2018-05-21 Linux學習
根據功能劃分為兩大類:高可用和負載均衡
高可用集群通常為兩臺服務器,一臺工作,另外一臺作為冗余,當提供服務的機器宕機,冗余將接替繼續提供服務
實現高可用的開源軟件有:heartbeat、keepalived
負載均衡集群,需要有一臺服務器作為分發器,它負責把用戶的請求分發給後端的服務器處理,在這個集群裏,除了分發器外,就是給用戶提供服務的服務器了,這些服務器數量至少為2
實現負載均衡的開源軟件有LVS、keepalived、haproxy、nginx,商業的有F5、Netscaler
18.2 keepalived介紹
在這裏我們使用keepalived來實現高可用集群,因為heartbeat在centos6上有一些問題,影響實驗效果 keepalived通過VRRP(Virtual Router Redundancy Protocl)來實現高可用。 在這個協議裏會將多臺功能相同的路由器組成一個小組,這個小組裏會有1個master角色和N(N>=1)個backup角色。 master會通過組播的形式向各個backup發送VRRP協議的數據包,當backup收不到master發來的VRRP數據包時,就會認為master宕機了。此時就需要根據各個backup的優先級來決定誰成為新的mater。 Keepalived要有三個模塊,分別是core、check和vrrp。其中core模塊為keepalived的核心,負責主進程的啟動、維護以及全局配置文件的加載和解析,check模塊負責健康檢查,vrrp模塊是來實現VRRP協議的。
18.3-4-5 用keepalived配置高可用集群
用keepalived配置高可用
準備兩臺機器130和132,130作為master,132作為backup 兩臺機器都執行yum install -y keepalived 兩臺機器都安裝nginx,其中130上已經編譯安裝過nginx,132上需要yum安裝nginx: yum install -y nginx 設定vip為100 編輯130上keepalived配置文件master_keepalived.conf 130編輯監控腳本,內容從https://coding.net/u/aminglinux/p/aminglinux-book/git/blob/master/D21Z/master_check_ng.sh獲取 給腳本755權限 systemctl start keepalived 130啟動服務 132上編輯配置文件,內容從https://coding.net/u/aminglinux/p/aminglinux-book/git/blob/master/D21Z/backup_keepalived.conf獲取 132上編輯監控腳本,內容從https://coding.net/u/aminglinux/p/aminglinux-book/git/blob/master/D21Z/backup_check_ng.sh獲取 給腳本755權限 132上也啟動服務 systemctl start keepalived
測試高可用
先確定好兩臺機器上nginx差異,比如可以通過curl -I 來查看nginx版本
測試1:關閉master上的nginx服務
測試2:在master上增加iptabls規則
iptables -I OUTPUT -p vrrp -j DROP
測試3:關閉master上的keepalived服務
測試4:啟動master上的keepalived服務
操作過程
[root@linux-01 ~]# yum install -y keepalived
[root@linux-02 ~]# yum install -y keepalived
01號機已源碼安裝過nginx
[root@linux-02 ~]# yum install -y nginx
主機器配置
[root@linux-01 ~]# ls /etc/keepalived/keepalived.conf
/etc/keepalived/keepalived.conf
[root@linux-01 ~]# cat /etc/keepalived/keepalived.conf
[root@linux-01 ~]# > /etc/keepalived/keepalived.conf
[root@linux-01 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {[email protected]
br/>[email protected]
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh"
interval 3
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux>com
}
virtual_ipaddress {
192.168.106.100
}
track_script {
chk_nginx
}
}
[root@linux-01 ~]# vim /usr/local/sbin/checkng.sh
#!/bin/bash
#時間變量,用於記錄日誌
d=`date --date today +%Y%m%d%H:%M:%S<br/>#計算nginx進程數量<br/>n=
ps -C nginx --no-heading|wc -l<br/>#如果進程為0,則啟動nginx,並且再次檢測nginx進程數量,<br/>#如果還為0,說明nginx無法啟動,此時需要關閉keepalived<br/>if [ $n -eq "0" ]; then<br/>/etc/init.d/nginx start<br/>n2=
ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
[root@linux-01 ~]# chmod 755 /usr/local/sbin/check_ng.sh
[root@linux-01 ~]# systemctl start keepalived
[root@linux-01 ~]# ps aux|grep keepalived
root 10818 0.0 0.0 120740 1400 ? Ss 02:18 0:00 /usr/sbin/keepalived -D
root 10819 0.0 0.1 127476 3264 ? S 02:18 0:00 /usr/sbin/keepalived -D
root 10820 0.0 0.1 131780 3120 ? S 02:18 0:00 /usr/sbin/keepalived -D
root 10884 0.0 0.0 112676 984 pts/0 R+ 02:18 0:00 grep --color=auto keepalived
[root@linux-01 ~]# ps aux|grep nginx
root 1003 0.0 0.0 45988 1308 ? Ss 01:15 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 1007 0.0 0.2 48476 3948 ? S 01:15 0:00 nginx: worker process
nobody 1009 0.0 0.2 48476 3948 ? S 01:15 0:00 nginx: worker process
root 10904 0.0 0.0 112676 984 pts/0 R+ 02:18 0:00 grep --color=auto nginx
[root@linux-01 ~]# /etc/init.d/nginx stop
Stopping nginx (via systemctl): [ 確定 ]
[root@linux-01 ~]# ps aux|grep nginx
root 11878 0.0 0.0 112676 984 pts/0 R+ 02:24 0:00 grep --color=auto nginx
[root@linux-01 ~]# ps aux|grep nginx
root 11880 0.0 0.0 112676 984 pts/0 R+ 02:24 0:00 grep --color=auto nginx
[root@linux-01 ~]# ps aux|grep nginx
root 11893 0.0 0.0 112676 984 pts/0 R+ 02:24 0:00 grep --color=auto nginx
[root@linux-01 ~]# ps aux|grep nginx
root 12674 0.0 0.0 112676 980 pts/0 R+ 02:28 0:00 grep --color=auto nginx
[root@linux-01 ~]# date
2018年 04月 15日 星期日 02:28:29 CST
[root@linux-01 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:40:24:3d brd ff:ff:ff:ff:ff:ff
inet 192.168.106.160/24 brd 192.168.106.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.106.100/32 scope global ens33
[root@linux-01 ~]# systemctl stop firewalld
