之前有做過lvs+keepalived來實(shí)現(xiàn)高可用。可是現(xiàn)在nginx已經(jīng)用到了很多公司的web服務(wù)器上,并且也表現(xiàn)出優(yōu)良的性能。
那么在架構(gòu)中,nginx放在前端用作負(fù)載均衡和處理靜態(tài)頁面以及緩存,是一個(gè)很重要的位置,必須要保證nginx服務(wù)器的高可用,
今天簡單介紹下用nginx+keepalived來實(shí)現(xiàn)nginx服務(wù)器的高可用,即實(shí)現(xiàn)故障自動(dòng)切換。
環(huán)境:
主nginx服務(wù)器:192.168.2.117
備nginx服務(wù)器:192.168.0.170
VIP:192.168.2.114
nginx服務(wù)器的安裝和配置在此不做介紹,不會(huì)的話可以參考:
http://www.linuxyan.com/web-server/6.html
1、keepalived安裝(在主和備2臺(tái)nginx服務(wù)器上都安裝)
wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz
tar xzf keepalived-1.2.2.tar.gz
cd keepalived-1.2.2
./configure –prefix=/usr/local/keepalived
make && make install
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
chmod +x /etc/init.d/keepalived
mkdir /etc/keepalived
ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/
然后對(duì)主nginx服務(wù)器的keepalived進(jìn)行配置
vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {
admin@centos.bz #接收警報(bào)的email地址,可以添加多個(gè)
}
notification_email_from keepalived@domain.com ###發(fā)件人地址
smtp_server 127.0.0.1 ###發(fā)送郵件的服務(wù)器
smtp_connect_timeout 30 ###超時(shí)時(shí)間
router_id LVS_DEVEL ####load balancer 的標(biāo)識(shí) ID,用于email警報(bào)
}
vrrp_script chk_http_port {
script “/opt/nginx_pid.sh” ####檢測nginx狀態(tài)的腳本路徑
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER ############ 輔機(jī)為 BACKUP
interface eth0 ####HA 監(jiān)測網(wǎng)絡(luò)接口
virtual_router_id 51 #主、備機(jī)的 virtual_router_id 必須相同
mcast_src_ip 192.168.2.117 ###本機(jī)IP地址
priority 102 ########### 權(quán)值要比 back 高
advert_int 1 #主備之間的通告間隔秒數(shù)
authentication {
auth_type PASS ###主備切換時(shí)的驗(yàn)證
auth_pass 1111
}
track_script {
chk_http_port ### 執(zhí)行監(jiān)控的服務(wù)
}
virtual_ipaddress {
192.168.2.114 ####vip的地址
}
}
備nginx服務(wù)器上配置
global_defs {
notification_email {
admin@centos.bz
}
notification_email_from keepalived@domain.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script “/opt/nginx_pid.sh” ##檢測nginx狀態(tài)的腳本
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51 #### 保持主從服務(wù)器一致
mcast_src_ip 192.168.0.170 ###本機(jī)的IP地址
priority 101 ##########權(quán)值 要比 master 低。。
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_http_port ### 執(zhí)行監(jiān)控的服務(wù)
}
virtual_ipaddress {
192.168.2.114 ###vip的地址
}
}
之后分別在主從服務(wù)器建立nginx的監(jiān)控腳本:
vi /opt/nginx_pid.sh
#!/bin/bash
A=`ps -C nginx –no-header |wc -l`
if [ $A -eq 0 ];then
/usr/local/nginx/sbin/nginx ##這個(gè)地方寫你nginx命令的路徑
sleep 3
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived
fi
fi
配置好之后,分別在2臺(tái)服務(wù)器上啟動(dòng)nginx和keepalived
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
/etc/init.d/keepalived start
在主nginx服務(wù)器上執(zhí)行ip a
[root@localhost ~]# ip a
1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:58:58:5f brd ff:ff:ff:ff:ff:ff
inet 192.168.2.117/22 brd 192.168.3.255 scope global eth0
inet 192.168.2.114/32 scope global eth0
inet6 fe80::20c:29ff:fe58:585f/64 scope link
valid_lft forever preferred_lft forever
3: sit0: mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
可以看到2.114這個(gè)vip已經(jīng)綁定在主nginx服務(wù)器上了,這個(gè)時(shí)候把nginx停掉
[root@localhost ~]# killall nginx
[root@localhost ~]# ps aux |grep nginx
root 9175 0.0 0.3 43268 916 ? Ss 05:45 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 9176 0.0 0.5 43648 1468 ? S 05:45 0:00 nginx: worker process
root 9187 0.0 0.2 61180 716 pts/0 R+ 05:45 0:00 grep nginx
額額,,,怎么停不掉,,,,
注意看監(jiān)控nginx的腳本,當(dāng)腳本檢測到nginx沒有運(yùn)行的時(shí)候,會(huì)嘗試啟動(dòng)一次,如果啟動(dòng)成功,則不轉(zhuǎn)移vip。如果啟動(dòng)失敗,則把keepalived停掉,從機(jī)的keepalived會(huì)把vip綁定到備nginx服務(wù)器上,這個(gè)時(shí)候就是備nginx的服務(wù)器在提供服務(wù)了。
為了看下效果,暫且把這個(gè)腳本修改一下,不讓他嘗試啟動(dòng)nginx服務(wù)
這個(gè)時(shí)候把nginx服務(wù)停掉,我們用ip a來看下vip是否還在主nginx服務(wù)器上綁定著
[root@localhost ~]# ip a
1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:58:58:5f brd ff:ff:ff:ff:ff:ff
inet 192.168.2.117/22 brd 192.168.3.255 scope global eth0
inet6 fe80::20c:29ff:fe58:585f/64 scope link
valid_lft forever preferred_lft forever
3: sit0: mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
可以看到已經(jīng)沒有vip這個(gè)地址了
去看備nginx服務(wù)器上看vip是否綁定在了上面
[root@localhost etc]# ip a
1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:34:cc:f9 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.170/22 brd 192.168.1.255 scope global eth0
inet 192.168.2.114/32 scope global eth0
inet6 fe80::20c:29ff:fe34:ccf9/64 scope link
valid_lft forever preferred_lft forever
3: sit0: mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
ok,可以看到vip已經(jīng)綁定在備nginx服務(wù)器上了。