Keepalived+LVS双热互备Nginx对realserver网站负载均衡.docx
《Keepalived+LVS双热互备Nginx对realserver网站负载均衡.docx》由会员分享,可在线阅读,更多相关《Keepalived+LVS双热互备Nginx对realserver网站负载均衡.docx(17页珍藏版)》请在冰豆网上搜索。
Keepalived+LVS双热互备Nginx对realserver网站负载均衡
Keepalived+LVS双热互备Nginx对realserver网站负载均衡
体系架构:
在Keepalived+Nginx高可靠负载均衡架构中,keepalived负责实现High-availability(HA)功能控制前端机VIP(虚拟网络地址),当有设备发生故障时,热备服务器可以瞬间将VIP自动切换过来,实际运行中体验只有2秒钟切换时间,,后端机Nginx实现对realserver七层负载均衡功能,日后也可随着业务量增大随意扩展,DNS负责前端VIP的负载均衡。
硬件环境:
vmware7.1.2网卡Host-only模式接入
系统软件环境:
两台DR安装:
centos4.3+lnmp(linuxversion2.6.9-89.31.1.elRedHat3.4.6-11)32位,分别命名为:
LVS_DR_MASTER,LVS_DR_BACKUP;默认LVS_DR_MASTER作主机,LVS_DR_BACKUP作热备;realserver作为后端应用服务器。
DirectRouting:
直接路由模式
CLIENT:
地址:
200.200.200.2
子网掩码:
255.255.255.0
默认网关:
200.200.200.1
LVS_DR_MASTER:
ip:
200.200.200.10(主服务器)
子网掩码:
255.255.255.0
默认网关:
200.200.200.1
vip1(LVS_DR_MASTER):
200.200.200.200
LVS_DR_BACKUP:
ip:
200.200.200.11(备服务器)
子网掩码:
255.255.255.0
默认网关:
200.200.200.1
vip1(LVS_DR_BACKUP):
200.200.200.200
RealServer1
eth0:
200.200.200.20
eth0:
0:
200.200.200.200
RealServer2
eth0:
200.200.200.21
eth0:
0:
200.200.200.199
准备工作:
分别在每台服务器安装nginx
关闭所有服务器防火墙
分别在每台服务器创建网页显示文件
LVS_DR_MASTER:
echo"LVS_DR_MASTER200.200.200.10">/home/wwwroot/index.html
LVS_DR_BACKUP:
echo"LVS_DR_BACKUP200.200.200.11">/home/wwwroot/index.html
realserver1:
echo"realserver1200.200.200.20">/home/wwwroot/index.html
realserver2:
echo"realserver2200.200.200.21">/home/wwwroot/index.html
同步服务器的系统时间
#ntpdatetime.nist.gov
8Dec11:
56:
59ntpdate[10531]:
adjusttimeserver192.43.244.18offset0.009136sec
查看当前kernels环境
#uname–a
Linuxlocalhost.localdomain2.6.9-89.31.1.EL#1TueOct1916:
47:
55EDT2010i686i686i386GNU/Linux
软连接当前kernels目录到/usr/src/linux,否则无法支持IPVS
#ln-s/usr/src/kernels/2.6.9-89.31.1.EL-i686/ /usr/src/linux
下载:
#wgethttp:
//www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.24.tar.gz
#wgethttp:
//www.keepalived.org/software/keepalived-1.1.20.tar.gz
安装ipvsadm(lvs管理查看工具):
#tarzxvfipvsadm-1.24.tar.gz
#cdipvsadm-1.24
#make
#makeinstall
查看ipvsadm是否安装正确
#watchipvsadm–ln
Every2.0s:
ipvsadm-lnTueDec1412:
59:
182010
IPVirtualServerversion1.2.0(size=4096)
ProtLocalAddress:
PortSchedulerFlags
->RemoteAddress:
PortForwardWeightActiveConnInActConn
安装keepalived(HA):
#tarzxvfkeepalived-1.1.20.tar.gz
#cdkeepalived-1.1.20
注意项
Centos5.0以下需要修改以下configure才能通过。
#vi/usr/src/linux/include/linux/types.h
/*
typedef__u16__bitwise__sum16;
typedef__u32__bitwise__wsum;
*/
#./configure--prefix=/usr/local/keepalived
看到提示如下状态
Keepalivedconfiguration
------------------------
Keepalivedversion:
1.1.20
Compiler:
gcc
Compilerflags:
-g-O2
ExtraLib:
-lpopt-lssl-lcrypto
UseIPVSFramework:
Yes
IPVSsyncdaemonsupport:
Yes
UseVRRPFramework:
Yes
UseDebugflags:
No
#make
#makeinstall
#cp/usr/local/keepalived/etc/rc.d/init.d/keepalived/etc/rc.d/init.d/
#cp/usr/local/keepalived/etc/sysconfig/keepalived/etc/sysconfig/
#mkdir/etc/keepalived
#cp/usr/local/keepalived/etc/keepalived/keepalived.conf/etc/keepalived/
#cp/usr/local/keepalived/sbin/keepalived/usr/sbin/
编写LVS_DR_MASTERkeepalived配置文件
#vi/usr/local/keepalived/etc/keepalived/keepalived.conf
