目錄

nginx負(fù)載均衡

nginx負(fù)載均衡介紹

反向代理與負(fù)載均衡

nginx負(fù)載均衡配置

Keepalived高可用nginx負(fù)載均衡器

修改Web服務(wù)器的默認(rèn)主頁(yè)

開(kāi)啟nginx負(fù)載均衡和反向代理

安裝Keepalived

配置Keepalived

編寫(xiě)腳本監(jiān)控Keepalived和nginx的狀態(tài)

配置keepalived加入監(jiān)控腳本的配置

nginx負(fù)載均衡介紹

nginx應(yīng)用場(chǎng)景之一就是負(fù)載均衡。在訪問(wèn)量較多的時(shí)候，可以通過(guò)負(fù)載均衡，將多個(gè)請(qǐng)求分?jǐn)偟蕉嗯_(tái)服務(wù)器上，相當(dāng)于把一臺(tái)服務(wù)器需要承擔(dān)的負(fù)載量交給多臺(tái)服務(wù)器處理，進(jìn)而提高系統(tǒng)的吞吐率；另外如果其中某一臺(tái)服務(wù)器掛掉，其他服務(wù)器還可以正常提供服務(wù)，以此來(lái)提高系統(tǒng)的可伸縮性與可靠性。

下圖為負(fù)載均衡示例圖，當(dāng)用戶請(qǐng)求發(fā)送后，首先發(fā)送到負(fù)載均衡服務(wù)器，而后由負(fù)載均衡服務(wù)器根據(jù)配置規(guī)則將請(qǐng)求轉(zhuǎn)發(fā)到不同的web服務(wù)器上。

反向代理與負(fù)載均衡

nginx通常被用作后端服務(wù)器的反向代理，這樣就可以很方便的實(shí)現(xiàn)動(dòng)靜分離以及負(fù)載均衡，從而大大提高服務(wù)器的處理能力。

nginx實(shí)現(xiàn)動(dòng)靜分離，其實(shí)就是在反向代理的時(shí)候，如果是靜態(tài)資源，就直接從nginx發(fā)布的路徑去讀取，而不需要從后臺(tái)服務(wù)器獲取了。

但是要注意，這種情況下需要保證后端跟前端的程序保持一致，可以使用Rsync做服務(wù)端自動(dòng)同步或者使用NFS、MFS分布式共享存儲(chǔ)。

Http Proxy模塊，功能很多，最常用的是proxy_pass和proxy_cache

如果要使用proxy_cache，需要集成第三方的ngx_cache_purge模塊，用來(lái)清除指定的URL緩存。這個(gè)集成需要在安裝nginx的時(shí)候去做，如：

./configure --add-module=../ngx_cache_purge-1.0 ......

nginx通過(guò)upstream模塊來(lái)實(shí)現(xiàn)簡(jiǎn)單的負(fù)載均衡，upstream需要定義在http段內(nèi)

在upstream段內(nèi)，定義一個(gè)服務(wù)器列表，默認(rèn)的方式是輪詢，如果要確定同一個(gè)訪問(wèn)者發(fā)出的請(qǐng)求總是由同一個(gè)后端服務(wù)器來(lái)處理，可以設(shè)置ip_hash，如：

upstream idfsoft.com {
  ip_hash;
  server 127.0.0.1:9080 weight=5;
  server 127.0.0.1:8080 weight=5;
  server 127.0.0.1:1111;
}

注意：這個(gè)方法本質(zhì)還是輪詢，而且由于客戶端的ip可能是不斷變化的，比如動(dòng)態(tài)ip，代理，F(xiàn)Q等，因此ip_hash并不能完全保證同一個(gè)客戶端總是由同一個(gè)服務(wù)器來(lái)處理。

