Nginx负载均衡&高可用配置
环境说明:
各主机均已关闭防火墙与SELinux。
主机名 | IP地址 | 应用服务 | 系统 |
---|
LB01 | 192.168.92.130 | keepalived nginx | Centos8 | LB02 | 192.168.92.129 | keepalived nginx | Centos8 | RS01 | 192.168.92.132 | nginx | Centos8 | RS02 | 192.168.92.133 | nginx | Centos8 |
需求:
LB01做主负载均衡器,LB02做备负载均衡器,VIP设为192.168.92.200。RS01与RS02做实际处理业务请求的服务器。
部署RS
RS01主机配置
[root@RS01 ~]
[root@RS01 ~]
[root@RS01 html]
404.html 50x.html index.html nginx-logo.png poweredby.png
[root@RS01 html]
[root@RS01 html]
[root@RS01 html]
404.html 50x.html index.html index.html.bak nginx-logo.png poweredby.png
[root@RS01 html]
RS02主机配置
[root@RS02 ~]
[root@RS02 ~]
[root@RS02 html]
[root@RS02 html]
[root@RS02 html]
404.html 50x.html index.html index.html.bak nginx-logo.png poweredby.png
[root@RS02 html]
测试两台RS能否访问
[root@LB01 ~]
This is RS01.
[root@LB01 ~]
This is RS02.
部署LB
LB01主机做负载均衡
[root@LB01 ~]
[root@LB01 ~]
[root@LB01 nginx]
[root@LB01 nginx]
conf.d fastcgi_params mime.types nginx.conf.default uwsgi_params.default
default.d fastcgi_params.default mime.types.default scgi_params win-utf
fastcgi.conf koi-utf nginx.conf scgi_params.default
fastcgi.conf.default koi-win nginx.conf.bak uwsgi_params
[root@LB01 nginx]
upstream webserver {
server 192.168.92.132;
server 192.168.92.133;
}
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://webserver;
}
[root@LB01 nginx]
测试负载均衡:
[root@LB01 nginx]
This is RS01.
[root@LB01 nginx]
This is RS02.
[root@LB01 nginx]
This is RS01.
[root@LB01 nginx]
This is RS02.
LB02主机做负载均衡
[root@LB02 ~]
[root@LB02 ~]
[root@LB02 nginx]
[root@LB02 nginx]
upstream webserver {
server 192.168.92.132;
server 192.168.92.133;
}
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://webserver;
}
[root@LB02 nginx]
测试负载均衡:
[root@LB02 nginx]
This is RS01.
[root@LB02 nginx]
This is RS02.
[root@LB02 nginx]
This is RS01.
[root@LB02 nginx]
This is RS02.
[root@LB02 nginx]
部署HA
LB01做主LB
[root@LB01 ~]
[root@LB01 keepalived]
pP5ek1YA
[root@LB01 keepalived]
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface ens32
virtual_router_id 81
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass pP5ek1YA
}
virtual_ipaddress {
192.168.92.200
}
}
virtual_server 192.168.92.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.92.130 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.92.129 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@LB01 ~]
[root@LB01 ~]
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:9e:e3:c1 brd ff:ff:ff:ff:ff:ff
inet 192.168.92.130/24 brd 192.168.92.255 scope global dynamic noprefixroute ens32
valid_lft 1707sec preferred_lft 1707sec
inet 192.168.92.200/32 scope global ens32
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe9e:e3c1/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@LB01 ~]
This is RS01.
[root@LB01 ~]
This is RS02.
[root@LB01 ~]
This is RS01.
[root@LB01 ~]
This is RS02.
验证究竟是否是LB01(主)主机在做反向代理
这里有必要简述一下nginx反向代理的工作流程:反向代理服务器接收访问用户的请求后,会代理用户重新发起请求代理下的节点服务器,最后把数据返回给客户端用。所以被代理的节点服务器并不知道客户端的存在,因为它所处理的全部请求都是由代理服务器请求的。
[root@LB02 nginx]
This is RS01.
[root@LB02 nginx]
This is RS02.
[root@LB02 nginx]
This is RS01.
[root@LB02 nginx]
This is RS02.
[root@RS01 html]
[root@RS01 nginx]
access.log error.log
[root@RS01 nginx]
192.168.92.130 - - [17/Oct/2022:20:41:21 +0800] "GET / HTTP/1.0" 200 14 "-" "curl/7.61.1" "-"
192.168.92.130 - - [17/Oct/2022:20:41:23 +0800] "GET / HTTP/1.0" 200 14 "-" "curl/7.61.1" "-"
LB02做备LB
[root@LB02 ~]
[root@LB02 ~]
[root@LB02 keepalived]
[root@LB02 keepalived]
[root@LB02 keepalived]
keepalived.conf keepalived.conf.bak
[root@LB02 keepalived]
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state BACKUP
interface ens32
virtual_router_id 81
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass pP5ek1YA
}
virtual_ipaddress {
192.168.92.200
}
}
virtual_server 192.168.92.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.92.130 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.92.129 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@LB02 keepalived]
测试主备切换
[root@LB01 ~]
[root@LB02 ~]
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:e2:b1:9f brd ff:ff:ff:ff:ff:ff
inet 192.168.92.129/24 brd 192.168.92.255 scope global dynamic noprefixroute ens32
valid_lft 1317sec preferred_lft 1317sec
inet 192.168.92.200/32 scope global ens32
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee2:b19f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@LB02 ~]
[root@LB02 ~]
This is RS01.
