linux上keepalived+nginx實現高可用web負載均衡 · 那些年踩過的坑

一、場景需求 ![](https://upload-images.jianshu.io/upload_images/6954572-d5a8885e69130d98?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240) 二、Keepalived 簡要介紹 Keepalived 是一種高性能的服務器高可用或熱備解決方案，Keepalived 可以用來防止服務器單點故障的發生，通過配合 Nginx 可以實現 web 前端服務的高可用。 Keepalived 以 VRRP 協議為實現基礎，用 VRRP 協議來實現高可用性(HA)。VRRP(VirtualRouter Redundancy Protocol)協議是用于實現路由器冗余的協議，VRRP 協議將兩臺或多臺路由器設備虛擬成一個設備，對外提供虛擬路由器 IP(一個或多個)，而在路由器組內部，如果實際擁有這個對外 IP 的路由器如果工作正常的話就是 MASTER，或者是通過[算法](http://lib.csdn.net/base/31)選舉產生，MASTER 實現針對虛擬路由器 IP 的各種網絡功能，如 ARP 請求，ICMP，以及數據的轉發等；其他設備不擁有該虛擬 IP，狀態是 BACKUP，除了接收 MASTER 的VRRP 狀態通告信息外，不執行對外的網絡功能。當主機失效時，BACKUP 將接管原先 MASTER 的網絡功能。VRRP 協議使用多播數據來傳輸 VRRP 數據，VRRP 數據使用特殊的虛擬源 MAC 地址發送數據而不是自身網卡的 MAC 地址，VRRP 運行時只有 MASTER 路由器定時發送 VRRP 通告信息，表示 MASTER 工作正常以及虛擬路由器 IP(組)，BACKUP 只接收 VRRP 數據，不發送數據，如果一定時間內沒有接收到 MASTER 的通告信息，各 BACKUP 將宣告自己成為 MASTER，發送通告信息，重新進行 MASTER 選舉狀態。 ![](https://upload-images.jianshu.io/upload_images/6954572-62a4ef16c8218c94?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240) 三、方案規劃 ![](https://upload-images.jianshu.io/upload_images/6954572-979ad74c9330acb2?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240) 四、安裝 Nginx 1、安裝編譯?Nginx 所需的依賴包 Connecting to 192.168.1.121:22... Connection established. To escape to local shell, press 'Ctrl+Alt+\]'. Last login: Sat Apr 16 17:55:20 2016 from 192.168.1.61 \[root@edu-proxy--01 ~\]#?yum install gcc gcc-c++ make automake autoconf libtool pcre pcre-devel zlib zlib-devel openssl openssl-devel 2、上傳?Nginx(nginx-1.6.2.tar.gz)到?/usr/local/src?目錄 ![](https://upload-images.jianshu.io/upload_images/6954572-65b1e190a9a5a3c1?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240) 3、編譯安裝?Nginx \[root@edu-proxy--01 ~\]#?cd /usr/local/src/ \[root@edu-proxy--01 src\]# ls keepalived-1.2.18.tar.gz ?nginx-1.6.2.tar.gz \[root@edu-proxy--01 src\]# tar -zxvf nginx-1.6.2.tar.gz \[root@edu-proxy--01 src\]# cd nginx-1.6.2 \[root@edu-proxy--01 nginx-1.6.2\]#?./configure --prefix=/usr/local/nginx \[root@edu-proxy--01 nginx-1.6.2\]#?make && make install \[root@edu-proxy--01 nginx-1.6.2\]#?vi /usr/local/nginx/conf/nginx.conf user ?root; worker\_processes ?1; #error\_log ?logs/error.log; #error\_log ?logs/error.log ?notice; #error\_log ?logs/error.log ?info; #pid ? ? ? ?logs/nginx.pid; events { worker\_connections ?1024; } http { include ? ? ? mime.types; default\_type ?application/octet-stream; #log\_format ?main ?'$remote\_addr - $remote\_user \[$time\_local\] "$request" ' \# ? ? ? ? ? ? ? ? ?'$status $body\_bytes\_sent "$http\_referer" ' \# ? ? ? ? ? ? ? ? ?'"$http\_user\_agent" "$http\_x\_forwarded\_for"'; #access\_log ?logs/access.log ?main; sendfile ? ? ? ?on; #tcp\_nopush ? ? on; #keepalive\_timeout ?0; keepalive\_timeout ?65; #gzip ?on; server { listen ? ? ? 