負載均衡技術對於一個網站尤其是大型網站的web服務器集羣來說是至關重要的!做好負載均衡架構,可以實現故障轉移和高可用環境,避免單點故障,保證網站健康持續運行。
由於業務擴展,網站的訪問量不斷加大,負載越來越高。現需要在web前端放置nginx負載均衡,同時結合keepalived對前端nginx實現HA高可用。
介紹下Nginx和keepalive
1.Nginx
Nginx 是一個很強大的高性能Web和反向代理服務器,它具有很多非常優越的特性:
Nginx作爲負載均衡服務器:Nginx 既可以在內部直接支持 Rails 和 PHP 程序對外進行服務,也可以支持作爲 HTTP代理服務器對外進行服務。Nginx採用C進行編寫,不論是系統資源開銷還是CPU使用效率都比 Perlbal 要好很多。
2.keepalive
Keepalived是Linux下面實現VRRP備份路由的高可靠性運行件。基於Keepalived設計的服務模式能夠真正做到主服務器和備份服務器故障時IP瞬間無縫交接。二者結合,可以構架出比較穩定的軟件LB方案。
Nginx+keepalive高可用方式有兩種:
1.Nginx+keepalived 主從配置
這種方案,使用一個vip地址,前端使用2臺機器,一臺做主,一臺做備,但同時只有一臺機器工作,另一臺備份機器在主機器不出現故障的時候,永遠處於浪費狀態,對於服務器不多的網站,該方案不經濟實惠。
2.Nginx+keepalived 雙主配置
這種方案,使用兩個vip地址,前端使用2臺機器,互爲主備,同時有兩臺機器工作,當其中一臺機器出現故障,兩臺機器的請求轉移到一臺機器負擔,非常適合於當前架構環境。所以在這裏就詳細介紹下雙主模型配置
一、拓撲結構
二、測試環境介紹
系統centos7.4 64位
centos6.9 64位
前端node1服務器:DIP:192.168.92.136
VIP1:192.168.92.23
VIP2:192.168.92.24
前端node2服務器:DIP:192.168.92.133
VIP1:192.168.92.24
VIP2:192.168.92.23
後端服務器:web node3:192.168.92.123
web node4:192.168.92.124
web node5:192.168.92.125
我們開始之前先把防火牆和selinux關掉,很多時候我們服務器之間不通都是這些原因造成的。
三、軟件安裝
Nginx和keepalive的安裝非常簡單,我們可以直接使用yun來安裝。
yum install keepalived nginx -y
後端服務器我們同樣用yum來裝上Nginx
後端node3
[root@node3 ~]# yum -y install nginx
[root@node3 ~]# echo "this is 192.168.92.123" > /usr/share/nginx/html/index.html
[root@node3 ~]# service nginx start
[root@node3 ~]# curl 192.168.92.123
this is 192.168.92.123後端node4
[root@node4 ~]# yum -y install nginx
[root@node4 ~]# echo "this is 192.168.92.124" > /usr/share/nginx/html/index.html
[root@node4 ~]# service nginx start
[root@node4 ~]# curl 192.168.92.124
this is 192.168.92.124後端node5
[root@node5 ~]# yum -y install nginx
[root@node5 ~]# echo "this is 192.168.92.125" > /usr/share/nginx/html/index.html
[root@node5 ~]# service nginx start
[root@node5 ~]# curl 192.168.92.125
this is 192.168.92.125四、在node1、node2上配置Nginx
[root@node2 ~]# vim /etc/nginx/conf.d/node2.conf #在擴展配置目錄中配置需要註釋掉主配置文件中的server部分
upstream web1 {
#ip_hash; #hash綁定ip
server 192.168.92.123:80;
server 192.168.92.124:80;
server 192.168.92.125:80;
}
server {
listen 80;
server_name www.node.com;
index index.html index.htm;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://web1;
}
}五、在node1上配置keepalive
[root@node1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_gruop4 224.0.100.23
}
vrrp_script chk_haproxy {
script "/etc/keepalived/chk_nginx.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface ens37
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 111123
}
track_script {
chk_nginx
}
virtual_ipaddress {
192.168.92.23
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens37
virtual_router_id 151
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 123123
}
track_script {
chk_nginx
}
virtual_ipaddress {
192.168.92.24
}
}六、在node2上配置keepalive
[root@node2 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_gruop4 224.0.100.23
}
vrrp_script chk_haproxy {
script "/etc/keepalived/chk_nginx.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface ens34
virtual_router_id 51
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 111123
}
track_script {
chk_nginx
}
virtual_ipaddress {
192.168.92.23
}
}
vrrp_instance VI_2 {
state MASTER
interface ens34
virtual_router_id 151
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123123
}
track_script {
chk_nginx
}
virtual_ipaddress {
192.168.92.24
}
}七、在雙主服務器上添加檢測腳本
此腳本作用是檢測Nginx是否運行,如果沒有運行就啓動Nginx
如果啓動失敗則停止keepalive,保證備用服務器正常運行。
[root@node2 ~]# cat /etc/keepalived/chk_nginx.sh
#!/bin/bash
status=$(ps -C nginx --no-heading|wc -l)
if [ "${status}" = "0" ]; then
systemctl start nginx
status2=$(ps -C nginx --no-heading|wc -l)
if [ "${status2}" = "0" ]; then
systemctl stop keepalived
fi
fi八、啓動Nginx、keepalive服務
[root@node2 ~]# service nginx start
[root@node2 ~]# service keepalived start
[root@node3 ~]# service nginx start
[root@node3 ~]# service keepalived start九、查看VIP並測試訪問
[root@node2 ~]# ip a
..........
ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ca:0b:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.92.133/24 brd 192.168.92.255 scope global dynamic ens34
valid_lft 1293sec preferred_lft 1293sec
inet 192.168.92.24/32 scope global ens34
valid_lft forever preferred_lft forever
inet6 fe80::9bff:2e2b:aebb:e35/64 scope link
valid_lft forever preferred_lft forever
.........
[root@node1 ~]# ip a
..........
ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:04:b6:17 brd ff:ff:ff:ff:ff:ff
inet 192.168.92.136/24 brd 192.168.92.255 scope global dynamic ens37
valid_lft 1567sec preferred_lft 1567sec
inet 192.168.92.23/32 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::7ff4:9608:5903:1a4b/64 scope link
valid_lft forever preferred_lft forever
..........[root@node1 ~]# curl http://192.168.92.23
this is 192.168.92.123
[root@node1 ~]# curl http://192.168.92.23
this is 192.168.92.124
[root@node1 ~]# curl http://192.168.92.23
this is 192.168.92.125
[root@node1 ~]# curl http://192.168.92.24
this is 192.168.92.124十、測試腳本是否能正常運行
手動停止Nginx後自動恢復啓動
[root@node1 ~]# systemctl stop nginx
[root@node1 ~]# ss -tnlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:* users:(("nginx",pid=20257,fd=6),("nginx",pid=20256,fd=6))
LISTEN 0 128 *:22 *:* users:(("sshd",pid=913,fd=3))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=991,fd=13))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=913,fd=4))
LISTEN 0 100 ::1:25 :::* users:(("master",pid=991,fd=14))