<button id="ei02c"><ol id="ei02c"></ol></button>
            1. <div id="ei02c"></div>

                    1. 安基網 首頁 系統 Linux 查看內容

                      IT運維實戰篇:Nginx+Keepalived高可用架構配置實戰教程

                      2019-3-12 02:05| 投稿: xiaotiger |來自: 互聯網


                      免責聲明:本站系公益性非盈利IT技術普及網,本文由投稿者轉載自互聯網的公開文章,文末均已注明出處,其內容和圖片版權歸原網站或作者所有,文中所述不代表本站觀點,若有無意侵權或轉載不當之處請從網站右下角聯系我們處理,謝謝合作!

                      摘要: 理論介紹:Keepalived高可用軟件簡介目前互聯網主流的實現WEB網站及數據庫服務高可用軟件包括:keepalived、heartbeat等。Heartbeat是比較早期的實現高可用軟件,而keepalived是目前輕量級的管理方便、易用的高可用軟件解決方案,得到互聯網公司IT人的青睞。Keepalived是一個類似于工作在layer3, 4 7 ...

                      理論介紹:

                      Keepalived高可用軟件簡介

                      目前互聯網主流的實現WEB網站及數據庫服務高可用軟件包括:keepalived、heartbeat等。Heartbeat是比較早期的實現高可用軟件,而keepalived是目前輕量級的管理方便、易用的高可用軟件解決方案,得到互聯網公司IT人的青睞。

                      Keepalived是一個類似于工作在layer3, 4 & 7交換機制的軟件,Keepalived軟件有兩種功能,分別是監控檢查、VRRP冗余協議。

                      Keepalived的作用是檢測web服務器的狀態,如果有一臺web服務器、Mysql服務器宕機,或工作出現故障,Keepalived將檢測到后,會將有故障的web服務器或者Mysql服務器從系統中剔除,當服務器工作正常后Keepalived自動將web、Mysql服務器加入到服務器群中,這些工作全部自動完成,不需要人工干涉,需要人工做的只是修復故障的WEB和Mysql服務器。Layer3,4&7工作在IP/TCP協議棧的IP層、傳輸層及應用層,實現原理分別如下:

                      Layer3:Keepalived使用Layer3的方式工作式時,Keepalived會定期向服務器群中的服務器發送一個ICMP的數據包(,如果發現某臺服務的IP地址無法ping通,Keepalived便報告這臺服務器失效,并將它從服務器集群中剔除。Layer3的方式是以服務器的IP地址是否有效作為服務器工作正常與否的標準。

                      Layer4: Layer4主要以TCP端口的狀態來決定服務器工作正常與否。如WEB server的服務端口一般是80,如果Keepalived檢測到80端口沒有啟動,則Keepalived將把這臺服務器從服務器群中剔除。

                      Layer7:Layer7工作在應用層,Keepalived將根據用戶的設定檢查服務器程序的運行是否正常,如果與用戶的設定不相符,則Keepalived將把服務器從服務器群中剔除。

                      Keepalived VRRP原理剖析

                      虛擬路由冗余協議(Virtual Router Redundancy Protocol,簡稱VRRP)

                      Keepalived是VRRP的完美實現,在學習keepalived之前,必須了解VRRP協議的原理。在現實的網絡環境中,兩臺需要通信的主機大多數情況下并沒有直接的物理連接。對于這樣的情況,它們之間路由怎樣選擇?主機如何選定到達目的主機的下一跳路由,這個問題通常的解決方法有二種:

                      在主機上使用動態路由協議RIP、OSPF;

                      在主機上配置靜態路由;

                      在主機上配置路態路由是非常不切實際的,因為管理、維護成本以及是否支持等諸多問題。配置靜態路由就變得十分流行,但路由器(或者說默認網關default gateway)卻經常成為單點,VRRP的目的就是為了解決靜態路由單點故障問題。VRRP通過一競選(election)協議來動態的將路由任務交給LAN中虛擬路由器中的某臺VRRP路由器。

                      在VRRP虛擬路由器集群中,由多臺物理的路由器組成,但是這多臺的物理路由器并不能同時工作,而是由一臺稱為MASTER路由器負責路由工作,其它的都是BACKUP,MASTER并非一成不變,VRRP會讓每個VRRP路由器參與競選,最終獲勝的就是MASTER。

                      MASTER擁有一些特權,例如擁有虛擬路由器的IP地址或者成為VIP,擁有特權的MASTER要負責轉發發送給網關地址的包和響應ARP請求。

                      VRRP通過競選協議來實現虛擬路由器的功能,所有的協議報文都是通過IP多播(multicast)包(多播地址 224.0.0.18)形式發送的。虛擬路由器由VRID(范圍0-255)和一組IP地址組成,對外表現為一個周知的MAC地址。所以在一組虛擬路由器集群中,不管誰是MASTER,對外都是相同的MAC和VIP。客戶端主機并不需要因為MASTER的改變而修改自己的路由配置。

