LVS+Keepalived+Nginx+Tomcat群集环境搭建
LVS+Keepalived+Nginx+Tomcat群集环境搭建项目描述:由于公司业务的不断扩展,网站并发量不断增大,现有部署的(Apache+Tomcat)网站环境提供的服务无法满足实际需求——存在单节点故障、响应延迟等突出问题,因此,需要设计出具有可扩展的、高可用性负载均衡Web群集架构,以满足公司业务不断扩展的需求。
项目拓扑设计:file:///C:\Users\ADMINI~1.PC-\AppData\Local\Temp\ksohtml\wps8B7D.tmp.png
项目实施:一、 基础环境1、 操作系统——RHEL6.5或CentOS6.52、 负载调度器层部署2节点——主、备调度器,采用DR模式3、 服务器池层部署2节点——Nginx+Tomcat4、 关闭Iptables防火墙、禁用SELinux5、 IP地址规划——略。
二、 项目实施步骤1、部署负载调度器层(2节点)——VIP:172.16.1.2001)主调度器(LVS-DR-Master)IP:172.16.1.18A.调整内核/proc响应参数# vim /etc/sysctl.confnet.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.eth0.send_redirects = 0B.配置虚拟IP地址(VIP)和配置负载分配策略,均由keepalived根据配置文件自动配置和管理。# vim /etc/keepalived/keepalived.confglobal_defs { router_id LVS_MASTER # 设置lvs的id,在一个网络应该是唯一的}vrrp_instance VI_1 { state MASTER # 指定keepalived的角色,MASTER为主,BACKUP为备 interface eth0 # 当前进行vrrp通讯的网络接口卡(当前centos的网卡) virtual_router_id 66 # 虚拟路由编号,主从要一直 priority 100 # 优先级,数值越大,获取处理请求的优先级越高 advert_int 1 # 检查间隔,默认为1s(vrrp组播周期秒数) authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.16.1.200 # 定义虚拟ip(VIP),可多设,每行一个 }}# 定义对外提供的LVS的VIP以及portvirtual_server 172.16.1.200 80 { delay_loop 6 # 设置健康检查时间,单位为秒 lb_algo wrr # 设置负载调度的算法为wrr lb_kind DR # 设置lvs实现负载的机制,有NAT、TUN、DR三个模式 #nat_mask 255.255.255.0 #persistence_timeout 0 # 同一IP 0秒内的请求都发到同个real server protocol TCP real_server 172.16.1.19 8080 { # 指定real server1的ip地址weight 3 # 配置节点权值,数值越大权重越高 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 } } real_server 172.16.1.12 8080 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 } }}C.启动Keepalived服务,并设置为系统服务,实现开机自启动!# chkconfig --level 35 keepalived onD.查看VIP地址# ip addr show dev eth02: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:01:31:a1 brd ff:ff:ff:ff:ff:ff inet 172.16.1.18/16 brd 172.16.255.255 scope global eth0 inet 172.16.1.200/32 scope global eth0 inet 172.16.1.201/32 scope global eth0 inet6 fe80::20c:29ff:fe01:31a1/64 scope link valid_lft forever preferred_lft foreverE. 查看节点负载分配情况# ipvsadm -lnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP172.16.1.200:80 wrr-> 172.16.1.12:8080 Route 3 0 0 -> 172.16.1.19:8080 Route 3 0 0
2)备调度器(LVS-DR-Slave)IP:172.16.1.20A.调整内核/proc响应参数# vim /etc/sysctl.confnet.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.eth0.send_redirects = 0B.配置虚拟IP地址(VIP)和配置负载分配策略,均由keepalived根据配置文件自动配置和管理。# vim /etc/keepalived/keepalived.confglobal_defs { router_id LVS_BACKUP # 设置lvs的id,在一个网络应该是唯一的}vrrp_instance VI_1 { state BACKUP # 指定keepalived的角色,MASTER为主,BACKUP为备 interface eth0 # 当前进行vrrp通讯的网络接口卡(当前centos的网卡) virtual_router_id 66 # 虚拟路由编号,主从要一直 priority 95 # 优先级,数值越大,获取处理请求的优先级越高 advert_int 1 # 检查间隔,默认为1s(vrrp组播周期秒数) authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.16.1.200 # 定义虚拟ip(VIP),可多设,每行一个
