nginx+keepalived高可用
1. 高可用出现脑裂问题
脑裂问题:高可用备服务器接收不到主服务器发送的组播包,备服务器上会自动生成VIP地址
原因:
1.集群之间的通讯问题
2.安全策略的阻止(防火墙)
解决:
主服务器:进行监控,发出信息提醒
备服务器:主服务器出现故障,或出现脑裂问题
1.2模拟问题
关闭主的keepalived服务
systemctl stop keepalived
1.2.1 编写监控脚本
#!/bin/bash
num=`ps -ef|grep -c [n]ginx`
if [ $num -lt 2 ]
then
systemctl stop keepalived
fi
实时监控keepalived
vim /etc/keepalived/keepalived.conf
vrrp_script check_web {
script "/server/scripts/check_web.sh" --- 定义需要监控脚本(脚本是执行权限)
interval 2 --- 执行脚本的间隔时间(秒)
weight 2 --- ???
}
$check_web
track_script {
check_web --- 调用执行你的脚本信息
}
所以最后:
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script check_web {
script "/server/scripts/check_web.sh"
interval 3
weight 2
}
vrrp_instance oldboy {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.246.3/24
}
track_script {
check_web
}
}
1.3 演示:
关闭lb01的nginx
systemctl stop nginx
systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Mon 2021-09-20 22:56:02 CST; 9s ago
Process: 6270 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 6272 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/keepalived.service
Sep 20 22:55:25 lb01 Keepalived_vrrp[6274]: VRRP_Instance(oldboy) Sending/queueing gratuitous ARPs on eth0 for...246.3
Sep 20 22:55:25 lb01 Keepalived_vrrp[6274]: Sending gratuitous ARP on eth0 for 192.168.246.3
Sep 20 22:55:25 lb01 Keepalived_vrrp[6274]: Sending gratuitous ARP on eth0 for 192.168.246.3
Sep 20 22:55:25 lb01 Keepalived_vrrp[6274]: Sending gratuitous ARP on eth0 for 192.168.246.3
Sep 20 22:55:25 lb01 Keepalived_vrrp[6274]: Sending gratuitous ARP on eth0 for 192.168.246.3
Sep 20 22:56:01 lb01 Keepalived[6272]: Stopping
Sep 20 22:56:01 lb01 systemd[1]: Stopping LVS and VRRP High Availability Monitor...
Sep 20 22:56:01 lb01 Keepalived_vrrp[6274]: VRRP_Instance(oldboy) sent 0 priority
Sep 20 22:56:01 lb01 Keepalived_vrrp[6274]: VRRP_Instance(oldboy) removing protocol VIPs.
Sep 20 22:56:02 lb01 systemd[1]: Stopped LVS and VRRP High Availability Monitor.
Hint: Some lines were ellipsized, use -l to show in full.
此时lb01
ip a
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 00:0c:29:61:5f:bb brd ff:ff:ff:ff:ff:ff
inet 192.168.246.5/24 brd 192.168.246.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe61:5fbb/64 scope link
valid_lft forever preferred_lft forever
lb02:
ip a
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 00:0c:29:36:60:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.246.6/24 brd 192.168.246.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.246.3/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe36:60a7/64 scope link
valid_lft forever preferred_lft forever
1.4 恢复
lb01:
systemctl start nginx
systemctl start keepalived
ip a
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 00:0c:29:61:5f:bb brd ff:ff:ff:ff:ff:ff
inet 192.168.246.5/24 brd 192.168.246.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.246.3/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe61:5fbb/64 scope link
valid_lft forever preferred_lft forever
2.高可用集群的双主配置
配置文件:
lb01
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance yq {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.246.3/24
}
}
vrrp_instance cn{
state BACKUP
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.246.4/24
}
}
lb02:
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance yq{
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.246.3/24
}
}
vrrp_instance cn{
state MASTER
interface eth0
virtual_router_id 52
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.246.4/24
}
}
2.2 编写nginx的配置文件(解决192.168.246.5 192.168.246.6也可以访问www.yq.com与bbs.yq.com)
添加ip+端口的监听方式,在使用web集群的内网ip
外网ip的配置
upstream yq{
server 192.168.246.7:80;
server 192.168.246.8:80;
server 192.168.246.9:80;
}
server {
listen 192.168.246.3:80;
server_name www.yq.com;
location / {
proxy_pass http://yq;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404 http_502 http_403;
}
}
server {
listen 192.168.246.4:80;
server_name bbs.yq.com;
location / {
proxy_pass http://yq;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
内网ip配置:这个需要你的web集群不可以访问外网
upstream yq{
server 172.16.1.7:80;
server 172.16.1.8:80;
server 172.16.1.9:80;
}
server {
listen 192.168.246.3:80;
server_name www.yq.com;
location / {
proxy_pass http://yq;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404 http_502 http_403;
}
}
server {
listen 192.168.246.4:80;
server_name bbs.yq.com;
location / {
proxy_pass http://yq;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
这样配置会出问题,因为192.168.246.3 192.168.246.4 是虚拟存在的网卡,再配指文件中,主机会找不到,所以启动报错:
解决办法:
echo 'net.ipv4.ip_nonlocal_bind = 1' >>/etc/sysctl.conf
sysctl -p
systemctl reload nginx
2.3 测试
配置windows的hosts
192.168.246.3 wwww.yq.com
192.168.246.4 bbs.yq.com
访问:
wwww.yq.com
bbs.yq.com
curl -H host:www.yq.com 192.168.246.3
curl -H host:bbs.yq.com 192.168.246.4
扫一扫
1289
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
