15.keepalived入门及varnish简单应用

江嘉悦
2023-12-01

1、Nginx+Keepalived实现站点高可用

  1. keepalived是通过实现vrrp协议来达到持久可用的,vrrp(Virtual Router Redundancy Protocol ),即虚拟路由冗余协议,

  2. 功能:
    vrrp协议完成地址流动 为vip地址所在的节点生成ipvs规则(在配置文件中预先定义)
    为ipvs集群的各RS做健康状态检测
    基于脚本调用接口通过执行脚本完成脚本中定义的功能,进而影响集群事务, 以此支持nginx、haproxy等服务

  3. 相关术语:
    虚拟路由器:Virtual Router
    虚拟路由器标识:VRID(0-255),唯一标识虚拟路由器
    物理路由器: master:主设备
    backup:备用设备
    priority:优先级
    VIP:Virtual IP
    VMAC:Virutal MAC (00-00-5e-00-01-VRID)

  4. 工作模式:
    主/备:单虚拟路径器
    主/主:主/备(虚拟路径器1),备/主(虚拟路径器2)

  5. 组件:
    核心组件:
    vrrp stack
    ipvs wrapper
    checkers
    控制组件:配置文件分析器
    IO复用器
    内存管理组件

  6. 示例:nginx+keepalived实现高可用
    实验环境:准备2台主机作后端服务器,2台主机作keepalives实现监控冗余,要安装nginx,nginx反向代理请求到后端服务器,keepalives实现监控和保持高可用,在这之前后端服务器测试页面已经配置完成,下面主要是keepalived配置调度

1.主机路由配置,编辑/etc/keepalived/keepalived.conf 
! Configuration File for keepalived

global_defs {
                notification_email {
                root@localhost
        }
                notification_email_from keepalived@localhost
                smtp_server 127.0.0.1
                smtp_connect_timeout 30
                router_id node2				//自定义route_id,每个路由各不相同
                vrrp_mcast_group4 224.1.100.99		//主播地址,vrrp协议共用一个组播地址
}

vrrp_script chk_down {			//定义脚本实现主从路由之间的切换
                script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
                interval 1		//检测间隔时间
                weight -5		//如若转为备用路由,则权重降5
}

vrrp_script chk_nginx {			//定义nginx检测脚本
                script "killall -0 nginx && exit 0 || exit 1"
                interval 1
                weight -5
                fall 2		//检测次数
                rise 1		//命中次数
}

vrrp_instance VI_1 {	//虚拟路由器组1
state MASTER		//定义为主路由器,集群中只能有一个主机是master,其余都是backup
        interface ens33			//网卡接口
        virtual_router_id 51	//虚拟路由的id号
        priority 100			//主路由优先级
        advert_int 1			//vrrp通告的时间间隔
        authentication {		//路由认证
                        auth_type PASS
                        auth_pass 571f97b2
                }

        virtual_ipaddress {		//使用的虚拟IP地址
                        192.168.164.199/24 dev ens33	//绑定与哪个物理接口
                        }
        track_script {		//脚本的调用
                        chk_down
                        chk_nginx
                }
        notify_master "/etc/keepalived/notify.sh master"		//主机状态发送改变时也可通过脚本实现通告
        notify_backup "/etc/keepalived/notify.sh backup"
        notify_fault "/etc/keepalived/notify.sh fault"
2.备用路由器配置,大致和主机一致,只需修改优先级,状态,route_id即可
! Configuration File for keepalived

global_defs {
                notification_email {
                root@localhost
        }
                notification_email_from keepalived@localhost
                smtp_server 127.0.0.1
                smtp_connect_timeout 30
                router_id node4				//自定义route_id,每个路由各不相同
                vrrp_mcast_group4 224.1.100.99		//主播地址,vrrp协议共用一个组播地址
}

vrrp_script chk_down {			//定义脚本实现主从路由之间的切换
                script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
                interval 1		//检测间隔时间
                weight -5		//如若转为备用路由,则权重降5
}

vrrp_script chk_nginx {			//定义nginx检测脚本
                script "killall -0 nginx && exit 0 || exit 1"
                interval 1
                weight -5
                fall 2		//检测次数
                rise 1		//命中次数
}

vrrp_instance VI_1 {	//虚拟路由器组1
state BACKUP		//定义为主路由器,集群中只能有一个主机是master,其余都是backup
        interface ens33			//网卡接口
        virtual_router_id 51	//虚拟路由的id号
        priority 96			//主路由优先级
        advert_int 1			//vrrp通告的时间间隔
        authentication {		//路由认证
                        auth_type PASS
                        auth_pass 571f97b2
                }

