Nginx + Keepalived 高可用叢集部署

上古南城發表於2023-03-09

負載均衡技術對於一個網站尤其是大型網站的web伺服器叢集來說是至關重要的!做好負載均衡架構,可以實現故障轉移和高可用環境,避免單點故障,保證網站健康持續執行。在使用 Nginx 做反向代理或者負載均衡的時候,都是以 Nginx 為入口,如果 Nginx 當機了,那麼所有的服務都無法正常提供,影響非常嚴重。

為了避免負載均衡伺服器當機造成嚴重影響,就需要建立一個備份機。主伺服器和備份機上都執行高可用(High Availability)監控程式,透過傳送諸如“I am alive”這樣的資訊來監控對方的執行狀況。當備份機不能在一定的時間內收到這樣的資訊時,它就接管主伺服器的服務IP並繼續提供負載均衡服務;當備份管理器又從主管理器收到“I am alive”這樣的資訊時,它就釋放服務IP地址,這樣的主伺服器就開始再次提供負載均衡服務。

高可用(High Availability)是分散式系統架構設計中必須考慮的因素之一,它通常是指,透過設計減少系統不能提供服務的時間。如果一個系統能夠一直提供服務,那麼這個可用性則是百分之百,但是我們不能保證一個系統能永遠不出問題,所以我們只能透過設計來儘可能的去減少由於系統的故障所造成的影響。

由於業務擴充套件,網站的訪問量不斷加大,負載越來越高。現需要在web前端放置nginx負載均衡,同時結合keepalived對前端nginx實現HA高可用。

前文分享了《Linux下Nginx基礎應用》,《Linux下實現高可用軟體-Keepalived基礎知識梳理》;今天簡單分享Nginx + Keepalived 高可用集群部署

主從叢集架構圖

環境說明
hostname ip 說明
Client-01 172.16.70.171 客戶端測試機
KeepMaster 172.16.70.181 keepalived 主伺服器 (nginx 主負載均衡器)
KeepBackup 172.16.70.182 keepalived 備伺服器 (nginx 備負載均衡器)
VIP 172.16.70.183 vrrp HA 虛擬地址,可有多個IP
Web1 172.16.70.191 後端web主伺服器1 (nginx 站點)
Web2 172.16.70.192 後端web備伺服器2 (nginx 站點)

準備環境

# 本次所有部署伺服器都配置
# cat /etc/redhat-release 
CentOS Linux release 7.9.2009 (Core)
# uname -r
3.10.0-1160.83.1.el7.x86_64

# systemctl stop firewalld
# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/sysconfig/selinux
# setenforce 0
# ntpdate 0.centos.pool.ntp.org
# yum install net-tools vim wget curl -y

 搭建後端web伺服器

  • 主備一樣操作
# 這裡以 web-01 為例
[root@web-01 ~]# wget https://nginx.org/packages/centos/7/x86_64/RPMS/nginx-1.20.2-1.el7.ngx.x86_64.rpm
[root@web-01 ~]# rpm -ivh nginx-1.20.2-1.el7.ngx.x86_64.rpm
[root@web-01 ~]# nginx -v
nginx version: nginx/1.20.2

[root@web-01 ~]# #echo "`hostname` `ifconfig ens33 |sed -n 's#.*inet \(.*\)netmask.*#\1#p'`" > /usr/share/nginx/html/index.html
[root@web-01 ~]# cat /usr/share/nginx/html/index.html
web-01 172.16.70.191 

[root@web-01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@web-01 ~]# systemctl start nginx
[root@web-01 ~]# systemctl enable nginx
[root@web-01 ~]# netstat -ntupl | grep nginx
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      10687/nginx: master 
[root@web-01 ~]# ps -ef | grep nginx
root      10687      1  0 16:36 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx     10688  10687  0 16:36 ?        00:00:00 nginx: worker process
nginx     10689  10687  0 16:36 ?        00:00:00 nginx: worker process
nginx     10690  10687  0 16:36 ?        00:00:00 nginx: worker process
nginx     10691  10687  0 16:36 ?        00:00:00 nginx: worker process
root      10761  10586  0 16:45 pts/1    00:00:00 grep --color=auto nginx
 
