【51CTO.com獨家特稿】相信很多朋友對企業級的負載均衡高可用實例非常感興趣,此篇文章根據成熟的線上環境而寫,旨在幫助大家迅速架構一個企業級的負載均衡高可用的web環境。
此係統架構僅映射內網VIP的80及443端口於外網的Juniper防火牆下,其它端口均關閉,內網所有機器均關閉iptables及ipfw防火牆;外網DNS指向即通過Juniper映射出來的外網地址,而此映射的地址對映的其實是內網VIP地址。這裏說下端口的問題,有的朋友可能會很疑惑,這樣映射端口行不?通過項目實踐得知,這樣完全是可行的,php-cgi需要的9000端口及MySQL的3306端口均可走內網,完全不影響業務系統的運行。
另外,我維護的電子商務網站併發大約在1000左右,此時,Nginx+Apache集羣運行得非常穩定,尤其是apache,並沒有想象中那般弱;其實,在內存足夠(>=8G)的情況,測試時不連數據庫的話,單臺apache+php5能頂得住6000併發,而且相當穩定。在網站升級架構方面,我不贊成全面淘汰生級,錦上添花式的升級會更好。
第一部分:Nginx+Keepalived的說明及環境說明
喜歡看我博客或文章的朋友都知道,我一直主力推崇Nginx+Keepalived作web的負載均衡高可用架構,並積極將其用於項目方案中;Nginx負載均衡作服務器遇到的故障一般有①服務器網線鬆動等網絡故障;②服務器硬件故障從而crash;③nginx服務死掉;遇到前二者情況,keeaplived是能起到HA的作用的;然而遇到③種情況就沒有辦法了,但可以通過shell監控解決這問題,從而實現真正意義上的負載均衡高可用。此篇的最新更新時間爲2010年6月25號,下面將其安裝步驟詳細說明下:
環境:
- centos5.3(64位)、nginx-0.7.51、keepalived-1.1.15
- 主nginx負載均衡器:192.168.0.154
- 輔nginx負載均衡器:192.168.9.155
- vip:192.168.0.188
第二部分:分別安裝Nginx負載均衡器及相關配置腳本
先安裝Nginx負載均衡器,nginx負載的配置就用一般的模板來配置了
- #添加運行nginx的用戶和組www
- groupadd www
- useradd -g www www
- wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.8.tar.gz
- tar zxvf pcre-7.8.tar.gz
- cd pcre-7.8/
- ./configure
- make && make install
- wget http://sysoev.ru/nginx/nginx-0.7.51.tar.gz
- tar zxvf nginx-0.7.51.tar.gz
- cd nginx-0.7.51/
- ./configure --user=www --group=www --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module
- make && make install
配置nginx負載均衡器的配置文件vim /usr/local/nginx/conf/nginx.conf,此篇文章僅僅只是我的某項目的配置文檔,純80轉發;如果對nginx配置有https要求的可參考張宴的相關文章。
- user www www;
- worker_processes 8;
- pid /usr/local/nginx/logs/nginx.pid;
- worker_rlimit_nofile 65535;
- events
- {
- use epoll;
- worker_connections 65535;
- }
- http{
- include mime.types;
- default_type application/octet-stream;
- server_names_hash_bucket_size 128;
- client_header_buffer_size 32k;
- large_client_header_buffers 4 32k;
- client_max_body_size 8m;
- sendfile on;
- tcp_nopush on;
- keepalive_timeout 60;
- tcp_nodelay on;
- fastcgi_connect_timeout 300;
- fastcgi_send_timeout 300;
- fastcgi_read_timeout 300;
- fastcgi_buffer_size 64k;
- fastcgi_buffers 4 64k;
- fastcgi_busy_buffers_size 128k;
- fastcgi_temp_file_write_size 128k;
- gzip on;
- gzip_min_length 1k;
- gzip_buffers 4 16k;
- gzip_http_version 1.0;
- gzip_comp_level 2;
- gzip_types text/plain application/x-javascript text/css application/xml;
- gzip_vary on;
- upstream backend
- {
- server 192.168.1.102:80;
- server 192.168.1.103:80;
- server 192.168.1.105:80;
- }
- server {
- listen 80;
- server_name www.yuhongchun027.com;
- location / {
- root /var/www ;
- index index.jsp index.htm index.html;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_pass http://backend;
- }
- location /nginx {
- access_log on;
- auth_basic "NginxStatus";
- auth_basic_user_file /usr/local/nginx/htpasswd;
- }
- log_format access '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" $http_x_forwarded_for';
- access_log /var/log/access.log access;
- }
- }
小節:
第一部分和第二部分講的是如何通過安裝Nginx來達到負載均衡後端web集羣的過程,Nginx能實現自動切換後端有故障的web服務器;但Nginx負載均衡器出了問題怎麼辦呢,它們之間是如何實現無故障轉移的呢?
