基于Keepalived+Nginx實作高可用負載均衡

基礎環境

• 作業系統：RHEL7.4(VM workstation 14pro)
• 資料庫：mariadb10.1.28-systemd
• web伺服器：Nginx1.10+php-fpm
• 檔案伺服器：NFS

DS伺服器實作高可用

1、關閉selinux及防火牆

[[email protected] ~]#sed -i 's/SELINUX=enforcing/SELINUX=disabled' /etc/selinux/conf
[[email protected] ~]#systemctl stop firewalld
[[email protected] ~]#systemctl disable firewalld
           

2、配置Centos的yum源

配置如下：
         [[email protected] ~]#cat /etc/yum.repo.d/Centos7.repo
[Centos7]
name=Centos7repo
baseurl=http://mirrors.aliyun.com/centos/7/os/x86_64/
gpgkey=http://mirror.aliyun.org/centos/7/os/x86_64/RPM-GPG-KEY-CentOS-7
gpgcheck=1
enable=1
           

3、安裝并配置keepalived

[[email protected] ~]#yum install -y keepalived
[[email protected] ~]#cp /etc/keepalived/keepalived.conf{,.bak}
[[email protected] ~]#vim /etc/keealived/keepalived.conf
	! Configuration File for keepalived
	global_defs {
	#   notification_email {		告警通知的email
	#     [email protected]
	#     [email protected]
	#     [email protected]
	#   }
	#   notification_email_from [email protected]
	#   smtp_server 192.168.200.1
	#   smtp_connect_timeout 30
	   router_id LVS_DEVEL
	#   vrrp_skip_check_adv_addr
	#   vrrp_strict			預設開啟情況下，當keepalived啟動後，會在INPUT鍊上添加一條全DROP規則
	   vrrp_garp_interval 0
	   vrrp_gna_interval 0
	}
	vrrp_instance VI_1 {	執行個體名
	    state MASTER		主
	    interface ens33		執行個體指定網絡接口
	    virtual_router_id 51		虛拟路由ID，主備相同
	    priority 100		主備優先級
	    advert_int 1
	    authentication {
	        auth_type PASS	認證方式
		auth_pass 1111		明文密碼
	    }
	    virtual_ipaddress {
	        192.168.101.200	虛拟路由IP位址
	    }
	}

備機上需要對優先級，主備狀态進行修改
	state BACKUP		備
	priority 80		主備優先級，值越大，級别越高
[[email protected] ~]#systemctl restart keepalived.service
可通過ping 192.168.101.200進行簡單的測試
           

Mariadb、NFS伺服器搭建

1、關閉selinux及防火牆

[[email protected] ~]#sed -i 's/SELINUX=enforcing/SELINUX=disabled' /etc/selinux/conf
[[email protected] ~]#systemctl stop firewalld
[[email protected] ~]#systemctl disable firewalld
           

2、建立使用者、組

[[email protected] ~]#groupadd -g 700 mysql
[[email protected] ~]#useradd -u 700 -g mysql -s /sbin/nologin mysql
[[email protected] ~]#
           

