keepalive+nginx 热备跟负载均衡

结构图

keepalived配置

master跟backup除了state跟优先级，其它一样，优先级master需大于backup

! Configuration File for keepalived

global_defs {
   notification_email {
     #acassen@firewall.loc
     #failover@firewall.loc
     #sysadmin@firewall.loc
   }
   #notification_email_from Alexandre.Cassen@firewall.loc
   #smtp_server 192.168.200.1
   #smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_script chk_nginx {         
    script "/etc/keepalived/chk_nginx.sh"   
    interval 2             
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens192
    virtual_router_id 51
    priority 30
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.233
    }
    notify_master "/usr/bin/python2.7 /etc/keepalived/send.py XXX@qq.com 报！222成为主机！ 报！222成为主机！"
    notify_fault "/usr/bin/python2.7 /etc/keepalived/send.py XXX@qq.com 报！222已挂！ 10.0.0.222故障！请尽快修复！"
    track_script {
      chk_nginx                 
    }    
}

其中检测nginx状态的脚本如下，当发现自身nginx没有运行，杀掉keepalived的进程

脚本运行不了可能是centos shell运行报语法错误: 未预期的文件结尾

#!/bin/bash
run=`ps -C nginx --no-header | wc -l`
if [ $run -eq 0 ]; then
    /usr/local/nginx/sbin/nginx -s stop
    /usr/local/nginx/sbin/nginx
    sleep 3
    if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then
        systemctl stop keepalived
    fi
fi

其中，调用python发送邮件的代码

# coding=utf-8
import smtplib,sys
from email.mime.text import MIMEText

class Msmtp():
    def __init__(self, target, subject, content):#收件人、标题、内容
        self.msg_from = '发出邮件的邮箱'
        self.password = '邮箱的授权码'
        self.sender = smtplib.SMTP_SSL("smtp.qq.com", 465)
        self.msg_to = target
        self.subject = subject
        self.content = content

    def _login(self):
        self.sender.login(self.msg_from, self.password)

    def _msg(self):
        self.msg = MIMEText(self.content)
        self.msg['Subject'] = self.subject
        self.msg['From'] = self.msg_from
        self.msg['To'] = self.msg_to

    def send_mail(self):
        self._login()
        self._msg()
        self.sender.sendmail(self.msg_from, self.msg_to, self.msg.as_string())
        self.sender.quit()



if __name__ == '__main__':
    a = Msmtp(sys.argv[1], sys.argv[2], sys.argv[3])
    a.send_mail()

nginx配置

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    upstream hello1 {#负载均衡
        server 10.0.0.111:6666 max_fails=3 fail_timeout=3600s;#后台有问题3600s内不访问
        server 10.0.0.222:6666 max_fails=3 fail_timeout=3600s;#后台性能瓶颈的话直接在此加后台
        #server 10.0.0.18:80 max_fails=3 fail_timeout=3600s;#可直接转发到nginx或者tomcat等其他服务器上
    }

    server {
        listen       80;
        server_name  localhost;

        charset utf-8;

        location / {
            root   html;
            index  index.html index.htm;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    server {
        listen       666;
        server_name  10.0.0.233;#监听虚拟IP

        charset utf-8;
        
        location /{
            root   html;
            index  index.html index.htm;
        }
        location /hello{
            proxy_pass   http://hello1/hello;
        }
    }
}

测试后台代码

# encoding=utf8
from flask import Flask, request


app = Flask(__name__)
app.app_context().push()


@app.route('/hello')
def hello():
    ip = request.remote_addr
        return 'hello world<br/>我是10.0.0.222<br/>访问者IP为: '+ip


def runFlask(port):
    app.run(host='0.0.0.0',port=port)
    CORS(app, supports_credentials=True)


if '__main__' == __name__:
    runFlask(6666)

 检测数据包代码

tcpdump -nn -c 20 -i any host 224.0.0.18

测试（我是xxx，是后台ip，访问者ip为nginx ip）

1. 10.0.0.111跟10.0.0.222均开启nginx及keepalived，虚拟ip在111上，随机访问后台

2. 10.0.0.111关掉nginx，关掉keepalived(模拟启动nginx失败场景)，虚拟ip转到222上，随机访问后台，并且收到ip转移邮件

/usr/local/nginx/sbin/nginx -s stop

systemctl stop keepalived

 

3. 关掉10.0.0.111上的后台，只访问222的后台，速度正常

 4.启动10.0.0.111上的nginx跟keepalived,虚拟ip重回111