Keepalived+Nginx实现高可用负载均衡集群

一 环境介绍

1.操作系统
CentOS Linux release 7.2.1511 (Core)

2.服务
keepalived+nginx双主高可用负载均衡集群及LAMP应用
keepalived-1.2.13-7.el7.x86_64
nginx-1.10.2-1.el7.x86_64
httpd-2.4.6-45.el7.centos.x86_64

二 原理及拓扑图

1.vrrp协议
在现实的网络环境中，两台需要通信的主机大多数情况下并没有直接的物理连接。对于这样的情况，它们之间路由怎样选择？主机如何选定到达目的主机的下一跳路由，这个问题通常的解决方法有二种：
 在主机上使用动态路由协议(RIP、OSPF等) 
 在主机上配置静态路由 
很明显，在主机上配置动态路由是非常不切实际的，因为管理、维护成本以及是否支持等诸多问题。配置静态路由就变得十分流行，但路由器(或者说默认网关default gateway)却经常成为单点故障。VRRP的目的就是为了解决静态路由单点故障问题，VRRP通过一竞选(election)协议来动态的将路由任务交给LAN中虚拟路由器中的某台VRRP路由器。

2.nginx反代
nginx是以反向代理的方式进行负载均衡的。反向代理（Reverse Proxy）方式是指以代理服务器来接受Internet上的连接请求，然后将请求转发给内部网络上的服务器，并将从服务器上得到的结果返回给Internet上请求连接的客户端，此时代理服务器对外就表现为一个服务器。(为了理解反向代理，这里插播一条什么是正向代理：正向代理指的是，一个位于客户端和原始服务器之间的服务器，为了从原始服务器取得内容，客户端向代理发送一个请求并指定目标(原始服务器)，然后代理向原始服务器转交请求并将获得的内容返回给客户端。)
3.拓扑图

三 配置

1.后端RS配置

1 2	[root@inode4 ~]# yum install httpd -y [root@inode5 ~]# yum install httpd -y

2.Nginx反代配置
MASTER:

1 2 3 4 5 6 7 8 9 10

upstream websrvs {  server 172.18.67.11:80;  server 172.18.67.12:80;  server 127.0.0.1:80 backup; } server {     listen       80 ;     location / {     proxy_pass http://websrvs;     }

BACKUP:

1 2 3 4 5 6 7 8 9 10

upstream websrvs {  server 172.18.67.11:80;  server 172.18.67.12:80;  server 127.0.0.1:80 backup; } server {     listen       80 ;     location / {     proxy_pass http://websrvs;     }

3.keepalived高可用配置
MASTER:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44

! Configuration File for keepalived global_defs {     notification_email {  root@localhost     }     notification_email_from keepalived@localhost     smtp_server 127.0.0.1     smtp_connect_timeout 30     router_id node1     vrrp_mcast_group4 224.0.67.67 } vrrp_script chk_down {     script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"     interval 1     weight -5 } vrrp_script chk_nginx {     script "killall -0 nginx && exit 0 || exit 1"     interval 1     weight -5     fall 2     rise 1 } vrrp_instance myr {     state MASTER     interface eno16777736     virtual_router_id 167     priority 100     advert_int 1     authentication {  auth_type PASS  auth_pass 571f97b2     }     virtual_ipaddress {  172.18.67.33/16 dev eno16777736     }     track_script {  chk_down  chk_nginx     }     notify_master "/etc/keepalived/notify.sh master"     notify_backup "/etc/keepalived/notify.sh backup"     notify_fault "/etc/keepalived/notify.sh fault" }

BACKUP:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44

! Configuration File for keepalived global_defs {     notification_email {  root@localhost     }     notification_email_from keepalived@localhost     smtp_server 127.0.0.1     smtp_connect_timeout 30     router_id node1     vrrp_mcast_group4 224.0.67.67 } vrrp_script chk_down {     script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"     interval 1     weight -5 } vrrp_script chk_nginx {     script "killall -0 nginx && exit 0 || exit 1"     interval 1     weight -5     fall 2     rise 1 } vrrp_instance myr {     state BACKUP     interface eno16777736     virtual_router_id 167     priority 95     advert_int 1     authentication {  auth_type PASS  auth_pass 571f97b2     }     virtual_ipaddress {  172.18.67.33/16 dev eno16777736     }     track_script {  chk_down  chk_nginx     }     notify_master "/etc/keepalived/notify.sh master"     notify_backup "/etc/keepalived/notify.sh backup"     notify_fault "/etc/keepalived/notify.sh fault" }

4.通知脚本示例

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

[root@inode2 nginx]# vim notify.sh #!/bin/bash # contact='root@localhost' notify() {  mailsubject="$(hostname) to be $1, vip floating"  mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"  echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master)  notify master  ;; backup)  notify backup  ;; fault)  notify fault  ;; *)  echo "Usage: $(basename $0) {master|backup|fault}"  exit 1  ;; esac

节点二同样配置

四 启动服务并测试

1.启动后端web服务器

1 2	[root@inode4 ~]# systemctl start httpd [root@inode5 ~]# systemctl start httpd

为了测试显示效果明显一点，自定义一个访问页面

1 2	[root@inode4 ~]# echo "RS1:172.18.67.11" > /var/www/html/index.html [root@inode5 ~]# echo "RS2:172.18.67.12" > /var/www/html/index.html

2.测试
MASTER:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

[root@inode2 ~]# systemctl start  keepalived [root@inode2 ~]# systemctl status -l  keepalived ● keepalived.service - LVS and VRRP High Availability Monitor    Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)    Active: active (running) since Mon 2017-05-15 15:45:20 CST; 3s ago   Process: 20971 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)  Main PID: 20972 (keepalived)    CGroup: /system.slice/keepalived.service            ├─20972 /usr/sbin/keepalived -D            ├─20973 /usr/sbin/keepalived -D            └─20974 /usr/sbin/keepalived -D May 15 15:45:20 inode2 Keepalived_healthcheckers[20973]: Opening file '/etc/keepalived/keepalived.conf'. May 15 15:45:20 inode2 Keepalived_healthcheckers[20973]: Configuration is using : 7521 Bytes May 15 15:45:20 inode2 Keepalived_healthcheckers[20973]: Using LinkWatch kernel netlink reflector... May 15 15:45:20 inode2 Keepalived_vrrp[20974]: VRRP_Script(chk_nginx) succeeded May 15 15:45:21 inode2 Keepalived_vrrp[20974]: VRRP_Instance(myr) Transition to MASTER STATE May 15 15:45:22 inode2 Keepalived_vrrp[20974]: VRRP_Instance(myr) Entering MASTER STATE May 15 15:45:22 inode2 Keepalived_vrrp[20974]: VRRP_Instance(myr) setting protocol VIPs. May 15 15:45:22 inode2 Keepalived_vrrp[20974]: VRRP_Instance(myr) Sending gratuitous ARPs on eno16777736 for 172.18.67.33 May 15 15:45:22 inode2 Keepalived_vrrp[20974]: Opening script file /etc/keepalived/notify.sh May 15 15:45:22 inode2 Keepalived_healthcheckers[20973]: Netlink reflector reports IP 172.18.67.33 added [root@inode2 ~]# ip a l 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000     link/ether 00:0c:29:8b:08:6f brd ff:ff:ff:ff:ff:ff     inet 172.18.67.13/16 brd 172.18.255.255 scope global eno16777736        valid_lft forever preferred_lft forever     inet 172.18.67.33/16 scope global secondary eno16777736        valid_lft forever preferred_lft forever     inet6 fe80::20c:29ff:fe8b:86f/64 scope link tentative dadfailed        valid_lft forever preferred_lft forever

主节点启动，Entering MASTER STATE，此时我们在客户端进行测试访问

1 2 3 4 5

[root@inode1 ~]# for i in {1..4};do curl http://172.18.67.33;done RS1:172.18.67.11 RS2:172.18.67.12 RS1:172.18.67.11 RS2:172.18.67.12

