Nginx+Keepalived高可用架构简述（beta)

架构简述

利用Keepalived构建虚拟VIP地址，通过访问虚拟ip链接nginx服务器打通外部访问链路；

利用Keepalived探活机制，切换可用服务，保证Nginx服务高可用；

服务器架构图

 //todo 添加keepalived工作原理简介

nginx+keepalived基础环境构建 

1台访问者主机+2台服务主机（一台master、一台backup）

1，利用docker构建nginx+keepalived镜像，通过运行多镜像方式模拟多台服务主机；

2，基于逻辑手动按照nginx+keepalived服务；具体安装流程不做介绍

Keepalived相关配置

1,keepalived基础配置文件（/etc/keepalived/keepalived.conf ）

global_defs {
   router_id NKEEP_MASTER       #唯一标识，不能重复
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 1
   vrrp_gna_interval 1
}

vrrp_script chk_nginx {         
    script "/etc/keepalived/chk_nginx.sh"   
    interval 2             
}

vrrp_instance VI_1 {
    state MASTER   #备机为BACKUP
    interface eth0  #所属网络
    virtual_router_id 51
    priority 100  #权重，当state相同时以优先级高的当临时主机
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.17.0.100 #vip虚拟地址
    }
    track_script {
       chk_nginx #调用执行脚本的函数，上面已经定义该函数
    }
}

2,检查nginx运行情况的脚本（/etc/keepalived/chk_nginx.sh）

#!/bin/bash
run=`ps -C nginx --no-header | wc -l`
if [ $run -eq 0 ]; then
    systemctl stop start
    sleep 3
    if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then
        systemctl stop keepalived
    fi
fi

注：脚本需要授权命令如下：

chmod +x /etc/keepalived/chk_nginx.sh

 

高可用验证

两台主机：

keepalived MASTER ip=172.17.0.5 

keepalived BACKUP ip=172.17.0.2

虚拟IP(VIP) = 172.17.0.100 

为了便于识别信息，将两台nginx的index.html内容稍作变动，用于区分访问哪台服务器的nginx；

场景一，MASTER 和BACKUP都正常运行

操作：正常启动nginx和keepalived，保证在正常运转

MASTER主机绑定了虚拟IP172.17.0.100 

root@be4a8ad7d75c:/etc/keepalived# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0
3: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:05 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.5/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 172.17.0.100/32 scope global eth0
       valid_lft forever preferred_lft forever

BACKUP 没有绑定虚拟IP（虚拟IP只能绑定一台主机）

root@631558884d6d:/etc/keepalived# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0
3: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

此时访问172.17.0.100指向MASTER主机nginx

root@0f2e35110ab4:/# curl 172.17.0.100

省略
<h1>Welcome to nginx! +keepalived-master </h1>
省略

场景二，MASTER异常，BACKUP正常

操作：关闭MASTER主机上的nginx；命令：systemctl stop nginx ; BACKUP主机不动

MASTER主机未绑定虚拟ip

root@be4a8ad7d75c:/etc/keepalived# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0
3: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:05 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.5/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

BACKUP主机绑定了虚拟IP（172.17.0.100）

root@631558884d6d:/var/log# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0
3: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 172.17.0.100/32 scope global eth0
       valid_lft forever preferred_lft forever

此时访问172.17.0.100 指向 backup主机的nginx

root@0f2e35110ab4:/# curl 172.17.0.100
省略
<h1>Welcome to nginx! +keepalived-backup </h1>
省略

场景三，MASTER恢复正常，BAKCUP不动（接场景二的操作）

操作：收到告警通知后手动启动nginx和keepalived，命令如下

　　systemctl start nginx

      systemctl start keepalived 

     正常启动服务恢复后，变成场景一的模式；虚拟IP回到MASTER主机上，BACKUP主机自动解绑虚拟IP；

 参考：

1，keepalived官网以及配置说明：https://www.keepalived.org/manpage.html

2，VRRP介绍：https://baike.baidu.com/item/%E8%99%9A%E6%8B%9F%E8%B7%AF%E7%94%B1%E5%99%A8%E5%86%97%E4%BD%99%E5%8D%8F%E8%AE%AE/2991482 

3，nginx官网：http://nginx.org/