}}# 定义对外提供的LVS的VIP以及portvirtual_server 172.16.1.200 80 { delay_loop 6 # 设置健康检查时间,单位为秒 lb_algo wrr # 设置负载调度的算法为wrr lb_kind DR # 设置lvs实现负载的机制,有NAT、TUN、DR三个模式 #nat_mask 255.255.255.0 #persistence_timeout 0 # 同一IP 0秒内的请求都发到同个real server protocol TCP real_server 172.16.1.19 8080 { # 指定real server1的ip地址weight 3 # 配置节点权值,数值越大权重越高 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 } } real_server 172.16.1.12 8080 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 } }}C.启动Keepalived服务,并设置为系统服务,实现开机自启动!# chkconfig --level 35 keepalived onD.查看VIP地址# ip addr show dev eth02: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:27:3d:8b brd ff:ff:ff:ff:ff:ff inet 172.16.1.20/16 brd 172.16.255.255 scope global eth0 inet6 fe80::20c:29ff:fe27:3d8b/64 scope link valid_lft forever preferred_lft foreverE. 查看节点负载分配情况# ipvsadm -lnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP172.16.1.200:80 wrr-> 172.16.1.12:8080 Route 3 0 0 -> 172.16.1.19:8080 Route 3 0 0
2、部署服务器池层——Nginx+Tomcat(2节点)1)搭建Tomcat+Nginx环境(192.168.1.12)####先部署Tomcat环境####A.安装java环境# yum -y remove java# cd /usr/src# tar xf jdk-7u65-linux-x64.gz# mv jdk1.7.0_65/ /usr/local/java# vi /etc/profile.d/java.sh \\建立java脚本export JAVA_HOME=/usr/local/javaexport PATH=$PATH:$JAVA_HOME/bin# source /etc/profile.d/java.sh# java -versionB.安装tomcat# cd /usr/src# tar xf apache-tomcat-7.0.54.tar.gz# mv apache-tomcat-7.0.54 /usr/local/tomcat7# /usr/local/tomcat7/bin/startup.sh# netstat -anpt | grep 8080打开浏览器验证tomcathttp://127.0.0.1:8080#cd /usr/local/tomcat7/conf# vi server.xml \\tomcat的配置文件,内容保持默认C.建立java的web站点# mkdir -pv /web/webapp1# vi /web/webapp1/index.jsp添加网页代码<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><html><head><title>JSP test1 page</title></head><body><% out.println("welcom to test site,http://www.test1.com");%></body></html>
# vi server.xml \\cd /usr/local/tomcat7/conf找到host name位置,添加红色代码,注意大小写(124行)<Host name="localhost"appBase="webapps" unpackWARs="true" autoDeploy="true"> <Context docBase="/web/webapp1" path="" reloadable="false"> </Context>
解释:Reloadable:是否开启类的监控功能,如果为true ,则tomcat 会自动检测应用程序的/WEB-INF/lib 和/WEB-INF/classes 目录的变化,自动装载新的应用程序,我们可以在不重起tomcat 的情况下改变应用程序# /usr/local/tomcat7/bin/shutdown.sh# /usr/local/tomcat7/bin/startup.sh
####再部署Nginx环境####A.环境准备# yum list# yum clean all \\清除yum缓存# yum -y install gcc* \\GNU编译器套件,用以支持C语言等的编译环境# yum remove httpd# rpm -qa httpdB.安装Nginxa)安装支持的软件# yum -y install pcre-devel zlib-devel \\有些系统会提示已经安装过了 注释: PCRE(Perl Compatible Regular Expressions即:perl语言兼容正则表达式)是一个用C语言编写的正则表达式函数库。zlib:应用程序依靠zlib压缩函式库b)创建运行用户和组# useradd -M -s /sbin/nologin nginxC.编译安装Nginx# cd /usr/src# tar zxvf nginx-1.6.0.tar.gz# cd nginx-1.6.0# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module注释:--with-http_stub_status_module:负责监控并统计http的运行状态和访问情况# make && make install
# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin# ls -l /usr/local/sbin/nginx# nginx -t \\对配置文件进行检测# nginx \\启动nginx# netstat -anpt | grep nginxtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 31930/nginx# yum -y install elinks# elinks http://localhost# killall -s HUP nginx \\重载nginx# killall -s QUIT nginx \\退出nginx进程
D.编辑服务控制脚本# vi /etc/init.d/nginx#!/bin/bash# chkconfig: - 99 20# description: Nginx Server Control ScriptPROG="/usr/local/nginx/sbin/nginx"PIDF="/usr/local/nginx/logs/nginx.pid"case "$1" instart) $PROG;;stop)kill -s QUIT $(cat $PIDF);;restart)$0 stop$0 start;;reload)kill -s HUP $(cat $PIDF);;status)[ -f $PID ] &> /dev/null if [ $? -eq 0 ] then netstat-anpt | grep nginx else echo "Nginx is not running." fi ;;*)echo "Usage: $0 {start|stop|restart|reload|status}"esacexit 0E.添加为系统服务# nginx -t\\语法检查# chmod +x /etc/init.d/nginx# chkconfig --add nginx
