Nginx + Keepalived 双主热备

说明

system: CentOS release 6.5 (Final)
linux kernel: 2.6.32-431.el6.x86_64

hostname: host-1, IP: 10.211.55.65 VIP: 10.211.55.67
hostname: host-2, IP: 10.211.55.66 VIP: 10.211.55.68

更新源

两台机器都需要更新源

yum install wget -y
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS6-Base-163.repo
yum clean all
yum makecache

安装依赖

yum install gcc gcc-c++ make cmake ncurses-devel pcre-devel openssl-devel ipvsadm kernel-devel libnl-devel popt-devel -y

防火墙设置

iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -d 224.0.0.0/8 -j ACCEPT
iptables -I INPUT -p vrrp -j ACCEPT

service iptables save
service iptables restart

安装Nginx

两台机器都需要安装Nginx

• 下载

  wget http://nginx.org/download/nginx-1.7.9.tar.gz
  tar zxvf nginx-1.7.9.tar.gz
  cd nginx-1.7.9

• 安装

  useradd -M -r -b /tmp -s /sbin/nologin -d /opt/nginx nginx
  
  ./configure --prefix=/opt/nginx --user=nginx --group=nginx --with-http_ssl_module
  make -j 4
  make install

• 设置启动文件

  vi /etc/rc.d/init.d/nginx
  
  #!/bin/sh
  #
  # nginx – this script starts and stops the nginx daemongg
  #
  # chkconfig: - 85 15
  # description: Nginx is an HTTP(S) server, HTTP(S) reverse \
  # proxy and IMAP/POP3 proxy server
  # processname: nginx
  # config: /opt/nginx/conf/nginx.conf
  # pidfile: /opt/nginx/logs/nginx.pid
  
  # Source function library.
  . /etc/rc.d/init.d/functions
  
  # Source networking configuration.
  . /etc/sysconfig/network
  
  # Check that networking is up.
  [ "$NETWORKING" = "no" ] && exit 0
  
  nginx="/opt/nginx/sbin/nginx"
  prog=$(basename $nginx)
  
  NGINX_CONF_FILE="/opt/nginx/conf/nginx.conf"
  
  lockfile=/var/lock/subsys/nginx
  
  start() {
  	[ -x $nginx ] || exit 5
  	[ -f $NGINX_CONF_FILE ] || exit 6
  	echo -n $"Starting $prog: "
  	daemon $nginx -c $NGINX_CONF_FILE
  	retval=$?
  	echo
  	[ $retval -eq 0 ] && touch $lockfile
  	return $retval
  }
  
  stop() {
  	echo -n $"Stopping $prog: "
  	killproc $prog -QUIT
  	retval=$?
  	echo
  	[ $retval -eq 0 ] && rm -f $lockfile
  	return $retval
  }
  
  restart() {
  	configtest || return $?
  	stop
  	start
  }
  
  reload() {
  	configtest || return $?
  	echo -n $”Reloading $prog: ”
  	killproc $nginx -HUP
  	RETVAL=$?
  	echo
  }
  
  force_reload() {
  	restart
  }
  
  configtest() {
  	$nginx -t -c $NGINX_CONF_FILE
  }
  
  rh_status() {
  	status $prog
  }
  
  rh_status_q() {
  	rh_status >/dev/null 2>&1
  }
  
  case "$1" in
  	start)
  		rh_status_q && exit 0
  		$1
  		;;
  	stop)
  		rh_status_q || exit 0
  		$1
  		;;
  	restart|configtest)
  		$1
  		;;
  	reload)
  		rh_status_q || exit 7
  		$1
  		;;
  	force-reload)
  		force_reload
  		;;
  	status)
  		rh_status
  		;;
  	condrestart|try-restart)
  		rh_status_q || exit 0
  		;;
  	*)
  		echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
  		exit 2
  	esac
  
  
  chmod +x /etc/rc.d/init.d/nginx
  service nginx start

安装Keepalived

两台机器都需要安装Keepalived

• 下载

  wget http://www.keepalived.org/software/keepalived-1.2.15.tar.gz
  tar zxvf keepalived-1.2.15.tar.gz
  cd keepalived-1.2.15

