Nginx+keepalived做双机热备，实现负载均衡（主主模式）

Keepalived:
简介：
Keepalived的作用是检测服务器的状态，如果有一台web服务器宕机，或工作出现故障，Keepalived将检测到，并将有故障的服务器从系统中剔除，同时使用其他服务器代替该服务器的工作，当服务器工作正常后Keepalived自动将服务器加入到服务器群中，这些工作全部自动完成，不需要人工干涉，需要人工做的只是修复故障的服务器。
优点：
主要用作RealServer的健康状态检查以及LoadBalance主机和BackUP主机之间failover的实现。 本文构建高可用web架构:nginx （反向代理）+ keepalived
前言：因业务扩展，需要将当前的apache 转为nginx(web), 再在web前端放置nginx(负载均衡)。同时结合keepalived对前端nginx实现HA。 双机热备高可用模式： 高可用-主备模式：一个VIP,一台主机对外提供服务，另外一台做备用机，当主服务器出现问题，备用服务器接管IP继续提供服务。 高可用-主主模式：二个VIP或多个，两台主机都对外提供服务，可以是同一个服务，也可以是不 同的服务，两个VIP互为主备模式，当一台机发生故障时，另一台会接管此服务，这种模式提高了硬件的投入，也对负载均衡起到一定的效果。

搭建环境(centos7)： IP:10.0.0.128 （ nginx+keepalived） IP:10.0.0.131 （ nginx+keepalived）
VIP1:10.0.0.200 master/128 backup/129
VIP2:10.0.0.220 master/129 backup/128

IP:10.0.0.129 （httpd）（www.zxb2.cn:80） IP:10.0.0.130 （httpd）（www.zxb3.cn:80）



方案实施：

① ．主机：10.0.0.128
一． 编译安装nginx
1. 安装软件依赖包.

[root@zxb ~]# yum  -y groupinstall"Development Tools" "Server Platform         Deveopment"
[root@zxb ~]# yum  -y installopenssl-devel pcre-devel

2. 下载nginx包,并解压.

[root@zxb ~]# cd /usr/local/src/
[root@zxb~]# wget http://nginx.org/download/nginx-1.12.0.tar.gz [root@zxb ~]# tar -zxvf nginx-1.12.0.tar.gz

3. 添加nginx运行的用户.

[root@zxb ~]# useradd nginx

4. 编译安装.

[root@zxb ~]# cd /nginx-1.12.0
[root@zxb ~]#./configure--prefix=/usr/local/nginx --user=nginx                 --group=nginx --with-http_ssl_module--with-http_flv_module --with-http_stub_status_module--with-http_gzip_static_module --with-pcre
[root@zxb ~]# make&& make install

二． 编辑nginx主配置文件，反向代理两台web服务器.(upstream模块应放在http和 server模块中间)
1. [root@zxb~]# cat /usr/local/nginx/conf/nginx.conf
##这里用的是域名记得改hosts文件.

upstream backend {
server  www.zxb2.cn  max_fails=3 fail_timeout=10s;
server  www.zxb3.cn  max_fails=3 fail_timeout=10s;
}
server{
listen 80;
server_name www.test.cn;
location / {
proxy_pass http://backend; proxy_set_header   Host         $host;
proxy_set_header   X-Real-IP        $remote_addr;
proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

2. 启动nginx服务
[root@zxb~]#/usr/local/nginx/sbin/nginx
三、安装keepalived并修改配置文件,配置nginx检测脚本.
1.安装keepalived并修改配置文件.
[root@zxb ~]# yum install -y keepalived
[root@zxb ~]# cat /etc/ keepalived/keepalived.conf

! Configuration Filefor keepalived
global_defs {
notification_email {
acassen@firewall.loc
#failover@firewall.loc
#sysadmin@firewall.loc
}
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script "/root/scripts/monitor_nginx.sh"
interval 2
weight -5
fall 2
rise 1
}

vrrp_instance VI_1{
state MASTER
interface ens33
virtual_router_id 22
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.200
}
}

vrrp_instance VI_2{
state BACKUP
interface ens33
virtual_router_id 21
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.220
}
track_script {
chk_http_port
}
}

2.配置nginx检测脚本
##编写nginx状态检测脚本，放到/root/scripts/monitor_nginx.sh下(任意处)；（当检测到nginx stop 状态时，自动关闭keepalived服务）
[root@zxb ~]# cat /root/scripts/monitor_nginx.sh

#!/bin/bash
NGINX=`ps-C nginx --no-heading| wc -l`
if[ "${NGINX}" = "0" ]; then
service stop keepalived
fi

