1. 概述
开源
高性能
高并发
WWW服务代理服务软件。
高并发特别是静态资源,占用系统资源少且功能丰富。具有 反向代理
负载均衡
缓存服务
功能,与 lvs负载均衡
及 Haproxy
等专业代理软件相比,N部署更为简单,在缓存功能方面,它又类似于 Squid
等专业的缓存服务软件。
高并发
支持几万并发连接(特别是静态小文件业务环境)。资源消耗少
在3万并发连接下,Nginx开启10个线程,内存消耗不到200MB。反向代理
加速缓存
即负载均衡功能,内置对RS节点服务器
健康检查功能 。在反向代理或负载均衡服务方面,Nginx可以作为Web服务,
PHP
等动态服务及Memcached
缓存的代理服务器,它具有类似专业反向代理软件(如Haproxy)的功能,同时也是一个优秀的邮件代理服务软件,Nginx1.9.0版本已经开始支持TCP代理。专业缓存
。Web缓存服务,Nginx通过
proxy_cache
模块,实现类似Squid
等专业缓存软件的功能。支持
异步网络I/O
事件模型epoll
(linux2.6+)。2. 高可用
Keepalived
HA(High Availability)
工作原理:基于
vrrp
协议实现。-
2.1. 抢占式
master
[root@lb01 ~]# rpm -qc keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02 #标识信息,一个名字而已;
}
vrrp_instance VI_1 {
state MASTER # 角色是master
interface eth0 #vip 绑定端口
virtual_router_id 50 #让master 和backup在同一个虚拟路由里,id 号必须相同;
priority 150 #优先级,谁的优先级高谁就是master ;
advert_int 1 #心跳间隔时间
authentication {
auth_type PASS #认证
auth_pass 1111 #密码
}
virtual_ipaddress {
10.0.0.3 #虚拟ip
}
}
backup
[root@lb02 ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id lb02 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 50 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3 } }
2.2. 非抢占式
非抢占式不再有主从之分,全部都为BACKUP,并且配置文件中添加nopreempt,用来标识为非抢占式。
[root@lb01 /etc/nginx/upstream]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id lb01 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 50 priority 150 nopreempt advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3 } }
2.3. 负载均衡
将keepalived中vip作为nginx负载均衡监听地址,域名绑定的也是vip地址,Nginx负载均衡实现高可用,需要借助Keepalived地址漂移功能。
两台负载
[root@lb01 /etc/nginx/upstream]# ip add show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:97:e1:ff brd ff:ff:ff:ff:ff:ff inet 10.0.0.5/24 brd 10.0.0.255 scope global eth0 valid_lft forever preferred_lft forever inet 10.0.0.3/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe97:e1ff/64 scope link valid_lft forever preferred_lft forever [root@lb01 /etc/nginx/upstream]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id lb01 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 50 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3 } }
[root@lb02 /etc/nginx/upstream]# ip add show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:6f:18:48 brd ff:ff:ff:ff:ff:ff inet 10.0.0.6/24 brd 10.0.0.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe6f:1848/64 scope link valid_lft forever preferred_lft forever [root@lb02 /etc/nginx/upstream]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id lb02 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 50 priority 100 nopreempt advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3 } }
2.4. 脑裂现象
由于某些原因,导致两台keepalived高可用服务器在指定时间内,无法检测到对方存活心跳信息,从而导致互相抢占对方的资源和服务所有权,此时两台高可用服务器有都还存活;原因总结:
服务器网线松动等网络故障。
- 服务器硬件故障发生损坏现象而崩溃。
- 主备都开启了firewalld 防火墙。
- 在Keepalived+nginx 架构中,当Nginx宕机,会导致用户请求失败,但是keepalived不会进行切换所以需要编写一个检测nginx的存活状态的脚本,如果nginx不存活,则kill掉宕掉的nginx主机上面的keepalived。(所有的keepalived都要配置)
脚本
[root@lb01 /server/scripts]# cat /server/scripts/check_list
#!/bin/sh
nginxpid=$(ps -C nginx --no-header|wc -l)
#1.判断Nginx是否存活,如果不存活则尝试启动Nginx
if [ $nginxpid -eq 0 ];then
systemctl start nginx
sleep 3
#2.等待3秒后再次获取一次Nginx状态
nginxpid=$(ps -C nginx --no-header|wc -l)
#3.再次进行判断, 如Nginx还不存活则停止Keepalived,让地址进行漂移,并退出脚本
if [ $nginxpid -eq 0 ];then
systemctl stop keepalived
fi
fi
配置
[root@lb01 /server/scripts]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script check {
script "/server/scripts/check_list"
interval 10
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
track_script {
check
}
}