一、结构及环境
1.1 环境介绍
操作系统:centos7
nginx+keepalived:106.53.73.200 master
nginx+keepalived:182.254.184.102 backup
VIP:106.53.73.222 负载均衡器上配置的域名都解析到这个VIP上
1.2 环境安装
PS:两台服务器都需安装nginx和keepalived(nginx已经安装,这里不作解释)
安装依赖:
# yum -y install gcc pcre-devel zlib-devel openssl-devel
关闭selinux和防火墙:
# 查看selinux # getenforce Disabled # 设置selinux(临时修改) # setenforce 0 # 永久修改(写进配置文件,重启服务器生效) # vim /etc/sysconfig/selinux SELINUX=enforcing 改为 SELINUX=disabled
# 查看状态(关闭只需将status改为stop即可) # systemctl status firewalld
下载最新安装包:
# wget https://www.keepalived.org/software/keepalived-2.0.19.tar.gz [root@VM_0_10_centos tmp]# tar -zxvf keepalived-2.0.19.tar.gz [root@VM_0_10_centos tmp]# cd keepalived-2.0.19/ [root@VM_0_10_centos keepalived-2.0.19]# ./configure
出现以下错误,是没有安装依赖包,安装依赖包即可
[root@VM_0_10_centos keepalived-2.0.19]# yum -y install libnl libnl-devel
[root@VM_0_10_centos keepalived-2.0.19]# yum -y install libnfnetlink-devel
再次编译安装即可:
[root@VM_0_10_centos keepalived-2.0.19]# make && make install
加入到系统启动服务:
# 将nginx和keepalived加入到开机自启 [root@VM_0_10_centos keepalived-2.0.19]# cp -r /tmp/keepalived-2.0.19/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/ [root@VM_0_10_centos keepalived-2.0.19]# cp -r /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ [root@VM_0_10_centos keepalived-2.0.19]# mkdir /etc/keepalived [root@VM_0_10_centos keepalived-2.0.19]# cp -r /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/ [root@VM_0_10_centos keepalived-2.0.19]# cp -r /usr/local/sbin/keepalived /usr/sbin/ [root@VM_0_10_centos keepalived-2.0.19]# echo "/usr/local/nginx/sbin/nginx" >> /etc/rc.local [root@VM_0_10_centos keepalived-2.0.19]# echo "/etc/init.d/keepalived start" >> /etc/rc.local
1.3 配置nginx服务
参考博客:https://blog.csdn.net/u012599988/article/details/82152224
配置文件接入:
[root@centos6-1 conf]# vim /usr/local/nginx/conf/nginx.conf user www; worker_processes 8; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 65535; } http { include mime.types; default_type application/octet-stream; charset utf-8; ###### ## set access log format ###### log_format main '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_cookie" $host $request_time'; ####### ## http setting ####### sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; #便于测试,缓存功能先取消 #proxy_cache_path /var/www/cache levels=1:2 keys_zone=mycache:20m max_size=2048m inactive=60m; #proxy_temp_path /var/www/cache/tmp; fastcgi_connect_timeout 3000; fastcgi_send_timeout 3000; fastcgi_read_timeout 3000; fastcgi_buffer_size 256k; fastcgi_buffers 8 256k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; client_header_timeout 600s; client_body_timeout 600s; # client_max_body_size 50m; client_max_body_size 100m; #允许客户端请求的最大单个文件字节数 client_body_buffer_size 256k; #缓冲区代理缓冲请求的最大字节数,可以理解为先保存到本地再传给用户 gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 9; gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php; gzip_vary on; ## includes vhosts include vhosts/*.conf; }
[root@centos6-1 conf]# mkdir /usr/local/nginx/conf/vhosts [root@centos6-1 conf]# mkdir /var/www/cache [root@centos6-1 conf]# ulimit 65535 [root@centos6-1 conf]# cd vhosts/ [root@centos6-1 vhosts]# vim LB.conf upstream LB-WWW { ip_hash; server 192.168.139.129:8080 max_fails=3 fail_timeout=30s; #max_fails = 3 为允许失败的次数,默认值为1 server 192.168.139.130:8080 max_fails=3 fail_timeout=30s; #fail_timeout = 30s 当max_fails次失败后,暂停将请求分发到该后端服务器的时间 } server { listen 80; server_name dev.hanginx.com; access_log /usr/local/nginx/logs/dev-access.log; error_log /usr/local/nginx/logs/dev-error.log; location / { proxy_pass http://LB-WWW; proxy_redirect off ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; #跟后端服务器连接超时时间,发起握手等候响应时间 proxy_send_timeout 300; #后端服务器回传时间,就是在规定时间内后端服务器必须传完所有数据 proxy_read_timeout 600; #连接成功后等待后端服务器的响应时间,已经进入后端的排队之中等候处理 proxy_buffer_size 256k; #代理请求缓冲区,会保存用户的头信息以供nginx进行处理 proxy_buffers 4 256k; #同上,告诉nginx保存单个用几个buffer最大用多少空间 proxy_busy_buffers_size 256k; #如果系统很忙时候可以申请最大的proxy_buffers proxy_temp_file_write_size 256k; #proxy缓存临时文件的大小 proxy_next_upstream error timeout invalid_header http_500 http_503 http_404; proxy_max_temp_file_size 128m; # proxy_cache mycache; proxy_cache_valid 200 302 60m; proxy_cache_valid 404 1m; } }
在两个tomcat服务下创建index文件进行测试,通过ip访问如下(需重启nginx和tomcat服务)
自己本人的配置文件是在nginx.conf配置文件中配置的,而不是通过include接入的方式:
[root@VM_0_10_centos ~]# less /usr/local/nginx/conf/nginx.conf #user nobody; user apache apache; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #便于测试,缓存功能先取消 #proxy_cache_path /var/www/cache levels=1:2 keys_zone=mycache:20m max_size=2048m inactive=60m; #proxy_temp_path /var/www/cache/tmp; client_max_body_size 100m; #允许客户端请求的最大单个文件字节数 client_body_buffer_size 256k; #缓冲区代理缓冲请求的最大字节数,可以理解为先保存到本地再传给用户 #gzip on; #20190827添加 upstream testTomcat{ #设置分权,权重越高优先访问 server 106.53.73.200:8888 weight=1; server 182.254.184.102:8888 weight=1; } server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; #所有请求都在这里去找分配 location / { #root html; index index.html index.htm index.php; #使用test分配规则,即刚刚自定义添加的upstream节点 proxy_pass http://testTomcat/test/; # proxy_pass http://testTomcat/; proxy_redirect off ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; #跟后端服务器连接超时时间,发起握手等候响应时间 proxy_send_timeout 300; #后端服务器回传时间,就是在规定时间内后端服务器必须传完所有数据 proxy_read_timeout 600; #连接成功后等待后端服务器的响应时间,已经进入后端的排队之中等候处理 proxy_buffer_size 256k; #代理请求缓冲区,会保存用户的头信息以供nginx进行处理 proxy_buffers 4 256k; #同上,告诉nginx保存单个用几个buffer最大用多少空间 proxy_busy_buffers_size 256k; #如果系统很忙时候可以申请最大的proxy_buffers proxy_temp_file_write_size 256k; #proxy缓存临时文件的大小 proxy_next_upstream error timeout invalid_header http_500 http_503 http_404; proxy_max_temp_file_size 128m; # proxy_cache mycache; proxy_cache_valid 200 302 60m; proxy_cache_valid 404 1m; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ .php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ .php$ { root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /.ht { # deny all; #} }
1.4 配置keepalived服务
配置之前需要配置好邮件服务,当然,不配置邮件服务也没影响
mail配置参考博客:https://www.cnblogs.com/HeiDi-BoKe/p/11883323.html
master服务(106.53.73.200)配置:
# 修改之前先备份 [root@VM_0_10_centos ~]# cd /etc/keepalived/ [root@VM_0_10_centos keepalived]# pwd /etc/keepalived [root@VM_0_10_centos keepalived]# cp -r keepalived.conf keepalived.conf.bak [root@VM_0_10_centos keepalived]# less keepalived.conf ! Configuration File for keepalived global_defs { notification_email { # 指定keepalived在发生事件时(比如切换)发送通知邮件的邮箱 acassen@firewall.loc # 设置报警邮件地址,可以设置多个,每行一个。 需开启本机的sendmail服务 failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc # keepalived在发生诸如切换操作时需要发送email通知地址 smtp_server 192.168.200.1 # 指定发送email的smtp服务器 smtp_connect_timeout 30 # 设置连接smtp server的超时时间 router_id MASTER-200 # 运行keepalived的机器的一个标识,通常可设为hostname。故障发生时,发邮件时显示在邮件主题中的信息。 vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } #调用 shell 脚本对 haproxy 服务进行监控 vrrp_script check_pid { script "/etc/keepalived/check_pid.sh /var/run/nginx/nginx.pid" interval 2 # 检测间隔 weight -5 # 权重起伏 fall 2 # 检测连续2次失败才算确定是真失败。会用weight减少优先级(1-255之间) rise 1 # 检测1次成功就算成功。但不修改优先级 } vrrp_instance VI_1 { state MASTER # 指定keepalived的角色,MASTER表示此主机是主服务器,BACKUP表示此主机是备用服务器。注意这里的state指定instance(Initial)的初始状态,就是 说在配置好后,这台服务器的初始状态就是这里指定的,但这里指定的不算,还是得要通过竞选通过优先级来确定。如果这里设置为MASTER,但如若他的优先级不及另外一台,那么这台在发送通告时,会发送自己的优先级,另外一台发现优先级不如自己的高,那么他会就回抢占为MASTER interface eth0 # 指定HA监测网络的接口。实例绑定的网卡,因为在配置虚拟IP的时候必须是在已有的网卡上添加的 # mcast_src_ip 172.16.0.10/20 # 发送多播数据包时的源IP地址,这里注意了,这里实际上就是在哪个地址上发送VRRP通告,这个非常重要,一定要选择稳定的网卡端口 来发送,这里相当于heartbeat的心跳端口,如果没有设置那么就用默认的绑定的网卡的IP,也就是interface指定的IP地址 virtual_router_id 79 # 虚拟路由标识,这个标识是一个数字,同一个vrrp实例使用唯一的标识。即同一vrrp_instance下,MASTER和BACKUP必须是一致的 priority 101 # 定义优先级,数字越大,优先级越高,在同一个vrrp_instance下,MASTER的优先级必须大于BACKUP的优先级 advert_int 1 # 设定MASTER与BACKUP负载均衡器之间同步检查的时间间隔,单位是秒 authentication { # 设置验证类型和密码。主从必须一样 auth_type PASS # 设置vrrp验证类型,主要有PASS和AH两种 auth_pass keepalived } virtual_ipaddress { #VRRP HA 虚拟地址 如果有多个VIP,继续换行填写 172.16.0.222/20 brd 172.16.15.255 } #服务端口监控 track_script { check_pid } }
[root@VM_0_10_centos keepalived]# less check_pid.sh #!/bin/bash #keepalived 根据进程 Pid 监控服务脚本 # #使用方法: #vrrp_script check_pid {#创建一个vrrp_script脚本,检查配置 # script "/etc/keepalived/check_pid.sh /var/run/nginx.pid" #配置需要监控进程的PID 文件完整路径 # interval 2 #检查脚本的频率,单位(秒) # weight -5 #权重起伏 #} PidPath=$1 echo $PidPath if [ -e $PidPath ];then echo "$PidPath is run !!!" exit 0; else echo "$PidPath File does not exist !!!" exit -1; fi
