nginx+keepalived實作nginx雙主高可用的負載均衡

一、前言：

在網際網路上面，網站為使用者提供原始的内容通路，同時為使用者提供互動操作。提供穩定可靠的服務，可以給使用者帶來良好的體驗，保證使用者的正常通路使用，在網站的可靠性方面，有很多的技術可以來提供，這類技術可以分為：

高可用：保證服務的可靠，穩定，實作故障的屏蔽，避免了單點故障。

高性能：多台伺服器連接配接起來，處理一個複雜的計算問題。

負載均衡：将使用者請求引導到後端多台伺服器，實作伺服器請求的負載。

我們将這類技術稱之為叢集負載均衡，可以提供負載均衡和高可用的有硬體和軟體，軟體方面有haproxy，lvs，keepalived，nginx，heartbeat，corosync等等，而這裡我們采用的是nginx-keepalived來建構。

Nginx有很強的代理功能，但是一台nginx 就形成了單點，現在使用keepalived來解決這個問題，keepalived可以實作故障轉移切換，實作後端的健康檢查，前端的高可用，使網站故障記錄大大降低，避免了單點故障造成網站無法通路的問題，確定了網站業務的正常運作。

二、Nginx+keepalived有兩種配置方案：

2.1、Nginx+keepalived 主從配置

這種方案，使用一個vip位址，前端使用2台機器，一台做主，一台做備，但同時隻有一台機器工作，另一台備份機器在主機器不出現故障的時候，永遠處于浪費狀态，對于伺服器不多的網站，該方案不經濟實惠，是以本次不予采用。

2.2、Nginx+keepalived 雙主配置

這種方案，使用兩個vip位址，前端使用2台機器，互為主備，同時有兩台機器工作，當其中一台機器出現故障，兩台機器的請求轉移到一台機器負擔，非常适合于目前架構環境，故本次采用此方案對網站進行高可用架構。

三、Nginx+keepalived 主從配置

3.1、Nginx+keepalived 主從配置詳情請見http://kling.blog.51cto.com/3320545/1240359

這裡不做重點介紹。

四、Ningx+Keepalived 雙主配置

4.1、拓撲結構

4.2、測試環境如下：

系統：Ceentos 6.4 64位

前端node1伺服器：

DIP: 192.168.122.2

VIP: 192.168.122.22

前端node2伺服器：

DIP: 192.168.122.3

VIP：192.168.122.23

後端伺服器：

web server01：192.168.122.4

web server02：192.168.122.5

web server03：192.168.122.6

4.3、軟體安裝

分别在兩台前端伺服器上安裝nginx+keepalived，使用腳本如下：

#!/bin/bash
# author: kuangl
# mail: [email protected]
# description: The installation of Nginx files.
# -------------------------------------------------------- #
         ## Nginx_install
# -------------------------------------------------------- #
# Nginx installation
#CURRENT_PATH=$(pwd)
for i in $(rpm -q gcc gcc-c++ kernel-devel openssl-devel zlib-devel popt-devel popt-static libnl-devel wget make |grep 'not installed' | awk '{print $2}')
do
    yum -y install $i
done
[ -d /root/software ]
[ "$?" != 0 ] && mkdir /root/software
cd /root/software
[ !  -e pcre-8.33.tar.gz ] && wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.33.tar.gz
tar -zxvf pcre-8.33.tar.gz
cd pcre-8.33
./configure
make && make install
echo $? || [ $? != 0  ] || echo  " installation pcre  failed" || exit 1
cd /root/software
[ ! -e nginx-1.2.9.tar.gz ] && wget http://nginx.org/download/nginx-1.2.9.tar.gz
tar -zxvf nginx-1.2.9.tar.gz
cd nginx-1.2.9
./configure  --prefix=/usr/local/nginx --with-http_ssl_module --with-http_sub_module --with-http_stub_status_module  --with-http_gzip_static_module
make && make install
echo $? || [ $? != 0  ] || echo  " installation  nginx  failed" || exit 1
# -------------------------------------------------------- #
            ## Keepalived_intsall
# -------------------------------------------------------- #
# Keepalived installation
cd /root/softwarae
[ ! -e keepalived-1.2.4.tar.gz ] &&  wget http://www.keepalived.org/software/keepalived-1.2.4.tar.gz
tar -zxvf keepalived-1.2.4.tar.gz
cd keepalived-1.2.4
ln -s /usr/src/kernels/$(uname -r) /usr/src/kernels/linux
./configure --prefix=/usr  --bindir=/usr/bin  --sbindir=/usr/bin  --libexecdir=/usr/libexec --localstatedir=/var --libdir=/lib64  --infodir=/usr/share/info  --sysconfdir=/etc --mandir=/usr/local/share/man   --with-kernel-dir=/usr/src/kernels/linux
make && make install
echo $? || [ $? != 0  ] || print " installation keepalived  failed" || exit 1
chkconfig --add keepalived
chkconfig --level 345 keepalived on      

4.4、在後端伺服器上安裝apached

    後端node4

[[email protected] ~]# yum  -y install httpd
[[email protected] html]# echo "this is 192.168.122.4" > /var/www/htmlindex.html
[[email protected] ~]# service httpd start
[[email protected] html]# curl  192.168.122.4
this is 192.168.122.4      

  後端node5

[[email protected] ~]# yum  -y install httpd
[[email protected] html]# echo "this is 192.168.122.5" > /var/www/htmlindex.html
[[email protected] ~]# service httpd start
[[email protected] html]# curl  192.168.122.5
this is 192.168.122.5      

