前言:由于之前一直使用的是主从高可用加后端负载,随着业务量的增大,前端一台服务在高峰时期有些吃力,所有对之前架构进行了一点改造,把主从升级成了双主,可以更充分的利用现有服务器资源,由于实验环境有限,后端的测试仅仅使用了一个静态页面,没有搭建动态环境,也没用使用数据库,如有需要可以参考其他文档。
一、架构规划
1、服务器IP地址规划
VIP1:192.168.1.149
VIP2:192.168.1.150
Keepalived1:192.168.1.151
Keepalived2:192.168.1.152
WebServer1:192.168.1.201
WebServer2:192.168.1.202
2、服务器操作系统
所使用的操作系统均为CentOS release 6.6 (Final) x86_64,最小化安装。
3、网络拓扑图
二、配置Nginx代理服务器
此部分Node1与Node2的配置完全相同。
1,准备编译环境
# yum –y install gccgcc-c++ pcre-devel openssl openssl-devel wget2,编译安装nginx
# ./configure \
--prefix=/usr/local/nginx \
--sbin-path=/usr/local/nginx/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-pcre
# make && make install3,为nginx提供SysV init脚本:
# vi /etc/rc.d/init.d/nginx
添加如下内容
#!/bin/sh
#
# nginx - this script starts and stopsthe nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no"] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
[ -f /etc/sysconfig/nginx ] && ./etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`nginx -V 2>&1 | grep "configure arguments:" | sed's/[^*]*--user=\([^ ]*\).*/\1/g' -`
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d"=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating"$value
mkdir -p $value && chown-R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0{start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac而后为此脚本赋予执行权限:
# chmod +x /etc/rc.d/init.d/nginx
添加至服务管理列表,并让其开机自动启动:
# chkconfig --add nginx
# chkconfig nginx on
4,配置Nginx代理
# cat nginx.conf
user nginx nginx;
worker_processes 1;
pid /var/run/nginx/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}
http{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
upstream backend
{
ip_hash;
server 192.168.1.201:80;
server 192.168.1.202:80;
}
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
access_log /var/log/nginx/access.log access;
server {
listen 80;
server_name www.test.com;
location / {
root /var/www/html ;
index index.php index.htm index.html;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://backend;
}
location /nginx {
access_log off;
auth_basic "NginxStatus";
}
}
}三、安装与配置keepalived
# wgethttp://www.keepalived.org/software/keepalived-1.2.16.tar.gz
# yum -y install libnl-devel
# ./configure --prefix=/usr/local/keepalived
# make && make install
# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
# mkdir /etc/keepalived
# cd /etc/keepalived/
# vim keepalived.conf以上步骤在两台keepalived机器上都需要进行
下面分别是两节点的配置文件
节点一
! Configuration File for keepalived
global_defs {
notification_email {
ganen2008@126.com #接收警报的email地址,可以添加多个
}
notification_email_from ganen201405@126.com #发件人地址
smtp_connect_timeout 3 #超时时间
smtp_server 127.0.0.1 #发送邮件的服务器
router_id LVS_DEVEL #load balancer的标识ID,用于email警报
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100 # 权值要比 back 高
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.1.149 #vip的地址
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.1.150
}
}节点二
! Configuration File for keepalived
global_defs {
notification_email {
ganen2008@126.com
}
notification_email_from ganen201405@126.com
smtp_connect_timeout 3
smtp_server 127.0.0.1
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.1.149
}
}
vrrp_instance VI_2 {
state MASTER
interface eth1
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.1.150
}
}为两节点添加nginx状态监控脚本,由于keepalived本身不能检测到nginx的存活状态,需要借助于第三方脚本来实现,下面是出自余洪春前辈的一个检测脚本,在这里借用一下。
# vim /home/nginx_chk.sh
#!/bin/bash
while :
do
nginxpid=`ps -C nginx --no-header | wc -l`
if [ $nginxpid -eq 0 ];then
/usr/local/nginx/sbin/nginx
sleep 5
nginxpid=`ps -C nginx --no-header | wc -l`
echo $nginxpid
if [ $nginxpid -eq 0 ];then
/etc/init.d/keepalived stop
fi
fi
sleep 5
done# chmod +x /home/nginx_chk.sh
后台执行该脚本
# nohup sh /home/nginx_chk.sh
四、安装web server
这里为了测试我直接使用yum安装两台服务器上的nginx服务。
增加额外资源库
# yum -y install yum-priorities
# rpm -Uvh http://mirrors.yun-idc.com/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
# yum -y install nginx
# /etc/init.d/nginx start五、启动测试
首先测试两台WebServer的可用性
可以看到两台WebServer都运行正常
查看两台keepalived节点的IP情况
使用两个VIP进行访问
停掉一台keepalived服务,查看IP
可以看到VIP已经成功流转到另一节点上,再使用VIP进行访问,依然可以正常访问。
这时重新启动节点一上的keepalived服务,可以看到属于节点一的VIP又重新回到了节点一上。
基本配置到这里就完成了。
转载于:https://blog.51cto.com/zhangjianjian/1627995
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
