雙機熱備是指兩臺機器都在運行,但並非兩臺機器同時在提供服務。
當提供服務的一臺出現故障的時候,另外一臺會馬上自動接管並且提供服務,且切換的時間非常短。
keepalived的工作原理是VRRP——虛擬路由冗餘協議。
測試環境如下:
ip
vip
master
192.168.174.135
192.168.174.140
backup
192.168.174.137
192.168.174.140
回到頂部
nginx
安裝
sudo apt-get install nginx
查找配置文件位置
sudo find / -name nginx.conf
/etc/nginx/nginx.conf
修改配置文件(nginx.conf)
複製代碼
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
server {
listen 80 default_server;
server_name test;
charset utf-8;
location / {
root html;
index index.html index.htm;
proxy_set_header X-Real_IP $remote_addr;
client_max_body_size 100m;
}
}
}
複製代碼
文件/usr/share/nginx/html/index.html
在192.168.174.135上加上 <h1>Welcome to nginx! 135 </h1>
在192.168.174.137上加上 <h1>Welcome to nginx! 137 </h1>
啓動
sudo service nginx start
關閉
sudo service nginx stop
回到頂部
keepalived
安裝
下載keepalived-1.2.19.tar.gz
tar –zxvf keepalived-1.2.19.tar.gz
cd keepalived-1.2.19
./configure --prefix=/usr/local/keepalived
make
sudo make install
期間可能出現問題:
!!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files. !!!
解決
sudo apt-get install libssl.dev
建立軟鏈接
sudo ln -s /usr/local/keepalived/sbin/keepalived /sbin/
sudo ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
sudo ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
啓動
sudo keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
關閉
sudo killall keepalived
配置(keepalived.conf):
複製代碼
global_defs {
router_id NODEA
}
vrrp_instance VI_1 {
state MASTER
interface eth0 #監測網絡接口
virtual_router_id 50 #主、備必須一樣
priority 100 #優先級:主>備
advert_int 1
authentication {
auth_type PASS #VRRP認證,主備一致
auth_pass 1111 #密碼
}
virtual_ipaddress {
192.168.174.140/24 #VRRP HA虛擬地址
}
}
複製代碼
備用節點的配置
複製代碼
global_defs {
router_id NODEB
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.174.140/24
}
}
複製代碼
回到頂部
測試
雙擊熱備
兩臺機子均啓動nginx和keepalived,瀏覽器各自訪問
瀏覽器訪問:http://192.168.174.140/,顯示的是MASTER的頁面。
同樣用ip appr可以驗證:
135機器:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:39:d4:88 brd ff:ff:ff:ff:ff:ff
inet 192.168.174.135/24 brd 192.168.174.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.174.140/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe39:d488/64 scope link
valid_lft forever preferred_lft forever
137機器:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 00:0c:29:cf:23:62 brd ff:ff:ff:ff:ff:ff
inet 192.168.174.137/24 brd 192.168.174.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fecf:2362/64 scope link
valid_lft forever preferred_lft forever
現在關閉135機器的keepalived。
但當nginx宕掉或整個機子宕機後,這種情況不行了——通過瀏覽器訪問192.168.174.140訪問不到資源。
nginx宕掉/機器宕掉熱備
爲了解決上一問題,可以利用腳本,當檢測到nginx進程宕掉後,自動關閉keepalived進程,從而實現熱備份。
主節點的配置
複製代碼
global_defs {
router_id NODEA
}
vrrp_script chk_http_port {
script "/home/jimite/keepalived/chk_nginx_pid.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_http_port
}
virtual_ipaddress {
192.168.174.140/24
}
}
複製代碼
備用節點的配置
複製代碼
global_defs {
router_id NODEB
}
vrrp_script chk_http_port {
script "/home/jihite/keepalived/chk_nginx_pid.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_http_port
}
virtual_ipaddress {
192.168.174.140/24
}
}
複製代碼
其中/home/jimite/keepalived/chk_nginx_pid.sh爲
複製代碼
#!/bin/bash
A=ps -C nginx --no-header |wc -l
if [ $A -eq 0 ]
then
echo 'nginx server is died'
sudo killall keepalived
fi
問題:殺死keepalived進程後,可以實現vip的偏移,但是原機器的vip無法自動刪除
原因:VRRP協議原理是:只有MASTER對外發送消息。各BACKUP接受消息,當接受不到消息時會在剩下的BACKUP機器中選出新的MASTER。
之前用kill -9 pid 或killall pid殺死keepalived進程,導致安裝keepalived不能發送信息,BACKUP收不到信息升級爲MASTER,但是由於進程被殺死【非正常關閉】,導致keepalived沒有能力自己刪除vip。
解決方案:關閉keepalived時用命令
service keepalived stop 或 kill -15 pid(注:只刪除第一個進程號)
存在問題:
非正常關閉keepalived。 禁止使用kill -9 或killall殺死keepalived。