global_defs{
notification_email{
***************
}
notification_email_from***************
smtp_server
smtp_connect_timeout30
router_idLVS_DEVEL//LVS负载均衡标识,在一个网络内,它是唯一标识
}
vrrp_scriptchk_http{
script"/usr/local/keepalived/nginx_pid.sh"//监控脚本
interval10//监控时间,以秒为单位
weight1//权重值,数值越大权重越高
}
vrrp_instanceVI_1{
stateMASTER//实例状态state,只有MASTER,BACKUP两种必需大写单词
interfaceeth0//监控网卡
virtual_router_id51//虚拟路由编号,主辅要一致
priority100//权重值MASTER一定要大于BACKUP
advert_int1//检查间隔时间,单位为1秒
authentication{
auth_typePASS//验证类型主要有PASS、AH两种,通常使用的类型为PASS,据说AH使用时有问题
auth_pass1111//验证密码为明文,主从服务器要一致
}
track_script{
chk_http//执行监控的服务
}
virtual_ipaddress{
200.200.200.200//1_vip,定义虚拟IP,可以有多个,分行写入
}
}
#定义virtual_server(HTTP|80)
virtual_server200.200.200.20080{
delay_loop6#servicepolling的delay时间
lb_algorr#负载调度算法,常用wlc、rr
lb_kindDR#负载均衡转发规则,一般有DR、NAT、TUN
persistence_timeout50#会话保持时间,单位为秒
protocolTCP#协议类型(TCP|UDP)
#定义rs1,每一个rs都需要下面的一个配置段
real_server200.200.200.2080{
weight1#权值默认1,0为失效,值越高权重越高
TCP_CHECK{#TCP方式的健康检查
connect_timeout3#连接超时时间
nb_get_retry3#重试次数
delay_before_retry3#重试间隔
connect_port80#健康检查端口
}
}
#定义rs2
real_server200.200.200.2180{
weight1
TCP_CHECK{
connect_timeout3
nb_get_retry3
delay_before_retry3
connect_port80
}
}
}
编写LVS_DR_BACKUPkeepalived配置文件
#vi/usr/local/keepalived/etc/keepalived/keepalived.conf
global_defs{
notification_email{
***************
}
notification_email_from***************
smtp_server
smtp_connect_timeout30
router_idLVS_DEVEL
}
vrrp_scriptchk_http{
script"/usr/local/keepalived/nginx_pid.sh"
interval10
weight1
}
vrrp_instanceVI_1{
stateBACKUP
interfaceeth0
virtual_router_id51
priority99
advert_int1
authentication{
auth_typePASS
auth_pass1111
}
track_script{
chk_http//执行监控的服务
}
virtual_ipaddress{
200.200.200.200//1_vip
}
}
virtual_server200.200.200.20080{
delay_loop6
lb_algorr
lb_kindDR
persistence_timeout50
protocolTCP
real_server200.200.200.2080{
weight1
TCP_CHECK{
connect_timeout3
nb_get_retry3
delay_before_retry3
connect_port80
}
}
real_server200.200.200.2180{
weight1
TCP_CHECK{
connect_timeout3
nb_get_retry3
delay_before_retry3
connect_port80
}
}
}
服务层检查脚本补充
当keepalived发现当LVS_DR_MASTER服务器nginx无法正常使用时,keepalived是无法检测到服务层故障来切换到LVS_DR_BACKUP服务器,我认为如果nginx服务挂掉了,我觉得就很难再起来,所以我把keepalived也杀掉了,再有,类似nagios服务监控软件也会给你报警。
#vi/usr/local/keepalived/nginx_pid.sh
#!
/bin/sh
A=`ps-Cnginx--no-header|wc-l` //查看是否有nginx进程数并把值赋给变量A
if[$A-eq0];then //如果没有进程则值得为零
/usr/local/nginx/sbin/nginx
sleep5
if[`ps-Cnginx--no-header|wc-l`-eq0];then
killallkeepalived //结束keepalived进程
fi
fi
提示:
要给/usr/local/keepalived/nginx_pid.sh加入可执行权限
#chmod744/usr/local/keepalived/nginx_pid.sh
注意:
一定要在主服务器keepalived.conf中相应LVS_DR_MASTER地方加入内容(具体见先前配置)
1.
vrrp_scriptchk_http{
script"/usr/local/keepalived/nginx_pid.sh" //监控脚本
interval10 //监控时间
weight1 //权重值,数值越大权重越高
}
2.
track_script{
chk_http //执行监控的服务
}
启动keepalived服务
#servicekeepalivedstart
Startingkeepalived:
[OK]
建议使用:
#/usr/local/keepalived/sbin/keepalived-D-f/etc/keepalived/keepalived.conf
-D显示在日志记录
-f指定配置文件目录
确认keepalived已启动
#ps-aux|grepkeepalived
Warning:
badsyntax,perhapsabogus'-'?
