一、keepalived的工作原理
keepalived是以VRRP協議爲實現基礎的,VRRP全稱Virtual Router Redundancy Protocol,即虛擬路由冗協議。
虛擬路由冗餘協議,可以認爲是實現路由器高可用的協議,即將N臺提供相同功能的路由器組成一個虛擬路由器組,這個組裏面有一個master和多個backup,master上面有一個對外提供服務的vip(該路由器所在局域網內其他機器的默認路由爲該vip),master會發組播,當backup收不到vrrp包時就認爲master出問題了,這時就需要根據VRRP的優先級從backup中選舉出一個master。這樣的話就可以保證路由器的高可用了。
keepalived主要有三個模塊,分別是core、checkers和vrrp。core模塊爲keepalived的核心,負責主進程的啓動、維護以及全局配置文件的加載和解析。checkers負責健康檢查,包括常見的各種檢查方式(tcp、http、ssl)。vrrp模塊是來實現VRRP協議的。
二、keepalived的配置文件
keepalived只有一個配置文件keepalived.conf,裏面主要包括以下幾個配置區域,分別是global_defs、vrrp_script、vrrp_instance和virtual_server。
三、keepalived雙主模型高可用nginx服務
3.1、環境設置
keepalived-nginx1 : 172.16.16.11
keepalived-nginx2 : 172.16.16.12
vip1 : 172.16.16.9
vip2: 172.16.16.10
upstream_server1 : 172.16.16.3
upstream_server2: 172.16.16.4
3.2、準備工作
(1)設置nginx1 ,nginx2 關閉selinux和iptables
sed -i 's@^SELINUX=.*@SELINUX=permissive@' /etc/selinux/config setenforce 0 iptables -F service iptables stop &> /dev/null chkconfig iptables off
(2)配置epel源,查看相關包所在yum源
[root@localhost ~]# vim /etc/resolv.conf //配置域名服務器 nameserver 172.16.0.1 [root@localhost ~]# yum list all keepalived keepalived.x86_64 1.2.13-4.el6 centos6.6 [root@localhost ~]# yum list all nginx nginx.x86_64 1.0.15-12.el6 epel
(3) 修改keepalived主備節點的主機名
sed -i 's@HOSTNAME=.*@HOSTNAME=nginx1@' /etc/sysconfig/network //設置主機名 sed -i 's@HOSTNAME=.*@HOSTNAME=nginx2@' /etc/sysconfig/network hostname nginx1 hostname nginx2
(4)主機互信
vim /etc/hosts //添加域名解析 172.16.16.11 nginx1 172.16.16.12 nginx2 172.16.16.3 web1.bengbengtu.com web1 172.16.16.4 web2.bengbengtu.com web2 [root@nginx1 ~]# yum install openssh-clients [root@nginx1 ~]# ssh-keygen -t rsa -P '' //生成一對密鑰 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: fa:14:8d:95:f3:48:bf:d1:b8:13:b4:dd:89:0e:51:97 root@nginx1 The key's randomart image is: +--[ RSA 2048]----+ | . ..| | .. .E | | =.. | | = *.=...| | S o.B.o..| | . . o= | | . . +. | | o . | | . | +-----------------+ [root@nginx1 ~]# ssh-copy-id -i .ssh/id_rsa.pub nginx2 //公鑰發給nginx2 [root@nginx2 ~]# ssh-keygen -t rsa -P '' [root@nginx2 ~]# ssh-copy-id -i .ssh/id_rsa.pub nginx1 //公鑰發給nginx1
(5)同步時間
# yum install ntpdate [root@nginx1 ~]# ntpdate ntp.sjtu.edu.cn //同步時間 [root@nginx1 ~]# hwclock -w [root@nginx1 ~]# date ; ssh nginx2 'date' //查看nginx1和nginx2時間是否同步 Thu Oct 15 22:44:40 CST 2015 Thu Oct 15 22:44:41 CST 2015
3.3、 安裝並配置nginx
這裏的nginx用做反向代理,並檢查後端upstream的
