实验1:LVS+keepalived的架构实现nginx服务器的负载均衡
1.环境配置
| 主机 | 操作系统 | IP地址 | 安装软件 |
| MASTER | Centos7.5 | 192.168.106.136 192.168.220.129 | ipvsadm、keepalived |
| BACKUP | Centos7.5 | 192.168.106.134 192.168.220.128 | ipvsadm、keepalived |
| server1 | Centos7.5 | 192.168.106.133 | nginx |
| server2 | Centos7.5 | 192.168.106.135 | nginx |
| VIP | 192.168.220.200 |
2.准备工作(4台主机)
[root@192 ~]# systemctl stop firewalld.service #关闭防火墙3.Keepalived配置
MASTER主机:
[root@192 ~]# yum -y install keepalived #安装服务
[root@192 ~]# vi /etc/keepalived/keepalived.conf #更改配置文件替换为以下文件:
! Configuration File for keepalived #配置文件声明,前面不得有空行或者空格
global_defs {
router_id 1 #设备在组中的标识
}
vrrp_instance VI_1 { #VI_1。实例名两台路由器相同。注意区分
state MASTER #主或者从状态
interface ens36 #监控网卡
mcast_src_ip 192.168.220.129 #心跳源IP本机ip
virtual_router_id 55 #虚拟路由编号,主备要一致,注意区分
priority 100 #优先级
advert_int 1 #心跳间隔
authentication { #秘钥认证(1-8位)
auth_type PASS
auth_pass 123456
}
virtual_ipaddress { #VIP
192.168.220.200/24
}
}
vrrp_instance VI_2 {
state MASTER
interface ens33
mcast_src_ip 192.168.106.136 #本机第二个地址
virtual_router_id 56
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.106.100/24 #虚拟网关
}
}
保存后输入以下命令
[root@192 ~]# systemctl start keepalived.service #启动服务
[root@192 ~]# systemctl enable keepalived.service #开机启动BACKUP主机:
[root@192 ~]# yum -y install keepalived #安装服务
[root@192 ~]# vi /etc/keepalived/keepalived.conf #更改配置文件替换为以下文件:
! Configuration File for keepalived #配置文件声明,前面不得有空行或者空格
global_defs {
router_id 1 #设备在组中的标识
}
vrrp_instance VI_1 { #VI_1。实例名两台路由器相同。注意区分
state MASTER #主或者从状态
interface ens36 #监控网卡
mcast_src_ip 192.168.220.128 #心跳源IP本机ip
virtual_router_id 55 #虚拟路由编号,主备要一致,注意区分
priority 100 #优先级
advert_int 1 #心跳间隔
authentication { #秘钥认证(1-8位)
auth_type PASS
auth_pass 123456
}
virtual_ipaddress { #VIP
192.168.220.200/24
}
}
vrrp_instance VI_2 {
state MASTER
interface ens33
mcast_src_ip 192.168.106.134 #本机第二个地址
virtual_router_id 56
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.106.100/24 #虚拟网关
}
}
[root@192 ~]# systemctl start keepalived.service #启动服务
[root@192 ~]# systemctl enable keepalived.service #加入开机自启4.LVS配置
MASTER主机与BACKUP主机(操作相同):
[root@192 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward #开启路由功能
[root@192 ~]# yum -y install ipvsadm #安装IP虚拟服务管理器
[root@192 ~]# ipvsadm -A -t 192.168.220.200:80 -s rr #-A:对外提供的地址 -t:TCP协议 -s:策略 rr:轮询策略
[root@192 ~]# ipvsadm -a -t 192.168.220.200:80 -r 192.168.106.133 -m -w 1 #-a:对内的地址 -r:真实服务器地址 -m:nat模式 -w:权重为1
[root@192 ~]# ipvsadm -a -t 192.168.220.200:80 -r 192.168.106.135 -m -w 1 #-a:对内的地址 -r:真实服务器地址 -m:nat模式 -w:权重为1验证配置结果
[root@192 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.220.200:80 rr
-> 192.168.106.133:80 Masq 1 0 0
-> 192.168.106.135:80 Masq 1 0 0
重启
systemctl restart keepalived.service #重启keepalived5.nginx配置
server1与server2主机(操作相同):
[root@192 ~]# yum -y install gcc zlib zlib-devel pcre-devel openssl openssl-devel #安装必要依赖
