一、環境規劃
操作系統:CentOS6.5 x86_64
內核版本:2.6.32-504.el6.x86_64
Nginx版本:nginx-1.8.0-1.el6.ngx.x86_64
Keepalived版本:keepalived-1.2.19
前端雙Nginx+Keepalived,Nginx反向代理到後端tomcat集羣實現負載均衡,Keepalived實現集羣高可用,主nginx故障後虛擬IP自動漂移到備nginx。
主nginx:192.168.60.48
備nginx:192.168.60.49
虛擬IP:192.168.60.50
後端tomcat集羣:192.168.60.51、192.168.60.52、192.168.60.53
後端每個主機都開啓兩個端口提供業務:16915、16916
二、安裝
前端兩臺主機分別安裝nginx和keepalived。
1)編譯安裝keepalived
# 安裝依賴 yum install kernel-* gcc make openssl-* # 下載keepalived-1.2.19.tar.gz wget http://www.keepalived.org/software/keepalived-1.2.19.tar.gz # 解壓 tar xvzf keepalived-1.2.19.tar.gz cd keepalived-1.2.19 # 配置 ./configure --sysconfdir=/etc --with-kernel-dir=/usr/src/kernels/2.6.32-504.el6.x86_64 # 編譯並安裝 make && make install # 查看keepalived版本,驗證安裝成功 keepalived -v # 設置開機自啓動 chkconfig keepalived on
注:用yum也可安裝keepalived,不過版本要低一些。
2)RPM包安裝Nginx
官方nginx yum源:
[nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ enabled=1 gpgcheck=0
yum源設置好後直接安裝即可:
yum install nginx chkconfig nginx on
三、配置
1)前端兩臺主機nginx的配置完全一樣
# vim /etc/nginx/conf.d/upstream.conf upstream tomcatclu_16915 { server 192.168.60.51:16915; server 192.168.60.52:16915; server 192.168.60.53:16915; ip_hash; } upstream tomcatclu_16916 { server 192.168.60.51:16916; server 192.168.60.52:16916; server 192.168.60.53:16916; ip_hash; } # vim /etc/nginx/conf.d/server.conf server { listen 16915; server_name _; location / { proxy_pass http://tomcatclu_16915; } location /nginx_status{ stub_status on; access_log off; allow 127.0.0.1; # 要允許公司ip訪問nginx status allow 192.168.252.0/24; deny all; } } server { listen 16916; server_name _; location / { proxy_pass http://tomcatclu_16916; } location /nginx_status{ stub_status on; access_log off; allow 127.0.0.1; # 要允許公司ip訪問nginx status allow 192.168.252.0/24; deny all; } }
2)nginx_master的keepalived配置
[root@nginx_master ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id nginx-ha1 } vrrp_script check_nginx { # 檢查nginx狀態的腳本,文章後面給出 script "/data/script/check_nginx.sh" # 執行間隔2秒 interval 2 } vrrp_instance VI_1 { # 兩臺主機都是BACKUP state BACKUP interface eth0 # 同一keepalived集羣的virtual_router_id 必須相同,默認51 virtual_router_id 55 # 主的優先級高 priority 100 advert_int 1 # 不搶佔:如果集羣裏已存在MASTER狀態的主機,即使優先級高於MASTER也不搶佔爲MASTER。只在優先級高的主機上設置即可。 nopreempt authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { # 虛擬IP 192.168.60.50 } track_script { check_nginx } }
3)nginx_slave的keepalived配置
[root@nginx_slave ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id nginx-ha2 } vrrp_script check_nginx { script "/data/script/check_nginx.sh" interval 2 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 55 # 備的優先級低 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.60.50 } track_script { check_nginx } }
4)防火牆設置
# iptables放行組播地址流量: iptables -I INPUT -d 224.0.0.18 -j ACCEPT service iptables save
VRRP報文是通過IP多播形式發送的,組播地址224.0.0.18是VRRP報文的目的地址。
本實驗裏,兩個主機都是BACKUP,如果同時啓動keepalived,VRRP協議通過競選使優先級高的主機做爲MASTER。如果防火牆沒有允許VRRP報文通過的話,兩個BACKUP都會成爲MASTER,你會發現兩個主機都啓動了虛擬IP。
5)部署nginx狀態檢查腳本check_nginx.sh
/data/script/check_nginx.sh檢查腳本內容如下:
#!/bin/bash # check nginx server status # http://qicheng0211.blog.51cto.com # nginx端口 PORTS="16915 16916" function check_ports { for port in $PORTS;do nc -z 127.0.0.1 $port | grep -q succeeded [ "${PIPESTATUS[1]}" -eq 0 ] && mark=${mark}1 done # 如果mark值爲空說明兩個端口都不通。 # 如果mark等於1,說明有一個端口是通的。 # 如果mark等於11,說明兩個端口都是通的。 echo $mark } ret1=$(check_ports) # 如果nginx端口不通,會嘗試重啓一次nginx if [ "$ret1" != 11 ];then /sbin/service nginx stop /sbin/service nginx start sleep 1 ret2=$(check_ports) # 如果還是有端口不通,表示nginx服務不正常,則停掉keepalived,使VIP發生切換 [ "$ret2" != 11 ] && /etc/init.d/keepalived stop fi
大家根據自個的環境編寫nginx狀態檢查腳本,不一定要照搬。
給腳本設置可執行權限:
chmod +x /data/script/check_nginx.sh
補充一點:如果nginx恢復正常後,keepalived不能自動啓動,需要編寫一個腳本完成這項工作:判斷nginx正常後,拉起keepalived。腳本放到cron裏每分鐘執行。
6)開啓keepalived的日誌
編輯/etc/sysconfig/keepalived:
KEEPALIVED_OPTIONS="-D -d -S 0"
編輯/etc/rsyslog.conf:
# 配置文件最後面加上下面一行 local0.* /var/log/keepalived.log
重啓rsyslog:
service rsyslog restart
按上面配置後,keepalived會把日誌記錄到/var/log/keepalived.log。
7)啓動服務
# 先檢查nginx配置文件正確性 nginx -t # 啓動nginx服務 service nginx start # 同時啓動keepalived服務 service keepalived start # 過一會查看虛擬IP是否在nginx_master主機上 ip a
四、驗證
nginx_master和nginx_slave同時啓動keepalived,觀察日誌/var/log/keepalived.log,你會發現nginx_master搶佔爲MASTER,綁定了虛擬IP192.168.60.50。
nginx_master:
nginx_slave:
我們在同網段的其他機器上去arping一下虛擬IP的MAC,發現是nginx_master eth0的mac:
下面我們把nginx_master的keepalived服務停掉或者重啓系統,同時不斷的ping虛擬IP。經過一個請求超時的間隔,虛擬IP會漂移到nginx_slave上面:
nginx_slave:
我們再去arping一下虛擬IP的MAC,發現變成了nginx_slave eth0的mac:
查看nginx_slave的日誌keepalived.log,nginx_slave在成爲MASTER的同時發送了免費ARP(gratuitous ARP),更新了以太網鄰居的ARP快速緩存:
VRRP_Instance(VI_1) Entering MASTER STATE VRRP_Instance(VI_1) setting protocol VIPs. VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.60.50
最後把nginx_master的keepalived服務開啓,虛擬IP並沒有漂移回到nginx_master,這是因爲nginx_master開啓了不搶佔模式,即使優先級高,也不會搶佔MASTER。