LVS+Keepalived+Nginx+Tomcat群集环境搭建
项目描述: 由于公司业务的不断扩展,网站并发量不断增大,现有部署的(Apache+Tomcat)网站环境提供的服务无法满足实际需求——存在单节点故障、响应延迟等突出问题,因此,需要设计出具有可扩展的、高可用性负载均衡Web群集架构,以满足公司业务不断扩展的需求。
项目拓扑设计: file:///C:\Users\ADMINI~1.PC-\AppData\Local\Temp\ksohtml\wps8B7D.tmp.png
项目实施: 一、 基础环境 1、 操作系统——RHEL6.5或CentOS6.5 2、 负载调度器层部署2节点——主、备调度器,采用DR模式 3、 服务器池层部署2节点——Nginx+Tomcat 4、 关闭Iptables防火墙、禁用SELinux 5、 IP地址规划——略。
二、 项目实施步骤 1、部署负载调度器层(2节点)——VIP:172.16.1.200 1)主调度器(LVS-DR-Master)IP:172.16.1.18 A.调整内核/proc响应参数 [iyunv@localhost ~]# vim /etc/sysctl.conf net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 B.配置虚拟IP地址(VIP)和配置负载分配策略,均由keepalived根据配置文件自动配置和管理。 [iyunv@localhost ~]# vim /etc/keepalived/keepalived.conf global_defs { router_id LVS_MASTER # 设置lvs的id,在一个网络应该是唯一的 } vrrp_instance VI_1 { state MASTER # 指定keepalived的角色,MASTER为主,BACKUP为备 interface eth0 # 当前进行vrrp通讯的网络接口卡(当前centos的网卡) virtual_router_id 66 # 虚拟路由编号,主从要一直 priority 100 # 优先级,数值越大,获取处理请求的优先级越高 advert_int 1 # 检查间隔,默认为1s(vrrp组播周期秒数) authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.16.1.200 # 定义虚拟ip(VIP),可多设,每行一个 } } # 定义对外提供的LVS的VIP以及port virtual_server 172.16.1.200 80 { delay_loop 6 # 设置健康检查时间,单位为秒 lb_algo wrr # 设置负载调度的算法为wrr lb_kind DR # 设置lvs实现负载的机制,有NAT、TUN、DR三个模式 #nat_mask 255.255.255.0 #persistence_timeout 0 # 同一IP 0秒内的请求都发到同个real server protocol TCP real_server 172.16.1.19 8080 { # 指定real server1的ip地址 weight 3 # 配置节点权值,数值越大权重越高 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 } } real_server 172.16.1.12 8080 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 } } } C.启动Keepalived服务,并设置为系统服务,实现开机自启动! [iyunv@localhost ~]# chkconfig --level 35 keepalived on D.查看VIP地址 [iyunv@localhost ~]# ip addr show dev eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:01:31:a1 brd ff:ff:ff:ff:ff:ff inet 172.16.1.18/16 brd 172.16.255.255 scope global eth0 inet 172.16.1.200/32 scope global eth0 inet 172.16.1.201/32 scope global eth0 inet6 fe80::20c:29ff:fe01:31a1/64 scope link valid_lft forever preferred_lft forever E. 查看节点负载分配情况 [iyunv@localhost ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.1.200:80 wrr -> 172.16.1.12:8080 Route 3 0 0 -> 172.16.1.19:8080 Route 3 0 0
2)备调度器(LVS-DR-Slave)IP:172.16.1.20 A.调整内核/proc响应参数 [iyunv@localhost ~]# vim /etc/sysctl.conf net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 B.配置虚拟IP地址(VIP)和配置负载分配策略,均由keepalived根据配置文件自动配置和管理。 [iyunv@localhost ~]# vim /etc/keepalived/keepalived.conf global_defs { router_id LVS_BACKUP # 设置lvs的id,在一个网络应该是唯一的 } vrrp_instance VI_1 { state BACKUP # 指定keepalived的角色,MASTER为主,BACKUP为备 interface eth0 # 当前进行vrrp通讯的网络接口卡(当前centos的网卡) virtual_router_id 66 # 虚拟路由编号,主从要一直 priority 95 # 优先级,数值越大,获取处理请求的优先级越高 advert_int 1 # 检查间隔,默认为1s(vrrp组播周期秒数) authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.16.1.200 # 定义虚拟ip(VIP),可多设,每行一个
} } # 定义对外提供的LVS的VIP以及port virtual_server 172.16.1.200 80 { delay_loop 6 # 设置健康检查时间,单位为秒 lb_algo wrr # 设置负载调度的算法为wrr lb_kind DR # 设置lvs实现负载的机制,有NAT、TUN、DR三个模式 #nat_mask 255.255.255.0 #persistence_timeout 0 # 同一IP 0秒内的请求都发到同个real server protocol TCP real_server 172.16.1.19 8080 { # 指定real server1的ip地址 weight 3 # 配置节点权值,数值越大权重越高 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 } } real_server 172.16.1.12 8080 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 } } } C.启动Keepalived服务,并设置为系统服务,实现开机自启动! [iyunv@localhost ~]# chkconfig --level 35 keepalived on D.查看VIP地址 [iyunv@localhost ~]# ip addr show dev eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:27:3d:8b brd ff:ff:ff:ff:ff:ff inet 172.16.1.20/16 brd 172.16.255.255 scope global eth0 inet6 fe80::20c:29ff:fe27:3d8b/64 scope link valid_lft forever preferred_lft forever E. 查看节点负载分配情况 [iyunv@localhost ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.1.200:80 wrr -> 172.16.1.12:8080 Route 3 0 0 -> 172.16.1.19:8080 Route 3 0 0
