創作不易,來了的客官點點關注,收藏,訂閱一鍵三連?😜
前言
運維之基礎——Linux,我是一個即將畢業的大學生,超超,如果你也在學習Linux,不妨跟著萌新超超一起學習Linux,拿下Linux,一起加油,共同努力,拿到理想offer!
系列文章
Linux進階 | ?Docker+NFS+Volume實作資料一致性?
Linux進階 | 超詳細全方面的Docker Swarm Web集群介紹與部署!
Linux進階 | docker compose的安裝與使用詳解,超詳細!
概述
本期內容為Docker第七期,通過本期內容將會掌握Nginx的負載均衡、keepalived實作高可用等,同時將負載均衡+高可用(LB+HA)實作雙VIP,
目錄
前言
系列文章
概述
負載均衡
什么是負載均衡?
為什么要實作負載均衡?
負載均衡的演算法
負載均衡的實作
負載均衡高可用的實作
何為高可用?
為何要實作高可用?
keepalived
VRRP協議
負載均衡高可用的實作
漂移現象
腦裂現象
什么是腦裂現象?
發生腦裂的原因?
腦裂是否有危害?
負載均衡雙VIP高可用的實作
負載均衡
什么是負載均衡?
負載均衡:load balancing,將用戶的訪問請求均衡的分散到真正提供服務的機器上
負載均衡器:load balancer,實作負載均衡功能的一個機器
為什么要實作負載均衡?
1.能夠將大量的請求比較均勻的分散到后端,不會導致某臺服務器訪問量過大,某個服務又沒有訪問量
2.高可用(對后端的服務器進行健康檢測,如果后端那臺服務器出現問題,就不會再將請求轉發給它,從而避免用戶訪問不了服務器,啟動一個容錯的功能)
負載均衡的演算法
1.輪詢(roundrobin):默認下為輪詢演算法,默認情況下所有的服務器的權重值都是1 ,值越大優先級越好(加權輪詢)
2.ip_hash:基于客戶端的ip地址做負載均衡,相同的ip地址轉發到同一個服務器 --》用戶的會話資訊需要保存的,盡量讓這個客戶機每次都訪問相同的一臺
3.least-connected:最小連接數首選遍歷后端集群,比較每個后端的conns/weight,選取該值最小的后端,如果有多個后端的conns/weight值同為最小的,那么對它們采用加權輪詢演算法,
負載均衡的實作
1.準備一臺客戶機作為負載均衡器
IP:192.168.232.136 主機名:load-balancer擔任角色:負載均衡器(需要配置)
IP:192.168.232.132 主機名:docker-manager-1 擔任角色:swarm manager
IP:192.168.232.133 主機名:docker-2 擔任角色:swarm node1
IP:192.168.232.134 主機名:docker-3 擔任角色:swarm node2
IP:192.168.232.131 主機(ubuntu)名:chaochao 擔任角色:swarm node3
IP:192.168.232.135 主機名:nfs-server 擔任角色:nfs服務器
2.編譯腳本
[root@load-balancer ~]# vim onekey_install_lizhichao_nginx_v10.sh
[root@load-balancer ~]# cat onekey_install_lizhichao_nginx_v10.sh
#!/bin/bash
#解決軟體的依賴關系,需要安裝的軟體包
yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel gcc gcc-c++ autoconf automake make psmisc net-tools lsof vim wget
#新建chaochao用戶和組
id chaochao || useradd chaochao -s /sbin/nologin
#下載nginx軟體
mkdir /lzc_load_balancing -p
cd /lzc_load_balancing
wget http://nginx.org/download/nginx-1.21.1.tar.gz
#解壓軟體
tar xf nginx-1.21.1.tar.gz
#進入解壓后的檔案夾
cd nginx-1.21.1
#編譯前的配置
./configure --prefix=/usr/local/lzc_load_balancing --user=chaochao --group=chaochao --with-http_ssl_module --with-threads --with-http_v2_module --with-http_stub_status_module --with-stream
#如果上面的編譯前的配置失敗,直接退出腳本
if (( $? != 0));then
exit
fi
#編譯
make -j 2
#編譯安裝
make install
#修改PATH變數
echo "PATH=$PATH:/usr/local/lzc_load_balancing/sbin" >>/root/.bashrc
#執行修改了環境變數的腳本
source /root/.bashrc
#firewalld and selinux
#stop firewall和設定下次開機不啟動firewalld
service firewalld stop
systemctl disable firewalld
#臨時停止selinux和永久停止selinux
setenforce 0
sed -i '/^SELINUX=/ s/enforcing/disabled/' /etc/selinux/config
#開機啟動
chmod +x /etc/rc.d/rc.local
echo "/usr/local/lzc_load_balancing/sbin/nginx" >>/etc/rc.local
[root@load-balancer ~]#3.安裝運行腳本
[root@load-balacer ~]# bash onekey_install_lizhichao_nginx_v10.sh
……
test -d '/usr/local/lzc_load_balancing/logs' \
|| mkdir -p '/usr/local/lzc_load_balancing/logs'
make[1]: 離開目錄“/lzc_load_balancing/nginx-1.21.1”
Redirecting to /bin/systemctl stop firewalld.service