88; server\_name ?localhost; #charset koi8-r; #access\_log ?logs/host.access.log ?main; location / { root ? html; index ?index.html index.htm; } #error\_page ?404 ? ? ? ? ? ? ?/404.html; \# redirect server error pages to the static page /50x.html error\_page ? 500 502 503 504 ?/50x.html; location = /50x.html { root ? html; } } } 修改 Nginx?歡迎首頁內容（用于后面[測試](http://lib.csdn.net/base/softwaretest)，用于區分兩個節點的 Nginx）： vi /usr/local/nginx/html/index.html 192.168.1.121 中的標題加?1 [Welcome to nginx!?1](https://www.jianshu.com/writer) 192.168.1.122 中的標題加?2 [Welcome to nginx!?2](https://www.jianshu.com/writer) 5、系統防火墻打開對應的端口?88 vi /etc/sysconfig/iptables \-A INPUT -m state --state NEW -m tcp -p tcp --dport?88?-j ACCEPT service iptables restart 6、測試?Nginx 是否安裝成功 /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful 7、啟動?Nginx /usr/local/nginx/sbin/nginx 重啟 /usr/local/nginx/sbin/nginx -s reload 8、設置?Nginx 開機啟動 vi /etc/rc.local 加入 /usr/local/nginx/sbin/nginx 分別訪問兩個nginx nginx1 ![](https://upload-images.jianshu.io/upload_images/6954572-dcb19348c3c66c34?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240) 2.nginx2 ![](https://upload-images.jianshu.io/upload_images/6954572-400dff562bc7530d?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240) 五、安裝 Keepalived?（[http://www.keepalived.org/download.html](http://www.keepalived.org/download.html)） 1、上傳或下載?keepalived（keepalived-1.2.18.tar.gz）到?/usr/local/src?目錄 2、解壓安裝 cd /usr/local/src tar -zxvf keepalived-1.2.18.tar.gz cd keepalived-1.2.18 ./configure --prefix=/usr/local/keepalived make && make install 3、將?keepalived 安裝成[Linux](http://lib.csdn.net/base/linux)系統服務：因為沒有使用 keepalived?的默認路徑安裝（默認是/usr/local）,安裝完成之后，需要做一些工作復制默認配置文件到默認路徑 mkdir /etc/keepalived cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ 復制 keepalived?服務腳本到默認的地址 cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ ln -s /usr/local/sbin/keepalived /usr/sbin/ ln -s /usr/local/keepalived/sbin/keepalived /sbin/ 設置 keepalived?服務開機啟動 chkconfig keepalived on 4、修改?Keepalived 配置文件注意，如果linux用的網卡是eth0,interface就要寫成eth1，用的是eth1就要寫成eth1 (1) MASTER 節點配置文件（192.168.1.121） vi /etc/keepalived/keepalived.conf ! Configuration File for keepalived global\_defs { router\_id edu-proxy-01 } vrrp\_script chk\_nginx { script "/etc/keepalived/nginx\_check.sh" interval 2 weight -20 } vrrp\_instance VI\_1 { state MASTER interface eth0 virtual\_router\_id 51 mcast\_src\_ip?192.168.1.121 priority 100 nopreempt advert\_int 1 authentication { auth\_type PASS auth\_pass 1111 } track\_script { chk\_nginx } virtual\_ipaddress { 192.168.1.120 } BACKUP節點配置（192.168.1.122） ! Configuration File for keepalived global\_defs { router\_id edu-proxy-02 } vrrp\_script chk\_nginx { script "/etc/keepalived/nginx\_check.sh" interval 2 weight -20 } vrrp\_instance VI\_1 { state BACKUP interface eth0 virtual\_router\_id 51 mcast\_src\_ip?192.168.1.122 priority 90 advert\_int 1 authentication { auth\_type PASS auth\_pass 1111 } track\_script { chk\_nginx } virtual\_ipaddress { 192.168.1.120 } } 5.