定義好upstream后，需要在server段內(nèi)添加如下內(nèi)容：

server {
  location / {
    proxy_pass http://idfsoft.com;
  }
}

nginx負(fù)載均衡配置

環(huán)境說(shuō)明

nginx負(fù)載均衡器使用源碼的方式安裝nginx，另外兩臺(tái)Web服務(wù)器使用yum的方式分別安裝nginx與apache服務(wù)

nginx源碼安裝可以看我的博客nginx，里面有nginx詳細(xì)的源碼安裝

修改Web服務(wù)器的默認(rèn)主頁(yè)
Web1：

[root@Web1 ~]# yum -y install httpd   //下載服務(wù)
[root@Web1 ~]# systemctl stop firewalld.service  //關(guān)閉防火墻
[root@Web1 ~]# vim /etc/selinux/config 
SELINUX=disabled
[root@Web1 ~]# setenforce 0
[root@Web1 ~]# systemctl disable --now firewalld.service 
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@Web1 ~]# cd /var/www/html/
[root@Web1 html]# ls
[root@Web1 html]# echo "apache" > index.html  //編輯內(nèi)容到網(wǎng)站里面
[root@Web1 html]# cat index.html 
apache
[root@Web1 html]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@Web1 html]# ss -antl
State      Recv-Q     Send-Q          Local Address:Port           Peer Address:Port     Process     
LISTEN     0          128                   0.0.0.0:22                  0.0.0.0:*                    
LISTEN     0          128                      [::]:22                     [::]:*                    
LISTEN     0          128                         *:80                        *:*                    

訪問(wèn):

Web2:

[root@Web2 ~]# yum -y install nginx  //下載服務(wù)
[root@Web2 ~]# systemctl stop firewalld.service //關(guān)閉防火墻 
[root@Web2 ~]# vim /etc/selinux/config 
SELINUX=disabled
[root@Web2 ~]# setenforce 0
[root@Web2 ~]# systemctl disable --now firewalld.service 
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@Web2 ~]# cd /usr/share/nginx/html/
[root@Web2 html]# ls
404.html  50x.html  index.html  nginx-logo.png  poweredby.png
[root@Web2 html]# echo "nginx" > index.html  //編輯內(nèi)容到網(wǎng)站里面
[root@Web2 html]# cat index.html 
nginx
[root@Web2 html]# systemctl enable --now nginx.service 
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@Web2 html]# ss -antl
State      Recv-Q     Send-Q          Local Address:Port           Peer Address:Port     Process     
LISTEN     0          128                   0.0.0.0:111                 0.0.0.0:*                    
LISTEN     0          128                   0.0.0.0:80                  0.0.0.0:*                    
LISTEN     0          32              192.168.122.1:53                  0.0.0.0:*                    
LISTEN     0          128                   0.0.0.0:22                  0.0.0.0:*                    
LISTEN     0          128                      [::]:111                    [::]:*                    
LISTEN     0          128                      [::]:80                     [::]:*                    
LISTEN     0          128                      [::]:22                     [::]:*                    

訪問(wèn):

開(kāi)啟nginx負(fù)載均衡和反向代理

[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
...

upstream webserver {              //http字段內(nèi)添加
    server 192.168.222.137;
    server 192.168.222.138;
}
...

 location / {               //server字段里面修改
            root   html;
             proxy_pass http://webserver;
        }