  後端node6

[[email protected] ~]# yum  -y install httpd
[[email protected] html]# echo "this is 192.168.122.6" > /var/www/htmlindex.html
[[email protected] ~]# service httpd start
[[email protected] html]# curl  192.168.122.6
this is 192.168.122.6      

4.5、node2、node3上配置nginx

[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
upstream web1       ##定義負載均衡組為web1
    {
        ip_hash;
        server 192.168.122.4:80;
        server 192.168.122.5:80;
        server 192.168.122.6:80;
    }
 server {
        listen       80;
        server_name  dev.test01.com;
        location /
        {
        root /home/kuangl/;
        index index.html index.htm;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_pass http://web1;
        }
      }      

4.6、在node2上配置keepalived

[[email protected] conf]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
   notification_email {
     [email protected]
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}
vrrp_script chk_haproxy {
    script "/etc/keepalived/chk_nginx.sh"
    interval 2
    weight 2
}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 200
    priority 250
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass kuanglnginx
    }
   track_script {
        chk_nginx
    }
    virtual_ipaddress {
        192.168.122.22
    }
}
vrrp_instance VI_2 {
    state BACKUP
    interface eth0
    virtual_router_id 251
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass kuangl
    }
    track_script {
        chk_nginx
    }
    virtual_ipaddress {
        192.168.122.23
    }
}      

4.7、在node3上配置keepalived

! Configuration File for keepalived
global_defs {
   notification_email {
     [email protected]
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}
vrrp_script chk_haproxy {
    script "/etc/keepalived/chk_nginx.sh"
    interval 2
    weight 2
}
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 200
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass kuanglnginx
    }
    track_script {
        chk_nginx
    }
    virtual_ipaddress {
        192.168.122.22
    }
}
vrrp_instance VI_2 {
    state MASTER
    interface eth0
    virtual_router_id 251
    priority 250
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass kuangl
    }
    track_script {
        chk_nginx
    }
    virtual_ipaddress {
        192.168.122.23
    }
}      

4.8、在兩台雙主伺服器上添加自動檢測腳本

#!/bin/bash
# description:
# 定時檢視nginx是否存在，如果不存在則啟動nginx
# 如果啟動失敗，則停止keepalived
status=$(ps -C nginx --no-heading|wc -l)
if [ "${status}" = "0" ]; then
        /usr/local/nginx/sbin/nginx
        status2=$(ps -C nginx --no-heading|wc -l)
        if [ "${status2}" = "0"  ]; then
                /etc/init.d/keepalived stop
        fi
fi      

4.9、開啟nginx、keepalived服務

[[email protected] ~]# service keepalived start
[[email protected] ~]# /usr/local/nginx/sbin/nginx
[[email protected] ~]# service keepalived start
[[email protected] ~]# /usr/local/nginx/sbin/nginx      

4.10、用 ip a 檢視VIP

4.11、測試通路

[[email protected] ~]$ curl http://192.168.122.22
this is 192.168.122.6
[[email protected] ~]$ curl http://192.168.122.22
this is 192.168.122.4
[[email protected] ~]$ curl http://192.168.122.22
this is 192.168.122.5
[[email protected] ~]$ curl http://192.168.122.23
this is 192.168.122.6
[[email protected] ~]$ curl http://192.168.122.23
this is 192.168.122.4
[[email protected] ~]$ curl http://192.168.122.23
this is 192.168.122.5      

五、後端用rsync做資料同步

  node5-node6上配置程序模式，以node5為例

[[email protected] ~]# yum -y install rsync
[[email protected] ~]# vim /etc/rsynsd.conf
uid = root
gid = root
use chroot = no
max connections = 5
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
[web01]                       
path=/home/kuangl/           
comment = update           
ignore errors               
read only = no              
list = no                  
hosts allow = 192.168.122.0/24
auth users = root         
uid = root
gid = root
secrets file = /etc/rsyncd.secrets
[[email protected] ~]# vim /etc/rsyncd.secrets
root:123456
[[email protected] ~]# chmod 0600 /etc/rsyncd.secrets
[[email protected] ~]# ll /etc/rsyncd.secrets
-rw-------. 1 root root 12 Jul 20 19:41 /etc/rsyncd.secrets
[[email protected] ~]# rsync --daemon
[[email protected] ~]# echo "rsync --daemon" >> /etc/rc.local      

 node4上配置指令模式：

[[email protected] ~]# yum -y install rsync
[[email protected] ~]# vim /etc/rsyncd.secrets
123456
[[email protected] ~]# chmod 0600 /etc/rsyncd.secrets
[email protected] kuangl]# rsync -vzrtopg --delete --progress --password-file=/etc/rsyncd.secrets  rsync+inotify [email protected]::web01
sending incremental file list
rsync+inotify/
rsync+inotify/inotify-tools-3.14.tar.gz
      358772 100%    1.85MB/s    0:00:00 (xfer#1, to-check=2/4)
rsync+inotify/rsync+inotify_client.sh
         617 100%    3.11kB/s    0:00:00 (xfer#2, to-check=1/4)
rsync+inotify/rsync+inotify_server.sh
         900 100%    4.03kB/s    0:00:00 (xfer#3, to-check=0/4)
sent 360679 bytes  received 69 bytes  240498.67 bytes/sec
total size is 360289  speedup is 1.00      

 檢視結果

[[email protected] ~]# cd /home/kuangl/
[[email protected] kuangl]# ll
total 8
-rw-r--r--. 1 root root   22 Jul 20 15:16 index.html
drwxr-xr-x. 2 root root 4096 Nov 11  2012 rsync+inotify      

轉載于:https://blog.51cto.com/kling/1253474