編寫Nginx狀態檢測腳本/etc/keepalived/nginx\_check.sh(keepalived.conf中配置) 腳本要求:如果nginx停止運行，嘗試啟動，如果無法啟動則殺死本機的keepalived進程，keepaied將虛擬ip綁定到BACKUP機器上，內容如下 #!/bin/bash A=`ps -C nginx –no-header |wc -l` if \[ $A -eq 0 \];then /usr/local/nginx/sbin/nginx sleep 2 if \[ `ps -C nginx --no-header |wc -l` -eq 0 \];then killall keepalived fi fi 保存后給腳本授鄧權限 chmod -x /etc/keepalived/nginx\_check.sh 6.啟動keepalived serivce keepalived start 我們在cmd中查看arp ![](https://upload-images.jianshu.io/upload_images/6954572-f93072c4202e7808?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240) 在edu-proxy-01 \[root@edu-proxy--01 keepalived\]# ip add ![](https://upload-images.jianshu.io/upload_images/6954572-53d6d0b4f3b98084?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240) 這里我們訪問192.168.1.120:88 ![](https://upload-images.jianshu.io/upload_images/6954572-3ae4e6d25fdd43c6?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240) 7.Keepalived+nginx的高可用測試 (1)關閉192.168.1.121的Nginx,Keepalived會將它重新啟動 \[root@edu-proxy--01 keepalived\]# /usr/local/nginx/sbin/nginx -s stop (2)關閉192.168.1.121中的Keepalived,VIP會切換到192.168.1.122中 \[root@edu-proxy--01 keepalived\]#?service keepalived stop root@edu-proxy-02 keepalived\]#?ip add ![](https://upload-images.jianshu.io/upload_images/6954572-4a0a087a2cb5ec88?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240) 查看虛擬ip ![](https://upload-images.jianshu.io/upload_images/6954572-0e9c4312f921bb7e?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240) 說明此時VIP已經漂移到主機192.168.1.122上了再能過VIP來訪問Nginx集群，訪問到的也是192.168.1.122 ![](https://upload-images.jianshu.io/upload_images/6954572-f0877ec8bfd77669?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240) (3)重新啟動192.168.1.121中的Keepalived,VIP又會切回到192.168.1.121中來 \[root@edu-proxy--01 keepalived\]# service keepalived start 查看虛擬機IP ![](https://upload-images.jianshu.io/upload_images/6954572-c74055aa3e4f634c?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240) ip add ![](https://upload-images.jianshu.io/upload_images/6954572-d82bd57b2bf47805?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240) Keepalived啟動后，網絡接口上又會創建出VIP192.168.1.120 ![](https://upload-images.jianshu.io/upload_images/6954572-6b9d46dabe068f3f?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240) Keepalived服務管理命令: 停止: service keepalived stop 啟動: service keepalived start 重啟: service keepalived restart 查看狀態: service keepalived status 其他參考資料: keepalived之vrrp\_script總結:http://my.oschina[.NET](http://lib.csdn.net/base/dotnet)/hncscwc/blog/158746 keepalived雙機熱備實現故障時發送郵件通知:http://www.2cto.com/os/201407/317795.html 基于keepalived實現VIP轉移，lvs,nginx的高可用;:[http://www.tuicool.com/articles/eu26Vz](http://www.tuicool.com/articles/eu26Vz)