企业级高性能负载均衡集群技术之LVS_实例
企业级高性能负载均衡集群技术之LVS_实例
说明:
1、客户端必须要通过域名来访问后端的服务器业务
2、要能实现www.bestit.com和blog.bestit.com网站的访问,因此要实现基于域名的虚拟主机的功能
3、为了解决LB的单点故障问题,因此要求必须实现高可用的问题,并且LB需要实现能主动对后端服务器的健康检查功能,确保当后端服务器出现故障时,用户的请求不会被调度到故障的服务器上。同时,要求高可用服务能实现对LB的监控,一旦LB服务异常后及时拉起LB服务,保证业务的持续性。
4.LB调度算法上,要基本实现用户的session保持的功能
5、www.bestit.com和blog.bestit.com网站的数据需要分离在NFS服务器上,为了确保NFS不会出现单点故障问题,因此要求实现高可用,同时要求NFS服务器之间必须要实现实时数据同步功能。并且要求高可用服务能实现对NFS的监控,一旦NFS服务异常后及时拉起NFS服务。角色 | IP |
|---|---|
DNS | 10.0.0.8 |
LB1 | 10.0.0.9 |
LB2 | 10.0.0.10 |
Web1 | 10.0.0.11 |
Web2 | 10.0.0.12 |
Web3 | 10.0.0.13 |
Web4 | 10.0.0.14 |
NFS1 | 10.0.0.15 |
NFS2 | 10.0.0.16 |
NFS集群
# NFS1
#!/bin/bash
/usr/bin/yum install -y epel-release &&
/usr/bin/yum install inotify* -y
# 服务端密码
PASS=szz20021224
rpm -q sshpass &> /dev/null || yum -y install sshpass &> /dev/null
rm -rf .ssh/id_rsa .ssh/id_rsa.pub
ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa &> /dev/null && echo "ssh key is created"
# 定义目标主机
host="10.0.0.15"
for IP in $host ;do
{
sshpass -p$PASS ssh-copy-id -i /root/.ssh/id_rsa.pub root@$IP -o StrictHostKeyChecking=no &>/dev/null
echo $IP is ready
}&
done
wait
# Client 本地同步目录
SRC=/var/www/html/
# Server 远程目录
DST1=root@10.0.0.15:/var/www/html
# D C E 接收三个输出的变量
inotifywait -mrq -e modify,delete,create,attrib ${SRC}|while read D E F
do
/usr/bin/rsync -avz --delete $SRC $DST1
done
# NFS2
#!/bin/bash
/usr/bin/yum install -y epel-release &&
/usr/bin/yum install inotify* -y
# 服务端密码
PASS=szz20021224
rpm -q sshpass &> /dev/null || yum -y install sshpass &> /dev/null
rm -rf .ssh/id_rsa .ssh/id_rsa.pub
ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa &> /dev/null && echo "ssh key is created"
# 定义目标主机
host="10.0.0.15"
for IP in $host ;do
{
sshpass -p$PASS ssh-copy-id -i /root/.ssh/id_rsa.pub root@$IP -o StrictHostKeyChecking=no &>/dev/null
echo $IP is ready
}&
done
wait
# Client 本地同步目录
SRC=/var/www/html/
# Server 远程目录
DST1=root@10.0.0.15:/var/www/html
# D C E 接收三个输出的变量
inotifywait -mrq -e modify,delete,create,attrib ${SRC}|while read D E F
do
/usr/bin/rsync -avz --delete $SRC $DST1
done
[root@nfs1/var/www/html]$ nohup sh rsync_inotify.sh &>/dev/null &
[root@nfs2/var/www/html]$ nohup sh rsync_inotify.sh &>/dev/null &
[root@nfs1/var/www/html]$ vim /etc/exports
[root@nfs1/var/www/html]$ exportfs -r
[root@nfs1/var/www/html]$ exportfs -v
/var/www/html 10.0.0.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,root_squash,no_all_squash)
[root@nfs2/var/www/html]$ vim /etc/exports
[root@nfs2/var/www/html]$ exportfs -r
[root@nfs2/var/www/html]$ exportfs -v
/var/www/html 10.0.0.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,root_squash,no_all_squash)
[root@nfs1/var/www/html]$ systemctl start nfs
[root@nfs2/var/www/html]$ systemctl start nfs
[root@nfs1~]$ yum -y install epel-release keepalived pcre-devel
[root@nfs2~]$ yum -y install epel-release keepalived pcre-devel
[root@nfs1~]$ cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@nfs2~]$ cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@nfs1~]$ cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 10.0.0.15
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
}
vrrp_script check_nfs {
script "/root/check_nfs.sh" #用于检查本地的Nginx是否存活
interval 3 #检查的间隔次数
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.200
}
track_script {
check_nfs
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 56
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.210
}
track_script {
check_nfs
}
}
[root@nfs1~]$ systemctl restart keepalived.service
