nginx+keepalive主从 双机热备 + 自动切换解决方案
时间:2014-11-22 00:41 来源:linux.it.net.cn 作者:IT
nginx+keepalive主从 双机热备 + 自动切换解决方案
环境采集cenots 6.3 64位迷你安装,因为安装前,你需要做一些工作
yum install -y make wget
如果你愿意可以更新下系统,更换下yum源.
1.安装keepalive
官方最新版 keepalived-1.2.7
tar zxvf keepalived-1.2.7.tar.gz
cd keepalived-1.2.7
在此之前。请安装一下一些简单的工具
yum install -y gcc openssl-devel popt-devel
不然会编译不成功的。
然后
./configure
make && make install
cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
chmod +x /etc/init.d/keepalived
chkconfig --add keepalived
chkconfig keepalived on
mkdir /etc/keepalived
ln -s /usr/local/sbin/keepalived /usr/sbin/
2.安装nginx
nginx-1.2.5.tar.gz
tar zxvf nginx-1.2.5.tar.gz
cd nginx-1.2.5
安装一下相关组件.
yum install -y pcre-devel
./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module
make && make install
3.配置keepalive
两台服务器端keepalived.conf内容都为如下,都设置为backup,不抢占,注意修改优先级不同,更详细的keepalived配置文件说明可以执行man keepalived.conf查看:
! Configuration File for keepalived
global_defs {
notification_email {
admin@lvtao.net
}
notification_email_from admin@lvtao.net
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
#监控服务.NGINX mysql等
vrrp_script chk_nginx {
script "/home/check_nginx.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP #主从设置 MASTER
interface eth2 #网卡名
virtual_router_id 51
mcast_src_ip 10.0.1.133 #本机IP
priority 50 #从机小于主机
advert_int 1
authentication {
auth_type PASS
auth_pass chtopnet
}
virtual_ipaddress {
10.0.1.2 #VIP 的IP
}
track_script {
chk_nginx #检测脚本
}
}
virtual_server 10.0.1.2 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 10.0.1.132 80 {
weight 3
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.0.1.133 80 {
weight 3
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
启动相关服务。我在这儿使用的是nginx ,每个上面开了一个站点,通过IP可以直接访问的。启动keepalive后,就可以通过VIP的虚拟IP 10.0.1.2来访问站点了,测试方法就是 停止任何其中一个站点,看它是否能自动切换到从服务器上。
上面代码中 nginx的检测脚本如下 :
#!/bin/bash
if [ "$(ps -ef | grep "nginx: master process"| grep -v grep )" == "" ]
then
/usr/local/nginx/sbin/nginx
sleep 5
if [ "$(ps -ef | grep "nginx: master process"| grep -v grep )" == "" ]
then
killall keepalived
fi
fi
在两台Web Server上执行realserver.sh脚本,为lo:0绑定VIP地址10.0.1.2、抑制ARP广播。
#!/bin/bash
#description: Config realserver
VIP=10.0.1.2
/etc/rc.d/init.d/functions
case "$1" in
start)
/sbin/ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
分别在主从机上执行 sh realserver.sh start 就可实现负载均衡及高可用集群了;
keepalive相关参数说明
! Configuration File for keepalived
global_defs {
notification_email {
admin@lvtao.net #设置报警邮件地址,可以设置多个,每行一个。 需开启本机的sendmail服务
}
notification_email_from admin@lvtao.net #设置邮件的发送地址
smtp_server 127.0.0.1 #设置smtp server地址
smtp_connect_timeout 30 #设置连接smtp server的超时时间
