根据功能划分为两大类:高可用和负载均衡
高可用集群通常为两台服务器,一台工作,另外一台作为冗余,当提供服务的机器宕机,冗余将接替继续提供服务
实现高可用的开源软件有:heartbeat、keepalived
负载均衡集群,需要有一台服务器作为分发器,它负责把用户的请求分发给后端的服务器处理,在这个集群里,除了分发器外,就是给用户提供服务的服务器了,这些服务器数量至少为2
实现负载均衡的开源软件有LVS、keepalived、haproxy、nginx,商业的有F5、Netscaler 18.2 keepalived介绍
在这里我们使用keepalived来实现高可用集群,因为heartbeat在centos6上有一些问题,影响实验效果
keepalived通过VRRP(Virtual Router Redundancy Protocl)来实现高可用。
在这个协议里会将多台功能相同的路由器组成一个小组,这个小组里会有1个master角色和N(N>=1)个backup角色。
master会通过组播的形式向各个backup发送VRRP协议的数据包,当backup收不到master发来的VRRP数据包时,就会认为master宕机了。此时就需要根据各个backup的优先级来决定谁成为新的mater。
Keepalived要有三个模块,分别是core、check和vrrp。其中core模块为keepalived的核心,负责主进程的启动、维护以及全局配置文件的加载和解析,check模块负责健康检查,vrrp模块是来实现VRRP协议的。18.3-4-5 用keepalived配置高可用集群
用keepalived配置高可用
准备两台机器130和132,130作为master,132作为backup
两台机器都执行yum install -y keepalived
两台机器都安装nginx,其中130上已经编译安装过nginx,132上需要yum安装nginx: yum install -y nginx
设定vip为100
编辑130上keepalived配置文件master_keepalived.conf
130编辑监控脚本,内容从https://coding.net/u/aminglinux/p/aminglinux-book/git/blob/master/D21Z/master_check_ng.sh获取
给脚本755权限
systemctl start keepalived 130启动服务
132上编辑配置文件,内容从https://coding.net/u/aminglinux/p/aminglinux-book/git/blob/master/D21Z/backup_keepalived.conf获取
132上编辑监控脚本,内容从https://coding.net/u/aminglinux/p/aminglinux-book/git/blob/master/D21Z/backup_check_ng.sh获取
给脚本755权限
132上也启动服务 systemctl start keepalived测试高可用
先确定好两台机器上nginx差异,比如可以通过curl -I 来查看nginx版本
测试1:关闭master上的nginx服务
测试2:在master上增加iptabls规则
iptables -I OUTPUT -p vrrp -j DROP
测试3:关闭master上的keepalived服务
测试4:启动master上的keepalived服务操作过程
[root@linux-01 ~]# yum install -y keepalived
[root@linux-02 ~]# yum install -y keepalived
01号机已源码安装过nginx
[root@linux-02 ~]# yum install -y nginx
主机器配置
[root@linux-01 ~]# ls /etc/keepalived/keepalived.conf
/etc/keepalived/keepalived.conf
[root@linux-01 ~]# cat /etc/keepalived/keepalived.conf
[root@linux-01 ~]# > /etc/keepalived/keepalived.conf
[root@linux-01 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {br/>aming@aminglinux.com
}
notification_email_from root@aminglinux.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh"
interval 3
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux>com
}
virtual_ipaddress {
192.168.106.100
}
track_script {
chk_nginx
}
}
[root@linux-01 ~]# vim /usr/local/sbin/checkng.sh
#!/bin/bash
#时间变量,用于记录日志
d=`date --date today +%Y%m%d%H:%M:%S<br/>#计算nginx进程数量<br/>n=ps -C nginx --no-heading|wc -l<br/>#如果进程为0,则启动nginx,并且再次检测nginx进程数量,<br/>#如果还为0,说明nginx无法启动,此时需要关闭keepalived<br/>if [ $n -eq "0" ]; then<br/>/etc/init.d/nginx start<br/>n2=ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
[root@linux-01 ~]# chmod 755 /usr/local/sbin/check_ng.sh
[root@linux-01 ~]# systemctl start keepalived
[root@linux-01 ~]# ps aux|grep keepalived
root 10818 0.0 0.0 120740 1400 ? Ss 02:18 0:00 /usr/sbin/keepalived -D
root 10819 0.0 0.1 127476 3264 ? S 02:18 0:00 /usr/sbin/keepalived -D
root 10820 0.0 0.1 131780 3120 ? S 02:18 0:00 /usr/sbin/keepalived -D
root 10884 0.0 0.0 112676 984 pts/0 R+ 02:18 0:00 grep --color=auto keepalived
[root@linux-01 ~]# ps aux|grep nginx
root 1003 0.0 0.0 45988 1308 ? Ss 01:15 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 1007 0.0 0.2 48476 3948 ? S 01:15 0:00 nginx: worker process
nobody 1009 0.0 0.2 48476 3948 ? S 01:15 0:00 nginx: worker process
root 10904 0.0 0.0 112676 984 pts/0 R+ 02:18 0:00 grep --color=auto nginx
[root@linux-01 ~]# /etc/init.d/nginx stop
Stopping nginx (via systemctl): [ 确定 ]
[root@linux-01 ~]# ps aux|grep nginx
root 11878 0.0 0.0 112676 984 pts/0 R+ 02:24 0:00 grep --color=auto nginx
[root@linux-01 ~]# ps aux|grep nginx
root 11880 0.0 0.0 112676 984 pts/0 R+ 02:24 0:00 grep --color=auto nginx
[root@linux-01 ~]# ps aux|grep nginx
root 11893 0.0 0.0 112676 984 pts/0 R+ 02:24 0:00 grep --color=auto nginx
[root@linux-01 ~]# ps aux|grep nginx
root 12674 0.0 0.0 112676 980 pts/0 R+ 02:28 0:00 grep --color=auto nginx
[root@linux-01 ~]# date
2018年 04月 15日 星期日 02:28:29 CST
[root@linux-01 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:40:24:3d brd ff:ff:ff:ff:ff:ff
inet 192.168.106.160/24 brd 192.168.106.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.106.100/32 scope global ens33
[root@linux-01 ~]# systemctl stop firewalld
