实验架构图:

实验环境

Nginx和Keepalived原理介绍

参考博客:http://467754239.blog.51cto.com/4878013/1541421

1、nginx

Nginx进程基于于Master+Slave(worker)多进程模型,自身具有非常稳定的子进程管理功能。在Master进程分配模式下,Master进程永远不进行业务处理,只是进行任务分发,

从而达到Master进程的存活高可靠性,Slave(worker)进程所有的业务信号都 由主进程发出,Slave(worker)进程所有的超时任务都会被Master中止,属于非阻塞式任务模型。

2、keepalived

Keepalived是Linux下面实现VRRP 备份路由的高可靠性运行件。基于Keepalived设计的服务模式能够真正做到主服务器和备份服务器故障时IP瞬间无缝交接,作用:

主要用作RealServer的健康状态检查以及LoadBalance主机和BackUP主机之间failover的实现

3、单点故障

Nginx有很强代理功能,但是一台nginx就形成了单点,现在使用keepalived来解决这个问题,keepalived的故障转移时间很短.

Nginx+keepalived双机实现nginx反向代理服务的高可用,一台nginx挂掉之后不影响应用也不影响内网访问外网.

4、此架构需要考虑的问题

1) Master没挂,则Master占有vip且nginx运行在Master上

2) Master挂了,则backup抢占vip且在backup上运行nginx服务

3) 如果master服务器上的nginx服务挂了,则vip资源转移到backup服务器上

4) 检测后端服务器的健康状态

5、叙述

Master和Backup两边都开启nginx服务,无论Master还是Backup,当其中的一个keepalived服务停止后,vip都会漂移到keepalived服务还在的节点上,

如果要想使nginx服务挂了,vip也漂移到另一个节点,则必须用脚本或者在配置文件里面用shell命令来控制。

首先必须明确后端服务器的健康状态检测keepalived在这种架构上是无法检测的,后端服务器的健康状态检测是有nginx来判断的,但是nginx的检测机制有一定的缺陷,后端服务器某一个宕机之后,nginx还是会分发请求给它,在一定的时间内后端服务响应不了,nginx则会发给另外一个服务器,然后当客户的请求来了,nginx会一段时间内不会把请求分发给已经宕机的服务器,但是过一段时间后,nginx还是会把分发请求发给宕机的服务器上。

实验实现:

HA高可用集群构建前提:

1.proxy和proxy2节点时间必须同步;

建议使用ntp协议进行;

参考博客:http://sohudrgon.blog.51cto.com/3088108/1598314

2、节点之间必须要通过主机名互相通信;

建议使用hosts文件;

通信中使用的名字必须与其节点为上“uname -n”命令展示出的名字保持一致;

[root@proxy ~]# cat /etc/hosts                        127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4::1         localhost localhost.localdomain localhost6 localhost6.localdomain6172.16.0.1  server.magelinux.com server172.16.31.52 proxy.stu31.com proxy172.16.31.53 proxy2.stu31.com proxy2172.16.31.50 tom1.stu31.com tom1172.16.31.51 tom2.stu31.com tom2

3、节点之间彼此root用户能基于ssh密钥方式进行通信;

节点proxy:# ssh-keygen -t rsa -P ""# ssh-copy-id -i .ssh/id_rsa.pub proxy2节点proxy2:# ssh-keygen -t rsa -P ""# ssh-copy-id -i .ssh/id_rsa.pub proxy

测试ssh无密钥通信:

[root@proxy ~]# date ; ssh proxy2 dateFri Jan 16 15:38:36 CST 2015Fri Jan 16 15:38:36 CST 2015

一.安装nginx

1.两个节点都安装nginx

# yum install nginx-1.6.2-1.el6.ngx.x86_64.rpm

2.分别在两台机器上创建不同的测试页面[为了测试]

[root@proxy ~]# echo "Page from nginx1 ,proxy" >/usr/share/nginx/html/index.html[root@proxy2 ~]# echo "Page from nginx2 ,proxy2" >/usr/share/nginx/html/index.html

3.配置nginx的配置文件

配置nginx服务器将动态内容反向代理到后端tomcat服务器组,而静态内容直接访问本地的nginx服务器;

定义后端tomcat服务器组:

[root@proxy ~]# vim /etc/nginx/nginx.conf #添加如下后端服务器组    upstream tcsrvs {        ip_hash;        server 172.16.31.50:8080;        server 172.16.31.51:8080;    }

定义反向代理:

[root@proxy nginx]# pwd/etc/nginx[root@proxy nginx]# vim conf.d/default.conf server {    listen       80;    server_name  localhost;    #charset koi8-r;    #access_log  /var/log/nginx/log/host.access.log  main;    location / {        root   /usr/share/nginx/html;        index  index.html index.htm;    }    location ~* \.(jsp|do)$ {        proxy_pass http://tcsrvs;    }}

3.启动nginx服务访问测试

静态内容是本地nginx提供的页面:

动态页面丢到后端的tomcat服务器了:

复制配置文件到节点proxy2:

[root@proxy nginx]# scp nginx.conf proxy2:/etc/nginx/nginx.conf                                    100%  740     0.7KB/s   00:00    [root@proxy nginx]# scp conf.d/default.conf proxy2:/etc/nginx/conf.d/default.conf                                  100% 1167     1.1KB/s   00:00

二.keepalived安装与配置

CentOS 6.6 是1.2.13版本的keepalived,已经够用了,最新版本的keepalived是1.2.15;

1.两个节点安装keepalived软件

# yum install -y keepalived

2.配置keepalived

修改keepalived配置文件

keepalived的文件路径/etc/keepalived/keepalived.conf 

主节点MASTER node:

! Configuration File for keepalived   #全局定义   global_defs {   notification_email {               #指定keepalived在发生事件时(比如切换),需要发送的email对象,可以多个,每行一个      root@stu31.com   }   notification_email_from kaadmin@stu31.com   smtp_server 127.0.0.1              #指定发送email的smtp服务器   smtp_connect_timeout 30   router_id LVS_DEVEL                #运行keepalived的机器的一个标识} vrrp_instance VI_1 {    state MASTER               #为主服务器    interface eth0             #监听的本地网卡接口    virtual_router_id 100      #主辅virtual_router_id号必须相同    mcast_src_ip=172.16.31.52  #主nginx的ip地址    priority 100               #优先级为100,此值越大优先级越大 就为master 权重值    advert_int 1               #VRRP Multicast 广播周期秒数;心跳检测时间,单位秒    authentication {        auth_type PASS         #vrrp认证方式        auth_pass oracle       #vrrp口令    }    virtual_ipaddress {        #VRRP HA 虚拟地址 如果有多个VIP,继续换行填写        172.16.31.188/24 dev eth0     }}

备用节点BACKUP node:

global_defs {        notification_email {                root@stu31.com        }        notification_email_from kaadmin@stu31.com        smtp_server 127.0.0.1        smtp_connect_timeout 30        router_id LVS_DEVEL}vrrp_instance  VI_1 {        state BACKUP        interface eth0        virtual_router_id 100        mcast_src_ip=172.16.31.53        priority 99        advert_int 1        authentication {                auth_type PASS                auth_pass oracle        }        virutal_ipaddress {                172.16.31.188/24 dev eth0         }}

3.启动keepalived服务

设置keepalived开机启动:

# chkconfig keepalived on

启动两个节点的keepalived服务:

[root@proxy ~]# service keepalived start ; ssh proxy2 "service keepalived start"

4.查看vip状态

#首先在master节点上查看vip的状态

[root@proxy keepalived]# ip addr show eth02: eth0: 
 mtu 1500 qdisc pfifo_fast state UP qlen 1000    link/ether 08:00:27:3b:23:60 brd ff:ff:ff:ff:ff:ff    inet 172.16.31.52/16 brd 172.16.255.255 scope global eth0    inet 172.16.31.188/16 scope global secondary eth0    inet6 fe80::a00:27ff:fe3b:2360/64 scope link        valid_lft forever preferred_lft forever

#其次在backup节点上查看vip的状态

[root@proxy2 keepalived]# ip addr show eth02: eth0: 
 mtu 1500 qdisc pfifo_fast state UP qlen 1000    link/ether 08:00:27:6e:bd:28 brd ff:ff:ff:ff:ff:ff    inet 172.16.31.53/16 brd 172.16.255.255 scope global eth0    inet6 fe80::a00:27ff:fe6e:bd28/64 scope link        valid_lft forever preferred_lft forever

5.查看keepalived服务启动后选举VIP的过程日志:

MASTER节点的日志:

当启动keepalived服务的时候,会根据配置文件的优先级来竞选谁为master,从日志来看172.16.31.52竞选master

[root@proxy keepalived]# tail -f /var/log/messages Jan 16 16:31:06 proxy Keepalived[5807]: Starting Keepalived v1.2.13 (10/15,2014)Jan 16 16:31:06 proxy Keepalived[5809]: Starting Healthcheck child process, pid=5811Jan 16 16:31:06 proxy Keepalived[5809]: Starting VRRP child process, pid=5812Jan 16 16:31:06 proxy Keepalived_healthcheckers[5811]: Netlink reflector reports IP 172.16.31.52 addedJan 16 16:31:06 proxy Keepalived_healthcheckers[5811]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 addedJan 16 16:31:06 proxy Keepalived_vrrp[5812]: Netlink reflector reports IP 172.16.31.52 addedJan 16 16:31:06 proxy Keepalived_healthcheckers[5811]: Registering Kernel netlink reflectorJan 16 16:31:06 proxy Keepalived_healthcheckers[5811]: Registering Kernel netlink command channelJan 16 16:31:06 proxy Keepalived_vrrp[5812]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 addedJan 16 16:31:06 proxy Keepalived_vrrp[5812]: Registering Kernel netlink reflectorJan 16 16:31:06 proxy Keepalived_vrrp[5812]: Registering Kernel netlink command channelJan 16 16:31:06 proxy Keepalived_vrrp[5812]: Registering gratuitous ARP shared channelJan 16 16:31:06 proxy Keepalived_healthcheckers[5811]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 16:31:06 proxy Keepalived_vrrp[5812]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 16:31:06 proxy Keepalived_vrrp[5812]: Configuration is using : 62912 BytesJan 16 16:31:06 proxy Keepalived_vrrp[5812]: Using LinkWatch kernel netlink reflector...Jan 16 16:31:06 proxy Keepalived_vrrp[5812]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]Jan 16 16:31:06 proxy Keepalived_healthcheckers[5811]: Configuration is using : 7455 BytesJan 16 16:31:06 proxy Keepalived_healthcheckers[5811]: Using LinkWatch kernel netlink reflector...Jan 16 16:31:06 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) Transition to MASTER STATEJan 16 16:31:07 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) Entering MASTER STATEJan 16 16:31:07 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) setting protocol VIPs.Jan 16 16:31:07 proxy Keepalived_healthcheckers[5811]: Netlink reflector reports IP 172.16.31.188 addedJan 16 16:31:07 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188Jan 16 16:31:07 proxy Keepalived_vrrp[5812]: receive an invalid ip number count associated with VRID!Jan 16 16:31:07 proxy Keepalived_vrrp[5812]: bogus VRRP packet received on eth0 !!!Jan 16 16:31:07 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) Dropping received VRRP packet...Jan 16 16:31:08 proxy Keepalived_vrrp[5812]: receive an invalid ip number count associated with VRID!Jan 16 16:31:08 proxy Keepalived_vrrp[5812]: bogus VRRP packet received on eth0 !!!Jan 16 16:31:08 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) Dropping received VRRP packet...Jan 16 16:31:09 proxy Keepalived_vrrp[5812]: receive an invalid ip number count associated with VRID!Jan 16 16:31:09 proxy Keepalived_vrrp[5812]: bogus VRRP packet received on eth0 !!!Jan 16 16:31:09 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) Dropping received VRRP packet...Jan 16 16:31:12 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188

BACKUP节点的日志;

由于优先级低,就成为了备用节点;

[root@proxy2 keepalived]# tail -f /var/log/messages Jan 16 16:31:09 proxy2 Keepalived[2176]: Starting Keepalived v1.2.13 (10/15,2014)Jan 16 16:31:09 proxy2 Keepalived[2178]: Starting Healthcheck child process, pid=2180Jan 16 16:31:09 proxy2 Keepalived[2178]: Starting VRRP child process, pid=2181Jan 16 16:31:09 proxy2 Keepalived_healthcheckers[2180]: Netlink reflector reports IP 172.16.31.53 addedJan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Netlink reflector reports IP 172.16.31.53 addedJan 16 16:31:09 proxy2 Keepalived_healthcheckers[2180]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 addedJan 16 16:31:09 proxy2 Keepalived_healthcheckers[2180]: Registering Kernel netlink reflectorJan 16 16:31:09 proxy2 Keepalived_healthcheckers[2180]: Registering Kernel netlink command channelJan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 addedJan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Registering Kernel netlink reflectorJan 16 16:31:09 proxy2 Keepalived_healthcheckers[2180]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Registering Kernel netlink command channelJan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Registering gratuitous ARP shared channelJan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 16:31:09 proxy2 Keepalived_healthcheckers[2180]: Configuration is using : 7455 BytesJan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Configuration is using : 62912 BytesJan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: Using LinkWatch kernel netlink reflector...Jan 16 16:31:09 proxy2 Keepalived_healthcheckers[2180]: Using LinkWatch kernel netlink reflector...Jan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: VRRP_Instance(VI_1) Entering BACKUP STATEJan 16 16:31:09 proxy2 Keepalived_vrrp[2181]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]

6.我们停止MASTER节点的keepalived服务,那么BACKUP节点会成为主节点。

主节点停止keepalived服务:

[root@proxy keepalived]# service keepalived stopStopping keepalived:                                       [  OK  ]

我们通过日志来查看自动切换的过程:

主节点的VIP自动移除:

[root@proxy keepalived]# tail -f /var/log/messages Jan 16 16:37:33 proxy Keepalived[5809]: Stopping Keepalived v1.2.13 (10/15,2014)Jan 16 16:37:33 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) sending 0 priorityJan 16 16:37:33 proxy Keepalived_vrrp[5812]: VRRP_Instance(VI_1) removing protocol VIPs.Jan 16 16:37:33 proxy Keepalived_healthcheckers[5811]: Netlink reflector reports IP 172.16.31.188 removed

备用节点自动竞选成主节点,获取VIP:

[root@proxy2 keepalived]# tail -f /var/log/messages Jan 16 16:37:34 proxy2 Keepalived_vrrp[2181]: VRRP_Instance(VI_1) Transition to MASTER STATEJan 16 16:37:35 proxy2 Keepalived_vrrp[2181]: VRRP_Instance(VI_1) Entering MASTER STATEJan 16 16:37:35 proxy2 Keepalived_vrrp[2181]: VRRP_Instance(VI_1) setting protocol VIPs.Jan 16 16:37:35 proxy2 Keepalived_vrrp[2181]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188Jan 16 16:37:35 proxy2 Keepalived_healthcheckers[2180]: Netlink reflector reports IP 172.16.31.188 addedJan 16 16:37:40 proxy2 Keepalived_vrrp[2181]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188

7.我们将主节点重新启动,并测试节点主备切换时间:

[root@proxy keepalived]# service keepalived startStarting keepalived:                                       [  OK  ]

我在物理机上测试主备切换时间,间隔差不多一秒钟左右:

C:\Users\GuoGang>ping -t 172.16.31.188正在 Ping 172.16.31.188 具有 32 字节的数据:来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64请求超时。来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64来自 172.16.31.188 的回复: 字节=32 时间<1ms TTL=64172.16.31.188 的 Ping 统计信息:    数据包: 已发送 = 9,已接收 = 8,丢失 = 1 (11% 丢失),

8.更改DNS服务器的IP为虚拟ip

DNS服务器构建请参考博客:http://sohudrgon.blog.51cto.com/3088108/1588344

# vim /var/named/stu31.com.zone $TTL 600$ORIGIN stu31.com.@       IN      SOA     ns1.stu31.com.  root.stu31.com. (                        2014121801                        1D                        5M                        1W                        1H)@       IN      NS      ns1.stu31.com.ns1     IN      A       172.16.31.52www     IN      A       172.16.31.188

重启named服务器;

9.访问测试:

三.Keepalived服务根据nginx状态实现自动切换配置

1.默认情况下,keepalived工作模式并不能直接监控nginx服务,只有当keepalived服务挂掉后才能主备切换,nginx服务挂掉后不能实现主备服务器的切换,但是我们的目的就是要实现nginx服务keepalived挂掉后,都要主备切换。

以上有两种方法可以实现

A.keepalived配置文件中可以支持shell脚本,写个监听nginx服务的脚本就可以了

B.单独写个脚本来监听nginx和keepalived服务

keepalived的样板文件中有配置文件专门探测服务正常与否:

[root@proxy keepalived]# ls /usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.fwmark          keepalived.conf.track_interfacekeepalived.conf.HTTP_GET.port   keepalived.conf.virtualhostkeepalived.conf.inhibit         keepalived.conf.virtual_server_groupkeepalived.conf.IPv6            keepalived.conf.vrrpkeepalived.conf.misc_check      keepalived.conf.vrrp.localcheckkeepalived.conf.misc_check_arg  keepalived.conf.vrrp.lvs_syncdkeepalived.conf.quorum          keepalived.conf.vrrp.routeskeepalived.conf.sample          keepalived.conf.vrrp.scriptskeepalived.conf.SMTP_CHECK      keepalived.conf.vrrp.static_ipaddresskeepalived.conf.SSL_GET         keepalived.conf.vrrp.synckeepalived.conf.status_code     sample.misccheck.smbcheck.sh

就是keepalived.conf.vrrp.localcheck这个样例文件中讲解了所有的探测服务正常与否的方法;

2.基于第一种情况我们在keepalived的配置文件中加入如下探测nginx服务是否正常:

主备节点都需要添加:

vrrp_script chk_nginx {               #检测nginx服务是否在运行有很多方式,比如进程,用脚本检测等等    script "killall -0 nginx"  #用shell命令检查nginx服务是否存在    interval 1                 #时间间隔为1秒检测一次    weight -2                  #当nginx的服务不存在了,就把当前的权重-2    fall 2                     #测试失败的次数    rise 1                     #测试成功的次数 } 然后在vrrp_instance配置段中引用定义的脚本名称;track_script {     chk_nginx   #引用上面的vrrp_script定义的脚本名称 }

实例测试:

MASTER节点的配置文件:

[root@proxy keepalived]# cat keepalived.confglobal_defs {        notification_email {                root@stu31.com        }        notification_email_from kaadmin@stu31.com        smtp_server 127.0.0.1        smtp_connect_timeout 30        router_id LVS_DEVEL}vrrp_script chk_nginx {               #检测nginx服务是否在运行有很多方式,比如进程,用脚本检测等等    script "killall -0 nginx"  #用shell命令检查nginx服务是否存在    interval 1                 #时间间隔为1秒检测一次    weight -2                  #当nginx的服务不存在了,就把当前的权重-2    fall 2                     #测试失败的次数    rise 1                     #测试成功的次数 } vrrp_instance  VI_1 {        state MASTER        interface eth0        virtual_router_id 100        mcast_src_ip=172.16.31.52        priority 100        advert_int 1        authentication {                auth_type PASS                auth_pass oracle        }        virtual_ipaddress {                172.16.31.188/16 dev eth0         }        track_script {                 chk_nginx   #引用上面的vrrp_script定义的脚本名称         } }

BACKUP节点的配置文件:

[root@proxy2 keepalived]# cat keepalived.confglobal_defs {        notification_email {                root@stu31.com        }        notification_email_from kaadmin@stu31.com        smtp_server 127.0.0.1        smtp_connect_timeout 30        router_id LVS_DEVEL}vrrp_script chk_nginx {               #检测nginx服务是否在运行有很多方式,比如进程,用脚本检测等等    script "killall -0 nginx"  #用shell命令检查nginx服务是否存在    interval 1                 #时间间隔为1秒检测一次    weight -2                  #当nginx的服务不存在了,就把当前的权重-2    fall 2                     #测试失败的次数    rise 1                     #测试成功的次数 } vrrp_instance  VI_1 {        state BACKUP        interface eth0        virtual_router_id 100        mcast_src_ip=172.16.31.53        priority 99        advert_int 1        authentication {                auth_type PASS                auth_pass oracle        }        virtual_ipaddress {                172.16.31.188/16 dev eth0         }        track_script {                 chk_nginx   #引用上面的vrrp_script定义的脚本名称         } }

重启keepalived服务;我们将主节点的nginx服务停止;测试keepalived服务是否自动切换到备用节点:

重启服务;

[root@proxy keepalived]# service keepalived restart ; ssh proxy2 "service keepalived restart"Stopping keepalived:                                       [  OK  ]Starting keepalived:                                       [  OK  ]Stopping keepalived: [  OK  ]Starting keepalived: [  OK  ]

查看日志可以发现已经在检查nginx服务了:

MASTE节点的启动日志:

[root@proxy keepalived]# tail -f /var/log/messages Jan 16 17:18:02 proxy Keepalived[6098]: Starting Keepalived v1.2.13 (10/15,2014)Jan 16 17:18:02 proxy Keepalived[6100]: Starting Healthcheck child process, pid=6102Jan 16 17:18:02 proxy Keepalived[6100]: Starting VRRP child process, pid=6104Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: Netlink reflector reports IP 172.16.31.52 addedJan 16 17:18:02 proxy Keepalived_healthcheckers[6102]: Netlink reflector reports IP 172.16.31.52 addedJan 16 17:18:02 proxy Keepalived_healthcheckers[6102]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 addedJan 16 17:18:02 proxy Keepalived_vrrp[6104]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 addedJan 16 17:18:02 proxy Keepalived_healthcheckers[6102]: Registering Kernel netlink reflectorJan 16 17:18:02 proxy Keepalived_vrrp[6104]: Registering Kernel netlink reflectorJan 16 17:18:02 proxy Keepalived_healthcheckers[6102]: Registering Kernel netlink command channelJan 16 17:18:02 proxy Keepalived_vrrp[6104]: Registering Kernel netlink command channelJan 16 17:18:02 proxy Keepalived_vrrp[6104]: Registering gratuitous ARP shared channelJan 16 17:18:02 proxy Keepalived_healthcheckers[6102]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 17:18:02 proxy Keepalived_healthcheckers[6102]: Configuration is using : 7495 BytesJan 16 17:18:02 proxy Keepalived_vrrp[6104]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: Configuration is using : 65170 BytesJan 16 17:18:02 proxy Keepalived_vrrp[6104]: Using LinkWatch kernel netlink reflector...Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]Jan 16 17:18:02 proxy Keepalived_healthcheckers[6102]: Using LinkWatch kernel netlink reflector...Jan 16 17:18:02 proxy Keepalived_vrrp[6104]: VRRP_Script(chk_nginx) succeededJan 16 17:18:02 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) Transition to MASTER STATEJan 16 17:18:02 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) Received lower prio advert, forcing new electionJan 16 17:18:03 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) Entering MASTER STATEJan 16 17:18:03 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) setting protocol VIPs.Jan 16 17:18:03 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188Jan 16 17:18:03 proxy Keepalived_healthcheckers[6102]: Netlink reflector reports IP 172.16.31.188 added

BACKUP节点的启动日志:

[root@proxy2 keepalived]# tail -f /var/log/messages Jan 16 17:18:03 proxy2 Keepalived[25883]: Starting Keepalived v1.2.13 (10/15,2014)Jan 16 17:18:03 proxy2 Keepalived[25885]: Starting Healthcheck child process, pid=25887Jan 16 17:18:03 proxy2 Keepalived[25885]: Starting VRRP child process, pid=25888Jan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Netlink reflector reports IP 172.16.31.53 addedJan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 addedJan 16 17:18:03 proxy2 Keepalived_healthcheckers[25887]: Netlink reflector reports IP 172.16.31.53 addedJan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Registering Kernel netlink reflectorJan 16 17:18:03 proxy2 Keepalived_healthcheckers[25887]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 addedJan 16 17:18:03 proxy2 Keepalived_healthcheckers[25887]: Registering Kernel netlink reflectorJan 16 17:18:03 proxy2 Keepalived_healthcheckers[25887]: Registering Kernel netlink command channelJan 16 17:18:03 proxy2 Keepalived_healthcheckers[25887]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Registering Kernel netlink command channelJan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Registering gratuitous ARP shared channelJan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 17:18:03 proxy2 Keepalived_healthcheckers[25887]: Configuration is using : 7495 BytesJan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Configuration is using : 65170 BytesJan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: Using LinkWatch kernel netlink reflector...Jan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) Entering BACKUP STATEJan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]Jan 16 17:18:03 proxy2 Keepalived_healthcheckers[25887]: Using LinkWatch kernel netlink reflector...Jan 16 17:18:03 proxy2 Keepalived_vrrp[25888]: VRRP_Script(chk_nginx) succeeded只是检测了nginx服务;

我们在MASTER节点关闭nginx服务后观察:

[root@proxy keepalived]# service nginx stopStopping nginx:                                            [  OK  ]

观察日志,主节点检查服务失败,移除VIP地址;

MASTE节点的启动日志:

[root@proxy keepalived]# tail -f /var/log/messages Jan 16 17:21:20 proxy Keepalived_vrrp[6104]: VRRP_Script(chk_nginx) failedJan 16 17:21:22 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) Received higher prio advertJan 16 17:21:22 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) Entering BACKUP STATEJan 16 17:21:22 proxy Keepalived_vrrp[6104]: VRRP_Instance(VI_1) removing protocol VIPs.Jan 16 17:21:22 proxy Keepalived_healthcheckers[6102]: Netlink reflector reports IP 172.16.31.188 removed

备用节点检查nginx服务正常,进行自动加载VIP:

[root@proxy2 keepalived]# tail -f /var/log/messages Jan 16 17:21:22 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) forcing a new MASTER electionJan 16 17:21:22 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) forcing a new MASTER electionJan 16 17:21:23 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) Transition to MASTER STATEJan 16 17:21:24 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) Entering MASTER STATEJan 16 17:21:24 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) setting protocol VIPs.Jan 16 17:21:24 proxy2 Keepalived_healthcheckers[25887]: Netlink reflector reports IP 172.16.31.188 addedJan 16 17:21:24 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188Jan 16 17:21:29 proxy2 Keepalived_vrrp[25888]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188

至此,内置检测脚本测试服务正常与否的设置就成功。

3.基于第二种情况,我们单独写一个脚本来探测nginx服务是否正常;探测nginx进程正常与否

我们需要跟上面的设置区分开来,如果使用独立脚本,上面的内置脚本就不用设置了。

#vim nginxpidcheck.sh#!/bin/bash while  : do  nginxpid=`ps -C nginx --no-header | wc -l`  if [ $nginxpid -eq 0 ];then   /usr/local/nginx/sbin/nginx   sleep 5   nginxpid=`ps -C nginx --no-header | wc -l`   echo $nginxpid     if [ $nginxpid -eq 0 ];then  /etc/init.d/keepalived stop    fi  fi  sleep 5 done

我们将脚本制定为任务计划运行即可,我们测试就直接交给后台自动运行:

这是一个无限循环的脚本,放在主Nginx机器上(因为目前主要是由它提供服务),每隔5秒执行一次,用ps -C 命令来收集nginx的PID值到底是否为0,如果是0的话(即Nginx进程死掉了),尝试启动nginx进程;如果继续为0,即nginx启动失改, 则关闭本机的Keeplaived进程,VIP地址则会由备机接管,当然了,整个网站就会由备机的Nginx来提供服务了,这样保证Nginx进程的高可用。

实例测试:

我们将脚本放在/etc/keepalived目录下,两个节点都存放:

[root@proxy2 keepalived]# lskeepalived.conf   nginxpidcheck.sh

直接交给后台自动运行,两个节点都运行:

#nohup sh /etc/keepalived/nginxpidcheck.sh &

我们停止主节点的nginx服务:

[root@proxy keepalived]# service nginx stopStopping nginx:                                            [  OK  ]

观察日志查看主备切换过程成功与否:

MASTE节点的启动日志:

[root@proxy keepalived]# tail -f /var/log/messages Jan 16 17:33:37 proxy Keepalived[7221]: Stopping Keepalived v1.2.13 (10/15,2014)Jan 16 17:33:37 proxy Keepalived_vrrp[7225]: VRRP_Instance(VI_1) sending 0 priorityJan 16 17:33:37 proxy Keepalived_vrrp[7225]: VRRP_Instance(VI_1) removing protocol VIPs.Jan 16 17:33:37 proxy Keepalived_healthcheckers[7224]: Netlink reflector reports IP 172.16.31.188 removed

VIP移除了;

