老男孩教育01期脱产班-day30-综合架构存储服务-NFS
================================================================================================
00. 课程说明:
1) 负载均衡遗留知识点补充
2) 高可用服务的概念介绍
3) 部署安装高可用服务
4) 高可用服务配置文件参数说明
5) 高可用服务VRRP协议原理
6) 高可用服务常见问题(脑裂也叫裂脑文件)
7) 高可用服务如何进行监控
8) 高可用服务实现双主配置
01. 课程回顾:
1) LNMP架构常见问题
a 如何实现WEB服务器和存储服务器建立关系
web+nfs
1) 找到网站数据存储的本地目录
2) 如果本地存储目录有数据,需要进行迁移备份
3) 编写查看nfs服务配置参数(xxx_squash)
4) 实现挂载操作(实现开机自动挂载)
web+mysql
1) 将本地数据数据进行备份 mysqldump --all-database
2) 将备份数据进行迁移
3) 将数据进行还原
4) 修改代码文件,连接新的数据库服务
b 负载均衡概念说明
什么是集群
什么是负载
什么是反向代理
c 负载均衡集群架构部署
集群环境部署
负载均衡部署
upstream模块 实现负载均衡
proxy_pass 实现反向代理 单独使用发送请求给指定web服务器
proxy_pass可以单独使用 ,upstream模块要搭配proxy_pass一起使用
d 负载均衡相关模块详细说明
e 负载均衡异常排错思路
02. 负载均衡企业实践应用 动静分离
1) 根据用户访问的uri信息进行负载均衡
第一个历程: 架构环境规划
/upload 集群-10.0.0.8:80 html/www/upload upload服务器集群
/static 集群-10.0.0.7:80 html/www/static static服务器集群
/ 集群-10.0.0.9:80 html/www default服务器集群
web02上进行环境部署: 上传服务器
[root@web02 ~]# mkdir /html/www/upload
[root@web02 ~]# echo "upload-web集群_10.0.0.8" >/html/www/upload/oldboy.html
web01上进行环境部署: 静态服务器
[root@oldboy01 html]# mkdir /html/www/static
[root@oldboy01 html]# echo static-web集群_10.0.0.7 >/html/www/static/oldboy.html
web03上进行环境部署: 默认服务器
echo "default-web集群_10.0.0.9" >/html/www/oldboy.html
第二个历程: 编写负载均衡配置文件
[root@lb01 conf.d]# cat lb.conf
upstream upload {
server 10.0.0.8:80;
}
upstream static {
server 10.0.0.7:80;
}
upstream default {
server 10.0.0.9:80;
}
server {
listen 80;
server_name www.oldboy.com;
location / {
proxy_pass http://default;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404 http_502 http_403;
}
location /upload {
proxy_pass http://upload;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404 http_502 http_403;
}
location /static {
proxy_pass http://static;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404 http_502 http_403;
}
}
[root@web03 /etc/nginx/conf.d]# cat www.conf
server {
listen 80;
server_name www.oldboy.com oldboy.com;
access_log /var/log/nginx/www_access.log main;
if ($host ~* "^oldboy.com$") {
rewrite ^/(.*) http://www.oldboy.com/$1 permanent;
}
location / {
root /html/www;
index oldboy.html;
# auth_basic "oldboy-sz-01";
# auth_basic_user_file password/htpasswd;
#autoindex on;
#charset utf-8;
}
location /AV {
deny 192.168.40.0/24;
allow 172.16.1.0/24;
root /html/www;
index index.html;
}
}
总结: 实现网站集群动静分离
01. 提高网站服务安全性
02. 管理操作工作简化
03. 可以换分不同人员管理不同集群服务器
2) 根据用户访问的终端信息显示不同页面
第一个历程: 准备架构环境
iphone www.oldboy.com --- iphone_access 10.0.0.7:80 mobile移动端集群
谷歌 www.oldboy.com --- google_access 10.0.0.8:80 web端集群
IE 360 www.oldboy.com --- default_access 10.0.0.9:80 default端集群
web01:
echo "iphone_access 10.0.0.7" >/html/www/oldboy.html
web02:
echo "google_access 10.0.0.8" >/html/www/oldboy.html
web03:
echo "default_access 10.0.0.9" >/html/www/oldboy.html
第二个历程: 编写负载均衡配置文件