• 安装

  ./configure --prefix=/opt/keepalived
  
  Keepalived configuration
  ------------------------
  Keepalived version       : 1.2.15
  Compiler                 : gcc
  Compiler flags           : -g -O2 -DFALLBACK_LIBNL1
  Extra Lib                : -lssl -lcrypto -lcrypt  -lnl
  Use IPVS Framework       : Yes
  IPVS sync daemon support : Yes
  IPVS use libnl           : Yes
  fwmark socket support    : Yes
  Use VRRP Framework       : Yes
  Use VRRP VMAC            : Yes
  SNMP support             : No
  SHA1 support             : No
  Use Debug flags          : No
  
  make -j 4
  make install
  
  cp /opt/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
  chmod +x /etc/init.d/keepalived
  cp /opt/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
  mkdir -p /etc/keepalived
  cp /opt/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
  ln -s /opt/keepalived/sbin/keepalived /sbin/
  
  chkconfig keepalived on

主服务器(10.211.55.65)配置keepalived

• keepalived.conf

  vi /etc/keepalived/keepalived.conf
  
  ! Configuration File for keepalived
  
  global_defs {
     notification_email {
  		[email protected] #告警邮箱
     }
     notification_email_from root@localhost #发信邮箱
     smtp_server 127.0.0.1
     smtp_connect_timeout 30
     router_id LVS_DEVEL
  }
  
  vrrp_script chk_nginx {
  	script "/etc/keepalived/chk_nginx.sh" #检测nginx是否运行的脚本
  	interval 2
  	weight 2
  }
  
  vrrp_instance VI_1 {
  	state MASTER #主服务器
  	interface eth0 #网络设备
  	virtual_router_id 51 #虚拟路由ID
  	priority 100 #优先级，master要比slave 大
  	advert_int 1 #心跳时间
  	authentication {
  		auth_type PASS
  		auth_pass yhz.me #认证的密码
  	}
  	track_script {
  		chk_nginx
  	}
  	virtual_ipaddress { #虚拟IP
  		10.211.55.67
  	}
  }
  
  vrrp_instance VI_2 {
  	state BACKUP
  	interface eth0
  	virtual_router_id 52
  	priority 99
  	advert_int 1
  	authentication {
  		auth_type PASS
  		auth_pass yhz.me
  	}
  	virtual_ipaddress {
  		10.211.55.68
  	}
  }

• chk_nginx.sh

  vi /etc/keepalived/chk_nginx.sh
  
  #!/bin/bash
  A=`ps -C nginx --no-header |wc -l`
  if [ $A -eq 0 ];then
          /etc/init.d/nginx restart
          sleep 3
          if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
                 killall keepalived
          fi
  fi

从服务器(10.211.55.66)配置keepalived

• keepalived.conf

  vi /etc/keepalived/keepalived.conf
  
  ! Configuration File for keepalived
  
  global_defs {
     notification_email {
  		[email protected] #告警邮箱
     }
     notification_email_from root@localhost #发信邮箱
     smtp_server 127.0.0.1
     smtp_connect_timeout 30
     router_id LVS_DEVEL
  }
  
  vrrp_script chk_nginx {
  	script "/etc/keepalived/chk_nginx.sh" #检测nginx是否运行的脚本
  	interval 2
  	weight 2
  }
  
  vrrp_instance VI_1 {
  	state BACKUP #从服务器
  	interface eth0 #网络设备
  	virtual_router_id 51 #虚拟路由ID
  	priority 99 #优先级，master要比slave 大
  	advert_int 1
  	authentication {
  		auth_type PASS
  		auth_pass yhz.me #认证的密码
  	}
  	virtual_ipaddress { #虚拟IP
  		10.211.55.67
  	}
  }
  
  vrrp_instance VI_2 {
  	state MASTER
  	interface eth0
  	virtual_router_id 52
  	priority 100
  	advert_int 1
  	authentication {
  		auth_type PASS
  		auth_pass yhz.me
  	}
  	track_script {
  		chk_nginx
  	}
  	virtual_ipaddress {
  		10.211.55.68
  	}
  }

• chk_nginx.sh

  vi /etc/keepalived/chk_nginx.sh
  
  #!/bin/bash
  A=`ps -C nginx --no-header |wc -l`
  if [ $A -eq 0 ];then
          /etc/init.d/nginx restart
          sleep 3
          if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
                 killall keepalived
          fi
  fi

Keepalived操作

• 启动

  service keepalived start

• 查看是否绑定了虚拟IP

  ip a

• 停止

  service keepalived stop

• 重启

  service keepalived restart

正常情况的IP显示

• 10.211.55.65

  inet 10.211.55.65/24 brd 10.211.55.255 scope global eth0
  inet 10.211.55.67/32 scope global eth0

• 10.211.55.66

  inet 10.211.55.66/24 brd 10.211.55.255 scope global eth0
  inet 10.211.55.68/32 scope global eth0

测试

ping 10.211.55.67

10.211.55.65这台机断网, 重启网络

ping 10.211.55.68

10.211.55.66这台机断网, 重启网络

Nginx的服务测试
打开 http://10.211.55.67

service nginx stop