# Client-01 測試訪問
[root@Client-01 ~]# curl 172.16.70.191
web-01 172.16.70.191

 瀏覽器測試訪問 http://ip/

 

Keep伺服器上部署nginx負載均衡器

  • 主備一樣操作
# 這裡以 KeepMaster 為例
# 安裝部署nginx
[root@KeepMaster ~]# wget https://nginx.org/packages/centos/7/x86_64/RPMS/nginx-1.18.0-2.el7.ngx.x86_64.rpm
[root@KeepMaster ~]# rpm -vih nginx-1.18.0-2.el7.ngx.x86_64.rpm
[root@KeepMaster ~]# nginx -v
nginx version: nginx/1.18.0

# 新建
[root@KeepMaster ~]# cat /etc/nginx/conf.d/web.conf
upstream web {
    server 172.16.70.191:80 weight=1 max_fails=3 fail_timeout=20s;
    server 172.16.70.192:80 weight=2 max_fails=3 fail_timeout=20s;
}
    # weight(權重)和訪問比率成正比,預設值為1
    # max_fails 為允許失敗的次數,預設值為1
    # fail_timeout 當max_fails次失敗後,暫停將請求分發到該後端伺服器的時間

server {
  listen 80;
  server_name www.zhangwencheng.org;
  
  location / {
    proxy_pass http://web;
    proxy_set_header HOST $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

[root@KeepMaster ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@KeepMaster ~]# systemctl start nginx
[root@KeepMaster ~]# systemctl enable nginx

[root@KeepMaster ~]# ps -ef | grep nginx
root       1677      1  0 17:28 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx      1678   1677  0 17:28 ?        00:00:00 nginx: worker process
root       1708   1444  0 17:33 pts/0    00:00:00 grep --color=auto nginx
[root@KeepMaster ~]# netstat -tnpl | grep nginx
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1677/nginx: master

測試機Client-01驗證負載均衡

  • Keep主備伺服器上的nginx負載均衡
# 在測試機上新增host解析, KeepMaster/KeepBackup主機IP
[root@Client-01 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.70.181	www.zhangwencheng.org
172.16.70.182	www.zhangwencheng.org

# 測試時候輪流關閉Keep節點,關閉後還是能夠訪問並看到輪循效果即表示nginx負載均衡器叢集搭建成功。
[root@Client-01 ~]# curl www.zhangwencheng.org
web-01 172.16.70.191  
[root@Client-01 ~]# curl www.zhangwencheng.org
web-02 172.16.70.192  
[root@Client-01 ~]# curl www.zhangwencheng.org
web-02 172.16.70.192  
[root@Client-01 ~]# curl www.zhangwencheng.org
web-01 172.16.70.191

Keep伺服器上部署keepalived

  • 主備一樣操作
[root@KeepMaster ~]# yum install -y openssl openssl-devel libnl libnl-devel gcc
[root@KeepMaster ~]# mkdir /data/apps/keepalived -p
[root@KeepMaster ~]# wget --no-check-certificate  http://www.keepalived.org/software/keepalived-2.2.4.tar.gz
[root@KeepMaster ~]# tar -xf keepalived-2.2.4.tar.gz
[root@KeepMaster ~]# cd keepalived-2.2.4
[root@KeepMaster keepalived-2.2.4]# ls
aclocal.m4  autogen.sh   build-aux    ChangeLog  configure.ac  COPYING  INSTALL     keepalived.spec.in  m4           Makefile.in  snap  tools
AUTHOR      bin_install  build_setup  configure  CONTRIBUTORS  doc      keepalived  lib                 Makefile.am  README.md    TODO