[root@load-balancer ~]#4.啟動nginx
命令:
nginx 啟動nginx
nginx -s stop 關閉nginx
[root@load-balancer nginx-1.21.1]# nginx
[root@load-balancer nginx-1.21.1]#
[root@load-balancer nginx-1.21.1]# ps aux|grep nginx
root 9301 0.0 0.2 119148 2176 ? Ss 18:20 0:00 nginx: master process nginx
nginx 9302 0.0 0.9 151824 7912 ? S 18:20 0:00 nginx: worker process
root 9315 0.0 0.1 12344 1108 pts/0 S+ 18:21 0:00 grep --color=auto nginx
[root@load-banlancer nginx-1.21.1]# ss -anplut|grep nginx
tcp LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=9302,fd=9),("nginx",pid=9301,fd=9))
tcp LISTEN 0 128 [::]:80 [::]:* users:(("nginx",pid=9302,fd=10),("nginx",pid=9301,fd=10))
[root@load-banlancer nginx-1.21.1]#5.配置nginx里的負載均衡功能
[root@load-balancer nginx-1.21.1]# cd /usr/local/lzc_load_balancing/
[root@load-balancer lzc_load_balancing]# ls
conf html logs sbin
[root@load-balancer lzc_load_balancing]# cd conf/
[root@load-balancer conf]# ls
fastcgi.conf fastcgi_params.default mime.types nginx.conf.default uwsgi_params
fastcgi.conf.default koi-utf mime.types.default scgi_params uwsgi_params.default
fastcgi_params koi-win nginx.conf scgi_params.default win-utf
[root@load-balancer conf]# vim nginx.conf
[root@load-balancer conf]# cat nginx.conf #以下僅顯示修改了的腳本部分
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream chaoweb{ #定義一個負載均衡器的名字為:chaoweb
server 192.168.232.132:8026;
server 192.168.232.131:8026;
server 192.168.232.133:8026;
server 192.168.232.134:8026;
}
server {
listen 80;
server_name www.lizhichao.com; #設定域名為www.sc.com
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
server 192.168.232.134:8026;
}
server {
listen 80;
server_name www.lizhichao.com; #設定域名為www.sc.com
location /{
proxy_pass http://chaoweb; #呼叫負載均衡器
}
[root@load-balancer conf]# nginx -s reload # 重新加載組態檔
[root@load-banlancer conf]# ps aux|grep nginx
root 9301 0.0 1.2 120068 9824 ? Ss 18:20 0:00 nginx: master process nginx
nginx 9395 0.1 1.0 152756 8724 ? S 19:16 0:00 nginx: worker process
root 9397 0.0 0.1 12344 1044 pts/0 S+ 19:18 0:00 grep --color=auto nginx
[root@load-balancer conf]#6.在Windows添加IP映射并查看效果
修改windows的hosts檔案,點擊此處查看方法
在C:\Windows\System32\drivers\etc的hosts檔案
在swarm集群上查看
[root@docker-manager-1 ~]# vim /etc/hosts
[root@docker-manager-1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.232.132 manager
192.168.232.133 worker1
192.168.232.134 worker2
192.168.232.131 worker3
192.168.232.136 www.lizhichao.com
[root@docker-manager-1 ~]# curl www.lizhichao.com
<html>
<head>
<title>chaochao</title>
</head>
<body>
<p>name:chaochao</p>
<p>sex:male</p>
<p>tel:1517388321</p>
<img src=1.jpg>
<a href=rep.html>reputation</a>
</body>
</html>
[root@docker-manager-1 ~]#7.查看負載均衡的分配情況
用抓包工具來查看:tcpdump
[root@load-balancer ~]# yum install tcpdump -y負載均衡高可用的實作
何為高可用?
高可用(High Availability),一個業務不會因為某個設備或某個點出現問題而導致整個業務不能正常運行,不能有單點故障,
為何要實作高可用?
