Nginx+Keepalived实现简单的服务高可用
一般情况下,如果我们做小型项目,前端用一个nginx做反向代理即可,大概是这样的
但是,作为互联网项目,纯2C的话必然需要做高可用,不仅后端的Server有N个,Nginx同样需要有N个,一主N备,当有一个服务器挂掉的时候,服务能瞬间切换到其他服务器,大概是这样的
下面就以上图为例,说明一下如何实现server的高可用。
1、准备
虚拟机两台,同样安装nginx,keepalived,最简单的安装方法yum -y install nginx,yum -y install keepalived。如果找不到安装到哪儿了,可以使用whereis nginx查看,这里不再赘述。
网络划分如下
| 名称 | IP | 虚拟IP | 操作系统 |
|---|---|---|---|
| 虚拟机1(VM1) | 192.168.136.2 | 192.168.136.99 | centos7.6 |
| 虚拟机2(VM2) | 192.168.136.4 | 192.168.136.99 | centos7.6 |
2、关闭防火墙,修改nginx首页,启动nginx
- 关闭防火墙
systemctl stop firewalld.service #临时关闭,重启失效
systemctl disable firewalld.service #禁止开机启动
- 简单起见,我们认为每个nginx都是代理一个服务,只用nginx默认带的静态页作为测试,分别修改页面内容为"Welcome to 192.168.136.4"和“Welcome to 192.168.136.2”
- 启动nginx
systemctl start nginx
3、修改keepalived的配置文件
主配置如下(默认配置文件:/etc/keepalived/keepalived.conf):
! Configuration File for keepalived
global_defs {
# notification_email {
# acassen@firewall.loc
# failover@firewall.loc
# sysadmin@firewall.loc
# }
# notification_email_from Alexandre.Cassen@firewall.loc
# smtp_server 192.168.200.1
# smtp_connect_timeout 30
router_id LVS_DEVEL
# vrrp_skip_check_adv_addr
# vrrp_strict
# vrrp_garp_interval 0
# vrrp_gna_interval 0
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state MASTER # 标识为主服务
interface ens33 #绑定虚拟机的IP
virtual_router_id 51 # 虚拟路由id,和从机保持一致
#mcast_src_ip 192.168.126.2 #本机ip
priority 100 #权重,需要高于从机
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx ## 执行 Nginx 监控的服务
}
virtual_ipaddress {
192.168.136.99 #/32 brd 255.255.255.0 dev ens33 label ens33:vip #虚拟IP地址
# 192.168.200.17
# 192.168.200.18
}
}
从机配置(默认配置文件:/etc/keepalived/keepalived.conf)
! Configuration File for keepalived
global_defs {
# notification_email {
# acassen@firewall.loc
# failover@firewall.loc
# sysadmin@firewall.loc
# }
# notification_email_from Alexandre.Cassen@firewall.loc
# smtp_server 192.168.200.1
# smtp_connect_timeout 30
router_id dreamer1
# vrrp_skip_check_adv_addr
# vrrp_strict
# vrrp_garp_interval 0
# vrrp_gna_interval 0
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh" ## 检测 nginx 状态的脚本路径
interval 2 ## 检测时间间隔
weight -20 ## 如果条件成立,权重-20
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
#mcast_src_ip 192.168.136.4 ## 本机 IP 地址
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx ## 执行 Nginx 监控的服务
}
virtual_ipaddress {
192.168.136.99
#192.168.200.17
#192.168.200.18
}
}
3、编写监测心跳脚本
上面配置中可以看到有一个脚本文件:/etc/keepalived/nginx_check.sh
查看nginx是否启动,如果没启动则启动,如果启动不起来,停掉keepalived服务,此时心跳断掉,服务转向另一个nginx。
#!/bin/bash
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
/usr/sbin/nginx
sleep 2
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
/etc/init.d/keepalived stop
fi
fi
4、测试
- 启动192.168.136.2上的nginx和keepalive
- 启动192.168.136.4上的nginx和keepalive
-
访问虚拟IP:http://192.168.136.99
image.png -
停掉192.168.136.2上的keepalive
image.png - 重新启动192.168.136.2上的keepalive,又会回到 Welcome to 192.168.136.2
-
停掉192.168.136.2上的nginx,系统会自动调回Welcome to 192.168.136.4
image.png
第1章 Nginx反向代理-keepalived高可用1.1 keepalived软件工作原理?(重点)
