<button id="ei02c"><ol id="ei02c"></ol></button>
            1. <div id="ei02c"></div>

                    1. 安基网 首页 系统 Linux 查看内容

                      IT运维实战篇:Nginx+Keepalived高可用架构配置实战教程

                      2019-3-12 02:05| 投稿: xiaotiger |来自: 互联网


                      免责声明:本站系公益性非盈利IT技术普及网,本文由投稿者转载自互联网的公开文章,文末均已注明出处,其内容和?#35745;?#29256;权归原网站或作者所有,文中所述不代表本站观点,若有无意侵权或转载不当之处请从网站右下角联系我们处理,谢谢合作!

                      摘要: 理论介绍:Keepalived高可用软件简介目前互联网主流的实现WEB网站及数据库服务高可用软件包括:keepalived、heartbeat等。Heartbeat是比较早期的实现高可用软件,而keepalived是目前轻量级的管理方便、易用的高可用软件解决方案,得到互联网公司IT人的青睐。Keepalived是一个类似于工作在layer3, 4 7 ...

                      理论介绍:

                      Keepalived高可用软件简介

                      目前互联网主流的实现WEB网站及数据库服务高可用软件包括:keepalived、heartbeat等。Heartbeat是比较早期的实现高可用软件,而keepalived是目前轻量级的管理方便、易用的高可用软件解决方案,得到互联网公司IT人的青睐。

                      Keepalived是一个类似于工作在layer3, 4 & 7交换机制的软件,Keepalived软件有两种功能,分别是监控检查、VRRP冗余协议。

                      Keepalived的作用是检测web服务器的状态,如果有一台web服务器、Mysql服务器宕机,或工作出现?#25910;希琄eepalived将检测到后,会将有?#25910;?#30340;web服务器或者Mysql服务器从系统中剔除,当服务器工作正常后Keepalived自动将web、Mysql服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复?#25910;?#30340;WEB和Mysql服务器。Layer3,4&7工作在IP/TCP协议栈的IP层、传输层及应用层,实现原理分别如下:

                      Layer3:Keepalived使用Layer3的方式工作式时,Keepalived会定期向服务器群中的服务器发送一个ICMP的数据包(,如果发现?#31243;?#26381;务的IP地址无法ping通,Keepalived便报告这台服务器失效,并将它从服务器集群中剔除。Layer3的方式是以服务器的IP地址是否有效作为服务器工作正常与否的标准。

                      Layer4: Layer4主要以TCP端口的状态来决定服务器工作正常与否。如WEB server的服务端口一般是80,如果Keepalived检测到80端口没有启动,则Keepalived将把这台服务器从服务器群中剔除。

                      Layer7:Layer7工作在应用层,Keepalived将根据用户的设定检查服务器程序的运行是否正常,如果与用户的设定不相符,则Keepalived将把服务器从服务器群中剔除。

                      Keepalived VRRP原理剖析

                      虚拟路由冗余协议(Virtual Router Redundancy Protocol,简称VRRP)

                      Keepalived是VRRP的完美实现,在学习keepalived之前,必须了解VRRP协议的原理。在现实的网络环境中,?#25945;?#38656;要通信的主机大多数情况下并没有直接的物理连接。对于这样的情况,它们之间路由怎样选择?主机如何选定到达目的主机的下一跳路由,这个问题通常的解决方法有二种:

                      在主机上使用动态路由协议RIP、OSPF;

                      在主机上配置静态路由;

                      在主机上配置路态路由是非常不切实?#23454;模?#22240;为管理、维护成本以及是否支持等诸多问题。配置静态路由就变得十分流行,但路由器(或者?#30340;?#35748;网关default gateway)却经常成为单点,VRRP的目的就是为了解决静态路由单点?#25910;?#38382;题。VRRP通过一竞选(election)协议来动态的将路由任务交给LAN中虚拟路由器中的?#31243;╒RRP路由器。

                      在VRRP虚拟路由器集群中,由多台物理的路由器组成,但是这多台的物理路由器并不能同时工作,而是由一台称为MASTER路由器负责路由工作,其它的都是BACKUP,MASTER并非一成不变,VRRP会让每个VRRP路由器参与竞选,最?#26632;?#32988;的就是MASTER。

                      MASTER拥有一些特权,例如拥有虚拟路由器的IP地址或者成为VIP,拥有特权的MASTER要负责转发发?#36879;?#32593;关地址的包和响应ARP请求。

