文章目錄
- 高可用性(High Availability)作用
- 一、keepalived是什么?
- 二、利用keepalived實作高可用的配置
- 1.將兩臺服務器都配置負載均衡功能
- 2.安裝配置keepalived軟體
- 3.兩臺負載均衡器啟動keepalived
- 4.查看ip地址,看高可用是否搭建成功
- 總結
高可用性(High Availability)作用
1、一個業務不能因為某個設備或者點出現問題而導致整個業務不能正常運轉,不能有單點故障,
2、出現任何情況都可以運行—》利用高可用解決,
提示:以下是本篇文章正文內容,下面案例可供參考
一、keepalived是什么?
核心技術點是vrrp協議和vip,
1、vrrp協議的作業原理:
虛擬路由器是作業在實際的物理路由器之上的,它由多個實際的路由器組成,包括一個Master路由器和多個Backup路由器,Master路由器正常作業時,局域網內的主機通過Master與外界通信,當Master路由器出現故障時,Backup路由器中的一臺設備將成為新的Master路由器,接替轉發報文的作業
2、vip–虛擬的ip地址,誰成為master,vip就在哪臺linux機器上,客戶機訪問虛擬ip就可以了,
二、利用keepalived實作高可用的配置
準備2臺linux服務器 硬體配置盡量一致,本文采用的是centos系統7,nginx1.21,
1.將兩臺服務器都配置負載均衡功能
(1)將兩臺linux機器使用腳本一鍵安裝部署linux,(兩臺linux機器除了ip地址不同,其他都相同)腳本如下:
#!/bin/bash
#解決軟體的依賴關系,需要安裝的軟體包
yum -y install epel-release
yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel gcc gcc-c++ autoconf automake make psmisc net-tools lsof vim geoip geoip-devel
#新建luogan用戶和組
id yejing || useradd yejing -s /sbin/nologin
#下載nginx軟體
mkdir /yejing99 -p
cd /yejing99
wget http://nginx.org/download/nginx-1.21.1.tar.gz
#解壓軟體
tar xf nginx-1.21.1.tar.gz
#進入解壓后的檔案夾
cd nginx-1.21.1
#編譯前的配置
./configure --prefix=/usr/local/scyejing99 --user=yejing --group=yejing --with-http_ssl_module --with-threads --with-http_v2_module --with-http_stub_status_module --with-stream --with-http_geoip_module
#如果上面的編譯前的配置失敗,直接退出腳本
if (( $? != 0));then
exit
fi
#編譯
make -j 2
#編譯安裝
make install
#修改PATH變數
echo "PATH=/usr/local/scyejing99/sbin:$PATH" >>/root/.bashrc
#執行修改了環境變數的腳本
source /root/.bashrc
#firewalld and selinux
#stop firewall和設定下次開機不啟動firewalld
service firewalld stop
systemctl disable firewalld
#臨時停止selinux和永久停止selinux
setenforce 0
sed -i '/^SELINUX=/ s/enforcing/disabled/' /etc/selinux/config
#開機啟動
chmod +x /etc/rc.d/rc.local
echo "/usr/local/scyejing99/sbin/nginx" >>/etc/rc.local
#修改nginx.conf的配置,例如:埠號,worker行程數,執行緒數,服務域名
sed -i '/worker_processes/ s/1/2/' /usr/local/scyejing99/conf/nginx.conf
sed -i '/worker_connections/ s/1024/2048/' /usr/local/scyejing99/conf/nginx.conf
sed -i -r '36c \\tlisten 80;' /usr/local/scyejing99/conf/nginx.conf
sed -i -r '37c \\tserver_name www.yejing.com;' /usr/local/scyejing99/conf/nginx.conf
#killall nginx行程
#killall -9 nginx
#啟動nginx
#/usr/local/scyejing99/sbin/nginx
(2)配置ip地址,網路連接方式選擇橋接或者hostonly,我選擇的是hostonly連接方式,ifcfg-ens33組態檔如下:
[root@bnginx2 keepalived]# cd /etc/sysconfig/network-scripts/
[root@bnginx2 network-scripts]# vim ifcfg-ens33
DEFROUTE=yes
BOOTPROTO=static
NAME=ens33
IPADDR=192.168.5.15 #第二臺linux機器只要這里的ip地址不同就可以
DNS1=192.168.5.1
GATEWAY=192.168.5.1
DEVICE=ens33
ONBOOT=yes
NETMASK=255.255.255.0
(3)配置負載均衡功能,另外負載均衡需要三臺安裝nginx的機器,使用上面的腳本一鍵安裝部署就可以,配置好ip地址,nginx.conf檔案的配置如下:
[root@bnginx keepalived]# cd /usr/local/scyejing99/conf/
#user nobody;
worker_processes 2;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream scbackend{ #負載均衡功能,添加這一段代碼
#ip_hash;
server 192.168.5.6; #另外三臺linux機器的ip地址,當訪問負載均衡器的時候其實是訪問到這幾臺機器上
