nginx+keepalived的高可用负载均衡集群构建

实验架构图:

nginx+keepalived的高可用负载均衡集群构建



实验环境


Nginx和Keepalived原理介绍

参考博客:http://467754239.blog.51cto.com/4878013/1541421

1、nginx

Nginx进程基于于Master+Slave(worker)多进程模型,自身具有非常稳定的子进程管理功能。在Master进程分配模式下,Master进程永远不进行业务处理,只是进行任务分发,

从而达到Master进程的存活高可靠性,Slave(worker)进程所有的业务信号都 由主进程发出,Slave(worker)进程所有的超时任务都会被Master中止,属于非阻塞式任务模型。


2、keepalived

Keepalived是Linux下面实现VRRP 备份路由的高可靠性运行件。基于Keepalived设计的服务模式能够真正做到主服务器和备份服务器故障时IP瞬间无缝交接,作用:

主要用作RealServer的健康状态检查以及LoadBalance主机和BackUP主机之间failover的实现


3、单点故障

Nginx有很强代理功能,但是一台nginx就形成了单点,现在使用keepalived来解决这个问题,keepalived的故障转移时间很短.

Nginx+keepalived双机实现nginx反向代理服务的高可用,一台nginx挂掉之后不影响应用也不影响内网访问外网.



4、此架构需要考虑的问题

1) Master没挂,则Master占有vip且nginx运行在Master上

2) Master挂了,则backup抢占vip且在backup上运行nginx服务

3) 如果master服务器上的nginx服务挂了,则vip资源转移到backup服务器上

4) 检测后端服务器的健康状态


5、叙述

Master和Backup两边都开启nginx服务,无论Master还是Backup,当其中的一个keepalived服务停止后,vip都会漂移到keepalived服务还在的节点上,

如果要想使nginx服务挂了,vip也漂移到另一个节点,则必须用脚本或者在配置文件里面用shell命令来控制。

首先必须明确后端服务器的健康状态检测keepalived在这种架构上是无法检测的,后端服务器的健康状态检测是有nginx来判断的,但是nginx的检测机制有一定的缺陷,后端服务器某一个宕机之后,nginx还是会分发请求给它,在一定的时间内后端服务响应不了,nginx则会发给另外一个服务器,然后当客户的请求来了,nginx会一段时间内不会把请求分发给已经宕机的服务器,但是过一段时间后,nginx还是会把分发请求发给宕机的服务器上。



实验实现:


HA高可用集群构建前提:

1.proxy和proxy2节点时间必须同步;

建议使用ntp协议进行;

参考博客:http://sohudrgon.blog.51cto.com/3088108/1598314


2、节点之间必须要通过主机名互相通信;

建议使用hosts文件;

通信中使用的名字必须与其节点为上“uname -n”命令展示出的名字保持一致;

[root@proxy ~]# cat /etc/hosts                        

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

172.16.0.1  server.magelinux.com server

172.16.31.52 proxy.stu31.com proxy

172.16.31.53 proxy2.stu31.com proxy2

172.16.31.50 tom1.stu31.com tom1

172.16.31.51 tom2.stu31.com tom2


3、节点之间彼此root用户能基于ssh密钥方式进行通信;

节点proxy:

# ssh-keygen -t rsa -P ""

# ssh-copy-id -i .ssh/id_rsa.pub proxy2

节点proxy2:

# ssh-keygen -t rsa -P ""

# ssh-copy-id -i .ssh/id_rsa.pub proxy


测试ssh无密钥通信:

[root@proxy ~]# date ; ssh proxy2 date

Fri Jan 16 15:38:36 CST 2015

Fri Jan 16 15:38:36 CST 2015



一.安装nginx

1.两个节点都安装nginx

# yum install nginx-1.6.2-1.el6.ngx.x86_64.rpm


2.分别在两台机器上创建不同的测试页面[为了测试]

[root@proxy ~]# echo "Page from nginx1 ,proxy" >/usr/share/nginx/html/index.html

[root@proxy2 ~]# echo "Page from nginx2 ,proxy2" >/usr/share/nginx/html/index.html


3.配置nginx的配置文件

配置nginx服务器将动态内容反向代理到后端tomcat服务器组,而静态内容直接访问本地的nginx服务器;


定义后端tomcat服务器组:

[root@proxy ~]# vim /etc/nginx/nginx.conf 

#添加如下后端服务器组

    upstream tcsrvs {

        ip_hash;

        server 172.16.31.50:8080;

        server 172.16.31.51:8080;

    }

定义反向代理:

[root@proxy nginx]# pwd

/etc/nginx

[root@proxy nginx]# vim conf.d/default.conf 

server {

    listen       80;

    server_name  localhost;

    #charset koi8-r;

    #access_log  /var/log/nginx/log/host.access.log  main;

    location / {

        root   /usr/share/nginx/html;

        index  index.html index.htm;

    }

    location ~* \.(jsp|do)$ {

        proxy_pass http://tcsrvs;

    }

}


3.启动nginx服务访问测试

静态内容是本地nginx提供的页面:

nginx+keepalived的高可用负载均衡集群构建


动态页面丢到后端的tomcat服务器了:

nginx+keepalived的高可用负载均衡集群构建





到节点tom1和tom2创建tomcat的测试页:

节点tom1:

[root@tom1 testapp]# pwd

/usr/local/tomcat/webapps/ROOT

[root@tom1 testapp]# vim index.jsp

<%@ page language="java" %>

<html>

  <head><title>TomcatA</title></head>

  <body>

    <h1><font color="red">TomcatA.stu31.com</font></h1>

    <table align="centre" border="1">

      <tr>

        <td>Session ID</td>

    <% session.setAttribute("stu31.com","stu31.com"); %>

        <td><%= session.getId() %></td>

      </tr>

      <tr>

        <td>Created on</td>

        <td><%= session.getCreationTime() %></td>

     </tr>

    </table>

  </body>

</html>


节点tom2:

[root@tom2 testapp]# pwd

/usr/local/tomcat/webapps/ROOT

[root@tom2 testapp]# vim index.jsp

<%@ page language="java" %>

<html>

  <head><title>TomcatB </title></head>

  <body>

    <h1><font color="red">TomcatB.stu31.com</font></h1>

    <table align="centre" border="1">

      <tr>

        <td>Session ID</td>

    <% session.setAttribute("stu31.com","stu31.com"); %>

        <td><%= session.getId() %></td>

      </tr>

      <tr>

        <td>Created on</td>

        <td><%= session.getCreationTime() %></td>

     </tr>

    </table>

  </body>

</html>


复制配置文件到节点proxy2:

[root@proxy nginx]# scp nginx.conf proxy2:/etc/nginx/

nginx.conf                                    100%  740     0.7KB/s   00:00    

[root@proxy nginx]# scp conf.d/default.conf proxy2:/etc/nginx/conf.d/

default.conf                                  100% 1167     1.1KB/s   00:00


二.keepalived安装与配置

CentOS 6.6 是1.2.13版本的keepalived,已经够用了,最新版本的keepalived是1.2.15;

1.两个节点安装keepalived软件

# yum install -y keepalived


2.配置keepalived

修改keepalived配置文件

keepalived的文件路径/etc/keepalived/keepalived.conf 


主节点MASTER node:

! Configuration File for keepalived   #全局定义  

  

global_defs {

   notification_email {               #指定keepalived在发生事件时(比如切换),需要发送的email对象,可以多个,每行一个 

     root@stu31.com

   }

   notification_email_from kaadmin@stu31.com

   smtp_server 127.0.0.1              #指定发送email的smtp服务器

   smtp_connect_timeout 30

   router_id LVS_DEVEL                #运行keepalived的机器的一个标识

}

  

vrrp_instance VI_1 {

    state MASTER               #为主服务器

    interface eth0             #监听的本地网卡接口

    virtual_router_id 100      #主辅virtual_router_id号必须相同

    mcast_src_ip=172.16.31.52  #主nginx的ip地址

    priority 100               #优先级为100,此值越大优先级越大 就为master 权重值

    advert_int 1               #VRRP Multicast 广播周期秒数;心跳检测时间,单位秒

    authentication {

        auth_type PASS         #vrrp认证方式

        auth_pass oracle       #vrrp口令

    }

    virtual_ipaddress {        #VRRP HA 虚拟地址 如果有多个VIP,继续换行填写

        172.16.31.188/24 dev eth0 

    }

}



备用节点BACKUP node:

global_defs {

        notification_email {

                root@stu31.com

        }

        notification_email_from kaadmin@stu31.com

        smtp_server 127.0.0.1

        smtp_connect_timeout 30

        router_id LVS_DEVEL

}

vrrp_instance  VI_1 {

        state BACKUP

        interface eth0

        virtual_router_id 100

        mcast_src_ip=172.16.31.53

        priority 99

        advert_int 1

        authentication {

                auth_type PASS

                auth_pass oracle

        }

        virutal_ipaddress {

                172.16.31.188/24 dev eth0 

        }

}


3.启动keepalived服务

设置keepalived开机启动:

# chkconfig keepalived on


启动两个节点的keepalived服务:

[root@proxy ~]# service keepalived start ; ssh proxy2 "service keepalived start"



4.查看vip状态

#首先在master节点上查看vip的状态

[root@proxy keepalived]# ip addr show eth0

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 08:00:27:3b:23:60 brd ff:ff:ff:ff:ff:ff

    inet 172.16.31.52/16 brd 172.16.255.255 scope global eth0

    inet 172.16.31.188/16 scope global secondary eth0

    inet6 fe80::a00:27ff:fe3b:2360/64 scope link 

       valid_lft forever preferred_lft forever

  

#其次在backup节点上查看vip的状态

[root@proxy2 keepalived]# ip addr show eth0

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 08:00:27:6e:bd:28 brd ff:ff:ff:ff:ff:ff

    inet 172.16.31.53/16 brd 172.16.255.255 scope global eth0

    inet6 fe80::a00:27ff:fe6e:bd28/64 scope link 

       valid_lft forever preferred_lft forever



5.查看keepalived服务启动后选举VIP的过程日志:

MASTER节点的日志:

当启动keepalived服务的时候,会根据配置文件的优先级来竞选谁为master,从日志来看172.16.31.52竞选master

[root@proxy keepalived]# tail -f /var/log/messages 

Jan 16 16:31:06 proxy Keepalived[5807]: Starting Keepalived v1.2.13 (10/15,2014)

Jan 16 16:31:06 proxy Keepalived[5809]: Starting Healthcheck child process, pid=5811

Jan 16 16:31:06 proxy Keepalived[5809]: Starting VRRP child process, pid=5812

Jan 16 16:31:06 proxy Keepalived_healthcheckers[5811]: Netlink reflector reports IP 172.16.31.52 added

Jan 16 16:31:06 proxy Keepalived_healthcheckers[5811]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 added

Jan 16 16:31:06 proxy Keepalived_vrrp[5812]: Netlink reflector reports IP 172.16.31.52 added

Jan 16 16:31:06 proxy Keepalived_healthcheckers[5811]: Registering Kernel netlink reflector

Jan 16 16:31:06 proxy Keepalived_healthcheckers[5811]: Registering Kernel netlink command channel

Jan 16 16:31:06 proxy Keepalived_vrrp[5812]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 added

Jan 16 16:31:06 proxy Keepalived_vrrp[5812]: Registering Kernel netlink reflector

Jan 16 16:31:06 proxy Keepalived_vrrp[5812]: Registering Kernel netlink command channel

Jan 16 16:31:06 proxy Keepalived_vrrp[5812]: Registering gratuitous ARP shared channel

Jan 16 16:31:06 proxy Keepalived_healthcheckers[5811]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 16:31:06 proxy Keepalived_vrrp[5812]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 16:31:06 proxy Keepalived_vrrp[5812]: Configuration is using : 62912 Bytes

Jan 16 16:31:06 proxy Keepalived_vrrp[5812]: Using LinkWatch kernel netlink reflector...

Jan 16 16:31:06 proxy Keepalived_vrrp[5812]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]

Jan 16 16:31:06 proxy Keepalived_healthcheckers[5811]: Configuration is using : 7455 Bytes

Jan 16 16:31:06 proxy Keepalived_healthcheckers[5811]: Using LinkWatch kernel netlink reflector...

Jan 16 16:31:06 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) Transition to MASTER STATE

Jan 16 16:31:07 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) Entering MASTER STATE

Jan 16 16:31:07 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) setting protocol VIPs.

Jan 16 16:31:07 proxy Keepalived_healthcheckers[5811]: Netlink reflector reports IP 172.16.31.188 added

Jan 16 16:31:07 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188

Jan 16 16:31:07 proxy Keepalived_vrrp[5812]: receive an invalid ip number count associated with VRID!

Jan 16 16:31:07 proxy Keepalived_vrrp[5812]: bogus VRRP packet received on eth0 !!!

Jan 16 16:31:07 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) Dropping received VRRP packet...

Jan 16 16:31:08 proxy Keepalived_vrrp[5812]: receive an invalid ip number count associated with VRID!

Jan 16 16:31:08 proxy Keepalived_vrrp[5812]: bogus VRRP packet received on eth0 !!!

Jan 16 16:31:08 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) Dropping received VRRP packet...

Jan 16 16:31:09 proxy Keepalived_vrrp[5812]: receive an invalid ip number count associated with VRID!

Jan 16 16:31:09 proxy Keepalived_vrrp[5812]: bogus VRRP packet received on eth0 !!!

Jan 16 16:31:09 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) Dropping received VRRP packet...

Jan 16 16:31:12 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188



BACKUP节点的日志;

由于优先级低,就成为了备用节点;

[root@proxy2 keepalived]# tail -f /var/log/messages 

Jan 16 16:31:09 proxy2 Keepalived[2176]: Starting Keepalived v1.2.13 (10/15,2014)

Jan 16 16:31:09 proxy2 Keepalived[2178]: Starting Healthcheck child process, pid=2180

Jan 16 16:31:09 proxy2 Keepalived[2178]: Starting VRRP child process, pid=2181

Jan 16 16:31:09 proxy2 Keepalived_healthcheckers[2180]: Netlink reflector reports IP 172.16.31.53 added

Jan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Netlink reflector reports IP 172.16.31.53 added

Jan 16 16:31:09 proxy2 Keepalived_healthcheckers[2180]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 added

Jan 16 16:31:09 proxy2 Keepalived_healthcheckers[2180]: Registering Kernel netlink reflector

Jan 16 16:31:09 proxy2 Keepalived_healthcheckers[2180]: Registering Kernel netlink command channel

Jan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 added

Jan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Registering Kernel netlink reflector

Jan 16 16:31:09 proxy2 Keepalived_healthcheckers[2180]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Registering Kernel netlink command channel

Jan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Registering gratuitous ARP shared channel

Jan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 16:31:09 proxy2 Keepalived_healthcheckers[2180]: Configuration is using : 7455 Bytes

Jan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Configuration is using : 62912 Bytes

Jan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Using LinkWatch kernel netlink reflector...

