zoukankan      html  css  js  c++  java

  • 【nginx+keepalived】nginx+keepalived搭建高可用

    一、结构及环境

    1.1 环境介绍

    操作系统:centos7

    nginx+keepalived:106.53.73.200  master

    nginx+keepalived:182.254.184.102  backup

    VIP:106.53.73.222  负载均衡器上配置的域名都解析到这个VIP上

    1.2 环境安装

    PS:两台服务器都需安装nginx和keepalived(nginx已经安装,这里不作解释)

    安装依赖:

    # yum -y install gcc pcre-devel zlib-devel openssl-devel

    关闭selinux和防火墙:

    # 查看selinux
# getenforce 
Disabled

# 设置selinux(临时修改)
# setenforce 0

# 永久修改(写进配置文件,重启服务器生效)
# vim /etc/sysconfig/selinux
SELINUX=enforcing 改为 SELINUX=disabled
    # 查看状态(关闭只需将status改为stop即可)
# systemctl  status firewalld

    下载最新安装包:

    # wget https://www.keepalived.org/software/keepalived-2.0.19.tar.gz
[root@VM_0_10_centos tmp]# tar -zxvf keepalived-2.0.19.tar.gz
[root@VM_0_10_centos tmp]# cd keepalived-2.0.19/
[root@VM_0_10_centos keepalived-2.0.19]# ./configure

    出现以下错误,是没有安装依赖包,安装依赖包即可

    [root@VM_0_10_centos keepalived-2.0.19]# yum -y install libnl libnl-devel
    [root@VM_0_10_centos keepalived-2.0.19]# yum -y install libnfnetlink-devel

    再次编译安装即可:

    [root@VM_0_10_centos keepalived-2.0.19]# make && make install

    加入到系统启动服务:

    # 将nginx和keepalived加入到开机自启
[root@VM_0_10_centos keepalived-2.0.19]# cp -r /tmp/keepalived-2.0.19/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/
[root@VM_0_10_centos keepalived-2.0.19]# cp -r /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@VM_0_10_centos keepalived-2.0.19]# mkdir /etc/keepalived
[root@VM_0_10_centos keepalived-2.0.19]# cp -r /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
[root@VM_0_10_centos keepalived-2.0.19]# cp -r /usr/local/sbin/keepalived /usr/sbin/
[root@VM_0_10_centos keepalived-2.0.19]# echo "/usr/local/nginx/sbin/nginx" >> /etc/rc.local 
[root@VM_0_10_centos keepalived-2.0.19]# echo "/etc/init.d/keepalived start" >> /etc/rc.local

    1.3 配置nginx服务

    参考博客:https://blog.csdn.net/u012599988/article/details/82152224

    配置文件接入:

    [root@centos6-1 conf]# vim /usr/local/nginx/conf/nginx.conf
user  www;
worker_processes  8;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections  65535;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    charset utf-8;

    ######
    ## set access log format
    ######
    log_format  main  '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_cookie" $host $request_time';
    #######
    ## http setting
    #######
    sendfile       on;
    tcp_nopush     on;
    tcp_nodelay    on;
    keepalive_timeout  65;
    #便于测试,缓存功能先取消
    #proxy_cache_path /var/www/cache levels=1:2 keys_zone=mycache:20m max_size=2048m inactive=60m;
    #proxy_temp_path /var/www/cache/tmp;

    fastcgi_connect_timeout 3000;
    fastcgi_send_timeout 3000;
    fastcgi_read_timeout 3000;
    fastcgi_buffer_size 256k;
    fastcgi_buffers 8 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;

    client_header_timeout 600s;
    client_body_timeout 600s;
   # client_max_body_size 50m;
    client_max_body_size 100m;               #允许客户端请求的最大单个文件字节数
    client_body_buffer_size 256k;            #缓冲区代理缓冲请求的最大字节数,可以理解为先保存到本地再传给用户

    gzip  on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 9;
    gzip_types       text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php;
    gzip_vary on;

    ## includes vhosts
    include vhosts/*.conf;
}
    [root@centos6-1 conf]# mkdir /usr/local/nginx/conf/vhosts
[root@centos6-1 conf]# mkdir /var/www/cache
[root@centos6-1 conf]# ulimit 65535
[root@centos6-1 conf]# cd vhosts/
[root@centos6-1 vhosts]# vim LB.conf 
upstream LB-WWW {
      ip_hash;
      server 192.168.139.129:8080 max_fails=3 fail_timeout=30s;     
      #max_fails = 3 为允许失败的次数,默认值为1
      server 192.168.139.130:8080 max_fails=3 fail_timeout=30s;     
      #fail_timeout = 30s 当max_fails次失败后,暂停将请求分发到该后端服务器的时间
    }

  server {
      listen      80;
      server_name dev.hanginx.com;

      access_log  /usr/local/nginx/logs/dev-access.log;
      error_log  /usr/local/nginx/logs/dev-error.log;
      location / {
         proxy_pass http://LB-WWW;
         proxy_redirect off ;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header REMOTE-HOST $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_connect_timeout 300;   #跟后端服务器连接超时时间,发起握手等候响应时间
         proxy_send_timeout 300;      #后端服务器回传时间,就是在规定时间内后端服务器必须传完所有数据
         proxy_read_timeout 600;      #连接成功后等待后端服务器的响应时间,已经进入后端的排队之中等候处理
         proxy_buffer_size 256k;      #代理请求缓冲区,会保存用户的头信息以供nginx进行处理
         proxy_buffers 4 256k;        #同上,告诉nginx保存单个用几个buffer最大用多少空间
         proxy_busy_buffers_size 256k;      #如果系统很忙时候可以申请最大的proxy_buffers
         proxy_temp_file_write_size 256k;   #proxy缓存临时文件的大小
         proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
         proxy_max_temp_file_size 128m;
       # proxy_cache mycache;        
         proxy_cache_valid 200 302 60m;
         proxy_cache_valid 404 1m;
        }
    }

    在两个tomcat服务下创建index文件进行测试,通过ip访问如下(需重启nginx和tomcat服务)

    自己本人的配置文件是在nginx.conf配置文件中配置的,而不是通过include接入的方式:

    [root@VM_0_10_centos ~]# less /usr/local/nginx/conf/nginx.conf
#user  nobody;
user apache apache;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;
    
#便于测试,缓存功能先取消
    #proxy_cache_path /var/www/cache levels=1:2 keys_zone=mycache:20m max_size=2048m inactive=60m;
    #proxy_temp_path /var/www/cache/tmp;

    client_max_body_size 100m;               #允许客户端请求的最大单个文件字节数
    client_body_buffer_size 256k;            #缓冲区代理缓冲请求的最大字节数,可以理解为先保存到本地再传给用户

    #gzip  on;
    #20190827添加
    upstream testTomcat{
        #设置分权,权重越高优先访问
        server 106.53.73.200:8888 weight=1;
        server 182.254.184.102:8888 weight=1;
    }
    
    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;
        
        #所有请求都在这里去找分配
        location / {
            #root   html;
            index  index.html index.htm index.php;
            #使用test分配规则,即刚刚自定义添加的upstream节点
            proxy_pass http://testTomcat/test/;
           # proxy_pass http://testTomcat/;
           proxy_redirect off ;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header REMOTE-HOST $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_connect_timeout 300;   #跟后端服务器连接超时时间,发起握手等候响应时间
         proxy_send_timeout 300;      #后端服务器回传时间,就是在规定时间内后端服务器必须传完所有数据
         proxy_read_timeout 600;      #连接成功后等待后端服务器的响应时间,已经进入后端的排队之中等候处理
         proxy_buffer_size 256k;      #代理请求缓冲区,会保存用户的头信息以供nginx进行处理
         proxy_buffers 4 256k;        #同上,告诉nginx保存单个用几个buffer最大用多少空间
         proxy_busy_buffers_size 256k;      #如果系统很忙时候可以申请最大的proxy_buffers
         proxy_temp_file_write_size 256k;   #proxy缓存临时文件的大小
         proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
         proxy_max_temp_file_size 128m;
       # proxy_cache mycache;        
         proxy_cache_valid 200 302 60m;
         proxy_cache_valid 404 1m;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ .php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
      location ~ .php$ {
          root           html;
          fastcgi_pass   127.0.0.1:9000;
          fastcgi_index  index.php;
         # fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
          fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
          include        fastcgi_params;
      }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /.ht {
        #    deny  all;
        #}
    }

    1.4 配置keepalived服务

    配置之前需要配置好邮件服务,当然,不配置邮件服务也没影响

    mail配置参考博客:https://www.cnblogs.com/HeiDi-BoKe/p/11883323.html

    master服务(106.53.73.200)配置:

    # 修改之前先备份
[root@VM_0_10_centos ~]# cd /etc/keepalived/
[root@VM_0_10_centos keepalived]# pwd
/etc/keepalived
[root@VM_0_10_centos keepalived]# cp -r keepalived.conf keepalived.conf.bak
[root@VM_0_10_centos keepalived]# less keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {           # 指定keepalived在发生事件时(比如切换)发送通知邮件的邮箱
     acassen@firewall.loc       # 设置报警邮件地址,可以设置多个,每行一个。 需开启本机的sendmail服务
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc     # keepalived在发生诸如切换操作时需要发送email通知地址
   smtp_server 192.168.200.1      # 指定发送email的smtp服务器
   smtp_connect_timeout 30      # 设置连接smtp server的超时时间
   router_id MASTER-200       # 运行keepalived的机器的一个标识,通常可设为hostname。故障发生时,发邮件时显示在邮件主题中的信息。
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

#调用 shell 脚本对 haproxy 服务进行监控
vrrp_script check_pid {
  script "/etc/keepalived/check_pid.sh /var/run/nginx/nginx.pid" 
  interval 2    # 检测间隔
  weight -5     # 权重起伏
  fall 2                     # 检测连续2次失败才算确定是真失败。会用weight减少优先级(1-255之间)
  rise 1                     # 检测1次成功就算成功。但不修改优先级
}

vrrp_instance VI_1 {
    state MASTER    # 指定keepalived的角色,MASTER表示此主机是主服务器,BACKUP表示此主机是备用服务器。注意这里的state指定instance(Initial)的初始状态,就是
说在配置好后,这台服务器的初始状态就是这里指定的,但这里指定的不算,还是得要通过竞选通过优先级来确定。如果这里设置为MASTER,但如若他的优先级不及另外一台,那么这台在发送通告时,会发送自己的优先级,另外一台发现优先级不如自己的高,那么他会就回抢占为MASTER    interface eth0          # 指定HA监测网络的接口。实例绑定的网卡,因为在配置虚拟IP的时候必须是在已有的网卡上添加的
#    mcast_src_ip 172.16.0.10/20  # 发送多播数据包时的源IP地址,这里注意了,这里实际上就是在哪个地址上发送VRRP通告,这个非常重要,一定要选择稳定的网卡端口
来发送,这里相当于heartbeat的心跳端口,如果没有设置那么就用默认的绑定的网卡的IP,也就是interface指定的IP地址    virtual_router_id 79         # 虚拟路由标识,这个标识是一个数字,同一个vrrp实例使用唯一的标识。即同一vrrp_instance下,MASTER和BACKUP必须是一致的
    priority 101                 # 定义优先级,数字越大,优先级越高,在同一个vrrp_instance下,MASTER的优先级必须大于BACKUP的优先级
    advert_int 1                 # 设定MASTER与BACKUP负载均衡器之间同步检查的时间间隔,单位是秒
    authentication {             # 设置验证类型和密码。主从必须一样
        auth_type PASS           # 设置vrrp验证类型,主要有PASS和AH两种    
        auth_pass keepalived
    }
    virtual_ipaddress {    #VRRP HA 虚拟地址 如果有多个VIP,继续换行填写
        172.16.0.222/20 brd 172.16.15.255
    }
    #服务端口监控
     track_script {
        check_pid
    }
}
    [root@VM_0_10_centos keepalived]# less check_pid.sh
#!/bin/bash

#keepalived 根据进程 Pid 监控服务脚本
#
#使用方法:
#vrrp_script check_pid {#创建一个vrrp_script脚本,检查配置
#    script "/etc/keepalived/check_pid.sh /var/run/nginx.pid" #配置需要监控进程的PID 文件完整路径
#    interval 2 #检查脚本的频率,单位(秒)
#    weight -5  #权重起伏
#}
PidPath=$1
echo $PidPath
if [ -e $PidPath ];then
        echo "$PidPath is run !!!"
        exit 0;
else
        echo "$PidPath File does not exist !!!"
        exit -1;
fi

    backup服务(182.254.184.102)配置:

    [root@VM_0_16_centos tomcat-8.5.45]# cd /etc/keepalived/
[root@VM_0_16_centos keepalived]# ls
keepalived.conf
[root@VM_0_16_centos keepalived]# pwd
/etc/keepalived
[root@VM_0_16_centos keepalived]# cp -r keepalived.conf keepalived.conf.bak
[root@VM_0_16_centos keepalived]# cp /thyclient/keepalived.conf .
cp: overwrite ‘./keepalived.conf’? y
[root@VM_0_16_centos keepalived]# less keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {           # 指定keepalived在发生事件时(比如切换)发送通知邮件的邮箱
     acassen@firewall.loc       # 设置报警邮件地址,可以设置多个,每行一个。 需开启本机的sendmail服务
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc     # keepalived在发生诸如切换操作时需要发送email通知地址
   smtp_server 192.168.200.1      # 指定发送email的smtp服务器
   smtp_connect_timeout 30      # 设置连接smtp server的超时时间
   router_id MASTER-200       # 运行keepalived的机器的一个标识,通常可设为hostname。故障发生时,发邮件时显示在邮件主题中的信息。
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

#调用 shell 脚本对 haproxy 服务进行监控
vrrp_script check_pid {
  script "/etc/keepalived/check_pid.sh /var/run/nginx/nginx.pid" 
  interval 2    # 检测间隔
  weight -5     # 权重起伏
  fall 2                     # 检测连续2次失败才算确定是真失败。会用weight减少优先级(1-255之间)
  rise 1                     # 检测1次成功就算成功。但不修改优先级
}

vrrp_instance VI_1 {
    state MASTER    # 指定keepalived的角色,MASTER表示此主机是主服务器,BACKUP表示此主机是备用服务器。注意这里的state指定instance(Initial)的初始状态,就是
说在配置好后,这台服务器的初始状态就是这里指定的,但这里指定的不算,还是得要通过竞选通过优先级来确定。如果这里设置为MASTER,但如若他的优先级不及另外一台,那么这台在发送通告时,会发送自己的优先级,另外一台发现优先级不如自己的高,那么他会就回抢占为MASTER    interface eth0          # 指定HA监测网络的接口。实例绑定的网卡,因为在配置虚拟IP的时候必须是在已有的网卡上添加的
#    mcast_src_ip 172.16.0.10/20  # 发送多播数据包时的源IP地址,这里注意了,这里实际上就是在哪个地址上发送VRRP通告,这个非常重要,一定要选择稳定的网卡端口
来发送,这里相当于heartbeat的心跳端口,如果没有设置那么就用默认的绑定的网卡的IP,也就是interface指定的IP地址    virtual_router_id 79         # 虚拟路由标识,这个标识是一个数字,同一个vrrp实例使用唯一的标识。即同一vrrp_instance下,MASTER和BACKUP必须是一致的
    priority 101                 # 定义优先级,数字越大,优先级越高,在同一个vrrp_instance下,MASTER的优先级必须大于BACKUP的优先级
    advert_int 1                 # 设定MASTER与BACKUP负载均衡器之间同步检查的时间间隔,单位是秒
    authentication {             # 设置验证类型和密码。主从必须一样
        auth_type PASS           # 设置vrrp验证类型,主要有PASS和AH两种    
        auth_pass keepalived
    }
    virtual_ipaddress {    #VRRP HA 虚拟地址 如果有多个VIP,继续换行填写
        172.16.0.222/20 brd 172.16.15.255
    }
    #服务端口监控
     track_script {
        check_pid
    }
}

    1.5 配置好之后验证keepalived

    1)先后在master、slave服务器上启动nginx和keepalived,保证这两个服务都正常开启:

    [root@VM_0_10_centos keepalived]# /usr/local/nginx/sbin/nginx -s reload
[root@VM_0_10_centos keepalived]# /etc/init.d/keepalived restart

    这里使用ip a查看vip、地址,并没有显示

    解决:将keepalived.conf文件中的virtual_router_id参数设置成其它即可,如:79、89、101。只要取值范围在取值0-255就行。(我这里是改为了79,上面配置文件中也已修改)

    然后重启keepalived服务即可

     2)查看backup服务的vip地址(目前是没有的)

    我们将master服务的keepalived服务停止,看下backup主机的vip地址是否漂移过去

    [root@VM_0_10_centos keepalived]# /etc/init.d/keepalived stop
Stopping keepalived (via systemctl):                       [  OK  ]

    master主机的vip地址已经没有了

    在backup主机上查看,此时从服务已经接管

    参考博客

    https://blog.csdn.net/u012599988/article/details/82152224

    https://blog.csdn.net/weixin_30354675/article/details/99052381

    https://www.cnblogs.com/kevingrace/p/6143977.html
  • 相关阅读:
    新年新方向-斩获新职位
    专利之家:让灵感冒冒泡
    转帖:专利之家
    WPF:Localization 基础
    WPF教程.002
    有关XXX产品研发管理约定
    转帖:曲线路标北京前门上岗
    超出想象-超级终端显示器
    小e的每日一画 之 小男孩在太阳下敬礼 20080102
    小e的每日一画 之 飞毯旅行记 20071231
  • 原文地址:https://www.cnblogs.com/HeiDi-BoKe/p/11877198.html
Copyright © 2011-2022 走看看