1.1.1 原理1)VRRP协议,全称Virtual Router Redundancy Protocol,中文名为虚拟路由冗余协议,VRRP的出现是为了解决静态路由的单点故障。2)VRRP是用过IP多播的方式(默认多播地址(224.0.0.18))实现高可用对之间通信的。3)工作时主节点发包,备节点接包,当备节点接收不到主节点发的数据包的时候,就启动接管程序接管主节点的资源。备节点可以有多个,通过优先级竞选,但一般Keepalived系统运维工作中都是一对。1.2 高可用原理1.2.1、利用VRRP协议进行主备通讯1.2.2、利用VRRP协议进行主备竞选 利用优先级(在配置文件中设置)1.2.3、利用VRRP协议主向备发送组播包 利用心跳线发送(主不向备发送组播包的时候说明主宕机了,备接替主的工作)1.2.4、利用VRRP协议但不传输密文信息 明文传输速度快1.3 keepaliver软件配置过程1.3.1 硬件环境准备1.3.1.1 准备4台VM虚拟机,两台用来做keepalived服务,两台用来做测试的web节点。
HostnameIP 说明Lb01 10.0.0.5 Keepalived主服务器(nginx主负载均衡)Ls02 10.0.0.6 Keepalived备服务器(nginx备负载均衡)Web01 10.0.0.8 Web01服务器Web02 10.0.0.7 Web02服务器Web03 10.0.0.9 Web03服务器 VIPLb01 10.0.0.3 VIP:10.0.0.3(用于绑定A服务www.tiandi.com域名)Lb02 10.0.0.4 VIP:10.0.0.4(用于绑定B服务bbs.tiandi.com域名)1234567891.4 web集群服务器配置文件环境统一(web01 web02 web03 配置均一致)
cat /application/nginx/conf/extra/www.conf server { listen 80; server_name www.tiandi.com; location / { root html/www; index index.html index.htm; } }cat /application/nginx/conf/extra/bbs.conf server { listen 80; server_name bbs.tiandi.com; location / { root html/bbs; index index.html index.htm; } }1234567891011121314151617181.5 同步三台web服务器配置:
scp -rp {www.conf,bbs.conf} 172.16.1.7:/application/nginx/conf/extra/scp -rp {www.conf,bbs.conf} 172.16.1.9:/application/nginx/conf/extra/121.6 web服务主配置文件环境统一:
[root@web01 extra]# cat ../nginx.confworker_processes 1;events { worker_connections 1024;}http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; include extra/www.conf; include extra/bbs.conf;}scp -rp ../nginx.conf 172.16.1.9:/application/nginx/conf/scp -rp ../nginx.conf 172.16.1.7:/application/nginx/conf/123456789101112131415161718191.7 web01测试环境准备:
[root@web01 www]# for name in www bbs;do echo $name `hostname` >/application/nginx/html/$name/nana.html;done[root@web01 www]# for name in www bbs;do cat /application/nginx/html/$name/nana.html;donewww web01bbs web0112341.8 web02测试环境准备:
[root@web02 conf]# for name in www bbs;do echo $name `hostname` >/application/nginx/html/$name/nana.html;done[root@web02 conf]# for name in www bbs;do cat /application/nginx/html/$name/nana.html;donewww web02bbs web0212341.9 web03测试环境准备:
[root@web03 conf]# for name in www bbs;do echo $name `hostname` >/application/nginx/html/$name/nana.html;done[root@web03 conf]# for name in www bbs;do cat /application/nginx/html/$name/nana.html;donewww web03bbs web0312341.10 测试环境搭建好重启服务:
/application/nginx/sbin/nginx -t/application/nginx/sbin/nginx -s reload121.11 web环境测试结果:(在lb负载均衡服务器上面进行)
[root@web01 www]# curl -H host:www.etiantian.org 10.0.0.8/nana.htmlwww web01[root@web01 www]# curl -H host:bbs.etiantian.org 10.0.0.8/nana.htmlbbs web01[root@web01 www]# curl -H host:www.etiantian.org 10.0.0.7/nana.htmlwww web02[root@web01 www]# curl -H host:bbs.etiantian.org 10.0.0.7/nana.htmlbbs web02[root@web01 www]# curl -H host:www.etiantian.org 10.0.0.9/nana.htmlwww web03[root@web01 www]# curl -H host:bbs.etiantian.org 10.0.0.9/nana.htmlbbs web03123456789101112第2章 nginx反向代理负载均衡配置2.1 nginx反向代理负载均衡集群服务器配置文件环境统一