[root@LB02 ~]
This is RS02.
[root@LB02 ~]
This is RS01.
[root@LB02 ~]
This is RS02.
[root@RS01 nginx]
192.168.92.129 - - [17/Oct/2022:21:10:31 +0800] "GET / HTTP/1.0" 200 14 "-" "curl/7.61.1" "-"
192.168.92.129 - - [17/Oct/2022:21:10:33 +0800] "GET / HTTP/1.0" 200 14 "-" "curl/7.61.1" "-"
[root@LB02 ~]
[root@LB01 ~]
[root@LB01 ~]
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:9e:e3:c1 brd ff:ff:ff:ff:ff:ff
inet 192.168.92.130/24 brd 192.168.92.255 scope global dynamic noprefixroute ens32
valid_lft 1205sec preferred_lft 1205sec
inet 192.168.92.200/32 scope global ens32
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe9e:e3c1/64 scope link noprefixroute
valid_lft forever preferred_lft forever
配置监控脚本实现半自动主备切换
所谓半自动主备切换意思是,当主ka(keepalived)挂掉了,监控脚本检测到后,备ka会自动成为新的主ka。当旧主ka恢复后想要重新成为主卡时需要系统管理员手动切换。
LB01主机配置
[root@LB01 ~]
[root@LB01 scripts]
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -lt 1 ];then
systemctl stop keepalived
fi
[root@LB01 scripts]
case "$1" in
master)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -lt 1 ];then
systemctl start nginx
fi
;;
backup)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -gt 0 ];then
systemctl stop nginx
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac
[root@LB01 scripts]
[root@LB01 scripts]
total 8
-rwxr-xr-x 1 root root 139 Oct 17 23:09 check_nginx.sh
-rwxr-xr-x 1 root root 392 Oct 17 23:20 notify.sh
[root@LB01 ~]
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script nginx_check {
script "/scripts/check_nginx.sh"
interval 1
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface ens32
virtual_router_id 81
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass pP5ek1YA
}
virtual_ipaddress {
192.168.92.200
}
track_ipaddress{
nginx_check
}
notify_master "/scripts/notify.sh master"
}
virtual_server 192.168.92.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.92.130 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.92.129 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@LB01 ~]
LB02主机配置
backup无需检测nginx是否正常,当升级为MASTER时启动nginx,当降级为BACKUP时关闭
[root@LB02 ~]
[root@LB02 scripts]
[root@LB02 scripts]
case "$1" in
master)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -lt 1 ];then
systemctl start nginx
fi
;;
backup)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -gt 0 ];then
systemctl stop nginx
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac
[root@LB02 scripts]
total 4
-rwxr-xr-x 1 root root 376 Oct 17 23:34 notify.sh
[root@LB02 scripts]
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state BACKUP
interface ens32
virtual_router_id 81
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass pP5ek1YA
}
virtual_ipaddress {
192.168.92.200
}
notify_master "/scripts/notify.sh master"
notify_backup "/scripts/notify.sh backup"
}
virtual_server 192.168.92.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.92.130 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.92.129 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@LB02 scripts]
测试配置监控脚本是否能自动进行主备切换
[root@LB01 ~]
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:9e:e3:c1 brd ff:ff:ff:ff:ff:ff
inet 192.168.92.130/24 brd 192.168.92.255 scope global dynamic noprefixroute ens32
valid_lft 1534sec preferred_lft 1534sec
inet 192.168.92.200/32 scope global ens32
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe9e:e3c1/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@LB01 ~]
[root@LB01 scripts]
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Mon 2022-10-17 23:42:38 CST; 10s ago
[root@LB01 scripts]
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:9e:e3:c1 brd ff:ff:ff:ff:ff:ff
inet 192.168.92.130/24 brd 192.168.92.255 scope global dynamic noprefixroute ens32
valid_lft 1326sec preferred_lft 1326sec
inet6 fe80::20c:29ff:fe9e:e3c1/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@LB02 ~]
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:e2:b1:9f brd ff:ff:ff:ff:ff:ff
inet 192.168.92.129/24 brd 192.168.92.255 scope global dynamic noprefixroute ens32
valid_lft 1230sec preferred_lft 1230sec
inet 192.168.92.200/32 scope global ens32
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee2:b19f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@LB02 ~]
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
|