        virtual_ipaddress {		//使用的虚拟IP地址
                        192.168.164.199/24 dev ens33	//绑定与哪个物理接口
                        }
        track_script {		//脚本的调用
                        chk_down
                        chk_nginx
                }
        notify_master "/etc/keepalived/notify.sh master"		//主机状态发送改变时也可通过脚本实现通告
        notify_backup "/etc/keepalived/notify.sh backup"
        notify_fault "/etc/keepalived/notify.sh fault"
3.nginx反向代理的配置,我们配置/etc/nginx/nginx.conf
在http{}下定义一个服务器组
http{
	upstream websrc {
                server 192.168.164.148:80;	//两个后端主机的地址
                server 192.168.164.153:80;
                }
}
而后在server中调用
server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
                proxy_pass http://websrc;
启用keepalived和nginx
[root@node2 centos]# systemctl start keepalived.service  
[root@node2 centos]# systemctl status keepalived.service 	//查看nginx状态
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-06-04 15:21:34 CST; 3s ago
  Process: 18295 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 18297 (keepalived)
    Tasks: 3
   CGroup: /system.slice/keepalived.service
           ├─18297 /usr/sbin/keepalived -D
           ├─18298 /usr/sbin/keepalived -D
           └─18299 /usr/sbin/keepalived -D

Jun 04 15:21:36 node2 Keepalived_vrrp[18299]: VRRP_Instance(VI_1) Entering MASTER STATE		//已进入主路由模式
Jun 04 15:21:36 node2 Keepalived_vrrp[18299]: VRRP_Instance(VI_1) setting protocol...s.
Jun 04 15:21:36 node2 Keepalived_vrrp[18299]: Sending gratuitous ARP on ens33 for ...99
Jun 04 15:21:36 node2 Keepalived_vrrp[18299]: VRRP_Instance(VI_1) Sending/queueing...99
[root@node2 centos]# systemctl start nginx 

打开备用路由
[root@node4 keepalived]# systemctl start keepalived.service 
[root@node4 keepalived]# systemctl status keepalived.service    
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-06-04 15:27:45 CST; 7s ago
  Process: 7961 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 7964 (keepalived)
    Tasks: 3
   CGroup: /system.slice/keepalived.service
           ├─7964 /usr/sbin/keepalived -D
           ├─7965 /usr/sbin/keepalived -D
           └─7966 /usr/sbin/keepalived -D

Jun 04 15:27:48 node4 Keepalived_vrrp[7966]: VRRP_Instance(VI_1) Changing effectiv...91
Jun 04 15:27:48 node4 Keepalived_vrrp[7966]: /usr/bin/killall -0 nginx && exit 0 |... 1
Jun 04 15:27:48 node4 Keepalived_vrrp[7966]: VRRP_Instance(VI_1) Transition to MAS...TE
Jun 04 15:27:48 node4 Keepalived_vrrp[7966]: VRRP_Instance(VI_1) Received advert w...91		//观察到路由已接收到优先级更高的路由
Jun 04 15:27:48 node4 Keepalived_vrrp[7966]: VRRP_Instance(VI_1) Entering BACKUP STATE		//所以进入备用路由模式

测试
[root@node1 centos]# for i in {1..10};do curl 192.168.164.199;done 
it is 192.168.164.148
it is 192.168.164.148
it is 192.168.164.148
it is 192.168.164.138
it is 192.168.164.148
it is 192.168.164.138
it is 192.168.164.148
it is 192.168.164.138
it is 192.168.164.138
it is 192.168.164.148

2、实现keepalived主主模型
keepalived实现双主模型,即在主路由器上配置两个路由器组,即一组做主路由器,另一组作备用路由器,在备用路由器上也是如此
(1)主路由器配置

! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from Alexandre.Cassen@firewa
ll.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id node2
   vrrp_mcast_group4 224.1.100.99
}

vrrp_instance VI_1 {
    state MASTER
    priority 100
    interface ens33
    virtual_router_id 51
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass pUZcQYr
    }
    virtual_ipaddress {
        192.168.164.199/24 dev ens33
    }
}

vrrp_instance VI_2 {
    state BACKUP
    priority 96
    interface ens33
    virtual_router_id 61
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass pUZ77cQYr
    }
    virtual_ipaddress {
        192.168.164.99/24 dev ens33
    }
}

(2)备用路由器配置

! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from Alexandre.Cassen@firewa
ll.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id node4
   vrrp_mcast_group4 224.1.100.99
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 96
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass pUZcQYr
    }
    virtual_ipaddress {
        192.168.164.199/24 dev ens33
    }
}

vrrp_instance VI_2 {
    state MASTER
    interface ens33
    virtual_router_id 61
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass pUZ77cQYr
    }
    virtual_ipaddress {
        192.168.164.99/24 dev ens33
    }
}

