nginx+keepalived 高可用方案
nginx+keepalived 高可用方案
准备工作
- 192.168.157.11
- 192.168.157.12
安装nginx
-
跟新yum源文件
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo -
安装nginx
yum -y install nginx -
操作命令
systemctl start nginx; # 启动nginx systemctl stop nginx; # 停止nginx
什么是高可用
- 高可用HA(High Availability)是分布式系统架构设计中必须考虑的因素之一,它通常是指,通过设计减少系统不能提供服务的时间。如果一个系统能够一直提供服务,那么这个可用性则是百分之百,但是天有不测风云。所以我们只能尽可能的去减少服务的故障。
解决的问题
-
在生产环境上很多时候是以
Nginx做反向代理对外提供服务,但是一天Nginx难免遇见故障,如:服务器宕机。当Nginx宕机那么所有对外提供的接口都将导致无法访问。虽然我们无法保证服务器百分之百可用,但是也得想办法避免这种悲剧,今天我们使用
keepalived来实现Nginx的高可用
双机热备方案
- 这种方案是国内企业中最为普遍的一种高可用方案,双机热备其实就是指一台服务器在提供服务,另一台为某服务的备用状态,当一台服务器不可用另外一台就会顶替上去。
keepalived是什么?
Keepalived软件起初是专为LVS负载均衡软件设计的,用来管理并监控LVS集群系统中各个服务节点的状态,后来又加入了可以实现高可用的VRRP (Virtual Router Redundancy Protocol ,虚拟路由器冗余协议)功能。因此,Keepalived除了能够管理LVS软件外,还可以作为其他服务(例如:Nginx、Haproxy、MySQL等)的高可用解决方案软件
安装keepalived
-
yum方式安装,该方式会自动安装依赖:
yum -y install keepalived -
yum 安装产生的配置文件在/etc/keepalived/keepalive.conf
-
编译安装
yum install -y openssl-devel cd /usr/local/src wget http://www.keepalived.org/software/keepalived-2.0.16.tar.gz tar zxf keepalived-2.0.16.tar.gz cd keepalived-2.0.16 ./configrue --prefix=/usr/local/keepalived make make install clean cp /usr/local/src/keepalived-2.0.16/keepalived/etc/init.d/keepalived /etc/init.d/keepalived chmod +x /etc/init.d/keepalived echo "/etc/init.d/keepalived start " >> /etc/rc.local mkdir /etc/keepalived cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ cp /usr/local/keepalived/etc/sbin/keepalived /usr/sbin -
启动命令
service keepalived start # 启动 service keeplived stop # 停止 systemctl start keeplived #启动(与1相同)
实现过程
-
修改192.168.157.11中的keepalived, 编辑/etc/keepalived/keepalive.conf (MASTER为主)
#检测脚本nginx vrrp_script chk_http_port { script "/etc/keepalived/script/check_nginx_pid.sh" #心跳执行的脚本,检测nginx是否启动 interval 2 #(检测脚本执行的间隔,单位是秒) weight 2 #权重 } #检测tomcat的 vrrp_script chk_tomcat { script "etc/keepalived/script/tomcat.sh" interval 2 weight 2 #权重 } #vrrp 实例定义部分 vrrp_instance VI_1 { state MASTER # 指定keepalived的角色,MASTER为主,BACKUP为备 interface ens33 # 当前进行vrrp通讯的网络接口卡(当前centos的网卡) 用ifconfig查看你具体的网卡 virtual_router_id 51 # 虚拟路由编号,主从要一直 priority 150 # 优先级,数值越大,获取处理请求的优先级越高 advert_int 1 # 检查间隔,默认为1s(vrrp组播周期秒数) #授权访问 authentication { auth_type PASS #设置验证类型和密码,MASTER和BACKUP必须使用相同的密码才能正常通信 auth_pass 1111 } track_script { chk_http_port # nginx脚本 chk_tomcat # tomcat脚本 } virtual_ipaddress { 192.168.157.130/24 # 定义虚拟ip(VIP),可多设,每行一个 } }
-
virtual_ipaddress里面可以配置vip,在线上通过vip来访问服务。interface
需要根据服务器网卡进行设置通常查看方式ip addrauthentication配置授权访问后备机也需要相同配置
-
修改192.168.157.12中的keepalived配置文件, (BACKUP为备用)