                      作為MASTER的VRRP路由器會一直發送VRRP廣播包(VRRP Advertisement message),BACKUP不會搶占MASTER,除非它的優先級(Priority)更高。當MASTER不可用時(BACKUP收不到廣播包時), 多臺BACKUP中優先級最高的這臺會搶占為MASTER。這種搶占是非常快速的,以保證服務的連續性。由于安全性考慮VRRP包使用了加密協議進行。

                      而keepalived可以基于VRRP技術,將兩臺物理主機當成路由器,兩臺物理機主機組成一個虛擬路由集群,Master高的主機產生VIP,該VIP負責轉發用戶發起的IP包或者負責處理用戶的請求,Nginx+Keepalived組合,用戶的請求直接訪問keepalived VIP地址,然后訪問Master相應服務和端口;


                      實戰如下:

                      Nginx+Keepalived安裝配置實戰

                      環境準備:

                      系統版本:Centos6.7(最小化安裝)

                      Keepalived版本:keepalived-1.2.15

                      Nginx版本:nginx-1.13.4

                      keepalived(主):192.168.60.93

                      keepalived(備):192.168.60.94

                      Apache:192.168.60.91

                      Apache1:192.168.60.92

                      VIP:192.168.60.88

                      1)Apache安裝,執行以下命令

                      [[email protected] ~]# yum -y install httpd httpd-devel

                      寫入測試文件,執行以下命令

                      [[email protected] ~]# echo "this is 192.168.60.91 server" >/var/www/html/index.html

                      啟動httpd服務

                      service httpd restart

                      curl命令測試

                      [[email protected] ~]# curl localhost

                      1

                      2)Apache1安裝

                      [[email protected] ~]# yum -y install httpd httpd-devel

                      寫入測試文件,執行以下命令

                      [[email protected] ~]# echo "this is 192.168.60.92 server" >/var/www/html/index.html

                      啟動httpd服務

                      service httpd restart

                      curl命令測試

                      [[email protected] ~]# curl localhost

                      2

                      3)Nginx+keepalived安裝(主)

                      #安裝Nginx軟件

                      1)安裝Nginx所需要的依賴包

                      yum -y install pcre pcre-devel openssl openssl-devel gcc gcc-c++ wget

                      2)下載Nginx源碼包

                      wget -c http://distfiles.macports.org/nginx/nginx-1.13.4.tar.gz

                      3)解壓

                      tar zxf nginx-1.13.4.tar.gz

                      cd nginx-1.13.4

                      4)隱藏Nginx版本號

                      sed -i s/1.13.4/ /;s/nginx\//nginx/ src/core/nginx.h

                      5)創建www用戶,執行預編譯

                      useradd -s /sbin/nologin www

                      ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module

                      6)編譯Nginx

                      make &&make install

                      7)創建軟連接

                      ln -s /usr/local/nginx/sbin/nginx /usr/sbin/nginx

                      #安裝keepalived軟件

                      1)安裝keepalived所需要的依賴包

                      yum -y install openssl openssl-devel popt-devel kernel-devel gcc gcc-c++ libnl libnl-devel libnfnetlink-devel popt wget

                      2)下載keepalived軟件包

                      wget -c http://www.keepalived.org/software/keepalived-1.2.15.tar.gz

                      3)解壓

                      tar zxf keepalived-1.2.15.tar.gz

                      cd keepalived-1.2.15

                      4)預編譯keepalived

                      ./configure --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/2.6.32-696.16.1.el6.x86_64

                      5)編譯、安裝keepalived

                      make && make install

                      6)創建軟連接,拷貝相應的文件

                      ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin

                      cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig

                      cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d

                      chkconfig --add keepalived

                      chkconfig keepalived on

                      mkdir /etc/keepalived

                      cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

                      4)Nginx+keepalived安裝(備)

                      #安裝Nginx軟件

                      1)安裝Nginx所需要的依賴包

                      yum -y install pcre pcre-devel openssl openssl-devel gcc gcc-c++ wget

                      2)下載Nginx源碼包

                      wget -c http://distfiles.macports.org/nginx/nginx-1.13.4.tar.gz

                      3)解壓

                      tar zxf nginx-1.13.4.tar.gz

                      cd nginx-1.13.4

                      4)隱藏Nginx版本號

                      sed -i s/1.13.4/ /;s/nginx\//nginx/ src/core/nginx.h

                      5)創建www用戶,執行預編譯

                      useradd -s /sbin/nologin www

                      ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module

                      6)編譯Nginx

                      make &&make install

                      7)創建軟連接

                      ln -s /usr/local/nginx/sbin/nginx /usr/sbin/nginx

                      #安裝keepalived軟件

                      1)安裝keepalived所需要的依賴包

                      yum -y install openssl openssl-devel popt-devel kernel-devel gcc gcc-c++ libnl libnl-devel libnfnetlink-devel popt wget