server 192.168.5.7;
server 192.168.5.8;
}
server {
listen 80;
server_name www.yejing.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
# root html;
# index index.html index.htm;
# 訪問根目錄的時候轉到負載均衡器上
proxy_pass http://scbackend;
proxy_set_header X-Real-IP $remote_addr;
}
#
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
(4)關閉兩臺機器的防火墻和selinux
#關閉防火墻:
[root@nginx-filebeat-01 ~]# systemctl stop firewalld
#設定開機禁止啟動
[root@nginx-filebeat-01 ~]# systemctl disable firewalld
#關閉selinux
#編輯/etc/selinux/config檔案,修改
SELINUX=disabled
#selinux組態檔修改之后生效需要重啟服務器:
[root@nginx-filebeat-01 ~]# reboot
#重啟之后驗證是否生效
[root@nginx-filebeat-01 ~]# getenforce
Disabled
[root@nginx-filebeat-01 ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled;
Active: inactive (dead)
Docs: man:firewalld(1)
2.安裝配置keepalived軟體
(1)在兩臺負載均衡器上都要安裝keepalived
[root@bnginx sc]# yum install keepalived -y
(2)配置keepalived.conf檔案,添加vip和相關資訊
[root@bnginx sc]# cd /etc/keepalived/
[root@bnginx keepalived]# vim keepalived.conf
#master 的具體配置
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict 這一行一定要注釋!!!
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 { #啟動一個vrrp的實體 vI_1 實體名,可以自定義,如果需要雙vip的話增加一個實體即可
state MASTER #角色是master
interface ens33 # 在哪個介面上監聽vrrp協議,同時系結vip到哪個介面
virtual_router_id 51 # 虛擬路由id(幫派) 1~255范圍
priority 110 #優先級,誰高誰是master,所有master的優先級要設定高一點
advert_int 1 #宣告訊息 時間間隔 1秒 也就是每隔一秒告訴backup自己運行正常,當backup沒收到這訊息,就自動成為master
authentication { #認證
auth_type PASS #認證的型別是密碼認證
auth_pass 1111 #具體的密碼,可以自己修改
}
virtual_ipaddress { #vip的配置,vip可以是多個ip
192.168.5.30
}
}
#另一臺負載均衡器,backup的具體配置
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP #這里要改成backup
interface ens33
virtual_router_id 51 #id一定要和對應的master一致
priority 100 #優先級要比master小
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.5.30 #虛擬ip也要和對應的master一致
}
}
3.兩臺負載均衡器啟動keepalived
[root@bnginx2 keepalived]# service keepalived start
Redirecting to /bin/systemctl start keepalived.service
#看行程,看keepalived是否啟動成功,keepalived不監聽具體的那個埠號,因為vrrp是組播通信
[root@bnginx conf]# ps aux|grep keepalived
root 7392 0.0 0.1 123000 1404 ? Ss 16:09 0:00 /usr/sbin/keepalived -D
root 7393 0.0 0.3 133960 3328 ? S 16:09 0:00 /usr/sbin/keepalived -D
root 7394 0.0 0.2 133832 2660 ? S 16:09 0:02 /usr/sbin/keepalived -D
root 7460 0.0 0.0 112824 988 pts/0 R+ 19:00 0:00 grep --color=auto keepalived
#啟動成功
4.查看ip地址,看高可用是否搭建成功
#查看ip地址,在第一臺負載均衡器上,第二臺沒有,因為第一臺是master,出現問題才會用第二臺
[root@bnginx conf]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:27:f3:3a brd ff:ff:ff:ff:ff:ff
inet 192.168.5.2/24 brd 192.168.5.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.5.30/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe27:f33a/64 scope link
valid_lft forever preferred_lft forever
總結
vip是可以漂移的,當matser掛掉,vip會自動到backup上去,至此,nginx利用keepalived實作了高可用,如果有對搭建雙vip感興趣的可以留言交流,
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/291827.html
標籤:其他