router_id LVS_DEVEL #表示运行keepalived服务器的一个标识。发邮件时显示在邮件主题的信息
}
vrrp_instance VI_1 {
state MASTER #指定keepalived的角色,MASTER表示此主机是主服务器,BACKUP表示此主机是备用服务器
interface eth0 #指定HA监测网络的接口
virtual_router_id 51 #虚拟路由标识,这个标识是一个数字,同一个vrrp实例使用唯一的标识。即同一vrrp_instance下,MASTER和BACKUP必须是一致的
priority 100 #定义优先级,数字越大,优先级越高,在同一个vrrp_instance下,MASTER的优先级必须大于BACKUP的优先级
advert_int 1 #设定MASTER与BACKUP负载均衡器之间同步检查的时间间隔,单位是秒
authentication { #设置验证类型和密码
auth_type PASS #设置验证类型,主要有PASS和AH两种
auth_pass 1111 #设置验证密码,在同一个vrrp_instance下,MASTER与BACKUP必须使用相同的密码才能正常通信
}
virtual_ipaddress { #设置虚拟IP地址,可以设置多个虚拟IP地址,每行一个
10.0.0.148
}
}
virtual_server 10.0.0.148 80 { #设置虚拟服务器,需要指定虚拟IP地址和服务端口,IP与端口之间用空格隔开
delay_loop 6 #设置运行情况检查时间,单位是秒
lb_algo rr #设置负载调度算法,这里设置为rr,即轮询算法
lb_kind DR #设置LVS实现负载均衡的机制,有NAT、TUN、DR三个模式可选
persistence_timeout 50 #会话保持时间,单位是秒。这个选项对动态网页是非常有用的,为集群系统中的session共享提供了一个很好的解决方案。
#有了这个会话保持功能,用户的请求会被一直分发到某个服务节点,直到超过这个会话的保持时间。
#需要注意的是,这个会话保持时间是最大无响应超时时间,也就是说,用户在操作动态页面时,如果50秒内没有执行任何操作,
#那么接下来的操作会被分发到另外的节点,但是如果用户一直在操作动态页面,则不受50秒的时间限制
protocol TCP #指定转发协议类型,有TCP和UDP两种
real_server 10.0.0.137 80 { #配置服务节点1,需要指定real server的真实IP地址和端口,IP与端口之间用空格隔开
weight 3 #配置服务节点的权值,权值大小用数字表示,数字越大,权值越高,设置权值大小可以为不同性能的服务器
#分配不同的负载,可以为性能高的服务器设置较高的权值,而为性能较低的服务器设置相对较低的权值,这样才能合理地利用和分配系统资源
TCP_CHECK { #realserver的状态检测设置部分,单位是秒
connect_timeout 10 #表示3秒无响应超时
nb_get_retry 3 #表示重试次数
delay_before_retry 3 #表示重试间隔
connect_port 80
}
}
real_server 10.0.0.139 80 {
weight 3
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1、操作系统版本和LVS等软件版本:
CentOS6 (Linux Kernel 2.6.32-71.el6.i686)
ipvsadm 1.2.4
keepalived 1.1.17
2、需要的IP配置:
LVS Master IP:10.0.0.5
LVS Backup IP:10.0.0.6
RealServer IP:10.0.0.7、10.0.0.5(兼)、10.0.0.6(兼)
NetGetway IP:10.0.0.1
虚拟IP(VIP):10.0.0.2
3、注意事项:
CentOS6 安装选择开发工作站模式
防火墙都关闭(因为业务机器前端有专用的防火墙,如果没有,那么Master也可兼)
4、网络拓补图:
5、ipvsadm和keepalived安装:
[root@RServer2 /]#mkdir /soft
[root@RServer2 /]#cd /soft
[root@RServer2 soft]# wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.24.tar.gz
[root@RServer2 soft]# wget http://www.keepalived.org/software/keepalived-1.1.17.tar.gz
[root@RServer2 soft]#ln -s /usr/src/kernels/2.6.32-71.el6.i686/ /usr/src/linux
[root@RServer2 soft]# tar -zxvf ipvsadm-1.24.tar.gz
[root@RServer2 soft]# cd ipvsadm-1.24
[root@RServer2 ipvsadm-1.24]# make;make install
[root@RServer2 ipvsadm-1.24]# cd ..
[root@RServer2 soft]# tar -zxvf keepalived-1.1.17.tar.gz
[root@RServer2 soft]# cd keepalived-1.1.17
[root@RServer2 soft]# ./configure
[root@RServer2 keepalived-1.1.17]# make;make install
顺利的话就这些步骤了,如果出现错误提示,那么根据具体的错误具体处理,一般可能出现的错误:
1)、OpenSSL,提示可能如下
!!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files.