[root@nginx ~]# systemctl reload nginx.service 
//重新加載配置

測(cè)試:
在瀏覽器輸入nginx負(fù)載均衡器的IP地址


編輯nginx負(fù)載均衡器的nginx配置文件

[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
 upstream webserver {      //在http字段內(nèi)修改
    server 192.168.222.137 weight=3;
    server 192.168.222.138;
}
[root@nginx ~]# systemctl reload nginx.service 
//重新加載配置
[root@nginx ~]# curl 192.168.222.250
apache
[root@nginx ~]# curl 192.168.222.250
apache
[root@nginx ~]# curl 192.168.222.250
apache
[root@nginx ~]# curl 192.168.222.250
nginx
[root@nginx ~]# curl 192.168.222.250
apache
[root@nginx ~]# curl 192.168.222.250
apache
[root@nginx ~]# curl 192.168.222.250
apache
[root@nginx ~]# curl 192.168.222.250
nginx
//可以觀察到每訪問(wèn)三次apache就會(huì)訪問(wèn)一次nginx，意思就是配置要連續(xù)訪問(wèn)3次，才會(huì)進(jìn)行下一次輪查詢，當(dāng)集群中有配置較低，較老的服務(wù)器可以進(jìn)行使用，來(lái)減輕這些服務(wù)器的壓力。
[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
 upstream webserver {    //http字段里面進(jìn)行修改
     ip_hash; 
    server 192.168.222.137 weight=3;
    server 192.168.222.138;
}
[root@nginx ~]# systemctl reload nginx.service 
//重新加載配置
[root@nginx ~]# curl 192.168.222.250
nginx
[root@nginx ~]# curl 192.168.222.250
nginx
[root@nginx ~]# curl 192.168.222.250
nginx
[root@nginx ~]# curl 192.168.222.250
nginx
[root@nginx ~]# curl 192.168.222.250
nginx
[root@nginx ~]# curl 192.168.222.250
nginx
[root@nginx ~]# curl 192.168.222.250
nginx
//可以看見(jiàn)訪問(wèn)到的全部是nginx,因?yàn)閕p_hash配置，這條配置可以讓客戶端訪問(wèn)到服務(wù)器端，以后就一直是此服務(wù)器來(lái)進(jìn)行響應(yīng)客戶端，所以才會(huì)一直訪問(wèn)到nginx，當(dāng)然前面已經(jīng)說(shuō)過(guò)，這個(gè)方式的本質(zhì)還是輪詢，并不能保證一個(gè)客戶端總是由同一個(gè)服務(wù)器來(lái)進(jìn)行響應(yīng)

Keepalived高可用nginx負(fù)載均衡器

實(shí)驗(yàn)環(huán)境

nginx源碼安裝可以看我的博客nginx，里面有nginx詳細(xì)的源碼安裝
VIP為：192.168.222.133

修改Web服務(wù)器的默認(rèn)主頁(yè)

Web1：

[root@Web1 ~]# yum -y install httpd   //下載服務(wù)
[root@Web1 ~]# systemctl stop firewalld.service  //關(guān)閉防火墻
[root@Web1 ~]# vim /etc/selinux/config 
SELINUX=disabled
[root@Web1 ~]# setenforce 0
[root@Web1 ~]# systemctl disable --now firewalld.service 
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@Web1 ~]# cd /var/www/html/
[root@Web1 html]# ls
[root@Web1 html]# echo "apache" > index.html  //編輯內(nèi)容到網(wǎng)站里面
[root@Web1 html]# cat index.html 
apache
[root@Web1 html]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@Web1 html]# ss -antl
State      Recv-Q     Send-Q          Local Address:Port           Peer Address:Port     Process     
LISTEN     0          128                   0.0.0.0:22                  0.0.0.0:*                    
LISTEN     0          128                      [::]:22                     [::]:*                    
LISTEN     0          128                         *:80                        *:*                    

訪問(wèn):

Web2:

[root@Web2 ~]# yum -y install nginx  //下載服務(wù)
[root@Web2 ~]# systemctl stop firewalld.service //關(guān)閉防火墻 
[root@Web2 ~]# vim /etc/selinux/config 
SELINUX=disabled
[root@Web2 ~]# setenforce 0
[root@Web2 ~]# systemctl disable --now firewalld.service 
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@Web2 ~]# cd /usr/share/nginx/html/
[root@Web2 html]# ls
404.html  50x.html  index.html  nginx-logo.png  poweredby.png
[root@Web2 html]# echo "nginx" > index.html  //編輯內(nèi)容到網(wǎng)站里面
[root@Web2 html]# cat index.html 
nginx
[root@Web2 html]# systemctl enable --now nginx.service 
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@Web2 html]# ss -antl
State      Recv-Q     Send-Q          Local Address:Port           Peer Address:Port     Process     
LISTEN     0          128                   0.0.0.0:111                 0.0.0.0:*                    
LISTEN     0          128                   0.0.0.0:80                  0.0.0.0:*                    
LISTEN     0          32              192.168.122.1:53                  0.0.0.0:*                    
LISTEN     0          128                   0.0.0.0:22                  0.0.0.0:*                    
LISTEN     0          128                      [::]:111                    [::]:*                    
LISTEN     0          128                      [::]:80                     [::]:*                    
LISTEN     0          128                      [::]:22                     [::]:*                    