②．主机：10.0.0.129
一． 安装nginx和keepalived 同上一样。
二．Copy主机10.0.0.128 keepalived.conf 进行修改

! Configuration Filefor keepalived
global_defs {
notification_email {
acassen@firewall.loc
#failover@firewall.loc
#sysadmin@firewall.loc
}
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script "/root/scripts/monitor_nginx.sh"
interval 2
weight -5
fall 2
rise 1
}

vrrp_instance VI_1{
state BACKUP
interface ens33
virtual_router_id 22
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.200
}
}

vrrp_instance VI_2{
state MASTER
interface ens33
virtual_router_id 21
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.220
}
track_script {
chk_http_port
}
}

三．修改nginx配置文件和编写nginx状态检测脚本同上；

③IP:10.0.0.129:80 Ip:10.0.0.130:80(配置一样) [root@web1 ~ ]echo "web1-www.zxb2.cn" >/var/www/html/index.html [root@web2 ~ ]echo "web1-www.zxb3.cn" >/var/www/html/index.html

测试：
1.首先主机：10.0.0.128启动keepalived,会有两个vip,当主机:10.0.0.131启动keepalived后vip2会被抢占过去。
-----------------------------------------------------------------------------

[root@zxb ~]# systemctl start keepalived
[root@zxb ~]# cat /var/log/messages |tail -n 2

Oct 20 17:24:42 zxb Keepalived_vrrp[12171]: VRRP_Instance(VI_1{) Sending/queueing gratuitous ARPs on ens33 for 10.0.0.200
Oct 20 17:24:42 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 20 17:24:42 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 20 17:24:42 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 20 17:24:42 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 20 17:24:45 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.220
Oct 20 17:24:45 zxb Keepalived_vrrp[12171]: VRRP_Instance(VI_2{) Sending/queueing gratuitous ARPs on ens33 for 10.0.0.220
Oct 20 17:24:45 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.220
Oct 20 17:24:45 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.220
Oct 20 17:24:45 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.220
Oct 20 17:24:45 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.220

[root@zxb ~]# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:64:e3:62 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.128/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever

inet 10.0.0.200/32 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.220/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::8a1e:39ba:9beb:4aa9/64 scope link
valid_lft forever preferred_lft forever

-----------------------------------------------------------------------------

[root@zxb4 ~]# systemctl start keepalived
[root@zxb4 ~]# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:10:e1:cf brd ff:ff:ff:ff:ff:ff
inet 10.0.0.131/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever

inet 10.0.0.220/32 scope global ens33
##抢占
valid_lft forever preferred_lft forever
inet6 fe80::44f2:ef47:efec:8b07/64 scope link
valid_lft forever preferred_lft forever

-----------------------------------------------------------------------------

访问：
[root@user ~]# curl 10.0.0.200
web1-www.zxb2.cn
[root@user ~]# curl 10.0.0.200
web2--www.zxb3.cn
[root@user ~]# curl 10.0.0.220
web1-www.zxb2.cn
[root@user ~]# curl 10.0.0.220
web2--www.zxb3.cn
[root@user ~]#
-----------------------------------------------------------------------------

2.停止两台nginx上是vip 的nginx服务，keepalived配置文件会自动执行监控nginx进程脚本看是否会自动停止keepalived服务，使主机10.0.0.128的vip1转移到主机10.0.0.131上，并访问测试.
-----------------------------------------------------------------------------
[root@zxb ~]# ps -ef |grep nginx|awk '{print $2}'|xargs kill -9
kill: 向 12236 发送信号失败: 没有那个进程
[root@zxb ~]# ps -ef |grep nginx
root 12241 12145 0 17:35 pts/0 00:00:00 grep --color=auto nginx
[root@zxb ~]# bash /root/scripts/monitor_nginx.sh##（因为keepalived脚本会自动检测到nginx状态，不行时查看脚本是否有问题）
[root@zxb ~]# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:64:e3:62 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.128/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::8a1e:39ba:9beb:4aa9/64 scope link
-----------------------------------------------------------------------------
[root@zxb4 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:10:e1:cf brd ff:ff:ff:ff:ff:ff
inet 10.0.0.131/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.220/32 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.200/32 scope global ens33

-----------------------------------------------------------------------------

测试访问：

[root@user ~]# curl 10.0.0.200
web1-www.zxb2.cn
[root@user ~]# curl 10.0.0.220
web2--www.zxb3.cn
[root@user ~]# curl 10.0.0.220
web1-www.zxb2.cn
[root@user ~]# curl 10.0.0.220
web2--www.zxb3.cn