[root@lb01 conf]# cat nginx.conf####lb01和lb02 nginx.conf worker_processes 1;events { worker_connections 1024;}http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream server_pools { server 10.0.0.7:80; server 10.0.0.8:80; server 10.0.0.9:80; } server { listen 80; server_name www.etiantian.org; location / { proxy_pass http://server_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } } server { listen 80; server_name bbs.etiantian.org; location / { proxy_pass http://server_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } } }
scp -rp /application/nginx/conf/nginx.conf 172.16.1.6:/application/nginx/conf/12345678910111213141516171819202122232425262728293031323334353637第3章 keepalived部署3.1 第一个里程碑:keepalived软件安装部署3.2 lb01 lb02负载服务器上均安装
yum install -y keepalivedrpm -qa keepalivedrpm -ql keepalived1233.3 查看keepalived都有哪些目录及配置文件
[root@lb01 conf]# rpm -ql keepalived/etc/keepalived/etc/keepalived/keepalived.conf/etc/rc.d/init.d/keepalived12343.4 第二个里程碑:进行默认配置测试3.4.1 启动lb01和lb02的keepalived服务
/etc/init.d/keepalived startip addr 查看默认虚拟ip是否存在说明:存在默认配置虚IP地址信息 通过抓包可以看到vrrp数据包信息12343.5 第三个里程碑:进行服务配置文件编写前提需要了解配置文件内容信息(man keepalived.conf)3.5.1 配置文件的组成部分
• GLOBAL CONFIGURATION ###全局定义(默认配置文件的01-13行)• VRRPD CONFIGURATION ###虚拟ip的配置(默认配置文件15-30行)• LVS CONFIGURATION ###配置与管理lvs1233.6 keepalived配置文件说明
global_defs { notification_email { acassen@firewall.loc 填写管理员的邮箱信息 failover@firewall.loc sysadmin@firewall.loc } notification_email_from 17701388853@163.com 定义利用什么邮箱发送邮件 smtp_server smtp.163.com 定义邮件服务器信息 smtp_connect_timeout 30 定义邮件发送超时时间 router_id lb01 (重点参数)局域网keppalived主机身份标识信息(每台唯一)}
vrrp_instance VI_1 { VRRP协议相关配置 state MASTER keepalived角色描述信息,可配置参数(MASTER,BACKUP) interface eth0 将虚拟ip用于那块网卡 virtual_router_id 55 表示keepalived家族表示信息 priority 150 keepalved服务竞选主备服务器优先级设置(数字越大越优先) advert_int 1 主服务器组播包发送间隔时间 authentication { 主备主机之间的认证表示信息 auth_type PASS 采用明文认证机制 auth_pass 1111 编写明文密码 } virtual_ipaddress { 设置虚拟ip地址信息 10.0.0.3/24 dev eth0 label eth0:1 #虚拟ip,即VIP为10.0.0.88,子网掩码为24位,绑定接口为eth0,别名为eth0:1,此参数备节点设置和主节点相同 }}1234567891011121314151617181920212223242526273.7 搭建基础的keepalived配置文件 (lb01)
cat /etc/keepalived/keepalived.confglobal_defs { router_id LVS_01 }
vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 dev eth0 label eth0:1 }}123456789101112131415161718193.7.1 修改完配置文件重启
/etc/init.d/keepalived restart13.8 搭建基础的keepalived配置文件 (lb02)
cat /etc/keepalived/keepalived.confglobal_defs { router_id LVS_02}
vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 dev eth0 label eth0:1 }}123456789101112131415161718193.8.1 修改完配置文件重启
/etc/init.d/keepalived restart1说明:主备服务器配置文件区别
01. router_id 配置不同 02. state BACKUP 配置不同 03. priority 配置不同123说明:进行抓包观察配置效果;并且对比两个负载均衡服务器的配置文件3.9 nginx反向代理-负载均衡 —做高可用3.9.1 统一lb01 lb02 反向代理 配置文件 lb01
