2023年7月19日发(作者:)
实用标准文案
Keepalived+LVS双热互备Nginx对realserver网站负载均衡
体系架构:
在Keepalived + Nginx高可靠负载均衡架构中,keepalived负责实现High-availability (HA) 功能控制前端机VIP(虚拟网络地址),当有设备发生故障时,热备服务器可以瞬间将VIP自动切换过来,实际运行中体验只有2秒钟切换时间,,后端机Nginx实现对realserver七层负载均衡功能,日后也可随着业务量增大随意扩展,DNS负责前端VIP的负载均衡。
硬件环境:
vmware 7.1.2网卡Host-only模式接入
系统软件环境:
两台DR安装:centos4.3 + lnmp (linux version Red Hat 3.4.6-11) 32 位,分别命名为:
LVS_DR_MASTER,LVS_DR_BACKUP;默认LVS_DR_MASTER作主机,LVS_DR_BACKUP作热备;realserver作为后端应用服务器。
Direct Routing:直接路由模式
CLIENT:
地址:200.200.200.2
子网掩码:255.255.255.0
精彩文档 实用标准文案
默认网关:200.200.200.1
LVS_DR_MASTER:
ip:200.200.200.10(主服务器)
子网掩码:255.255.255.0
默认网关:200.200.200.1
vip1(LVS_DR_MASTER):200.200.200.200
LVS_DR_BACKUP:
ip:200.200.200.11(备服务器)
子网掩码:255.255.255.0
默认网关:200.200.200.1
vip1(LVS_DR_BACKUP):200.200.200.200
RealServer1
eth0:200.200.200.20
eth0:0:200.200.200.200
RealServer2
eth0:200.200.200.21
eth0:0:200.200.200.199
准备工作:
分别在每台服务器安装nginx
关闭所有服务器防火墙
分别在每台服务器创建网页显示文件
LVS_DR_MASTER:
echo "LVS_DR_MASTER 200.200.200.10" > /home/wwwroot/
LVS_DR_BACKUP:
echo "LVS_DR_BACKUP 200.200.200.11" > /home/wwwroot/
realserver1:
echo "realserver1 200.200.200.20" > /home/wwwroot/
realserver2:
echo "realserver2 200.200.200.21" > /home/wwwroot/
精彩文档 实用标准文案
同步服务器的系统时间
# ntpdate
8 Dec 11:56:59 ntpdate[10531]: adjust time server 192.43.244.18 offset 0.009136 sec
查看当前kernels环境
# uname –a
Linux omain #1 Tue Oct 19 16:47:55 EDT 2010 i686 i686 i386 GNU/Linux
软连接当前kernels目录到/usr/src/linux ,否则无法支持IPVS
# ln -s /usr/src/kernels/-i686/ /usr/src/linux
下载:
# wget /software/kernel-2.6/
# wget /software/
安装ipvsadm(lvs管理查看工具):
# tar zxvf
# cd ipvsadm-1.24
# make
# make install
查看ipvsadm是否安装正确
# watch ipvsadm –ln
Every 2.0s: ipvsadm -ln Tue Dec 14 12:59:18 2010
IP Virtual Server version 1.2.0 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
安装keepalived(HA):
# tar zxvf
# cd keepalived-1.1.20
注意项
Centos5.0以下需要修改以下configure才能通过。
# vi /usr/src/linux/include/linux/types.h
/*
精彩文档 实用标准文案
typedef __u16 __bitwise __sum16;
typedef __u32 __bitwise __wsum;
*/
# ./configure --prefix=/usr/local/keepalived
看到提示如下状态
Keepalived configuration
------------------------
Keepalived version : 1.1.20
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
Use VRRP Framework : Yes
Use Debug flags : No
# make
# make install
# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
# mkdir /etc/keepalived
# cp /usr/local/keepalived/etc/keepalived/ /etc/keepalived/
# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
编写LVS_DR_MASTER keepalived配置文件
# vi /usr/local/keepalived/etc/keepalived/
global_defs{
notification_email{