防止單點故障,
單點:整個架構中只有一臺服務器的環境
單點故障:如果一臺服務器down機,導致整個集群出現例外
keepalived
官方檔案: https://www.keepalived.org/
Keepalived 是一個用 C 撰寫的路由軟體,該專案的主要目標是為 Linux 系統和基于 Linux 的基礎設施提供簡單而強大的負載平衡和高可用性設施,
負載均衡框架依賴于眾所周知且廣泛使用的Linux 虛擬服務器 (IPVS)內核模塊,提供第 4 層負載均衡,Keepalived 實作了一組檢查器,以根據其健康狀況動態和自適應地維護和管理負載平衡的服務器池,
另一方面,高可用性是通過VRRP實作的協議,VRRP 是路由器故障轉移的基礎,此外,Keepalived 為 VRRP 有限狀態機實作了一組鉤子,提供低級和高速協議互動,為了提供最快的網路故障檢測,Keepalived 實作了BFD協議,VRRP 狀態轉換可以考慮 BFD 提示來驅動快速狀態轉換,Keepalived 框架可以單獨使用,也可以一起使用,以提供彈性基礎設施,
keepalive兩大功能
1.實作高可用
2.負載均衡
VRRP協議
VRRP:虛擬路由冗余協議,它是一種容錯協議,它保證當用戶設備的下一跳路由器失效時,可以及時的由另一臺路由器來替代,從而保持通訊的連續和可靠,
VRRP包的源地址是本機地址,目的地址必須為224.0.0.18,跟TCP的協議號為6,UDP的協議號為17,ICMP的協議號為1一樣,VRRP協議一樣需要協議號,為112,
VRRP通過互動報文的方法將多臺路由器模擬成一臺虛擬路由器(該虛擬路由器可以有多個虛擬IP地址),網路上的主機與虛擬路由器進行通訊,一旦VRRP組中的某臺物理路由器失效,其它路由器自動接替作業,
啟動VRRP協議設備的角色
master和backup,Master路由器就是在VRRP組實際轉發資料包的路由器,Backup路由器就是在VRRP組中處于監聽狀態的路由器,一旦Master路由器出現故障,Backup路由器就開始接替作業
負載均衡高可用的實作
1.環境部署,需要準備兩臺服務器作為負載均衡器
IP:192.168.232.136 主機名:load-balancer擔任角色:負載均衡器(master)
IP:192.168.232.137 主機名:load-balancer擔任角色:負載均衡器
IP:192.168.232.168 擔任角色:虛擬路由器1
IP:192.168.232.169 擔任角色:虛擬路由器2
IP:192.168.232.132 主機名:docker-manager-1 擔任角色:swarm manager
IP:192.168.232.133 主機名:docker-2 擔任角色:swarm node1
IP:192.168.232.134 主機名:docker-3 擔任角色:swarm node2
IP:192.168.232.131 主機(ubuntu)名:chaochao 擔任角色:swarm node3
IP:192.168.232.135 主機名:nfs-server 擔任角色:nfs服務器
2.配置負載均衡
因為第1臺已經配置好了負載均衡功能,所以我們直接配置第2臺負載均衡服務器,通過克隆安裝第2臺nginx負載均衡器
3.安裝keepalived
命令:yum install keepalived -y
[root@load-balancer ~]# yum install keepalived -y[root@load-balancer-2 ~]# yum install keepalived -y4.配置/etc/keepalived/keepalived.conf
注釋:vrrp_strict
刪掉:檔案內負載均衡的功能(esc模式下輸入d999然后enter鍵,可以快速洗掉,但要補上global_defs {的“}”)
修改keepalived.conf以下部分
對于load balancing:
vrrp_instance VI_1 { #啟動一個vrrp的實體 VI_1 實體名,可以自定義
state MASTER #角色是master
interface ens33 #在ens33介面上監聽vrrp協議,同時系結vip到ens33介面
virtual_router_id 168 #虛擬路由id: 0~255范圍
priority 220 #優先級(master要高于backup) 0~255
advert_int 1 #advert interval 宣告訊息 時間間隔 1秒
authentication { #認證
auth_type PASS #認證的型別是密碼認證 password
auth_pass 1111
}
virtual_ipaddress {
192.168.232.168 #vip的配置,vip可以是多個ip
}
}
對于load balancing-2(backup):
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 168
priority 130
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.232.168
}
}5.重啟keepalived服務
命令:service keepalived restart
[root@load-balancer ~]# service keepalived restart
Redirecting to /bin/systemctl restart keepalived.service
[root@load-balancer ~]#[root@load-balancer-2 ~]# service keepalived restart
Redirecting to /bin/systemctl restart keepalived.service
[root@load-balancer-2 ~]#6.ip add查看是否keepalied部署成功
MASTER:
[root@load-balancer ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:9a:d6:b6 brd ff:ff:ff:ff:ff:ff
inet 192.168.232.136/24 brd 192.168.232.255 scope global dynamic noprefixroute ens33
valid_lft 1232sec preferred_lft 1232sec
inet 192.168.232.168/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::b4cd:b005:c610:7b3b/64 scope link dadfailed tentative noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::40fb:5be0:b6f9:b063/64 scope link dadfailed tentative noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::2513:c641:3555:5eeb/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@load-balancer ~]#注:vip虛擬路由部署成功
BACKUP:
[root@load-balancer-2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:04:e5:b4 brd ff:ff:ff:ff:ff:ff
inet 192.168.232.137/24 brd 192.168.232.255 scope global dynamic noprefixroute ens33
valid_lft 1153sec preferred_lft 1153sec
inet6 fe80::b4cd:b005:c610:7b3b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@load-balancer-2 ~]#TIPS:
同時可以通過ping 虛擬路由地址,ping通說明部署成功
[root@load-balancer-2 ~]# ping 192.168.232.168
PING 192.168.232.168 (192.168.232.168) 56(84) bytes of data.