[root@lb01 conf.d]# cat lb.conf
upstream web {
server 10.0.0.8:80;
}
upstream mobile {
server 10.0.0.7:80;
}
upstream default {
server 10.0.0.9:80;
}
server {
listen 80;
server_name www.oldboy.com;
location / {
if ($http_user_agent ~* iphone) {
proxy_pass http://mobile;
}
if ($http_user_agent ~* Chrome) {
proxy_pass http://web;
}
proxy_pass http://default;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404 http_502 http_403;
}
}
04. 高可用服务介绍说明
避免负载均衡服务出现单点问题
主负载均衡服务器宕机自动切换到备份负载均衡服务器
主恢复后会自动切换到主上
05. 高可用服务的原理
见图说明
06. 如何实现部署高可用服务
利用keepalived软件实现
作用:
1. 起初为LVS服务而诞生出来的 k8s + 容器技术docker 容器<--镜像<--仓库 春节抢红包
keepalived + LVS负载均衡软件(4层)
2. 实现高可用服务功能
3.实现对LVS集群节点健康检查功能
07. 高可用keepalived服务部署流程
第一个历程: 准备高可用服务架构 两台一样的负载均衡服务器
第二个历程: 安装部署keepalived软件 (lb01 lb02)
yum install -y keepalived
第三个历程: 编写keepalived配置文件
vim /etc/keepalived/keepalived.conf
GLOBAL CONFIGURATION --- 全局配置部分
VRRPD CONFIGURATION --- VRRP协议配置部分
LVS CONFIGURATION --- LVS服务管理配置部分
一个软件安装完成,怎么找他的配置文件
rpm –ql keepalived 找带.conf的一般为配置文件
[root@lb01 ~]# rpm -ql keepalived
/etc/keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived
/usr/bin/genhash
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs { --- 全局配置部分
notification_email { --- 设置发送邮件信息的收件人
}
notification_email_from [email protected] --- 设置连接的邮件服务器信息
smtp_server 163.smtp.xxx_
smtp_connect_timeout 30
router_id LVS_DEVEL --- 高可用集群主机身份标识(集群中主机身份标识名称不能重复)
}
vrrp_instance oldboy { --- Vrrp协议家族 oldboy
state MASTER --- 标识所在家族中的身份 (MASTER/BACKUP)
interface eth0 --- 指定虚拟IP地址出现在什么网卡上
virtual_router_id 51 --- 标识家族身份信息 多台高可用服务配置要一致 51这个家族
priority 100 --- 设定优先级 优先级越高,就越有可能成为主,真正是不是主看这里
advert_int 1 --- 定义组播包发送的间隔时间(秒) 主和备配置一样 1
authentication { --- 实现通讯需要有认证过程
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { --- 配置虚拟IP地址信息
192.168.200.16
192.168.200.17
192.168.200.18
}
}
lb01配置信息:主
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance oldboy {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24
}
}
lb02配置信息:备
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance oldboy {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24
}
}
#######################################################
[root@lb01 /etc/keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30 颜色部分与监控邮件相关可以在这里不设置,后面用监控软件统一监控
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.16
192.168.200.17
192.168.200.18
}
}
[root@lb02 /etc/keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.16
192.168.200.17
192.168.200.18
}
}
[root@lb02 /etc/keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
vrrp_instance oldboy {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.40.3/24
}
}
[root@lb01 /etc/keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance oldboy {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.40.3/24
}
}
第三个历程: 启动keepalived服务
...
systemctl start keepalived
systemctl enable keepalived
第四个历程: 修改域名和IP地址解析关系
![clip_image015[4]](https://s4.51cto.com/images/blog/202004/17/15b7dd88ec05a50e881c1c5b8abf92a0.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image015[4]")
Hosts 文件改为.3
此时用户访问.3 虚拟地址就等于访问.5 然后.5再把请求分给.8
实现此功能负载均衡服务器要开启nginx服务
![clip_image017[4]](https://s4.51cto.com/images/blog/202004/17/52f04d60c609b4e1e58b48ca28e6fafc.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image017[4]"){kind=small}
![clip_image019[4]](https://s4.51cto.com/images/blog/202004/17/c2340629729cc6646e7593fdff971890.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image019[4]"){kind=small}
Lb01 停机 后
![clip_image021[4]](https://s4.51cto.com/images/blog/202004/17/74380330ec7eeaf26931f82611e46e0e.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image021[4]"){kind=small}
[root@lb01 /etc/keepalived]# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:14:85:76 brd ff:ff:ff:ff:ff:ff
inet 192.168.40.5/24 brd 192.168.40.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.40.3/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::2dda:aa62:16a0:81d8/64 scope link tentative dadfailed
[root@lb02 /etc/keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever …
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a3:c9:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.40.6/24 brd 192.168.40.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::2d3b:49c3:ed1:d89/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::3008:8972:b5ae:cb62/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever …
可以看出lb02没有虚拟地址信息就告诉lb01我还活着你不要篡位
把01stop keepalived如下
[root@lb02 /etc/keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a3:c9:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.40.6/24 brd 192.168.40.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.40.3/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::2d3b:49c3:ed1:d89/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::3008:8972:b5ae:cb62/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
[root@lb01 ~]# systemctl stop keepalived
[root@lb02 /etc/keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a3:c9:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.40.6/24 brd 192.168.40.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.40.3/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::2d3b:49c3:ed1:d89/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::3008:8972:b5ae:cb62/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
08. 高可用服务企业应用
1. 高可用服务常见异常问题---脑裂问题—多主
![clip_image023[4]](https://s4.51cto.com/images/blog/202004/17/e789ab55acd1e8b87a4a812ec3e6bf23.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image023[4]")
![clip_image025[4]](https://s4.51cto.com/images/blog/202004/17/1c87ed3a04860c52100c814b6374df35.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image025[4]")
出现原因: 主和从都出现虚拟VIP地址
高可用备服务器接收不到主服务器发送的组播包,备服务器上会自动生成VIP地址
注:组播包由主服务器一直发
![clip_image027[4]](https://s4.51cto.com/images/blog/202004/17/8fbf8037337df9a4b1e022b3d362d221.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image027[4]")
物理原因:
高可用集群之间通讯线路出现问题(心跳线问题)
逻辑原因:
有安全策略阻止(主服务器发的组播包从服务器收不到,从服务器也在发)
![clip_image029[4]](https://s4.51cto.com/images/blog/202004/17/2f418b4e921917c2bdb561ce13abb3e4.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image029[4]")
如何解决脑裂问题:
01. 进行监控,发出告警
备服务器出现VIP地址的原因:
a 主服务器出现故障
b 出现脑裂问题
[root@lb02 /etc/keepalived]# mkdir /server/scripts
[root@lb02 /server/scripts ]#vim check_naolie.sh
#!/bin/bash
ip a s eth0|grep "10.0.0.3" >/dev/null
if [ $? -eq 0 ]
then
echo "keepalived服务出现异常,请进行检查"|mail -s 异常告警-keepalived [email protected]
fi
配置邮件
[root@lb02 /etc/keepalived]vim /etc/mail.rc
如果只有一台有10.0.0.3 查看下日志看下什么原因
[root@lb02 ~]systemctl restart postfix.service
shell脚本进行比较判断
-eq 等于
-ne 不等于
-lt 小于
-gt 大于
-le 小于等于
-ge 大于等于
02. 直接关闭一台服务器的keepalived服务再去分析
systemctl stop keepaliaved 主和从随意关一个
2. 如何实现keepalived服务自动释放vip地址资源
nginx(皇帝) + keepalived(妃子): nginx服务停止(皇帝死了),keepalived也必须停止(殉情)
nginx停止自动切换负载均衡服务器 (脚本完成)
第一个历程: 编写监控nginx服务状态监控 看下nginx是不是活着
[root@lb01 ~]# mkdir /server/scripts –p
[root@lb01 ~]# cd /server/scripts
[root@lb01 ~]# vim check_nginx.sh
#!/bin/bash
num=`ps -ef|grep -c [n]ginx`
if [ $num -lt 2 ]
then
systemctl stop keepalived
fi
脚本上也可以加上邮件通知
# grep –c 也是统计行数 等价于 wc -l
第二个历程: 测试监控脚本
要过滤的东西和脚本名称最好不要有重合,要不影响过滤内容
第三个历程: 实时监控nginx服务状态---keepalived配置文件 check_web=/server/scripts/check_web.sh 下面相当于定义变量
vrrp_script check_web {
script "/server/scripts/check_web.sh" --- 定义需要监控脚本(脚本是执行权限)
interval 2 --- 执行脚本的间隔时间(秒)
weight 2 --- ???
