<small id="hjex1"></small>

        <tbody id="hjex1"></tbody>
      1. <menuitem id="hjex1"></menuitem>
        <menuitem id="hjex1"></menuitem>

          安基網 首頁 系統 Linux 查看內容

          IT運維實戰篇:Nginx+Keepalived高可用架構配置實戰教程

          2019-3-12 02:05| 投稿: xiaotiger |來自: 互聯網


          免責聲明:本站系公益性非盈利IT技術普及網,本文由投稿者轉載自互聯網的公開文章,文末均已注明出處,其內容和圖片版權歸原網站或作者所有,文中所述不代表本站觀點,若有無意侵權或轉載不當之處請從網站右下角聯系我們處理,謝謝合作!

          摘要: 理論介紹:Keepalived高可用軟件簡介目前互聯網主流的實現WEB網站及數據庫服務高可用軟件包括:keepalived、heartbeat等。Heartbeat是比較早期的實現高可用軟件,而keepalived是目前輕量級的管理方便、易用的高可用軟件解決方案,得到互聯網公司IT人的青睞。Keepalived是一個類似于工作在layer3, 4 7 ...

          理論介紹:

          Keepalived高可用軟件簡介

          目前互聯網主流的實現WEB網站及數據庫服務高可用軟件包括:keepalived、heartbeat等。Heartbeat是比較早期的實現高可用軟件,而keepalived是目前輕量級的管理方便、易用的高可用軟件解決方案,得到互聯網公司IT人的青睞。

          Keepalived是一個類似于工作在layer3, 4 & 7交換機制的軟件,Keepalived軟件有兩種功能,分別是監控檢查、VRRP冗余協議。

          Keepalived的作用是檢測web服務器的狀態,如果有一臺web服務器、Mysql服務器宕機,或工作出現故障,Keepalived將檢測到后,會將有故障的web服務器或者Mysql服務器從系統中剔除,當服務器工作正常后Keepalived自動將web、Mysql服務器加入到服務器群中,這些工作全部自動完成,不需要人工干涉,需要人工做的只是修復故障的WEB和Mysql服務器。Layer3,4&7工作在IP/TCP協議棧的IP層、傳輸層及應用層,實現原理分別如下:

          Layer3:Keepalived使用Layer3的方式工作式時,Keepalived會定期向服務器群中的服務器發送一個ICMP的數據包(,如果發現某臺服務的IP地址無法ping通,Keepalived便報告這臺服務器失效,并將它從服務器集群中剔除。Layer3的方式是以服務器的IP地址是否有效作為服務器工作正常與否的標準。

          Layer4: Layer4主要以TCP端口的狀態來決定服務器工作正常與否。如WEB server的服務端口一般是80,如果Keepalived檢測到80端口沒有啟動,則Keepalived將把這臺服務器從服務器群中剔除。

          Layer7:Layer7工作在應用層,Keepalived將根據用戶的設定檢查服務器程序的運行是否正常,如果與用戶的設定不相符,則Keepalived將把服務器從服務器群中剔除。

          Keepalived VRRP原理剖析

          虛擬路由冗余協議(Virtual Router Redundancy Protocol,簡稱VRRP)

          Keepalived是VRRP的完美實現,在學習keepalived之前,必須了解VRRP協議的原理。在現實的網絡環境中,兩臺需要通信的主機大多數情況下并沒有直接的物理連接。對于這樣的情況,它們之間路由怎樣選擇?主機如何選定到達目的主機的下一跳路由,這個問題通常的解決方法有二種:

          在主機上使用動態路由協議RIP、OSPF;

          在主機上配置靜態路由;

          在主機上配置路態路由是非常不切實際的,因為管理、維護成本以及是否支持等諸多問題。配置靜態路由就變得十分流行,但路由器(或者說默認網關default gateway)卻經常成為單點,VRRP的目的就是為了解決靜態路由單點故障問題。VRRP通過一競選(election)協議來動態的將路由任務交給LAN中虛擬路由器中的某臺VRRP路由器。

          在VRRP虛擬路由器集群中,由多臺物理的路由器組成,但是這多臺的物理路由器并不能同時工作,而是由一臺稱為MASTER路由器負責路由工作,其它的都是BACKUP,MASTER并非一成不變,VRRP會讓每個VRRP路由器參與競選,最終獲勝的就是MASTER。