64 bytes from 192.168.232.168: icmp_seq=1 ttl=64 time=1.57 ms
64 bytes from 192.168.232.168: icmp_seq=2 ttl=64 time=0.625 ms
c64 bytes from 192.168.232.168: icmp_seq=3 ttl=64 time=0.514 ms
64 bytes from 192.168.232.168: icmp_seq=4 ttl=64 time=0.525 ms
^C
--- 192.168.232.168 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 88ms
rtt min/avg/max/mdev = 0.514/0.809/1.572/0.442 ms
[root@load-balancer-2 ~]#7.訪問虛擬路由地址(VIP)
訪問:https://vip地址
8.通過查看arp快取表查看vip作用在哪臺負載均衡器上
漂移現象
當master服務器的keepalived服務關閉后,master轉移到backup的現象,
腦裂現象
什么是腦裂現象?
服務器中有2臺或2臺以上vip地址
腦裂是因為考慮不周或者誤操作導致,我們一般不去故意制造腦裂,
發生腦裂的原因?
1.virtual_router_-id不一樣
2.防火墻阻止了keepalived的vrrp訊息的通告
腦裂是否有危害?
腦裂現象對于高可用而言,沒有危害,
防火墻導致的腦裂現象,是有危害的,用戶將不能進行訪問,
master作業時,backup服務器屬于閑置狀態,如果將backup也對外提供服務?
1.故意制造腦裂
2.DNS域名決議+使用雙VIP
負載均衡雙VIP高可用的實作
原理:通過設定keepalived.conf檔案,增加一個vrrp實體,試得backup具有master角色,同時master也具備了backup的角色,
步驟如下:
1.配置keepalived.conf檔案
對于單VIP下的master:
[root@load-balancer ~]# vim /etc/keepalived/keepalived.conf
[root@load-balancer ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 168
priority 220
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.232.168
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 169
priority 180
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.232.169
}
}
[root@load-balancer ~]#對于單VIP下的backup:
[root@load-balancer-2 ~]# vim /etc/keepalived/keepalived.conf
[root@load-balancer-2 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 168
priority 130
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.232.168
}
}
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 169
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.232.169
}
}
[root@load-balancer-2 ~]#2.重啟keepalived服務
對于單VIP下的master:
[root@load-balancer ~]# service keepalived restart
Redirecting to /bin/systemctl restart keepalived.service
[root@load-balancer ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:9a:d6:b6 brd ff:ff:ff:ff:ff:ff
inet 192.168.232.136/24 brd 192.168.232.255 scope global dynamic noprefixroute ens33
valid_lft 1374sec preferred_lft 1374sec
inet 192.168.232.168/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::b4cd:b005:c610:7b3b/64 scope link dadfailed tentative noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::40fb:5be0:b6f9:b063/64 scope link dadfailed tentative noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::2513:c641:3555:5eeb/64 scope link dadfailed tentative noprefixroute
valid_lft forever preferred_lft forever
[root@load-balancer ~]#對于單VIP下的backup:
[root@load-balancer-2 ~]# service keepalived restart
Redirecting to /bin/systemctl restart keepalived.service
[root@load-balancer-2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:04:e5:b4 brd ff:ff:ff:ff:ff:ff
inet 192.168.232.137/24 brd 192.168.232.255 scope global dynamic noprefixroute ens33
valid_lft 1435sec preferred_lft 1435sec
inet 192.168.232.169/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::b4cd:b005:c610:7b3b/64 scope link dadfailed tentative noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::40fb:5be0:b6f9:b063/64 scope link dadfailed tentative noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::2513:c641:3555:5eeb/64 scope link dadfailed tentative noprefixroute
valid_lft forever preferred_lft forever
[root@load-balancer-2 ~]#3.測驗是否成功實作
[root@load-balancer-2 ~]# nginx
[root@load-balancer-2 ~]# curl 192.168.232.169
<html>
<head>
<title>chaochao</title>
</head>
<body>
<p>name:chaochao</p>
<p>sex:male</p>
<p>tel:1517388321</p>
<img src=1.jpg>
<a href=rep.html>reputation</a>
</body>
</html>
[root@load-balancer-2 ~]#創作不易,客官點個贊,評論一下吧!超超和你一起加油?😜
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/297549.html
標籤:其他