1和web2之间跳转。
6.2再次启动主节点的keepalived服务,发现vip又重新漂移会主节点
[root@host101 keepalived]# systemctl start keepalived.service [root@host101 keepalived]# ifconfig -a eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.101 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::20c:29ff:fefe:6f3 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:fe:06:f3 txqueuelen 1000 (Ethernet) eno16777736:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.200 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:fe:06:f3 txqueuelen 1000 (Ethernet) 通过浏览器访问测试http://192.168.1.200/,可发现流量依然在web1和web2之间跳转。
6.3关闭nginx主节点上的nginx服务,发现vip从主节点消失,keepalived服务关闭,vip在备节点上出现。
[root@host101 keepalived]# systemctl stop nginx.service [root@host101 keepalived]# ifconfig -a eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.101 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::20c:29ff:fefe:6f3 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:fe:06:f3 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) [root@host101 keepalived]# systemctl status keepalived keepalived.service - LVS and VRRP High Availability Monitor Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled) Active: inactive (dead) 通过浏览器访问测试http://192.168.1.200/,可发现流量依然在web1和web2之间跳转。
6.4再次启动主节点的nginx和keepalived服务后,VIP又漂回主节点。
[root@host101 keepalived]# systemctl start nginx.service [root@host101 keepalived]# systemctl start keepalived 通过浏览器访问测试http://192.168.1.200/,可发现流量依然在web1和web2之间跳转。
参考:
http://www.linuxdiyf.com/linux/12955.html
http://nginx.org/en/linux_packages.html
http://blog.csdn.net/e421083458/article/details/30086413
http://my.oschina.net/u/1458120/blog/208740