续上篇博文,本博文内容包含:如何配置ipvs,高可用实际应用。
一、如何配置ipvs?
keepalived的核心就是将IPVS配置成高可用,生成ipvs规则来完成负载均衡效果。
virtualserver(虚拟服务)的定义:
1
2
3
4
5
6
7
8
|
virtual_server IP port #定义虚拟主机IP地址及其端口
virtual_server fwmark int #ipvs的防火墙打标,实现基于防火墙的负载均衡集群
virtual_server group string #将多个虚拟服务器定义成组,将组定义成虚拟服务
lb_algo{rr|wrr|lc|wlc|lblc|lblcr} #定义LVS的调度算法
lb_kind {NAT|DR|TUN} #定义LVS的模型
presitence_timeout<INT> #定义支持持久连接的时长
protocol TCP #规则所能支持的协议
sorry_server <IPADDR><PORT> #如果所有real_server都出现故障了,利用此返回信息
|
real_server(真实服务器)的定义:
1
2
3
4
5
6
7
|
real_server<IPADDR><PORT> #定义地址和端口
{ #每一组都要用花括号定义自有的属性的
weight <INT> #定义权重
notify_up<STRING>|<QUOTED-STRING> #通知脚本,一旦脚本up就通知
notify_down<STRING>|<QUOTED-STRING> #通知脚本,一旦脚本down就通知
HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK #定义健康状态检测(HTTP_GET:使用此方法检测的;SSL_GET:如果是HTTPS使用此方式检测;TCP_CHECK:检测TCP协议的服务器健康状况;SMTP_CHECK:用来专门检测SMTP服务器;MISC_CHECK:其他检测机制很少使用一般只使用前三种检测方法)
} |
健康状态检测的常见的两种方法做阐述了解:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
############HTTP_GET|SSL_GET############# { # Aurlto test, can have multiple entries here url{ #url字段
path<STRING> #指明检查哪个url
#healthcheckneedsstatus_codeor status_codeand digest .Digest computed with genhash, egdigest9b3a0c85a887a256d6939da88aabd8cd digest<STRING> #获取检测那个url的校验码
status_code<INT> #明确指定那个url的校验码和上面的digest不可同时存在
} connect_port<PORT> #期望连接后端服务器的哪些端口
bindto<IPADDR> #检测哪个IP的哪个端口,若不指定应和外围的real_server指定的端口地址是一致
connect_timeout<INT> #超时时间
nb_get_retry<INT> #重试次数
delay_before_retry<INT> #重试之前等待的时间
} ##############3TCK_CHECK############## { connect_port <PORT> #连接哪个端口
bindto <IPADDR> #连接哪个地址
connect_timeout <INT> #超时时间是多少
} |
定义好这些之后它自行会检测自行判断能够连接上能够收到信息就说明是正常的否则就是失败的。
定义一个real_server:并且可以实现web健康状态检测??
1、编辑主服务器配置文件定义虚拟服务:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
[root@node1keepalived] # vim keepalived.conf
virtual_server172.16.18.100 80 { delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.0.0
persistence_timeout 0
protocol TCP
# real_server 172.16.18.5 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.16.18.6 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
} ######备服务器同样定义虚拟服务######## |
2、查看规则:
1
2
3
4
5
6
|
[root@node1keepalived] # yum -y install ipvsadm
[root@node1keepalived] # ipvsadm -L -n
IPVirtual Server version 1.2.1 (size=4096) ProtLocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.18.100:80 rr |
显然已生成规则,所以总结可得知无须安装ipvsadm依然可以生成规则,只是无法校验规则。
还有这里两个real_server都不存在,原因是健康监测无法通过所以导致这里不存在。
3、测试:
开启real_server主机:172.16.18.6
1
2
3
4
5
6
7
8
|
[root@node~] # vim /var/www/html/index.html
[root@nodehtml] # service httpd start
[root@node1keepalived] # ipvsadm -L -n
IPVirtual Server version 1.2.1 (size=4096) ProtLocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.18.100:80 rr -> 172.16.18.6:80 Route 1 0 0
|
二、综合应用实现:
构建keepalived+Nginx实现双主模式高可用集群。
架构说明:这种模式需要使用两个虚拟IP地址,前端有两台Nginx服务器互为主备并同时工作,不会造成资源浪费;如果其中一台服务器出现故障时,将会把所有请求都转发到另一台服务器上面,继续提供服务。
架构拓扑:
应用环境介绍:
1
2
3
4
|
系统版本:centosx86_64 keepalived版本:1.2.7 Nginx:1.4.2 Apache:yum源安装 |
IP地址和主机名介绍:
1
2
3
4
5
6
|
Nginx1:172.16.18.7([root@node1 ~] #)
Nginx2:172.16.18.9([root@node2 ~] #)
Apache1:172.16.18.10([root@node ~] #)
Apache2:172.16.18.11([root@stu18 ~] #)
VIP:172.16.18.100 VIP:172.16.18.200 |
实现步骤:
1、在Nginx1上编译安装Nginx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
############安装依赖包组######### [root@node1 ~] # yum groupinstall "Development tools" "Server Platform Development" –y
[root@node1 ~] # yum -y install pcre-devel
############创建用户############ [root@node1 ~] # useradd -r nginx
############解压Nginx########### [root@node1 ~] # tar xf nginx-1.4.2.tar.gz
############编译安装############ [root@node1 ~] # cd nginx-1.4.2
[root@node1 nginx-1.4.2] # ./configure \
> --prefix= /usr \
> --sbin-path= /usr/sbin/nginx \
> --conf-path= /etc/nginx/nginx .conf \
> --error-log-path= /var/log/nginx/error .log \
> --http-log-path= /var/log/nginx/access .log \
> --pid-path= /var/run/nginx/nginx .pid \
> --lock-path= /var/lock/nginx .lock \
> --user=nginx \ > --group=nginx \ > --with-http_ssl_module \ > --with-http_flv_module \ > --with-http_stub_status_module \ > --with-http_gzip_static_module \ > --http-client-body-temp-path= /var/tmp/nginx/client/ \
> --http-proxy-temp-path= /var/tmp/nginx/proxy/ \
> --http-fastcgi-temp-path= /var/tmp/nginx/fcgi/ \
