一、架构介绍
负载均衡器的高可用方案架构如下,可以适用多种业务场景。
- 负载均衡方案可以是lvs、nginx、haproxy等
- 业务服务器可以是web服务器如nginx、tomcat、apache、iis等,也可以是java、.ne、mysqlt等tcp应用服务
二、架构搭建
本文将要实现的架构设计如下
|
机器名称
|
IP
|
服务器角色
|
备注
|
|
localhost
|
192.168.11.10
|
keepalived master
nginx负载均衡
|
keepalived 2.2.7 + nginx 1.20.2
|
|
localhost
|
192.168.11.11
|
keepalived master
nginx负载均衡
|
keepalived 2.2.7 + nginx 1.20.2
|
|
localhost
|
192.168.11.13
|
nginx web服务器
|
nginx 1.20.2
|
|
localhost
|
192.168.11.14
|
nginx web服务器
|
nginx 1.20.2
|
keepalived实现nginx高可用,包括以下步骤
- nginx web服务搭建
- nginx负载均衡搭建
- keepalived安装与配置
- keepalived运行测试
1.nginx web服务搭建
使用nginx默认 html 页面演示,在11.13、11.14服务器上分别执行以下步骤
1.1nginx安装
请参考 nginx安装 - 二进制源码编译安装(CentOS7 + nginx 1.20.2) 或 nginx安装 - yum安装(CentOS7 + nginx 1.20.2)或 nginx安装 - rpm安装(CentOS7 + nginx 1.20.2)
1.2修改nginx默认页面,显示服务器IP
[root@localhost local]# cd /usr/local/nginx/ [root@localhost nginx]# vim html/index.html <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <h1>192.168.11.13</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
1.3配置nginx,监听8000端口
worker_processes 2; events { use epoll; worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; server { listen 8000; server_name localhost; location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }
1.4nginx测试
2.nginx负载均衡搭建
在11.10、11.10服务器上分别执行以下步骤搭建nginx负载均衡,负载服务器为11.13、11.14
2.1nginx安装
请参考 nginx安装 - 二进制源码编译安装(CentOS7 + nginx 1.20.2) 或 nginx安装 - yum安装(CentOS7 + nginx 1.20.2)或 nginx安装 - rpm安装(CentOS7 + nginx 1.20.2)
2.2负载均衡配置,其中负载均衡器监听 80 端口
worker_processes 2; events { use epoll; worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; upstream local_nginx { server 192.168.11.13:8000 weight=1; server 192.168.11.14:8000 weight=2; } server { listen 80; server_name 192.168.11.13; location / { root html; index index.html index.htm; proxy_pass http://local_nginx; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }
2.3负载均衡测试
由于11.14配置权重weight=2,所以每2次请求代理到11.14,1次请求代理到11.13
3.keepalived安装与配置
3.1keepalived安装
3.2keepalived配置,默认11.10为master,配置priority=200,11.11则priority=100
特别关注:配置文件中指定的所有路径,请在启动前确保已存在
! Configuration File for keepalived global_defs { notification_email { } #keepalived机器标识,无特殊作用,一般为机器名 router_id ha_nginx } #检查脚本,可以用来关联业务,脚本执行结果决定是否准备切换 #权重策略是:根据脚本执行结果计算权重,然后触发keepalived重新选举 #当weight > 0时:脚本执行成功了 Priority + Weight,执行失败 Priority #当weight < 0时:脚本执行成功了 Priority 执行失败 Priority + Weight vrrp_script ha_nginx{ #脚本路径,脚本执行是否成功,根据脚本的退出码确认,默认为0,即exit 0 script "/usr/local/ha_nginx/ha_nginx.sh" #脚本检测周期,单位秒 interval 2 #权重,本方案通过重启keepalived服务触发切换,不配置权重策略 #weight 10 } #VRRP协议配置 vrrp_instance VI_1 { #集群初始状态统一配置为 BACKUP,当至少2台keepalived启动后,将根据priority重新竞选角色 state BACKUP interface enp0s3 #虚拟路由id,同一个集群中的keepalived设置一致 virtual_router_id 100 #优先级决定最终的master角色 priority 200 #不抢占,即异常恢复后,不立即抢占master角色 nopreempt #主备之间通信检查的时间间隔,单位秒 advert_int 1 authentication { #keepalived之间认证类型为密码 auth_type PASS auth_pass 1234 } #虚拟IP池 virtual_ipaddress { #VIP地址,一行一个,格式为 <IP地址>/<掩码> brd <广播地址> dev <网卡设备> scope <范围如global> label <网卡别名> 192.168.11.100/24 } #检查脚本,与vrrp_script对应 track_script{ ha_nginx } }
ha_nginx.sh脚本
配置脚本可执行权限
[root@localhost ~]# chmod +x /usr/local/ha_nginx/ha_nginx.sh
脚本内容
