Keepalived+Nginx 实现负载均衡高可用
keepalived 简介
keepalived 用来防止服务器的单节点故障通过配合nginx 来实现WEB前端的高可用,keepalived是基于VRRP协议为实现基础的VRRP用于实现路由器冗余的协议VRRP将两台或者多台设备虚拟成一台设备对外提供一个虚拟IP (VIP) ,当一台服务器宕机了可以实现IP地址间的漂移,备用服务器继续提供服务
实验要求:通过keepalived + nginx,实现负载均衡高可用,当keepalived-master宕机后,keepalived-slave可以继续提供服务转发WEB的请求
实验环境
| 服务器主机名 | IP地址 | VIP |
|---|---|---|
| keepalived-master | 192.168.169.10 | 192.168.169.130 |
| keepalived-backup | 192.168.169.20 | 192.168.169.130 |
| nginx-server | 192.168.169.50 |
在所有服务器上做以下操做
安装yum源
[root@nginx-server ~]# cd /etc/yum.repos.d/
[root@nginx-server yum.repos.d]# curl -o CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
[root@nginx-server yum.repos.d]# sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@nginx-server yum.repos.d]# sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@nginx-server yum.repos.d]# yum -y install epel-release
关闭防火墙,关闭selinux
[root@nginx-server ~]# systemctl stop firewalld
[root@nginx-server ~]# systemctl disable firewalld
[root@nginx-server ~]# setenforce 0
[root@nginx-server ~]# sed -ri 's/(^SELINUX=).*/\1disabled/g' /etc/selinux/config
在nginx-server上部署nginx
安装Nginx
创建系统用户和组
[root@nginx-server ~]# groupadd -r nginx
[root@nginx-server ~]# useradd -r -M -s /sbin/nologin -g nginx nginx
安装依赖环境
[root@nginx-server ~]# yum -y install pcre-devel openssl openssl-devel gd-devel
安装开发包
[root@nginx-server ~]# yum -y groups mark install 'Development Tools'
建立存放日志目录,并且修改属主和属组
[root@nginx-server ~]# mkdir -p /var/log/nginx
[root@nginx-server ~]# chown -R nginx.nginx /var/log/nginx
下载nginx
[root@nginx-server src]# yum install vim wget -y
[root@nginx-server src]# wget http://nginx.org/download/nginx-1.12.0.tar.gz
编译安装nginx
[root@nginx-server nginx-1.12.0]# tar xf nginx-1.12.0.tar.gz
[root@nginx-server nginx-1.12.0]# cd nginx-1.12.0
[root@nginx-server nginx-1.12.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log
[root@nginx-server nginx-1.12.0]# make && make install
nginx安装之后的配置
加入环境变量
[root@nginx-server ~]# echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
[root@nginx-server ~]# . /etc/profile.d/nginx.sh
启动nginx
[root@nginx-server ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
修改网页内容做一个测试页面
[root@nginx-server ~]# cat /usr/local/nginx/html/index.html
cccccccccccccccccccccccccccccccccc
在浏览器上验证
在keepalived-master和keepalived-backup上部署nginx反向代理和负载均衡
下载nginx,并启动
[root@keepalived-master ~]# yum install nginx -y
[root@keepalived-master ~]# nginx
[root@keepalived-master ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
在nginx上配置负载均衡和反向代理
[root@keepalived-master ~]# vim /etc/nginx/nginx.conf
upstream web {
server 192.168.169.50;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://web;
}
重新加载nginx配置文件
[root@keepalived-master ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@keepalived-master ~]# nginx -s reload
浏览器上测试
keepalived-master 和 keepalived-backup 上做相同的部署
部署keepalived
下载keepalived 所需要的开发包
[root@keepalived-master src]# yum install popt-devel openssl-devel -y
编译安装keepalived
[root@keepalived-master keepalived-1.2.7]# cd keepalived-1.2.7
[root@keepalived-master keepalived-1.2.7]# ./configure --prefix=/usr/local/keepalived
[root@keepalived-master keepalived-1.2.7]# make && make install
使用keepalived 的默认安装路径,现在是/usr/local/,复制默认配置文件到默认路径
[root@keepalived-master ~]# mkdir /etc/keepadlived
[root@keepalived-master etc]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
复制keepalived 的服务脚本到默认的位置
[root@keepalived-master ~]# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@keepalived-master ~]# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@keepalived-master ~]# ln -s /usr/local/sbin/keepalived /usr/sbin/
[root@keepalived-master ~]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
设置keep alived的开机自启动
[root@keepalived-master ~]# chkconfig keepalived on
配置keepalived 的配置文件
Master 配置文件
[root@keepalived-master ~]# vim /etc/keepadlived/keepalived.conf
! Configuration File for keepalived
global_defs {
[email protected] //建议使用监控邮件 SMTP
}
notification_email_from [email protected]
router_id keepalived-master 本节点的标识,建议使用hostname
}
vrrp_script chk_nginx {
script " /etc/keepalived/nginx_check.sh" //检测nginx的脚本路径
interval 2 //检测时间间隔
weiht -20 //如果条件成立权重减20
}
vrrp_instance VI_1 { // VI_1 为虚拟路由标识符,自己定义
state MASTER //主节点为master ,被节点为backup
interface ens32 //绑定虚拟IP的网络接口,与本机的网卡相同
virtual_router_id 10 //虚拟路由的ID号,与备节点一致
priority 100 //节点优先级,范围0~254,master必须比backup要高
advert_int 1 //组播信息放送间隔,两个接点必须设置一致
authentication { //设置的验证信息
auth_type PASS
auth_pass 1111 //两个节点必须一致
}
virtual_ipaddress {
192.168.169.130/24 虚拟IP,又称为VIP 两节点必须一致
}
}
Backup 配置文件
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id keepalived-backup
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 20
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.169.130
}
}
编写Nginx状态检测脚本
编写 Nginx 状态检测脚本 /etc/keepalived/nginx_check.sh (已在 keepalived.conf 中配置)脚本要求:如果 nginx 停止运行,尝试启动,如果无法启动则杀死本机的 keepalived 进程, keepalied将虚拟 ip 绑定到 BACKUP 机器上
[root@keepalived-master ~]# vim /etc/keepalived/nginx_check.sh
#!/bin/bashA=`ps -C nginx –no-header |wc -l`if [ $A -eq 0 ];then/usr/local/nginx/sbin/nginx
sleep 2
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived
fi
fi
保存后给执行权限
[root@keepalived-master ~]# chmod +x /etc/keepadlived/nginx_check.sh
启动keepalived
[root@keepalived-master ~]# service keepalived start
Starting keepalived (via systemctl): [ OK ]
查看keepalived-master 的ip
[root@keepalived-master ~]# ip a
2: ens32: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:0c:29:74:4e:ae brd ff:ff:ff:ff:ff:ff
inet 192.168.169.10/24 brd 192.168.169.255 scope global ens32
valid_lft forever preferred_lft forever
inet 192.168.169.130/24 scope global secondary ens32
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe74:4eae/64 scope link
valid_lft forever preferred_lft forever
验证,访问虚拟IP
停止keepalived-master 服务
[root@keepalived-master ~]# service keepalived stop
Stopping keepalived (via systemctl): [ OK ]
在keepalived-backup 上实现了,ip地址间的漂移
[root@keepalived-backup ~]# ip a
2: ens33: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:0c:29:d4:bc:ce brd ff:ff:ff:ff:ff:ff
inet 192.168.169.20/24 brd 192.168.169.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.169.130/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fed4:bcce/64 scope link
valid_lft forever preferred_lft forever
keepalived-master 服务恢复后,master会抢占ip地址
[root@keepalived-master ~]# service keepalived start
Starting keepalived (via systemctl): [ OK ]
[root@keepalived-master ~]# ip a
2: ens32: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:0c:29:74:4e:ae brd ff:ff:ff:ff:ff:ff
inet 192.168.169.10/24 brd 192.168.169.255 scope global ens32
valid_lft forever preferred_lft forever
inet 192.168.169.130/24 scope global secondary ens32
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe74:4eae/64 scope link
valid_lft forever preferred_lft forever