diff --git a/src/ngx_http_upstream_check_module/check_1.20.1+.patch b/src/ngx_http_upstream_check_module/check_1.20.1+.patch new file mode 100644 index 0000000..7e18510 --- /dev/null +++ b/src/ngx_http_upstream_check_module/check_1.20.1+.patch @@ -0,0 +1,240 @@ +diff --git a/src/http/modules/ngx_http_upstream_hash_module.c b/src/http/modules/ngx_http_upstream_hash_module.c +index e741eb23..d7d288d9 100644 +--- a/src/http/modules/ngx_http_upstream_hash_module.c ++++ b/src/http/modules/ngx_http_upstream_hash_module.c +@@ -9,6 +9,9 @@ + #include + #include ++#if (NGX_HTTP_UPSTREAM_CHECK) ++#include "ngx_http_upstream_check_module.h" ++#endif + + typedef struct { + uint32_t hash; +@@ -238,6 +241,14 @@ ngx_http_upstream_get_hash_peer(ngx_peer_connection_t *pc, void *data) + goto next; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, ++ "get hash peer, check_index: %ui", peer->check_index); ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ goto next; ++ } ++#endif ++ + if (peer->max_fails + && peer->fails >= peer->max_fails + && now - peer->checked <= peer->fail_timeout) +@@ -560,6 +571,15 @@ ngx_http_upstream_get_chash_peer(ngx_peer_connection_t *pc, void *data) + continue; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, ++ "get consistent_hash peer, check_index: %ui", ++ peer->check_index); ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ continue; ++ } ++#endif ++ + if (peer->server.len != server->len + || ngx_strncmp(peer->server.data, server->data, server->len) + != 0) +diff --git a/src/http/modules/ngx_http_upstream_ip_hash_module.c b/src/http/modules/ngx_http_upstream_ip_hash_module.c +index 1fa01d95..366aca9a 100644 +--- a/src/http/modules/ngx_http_upstream_ip_hash_module.c ++++ b/src/http/modules/ngx_http_upstream_ip_hash_module.c +@@ -9,6 +9,9 @@ + #include + #include + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++#include "ngx_http_upstream_check_module.h" ++#endif + + typedef struct { + /* the round robin data must be first */ +@@ -208,6 +211,15 @@ ngx_http_upstream_get_ip_hash_peer(ngx_peer_connection_t *pc, void *data) + goto next; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, ++ "get ip_hash peer, check_index: %ui", ++ peer->check_index); ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ goto next; ++ } ++#endif ++ + if (peer->max_fails + && peer->fails >= peer->max_fails + && now - peer->checked <= peer->fail_timeout) +diff --git a/src/http/modules/ngx_http_upstream_least_conn_module.c b/src/http/modules/ngx_http_upstream_least_conn_module.c +index ebe06276..35250354 100644 +--- a/src/http/modules/ngx_http_upstream_least_conn_module.c ++++ b/src/http/modules/ngx_http_upstream_least_conn_module.c +@@ -9,6 +9,9 @@ + #include + #include + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++#include "ngx_http_upstream_check_module.h" ++#endif + + static ngx_int_t ngx_http_upstream_init_least_conn_peer(ngx_http_request_t *r, + ngx_http_upstream_srv_conf_t *us); +@@ -147,6 +150,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data) + continue; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, ++ "get least_conn peer, check_index: %ui", ++ peer->check_index); ++ ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ continue; ++ } ++#endif ++ + if (peer->max_fails + && peer->fails >= peer->max_fails + && now - peer->checked <= peer->fail_timeout) +@@ -202,6 +215,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data) + continue; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, ++ "get least_conn peer, check_index: %ui", ++ peer->check_index); ++ ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ continue; ++ } ++#endif ++ + if (peer->conns * best->weight != best->conns * peer->weight) { + continue; + } +diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c +index 1f15fae5..d507a0e3 100644 +--- a/src/http/ngx_http_upstream_round_robin.c ++++ b/src/http/ngx_http_upstream_round_robin.c +@@ -9,6 +9,9 @@ + #include + #include + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++#include "ngx_http_upstream_check_module.h" ++#endif + + #define ngx_http_upstream_tries(p) ((p)->tries \ + + ((p)->next ? (p)->next->tries : 0)) +@@ -104,6 +107,15 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf, + peer[n].down = server[i].down; + peer[n].server = server[i].name; + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ if (!server[i].down) { ++ peer[n].check_index = ++ ngx_http_upstream_check_add_peer(cf, us, &server[i].addrs[j]); ++ } else { ++ peer[n].check_index = (ngx_uint_t) NGX_ERROR; ++ } ++#endif ++ + *peerp = &peer[n]; + peerp = &peer[n].next; + n++; +@@ -174,6 +186,16 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf, + peer[n].down = server[i].down; + peer[n].server = server[i].name; + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ if (!server[i].down) { ++ peer[n].check_index = ++ ngx_http_upstream_check_add_peer(cf, us, &server[i].addrs[j]); ++ } ++ else { ++ peer[n].check_index = (ngx_uint_t) NGX_ERROR; ++ } ++#endif ++ + *peerp = &peer[n]; + peerp = &peer[n].next; + n++; +@@ -241,6 +263,9 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf, + peer[i].max_conns = 0; + peer[i].max_fails = 1; + peer[i].fail_timeout = 10; ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ peer[i].check_index = (ngx_uint_t) NGX_ERROR; ++#endif + *peerp = &peer[i]; + peerp = &peer[i].next; + } +@@ -358,6 +383,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t *r, + peer[0].max_conns = 0; + peer[0].max_fails = 1; + peer[0].fail_timeout = 10; ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ peer[0].check_index = (ngx_uint_t) NGX_ERROR; ++#endif + peers->peer = peer; + + } else { +@@ -392,6 +420,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t *r, + peer[i].max_conns = 0; + peer[i].max_fails = 1; + peer[i].fail_timeout = 10; ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ peer[i].check_index = (ngx_uint_t) NGX_ERROR; ++#endif + *peerp = &peer[i]; + peerp = &peer[i].next; + } +@@ -457,6 +488,12 @@ ngx_http_upstream_get_round_robin_peer(ngx_peer_connection_t *pc, void *data) + goto failed; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ goto failed; ++ } ++#endif ++ + rrp->current = peer; + + } else { +@@ -551,6 +588,12 @@ ngx_http_upstream_get_peer(ngx_http_upstream_rr_peer_data_t *rrp) + continue; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ continue; ++ } ++#endif ++ + if (peer->max_fails + && peer->fails >= peer->max_fails + && now - peer->checked <= peer->fail_timeout) +diff --git a/src/http/ngx_http_upstream_round_robin.h b/src/http/ngx_http_upstream_round_robin.h +index 922ceaa0..14d8ad86 100644 +--- a/src/http/ngx_http_upstream_round_robin.h ++++ b/src/http/ngx_http_upstream_round_robin.h +@@ -38,6 +38,10 @@ struct ngx_http_upstream_rr_peer_s { + ngx_msec_t slow_start; + ngx_msec_t start_time; + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ ngx_uint_t check_index; ++#endif ++ + ngx_uint_t down; + + #if (NGX_HTTP_SSL || NGX_COMPAT) diff --git a/src/网关灾备/keepalived(backup).conf b/src/网关灾备/keepalived(backup).conf new file mode 100644 index 0000000..4de7fd8 --- /dev/null +++ b/src/网关灾备/keepalived(backup).conf @@ -0,0 +1,42 @@ +vim /etc/keepalived/keepalived.conf + +! Configuration File for keepalived +global_defs { + notification_email { + acassen@firewall.loc + failover@firewall.loc + sysadmin@firewall.loc + } + notification_email_from Alexandre.Cassen@firewall.loc + smtp_server 192.168.200.1 + smtp_connect_timeout 