訪問(wèn):

開(kāi)啟nginx負(fù)載均衡和反向代理

Keepalived高可用的主節(jié)點(diǎn)的nginx是需要設(shè)置開(kāi)機(jī)自啟的
master:

[root@master ~]# systemctl status nginx.service 
● nginx.service - nginx server daemon
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2022-10-18 21:27:54 CST; 1h 1min ago
  Process: 46768 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)
 Main PID: 46769 (nginx)
    Tasks: 2 (limit: 12221)
   Memory: 2.6M
   CGroup: /system.slice/nginx.service
           ├─46769 nginx: master process /usr/local/nginx/sbin/nginx
           └─46770 nginx: worker process

Oct 18 21:27:54 nginx systemd[1]: Starting nginx server daemon...
Oct 18 21:27:54 nginx systemd[1]: Started nginx server daemon.
[root@master ~]# vim /usr/local/nginx/conf/nginx.conf
...

upstream webserver {              //http字段內(nèi)添加
    server 192.168.222.137;
    server 192.168.222.138;
}
...

 location / {               //server字段里面修改
            root   html;
            proxy_pass http://webserver;
        }

[root@master ~]# systemctl reload nginx.service 
//重新加載配置

測(cè)試:
在瀏覽器輸入nginx負(fù)載均衡器的IP地址

backup：
Keepalived高可用的備用節(jié)點(diǎn)的nginx是不設(shè)置開(kāi)機(jī)自啟的，如果開(kāi)啟的話，后面訪問(wèn)VIP的時(shí)候可能會(huì)訪問(wèn)不到，可以在需要測(cè)試的時(shí)候進(jìn)行開(kāi)啟

[root@backup ~]# systemctl status nginx.service 
● nginx.service - nginx server daemon
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2022-10-18 22:25:31 CST; 1s ago
  Process: 73641 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)
 Main PID: 73642 (nginx)
    Tasks: 2 (limit: 12221)
   Memory: 2.7M
   CGroup: /system.slice/nginx.service
           ├─73642 nginx: master process /usr/local/nginx/sbin/nginx
           └─73643 nginx: worker process

Oct 18 22:25:31 backup systemd[1]: Starting nginx server daemon...
Oct 18 22:25:31 backup systemd[1]: Started nginx server daemon.
[root@backup ~]# vim /usr/local/nginx/conf/nginx.conf
...

upstream webserver {              //http字段內(nèi)添加
    server 192.168.222.137;
    server 192.168.222.138;
}
...

 location / {               //server字段里面修改
            root   html;
            proxy_pass http://webserver;
        }
[root@backup ~]# systemctl reload nginx.service 
//重新加載一下配置

訪問(wèn):
在瀏覽器輸入nginx負(fù)載均衡器的IP地址

安裝Keepalived

master:

[root@master ~]# dnf list all |grep keepalived  //查找系統(tǒng)中是否存在其安裝包
Failed to set locale, defaulting to C.UTF-8
keepalived.x86_64                                      2.1.5-6.el8                                            AppStream 
[root@master ~]# dnf -y install keepalived

backup：

[root@backup ~]# dnf list all |grep keepalived //查找系統(tǒng)中是否存在其安裝包
Failed to set locale, defaulting to C.UTF-8
Module yaml error: Unexpected key in data: static_context [line 9 col 3]
Module yaml error: Unexpected key in data: static_context [line 9 col 3]
Module yaml error: Unexpected key in data: static_context [line 9 col 3]
Module yaml error: Unexpected key in data: static_context [line 9 col 3]
Module yaml error: Unexpected key in data: static_context [line 9 col 3]
Module yaml error: Unexpected key in data: static_context [line 9 col 3]
Module yaml error: Unexpected key in data: static_context [line 9 col 3]
Module yaml error: Unexpected key in data: static_context [line 9 col 3]
keepalived.x86_64                                                 2.1.5-6.el8                                            AppStream   
[root@backup ~]# dnf -y install keepalived

配置Keepalived

master

[root@master ~]# cd /etc/keepalived/
[root@master keepalived]# ls
keepalived.conf
[root@master keepalived]# mv keepalived.conf{,-bak}  //備份一下配置文件
[root@master keepalived]# ls
keepalived.conf-bak
[root@master keepalived]# vim keepalived.conf  //編輯一個(gè)新配置文件
[root@master keepalived]# cat keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id lb01
}

vrrp_instance VI_1 {        //這里主備節(jié)點(diǎn)需要一致
    state BACKUP
    interface ens33      //網(wǎng)卡
    virtual_router_id 51
    priority 100     //這里比備節(jié)點(diǎn)的高
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass tushanbu   //密碼(可以隨機(jī)生成)
    }
    virtual_ipaddress {
        192.168.222.133    //高可用虛擬IP（VIP）地址
    }
}

virtual_server 192.168.222.133 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

    real_server 192.168.222.250 80 {  //主節(jié)點(diǎn)ip
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.222.139 80 {   //備節(jié)點(diǎn)ip
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}
[root@master keepalived]# systemctl enable --now keepalived.service 
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.

backup:

[root@backup ~]# cd /etc/keepalived/
[root@backup keepalived]# ls
keepalived.conf
[root@backup keepalived]# mv keepalived.conf{,-bak} //備份一下配置文件
[root@backup keepalived]# ls
keepalived.conf-bak
[root@backup keepalived]# vim keepalived.conf //編輯新的配置文件
[root@backup keepalived]# cat keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id lb02    
}

vrrp_instance VI_1 {       //這里主備節(jié)點(diǎn)需要一致
    state BACKUP
    interface ens33      //網(wǎng)卡
    virtual_router_id 51
    priority 90     //這里比主節(jié)點(diǎn)的小
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass tushanbu   //密碼(可以隨機(jī)生成)
    }
    virtual_ipaddress {
        192.168.222.133    //高可用虛擬IP（VIP）地址
    }
}

virtual_server 192.168.222.133 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

    real_server 192.168.222.250 80 {   //主節(jié)點(diǎn)ip
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.222.137 80 {   //備節(jié)點(diǎn)ip
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}
[root@backup keepalived]# systemctl enable --now keepalived.service 
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.
[root@backup keepalived]# systemctl start nginx
//此時(shí)測(cè)試的時(shí)候可以開(kāi)啟nginx

查看VIP
master:

[root@master keepalived]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:0528 brd ffffff:ff
    inet 192.168.222.250/24 brd 192.168.222.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.222.133/32 scope global ens33
       valid_lft forever preferred_lft forever

backup:

[root@backup keepalived]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:31f9 brd ffffff:ff
    inet 192.168.222.139/24 brd 192.168.222.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ffaff9/64 scope link 
       valid_lft forever preferred_lft forever

//VIP在master主機(jī)上面因?yàn)樵贙eepalived配置文件里我們?cè)O(shè)置master的優(yōu)先級(jí)要比backup高一些，所以VIP在這里很正常

訪問(wèn):

master:

[root@master keepalived]# curl 192.168.222.133
apache
[root@master keepalived]# curl 192.168.222.133
nginx