解决方案:运行yum -y installopenssl-devel
2)、提示没有gcc编译器
解决方案:运行yum installncurses-devel gcc gcc-c++ make rpm-build
[root@RServer2 keepalived-1.1.17]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/keepalived
[root@RServer2 keepalived-1.1.17]# cp /usr/local/sbin/keepalived /usr/sbin/
[root@RServer2 keepalived-1.1.17]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@RServer2 keepalived-1.1.17]# mkdir -p /etc/keepalived/
[root@RServer2 keepalived-1.1.17]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
[root@RServer2 keepalived-1.1.17]# chmod +x /etc/init.d/keepalived
6、编辑LVS Master机器上的/etc/keepalived/keepalived.conf:
打开编辑器,比如VI或是gedit
/etc/keepalived/keepalived.conf的内容如下,自己修改程序要的内容。
#Master服务器上的配置 /etc/keepalived/keepalived.conf
global_defs {
notification_email {
leekexi@gmail.com #可以多个地址
}
notification_email_from leekexi@gmail.com
smtp_server smtp.gmail.com
smtp_connect_timeout 30
router_id LVS_DEVEL
}
#监测ipvsadm进程状态,每3秒执行一次
vrrp_script chk_ipvsadm{
script "/usr/local/keepalived/chk_ipvsadm.sh"
interval 3
weight 3
}
vrrp_instance VI_1 {
state MASTER #标示状态为MASTER 备份机为BACKUP
interface eth0
virtual_router_id 51
priority 100 #MASTER权重要高于BACKUP 比如BACKUP为99
advert_int 1
#mcast_src_ip 10.0.0.5 #Master服务器IP,如果是备份机请填写备份机的IP
authentication {
auth_type PASS #主从服务器验证方式
auth_pass 1111
}
virtual_ipaddress {
10.0.0.2 #可以多个虚拟IP,换行即可
}
}
#虚拟服务器 21端口的配置
virtual_server 10.0.0.2 21 {
delay_loop 6 #(每隔10秒查询realserver状态)
lb_algo rr #(lvs 算法)
lb_kind DR #(Direct Route)
persistence_timeout 60 #(同一IP的连接60秒内被分配到同一台realserver)
protocol TCP #(用TCP协议检查realserver状态)
#实际服务器的IP和端口
real_server 10.0.0.5 21 {
weight 5
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 21
}
}
#实际服务器的IP和端口
real_server 10.0.0.6 21 {
weight 5
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 21
}
}
}
#虚拟服务器 80端口的配置
virtual_server 10.0.0.2 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 10.0.0.5 80 {
weight 5
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.0.0.6 80 {
weight 5
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
#虚拟服务器 83端口的配置
virtual_server 10.0.0.2 83 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 10.0.0.5 83 {
weight 5
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 83
}
}
real_server 10.0.0.6 83 {
weight 5
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 83
}
}
}
7、编辑LVS Master机器上的/usr/local/keepalived/chk_ipvsadm.sh:
/usr/local/keepalived/chk_ipvsadm.sh文件的作用大家从keepalived.conf中可以看得出来,主要的作用就是确认ipvsadm是否处于运行转载,器内容如下:
#!/bin/bash
#
# author: likexi
# description: /usr/local/keepalived/chk_ipvsadm.sh
# 定时查看ipvsadm是否存在,如果不存在则启动ipvsadm,
# 如果启动失败,则停止keepalived
#
status=$(ps aux|grep ipvsadm | grep -v grep | grep -v bash | wc -l)
if [ "${status}" = "0" ]; then
service ipvsadm start
status2=$(ps aux|grep ipvsadm | grep -v grep | grep -v bash |wc -l)
if [ "${status2}" = "0" ]; then
/etc/init.d/keepalived stop
fi
fi
8、编辑LVS Master机器上的/etc/init.d/lvs_server.sh:
#!/bin/bash
#把一下内容保存成:lvs_server.sh
#并放置在/etc/init.d目录下
#如果想启动LVS Server执行:/etc/init.d/lvs_server.sh start
#如果想停止LVS Server执行:/etc/init.d/lvs_server.sh stop
#如果想重启LVS Server执行:/etc/init.d/lvs_server.sh restart
GW=10.0.0.1 # NetGetway
VIP=10.0.0.2 #虚拟IP,更具具体情况而变
#有几个输入几个,与下面的配置对应,同时必须与KeepAlived.config配置对应
RIP1=10.0.0.5 #实际的服务器IP
RIP2=10.0.0.6 #实际的服务器IP
RIP3=10.0.0.7 #实际的服务器IP
. /etc/rc.d/init.d/functions # 如果提示权限不够,那么先在命令行执行: chmod 777 /etc/rc.d/init.d/functions
case "$1" in
start)
echo "ipvsadm start..."
#清空 IPVS的内存数据
/sbin/ipvsadm -C
/sbin/ipvsadm --set 30 5 60
#设置虚拟IP和同步参数
/sbin/ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
#设置LVS
#开启FTP 21 端口服务,并指向RIP1和RIP2的服务器
/sbin/ipvsadm -A -t $VIP:21 -s rr
/sbin/ipvsadm -a -t $VIP:21 -r $RIP1:21 -g
/sbin/ipvsadm -a -t $VIP:21 -r $RIP2:21 -g
/sbin/ipvsadm -a -t $VIP:21 -r $RIP3:21 -g
#开启FTP 20 端口服务,并指向RIP1和RIP2的服务器
/sbin/ipvsadm -A -t $VIP:83 -s rr
/sbin/ipvsadm -a -t $VIP:83 -r $RIP1:83 -g
/sbin/ipvsadm -a -t $VIP:83 -r $RIP2:83 -g
#开启WEB 80 端口服务,并指向RIP1和RIP2的服务器
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP3:80 -g
touch /var/lock/subsys/ipvsadm >/dev/null 2>&1
# set Arp
/sbin/arping -I eth0 -c 5 -s $VIP $GW >/dev/null 2>&1
#运行LVS
/sbin/ipvsadm -ln
;;
stop)
/sbin/ipvsadm -C
/sbin/ipvsadm -Z
ifconfig eth0:0 down
route del $VIP >/dev/null 2>&1
rm -rf /var/lock/subsys/ipvsadm >/dev/null 2>&1
/sbin/arping -I eth0 -c 5 -s $VIP $GW
echo "ipvsadm stoped"
;;
restart)
/sbin/ipvsadm -C
/sbin/ipvsadm -Z
ifconfig eth0:0 down
route del $VIP >/dev/null 2>&1
rm -rf /var/lock/subsys/ipvsadm >/dev/null 2>&1
/sbin/arping -I eth0 -c 5 -s $VIP $GW
echo "ipvsadm stoped"
echo "ipvsadm start..."
