web高可用集群(nginx负载均衡+keepalived实现调度器HA)
| 主机 | IP地址 |
|---|---|
| 代理服务器 | 192.168.88.66 |
| 代理服务器 | 192.168.88.38 |
| Real server | 192.168.88.10 |
| Real server | 192.168.88.20 |
配置俩台Real server
[root@web1 ~]# vim /etc/yum.repos.d/nginx.repo
[root@web1 ~]# cat /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
[root@web1 ~]# yum install -y nginx
[root@web1 ~]# systemctl enable nginx --now
#设置成开机自启
#我这里是把nginx的网页根目录修改成了/html/www
[root@web1 ~]# echo "test">/html/www/index.html
配置俩台代理服务器使用nginx实现负载均衡
[root@web1 ~]# vim /etc/yum.repos.d/nginx.repo
[root@web1 ~]# cat /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
[root@web1 ~]# yum install -y nginx
[root@web1 ~]# systemctl enable nginx --now
#设置成开机自启
#把默认的配置文件修改其他名,要不然配置的其他文件无法生效
[root@proxy ~]# mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak
[root@proxy ~]# vim /etc/nginx/conf.d/www.conf
upstream backend {
server 192.168.88.10:80 weight=1 max_fails=3 fail_timeout=20s;
server 192.168.88.20:80 weight=1 max_fails=3 fail_timeout=20s;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://backend
proxy_set_header Host $host:$proxy_port;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
[root@proxy ~]# systemctl restart nginx
浏览器测试,访问俩台主机IP都可以
配置俩台代理服务器使用keepalived实现HA调度
#主节点
[root@lvs1 ~]# yum -y install keepalived
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id lvs1
vrrp_iptables
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 3
}
vrrp_instance VI_1 {
state MASTER
interface ens37
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.88.88/24
}
track_script {
check_nginx
}
}
[root@lvs1 ~]# cat /etc/keepalived/check_nginx.sh
#!/bin/bash
curl -I http://localhost &> /dev/null
if [ $? -ne 0 ]
then
systemctl stop keepalived
# else
fi
[root@lvs1 ~]# chmod +x /etc/keepalived/check_nginx.sh
[root@proxy ~]# systemctl start keepalived
#从节点
[root@proxy ~]# yum install -y keepalived
[root@proxy ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id proxy
vrrp_iptables
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 5
}
vrrp_instance VI_1 {
state BACKUP
interface ens37
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.88.88/24
}
track_script {
check_nginx
}
}
[root@lvs1 ~]# cat /etc/keepalived/check_nginx.sh
#!/bin/bash
curl -I http://localhost &> /dev/null
if [ $? -ne 0 ]
then
systemctl stop keepalived
# else
fi
[root@lvs1 ~]# chmod +x /etc/keepalived/check_nginx.sh
[root@proxy ~]# systemctl start keepalived
#使用ip a查看
[root@lvs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:48:b3:71 brd ff:ff:ff:ff:ff:ff
inet 172.18.127.38/16 brd 172.18.255.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe48:b371/64 scope link
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:48:b3:7b brd ff:ff:ff:ff:ff:ff
inet 192.168.88.38/24 brd 192.168.88.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet 192.168.88.88/24 scope global secondary ens37 #主节点显示
valid_lft forever preferred_lft forever
inet6 fe80::dbb5:b534:a44a:a21/64 scope link noprefixroute
valid_lft forever preferred_lft forever
浏览器测试
通过停止keepalived来测试VIP是否飘逸
#停止代理服务器1的nginx,顺便验证监控脚本
[root@lvs1 ~]# ip a
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:48:b3:7b brd ff:ff:ff:ff:ff:ff
inet 192.168.88.38/24 brd 192.168.88.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet 192.168.88.88/24 scope global secondary ens37 #可以发现此时VIP地址在第一台代理服务器上
valid_lft forever preferred_lft forever
inet6 fe80::dbb5:b534:a44a:a21/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@lvs1 ~]# systemctl status keepalived.service #keepalived状态为启用
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since 日 2024-03-17 01:59:36 CST; 9s ago
[root@lvs1 ~]# systemctl stop nginx #停止nginx,验证监控脚本
[root@lvs1 ~]# systemctl status keepalived.service #keepalived服务关闭
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: inactive (dead)
[root@lvs1 ~]# ip a #VIP地址已转移
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:48:b3:7b brd ff:ff:ff:ff:ff:ff
inet 192.168.88.38/24 brd 192.168.88.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet6 fe80::dbb5:b534:a44a:a21/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@proxy ~]# ip a
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:e4:cd:ac brd ff:ff:ff:ff:ff:ff
inet 192.168.88.66/24 brd 192.168.88.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet 192.168.88.88/24 scope global secondary ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee4:cdac/64 scope link
valid_lft forever preferred_lft forever
192.168.88.88/24 scope global secondary ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee4:cdac/64 scope link
valid_lft forever preferred_lft forever
``
依然可以访问,实现了高可用效果。