3、采用varnish为nginx实现缓存加速

  • varnish是个专业的缓存服务器,可用来实现资源的缓存,以加快响应速度
    示例;nginx+varnish,后端已配置好nginx服务器
1.主机安装varnish,编辑配置文件
[root@node2 centos]# yum install varnish -y
[root@node2 centos]# vi /etc/varnish/varnish.params //将监听端口改为80
VARNISH_LISTEN_PORT=80
[root@node2 centos]# vi /etc/varnish/default.vcl     //修改默认配置vcl规则
sub vcl_deliver {	//定义返回应答报文,obj.hits是内建变量,用于保存某缓存项的从缓存中命中的次数;
    if (obj.hits>0){
        set resp.http.X-Cache="Hit Via"+server.ip;		//表示命中,即使用了缓存
        }
    else{
        set resp.http.X-Cache="Miss from"+server.ip;//未命中,没有使用缓存
        }
2.验证
第一次请求,没有缓存
[root@node1 centos]# curl -i 192.168.164.199
HTTP/1.1 200 OK
Date: Thu, 04 Jun 2020 12:59:08 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Sun, 24 May 2020 01:56:50 GMT
ETag: "16-5a65b2cf7e6ab"
Content-Length: 22
Content-Type: text/html; charset=UTF-8
X-Varnish: 229396
Age: 0
Via: 1.1 varnish-v4
X-Cache: Miss from192.168.164.199		//没有命中
Connection: keep-alive
Accept-Ranges: bytes

it is 192.168.164.148

再一次请求相同内容
[root@node1 centos]# curl -i 192.168.164.199
HTTP/1.1 200 OK
Date: Thu, 04 Jun 2020 12:59:08 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Sun, 24 May 2020 01:56:50 GMT
ETag: "16-5a65b2cf7e6ab"
Content-Length: 22
Content-Type: text/html; charset=UTF-8
X-Varnish: 163867 229397
Age: 2
Via: 1.1 varnish-v4
X-Cache: Hit Via192.168.164.199		//命中缓存,内容是从缓存中读取出来的
Connection: keep-alive
Accept-Ranges: bytes

4、LNMP结合varnish实现动静分离
实验环境:一台主机配置varnish和nginx,通过nginx的反代实现动静分离,静态内容由nginx自行回应,wordpress部署在后端主机,mariadb也是部署在后端主机
1.主机安装varnish,nginx

[root@node2 centos]# yum install varnish -y
[root@node2 centos]# yum install nginx -y

2.修改nginx配置文件,实现将不同资源的类型反代到后端服务器上去,在/etc/nginx/conf.d目录下新建一个server.cof的配置文件
[root@node2 conf.d]# vi server.conf 	///因资源有限,我将资源统一调度到一个后端主机
server{
        listen 80;
        server_name 192.168.164.147;	

        location /wordpress {		//请求wordpress反代
                proxy_pass http://192.168.164.154:80/wordpress/;
        }
        location /phpmyadmin {		//请求php时反代
                proxy_pass http://192.168.164.154:80/phpmyadmin/;
        }

}
3.varnish配置,编辑/etc/varnish/default.vcl	
backend default {			//定义后端主机,同时进行健康状态检测
  .host = "192.168.164.154";
  .port = "80";
  .probe={
        .url = "/index.html";
        .window = 5;
        .threshold = 4;
        .interval = 2s;
        .timeout = 1s;
        }
}

4.测试

[root@node4 centos]# curl -I 192.168.164.147/wordpress
HTTP/1.1 200 OK				//响应码200表示没问题
Server: nginx/1.16.1
Date: Fri, 05 Jun 2020 03:24:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Link: <http://192.168.164.145/wordpress/index.php/wp-json/>; rel="https://api.w.org/"

[root@node4 centos]# curl -I 192.168.164.147/phpmyadmin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 05 Jun 2020 03:25:16 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Set-Cookie: phpMyAdmin=54mtdknh25cbnrqh41epfe6isfahglpc; path=/phpmyadmin/; HttpOnly
Expires: Fri, 05 Jun 2020 03:25:16 +0000
Cache-Control: no-store, no-cache, must-revalidate,  pre-check=0, post-check=0, max-age=0
Last-Modified: Fri, 05 Jun 2020 03:25:16 +0000
X-ob_mode: 0
Set-Cookie: pma_lang=en; expires=Sun, 05-Jul-2020 03:25:16 GMT; path=/phpmyadmin/; httponly
Set-Cookie: pma_collation_connection=utf8_general_ci; expires=Sun, 05-Jul-2020 03:25:16 GMT; path=/phpmyadmin/; httponly
Set-Cookie: phpMyAdmin=7o62e0kqj2q18jon1tt8b4aj7g52e4i6; path=/phpmyadmin/; HttpOnly
X-Frame-Options: DENY
X-Content-Security-Policy: default-src 'self' ;options inline-script eval-script;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org;
X-WebKit-CSP: default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org;
Pragma: no-cache
 类似资料: