Keepalived和Nginx

安装

yum install keepalived nginx psmisc

修改系统参数

echo 'net.ipv4.ip_nonlocal_bind = 1' >> /etc/sysctl.conf

sysctl -p

防火墙

firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" destination address="224.0.0.18" protocol value="vrrp" accept' --permanent
Firewall-cmd --reload

架构

Nginx反代配置

nginx MASTER:

upstream websrvs {
    server 172.18.67.11:80;
    server 172.18.67.12:80;
    server 127.0.0.1:80 backup;
}
server {
    listen       80 ;
    location / {
        proxy_pass http://websrvs;
    }
}

nginx BACKUP:

upstream websrvs {
    server 172.18.67.11:80;
    server 172.18.67.12:80;
    server 127.0.0.1:80 backup;
}

server {
    listen       80 ;
    location / {
        proxy_pass http://websrvs;
    }
}

keepalived

## 主备不同之处
    1，router_id        不能一致
    2，state            MASTER/BACKUP
    3, priority         权重不能一致
    4, interface ens33  网络接口注意和本机对应

keepalived master

cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
    notification_email {
        root@localhost
        IT@service.com
    }
    notification_email_from keepalived@localhost
    smtp_server 127.0.0.1
    smtp_connect_timeout 30
    router_id nginx01
    vrrp_garp_master_refresh 60
    vrrp_garp_master_delay 5
   
    vrrp_mcast_group4 224.0.0.18
}

vrrp_script chk_mantaince_down {
    script "/etc/keepalived/chk_down.sh"
    interval 2
    weight  20
    fall 2
    rise 1
}

vrrp_script chk_nginx {
    script "/bin/killall -0 nginx && exit 0 || exit 1"
    interval 2
    weight 20
    fall 2
    rise 1
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 50
    priority 100
    advert_int 1
    #garp_master_delay 10
    #garp_master_refresh 60
    #nopreempt
    smtp_alert

    authentication {
        auth_type PASS
        auth_pass DFwx4893Gh60
    }

    virtual_ipaddress {
        ## <IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>
        172.18.67.33/24 dev ens33
    }

    ## mcast_src_ip <IPADDR>
    #unicast_src_ip 172.18.67.13
    #unicast_peer {
    #    172.18.67.14
    #}

    track_interface {
        ens33
    }

    track_script {
        chk_nginx
        chk_mantaince_down
    }

    ## 可以不用执行脚本，除非需要执行某些操作。keepalived 1.5 + postfix 能够发送邮件。

    #notify_master "/etc/keepalived/notify.sh master"
    #notify_backup "/etc/keepalived/notify.sh backup"
    #notify_fault "/etc/keepalived/notify.sh fault"

}

EOF

keepalived backup

cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
    notification_email {
        root@localhost
        IT@service.com
    }
    notification_email_from keepalived@localhost
    smtp_server 127.0.0.1
    smtp_connect_timeout 30
    router_id nginx02
    vrrp_garp_master_refresh 60
    vrrp_garp_master_delay 5
   
    vrrp_mcast_group4 224.0.0.18
}

vrrp_script chk_mantaince_down {
    script "/etc/keepalived/chk_down.sh"
    interval 2
    weight  20
    fall 2
    rise 1
}

vrrp_script chk_nginx {
    script "/bin/killall -0 nginx && exit 0 || exit 1"
    #script "/etc/keepalived/chk_nginx.sh"
    interval 2
    weight 20
    fall 2
    rise 1
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 50
    priority 90
    advert_int 1
    #garp_master_delay 10
    #garp_master_refresh 60
    #nopreempt
    smtp_alert

    authentication {
        auth_type PASS
        auth_pass DFwx4893Gh60
    }

    virtual_ipaddress {
        ## <IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>
        172.18.67.33/24 dev ens33
    }

    ## mcast_src_ip <IPADDR>
    #unicast_src_ip 172.18.67.14
    #unicast_peer {
    #    172.18.67.13
    #}

    track_interface {
        ens33
    }

    track_script {
        chk_nginx
        chk_mantaince_down
    }

    ## 可以不用执行脚本，除非需要执行某些操作。keepalived 1.5 + postfix 能够发送邮件。

    #notify_master "/etc/keepalived/notify.sh master"
    #notify_backup "/etc/keepalived/notify.sh backup"
    #notify_fault "/etc/keepalived/notify.sh fault"

}

EOF

nginx 进程检查脚本

cat > /etc/keepalived/chk_nginx.sh << EOF
#!/bin/bash
[[ \$(ps -C 'nginx' --no-heading -o stat,cmd | grep -ve '^[Zz]' | grep -iv 'grep' | wc -l) -gt 1 ]] && exit 0 || exit 1

EOF

chmod u+x /etc/keepalived/chk_nginx.sh

维护脚本

cat > /etc/keepalived/chk_down.sh << EOF
#!/bin/bash
[[ -f /etc/keepalived/down ]] && exit 1 || exit 0

EOF

chmod u+x /etc/keepalived/chk_down.sh

通知脚本

## 只是发送通知邮件，不是必须的。keepalived 1.5 + postfix 能够发送邮件。

cat > /etc/keepalived/notify.sh << EOF
#!/bin/bash

contact='root@localhost'

notify() {
    mailsubject="$(hostname) to be $1, vip floating"
    mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
    echo "$mailbody" | mail -s "$mailsubject" $contact
}

case $1 in
    master)
    notify master
    ;;

    backup)
    notify backup
    ;;

    fault)
    notify fault
    ;;

    *)
    echo "Usage: $(basename $0) {master|backup|fault}"
    exit 1
    ;;
esac

EOF

chmod u+x /etc/keepalived/notify.sh

参考

https://www.cnblogs.com/mrlapulga/p/6857294.html