高可用负载均衡搭建

高可用负载均衡搭建

主机名	服务IP
nginx-ka-master	172.17.1.131
nginx-ka-backup	172.17.1.132
web1-server	172.17.1.133
web2-server	172.17.1.134
VIP	172.17.1.88

1、安装nginx和keepalived服务

root@haproxy-master:~# apt install keepalived haproxy -y

2、配置keepalived服务

(1)master节点

root@haproxy-master:~# cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf
root@haproxy-master:~# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
#全局配置
global_defs {
   notification_email {
     2923035330@qq.com
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id haproxy_master                #主机唯一标识，每个keepalived的节点标识不能相同，若相同会影响切换脚本的执行
   vrrp_skip_check_addr
   #vrrp_strict                            #开启限制，会自动生效防火墙设置，导致无法访问VIP
   vrrp_grap_interval 0
   vrrp_gna_interval 0
   vrrp_mcast_group4 224.0.0.18            #默认组播IP地址，组播地址范围：224.0.0.0-239.255.255.255
}
vrrp_script check_nginx {                  #定义一个负载服务器检测脚本
  script "/usr/bin/killall -0 nginx"       #script后面跟一个shell命令或者脚本绝对路径
  # script "/etc/keepalived/nginx_check.sh" 
  interval 3                              #指定脚本的检查间隔为5秒
  weight  -50                             #权重减少50
  fall 3                                  #如果脚本连续3次检查失败，则认为服务不健康
  rise 1                                  #只要一次检查成功，就认为服务已经恢复。
}

#VRRP虚拟路由器
vrrp_instance master {                            #VRRP实例名称
    state MASTER                                  #keepalived的角色（master or backup)
    interface eth0                                #绑定当前虚拟路由器使用的物理接口，如：eth0,bond0,eth0:1等
    virtual_router_id 50                          #虚拟路由器的唯一标识，0-255 (注意：keepalived的主备应保持一致)
    nopreempt                                     #非抢占模式（注意：主keepalived设置非抢占模式后，备就可以不用了）
    priority 120                                  #虚拟路由器的优先级
    advert_int 1
    virtual_ipaddress {                          #虚拟IP
     #   172.17.1.88                             #指定VIP，不指定网卡，默认为eth0
     #   172.17.1.89 dev eth0                    #指定网卡
        172.17.1.88 dev eth0 label eth0:1
    }
    track_script {                               #调用vrrp_script定义的脚本去监控负载服务器                           
       check_nginx
    }
     notify_master "/usr/bin/systemctl restart nginx.service"
     notify_backup "/usr/bin/systemctl restart nginx.service"
#    notify_master "/etc/keepalived/notify.sh master"  #当前节点成为主节点时触发的脚本
#    notify_backup "/etc/keepalived/notify.sh backup"  #当前节点转为备节点时触发的脚本
#    notify_fault "/etc/keepalived/notify.sh fault"    #当前节点状态转为“失败”状态时通知的脚本
}

(2)backup节点
root@haproxy-backup:~# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
#全局配置
global_defs {
   notification_email {
     2923035330@qq.com
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id haproxy_backup #主机唯一标识，每个keepalived的节点标识不能相同，若相同会影响切换脚本的执行
   vrrp_skip_check_addr
#   vrrp_strict   #开启限制，会自动生效防火墙设置，导致无法访问VIP
   vrrp_grap_interval 0
   vrrp_gna_interval 0
   vrrp_mcast_group4 224.0.0.18
}
vrrp_script check-nginx{
  script "/usr/bin/killall -0 nginx"
  interval 5
  weight -50
  fall 3
  rise 1
}
#VRRP虚拟路由器
vrrp_instance backup { #VRRP实例名称
    state BACKUP
    interface eth0    #绑定当前虚拟路由器使用的物理接口，如：eth0,bond0,eth0:1等
    virtual_router_id 50  #虚拟路由器的唯一标识，0-255
#    nopreempt
    priority 80 #虚拟路由器的优先级
    advert_int 1
    virtual_ipaddress {  #虚拟IP
        172.17.1.88 dev eth0 label eth0:1
    }
    track_script {
       check_nginx
    }
    notify_master "/usr/bin/systemctl restart nginx.service"
    notify_backup "/usr/bin/systemctl restart nginx.service"
}

3、配置nginx负载服务

root@haproxy-backup:~# cat /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {
  upstream webserver{
    server 172.17.1.133:80 weight=5 fail_timeout=3s max_fails=3;      #检测后端服务是否正常
    server 172.17.1.134:80 weight=5 fail_timeout=3s max_fails=3;      
  }
  server {
  listen 80;
  server_name 172.17.1.88;
    location /{
      proxy_pass http://webserver;
    }
  }
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;
	include /etc/nginx/mime.types;
	default_type application/octet-stream;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;
	gzip on;
	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}

4、验证

root@haproxy-master:~# systemctl stop nginx
root@haproxy-master:~# while true;do curl 172.17.1.88 ;sleep 1;done

root@haproxy-backup:~# watch -n 1 hostname -I

root@haproxy-master:~# tcpdump -i eth0 -nn host 224.0.0.18

5、总结

• keepalived只监测VIP的负载服务器（nginx/haproxy)是否正常，如果不正常就执行切换脚本

• 后端web服务器是由负载均衡器来判断是否正常

• keepalived自身的健康是由本身服务的心跳来检测

• keepalived检测负载是否正常有两种方法判断：

  （1）负载服务的端口或者进程
  （2）服务存活页面是否正常