keepalived+nginx实现高可用

1.1 节点规划IP地址主机名软件节点192.168.24.10masterkeepalived,nginx主节点192.168.24.20backupkeepalived,nginx从节点192.168.24.100VIP地址1.2 环境准备克隆两台服务器然后设置它们的主机名和IP地址并关闭selinux和防火墙# 1. 设置主机名[rootlocalhost ~]# hostnamectl set-hostname master bash [rootmaster ~]# [rootlocalhost ~]# hostnamectl set-hostname backup bash [rootbackup ~]## 2. 修改IP地址[rootmaster ~]# nmcli c m ens160 ipv4.method manual ipv4.addresses 192.168.24.10/24 ipv4.gateway 192.168.24.2 ipv4.dns 223.5.5.5 connection.autoconnect yes [rootmaster ~]# nmcli c up ens160 [rootbackup ~]# nmcli c m ens160 ipv4.method manual ipv4.addresses 192.168.24.20/24 ipv4.gateway 192.168.24.2 ipv4.dns 223.5.5.5 connection.autoconnect yes [rootbackup ~]# nmcli c up ens160# 3. 关闭selinuxSELinux 默认拦截脚本 / 端口 / 进程权限会导致健康检查、VIP 漂移失败。[rootmaster ~]# sed -i s/SELINUXenforcing/SELINUXpermissive/ /etc/selinux/config [rootmaster ~]# getenforce Enforcing [rootmaster ~]# setenforce 0 [rootmaster ~]# getenforce Permissive [rootbackup ~]# sed -i s/SELINUXenforcing/SELINUXpermissive/ /etc/selinux/config [rootbackup ~]# setenforce 0# 4. 关闭防火墙防火墙会拦截 VRRP 协议组播主备无法通信VIP 飘不过去。[rootmaster ~]# systemctl disable --now firewalld.service Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [rootbackup ~]# systemctl disable --now firewalld.service Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.1.3 搭建nginx服务分别在两台服务器中安装nginx服务。 高可用要求主备都能提供服务[rootmaster ~]# dnf install nginx -y [rootbackup ~]# dnf install nginx -y2、修改欢迎页测试时能直观看到当前访问的是 master 还是 backup。[rootmaster ~]# echo $(hostname -I) /usr/share/nginx/html/index.html [rootbackup ~]# echo $(hostname -I) /usr/share/nginx/html/index.html3、启动nginx服务[rootmaster ~]# systemctl start nginx [rootbackup ~]# systemctl start nginx4、测试服务[rootmaster ~]# curl localhost 192.168.24.10 [rootbackup ~]# curl localhost 192.168.24.201.4 搭建keepalived分别在两台服务器中安装keepalived软件部署 Keepalived 实现漂移主节点挂了自动切到备节点[rootmaster ~]# dnf install keepalived -y [rootbackup ~]# dnf install keepalived -y2、配置keepalived2.1 配置master[rootmaster ~]# vim /etc/keepalived/keepalived.conf 文件的内容修改如下 global_defs { router_id master } vrrp_instance VI_1 { state MASTER interface ens160 virtual_router_id 51 priority 100 #优先级主备 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.24.100 #自动绑定到主节点 } }2.2 配置backup备节点优先级低正常不抢 VIP, 主挂了才接管。[rootbackup ~]# vim /etc/keepalived/keepalived.conf 文件的内容修改如下 global_defs { router_id backup } vrrp_instance VI_1 { state BACKUP interface ens160 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.24.100 } }3、启动服务启动后主备开始通过 VRRP 组播通信master 绑定 VIP。[rootmaster ~]# systemctl start keepalived.service [rootbackup ~]# systemctl start keepalived.service实现高可用保证服务不可用时自动切换而不是死占vip。[rootmaster ~]# vim /etc/keepalived/check_nginx.sh 脚本的内容如下 #!/bin/bash countps -C nginx --no-header | wc -l if [ ${count} -eq 0 ]; then systemctl start nginx #先尝试重启nginx sleep 2 if [ ps -C nginx --no-header | wc -l -eq 0 ]; then systemctl stop keepalived #启动不起来自杀让出vip fi fi2、给这个脚本赋予可执行权限[rootmaster ~]# ll /etc/keepalived/check_nginx.sh -rw-r--r--. 1 root root 243 Apr 11 21:55 /etc/keepalived/check_nginx.sh [rootmaster ~]# chmod x /etc/keepalived/check_nginx.sh [rootmaster ~]# ll /etc/keepalived/check_nginx.sh -rwxr-xr-x. 1 root root 243 Apr 11 21:55 /etc/keepalived/check_nginx.sh3、将这个文件发送到backup节点[rootmaster ~]# scp -p /etc/keepalived/check_nginx.sh root192.168.24.20:/etc/keepalived/ The authenticity of host 192.168.24.20 (192.168.24.20) cant be established. ED25519 key fingerprint is SHA256:xLwz8qEQMbnB85sRiBuHy9/2ZpNxhJl58AqRjGY8kWk. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 192.168.24.20 (ED25519) to the list of known hosts. root192.168.24.20s password: check_nginx.sh 100% 243 699.9KB/s 00:004、最后在backup节点上进行验证[rootbackup ~]# ll /etc/keepalived/check_nginx.sh -rwxr-xr-x. 1 root root 243 Apr 11 21:55 /etc/keepalived/check_nginx.sh5、将编写的脚本写入到keepalived的配置文件中5.1 修改master配置文件[rootmaster ~]# vim /etc/keepalived/keepalived.conf 文件的内容修改如下 global_defs { router_id master } #以下是增加的内容 vrrp_script chk_nginx { script /etc/keepalived/check_nginx.sh interval 2 # 每2秒检查 timeout 2 weight -20 #检查失败优先级-20 fall 3 rise 2 } vrrp_instance VI_1 { state MASTER interface ens160 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } #这是增加的内容 track_script { chk_nginx } virtual_ipaddress { 192.168.24.100 } }5.2 修改backup节点的配置文件[rootbackup ~]# vim /etc/keepalived/keepalived.conf 文件内容修改如下 global_defs { router_id backup } vrrp_script chk_nginx { script /etc/keepalived/check_nginx.sh interval 2 timeout 2 weight -20 fall 3 rise 2 } vrrp_instance VI_1 { state BACKUP interface ens160 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } track_script { chk_nginx } virtual_ipaddress { 192.168.24.100 } }6、重启keepalived服务加载新配置[rootmaster ~]# systemctl restart keepalived.service [rootbackup ~]# systemctl restart keepalived.service7、功能测试[rootmaster ~]# curl 192.168.24.100 192.168.24.10 [rootmaster ~]# systemctl stop nginx [rootmaster ~]# curl 192.168.24.100 192.168.24.10 此时在backup访问vip [rootbackup ~]# curl 192.168.24.100 192.168.24.10 关闭keepalive访问vip [rootmaster ~]# systemctl stop keepalived.service [rootmaster ~]# curl 192.168.24.100 192.168.24.20结论Keepalived 负责IP 高可用健康检查脚本负责业务高可用两者配合实现 Nginx 双机热备做到故障自动检测、自动切换。