目录
4、搭建双vip的负载均衡高可用系统,使用keepalived实现高可用
5、搭建Promethues+grafana的监控系统,对整个web集群的机器进行监控
一、项目准备
1、构建网络拓扑图
2、服务器准备
| 机器名 | IP地址 | 用途 |
|---|---|---|
| lb1 | 192.168.38.140 | 负载均衡1 |
| lb2 | 192.168.38.141 | 负载均衡2 |
| web1 | 192.168.38.142 | web服务器1 |
| web2 | 192.168.38.143 | web服务器2 |
| nfs | 192.168.38.144 | NFS服务器,保持数据一致 |
| dns | 192.168.38.145 | DNS服务器,域名解析 |
| prometheus | 192.168.38.146 | 监控服务器 |
| test | 192.168.38.147 | 测试机 |
3、项目环境
项目环境:8台服务器(1G,1核),centos7.9,keepalived1.3.5,nignx 1.27.0,nfs,bind,Prometheus,ab
二、项目描述
模拟企业构建一个高可用并且高性能的web集群项目,能处理大并发的web业务
三、项目步骤
1、搭建nfs服务器,解决web集群里数据一致性问题
1)安装nfs软件
[root@nfs ~]# yum install nfs-utils -y
[root@nfs ~]# service nfs start2)修改exports文件
[root@nfs ~]# vim /etc/exports
/web 192.168.38.0/24(ro,all_squash,sync)3)创建/web目录,并再/web目录中编辑好index.html文件
4)关闭防火墙和SELINUX功能
2、安装好2台nginx的web服务器,并部署好nfs功能
1)使用脚本安装好nginx
2)安装nfs软件
[root@web1 ~]# yum install -y nfs-utils
3)挂载nfs服务器里的/web文件
[root@web1 ~]# mount 192.168.38.144:/web /usr/local/nginx/html4)关闭防火墙和SLINUX功能
5)验证是否成功
3、搭建dns服务器,进行域名解析
1)安装bind软件,启动服务并设置开机自启
[root@dns ~]# yum install bind* -y
[root@dns ~]# service named start
[root@dns ~]# systemctl enable named
2)把其他机器上的DNS服务器修改为192.168.38.145
[root@web1 conf]# vim /etc/resolv.conf
nameserver 192.168.38.145
3)修改配置文件/etc/named.rfc1912.zones
[root@dns node_exporter]# vim /etc/named.rfc1912.zones
zone "niecailing.asia" IN { #niecailing.asia.zone文件里面存放这niecailing.asia这个区域的所有的域名解析记录
type master;
file "niecailing.asia.zone"; #这个文件需要自己创建
allow-update { none; };
};
#创建niecailing.asia.zone文件
[root@dns named]# cd /var/named/
[root@dns named]# cp named.localhost niecailing.asia.zone
[root@dns named]# vim niecailing.asia.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.38.145
www IN A 192.168.38.140
www IN A 192.168.38.141
#重启服务
[root@dns named]# service named restart
4)检验
[root@dns named]# nslookup www.niecailing.asia
Server: 192.168.38.145
Address: 192.168.38.145#53
Name: www.niecailing.asia
Address: 192.168.38.140
Name: www.niecailing.asia
Address: 192.168.38.141
4、搭建双vip的负载均衡高可用系统,使用keepalived实现高可用
1)在2台负载均衡服务器上安装nginx
2)在负载均衡服务器上开启https负载均衡功能
将证书上传至负载均衡器后进行解压,然后修改配置文件nginx.conf
http {
upstream myapp {
server 192.168.38.142;
server 192.168.38.143;
}server {
listen 443 ssl;
server_name www.niecailing.asia;ssl_certificate www.niecailing.asia.pem; #公钥
ssl_certificate_key www.niecailing.asia.key; #私钥ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;location / {
proxy_pass http://myapp;
}
}}
3)解决HTTP跳转到HTTPS的问题(不需要可以跳过)
修改配置文件
server {
listen 80;
server_name www.niecailing.asia;
return 301 https://www.niecailing.asia;
}
4)解决real ip 问题(不需要可以跳过)
修改负载均衡器的配置文件
location / {
proxy_pass http://myapp;
proxy_set_header X-Real_IP $remote_addr;
}
修改web服务器的配置文件
在日志格式中加上$http_x_real_ip字段,并且使用此日志格式
http {
include mime.types;
default_type application/octet-stream;log_format main '$remote_addr - $http_x_real_ip - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';access_log logs/access.log main; #使用此日志格式
..