#清空 IPVS的内存数据
/sbin/ipvsadm -C
/sbin/ipvsadm --set 30 5 60
#设置虚拟IP和同步参数
/sbin/ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
#设置LVS
#开启FTP 21 端口服务,并指向RIP1和RIP2的服务器
/sbin/ipvsadm -A -t $VIP:21 -s rr
/sbin/ipvsadm -a -t $VIP:21 -r $RIP1:21 -g
/sbin/ipvsadm -a -t $VIP:21 -r $RIP2:21 -g
/sbin/ipvsadm -a -t $VIP:21 -r $RIP3:21 -g
#开启FTP 20 端口服务,并指向RIP1和RIP2的服务器
/sbin/ipvsadm -A -t $VIP:83 -s rr
/sbin/ipvsadm -a -t $VIP:83 -r $RIP1:83 -g
/sbin/ipvsadm -a -t $VIP:83 -r $RIP2:83 -g
#开启WEB 80 端口服务,并指向RIP1和RIP2的服务器
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP3:80 -g
touch /var/lock/subsys/ipvsadm >/dev/null 2>&1
# set Arp
/sbin/arping -I eth0 -c 5 -s $VIP $GW >/dev/null 2>&1
#运行LVS
/sbin/ipvsadm -ln
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
9、BACKUP机器上与MASTER机器的差别:
BACKUP的安装和Master的安装基本一致,只是一些参数略有变化。
变化的参数如下:
1、keepalived.conf文件中
原:state MASTER #标示状态为MASTER 备份机为BACKUP
state BACKUP #标示状态改为BACKUP
原:priority 100 #MASTER权重要高于BACKUP 比如BACKUP为99
priority 99 #MASTER权重要高于BACKUP,MASTER为100,那么BACKUP略小于,比如99
原:mcast_src_ip 192.168.20.101 #Master服务器IP,如果是备份机请填写备份机的IP
mcast_src_ip 192.168.20.100 #换成BACKUP服务器IP
10、编辑每台Real Server机器上的/etc/sysctl.conf:
#在原来的基础上修改一行数据和添加四行数据
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
#从0 改为 1
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
#添加的4句
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
11、编辑每台Real Server机器上的/etc/init.d/lvs_real_server.sh:
所有的Real Server配置一样,这里仅限Linux版本系统的机器,对于Window版本的机器,请另行查询资料:
#!/bin/bash
#把一下内容保存成:lvs_real_server.sh
#并放置在/etc/init.d目录下
#如果想启动LVS Real Server执行:/etc/init.d/lvs_real_server.sh start
#如果想停止LVS Real Server执行:/etc/init.d/lvs_real_server.sh stop
#如果想查看LVS Real Server状态:/etc/init.d/lvs_real_server.sh stop
VIP=10.0.0.2
. /etc/rc.d/init.d/functions # 如果提示权限不够,那么先在命令行执行: chmod 777 /etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
status)
#Status of LVS-DR real server.
islothere=`/sbin/ifconfig lo:0 | grep $VIP`
isrothere=`netstat -rn | grep "lo:0" | grep $VIP`
if [ ! "$islothere" -o ! "isrothere" ];then
# Either the route or the lo:0 device
# not found.
echo "LVS-DR real server Stopped."
else
echo "LVS-DR Running."