*************** }
************************************** smtp_server
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http {
script "/usr/local/keepalived/nginx_" //监控脚本
interval 10 //监控时间,以秒为单位
weight 1 //权重值,数值越大权重越高
}
//LVS负载均衡标识,在一个网络内,它是唯一标识
精彩文档 实用标准文案
vrrp_instance VI_1{
state MASTER
interface eth0
priority 100
advert_int 1
authentication{
auth_type PASS //验证类型主要有PASS、AH 两种,通常使用的类型为PASS,据说AH 使用时有问题
auth_pass 1111 //验证密码为明文,主从服务器要一致
}
track_script {
chk_http //执行监控的服务
}
virtual_ipaddress{
200.200.200.200 //1_vip, 定义虚拟IP,可以有多个,分行写入
}
}
#定义virtual_server (HTTP | 80)
virtual_server 200.200.200.200 80 {
delay_loop 6 # service polling的delay时间
lb_algo rr #负载调度算法,常用wlc、rr
lb_kind DR #负载均衡转发规则,一般有DR、NAT、TUN
persistence_timeout 50 #会话保持时间,单位为秒
protocol TCP #协议类型(TCP|UDP)
#定义rs1,每一个rs都需要下面的一个配置段
real_server 200.200.200.20 80 {
weight 1 #权值 默认1,0为失效,值越高权重越高
TCP_CHECK { #TCP方式的健康检查
connect_timeout 3 #连接超时时间
nb_get_retry 3 #重试次数
delay_before_retry 3 #重试间隔
connect_port 80 #健康检查端口
}
}
# 定义rs2
real_server 200.200.200.21 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
//实例状态state ,只有MASTER,BACKUP两种必需大写单词
//监控网卡
//权重值MASTER一定要大于BACKUP
//检查间隔时间,单位为1秒
virtual_router_id 51 //虚拟路由编号,主辅要一致
精彩文档 实用标准文案
}
编写LVS_DR_BACKUP keepalived配置文件
# vi /usr/local/keepalived/etc/keepalived/
global_defs{
notification_email{
*************** }
************************************** smtp_server
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http {
script "/usr/local/keepalived/nginx_"
interval 10
weight 1
}
vrrp_instance VI_1{
state BACKUP
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication{
}
auth_type PASS
auth_pass 1111
track_script {
chk_http //执行监控的服务
}
}
virtual_server 200.200.200.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
virtual_ipaddress{
}
200.200.200.200 //1_vip
精彩文档 实用标准文案
persistence_timeout 50
protocol TCP
real_server 200.200.200.20 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 200.200.200.21 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
服务层检查脚本补充
当keepalived发现当LVS_DR_MASTER服务器nginx无法正常使用时, keepalived是无法检测到服务层故障来切换到LVS_DR_BACKUP服务器,我认为如果nginx服务挂掉了,我觉得就很难再起来,所以我把keepalived 也杀掉了,再有,类似nagios服务监控软件也会给你报警。
# vi /usr/local/keepalived/nginx_
#!/bin/sh
A=`ps -C nginx --no-header |wc -l` //查看是否有 nginx进程数并把值赋给变量A
if [ $A -eq 0 ];then //如果没有进程则值得为零
/usr/local/nginx/sbin/nginx
sleep 5
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived //结束 keepalived 进程
fi
fi
提示:要给/usr/local/keepalived/nginx_加入可执行权限
# chmod 744 /usr/local/keepalived/nginx_
注意:
一定要在主服务器中相应LVS_DR_MASTER地方加入内容(具体见先前配置)
精彩文档 实用标准文案
1.
vrrp_script chk_http {
script "/usr/local/keepalived/nginx_" //监控脚本
interval 10 //监控时间
weight 1 //权重值,数值越大权重越高
}
2.
