本文主要介绍了nginx+keepalived的部署实验,并简单说明了nginx的集中负载分担模式
简介:
nginx可以通过反向代理功能对后端服务器实现负载均衡功能
keepalived 是一种高可用集群选举软件
keepalived架构
分为三个模块:
1、keepalived core 核心模块
2、keepalived VRRP模块,加载vrrp协议,通过vrrp进行主备选举
------设置vrrp优先级,默认优先级100,
3、keepalive check检查模块,监控检查
------心跳检测,每一秒发送一次心跳
------备份节点如果三秒钟没有收到心跳信息,则认为主节点故障,备份节点切换为主节点
备份节点切换为主节点后,集群IP地址漂移到新的主节点 结合SMTP服务实现邮件发送
环境
VMwareworkstation 17 pro
CentOS Linux release 7.8.2003 (Core)
------4G内存,2core
------20G硬盘
------minimal安装
------NAT网络
#创建完web模板后进行克隆效率更高,随意
#5节点部署,如图所示
搭建web节点
#搭建web节点
yum -y install httpd
#修改主机名与html文件
hostnamectl set-hostname WEB1 && bash
echo web1 > /var/www/html/index.html
hostnamectl set-hostname WEB2 && bash
echo web2 > /var/www/html/index.html
hostnamectl set-hostname WEB3 && bash
echo web3 > /var/www/html/index.html
systemctl enable httpd --now
#安全相关
systemctl disable firewalld --now
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
搭建nginx服务
#搭建nginx节点
hostnamectl set-hostname HA1 && bash
hostnamectl set-hostname HA2 && bash
#安装软件包
yum -y install wget vim net-tools
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum -y install nginx nginx-mod-stream
systemctl enable nginx --now
netstat -tunlp | grep -i nginx # #验证
#tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 9482/nginx: master
#安全相关
systemctl disable firewalld --now
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/confignginx服务配置
#nginx服务配置
#备份,并且清除注释
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
sed -i 's/.*#.*//' /etc/nginx/nginx.conf
vim /etc/nginx/nginx.conf
###配置文件含义
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024; #worker进程上限
}
http { #自身http服务的配置
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server { #自己作为http服务器时的配置
listen 80;
listen [::]:80; #监听的ipv6的地址与端口
server_name _;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html; #出错之后的提示页面等
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
###修改完成之后如下
#内含变量,建议vim,使用cat <<END或echo都会出错
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
stream {
log_format main '$remote_addr $upstream_addr - [$time_local] $status
$upstream_bytes_sent';
access_log /var/log/nginx/web_cluster.log main;
upstream web_LB { #负载均衡设置
server 192.168.8.162:80; #添加要转发的地址与端口
server 192.168.8.163:80;
server 192.168.8.164:80;
}
server {
listen 80; #本地监听的端口,可以修改
proxy_pass web_LB; # 设置为通过负载均衡web_LB的方式进行代理
}
}
#检查
nginx -t
#nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
#nginx: configuration file /etc/nginx/nginx.conf test is successful
nginx -s reload #重载配置文件此时重新访问,发现访问160和161能访问到后端的web服务器,清除缓存后会变化
最小连接
通过判断哪一个服务器的负载最小,选择负载最小的服务器进行连接
vim /etc/nginx/nginx.conf
upstream web_LB {
least_conn;
server 192.168.8.162:80;
server 192.168.8.163:80;
server 192.168.8.164:80;
}
nginx -t
nginx -s reload权重轮询
通过修改weight值,根据权重进行负载的分配
vim /etc/nginx/nginx.conf
upstream web_LB { #负载均衡设置
server 192.168.8.162:80 weight=1; #添加地址与端口
server 192.168.8.163:80 weight=2;
server 192.168.8.164:80 weight=3;
}
nginx -t
nginx -s reloadIPhash
根据源ip地址进行hash计算,根据计算值自动匹配到后端服务器
同个ip固定匹配一个服务器
适合流量大的时候使用,流量越多越均衡
vim /etc/nginx/nginx.conf
upstream web_LB {
hash $remote_addr consistent;
server 192.168.8.162:80;
server 192.168.8.163:80;
server 192.168.8.164:80;
}
nginx -t
nginx -s reloadHA节点搭建
#部署
yum install -y keepalived
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
vim /etc/keepalived/keepalived.conf
根据实际情况修改
###配置文件解析,并修改配置文件
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1 #通过SMTP来发送邮件的地址
smtp_connect_timeout 30
router_id ha1 #路由器代号,挂了之后邮件提升的内容,主备节点需要不同,我写本机
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 { #实例1,instance的概念与网络中的一致,可以设置多实例来允许多网段的访问
state MASTER #状态
interface ens33 #keepalived的接口地址,我的虚机网卡是ens33
virtual_router_id 100 #虚拟地址路由器routerid,主备节点需要相同,建议自定义1-255
priority 100 #优先级,主节点的需要比备节点高
advert_int 1 #心跳间隔1s
authentication { #认证配置
auth_type PASS #开启认证
auth_pass 1111 #密钥
}
virtual_ipaddress { #虚拟的floating ip,支持多个
192.168.8.200
}
}
#启动服务
systemctl enable keepalived --now
systemctl restart keepalived
主节点的网卡会附带集群的地址,如下图
主备倒换测试
ha1停止keepalived,查看ha2的keepalived状态
systemctl stop keepalived
添加定时执行脚本自动拉活nginx
在keepalive的配置文件中添加脚本,用以检测nginx服务是否正常开启
通过脚本自动拉活nginx服务
vim /etc/keepalived/check_nginx_port.sh
#!/bin/bash
if [ "$(netstat -ntlp | grep "nginx: master" | wc -l)" == "0" ]
then
systemctl restart nginx
sleep 2
if [ "$(netstat -ntlp | grep "nginx: master" | wc -l)" == "0" ]
then
systemctl stop keepalived
fi
fi编辑配置文件
vim /etc/keepalived/keepalived.conf
...
vrrp_script check_nginx_port {
script "/etc/keepalived/check_nginx_port.sh"
interval 2 #间隔2秒
}
...
vrrp_instance VI_1 {
...
track_script {
check_nginx_port
}
}