[root@linux-01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@linux-01 ~]# getenforce
Enforcing
[root@linux-01 ~]# setenforce 0
[root@linux-01 ~]# getenforce
Permissive
从机器配置
[root@linux-02 ~]# systemctl stop firewalld.service
[root@linux-02 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@linux-02 ~]# getenforce
Enforcing
[root@linux-02 ~]# setenforce 0
[root@linux-02 ~]# getenforce
Permissive
[root@linux-02 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {br/>aming@aminglinux.com
}
notification_email_from root@aminglinux.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh"
interval 3
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux>com
}
virtual_ipaddress {
192.168.106.100
}
track_script {
chk_nginx
}
}
[root@linux-02 ~]# vim /usr/local/sbin/checkng.sh
#时间变量,用于记录日志
d=`date --date today +%Y%m%d%H:%M:%S<br/>#计算nginx进程数量<br/>n=ps -C nginx --no-heading|wc -l<br/>#如果进程为0,则启动nginx,并且再次检测nginx进程数量,<br/>#如果还为0,说明nginx无法启动,此时需要关闭keepalived<br/>if [ $n -eq "0" ]; then<br/>systemctl start nginx<br/>n2=ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
[root@linux-02 ~]# chmod 755 /usr/local/sbin/check_ng.sh
[root@linux-02 ~]# systemctl start keepalived.service
[root@linux-02 ~]# ps aux|grep keepalived
root 1681 0.0 0.0 120740 1408 ? Ss 20:19 0:00 /usr/sbin/keepalived -D
root 1682 0.0 0.1 127476 3272 ? S 20:19 0:00 /usr/sbin/keepalived -D
root 1683 0.0 0.1 131780 3128 ? S 20:19 0:00 /usr/sbin/keepalived -D
root 1753 0.0 0.0 112676 988 pts/0 R+ 20:19 0:00 grep --color=auto keepalived
[root@linux-02 ~]# ps aux|grep nginx
root 1706 0.0 0.1 122908 2108 ? Ss 20:19 0:00 nginx: master process /usr/sbin/nginx
nginx 1707 0.0 0.1 123292 3136 ? S 20:19 0:00 nginx: worker process
root 1813 0.0 0.0 112676 984 pts/0 R+ 20:19 0:00 grep --color=auto nginx
浏览器打开 192.168.106.160 显示 This is default site.
[root@linux-01 ~]# cat /usr/local/nginx/conf/vhost/
aaa.com.conf load.conf proxy.conf ssl.conf test.com.conf
[root@linux-01 ~]# cat /usr/local/nginx/conf/vhost/aaa.com.conf
server
{
listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
location ~ .php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/aming.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/default$fastcgi_script_name;
}
}
[root@linux-01 ~]# cat /data/wwwroot/default/index.html
This is default site.
[root@linux-02 ~]# echo "backup backup" > /usr/share/nginx/html/index.html
[root@linux-02 ~]# cat /usr/share/nginx/html/index.html
backup backup
浏览器打开 192.168.106.165 显示 backup backup
浏览器打开 http://192.168.106.100/ 显示 This is default site.
测试主从切换
[root@linux-01 ~]# systemctl stop keepalived.service
[root@linux-02 ~]# tail /var/log/messages
Apr 14 20:48:16 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:16 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:16 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:16 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:21 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:21 linux-02 Keepalived_vrrp[1683]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.106.100
Apr 14 20:48:21 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:21 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:21 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:21 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
浏览器打开 http://192.168.106.100/ 显示 backup backup
[root@linux-01 ~]# systemctl start keepalived.service
[root@linux-01 ~]# tail /var/log/messages
Apr 15 03:13:30 linux-01 Keepalived_vrrp[18517]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 15 03:13:30 linux-01 Keepalived_vrrp[18517]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 15 03:13:30 linux-01 Keepalived_vrrp[18517]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 15 03:13:30 linux-01 Keepalived_vrrp[18517]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 15 03:13:35 linux-01 Keepalived_vrrp[18517]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 15 03:13:35 linux-01 Keepalived_vrrp[18517]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.106.100
浏览器打开 http://192.168.106.100/ 显示 This is default site.
原文:http://blog.51cto.com/9298822/2118844