1.實驗環境,實現目標
三台主機分別配置nginx負載均衡對後端多台主機做轉發,同時配置keepalived實現HA,保證任意主機出現故障時其他主機接管
serverA 192.168.1.10 VIP1:192.168.1.110
serverB 192.168.1.20 VIP2:192.168.1.120
serverC 192.168.1.30 VIP3:192.168.1.130
2.配置nginx
分別在三台主機安裝nginx,配置文件相同
tar zxvf nginx-1.2.2.tar.gz
cd nginx-1.2.2
./configure –prefix=/opt/nginx –user=daemon –group=daemon
make && make install
vi /opt/nginx.conf
user daemon daemon;
worker_processes 2;
error_log /opt/nginx/logs/nginx_error.log crit;
pid /opt/nginx/logs/nginx.pid;
worker_rlimit_nofile 65535;
events
{
use epoll;
worker_connections 65535;
}
http
{
include mime.types;
default_type application/octet-stream;
#charset utf-8;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
#client_max_body_size 8m;
sendfile on;
send_timeout 60;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 8 128k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#limit_zone crawler $binary_remote_addr 10m;
client_max_body_size 8m; #允許客戶端請求的最大單個文件字節數
client_body_buffer_size 128k; #緩沖區代理緩沖請求的最大字節數,可以理解為先保存到本地再傳給用戶
proxy_connect_timeout 600; #跟後端服務器連接超時時間,發起握手等候響應時間
proxy_read_timeout 600; #連接成功後等待後端服務器的響應時間,已經進入後端的排隊之中等候處理
proxy_send_timeout 600; #後端服務器回傳時間,就是在規定時間內後端服務器必須傳完所有數據
proxy_buffer_size 16k; #代理請求緩沖區,會保存用戶的頭信息以供nginx進行處理
proxy_buffers 4 32k; #同上,告訴nginx保存單個用幾個buffer最大用多少空間
proxy_busy_buffers_size 64k; #如果系統很忙時候可以申請最大的proxy_buffers
proxy_temp_file_write_size 64k; #proxy緩存臨時文件的大小
log_format access ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” $http_x_forwarded_for’;
access_log /opt/nginx/logs/access.log access;
##max_fails = 3 為允許失敗的次數,默認值為1
##fail_timeout = 30s 當max_fails次失敗後,暫停將請求分發到該後端服務器的時間
upstream ylx_api {
ip_hash;
server 192.168.1.124:80 max_fails=3 fail_timeout=30s;
server 192.168.1.125:80 max_fails=3 fail_timeout=30s;
}
upstream yc_api {
ip_hash;
server 192.168.1.124:80 max_fails=3 fail_timeout=30s;
server 192.168.1.125:80 max_fails=3 fail_timeout=30s;
}
server {
listen 80;
server_name ylxapi.linuxsee.com;
location / {
proxy_next_upstream http_502 http_504 error timeout invalid_header; #如果後端返回502、504、超時自動轉發到負載均衡池
proxy_pass http://ylx_api;
proxy_set_header Host ylxapi.linuxsee.com;
proxy_set_header X-Forwarded-For $remote_addr;
}
access_log /opt/nginx/logs/ylxapi.linuxsee.com_access.log access;
}
server {
listen 80;
server_name ycapi.linuxsee.com;
location / {
proxy_pass http://yc_api;
proxy_set_header Host $host;
}
access_log /opt/nginx/logs/ ycapi.linuxsee.com_access.log access;
}
}
3.keepalived配置
tar zxvf keepalived-1.1.15.tar.gz
cd keepalived-1.1.15
./configure –prefix=/opt/keepalived –with-kernel-dir=/usr/src/kernels/2.6.18-194.el5-x86_64 && make && make install
keepalived在同一virtual_router_id中priority(0-255)最大的會成為master,也就是接管VIP,當priority最大的主機發生故障後次priority將會接管,對於以下配置,3台主機的keepalived每個實例中priority分別為serverA(200,180,160),serverB(160,200,180),serverC(180,160,200),當serverA發生故障後serverC接管VIP,serverB發生故障後serverA接管,serverC發生故障後serverB接管;
