容器热备-配置文件

• docker-compose

curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose --version

• nginx.conf（HTTP模块）

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;
    upstream health {
         server 192.168.214.101:9080;
         server 192.168.214.102:9080;
         check interval=3000 rise=1 fall=1 timeout=1000 type=tcp port=9080; 
}
    server {
        listen       80;
        server_name  localhost;

        #access_log  logs/host.access.log  main;
        location /status {
              check_status;
              access_log off;
}
        location / {
            proxy_pass        http://health;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
   }
}

• nginx.conf（低版本1.9-TCP模块）

#user  nobody;
worker_processes  1;
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;
events {
    worker_connections  1024;
}

tcp {
    upstream health {
         server 192.168.214.101:6443;
         server 192.168.214.102:6443;
         server 192.168.214.103:6443;
         check interval=3000 rise=2 fall=1  timeout=1000; 
         }
        server {
            listen 80;
            proxy_pass health;
            so_keepalive on;  #心跳检测
            tcp_nodelay on;  #禁用了Nagle算法，允许小包的发送
        }
}

• nginx.con（版本1.9+TCP模块）

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}
#http {
#    server {
#        listen 90;
#        location /status {
#           healthcheck_status;
#        }
#    }
#}
stream {
    upstream tcp-cluster {
        server 192.168.214.101:6443;
        server 192.168.214.102:6443;
        server 192.168.214.103:6443;
        check interval=3000 rise=2 fall=5 timeout=5000 default_down=true type=tcp;
    }
    server {
        listen 80;
        proxy_pass tcp-cluster;
    }
}

• nginx_check.sh

#!/bin/bash
A=`netstat -ntlp | grep :80 | wc -l`
if [ $A -eq 0 ];then
        pkill keepalived
fi

• keepalived.conf

global_defs {
    router_id master  #负载均衡标识，在局域网内应该是唯一的。
}

vrrp_script chk_nginx {
    script "/etc/keepalived/nginx_check.sh"
    #每2秒检测一次nginx的运行状态
    interval 2
    #失败一次，将自己的优先级调整为-20
#    weight  -20
}

# virtual_ipaddress vip
# vrrp-虚拟路由冗余协议
# vrrp_instance 用来定义对外提供服务的VIP区域及其相关属性
vrrp_instance VI_1 {
    state MASTER #指定该keepalived节点的初始状态
    interface ens33 #vrrp实例绑定的接口，用于发送VRRP包
    virtual_router_id 51 #取值在0-255之间，用来区分多个instance的VRRP组播， 同一网段中该值不能重复，并且同一个vrrp实例使用唯一的标识
    priority 100 #指定优先级，优先级高的将成为MASTER
    nopreempt #设置为不抢占。默认是抢占的
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    ###采用单播通信，避免同一个局域网中多个keepalived组之间的相互影响
    mcast_src_ip 192.168.241.101
    virtual_ipaddress { #指定VIP地址
        192.168.214.100
    }
    #nginx存活状态检测脚本
    track_script {
        chk_nginx
    }
    notify "/container/service/keepalived/assets/notify.sh"
}

• Dockerfile

FROM osixia/keepalived

ADD ./nginx_check.sh /etc/keepalived/nginx_check.sh
RUN chmod +x /etc/keepalived/nginx_check.sh

ADD ./keepalived.conf /container/service/keepalived/assets/keepalived.conf

• docker-compose.yml

version: '2'

services:
  keepalived:
    build: ./
    depends_on:
      - nginx
    network_mode: "host"
    cap_drop:
      - NET_ADMIN
    privileged: true
    volumes:
      - "/root/k+n/nginx_check.sh:/etc/keepalived/nginx_check.sh"
    restart: on-failure:3
  nginx:
    image: nginx
    privileged: true  #root权限
    ports:
      - "80:80" #本机：容器
    volumes:
      - "/root/k+n/nginx.conf:/etc/nginx/nginx.conf"
    restart: on-failure:3

# 第一次执行会下载镜像并build
# docker-compose up
# 若修改了配置文件，需要重新build
# docker-compose up --build
# 以后台模式运行
# docker-compose up -d