}
最后效果
5)在负载均衡器上安装keepalived软件,实现双VIP高可用
#安装keepalived
[root@lb1 ~]# yum install keepalived -y
#修改lb1配置文件
[root@lb1 ~]#vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 120
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.38.188
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.38.189
}
}
#修改lb2配置文件
[root@lb2 ~]#vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.38.188
}
}
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 52
priority 120
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.38.189
}
}
6)在keepalived上增加健康检测功能
原因:keepalived的价值是建立在nginx能正常工作的前提下的,如果nginx异常,这台机器就不是负载均衡了,需要停止他的master身份,将他的优先级降低,让位给其他的机器。所以需要有健康检测功能。
这里以lb1为例,lb2也是同样的配置。
#编写监控nginx健康情况的脚本
[root@lb1 keepalived]# cat /nginx/nginx_monitor.sh
#!/bin/bash
if /usr/sbin/pidof nginx &>/dev/null;then
exit 0;
else
exit 1;
fi
#添加权限
[root@lb1 keepalived]# chmod +x /nginx/nginx_monitor.sh
#修改keepalived的配置文件
[root@lb1 keepalived]# vim keepalived.conf
#定义监控脚本 check_nginx
vrrp_script check_nginx {
script "/nginx/nginx_monitor.sh"
interval 1
weight -30
}
#在master实例中调用此脚本
vrrp_instance VI_2 {
state MASTER
track_script {
check_nginx #调用脚本
}
}
注:修改完配置文件后,重启服务
5、搭建Promethues+grafana的监控系统,对整个web集群的机器进行监控
1)下载Prometheus的安装包,并解压。这个地址在国外,建议翻墙下载,速度快。
[root@prometheus ~]# mkdir /prom
[root@prometheus ~]# cd /prom
[root@prometheus prom]#wget https://github.com/prometheus/prometheus/releases/download/v2.54.0-rc.1/prometheus-2.54.0-rc.1.linux-amd64.tar.gz
[root@prometheus prom]# tar -zxvf prometheus-2.54.0-rc.1.linux-amd64.tar.gz 2)修改PATH变量,方便后续使用命令
[root@prometheus prom]# mv prometheus-2.54.0-rc.1.linux-amd64 prometheus
[root@prometheus prometheus]# PATH=/prom/prometheus:$PATH
[root@prometheus prometheus]# echo "PATH=/prom/prometheus:$PATH" >> /root/.bashrc3)把prometheus服务用systemd进程开启
编写/usr/lib/systemd/system/prometheus.service
[root@prometheus prometheus]# cat /usr/lib/systemd/system/prometheus.service
[Unit]
Description=prometheus
[Service]
ExecStart=/prom/prometheus/prometheus --config.file=/prom/prometheus/prometheus.yml
ExecReload=/bin/kill -HUP $MIANPID
killMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
#重载服务
[root@prometheus prometheus]# systemctl daemon-reload
#启动prometheus服务并设置开机自启
[root@prometheus prometheus]# service prometheus start
Redirecting to /bin/systemctl start prometheus.service
[root@prometheus prometheus]# systemctl enable prometheus
Created symlink from /etc/systemd/system/multi-user.target.wants/prometheus.service to /usr/lib/systemd/system/prometheus.service.4)访问9090端口进入prometheus界面
5)在其他被监控机器上都安装好exporter
[root@web1 node_export]# mv mode_exporter/ node_exporter
#修改PATH变量
[root@web1 node_exporter]# PATH=/node_export/node_exporter:$PATH
[root@web1 node_exporter]# echo "PATH=/node_export/node_exporter:$PATH" >> /root/.bashrc
#启动服务。也可以尝试像server机一样用systemd进程开启,但是为了简单我没弄了
[root@web1 node_exporter]# nohup node_exporter --web.listen-address 0.0.0.0:8090 &
[1] 15552
注:记住这里的端口
6)在server机上添加被监控机
[root@prometheus prometheus]# vim prometheus.yml
- job_name: "lb1"
static_configs:
- targets: ["192.168.38.140:8090"]
- job_name: "lb2"
static_configs:
- targets: ["192.168.38.141:8090"]
- job_name: "web1"
static_configs:
- targets: ["192.168.38.142:8090"]
- job_name: "web2"
static_configs:
- targets: ["192.168.38.143:8090"]
- job_name: "nfs"
static_configs:
- targets: ["192.168.38.144:8090"]
- job_name: "dns"
static_configs:
- targets: ["192.168.38.145:8090"]
- job_name: "prometheus"
static_configs:
- targets: ["localhost:9090"]
7)访问promethues的web界面,检验是否成功
8)在server机器上安装grafana
#安装
[root@prometheus prometheus]# yum install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-11.1.3-1.x86_64.rpm
#启动服务
[root@prometheus prometheus]#service grafana-service start
[root@prometheus prometheus]#systemctl enable grafana-server
#用浏览器访问监控服务器的3000端口就可以进入grafana界面了。选择自己喜欢的模板对不同的机器进行监控即可。
6、搭建测试机,使用ab软件对整个web集群进行压力测试
[root@test ~]# yum install httpd-tools -y
#-c 指定多少连接,-n 指定给多少请求
[root@test ~]# ab -c 600 -n 3000 https://www.niecailing.asia/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking www.niecailing.asia (be patient)
SSL handshake failed (5).
