背景
前面再说LNMT的架构中Nginx做负载均衡的时候,为了避免Nginx故障导致整体架构瘫痪,我们需要对Nginx做高可用处理,接下来就通过实验来感受一下!
部署Keepalived
1. 主备节点安装keepalived
root@xhz-uos:~# apt install -y keepalived
root@xhz-uos:~#2. Master节点配置
# 拷贝配置模板
root@xhz-uos:/etc/keepalived# cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp ./
root@xhz-uos:/etc/keepalived# mv keepalived.conf.vrrp keepalived.conf
##修改配置
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from xhz@qq.com
smtp_server 192.168.65.129
smtp_connect_timeout 30
router_id keepalived-MASTER
}
vrrp_instance VI_1 {
state MASTER
interface ens33
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 100
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.65.200
}
}3. Backup节点配置
## 拷贝配置模板
root@xhz-uos:/etc/keepalived# cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp ./
root@xhz-uos:/etc/keepalived# mv keepalived.conf.vrrp keepalived.conf
#配置文件
root@xhz-uos:/etc/keepalived# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from xhz@qq.com
smtp_server 192.168.65.133
smtp_connect_timeout 30
router_id keepalived-backup
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 90
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.65.200
}
}4. 验证结果
4.1 Master节点
断开master的网络,vip切换至BACKUP节点。
恢复MASTER节点的网络,vip又切回至Master
配置非抢占模式:
1)两个节点的store都必须配置为BACKUP;
2)两个节点都在vrrp_instance中添加nopreempt;
3)其中一个节点的优先级必须高于另外一个节点优先级。
地址漂移触发条件:
1)keepalived停止运行;
2)网关停止,(监听的网卡断网);
3)无法检查到对方存活: HTTP_GET|SSL_GET : 用于应用层检测;脚本检测;TCP_CHECK|SMTP_CHECK|MISC_CHECK: 用于传输层检测
Keepalived + Nginx
配置LNMT架构:LNMT配置
1. 配置Nginx
两台Nginx配置一致
root@nginx:/etc/nginx/conf.d# cat tomcat.conf
upstream tomcat_server {
server 192.168.65.130:8080;
server 192.168.65.131:8080;
}
server {
listen 80;
server_name zrlog.tomcat.com www.zrlog.tomcat.com;
access_log /var/log/nginx/zrlog.access.log main;
location / {
proxy_pass http://tomcat_server;
include proxy_params;
}
}2. 修改host解析
192.168.65.200 zrlog.tomcat.com www.zrlog.tomcat.com3. 访问测试
3.1 关闭master上的Nginx服务
此时vip没有漂移,LNMT访问错误。
3.2 修改Keepalived配置文件
通过自定义vrrp_script自定义检测脚本,来使得vip漂移。
####配置说明:
vrrp_script <SCRIPT_NAME> { #定义一个检测脚本,在global_defs之外配置
script <STRING>|<QUOTED-STRING> #shell命令或脚本路径
interval <INTEGER> #间隔时间,单位为秒,默认1秒
timeout <INTEGER> #超时时间
weight <INTEGER:-254..254> #此值为负数,表示fall((脚本返回值为非0)时,会将此值与本节点权重相加可以降低本节点权重,如果是正数,表示 rise (脚本返回值为0)成功后,会将此值与本节点权重相加可以提高本节点权重,通常使用负值较多
fall <INTEGER> #脚本几次失败转换为失败,建议设为2以上
rise <INTEGER> #脚本连续监测成功后,把服务器从失败标记为成功的次数
user USERNAME [GROUPNAME] #执行监测脚本的用户或组
init_fail #设置默认标记为失败状态,监测成功之后再转换为成功状态
}
###配置实例:
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from xhz@qq.com
smtp_server 192.168.65.129
smtp_connect_timeout 30
router_id keepalived-MASTER
}
vrrp_script check_nginx_server {
script "/etc/keepalived/check_nginx.sh "
interval 1
weight -2
}
vrrp_instance VI_1 {
state MASTER
interface ens33
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 100
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.65.200
}
track_script {
check_nginx_server
}
}check_nginx_sererv脚本:脚本很简单,只是一个示例
#!/bin/bash
nginx_pid=`pidof nginx |wc -l`
if [ $nginx_pid == 0 ];then
systemctl stop keepalived
fi3.3 验证
暂停129的nginx:
VIP漂移:
访问依然正常:
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