Jan 16 16:31:09 proxy2 Keepalived_healthcheckers[2180]: Using LinkWatch kernel netlink reflector...

Jan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: VRRP_Instance(VI_1) Entering BACKUP STATE

Jan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]


6.我们停止MASTER节点的keepalived服务,那么BACKUP节点会成为主节点。

主节点停止keepalived服务:

[root@proxy keepalived]# service keepalived stop

Stopping keepalived:                                       [  OK  ]


我们通过日志来查看自动切换的过程:

主节点的VIP自动移除:

[root@proxy keepalived]# tail -f /var/log/messages 

Jan 16 16:37:33 proxy Keepalived[5809]: Stopping Keepalived v1.2.13 (10/15,2014)

Jan 16 16:37:33 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) sending 0 priority

Jan 16 16:37:33 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) removing protocol VIPs.

Jan 16 16:37:33 proxy Keepalived_healthcheckers[5811]: Netlink reflector reports IP 172.16.31.188 removed


备用节点自动竞选成主节点,获取VIP:

[root@proxy2 keepalived]# tail -f /var/log/messages 

Jan 16 16:37:34 proxy2 Keepalived_vrrp[2181]: VRRP_Instance(VI_1) Transition to MASTER STATE

Jan 16 16:37:35 proxy2 Keepalived_vrrp[2181]: VRRP_Instance(VI_1) Entering MASTER STATE

Jan 16 16:37:35 proxy2 Keepalived_vrrp[2181]: VRRP_Instance(VI_1) setting protocol VIPs.

Jan 16 16:37:35 proxy2 Keepalived_vrrp[2181]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188

Jan 16 16:37:35 proxy2 Keepalived_healthcheckers[2180]: Netlink reflector reports IP 172.16.31.188 added

Jan 16 16:37:40 proxy2 Keepalived_vrrp[2181]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188


7.我们将主节点重新启动,并测试节点主备切换时间:

[root@proxy keepalived]# service keepalived start

Starting keepalived:                                       [  OK  ]


我在物理机上测试主备切换时间,间隔差不多一秒钟左右:

C:\Users\GuoGang>ping -t 172.16.31.188

正在 Ping 172.16.31.188 具有 32 字节的数据:

来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64

来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64

来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64

请求超时。

来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64

来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64

来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64

来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64

来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64

172.16.31.188 的 Ping 统计信息:

    数据包: 已发送 = 9,已接收 = 8,丢失 = 1 (11% 丢失),


8.更改DNS服务器的IP为虚拟ip

DNS服务器构建请参考博客:http://sohudrgon.blog.51cto.com/3088108/1588344


# vim /var/named/stu31.com.zone 

$TTL 600

$ORIGIN stu31.com.

@       IN      SOA     ns1.stu31.com.  root.stu31.com. (

                        2014121801

                        1D

                        5M

                        1W

                        1H)

@       IN      NS      ns1.stu31.com.

ns1     IN      A       172.16.31.52

www     IN      A       172.16.31.188


重启named服务器;


9.访问测试:

nginx+keepalived的高可用负载均衡集群构建



nginx+keepalived的高可用负载均衡集群构建




三.Keepalived服务根据nginx状态实现自动切换配置


1.默认情况下,keepalived工作模式并不能直接监控nginx服务,只有当keepalived服务挂掉后才能主备切换,nginx服务挂掉后不能实现主备服务器的切换,但是我们的目的就是要实现nginx服务keepalived挂掉后,都要主备切换。


以上有两种方法可以实现

A.keepalived配置文件中可以支持shell脚本,写个监听nginx服务的脚本就可以了

B.单独写个脚本来监听nginx和keepalived服务

keepalived的样板文件中有配置文件专门探测服务正常与否:

[root@proxy keepalived]# ls /usr/share/doc/keepalived-1.2.13/samples/

keepalived.conf.fwmark          keepalived.conf.track_interface

keepalived.conf.HTTP_GET.port   keepalived.conf.virtualhost

keepalived.conf.inhibit         keepalived.conf.virtual_server_group

keepalived.conf.IPv6            keepalived.conf.vrrp

keepalived.conf.misc_check      keepalived.conf.vrrp.localcheck

keepalived.conf.misc_check_arg  keepalived.conf.vrrp.lvs_syncd

keepalived.conf.quorum          keepalived.conf.vrrp.routes

keepalived.conf.sample          keepalived.conf.vrrp.scripts

keepalived.conf.SMTP_CHECK      keepalived.conf.vrrp.static_ipaddress

keepalived.conf.SSL_GET         keepalived.conf.vrrp.sync

keepalived.conf.status_code     sample.misccheck.smbcheck.sh

就是keepalived.conf.vrrp.localcheck这个样例文件中讲解了所有的探测服务正常与否的方法;




2.基于第一种情况我们在keepalived的配置文件中加入如下探测nginx服务是否正常:

主备节点都需要添加:

vrrp_script 

chk_nginx {               #检测nginx服务是否在运行有很多方式,比如进程,用脚本检测等等 

   script "killall -0 nginx"  #用shell命令检查nginx服务是否存在 

   interval 1                 #时间间隔为1秒检测一次 

   weight -2                  #当nginx的服务不存在了,就把当前的权重-2 

   fall 2                     #测试失败的次数 

   rise 1                     #测试成功的次数 

然后在vrrp_instance配置段中引用定义的脚本名称;

track_script { 

    chk_nginx   #引用上面的vrrp_script定义的脚本名称 

}


实例测试:

MASTER节点的配置文件:

[root@proxy keepalived]# cat keepalived.conf

global_defs {

        notification_email {

                root@stu31.com

        }

        notification_email_from kaadmin@stu31.com

        smtp_server 127.0.0.1

        smtp_connect_timeout 30

        router_id LVS_DEVEL

}

vrrp_script chk_nginx {               #检测nginx服务是否在运行有很多方式,比如进程,用脚本检测等等 

   script "killall -0 nginx"  #用shell命令检查nginx服务是否存在 

   interval 1                 #时间间隔为1秒检测一次 

   weight -2                  #当nginx的服务不存在了,就把当前的权重-2 

   fall 2                     #测试失败的次数 

   rise 1                     #测试成功的次数 

vrrp_instance  VI_1 {

        state MASTER

        interface eth0

        virtual_router_id 100

        mcast_src_ip=172.16.31.52

        priority 100

        advert_int 1

        authentication {

                auth_type PASS

                auth_pass oracle

        }

        virtual_ipaddress {

                172.16.31.188/16 dev eth0 

        }

        track_script { 

                chk_nginx   #引用上面的vrrp_script定义的脚本名称 

        } 

}


BACKUP节点的配置文件:

[root@proxy2 keepalived]# cat keepalived.conf

global_defs {

        notification_email {

                root@stu31.com

        }

        notification_email_from kaadmin@stu31.com

        smtp_server 127.0.0.1

        smtp_connect_timeout 30

        router_id LVS_DEVEL

}

vrrp_script chk_nginx {               #检测nginx服务是否在运行有很多方式,比如进程,用脚本检测等等 

   script "killall -0 nginx"  #用shell命令检查nginx服务是否存在 

   interval 1                 #时间间隔为1秒检测一次 

   weight -2                  #当nginx的服务不存在了,就把当前的权重-2 

   fall 2                     #测试失败的次数 

   rise 1                     #测试成功的次数 

vrrp_instance  VI_1 {

        state BACKUP

        interface eth0

        virtual_router_id 100

        mcast_src_ip=172.16.31.53

        priority 99

        advert_int 1

        authentication {

                auth_type PASS

                auth_pass oracle

        }

        virtual_ipaddress {

                172.16.31.188/16 dev eth0 

        }

        track_script { 

                chk_nginx   #引用上面的vrrp_script定义的脚本名称 

        } 

}


重启keepalived服务;我们将主节点的nginx服务停止;测试keepalived服务是否自动切换到备用节点:

重启服务;

[root@proxy keepalived]# service keepalived restart ; ssh proxy2 "service keepalived restart"

Stopping keepalived:                                       [  OK  ]

Starting keepalived:                                       [  OK  ]

Stopping keepalived: [  OK  ]

Starting keepalived: [  OK  ]


查看日志可以发现已经在检查nginx服务了:

MASTE节点的启动日志:

[root@proxy keepalived]# tail -f /var/log/messages 

Jan 16 17:18:02 proxy Keepalived[6098]: Starting Keepalived v1.2.13 (10/15,2014)

Jan 16 17:18:02 proxy Keepalived[6100]: Starting Healthcheck child process, pid=6102

Jan 16 17:18:02 proxy Keepalived[6100]: Starting VRRP child process, pid=6104

Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: Netlink reflector reports IP 172.16.31.52 added

Jan 16 17:18:02 proxy Keepalived_healthcheckers[6102]: Netlink reflector reports IP 172.16.31.52 added

Jan 16 17:18:02 proxy Keepalived_healthcheckers[6102]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 added

Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 added

Jan 16 17:18:02 proxy Keepalived_healthcheckers[6102]: Registering Kernel netlink reflector

Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: Registering Kernel netlink reflector

Jan 16 17:18:02 proxy Keepalived_healthcheckers[6102]: Registering Kernel netlink command channel

Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: Registering Kernel netlink command channel

Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: Registering gratuitous ARP shared channel

Jan 16 17:18:02 proxy Keepalived_healthcheckers[6102]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 17:18:02 proxy Keepalived_healthcheckers[6102]: Configuration is using : 7495 Bytes

Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: Configuration is using : 65170 Bytes

Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: Using LinkWatch kernel netlink reflector...

Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]

Jan 16 17:18:02 proxy Keepalived_healthcheckers[6102]: Using LinkWatch kernel netlink reflector...

Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: VRRP_Script(chk_nginx) succeeded

Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) Transition to MASTER STATE

Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election

Jan 16 17:18:03 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) Entering MASTER STATE

Jan 16 17:18:03 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) setting protocol VIPs.

Jan 16 17:18:03 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188

Jan 16 17:18:03 proxy Keepalived_healthcheckers[6102]: Netlink reflector reports IP 172.16.31.188 added



BACKUP节点的启动日志:

[root@proxy2 keepalived]# tail -f /var/log/messages 

Jan 16 17:18:03 proxy2 Keepalived[25883]: Starting Keepalived v1.2.13 (10/15,2014)

Jan 16 17:18:03 proxy2 Keepalived[25885]: Starting Healthcheck child process, pid=25887

Jan 16 17:18:03 proxy2 Keepalived[25885]: Starting VRRP child process, pid=25888

Jan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Netlink reflector reports IP 172.16.31.53 added

Jan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 added

Jan 16 17:18:03 proxy2 Keepalived_healthcheckers[25887]: Netlink reflector reports IP 172.16.31.53 added

Jan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Registering Kernel netlink reflector

Jan 16 17:18:03 proxy2 Keepalived_healthcheckers[25887]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 added

Jan 16 17:18:03 proxy2 Keepalived_healthcheckers[25887]: Registering Kernel netlink reflector

Jan 16 17:18:03 proxy2 Keepalived_healthcheckers[25887]: Registering Kernel netlink command channel

Jan 16 17:18:03 proxy2 Keepalived_healthcheckers[25887]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Registering Kernel netlink command channel

Jan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Registering gratuitous ARP shared channel

Jan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 17:18:03 proxy2 Keepalived_healthcheckers[25887]: Configuration is using : 7495 Bytes

Jan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Configuration is using : 65170 Bytes

Jan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Using LinkWatch kernel netlink reflector...

Jan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) Entering BACKUP STATE

Jan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]

Jan 16 17:18:03 proxy2 Keepalived_healthcheckers[25887]: Using LinkWatch kernel netlink reflector...

Jan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: VRRP_Script(chk_nginx) succeeded

只是检测了nginx服务;



我们在MASTER节点关闭nginx服务后观察:

[root@proxy keepalived]# service nginx stop

Stopping nginx:                                            [  OK  ]


观察日志,主节点检查服务失败,移除VIP地址;

MASTE节点的启动日志:

[root@proxy keepalived]# tail -f /var/log/messages 

Jan 16 17:21:20 proxy Keepalived_vrrp[6104]: VRRP_Script(chk_nginx) failed

Jan 16 17:21:22 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) Received higher prio advert

Jan 16 17:21:22 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) Entering BACKUP STATE

Jan 16 17:21:22 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) removing protocol VIPs.

Jan 16 17:21:22 proxy Keepalived_healthcheckers[6102]: Netlink reflector reports IP 172.16.31.188 removed



备用节点检查nginx服务正常,进行自动加载VIP:

[root@proxy2 keepalived]# tail -f /var/log/messages 

Jan 16 17:21:22 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) forcing a new MASTER election

Jan 16 17:21:22 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) forcing a new MASTER election

Jan 16 17:21:23 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) Transition to MASTER STATE

Jan 16 17:21:24 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) Entering MASTER STATE

Jan 16 17:21:24 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) setting protocol VIPs.

Jan 16 17:21:24 proxy2 Keepalived_healthcheckers[25887]: Netlink reflector reports IP 172.16.31.188 added

Jan 16 17:21:24 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188

Jan 16 17:21:29 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188


至此,内置检测脚本测试服务正常与否的设置就成功。



3.基于第二种情况,我们单独写一个脚本来探测nginx服务是否正常;探测nginx进程正常与否

我们需要跟上面的设置区分开来,如果使用独立脚本,上面的内置脚本就不用设置了。

#vim nginxpidcheck.sh

#!/bin/bash 

while  : 

do 

 nginxpid=`ps -C nginx --no-header | wc -l` 

 if [ $nginxpid -eq 0 ];then 

  /usr/local/nginx/sbin/nginx 

  sleep 5 

  nginxpid=`ps -C nginx --no-header | wc -l` 

  echo $nginxpid 

    if [ $nginxpid -eq 0 ];then 

 /etc/init.d/keepalived stop 

   fi 

 fi 

 sleep 5 

done


我们将脚本制定为任务计划运行即可,我们测试就直接交给后台自动运行:


这是一个无限循环的脚本,放在主Nginx机器上(因为目前主要是由它提供服务),每隔5秒执行一次,用ps -C 命令来收集nginx的PID值到底是否为0,如果是0的话(即Nginx进程死掉了),尝试启动nginx进程;如果继续为0,即nginx启动失改, 则关闭本机的Keeplaived进程,VIP地址则会由备机接管,当然了,整个网站就会由备机的Nginx来提供服务了,这样保证Nginx进程的高可用。



实例测试:


我们将脚本放在/etc/keepalived目录下,两个节点都存放:

[root@proxy2 keepalived]# ls

keepalived.conf   nginxpidcheck.sh

直接交给后台自动运行,两个节点都运行:

#nohup sh /etc/keepalived/nginxpidcheck.sh &


我们停止主节点的nginx服务:

[root@proxy keepalived]# service nginx stop

Stopping nginx:                                            [  OK  ]



观察日志查看主备切换过程成功与否:


MASTE节点的启动日志:

[root@proxy keepalived]# tail -f /var/log/messages 

Jan 16 17:33:37 proxy Keepalived[7221]: Stopping Keepalived v1.2.13 (10/15,2014)

Jan 16 17:33:37 proxy Keepalived_vrrp[7225]: VRRP_Instance(VI_1) sending 0 priority

Jan 16 17:33:37 proxy Keepalived_vrrp[7225]: VRRP_Instance(VI_1) removing protocol VIPs.

