nginx+keepalived高可用負載均衡安裝配置與故障測試

目錄

安裝篇

                 操作環境

        安裝nginx

        安裝keepalived

配置篇

web伺服器設定預設通路頁

負載均衡分發器配置

高可用負載均衡配置

測試篇

主從分發器伺服器故障測試

web伺服器故障測試

安裝篇

操作環境

主排程機master         192.168.42.133           nginx+keepalived

從排程機backup        192.168.42.132           nginx+keepalived

web伺服器rs1           192.168.42.134           nginx

web伺服器rs2           192.168.42.135           nginx

安裝nginx

#安裝依賴

yum -y install gcc zlib zlib-devel pcre-devel openssl openssl-devel lsof elinks

#安裝包放置位置

cd /usr/src

tar -zxvf nginx-1.15.5.tar.gz

#編譯安裝

cd nginx-1.15.5

./configure –prefix=/usr/local/nginx

make && make install

#殺死nginx

yum install psmisc

killall nginx

#啟動nginx

./usr/local/nginx/sbin/nginx

//檢測nginx開啟

lsof -i:80

COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

nginx   4191   root    6u  IPv4  21646      0t0  TCP *:http (LISTEN)

nginx   4192 nobody    6u  IPv4  21646      0t0  TCP *:http (LISTEN)

安裝keepalived

Keepalived的作⽤用是檢測伺服器器的狀态，如果有⼀一台web服務器當機，或工作出現故障， Keepalived将檢測到，并将有故障的服務器從系統中剔除，同時使用其他伺服器器代替該服 務器的工作，當伺服器器工作正常後Keepalived自動将伺服器加入到服務器群中，這些工作 全部自動完成，不不需要人幹涉，需要人工做的隻是修複故障的伺服器器。 協定 vrrp ，主分發器器的KP 會向網絡中發多點傳播 宣告自己還活着。

wget  http://www.keepalived.org/software/keepalived-2.0.8.tar.gz

#!/bin/bash

tar xf keepalived-2.0.8.tar.gz

yum -y install  kernel-devel

ln -s /usr/src/kernels/2.6.32-754.10.1.el6.x86_64/ /usr/src/linux

cd keepalived-2.0.8/

yum install openssl-* -y

./configure --prefix=/usr/local/keepalived

make

make install

mkdir -pv /etc/keepalived

cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/

keepalived/

ln -s /usr/local/keepalived/sbin/keepalived /sbin/

配置篇

web伺服器設定預設通路頁

#web01

[[email protected] ~]# sh nginx_install

[[email protected] ~]# echo web01 > /usr/local/nginx/html/index.html

[[email protected] ~]# /usr/local/nginx/sbin/nginx

[[email protected] ~]# elinks http://localhost --dump  

#web02

[[email protected] ~]# sh nginx_install

[[email protected] ~]# echo web02 > /usr/local/nginx/html/index.html

[[email protected] ~]# yum -y install elinks &>/dev/null

[[email protected] ~]# /usr/local/nginx/sbin/nginx

[[email protected] ~]# elinks http://localhost --dump  

負載均衡分發器配置

[[email protected] ~]# cat /usr/local/nginx/conf/nginx.conf

worker_processes  1;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on;

    laowangkeepalive_timeout  65;

    upstream web{

        server 192.168.42.134;

        server 192.168.42.135;

}

    server {

        listen       80;

        server_name  localhost;

        location / {

          proxy_pass http://web;

        }

        error_page   500 502 503 504  /50x.html;

        location = /50x.html {

            root   html;

        }}}

測試

通路分發器伺服器vip時，均衡向兩個web伺服器發起請求

[[email protected] ~]# elinks http://192.168.42.133 -dump

   web02

[[email protected] ~]# elinks http://192.168.42.133 -dump

   web01

高可用負載均衡配置

keepalived配置檔案

#cat /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

router_id NGINX_DEVEL

}

定義一個腳本

vrrp_script check_nginx {

腳本路徑

script "/etc/keepalived/nginx_pid.sh"