备用节点检查nginx服务正常,进行自动加载VIP:

[root@proxy2 keepalived]# tail -f /var/log/messages Jan 16 17:33:37 proxy2 Keepalived_vrrp[26984]: VRRP_Instance(VI_1) Transition to MASTER STATEJan 16 17:33:38 proxy2 Keepalived_vrrp[26984]: VRRP_Instance(VI_1) Entering MASTER STATEJan 16 17:33:38 proxy2 Keepalived_vrrp[26984]: VRRP_Instance(VI_1) setting protocol VIPs.Jan 16 17:33:38 proxy2 Keepalived_healthcheckers[26983]: Netlink reflector reports IP 172.16.31.188 addedJan 16 17:33:38 proxy2 Keepalived_vrrp[26984]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188Jan 16 17:33:43 proxy2 Keepalived_vrrp[26984]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188

访问测试,静态内容是转到了节点proxy2上了:

4.基于邮件通知形式的自动切换主备节点的脚本构建

邮件通知脚本构建:将脚本放置在/etc/keepalived/下,两个节点都需要创建

[root@proxy keepalived]# vim notify.sh#!/bin/bashvip=172.16.31.188contact='root@localhost'notify() {    mailsubject="`hostname` to be $1: $vip floating"    mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"    echo $mailbody | mail -s "$mailsubject" $contact}case "$1" in    master)        notify master        /etc/rc.d/init.d/nginx start        exit 0    ;;    backup)        notify backup        /etc/rc.d/init.d/nginx stop        exit 0    ;;    fault)        notify fault        /etc/rc.d/init.d/nginx stop        exit 0    ;;    *)        echo 'Usage: `basename $0` {master|backup|fault}'        exit 1    ;;esac

如果是主MASTER节点,我们就启动nginx服务;如果是BACKUP备用节点我们就停止nginx服务;如果节点故障,我们停止nginx服务;

需要在keepalived配置文件中进行脚本调用:

MASTER节点:

[root@proxy keepalived]# cat keepalived.confglobal_defs {        notification_email {                root@stu31.com        }        notification_email_from kaadmin@stu31.com        smtp_server 127.0.0.1        smtp_connect_timeout 30        router_id LVS_DEVEL}vrrp_script chk_maintance_down {    #检查脚本,如果存在down这个文件,就将节点的权重减5        script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"        interval 1    #时间间隔为1秒检测一次         weight  -5    #当nginx的服务不存在了,就把当前的权重-5 }vrrp_instance  VI_1 {        state MASTER        interface eth0        virtual_router_id 100        mcast_src_ip=172.16.31.52        priority 100        advert_int 1        authentication {                auth_type PASS                auth_pass oracle        }        virtual_ipaddress {                172.16.31.188/16 dev eth0         }        track_script {                chk_maintance_down  #引用上面的vrrp_script定义的脚本名称         }        #如果脚本检查到节点是主节点,就邮件通知管理员,并启动nginx服务器        notify_master "/etc/keepalived/notify.sh master"        #如果脚本检查到节点是备用节点,就邮件通知管理员,并停止nginx服务器        notify_backup "/etc/keepalived/notify.sh backup"        #如果脚本检查到节点是故障节点,就邮件通知管理员,并停止nginx服务器        notify_fault "/etc/keepalived/notify.sh fault"}

BACKUP节点也设置如下:

[root@proxy2 keepalived]# cat keepalived.confglobal_defs {        notification_email {                root@stu31.com        }        notification_email_from kaadmin@stu31.com        smtp_server 127.0.0.1        smtp_connect_timeout 30        router_id LVS_DEVEL}vrrp_script chk_maintance_down {        script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"        interval 1        weight  -5}vrrp_instance  VI_1 {        state BACKUP        interface eth0        virtual_router_id 100        mcast_src_ip=172.16.31.53        priority 99        advert_int 1        authentication {                auth_type PASS                auth_pass oracle        }        virtual_ipaddress {                172.16.31.188/16 dev eth0         }        track_script {                chk_maintance_down        }        notify_master "/etc/keepalived/notify.sh master"        notify_backup "/etc/keepalived/notify.sh backup"        notify_fault "/etc/keepalived/notify.sh fault"}

我们重启keepalived服务器;观察节点的选举情况,

MASTER节点的日志:

[root@proxy keepalived]# tail -f /var/log/messages Jan 16 18:09:36 proxy Keepalived[10991]: Starting Keepalived v1.2.13 (10/15,2014)Jan 16 18:09:36 proxy Keepalived[10993]: Starting Healthcheck child process, pid=10996Jan 16 18:09:36 proxy Keepalived[10993]: Starting VRRP child process, pid=10997Jan 16 18:09:36 proxy Keepalived_healthcheckers[10996]: Netlink reflector reports IP 172.16.31.52 addedJan 16 18:09:36 proxy Keepalived_healthcheckers[10996]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 addedJan 16 18:09:36 proxy Keepalived_healthcheckers[10996]: Registering Kernel netlink reflectorJan 16 18:09:36 proxy Keepalived_healthcheckers[10996]: Registering Kernel netlink command channelJan 16 18:09:36 proxy Keepalived_healthcheckers[10996]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 18:09:36 proxy Keepalived_healthcheckers[10996]: Configuration is using : 7599 BytesJan 16 18:09:36 proxy Keepalived_vrrp[10997]: Netlink reflector reports IP 172.16.31.52 addedJan 16 18:09:36 proxy Keepalived_vrrp[10997]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 addedJan 16 18:09:36 proxy Keepalived_vrrp[10997]: Registering Kernel netlink reflectorJan 16 18:09:36 proxy Keepalived_vrrp[10997]: Registering Kernel netlink command channelJan 16 18:09:36 proxy Keepalived_vrrp[10997]: Registering gratuitous ARP shared channelJan 16 18:09:36 proxy Keepalived_healthcheckers[10996]: Using LinkWatch kernel netlink reflector...Jan 16 18:09:36 proxy Keepalived_vrrp[10997]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 18:09:36 proxy Keepalived_vrrp[10997]: Configuration is using : 65356 BytesJan 16 18:09:36 proxy Keepalived_vrrp[10997]: Using LinkWatch kernel netlink reflector...Jan 16 18:09:36 proxy Keepalived_vrrp[10997]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]#检查出无down这个文件;Jan 16 18:09:36 proxy Keepalived_vrrp[10997]: VRRP_Script(chk_maintance_down) succeededJan 16 18:09:37 proxy Keepalived_vrrp[10997]: VRRP_Instance(VI_1) Transition to MASTER STATEJan 16 18:09:38 proxy Keepalived_vrrp[10997]: VRRP_Instance(VI_1) Entering MASTER STATEJan 16 18:09:38 proxy Keepalived_vrrp[10997]: VRRP_Instance(VI_1) setting protocol VIPs.Jan 16 18:09:38 proxy Keepalived_vrrp[10997]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188Jan 16 18:09:38 proxy Keepalived_healthcheckers[10996]: Netlink reflector reports IP 172.16.31.188 addedJan 16 18:09:43 proxy Keepalived_vrrp[10997]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188

BACKUP节点的日志:

[root@proxy2 keepalived]# tail -f /var/log/messages Jan 16 18:09:36 proxy2 Keepalived[29190]: Starting Keepalived v1.2.13 (10/15,2014)Jan 16 18:09:36 proxy2 Keepalived[29192]: Starting Healthcheck child process, pid=29194Jan 16 18:09:36 proxy2 Keepalived[29192]: Starting VRRP child process, pid=29195Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Netlink reflector reports IP 172.16.31.53 addedJan 16 18:09:36 proxy2 Keepalived_healthcheckers[29194]: Netlink reflector reports IP 172.16.31.53 addedJan 16 18:09:36 proxy2 Keepalived_healthcheckers[29194]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 addedJan 16 18:09:36 proxy2 Keepalived_healthcheckers[29194]: Registering Kernel netlink reflectorJan 16 18:09:36 proxy2 Keepalived_healthcheckers[29194]: Registering Kernel netlink command channelJan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 addedJan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Registering Kernel netlink reflectorJan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Registering Kernel netlink command channelJan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Registering gratuitous ARP shared channelJan 16 18:09:36 proxy2 Keepalived_healthcheckers[29194]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 18:09:36 proxy2 Keepalived_healthcheckers[29194]: Configuration is using : 7599 BytesJan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Configuration is using : 65356 BytesJan 16 18:09:36 proxy2 Keepalived_healthcheckers[29194]: Using LinkWatch kernel netlink reflector...Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: Using LinkWatch kernel netlink reflector...Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: VRRP_Instance(VI_1) Entering BACKUP STATEJan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]Jan 16 18:09:36 proxy2 Keepalived_vrrp[29195]: VRRP_Script(chk_maintance_down) succeededJan 16 18:09:43 proxy2 Keepalived[29192]: Stopping Keepalived v1.2.13 (10/15,2014)

查看邮件:

MASTER主节点的邮件:

[root@proxy keepalived]# mailHeirloom Mail version 12.4 7/29/08.  Type ? for help."/var/spool/mail/root": 2 messages 2 new>N  1 root                  Fri Jan 16 18:08  18/696   "proxy.stu31.com to be master: 172.16.31.188 floating" N  2 root                  Fri Jan 16 18:09  18/696   "proxy.stu31.com to be master: 172.16.31.188 floating"& 2Message  2:From root@proxy.stu31.com  Fri Jan 16 18:09:38 2015Return-Path: 
X-Original-To: root@localhostDelivered-To: root@localhost.stu31.comDate: Fri, 16 Jan 2015 18:09:38 +0800To: root@localhost.stu31.comSubject: proxy.stu31.com to be master: 172.16.31.188 floatingUser-Agent: Heirloom mailx 12.4 7/29/08Content-Type: text/plain; charset=us-asciiFrom: root@proxy.stu31.com (root)Status: R2015-01-16 18:09:38: vrrp transition, proxy.stu31.com changed to be master

备用节点的邮件:

[root@proxy2 keepalived]# mailHeirloom Mail version 12.4 7/29/08.  Type ? for help."/var/spool/mail/root": 2 messages 2 new>N  1 root                  Fri Jan 16 18:08  18/703   "proxy2.stu31.com to be backup: 172.16.31.188 floating" N  2 root                  Fri Jan 16 18:09  18/703   "proxy2.stu31.com to be backup: 172.16.31.188 floating"& 2Message  2:From root@proxy2.stu31.com  Fri Jan 16 18:09:36 2015Return-Path: 
X-Original-To: root@localhostDelivered-To: root@localhost.stu31.comDate: Fri, 16 Jan 2015 18:09:36 +0800To: root@localhost.stu31.comSubject: proxy2.stu31.com to be backup: 172.16.31.188 floatingUser-Agent: Heirloom mailx 12.4 7/29/08Content-Type: text/plain; charset=us-asciiFrom: root@proxy2.stu31.com (root)Status: R2015-01-16 18:09:36: vrrp transition, proxy2.stu31.com changed to be backup

我们在主节点的/etc/keepalived/目录下创建一个down文件,来观察主节点是否会切换到备用节点:

[root@proxy keepalived]# touch down

查看主节点日志:

MASTER节点的日志:

[root@proxy keepalived]# tail -f /var/log/messages Jan 16 19:09:10 proxy Keepalived_vrrp[20675]: VRRP_Script(chk_maintance_down) failedJan 16 19:09:12 proxy Keepalived_vrrp[20675]: VRRP_Instance(VI_1) Received higher prio advertJan 16 19:09:12 proxy Keepalived_vrrp[20675]: VRRP_Instance(VI_1) Entering BACKUP STATEJan 16 19:09:12 proxy Keepalived_vrrp[20675]: VRRP_Instance(VI_1) removing protocol VIPs.Jan 16 19:09:12 proxy Keepalived_healthcheckers[20674]: Netlink reflector reports IP 172.16.31.188 removed

BACKUP节点的日志:

[root@proxy2 keepalived]# tail -f /var/log/messages Jan 16 19:09:12 proxy2 Keepalived_vrrp[2320]: VRRP_Instance(VI_1) forcing a new MASTER electionJan 16 19:09:12 proxy2 Keepalived_vrrp[2320]: VRRP_Instance(VI_1) forcing a new MASTER electionJan 16 19:09:13 proxy2 Keepalived_vrrp[2320]: VRRP_Instance(VI_1) Transition to MASTER STATEJan 16 19:09:14 proxy2 Keepalived_vrrp[2320]: VRRP_Instance(VI_1) Entering MASTER STATEJan 16 19:09:14 proxy2 Keepalived_vrrp[2320]: VRRP_Instance(VI_1) setting protocol VIPs.Jan 16 19:09:14 proxy2 Keepalived_healthcheckers[2319]: Netlink reflector reports IP 172.16.31.188 addedJan 16 19:09:14 proxy2 Keepalived_vrrp[2320]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188Jan 16 19:09:19 proxy2 Keepalived_vrrp[2320]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.188

查看邮件:

主节点成为了备用节点了:

[root@proxy keepalived]# mailHeirloom Mail version 12.4 7/29/08.  Type ? for help."/var/spool/mail/root": 4 messages 2 new 3 unread U  1 root                  Fri Jan 16 18:08  19/706   "proxy.stu31.com to be master: 172.16.31.188 floating"    2 root                  Fri Jan 16 18:09  19/707   "proxy.stu31.com to be master: 172.16.31.188 floating">N  3 root                  Fri Jan 16 19:06  18/696   "proxy.stu31.com to be master: 172.16.31.188 floating" N  4 root                  Fri Jan 16 19:09  18/696   "proxy.stu31.com to be backup: 172.16.31.188 floating"& 4Message  4:From root@proxy.stu31.com  Fri Jan 16 19:09:12 2015Return-Path: 
X-Original-To: root@localhostDelivered-To: root@localhost.stu31.comDate: Fri, 16 Jan 2015 19:09:12 +0800To: root@localhost.stu31.comSubject: proxy.stu31.com to be backup: 172.16.31.188 floatingUser-Agent: Heirloom mailx 12.4 7/29/08Content-Type: text/plain; charset=us-asciiFrom: root@proxy.stu31.com (root)Status: R2015-01-16 19:09:12: vrrp transition, proxy.stu31.com changed to be backup& quit

备用节点成为了主节点了:

[root@proxy2 keepalived]# mailHeirloom Mail version 12.4 7/29/08.  Type ? for help."/var/spool/mail/root": 5 messages 3 new 4 unread U  1 root                  Fri Jan 16 18:08  19/713   "proxy2.stu31.com to be backup: 172.16.31.188 floating"    2 root                  Fri Jan 16 18:09  19/714   "proxy2.stu31.com to be backup: 172.16.31.188 floating">N  3 root                  Fri Jan 16 19:06  18/703   "proxy2.stu31.com to be backup: 172.16.31.188 floating" N  4 root                  Fri Jan 16 19:06  18/703   "proxy2.stu31.com to be backup: 172.16.31.188 floating" N  5 root                  Fri Jan 16 19:09  18/703   "proxy2.stu31.com to be master: 172.16.31.188 floating"& 5Message  5:From root@proxy2.stu31.com  Fri Jan 16 19:09:14 2015Return-Path: 
X-Original-To: root@localhostDelivered-To: root@localhost.stu31.comDate: Fri, 16 Jan 2015 19:09:14 +0800To: root@localhost.stu31.comSubject: proxy2.stu31.com to be master: 172.16.31.188 floatingUser-Agent: Heirloom mailx 12.4 7/29/08Content-Type: text/plain; charset=us-asciiFrom: root@proxy2.stu31.com (root)Status: R2015-01-16 19:09:14: vrrp transition, proxy2.stu31.com changed to be master& quit

我们在查看一下nginx服务的启动状况:

主节点的nginx服务状态是停止的:

[root@proxy keepalived]# service nginx statusnginx is stopped

备用节点的nginx服务状态是启动的:

[root@proxy2 keepalived]# service nginx statusnginx (pid  2679) is running...

至此,基于nginx+keepalived构建主备负载均衡代理服务器的实验就完成了。

四.双主模式构建

两个keepalived节点互为主备节点的模式构建;

实例配置文件:

proxy节点:

[root@proxy keepalived]# cat keepalived.confglobal_defs {   notification_email {    #通知邮件地址     root@localhost   }   notification_email_from root@localhost   smtp_server 127.0.0.1        #邮件服务器地址   smtp_connect_timeout 30   router_id LVS_DEVEL}#vrrp_script chk_nginx {        script "killall -0 nginx"    #服务探测,返回0说明服务是正常的        interval 1    #每隔1秒探测一次        weight -2      #nginx服务下线,权重减2}#vrrp_instance VI_1 {        #双主实例1    state MASTER            #proxy(172.16.31.52)为主,proxy2(172.16.31.53)为备    interface eth0    virtual_router_id 88    #实例1的VRID为88    garp_master_delay 1    priority 100            #主(172.16.31.52)的优先级为100,从的(172.16.31.52)优先级为99    advert_int 1    authentication {        auth_type PASS        auth_pass 123456    }#    virtual_ipaddress {        172.16.31.88/16 dev eth0    #实例1的VIP    }    track_interface {        eth0    }#    track_script {        #脚本追踪        chk_nginx    }    notify_master "/etc/keepalived/notify.sh master"    notify_backup "/etc/keepalived/notify.sh backup"    notify_fault "/etc/keepalived/notify.sh fault"}vrrp_instance VI_2 {    state BACKUP        #实例2在proxy(172.16.31.52)上是备,在proxy2(172.16.31.53)上是主    interface eth0    virtual_router_id 188    #实例2的VRID是188    garp_master_delay 1    priority 200             #实例2在proxy上的优先级是200,在proxy2上的优先级是201    advert_int 1    authentication {        auth_type PASS        auth_pass 123456    }#    virtual_ipaddress {        172.16.31.188/16 dev eth0    #实例2的VIP    }    track_interface {        eth0    }    track_script {        #脚本追踪        chk_nginx    }}

proxy2节点的配置文件:

[root@proxy2 keepalived]# cat keepalived.confglobal_defs {   notification_email {    #通知邮件地址     root@localhost   }   notification_email_from root@localhost   smtp_server 127.0.0.1        #邮件服务器地址   smtp_connect_timeout 30   router_id LVS_DEVEL}#vrrp_script chk_nginx {        script "killall -0 nginx"    #服务探测,返回0说明服务是正常的        interval 1    #每隔1秒探测一次        weight -2      #nginx服务下线,权重减2}#vrrp_instance VI_1 {        #双主实例1    state BACKUP            #proxy(172.16.31.52)为主,proxy2(172.16.31.53)为备    interface eth0    virtual_router_id 88    #实例1的VRID为88    garp_master_delay 1    priority 99            #主(172.16.31.52)的优先级为100,从的(172.16.31.52)优先级为99    advert_int 1    authentication {        auth_type PASS        auth_pass 123456    }#    virtual_ipaddress {        172.16.31.88/16 dev eth0    #实例1的VIP    }    track_interface {        eth0    }#    track_script {        #脚本追踪        chk_nginx    }    notify_master "/etc/keepalived/notify.sh master"    notify_backup "/etc/keepalived/notify.sh backup"    notify_fault "/etc/keepalived/notify.sh fault"}vrrp_instance VI_2 {    state MASTER        #实例2在proxy(172.16.31.52)上是备,在proxy2(172.16.31.53)上是主    interface eth0    virtual_router_id 188    #实例2的VRID是188    garp_master_delay 1    priority 201             #实例2在proxy上的优先级是200,在proxy2上的优先级是201    advert_int 1    authentication {        auth_type PASS        auth_pass 123456    }#    virtual_ipaddress {        172.16.31.188/16 dev eth0    #实例2的VIP    }    track_interface {        eth0    }    track_script {        #脚本追踪        chk_nginx    }}

启动keepalived服务:

[root@proxy keepalived]# service keepalived start ; ssh proxy2 "service keepalived start"    Starting keepalived:                                       [  OK  ]Starting keepalived: [  OK  ]

查看启动日志:

从中发现该节点将本该属于proxy2节点的VIP抢占过来了,能proxy节点出现问题了;去查看一下:

[root@proxy keepalived]# tail -f /var/log/messages Jan 16 20:19:06 proxy Keepalived[25249]: Starting Keepalived v1.2.13 (10/15,2014)Jan 16 20:19:06 proxy Keepalived[25251]: Starting Healthcheck child process, pid=25254Jan 16 20:19:06 proxy Keepalived[25251]: Starting VRRP child process, pid=25255Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: Netlink reflector reports IP 172.16.31.52 addedJan 16 20:19:06 proxy Keepalived_healthcheckers[25254]: Netlink reflector reports IP 172.16.31.52 addedJan 16 20:19:06 proxy Keepalived_vrrp[25255]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 addedJan 16 20:19:06 proxy Keepalived_vrrp[25255]: Registering Kernel netlink reflectorJan 16 20:19:06 proxy Keepalived_vrrp[25255]: Registering Kernel netlink command channelJan 16 20:19:06 proxy Keepalived_vrrp[25255]: Registering gratuitous ARP shared channelJan 16 20:19:06 proxy Keepalived_healthcheckers[25254]: Netlink reflector reports IP fe80::a00:27ff:fe3b:2360 addedJan 16 20:19:06 proxy Keepalived_healthcheckers[25254]: Registering Kernel netlink reflectorJan 16 20:19:06 proxy Keepalived_healthcheckers[25254]: Registering Kernel netlink command channelJan 16 20:19:06 proxy Keepalived_vrrp[25255]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 20:19:06 proxy Keepalived_healthcheckers[25254]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: Configuration is using : 72628 BytesJan 16 20:19:06 proxy Keepalived_healthcheckers[25254]: Configuration is using : 7886 BytesJan 16 20:19:06 proxy Keepalived_healthcheckers[25254]: Using LinkWatch kernel netlink reflector...Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: Using LinkWatch kernel netlink reflector...Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) Entering BACKUP STATEJan 16 20:19:06 proxy Keepalived_vrrp[25255]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]Jan 16 20:19:06 proxy Keepalived_vrrp[25255]: VRRP_Script(chk_nginx) succeededJan 16 20:19:07 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_1) Transition to MASTER STATEJan 16 20:19:08 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_1) Entering MASTER STATEJan 16 20:19:08 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_1) setting protocol VIPs.Jan 16 20:19:08 proxy Keepalived_healthcheckers[25254]: Netlink reflector reports IP 172.16.31.88 addedJan 16 20:19:08 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.88Jan 16 20:19:09 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.31.88Jan 16 20:19:10 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) forcing a new MASTER electionJan 16 20:19:10 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) forcing a new MASTER electionJan 16 20:19:11 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) Transition to MASTER STATEJan 16 20:19:12 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) Entering MASTER STATEJan 16 20:19:12 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) setting protocol VIPs.Jan 16 20:19:12 proxy Keepalived_healthcheckers[25254]: Netlink reflector reports IP 172.16.31.188 added

