1-- [high-performance Nginx server] - 10 lvs + keepalived + nginx high-performance load balancing cluster

1 LVSrole

LVSIs an open source software, can be implemented the transport layer four load balancing .

LVSIs Linux Virtual Serveran abbreviation meaning Linux 虚拟服务器.

Currently there are:

• Three IP load balancing VS/NATtechnology: , VS/TUNandVS/DR
• Eight kinds of scheduling rralgorithms: wrr, lc, wlc, lblc, lblcr, dh, ,sh

2 lvswith the Nginxdifference

LVS

LVSThe load capacity, since it works is very simple logic to perform only the request distribution, and work 在网络的第4层, there is no traffic, so its efficiency need not have worried too much.

LVSBasically supports all applications, because the work at Layer 4, it LVScan be load-balanced for almost all applications, including Web, database and so on.

Note: LVSdoes not fully distinguish node failures, such as WLCunder the rules, if there is a cluster node is not configured VIP, it will cause the entire cluster can not be used. There are other issues, there needs to be further tested.

Nginx

NginxWork 网路第7层, it is possible to HTTPsplit the implementation of policy application, such as domain name and structure. In contrast, LVSwe do not have such a function, it is Nginxthe case of far more than can be used LVS. And Nginxdependent on the network is relatively small, as long as the theoretically Pingmay pass, web access will be able to communicate properly. LVSMore dependent on the network environment. Only use DRmode and split server in the same network segment, the effect can be guaranteed.

NginxWeb server can process the status code returned, like a timeout to detect faults internal server will return an error and request re-transmission to another node. At present LVS, and LDirectdalso supports the monitoring of conditions within the server, but can not resend the request.

For example, users are uploading a file, the node processes the upload information just fails, it Nginxwill re-send the upload request to another server, and LVSin this case directly cut off. NginxAlso it supports HTTPand Email( Emailfunction rarely used), LVSsupported by the application than in the electricity business Nginxmore.

NginxThe same can withstand very high loads and stable operation, since the processing flow limitation in a machine I/Olike configuration, so load capability is relatively poor.

NginxInstallation, configuration and testing is relatively simple, because there is a corresponding error logs prompt. LVSInstallation, configuration, and testing it takes a long time, because LVSof its relatively large network, many times it is possible because the network configuration problems can not be successful, the difficulty when problems arise, the solution is relatively large. NginxItself no ready hot standby program, so run a greater risk, it is recommended on a single machine KeepAlivedused in conjunction. Further, Nginxas LVSthe node using the machine, make full use of Nginxthe function and performance. Of course, this situation can also directly use Squidother software with distribution function.

Specific analysis of specific applications. If it is a relatively small site (per day PVless than one million), Nginxit is entirely possible to deal with, if the machine a lot, you can use DNSpolling. LVSAfter using the machine more, when building large sites or provide essential services and more machines, you can take advantage of further consideration LVS.

Note: Ali cloud default does not support virtual VIP technology

3 KeepalivedRole

LVSYou can achieve load balancing, but can not carry out health checks, such as a rsfailure, LVSstill will forward the request to the failed rsserver, which would lead to the invalidity of the request.

keepaliveSoftware can carry out health checks, and can simultaneously achieve LVShigh availability, solve the LVSproblem of single point of failure, in fact, keepaliveis to LVSborn.

4 keepalivedworks

keepalivedIt is similar to a Layer2、4、7software switching mechanism. Is the Linuxcluster management software and services to ensure a highly available cluster, its function is to prevent a single point of failure.

keepalived It works:

keepalivedIs based on VRRPa software service agreement implemented to ensure high availability cluster, the main function is to achieve failover and fault isolation between the load balancer real machine, preventing single points of failure. In understanding keepalivedbefore the first look at the principles of VRRPthe agreement.

VRRP Protocol: Virtual Route

Redundancy ProtocolVirtual Router Redundancy Protocol. Is a fault-tolerant protocol, to ensure that when the next hop of the host fails, the other router instead of the failed router works to maintain the continuity and reliability of network communication. In the introduction VRRPbefore the start with some on VRRPrelated terms:

• 虚拟路由器By: a plurality of Backup Master router and routers. Host virtual router as the default gateway.
• VRID: Identifies the virtual router. A group of the same router VRID constitute a virtual router.
• Master Router: virtual router router to forward packets to assume the task.
• Backup Router: The Master router fails, the router can replace the work of the Master router.
• 虚拟 IP 地址: IP address of the virtual router. A virtual router can have one or more IP addresses.
• IP 地址拥有者: Interface IP address of the virtual router with the same IP address is called IP address owner.
• 虚拟 MAC 地址: A virtual router has a virtual MAC address. Virtual MAC address format is 00-00-5E-00-01- {VRID}. Typically, the virtual router responds to ARP requests using a virtual MAC address, only specially configured virtual router to do when we come to respond to the real MAC address of the interface.
• 优先级: VRRP virtual router to determine the status of each router priority.
• 非抢占方式: If Backup router to work in non-preemptive mode, the router as long as the Master does not fail, even though Backup router is configured with a higher priority will not become the Master router.
• 抢占方式: If Backup router to work in preemptive mode, when it received VRRP packets will own priority in the packet with the priority comparison. If you own a higher priority than the priority of the current Master router will preempt the Master router; otherwise, remains Backup state.