[root@KeepMaster keepalived-2.2.4]# ./configure --prefix=/data/apps/keepalived
....
....
# 最後編譯正常輸出如下
Keepalived configuration
------------------------
Keepalived version       : 2.2.4
Compiler                 : gcc gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-44)
Preprocessor flags       : -D_GNU_SOURCE
Compiler flags           : -g -g -O2 -Wextra -Wunused -Wstrict-prototypes -Wabi -Wbad-function-cast -Wcast-align -Wcast-qual -Wdisabled-optimization -Wdouble-promotion \
-Wfloat-equal -Wframe-larger-than=5120 -Winit-self -Winline -Winvalid-pch -Wjump-misses-init -Wlogical-op -Wmissing-declarations -Wmissing-field-initializers -Wmissing-include-dirs \
-Wmissing-prototypes -Wnested-externs -Wold-style-definition -Woverlength-strings -Wpointer-arith -Wredundant-decls -Wshadow -Wstack-protector -Wstrict-overflow=4 -Wsuggest-attribute=format \
-Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wsync-nand -Wtrampolines -Wundef -Wuninitialized -Wunknown-pragmas -Wunsafe-loop-optimizations -Wunsuffixed-float-constants -Wvariadic-macros \
-Wwrite-strings -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -O2
Linker flags             : -pie -Wl,-z,relro -Wl,-z,now
Extra Lib                : -lm -lcrypto -lssl -lnl
Use IPVS Framework       : Yes
IPVS use libnl           : Yes
IPVS syncd attributes    : No
IPVS 64 bit stats        : No
HTTP_GET regex support   : No
fwmark socket support    : Yes
Use VRRP Framework       : Yes
Use VRRP VMAC            : Yes
Use VRRP authentication  : Yes
With track_process       : Yes
With linkbeat            : Yes
Use BFD Framework        : No
SNMP vrrp support        : No
SNMP checker support     : No
SNMP RFCv2 support       : No
SNMP RFCv3 support       : No
DBUS support             : No
Use JSON output          : No
libnl version            : 1
Use IPv4 devconf         : No
Use iptables             : No
Use nftables             : No
init type                : systemd
systemd notify           : No
Strict config checks     : No
Build documentation      : No
Default runtime options  : -D

[root@KeepMaster keepalived-2.2.4]# make -j 4 && make install
[root@KeepMaster keepalived-2.2.4]# ls
aclocal.m4  bin          build_setup  config.status  CONTRIBUTORS  INSTALL          keepalived.spec.in  Makefile     README     TODO
AUTHOR      bin_install  ChangeLog    configure      COPYING       keepalived       lib                 Makefile.am  README.md  tools
autogen.sh  build-aux    config.log   configure.ac   doc           keepalived.spec  m4                  Makefile.in  snap

[root@KeepMaster keepalived-2.2.4]# cp keepalived/keepalived /usr/local/sbin/ -a
[root@KeepMaster keepalived-2.2.4]# keepalived -v
Keepalived v2.2.4 (08/21,2021)

Copyright(C) 2001-2021 Alexandre Cassen, <acassen@gmail.com>

Built with kernel headers for Linux 3.10.0
Running on Linux 3.10.0-1160.83.1.el7.x86_64 #1 SMP Wed Jan 25 16:41:43 UTC 2023
Distro: CentOS Linux 7 (Core)

configure options: --prefix=/data/apps/keepalived

Config options:  LVS VRRP VRRP_AUTH VRRP_VMAC OLD_CHKSUM_COMPAT INIT=systemd

System options:  VSYSLOG LIBNL1 RTA_ENCAP RTA_EXPIRES RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTA_VIA IFA_FLAGS \
NET_LINUX_IF_H_COLLISION LIBIPTC_LINUX_NET_IF_H_COLLISION LIBIPVS_NETLINK IFLA_LINK_NETNSID GLOB_BRACE GLOB_ALTDIRFUNC INET6_ADDR_GEN_MODE SO_MARK

[root@KeepMaster keepalived-2.2.4]# cd /data/apps/keepalived/
[root@KeepMaster keepalived]# ls
bin  etc  sbin  share

[root@KeepMaster keepalived]# mv etc/keepalived/keepalived.conf etc/keepalived/keepalived.conf_bak
[root@KeepMaster keepalived]# vim etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_script chk_nginx {     
    script "/data/apps/keepalived/chk_nginx.sh"  
    interval 2                  
    weight -5                                   
}

vrrp_instance VI_1 {
    state MASTER    # 備伺服器這為 BACKUP
    interface ens33
    virtual_router_id 51
    priority 110    # 備伺服器這小於110
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
       172.16.70.183 
    }
track_script {
   chk_nginx
    }
}