track_script {
chk_http //执行监控的服务
}
启动keepalived服务
# service keepalived start
Starting keepalived: [ OK ]
建议使用:
# /usr/local/keepalived/sbin/keepalived -D -f /etc/keepalived/
-D 显示在日志记录
-f 指定配置文件目录
确认keepalived已启动
# ps -aux|grep keepalived
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.3/FAQ
root 5227 0.0 0.2 4896 696 ? Ss 18:15 0:00 keepalived -D
root 5228 0.0 0.4 4948 1276 ? S 18:15 0:00 keepalived -D
root 5229 0.0 0.4 4948 1036 ? S 18:15 0:00 keepalived -D
root 5654 0.0 0.2 3820 664 pts/1 S+ 18:19 0:00 grep keepalived
设置keepalived随服务器一起启动
# echo “/usr/local/keepalived/sbin/keepalived -D -f /etc/keepalived/”
所有realserver添加一个监听IP地址和一条路由:
# vi /usr/local/sbin/realserver
#!/bin/bash
#/usr/local/sbin/realserver
SNS_VIP=200.200.200.200
精彩文档
>> /etc/rc.d/ 实用标准文案
. /etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP
/sbin/route add -host $SNS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $SNS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
赋给脚本可执行权限
# chmod 744 /usr/local/sbin/realserver
让脚本最系统一起启动
echo “/usr/local/sbin/realserver start” >> /etc/rc.d/
增加 /etc/network/interfaces 固定IP和轮循lo:0
# vi /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
BOOTPROTO=static
IPADDR=200.200.200.200
NETMASK=255.255.255.0
ONBOOT=yes
GATEWAY=200.200.200.1
精彩文档 实用标准文案
验证测试
1. 当LVS_DR_MASTER、LVS_DR_BACKUP服务器nginx均正常工作时, CLIENT通过浏览器访问
200.200.200.10
LVS_DR_MASTER 200.200.200.10
200.200.200.11
LVS_DR_BACKUP 200.200.200.11
200.200.200.20
realserver1 200.200.200.20
200.200.200.21
realserver2 200.200.200.21
200.200.200.200
realserver1 200.200.200.20
2. 当LVS_DR_MASTER服务器nginx出现故障,LVS_DR_BACKUP正常工作时,CLIENT通过浏览器访问
200.200.200.10
无法访问
200.200.200.11
LVS_DR_BACKUP 200.200.200.11
200.200.200.20
realserver1 200.200.200.20
200.200.200.21
realserver2 200.200.200.21
200.200.200.200
realserver1 200.200.200.20
3. 当LVS_DR_MASTER正常工作时,LVS_DR_BACKUP服务器nginx出现故障,CLIENT通过浏览器访问
200.200.200.10
LVS_DR_MASTER 200.200.200.10
200.200.200.11
无法访问
精彩文档 实用标准文案
200.200.200.20
realserver1 200.200.200.20
200.200.200.21
realserver2 200.200.200.21
200.200.200.200
realserver1 200.200.200.20
4. 当LVS_DR_MASTER、LVS_DR_BACKUP服务器nginx均出现故障时,CLIENT通过浏览器访问
200.200.200.10
无法访问
200.200.200.11
无法访问
200.200.200.20
realserver1 200.200.200.20
200.200.200.21
realserver2 200.200.200.21
200.200.200.200
无法访问
为了配合LVS平台,还需如下操作:
1、安装RRDTOOL
使用yum安装:
在/etc/.d/目录下新建文件在文件中输入源地址:
# vi
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
gpgkey=/rpm/packages/
enabled=1
# yum -y install rrdtool
这样就完成了RRDTool安装……
精彩文档 实用标准文案
2、配置master端流量rrd数据采集
# cd /home
# wget /files/
# tar -zxvf
# mv /home/lvs-rrd /usr/local/keepalived/
# vi /usr/local/keepalived/lvs-rrd/
根据用户实际情况来修改如下参数
RRDTOOL="/usr/bin/rrdtool"
IPVSADM="/sbin/ipvsadm"
WORKDIR="/usr/local/keepalived/lvs-rrd/performance"
3、定制采集作业
*/2 * * * * //usr/local/keepalived/lvs-rrd/ 2> /dev/null > /dev/null
4、LVS管理平台端会定期来捉取performance中的*.rrd文件,用户可以通过ssh或ftp,系统默认采用rsync+ssh方式,配置可参考实践rsync+ssh实现代码同步
