1.keepalived介紹
keepalived最初是專為lvs負載均衡軟件設計的,用來管理并監控lvs集群系統中各個服務節點的狀態,后來又加入了實現高可用的vrrp功能。keepalived除了能夠管理lvs軟件外,還能支持其他服務的高可用解決方案。
keepalived通過vrrp協議實現高可用功能的。vrrp(virtual router redundancy protocol)虛擬路由冗余協議。vrrp出現的目的就是為了解決靜態路由單點故障問題,它能保證當個別節點宕機時,整個網絡可以不間斷地運行。
2.keepalived高可用故障轉移原理
keepalived高可用服務之間的故障轉移,是通過vrrp來實現的。在keepalived服務工作時,主master節點會不斷地向備節點發送(多播的方式)心跳消息,用來告訴備backup節點自己還活著。
當主節點發生故障時,無法給備節點發送心跳消息,如果備節點無法繼續檢測到來自主節點的心跳。就會調用自身的接管程序,接管主節點的ip資源和服務。當主節點恢復時,備節點又會釋放主節點故障時自身接管的ip資源和服務,恢復到原來的備用角色
3.安裝nginx
3.1.主節點(192.168.80.22)
3.1.1.安裝編譯工具和庫文件
yum?-y?install?make?zlib?zlib-devel?gcc-c++?libtool?openssl?openssl-devel
3.1.2.安裝pcre
#進入目錄 cd?/usr/local/develop/anginx #上傳安裝文件并解壓 tar?-zxvf?pcre-8.38.tar.gz #進入安裝目錄 cd?pcre-8.38 #檢查配置 ./configure #編譯、安裝 make?&&?make?install #查看pcre版本 pcre-config?--version
3.1.3.安裝nginx
#進入目錄 cd?/usr/local/develop/anginx #上傳安裝文件,并解壓 tar?-zxvf?nginx-1.8.1.tar.gz #進入安裝目錄 cd?nginx-1.8.1 #檢查配置 ./configure?--prefix=/usr/local/develop/anginx/webserver/nginx?--with-http_stub_status_module?--with-http_ssl_module?--with-pcre=/usr/local/develop/anginx/pcre-8.38 #編譯安裝 make?&&?make?install #查看nginx版本 ?/usr/local/develop/anginx/webserver/nginx/sbin/nginx?-v -------------------------------------------------------- [root@hadoop02?webserver]#?/usr/local/develop/anginx/webserver/nginx/sbin/nginx?-v nginx?version:?nginx/1.8.1 #配置nginx(檢查) /usr/local/develop/anginx/webserver/nginx/sbin/nginx?-t #nginx管理命令 /usr/local/develop/anginx/webserver/nginx/sbin/nginx???????#?啟動?nginx /usr/local/develop/anginx/webserver/nginx/sbin/nginx?-s?stop???????#?停止?nginx /usr/local/develop/anginx/webserver/nginx/sbin/nginx?-s?reload??????#?重新載入配置文件 /usr/local/develop/anginx/webserver/nginx/sbin/nginx?-s?reopen??????#?重啟?nginx
3.1.4.nginx基礎配置
vi?nginx.conf #user?nobody; worker_processes?1; #error_log?logs/error.log; #error_log?logs/error.log?notice; #error_log?logs/error.log?info; pid????logs/nginx.pid; events?{ ??worker_connections?1024; } http?{ ??include????mime.types; ??default_type?application/octet-stream; ??log_format?main?'$remote_addr?-?$remote_user?[$time_local]?"$request"?' ???????????'$status?$body_bytes_sent?"$http_referer"?' ???????????'"$http_user_agent"?"$http_x_forwarded_for"'; ??access_log?logs/access.log?main; ??sendfile????on; ??#tcp_nopush???on; ??#keepalive_timeout?0; ??keepalive_timeout?65; ??#gzip?on; ?? ??#添加tomcat列表,真實應用服務器都放在這 ??upstream?tomcat_pool{ ????#server?tomcat地址:端口號?weight表示權值,權值越大,被分配的幾率越大; ????server?192.168.80.22:8080?weight=4?max_fails=2?fail_timeout=30s; ????server?192.168.80.22:8081?weight=4?max_fails=2?fail_timeout=30s; ???? ??} ??server?{ ????listen????80; ????server_name?tomcat_pool; ????#charset?koi8-r; ????#access_log?logs/host.access.log?main; ????location?/?{ ??????#root??html; ??????#index?index.html?index.htm; ??????proxy_pass?http://tomcat_pool;??#轉向tomcat處理 ??????proxy_set_header??host???????$host; ??????proxy_set_header??x-real-ip????$remote_addr; ??????proxy_set_header??x-forwarded-for?$proxy_add_x_forwarded_for; ????} ????#error_page?404???????/404.html; ????#?redirect?server?error?pages?to?the?static?page?/50x.html ????# ????error_page??500?502?503?504?/50x.html; ????location?=?/50x.html?{ ??????root??html; ????} }
