keepalived+nginx双机热备

keepalived介绍

双机热备是指两台机器都在运行，但并非两台机器同时在提供服务。 当提供服务的一台出现故障的时候，另外一台会马上自动接管并且提供服务，且切换的时间非常短。keepalived的工作原理是VRRP——虚拟路由冗余协议。
参考网址
nginx+keepalived双机热备

keepalived安装

5.2.1．下载安装

• 下载
  keepalived下载网址
  keepalived-1.2.19下载

• 安装
  wget https://www.keepalived.org/software/keepalived-1.2.19.tar.gz
  tar -zxvf keepalived-1.2.19.tar.gz
  cd keepalived-1.2.19
  ./configure --prefix=/usr/local/keepalived
  make && make install

• 期间可能出现问题：

!!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files. !!!

解决
sudo apt-get install libssl.dev
yum -y install openssl-devel

• 建立软链接
  sudo ln -s /usr/local/keepalived/sbin/keepalived/sbin/
  sudo ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
  sudo ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/

配置

一个功能比较完整的keepalived 的配置文件，其配置文件keepalived.conf 可以包含三个文本块：全局定义块、VRRP 实例定义块及虚拟服务器定义块。全局定义块和虚拟服务器定义块是必须的，如果在只有一个负载均衡器的场合，就不须VRRP 实例定义块。
配置讲解 略

启动与关闭

• 相关命令

1. 启动
   sudo keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
2. 关闭
   sudo killall keepalived
3. 其他命令
   service keepalived start
   service keepalived stop
   service keepalived restart
   service keepalived status

信息状态

• 查看keepalived的日志信息：

1. 日志信息方便查看keepalived动态：
   tail -f /var/log/messages
2. 查看VIP地址绑定：
   ip a 命令查看网卡已经绑定了VIP，如下说明已经成功
   VIP地址绑定.png

VIP测试

• ssh测试VIP连接：
  ssh root@172.20.0.59
  弹出登入框输入账号密码即可
  ssh测试.png
  能登陆则keepalived发布VIP成功！
  注意：VIP不能为已使用或linux已经占用的IP

keepalived监控nginx

• check_nginx脚本
  监控启动nginx脚本,check_nginx.sh

#!/bin/bash
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
    /usr/local/nginx/sbin/nginx
    sleep 2
    counter=$(ps -C nginx --no-heading|wc -l)
    if [ "${counter}" = "0" ]; then
        service keepalived stop
    fi
fi

• 在keepalived.conf配置中配好相应路径script "/etc/keepalived/check_nginx.sh"

vrrp_script chk_apache {
 script "/etc/keepalived/check_nginx.sh"
 interval 2
 weight -5
 fall 3
 rise 2
}

• nginx.conf 配置：

#user  nobody;
worker_processes  4;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #设定请求缓冲
    client_header_buffer_size 204800k;
   large_client_header_buffers 4 10240k;
   client_max_body_size 204800k;
         #连接时长
         fastcgi_connect_timeout 600s;  
         fastcgi_read_timeout 600s;   
         fastcgi_send_timeout 600s; 
         #文件缓存
         fastcgi_buffer_size 256k;
         fastcgi_busy_buffers_size 256k;
         fastcgi_buffers 8 128k; 
         fastcgi_temp_file_write_size 256k; 
    
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  650;

    #gzip  on;

    upstream backend {
             ip_hash;
             server 10.0.3.X:8080 max_fails=1 fail_timeout=40s;
             server 10.0.3.X:8080 max_fails=1 fail_timeout=40s;
            check interval=3000 rise=2 fall=3 timeout=3000 type=http port=8080;
#interval=3000：间隔3秒检查一次，rise=2：检查2次ok后端节点up，fall=3：三次检查失败后端节点down，timeout=3000：超时时间3秒，type=
#http：发http检查请求类型，port=8080检查端口，可省略，默认和server 中的端口一致。
#HEAD后为项目端口后地址
check_http_send "HEAD /hgxp HTTP/1.0\r\n\r\n";
check_http_expect_alive http_2xx http_3xx;

         }
    
    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location /hgxp/ {
         proxy_pass http://backend; #反向代理，代理哪个应用服务器----②
            proxy_set_header Host $host;#此下三行设置把客户端的真实ip传给后端，可省
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            root   html;#请求到达nginx服务器后，分发不出去，会去nginx安装目录root下找页面
            index  index.html index.htm;#默认找index.html,可自定义页面
               proxy_connect_timeout 600s;
               proxy_send_timeout 600s;
               proxy_read_timeout 600s;
        }
      
         location /status { #健康检查
            check_status; 
            access_log off; 
        } 
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {#错误页面
            root   html;
        }
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
}

• keepalived.conf 配置

vrrp_script chk_apache {
#    script "killall -0 httpd"
    script "/etc/keepalived/check_nginx.sh"
    interval 2
    weight -5
    fall 3
    rise 2
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
   # 此处是主 Nginx 的 IP 地址.
    mcast_src_ip  10.0.3.X
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.3.X/24
    }
track_script {
    chk_apache
}
}

• 测试

1. 停用nginx
   切换到sbin目录
   ./nginx –s stop
   2.查看nginx进程
   ps –ef|grep nginx
   注意：sh脚本文件给相应执行权限，可以给755权限
   sudo chmod 775 -R check_nginx.sh