#!/bin/bash #监控日志 source /etc/profile monitorLogPath=/usr/local/ha_nginx/monitor.log touch $monitorLogPath #格式化日期时间 function getDatetime(){ local cur=`date "+%Y-%m-%d %H:%M:%S"` echo $cur } #检测nginx进程 function checkNginxProcess(){ #检测nginx服务,可以使用进程,也可以使用端口 #此处检测nginx进程 local num=`ps -C nginx --no-header | wc -l` #local num=`netstat -lntup | grep -w 8099 | wc -l` if [ $num -eq 0 ];then echo 0 else echo 1 fi } #定义变量,nginx是否运行 run=`checkNginxProcess` if [ $run -eq 0 ];then #nginx异常,先启动nginx echo `getDatetime` "nginx error,start nginx" >> $monitorLogPath nginx -c /usr/local/nginx/conf/nginx.conf run=`checkNginxProcess` if [ $run -eq 0 ];then #启动nginx失败,停止keepalived服务,停止热备,触发keepalived切换 echo `getDatetime` "start nginx failed, kill keepalived" >> $monitorLogPath service keepalived restart else #keepalived切换,因为nginx运行异常,则说明服务器稳定性差 echo `getDatetime` "restart keepalived" >> $monitorLogPath service keepalived restart fi #else # echo `getDatetime` "nginx is alive" >> $monitorLogPath fi
三、架构测试
1.确认keepalived master
[root@localhost ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:80:14:56 brd ff:ff:ff:ff:ff:ff inet 192.168.11.10/24 brd 192.168.11.255 scope global noprefixroute enp0s3 valid_lft forever preferred_lft forever inet 192.168.11.100/24 scope global secondary enp0s3 valid_lft forever preferred_lft forever inet6 fe80::a33a:d49b:da44:119a/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft forever inet6 fe80::c08b:489f:1587:3bb6/64 scope link noprefixroute valid_lft forever preferred_lft forever
2.测试master
当前VIP绑定在11.10,访问测试
3.模拟11.10负载均衡器故障
[root@localhost ~]# nginx -s stop [root@localhost ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:80:14:56 brd ff:ff:ff:ff:ff:ff inet 192.168.11.10/24 brd 192.168.11.255 scope global noprefixroute enp0s3 valid_lft forever preferred_lft forever inet6 fe80::a33a:d49b:da44:119a/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft forever inet6 fe80::c08b:489f:1587:3bb6/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@localhost ~]#
查看监控日志 /usr/local/ha_nginx/monitor.log
2022-01-29 14:48:56 nginx error,start nginx 2022-01-29 14:48:56 restart keepalived
4.确认VIP已经漂移
在11.11服务器查看
[root@localhost nginx]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:1e:c1:ee brd ff:ff:ff:ff:ff:ff inet 192.168.11.11/24 brd 192.168.11.255 scope global noprefixroute enp0s3 valid_lft forever preferred_lft forever inet 192.168.11.100/24 scope global secondary enp0s3 valid_lft forever preferred_lft forever inet6 fe80::a33a:d49b:da44:119a/64 scope link noprefixroute valid_lft forever preferred_lft forever
业务访问正常
四、后记
关于keepalived VIP漂移
nginx服务异常,则该服务器可能存在性能问题,应该主动触发keepalived VIP漂移(通过重启keepalived服务),并自动重启nginx。如果keepalived重启后VIP重新漂移至该节点,尽管VIP漂移间隔很小,但客户端依然可能受到影响。
为了避免出现此问题,本文中将所有 keepalived 实例设置为 backup 角色,同时添加了 nopreempt 配置项,即设置为 非抢占 模式,如此,nginx与keepalived服务重启后,不会主动竞争 master,客户端业务保持正常。
特别关注:系统默认启用了SELinux内核模块(安全子系统),所以在服务绑定/监听某些端口时,提示无访问权限,此时需要禁用SELinux,修改 /etc/selinux/config 文件,设置SELINUX=disabled
Can't start server: Bind on TCP/IP port: Permission denied
特别关注:selinux设置完成需要重启生效,如果当前不方便重启,可以执行 setenforce 0 临时关闭selinux,下次重启是配置再生效
特别关注:系统默认启用了防火墙,请在启动服务前关闭防火墙,或在防火墙中添加服务端口
