Keepalived双主互备模型实现
实验拓扑概述
本次实验所涉及的系统发行版本为:CentOS6.6-64bit;内核版本:2.6.32-504.el6.x86_64
(nod1)Nginx代理1:配置有nginx服务,向外部宣称一个公网ip接收外部客户端请求,网卡eth0桥接模式,配置有内网ip172.16.13.11;eth1(1.1.1.2/24)仅主机模式,模拟与出口路由器通信接口,nod1为VIP1的MASTER时,VIP(1.1.1.100/32)配置于eth1的别名eth1:1上,若BACKUP节点故障,将VIP2转移到eth1:2上
(nod22)nginx代理2:配置nginx服务,向外部宣称一个公网ip接收外部客户端请求,网卡eth0桥接模式,配置有内网ip172.16.13.22;eth1(1.1.1.3/24)仅主机模式,模拟与出口路由器通信接口,nod22为VIP2的MASTER时,VIP(1.1.1.200/32)配置于eth1的别名eth1:1上,若BACKUP节点故障,将VIP1转移到eth1:2上
(nod33)web1:配置有httpd服务,负责接收前端代理服务器的调度接收,网卡eth0桥接模式,配置有内网ip172.16.13.33
(nod44)web2:配置有httpd服务,负责接收前端代理服务器的调度接收,网卡eth0桥接模式,配置有内网ip172.16.13.44
(nod55)模拟出口路由器,eth1(1.1.1.1/24)仅主机模式,eth0自定义网络vmnet10
客户端网卡也连接vmnet10
实验原理
Nod1和nod22上分别向互联网宣称一个公网IP(VIP1和VIP2)提供web服务。通过DNS的轮询解析原理,会将来自不同IP客户端的请求分别分发至nod1和nod22上,当nod1或nod22中任意一个节点故障停机,配置在相应节点上的VIP地址会自动转移到另一节点,从而保证了对外的服务提供依旧正常。
实验配置:
关于keepalived配置参数介绍,请参见http://imsupeng.blog.51cto.com/10651675/1703673
(nod33)配置:IP 172.16.13.33/16,无需指定网关
>>>关闭selinux,清空防火墙规则
[[email protected] ~]# setenforce 0 [[email protected] ~]# iptables –F
>>>安装httpd,提供网页文件
[[email protected] ~]# yum install -y httpd [[email protected] ~]# echo "web on nod33" > /var/www/html/index.html [[email protected] ~]# service httpd start
(nod44)配置:IP 172.16.13.44/16,无需指定网关
>>>关闭selinux,清空防火墙规则
[[email protected] ~]# setenforce 0 [[email protected] ~]# iptables –F
>>>安装httpd,提供网页文件
[[email protected] ~]# yum install -y httpd [[email protected] ~]# echo "web on nod44" > /var/www/html/index.html [[email protected] ~]# service httpd start
(nod1)配置
>>>关闭selinux,清空防火墙规则
[[email protected] ~]# setenforce 0 [[email protected] ~]# iptables –F
>>>开启核心转发功能
[[email protected] ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
>>>网卡配置如下————注意:若虚拟机配置前就把IP设置成如下,很可能导致网络yum源无法使用,可以将后面配置完成后再修改网卡
>>>由于keepalive的配置前提必须(1、主备节点时间同步;2、主备节点主机名必须是使用hostname或uname –r命令获取的一直,并且能互相解析);因此,需要修改主机名并添加主备节点的hosts文件解析
[[email protected] ~]# sed -I ‘s/\(HOSTNAME=\).*/\1nod1/‘ /etc/sysconfig/network && hostname nod1 [[email protected] ~]# echo -e ‘127.0.0.1 nod1\n172.16.13.22 nod22‘ >> /etc/hosts [[email protected] ~]# crontab -e ##编辑crontab任务计划,添加如下内容,实现每3分钟自动时间同步 */3 * * * * /usr/sbin/ntpdate ntp.sjtu.edu.cn &> /dev/null && /sbin/hwclock -w
>>>安装keepalived并配置
[[email protected] ~]# yum install keepalived –y ##需事先配置好yum源 [[email protected] ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { [email protected] } notification_email_from [email protected] smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id nod1 } vrrp_instance VI_1 { ##第一个为主 state MASTER ##VIP1的MASTER interface eth1 virtual_router_id 13 ##两个实例此处必须不一样 priority 100 ##优先级应大于MASTER advert_int 1 authentication { auth_type PASS auth_pass 281fd7d6 ##两个实例的密码也不能一样 } virtual_ipaddress { 1.1.1.100/32 dev eth1 label eth1:1 } } vrrp_instance VI_2 { state BACKUP ##VIP2为BACKUP interface eth1 virtual_router_id 23 ##两个实例此处必须不一样 priority 99 ##注意优先级小于MASTER advert_int 1 authentication { auth_type PASS auth_pass 1fd7d6 ##两个实例的密码也不能一样 } virtual_ipaddress { 1.1.1.200/32 dev eth1 label eth1:2 } }