}
$check_web ##下面相当于调用变量
track_script {
check_web --- 调用执行你的脚本信息
}
keepalived信息配置
[root@lb01 scripts]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script check_web {
script "/server/scripts/check_web.sh"
interval 3
weight 2
}
vrrp_instance oldboy {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24
}
track_script {
check_web
}
}
##########################################################
[root@lb01 /etc/keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script check_web {
script "/server/scripts/check_web.sh"
interval 2
weight 2
}
vrrp_instance oldboy {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.40.3/24
}
track_script {
check_web
}
}
3. 如何高可用集群双主配置
两者互为主备
第一个历程: 编写lb01服务器keepalived配置文件
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance oldboy {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24
}
}
vrrp_instance oldgirl {
state BACKUP
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.4/24
}
}
########################################3
[root@lb01 /etc/keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance oldboy {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.40.3/24
}
}
vrrp_instance oldgirl {
state BACKUP
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.40.4/24
}
}
第二个历程: 编写lb02服务器keepalived配置文件
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance oldboy {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24
}
}
vrrp_instance oldgirl {
state MASTER
interface eth0
virtual_router_id 52
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.4/24
}
}
#######################################
[root@lb02 /etc/keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance oldboy {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.40.3/24
}
}
vrrp_instance oldgirl {
state MASTER
interface eth0
virtual_router_id 52
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.40.4/24
}
}
[root@lb02 /etc/keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a3:c9:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.40.6/24 brd 192.168.40.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.40.4/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::2dda:aa62:16a0:81d8/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
[root@lb01 /etc/keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:14:85:76 brd ff:ff:ff:ff:ff:ff
inet 192.168.40.5/24 brd 192.168.40.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.40.3/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::2dda:aa62:16a0:81d8/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
#############################################
第三个历程: 编写域名和IP地址解析信息
进行抓包查看:
www.oldboy.com --- 10.0.0.3(10.0.0.5)
10.0.0.1 --- 10.0.0.3
10.0.0.5 --- 10.0.0.7
10.0.0.7 --- 10.0.0.5
10.0.0.3 --- 10.0.0.1
bbs.oldboy.com --- 10.0.0.4(10.0.0.6)
10.0.0.1 --- 10.0.0.4
10.0.0.6 --- 10.0.0.7
10.0.0.7 --- 10.0.0.6
10.0.0.4 --- 10.0.0.1
###########################
浏览器访问bbs.oldboy.com
浏览器访问www.oldboy.com
4. 高可用服务安全访问配置(负载均衡服务)
#实现把虚拟地址(3和4)给客户不把真实地址给客户就能访问
#客户访问负载均衡 省不掉外网地址,客户通过外网访问
第一个历程: 修改nginx负载均衡文件
upstream oldboy {
server 10.0.0.7:80;
server 10.0.0.8:80;
server 10.0.0.9:80;
}
server {
listen 10.0.0.3:80;
server_name www.oldboy.com;
location / {
proxy_pass http://oldboy;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404 http_502 http_403;
}
}
server {
listen 10.0.0.4:80;
server_name bbs.oldboy.com;