                      2)下載keepalived軟件包

                      wget -c http://www.keepalived.org/software/keepalived-1.2.15.tar.gz

                      3)解壓

                      tar zxf keepalived-1.2.15.tar.gz

                      cd keepalived-1.2.15

                      4)預編譯keepalived

                      ./configure --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/2.6.32-696.16.1.el6.x86_64

                      5)編譯、安裝keepalived

                      make && make install

                      6)創建軟連接,拷貝相應的文件

                      ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin

                      cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig

                      cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d

                      chkconfig --add keepalived

                      chkconfig keepalived on

                      mkdir /etc/keepalived

                      cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

                      5)Nginx負載均衡配置(主)

                      編輯/usr/local/nginx/conf/nginx.conf配置文件,配置內容如下

                      worker_processes 1;
                      events {
                      worker_connections 1024;
                      }
                      http {
                      include mime.types;
                      default_type application/octet-stream;
                      sendfile on;
                      keepalive_timeout 65;
                      upstream test_web {
                      server 192.168.60.91:80 weight=1 max_fails=2 fail_timeout=15s;
                      server 192.168.60.92:80 weight=1 max_fails=2 fail_timeout=15s;
                      }
                      server {
                      listen 80;
                      server_name localhost;
                      location / {
                      proxy_next_upstream http_502 http_504 error timeout invalid_header;
                      proxy_pass http://test_web;
                      proxy_set_header Host $host;
                      proxy_set_header X-Real-IP $remote_addr;
                      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                      }
                      }
                      }
                      

                      6)Nginx負載均衡配置(備)

                      編輯/usr/local/nginx/conf/nginx.conf配置文件,配置內容如下

                      worker_processes 1;
                      events {
                      worker_connections 1024;
                      }
                      http {
                      include mime.types;
                      default_type application/octet-stream;
                      sendfile on;
                      keepalive_timeout 65;
                      upstream test_web {
                      server 192.168.60.91:80 weight=1 max_fails=2 fail_timeout=15s;
                      server 192.168.60.92:80 weight=1 max_fails=2 fail_timeout=15s;
                      }
                      server {
                      listen 80;
                      server_name localhost;
                      location / {
                      proxy_next_upstream http_502 http_504 error timeout invalid_header;
                      proxy_pass http://test_web;
                      proxy_set_header Host $host;
                      proxy_set_header X-Real-IP $remote_addr;
                      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                      }
                      }
                      }
                      

                      7)編輯keepalived(主)配置文件

                      編輯vim /etc/keepalived/keepalived.conf,配置內容如下

                      ! Configuration File for keepalived
                       global_defs {
                       notification_email {
                       [email protected]
                       }
                       notification_email_from [email protected]
                       smtp_server 127.0.0.1
                       smtp_connect_timeout 30
                       router_id LVS_DEVEL
                       }
                       vrrp_script chk_nginx {
                       script "/data/shell/check_nginx.sh"
                       interval 2
                       weight 2
                       }
                       vrrp_instance VI_1 {
                       state MASTER
                       interface eth0
                       virtual_router_id 51
                       mcast_src_ip 192.168.60.93
                       priority 100
                       advert_int 1
                       authentication {
                       auth_type PASS
                       auth_pass 1111
                       }
                       virtual_ipaddress {
                       192.168.60.88
                       }
                       track_script {
                       chk_nginx
                       }
                       }
                      

                      8)編輯keepalived(備)配置文件

                      編輯vim /etc/keepalived/keepalived.conf,配置內容如下

                      ! Configuration File for keepalived
                       global_defs {
                       notification_email {
                       [email protected]
                       }
                       notification_email_from [email protected]
                       smtp_server 127.0.0.1
                       smtp_connect_timeout 30
                       router_id LVS_DEVEL
                       }
                       vrrp_script chk_nginx {
                       script "/data/shell/check_nginx.sh"
                       interval 2
                       weight 2
                       }
                       vrrp_instance VI_1 {
                       state BACKUP
                       interface eth0
                       virtual_router_id 51
                       mcast_src_ip 192.168.60.94
                       priority 99
                       advert_int 1
                       authentication {
                       auth_type PASS
                       auth_pass 1111
                       }
                       virtual_ipaddress {
                       192.168.60.88
                       }
                       track_script {
                       chk_nginx
                       }
                       }
                      