2、部署服务器池层——Nginx+Tomcat(2节点) 1)搭建Tomcat+Nginx环境(192.168.1.12) ####先部署Tomcat环境#### A.安装java环境 [iyunv@localhost 桌面]# yum -y remove java [iyunv@localhost 桌面]# cd /usr/src [iyunv@localhost src]# tar xf jdk-7u65-linux-x64.gz [iyunv@localhost src]# mv jdk1.7.0_65/ /usr/local/java [iyunv@localhost src]# vi /etc/profile.d/java.sh \\建立java脚本 export JAVA_HOME=/usr/local/java export PATH=$PATH:$JAVA_HOME/bin [iyunv@localhost src]# source /etc/profile.d/java.sh [iyunv@localhost src]# java -version B.安装tomcat [iyunv@localhost ~]# cd /usr/src [iyunv@localhost src]# tar xf apache-tomcat-7.0.54.tar.gz [iyunv@localhost src]# mv apache-tomcat-7.0.54 /usr/local/tomcat7 [iyunv@localhost src]# /usr/local/tomcat7/bin/startup.sh [iyunv@localhost src]# netstat -anpt | grep 8080 打开浏览器验证tomcat http://127.0.0.1:8080 [iyunv@localhost conf]#cd /usr/local/tomcat7/conf [iyunv@localhost conf]# vi server.xml \\tomcat的配置文件,内容保持默认 C.建立java的web站点 [iyunv@localhost conf]# mkdir -pv /web/webapp1 [iyunv@localhost conf]# vi /web/webapp1/index.jsp 添加网页代码 <%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <html> <head> <title>JSP test1 page</title> </head> <body> </body> </html>
[iyunv@localhost conf]# vi server.xml \\cd /usr/local/tomcat7/conf 找到host name位置,添加红色代码,注意大小写(124行) <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Context docBase="/web/webapp1" path="" reloadable="false"> </Context>
解释: Reloadable:是否开启类的监控功能,如果为true ,则tomcat 会自动检测应用程序的/WEB-INF/lib 和/WEB-INF/classes 目录的变化,自动装载新的应用程序,我们可以在不重起tomcat 的情况下改变应用程序 [iyunv@localhost conf]# /usr/local/tomcat7/bin/shutdown.sh [iyunv@localhost conf]# /usr/local/tomcat7/bin/startup.sh
####再部署Nginx环境#### A.环境准备 [iyunv@localhost yum.repos.d]# yum list [iyunv@localhost yum.repos.d]# yum clean all \\清除yum缓存 [iyunv@localhost yum.repos.d]# yum -y install gcc* \\GNU编译器套件,用以支持C语言等的编译环境 [iyunv@localhost yum.repos.d]# yum remove httpd [iyunv@localhost yum.repos.d]# rpm -qa httpd B.安装Nginx a)安装支持的软件 [iyunv@localhost ~]# yum -y install pcre-devel zlib-devel \\有些系统会提示已经安装过了 注释: PCRE(Perl Compatible Regular Expressions即:perl语言兼容正则表达式)是一个用C语言编写的正则表达式函数库。zlib:应用程序依靠zlib压缩函式库 b)创建运行用户和组 [iyunv@localhost ~]# useradd -M -s /sbin/nologin nginx C.编译安装Nginx [iyunv@localhost ~]# cd /usr/src [iyunv@localhost src]# tar zxvf nginx-1.6.0.tar.gz [iyunv@localhost nginx-1.6.0]# cd nginx-1.6.0 [iyunv@localhost nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module 注释:--with-http_stub_status_module:负责监控并统计http的运行状态和访问情况 [iyunv@localhost nginx-1.6.0]# make && make install
[iyunv@localhost nginx-1.6.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin [iyunv@localhost nginx-1.6.0]# ls -l /usr/local/sbin/nginx [iyunv@localhost nginx-1.6.0]# nginx -t \\对配置文件进行检测 [iyunv@localhost nginx-1.6.0]# nginx \\启动nginx [iyunv@localhost nginx-1.6.0]# netstat -anpt | grep nginx tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 31930/nginx [iyunv@localhost nginx-1.6.0]# yum -y install elinks [iyunv@localhost nginx-1.6.0]# elinks http://localhost [iyunv@localhost nginx-1.6.0]# killall -s HUP nginx \\重载nginx [iyunv@localhost nginx-1.6.0]# killall -s QUIT nginx \\退出nginx进程