location / {
proxy_pass http://oldboy;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
第二个历程: 修改内核文件
异常问题:
01. 如何设置监听网卡上没有的地址 虚拟地址
server {
listen 192.168.40.4:80;
server_name bbs.oldboy.com;
server {
listen 192.168.40.3:80;
server_name www.oldboy.com;
Nginx 没有办法监听本地不存在的ip地址 监听不了3和4
解决: 需要修改内核信息
echo 'net.ipv4.ip_nonlocal_bind = 1' >>/etc/sysctl.conf
sysctl -p 加载内核文件
bind 表示绑定的意思
[root@lb01 /etc/nginx/conf.d]# vim lb.conf
upstream oldboy {
server 192.168.40.7:80 ;
server 192.168.40.8:80 ;
server 192.168.40.9:80 ;
}
server {
listen 192.168.40.3:80;
server_name www.oldboy.com;
location / {
proxy_pass http://oldboy;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404 http_502 http_403;
}
}
#server {
# listen 80;
# server_name blog.oldboy.com;
# location / {
# proxy_pass http://oldboy;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $remote_addr;
# }
#}
server {
listen 192.168.40.4:80;
server_name bbs.oldboy.com;
location / {
proxy_pass http://oldboy;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
"lb.conf" 34L, 830C written
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
##修改NGINX的地址信息后一定要restart 不能reload
[root@lb01 /etc/nginx/conf.d]# netstat -lnput|grep nginx
tcp 0 0 192.168.40.4:80 0.0.0.0:* LISTEN 9970/nginx: master
tcp 0 0 192.168.40.3:80 0.0.0.0:* LISTEN 9970/nginx: master
监听虚拟地址 要把真实地址先关掉(红色注释部分)要不然还是监听不到虚拟vip地址
这样windows 上hosts文件设置 .3 .4 能访问 设置成真实地址.5 .6不能访问,这样更安全
##########################################
第三个历程: 重启nginx负载均衡服务
systemctl restart nginx
#.6这台也有同样配置\
[root@lb02 /etc/nginx/conf.d]# cat lb.conf
upstream oldboy {
server 192.168.40.7:80 ;
server 192.168.40.8:80 ;
server 192.168.40.9:80 ;
}
server {
listen 192.168.40.3:80;
server_name www.oldboy.com;
location / {
proxy_pass http://oldboy;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404 http_502 http_403;
}
}
#server {
# listen 80;
# server_name blog.oldboy.com;
# location / {
# proxy_pass http://oldboy;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $remote_addr;
# }
#}
server {
listen 192.168.40.4:80;
server_name bbs.oldboy.com;
location / {
proxy_pass http://oldboy;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
[root@lb02 /etc/nginx/conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] bind() to 192.168.40.3:80 failed (99: Cannot assign requested address)
nginx: configuration file /etc/nginx/nginx.conf test failed
[root@lb02 /etc/nginx/conf.d]# echo 'net.ipv4.ip_nonlocal_bind = 1' >>/etc/sysctl.conf
[root@lb02 /etc/nginx/conf.d]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@lb02 /etc/nginx/conf.d]# systemctl restart nginx
[root@lb02 /etc/nginx/conf.d]# netstat -lnput|grep nginx
tcp 0 0 192.168.40.4:80 0.0.0.0:* LISTEN 5274/nginx: master
tcp 0 0 192.168.40.3:80 0.0.0.0:* LISTEN 5274/nginx: master
09. 高可用服务课程总结
1) 负载均衡服务扩展补充
根据用uri信息进行负载均衡(动静分离架构)
根据user_agent信息进行负载均衡(手机用户和浏览器访问用户页面信息可以不一致)
2) 高可用服务作用(避免出现单点故障)
3) keepalived高可用服务
1. 管理LVS负载均衡软件
2. 实现高可用功能(vrrp原理)
4) keepalived服务配置文件
5) keepalived服务企业应用
1. 可能出现脑裂问题 --- 脚本编写
2. 如何实现自动释放资源 --- 脚本(监控web服务) 修改keepalived文件
3. 如何实现双主配置 --- 编写keepalived配置文件 编写多个vrrp实例
4. 如何实现负载均衡安全访问 --- 编写负载均衡nginx配置文件配置监听vip地址信息
作业:
01. 如何实现keepalived服务实时监控---while循环
02. nginx服务停止 keepalived服务也自动停止
nginx服务启动 keepalived服务自动恢复 ??? --- weight
03. 预习: zbbix监控服务 (基础部分(手工配置)+高级部分(自动监控))
克隆好一台zabbix服务器 --- zabbix软件安装好 yum