Completed 300 requests
Completed 600 requests
Completed 900 requests
Completed 1200 requests
Completed 1500 requests
Completed 1800 requests
Completed 2100 requests
Completed 2400 requests
Completed 2700 requests
Completed 3000 requests
Finished 3000 requests
Server Software: nginx/1.27.0
Server Hostname: www.niecailing.asia
Server Port: 443
SSL/TLS Protocol: TLSv1.2,ECDHE-RSA-AES256-GCM-SHA384,2048,256
Document Path: /
Document Length: 12 bytes
Concurrency Level: 600
Time taken for tests: 5.911 seconds
Complete requests: 3000
Failed requests: 170
(Connect: 0, Receive: 0, Length: 87, Exceptions: 83)
Write errors: 0
Total transferred: 704946 bytes
HTML transferred: 34956 bytes
Requests per second: 507.53 [#/sec] (mean)
Time per request: 1182.191 [ms] (mean)
Time per request: 1.970 [ms] (mean, across all concurrent requests)
Transfer rate: 116.47 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 665 792.7 316 4946
Processing: 6 46 78.4 10 269
Waiting: 0 44 78.7 10 269
Total: 40 710 792.4 327 4955
Percentage of the requests served within a certain time (ms)
50% 327
66% 740
75% 809
80% 860
90% 1472
95% 2073
98% 3743
99% 4527
100% 4955 (longest request)
所以:最后这个集群最多能每秒钟处理500个请求
7、参数优化
1)对Linux的内核参数进行优化
2)对nginx的参数进行优化
四、项目心得
1、对很多基础功能的软件的配合有了一定的了解。例如:Prometheus,keepalived,nginx,nfs,bind等
2、对高性能和高可用有了一定的认识,对系统的性能指标有了一定的认识,对脑裂现象有了一定的了解。
3、对4/7层dns负载均衡有一定的了解
五、问题汇总
1、因为没有提前写好项目的步骤,导致我提前在web服务器上构建了https服务,后来又觉得不需要在web服务器上配置https服务,只需要在负载均衡上配置https服务就好。于是又把这段配置删除了。可是当我在浏览器上访问我的web服务器地址时(192.168.38.142),浏览器做了域名解析访问到域名www.niecailing.asia导致出错。后来换浏览器发现能够正常访问我的nfs服务器里的内容,原来是浏览器缓存的问题,需要清空浏览器缓存。
2、在配置健康检测模块时,出现了两次粗心的错误。
1)把vrrp_script打成了vrrp_scrip
2)check_nginx后面要有空格再接{
这个错误很难发现,因为打错了之后,重启keepalived服务是不会有任何的报错信息,最后是通过查看日志文件/usr/log/messages查出来自己的配置文件有错误。
3、不足:
1)容易出现单点故障,只有一台nfs服务器,可以加一台nfs服务器,使用sync实现数据一致性
2)nfs服务器使用传统的网络时网络稳定性不太好有时延,可以通过使用万兆网络解决。
3)nfs服务器读取速度有限,当读写要求大或者并发要求大,速度要求快时可以采用SAN或者云存储。
1581
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