D.编辑服务控制脚本 [iyunv@localhost ~]# vi /etc/init.d/nginx #!/bin/bash # chkconfig: - 99 20 # description: Nginx Server Control Script PROG="/usr/local/nginx/sbin/nginx" PIDF="/usr/local/nginx/logs/nginx.pid" case "$1" in start) $PROG ;; stop) kill -s QUIT $(cat $PIDF) ;; restart) $0 stop $0 start ;; reload) kill -s HUP $(cat $PIDF) ;; status) [ -f $PID ] &> /dev/null if [ $? -eq 0 ] then netstat -anpt | grep nginx else echo "Nginx is not running." fi ;; *) echo "Usage: $0 {start|stop|restart|reload|status}" esac exit 0 E.添加为系统服务 [iyunv@localhost ~]# nginx -t \\语法检查 [iyunv@localhost ~]# chmod +x /etc/init.d/nginx [iyunv@localhost ~]# chkconfig --add nginx
####调整Nginx主配置文件####(172.16.1.12和172.16.1.19主配置文件一样) [iyunv@localhost ~]# vim /usr/local/nginx/conf/nginx.conf user nginx; #运行用户 worker_processes 1; #启动进程,通常设置成和cpu的数量相等 #全局错误日志及PID文件 error_log /usr/local/nginx/logs/error.log; error_log /usr/local/nginx/logs/error.log notice; error_log /usr/local/nginx/logs/error.log info; pid /usr/local/nginx/logs/nginx.pid; # 工作模式及连接数上线 events { use epoll; #epoll是多路复用IO(I/O Multiplexing)中的一种方式,但是仅用于linux2.6以上内核,可以大大提高nginx的>性能 worker_connections 1024; #单个后台worker process进程的最大并发链接数 }
#设定http服务器,利用它的反向代理功能提供负载均衡支持 http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; #设定请求缓冲 server_names_hash_bucket_size 128; client_header_buffer_size 32K; large_client_header_buffers 4 32k; # client_max_body_size 8m; #sendfile 指令指定 nginx 是否调用 sendfile 函数(zero copy 方式)来输出文件,对于普通应用, #必须设为 on,如果用来进行下载等应用磁盘IO重负载应用,可设置为 off,以平衡磁盘与网络I/O处理速度,降低系统的uptime. sendfile on; tcp_nopush on; tcp_nodelay on; #连接超时时间 #keepalive_timeout 0; keepalive_timeout 65; #开启gzip压缩,降低传输流量 gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; #添加tomcat列表,负载均衡的服务器都放在这 upstream tomcat_server { #server tomcat地址:端口号 weight表示权值,权值越大,被分配的几率越大; server 172.16.1.19:8080 weight=4 max_fails=2 fail_timeout=30s; server 172.16.1.12:8080 weight=4 max_fails=2 fail_timeout=30s; } server { listen 80; #监听端口 server_name 172.16.1.200; #对外提供服务的网址(域名或者ip) #默认请求设置 location / { index index.jsp index.html index.htm; #设定访问的默认首页 root /web/webapp1; #站点根目录,此目录下存放我们的web项目 } #charset koi8-r; #access_log logs/host.access.log main; #所有的jsp页面均由tomcat处理 location ~ \.(jsp|jspx|dp)?$ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://tomcat_server; #转向tomcat处理 } #所有的静态文件直接读取不经过tomcat,nginx自己处理 location ~ .*\.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 1h; } #log_format access '$remote_addr - $remote_user [$time_local] "$request" '$status $body_bytes_sent "$http_referer"' '"$http_user_agent" $http_x_forwarded_for'; #access_log /usr/local/nginx/logs/ubitechtest.log access;#设定访问日志的存放路径
# redirect server error pages to the static page /50x.html # #定义错误提示页面 error_page 500 502 503 504 /50x.html;
location = /50x.html { root html; } } }
####配置群VIP/添加内核参数/添加路由#### 以上内容均通过编写脚本realserver实现,具体内容如下: [iyunv@localhost ~]# vim /etc/init.d/realserver #!/bin/bash #chkconfig: - 85 80 # description: Config realserver lo and apply noarp
SNS_VIP=172.16.1.200
. /etc/rc.d/init.d/functions
case "$1" in start) ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP /sbin/route add -host $SNS_VIP dev lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p >/dev/null 2>&1 echo "RealServer Start OK" ;; stop) ifconfig lo:0 down route del $SNS_VIP >/dev/null 2>&1 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce echo "RealServer Stoped" ;; *) echo "Usage: $0 {start|stop}" exit 1 esac exit 0
[iyunv@localhost ~]# chmod +x /etc/init.d/realserver [iyunv@localhost ~]# chkconfig --level 35 realserver on [iyunv@localhost ~]# chkconfig --list realserver realserver | 
QQ群⑧:
窥视卡
雷达卡
发表于 2017-12-12 08:00:01
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