keepalived+nginx双机热备+负载均衡
最近因业务扩展，需要将当前的apache 转为nginx(web), 再在web前端放置nginx(负载均衡)。同时结合keepalived 对前端nginx实现HA。 nginx进程基于于Master+Slave(worker)多进程模型，自身具有非常稳定的子进程管理功能。在Master进程分配模式下，Master进程永远不进行业务处理，只是进行任务分发，从而达到Master进程的存活高可靠性，Slave(worker)进程所有的业务信号都 由主进程发出，Slave(worker)进程所有的超时任务都会被Master中止，属于非阻塞式任务模型。 Keepalived是Linux下面实现VRRP 备份路由的高可靠性运行件。基于Keepalived设计的服务模式能够真正做到主服务器和备份服务器故障时IP瞬间无缝交接。二者结合，可以构架出比较稳定的软件lb方案。

准备4台电脑来做这个实验:
192.168.232.132        web服务器 192.168.232.133        web服务器 192.168.232.134        keepalived nginx 192.168.232.135        keepalived nginx
虚拟IP (VIP)：192.168.232.16

134\135两个主机配置虚拟IP

下面以135为例：
vi /etc/sysconfig/network-scripts/ifcfg-eth2:0

[plain] view plaincopy print?

1. DEVICE=eth2:0
2. TYPE=Ethernet
3. ONBOOT=yes
4. BOOTPROTO=static
5. DNS1=192.168.232.2
6. IPADDR=192.168.232.16
7. NETMASK=255.255.255.0
8. GETWAY=192.168.232.2

DEVICE=eth2:0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
DNS1=192.168.232.2
IPADDR=192.168.232.16
NETMASK=255.255.255.0
GETWAY=192.168.232.2

service network restart
使用ifconfig查看效果：

[plain] view plaincopy print?

1. eth2      Link encap:Ethernet  HWaddr 00:0C:29:49:90:5B
2. inet addr:192.168.232.135  Bcast:192.168.232.255  Mask:255.255.255.0
3. inet6 addr: fe80::20c:29ff:fe49:905b/64 Scope:Link
4. UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
5. RX packets:66322 errors:0 dropped:0 overruns:0 frame:0
6. TX packets:31860 errors:0 dropped:0 overruns:0 carrier:0
7. collisions:0 txqueuelen:1000
8. RX bytes:67624991 (64.4 MiB)  TX bytes:2723877 (2.5 MiB)
9. Interrupt:19 Base address:0x2000
10. eth2:0    Link encap:Ethernet  HWaddr 00:0C:29:49:90:5B
11. inet addr:192.168.232.16  Bcast:192.168.232.255  Mask:255.255.255.0
12. UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
13. Interrupt:19 Base address:0x2000
14. lo        Link encap:Local Loopback
15. inet addr:127.0.0.1  Mask:255.0.0.0
16. inet6 addr: ::1/128 Scope:Host
17. UP LOOPBACK RUNNING  MTU:16436  Metric:1
18. RX packets:22622 errors:0 dropped:0 overruns:0 frame:0
19. TX packets:22622 errors:0 dropped:0 overruns:0 carrier:0
20. collisions:0 txqueuelen:0
21. RX bytes:1236328 (1.1 MiB)  TX bytes:1236328 (1.1 MiB)

eth2      Link encap:Ethernet  HWaddr 00:0C:29:49:90:5B  inet addr:192.168.232.135  Bcast:192.168.232.255  Mask:255.255.255.0inet6 addr: fe80::20c:29ff:fe49:905b/64 Scope:LinkUP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1RX packets:66322 errors:0 dropped:0 overruns:0 frame:0TX packets:31860 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000RX bytes:67624991 (64.4 MiB)  TX bytes:2723877 (2.5 MiB)Interrupt:19 Base address:0x2000eth2:0    Link encap:Ethernet  HWaddr 00:0C:29:49:90:5B  inet addr:192.168.232.16  Bcast:192.168.232.255  Mask:255.255.255.0UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1Interrupt:19 Base address:0x2000lo        Link encap:Local Loopback  inet addr:127.0.0.1  Mask:255.0.0.0inet6 addr: ::1/128 Scope:HostUP LOOPBACK RUNNING  MTU:16436  Metric:1RX packets:22622 errors:0 dropped:0 overruns:0 frame:0TX packets:22622 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0RX bytes:1236328 (1.1 MiB)  TX bytes:1236328 (1.1 MiB)