>>>将keepalived设置开机自启并启动
[[email protected] ~]# vim /etc/keepalived/keepalived.conf [[email protected] ~]# chkconfig --add keepalived [[email protected] ~]# chkconfig keepalived on [[email protected] ~]# service keepalived start
>>>编译安装nginx(需事先下载源码包,我已下载至/root目录下)
1 添加nginx组及nginx用户
[[email protected] ~]# groupadd -r nginx [[email protected] ~]# useradd -r -M -g nginx -s /sbin/nologin nginx
2 解压源码包至/usr/local/src目录下并安装
[[email protected] ~]# tar xf /root/nginx-1.8.0.tar.gz -C /usr/local/src/ [[email protected] ~]# yum install gcc pcre-devel openssl openssl-devel
##安装gcc编译器,并事先解决依赖关系(nginx安装时所依赖的软件开发包)
[[email protected] ~]# cd /usr/local/src/nginx-1.8.0/ ##切换至nginx展开目录 [[email protected] nginx-1.8.0]# ./configure --prefix=/usr/local/nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --with-http_mp4_module --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --http-client-body-temp-path=/var/tmp/nginx/client/ --http-proxy-temp-path=/var/tmp/nginx/proxy/ --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre [[email protected] nginx-1.8.0]# mkdir -pv /var/tmp/nginx/{client,proxy,fcgi,uwsgi,scgi} [[email protected] nginx-1.8.0]# make && make install
>>>配置nginx反向负载均衡代理
[[email protected] ~]# cp /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak
##备份配置文件
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf 在http上下文中添加 upstream httpdsrvs { server 172.16.13.33:80 weight=1; server 172.16.13.44:80 weight=1; } 将默认server段的location删除,添加: location / { proxy_pass http://httpdsrvs/; }
如图:
检查配置文件,并启动nginx
[[email protected] ~]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [[email protected] ~]# /usr/local/nginx/sbin/nginx
######使用物理机的浏览器测试负载均衡是否生效(注意测试时可能浏览器自身缓存导致测试有误,刷新时需按住shift+F5)
(nod22)配置
>>>关闭selinux,清空防火墙规则
[[email protected] ~]# setenforce 0 [[email protected] ~]# iptables –F
>>>开启核心转发功能
[[email protected] ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
>>>网卡配置如下————注意:若虚拟机配置前就把IP设置成如下,很可能导致网络yum源无法使用,可以将后面配置完成后再修改网卡
>>>由于keepalive的配置前提必须(1、主备节点时间同步;2、主备节点主机名必须是使用hostname或uname –r命令获取的一直,并且能互相解析);因此,需要修改主机名并添加主备节点的hosts文件解析
[[email protected] ~]# sed -I ‘s/\(HOSTNAME=\).*/\1nod22/‘ /etc/sysconfig/network && hostname nod22 [[email protected] ~]# echo -e ‘127.0.0.1 nod22\n172.16.13.11 nod2‘ >> /etc/hosts [[email protected] ~]# crontab -e ##编辑crontab任务计划,添加如下内容,实现每3分钟自动时间同步 */3 * * * * /usr/sbin/ntpdate ntp.sjtu.edu.cn &> /dev/null && /sbin/hwclock -w
>>>安装keepalived并配置
[[email protected] ~]# yum install keepalived –y [[email protected] ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak ##备份配置文件,若配置错误可随时恢复