Jan 16 17:33:37 proxy Keepalived_healthcheckers[7224]: Netlink reflector reports IP 172.16.31.188 removed

VIP移除了;


备用节点检查nginx服务正常,进行自动加载VIP:

[root@proxy2 keepalived]# tail -f /var/log/messages 

Jan 16 17:33:37 proxy2 Keepalived_vrrp[26984]: VRRP_Instance(VI_1) Transition to MASTER STATE

Jan 16 17:33:38 proxy2 Keepalived_vrrp[26984]: VRRP_Instance(VI_1) Entering MASTER STATE

Jan 16 17:33:38 proxy2 Keepalived_vrrp[26984]: VRRP_Instance(VI_1) setting protocol VIPs.

Jan 16 17:33:38 proxy2 Keepalived_healthcheckers[26983]: Netlink reflector reports IP 172.16.31.188 added

Jan 16 17:33:38 proxy2 Keepalived_vrrp[26984]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188

Jan 16 17:33:43 proxy2 Keepalived_vrrp[26984]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188


访问测试,静态内容是转到了节点proxy2上了:

nginx+keepalived的高可用负载均衡集群构建


4.基于邮件通知形式的自动切换主备节点的脚本构建

邮件通知脚本构建:将脚本放置在/etc/keepalived/下,两个节点都需要创建


[root@proxy keepalived]# vim notify.sh

#!/bin/bash

vip=172.16.31.188

contact='root@localhost'

notify() {

    mailsubject="`hostname` to be $1: $vip floating"

    mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"

    echo $mailbody | mail -s "$mailsubject" $contact

}

case "$1" in

    master)

        notify master

        /etc/rc.d/init.d/nginx start

        exit 0

    ;;

    backup)

        notify backup

        /etc/rc.d/init.d/nginx stop

        exit 0

    ;;

    fault)

        notify fault

        /etc/rc.d/init.d/nginx stop

        exit 0

    ;;

    *)

        echo 'Usage: `basename $0` {master|backup|fault}'

        exit 1

    ;;

esac


如果是主MASTER节点,我们就启动nginx服务;如果是BACKUP备用节点我们就停止nginx服务;如果节点故障,我们停止nginx服务;

需要在keepalived配置文件中进行脚本调用:

MASTER节点:

[root@proxy keepalived]# cat keepalived.conf

global_defs {

        notification_email {

                root@stu31.com

        }

        notification_email_from kaadmin@stu31.com

        smtp_server 127.0.0.1

        smtp_connect_timeout 30

        router_id LVS_DEVEL

}

vrrp_script chk_maintance_down {    #检查脚本,如果存在down这个文件,就将节点的权重减5

        script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"

        interval 1    #时间间隔为1秒检测一次 

        weight  -5    #当nginx的服务不存在了,就把当前的权重-5 

}

vrrp_instance  VI_1 {

        state MASTER

        interface eth0

        virtual_router_id 100

        mcast_src_ip=172.16.31.52

        priority 100

        advert_int 1

        authentication {

                auth_type PASS

                auth_pass oracle

        }

        virtual_ipaddress {

                172.16.31.188/16 dev eth0 

        }

        track_script {

                chk_maintance_down  #引用上面的vrrp_script定义的脚本名称 

        }

        #如果脚本检查到节点是主节点,就邮件通知管理员,并启动nginx服务器

        notify_master "/etc/keepalived/notify.sh master"

        #如果脚本检查到节点是备用节点,就邮件通知管理员,并停止nginx服务器

        notify_backup "/etc/keepalived/notify.sh backup"

        #如果脚本检查到节点是故障节点,就邮件通知管理员,并停止nginx服务器

        notify_fault "/etc/keepalived/notify.sh fault"

}


BACKUP节点也设置如下:

[root@proxy2 keepalived]# cat keepalived.conf

global_defs {

        notification_email {

                root@stu31.com

        }

        notification_email_from kaadmin@stu31.com

        smtp_server 127.0.0.1

        smtp_connect_timeout 30

        router_id LVS_DEVEL

}

vrrp_script chk_maintance_down {

        script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"

        interval 1

        weight  -5

}

vrrp_instance  VI_1 {

        state BACKUP

        interface eth0

        virtual_router_id 100

        mcast_src_ip=172.16.31.53

        priority 99

        advert_int 1

        authentication {

                auth_type PASS

                auth_pass oracle

        }

        virtual_ipaddress {

                172.16.31.188/16 dev eth0 

        }

        track_script {

                chk_maintance_down

        }

        notify_master "/etc/keepalived/notify.sh master"

        notify_backup "/etc/keepalived/notify.sh backup"

        notify_fault "/etc/keepalived/notify.sh fault"

}


我们重启keepalived服务器;观察节点的选举情况,

MASTER节点的日志:

[root@proxy keepalived]# tail -f /var/log/messages 

Jan 16 18:09:36 proxy Keepalived[10991]: Starting Keepalived v1.2.13 (10/15,2014)

Jan 16 18:09:36 proxy Keepalived[10993]: Starting Healthcheck child process, pid=10996

Jan 16 18:09:36 proxy Keepalived[10993]: Starting VRRP child process, pid=10997

Jan 16 18:09:36 proxy Keepalived_healthcheckers[10996]: Netlink reflector reports IP 172.16.31.52 added

Jan 16 18:09:36 proxy Keepalived_healthcheckers[10996]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 added

Jan 16 18:09:36 proxy Keepalived_healthcheckers[10996]: Registering Kernel netlink reflector

Jan 16 18:09:36 proxy Keepalived_healthcheckers[10996]: Registering Kernel netlink command channel

Jan 16 18:09:36 proxy Keepalived_healthcheckers[10996]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 18:09:36 proxy Keepalived_healthcheckers[10996]: Configuration is using : 7599 Bytes

Jan 16 18:09:36 proxy Keepalived_vrrp[10997]: Netlink reflector reports IP 172.16.31.52 added

Jan 16 18:09:36 proxy Keepalived_vrrp[10997]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 added

Jan 16 18:09:36 proxy Keepalived_vrrp[10997]: Registering Kernel netlink reflector

Jan 16 18:09:36 proxy Keepalived_vrrp[10997]: Registering Kernel netlink command channel

Jan 16 18:09:36 proxy Keepalived_vrrp[10997]: Registering gratuitous ARP shared channel

Jan 16 18:09:36 proxy Keepalived_healthcheckers[10996]: Using LinkWatch kernel netlink reflector...

Jan 16 18:09:36 proxy Keepalived_vrrp[10997]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 18:09:36 proxy Keepalived_vrrp[10997]: Configuration is using : 65356 Bytes

Jan 16 18:09:36 proxy Keepalived_vrrp[10997]: Using LinkWatch kernel netlink reflector...

Jan 16 18:09:36 proxy Keepalived_vrrp[10997]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]

#检查出无down这个文件;

Jan 16 18:09:36 proxy Keepalived_vrrp[10997]: VRRP_Script(chk_maintance_down) succeeded

Jan 16 18:09:37 proxy Keepalived_vrrp[10997]: VRRP_Instance(VI_1) Transition to MASTER STATE

Jan 16 18:09:38 proxy Keepalived_vrrp[10997]: VRRP_Instance(VI_1) Entering MASTER STATE

Jan 16 18:09:38 proxy Keepalived_vrrp[10997]: VRRP_Instance(VI_1) setting protocol VIPs.