说明生效了。

134\135两个主机安装keepalived和nginx

nginx安装：
1、导入外部软件库 rpm -Uvh http://dl.iuscommunity.org/pub/ius/stable/Redhat/6/i386/epel-release-6-5.noarch.rpm rpm -Uvh http://dl.iuscommunity.org/pub/ius/stable/Redhat/6/i386/ius-release-1.0-10.ius.el6.noarch.rpm rpm -Uvh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm 以下添加注释 mirrorlist=http://dmirr.iuscommunity.org/mirrorlist?repo=ius-el6&arch=$basearch 以下删除注释 #baseurl=http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/$basearch 2、yum安装nginx yum install nginx
keepalived安装：
安装依赖 yum -y install gcc gcc+ gcc-c++ yum install popt-devel openssl openssl-devel libssl-dev libnl-devel popt-devel
安装内核 yum -y install kernel kernel-devel 当前kernel代码建立连接 ln -s /usr/src/kerners/2.6....../ /usr/src/linux
安装keepalived wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz tar -zxvf keepalived-1.2.2.tar.gz   cd keepalived-1.2.2   ./configure   make   make install   
拷贝相应的文件
cp /usr/local/sbin/keepalived /usr/sbin/ cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/   cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/   cp -r /usr/local/etc/keepalived/ /etc/

配置keeplived和nginx主机

134/135执行都执行以下操作： vi /etc/nginx/conf.d/default.conf

[plain] view plaincopy print?

1. server {
2. listen       8088;
3. server_name  localhost;
4. location / {
5. root   /var/www/html;
6. index  index.html index.htm;
7. }
8. error_page   500 502 503 504  /50x.html;
9. location = /50x.html {
10. root   /usr/share/nginx/html;
11. }
12. }

server {listen       8088;server_name  localhost;location / {root   /var/www/html;index  index.html index.htm;}error_page   500 502 503 504  /50x.html;location = /50x.html {root   /usr/share/nginx/html;}
}

135执行以下操作： vi /var/www/html/index.html

[plain] view plaincopy print?

1. <html>
2. <head>
3. <title>Welcome to nginx!</title>
4. </head>
5. <body bgcolor="white" text="black">
6. <center><h1>Welcome to nginx! 192.168.232.135</h1></center>
7. </body>
8. </html>

<html>
<head>
<title>Welcome to nginx!</title>
</head>
<body bgcolor="white" text="black">
<center><h1>Welcome to nginx! 192.168.232.135</h1></center>
</body>
</html>

134执行以下操作： vi /var/www/html/index.html

[plain] view plaincopy print?

1. <html>
2. <head>
3. <title>Welcome to nginx!</title>
4. </head>
5. <body bgcolor="white" text="black">
6. <center><h1>Welcome to nginx! 192.168.232.134</h1></center>
7. </body>
8. </html>

<html>
<head>
<title>Welcome to nginx!</title>
</head>
<body bgcolor="white" text="black">
<center><h1>Welcome to nginx! 192.168.232.134</h1></center>
</body>
</html>

134执行以下操作： vi /etc/keepalived/keepalived.conf

[plain] view plaincopy print?

1. ! Configuration File for keepalived
2. global_defs {
3. notification_email {
4. #acassen@firewall.loc
5. #failover@firewall.loc
6. #sysadmin@firewall.loc
7. }
8. #notification_email_from Alexandre.Cassen@firewall.loc
9. #smtp_server 192.168.200.1
10. #smtp_connect_timeout 30
11. router_id LVS_DEVEL
12. }
13. vrrp_script chk_http_port {
14. script "</dev/tcp/127.0.0.1/8088"
15. interval 1
16. weight -2
17. }
18. vrrp_instance VI_1 {
19. state MASTER
20. interface eth2
21. virtual_router_id 51
22. priority 100
23. advert_int 1
24. authentication {
25. auth_type PASS
26. auth_pass 1111
27. }
28. virtual_ipaddress {
29. 192.168.232.16
30. }
31. track_script {
32. chk_http_port
33. }
34. }

