web高可用集群(nginx负载均衡+keepalived实现调度器HA)
| 主机 | IP地址 |
|---|---|
| 代理服务器 | 192.168.88.66 |
| 代理服务器 | 192.168.88.38 |
| Real server | 192.168.88.10 |
| Real server | 192.168.88.20 |
配置俩台Real server
[root@web1 ~]# vim /etc/yum.repos.d/nginx.repo
[root@web1 ~]# cat /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
[root@web1 ~]# yum install -y nginx
[root@web1 ~]# systemctl enable nginx --now
#设置成开机自启
#我这里是把nginx的网页根目录修改成了/html/www
[root@web1 ~]# echo "test">/html/www/index.html
配置俩台代理服务器使用nginx实现负载均衡
[root@web1 ~]# vim /etc/yum.repos.d/nginx.repo
[root@web1 ~]# cat /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
[root@web1 ~]# yum install -y nginx
[root@web1 ~]# systemctl enable nginx --now
#设置成开机自启
#把默认的配置文件修改其他名,要不然配置的其他文件无法生效
[root@proxy ~]# mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak
[root@proxy ~]# vim /etc/nginx/conf.d/www.conf
upstream backend {server 192.168.88.10:80 weight=1 max_fails=3 fail_timeout=20s;server 192.168.88.20:80 weight=1 max_fails=3 fail_timeout=20s;}server {listen 80;server_name localhost;location / {proxy_pass http://backendproxy_set_header Host $host:$proxy_port;proxy_set_header X-Forwarded-For $remote_addr;
}
}
[root@proxy ~]# systemctl restart nginx
浏览器测试,访问俩台主机IP都可以
配置俩台代理服务器使用keepalived实现HA调度
#主节点
[root@lvs1 ~]# yum -y install keepalived
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id lvs1vrrp_iptables vrrp_skip_check_adv_addrvrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0
}
vrrp_script check_nginx {script "/etc/keepalived/check_nginx.sh"interval 3
}
vrrp_instance VI_1 {state MASTERinterface ens37virtual_router_id 51priority 90advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.88.88/24}track_script {check_nginx }
}
[root@lvs1 ~]# cat /etc/keepalived/check_nginx.sh
#!/bin/bash
curl -I http://localhost &> /dev/null
if [ $? -ne 0 ]thensystemctl stop keepalived# else
fi
[root@lvs1 ~]# chmod +x /etc/keepalived/check_nginx.sh
[root@proxy ~]# systemctl start keepalived
#从节点
[root@proxy ~]# yum install -y keepalived
[root@proxy ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id proxyvrrp_iptablesvrrp_skip_check_adv_addrvrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0
}
vrrp_script check_nginx {script "/etc/keepalived/check_nginx.sh"interval 5
}
vrrp_instance VI_1 {state BACKUPinterface ens37virtual_router_id 51priority 80advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.88.88/24}track_script {check_nginx }
}
[root@lvs1 ~]# cat /etc/keepalived/check_nginx.sh
#!/bin/bash
curl -I http://localhost &> /dev/null
if [ $? -ne 0 ]thensystemctl stop keepalived# else
fi
[root@lvs1 ~]# chmod +x /etc/keepalived/check_nginx.sh
[root@proxy ~]# systemctl start keepalived
#使用ip a查看
[root@lvs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:48:b3:71 brd ff:ff:ff:ff:ff:ffinet 172.18.127.38/16 brd 172.18.255.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe48:b371/64 scope link valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:48:b3:7b brd ff:ff:ff:ff:ff:ffinet 192.168.88.38/24 brd 192.168.88.255 scope global noprefixroute ens37valid_lft forever preferred_lft foreverinet 192.168.88.88/24 scope global secondary ens37 #主节点显示valid_lft forever preferred_lft foreverinet6 fe80::dbb5:b534:a44a:a21/64 scope link noprefixroute valid_lft forever preferred_lft forever
浏览器测试
通过停止keepalived来测试VIP是否飘逸
#停止代理服务器1的nginx,顺便验证监控脚本
[root@lvs1 ~]# ip a
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:48:b3:7b brd ff:ff:ff:ff:ff:ffinet 192.168.88.38/24 brd 192.168.88.255 scope global noprefixroute ens37valid_lft forever preferred_lft foreverinet 192.168.88.88/24 scope global secondary ens37 #可以发现此时VIP地址在第一台代理服务器上valid_lft forever preferred_lft foreverinet6 fe80::dbb5:b534:a44a:a21/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@lvs1 ~]# systemctl status keepalived.service #keepalived状态为启用
● keepalived.service - LVS and VRRP High Availability MonitorLoaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)Active: active (running) since 日 2024-03-17 01:59:36 CST; 9s ago[root@lvs1 ~]# systemctl stop nginx #停止nginx,验证监控脚本
[root@lvs1 ~]# systemctl status keepalived.service #keepalived服务关闭
● keepalived.service - LVS and VRRP High Availability MonitorLoaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)Active: inactive (dead)[root@lvs1 ~]# ip a #VIP地址已转移
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:48:b3:7b brd ff:ff:ff:ff:ff:ffinet 192.168.88.38/24 brd 192.168.88.255 scope global noprefixroute ens37valid_lft forever preferred_lft foreverinet6 fe80::dbb5:b534:a44a:a21/64 scope link noprefixroute valid_lft forever preferred_lft forever[root@proxy ~]# ip a
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:e4:cd:ac brd ff:ff:ff:ff:ff:ffinet 192.168.88.66/24 brd 192.168.88.255 scope global noprefixroute ens37valid_lft forever preferred_lft foreverinet 192.168.88.88/24 scope global secondary ens37valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fee4:cdac/64 scope link valid_lft forever preferred_lft forever192.168.88.88/24 scope global secondary ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee4:cdac/64 scope link
valid_lft forever preferred_lft forever
``
依然可以访问,实现了高可用效果。