#查看proxy2节点的日志,发现nginx服务检查失败,可能nginx服务停止了,我们去启动nginx服务后在查看日志:

[root@proxy2 keepalived]# tail -f /var/log/messages Jan 16 20:19:06 proxy2 Keepalived[7034]: Starting Keepalived v1.2.13 (10/15,2014)Jan 16 20:19:06 proxy2 Keepalived[7036]: Starting Healthcheck child process, pid=7038Jan 16 20:19:06 proxy2 Keepalived[7036]: Starting VRRP child process, pid=7039Jan 16 20:19:06 proxy2 Keepalived_vrrp[7039]: Netlink reflector reports IP 172.16.31.53 addedJan 16 20:19:06 proxy2 Keepalived_vrrp[7039]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 addedJan 16 20:19:06 proxy2 Keepalived_vrrp[7039]: Registering Kernel netlink reflectorJan 16 20:19:06 proxy2 Keepalived_vrrp[7039]: Registering Kernel netlink command channelJan 16 20:19:06 proxy2 Keepalived_vrrp[7039]: Registering gratuitous ARP shared channelJan 16 20:19:07 proxy2 Keepalived_vrrp[7039]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 20:19:07 proxy2 Keepalived_healthcheckers[7038]: Netlink reflector reports IP 172.16.31.53 addedJan 16 20:19:07 proxy2 Keepalived_healthcheckers[7038]: Netlink reflector reports IP fe80::a00:27ff:fe6e:bd28 addedJan 16 20:19:07 proxy2 Keepalived_healthcheckers[7038]: Registering Kernel netlink reflectorJan 16 20:19:07 proxy2 Keepalived_healthcheckers[7038]: Registering Kernel netlink command channelJan 16 20:19:07 proxy2 Keepalived_vrrp[7039]: Configuration is using : 72628 BytesJan 16 20:19:07 proxy2 Keepalived_vrrp[7039]: Using LinkWatch kernel netlink reflector...Jan 16 20:19:07 proxy2 Keepalived_healthcheckers[7038]: Opening file '/etc/keepalived/keepalived.conf'.Jan 16 20:19:07 proxy2 Keepalived_healthcheckers[7038]: Configuration is using : 7886 BytesJan 16 20:19:07 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_1) Entering BACKUP STATEJan 16 20:19:07 proxy2 Keepalived_vrrp[7039]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]Jan 16 20:19:07 proxy2 Keepalived_healthcheckers[7038]: Using LinkWatch kernel netlink reflector...Jan 16 20:19:07 proxy2 Keepalived_vrrp[7039]: VRRP_Script(chk_nginx) succeededJan 16 20:19:08 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Transition to MASTER STATEJan 16 20:19:08 proxy2 Keepalived_vrrp[7039]: VRRP_Script(chk_nginx) failedJan 16 20:19:09 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Entering MASTER STATEJan 16 20:19:09 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) setting protocol VIPs.Jan 16 20:19:09 proxy2 Keepalived_healthcheckers[7038]: Netlink reflector reports IP 172.16.31.188 addedJan 16 20:19:09 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Sending gratuitous ARPs on eth0 for 172.16.31.188Jan 16 20:19:10 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Sending gratuitous ARPs on eth0 for 172.16.31.188Jan 16 20:19:10 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Received higher prio advertJan 16 20:19:10 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Entering BACKUP STATEJan 16 20:19:10 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) removing protocol VIPs.Jan 16 20:19:10 proxy2 Keepalived_healthcheckers[7038]: Netlink reflector reports IP 172.16.31.188 removed

在proxy2节点启动nginx服务

[root@proxy2 keepalived]# service nginx statusnginx is stopped[root@proxy2 keepalived]# service nginx startStarting nginx:                                            [  OK  ]

观察两个节点的日志记录:

proxy节点将属于proxy2节点的VIP返还了:

[root@proxy keepalived]# tail -f /var/log/messages Jan 16 20:19:12 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) Sending gratuitous ARPs on eth0 for 172.16.31.188Jan 16 20:19:13 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) Sending gratuitous ARPs on eth0 for 172.16.31.188Jan 16 20:23:28 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) Received higher prio advertJan 16 20:23:28 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) Entering BACKUP STATEJan 16 20:23:28 proxy Keepalived_vrrp[25255]: VRRP_Instance(VI_2) removing protocol VIPs.Jan 16 20:23:28 proxy Keepalived_healthcheckers[25254]: Netlink reflector reports IP 172.16.31.188 removed

proxy2节点的VIP设置成功:

[root@proxy2 keepalived]# tail -f /var/log/messages Jan 16 20:23:27 proxy2 Keepalived_vrrp[7039]: VRRP_Script(chk_nginx) succeededJan 16 20:23:28 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) forcing a new MASTER electionJan 16 20:23:28 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) forcing a new MASTER electionJan 16 20:23:29 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Transition to MASTER STATEJan 16 20:23:30 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Entering MASTER STATEJan 16 20:23:30 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) setting protocol VIPs.Jan 16 20:23:30 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Sending gratuitous ARPs on eth0 for 172.16.31.188Jan 16 20:23:30 proxy2 Keepalived_healthcheckers[7038]: Netlink reflector reports IP 172.16.31.188 addedJan 16 20:23:31 proxy2 Keepalived_vrrp[7039]: VRRP_Instance(VI_2) Sending gratuitous ARPs on eth0 for 172.16.31.188

我们在DNS服务器中增加一个域名,对应的虚拟IP为172.16.31.88:

[root@proxy keepalived]# vim /var/named/stu31.com.zone $TTL 600$ORIGIN stu31.com.@       IN      SOA     ns1.stu31.com.  root.stu31.com. (                        2014121801                        1D                        5M                        1W                        1H)@       IN      NS      ns1.stu31.com.ns1     IN      A       172.16.31.52www     IN      A       172.16.31.188www1     IN      A       172.16.31.88

重启named服务器后在客户端访问测试:

至此,nginx+keepalived的双主高可用负载均衡集群构建成功!