Keepalived一开始就是为lvs设计的,解决了单点服务器的故障问题,能保证服务不中断、稳定运行。(《Keepalived在前一篇文章Nginx+Keepalived实现高可用负载均衡的主从模式》 就已经介绍过了,这里不多介绍了)
LVS是一种集群(Cluster)技术:采用IP负载均衡技术和基于内容请求分发技术。调度器具有很好的吞吐率,将请求均衡地转移到不同的服务器上执行,且调度器自动屏蔽掉服务器的故障,从而将一组服务器构成一个高性能的、高可用的虚拟服务器。整个服务器集群的结构对客户是透明的,而且无需修改客户端和服务器端的程序。工作在四层,在内核空间工作,基于ipvs模块,不占用流量。
双机高可用方法目前分为两种:
1)双机主从模式:即前端使用两台服务器,一台主服务器和一台热备服务器,正常情况下,主服务器绑定一个公网虚拟IP,提供负载均衡服务,热备服务器处于空闲状态;当主服务器发生故障时,热备服务器接管主服务器的公网虚拟IP,提供负载均衡服务;但是热备服务器在主机器不出现故障的时候,永远处于浪费状态,对于服务器不多的网站,该方案不经济实惠。
2)双机主主模式:这种模式的效果很强大,即前端使用两台负载均衡服务器,互为主备,且都处于活动状态(这样达到不浪费服务器),同时各自绑定一个公网虚拟IP,提供负载均衡服务;当其中一台发生故障时,另一台接管发生故障服务器的公网虚拟IP(这时由非故障机器一台负担所有的请求)。这种方案,经济实惠,非常适合于当前架构环境。
一、环境介绍:
操作系统:
[root@CentOS-4 ~]# cat /etc/RedHat-release
CentOS release 6.9 (Final)
服务器对应关系:
KA1:192.168.5.129 centos-1
KA2:192.168.5.128 centos-4
Vip1:192.168.5.200 129master/128backup
VIP2:192.168.5.210 128master/129backup
Web1:192.168.5.131 centos-2
Web2:192.168.5.132 centos-3
Client:192.168.5.140centos-5
二、环境安装:安装依赖:
(在KA1和KA2机器上执行以下步骤)
[root@centos-4 ~]# yum -y install gcc pcre-devel zlib-devel openssl-devel
[root@centos-4~]# cd /usr/local/src/
[root@centos-4 src]# wget
安装nginx
[root@centos-4 src]# tar -zvxfnginx-1.9.7.tar.gz
[root@centos-4 src]# cd nginx-1.9.7
[root@centos-4 nginx-1.9.7]#./configure --prefix=/usr/local/nginx --user=nginx --group=nginx--with-http_ssl_module --with-http_flv_module --with-http_stub_status_module--with-http_gzip_static_module --with-pcre
[root@centos-4 nginx-1.9.7]# make &&make install
[root@centos-1 ~]# yum install -ykeepalived
[root@centos-1 ~]# yum install –y ipvsadm
(在web1服务器和web2服务器上安装nginx)
[root@centos-2~]# yum -y install gcc pcre-devel zlib-devel openssl-devel
[root@centos-2~]# cd /usr/local/src/
[root@centos-2 src]# wget
安装nginx
[root@centos-2 src]# tar -zvxfnginx-1.9.7.tar.gz
[root@centos-2 src]# cd nginx-1.9.7
[root@centos-2 nginx-1.9.7]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx--with-http_ssl_module --with-http_flv_module --with-http_stub_status_module--with-http_gzip_static_module --with-pcre
[root@centos-2 nginx-1.9.7]# make &&make install
(所以服务器上配置)
[root@centos-1 ~]# cat/etc/sysconfig/selinux
SELINUX=disabled
[root@centos-1 ~]# getenforce
Disabled
[root@centos-1 ~]# service iptables stop
1、配置keepalived:
(KA1上操作)
[root@centos-1 ~]#cat /etc/keepalived/keepalived.conf
! Configuration File forkeepalived
global_defs {
notification_email {
acassen@firewall.loc
#failover@firewall.loc
#sysadmin@firewall.loc
}
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script "/opt/check_nginx.sh"
interval 2
weight -5
fall 2
rise 1
}
vrrp_instance VI_1{
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.5.200
}
}
vrrp_instance VI_2{
state BACKUP
interface eth0
virtual_router_id 50
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.5.210
}
}
track_script {
chk_http_port
}
}
virtual_server192.168.5.200 80 { # 定义转移ip端口80的集群服务
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.5.131 80 { # 定义集群服务包含的RS 1
weight 1 # 权重为1
HTTP_GET { # 定义RS1的健康状态检测
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 192.168.5.132 80 { # 定义集群服务包含的RS 2
weight 1 # 权重为1
HTTP_GET { # 定义RS2的健康状态检测
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
virtual_server 192.168.5.21080 { # 定义转移ip端口80的集群服务
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.5.131 80 { # 定义集群服务包含的RS 1
weight 1 # 权重为1
HTTP_GET { # 定义RS1的健康状态检测
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 192.168.5.132 80 { # 定义集群服务包含的RS 2
weight 1 # 权重为1
HTTP_GET { # 定义RS2的健康状态检测
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
(KA2上操作)
[root@centos-2 ~]# cat/etc/keepalived/keepalived.conf
! Configuration File forkeepalived
global_defs {
notification_email {
acassen@firewall.loc
#failover@firewall.loc
#sysadmin@firewall.loc
}
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script "/opt/check_nginx.sh"
interval 2
weight -5
fall 2
rise 1
}
vrrp_instance VI_1{
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.5.200
}
}
vrrp_instance VI_2{
state MASTER
interface eth0
virtual_router_id 50
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.5.210
}
}
track_script {
chk_http_port
}
}
virtual_server192.168.5.200 80 { # 定义转移ip端口80的集群服务
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.5.131 80 { # 定义集群服务包含的RS 1
weight 1 # 权重为1
HTTP_GET { # 定义RS1的健康状态检测
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 192.168.5.132 80 { # 定义集群服务包含的RS 2
weight 1 # 权重为1
HTTP_GET { # 定义RS2的健康状态检测
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
virtual_server192.168.5.210 80 { # 定义转移ip端口80的集群服务
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.5.131 80 { # 定义集群服务包含的RS 1
weight 1 # 权重为1
HTTP_GET { # 定义RS1的健康状态检测
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 192.168.5.132 80 { # 定义集群服务包含的RS 2
weight 1 # 权重为1
HTTP_GET { # 定义RS2的健康状态检测
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
编写一个监控nginx的脚本: