实施Nginx与Keepalived的双机热备高可用方案

Nginx+Keepalived双机热备技术实践是一种提高网络服务可用性的重要方案。以下是对该技术的详细实践步骤：

一、环境准备

1. 硬件与软件环境
   • 两台Linux服务器（例如CentOS 7）。
   • Nginx服务器软件。
   • Keepalived软件。
   • 一个可用的IPv4地址段（例如192.168.1.0/24）。
   • 两个不同的虚拟IP地址（VIP，例如192.168.1.100和192.168.1.101）。
2. 安装Nginx
   • 在两台服务器上分别安装Nginx。

yum install nginx -y
systemctl start nginx
systemctl enable nginx
yum install nginx -y
systemctl start nginx
systemctl enable nginx
yum install nginx -y
systemctl start nginx
systemctl enable nginx

1. 安装Keepalived
   • 在两台服务器上分别安装Keepalived。

yum install keepalived -y
systemctl start keepalived
systemctl enable keepalived
yum install keepalived -y
systemctl start keepalived
systemctl enable keepalived
yum install keepalived -y
systemctl start keepalived
systemctl enable keepalived

二、配置Nginx

1. Nginx配置文件
   • 在两台服务器上配置相同的Nginx服务，例如提供一个简单的HTTP服务。
   • 确保两台服务器的Nginx配置文件完全相同，包括文件路径和配置项。
   • Nginx配置文件示例（/etc/nginx/nginx.conf）：

user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
  worker_connections 1024;
}
http {
  server {
    listen 80;
    server_name _;
    location / {
      root /usr/share/nginx/html;
      index index.html index.htm;
      try_files $uri $uri/ =404;
    }
  }
}
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
  worker_connections 1024;
}

http {
  server {
    listen 80;
    server_name _;
    location / {
      root /usr/share/nginx/html;
      index index.html index.htm;
      try_files $uri $uri/ =404;
    }
  }
}
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
	worker_connections 1024;
}

http {
	server {
		listen 80;
		server_name _;
		location / {
			root /usr/share/nginx/html;
			index index.html index.htm;
			try_files $uri $uri/ =404;
		}
	}
}

三、配置Keepalived

1. Keepalived配置文件
   • Keepalived通过VRRP（虚拟路由器冗余协议）来实现故障转移。
   • 在两台服务器上分别配置Keepalived，并设置不同的角色（MASTER或BACKUP）。
   • Keepalived配置文件示例（/etc/keepalived/keepalived.conf）：
   Server A（MASTER）的配置：

! Configuration File for keepalived
vrrp_instance VI_1 {
  state MASTER
  interface eth0
  virtual_router_id 51
  priority 100
  advert_int 1
  virtual_ipaddress {
    192.168.1.100
  }
}
! Configuration File for keepalived
vrrp_instance VI_1 {
  state MASTER
  interface eth0
  virtual_router_id 51
  priority 100
  advert_int 1
  virtual_ipaddress {
    192.168.1.100
  }
}
! Configuration File for keepalived
vrrp_instance VI_1 {
	state MASTER
	interface eth0
	virtual_router_id 51
	priority 100
	advert_int 1
	virtual_ipaddress {
		192.168.1.100
	}
}

Server B（BACKUP）的配置：

! Configuration File for keepalived
vrrp_instance VI_1 {
  state BACKUP
  interface eth0
  virtual_router_id 51
  priority 90
  advert_int 1
  virtual_ipaddress {
    192.168.1.100
  }
}
! Configuration File for keepalived
vrrp_instance VI_1 {
  state BACKUP
  interface eth0
  virtual_router_id 51
  priority 90
  advert_int 1
  virtual_ipaddress {
    192.168.1.100
  }
}
! Configuration File for keepalived
vrrp_instance VI_1 {
	state BACKUP
	interface eth0
	virtual_router_id 51
	priority 90
	advert_int 1
	virtual_ipaddress {
		192.168.1.100
	}
}

注意：在BACKUP服务器上，将state设置为BACKUP，并将priority值降低以表明它是备服务器。同时，两台服务器的virtual_router_id必须相同。

健康检查脚本

• 可以编写一个健康检查脚本来监控Nginx的状态，并在Nginx不可用时触发Keepalived的故障转移。
• 健康检查脚本示例（/usr/local/bin/keepalived_check_nginx.sh）：

#!/bin/sh
nginxPidNum=`ps -C nginx --no-header | wc -l`
if [[ $nginxPidNum -eq 0 ]]; then
  systemctl start nginx
  if [[ `ps -C nginx --no-header | wc -l` -eq 0 ]]; then
    killall keepalived
  fi
fi
#!/bin/sh
nginxPidNum=`ps -C nginx --no-header | wc -l`
if [[ $nginxPidNum -eq 0 ]]; then
  systemctl start nginx
  if [[ `ps -C nginx --no-header | wc -l` -eq 0 ]]; then
    killall keepalived
  fi
fi
#!/bin/sh
nginxPidNum=`ps -C nginx --no-header | wc -l`
if [[ $nginxPidNum -eq 0 ]]; then
	systemctl start nginx
	if [[ `ps -C nginx --no-header | wc -l` -eq 0 ]]; then
		killall keepalived
	fi
fi

• 将脚本添加到Keepalived的配置中：

vrrp_script chk_nginx {
  script "/usr/local/bin/keepalived_check_nginx.sh"
  interval 2
  weight 2
}
vrrp_script chk_nginx {
  script "/usr/local/bin/keepalived_check_nginx.sh"
  interval 2
  weight 2
}
vrrp_script chk_nginx {
	script "/usr/local/bin/keepalived_check_nginx.sh"
	interval 2
	weight 2
}

• 并在vrrp_instance部分调用该脚本：

track_script {
  chk_nginx
}
track_script {
  chk_nginx
}
track_script {
	chk_nginx
}

四、启动和监控

1. 启动Keepalived
   • 在两台服务器上分别启动Keepalived。

systemctl start keepalived
systemctl start keepalived
systemctl start keepalived

1. 监控Keepalived状态
   • 可以使用以下命令查看Keepalived的状态和日志信息：

systemctl status keepalived.service -l
journalctl -u keepalived.service -f
tail -f /var/log/messages | grep Keepalived
systemctl status keepalived.service -l
journalctl -u keepalived.service -f
tail -f /var/log/messages | grep Keepalived
systemctl status keepalived.service -l
journalctl -u keepalived.service -f
tail -f /var/log/messages | grep Keepalived

五、测试双机热备

1. 访问测试
   • 通过VIP访问Nginx服务，验证双机热备是否正常工作。
   • 在主服务器（MASTER）上，VIP应该能够正常访问Nginx服务。
   • 停止主服务器上的Nginx或Keepalived服务，模拟故障情况。
   • 验证备服务器（BACKUP）是否成功接管VIP，并继续提供服务。
2. 恢复测试
   • 启动主服务器上的Nginx和Keepalived服务。
   • 验证主服务器是否重新获得VIP（如果配置了抢占模式）。

通过以上步骤，可以在Nginx环境中成功部署Keepalived双机热备方案，提高网络服务的可用性和稳定性。