fi
;;
*)
#Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
esac
exit 0
12、如果采用JBoss作为LVS的WebServer:
Jboss作为LVS的WebServer时需要做一些简单的配置
对于standalone运行模式的Jboss,只需在standalone.xml配置文件修改如下内容:
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<interface name="any">
<any-address/>
</interface> </interfaces>
<socket-binding-group name="standard-sockets" default-interface="any">
<socket-binding name="http" port="80"/>
<socket-binding name="https" port="443"/> <socket-binding name="jmx-connector-registry" interface="management" port="1090"/>
<socket-binding name="jmx-connector-server" interface="management" port="1091"/>
<socket-binding name="jndi" port="1099"/>
<socket-binding name="osgi-http" interface="management" port="8090"/>
<socket-binding name="remoting" port="4447"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
</socket-binding-group>
13、LVS群集系统维护命令:
如果发现无权执行以下的文件,只需在对应的文件上执行:chmod 命令
比如:要修改/etc/init.d/lvs_server.sh文件为任何人可执行那么执行的命令:
[root@RServer2 /]#chmod 777 /etc/init.d/lvs_server.sh
其他文件一样的方式修改。
1)、ipvsadm维护
启动:/etc/init.d/lvs_server.sh start
停止:/etc/init.d/lvs_server.sh stop
重启:/etc/init.d/lvs_server.sh restart
2)、keepAlived维护
启动:/etc/init.d/keepalived start
停止:/etc/init.d/keepalived stop
重启:/etc/init.d/keepalived restart
3)、real server 维护
只需运行一次的命令:/etc/sysctl -p
启动:/etc/init.d/lvs_real_server.sh start
停止:/etc/init.d/lvs_real_server.sh stop
4)、Jboss维护
后台运行模式:/jboss/bin/standalone.sh &
exit(退出控制台,但是Jboss继续运行)
前台运行模式:/jboss/bin/standalone.sh
关闭Jboss: ps aux | grep jboss
kill 对应的线程号
(责任编辑:IT)
nginx+keepalive主从 双机热备 + 自动切换解决方案 环境采集cenots 6.3 64位迷你安装,因为安装前,你需要做一些工作 yum install -y make wget 如果你愿意可以更新下系统,更换下yum源. 1.安装keepalive 官方最新版 keepalived-1.2.7 tar zxvf keepalived-1.2.7.tar.gz cd keepalived-1.2.7 在此之前。请安装一下一些简单的工具 yum install -y gcc openssl-devel popt-devel 不然会编译不成功的。 然后 ./configure make && make install cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/ cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ chmod +x /etc/init.d/keepalived chkconfig --add keepalived chkconfig keepalived on mkdir /etc/keepalived ln -s /usr/local/sbin/keepalived /usr/sbin/ 2.安装nginx nginx-1.2.5.tar.gz tar zxvf nginx-1.2.5.tar.gz cd nginx-1.2.5 安装一下相关组件. yum install -y pcre-devel ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module make && make install 3.配置keepalive 两台服务器端keepalived.conf内容都为如下,都设置为backup,不抢占,注意修改优先级不同,更详细的keepalived配置文件说明可以执行man keepalived.conf查看: ! Configuration File for keepalived global_defs { notification_email { admin@lvtao.net } notification_email_from admin@lvtao.net smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } #监控服务.NGINX mysql等 vrrp_script chk_nginx { script "/home/check_nginx.sh" interval 2 weight 2 } vrrp_instance VI_1 { state BACKUP #主从设置 MASTER interface eth2 #网卡名 virtual_router_id 51 mcast_src_ip 10.0.1.133 #本机IP priority 50 #从机小于主机 advert_int 1 authentication { auth_type PASS auth_pass chtopnet } virtual_ipaddress { 10.0.1.2 #VIP 的IP } track_script { chk_nginx #检测脚本 } } virtual_server 10.0.1.2 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 10.0.1.132 80 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 10.0.1.133 80 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } } 启动相关服务。我在这儿使用的是nginx ,每个上面开了一个站点,通过IP可以直接访问的。启动keepalive后,就可以通过VIP的虚拟IP 10.0.1.2来访问站点了,测试方法就是 停止任何其中一个站点,看它是否能自动切换到从服务器上。 上面代码中 nginx的检测脚本如下 : #!