See/usr/share/doc/procps-3.2.3/FAQ
root52270.00.24896696?
Ss18:
150:
00keepalived-D
root52280.00.449481276?
S18:
150:
00keepalived-D
root52290.00.449481036?
S18:
150:
00keepalived-D
root56540.00.23820664pts/1S+18:
190:
00grepkeepalived
设置keepalived随服务器一起启动
#echo“/usr/local/keepalived/sbin/keepalived-D-f/etc/keepalived/keepalived.conf”>>/etc/rc.d/rc.local
所有realserver添加一个监听IP地址和一条路由:
#vi/usr/local/sbin/realserver
#!
/bin/bash
#/usr/local/sbin/realserver
SNS_VIP=200.200.200.200
./etc/rc.d/init.d/functions
case"$1"in
start)
ifconfiglo:
0$SNS_VIPnetmask255.255.255.255broadcast$SNS_VIP
/sbin/routeadd-host$SNS_VIPdevlo:
0
echo"1">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo"2">/proc/sys/net/ipv4/conf/lo/arp_announce
echo"1">/proc/sys/net/ipv4/conf/all/arp_ignore
echo"2">/proc/sys/net/ipv4/conf/all/arp_announce
sysctl-p>/dev/null2>&1
echo"RealServerStartOK"
;;
stop)
ifconfiglo:
0down
routedel$SNS_VIP>/dev/null2>&1
echo"0">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo"0">/proc/sys/net/ipv4/conf/lo/arp_announce
echo"0">/proc/sys/net/ipv4/conf/all/arp_ignore
echo"0">/proc/sys/net/ipv4/conf/all/arp_announce
echo"RealServerStoped"
;;
*)
echo"Usage:
$0{start|stop}"
exit1
esac
exit0
赋给脚本可执行权限
#chmod744/usr/local/sbin/realserver
让脚本最系统一起启动
echo“/usr/local/sbin/realserverstart”>>/etc/rc.d/rc.local
增加/etc/network/interfaces固定IP和轮循lo:
0
#vi/etc/sysconfig/network-scripts/ifcfg-lo:
0
DEVICE=lo:
0
BOOTPROTO=static
IPADDR=200.200.200.200
NETMASK=255.255.255.0
ONBOOT=yes
GATEWAY=200.200.200.1
验证测试
1.当LVS_DR_MASTER、LVS_DR_BACKUP服务器nginx均正常工作时,CLIENT通过浏览器访问
http:
//200.200.200.10
LVS_DR_MASTER200.200.200.10
http:
//200.200.200.11
LVS_DR_BACKUP200.200.200.11
http:
//200.200.200.20
realserver1200.200.200.20
http:
//200.200.200.21
realserver2200.200.200.21
http:
//200.200.200.200
realserver1200.200.200.20
2.当LVS_DR_MASTER服务器nginx出现故障,LVS_DR_BACKUP正常工作时,CLIENT通过浏览器访问
http:
//200.200.200.10
无法访问
http:
//200.200.200.11
LVS_DR_BACKUP200.200.200.11
http:
//200.200.200.20
realserver1200.200.200.20
http:
//200.200.200.21
realserver2200.200.200.21
http:
//200.200.200.200
realserver1200.200.200.20
3.当LVS_DR_MASTER正常工作时,LVS_DR_BACKUP服务器nginx出现故障,CLIENT通过浏览器访问
http:
//200.200.200.10
LVS_DR_MASTER200.200.200.10
http:
//200.200.200.11
无法访问
http:
//200.200.200.20
realserver1200.200.200.20
http:
//200.200.200.21
realserver2200.200.200.21
http:
//200.200.200.200
realserver1200.200.200.20
4.当LVS_DR_MASTER、LVS_DR_BACKUP服务器nginx均出现故障时,CLIENT通过浏览器访问
http:
//200.200.200.10
无法访问
http:
//200.200.200.11
无法访问
http:
//200.200.200.20
realserver1200.200.200.20
http:
//200.200.200.21
realserver2200.200.200.21
http:
//200.200.200.200
无法访问
为了配合LVS平台,还需如下操作:
1、安装RRDTOOL
使用yum安装:
在/etc/yum.repos.d/目录下新建dag.repo文件在文件中输入源地址:
#vidag.repo
[dag]
name=DagRPMRepositoryforRedHatEnterpriseLinux
baseurl=http:
//apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
gpgkey=