# ipvsadm
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP localhost:https wlc persistent 50
-> localhost:https Route 1 0 0
-> localhost:https Route 1 0 0
TCP localhost:http wlc persistent 50
-> localhost:http Route 1 0 0
-> localhost:http Route 3 0 0
当有新连接过来时,其相关的计数就会增加。
另外通过查看cat /proc/net/ip_vs_stats 也可以查看lvs信息,只不过这里的输出时16进制的。
# cat /proc/net/ip_vs_stats
Total Incoming Outgoing Incoming Outgoing
Conns Packets Packets Bytes Bytes
594BFC 6335751 0 145F90EC1 0
Conns/s Pkts/s Pkts/s Bytes/s Bytes/s
0 0 0 0 0
问题总结
1、make keepalived时提示:
精彩文档 实用标准文案
make[2]: Leaving directory `/home/install/lvs/keepalived-1.1.15/keepalived/core'
make[2]: Entering directory `/home/install/lvs/keepalived-1.1.15/keepalived/check'
gcc -g -O2 -I/usr/src/linux/include -I../include -I../../lib -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_
-D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITHOUT_VRRP_ -c check_daemon.c
In file included from /usr/src/linux/include/linux/netlink.h:5,
from ../include/vrrp_netlink.h:35,
from check_daemon.c:40:
/usr/src/linux/include/linux/types.h:158: error: syntax error before "__sum16"
/usr/src/linux/include/linux/types.h:158: warning: type defaults to `int' in declaration of `__sum16'
/usr/src/linux/include/linux/types.h:158: warning: data definition has no type or storage class
/usr/src/linux/include/linux/types.h:159: error: syntax error before "__wsum"
/usr/src/linux/include/linux/types.h:159: warning: type defaults to `int' in declaration of `__wsum'
/usr/src/linux/include/linux/types.h:159: warning: data definition has no type or storage class
make[2]: *** [check_daemon.o] Error 1
make[2]: Leaving directory `/home/install/lvs/keepalived-1.1.15/keepalived/check'
make[1]: *** [all] Error 1
make[1]: Leaving directory `/home/install/lvs/keepalived-1.1.15/keepalived'
make: *** [all] Error 2
解决:
vi /usr/src/linux/include/linux/types.h
/*
typedef __u16 __bitwise __sum16;
typedef __u32 __bitwise __wsum;
*/
2、master、backup的/var/log/messagse显示
Nov 23 17:46:41 SN2008-06-070 Keepalived_vrrp: receive an invalid ip number count associated with VRID!
Nov 23 17:46:41 SN2008-06-070 Keepalived_vrrp: bogus VRRP packet received on eth0
Nov 23 17:46:41 SN2008-06-070 Keepalived_vrrp: VRRP_Instance(VI_1) Dropping received
Nov 23 17:46:42 SN2008-06-070 Keepalived_vrrp: receive an invalid ip number count associated with VRID!
Nov 23 17:46:42 SN2008-06-070 Keepalived_vrrp: bogus VRRP packet received on eth0
Nov 23 17:46:42 SN2008-06-070 Keepalived_vrrp: VRRP_Instance(VI_1) Dropping received
解决:
修改 virtual_router_id 的值,与网络中不能重复。
3、在/var/log/messages中Keepalived_vrrp不生效,即无vrrp日志。
解决:
重新编译源码包,可能是由于修改types.h后才configure。
安装openssl-devel
# yum install openssl-devel
精彩文档 实用标准文案
如果没有安装openssl-devel会出现如下报错
# ./configure
configure: error:
OpenSSL is not properly installed on your system.
Can not include OpenSSL headers files.
精彩文档
发布者:admin,转转请注明出处:http://www.yc00.com/web/1689743664a282737.html
评论列表(0条)