访问正常，接下来我们启动备用节点的服务器

BACKUP:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

[root@inode3 keepalived]# systemctl start keepalived [root@inode3 keepalived]# systemctl status -l keepalived ● keepalived.service - LVS and VRRP High Availability Monitor    Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)    Active: active (running) since Mon 2017-05-15 15:46:51 CST; 3s ago   Process: 24329 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)  Main PID: 24330 (keepalived)    CGroup: /system.slice/keepalived.service            ├─24330 /usr/sbin/keepalived -D            ├─24331 /usr/sbin/keepalived -D            └─24332 /usr/sbin/keepalived -D May 15 15:46:51 inode3 Keepalived_vrrp[24332]: Registering Kernel netlink command channel May 15 15:46:51 inode3 Keepalived_vrrp[24332]: Registering gratuitous ARP shared channel May 15 15:46:51 inode3 Keepalived_vrrp[24332]: Opening file '/etc/keepalived/keepalived.conf'. May 15 15:46:51 inode3 Keepalived_vrrp[24332]: Configuration is using : 66427 Bytes May 15 15:46:51 inode3 Keepalived_vrrp[24332]: Using LinkWatch kernel netlink reflector... May 15 15:46:51 inode3 Keepalived_vrrp[24332]: VRRP_Instance(myr) Entering BACKUP STATE May 15 15:46:51 inode3 Keepalived_vrrp[24332]: Opening script file /etc/keepalived/notify.sh May 15 15:46:51 inode3 Keepalived_vrrp[24332]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)] May 15 15:46:51 inode3 Keepalived_vrrp[24332]: VRRP_Script(chk_down) succeeded May 15 15:46:51 inode3 Keepalived_vrrp[24332]: VRRP_Script(chk_nginx) succeeded [root@inode3 keepalived]# ip a l 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000     link/ether 00:0c:29:78:24:c3 brd ff:ff:ff:ff:ff:ff     inet 172.18.67.14/16 brd 172.18.255.255 scope global eno16777736        valid_lft forever preferred_lft forever     inet6 fe80::20c:29ff:fe78:24c3/64 scope link tentative dadfailed        valid_lft forever preferred_lft forever

此时，我们可以看到备用节点服务器启动后进入了BACKUP状态，Entering BACKUP STATE。接下来我们测试主节点宕机的情形下，我们的服务是否还可用

1	[root@inode2 ~]# systemctl stop keepalived

主节点宕机后我们查看备用节点的状态

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

[root@inode3 keepalived]# systemctl status -l keepalived ● keepalived.service - LVS and VRRP High Availability Monitor    Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)    Active: active (running) since Mon 2017-05-15 15:46:51 CST; 2min 19s ago   Process: 24329 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)  Main PID: 24330 (keepalived)    CGroup: /system.slice/keepalived.service            ├─24330 /usr/sbin/keepalived -D            ├─24331 /usr/sbin/keepalived -D            └─24332 /usr/sbin/keepalived -D May 15 15:46:51 inode3 Keepalived_vrrp[24332]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)] May 15 15:46:51 inode3 Keepalived_vrrp[24332]: VRRP_Script(chk_down) succeeded May 15 15:46:51 inode3 Keepalived_vrrp[24332]: VRRP_Script(chk_nginx) succeeded May 15 15:48:35 inode3 Keepalived_vrrp[24332]: VRRP_Instance(myr) Transition to MASTER STATE May 15 15:48:36 inode3 Keepalived_vrrp[24332]: VRRP_Instance(myr) Entering MASTER STATE May 15 15:48:36 inode3 Keepalived_vrrp[24332]: VRRP_Instance(myr) setting protocol VIPs. May 15 15:48:36 inode3 Keepalived_vrrp[24332]: VRRP_Instance(myr) Sending gratuitous ARPs on eno16777736 for 172.18.67.33 May 15 15:48:36 inode3 Keepalived_vrrp[24332]: Opening script file /etc/keepalived/notify.sh May 15 15:48:36 inode3 Keepalived_healthcheckers[24331]: Netlink reflector reports IP 172.18.67.33 added May 15 15:48:41 inode3 Keepalived_vrrp[24332]: VRRP_Instance(myr) Sending gratuitous ARPs on eno16777736 for 172.18.67.33 [root@inode3 keepalived]# ip a l 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000     link/ether 00:0c:29:78:24:c3 brd ff:ff:ff:ff:ff:ff     inet 172.18.67.14/16 brd 172.18.255.255 scope global eno16777736        valid_lft forever preferred_lft forever     inet 172.18.67.33/16 scope global secondary eno16777736        valid_lft forever preferred_lft forever     inet6 fe80::20c:29ff:fe78:24c3/64 scope link tentative dadfailed        valid_lft forever preferred_lft forever

我们发现备用节点由备用状态进入了主状态，并且IP地址也成功绑定至备用节点下。再次进行测试访问

1 2 3 4 5

[root@inode1 ~]# for i in {1..4};do curl http://172.18.67.33;done RS1:172.18.67.11 RS2:172.18.67.12 RS1:172.18.67.11 RS2:172.18.67.12

测试一台web服务器宕机

1 2 3 4 5 6

[root@inode4 ~]# systemctl stop httpd [root@inode1 ~]# for i in {1..4};do curl http://172.18.67.33;done RS2:172.18.67.12 RS2:172.18.67.12 RS2:172.18.67.12 RS2:172.18.67.12

在实际生产环境中后端两台web服务器的内容应该一样的，在这里我们可认为客户端已成功访问到服务器，因此我们可认为这样的架构体现了高可用负载均衡。