####调整Nginx主配置文件####(172.16.1.12和172.16.1.19主配置文件一样)# vim /usr/local/nginx/conf/nginx.confusernginx; #运行用户worker_processes1; #启动进程,通常设置成和cpu的数量相等#全局错误日志及PID文件error_log/usr/local/nginx/logs/error.log;error_log/usr/local/nginx/logs/error.lognotice;error_log/usr/local/nginx/logs/error.loginfo;pid /usr/local/nginx/logs/nginx.pid;# 工作模式及连接数上线events { use epoll; #epoll是多路复用IO(I/O Multiplexing)中的一种方式,但是仅用于linux2.6以上内核,可以大大提高nginx的>性能 worker_connections1024; #单个后台worker process进程的最大并发链接数}
#设定http服务器,利用它的反向代理功能提供负载均衡支持http { include mime.types; default_typeapplication/octet-stream; #log_formatmain'$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_loglogs/access.logmain; #设定请求缓冲 server_names_hash_bucket_size128; client_header_buffer_size 32K; large_client_header_buffers4 32k; # client_max_body_size 8m; #sendfile 指令指定 nginx 是否调用 sendfile 函数(zero copy 方式)来输出文件,对于普通应用, #必须设为 on,如果用来进行下载等应用磁盘IO重负载应用,可设置为 off,以平衡磁盘与网络I/O处理速度,降低系统的uptime.sendfile on; tcp_nopush on; tcp_nodelay on; #连接超时时间 #keepalive_timeout0; keepalive_timeout65; #开启gzip压缩,降低传输流量 gzipon; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version1.1; gzip_comp_level2; gzip_typestext/plain application/x-javascript text/cssapplication/xml; gzip_vary on; #添加tomcat列表,负载均衡的服务器都放在这 upstream tomcat_server { #server tomcat地址:端口号 weight表示权值,权值越大,被分配的几率越大; server 172.16.1.19:8080 weight=4 max_fails=2 fail_timeout=30s; server 172.16.1.12:8080 weight=4 max_fails=2 fail_timeout=30s; } server { listen 80; #监听端口 server_name172.16.1.200; #对外提供服务的网址(域名或者ip) #默认请求设置 location / { index index.jsp index.html index.htm; #设定访问的默认首页 root /web/webapp1; #站点根目录,此目录下存放我们的web项目} #charset koi8-r; #access_loglogs/host.access.logmain; #所有的jsp页面均由tomcat处理 location ~ \.(jsp|jspx|dp)?$ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://tomcat_server; #转向tomcat处理 } #所有的静态文件直接读取不经过tomcat,nginx自己处理 location ~ .*\.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma)$ { expires30d; } location ~ .*\.(js|css)?$ { expires1h; } #log_formataccess'$remote_addr - $remote_user [$time_local] "$request" '$status $body_bytes_sent "$http_referer"' '"$http_user_agent" $http_x_forwarded_for'; #access_log/usr/local/nginx/logs/ubitechtest.log access;#设定访问日志的存放路径
# redirect server error pages to the static page /50x.html # #定义错误提示页面 error_page 500 502 503 504/50x.html;
location = /50x.html { root html; } }}
####配置群VIP/添加内核参数/添加路由####以上内容均通过编写脚本realserver实现,具体内容如下:# vim /etc/init.d/realserver#!/bin/bash#chkconfig: - 85 80# description: Config realserver lo and apply noarp#Written by :Stone http://www.linuxtone.org
SNS_VIP=172.16.1.200
. /etc/rc.d/init.d/functions
case "$1" instart) ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP /sbin/route add -host $SNS_VIP dev lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p >/dev/null 2>&1 echo "RealServer Start OK" ;;stop) ifconfig lo:0 down route del $SNS_VIP >/dev/null 2>&1 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce echo "RealServer Stoped" ;;*) echo "Usage: $0 {start|stop}" exit 1esacexit 0
# chmod +x /etc/init.d/realserver# chkconfig --level 35 realserver on# chkconfig --list realserver realserver
页:
[1]