                      9)啟動nginx和keepalived服務(主)

                      [[email protected] ~]# nginx -t

                      [[email protected] ~]# nginx

                      [[email protected] ~]# service keepalived start

                      [[email protected] ~]# ps -ef | egrep keep|nginx

                      3

                      10)啟動nginx和keepalived服務(備)

                      [[email protected] ~]# nginx -t

                      [[email protected] ~]# nginx

                      [[email protected] ~]# service keepalived start

                      [[email protected] ~]# ps -ef | egrep keep|nginx

                      4

                      11)編寫nginx檢測存活腳本(主),腳本內容如下:

                      [[email protected] ~]# mkdir -p /data/shell

                      [[email protected] ~]# vim /data/shell/check_nginx.sh

                      [[email protected] ~]# chmod o+x /data/shell/check_nginx.sh

                      #!/bin/bash
                      #2018-11-27 14:27:56
                      #author by FY
                      #Automatic detection of nginx process state
                      NUM=`ps -ef | grep -v grep | grep -c "nginx: master process"`
                      if [ "$NUM" -eq 0 ];then
                      service keepalived stop
                      echo -e "\033[32m `date +%Y%m%d:%H:%M` nginx|keepalived is stop success \033[0m[" >> /tmp/nginx_keepalived.log
                      fi
                      

                      保存退出~~

                      12)編寫nginx檢測存活腳本(備),腳本內容如下:

                      [[email protected] ~]# mkdir -p /data/shell

                      [[email protected] ~]# vim /data/shell/check_nginx.sh

                      [[email protected] ~]# chmod o+x /data/shell/check_nginx.sh

                      #!/bin/bash
                      #2018-11-27 14:27:56
                      #author by FY
                      #Automatic detection of nginx process state
                      NUM=`ps -ef | grep -v grep | grep -c "nginx: master process"`
                      if [ "$NUM" -eq 0 ];then
                      service keepalived stop
                      echo -e "\033[32m `date +%Y%m%d:%H:%M` nginx|keepalived is stop success \033[0m[" >> /tmp/nginx_keepalived.log
                      fi
                      

                      保存退出~~

                      實驗結果:當nginx(主)機器宕機后,VIP自動漂移到keepalived(備)機器上,如下圖

                      正常在keepalived(主)運行:

                      5

                      6

                      7

                      當nginx宕機后,自動漂移過來,如下圖

                      [[email protected] ~]# pkill nginx

                      8

                      9

                      10

                      11

                      13)編寫檢測nginx和keepalived狀態的腳本(因為nginx宕機之后,keepalived和nginx不會自動起來),并加到定時任務(主和備機器都需要執行一遍)

                      手動編輯vim /data/shell/auto_nginx_status.sh文件,腳本內容如下:

                      #!/bin/bash
                      #2018-11-27 14:27:56
                      #author by FY
                      #Automatic detection of nginx and keepalived process states
                      NUM=`ps -ef | grep -v grep | grep -c "nginx: master process"`
                      NUM1=`ps -ef | grep -v grep | grep -c "keepalived"`
                      if [ "$NUM" -ne 0 -a "$NUM" -eq 0 ];then
                      service keeaplived start
                      fi
                      if [ "$NUM" -eq 0 -a "$NUM1" -eq 0 ];then
                      /usr/local/nginx/sbin/nginx
                      service keepalived start
                      fi
                      

                      保存退出~~~

                      14)添加到定時任務,執行以下命令:

                      [[email protected] shell]# echo "*/1 * * * * root sh /data/shell/auto_nginx_status.sh" >> /etc/crontab

                      [[email protected] shell]# cat /etc/crontab

                      [[email protected] shell]# service crond restart

                      12


                      到此結束,謝謝支持



                      小編推薦:欲學習電腦技術、系統維護、網絡管理、編程開發和安全攻防等高端IT技術,請 點擊這里 注冊賬號,公開課頻道價值萬元IT培訓教程免費學,讓您少走彎路、事半功倍,好工作升職加薪!

                      本文出自:https://www.toutiao.com/a6667044918998860301/

                      免責聲明:本站系公益性非盈利IT技術普及網,本文由投稿者轉載自互聯網的公開文章,文末均已注明出處,其內容和圖片版權歸原網站或作者所有,文中所述不代表本站觀點,若有無意侵權或轉載不當之處請從網站右下角聯系我們處理,謝謝合作!


                      鮮花

                      握手

                      雷人

                      路過

                      雞蛋

                      相關閱讀

                      最新評論

                       最新
                      返回頂部
                      新疆11选5计算公式