[root@nginx1 ~]# yum -y install nginx ; ssh nginx2 'yum -y install nginx' #vim /etc/nginx/nginx.conf worker_processes 2; //定義2個worker進程 upstream web { //定義上游服務器 server 172.16.16.3:80 weight=1 max_fails=2 fail_timeout=30s; server 172.16.16.4:80 weight=2 max_fails=3 fail_timeout=40s; } #find /etc/nginx/conf.d/ -name '*.conf' -exec mv {} {}.bak \; # vim /etc/nginx/conf.d/webserver.conf // 定義server server { listen 80; server_name nginx1 nginx2; location / { proxy_pass //反向代理至後端的上游服務器 } }
3.4、後端的upstream_server安裝httpd
web1.bengbengtu.com : 172.16.16.3
web2.bengbengtu.com : 172.16.16.4
只需安裝httpd
(1)、設置主機名
# hostname web1.bengbengtu.com # hostname web2.bengbengtu.com
(2)、安裝httpd服務
# yum install -y httpd [root@web1 ~]# echo "<h1> web1.bengbengtu.com - 172.16.16.3 </h1>" > /var/www/html/index.html [root@web2 ~]# echo "<h1> web2.bengbengtu.com - 172.16.16.4 </h1>" > /var/www/html/index.html #啓動服務出現如下錯誤 Starting httpd: httpd: apr_sockaddr_info_get() failed for web2.bengbengtu.com httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName 解決方法: # vim /etc/httpd/conf/httpd.conf ServerName web1.bengbengtu.com ServerName web2.bengbengtu.com
先測試一下~~~
3.5、安裝配置keepalived高可用nginx服務
說明:如果要監控nginx服務是否是在線狀態,需要用到監控系統來實現nginx服務的重啓操作!!
nginx1服務器上的keepalived配置如下:
[root@nginx1 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { //全局定義 notification_email { root@localhost //給root發郵件 } notification_email_from keepalive@localhost smtp_server 127.0.0.1 //定義郵件服務器 smtp_connect_timeout 30 //連接郵件服務器的超時時間 router_id LVS_DEVEL //路由id } vrrp_instance VI_1 { //定義虛擬路由實例 state MASTER //主路由 interface eth0 virtual_router_id 235 //虛擬路由id priority 100 //優先級 advert_int 1 authentication { //明文加密認證 auth_type PASS auth_pass 2b316a978532 } virtual_ipaddress { //定義vip1 172.16.16.9/16 } } vrrp_instance VI_2 { state BACKUP //備路由 interface eth0 virtual_router_id 236 priority 99 //優先級 advert_int 1 authentication { auth_type PASS auth_pass 24985cea886c } virtual_ipaddress { 172.16.16.10/16 //vip2 } }
nginx2服務器上的keepalived配置如下:
[root@nginx2 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalive@localhost smtp_server 127.0.0.1 //定義郵件服務器 smtp_connect_timeout 30 //連接郵件服務器的超時時間 router_id LVS_DEVEL //路由id } vrrp_instance VI_1 { state BACKUP //備路由 interface eth0 virtual_router_id 235 priority 99 //優先級 advert_int 1 authentication { auth_type PASS auth_pass 2b316a978532 } virtual_ipaddress { //定義vip1 172.16.16.9/16 } } vrrp_instance VI_2 { state MASTER //主路由 interface eth0 virtual_router_id 236 //虛擬路由id priority 100 //優先級 advert_int 1 authentication { //明文認證 auth_type PASS auth_pass 24985cea886c } virtual_ipaddress { 172.16.16.10/16 //定義vip2 } }
測試:
(1)停掉nginx1的keepalived,查nginx2,vip1,vip2都在;
[root@nginx1 ~]# service keepalived stop
測試完成!雙主模型的高可用nginx介紹到此結束~~