环境:利用keeplived实现web服务器的双机热备(高可用)
注意:
(1) 利用keeplived+web做双击热备(高可用),最少需要两台服务器,可以实现多域名对应一个VIP,并且访问不同域名,显示不同主页,可行,已测
(2) vip(虚拟ip)不能和物理ip冲突
(3) vip(虚拟ip)最好设置成和内网ip同一网段,最后做地址映射到公网ip
(4) 两台web服务的网站内容必须相同
1、安装keepalived(与负载均衡服务器在一台服务器上)
- keepalived使用 VRRP(虚拟路由冗余协议),实现单点故障切换,俗称心跳线监听
yum -y install keepalived
[root@oldboy ~]# cd /etc/keepalived/
[root@oldboy keepalived]# cp keepalived.conf keepalived.conf.ori
[root@oldboy keepalived]# sed -n '1,31p' keepalived.conf.ori >keepalived.conf
2、配置web服务器
(1) 配置real-server-10.0.0.7(nginx-web)
[root@Oldboy extra]# cat www.conf
server {
listen 80;
server_name www.etiantian.org;
location / {
root html/www;
index index.html index.htm;
}
}
[root@Oldboy extra]# cat bbs.conf
server {
listen 80;
server_name bbs.etiantian.org;
location / {
root html/bbs;
index index.php index.html index.htm;
}
}
[root@Oldboy extra]# cat blog.conf
server {
listen 80;
server_name blog.etiantian.org;
location / {
root html/blog;
index index.html index.php;
}
location ~ .*\.(php|php5)?$ {
root html/blog;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}
==========================================
(2) 配置real-server-10.0.0.8 (apache-web)
[root@Oldboy extra]# egrep -v "#|^$" httpd-vhosts.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin oldboy@oldboyedu.com
DocumentRoot "/application/apache2.2.31/htdocs/www"
ServerName www.etiantian.org
ServerAlias etiantian.org
ErrorLog "/app/logs/www-error_log"
CustomLog "/app/logs/www-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin oldboy@oldboyedu.com
DocumentRoot "/application/apache2.2.31/htdocs/bbs"
ServerName bbs.etiantian.org
ErrorLog "/app/logs/bbs-error_log"
CustomLog "/app/logs/bbs-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin oldboy@oldboyedu.com
DocumentRoot "/application/apache2.2.31/htdocs/blog"
ServerName blog.etiantian.org
ErrorLog "/app/logs/blog-error_log"
CustomLog "/app/logs/blog-access_log" common
</VirtualHost>
3、配置keepalived(keepalived和负载均衡服务器在一台服务器上)
(1) 配置keepalived-MASTER(10.0.0.5)
[root@Oldboy keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL_01 \\keepalived服务器标识符,最好和备keepalived不一样
}
vrrp_instance VI_1 { \\VRRP实例,多实例不能相同,但是主备必须相同
state MASTER \\指定keepalived的角色,MASTER为主服务器,BACKUP为备用服务器
interface eth0 \\监听的接口
virtual_router_id 51 \\虚拟路由标识,这个标识是一个数字(1-255),在一个VRRP实例中主备服务器ID必须一样
priority 150 \\优先级,数字越大优先级越高,在一个实例中主服务器优先级要高于备服务器
advert_int 1 \\设置主备之间同步检查的时间间隔,单位秒
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.1.254/24 dev eth0 label eth0:3 \\定义虚拟ip地址
}
}
=============================================
(2) 配置keepalived-BACKUP(10.0.0.6)
[root@Oldboy keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
}
router_id LVS_DEVEL_02 \\keepalived服务器标识符,最好和主keepalived不一样
}
vrrp_instance VI_1 { \\VRRP实例,和主一样
state BACKUP \\指定keepalived的角色,这里是备用服务器
interface eth0
virtual_router_id 51
priority 100 \\优先级低于主服务器,最好相差50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.1.254/24 dev eth0 label eth0:3
}
}
4、启动keepalived
/etc/init.d/keepalived start
chkconfig keepalived on
echo "/application/nginx/sbin/nginx" >> /etc/rc.d/rc.local
查看vip漂移:
[root@Oldboy keepalived]# ifconfig eth0:3
eth0:3 Link encap:Ethernet HWaddr 00:0C:29:6D:23:83
inet addr:172.16.1.254 Bcast:0.0.0.0 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
5、将vip映射到公网ip(由于我这里没有硬件防火墙,只能使用同一局域网的其它服务器代替,这台服务器需要能联网)
(1) 开启路由转发
[root@Oldboy ~]# sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g' /etc/sysctl.conf
[root@Oldboy ~]# sysctl -p
net.ipv4.ip_forward = 1
(2) 配置地址映射
iptables -F -t nat
iptables -t nat -I PREROUTING -p tcp -d 10.0.0.51 --dport 80 -j DNAT --to-destination 172.16.1.254:80
iptables -t nat -A POSTROUTING -j MASQUERADE
/etc/init.d/iptables save
/etc/init.d/iptables restart
6、测试并验证
客户端绑定hosts: 10.0.0.51 www.etiantian.org bbs.etiantian.org blog.etiantian.org (一个vip对应多个域名)
1、keepalived只负责vip漂移,能够让用户顺利将请求通过vip交给web服务器,当停止主服务器,备用服务器会接管vip继续提供web服务器
2、当访问www.etiantian.org bbs.etiantian.org 或 blog.etiantian.org,则解析到 10.0.0.51(公网VIP)并NAT映射到172.16.1.254(vip与web服务器在一起),为用户提供服务