基于keepalived主从模型实现Nginx的高可用

所谓覅破解

配置前提：两台主机，主机名为NG1、NG2，分别装有Nginx和keepalived，使用的均为RedHat 6的32位系统，其IP分部如下：
NG1：IP=172.16.15.100
NG2：IP=172.16.15.101
飘逸IP：
IP=172.16.15.200
IP=172.16.15.201
Nginx的安装，需要手动编译；在NG1、NG2主机分别编译安装nginx过程如下：
在编译时确保编译环境是否安好，且pcre-devel、openssl-devel是否安装？
安装编译环境：

# yum groupinstall 'Development Tools' 'Server Platform Libraries'
# yum install pcre-devel openssl-devel
解压nginx包，并安装：

# groupadd -r nginx
# useradd -r -g nginx -s /sbin/false -M nginx
# tar -xf nginx-1.4.1.tar.gz
# ./configure \
--prefix=/usr \#默认安装路径
--sbin-path=/usr/sbin/nginx \#可执行文件路径
--conf-path=/etc/nginx/nginx.conf \#主配置文件路径
--error-log-path=/var/log/nginx/error.log \#错误日志路径
--http-log-path=/var/log/nginx/access.log \#访问日志路径
--pid-path=/var/run/nginx/nginx.pid  \#pid文件路径
--lock-path=/var/lock/nginx.lock \#锁文件路径
--user=nginx \
--group=nginx \
--with-http_ssl_module \#安装ssl模块
--with-http_flv_module \#安装flv模块
--with-http_stub_status_module \#安装状态模块
--with-http_gzip_static_module \#安装压缩模块
--http-client-body-temp-path=/var/tmp/nginx/client/ \ #请求报文的主体缓冲路径
--http-proxy-temp-path=/var/tmp/nginx/proxy/ \ #安装代理路径
--http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ \
--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \
--http-scgi-temp-path=/var/tmp/nginx/scgi \
--with-pcre#安装pcre
# make && make install
创建Nginx的服务脚本：

# vim /etc/rc.d/init.d/nginx
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig:   - 85 15
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /etc/nginx/nginx.conf
# config:      /etc/sysconfig/nginx
# pidfile:     /var/run/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2:
# chmod +x /etc/rc.d/init.d/nginx
# chkconfig --add nginx
# chkconfig nginx on
# service nginx start
在浏览器上访问其地址，可以看到如下图，说明安装成功！

为了能更好的显示keepalived双主模型，将两台主机提供不同的页面！
NG1：

# mkdir -pv /web/html
# echo “NG1.jun.com” >> /web/html/index.html
# vim /etc/nginx/nginx.conf
Server {
listen 80;
server_name localhost;
location / {
root /web/html;
index index.html index.htm
}
# service nginx reload
访问结果如图：

NG2：

# mkdir -pv /web/html
# echo “NG2.jun.com” >> /web/html/index.html
# vim /etc/nginx/nginx.conf
Server {
listen 80;
server_name localhost;
location / {
root /web/html;
index index.html index.htm
}
# nginx -t    测试配置是否有误
# service nginx reload
访问测试结果如下图：

一切就绪，开始手动编译安装keepalived-1.2.7，在编译前请确保openssl-devel、popt-devel是否安装了，不然在编译时会出错！
NG1:

# yum install ipvsadm
# tar -xf keepalived-1.2.7.tar.gz
# cd keepalived-1.2.7
# ./configure --prefix=/usr
# make && make install
Keepalived-1.2.7在安装完成后，其配置文件放在了/usr/etc/keepalived/keepalived.conf，而服务器脚本则放在了/usr/etc/rc.d/init.d/keepalived；为了方便管理应将其配置文件，服务脚本均放在/etc下！

# mkdir /etc/keepalived
# cp /usr/etc/keepalived/keepalived.conf /etc/keepalived/
# cp /usr/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
修改keepalived的服务脚本：

# vim /etc/rc.d/init.d/keepalived

只需修改如下内容：
. /usr/etc/sysconfig/keepalived
配置keepalived.conf实现nginx的高可用：

# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@jun.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 172.16.15.100
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
stateMASTER
interface eth0
virtual_router_id 15
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_interface {
eth0
}
virtual_ipaddress {
172.16.15.200/16 dev eth0 label eth0:0
}
}
virtual_server 172.16.15.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.0.0
persistence_timeout 50
protocol TCP
real_server 172.16.15.100 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
}
real_server 172.16.15.101 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 13
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_interface {
eth0
}
virtual_ipaddress {
172.16.15.201/16 dev eth0 label eth0:1
}
}
virtual_server 172.16.15.201 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.0.0
persistence_timeout 50
protocol TCP
real_server 172.16.15.100 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
}
real_server 172.16.15.101 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
}
}
# ipvsadm -L -n

通过浏览器访问飘逸IP：172.16.15.200，如下图：


NG2的配置、安装和NG1一样！只不过keepalived.conf的配置和NG2有所不同！

# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@jun.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 172.16.15.101
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 15
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_interface {
eth0
}
virtual_ipaddress {
172.16.15.200/16 dev eth0 label eth0:0
}
}
virtual_server 172.16.15.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.0.0
persistence_timeout 50
protocol TCP
real_server 172.16.15.100 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
}
real_server 172.16.15.101 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 13
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_interface {
eth0
}
virtual_ipaddress {
172.16.15.201/16 dev eth0 label eth0:1
}
}
virtual_server 172.16.15.201 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.0.0
persistence_timeout 50
protocol TCP
real_server 172.16.15.100 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
}
real_server 172.16.15.101 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
}
}

通过浏览器访问飘逸IP：172.16.15.201，结果如下图：

模拟NG2主机损坏，看NG2中的飘逸IP的变化！

# service keepalived stop
# ifconfig
可以看到eth0:1不在显示，此IP飘逸到了NG1主机上了，如下图！

Nginx的高可用实现成功！