                      VRRP通过竞选协议来实现虚拟路由器的功能,所有的协议报文都是通过IP多播(multicast)包(多播地址 224.0.0.18)?#38382;?#21457;送的。虚拟路由器由VRID(范围0-255)和一组IP地址组成,对外表现为一个周知的MAC地址。所以在一组虚拟路由器集群中,不管谁是MASTER,对外都是相同的MAC和VIP。?#31361;?#31471;主机并不需要因为MASTER的改变而修改自己的路由配置。

                      作为MASTER的VRRP路由器会一直发送VRRP广播包(VRRP Advertisement message),BACKUP不会抢占MASTER,除非它的优先级(Priority)更高。当MASTER不可用时(BACKUP收不到广播包时), 多台BACKUP中优先级最高的这台会抢占为MASTER。这种抢占是非常快速的,以保证服务的连续性。由于安全性考虑VRRP包使用了?#29992;?#21327;议进行。

                      而keepalived可以基于VRRP技术,将?#25945;?#29289;理主机当成路由器,?#25945;?#29289;理机主机组成一个虚拟路由集群,Master高的主机产生VIP,该VIP负责转发用户发起的IP包或者负责处理用户的请求,Nginx+Keepalived组合,用户的请求直接访问keepalived VIP地址,然后访问Master相应服务?#25237;?#21475;;


                      实战如下:

                      Nginx+Keepalived安装配置实战

                      环境准备:

                      系统版本:Centos6.7(最小化安装)

                      Keepalived版本:keepalived-1.2.15

                      Nginx版本:nginx-1.13.4

                      keepalived(主):192.168.60.93

                      keepalived(备):192.168.60.94

                      Apache:192.168.60.91

                      Apache1:192.168.60.92

                      VIP:192.168.60.88

                      1)Apache安装,执行以下命令

                      [[email protected] ~]# yum -y install httpd httpd-devel

                      写入测试文件,执行以下命令

                      [[email protected] ~]# echo "this is 192.168.60.91 server" >/var/www/html/index.html

                      启动httpd服务

                      service httpd restart

                      curl命令测试

                      [[email protected] ~]# curl localhost

                      1

                      2)Apache1安装

                      [[email protected] ~]# yum -y install httpd httpd-devel

                      写入测试文件,执行以下命令

                      [[email protected] ~]# echo "this is 192.168.60.92 server" >/var/www/html/index.html

                      启动httpd服务

                      service httpd restart

                      curl命令测试

                      [[email protected] ~]# curl localhost

                      2

                      3)Nginx+keepalived安装(主)

                      #安装Nginx软件

                      1)安装Nginx所需要的依赖包

                      yum -y install pcre pcre-devel openssl openssl-devel gcc gcc-c++ wget

                      2)下载Nginx源码包

                      wget -c http://distfiles.macports.org/nginx/nginx-1.13.4.tar.gz

                      3)解压

                      tar zxf nginx-1.13.4.tar.gz

                      cd nginx-1.13.4

                      4)隐藏Nginx版本号

                      sed -i s/1.13.4/ /;s/nginx\//nginx/ src/core/nginx.h

                      5)创建www用户,执?#24615;?#32534;译

                      useradd -s /sbin/nologin www

                      ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module

                      6)编译Nginx

                      make &&make install

                      7)创建软连接

                      ln -s /usr/local/nginx/sbin/nginx /usr/sbin/nginx

                      #安装keepalived软件

                      1)安装keepalived所需要的依赖包

                      yum -y install openssl openssl-devel popt-devel kernel-devel gcc gcc-c++ libnl libnl-devel libnfnetlink-devel popt wget

                      2)下载keepalived软件包

                      wget -c http://www.keepalived.org/software/keepalived-1.2.15.tar.gz

                      3)解压

                      tar zxf keepalived-1.2.15.tar.gz

                      cd keepalived-1.2.15

                      4)预编译keepalived

                      ./configure --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/2.6.32-696.16.1.el6.x86_64

                      5)编译、安装keepalived

                      make && make install

                      6)创建软连接,拷贝相应的文件

                      ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin

                      cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig

                      cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d

                      chkconfig --add keepalived

                      chkconfig keepalived on

                      mkdir /etc/keepalived

                      cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

                      4)Nginx+keepalived安装(备)

                      #安装Nginx软件

                      1)安装Nginx所需要的依赖包

                      yum -y install pcre pcre-devel openssl openssl-devel gcc gcc-c++ wget

                      2)下载Nginx源码包

                      wget -c http://distfiles.macports.org/nginx/nginx-1.13.4.tar.gz

                      3)解压

                      tar zxf nginx-1.13.4.tar.gz

                      cd nginx-1.13.4

                      4)隐藏Nginx版本号

                      sed -i s/1.13.4/ /;s/nginx\//nginx/ src/core/nginx.h

                      5)创建www用户,执?#24615;?#32534;译

                      useradd -s /sbin/nologin www

                      ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module

                      6)编译Nginx

                      make &&make install

                      7)创建软连接

                      ln -s /usr/local/nginx/sbin/nginx /usr/sbin/nginx

                      #安装keepalived软件

                      1)安装keepalived所需要的依赖包

                      yum -y install openssl openssl-devel popt-devel kernel-devel gcc gcc-c++ libnl libnl-devel libnfnetlink-devel popt wget