[root@192 ~]# mkdir /usr/local/nginx #创建文件夹
[root@192 ~]# cd /usr/local/nginx #进入目录
[root@192 ~]# wget http://nginx.org/download/nginx-1.13.7.tar.gz #下载nginx压缩包
[root@192 ~]# tar -xvf nginx-1.13.7.tar.gz #解压
[root@192 ~]# cd nginx-1.13.7 #进入目录
[root@192 ~]# ./configure --with-http_stub_status_module --with-http_ssl_module #执行
[root@192 ~]# make #执行make命令
[root@192 ~]# make install //执行make install命令[root@192 ~]# cd /usr/local/nginx/sbin #进入目录
[root@192 ~]# ./nginx #启动
[root@192 ~]# ./nginx -s stop #关闭
[root@192 ~]# ./nginx -s reload #重启6.结果测试
server1
[root@192 ~]# echo 192.168.106.133 > /usr/local/nginx/html/index.html #添加测试页
[root@192 ~]# route add -net 192.168.220.0/20 gw 192.168.106.100 #添加路由server2
[root@192 ~]# echo 192.168.106.135 > /usr/local/nginx/html/index.html #添加测试页
[root@192 ~]# route add -net 192.168.220.0/20 gw 192.168.106.100 #添加路由客户端验证:
[root@192 ~]# curl 192.168.220.200
192.168.106.135
[root@192 ~]# curl 192.168.220.200
192.168.106.133
实验2.Haproxy+keepalive实现负载均衡
1.环境配置
| 主机 | 系统 | IP | 软件 |
| MASTER | Centos7.5 | 192.168.106.136 | haproxy keepalived |
| BACKUP | Centos7.5 | 192.168.106.137 | haproxy keepalived |
| SERVER1 | Centos7.5 | 192.168.106.133 | nginx |
| SERVER2 | Centos7.5 | 192.168.106.135 | nginx |
| VIP | 192.168.106.100 |
2.准备工作(四台主机):
[root@192 ~]# systemctl stop firewalld.service #关闭防火墙3.HAproxy配置(MASTER和BACKUP)
安装haproxy和keepalived
yum -y install haproxy keepalived修改haproxy配置文件
vi /etc/haproxy/haproxy.cfg全部替换
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global #全局配置
log 127.0.0.1 local3 info #日志配置
maxconn 4096 #最大连接限制(优先级低),同时服务多少连接
user nobody #用户
group nobody #用户组
daemon #守护进程运行
nbproc 1 #haproxy进程数,设置应该和服务器本身核心数一样,过多的进程数可能导致经常崩溃
pidfile /run/haproxy.pid #进程id存储位置
defaults #针对(listen和backend块进行设置如果块中没设置,则使用默认设置)默认设置
log global #日志使用全局配置
mode http #模式7层LB
maxconn 2048 #最大连接数(优先级中)
retries 3 #健康检查。三次连接失败就认为连接不可用
option redispatch #服务不可用后的操作,重定向到其他健康服务器
timeout connect 5000 #(重传计时器)定义haproxy将用户端!!!请求!!!转发至后端服务器,所等待的时间时长
timeout client 50000 #(向后长连接)haproxy作为客户,和后端服务器之间!!!空闲连接!!!的超时时间,到时候发送fin指令
timeout server 50000 #(向前长连接)haproxy作为服务器,和用户之间空闲连接的超时时间,到时候发送fin指令
option abortonclose #当服务器负载很高的时候,自动结束掉当前队列处理比较久的连接
stats uri /admin?stats #设置统计页面的uri为/admin?stats
stats realm Private lands #设置统计页面认证时的提示内容
stats auth admin:password #设置统计页面的用户名和密码,如果要设置多个,另起一行写入即可
stats hide-version #隐藏统计页面上的haproxy版本信息
frontend http-in #前端用户块,面对用户侧
bind 0.0.0.0:80 #监听的端口
mode http #http模式的负载均衡(七层)
log global #日志类型跟随全局
option httplog #日志类型http日志格式
option httpclose #打开支持主动关闭功能,每次请求完毕后主动关闭http通道,ha-proxy不支持keep-alive,只能模拟这种模式的实现
acl html url_reg -i \.html$ #html:访问控制列表的名称 url_reg:用户输入的url地址可以被reg正则服>务 -i:忽略大小写 \.html$:匹配规则,>上同
use_backend html-server if html #如果满足ACL html规则,则推送给后端服务器后台,html-server,上同
default_backend html-server #负载均衡的方式
backend html-server
mode http
balance roundrobin
option httpchk GET /index.html