3、安裝mariadb資料庫

因為systemd模式已經完全取代init，是以，在RHEL安裝中最好使用systemd[Maridb安裝包for systems with systemd](https://downloads.mariadb.org/mariadb/mariadb-10.1.28-linux-systemd-x86_64.tar.gz (for systems with systemd))
[[email protected] ~]#cd /tmp
[[email protected] tmp]#tar -zvxf mariadb-10.1.28-linux-systemd-x86_64.tar.gz
[[email protected] ~]#ln -s /tmp/mariadb-10.1.28 /usr/local/mysql		
[[email protected] ~]#cp /usr/local/mysql/support-files/mariadb.service /usr/lib/systemd/system/		複制mariadb.service檔案至systemd加載目錄
[[email protected] ~]#systemctl enable mariadb.service
[[email protected] ~]#cp /usr/local/mysql/my-large.cnf /etc/my.cnf		複制配置檔案至/etc目錄
[[email protected] ~]#sed -i '$aexport PATH=/usr/local/mysql/bin:$PATH' /etc/profile
[[email protected] ~]#source /etc/profile	添加環境變量
[[email protected] ~]#./usr/local/mysql/scripts/mysql_install_db --user=mysql
[[email protected] ~]#mysqladm -uroot passwod	指定root使用者登入密碼
[[email protected] ~]#systemctl start mariadb.service
[[email protected] ~]#mysql -uroot -p
Enter password:
	Welcome to the MariaDB monitor.  Commands end with ; or \g.
	Your MariaDB connection id is 6
	Server version: 10.1.28-MariaDB MariaDB Server
	Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
	Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
	MariaDB [(none)]> 
	MariaDB [(none)]> grant all privileges on *.* to 'root'@'%' identified by '********';
	賦權root使用者可以在任何主機通過******（密碼） 通路所有資料庫及表
	MariaDB [(none)]> flush privileges;
           

4、搭建NFS檔案共享

[[email protected] ~]#yum install -y nfs-utils
[[email protected] ~]#mkdir /www
[[email protected] ~]#chown -R root:root /www
[[email protected] ~]#chmod -R 775 /www
[[email protected] ~]#vim /etc/exports
添加如下内容：
/www	192.168.101.0/24（rw，no_root_squash）
no_root_squash：root使用者可以對該目錄進行讀寫操作；
[[email protected] ~]#systemctl restart nfs.service
[[email protected] ~]#showmount -e
Export list for localhost.localdomain:
/www 192.168.101.0/24
           

RS（Nginx）伺服器搭建

1、編譯安裝Nginx1.10

通過Nginx官方下載下傳[Nginx1.10.tar.gz](http://nginx.org/download/nginx-1.10.3.tar.gz)
[[email protected] ~]#yum install -y gcc openssl-devel perl-devel pcre-devel perl-ExtUtils-Embed
[[email protected] ~]#tar -zvxf nginx-1.10.3.tar.gz
[[email protected] nginx-1.10.3]#./configure \
--prefix=/usr/local/nginx1.10 \
--modules-path=/usr/local/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx.log \
--pid-path=/var/run/nginx.pid \
--user=nginx --group=nginx \		需要先建立使用者、組
--with-http_ssl_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_perl_module \
--with-ld-opt="-L,/usr/local/lib"		支援perl子產品時必須安裝，否則啟動服務會報錯
[[email protected] nginx-1.10.3]#make && make install
[[email protected] ~]#sed -i '$aexport PATH=/usr/local/nginx1.10/sbin:$PATH' /etc/profile
[[email protected] ~]#source /etc/profile		指定Nginx環境變量并生效
[[email protected] ~]#nginx -c /etc/nginx/nginx.conf
[[email protected] ~]#netstat -atnlp
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      14156/nginx: master
           

通過浏覽器便可通路Nginx測試頁面

2、安裝配置php-fpm

[[email protected] ~]#yum install -y php-fpm php-mysql
[[email protected] ~]#systemctl start php-fpm.service
[[email protected] ~]#netstat -atnlp
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      1462/php-fpm: maste
[[email protected] ~]#vim /etc/php-fpm.d/www.conf
; Start a new pool named 'www'.
[www]
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
user = apache
group = apache
……
預設情況下，php-fpm監聽本地127.0.0.1：9000位址
           

3、配置Nginx支援php-fpm解析

[[email protected] ~]#vim /etc/nginx/nginx.conf
	……
	server {
	        listen       80;
	        server_name  localhost;
	        charset utf-8;	支援簡體中文字元
	        root    html;	根目錄/usr/local/nginx1.10/html
	        client_max_body_size 50M;
	        #access_log  logs/host.access.log  main;
	        location / {
	            index  index.php index.html index.htm;
	        }
		location ~ \.php$ {
	            fastcgi_pass   127.0.0.1:9000;
	            fastcgi_index  index.php;
	            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;	當root在server段定義後，此處可以修改為$document_root來定位檔案位置
	            include        fastcgi_params;
	        	}
		}
	……
           

4、配置本地網絡實作lvs_dr模式

建立如下腳本,修改核心參數執行：
[[email protected] ~]#vim dr.sh
	#!/bin/bash
	VIP=192.168.101.200
	case $1 in
	start)
		ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
		route add -host $VIP dev lo:0
		echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
		echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
		echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
		echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
		sysctl -p  >/dev/null 2>&1
		echo "The VIP configure successful!"
	;;
	stop)
		ifconfig lo:0 down
		route del -host $VIP dev lo:0	
		echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
		echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
		echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
		echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
		sysctl -p > /dev/null 2>&1
		echo "The VIP deleted!"
	;;
	*)
		echo "usage:please choose options {start|stop}"
	;;
	esac
[[email protected] ~]#chmod +x dr.sh
[roo[email protected] ~]#./dr.sh start
[[email protected] ~]#ifconfig
	lo:0: flags=73
           

5、本地添加NFS共享目錄

[[email protected] ~]#yum install -y nfs-utils
[[email protected] ~]#mkdir /www
[[email protected] ~]#vim /etc/fstab	添加一條挂載資訊
192.168.101.151:/www	/www	nfs	defaults	0 0
[[email protected] ~]#mount -t nfs 192.168.101.151:/www /www
      

以上相同操作再部署一台RS伺服器，IP位址192.168.101.202

基于keepalived實作lvs_dr模式負載均衡

1、配置keepalived

在原有高可用基礎上，增加虛拟伺服器及realserver         [[email protected] ~]#vim /etc/keepalived/keepalived.conf
	virtual_server 192.168.101.200 80 {
	    delay_loop 6
	    lb_algo rr
	    lb_kind DR
	    persistence_timeout 50
	    protocol TCP
	    real_server 192.168.101.201 80 {
	        weight 1
	        TCP_CHECK {		監控服務狀态方式，類似的還有SSL_GET\HTTP_GET等
	            connect_port 80	監控的端口
	            connect_timeout 3
	            nb_get_retry 3
	            delay_before_retry 3
	        }
	    }
	    real_server 192.168.101.202 80 {
	        weight 1
	        TCP_CHECK {
	            connect_port 80
	            connect_timeout 3
	            nb_get_retry 3
	        }
	    }
	}
以上代碼需要在主備上均配置添加
[[email protected] ~]#systemctl restart keepalived
[[email protected] ~]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.101.200:80 rr persistent 50
  -> 192.168.101.201:80           Route   1      0          0         
  -> 192.168.101.202:80           Route   1      0          0 
           

部署wordpress個人網站

1、官網下載下傳wordpress安裝包，解壓至NFS伺服器/www目錄下

[[email protected] ~]#cd /www
[[email protected] www]#tar -zvxf wordpress-4.9.1-zh_CN.tar.gz
[[email protected] www]#cd wordpress
[[email protected] wordpress]#cp wp-config-sample.php wp-config.php{,.bak}
           

2、配置資料庫資訊

[[email protected] wordpress]#vim wp-config.php
define('DB_NAME', 'wordpress');
define('DB_USER', 'root');
define('DB_PASSWORD', '********');
define('DB_HOST', '192.168.101.151');
define('DB_CHARSET', 'utf8');

define("FS_METHOD","direct");
define("FS_CHMOD_DIR", 0777);
define("FS_CHMOD_FILE", 0777);
           

3、配置Nginx通路目錄

在兩台RS伺服器上修改nginx.conf         [[email protected] ~]#vim /etc/nginx/nginx.conf
	server {
	        listen       80;
	        server_name  localhost;
	        charset utf-8;	
	        root    /www/wordpress;	
	        client_max_body_size 50M;
		……
		}
           

4、開啟wordpress之旅