          MASTER擁有一些特權,例如擁有虛擬路由器的IP地址或者成為VIP,擁有特權的MASTER要負責轉發發送給網關地址的包和響應ARP請求。

          VRRP通過競選協議來實現虛擬路由器的功能,所有的協議報文都是通過IP多播(multicast)包(多播地址 224.0.0.18)形式發送的。虛擬路由器由VRID(范圍0-255)和一組IP地址組成,對外表現為一個周知的MAC地址。所以在一組虛擬路由器集群中,不管誰是MASTER,對外都是相同的MAC和VIP。客戶端主機并不需要因為MASTER的改變而修改自己的路由配置。

          作為MASTER的VRRP路由器會一直發送VRRP廣播包(VRRP Advertisement message),BACKUP不會搶占MASTER,除非它的優先級(Priority)更高。當MASTER不可用時(BACKUP收不到廣播包時), 多臺BACKUP中優先級最高的這臺會搶占為MASTER。這種搶占是非常快速的,以保證服務的連續性。由于安全性考慮VRRP包使用了加密協議進行。

          而keepalived可以基于VRRP技術,將兩臺物理主機當成路由器,兩臺物理機主機組成一個虛擬路由集群,Master高的主機產生VIP,該VIP負責轉發用戶發起的IP包或者負責處理用戶的請求,Nginx+Keepalived組合,用戶的請求直接訪問keepalived VIP地址,然后訪問Master相應服務和端口;


          實戰如下:

          Nginx+Keepalived安裝配置實戰

          環境準備:

          系統版本:Centos6.7(最小化安裝)

          Keepalived版本:keepalived-1.2.15

          Nginx版本:nginx-1.13.4

          keepalived(主):192.168.60.93

          keepalived(備):192.168.60.94

          Apache:192.168.60.91

          Apache1:192.168.60.92

          VIP:192.168.60.88

          1)Apache安裝,執行以下命令

          [[email protected] ~]# yum -y install httpd httpd-devel

          寫入測試文件,執行以下命令

          [[email protected] ~]# echo "this is 192.168.60.91 server" >/var/www/html/index.html

          啟動httpd服務

          service httpd restart

          curl命令測試

          [[email protected] ~]# curl localhost

          1

          2)Apache1安裝

          [[email protected] ~]# yum -y install httpd httpd-devel

          寫入測試文件,執行以下命令

          [[email protected] ~]# echo "this is 192.168.60.92 server" >/var/www/html/index.html

          啟動httpd服務

          service httpd restart

          curl命令測試

          [[email protected] ~]# curl localhost

          2

          3)Nginx+keepalived安裝(主)

          #安裝Nginx軟件

          1)安裝Nginx所需要的依賴包

          yum -y install pcre pcre-devel openssl openssl-devel gcc gcc-c++ wget

          2)下載Nginx源碼包

          wget -c http://distfiles.macports.org/nginx/nginx-1.13.4.tar.gz

          3)解壓

          tar zxf nginx-1.13.4.tar.gz

          cd nginx-1.13.4

          4)隱藏Nginx版本號

          sed -i s/1.13.4/ /;s/nginx\//nginx/ src/core/nginx.h

          5)創建www用戶,執行預編譯

          useradd -s /sbin/nologin www

          ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module

          6)編譯Nginx

          make &&make install

          7)創建軟連接

          ln -s /usr/local/nginx/sbin/nginx /usr/sbin/nginx

          #安裝keepalived軟件

          1)安裝keepalived所需要的依賴包

          yum -y install openssl openssl-devel popt-devel kernel-devel gcc gcc-c++ libnl libnl-devel libnfnetlink-devel popt wget

          2)下載keepalived軟件包

          wget -c http://www.keepalived.org/software/keepalived-1.2.15.tar.gz

          3)解壓

          tar zxf keepalived-1.2.15.tar.gz

          cd keepalived-1.2.15

          4)預編譯keepalived

          ./configure --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/2.6.32-696.16.1.el6.x86_64

          5)編譯、安裝keepalived

          make && make install

          6)創建軟連接,拷貝相應的文件

          ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin

          cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig

          cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d

          chkconfig --add keepalived

          chkconfig keepalived on

          mkdir /etc/keepalived

          cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

          4)Nginx+keepalived安裝(備)

          #安裝Nginx軟件

          1)安裝Nginx所需要的依賴包

          yum -y install pcre pcre-devel openssl openssl-devel gcc gcc-c++ wget

          2)下載Nginx源碼包

          wget -c http://distfiles.macports.org/nginx/nginx-1.13.4.tar.gz

          3)解壓

          tar zxf nginx-1.13.4.tar.gz

          cd nginx-1.13.4

          4)隱藏Nginx版本號

          sed -i s/1.13.4/ /;s/nginx\//nginx/ src/core/nginx.h

          5)創建www用戶,執行預編譯

          useradd -s /sbin/nologin www

          ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module

          6)編譯Nginx

          make &&make install

          7)創建軟連接

          ln -s /usr/local/nginx/sbin/nginx /usr/sbin/nginx

          #安裝keepalived軟件

          1)安裝keepalived所需要的依賴包

          yum -y install openssl openssl-devel popt-devel kernel-devel gcc gcc-c++ libnl libnl-devel libnfnetlink-devel popt wget

          2)下載keepalived軟件包

          wget -c http://www.keepalived.org/software/keepalived-1.2.15.tar.gz

          3)解壓

          tar zxf keepalived-1.2.15.tar.gz

          cd keepalived-1.2.15

          4)預編譯keepalived

          ./configure --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/2.6.32-696.16.1.el6.x86_64

          5)編譯、安裝keepalived

          make && make install

          6)創建軟連接,拷貝相應的文件

          ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin

          cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig

          cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d

          chkconfig --add keepalived

          chkconfig keepalived on

          mkdir /etc/keepalived

          cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

          5)Nginx負載均衡配置(主)

          編輯/usr/local/nginx/conf/nginx.conf配置文件,配置內容如下

          worker_processes 1;
          events {
          worker_connections 1024;
          }
          http {
          include mime.types;
          default_type application/octet-stream;
          sendfile on;
          keepalive_timeout 65;
          upstream test_web {
          server 192.168.60.91:80 weight=1 max_fails=2 fail_timeout=15s;
          server 192.168.60.92:80 weight=1 max_fails=2 fail_timeout=15s;
          }
          server {
          listen 80;
          server_name localhost;
          location / {
          proxy_next_upstream http_502 http_504 error timeout invalid_header;
          proxy_pass http://test_web;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          }
          }
          }
          

          6)Nginx負載均衡配置(備)

          編輯/usr/local/nginx/conf/nginx.conf配置文件,配置內容如下

          worker_processes 1;
          events {
          worker_connections 1024;
          }
          http {
          include mime.types;
          default_type application/octet-stream;
          sendfile on;
          keepalive_timeout 65;
          upstream test_web {
          server 192.168.60.91:80 weight=1 max_fails=2 fail_timeout=15s;
          server 192.168.60.92:80 weight=1 max_fails=2 fail_timeout=15s;
          }
          server {
          listen 80;
          server_name localhost;
          location / {
          proxy_next_upstream http_502 http_504 error timeout invalid_header;
          proxy_pass http://test_web;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          }
          }
          }
          

          7)編輯keepalived(主)配置文件

          編輯vim /etc/keepalived/keepalived.conf,配置內容如下

          ! Configuration File for keepalived
           global_defs {
           notification_email {
           [email protected]
           }
           notification_email_from [email protected]
           smtp_server 127.0.0.1
           smtp_connect_timeout 30
           router_id LVS_DEVEL
           }
           vrrp_script chk_nginx {
           script "/data/shell/check_nginx.sh"
           interval 2
           weight 2
           }
           vrrp_instance VI_1 {
           state MASTER
           interface eth0
           virtual_router_id 51
           mcast_src_ip 192.168.60.93
           priority 100
           advert_int 1
           authentication {
           auth_type PASS
           auth_pass 1111
           }
           virtual_ipaddress {
           192.168.60.88
           }
           track_script {
           chk_nginx
           }
           }
          

          8)編輯keepalived(備)配置文件

          編輯vim /etc/keepalived/keepalived.conf,配置內容如下

          ! Configuration File for keepalived
           global_defs {
           notification_email {
           [email protected]
           }
           notification_email_from [email protected]
           smtp_server 127.0.0.1
           smtp_connect_timeout 30
           router_id LVS_DEVEL
           }
           vrrp_script chk_nginx {
           script "/data/shell/check_nginx.sh"
           interval 2
           weight 2
           }
           vrrp_instance VI_1 {
           state BACKUP
           interface eth0
           virtual_router_id 51
           mcast_src_ip 192.168.60.94
           priority 99
           advert_int 1
           authentication {
           auth_type PASS
           auth_pass 1111
           }
           virtual_ipaddress {
           192.168.60.88
           }
           track_script {
           chk_nginx
           }
           }
          

          9)啟動nginx和keepalived服務(主)

          [[email protected] ~]# nginx -t

          [[email protected] ~]# nginx

          [[email protected] ~]# service keepalived start

          [[email protected] ~]# ps -ef | egrep keep|nginx

          3

          10)啟動nginx和keepalived服務(備)

          [[email protected] ~]# nginx -t

          [[email protected] ~]# nginx

          [[email protected] ~]# service keepalived start

          [[email protected] ~]# ps -ef | egrep keep|nginx

          4

          11)編寫nginx檢測存活腳本(主),腳本內容如下:

          [[email protected] ~]# mkdir -p /data/shell

          [[email protected] ~]# vim /data/shell/check_nginx.sh

          [[email protected] ~]# chmod o+x /data/shell/check_nginx.sh

          #!/bin/bash
          #2018-11-27 14:27:56
          #author by FY
          #Automatic detection of nginx process state
          NUM=`ps -ef | grep -v grep | grep -c "nginx: master process"`
          if [ "$NUM" -eq 0 ];then
          service keepalived stop
          echo -e "\033[32m `date +%Y%m%d:%H:%M` nginx|keepalived is stop success \033[0m[" >> /tmp/nginx_keepalived.log
          fi
          

          保存退出~~

          12)編寫nginx檢測存活腳本(備),腳本內容如下:

          [[email protected] ~]# mkdir -p /data/shell

          [[email protected] ~]# vim /data/shell/check_nginx.sh

          [[email protected] ~]# chmod o+x /data/shell/check_nginx.sh

          #!/bin/bash
          #2018-11-27 14:27:56
          #author by FY
          #Automatic detection of nginx process state
          NUM=`ps -ef | grep -v grep | grep -c "nginx: master process"`
          if [ "$NUM" -eq 0 ];then
          service keepalived stop
          echo -e "\033[32m `date +%Y%m%d:%H:%M` nginx|keepalived is stop success \033[0m[" >> /tmp/nginx_keepalived.log
          fi
          

          保存退出~~

          實驗結果:當nginx(主)機器宕機后,VIP自動漂移到keepalived(備)機器上,如下圖

          正常在keepalived(主)運行:

          5

          6

          7

          當nginx宕機后,自動漂移過來,如下圖

          [[email protected] ~]# pkill nginx

          8

          9

          10

          11

          13)編寫檢測nginx和keepalived狀態的腳本(因為nginx宕機之后,keepalived和nginx不會自動起來),并加到定時任務(主和備機器都需要執行一遍)

          手動編輯vim /data/shell/auto_nginx_status.sh文件,腳本內容如下:

          #!/bin/bash
          #2018-11-27 14:27:56
          #author by FY
          #Automatic detection of nginx and keepalived process states
          NUM=`ps -ef | grep -v grep | grep -c "nginx: master process"`
          NUM1=`ps -ef | grep -v grep | grep -c "keepalived"`
          if [ "$NUM" -ne 0 -a "$NUM" -eq 0 ];then
          service keeaplived start
          fi
          if [ "$NUM" -eq 0 -a "$NUM1" -eq 0 ];then
          /usr/local/nginx/sbin/nginx
          service keepalived start
          fi
          

          保存退出~~~

          14)添加到定時任務,執行以下命令:

          [[email protected] shell]# echo "*/1 * * * * root sh /data/shell/auto_nginx_status.sh" >> /etc/crontab

          [[email protected] shell]# cat /etc/crontab

          [[email protected] shell]# service crond restart

          12


          到此結束,謝謝支持



          小編推薦:欲學習電腦技術、系統維護、網絡管理、編程開發和安全攻防等高端IT技術,請 點擊這里 注冊賬號,公開課頻道價值萬元IT培訓教程免費學,讓您少走彎路、事半功倍,好工作升職加薪!

          本文出自:https://www.toutiao.com/a6667044918998860301/

          免責聲明:本站系公益性非盈利IT技術普及網,本文由投稿者轉載自互聯網的公開文章,文末均已注明出處,其內容和圖片版權歸原網站或作者所有,文中所述不代表本站觀點,若有無意侵權或轉載不當之處請從網站右下角聯系我們處理,謝謝合作!


          鮮花

          握手

          雷人

          路過

          雞蛋

          相關閱讀

          最新評論

           最新
          返回頂部
          北京赛车高手经验分享