此是關(guān)閉master上面的nginx和keepalived的

[root@master keepalived]# systemctl stop nginx.service 
[root@master keepalived]# systemctl stop keepalived.service 
[root@master keepalived]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:0528 brd ffffff:ff
    inet 192.168.222.250/24 brd 192.168.222.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
//此時(shí)master上面沒(méi)有VIP

backup:

[root@backup keepalived]# systemctl enable --now keepalived
[root@backup keepalived]# systemctl start nginx.service 
[root@backup keepalived]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:31f9 brd ffffff:ff
    inet 192.168.222.139/24 brd 192.168.222.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.222.133/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ffaff9/64 scope link 
       valid_lft forever preferred_lft forever
//此時(shí)backup上面出現(xiàn)VIP，備節(jié)點(diǎn)變成了主節(jié)點(diǎn)

[root@backup keepalived]# curl 192.168.222.133
apache
[root@backup keepalived]# curl 192.168.222.133
nginx

訪問(wèn):

可以看到，其中一個(gè)nginx負(fù)載均衡器掛掉了，也不會(huì)影響正常訪問(wèn)，這就是nginx負(fù)載均衡的高可用的配置

重啟master上面的nginx和keepalived

[root@master keepalived]# systemctl enable --now keepalived
[root@master keepalived]# systemctl enable --now nginx
[root@master keepalived]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:0528 brd ffffff:ff
    inet 192.168.222.250/24 brd 192.168.222.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.222.133/32 scope global ens33
       valid_lft forever preferred_lft forever
//可以發(fā)現(xiàn)VIP出現(xiàn)在master節(jié)點(diǎn)上面

編寫(xiě)腳本監(jiān)控Keepalived和nginx的狀態(tài)

master:

[root@master keepalived]# cd
[root@master ~]# mkdir /scripts
[root@master ~]# cd /scripts/
[root@master scripts]# vim check_nginx.sh
[root@master scripts]# cat check_nginx.sh
#!/bin/bash
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep 'nginx'|wc -l)
    if [ $nginx_status -lt 1 ];then
            systemctl stop keepalived
    fi
[root@master scripts]# chmod +x check_nginx.sh 
[root@master scripts]# ll
total 4
-rwxr-xr-x. 1 root root 151 Oct 19 00:32 check_nginx.sh
[root@master scripts]# vim notify.sh
[root@master scripts]# cat notify.sh 
#!/bin/bash
case "$1" in
    master)
        nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep 'nginx'|wc -l)
        if [ $nginx_status -lt 1 ];then
            systemctl start nginx
        fi
    ;;
    backup)
        nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep 'nginx'|wc -l)
        if [ $nginx_status -gt 0 ];then
            systemctl stop nginx
        fi
    ;;
    *)
         echo "Usage:$0 master|backup VIP"
    ;;
esac

[root@master scripts]# chmod +x notify.sh 
[root@master scripts]# ll
total 8
-rwxr-xr-x. 1 root root 151 Oct 19 00:32 check_nginx.sh
-rwxr-xr-x. 1 root root 399 Oct 19 00:35 notify.sh

backup:
可以先提前創(chuàng)建好存放腳本的目錄

[root@backup keepalived]# cd
[root@backup ~]# mkdir  /scripts
[root@backup ~]# cd /scripts/

從主節(jié)點(diǎn)上面將腳本到備節(jié)點(diǎn)提前創(chuàng)建好的存放目錄里面

[root@master scripts]# scp notify.sh 192.168.222.139:/scripts/
root@192.168.222.139's password: 
notify.sh                                                          100%  399   216.0KB/s   00:00    

[root@backup scripts]# ls
notify.sh
[root@backup scripts]# cat notify.sh 
#!/bin/bash
case "$1" in
    master)
        nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep 'nginx'|wc -l)
        if [ $nginx_status -lt 1 ];then
            systemctl start nginx
        fi
    ;;
    backup)
        nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep 'nginx'|wc -l)
        if [ $nginx_status -gt 0 ];then
            systemctl stop nginx
        fi
    ;;
    *)
         echo "Usage:$0 master|backup VIP"
    ;;
esac