                      2)下载keepalived软件包

                      wget -c http://www.keepalived.org/software/keepalived-1.2.15.tar.gz

                      3)解压

                      tar zxf keepalived-1.2.15.tar.gz

                      cd keepalived-1.2.15

                      4)预编译keepalived

                      ./configure --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/2.6.32-696.16.1.el6.x86_64

                      5)编译、安装keepalived

                      make && make install

                      6)创建软连接,拷贝相应的文件

                      ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin

                      cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig

                      cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d

                      chkconfig --add keepalived

                      chkconfig keepalived on

                      mkdir /etc/keepalived

                      cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

                      5)Nginx负载均衡配置(主)

                      编辑/usr/local/nginx/conf/nginx.conf配置文件,配置内容如下

                      worker_processes 1;
                      events {
                      worker_connections 1024;
                      }
                      http {
                      include mime.types;
                      default_type application/octet-stream;
                      sendfile on;
                      keepalive_timeout 65;
                      upstream test_web {
                      server 192.168.60.91:80 weight=1 max_fails=2 fail_timeout=15s;
                      server 192.168.60.92:80 weight=1 max_fails=2 fail_timeout=15s;
                      }
                      server {
                      listen 80;
                      server_name localhost;
                      location / {
                      proxy_next_upstream http_502 http_504 error timeout invalid_header;
                      proxy_pass http://test_web;
                      proxy_set_header Host $host;
                      proxy_set_header X-Real-IP $remote_addr;
                      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                      }
                      }
                      }
                      

                      6)Nginx负载均衡配置(备)

                      编辑/usr/local/nginx/conf/nginx.conf配置文件,配置内容如下

                      worker_processes 1;
                      events {
                      worker_connections 1024;
                      }
                      http {
                      include mime.types;
                      default_type application/octet-stream;
                      sendfile on;
                      keepalive_timeout 65;
                      upstream test_web {
                      server 192.168.60.91:80 weight=1 max_fails=2 fail_timeout=15s;
                      server 192.168.60.92:80 weight=1 max_fails=2 fail_timeout=15s;
                      }
                      server {
                      listen 80;
                      server_name localhost;
                      location / {
                      proxy_next_upstream http_502 http_504 error timeout invalid_header;
                      proxy_pass http://test_web;
                      proxy_set_header Host $host;
                      proxy_set_header X-Real-IP $remote_addr;
                      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                      }
                      }
                      }
                      

                      7)编辑keepalived(主)配置文件

                      编辑vim /etc/keepalived/keepalived.conf,配置内容如下

                      ! Configuration File for keepalived
                       global_defs {
                       notification_email {
                       [email protected]
                       }
                       notification_email_from [email protected]
                       smtp_server 127.0.0.1
                       smtp_connect_timeout 30
                       router_id LVS_DEVEL
                       }
                       vrrp_script chk_nginx {
                       script "/data/shell/check_nginx.sh"
                       interval 2
                       weight 2
                       }
                       vrrp_instance VI_1 {
                       state MASTER
                       interface eth0
                       virtual_router_id 51
                       mcast_src_ip 192.168.60.93
                       priority 100
                       advert_int 1
                       authentication {
                       auth_type PASS
                       auth_pass 1111
                       }
                       virtual_ipaddress {
                       192.168.60.88
                       }
                       track_script {
                       chk_nginx
                       }
                       }
                      

                      8)编辑keepalived(备)配置文件

                      编辑vim /etc/keepalived/keepalived.conf,配置内容如下

                      ! Configuration File for keepalived
                       global_defs {
                       notification_email {
                       [email protected]
                       }
                       notification_email_from [email protected]
                       smtp_server 127.0.0.1
                       smtp_connect_timeout 30
                       router_id LVS_DEVEL
                       }
                       vrrp_script chk_nginx {
                       script "/data/shell/check_nginx.sh"
                       interval 2
                       weight 2
                       }
                       vrrp_instance VI_1 {
                       state BACKUP
                       interface eth0
                       virtual_router_id 51
                       mcast_src_ip 192.168.60.94
                       priority 99
                       advert_int 1
                       authentication {
                       auth_type PASS
                       auth_pass 1111
                       }
                       virtual_ipaddress {
                       192.168.60.88
                       }
                       track_script {
                       chk_nginx
                       }
                       }
                      