cookie SERVERID insert indirect nocache
server html-A 192.168.106.133:80 weight 1 cookie 3 check inter 2000 rise 2 fall 5
server html-B 192.168.106.135:80 weight 1 cookie 4 check inter 2000 rise 2 fall 5
listen admin_stats
stats enable
bind *:8080 #监听的ip端口号
mode http #开关
option httplog
log global
maxconn 10
stats refresh 30s #统计页面自动刷新时间
stats uri /admin #访问的uri ip:8080/admin
stats realm haproxy
stats auth admin:admin #认证用户名和密码
stats hide-version #隐藏HAProxy的版本号
stats admin if TRUE #管理界面,如果认证成功了,可通过webui管理节点
4.Keepalived配置
MASTER主机
修改配置文件
vi /etc/keepalived/keepalived.conf全部替换
! Configuration File for keepalived #配置文件声明,前面不得有空行或者空格
global_defs {
router_id 1 #设备在组中的标识
}
vrrp_script chk_haproxy { #检查健康
script "/etc/keepalived/ck_ha.sh" #检查脚本
interval 2 #检查频率(秒)
weight -5 #降低优先级
fall 3 #失败三次
}
vrrp_instance VI_1 { #VI_1。实例名两台路由器相同。注意区分
state MASTER #主或者从状态
interface ens33 #监控网卡
mcast_src_ip 192.168.106.136 #心跳源IP
virtual_router_id 55 #虚拟路由编号,主备要一致,注意区分
priority 100 #优先级
advert_int 1 #心跳间隔
authentication { #秘钥认证(1-8位)
auth_type PASS
auth_pass 123456
}
virtual_ipaddress { #VIP
192.168.106.100/24
}
track_script { #引用脚本
chk_haproxy
}
}
编写监控http服务脚本
vi /etc/keepalived/1.sh脚本内容
#!/bin/bash
#检查haproxy进程是否存在
counter=$(ps -C haproxy --no-heading | wc -l)
if [ "${counter}" = "0" ];then
#尝试启动一次haproxy,停止5秒后再次检测
service haproxy start
sleep 5
counter=$(ps -C haproxy --no-heading | wc -l)
if [ "${counter}" = "0" ];then
#如果没有启动成功,就杀掉keepalived触发主备切换
service keepalived stop
fi
fi添加执行权限
chmod +x /etc/keepalived/ch_ha.shsystemctl start keepalived.serviceBACKUP主机
修改配置文件
vi /etc/keepalived/keepalived.conf全部替换
! Configuration File for keepalived #配置文件声明,前面不得有空行或者空格
global_defs {
router_id 2 #设备在组中的标识
}
vrrp_script chk_haproxy { #检查健康
script "/etc/keepalived/ck_ha.sh" #检查脚本
interval 2 #检查频率(秒)
weight -5 #降低优先级
fall 3 #失败三次
}
vrrp_instance VI_1 { #VI_1。实例名两台路由器相同。注意区分
state BACKUP #主或者从状态
interface ens33 #监控网卡
mcast_src_ip 192.168.106.137 #心跳源IP
virtual_router_id 55 #虚拟路由编号,主备要一致,注意区分
priority 99 #优先级
advert_int 1 #心跳间隔
authentication { #秘钥认证(1-8位)
auth_type PASS
auth_pass 123456
}
virtual_ipaddress { #VIP
192.168.106.100/24
}
track_script { #引用脚本
chk_haproxy
}
}
5.web服务配置
参考实验1中nginx实验配置即可
6.验证
[root@192 keepalived]# curl 192.168.106.100
192.168.106.135
[root@192 keepalived]# curl 192.168.106.100
192.168.106.133
浏览器输入192.168.106.100:8080/admin,账号密码均为admin可以看到监控页面。
实验3:Nginx + Keepalive实现负载均衡
1.实验环境
| 主机 | 系统 | IP地址 | 软件 |
| MASTER | Centos7.5 | 192.168.106.134 | Nginx + Keepalive |
| BACKUP | Centos7.5 | 192.168.106.136 | Nginx + Keepalive |
| serve1 | Centos7.5 | 192.168.106.133 | Nginx |
| serve2 | Centos7.5 | 192.168.106.135 | Nginx |
| VIP | 192.168.106.100 |
| 测试域名 | nginx.gouwo.tech |
2.准备工作
[root@192 ~]# systemctl stop firewalld.service #关闭防火墙按照上述实验MASTER和BACKUP主机安装Nginx+Keepalive。serve1和serve2安装Nginx,并配置好测试页面,测试成功访问即可。
3.nginx负载均衡配置