/bin/bash if [ "$(ps -ef | grep "nginx: master process"| grep -v grep )" == "" ] then /usr/local/nginx/sbin/nginx sleep 5 if [ "$(ps -ef | grep "nginx: master process"| grep -v grep )" == "" ] then killall keepalived fi fi 在两台Web Server上执行realserver.sh脚本,为lo:0绑定VIP地址10.0.1.2、抑制ARP广播。 #!/bin/bash #description: Config realserver VIP=10.0.1.2 /etc/rc.d/init.d/functions case "$1" in start) /sbin/ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP /sbin/route add -host $VIP dev lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p >/dev/null 2>&1 echo "RealServer Start OK" ;; stop) /sbin/ifconfig lo:0 down /sbin/route del $VIP >/dev/null 2>&1 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce echo "RealServer Stoped" ;; *) echo "Usage: $0 {start|stop}" exit 1 esac exit 0 分别在主从机上执行 sh realserver.sh start 就可实现负载均衡及高可用集群了; keepalive相关参数说明
! Configuration File for keepalived
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1、操作系统版本和LVS等软件版本: CentOS6 (Linux Kernel 2.6.32-71.el6.i686) ipvsadm 1.2.4 keepalived 1.1.17 2、需要的IP配置: LVS Master IP:10.0.0.5 LVS Backup IP:10.0.0.6 RealServer IP:10.0.0.7、10.0.0.5(兼)、10.0.0.6(兼) NetGetway IP:10.0.0.1 虚拟IP(VIP):10.0.0.2 3、注意事项: CentOS6 安装选择开发工作站模式 防火墙都关闭(因为业务机器前端有专用的防火墙,如果没有,那么Master也可兼) 4、网络拓补图:
5、ipvsadm和keepalived安装:
[root@RServer2 /]#mkdir /soft [root@RServer2 /]#cd /soft [root@RServer2 soft]# wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.24.tar.gz [root@RServer2 soft]# wget http://www.keepalived.org/software/keepalived-1.1.17.tar.gz [root@RServer2 soft]#ln -s /usr/src/kernels/2.6.32-71.el6.i686/ /usr/src/linux [root@RServer2 soft]# tar -zxvf ipvsadm-1.24.tar.gz [root@RServer2 soft]# cd ipvsadm-1.24 [root@RServer2 ipvsadm-1.24]# make;make install [root@RServer2 ipvsadm-1.24]# cd .. [root@RServer2 soft]# tar -zxvf keepalived-1.1.17.tar.gz [root@RServer2 soft]# cd keepalived-1.1.17 [root@RServer2 soft]# ./configure [root@RServer2 keepalived-1.1.17]# make;make install 顺利的话就这些步骤了,如果出现错误提示,那么根据具体的错误具体处理,一般可能出现的错误: 1)、OpenSSL,提示可能如下 !!! OpenSSL is not properly installed on your system. !!! !!! Can not include OpenSSL headers files. 解决方案:运行yum -y installopenssl-devel 2)、提示没有gcc编译器 解决方案:运行yum installncurses-devel gcc gcc-c++ make rpm-build [root@RServer2 keepalived-1.1.17]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/keepalived [root@RServer2 keepalived-1.1.17]# cp /usr/local/sbin/keepalived /usr/sbin/ [root@RServer2 keepalived-1.1.17]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ [root@RServer2 keepalived-1.1.17]# mkdir -p /etc/keepalived/ [root@RServer2 keepalived-1.1.17]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf [root@RServer2 keepalived-1.1.17]# chmod +x /etc/init.d/keepalived 6、编辑LVS Master机器上的/etc/keepalived/keepalived.conf:
打开编辑器,比如VI或是gedit
/etc/keepalived/keepalived.conf的内容如下,自己修改程序要的内容。
#Master服务器上的配置 /etc/keepalived/keepalived.conf
global_defs {
notification_email {
leekexi@gmail.com #可以多个地址
}
notification_email_from leekexi@gmail.com
smtp_server smtp.gmail.com
smtp_connect_timeout 30
router_id LVS_DEVEL
}
#监测ipvsadm进程状态,每3秒执行一次
vrrp_script chk_ipvsadm{
script "/usr/local/keepalived/chk_ipvsadm.sh"
interval 3
weight 3
}
vrrp_instance VI_1 {
state MASTER #标示状态为MASTER 备份机为BACKUP
interface eth0
virtual_router_id 51
priority 100 #MASTER权重要高于BACKUP 比如BACKUP为99
advert_int 1
#mcast_src_ip 10.0.0.5 #Master服务器IP,如果是备份机请填写备份机的IP