                      9)启动nginx和keepalived服务(主)

                      [[email protected] ~]# nginx -t

                      [[email protected] ~]# nginx

                      [[email protected] ~]# service keepalived start

                      [[email protected] ~]# ps -ef | egrep keep|nginx

                      3

                      10)启动nginx和keepalived服务(备)

                      [[email protected] ~]# nginx -t

                      [[email protected] ~]# nginx

                      [[email protected] ~]# service keepalived start

                      [[email protected] ~]# ps -ef | egrep keep|nginx

                      4

                      11)编写nginx检测存活脚本(主),脚本内容如下:

                      [[email protected] ~]# mkdir -p /data/shell

                      [[email protected] ~]# vim /data/shell/check_nginx.sh

                      [[email protected] ~]# chmod o+x /data/shell/check_nginx.sh

                      #!/bin/bash
                      #2018-11-27 14:27:56
                      #author by FY
                      #Automatic detection of nginx process state
                      NUM=`ps -ef | grep -v grep | grep -c "nginx: master process"`
                      if [ "$NUM" -eq 0 ];then
                      service keepalived stop
                      echo -e "\033[32m `date +%Y%m%d:%H:%M` nginx|keepalived is stop success \033[0m[" >> /tmp/nginx_keepalived.log
                      fi
                      

                      保存退出~~

                      12)编写nginx检测存活脚本(备),脚本内容如下:

                      [[email protected] ~]# mkdir -p /data/shell

                      [[email protected] ~]# vim /data/shell/check_nginx.sh

                      [[email protected] ~]# chmod o+x /data/shell/check_nginx.sh

                      #!/bin/bash
                      #2018-11-27 14:27:56
                      #author by FY
                      #Automatic detection of nginx process state
                      NUM=`ps -ef | grep -v grep | grep -c "nginx: master process"`
                      if [ "$NUM" -eq 0 ];then
                      service keepalived stop
                      echo -e "\033[32m `date +%Y%m%d:%H:%M` nginx|keepalived is stop success \033[0m[" >> /tmp/nginx_keepalived.log
                      fi
                      

                      保存退出~~

                      实验结果:当nginx(主)机器宕机后,VIP自动漂移到keepalived(备)机器上,如下图

                      正常在keepalived(主)运行:

                      5

                      6

                      7

                      当nginx宕机后,自动漂移过来,如下图

                      [[email protected] ~]# pkill nginx

                      8

                      9

                      10

                      11

                      13)编写检测nginx和keepalived状态的脚本(因为nginx宕机之后,keepalived和nginx不会自动起来),并加到定?#27604;?#21153;(主和备机器都需要执行一遍)

                      手动编辑vim /data/shell/auto_nginx_status.sh文件,脚本内容如下:

                      #!/bin/bash
                      #2018-11-27 14:27:56
                      #author by FY
                      #Automatic detection of nginx and keepalived process states
                      NUM=`ps -ef | grep -v grep | grep -c "nginx: master process"`
                      NUM1=`ps -ef | grep -v grep | grep -c "keepalived"`
                      if [ "$NUM" -ne 0 -a "$NUM" -eq 0 ];then
                      service keeaplived start
                      fi
                      if [ "$NUM" -eq 0 -a "$NUM1" -eq 0 ];then
                      /usr/local/nginx/sbin/nginx
                      service keepalived start
                      fi
                      

                      保存退出~~~

                      14)添加到定?#27604;?#21153;,执行以下命令:

                      [[email protected] shell]# echo "*/1 * * * * root sh /data/shell/auto_nginx_status.sh" >> /etc/crontab

                      [[email protected] shell]# cat /etc/crontab

                      [[email protected] shell]# service crond restart

                      12


                      到此结束,谢谢支持



                      小编推荐:欲学习电脑技术、系统维护、网络管理、编程开发和安全攻防等高端IT技术,请 点击这里 注册账号,公开课频道价值万元IT培训教程免费学,让您少走弯路、事半功倍,好工作升职?#26377;劍?/font>

                      本文出自:https://www.toutiao.com/a6667044918998860301/

                      免责声明:本站系公益性非盈利IT技术普及网,本文由投稿者转载自互联网的公开文章,文末均已注明出处,其内容和?#35745;?#29256;权归原网站或作者所有,文中所述不代表本站观点,若有无意侵权或转载不当之处请从网站右下角联系我们处理,谢谢合作!


                      鲜花

                      ?#24080;?/a>

                      雷人

                      路过

                      鸡蛋

                      相关阅读

                      最新评论

                       最新
                      返回顶部
                      新疆11选5计算公式