[root@nfs1~]$ ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ae:63:29 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.15/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 10.0.0.200/32 scope global eth0
valid_lft forever preferred_lft forever
[root@nfs2~]$ cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 10.0.0.15
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
}
vrrp_script check_nfs {
script "/root/check_nfs.sh" #用于检查本地的Nginx是否存活
interval 3 #检查的间隔次数
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.200
}
track_script {
check_nfs
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 56
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.210
}
track_script {
check_nfs
}
}
# 服务异常拉起服务脚本
[root@nfs1~]$ cat check_nfsd.sh
[root@nfs2~]$ cat check_nfsd.sh
n=`ps -C nfsd --no-heading|wc -l`
if [ $n -eq 0 ];then
systemctl start nfs
fi
if [ $? -ne 0 ];then
systemctl stop keepalived.service;
fi
Web集群
[root@web1~]$ showmount -e 10.0.0.200
Export list for 10.0.0.200:
/var/www/html 10.0.0.0/24
[root@we3~]$ showmount -e 10.0.0.200
Export list for 10.0.0.200:
/var/www/html 10.0.0.0/24
[root@web1~]$ echo "10.0.0.200:/var/www/html /var/www/html nfs defaults,_netdev 0 0" >> /etc/fstab && mount -a && df -h
[root@web2~]$ echo "10.0.0.200:/var/www/html /var/www/html nfs defaults,_netdev 0 0" >> /etc/fstab && mount -a && df -h
[root@web3~]$ echo "10.0.0.200:/var/www/html /var/www/html nfs defaults,_netdev 0 0" >> /etc/fstab && mount -a && df -h
[root@web4~]$ echo "10.0.0.200:/var/www/html /var/www/html nfs defaults,_netdev 0 0" >> /etc/fstab && mount -a && df -h
[root@web1~]$ vim /apps/nginx/conf/nginx.conf
[root@web2~]$ vim /apps/nginx/conf/nginx.conf
location / {
root /var/www/html/web1;
index index.html index.htm;
}
[root@web3~]$ vim /apps/nginx/conf/nginx.conf
[root@web4~]$ vim /apps/nginx/conf/nginx.conf
location / {
root /var/www/html/web2;
index index.html index.htm;
}LB集群
[root@lb1~]$ yum -y install epel-release keepalived pcre-devel
[root@lb2~]$ yum -y install epel-release keepalived pcre-devel
[root@lb1~]$ cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@lb2~]$ cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@lb1~]$ vim /apps/nginx/conf/nginx.conf
upstream web {
server 10.0.0.11:80;
server 10.0.0.12:80;
check interval=1000 rise=1 fall=1 timeout=1000 type=http;
check_http_send "GET / HTTP/1.0\r\n\r\n";
check_http_expect_alive http_2xx http_3xx;
}
upstream web1 {
server 10.0.0.13:80;
server 10.0.0.14:80;
check interval=1000 rise=1 fall=1 timeout=1000 type=http;
check_http_send "GET / HTTP/1.0\r\n\r\n";
check_http_expect_alive http_2xx http_3xx;
}
server {
listen 80;
server_name www.bestit.com;
location = / {
proxy_pass http://web;
}
location /webstatus {
check_status;
access_log off;
}
server {
listen 80;
server_name blog.bestit.com;
location = / {
proxy_pass http://web1;
}
location /webstatus {
check_status;
access_log off;
}
[root@lb2~]$ vim /apps/nginx/conf/nginx.conf
upstream web {
server 10.0.0.11:80;
server 10.0.0.12:80;
check interval=1000 rise=1 fall=1 timeout=1000 type=http;
check_http_send "GET / HTTP/1.0\r\n\r\n";
check_http_expect_alive http_2xx http_3xx;
}
upstream web1 {
server 10.0.0.13:80;
server 10.0.0.14:80;
check interval=1000 rise=1 fall=1 timeout=1000 type=http;
check_http_send "GET / HTTP/1.0\r\n\r\n";
check_http_expect_alive http_2xx http_3xx;
}
server {
listen 80;
server_name www.bestit.com;
location = / {
proxy_pass http://web;
}
location /webstatus {
