高可用Nginx
基于vrrp流动一个IP地址
- 各节点时间必须同步;
- 确保iptables以及selinux不会成为阻碍;
- 各节点之间可通过主机名互相同喜(对KA而言并非必须)
-
确保各节点的用于集群服务的接口支持MULTICAST通信
IPv4,D类地址224-239
环境:
node1:172.16.253.223 li1.jing.io node1 node2:172.16.253.224 li2.jing.io node2
1、同步时间nginx实现代理服务器功能
ntpdate 172.16.0.1
vim /etc/chrony.conf
server 172.16.0.1
systemctl restart chronyd.service
systemctl enable chronyd.service
2、停止firewalld或者添加规则放行多播信息
yum insstall iptables-services
3、编辑hosts文件
172.16.253.223 li1.jing.io node1 172.16.253.224 li2.jing.io node2
4、物理网卡确保出现MULITCAST(支持多播功能)
ip link set multicast on dev eno16777736 #开启,off为关闭 #ifconfig可以查看
5、安装keepalived
yum install keepalived -y
6、单主配置:
##hosts文件:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.253.223 li1.jing.io node1
172.16.253.224 li2,jing,io node2
##keepalived配置文件:(这个是node2,也就是备用节点的配置,到主节点需要更改为master和优先级,其他相关参数也需要更改,再次不做赘述)
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node2
vrrp_mcast_group4 224.1.104.44
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass lijing
}
virtual_ipaddress {
172.16.253.222/16 dev ens33 label ens33:0
}
}
scp ./keepalived.conf 172.16.253.224:/etc/keepalived/
#接下来是启动keepalived,可以先启动备用节点,再查看网卡信息配置,再去启动主节点,查看网卡信息做出对比和结论
双主:
配置两个VIP,借助DNS实现一部分人去访问VIP1,一部分人去访问VIP2
##node1的文件配置
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass lijing
}
virtual_ipaddress {
172.16.253.222/16 dev ens33
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 52
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass jingli
}
virtual_ipaddress {
172.16.253.221/16 dev ens33
}
}
##node2文件配置:
vrrp_instance VI_1 {
statea BACKUP
interface ens33
virtual_router_id 51
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass lijing
}
virtual_ipaddress {
172.16.253.222/16 dev ens33
}
}
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass jingli
}
virtual_ipaddress {
172.16.253.221/16 dev ens33
}
}
构建DR类型的集群
基于keepalived做成高可用集群(两个及以上的Director)
##两个Director
172.16.253.223 #A
224 #B
##两个RS
172.16.253.225 #R1
226 #R2
##DR类型都桥接即可
#RS装上httpd
#Director安装Nginx
#同步时间
#RS1,2编辑主页信息
vim /var/www/html/index.html
#给出明显信息即可
#启动服务
#RS配置内核参数和IP地址:
vim setre.sh
#!/bin/bash
#
vip='172.16.0.99'
netmask='255.255.255.255'
iface='lo:0'
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_announce
ifconfig $iface $vip netmask $netmask broadcast $vip up
route add -host $vip dev $iface
;;
stop)
ifconfig $iface down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
exit
esac
bash -n
bash -x setrs.sh start
scp setrs.sh 172.16.253.226:/root
bash -x setrs.sh start
ip a #查看
##Director上生成规则,用keepalived生成
yum -y install ipvsadm #查看规则
vim keepalived.conf #编辑keepalived配置文件,其他配置参照之前的主主或者主备都可以,建议使用主备,实验更加直观
##在vrrp的实例之外定义虚拟服务器
##man文档查看帮助 man keepalived.conf virtual server相关帮助,注意只支持tcp
virtual_server 172.16.253.223 80 { #Director的VIP地址,两台Director上都要布置
delay_loop 1
lb_algo wrr
lb_kind DR #集群是DR类型
protocol TCP
sorry_server 127.0.0.1 80 #需要配置sorry_server
real_server 172.16.253.225 { #是RS1
weight 1 #指明权重
HTTP_GET { #指明健康状态检测方式
url { #url可以指明多次
path /index.html #根据这个页面做健康状态检测
status_code 200 #状态码响应为200,才为成功;校验码生成:curl -s http://172.16.253.225 | md5sum,这样可以更加苛刻
}
nb_get_retry #尝试几次
delay_before_retry 2 #每次尝试延迟多长时间
connect_timeout #连接超时时长,默认5s,可以不写
}
}
real_server 172.16.253.226 { #第二个RS
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
nb_get_retry
delay_before_retry 2
connect_timeout
}
}
}
配置sorry server:
不能只有一台,两台Director都需要配置
yum -y install nginx systemctl start nginx.service #只要默认主页启动,就认为是sorry
nginx实现代理服务器功能
原创文章,作者:半斤八两,如若转载,请注明出处:http://www.178linux.com/78715