authentication {
auth_type PASS #主从服务器验证方式
auth_pass 1111
}
virtual_ipaddress {
10.0.0.2 #可以多个虚拟IP,换行即可
}
}
#虚拟服务器 21端口的配置
virtual_server 10.0.0.2 21 {
delay_loop 6 #(每隔10秒查询realserver状态)
lb_algo rr #(lvs 算法)
lb_kind DR #(Direct Route)
persistence_timeout 60 #(同一IP的连接60秒内被分配到同一台realserver)
protocol TCP #(用TCP协议检查realserver状态)
#实际服务器的IP和端口
real_server 10.0.0.5 21 {
weight 5
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 21
}
}
#实际服务器的IP和端口
real_server 10.0.0.6 21 {
weight 5
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 21
}
}
}
#虚拟服务器 80端口的配置
virtual_server 10.0.0.2 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 10.0.0.5 80 {
weight 5
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.0.0.6 80 {
weight 5
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
#虚拟服务器 83端口的配置
virtual_server 10.0.0.2 83 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 10.0.0.5 83 {
weight 5
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 83
}
}
real_server 10.0.0.6 83 {
weight 5
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 83
}
}
}
7、编辑LVS Master机器上的/usr/local/keepalived/chk_ipvsadm.sh:
/usr/local/keepalived/chk_ipvsadm.sh文件的作用大家从keepalived.conf中可以看得出来,主要的作用就是确认ipvsadm是否处于运行转载,器内容如下:
#!/bin/bash
#
# author: likexi
# description: /usr/local/keepalived/chk_ipvsadm.sh
# 定时查看ipvsadm是否存在,如果不存在则启动ipvsadm,
# 如果启动失败,则停止keepalived
#
status=$(ps aux|grep ipvsadm | grep -v grep | grep -v bash | wc -l)
if [ "${status}" = "0" ]; then
service ipvsadm start
status2=$(ps aux|grep ipvsadm | grep -v grep | grep -v bash |wc -l)
if [ "${status2}" = "0" ]; then
/etc/init.d/keepalived stop
fi
fi
8、编辑LVS Master机器上的/etc/init.d/lvs_server.sh:
#!/bin/bash
#把一下内容保存成:lvs_server.sh
#并放置在/etc/init.d目录下
#如果想启动LVS Server执行:/etc/init.d/lvs_server.sh start
#如果想停止LVS Server执行:/etc/init.d/lvs_server.sh stop
#如果想重启LVS Server执行:/etc/init.d/lvs_server.sh restart
GW=10.0.0.1 # NetGetway
VIP=10.0.0.2 #虚拟IP,更具具体情况而变
#有几个输入几个,与下面的配置对应,同时必须与KeepAlived.config配置对应
RIP1=10.0.0.5 #实际的服务器IP
RIP2=10.0.0.6 #实际的服务器IP
RIP3=10.0.0.7 #实际的服务器IP
. /etc/rc.d/init.d/functions # 如果提示权限不够,那么先在命令行执行: chmod 777 /etc/rc.d/init.d/functions
case "$1" in
start)
echo "ipvsadm start..."
#清空 IPVS的内存数据
/sbin/ipvsadm -C
/sbin/ipvsadm --set 30 5 60
#设置虚拟IP和同步参数
/sbin/ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
#设置LVS
#开启FTP 21 端口服务,并指向RIP1和RIP2的服务器
/sbin/ipvsadm -A -t $VIP:21 -s rr
/sbin/ipvsadm -a -t $VIP:21 -r $RIP1:21 -g
/sbin/ipvsadm -a -t $VIP:21 -r $RIP2:21 -g
/sbin/ipvsadm -a -t $VIP:21 -r $RIP3:21 -g
#开启FTP 20 端口服务,并指向RIP1和RIP2的服务器
/sbin/ipvsadm -A -t $VIP:83 -s rr
/sbin/ipvsadm -a -t $VIP:83 -r $RIP1:83 -g
/sbin/ipvsadm -a -t $VIP:83 -r $RIP2:83 -g
#开启WEB 80 端口服务,并指向RIP1和RIP2的服务器
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP3:80 -g
touch /var/lock/subsys/ipvsadm >/dev/null 2>&1
# set Arp
/sbin/arping -I eth0 -c 5 -s $VIP $GW >/dev/null 2>&1
#运行LVS
/sbin/ipvsadm -ln
;;
stop)
/sbin/ipvsadm -C
/sbin/ipvsadm -Z
ifconfig eth0:0 down
route del $VIP >/dev/null 2>&1
rm -rf /var/lock/subsys/ipvsadm >/dev/null 2>&1
/sbin/arping -I eth0 -c 5 -s $VIP $GW
echo "ipvsadm stoped"
;;
restart)
/sbin/ipvsadm -C
/sbin/ipvsadm -Z
ifconfig eth0:0 down
route del $VIP >/dev/null 2>&1
rm -rf /var/lock/subsys/ipvsadm >/dev/null 2>&1
/sbin/arping -I eth0 -c 5 -s $VIP $GW
echo "ipvsadm stoped"
echo "ipvsadm start..."