Jan 16 18:09:38 proxy Keepalived_vrrp[10997]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188

Jan 16 18:09:38 proxy Keepalived_healthcheckers[10996]: Netlink reflector reports IP 172.16.31.188 added

Jan 16 18:09:43 proxy Keepalived_vrrp[10997]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188



BACKUP节点的日志:

[root@proxy2 keepalived]# tail -f /var/log/messages 

Jan 16 18:09:36 proxy2 Keepalived[29190]: Starting Keepalived v1.2.13 (10/15,2014)

Jan 16 18:09:36 proxy2 Keepalived[29192]: Starting Healthcheck child process, pid=29194

Jan 16 18:09:36 proxy2 Keepalived[29192]: Starting VRRP child process, pid=29195

Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Netlink reflector reports IP 172.16.31.53 added

Jan 16 18:09:36 proxy2 Keepalived_healthcheckers[29194]: Netlink reflector reports IP 172.16.31.53 added

Jan 16 18:09:36 proxy2 Keepalived_healthcheckers[29194]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 added

Jan 16 18:09:36 proxy2 Keepalived_healthcheckers[29194]: Registering Kernel netlink reflector

Jan 16 18:09:36 proxy2 Keepalived_healthcheckers[29194]: Registering Kernel netlink command channel

Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 added

Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Registering Kernel netlink reflector

Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Registering Kernel netlink command channel

Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Registering gratuitous ARP shared channel

Jan 16 18:09:36 proxy2 Keepalived_healthcheckers[29194]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 18:09:36 proxy2 Keepalived_healthcheckers[29194]: Configuration is using : 7599 Bytes

Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Configuration is using : 65356 Bytes

Jan 16 18:09:36 proxy2 Keepalived_healthcheckers[29194]: Using LinkWatch kernel netlink reflector...

Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Using LinkWatch kernel netlink reflector...

Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: VRRP_Instance(VI_1) Entering BACKUP STATE

Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]

Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: VRRP_Script(chk_maintance_down) succeeded

Jan 16 18:09:43 proxy2 Keepalived[29192]: Stopping Keepalived v1.2.13 (10/15,2014)



查看邮件:

MASTER主节点的邮件:

[root@proxy keepalived]# mail

Heirloom Mail version 12.4 7/29/08.  Type ? for help.

"/var/spool/mail/root": 2 messages 2 new

>N  1 root                  Fri Jan 16 18:08  18/696   "proxy.stu31.com to be master: 172.16.31.188 floating"

 N  2 root                  Fri Jan 16 18:09  18/696   "proxy.stu31.com to be master: 172.16.31.188 floating"

& 2

Message  2:

From root@proxy.stu31.com  Fri Jan 16 18:09:38 2015

Return-Path: <root@proxy.stu31.com>

X-Original-To: root@localhost

Delivered-To: root@localhost.stu31.com

Date: Fri, 16 Jan 2015 18:09:38 +0800

To: root@localhost.stu31.com

Subject: proxy.stu31.com to be master: 172.16.31.188 floating

User-Agent: Heirloom mailx 12.4 7/29/08

Content-Type: text/plain; charset=us-ascii

From: root@proxy.stu31.com (root)

Status: R

2015-01-16 18:09:38: vrrp transition, proxy.stu31.com changed to be master



备用节点的邮件:

[root@proxy2 keepalived]# mail

Heirloom Mail version 12.4 7/29/08.  Type ? for help.

"/var/spool/mail/root": 2 messages 2 new

>N  1 root                  Fri Jan 16 18:08  18/703   "proxy2.stu31.com to be backup: 172.16.31.188 floating"

 N  2 root                  Fri Jan 16 18:09  18/703   "proxy2.stu31.com to be backup: 172.16.31.188 floating"

& 2

Message  2:

From root@proxy2.stu31.com  Fri Jan 16 18:09:36 2015

Return-Path: <root@proxy2.stu31.com>

X-Original-To: root@localhost

Delivered-To: root@localhost.stu31.com

Date: Fri, 16 Jan 2015 18:09:36 +0800

To: root@localhost.stu31.com

Subject: proxy2.stu31.com to be backup: 172.16.31.188 floating

User-Agent: Heirloom mailx 12.4 7/29/08

Content-Type: text/plain; charset=us-ascii

From: root@proxy2.stu31.com (root)

Status: R

2015-01-16 18:09:36: vrrp transition, proxy2.stu31.com changed to be backup


我们在主节点的/etc/keepalived/目录下创建一个down文件,来观察主节点是否会切换到备用节点:

[root@proxy keepalived]# touch down


查看主节点日志:

MASTER节点的日志:

[root@proxy keepalived]# tail -f /var/log/messages 

Jan 16 19:09:10 proxy Keepalived_vrrp[20675]: VRRP_Script(chk_maintance_down) failed

Jan 16 19:09:12 proxy Keepalived_vrrp[20675]: VRRP_Instance(VI_1) Received higher prio advert

Jan 16 19:09:12 proxy Keepalived_vrrp[20675]: VRRP_Instance(VI_1) Entering BACKUP STATE

Jan 16 19:09:12 proxy Keepalived_vrrp[20675]: VRRP_Instance(VI_1) removing protocol VIPs.

Jan 16 19:09:12 proxy Keepalived_healthcheckers[20674]: Netlink reflector reports IP 172.16.31.188 removed


BACKUP节点的日志:

[root@proxy2 keepalived]# tail -f /var/log/messages 

Jan 16 19:09:12 proxy2 Keepalived_vrrp[2320]: VRRP_Instance(VI_1) forcing a new MASTER election

Jan 16 19:09:12 proxy2 Keepalived_vrrp[2320]: VRRP_Instance(VI_1) forcing a new MASTER election

Jan 16 19:09:13 proxy2 Keepalived_vrrp[2320]: VRRP_Instance(VI_1) Transition to MASTER STATE

Jan 16 19:09:14 proxy2 Keepalived_vrrp[2320]: VRRP_Instance(VI_1) Entering MASTER STATE

Jan 16 19:09:14 proxy2 Keepalived_vrrp[2320]: VRRP_Instance(VI_1) setting protocol VIPs.

Jan 16 19:09:14 proxy2 Keepalived_healthcheckers[2319]: Netlink reflector reports IP 172.16.31.188 added

Jan 16 19:09:14 proxy2 Keepalived_vrrp[2320]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188

Jan 16 19:09:19 proxy2 Keepalived_vrrp[2320]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188



查看邮件:

主节点成为了备用节点了:

[root@proxy keepalived]# mail

Heirloom Mail version 12.4 7/29/08.  Type ? for help.

"/var/spool/mail/root": 4 messages 2 new 3 unread

 U  1 root                  Fri Jan 16 18:08  19/706   "proxy.stu31.com to be master: 172.16.31.188 floating"

    2 root                  Fri Jan 16 18:09  19/707   "proxy.stu31.com to be master: 172.16.31.188 floating"

>N  3 root                  Fri Jan 16 19:06  18/696   "proxy.stu31.com to be master: 172.16.31.188 floating"

 N  4 root                  Fri Jan 16 19:09  18/696   "proxy.stu31.com to be backup: 172.16.31.188 floating"

& 4

Message  4:

From root@proxy.stu31.com  Fri Jan 16 19:09:12 2015

Return-Path: <root@proxy.stu31.com>

X-Original-To: root@localhost

Delivered-To: root@localhost.stu31.com

Date: Fri, 16 Jan 2015 19:09:12 +0800

To: root@localhost.stu31.com

Subject: proxy.stu31.com to be backup: 172.16.31.188 floating

User-Agent: Heirloom mailx 12.4 7/29/08

Content-Type: text/plain; charset=us-ascii

From: root@proxy.stu31.com (root)

Status: R

2015-01-16 19:09:12: vrrp transition, proxy.stu31.com changed to be backup

& quit


备用节点成为了主节点了:

[root@proxy2 keepalived]# mail

Heirloom Mail version 12.4 7/29/08.  Type ? for help.

