一、前沿介绍
nginx进程基于Master+Slave(worker)多进程模型,自身具有非常稳定的子进程管理功能。在Master进程分配模式下,Master进程永远不进行业务处理,只是进行任务分发,从而达到Master进程的存活高可靠性,Slave(worker)进程所有的业务信号都由主进程发出,Slave(worker)进程所有的超时任务都会被Master中止,属于非阻塞式任务模型。
Keepalived是Linux下面实现VRRP 备份路由的高可靠性运行件。基于Keepalived设计的服务模式能够真正做到主服务器和备份服务器故障时IP瞬间无缝交接。二者结合,可以构架出比较稳定的软件Load Balancer方案。
二、nginx+keepalived架构配置实战演示
采用两台服务器做nginx主备,后端采用两个real server(可以随意扩展),数据库采用mysql主从(这里就不说主从的配置了!)架构图如下:
Server ip
nginx master 192.168.1.108
nginx backup 192.168.1.110
Vip 192.168.1.100
real server1 192.168.1.105
real server2 192.168.1.103
三、开始nginx的安装和配置
1、创建供Nginx运行使用的组和帐号:
# groupadd -r nginx
# useradd -r -g nginx -s /sbin/nologin -M nginx
2、编译安装rewrite模块支持包
下载pcre包到本地,版本选择7.0以上版本就可以,此处是7.8版本
#tar zxvf pcre-7.8.tar.gz
#cd pcre-7.8/
#./configure
#make && make install
#cd ../
3、编译安装Nginx服务
此处使用的Nginx版本为0.7.64,可以使用其他版本,此处使用1.0.10版本
wget http://sysoev.ru/nginx/nginx-1.0.10.tar.gz
#tar zxvf nginx-1.0.10.tar.gz
#cd nginx-1.0.10/
#./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module --with-http_flv_module
#make && make install
#cd ../
4、备份默认nginx.conf配置文件
#cd /etc/nginx
#cp nginx.conf nginx.old
5、配置nginx服务(Master 和Back up 的nginx配置文件是一样的)
(1)、在nginx Master 上进行配置,将nginx的默认配置文件修改为如下:
# cat /etc/nginx/nginx.conf
user nginx nginx;
worker_processes 8;
pid /var/run/nginx.pid;
worker_rlimit_nofile 51200;
events
{ use epoll;
worker_connections 5120;
}
http
{
include mime.types;
default_type application/octet-stream;
charset gb2312;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
upstream srtweb {
server 192.168.1.105:80; //此处的IP是后端的Real Server 的IP,
server 192.168.1.103:80; //有几个Real server 写几个
}
server {
listen 80;
server_name www.linuxgg.com; //可以为hostname也可以为localhost
location /{
root html;
index index.html index.htm;
proxy_pass http://srtweb;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
(2)、在Nginx Backup上进行配置,和Nginx Master上的配置一样,可以将Nginx Master上的nginx.conf配置文件拷贝到Nginx Backup的/etc/nginx/目录下面!
6、启动测试Nginx服务
分别启动Master 和Backup服务器上的Nginx服务,
#/usr/sbin/nginx
查看Nginx监听的端口,如果监听正常,并且显示如下图说明Nginx服务启动成功!
#netstat -tunlp
四、安装配置Keepalived
1、安装keepalived(在Nginx Master和Backup上都要安装!)
wget http://www.keepalived.org/software/keepalived-1.1.19.tar.gz
#tar zxvf keepalived-1.1.19.tar.gz
#cd keepalived-1.1.19
#./configure --prefix=/usr/local/keepalived
#make
#make install
#cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
#cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
#cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
#mkdir /etc/keepalived
#cd /etc/keepalived/
2、配置nginx master的keepalived配置文件
将keepalived.conf文件配置为如下内容即可!
# cat /etc/keepalived/keepalived.conf
global_defs {
notification_email {
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id test1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
mcast_src_ip 192.168.1.108 //Nginx Master的IP地址
priority 100 //此处的数值要比Nginx Backup 中的高
advert_int 1
smtp_alert
authentication {
auth_type PASS
auth_pass 123
}
virtual_ipaddress {
192.168.1.100 //vip地址
}
}
3、配置nginx backup的keepalived配置文件
# cat /etc/keepalived/keepalived.conf
global_defs {
notification_email {
[email protected] //定义email地址
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id test2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
mcast_src_ip 192.168.1.110 //Nginx Backup的IP地址
priority 80
advert_int 1
smtp_alert
authentication {
auth_type PASS
auth_pass 123
}
virtual_ipaddress {
192.168.1.100 //vip地址
}
}
4、启动Nginx Master 和Nginx Backup服务器上的keepalived服务
查看虚拟IP是否绑定!
# /etc/rc.d/init.d/keepalived start
Starting keepalived: [ OK ]
(1)、首先在Nginx Master 上查看IP绑定的情况!
红色方框部分显示VIP已经加载到Nginx Master 服务器上了 !
(2)、其次查看Nginx Backup 服务器上IP情况!
#ip addr
(3)、停止Nginx Master 服务器上的keepalived 服务,模拟Nginx Master 宕机,看backup服务器是否接管vip
#service keepalived stop
Stopping keepalived: [ OK ]
然后再查看Nginx Master 服务器上的IP绑定情况
#ip addr
接下来查看Nginx Backup服务器是否接管了vip
#ip addr
说明vip已经可以正常切换!
补充说明:不知道大家测试过没有,经过测试,如果Master服务器上的nginx服务宕掉了,而keepalived正常工作,vip无法切换到Backup服务器上,nginx提供的服务也就无法正常运行,如果停掉keepalived服务,vip就可以切换到Backup服务器上,这说明控制vip切换的是keepalived服务,为了确保在nginx服务宕机的时候,vip能正常切换到Backup服务器上,需要一个控制脚本,如下:
#vi /root/nginx_pid.sh
#!/bin/bash
nginxid=`ps –C nginx --no-header | wc -l`
if [ $nginxid -eq 0 ]; then
/usr/loca/nginx/sbin/nginx
sleep 5
if [ $nginxid -eq 0 ]; then
/etc/init.d/keepalived stop
fi
fi
此脚本思路其实也很简单,即放置在后台一直监控nginx进程;如进程消失,尝试重启nginx,如是失败则立即停掉本机的 keepalived服务,让另一台负载均衡器接手即可。
五、vip无法切换到从主服务器切换到从服务器的问题
1、案例一
描述:配置好Nginx服务和keepalived服务后,停掉Nginx Master的Nginx服务和keepalived服务,vip却无法切换到Nginx Backup 服务器上,Master和Backup日志分别显示如下:
#tail /var/log/messages
Master 日志:
Backup 日志:
主从的日志都提到了VRRP,说是假的VIP报文接收在eth0上,其实VRRP的目的就是为了解决静态路由单点故障问题。
解决方案:
改变主从配置文件/etc/keepalived/keepalived.conf 中virtual_route_id的值
virtual_router_id 60 主从方都要改,默认值为51
原因:如果在同一网关(192.168.1.1)内建了2组集群,virtual_router_id 就重复了,改个不一样的就可以,不一定要60
如有不足之处请指出!