下面主要讲解使用keepalived进行虚拟IP切换,加上nginx和tomcat实现负载均衡,并且在切换的时候以非抢占模式,master宕机后backup会在监听心跳时间内马上接管虚拟IP,实现无缝对接永不停机,当master恢复时也不用抢占ip,避免切换频繁影响使用
关于nginx搭建可参考 http://blog.csdn.net/liqi_q/article/details/72965128
关于jdk安装可参考 http://blog.csdn.net/liqi_q/article/details/72963947
Keeplive的下载地址:http://www.keepalived.org/download.html
首先列举我的两台虚拟机
A:192.168.40.142 web-nginx端口 9999 tomcat:http://192.168.40.142:8881/
B:192.168.40.166 web-nginx端口 9999 tomcat:http://192.168.40.166:8883/
共享IP:192.168.40.234用于keepalive切换使用
首先在两台虚拟机上部署一台tomcat配置调用端口如上
配置nginx服务以负载均衡调用到具体服务器的tomcat
tomcat主要更改conf/server.xml的端口和访问项目添加的标签
redirectPort="8443"
maxThreads="1000"
minSpareThreads="100"
maxSpareThreads="1000"
minProcessors="100"
maxProcessors="1000"
compression="on"
compressionMinSize="2048"
acceptCount="1000"
maxKeepAliveRequests="1" />
访问到web项目不需要这个
web项目LyDemo.war里面主要只是一个默认访问首页展示tomcat和当前服务器的IP地址
根据nginx自动检测脚本控制keepalive是否停止依据shell脚本来监听的
/root/check_nginx.sh脚本添加到定时任务执行器中
*/1 * * * * /root/check_nginx.sh>>/root/check_nginx.log
定时任务时间格式为: 分 时 日 月 年 周配置,这条配置的意思是1分钟执行一次
关于定时任务crontab可参考:http://www.cnblogs.com/xd502djj/p/4292781.html
下面我们贴出来我的nginx的主配置信息
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#负载均衡
upstream tomcat {
server 127.0.0.1:8881 weight=1;
#server 192.168.40.204:8882 weight=1;
#server 192.168.40.219:8883 weight=1;
}
server {
listen 9999;
server_name localhost;
location / {
root html;
index index.html index.htm;
proxy_pass http://tomcat;
proxy_redirect default;
}
#静态资源
location /image/ {
root /data/server/smb/;
autoindex on;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
安装keepalive
yum -y install kernel-devel*
yum -y install openssl-*
yum -y install popt-devel
yum -y install lrzsz
yum -y install openssh-clients
yum -y install libnl libnl-devel popt
yum install -y libnfnetlink-devel
yum -y install libnl libnl-devel
tar -zxvf keepalived-1.2.15.tar.gz
cd keepalived-1.2.15
./configure --prefix=/
make && make install
默认安装完成后会在/etc/keepalived/keepalived.conf 主要文件配置内容如下
主服务在142上state MASTER,备服务为state BACKUP ,备机的priority一定要小于主的50左右
#ConfigurationFile for keepalived
global_defs {
#notification_email { ######定义接受邮件的邮箱
# [email protected]
#}
#notification_email_from [email protected] ######定义发送邮件的邮箱
#smtp_server mail.tuge.com
#smtp_connect_timeout 10
}
vrrp_script check_nginx { ######定义监控nginx的脚本
script "/root/check_nginx.sh"
interval 1 ######监控时间间隔
weight 2 ######负载参数
}
vrrp_instance vrrptest { ######定义vrrptest实例
state BACKUP ######服务器状态
nopreempt #非抢占模式
interface eth0 ######使用的接口
virtual_router_id 51 ######虚拟路由的标志,一组lvs的虚拟路由标识必须相同,这样才能切换
priority 100 ######服务启动优先级,值越大,优先级越高,BACKUP 不能大于MASTER
advert_int 1 ######服务器之间的存活检查时间
track_script { ######执行监控nginx进程的脚本
check_nginx
}
virtual_ipaddress { ######虚拟IP地址
192.168.40.234
}
}
VRRP包的源地址是本机地址,目的地址为224.0.0.18(多播地址);IP协议号为112;IP包的TTL值为255。
防火墙规则/etc/sysconfig/iptables添加开放vrrp组播:
-A INPUT -i eth0 -p 112 -j ACCEPT
允许组播(两台设备上都需要执行)
iptables -A INPUT -d 224.0.0.18 -j ACCEPT
或修改/etc/sysconfig/iptables适当位置添加行:
-A INPUT -d 224.0.0.18 -j ACCEPT
添加共享虚拟IP
-A INPUT –d 192.168.40.234/32 –j ACCEPT
service iptables restart重启防火墙
测试方法就是使用命令停止nginx 机器上的keepalive也就会停止,然后使用
Ip add 查看服务器的虚拟IP是否进行了切换,service keepalived start 、top来直接停止服务,虚拟IP也会进行直接切换
关于keepalived需要在/etc/init.d目录下创建执行文件方可执行start 、stop等快捷命令cat /etc/init.d/keepalived文件内容如下:
#!/bin/sh
#
# Startup script for the Keepalived daemon
#
# processname: keepalived
# pidfile: /var/run/keepalived.pid
# config: /etc/keepalived/keepalived.conf
# chkconfig: - 21 79
# description: Start and stop Keepalived
# Source function library
. /etc/rc.d/init.d/functions
# Source configuration file (we set KEEPALIVED_OPTIONS there)
. /etc/sysconfig/keepalived
RETVAL=0
prog="keepalived"
start() {
echo -n $"Starting $prog: "
daemon keepalived ${KEEPALIVED_OPTIONS}
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
}
stop() {
echo -n $"Stopping $prog: "
killproc keepalived
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
}
reload() {
echo -n $"Reloading $prog: "
killproc keepalived -1
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
fi
;;
status)
status keepalived
RETVAL=$?
;;
*)
echo "Usage: $0 {start|stop|reload|restart|condrestart|status}"
RETVAL=1
esac
exit $RETVAL
防火墙主要添加内容如下:
添加在22端口之前
-A INPUT -i eth0 -p 112-j ACCEPT
添加在COMMIT之前
-A INPUT -d 192.168.40.234/32 -j ACCEPT
-A INPUT -d 224.0.0.18 -j ACCEPT