優先順序不會不斷的提高或者降低,最終優先順序的範圍是在[1,254],不會出現優先順序小於等於0或者優先順序大於等於255的情況。
在MASTER節點的vrrp_instance中配置nopreempt,當它異常恢復後,即使它prio更高也不會搶佔,這樣可以避免正常情況下做無謂的切換。

nginx檢測指令碼

編寫指令碼來判斷本機nginx是否正常,如果發現NginX不正常,自重啟nginx。等待2秒再次校驗,仍然失敗則不再嘗試,關閉keepalived,讓其他主機此時會接管VIP。
此指令碼必須在keepalived服務執行的前提下才有效!如果在keepalived服務先關閉的情況下,那麼nginx服務關閉後就不能實現自啟動了。

[root@KeepMaster keepalived]# cat chk_nginx.sh 
#!/bin/bash
chk=$(ps -C nginx --no-heading|wc -l)
if [ "${chk}" = "0" ]; then
    systemctl start nginx
    sleep 2
    chk=$(ps -C nginx --no-heading|wc -l)
    if [ "${chk}" = "0" ]; then
        systemctl stop keepalived
    fi
fi

[root@KeepMaster keepalived]# chmod +x chk_nginx.sh

測試機Client-01驗證VIP

  • Keep伺服器上的VIP
[root@Client-01 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.70.183	www.zhangwencheng.org

[root@Client-01 ~]# curl www.zhangwencheng.org
web-02 172.16.70.192  
[root@Client-01 ~]# curl www.zhangwencheng.org
web-02 172.16.70.192  
[root@Client-01 ~]# curl www.zhangwencheng.org
web-01 172.16.70.191  
[root@Client-01 ~]# curl www.zhangwencheng.org
web-02 172.16.70.192

故障轉移測試

#手動關閉Master機器上的nginx服務,最多2秒鐘後就會自啟動
[root@KeepMaster ~]# systemctl stop nginx
[root@KeepMaster ~]# ps -ef | egrep 'nginx|keepalived'
root      57266      1  0 16:21 ?        00:00:00 /data/apps/keepalived/sbin/keepalived -f /data/apps/keepalived/etc/keepalived/keepalived.conf -D
root      57267  57266  0 16:21 ?        00:00:01 /data/apps/keepalived/sbin/keepalived -f /data/apps/keepalived/etc/keepalived/keepalived.conf -D
root      60019      1  0 16:42 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx     60020  60019  0 16:42 ?        00:00:00 nginx: worker process
root      60027   1444  0 16:42 pts/0    00:00:00 grep -E --color=auto nginx|keepalived
[root@KeepMaster ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:a1:82:4e brd ff:ff:ff:ff:ff:ff
    inet 172.16.70.181/24 brd 172.16.70.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 172.16.70.183/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::7726:d409:2cf4:babd/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::833:43b:7d2:6e4c/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::c2be:590b:1ae6:42e3/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

#手動關閉Master機器上的keepalived服務,已經發現沒VIP了
[root@KeepMaster ~]# systemctl stop keepalived
[root@KeepMaster ~]# ps -ef | egrep 'nginx|keepalived'
root      60019      1  0 16:42 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx     60020  60019  0 16:42 ?        00:00:00 nginx: worker process
root      60348   1444  0 16:45 pts/0    00:00:00 grep -E --color=auto nginx|keepalived
[root@KeepMaster ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:a1:82:4e brd ff:ff:ff:ff:ff:ff
    inet 172.16.70.181/24 brd 172.16.70.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::7726:d409:2cf4:babd/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::833:43b:7d2:6e4c/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::c2be:590b:1ae6:42e3/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

