架构(day21)
原创
©著作权归作者所有:来自51CTO博客作者佳豪哥哥的原创作品,请联系作者获取转载授权,否则将追究法律责任
nginx负载均衡高可用
Keepalived概述
Keepalived是一个高可用软件,可以和任何应用配合使用
什么是高可用
一般是指2台机器启动着完全相同的业务系统,当有一台机器down机了,另外一台服务器就能快速的接管,对于访问的用户是无感知的。
高可用软件
keepalived实现原理
keepalived底层协议:VRRP(虚拟路由冗余协议)
keepalived核心概念
1.通过选举投票,决定谁是主节点谁是备节点(选举)
2.如果Master故障,Backup自动接管,那么Master恢复后会夺权吗(抢占试、非抢占式)
3.两台服务器都认为自己是master,那么会出现一个故障(脑裂)
keepalived安装配置
环境准备
主机名
| WanIP
| LanIP
| 角色
| 应用
|
lb01
| 10.0.0.5
| 172.16.1.5
| Master keepalived主节点
| keepalived
|
lb02
| 10.0.0.6
| 172.16.1.6
| Backup keepalived备节点
| keepalived
|
部署keepalived
# 1.安装keepalived
[root@lb01 ~]# yum install -y keepalived
[root@lb02 ~]# yum install -y keepalived
# 2.查找keepalived配置文件
[root@lb01 ~]# rpm -ql keepalived
/etc/keepalived/keepalived.conf
# 3.修改Master配置文件
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
global_defs { #全局配置
router_id lb01 #标识身份->名称
}
vrrp_instance VI_1 {
state MASTER #标识角色状态
interface eth0 #网卡绑定接口
virtual_router_id 50 #虚拟路由id
priority 150 #优先级
advert_int 1 #监测间隔时间
authentication { #认证
auth_type PASS #认证方式
auth_pass 1111 #认证密码
}
virtual_ipaddress {
10.0.0.3 #虚拟的VIP地址
}
}
# 4.修改Backup配置文件
[root@lb02 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
Keepalived配置区别
| Master节点配置
| Backup节点配置
|
router_id
| lb01
| lb02
|
state
| MASTER
| BACKUP
|
priority
| 150
| 100
|
# 1.启动master上的keepalived
[root@lb01 ~]# systemctl start keepalived
[root@lb01 ~]# systemctl enable keepalived
# 2.启动backup上的keepalived
[root@lb02 ~]# systemctl start keepalived
[root@lb02 ~]# systemctl enable keepalived
注意:只要停止掉Keepalived,VIP会漂移到另外一个节点
非抢占式配置
## 配置需求
1、两个节点的state都必须配置为BACKUP
2、两个节点都必须加上配置 nopreempt
3、其中一个节点的优先级必须要高于另外一个节点的优先级。
## master节点配置
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
global_defs { #全局配置
router_id lb01 #标识身份->名称
}
vrrp_instance VI_1 {
state BACKUP #标识角色状态
interface eth0 #网卡绑定接口
nopreempt
virtual_router_id 50 #虚拟路由id
priority 150 #优先级
advert_int 1 #监测间隔时间
authentication { #认证
auth_type PASS #认证方式
auth_pass 1111 #认证密码
}
virtual_ipaddress {
10.0.0.3 #虚拟的VIP地址
}
}
## BACKUP节点配置
[root@lb02 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
nopreempt
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
脑裂的原因
1、服务器网线松动等网络故障
2、服务器硬件故障发生损坏现象而崩溃
3、主备都开启firewalld防火墙
# 解决脑裂故障
[root@lb02 ~]# cat check_split_brain.sh
#!/bin/sh
vip=10.0.0.3
lb01_ip=10.0.0.5
while true;do
ping -c 2 $lb01_ip &>/dev/null
if [ $? -eq 0 -a `ip add|grep "$vip"|wc -l` -eq 1 ];then
echo "ha is split brain.warning."
else
echo "ha is ok"
fi
sleep 5
done
keepalived结合nginx做高可用
环境准备
主机名
| WanIP
| LanIP
| 角色
| 应用
|
lb01
| 10.0.0.5
| 172.16.1.5
| Master keepalived主节点、nginx负载均衡
| keepalived、nginx
|
lb02
| 10.0.0.6
| 172.16.1.6
| Backup keepalived备节点、nginx负载均衡
| keepalived、nginx
|
web01
| 10.0.0.7
| 172.16.1.7
| web网站
| nginx、php
|
web02
| 10.0.0.8
| 172.16.1.8
| web网站
| nginx、php
|
关联nginx
### 公司使用脚本
[root@lb01 ~]# vim check_web.sh
#!/bin/sh
nginx_count=$(ps -ef|grep [n]ginx|wc -l)
#1.判断Nginx是否存活,如果不存活则尝试启动Nginx
if [ $nginx_count -eq 0 ];then
systemctl start nginx
sleep 3
#2.等待3秒后再次获取一次Nginx状态
nginx_count=$(ps -ef|grep [n]ginx|wc -l)
#3.再次进行判断, 如Nginx还不存活则停止Keepalived,让地址进行漂移,并退出脚本
if [ $nginx_count -eq 0 ];then
systemctl stop keepalived
fi
fi
### 上课使用脚本
# 1.写检测nginx健康状态的脚本
[root@lb01 ~]# vim check_web.sh
#!/bin/sh
nginx_count=$(ps -ef|grep [n]ginx|wc -l)
#1.判断Nginx是否存活,如果不存活则尝试启动Nginx
if [ $nginx_count -eq 0 ];then
systemctl stop keepalived
fi
先配置两台负载均衡
## web01
upstream blog_wjh_com {
server 172.16.1.7;
server 172.16.1.8;
}
server {
listen 80;
server_name blog.wjh.com;
rewrite (.*) https://blog.wjh.com;
}
server{
listen 443 ssl;
server_name blog.wjh.com;
ssl_certificate ssl/20220623_blog.wjh.com.pem;
ssl_certificate_key ssl/20220623_blog.wjh.com.key;
location / {
proxy_pass http://blog_wjh_com;
proxy_set_header Host $host;
}
}
## web02
upstream blog_wjh_com {
server 172.16.1.7;
server 172.16.1.8;
}
server {
listen 80;
server_name blog.wjh.com;
rewrite (.*) https://blog.wjh.com;
}
server{
listen 443 ssl;
server_name blog.wjh.com;
ssl_certificate ssl/20220623_blog.wjh.com.pem;
ssl_certificate_key ssl/20220623_blog.wjh.com.key;
location / {
proxy_pass http://blog_wjh_com;
proxy_set_header Host $host;
}
}
[root@lb02 ~]# mkdir /etc/nginx/ssl
[root@lb01 ~]# scp /etc/nginx/ssl/* 172.16.1.6:/etc/nginx/ssl
keepalived关联nginx
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
global_defs { #全局配置
router_id lb01 #标识身份->名称
}
vrrp_script check_web_wjh {
script "/root/check_web.sh"
interval 5
}
vrrp_instance VI_1 {
state BACKUP #标识角色状态
interface eth0 #网卡绑定接口
nopreempt
virtual_router_id 50 #虚拟路由id
priority 150 #优先级
advert_int 1 #监测间隔时间
authentication { #认证
auth_type PASS #认证方式
auth_pass 1111 #认证密码
}
virtual_ipaddress {
10.0.0.3 #虚拟的VIP地址
}
track_script {
check_web_wjh
}
}
# 给脚本加执行权限
[root@lb01 ~]# chmod +x /root/check_web.sh
# 域名解析在vip上
10.0.0.3 blog.wjh.com