#清空 IPVS的内存数据
/sbin/ipvsadm -C
/sbin/ipvsadm --set 30 5 60
#设置虚拟IP和同步参数
/sbin/ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
#设置LVS
#开启FTP 21 端口服务,并指向RIP1和RIP2的服务器
/sbin/ipvsadm -A -t $VIP:21 -s rr
/sbin/ipvsadm -a -t $VIP:21 -r $RIP1:21 -g
/sbin/ipvsadm -a -t $VIP:21 -r $RIP2:21 -g
/sbin/ipvsadm -a -t $VIP:21 -r $RIP3:21 -g
#开启FTP 20 端口服务,并指向RIP1和RIP2的服务器
/sbin/ipvsadm -A -t $VIP:83 -s rr
/sbin/ipvsadm -a -t $VIP:83 -r $RIP1:83 -g
/sbin/ipvsadm -a -t $VIP:83 -r $RIP2:83 -g
#开启WEB 80 端口服务,并指向RIP1和RIP2的服务器
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP3:80 -g
touch /var/lock/subsys/ipvsadm >/dev/null 2>&1
# set Arp
/sbin/arping -I eth0 -c 5 -s $VIP $GW >/dev/null 2>&1
#运行LVS
/sbin/ipvsadm -ln
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
9、BACKUP机器上与MASTER机器的差别: BACKUP的安装和Master的安装基本一致,只是一些参数略有变化。 变化的参数如下: 1、keepalived.conf文件中 原:state MASTER #标示状态为MASTER 备份机为BACKUP state BACKUP #标示状态改为BACKUP 原:priority 100 #MASTER权重要高于BACKUP 比如BACKUP为99 priority 99 #MASTER权重要高于BACKUP,MASTER为100,那么BACKUP略小于,比如99 原:mcast_src_ip 192.168.20.101 #Master服务器IP,如果是备份机请填写备份机的IP mcast_src_ip 192.168.20.100 #换成BACKUP服务器IP
10、编辑每台Real Server机器上的/etc/sysctl.conf: #在原来的基础上修改一行数据和添加四行数据 # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding #从0 改为 1 net.ipv4.ip_forward = 1 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 #添加的4句 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 11、编辑每台Real Server机器上的/etc/init.d/lvs_real_server.sh:
所有的Real Server配置一样,这里仅限Linux版本系统的机器,对于Window版本的机器,请另行查询资料:
#!/bin/bash
#把一下内容保存成:lvs_real_server.sh
#并放置在/etc/init.d目录下
#如果想启动LVS Real Server执行:/etc/init.d/lvs_real_server.sh start
#如果想停止LVS Real Server执行:/etc/init.d/lvs_real_server.sh stop
#如果想查看LVS Real Server状态:/etc/init.d/lvs_real_server.sh stop
VIP=10.0.0.2
. /etc/rc.d/init.d/functions # 如果提示权限不够,那么先在命令行执行: chmod 777 /etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
status)
#Status of LVS-DR real server.
islothere=`/sbin/ifconfig lo:0 | grep $VIP`
isrothere=`netstat -rn | grep "lo:0" | grep $VIP`
if [ ! "$islothere" -o ! "isrothere" ];then
# Either the route or the lo:0 device
# not found.
echo "LVS-DR real server Stopped."
else
echo "LVS-DR Running."
fi
;;
*)
#Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
esac
exit 0
12、如果采用JBoss作为LVS的WebServer:
Jboss作为LVS的WebServer时需要做一些简单的配置
对于standalone运行模式的Jboss,只需在standalone.xml配置文件修改如下内容:
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<interface name="any">
<any-address/>
</interface> </interfaces>
<socket-binding-group name="standard-sockets" default-interface="any">
<socket-binding name="http" port="80"/>
<socket-binding name="https" port="443"/> <socket-binding name="jmx-connector-registry" interface="management" port="1090"/>
<socket-binding name="jmx-connector-server" interface="management" port="1091"/>
<socket-binding name="jndi" port="1099"/>
<socket-binding name="osgi-http" interface="management" port="8090"/>
<socket-binding name="remoting" port="4447"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
</socket-binding-group>
如果发现无权执行以下的文件,只需在对应的文件上执行:chmod 命令 比如:要修改/etc/init.d/lvs_server.sh文件为任何人可执行那么执行的命令: [root@RServer2 /]#chmod 777 /etc/init.d/lvs_server.sh 其他文件一样的方式修改。 1)、ipvsadm维护 启动:/etc/init.d/lvs_server.sh start 停止:/etc/init.d/lvs_server.sh stop 重启:/etc/init.d/lvs_server.sh restart 2)、keepAlived维护 启动:/etc/init.d/keepalived start 停止:/etc/init.d/keepalived stop 重启:/etc/init.d/keepalived restart 3)、real server 维护 只需运行一次的命令:/etc/sysctl -p 启动:/etc/init.d/lvs_real_server.sh start 停止:/etc/init.d/lvs_real_server.sh stop 4)、Jboss维护 后台运行模式:/jboss/bin/standalone.sh & exit(退出控制台,但是Jboss继续运行) 前台运行模式:/jboss/bin/standalone.sh 关闭Jboss: ps aux | grep jboss kill 对应的线程号(责任编辑:IT) |