[root@linux-01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@linux-01 ~]# getenforce
Enforcing
[root@linux-01 ~]# setenforce 0
[root@linux-01 ~]# getenforce
Permissive
從機器配置
[root@linux-02 ~]# systemctl stop firewalld.service
[root@linux-02 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@linux-02 ~]# getenforce
Enforcing
[root@linux-02 ~]# setenforce 0
[root@linux-02 ~]# getenforce
Permissive
[root@linux-02 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {[email protected]
br/>[email protected]
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh"
interval 3
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux>com
}
virtual_ipaddress {
192.168.106.100
}
track_script {
chk_nginx
}
}
[root@linux-02 ~]# vim /usr/local/sbin/checkng.sh
#時間變量,用於記錄日誌
d=`date --date today +%Y%m%d%H:%M:%S<br/>#計算nginx進程數量<br/>n=
ps -C nginx --no-heading|wc -l<br/>#如果進程為0,則啟動nginx,並且再次檢測nginx進程數量,<br/>#如果還為0,說明nginx無法啟動,此時需要關閉keepalived<br/>if [ $n -eq "0" ]; then<br/>systemctl start nginx<br/>n2=
ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
[root@linux-02 ~]# chmod 755 /usr/local/sbin/check_ng.sh
[root@linux-02 ~]# systemctl start keepalived.service
[root@linux-02 ~]# ps aux|grep keepalived
root 1681 0.0 0.0 120740 1408 ? Ss 20:19 0:00 /usr/sbin/keepalived -D
root 1682 0.0 0.1 127476 3272 ? S 20:19 0:00 /usr/sbin/keepalived -D
root 1683 0.0 0.1 131780 3128 ? S 20:19 0:00 /usr/sbin/keepalived -D
root 1753 0.0 0.0 112676 988 pts/0 R+ 20:19 0:00 grep --color=auto keepalived
[root@linux-02 ~]# ps aux|grep nginx
root 1706 0.0 0.1 122908 2108 ? Ss 20:19 0:00 nginx: master process /usr/sbin/nginx
nginx 1707 0.0 0.1 123292 3136 ? S 20:19 0:00 nginx: worker process
root 1813 0.0 0.0 112676 984 pts/0 R+ 20:19 0:00 grep --color=auto nginx
瀏覽器打開 192.168.106.160 顯示 This is default site.
[root@linux-01 ~]# cat /usr/local/nginx/conf/vhost/
aaa.com.conf load.conf proxy.conf ssl.conf test.com.conf
[root@linux-01 ~]# cat /usr/local/nginx/conf/vhost/aaa.com.conf
server
{
listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
location ~ .php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/aming.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/default$fastcgi_script_name;
}
}
[root@linux-01 ~]# cat /data/wwwroot/default/index.html
This is default site.
[root@linux-02 ~]# echo "backup backup" > /usr/share/nginx/html/index.html
[root@linux-02 ~]# cat /usr/share/nginx/html/index.html
backup backup
瀏覽器打開 192.168.106.165 顯示 backup backup
瀏覽器打開 http://192.168.106.100/ 顯示 This is default site.
測試主從切換
[root@linux-01 ~]# systemctl stop keepalived.service
[root@linux-02 ~]# tail /var/log/messages
Apr 14 20:48:16 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:16 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:16 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:16 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:21 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:21 linux-02 Keepalived_vrrp[1683]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.106.100
Apr 14 20:48:21 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:21 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:21 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 14 20:48:21 linux-02 Keepalived_vrrp[1683]: Sending gratuitous ARP on ens33 for 192.168.106.100
瀏覽器打開 http://192.168.106.100/ 顯示 backup backup
[root@linux-01 ~]# systemctl start keepalived.service
[root@linux-01 ~]# tail /var/log/messages
Apr 15 03:13:30 linux-01 Keepalived_vrrp[18517]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 15 03:13:30 linux-01 Keepalived_vrrp[18517]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 15 03:13:30 linux-01 Keepalived_vrrp[18517]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 15 03:13:30 linux-01 Keepalived_vrrp[18517]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 15 03:13:35 linux-01 Keepalived_vrrp[18517]: Sending gratuitous ARP on ens33 for 192.168.106.100
Apr 15 03:13:35 linux-01 Keepalived_vrrp[18517]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.106.100
瀏覽器打開 http://192.168.106.100/ 顯示 This is default site.
2018-05-21 Linux學習