check_status;
access_log off;
}
server {
listen 80;
server_name blog.bestit.com;
location = / {
proxy_pass http://web1;
}
location /webstatus {
check_status;
access_log off;
}
============================LB1=============================
[root@lb1~]$ cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 10.0.0.9
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
}
vrrp_script chk_nginx {
script /root/check_ng.sh
interval 3
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.100
}
track_script {
chk_nginx
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 56
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.110
}
track_script {
/root/chk_nginx
}
}
[root@lb1/apps/nginx/conf]$ ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:2b:f5:9b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.9/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global eth0
valid_lft forever preferred_lft forever
# 服务异常拉起服务
[root@lb1~]$ cat check_ng.sh
#!/bin/bash
d=`date --date today +%Y%m%d_%H:%M:%S`
n=`ps -C nginx --no-heading|wc -l`
if [ $n -eq "0" ]; then
/usr/local/nginx/sbin/nginx
n2=`ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
[root@lb1~]$ chmod a+x check_ng.sh
============================LB2=============================
[root@lb2~]$ cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 10.0.0.10
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
}
vrrp_script chk_nginx {
script /root/check_ng.sh
interval 3
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.100
}
track_script {
/root/chk_nginx
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 56
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.110
}
track_script {
/root/chk_nginx
}
}
[root@lb2/apps/nginx/conf]$ ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a5:2a:1f brd ff:ff:ff:ff:ff:ff
inet 10.0.0.10/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 10.0.0.110/32 scope global eth0
valid_lft forever preferred_lft forever
# 服务异常拉起服务
[root@lb2~]$ cat check_ng.sh
#!/bin/bash
d=`date --date today +%Y%m%d_%H:%M:%S`
n=`ps -C nginx --no-heading|wc -l`
if [ $n -eq "0" ]; then
/usr/local/nginx/sbin/nginx
n2=`ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
[root@lb1~]$ chmod a+x check_ng.sh
============================================================
[root@lb2/usr/local/src]$ tar zxvf nginx_upstream_check_module-0.4.0.tar.gz -C /usr/local/src/nginx-1.22.1/third_moule/
# 打补丁
[root@lb1/usr/local/src/nginx-1.22.1]$ patch -p1 < /root/check_1.20.1+.patch
[root@lb2/usr/local/src/nginx-1.22.1]$ ./configure --prefix=/usr/local/nginx
--with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gunzip_module --with-http_sub_module --with-http_flv_module --with-http_mp4_module --user=nginx --group=nginx --with-stream --add-module=/usr/local/src/nginx-1.22.1/third_moule/nginx_upstream_check_module-0.4.0/
[root@lb2/usr/local/src/nginx-1.22.1]$ make && make install
[root@lb2/usr/local/nginx/sbin]$ ./nginx -v
nginx version: nginx/1.22.1
DNS服务器
[root@dns~]$ yum install -y bind bind-utils
[root@dns~]$ vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
[root@dns~]$ vim /etc/named.rfc1912.zones
zone "bestit.com" IN {
type master;
file "bestit.com.zone";
};
[root@dns~]$ vim bestit.com.zone
$TTL 1D
@ IN SOA master smtp.bestit.com. ( 02 1D 1H 1W 3H )
@ NS master
master A 10.0.0.8
www CNAME web1
web1 A 10.0.0.11
web1 A 10.0.0.12
blog CNAME web2
web2 A 10.0.0.13
web2 A 10.0.0.14效果图
阅读建议
评论
匿名评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果