涉及理论知识点:VRRP协议 https://blog.csdn.net/zhyvodka/article/details/41800399
实验环境准备:
- 三台机器恢复快照,抹掉LVS的实验痕迹
- linux2019_01(85.129):web1
- linux2019_02(85.128):Nginx负载均衡1
- linux2019_03(85.130):Nginx负载均衡2,同时也是web2
实验步骤:
- 在两台负载均衡机器上安装nginx服务
[root@linux2019_02 ~]# vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@linux2019_02 ~]# yum install -y nginx
[root@linux2019_02 ~]# vim /etc/nginx/conf.d/bbs_proxy.conf 配置负载均衡
upstream bbs
{
server 192.168.222.129:443;
server 192.168.222.130:443;
}
server
{
listen 80;
server_name bbs.aibenwoniu.xyz;
location /
{
proxy_pass http://bbs;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
[root@linux2019_02 ~]# systemctl start nginx
另一台nginx负载均衡机器上安装部署nginx服务
[root@linux2019_03 ~]# vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@linux2019_03 ~]# yum install -y nginx
[root@linux2019_03 ~]# vim /etc/nginx/conf.d/bbs_proxy.conf 配置负载均衡
upstream bbs
{
server 192.168.222.129:443;
server 192.168.222.130:443;
}
server
{
listen 80;
server_name bbs.aibenwoniu.xyz;
location /
{
proxy_pass http://bbs;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
[root@linux2019_02 ~]# systemctl start nginx
补充:关于upstream配置 https://blog.csdn.net/zwhfyy/article/details/70856035
- 在两台nginx负载均衡机器上部署keepalived
[root@linux2019_02 ~]# yum install -y keepalived
[root@linux2019_02 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
12345@126.com #定义接收邮件人
}
notification_email_from #定义发邮件地址(实际没有)
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id 001
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh" //此脚本为监控nginx服务的
interval 3
}
vrrp_instance linux2019_02 {
state MASTER
interface ens33 //网卡
virtual_router_id 001
priority 100 //权重100,此数值要大于backup
advert_int 1
authentication {
auth_type PASS
auth_pass root //定义密码
}
virtual_ipaddress {
192.168.85.100 //定义VIP
}
track_script {
chk_nginx //定义监控脚本,这里和上面vrr_script后面的字符串保持一致
}
}
另一台nginx负载均衡机器上安装部署keepalived
[root@linux2019_03 ~]# yum install -y keepalived
[root@linux2019_03 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
12345@126.com #定义接收邮件人
}
notification_email_from #定义发邮件地址(实际没有)
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id 001
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh" //此脚本为监控nginx服务的
interval 3
}
vrrp_instance linux2019 {
state BACKUP
interface ens33 //网卡
virtual_router_id 001
priority 90 //权重90,此数值要效于master
advert_int 1
authentication {
auth_type PASS
auth_pass root //定义密码
}
virtual_ipaddress {
192.168.85.100 //定义VIP
}
track_script {
chk_nginx //定义监控脚本,这里和上面vrr_script后面的字符串保持一致
}
}
补充: keepalived中如何配置第三方邮件告警 https://blog.csdn.net/HzSunshine/article/details/62052398
- 两台高可用机器上编写nginx监控脚本
[root@linux2019_02 ~]# vim /usr/local/sbin/check_ng.sh
#!/bin/bash#时间变量,用于记录日志
d=`date +%Y%m%d_%H:%M:%S`
#计算nginx进程数量
n=`ps -C nginx --no-heading|wc -l`
#如果进程为0,则启动nginx,并且再次检测nginx进程数量,#如果还为0,说明nginx无法启动,此时需要关闭keepalived
if [ $n -eq 0 ]
then
systemctl start nginx #启动命令
n2=`ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
[root@linux2019_02 ~]# chmod 755 /usr/local/sbin/check_ng.sh
[root@linux2019_02 ~]# systemctl start keepalived
防火墙问题:保证VRRP协议放行,SElinux要关闭
- iptables -A INPUT -p vrrp -j ACCEPT
- setenforce 0
- 测试
- 在主服务器上停止nginx服务,因为有nginx监测脚本,会立刻自动恢复nginx服务;
- 在主服务器上错误修改nginx配置,导致nginx服务不可用,keepalived会立刻切换到备用nginx负载均衡机器上,由BACKUP变更为MASTER