> --http-uwsgi-temp-path= /var/tmp/nginx/uwsgi \
> --http-scgi-temp-path= /var/tmp/nginx/scgi \
> --with-pcre [root@node1 nginx-1.4.2] # make && make install
#############提供systemV脚本######## [root@node1 nginx-1.4.2] # vim /etc/rc.d/init.d/nginx
#!/bin/sh # # nginx - this script starts and stops the nginx daemon # # chkconfig: - 85 15 # description: Nginx is an HTTP(S) server, HTTP(S) reverse \ # proxy and IMAP/POP3 proxy server # processname: nginx # config: /etc/nginx/nginx.conf # config: /etc/sysconfig/nginx # pidfile: /var/run/nginx.pid # Source function library. . /etc/rc .d /init .d /functions
# Source networking configuration. . /etc/sysconfig/network
# Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0
nginx= "/usr/sbin/nginx"
prog=$( basename $nginx)
NGINX_CONF_FILE= "/etc/nginx/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile= /var/lock/subsys/nginx
make_dirs() { # make required directories
user=`nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
options=`$nginx -V 2>&1 | grep 'configure arguments:' `
for opt in $options; do
if [ ` echo $opt | grep '.*-temp-path' ` ]; then
value=` echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
} start() { [ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $ "Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval - eq 0 ] && touch $lockfile
return $retval
} stop() { echo -n $ "Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval - eq 0 ] && rm -f $lockfile
return $retval
} restart() { configtest || return $?
stop
sleep 1
start
} reload() { configtest || return $?
echo -n $ "Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
} force_reload() { restart
} configtest() { $nginx -t -c $NGINX_CONF_FILE
} rh_status() { status $prog
} rh_status_q() { rh_status > /dev/null 2>&1
} case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $ "Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac #############赋予权限######### [root@node1 nginx-1.4.2] # chmod +x /etc/rc.d/init.d/nginx
############启动服务########## [root@node1 init.d] # service nginx start
|
2、在Nginx2上编译安装Nginx
具体步骤请参考Nginx1编译安装。
3、测试访问
4、配置后端静态网页
1
2
3
4
5
6
7
8
9
10
11
12
|
###########http1############ [root@node ~] # yum -y install httpd #yum源安装
[root@node ~] # cd /var/www/html/
[root@node html] # vim index.html
hello #网页内容
[root@node html] # service httpd restart
##########http2############# [root@stu18 ~] # yum -y install httpd
[root@stu18 ~] # cd /var/www/html/
[root@stu18 html] # vim index.html
hello2 #网页内容
[root@stu18 html] # service httpd restart
|
5、配置Nginx实现负载均衡
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
#############编辑Nginx1主配置文件########### [root@node1 ~] # cd /etc/nginx/
[root@node1 nginx] # vim nginx.conf
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024;
} http { include mime.types;
default_type application /octet-stream ;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
upstream httpdweb { #设置负载均衡
server 172.16.18.6:80 max_fails=3 fail_timeout=2s;
server 172.16.18.1:80 max_fails=3 fail_timeout=2s;
}
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x .html;
location = /50x .html {
root html;
}
location ~ \.(html|htm|gif|jpg|jpeg|bmp|png|ico|txt|js|css)$ {
root /var/www/html ; #定义后端httpd服务器网页位置
proxy_pass http: //apacheweb ;
}
#############Nginx2上依然更改配置文件####### [root@node1 nginx] # scp nginx.conf 172.16.18.9:/etc/nginx
############重启服务####################### [root@node1 nginx] # service nginx restart
[root@node2 ~] # service nginx restart
|
6、安装配置keepalived:
Nginx1上:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
#############安装keepalived########## [root@node1 nginx] # yum -y install keepalived
#############编辑配置 文件########### [root@node1 nginx] # vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs { notification_email {
root@localhost
}
notification_email_from Nginx@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
} vrrp_script chk_nginx { script "killall -0 nginx" #检测nginx服务是否存在
interval 1 #时间间隔1秒检测一次
weight -2 #当nginx不存在将当前权重减2
} vrrp_instance VI_1 { state MASTER #主
interface eth0
virtual_router_id 59
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.18.100
}
track_script { #引用上面定义的脚本
chk_nginx
} } vrrp_instance VI_2 { state BACKUP #备
interface eth0
virtual_router_id 68
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
172.16.18.200
}
track_script {
chk_nginx
} } #virtual_server 192.168.200.100 443 { #以下部分注释掉或直接删除 # delay_loop 6 # lb_algo rr # lb_kind NAT # nat_mask 255.255.255.0 # persistence_timeout 50 # protocol TCP # # real_server 192.168.201.100 443 { # weight 1 # SSL_GET { # url { |
Nginx2上:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
#############安装############## [root@node2 ~] # yum -y install keepalived
#############复制配置文件###### [root@node1 nginx] # scp /etc/keepalived/keepalived.conf 172.16.18.9:/etc/keepalived/
#############编辑配置文件##### [root@node2 ~] # vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs { notification_email {
root@localhost
}
notification_email_from Nginx@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
} vrrp_script chk_nginx { script "killall -0 nginx"
interval 1
weight -2
} vrrp_instance VI_1 { state BACKUP #备
interface eth0
virtual_router_id 59
priority 99 #优先级降低
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.18.100
}
track_script {
chk_nginx
} } vrrp_instance VI_2 { state MASTER #主
interface eth0
virtual_router_id 68
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
172.16.18.200
}
track_script {
chk_nginx
} } |
7、测试高可用效果:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
##############启动服务################### [root@node1 ~] # service keepalived start
[root@node2 ~] # service keepalived start
#############查看Nginx1的VIP############## [root@node1 nginx] # ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1 /8 scope host lo
inet6 ::1 /128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link /ether 00:0c:29:06:a6:49 brd ff:ff:ff:ff:ff:ff
inet 172.16.18.7 /16 brd 172.16.255.255 scope global eth0
inet 172.16.18.100 /32 scope global eth0
inet6 fe80::20c:29ff:fe06:a649 /64 scope link
valid_lft forever preferred_lft forever
#############查看Nginx2的VIP############## [root@node2 ~] # ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1 /8 scope host lo
inet6 ::1 /128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link /ether 00:0c:29:12:c8:b5 brd ff:ff:ff:ff:ff:ff
inet 172.16.18.9 /16 brd 172.16.255.255 scope global eth0
inet 172.16.18.200 /32 scope global eth0
inet6 fe80::20c:29ff:fe12:c8b5 /64 scope link
valid_lft forever preferred_lft forever
|
8、模拟其中一台前端Nginx服务器出现故障不能正常提供服务
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
############关闭Nginx1############## [root@node1 nginx] # service nginx stop
Stopping nginx: [ OK ] [root@node1 nginx] # ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1 /8 scope host lo
inet6 ::1 /128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link /ether 00:0c:29:06:a6:49 brd ff:ff:ff:ff:ff:ff
inet 172.16.18.7 /16 brd 172.16.255.255 scope global eth0
inet6 fe80::20c:29ff:fe06:a649 /64 scope link
valid_lft forever preferred_lft forever
[root@node2 ~] # ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1 /8 scope host lo
inet6 ::1 /128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link /ether 00:0c:29:12:c8:b5 brd ff:ff:ff:ff:ff:ff
inet 172.16.18.9 /16 brd 172.16.255.255 scope global eth0
inet 172.16.18.200 /32 scope global eth0
inet 172.16.18.100 /32 scope global eth0
inet6 fe80::20c:29ff:fe12:c8b5 /64 scope link
valid_lft forever preferred_lft forever
##############关闭Nginx2############## [root@node1 nginx] # service nginx start
[root@node2 ~] # service nginx stop
[root@node2 ~] # ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1 /8 scope host lo
inet6 ::1 /128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link /ether 00:0c:29:12:c8:b5 brd ff:ff:ff:ff:ff:ff
inet 172.16.18.9 /16 brd 172.16.255.255 scope global eth0
inet6 fe80::20c:29ff:fe12:c8b5 /64 scope link
valid_lft forever preferred_lft forever
[root@node1 nginx] # ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1 /8 scope host lo
inet6 ::1 /128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link /ether 00:0c:29:06:a6:49 brd ff:ff:ff:ff:ff:ff
inet 172.16.18.7 /16 brd 172.16.255.255 scope global eth0
inet 172.16.18.100 /32 scope global eth0
inet 172.16.18.200 /32 scope global eth0
inet6 fe80::20c:29ff:fe06:a649 /64 scope link
valid_lft forever preferred_lft forever
|
至此keepalived实现Nginx高可用就完成了,其中邮件通知机制(利用脚本通知)未定义,若有兴趣可参考上篇博文《keepalived基础应用解析》自行配置解决(很简单)。
请各位博友多提建议和错误纠正,博主在此先谢过了。