第三部分:安裝Keepalived,讓其分別作web及Nginx的HA
安裝keepalived,並將其做成服務模式,方便以後調試。
- wget http://www.keepalived.org/software/keepalived-1.1.15.tar.gz
- #tar zxvf keepalived-1.1.15.tar.gz
- #cd keepalived-1.1.15
- #./configure --prefix=/usr/local/keepalived
- #make
- #make install
- #cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
- #cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
- #cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
- #mkdir /etc/keepalived
- #cd /etc/keepalived/
- vim keepalived.conf
- ! Configuration File for keepalived
- global_defs {
- notification_email {
- [email protected]
- }
- notification_email_from [email protected]
- smtp_server 127.0.0.1
- smtp_connect_timeout 30
- router_id LVS_DEVEL
- }
- vrrp_instance VI_1 {
- state MASTER
- interface eth0
- virtual_router_id 51
- mcast_src_ip 192.168.0.154 <==主nginx的IP地址
- priority 100
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass chtopnet
- }
- virtual_ipaddress {
- 192.168.0.188 <==vip地址
- }
- }
- #service keepalived start
我們來看一下日誌:
- [root@ltos ~]# tail /var/log/messages
- Oct 6 03:25:03 ltos avahi-daemon[2306]: Registering new address record for 192.168.0.188 on eth0.
- Oct 6 03:25:03 ltos avahi-daemon[2306]: Registering new address record for 192.168.0.154 on eth0.
- Oct 6 03:25:03 ltos avahi-daemon[2306]: Registering HINFO record with values 'I686'/'LINUX'.
- Oct 6 03:25:23 ltos avahi-daemon[2306]: Withdrawing address record for fe80::20c:29ff:feb9:eeab on eth0.
- Oct 6 03:25:23 ltos avahi-daemon[2306]: Withdrawing address record for 192.168.0.154 on eth0.
- Oct 6 03:25:23 ltos avahi-daemon[2306]: Host name conflict, retrying with <ltos-31>
很顯然vrrp已經啓動,我們還可以通過命令來檢查
- [root@ltos html]# ip addr
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
- link/ether 00:0c:29:ba:9b:e7 brd ff:ff:ff:ff:ff:ff
- inet 192.168.0.154/24 brd 192.168.0.255 scope global eth0
- inet 192.168.0.188/32 scope global eth0
- inet6 fe80::20c:29ff:feba:9be7/64 scope link
- valid_lft forever preferred_lft forever
- 3: sit0: <NOARP> mtu 1480 qdisc noop
- link/sit 0.0.0.0 brd 0.0.0.0
說明vip已經啓動,這樣主服務器就配置好了,輔機的配置大致一樣,除了配置文件有少部分的變化,下面貼出輔機的配置文件:
- ! Configuration File for keepalived
- global_defs {
- notification_email {
- [email protected]
- }
- notification_email_from [email protected]
- smtp_server 127.0.0.1
- smtp_connect_timeout 30
- router_id LVS_DEVEL
- }
- vrrp_instance VI_1 {
- state BACKUP
- interface eth0
- virtual_router_id 51
- mcast_src_ip 192.168.0.155 <==輔nginx的IP的地址
- priority 100
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass chtopnet
- }
- virtual_ipaddress {
- 192.168.0.188
- }
- }
第四部分:針對Keepalived的不足,用Nginx_pid.sh來監控nginx進程,實現真正意義上的負載均衡高可用。
針對Nginx+Keepalived,編寫nginx監控腳本nginx_pid.sh,此腳本思路其實也很簡單,即放置在後臺一直監控nginx進程;如進程消失,嘗試重啓nginx,如是失敗則立即停掉本機的keepalived服務,讓另一臺負載均衡器接手,此腳本直接從生產環境下載:
- vim /root/nginx_pid.sh
- #!/bin/bash
- while :
- do
- nginxpid=`ps -C nginx --no-header | wc -l`
- if [ $nginxpid -eq 0 ];then
- /usr/local/nginx/sbin/nginx
- sleep 5
- nginxpid=`ps -C nginx --no-header | wc -l`
- if [ $nginxpid -eq 0 ];then
- /etc/init.d/keepalived stop
- fi
- fi
- sleep 5
- done
然後置於後臺運行 sh /root/nginx_pid.sh &,這種寫法是錯誤的,這樣你用root用戶logout後,此進程會消失;正確寫法爲nohup/bin/bash /root/nginx_pid.sh &,附帶下注釋:如果你正在運行一個進程,而且你覺得在退出帳戶時該進程還不會結束,那麼可以使用nohup命令。該命令可以在你退出root帳戶之後繼續運行相應的進程。nohup就是不掛起的意思( no hang up),哈哈,差點老馬失蹄了。
後記:
我的線上環境網絡非常複雜,這也是LVS+Keepalived失敗的原因。目前此套架構在1000併發的電子商務網站非常穩定,帶來的直接影響就是nginx_backup一直處於閒置狀態。相對於張宴的雙機輪詢而言,我感覺他的可能更加完美,因爲目前我的Nginx僅僅只做了負載均衡器,如果以後有機會我會嘗試做負載均衡器/反向代理加速。
【51CTO.com獨家特稿,非經授權謝絕轉載,合作媒體轉載請註明原文出處及作者!】