由於keepalived只檢測本機和他機keepalived是否正常並實現VIP的漂移,而如果本機nginx出現故障不會則不會漂移VIP,所以編寫腳本來判斷本機nginx是否正常,如不正常則關閉keepalived,其他主機此時會接管VIP;
serverA配置:
vi /opt/keepalived/etc/keepalived/check_http.sh
#!/bin/bash
url=”http://192.168.1.10/index.html”
status=$(/usr/bin/curl -s –head “$url” | awk ‘/HTTP/ {print $2}’)
if [ "$status" != "200" ]; then
pkill keepalived
fi
vi /opt/keepalived/etc/keepalived/keepalived.conf.nginx.3vip
global_defs {
router_id Nginx_Id_1
}
vrrp_script chk_nginx {
script “/opt/keepalived/etc/keepalived/check_http.sh” #定義檢測腳本
interval 2 #檢測間隔
weight 2
}
vrrp_instance Nginx1 { #定義一個實例
state MASTER #定義為master
interface eth0
virtual_router_id 138 # 0-255 在同一個instance 中一致在整個vrrp 中唯一
priority 200 #優先級,優先級最大的會成為master
authentication {
auth_type PASS
auth_pass 1111
}
track_script { #檢查腳本
chk_nginx
}
virtual_ipaddress { #此實例的浮動IP
192.168.1.110
}
}
vrrp_instance Nginx2 {
state BACKUP
interface eth0
virtual_router_id 139
priority 180
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.120
}
}
vrrp_instance Nginx3 {
state BACKUP
interface eth0
virtual_router_id 140
priority 160
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.130
}
}
serverB配置:
vi /opt/keepalived/etc/keepalived/check_http.sh
#!/bin/bash
url=”http://192.168.1.20/index.html”
status=$(/usr/bin/curl -s –head “$url” | awk ‘/HTTP/ {print $2}’)
if [ "$status" != "200" ]; then
pkill keepalived
fi
vi /opt/keepalived/etc/keepalived/keepalived.conf.nginx.3vip
global_defs {
router_id Nginx_Id_2
}
vrrp_script chk_nginx {
script “/opt/keepalived/etc/keepalived/check_http.sh”
interval 2
weight 2
}
vrrp_instance Nginx1 {
state BACKUP
interface eth0
virtual_router_id 138
priority 160
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.110
}
}
vrrp_instance Nginx2 {
state MASTER
interface eth0
virtual_router_id 139
priority 200
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx
}
virtual_ipaddress {
192.168.1.120
}
}
vrrp_instance Nginx3 {
state BACKUP
interface eth0
virtual_router_id 140
priority 180
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.130
}
}
serverC配置:
vi /opt/keepalived/etc/keepalived/check_http.sh
#!/bin/bash
url=”http://192.168.1.30/index.html”
status=$(/usr/bin/curl -s –head “$url” | awk ‘/HTTP/ {print $2}’)
if [ "$status" != "200" ]; then
pkill keepalived
fi
vi /opt/keepalived/etc/keepalived/keepalived.conf.nginx.3vip
global_defs {
router_id Nginx_Id_3
}
vrrp_script chk_nginx {
script “/opt/keepalived/etc/keepalived/check_http.sh”
interval 2
weight 2
}
vrrp_instance Nginx1 {
state BACKUP
interface eth0
virtual_router_id 138
priority 180
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.110
}
}
vrrp_instance Nginx2 {
state BACKUP
interface eth0
virtual_router_id 139
priority 160
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.120
}
}
vrrp_instance Nginx3 {
state MASTER
interface eth0
virtual_router_id 140
priority 200
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx
}
virtual_ipaddress {
192.168.1.130
}
}