每兩秒運作一次

interval 2

失敗次數

fall 1

}

定義一個執行個體叢集

vrrp_instance nginx {

狀态為主分發器時用master，從分發器用backup

state MASTER

interface ens33

mcast_src_ip 192.168.42.133

virtual_router_id 51

優先級100，從分發器需低于主的優先級

priority 100

探針1秒發一次多點傳播

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

track_script {

運作監控腳本

check_nginx

}

virtual_ipaddress {

192.168.42.213/24

}

}

建立keepalived檢測腳本

#chmod 755 /etc/keepalived/nginx_pid.sh

#cat /etc/keepalived/nginx_pid.sh

#!/bin/bash

nginx_kp_check () {

檢測nginx服務

nginxpid=`ps -C nginx --no-header |wc -l`

if [ $nginxpid -eq 0 ];then

檢測不到時啟動nginx

/usr/local/nginx/sbin/nginx

1秒後繼續檢測

sleep 1

nginxpid=`ps -C nginx --no-header |wc -l`

if [ $nginxpid -eq 0 ];then

啟動服務失敗後關閉keepalived

systemctl stop keepalived

fi

fi

}

nginx_kp_check

測試篇

主從分發器伺服器故障測試

通路keepalived配置的公網vip

[[email protected] ~]# elinks http://192.168.42.200 --dump

   web01

[[email protected] ~]# elinks http://192.168.42.200 --dump

   web02

停止nginx服務，nginx_pid.sh檢測腳本将自動啟動nginx

[[email protected] ~]# killall nginx

[[email protected] ~]# lsof -i:80

COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

nginx   18462   root    6u  IPv4  59924      0t0  TCP *:http (LISTEN)

nginx   18464 nobody    6u  IPv4  59924      0t0  TCP *:http (LISTEN)

強制停止master的nginx服務，主檢測腳本發現不能啟動nginx，直接殺死主keepalived服務，backup自己多點傳播vip代替master

watch -n1 killall nginx

[[email protected] keepalived]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

    link/ether 00:0c:29:17:46:b7 brd ff:ff:ff:ff:ff:ff

    inet 192.168.42.132/24 brd 192.168.42.255 scope global noprefixroute dynamic ens32

       valid_lft 1161sec preferred_lft 1161sec

    inet 192.168.42.200/24 scope global secondary ens32

       valid_lft forever preferred_lft forever

恢複master的keepalived服務，正常運作，backup退出vip

systemctl restart keepalived

[[email protected] keepalived]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

    link/ether 00:0c:29:17:46:b7 brd ff:ff:ff:ff:ff:ff

    inet 192.168.42.132/24 brd 192.168.42.255 scope global noprefixroute dynamic ens32

       valid_lft 1663sec preferred_lft 1663sec

    inet6 fe80::774a:584:ef92:f527/64 scope link noprefixroute

       valid_lft forever preferred_lft forever

web伺服器故障測試

web伺服器容錯機制

每個裝置的狀态設定為:

1.down 表示單前的server暫時不參與負載

2.weight 預設為1.weight越⼤，負載的權重就越⼤。

3.max_fails ：允許請求失敗的次數預設為1.當超過最⼤次數時，傳回

proxy_next_upstream 子產品定義的錯誤

4.fail_timeout:失敗逾時時間，在連接配接Server時，如果在逾時時間之内超過

max_fails指定的失敗次數，會認為在fail_timeout時間内Server不可⽤。預設為

10s。

5.backup： 其它所有的⾮backup機器down或者忙的時候，請求backup機器。是以這台

機器壓⼒會最輕。

在nginx配置檔案中配置rs

upstream web{

        server 192.168.42.134 max_fails=2 fail_timeout=5;

        server 192.168.42.135 max_fails=2 fail_timeout=5;

}

web01伺服器故障，分發器自動将請求分發到web02上面，web01 nginx恢複，請求分發正常

[[email protected] ~]# killall nginx

[[email protected] ~]# lsof -i :80

[[email protected] ~]# elinks http://192.168.42.200 --dump

   web02

[[email protected] ~]# elinks http://192.168.42.200 --dump

   web02

[[email protected] ~]# elinks http://192.168.42.200 --dump

   web02

[[email protected] ~]# /usr/local/nginx/sbin/nginx

[[email protected] ~]# elinks http://192.168.42.200 --dump

   web02

[[email protected] ~]# elinks http://192.168.42.200 --dump

   web01