Nginx与keepalived高可用节点搭建实验

本文主要介绍了nginx+keepalived的部署实验，并简单说明了nginx的集中负载分担模式

简介：

nginx可以通过反向代理功能对后端服务器实现负载均衡功能

keepalived 是一种高可用集群选举软件

keepalived架构

分为三个模块：

1、keepalived core 核心模块

2、keepalived VRRP模块，加载vrrp协议，通过vrrp进行主备选举

------设置vrrp优先级，默认优先级100,

3、keepalive check检查模块，监控检查

------心跳检测，每一秒发送一次心跳

------备份节点如果三秒钟没有收到心跳信息，则认为主节点故障，备份节点切换为主节点

备份节点切换为主节点后，集群IP地址漂移到新的主节点 结合SMTP服务实现邮件发送

环境

VMwareworkstation 17 pro

CentOS Linux release 7.8.2003 (Core)

------4G内存，2core

------20G硬盘

------minimal安装

------NAT网络

#创建完web模板后进行克隆效率更高，随意

#5节点部署，如图所示

搭建web节点

#搭建web节点
yum -y install httpd

#修改主机名与html文件
hostnamectl set-hostname WEB1 && bash
echo web1 > /var/www/html/index.html
hostnamectl set-hostname WEB2 && bash
echo web2 > /var/www/html/index.html
hostnamectl set-hostname WEB3 && bash
echo web3 > /var/www/html/index.html

systemctl enable httpd --now

#安全相关
systemctl disable firewalld --now
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

搭建nginx服务

#搭建nginx节点
hostnamectl set-hostname HA1 && bash
hostnamectl set-hostname HA2 && bash

#安装软件包
yum -y install wget vim net-tools
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum -y install nginx nginx-mod-stream

systemctl enable nginx --now
netstat -tunlp | grep -i nginx # #验证
#tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      9482/nginx: master

#安全相关
systemctl disable firewalld --now
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

nginx服务配置

#nginx服务配置

#备份，并且清除注释
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
sed -i 's/.*#.*//' /etc/nginx/nginx.conf
vim /etc/nginx/nginx.conf

###配置文件含义
user nginx;
worker_processes auto; 
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024; #worker进程上限
}

http { #自身http服务的配置
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
		keepalive_timeout   65;
    types_hash_max_size 4096;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;

    server { #自己作为http服务器时的配置
        listen       80;
        listen       [::]:80; #监听的ipv6的地址与端口
        server_name  _;
        root         /usr/share/nginx/html;
        include /etc/nginx/default.d/*.conf; 
        error_page 404 /404.html; #出错之后的提示页面等
        location = /404.html {
        }
				error_page 500 502 503 504 /50x.html; 
        location = /50x.html {
        }
    }
}

###修改完成之后如下
#内含变量，建议vim，使用cat <<END或echo都会出错
user nginx;
worker_processes auto; 
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

stream {
log_format main '$remote_addr $upstream_addr - [$time_local] $status
$upstream_bytes_sent';
access_log /var/log/nginx/web_cluster.log main;
 upstream web_LB { #负载均衡设置
 server 192.168.8.162:80;  #添加要转发的地址与端口
 server 192.168.8.163:80;
 server 192.168.8.164:80;
 }
 server {
 listen 80; #本地监听的端口，可以修改
 proxy_pass web_LB; # 设置为通过负载均衡web_LB的方式进行代理
 }
}

#检查
nginx -t
#nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
#nginx: configuration file /etc/nginx/nginx.conf test is successful
nginx -s reload #重载配置文件

此时重新访问，发现访问160和161能访问到后端的web服务器，清除缓存后会变化

最小连接

通过判断哪一个服务器的负载最小，选择负载最小的服务器进行连接

vim /etc/nginx/nginx.conf

upstream web_LB {
least_conn;
server 192.168.8.162:80; 
server 192.168.8.163:80;
server 192.168.8.164:80;
}
nginx -t
nginx -s reload

权重轮询

通过修改weight值，根据权重进行负载的分配

vim /etc/nginx/nginx.conf

upstream web_LB { #负载均衡设置
server 192.168.8.162:80 weight=1;  #添加地址与端口
server 192.168.8.163:80 weight=2;
server 192.168.8.164:80 weight=3;
}
nginx -t
nginx -s reload

IPhash

根据源ip地址进行hash计算，根据计算值自动匹配到后端服务器

同个ip固定匹配一个服务器

适合流量大的时候使用，流量越多越均衡

vim /etc/nginx/nginx.conf

upstream web_LB {
hash $remote_addr consistent;
server 192.168.8.162:80; 
server 192.168.8.163:80;
server 192.168.8.164:80;
}
nginx -t
nginx -s reload

HA节点搭建

#部署
yum install -y keepalived
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak

vim /etc/keepalived/keepalived.conf
根据实际情况修改
###配置文件解析，并修改配置文件
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
	 notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1 #通过SMTP来发送邮件的地址
   smtp_connect_timeout 30
   router_id ha1 #路由器代号，挂了之后邮件提升的内容，主备节点需要不同，我写本机
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
vrrp_instance VI_1 { #实例1，instance的概念与网络中的一致，可以设置多实例来允许多网段的访问
    state MASTER   #状态
    interface ens33 #keepalived的接口地址，我的虚机网卡是ens33
    virtual_router_id 100 #虚拟地址路由器routerid，主备节点需要相同，建议自定义1-255
    priority 100 #优先级，主节点的需要比备节点高
    advert_int 1 #心跳间隔1s
    authentication {  #认证配置
        auth_type PASS #开启认证
        auth_pass 1111 #密钥
    }
    virtual_ipaddress { #虚拟的floating ip，支持多个
        192.168.8.200
    }
}

#启动服务
systemctl enable keepalived --now
systemctl restart keepalived

主节点的网卡会附带集群的地址，如下图

主备倒换测试

ha1停止keepalived，查看ha2的keepalived状态

systemctl stop keepalived

添加定时执行脚本自动拉活nginx

在keepalive的配置文件中添加脚本，用以检测nginx服务是否正常开启

通过脚本自动拉活nginx服务

vim /etc/keepalived/check_nginx_port.sh

#!/bin/bash
if [ "$(netstat -ntlp | grep "nginx: master" | wc -l)" == "0" ]
 then
 systemctl restart nginx
 sleep 2
 if [ "$(netstat -ntlp | grep "nginx: master" | wc -l)" == "0" ]
 then
 systemctl stop keepalived
 fi
fi

编辑配置文件

vim /etc/keepalived/keepalived.conf

...
vrrp_script check_nginx_port {
 script "/etc/keepalived/check_nginx_port.sh"
 interval 2  #间隔2秒
}

...

vrrp_instance VI_1 {
 ...
 track_script {
 check_nginx_port
 }
}