#检测脚本nginx vrrp_script chk_http_port { script "/etc/keepalived/script/check_nginx_pid.sh" #心跳执行的脚本,检测nginx是否启动 interval 2 #(检测脚本执行的间隔,单位是秒) weight 2 #权重 } #检测tomcat的 vrrp_script chk_tomcat { script "etc/keepalived/script/tomcat.sh" interval 2 weight 2 #权重 } #vrrp 实例定义部分 vrrp_instance VI_1 { state BACKUP # 指定keepalived的角色,MASTER为主,BACKUP为备 interface ens33 # 当前进行vrrp通讯的网络接口卡(当前centos的网卡) 用ifconfig查看你具体的网卡 virtual_router_id 51 # 虚拟路由编号,主从要一直 priority 140 # 优先级,数值越大,获取处理请求的优先级越高 advert_int 1 # 检查间隔,默认为1s(vrrp组播周期秒数) #授权访问 authentication { auth_type PASS #设置验证类型和密码,MASTER和BACKUP必须使用相同的密码才能正常通信 auth_pass 1111 } track_script { chk_http_port # nginx脚本 chk_tomcat # tomcat脚本 } virtual_ipaddress { 192.168.157.130/24 # 定义虚拟ip(VIP),可多设,每行一个 } } -
检测脚本:
#!/bin/bash #检测nginx是否启动了 A=`ps -C nginx --no-header |wc -l` if [ $A -eq 0 ];then #如果nginx没有启动就启动nginx systemctl start nginx #重启nginx if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then #nginx重启失败,则停掉keepalived服务,进行VIP转移 killall keepalived fi fitomcat脚本
#!/bin/bash JAVA_PROCESS=`ps -C java --no-heading| wc -l` if [ $JAVA_PROCESS -eq 0 ];then echo "tomcat is stop" sleep 2 if [ `ps -C java --no-heading| wc -l` -eq 0 ];then /etc/init.d/keepalived stop fi fi -
脚本授权
chmod 775 check_nginx_pid.sh chmod 775 tomcat.sh
验证
-
启动157.11和157.12中的nginx和keepalived
systemctl start nginx; #启动 service keepalived start # 启动 -
访问网址http://192.168.157.130 ,正常查看,
ip a # 进行验证是否存在虚拟主机
-
模拟宕机, 关闭157.11的服务器 reboot 关机
-
再次访问网址, http://192.168.157.130,正常查看
-
查看ip 正常, 则配置成功
ip a
修改配置文件
-
配置文件路径/etc/sysconfig/keepalived
KEEPALIVED_OPTIONS=”-D -d -S 0” 保存退出 -
修改日志文件
vim /etc/rsyslog.conf #### GLOBAL DIRECTIVES #### # Where to place auxiliary files $WorkDirectory /var/lib/rsyslog # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # File syncing capability is disabled by default. This feature is usually not required, # not useful and an extreme performance hit #$ActionFileEnableSync on local0.* /var/log/keepalived.log #添加该句代码, 注意不要注释 -
重启rsyslog服务和keepalived
service rsyslog restart service keepalived restart -
查看日志信息
tail /var/log/keepalived.log
报错
-
默认日志存放在系统日志:/var/log/messages下查看报错
-
如果配置日志文件 可以在/var/log/keepalived.log进行查看
-
通过查看日志错误进行修改即可,
其他功能
-
百度搜索keepalived配置文件详解查看
-
线上参考配置
! Configuration File for keepalived vrrp_instance ka_192_168_128_204 { state BACKUP interface eth0 virtual_router_id 204 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 128204 } virtual_ipaddress { 192.168.128.204/24 brd 192.168.128.255 dev eth0 label eth0:1 } } virtual_server 192.168.128.204 80 { delay_loop 6 lb_algo wrr lb_kind DR nat_mask 255.255.255.0 persistence_timeout 50 protocol TCP real_server 192.168.128.119 80 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.128.120 80 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.128.121 80 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.128.122 80 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
借鉴博客
- 借鉴博客: http://www.uml.org.cn/zjjs/201808214.asp
- keepalived各个配置项和术语说明:https://blog.csdn.net/wzyzzu/article/details/50787042
- 高并发场景 LVS 安装及高可用实现:https://www.cnblogs.com/clsn/p/7920637.html#_label7