"/var/spool/mail/root": 5 messages 3 new 4 unread

 U  1 root                  Fri Jan 16 18:08  19/713   "proxy2.stu31.com to be backup: 172.16.31.188 floating"

    2 root                  Fri Jan 16 18:09  19/714   "proxy2.stu31.com to be backup: 172.16.31.188 floating"

>N  3 root                  Fri Jan 16 19:06  18/703   "proxy2.stu31.com to be backup: 172.16.31.188 floating"

 N  4 root                  Fri Jan 16 19:06  18/703   "proxy2.stu31.com to be backup: 172.16.31.188 floating"

 N  5 root                  Fri Jan 16 19:09  18/703   "proxy2.stu31.com to be master: 172.16.31.188 floating"

& 5

Message  5:

From root@proxy2.stu31.com  Fri Jan 16 19:09:14 2015

Return-Path: <root@proxy2.stu31.com>

X-Original-To: root@localhost

Delivered-To: root@localhost.stu31.com

Date: Fri, 16 Jan 2015 19:09:14 +0800

To: root@localhost.stu31.com

Subject: proxy2.stu31.com to be master: 172.16.31.188 floating

User-Agent: Heirloom mailx 12.4 7/29/08

Content-Type: text/plain; charset=us-ascii

From: root@proxy2.stu31.com (root)

Status: R

2015-01-16 19:09:14: vrrp transition, proxy2.stu31.com changed to be master

& quit


我们在查看一下nginx服务的启动状况:

主节点的nginx服务状态是停止的:

[root@proxy keepalived]# service nginx status

nginx is stopped


备用节点的nginx服务状态是启动的:

[root@proxy2 keepalived]# service nginx status

nginx (pid  2679) is running...



至此,基于nginx+keepalived构建主备负载均衡代理服务器的实验就完成了。




四.双主模式构建

两个keepalived节点互为主备节点的模式构建;

实例配置文件:


proxy节点:

[root@proxy keepalived]# cat keepalived.conf

global_defs {

   notification_email {    #通知邮件地址

     root@localhost

   }

   notification_email_from root@localhost

   smtp_server 127.0.0.1        #邮件服务器地址

   smtp_connect_timeout 30

   router_id LVS_DEVEL

}

#

vrrp_script chk_nginx {

        script "killall -0 nginx"    #服务探测,返回0说明服务是正常的

        interval 1    #每隔1秒探测一次

        weight -2      #nginx服务下线,权重减2

}

#

vrrp_instance VI_1 {        #双主实例1

    state MASTER            #proxy(172.16.31.52)为主,proxy2(172.16.31.53)为备

    interface eth0

    virtual_router_id 88    #实例1的VRID为88

    garp_master_delay 1

    priority 100            #主(172.16.31.52)的优先级为100,从的(172.16.31.52)优先级为99

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123456

    }

#

    virtual_ipaddress {

        172.16.31.88/16 dev eth0    #实例1的VIP

    }

    track_interface {

        eth0

    }

#

    track_script {        #脚本追踪

        chk_nginx

    }

    notify_master "/etc/keepalived/notify.sh master"

    notify_backup "/etc/keepalived/notify.sh backup"

    notify_fault "/etc/keepalived/notify.sh fault"

}

vrrp_instance VI_2 {

    state BACKUP        #实例2在proxy(172.16.31.52)上是备,在proxy2(172.16.31.53)上是主

    interface eth0

    virtual_router_id 188    #实例2的VRID是188

    garp_master_delay 1

    priority 200             #实例2在proxy上的优先级是200,在proxy2上的优先级是201

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123456

    }

#

    virtual_ipaddress {

        172.16.31.188/16 dev eth0    #实例2的VIP

    }

    track_interface {

        eth0

    }

    track_script {        #脚本追踪

        chk_nginx

    }

}


proxy2节点的配置文件:

[root@proxy2 keepalived]# cat keepalived.conf

global_defs {

   notification_email {    #通知邮件地址

     root@localhost

   }

   notification_email_from root@localhost

   smtp_server 127.0.0.1        #邮件服务器地址

   smtp_connect_timeout 30

   router_id LVS_DEVEL

}

#

vrrp_script chk_nginx {

        script "killall -0 nginx"    #服务探测,返回0说明服务是正常的

        interval 1    #每隔1秒探测一次

        weight -2      #nginx服务下线,权重减2

}

#

vrrp_instance VI_1 {        #双主实例1

    state BACKUP            #proxy(172.16.31.52)为主,proxy2(172.16.31.53)为备

    interface eth0

    virtual_router_id 88    #实例1的VRID为88

    garp_master_delay 1

    priority 99            #主(172.16.31.52)的优先级为100,从的(172.16.31.52)优先级为99

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123456

    }

#

    virtual_ipaddress {

        172.16.31.88/16 dev eth0    #实例1的VIP

    }

    track_interface {

        eth0

    }

#

    track_script {        #脚本追踪

        chk_nginx

    }

    notify_master "/etc/keepalived/notify.sh master"

    notify_backup "/etc/keepalived/notify.sh backup"

    notify_fault "/etc/keepalived/notify.sh fault"

}

vrrp_instance VI_2 {

    state MASTER        #实例2在proxy(172.16.31.52)上是备,在proxy2(172.16.31.53)上是主

    interface eth0

    virtual_router_id 188    #实例2的VRID是188

    garp_master_delay 1

    priority 201             #实例2在proxy上的优先级是200,在proxy2上的优先级是201

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123456

    }

#

    virtual_ipaddress {

        172.16.31.188/16 dev eth0    #实例2的VIP

    }

    track_interface {

        eth0

    }

    track_script {        #脚本追踪

        chk_nginx

    }

}



启动keepalived服务:

[root@proxy keepalived]# service keepalived start ; ssh proxy2 "service keepalived start"    

Starting keepalived:                                       [  OK  ]

Starting keepalived: [  OK  ]



查看启动日志:

从中发现该节点将本该属于proxy2节点的VIP抢占过来了,能proxy节点出现问题了;去查看一下:

[root@proxy keepalived]# tail -f /var/log/messages 

Jan 16 20:19:06 proxy Keepalived[25249]: Starting Keepalived v1.2.13 (10/15,2014)

Jan 16 20:19:06 proxy Keepalived[25251]: Starting Healthcheck child process, pid=25254

Jan 16 20:19:06 proxy Keepalived[25251]: Starting VRRP child process, pid=25255

Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: Netlink reflector reports IP 172.16.31.52 added

Jan 16 20:19:06 proxy Keepalived_healthcheckers[25254]: Netlink reflector reports IP 172.16.31.52 added

Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 added

Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: Registering Kernel netlink reflector

Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: Registering Kernel netlink command channel

Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: Registering gratuitous ARP shared channel

Jan 16 20:19:06 proxy Keepalived_healthcheckers[25254]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 added

Jan 16 20:19:06 proxy Keepalived_healthcheckers[25254]: Registering Kernel netlink reflector

Jan 16 20:19:06 proxy Keepalived_healthcheckers[25254]: Registering Kernel netlink command channel

Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 20:19:06 proxy Keepalived_healthcheckers[25254]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: Configuration is using : 72628 Bytes

Jan 16 20:19:06 proxy Keepalived_healthcheckers[25254]: Configuration is using : 7886 Bytes

Jan 16 20:19:06 proxy Keepalived_healthcheckers[25254]: Using LinkWatch kernel netlink reflector...

Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: Using LinkWatch kernel netlink reflector...

Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) Entering BACKUP STATE

Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]

Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: VRRP_Script(chk_nginx) succeeded

Jan 16 20:19:07 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_1) Transition to MASTER STATE

Jan 16 20:19:08 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_1) Entering MASTER STATE

Jan 16 20:19:08 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_1) setting protocol VIPs.

Jan 16 20:19:08 proxy Keepalived_healthcheckers[25254]: Netlink reflector reports IP 172.16.31.88 added

Jan 16 20:19:08 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.88

Jan 16 20:19:09 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.88

Jan 16 20:19:10 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) forcing a new MASTER election

Jan 16 20:19:10 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) forcing a new MASTER election

Jan 16 20:19:11 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) Transition to MASTER STATE

Jan 16 20:19:12 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) Entering MASTER STATE

Jan 16 20:19:12 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) setting protocol VIPs.

Jan 16 20:19:12 proxy Keepalived_healthcheckers[25254]: Netlink reflector reports IP 172.16.31.188 added



#查看proxy2节点的日志,发现nginx服务检查失败,可能nginx服务停止了,我们去启动nginx服务后在查看日志:

[root@proxy2 keepalived]# tail -f /var/log/messages 

Jan 16 20:19:06 proxy2 Keepalived[7034]: Starting Keepalived v1.2.13 (10/15,2014)

Jan 16 20:19:06 proxy2 Keepalived[7036]: Starting Healthcheck child process, pid=7038

Jan 16 20:19:06 proxy2 Keepalived[7036]: Starting VRRP child process, pid=7039

Jan 16 20:19:06 proxy2 Keepalived_vrrp[7039]: Netlink reflector reports IP 172.16.31.53 added

Jan 16 20:19:06 proxy2 Keepalived_vrrp[7039]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 added

Jan 16 20:19:06 proxy2 Keepalived_vrrp[7039]: Registering Kernel netlink reflector

Jan 16 20:19:06 proxy2 Keepalived_vrrp[7039]: Registering Kernel netlink command channel

Jan 16 20:19:06 proxy2 Keepalived_vrrp[7039]: Registering gratuitous ARP shared channel

Jan 16 20:19:07 proxy2 Keepalived_vrrp[7039]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 20:19:07 proxy2 Keepalived_healthcheckers[7038]: Netlink reflector reports IP 172.16.31.53 added

Jan 16 20:19:07 proxy2 Keepalived_healthcheckers[7038]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 added

Jan 16 20:19:07 proxy2 Keepalived_healthcheckers[7038]: Registering Kernel netlink reflector

Jan 16 20:19:07 proxy2 Keepalived_healthcheckers[7038]: Registering Kernel netlink command channel

Jan 16 20:19:07 proxy2 Keepalived_vrrp[7039]: Configuration is using : 72628 Bytes

Jan 16 20:19:07 proxy2 Keepalived_vrrp[7039]: Using LinkWatch kernel netlink reflector...

Jan 16 20:19:07 proxy2 Keepalived_healthcheckers[7038]: Opening file '/etc/keepalived/keepalived.conf'.

Jan 16 20:19:07 proxy2 Keepalived_healthcheckers[7038]: Configuration is using : 7886 Bytes

Jan 16 20:19:07 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_1) Entering BACKUP STATE

Jan 16 20:19:07 proxy2 Keepalived_vrrp[7039]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]

Jan 16 20:19:07 proxy2 Keepalived_healthcheckers[7038]: Using LinkWatch kernel netlink reflector...

Jan 16 20:19:07 proxy2 Keepalived_vrrp[7039]: VRRP_Script(chk_nginx) succeeded

Jan 16 20:19:08 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Transition to MASTER STATE

Jan 16 20:19:08 proxy2 Keepalived_vrrp[7039]: VRRP_Script(chk_nginx) failed

Jan 16 20:19:09 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Entering MASTER STATE

Jan 16 20:19:09 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) setting protocol VIPs.

Jan 16 20:19:09 proxy2 Keepalived_healthcheckers[7038]: Netlink reflector reports IP 172.16.31.188 added

Jan 16 20:19:09 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Sending gratuitous ARPs on eth0 for 172.16.31.188

Jan 16 20:19:10 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Sending gratuitous ARPs on eth0 for 172.16.31.188

Jan 16 20:19:10 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Received higher prio advert

Jan 16 20:19:10 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Entering BACKUP STATE

Jan 16 20:19:10 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) removing protocol VIPs.

Jan 16 20:19:10 proxy2 Keepalived_healthcheckers[7038]: Netlink reflector reports IP 172.16.31.188 removed


在proxy2节点启动nginx服务

[root@proxy2 keepalived]# service nginx status

nginx is stopped

[root@proxy2 keepalived]# service nginx start

Starting nginx:                                            [  OK  ]



观察两个节点的日志记录:

proxy节点将属于proxy2节点的VIP返还了:

[root@proxy keepalived]# tail -f /var/log/messages 

Jan 16 20:19:12 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) Sending gratuitous ARPs on eth0 for 172.16.31.188

Jan 16 20:19:13 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) Sending gratuitous ARPs on eth0 for 172.16.31.188

Jan 16 20:23:28 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) Received higher prio advert

Jan 16 20:23:28 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) Entering BACKUP STATE

Jan 16 20:23:28 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) removing protocol VIPs.

Jan 16 20:23:28 proxy Keepalived_healthcheckers[25254]: Netlink reflector reports IP 172.16.31.188 removed


proxy2节点的VIP设置成功:

[root@proxy2 keepalived]# tail -f /var/log/messages 

Jan 16 20:23:27 proxy2 Keepalived_vrrp[7039]: VRRP_Script(chk_nginx) succeeded

Jan 16 20:23:28 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) forcing a new MASTER election

Jan 16 20:23:28 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) forcing a new MASTER election

Jan 16 20:23:29 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Transition to MASTER STATE

Jan 16 20:23:30 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Entering MASTER STATE

Jan 16 20:23:30 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) setting protocol VIPs.

Jan 16 20:23:30 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Sending gratuitous ARPs on eth0 for 172.16.31.188

Jan 16 20:23:30 proxy2 Keepalived_healthcheckers[7038]: Netlink reflector reports IP 172.16.31.188 added

Jan 16 20:23:31 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Sending gratuitous ARPs on eth0 for 172.16.31.188


我们在DNS服务器中增加一个域名,对应的虚拟IP为172.16.31.88:

[root@proxy keepalived]# vim /var/named/stu31.com.zone 

$TTL 600

$ORIGIN stu31.com.

@       IN      SOA     ns1.stu31.com.  root.stu31.com. (

                        2014121801

                        1D

                        5M

                        1W

                        1H)

@       IN      NS      ns1.stu31.com.

ns1     IN      A       172.16.31.52

www     IN      A       172.16.31.188

www1    IN      A       172.16.31.88



重启named服务器后在客户端访问测试:

nginx+keepalived的高可用负载均衡集群构建

至此,nginx+keepalived的双主高可用负载均衡集群构建成功!



本文转自 dengaosky 51CTO博客,原文链接:http://blog.51cto.com/dengaosky/1965348,如需转载请自行联系原作者
上一篇:【Android 安装包优化】资源混淆 ( 资源混淆效果 | APK 构建流程简介 | 资源 ID 组成 )


下一篇:网站漏洞修复之CSRF跨站攻击