MASTER和BACKUP进行以下配置,操作相同
vi /usr/local/nginx/conf/nginx.conf #编辑nginx配置文件
#####################全部替换如下内容##################
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream web {
server 192.168.106.133:80 weight=1 max_fails=3 fail_timeout=20s;
server 192.168.106.135:80 weight=2 max_fails=3 fail_timeout=20s;
}
# weight(权重)和访问比率成正比,默认值为1
# max_fails 为允许失败的次数,默认值为1
# fail_timeout 当max_fails次失败后,暂停将请求分发到该后端服务器的时间
server {
listen 80;
server_name nginx.gouwo.tech;
location / {
proxy_pass http://web;
proxy_set_header HOST $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
} /usr/local/nginx/sbin/nginx #启动Nginx
4.Keepalive配置
MASTER主机
vi /etc/keepalived/keepalived.conf #修改keepalived.conf全部替换
! Configuration File for keepalived #配置文件声明,前面不得有空行或者空格
global_defs {
router_id 1 #设备在组中的标识
}
vrrp_instance VI_1 { #VI_1。实例名两台路由器相同。注意区分
state MASTER #主或者从状态
interface ens33 #监控网卡
mcast_src_ip 192.168.106.134 #心跳源IP
virtual_router_id 55 #虚拟路由编号,主备要一致,注意区分
priority 100 #优先级
advert_int 1 #心跳间隔
authentication { #秘钥认证(1-8位)
auth_type PASS
auth_pass 123456
}
virtual_ipaddress { #VIP
192.168.106.100/24
}
}
BACKUP主机
vi /etc/keepalived/keepalived.conf #修改keepalived.conf全部替换
! Configuration File for keepalived #配置文件声明,前面不得有空行或者空格
global_defs {
router_id 2 #设备在组中的标识
}
vrrp_instance VI_1 { #VI_1。实例名两台路由器相同。注意区分
state BACKUP #主或者从状态
interface ens33 #监控网卡
mcast_src_ip 192.168.106.136 #心跳源IP
virtual_router_id 55 #虚拟路由编号,主备要一致,注意区分
priority 99 #优先级
advert_int 1 #心跳间隔
authentication { #秘钥认证(1-8位)
auth_type PASS
auth_pass 123456
}
virtual_ipaddress { #VIP
192.168.106.100/24
}
}5.监控脚本配置
MASTER和BACKUP操作相同
touch /etc/keepalived/nginx_check.sh #创建脚本文件
vi /etc/keepalived/nginx_check.sh #编辑脚本文件脚本内容:
#!/bin/bash
#检测nginx是否启动了
A=`ps -C nginx --no-header |wc -l`
if [ $A -eq 0 ];then #如果nginx没有启动就启动nginx
systemctl start nginx #重启nginx
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then #nginx重启失败,则停掉keepalived服务,进行VIP转移
killall keepalived
fi
fi
然后重启keepalived
systemctl restart keepalived.service #重启keepalived6.效果测试
[root@192 ~]# ping nginx.gouwo.tech
PING nginx.gouwo.tech.localdomain (192.168.106.100) 56(84) bytes of data.
64 bytes from 192.168.106.100 (192.168.106.100): icmp_seq=1 ttl=64 time=0.628 ms
64 bytes from 192.168.106.100 (192.168.106.100): icmp_seq=2 ttl=64 time=0.340 ms
64 bytes from 192.168.106.100 (192.168.106.100): icmp_seq=3 ttl=64 time=0.332 ms
64 bytes from 192.168.106.100 (192.168.106.100): icmp_seq=4 ttl=64 time=0.234 ms
64 bytes from 192.168.106.100 (192.168.106.100): icmp_seq=5 ttl=64 time=0.855 ms
64 bytes from 192.168.106.100 (192.168.106.100): icmp_seq=6 ttl=64 time=1.24 ms
64 bytes from 192.168.106.100 (192.168.106.100): icmp_seq=7 ttl=64 time=0.973 ms
64 bytes from 192.168.106.100 (192.168.106.100): icmp_seq=8 ttl=64 time=0.506 ms[root@192 ~]# curl nginx.gouwo.tech
192.168.106.133
[root@192 ~]# curl nginx.gouwo.tech
192.168.106.135