3.2.備節點(192.168.80.21)
說明:安裝方式同nginx主節點。
4.安裝keepalived
4.1.主節點(192.168.80.22)
#安裝keepalived yum?install?keepalived?-y #啟動keepalived服務 /etc/init.d/keepalived?start ------------------------------------------- [root@hadoop02?anginx]#?/etc/init.d/keepalived?start 正在啟動?keepalived:???????????????????[確定] [root@hadoop02?anginx]#?ps?-ef?|grep?keepalived root???15723???1?0?00:59??????00:00:00?/usr/sbin/keepalived?-d root???15724?15723?0?00:59??????00:00:00?/usr/sbin/keepalived?-d root???15725?15723?0?00:59??????00:00:00?/usr/sbin/keepalived?-d root???15731?15622?0?00:59?pts/1??00:00:00?grep?keepalived [root@hadoop02?anginx]# #設置開機自啟動 echo?"/etc/init.d/keepalived?start"?>>/etc/rc.local #關閉keepalived服務 /etc/init.d/keepalived?stop #編輯keepalived配置文件 vi?/etc/keepalived/keepalived.conf ----------------------------------------------------------- !?configuration?file?for?keepalived global_defs?{ ??notification_email?{ ???acassen@firewall.loc ???failover@firewall.loc ???sysadmin@firewall.loc ??} ??notification_email_from?alexandre.cassen@firewall.loc ??smtp_server?192.168.200.1 ??smtp_connect_timeout?30 ??router_id?lb01 } vrrp_instance?vi_1?{ ??state?master ??interface?eth1 ??virtual_router_id?55 ??priority?150 ??advert_int?1 ??authentication?{ ????auth_type?pass ????auth_pass?server123 ??} ??virtual_ipaddress?{ ????192.168.80.100?dev?eth1?label?eth1:1 ??} } ...........................................................
關于配置說明:
-
?【router_id】 是路由標識,在一個局域網里面應該是唯一的
-
【vrrp_instance vi_1】{…}這是一個vrrp實例,里面定義了keepalived的主備狀態、接口、優先級、認證和ip信息
-
【state】 定義了vrrp的角色
-
【interface】定義使用的接口,這里我的服務器用的網卡都是eth1
-
【virtual_router_id】是虛擬路由id標識,一組的keepalived配置中主備都是設置一致
-
【priority】是優先級,數字越大,優先級越大,
-
【auth_type】是認證方式
-
【auth_pass】是認證的密碼
-
【virtual_ipaddress】 {…}定義虛擬ip地址,可以配置多個ip地址,這里我定義為192.168.80.100,綁定了eth1的網絡接口,虛擬接口eth1:1
4.2.備節點(192.168.80.21)
#安裝keepalived yum?install?keepalived?-y #啟動keepalived服務 /etc/init.d/keepalived?start ------------------------------------------- [root@hadoop02?anginx]#?/etc/init.d/keepalived?start 正在啟動?keepalived:???????????????????[確定] [root@hadoop02?anginx]#?ps?-ef?|grep?keepalived root???15723???1?0?00:59??????00:00:00?/usr/sbin/keepalived?-d root???15724?15723?0?00:59??????00:00:00?/usr/sbin/keepalived?-d root???15725?15723?0?00:59??????00:00:00?/usr/sbin/keepalived?-d root???15731?15622?0?00:59?pts/1??00:00:00?grep?keepalived [root@hadoop02?anginx]# #設置開機自啟動 echo?"/etc/init.d/keepalived?start"?>>/etc/rc.local #關閉keepalived服務 /etc/init.d/keepalived?stop #編輯keepalived配置文件 vi?/etc/keepalived/keepalived.conf ----------------------------------------------------------------- !?configuration?file?for?keepalived global_defs?{ ??notification_email?{ ???acassen@firewall.loc ???failover@firewall.loc ???sysadmin@firewall.loc ??} ??notification_email_from?alexandre.cassen@firewall.loc ??smtp_server?192.168.200.1 ??smtp_connect_timeout?30 ??router_id?lb02 } vrrp_instance?vi_1?{ ??state?backup ??interface?eth1 ??virtual_router_id?55 ??priority?100 ??advert_int?1 ??authentication?{ ????auth_type?pass ????auth_pass?server123 ??} ??virtual_ipaddress?{ ????192.168.80.100?dev?eth1?label?eth1:1 ??} } .............................................................
5.測試
5.1.啟動主備節點的keepalived服務
#在節點一執行(192.168.80.22) /etc/init.d/keepalived?start ------------------------------------- [root@hadoop02?anginx]#?ps?-ef?|grep?keepalived root???15788???1?0?01:09??????00:00:00?/usr/sbin/keepalived?-d root???15790?15788?0?01:09??????00:00:00?/usr/sbin/keepalived?-d root???15791?15788?0?01:09??????00:00:00?/usr/sbin/keepalived?-d root???15807?15622?0?01:33?pts/1??00:00:00?grep?keepalived [root@hadoop02?anginx]# #在節點二執行(192.168.80.21) /etc/init.d/keepalived?start --------------------------------------- [root@hadoop01?~]#?ps?-ef?|grep?keepalived root???11542???1?0?01:30??????00:00:00?/usr/sbin/keepalived?-d root???11544?11542?0?01:30??????00:00:00?/usr/sbin/keepalived?-d root???11545?11542?0?01:30??????00:00:00?/usr/sbin/keepalived?-d root???11550?11512?0?01:33?pts/1??00:00:00?grep?keepalived [root@hadoop01?~]#
5.2.通過虛ip訪問服務
http://192.168.80.100/session-redis-demo/
5.3.停止主節點keepalived服務
#在節點一執行(192.168.80.22) /etc/init.d/keepalived?stop #觀察備節點變化 ip?addr ------------------------------------------- [root@hadoop01?~]#?ip?addr 1:?lo:?<loopback>?mtu?65536?qdisc?noqueue?state?unknown? ??link/loopback?00:00:00:00:00:00?brd?00:00:00:00:00:00 ??inet?127.0.0.1/8?scope?host?lo ??inet6?::1/128?scope?host? ????valid_lft?forever?preferred_lft?forever 2:?eth1:?<broadcast>?mtu?1500?qdisc?pfifo_fast?state?up?qlen?1000 ??link/ether?00:50:56:38:e5:46?brd?ff:ff:ff:ff:ff:ff ??inet?192.168.80.21/24?brd?192.168.80.255?scope?global?eth1 ??inet?192.168.80.100/32?scope?global?eth1:1 ??inet6?fe80::250:56ff:fe38:e546/64?scope?link? ????valid_lft?forever?preferred_lft?forever [root@hadoop01?~]#</broadcast></loopback>
5.4.繼續通過虛ip訪問服務
http://192.168.80.100/session-redis-demo/
6.keepalived+nginx整合
說明:編寫nginx守護腳本,如果nginx服務出現故障,則停止當前節點的keepalived服務。自動切換到備用節點。
6.1.編寫nginx守護腳本
vi?nginx_check.sh -------------------------------------- #!/bin/bash while?true do if?[?$(netstat?-tlnp|grep?nginx|wc?-l)?-ne?1?] then ??/etc/init.d/keepalived?stop fi sleep?2 done #給腳本授權 chmod?u+x?nginx_check.sh #執行腳本 nohup?/usr/local/develop/anginx/shell/nginx_check.sh?&
6.2.停止主節點nginx服務
#停止主節點nginx服務 /usr/local/develop/anginx/webserver/nginx/sbin/nginx?-s?stop #查找進程 [root@hadoop02?~]#?ps?-ef?|grep?nginx root???15915???1?0?01:51??????00:00:00?/bin/bash?/usr/local/develop/anginx/shell/nginx_check.sh root???16516?15753?0?01:54?pts/5??00:00:00?grep?nginx [root@hadoop02?~]# #觀察備用節點變化【服務正?!?ip?addr -------------------------------------- [root@hadoop01?shell]#?ip?addr 1:?lo:?<loopback>?mtu?65536?qdisc?noqueue?state?unknown? ??link/loopback?00:00:00:00:00:00?brd?00:00:00:00:00:00 ??inet?127.0.0.1/8?scope?host?lo ??inet6?::1/128?scope?host? ????valid_lft?forever?preferred_lft?forever 2:?eth1:?<broadcast>?mtu?1500?qdisc?pfifo_fast?state?up?qlen?1000 ??link/ether?00:50:56:38:e5:46?brd?ff:ff:ff:ff:ff:ff ??inet?192.168.80.21/24?brd?192.168.80.255?scope?global?eth1 ??inet?192.168.80.100/32?scope?global?eth1:1 ??inet6?fe80::250:56ff:fe38:e546/64?scope?link? ????valid_lft?forever?preferred_lft?forever [root@hadoop01?shell]# #再次重新啟動主節點nginx和keepalived服務 /usr/local/develop/anginx/webserver/nginx/sbin/nginx /etc/init.d/keepalived?start</broadcast></loopback>