! Configuration File for keepalivedglobal_defs {notification_email {#acassen@firewall.loc#failover@firewall.loc#sysadmin@firewall.loc}#notification_email_from Alexandre.Cassen@firewall.loc#smtp_server 192.168.200.1#smtp_connect_timeout 30router_id LVS_DEVEL
}vrrp_script chk_http_port {script "</dev/tcp/127.0.0.1/8088"interval 1weight -2
}vrrp_instance VI_1 {state MASTERinterface eth2virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.232.16}track_script {chk_http_port}
}   

135执行以下操作： vi /etc/keepalived/keepalived.conf

[plain] view plaincopy print?

1. ! Configuration File for keepalived
2. global_defs {
3. notification_email {
4. #acassen@firewall.loc
5. #failover@firewall.loc
6. #sysadmin@firewall.loc
7. }
8. #notification_email_from Alexandre.Cassen@firewall.loc
9. #smtp_server 192.168.200.1
10. #smtp_connect_timeout 30
11. router_id LVS_DEVEL
12. }
13. vrrp_script chk_http_port {
14. script "</dev/tcp/127.0.0.1/8088"
15. interval 1
16. weight -2
17. }
18. vrrp_instance VI_1 {
19. state BACKUP
20. interface eth2
21. virtual_router_id 51
22. priority 99
23. advert_int 1
24. authentication {
25. auth_type PASS
26. auth_pass 1111
27. }
28. virtual_ipaddress {
29. 192.168.232.16
30. }
31. track_script {
32. chk_http_port
33. }
34. }

! Configuration File for keepalivedglobal_defs {notification_email {#acassen@firewall.loc#failover@firewall.loc#sysadmin@firewall.loc}#notification_email_from Alexandre.Cassen@firewall.loc#smtp_server 192.168.200.1#smtp_connect_timeout 30router_id LVS_DEVEL
}vrrp_script chk_http_port {script "</dev/tcp/127.0.0.1/8088"interval 1weight -2
}vrrp_instance VI_1 {state BACKUPinterface eth2virtual_router_id 51priority 99advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.232.16}track_script {chk_http_port}
}

Tips：
state   参数值：主的是MASTER、备用的是BACKUP priority 参数值： MASTER > BACKUP virtual_router_id： 参数值要一样

测试测试：

两台测试机134\135均启动keepalived和nginx service keepalived restart service keepalived nginx
验证nginx启动正常： 访问 master：http://192.168.232.134:8088/ 访问 backup: http://192.168.232.135:8088/
查看keepalived的日志信息：
134\135均打开日志信息方便查看keepalived动态： tail -f /var/log/messages
浏览器打开虚拟ip访问：http://192.168.232.16:8080/ ，此时显示IP为192.168.232.134

服务器层的双机热备（比如服务器宕机、keepalived宕了）测试：

kill 192.168.232.134（master) 的keepalived进程 killall keepalived 134的日志信息如下：

[plain] view plaincopy print?

1. Jun 11 18:03:10 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.232.16
2. Jun 11 18:03:15 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.232.16
3. Jun 11 19:30:44 localhost Keepalived: Terminating on signal
4. Jun 11 19:30:44 localhost Keepalived: Stopping Keepalived v1.2.2 (06/10,2014)
5. Jun 11 19:30:44 localhost Keepalived_vrrp: Terminating VRRP child process on signal
6. Jun 11 19:30:44 localhost Keepalived_healthcheckers: Terminating Healthchecker child process on signal

Jun 11 18:03:10 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.232.16
Jun 11 18:03:15 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.232.16
Jun 11 19:30:44 localhost Keepalived: Terminating on signal
Jun 11 19:30:44 localhost Keepalived: Stopping Keepalived v1.2.2 (06/10,2014)
Jun 11 19:30:44 localhost Keepalived_vrrp: Terminating VRRP child process on signal
Jun 11 19:30:44 localhost Keepalived_healthcheckers: Terminating Healthchecker child process on signal

135的日志信息如下：

[plain] view plaincopy print?

1. Jun 11 19:30:50 localhost Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.
2. Jun 11 19:30:50 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16
3. Jun 11 19:30:50 localhost Keepalived_healthcheckers: Netlink reflector reports IP 192.168.232.16 added
4. Jun 11 19:30:55 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16

Jun 11 19:30:50 localhost Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.
Jun 11 19:30:50 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16
Jun 11 19:30:50 localhost Keepalived_healthcheckers: Netlink reflector reports IP 192.168.232.16 added
Jun 11 19:30:55 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16

刷新http://192.168.232.16:8080/ ， 此时显示IP为192.168.232.135。
再次启动192.168.232.134的keepalived进程，192.168.232.134会自动接管成为master，192.168.232.135自动转为backup，从测试结果看，备机能成功接管，已经实现了热备。

应用层（web）的双机热备（比如nginx进程被意外kill、web端口不通）试验：

关闭192.168.232.134（master) 的nginx服务： service nginx stop
134的日志信息如下：

[plain] view plaincopy print?

1. Jun 11 19:38:49 localhost Keepalived_vrrp: VRRP_Script(chk_http_port) failed
2. Jun 11 19:38:51 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Received higher prio advert
3. Jun 11 19:38:51 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Entering BACKUP STATE
4. Jun 11 19:38:51 localhost Keepalived_vrrp: VRRP_Instance(VI_1) removing protocol VIPs.
5. Jun 11 19:38:51 localhost Keepalived_healthcheckers: Netlink reflector reports IP 192.168.232.16 removed

Jun 11 19:38:49 localhost Keepalived_vrrp: VRRP_Script(chk_http_port) failed
Jun 11 19:38:51 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Received higher prio advert
Jun 11 19:38:51 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Entering BACKUP STATE
Jun 11 19:38:51 localhost Keepalived_vrrp: VRRP_Instance(VI_1) removing protocol VIPs.
Jun 11 19:38:51 localhost Keepalived_healthcheckers: Netlink reflector reports IP 192.168.232.16 removed

135的日志信息如下：

[plain] view plaincopy print?

1. Jun 11 19:38:52 localhost Keepalived_vrrp: VRRP_Instance(VI_1) forcing a new MASTER election
2. Jun 11 19:38:53 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE
3. Jun 11 19:38:54 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE
4. Jun 11 19:38:54 localhost Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.
5. Jun 11 19:38:54 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16
6. Jun 11 19:38:54 localhost Keepalived_healthcheckers: Netlink reflector reports IP 192.168.232.16 added
7. Jun 11 19:38:59 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16

Jun 11 19:38:52 localhost Keepalived_vrrp: VRRP_Instance(VI_1) forcing a new MASTER election
Jun 11 19:38:53 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE
Jun 11 19:38:54 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE
Jun 11 19:38:54 localhost Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.
Jun 11 19:38:54 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16
Jun 11 19:38:54 localhost Keepalived_healthcheckers: Netlink reflector reports IP 192.168.232.16 added
Jun 11 19:38:59 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16

刷新http://192.168.232.16:8080/ ， 此时显示IP为192.168.232.135。
再次启动192.168.232.134的nginx进程，192.168.232.134会自动接管成为master，192.168.232.135自动转为backup，从测试结果看，备机能成功接管，已经实现了热备。

为什么主备的参数state都是MASTER，对的你没有看错确实要都设置成一样的，不然并不能实现我们想要的VIP漂浮的效果，我测试很久才发现的.state都设置成MASTER后，会根据priority的值大小竞争来决定谁是真正的MASTER，脚本检测也是在失败的时候会把权重减去相应的值，比如原来master（181）的priority=100，如果脚本检测到端口8088无法连接，就会priority-2=98，< S-B（150）的priority（99），此时 S-B（150） 将竞争成为master，这样就实现了web应用的热备。

如果以上实验都没有问题了，那么就该nginx负载均衡的配置了，配置修改参见如下：http://blog.csdn.NET/e421083458/article/details/30086413