cat /application/nginx/conf/nginx.conf worker_processes 1;events { worker_connections 1024;}http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; upstream server_pools { server 10.0.0.7; server 10.0.0.8; server 10.0.0.9; } server { listen 80; server_name bbs.etiantian.org; location / { proxy_pass http://server_pools;proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; }access_log logs/access_www.log main;} server { listen 80; server_name www.etiantian.org; location / { proxy_pass http://server_pools;proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; }access_log logs/access_blog.log main;}}12345678910111213141516171819202122232425262728293031323334353637383940413.9.2 进行测试3.9.2.1 测试10.0.0.5 lb01服务器
curl -H Host:www.etiantian.org 10.0.0.5/nana.html curl -H Host:bbs.etiantian.org 10.0.0.5/nana.html 123.9.2.2 测试10.0.0.6 lb02服务器
curl -H Host:www.etiantian.org 10.0.0.6/nana.html curl -H Host:bbs.etiantian.org 10.0.0.6/nana.html 说明:通过以上测试,确认两台lb服务器,均可实现负载调度功能1233.9.3 把域名解析到 vip上面
10.0.0.3 www.etiantian.org blog.etiantian.org bbs.etiantian.org1第4章 企业案例详解4.1 实践案例一:更改nginx反向代理只监听vip地址
10.0.0.3/nana.html 可以使用 10.0.0.5/nana.html 不可以使用 10.0.0.6/nana.html 不可以使用1234.1.1 第一个里程碑:修改反向代理服务配置文件,只监听vip地址4.1.1.1 lb01 lb02都需要修改nginx.conf配置文件
worker_processes 1;events { worker_connections 1024;}http { include mime.types; default_type application/octet-stream; sendfile on;keepalive_timeout 65;log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; upstream server_pools { server 10.0.0.7:80; server 10.0.0.8:80; server 10.0.0.9:80; } server { listen 10.0.0.3:80; server_name www.etiantian.org; location / { proxy_pass http://server_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; }access_log logs/access_www.log main; } server { listen 10.0.0.3:80; server_name bbs.etiantian.org; location / { proxy_pass http://server_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } access_log logs/access_www.log main; }}1234567891011121314151617181920212223242526272829303132333435363738说明:在修改反向代理服务器配置文件监听地址时,多个server都需要配置监听地址,否则仍旧使用默认监听所有4.1.2 第二个里程碑:lb02上不存在vip地址,无法监听,需要修改内核文件
[root@lb01 conf]# /application/nginx/sbin/nginx -tnginx: the configuration file /application/nginx-1.10.2/conf/nginx.conf syntax is oknginx: [emerg] bind() to 10.0.0.3:80 failed (99: )nginx: configuration file /application/nginx-1.10.2/conf/nginx.conf test failed[root@lb01 conf]# ip a s eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:27:4e:e9 brd ff:ff:ff:ff:ff:ff inet 10.0.0.5/24 brd 10.0.0.255 scope global eth0 inet6 fe80::20c:29ff:fe27:4ee9/64 scope link valid_lft forever preferred_lft forever12345678910nginx 没有办法 监听 本地不存在的ip地址4.1.2.1 解决方法:
echo 'net.ipv4.ip_nonlocal_bind = 1' >>/etc/sysctl.conf ---实现监听本地不存在的ip地址 ##/etc/sysctl.conf 加上sysctl -p echo "1" >/proc/sys/net/ipv4/ip_nonlocal_bind12344.1.3 第三个里程碑:进行测试
[root@lb01 ~]# curl -H Host:www.etiantian.org 10.0.0.5/nana.htmlcurl: (7) couldn't connect to host[root@lb01 ~]# curl -H Host:www.etiantian.org 10.0.0.6/nana.htmlcurl: (7) couldn't connect to host[root@lb01 ~]# curl -H Host:www.etiantian.org 10.0.0.88/nana.htmlwww web02[root@lb01 ~]# curl -H Host:bbs.etiantian.org 10.0.0.89/nana.htmlbbs web03123456784.2 企业实践案例二:让keepalived监控nginx反向代理服务4.2.1 vip什么时候 什么条件 才会飘走 ?