backup服务(182.254.184.102)配置:
[root@VM_0_16_centos tomcat-8.5.45]# cd /etc/keepalived/ [root@VM_0_16_centos keepalived]# ls keepalived.conf [root@VM_0_16_centos keepalived]# pwd /etc/keepalived [root@VM_0_16_centos keepalived]# cp -r keepalived.conf keepalived.conf.bak [root@VM_0_16_centos keepalived]# cp /thyclient/keepalived.conf . cp: overwrite ‘./keepalived.conf’? y [root@VM_0_16_centos keepalived]# less keepalived.conf ! Configuration File for keepalived global_defs { notification_email { # 指定keepalived在发生事件时(比如切换)发送通知邮件的邮箱 acassen@firewall.loc # 设置报警邮件地址,可以设置多个,每行一个。 需开启本机的sendmail服务 failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc # keepalived在发生诸如切换操作时需要发送email通知地址 smtp_server 192.168.200.1 # 指定发送email的smtp服务器 smtp_connect_timeout 30 # 设置连接smtp server的超时时间 router_id MASTER-200 # 运行keepalived的机器的一个标识,通常可设为hostname。故障发生时,发邮件时显示在邮件主题中的信息。 vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } #调用 shell 脚本对 haproxy 服务进行监控 vrrp_script check_pid { script "/etc/keepalived/check_pid.sh /var/run/nginx/nginx.pid" interval 2 # 检测间隔 weight -5 # 权重起伏 fall 2 # 检测连续2次失败才算确定是真失败。会用weight减少优先级(1-255之间) rise 1 # 检测1次成功就算成功。但不修改优先级 } vrrp_instance VI_1 { state MASTER # 指定keepalived的角色,MASTER表示此主机是主服务器,BACKUP表示此主机是备用服务器。注意这里的state指定instance(Initial)的初始状态,就是 说在配置好后,这台服务器的初始状态就是这里指定的,但这里指定的不算,还是得要通过竞选通过优先级来确定。如果这里设置为MASTER,但如若他的优先级不及另外一台,那么这台在发送通告时,会发送自己的优先级,另外一台发现优先级不如自己的高,那么他会就回抢占为MASTER interface eth0 # 指定HA监测网络的接口。实例绑定的网卡,因为在配置虚拟IP的时候必须是在已有的网卡上添加的 # mcast_src_ip 172.16.0.10/20 # 发送多播数据包时的源IP地址,这里注意了,这里实际上就是在哪个地址上发送VRRP通告,这个非常重要,一定要选择稳定的网卡端口 来发送,这里相当于heartbeat的心跳端口,如果没有设置那么就用默认的绑定的网卡的IP,也就是interface指定的IP地址 virtual_router_id 79 # 虚拟路由标识,这个标识是一个数字,同一个vrrp实例使用唯一的标识。即同一vrrp_instance下,MASTER和BACKUP必须是一致的 priority 101 # 定义优先级,数字越大,优先级越高,在同一个vrrp_instance下,MASTER的优先级必须大于BACKUP的优先级 advert_int 1 # 设定MASTER与BACKUP负载均衡器之间同步检查的时间间隔,单位是秒 authentication { # 设置验证类型和密码。主从必须一样 auth_type PASS # 设置vrrp验证类型,主要有PASS和AH两种 auth_pass keepalived } virtual_ipaddress { #VRRP HA 虚拟地址 如果有多个VIP,继续换行填写 172.16.0.222/20 brd 172.16.15.255 } #服务端口监控 track_script { check_pid } }
1.5 配置好之后验证keepalived
1)先后在master、slave服务器上启动nginx和keepalived,保证这两个服务都正常开启:
[root@VM_0_10_centos keepalived]# /usr/local/nginx/sbin/nginx -s reload [root@VM_0_10_centos keepalived]# /etc/init.d/keepalived restart
这里使用ip a查看vip、地址,并没有显示
解决:将keepalived.conf文件中的virtual_router_id参数设置成其它即可,如:79、89、101。只要取值范围在取值0-255就行。(我这里是改为了79,上面配置文件中也已修改)
然后重启keepalived服务即可
2)查看backup服务的vip地址(目前是没有的)
我们将master服务的keepalived服务停止,看下backup主机的vip地址是否漂移过去
[root@VM_0_10_centos keepalived]# /etc/init.d/keepalived stop Stopping keepalived (via systemctl): [ OK ]
master主机的vip地址已经没有了
在backup主机上查看,此时从服务已经接管
参考博客
https://blog.csdn.net/u012599988/article/details/82152224
https://blog.csdn.net/weixin_30354675/article/details/99052381