[[email protected] ~]# vim /etc/keepalived/keepalived.conf ##修改配置文件 ! Configuration File for keepalived global_defs { notification_email { [email protected] } notification_email_from [email protected] smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id nod22 ##注意修改 } vrrp_instance VI_1 { state BACKUP ##注意修改 interface eth1 virtual_router_id 13 priority 99 ##注意修改 advert_int 1 authentication { auth_type PASS auth_pass 281fd7d6 ##注意修改,与此实例的MASTER保持一致 } virtual_ipaddress { 1.1.1.100/32 dev eth1 label eth1:1 } } vrrp_instance VI_2 { state MASTER ##注意修改 interface eth1 virtual_router_id 23 priority 100 ##注意修改 advert_int 1 authentication { auth_type PASS auth_pass 1fd7d6 ##注意修改,与此实例的MASTER保持一致 } virtual_ipaddress { 1.1.1.200/32 dev eth1 label eth1:2 } }
>>>将keepalived设置开机自启并启动
[[email protected] ~]# vim /etc/keepalived/keepalived.conf [[email protected] ~]# chkconfig --add keepalived [[email protected] ~]# chkconfig keepalived on [[email protected] ~]# service keepalived start
>>>编译安装nginx(需事先下载源码包,我已下载至/root目录下)
1 添加nginx组及nginx用户
[[email protected] ~]# groupadd -r nginx [[email protected] ~]# useradd -r -M -g nginx -s /sbin/nologin nginx
2 解压源码包至/usr/local/src目录下并安装
[[email protected] ~]# tar xf /root/nginx-1.8.0.tar.gz -C /usr/local/src/
[[email protected] ~]# yum install gcc pcre-devel openssl openssl-devel
##安装gcc编译器,并事先解决依赖关系(nginx安装时所依赖的软件开发包)
[[email protected] ~]# cd /usr/local/src/nginx-1.8.0/ ##切换至nginx展开目录 [[email protected] nginx-1.8.0]# ./configure --prefix=/usr/local/nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --with-http_mp4_module --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --http-client-body-temp-path=/var/tmp/nginx/client/ --http-proxy-temp-path=/var/tmp/nginx/proxy/ --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre [[email protected] nginx-1.8.0]# mkdir -pv /var/tmp/nginx/{client,proxy,fcgi,uwsgi,scgi} [[email protected] nginx-1.8.0]# make && make install
>>>配置nginx反向负载均衡代理
[[email protected] ~]# cp /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak ##备份配置文件 [[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf 在http上下文中添加 upstream httpdsrvs { server 172.16.13.33:80 weight=1; server 172.16.13.44:80 weight=1; } 将默认server段的location删除,添加: location / { proxy_pass http://httpdsrvs/; }
检查配置文件,并启动nginx
[[email protected] ~]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [[email protected] ~]# /usr/local/nginx/sbin/nginx ##启动nginx
######使用物理机的浏览器测试负载均衡是否生效(注意测试时可能浏览器自身缓存导致测试有误,刷新时需按住shift+F5)
(nod55)的配置
>>>关闭selinux,清空防火墙规则
[[email protected] ~]# setenforce 0 [[email protected] ~]# iptables –F
>>>开启核心转发功能
[[email protected] ~]#echo 1 > /proc/sys/net/ipv4/ip_forward
网卡配置
测试
第一步:测试节点故障后,VIP能否自动转移
第二步:客户端测试网站是否能正常负载均衡