[root@KeepMaster keepalived]# tail /var/log/messages
Mar  7 17:01:01 Keepalived-01 systemd: Started Session 27 of user root.
Mar  7 17:01:28 Keepalived-01 Keepalived[60703]: Stopping
Mar  7 17:01:28 Keepalived-01 systemd: Stopping LVS and VRRP High Availability Monitor...
Mar  7 17:01:28 Keepalived-01 Keepalived_vrrp[60704]: (VI_1) sent 0 priority
Mar  7 17:01:28 Keepalived-01 Keepalived_vrrp[60704]: (VI_1) removing VIPs.
Mar  7 17:01:28 Keepalived-01 NetworkManager[570]: <info>  [1678179688.0176] policy: set-hostname: current hostname was changed outside NetworkManager: 'KeepMaster'
Mar  7 17:01:29 Keepalived-01 Keepalived_vrrp[60704]: Stopped - used (self/children) 0.005506/0.797936 user time, 0.172766/0.818969 system time
Mar  7 17:01:29 Keepalived-01 Keepalived[60703]: CPU usage (self/children) user: 0.000000/0.803442 system: 0.001394/0.994146
Mar  7 17:01:29 Keepalived-01 Keepalived[60703]: Stopped Keepalived v2.2.4 (08/21,2021)
Mar  7 17:01:29 Keepalived-01 systemd: Stopped LVS and VRRP High Availability Monitor
  • KeepBackup檢視,已經接管VIP
[root@KeepBackup keepalived]# ps -ef | egrep 'nginx|keepalived'
root      65036      1  0 17:01 ?        00:00:00 /data/apps/keepalived/sbin/keepalived -f /data/apps/keepalived/etc/keepalived/keepalived.conf -D
root      65037  65036  0 17:01 ?        00:00:00 /data/apps/keepalived/sbin/keepalived -f /data/apps/keepalived/etc/keepalived/keepalived.conf -D
root      65067      1  0 17:01 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx     65068  65067  0 17:01 ?        00:00:00 nginx: worker process
root      65122   1514  0 17:01 pts/0    00:00:00 grep -E --color=auto nginx|keepalived

[root@KeepBackup keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:c4:54:23 brd ff:ff:ff:ff:ff:ff
    inet 172.16.70.182/24 brd 172.16.70.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 172.16.70.183/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::7726:d409:2cf4:babd/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::833:43b:7d2:6e4c/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::c2be:590b:1ae6:42e3/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
[root@KeepBackup keepalived]# tail /var/log/messages 
Mar  7 17:01:28 Keepalived-02 Keepalived_vrrp[65037]: Sending gratuitous ARP on ens33 for 172.16.70.183
Mar  7 17:01:28 Keepalived-02 Keepalived_vrrp[65037]: Sending gratuitous ARP on ens33 for 172.16.70.183
Mar  7 17:01:28 Keepalived-02 Keepalived_vrrp[65037]: Sending gratuitous ARP on ens33 for 172.16.70.183
Mar  7 17:01:28 Keepalived-02 NetworkManager[573]: <info>  [1678179688.8137] policy: set-hostname: current hostname was changed outside NetworkManager: 'KeepBackup'
Mar  7 17:01:33 Keepalived-02 Keepalived_vrrp[65037]: (VI_1) Sending/queueing gratuitous ARPs on ens33 for 172.16.70.183
Mar  7 17:01:33 Keepalived-02 Keepalived_vrrp[65037]: Sending gratuitous ARP on ens33 for 172.16.70.183
Mar  7 17:01:33 Keepalived-02 Keepalived_vrrp[65037]: Sending gratuitous ARP on ens33 for 172.16.70.183
Mar  7 17:01:33 Keepalived-02 Keepalived_vrrp[65037]: Sending gratuitous ARP on ens33 for 172.16.70.183
Mar  7 17:01:33 Keepalived-02 Keepalived_vrrp[65037]: Sending gratuitous ARP on ens33 for 172.16.70.183
Mar  7 17:01:33 Keepalived-02 Keepalived_vrrp[65037]: Sending gratuitous ARP on ens33 for 172.16.70.183
 
 
 

雙機高可用一般是透過虛擬IP(飄移IP)方法來實現的,基於Linux/Unix的IP別名技術,目前分為兩種:

  • 雙機主從模式:即前端使用兩臺伺服器,一臺主伺服器和一臺熱備伺服器,正常情況下,主伺服器繫結一個公網虛擬IP,提供負載均衡服務,熱備伺服器處於空閒狀態;當主伺服器發生故障時,熱備伺服器接管主伺服器的公網虛擬IP,提供負載均衡服務;但是熱備伺服器在主機器不出現故障的時候,永遠處於浪費狀態,對於伺服器不多的網站,該方案不經濟實惠。
  • 雙機主主模式:即前端使用兩臺負載均衡伺服器,互為主備,且都處於活動狀態,同時各自繫結一個公網虛擬IP,提供負載均衡服務;當其中一臺發生故障時,另一臺接管發生故障伺服器的公網虛擬IP(這時由非故障機器一臺負擔所有的請求)。這種方案,經濟實惠,非常適合於當前架構環境。

主主模式叢集架構圖

當了解主備模式後,雙主模式就容易配置多了。只需要在每臺keepalived配置檔案,加上一個vrrp_instance命名vrrp_instance VI_2即可,更改幾個引數,設定另一個VIP:172.16.70.184

  • KeepMaster:state BACKUP ,priority 100, virtual_router_id 52
  • KeepBackup:state MASTER ,priority 110, virtual_router_id 52

KeepMaster上的keepalived.conf

[root@KeepMaster keepalived]# cat etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_script chk_nginx {     
    script "/data/apps/keepalived/chk_nginx.sh"  
    interval 2                  
    weight -5                   
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 110
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
       172.16.70.183 
    }
track_script {
   chk_nginx
    }
}

vrrp_instance VI_2 {
    state BACKUP
    interface ens33
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
       172.16.70.184
    }
track_script {
   chk_nginx
    }
}

[root@KeepMaster keepalived]# systemctl restart keepalived

 KeepBackup上的keepalived.conf

[root@KeepBackup keepalived]# cat etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_script chk_nginx {     
    script "/data/apps/keepalived/chk_nginx.sh"  
    interval 2                  
    weight -5                   
}

vrrp_instance VI_1 {
    state BAKCUP
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
       172.16.70.183 
    }
track_script {
   chk_nginx
    }
}

vrrp_instance VI_2 {
    state MASTER
    interface ens33
    virtual_router_id 52
    priority 110
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
       172.16.70.184
    }
track_script {
   chk_nginx
    }
}

[root@KeepBackup keepalived]# systemctl restart keepalived

 測試機Client-01驗證VIP2

  • Keep伺服器上的VIP2
# 註釋VIP1解析,此時僅測試VIP2;測試成功後再取消VIP1註釋
[root@Client-01 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
#172.16.70.183	www.zhangwencheng.org
172.16.70.184	www.zhangwencheng.org

[root@Client-01 ~]# curl www.zhangwencheng.org
web-01 172.16.70.191  
[root@Client-01 ~]# curl www.zhangwencheng.org
web-02 172.16.70.192  
[root@Client-01 ~]# curl www.zhangwencheng.org
web-02 172.16.70.192  
[root@Client-01 ~]# curl www.zhangwencheng.org
web-01 172.16.70.191
  •  檢視VIP情況
[root@KeepMaster ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:a1:82:4e brd ff:ff:ff:ff:ff:ff
    inet 172.16.70.181/24 brd 172.16.70.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 172.16.70.183/32 scope global ens33    # VIP1
       valid_lft forever preferred_lft forever
    inet6 fe80::7726:d409:2cf4:babd/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::833:43b:7d2:6e4c/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::c2be:590b:1ae6:42e3/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@KeepBackup ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:c4:54:23 brd ff:ff:ff:ff:ff:ff
    inet 172.16.70.182/24 brd 172.16.70.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 172.16.70.184/32 scope global ens33    # VIP2
       valid_lft forever preferred_lft forever
    inet6 fe80::7726:d409:2cf4:babd/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::833:43b:7d2:6e4c/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::c2be:590b:1ae6:42e3/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
  •  故障轉移測試類同,不再贅述。

相關文章