nginx负载均衡高可用
nginx负载均衡高可用
keepalived概述
keepalived是一个高可用软件,可以和任何应用配合使用
什么是高可用
一般是指2台机器启动着完全相同的业务系统,当有一台机器down机了,另外一台服务器能快速的接管,对于访问的用户都是无感知的。
高可用软件
# 硬件
F5
# 软件
keepalived
heartbeat
# MySQL
MGR
MHA
# Redis
Redis-Cluster
Sentinel
keepalived实现原理
keepalived底层协议 :VRRP (虚拟路由冗余协议)
VRRP原理
如何才能做到故障自动转移,此时VRRP就出现了,我们的VRRP其实是通过软件或者硬件的形式在Master和Backup外面增加一个虚拟的MAC地址(VMAC)和虚拟IP(VIP) ,那么在这种情况下,pc请求vip的时候,无论是Master处理还是Backup处理,pc仅会在ARP缓存表中葫芦VMAC与VIP的信息
高可用keepalived使用场景
通常业务系统需要保证7×24小时不down机,比如公司内部的OA系统,每天公司都需要使用,则不允许down机,作为业务系统来说随时都可用
高可用keepalived核心理念
1.如何确定谁是主节点谁是被节点 (选举投票,优先级)
2.如果Master故障,Backup自动接管,那么Master回复后会夺权吗(抢占式、非抢占式)
3.如果两台服务器都认为自己是Madter会出现什么问题(脑裂)
keepalived安装配置
环境准备
| 主机名 | WanIP | LanIP | 角色 | 应用 |
|---|---|---|---|---|
| lb01 | 10.0.0.5 | 172.16.1.5 | Master keepalived主节点 | keepalived |
| lb02 | 10.0.0.5 | 172.16.1.6 | Backuo keepalived备节点 | keepalived |
部署keepalived
# 1.安装keepalived
[root@ib01 ~]# yum -y install keepalived
[root@ib01 ~]# yum -y install keepalived
# 2.查找keepalived配置文件
[root@ib01 ~]# rpm -ql keepalived
/etc/keepalived
# 3.修改Master配置文件
[root@ib01 ~]# vim /etc/keepalived/keepalived.conf
global_defs { # 全局配置
router_id lb01 # 标识省份->名称
}
vrrp_instance VI_1 {
state MASTER # 标识角色状态
interface eth0 # 网卡绑定接口
virtual_router_id 50 # 虚拟路由id
priority 150 # 优先级
advert_int 1 # 检测间隔时间
authentication { # 认证
auth_type PASS # 认证方式
auth_pass 1111 # 认证密码
}
virtual_ipaddress {
10.0.0.3 # 虚拟vip地址
}
}
[root@ib02 ~]# vim /etc/keepalived/keepalived.conf
bal_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
# 1.启动master上的keepalived
[root@ib01 ~]# systemctl start keepalived
[root@ib02 ~]# systemctl start keepalived
# 注意:只要停掉Keepalived,vip会漂移到另外一个节点
| keepalived配置区别 | Master节点配置 | Backup节点配置 |
|---|---|---|
| router_id | lb01 | lb02 |
| state | MASTER | BACKUP |
| priority | 150 | 100 |
非抢占式配置
# 配置需求
1.两个节点的state都必须配置为BACKUP
2.两个节点都必须加上配置 nopreempt
3.其中一个节点的优先级必须要高于另外一个节点
# master节点配置
[root@ib01 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
nopreempt
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
# BACKUP节点配置
[root@ib02 ~]# vim /etc/keepalived/keepalived.conf
bal_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
nopreempt
virtual_router_id 50
priority 100
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
脑裂的原因
-
服务器网线松动等网络故障
-
服务器硬件故障发生损坏现象而崩溃
-
主备都开启firewalld防火墙
# 解决脑裂故障
[root@lb02 ~]# cat check_split_brain.sh
#!/bin/sh
vip=10.0.0.3
lb01_ip=10.0.0.5
while true;do
ping -c 2 $lb01_ip &>/dev/null
if [ $? -eq 0 -a `ip add|grep "$vip"|wc -l` -eq 1 ];then
echo "ha is split brain.warning."
else
echo "ha is ok"
fi
sleep 5
done
关联nginx
# 公司使用脚本
#!/bin/sh
nginx_count=$(ps -ef|grep [n]ginx|wc -l)
#1.判断Nginx是否存活,如果不存活则尝试启动Nginx
if [ $nginx_count -eq 0 ];then
systemctl start nginx
sleep 3
#2.等待3秒后再次获取一次Nginx状态
nginx_count=$(ps -ef|grep [n]ginx|wc -l)
#3.再次进行判断, 如Nginx还不存活则停止Keepalived,让地址进行漂移,并退出脚本
if [ $nginx_count -eq 0 ];then
systemctl stop keepalived
fi
fi
# 上课使用脚本
#!/bin/sh
nginx_count=$(ps -ef|grep [n]ginx|wc -l)
#1.判断Nginx是否存活,如果不存活则尝试启动Nginx
if [ $nginx_count -eq 0 ];then
systemctl stop keepalived
fi
配置两台负载均衡
# lb01
upstream blog.zh.com{
server 10.0.0.7;
server 10.0.0.8;
}
server{
listen 80;
server_name blog.zh.com;
location /{
proxy_pass http://blog.zh.com;
include fzjhxh.youhua;
}
}
# lb02
upstream blog.zh.com{
server 10.0.0.7;
server 10.0.0.8;
}
server{
listen 80;
server_name blog.zh.com;
location /{
proxy_pass http://blog.zh.com;
include fzjhxh.youhua;
}
}
keepalived关联nginx
# 修改keepalived配置文件
global_defs {
router_id lb01
}
vrr_script check_web_zh {
script "/root/check_web.sh"
interval 5
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
track_script {
check_web_zh
}
}
# 给执行脚本加上执行权限
[root@lb01 ~]# chmod +x /root/check_web.sh
# 域名解析在VIP上
10.0.0.3 blog.zh.com