keepalived高可用+nginx负载均衡
1、IP地址规划
| hostname | ip | 说明 |
|---|---|---|
| KN01 | 10.4.7.30 | keepalived MASTER节点 nginx负载均衡器 |
| KN02 | 10.4.7.31 | keepalived BACKUP节点 nginx负载均衡器 |
| WEB01 | 10.4.7.24 | web01节点 |
| WEB02 | 10.4.7.25 | web02节点 |
2、关闭防火墙,selinux,并安装nginx(四台虚拟机都要执行)
[root@web02 ~]# systemctl stop firewalld
[root@web02 ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/sysconfig/selinux
[root@web02 ~]# setenforce 0 //
[root@web02 ~]# yum -y install epel-release //安装nginx之前要先安装nginx源
[root@web02 ~]# yum install -y nginx
3、配置并启动两个web节点。
[root@web02 ~]# echo "`hostname` `ifconfig ens33 |sed -n 's#.*inet \(.*\)netmask.*#\1#p'`" > /usr/share/nginx/html/index.html //将hostname和ip地址写进index.html,这是nginx的默认目录,用于后面测试使用
[root@web02 ~]#systemctl restart nginx //重启nginx服务
[root@web01 ~]# curl 10.4.7.24 //查看页面内容
web01 10.4.7.24
[root@web01 ~]# curl 10.4.7.25 //查看页面内容
web02 10.4.7.25
4、配置两个nginx负载局衡器
1)修改nginx配置文件(KN01、KN02)
#修改/etc/nginx/nginx.conf文件。
http {upstream backend {server 10.4.7.24:80 weight=1 max_fails=3 fail_timeout=20s; //权重为1server 10.4.7.25:80 weight=1 max_fails=3 fail_timeout=20s; //权重为1,理论上访问两个web服务应该间隔访问}server {listen 80 default_server;listen [::]:80 default_server;server_name _;location / {proxy_pass http://backend;}}
}
2)、检查nginx配置文件,然后启动nginx
[root@kn01 ~]# which nginx
/usr/sbin/nginx
[root@kn01 ~]# /usr/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@kn01 ~]# systemctl restart nginx
[root@kn01 ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy serverLoaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)Active: active (running) since 二 2021-01-26 02:33:53 EST; 5h 59min agoMain PID: 57976 (nginx)CGroup: /system.slice/nginx.service├─57976 nginx: master process /usr/sbin/nginx├─57977 nginx: worker process└─57978 nginx: worker process1月 26 02:33:53 kn01 systemd[1]: Starting The nginx HTTP and reverse proxy server...
1月 26 02:33:53 kn01 nginx[57971]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
1月 26 02:33:53 kn01 nginx[57971]: nginx: configuration file /etc/nginx/nginx.conf test is successful
1月 26 02:33:53 kn01 systemd[1]: Started The nginx HTTP and reverse proxy server.
3)、查看两个节点nginx负载均衡器是否开启成功
[root@kn01 ~]# curl 10.4.7.30 //访问该服务的时候基本是1:1,说明负载均衡开启成功
web02 10.4.7.25
[root@kn01 ~]# curl 10.4.7.30
web01 10.4.7.24
[root@kn01 ~]# curl 10.4.7.31
web02 10.4.7.25
[root@kn01 ~]# curl 10.4.7.31
web01 10.4.7.24
5、安装、配置并启动keepalived,以KN01为例
[root@kn01 ~]# yum install keepalived -y
[root@kn01 ~]# vim /etc/keepalived/keepalived.conf 配置文件修改
[root@kn01 ~]# systemctl restart keepalived
1)MASTER节点配置(KN01)
vrrp_instance VI_1 {state MASTER //修改为MASTERinterface ens33 //改为要设置虚拟IP的网卡名字virtual_router_id 51priority 100 //优先级advert_int 1authentication {auth_type PASSauth_pass 1111}nopreempt //非抢占式,防止虚拟IP来回飘virtual_ipaddress {10.4.7.32/24 dev ens33 lable ens33:1 //设置虚拟IP}
}2)BACKUP节点配置(KN02)
vrrp_instance VI_1 {state BACKUPinterface ens33virtual_router_id 51priority 90advert_int 1authentication {auth_type PASSauth_pass 1111}nopreemptvirtual_ipaddress {10.4.7.32/24 dev ens33}
}
3)查看虚拟IP地址飘逸情况
[root@kn01 ~]# ip a
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:11:af:f3 brd ff:ff:ff:ff:ff:ffinet 10.4.7.30/24 brd 10.4.7.255 scope global ens33valid_lft forever preferred_lft foreverinet 10.4.7.32/24 scope global secondary ens33valid_lft forever preferred_lft foreverinet6 fe80::b778:7955:18a9:b4d6/64 scope link valid_lft forever preferred_lft forever
[root@kn01 ~]# systemctl stop keepalived
[root@kn01 ~]# ip a //IP地址10.4.7.32飘走
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:11:af:f3 brd ff:ff:ff:ff:ff:ffinet 10.4.7.30/24 brd 10.4.7.255 scope global ens33valid_lft forever preferred_lft foreverinet6 fe80::b778:7955:18a9:b4d6/64 scope link valid_lft forever preferred_lft forever
[root@kn02 ~]# ip a //IP地址10.4.7.32飘到KN02节点
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:12:87:53 brd ff:ff:ff:ff:ff:ffinet 10.4.7.31/24 brd 10.4.7.255 scope global ens33valid_lft forever preferred_lft foreverinet 10.4.7.32/24 scope global secondary ens33valid_lft forever preferred_lft foreverinet6 fe80::961f:2027:a51:6df0/64 scope link valid_lft forever preferred_lft forever
[root@kn01 ~]# systemctl start keepalived
[root@kn01 ~]# ip a //IP地址10.4.7.32并没有飘过来,因为我们设置了nopreempt属性。是非抢占式的,所以IP地址不会飘走,只有再KN02节点出现异常的时候才会飘过来。
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:11:af:f3 brd ff:ff:ff:ff:ff:ffinet 10.4.7.30/24 brd 10.4.7.255 scope global ens33valid_lft forever preferred_lft foreverinet6 fe80::b778:7955:18a9:b4d6/64 scope link valid_lft forever preferred_lft forever6、keepalived中nginx运行状态监测脚本,
当监控到nginx服务异常时,停止keepalived服务。这样虚拟IP就会飘到另外一个节点上,确保服务不断线,可靠运行。下面给出两种探测脚本
1)个人感觉下面脚本用来监测nginx运行状态比较实用。
优点:此脚本获得网页内容,然后判断nginx服务是否正常。
缺点:为判断获取的网页内容是否正确。待改进。
#!/bin/bash
curl 10.4.7.31 >> file
A=`cat file|wc -l`
if [ $A -eq 0 ];then/usr/sbin/nginxsleep 2curl 10.4.7.31 >> fileif [ `cat file |wc -l` -eq 0 ];thenkillall keepalivedfi
fi
cat /dev/null > file
运行killall命令需要安装psmisc包
yum install psmisc -y
2)此脚本检测nginx进程,不关注内容,若出现有进程但是页面加载不出来的情况,此脚本无用。
#!/bin/bash
A=`ps -C nginx --no-header|wc -l`
if [ $A -eq 0 ];then/usr/sbin/nginxsleep 2if [ `ps -C nginx --no-header|wc -l` -eq 0 ];thenkillall keepalivedfi
fi
)
)