配置keepalived加入監(jiān)控腳本的配置

master:

[root@master scripts]# cd
[root@master ~]# vim /etc/keepalived/keepalived.conf
[root@master ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
 
global_defs {
   router_id lb01
}
 
vrrp_script nginx_check{
    script "/scripts/check_nginx.sh"
    interval 5
    weight -20
}
  
vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
! Configuration File for keepalived
 
global_defs {
   router_id lb01
}
 
vrrp_script nginx_check{                                //添加
    script "/scripts/check_nginx.sh"                    //添加
    interval 1                                          //添加
    weight -20                                          //添加
}                                                       //添加
 
vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass tushanbu
    }
    virtual_ipaddress {
        192.168.222.133
    }
     track_script {                     //添加
        nginx_check                     //添加
    }                                   //添加
    notify_master "/scripts/notify.sh master"  //添加
}
virtual_server 192.168.222.133 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP
 
    real_server 192.168.222.250 80 {
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
 
    real_server 192.168.222.139 80 {
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}
[root@master ~]# systemctl restart keepalived.service 

backup:
backup無(wú)需檢測(cè)nginx是否正常，當(dāng)升級(jí)為MASTER時(shí)啟動(dòng)nginx，當(dāng)降級(jí)為BACKUP時(shí)關(guān)閉

[root@backup scripts]# cd
[root@backup ~]# vim /etc/keepalived/keepalived.conf
[root@backup ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
 
global_defs {
   router_id lb02
}
 
vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass tushanbu
    }
    virtual_ipaddress {
        192.168.222.133
    }
    notify_master "/scripts/notify.sh master"           //添加
    notify_backup "/scripts/notify.sh backup"           //添加
}
virtual_server 192.168.222.133 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP
 
    real_server 192.168.222.250 80 {
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
 
    real_server 192.168.222.139 80 {
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}
[root@backup ~]# systemctl restart keepalived.service 

測(cè)試
正常狀態(tài)運(yùn)行查看狀態(tài)

[root@master ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:2983:57 brd ffffff:ff
    inet 192.168.222.250/24 brd 192.168.222.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.222.133/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff8357/64 scope link 
       valid_lft forever preferred_lft forever
[root@master]# curl 192.168.222.133
apache
[root@master]# curl 192.168.222.133
nginx
//此時(shí)VIP在主節(jié)點(diǎn)上面

關(guān)閉master的nginx

[root@master ~]# systemctl stop nginx.service 
[root@master ~]# ss -antl
State      Recv-Q     Send-Q          Local Address:Port           Peer Address:Port     Process     
LISTEN     0          128                   0.0.0.0:22                  0.0.0.0:*                    
LISTEN     0          128                      [::]:22                     [::]:*                    
[root@master ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:0528 brd ffffff:ff
    inet 192.168.222.250/24 brd 192.168.222.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
//沒(méi)有VIP

backup:

[root@backup ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:31f9 brd ffffff:ff
    inet 192.168.222.139/24 brd 192.168.222.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.222.133/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ffaff9/64 scope link 
       valid_lft forever preferred_lft forever
[root@backup ~]# curl 192.168.222.133
apache
[root@backup ~]# curl 192.168.222.133
nginx
//備節(jié)點(diǎn)變成主機(jī)節(jié)點(diǎn)

重新開(kāi)啟master的nginx

[root@master ~]# systemctl restart keepalived.service 
[root@master ~]# systemctl restart nginx.service 
[root@master ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:2983:57 brd ffffff:ff
    inet 192.168.222.250/24 brd 192.168.222.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.222.133/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff8357/64 scope link 
       valid_lft forever preferred_lft forever
[root@master]# curl 192.168.222.133
apache
[root@master]# curl 192.168.222.133
nginx
//此時(shí)VIP重新回到master上面

審核編輯：彭菁