nginx + keepalived 雙機熱備

序

雙機熱備是指兩臺機器都在運行，但並不是兩臺機器同時在提供服務。
當提供服務的一臺出現故障的時候，另一臺會立刻自動接管而且提供服務，且切換的時間很是短。

keepalived的工做原理是VRRP——虛擬路由冗餘協議。

測試環境以下：

	ip	vip
master	192.168.174.135	192.168.174.140
backup	192.168.174.137	192.168.174.140

nginx

安裝

sudo apt-get install nginx 

查找配置文件位置

sudo find / -name nginx.conf
/etc/nginx/nginx.conf

修改配置文件（nginx.conf）

user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    server {
        listen 80 default_server;
        server_name test;
        charset utf-8;

        location / {
        root html;
        index index.html index.htm;
        proxy_set_header X-Real_IP $remote_addr;
        client_max_body_size 100m;
        }
    }
}

文件/usr/share/nginx/html/index.html

在192.168.174.135上加上  <h1>Welcome to nginx!  135  </h1>

在192.168.174.137上加上  <h1>Welcome to nginx!   ***137***   </h1>

啓動

sudo service nginx start  

關閉

sudo service nginx stop

keepalived

安裝

下載keepalived-1.2.19.tar.gz

tar –zxvf keepalived-1.2.19.tar.gz
cd keepalived-1.2.19
./configure --prefix=/usr/local/keepalived
make
sudo make install

期間可能出現問題：

!!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files. !!!

解決

sudo apt-get install libssl.dev

創建軟連接

sudo ln -s /usr/local/keepalived/sbin/keepalived /sbin/
sudo ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
sudo ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/

啓動

sudo keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf

關閉

sudo killall keepalived

配置（keepalived.conf）：

global_defs {
    router_id NODEA
}

vrrp_instance VI_1 {
    state MASTER 
    interface eth0        #監測網絡接口 
    virtual_router_id 50  #主、備必須同樣  
    priority 100          #優先級：主＞備
    advert_int 1
    authentication {
        auth_type PASS #VRRP認證，主備一致
        auth_pass 1111  #密碼
}

virtual_ipaddress {
        192.168.174.140/24 #VRRP HA虛擬地址
    }
}

備用節點的配置

global_defs {
   router_id NODEB
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 50
    priority 90 
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }

 virtual_ipaddress {
    192.168.174.140/24
    }
}

測試

雙擊熱備

兩臺機子均啓動nginx和keepalived，瀏覽器各自訪問

瀏覽器訪問：http://192.168.174.140/，顯示的是MASTER的頁面。

一樣用ip appr能夠驗證：

135機器：

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

    link/ether 00:0c:29:39:d4:88 brd ff:ff:ff:ff:ff:ff

    inet 192.168.174.135/24 brd 192.168.174.255 scope global eth0

       valid_lft forever preferred_lft forever

    inet 192.168.174.140/24 scope global secondary eth0

       valid_lft forever preferred_lft forever

    inet6 fe80::20c:29ff:fe39:d488/64 scope link

       valid_lft forever preferred_lft forever

137機器：

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000

    link/ether 00:0c:29:cf:23:62 brd ff:ff:ff:ff:ff:ff

    inet 192.168.174.137/24 brd 192.168.174.255 scope global eth0

       valid_lft forever preferred_lft forever

    inet6 fe80::20c:29ff:fecf:2362/64 scope link

       valid_lft forever preferred_lft forever

 

如今關閉135機器的keepalived。

但當nginx宕掉或整個機子宕機後，這種狀況不行了——經過瀏覽器訪問192.168.174.140訪問不到資源。

nginx宕掉/機器宕掉熱備

爲了解決上一問題，能夠利用腳本，當檢測到nginx進程宕掉後，自動關閉keepalived進程，從而實現熱備份。

主節點的配置

global_defs {
    router_id NODEA
}

vrrp_script chk_http_port {
    script "/home/jimite/keepalived/chk_nginx_pid.sh"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state MASTER 
    interface eth0
    virtual_router_id 50
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    track_script {
        chk_http_port
    }
    virtual_ipaddress {
        192.168.174.140/24
    }
}

備用節點的配置

global_defs {
   router_id NODEB
}

vrrp_script chk_http_port {
    script "/home/jihite/keepalived/chk_nginx_pid.sh"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 50
    priority 90 
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
   track_script {
       chk_http_port
   }

    virtual_ipaddress {
    192.168.174.140/24
    }
}

其中/home/jimite/keepalived/chk_nginx_pid.sh爲

#!/bin/bash
A=`ps -C nginx --no-header |wc -l`
if [ $A -eq 0 ]
then
    echo 'nginx server is died'
    sudo killall keepalived
fi

問題：殺死keepalived進程後，能夠實現vip的偏移，可是原機器的vip沒法自動刪除

緣由：VRRP協議原理是：只有MASTER對外發送消息。各BACKUP接受消息，當接受不到消息時會在剩下的BACKUP機器中選出新的MASTER。

以前用kill -9 pid 或killall pid殺死keepalived進程，致使安裝keepalived不能發送信息，BACKUP收不到信息升級爲MASTER，可是因爲進程被殺死【非正常關閉】，致使keepalived 沒有能力本身刪除 vip。

解決方案：關閉keepalived時用命令

       service keepalived stop  或   kill -15 pid（注：只刪除第一個進程號）

存在問題：

       非正常關閉keepalived。 禁止使用kill -9  或killall殺死keepalived。