1.当服务器宕机 2.防火墙nginx挂了如何让keepalived监控nginx nginx挂了,keepalived跟着挂掉12344.2.2 第一个里程碑-keepalived监控nginx条件4.2.2.1 如何nginx挂了—我如何知道nginx挂了?
1)端口 2)进程 ps -ef |grep nginx |grep -v grep |wc -l1234.2.2.2 keepalived挂了
/etc/init.d/keepalived stop 14.2.3 Shell常见判断大小表示法
##> -gt greater than ##>= -ge greater equal ##< -lt less than ##<= -le less equal ##== -eq equal ##!= -ne no equal1234564.2.4 第二个里程碑-根据条件-书写脚本
[root@lb01 scripts]# cat check_web.sh #!/bin/bash#name: check_web.sh#desc: check nginx and kill keepalived #ps -ef |grep nginx#ps -ef |grep nginx|wc -lif [ `ps -ef |grep nginx |grep -v grep |wc -l` -lt 2 ];then /etc/init.d/keepalived stop fi1234567894.2.5 第三个里程碑-添加权限
[root@lb02 conf]# chmod +x /server/scripts/check_web.sh [root@lb02 conf]# ll /server/scripts/check_web.sh-rwxr-xr-x 1 root root 174 Mar 30 17:47 /server/scripts/check_web.sh1234.2.6 第四个里程碑-测试
[root@lb01 scripts]# /etc/init.d/keepalived status nginx服务未宕机前keepalived (pid 37491) is running... keepalived正在运行[root@lb01 scripts]# /application/nginx/sbin/nginx -s stop 停止nginx服务[root@lb01 scripts]# /etc/init.d/keepalived status 查看keepalived服务状态keepalived is stopped keepalived服务跟着nginx服务停止123454.2.7 第五个里程碑-放入到keepalived.conf配置文件
! Configuration File for keepalived
global_defs { router_id lb01}vrrp_script check_web {script "/server/scripts/check_web.sh" #表示将一个脚本信息赋值给变量check_webinterval 2 #执行监控脚本的间隔时间weight 2 #利用权重值和优先级进行运算,从而降低主服务优先级使之变为备服务器(建议先忽略)}
vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 55 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.88/24 dev eth0 label eth0:1 }}vrrp_instance VI_2 { state BACKUP interface eth0 virtual_router_id 56 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.89/24 dev eth0 label eth0:1 } track_script { check_web #调用执行脚本 }}1234567891011121314151617181920212223242526272829303132333435363738394041424.2.8 第六个里程碑-测试
[root@lb01 scripts]# /etc/init.d/keepalived status nginx服务未宕机前keepalived (pid 37491) is running... keepalived正在运行[root@lb01 scripts]# /application/nginx/sbin/nginx -s stop 停止nginx服务[root@lb01 scripts]# /etc/init.d/keepalived status 查看keepalived服务状态keepalived is stopped keepalived服务跟着nginx服务停止123454.2.9 企业实践案例三:keepalived多实例配置4.2.9.1 第一个里程碑-配置keepalived-配置双主(lb01)
cat /etc/keepalived/keepalived.conf! Configuration File for keepalived
global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id lb01}vrrp_script check_web {script "/server/scripts/check_web.sh"interval 2weight 2}
vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 55 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 dev eth0 label eth0:1 }}vrrp_instance VI_2 { state BACKUP interface eth0 virtual_router_id 56 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111} virtual_ipaddress { 10.0.0.4/24 dev eth0 label eth0:1 } track_script { check_web }}1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950514.2.9.2 第一个里程碑-配置keepalived-配置双主(lb02)
cat /etc/keepalived/keepalived.conf! Configuration: command not foundbal_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id lb02}
vrrp_script check_web {script "/server/scripts/check_web.sh"interval 2weight 2}
vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 55 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 dev eth0 label eth0:1 }}vrrp_instance VI_2 { state MASTER interface eth0 virtual_router_id 56 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.4/24 dev eth0 label eth0:1 } track_script { check_web }}1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950514.2.10 第二个里程碑-配置nginx 负载均衡4.2.10.1 lb01和lb02都需要配置nginx.conf配置文件
worker_processes 1;events { worker_connections 1024;}http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; upstream server_pools { server 10.0.0.7; server 10.0.0.8; server 10.0.0.9; } server { listen 10.0.0.3:80; 当访问www.etiantian.org的时候,抛向第一台负载均衡服务器 server_name www.etiantian.org; location / { proxy_pass http://server_pools;proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; }access_log logs/access_www.log main;} server { listen 10.0.0.4:80; 当访问bbs.etiantian.org的时候,抛向第二台负载均衡服务器 server_name bbs.etiantian.org; location / { proxy_pass http://server_pools;proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; }access_log logs/access_blog.log main;}}1234567891011121314151617181920212223242526272829303132333435363738394.2.11 第三个里程碑-windows hosts解析
10.0.0.3 www.etiantian.org10.0.0.4 bbs.etiantian.org124.2.12 第四个里程碑-浏览器进行测试4.2.12.1 www.etiantian.org测试结果
4.2.12.2 抓包说明
4.2.12.3 bbs.etiantian.org测试结果
4.2.12.4 抓包说明
第5章 问题及排错5.1 问题小结:
1.是否解析 ping 2.浏览器缓存3.服务没重启(平滑重启)1235.2 排错过程:
1:利用负载服务器,在服务器上curl所有节点信息(web服务器配置有问题)2;curl 负载均衡服务器地址,可以实现负载均衡3:windows绑定虚拟IP,浏览器上进行测试1235.3 keepaliver软件脑裂概念说明5.3.1 开启防火墙即可模拟出脑裂的情况
/etc/init.d/iptables start15.3.2 脑裂情况出现的原因
1、高可用服务器对之间心跳线链路发生故障,导致无法正常通信心跳线坏了(包括断了,老化) 网卡及相关驱动坏了,ip配置及冲突问题(网卡直连) 心跳线间链接的设备故障(网卡及交换机) 仲裁的机器出现问题(采用仲裁的方案)2、高可用服务器上开启了iptables防火墙阻挡了心跳消息传输3、高可用服务器上心跳网卡地址等信息配置不正确,导致发生心跳失败4、其它服务配置不当等原因,如心跳方式不同,心跳广播冲突,软件BUG等123456785.3.3 脑裂情况解决的方法
1、同时使用串行电缆和以太网电缆链接,同时用两条心跳线路,这样就算一条线路坏了另一条还是好的,依然能传送心跳消息2、当检测到脑裂时强心关闭一个心跳节点(这个功能需要特殊设备支持,如stonith,fence)相当于备节点接收不到心跳消息,通过单独的线路发送关机命令关闭主节点的电源。3、做好脑裂的监控报警(如邮件,微信,短信等),在问题发生时人为第一时间介入仲裁,降低损失。例如,百度的监控报警短信就有上行和下行的区别,报警信息发送到管理员12345.4 使用脚本监控keepalived脑裂问题5.4.1 制作监控脚本—lb025.4.1.1 报警的条件:只要lb02 上面有vip
1.lb01 挂了2.心碎125.4.2 脚本内容如下
#!/bin/bash#desc: jiankong lb02 vip if [ `ip a s eth0 |grep -c "10.0.0.3"` == 1 ];then echo "baojing"fi123455.5 获取keepalived软件功能说明信息
man keepalived.conf1第6章 keepalived指定日志文件方法6.1 修改/etc/sysconfig/keepalived文件
将KEEPALIVED_OPTIONS="-D"修改为KEEPALIVED_OPTIONS="-D -d -S 0" 即可 16.2 重新启动keepalived服务
/etc/init.d/keepalived restart16.3 最后设置/etc/rsyslog.conf6.3.1 在文件的最后一行添加以下信息即可
local0.* 16.4 keepalived日志分割
[root@lb02 scripts]# cat keepalived.sh #!/bin/bashmv /var/log/keepalived.log /var/log/keepalived.log_$(date +%F)/etc/init.d/rsyslog restart/etc/init.d/keepalived reload————————————————版权声明:本文为CSDN博主「ljx1528」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。原文链接:https://blog.csdn.net/ljx1528/article/details/82842194
浙公网安备 33010602011771号