30 + router_id LVS_DEVEL + vrrp_skip_check_adv_addr + vrrp_garp_interval 0 + vrrp_gna_interval 0 +} +vrrp_script nginx_check { + script "/tools/nginx_check.sh" + interval 1 +} +vrrp_instance VI_1 { + state BACKUP + interface ens33 + virtual_router_id 52 + priority 99 + advert_int 1 + authentication { + auth_type PASS + auth_pass test + } + virtual_ipaddress { + 192.168.149.100 + } + track_script { + nginx_check + } + notify_master /tools/master.sh + notify_backup /tools/backup.sh + notify_fault /tools/fault.sh + notify_stop /tools/stop.sh +} \ No newline at end of file diff --git a/src/网关灾备/keepalived(master).conf b/src/网关灾备/keepalived(master).conf new file mode 100644 index 0000000..8c88581 --- /dev/null +++ b/src/网关灾备/keepalived(master).conf @@ -0,0 +1,42 @@ +vim /etc/keepalived/keepalived.conf + +! Configuration File for keepalived +global_defs { + notification_email { + acassen@firewall.loc + failover@firewall.loc + sysadmin@firewall.loc + } + notification_email_from Alexandre.Cassen@firewall.loc + smtp_server 192.168.200.1 + smtp_connect_timeout 30 + router_id LVS_DEVEL + vrrp_skip_check_adv_addr + vrrp_garp_interval 0 + vrrp_gna_interval 0 +} +vrrp_script nginx_check { + script "/tools/nginx_check.sh" + interval 1 +} +vrrp_instance VI_1 { + state MASTER + interface ens33 + virtual_router_id 52 + priority 100 + advert_int 1 + authentication { + auth_type PASS + auth_pass test + } + virtual_ipaddress { + 192.168.149.100 + } + track_script { + nginx_check + } + notify_master /tools/master.sh + notify_backup /tools/backup.sh + notify_fault /tools/fault.sh + notify_stop /tools/stop.sh +} \ No newline at end of file diff --git a/src/网关灾备/ngx_check.sh b/src/网关灾备/ngx_check.sh new file mode 100644 index 0000000..9e44f37 --- /dev/null +++ b/src/网关灾备/ngx_check.sh @@ -0,0 +1,15 @@ +#!/bin/bash +#上面这句注释不可删除 +#检查是否有nginx相关的进程 +A=`ps -C nginx --no-header |wc -l` +#如果没有 +if [ $A -eq 0 ];then + # 重启nginx,延迟2秒 + service nginx restart + sleep 2 + # 重新检查是否有nginx相关的进程 + if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then + # 仍然没有nginx相关的进程,杀死当前keepalived,切换到备用机 + killall keepalived + fi +fi diff --git a/src/网关灾备/远程控制虚拟机获取主备信息.py b/src/网关灾备/远程控制虚拟机获取主备信息.py new file mode 100644 index 0000000..5fee1f2 --- /dev/null +++ b/src/网关灾备/远程控制虚拟机获取主备信息.py @@ -0,0 +1,63 @@ +import paramiko + +def main(): + # 创建SSH对象 + ssh = paramiko.SSHClient() + ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) + + # 连接服务器 + ssh.connect(hostname='192.168.111.138', port=22, username='xumingyang', password='185102') + + # 执行命令获取keepalived状态 + stdin, stdout, stderr = ssh.exec_command('systemctl status keepalived.service') + + # 获取命令输出 + keepalived_state = stdout.read().decode('utf-8') + + # print(keepalived_state) + + # 执行命令获取ip状态 + stdin1, stdout1, stderr1 = ssh.exec_command('ip a') + + # 获取命令输出 + ip_a = stdout1.read().decode('utf-8') + + print(ip_a) + # 关闭连接 + ssh.close() + + ssh.connect(hostname='192.168.111.132', port=22, username='xumingyang', password='252237') + + # 执行命令获取keepalived状态 + stdin2, stdout2, stderr2 = ssh.exec_command('systemctl status keepalived.service') + + # 获取命令输出 + keepalived_state1 = stdout2.read().decode('utf-8') + + # print(keepalived_state1) + + # 执行命令获取ip状态 + stdin3, stdout3, stderr3 = ssh.exec_command('ip a') + + # 获取命令输出 + ip_a1 = stdout3.read().decode('utf-8') + + print(ip_a1) + # 关闭连接 + ssh.close() + + + virtual_ip = '192.168.111.139' + if virtual_ip in ip_a: + message='192.168.111.138 is Master' + else: + message='192.168.111.138 is Backup' + + if virtual_ip not in ip_a1: + message2='192.168.111.132 is Backup' + else: + message2='192.168.111.132 is Master' + return message+' '+message2 + +if __name__ == '__main__': + main() \ No newline at end of file