Virtual routing diagram:

A group of VRRP routers in a LAN into a VRRP backup group is formed, which corresponds in function of a router function, using the virtual router number for identification (VRID). Virtual router has its own virtual IP address and virtual MAC address, and its external liquidity in the form of actual physical routing exactly the same. Hosts in the LAN IP address of the virtual router as the default gateway to communicate with external networks through the virtual router.

Virtual router is working on an actual physical router. It is actually a plurality of routers, and router comprising a plurality of Backup Master Router. When the Master router is working properly, hosts on the LAN to communicate with the outside world through the Master. When the Master router fails, Backup router in one device will become the new Master router to forward packets to take over the work. (Router high availability)

VRRP Project work:

(1) virtual router router according to the Master priority election. Master router to send gratuitous ARP packets, will own virtual MAC address notification device or host connection to give it, so assume packet forwarding tasks;

(2) Master router periodically sends VRRP packets to announce its configuration information (priority or the like) and working conditions;

(3) If the Master router fails, the virtual router Backup router will be the new Master according to priority re-election;

(4) virtual router state switch, Master router switch from one device to another device, a new Master router simply sends a carrying virtual router MAC address and a virtual IP address of the ARP packet so that it can ARP update information or the host device connected to it in. Hosts in the network is not aware router Master has switched to another device.

When (5) Backup router priority over the Master router, the router works Backup (preemptive and non-preemptive mode mode) decide whether to re-election Master.

VRRP priority is in the range of 0 to 255 (a larger number indicates a higher priority)

5 lvs+ keepalived+ nginxArchitecture FIG.

6 Environmental Services Configuration

• Nginx master server:192.168.153.11
• Nginx standby server:192.168.153.12
• Lvs virtual VIP:192.168.153.13

7 environment to build

cd /usr/local

1. Download keepalived

wget http://www.keepalived.org/software/keepalived-1.2.18.tar.gz

2. Extract the installation:

tar -zxvf keepalived-1.2.18.tar.gz -C /usr/local/

3. Download the plugin openssl

yum install -y openssl openssl-devel

4. Start compilation keepalived

cd keepalived-1.2.18/ && ./configure --prefix=/usr/local/keepalived

Compile successfully interface:

If the eepalivedexecution ./configure --prefix=/usr/local/keepalivederror when:

configure: error: Popt libraries is required

This error occurs because:
popt development package is not installed

Solution:

yum install popt-devel

Popt development package installed. Re ./configurecan be.

5. makewhat

make && make install

Success interface:

8 keepalivedinstalled to Linuxsystem services

The keepalivedinstalled to Linuxsystem services, because there is no use keepalivedthe default installation path (the default path: /usr/local), after the installation is complete, you need to make some changes work:

First, create a folder, the keepalivedconfiguration file copy:

mkdir /etc/keepalived

cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

Then copy the keepalivedscript file:

cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/

cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/

ln -s /usr/local/sbin/keepalived /usr/sbin/

ln -s /usr/local/keepalived/sbin/keepalived /sbin/

Error:

You can set the boot:
chkconfig keepalived on

8.1 keepalivedCommon Commands

start up keepalived

service keepalived start

Start being given:

Starting keepalived (via systemctl):  Job for keepalived.service failed. See 'systemctl status keepalived.service' and 'journalctl -xn' for details.  

Solution:

cd /usr/sbin/

rm -f keepalived

cp /usr/local/keepalived/sbin/keepalived  /usr/sbin/

Restart keepalived

service keepalived start

Start Success:

stop keepalived

service keepalived stop

8.2 Use keepalivedVirtualVIP

cd /etc/keepalived/

rm -rf keepalived.conf

vi keepalived.conf

! Configuration File for keepalived

vrrp_script chk_nginx {
    script "/etc/keepalived/nginx_check.sh" #运行脚本，脚本内容下面有，就是起到一个nginx宕机以后，自动开启服务
    interval 2 #检测时间间隔
    weight -20 #如果条件成立的话，则权重 -20
}
# 定义虚拟路由，VI_1 为虚拟路由的标示符，自己定义名称
vrrp_instance VI_1 {
    state MASTER # 来决定主从
    interface ens33 # 绑定虚拟 IP 的网络接口，根据自己的机器填写
    virtual_router_id 121 # 虚拟路由的 ID 号， 两个节点设置必须一样
    mcast_src_ip 192.168.153.11 # 填写本机ip
    priority 100 # 节点优先级,主要比从节点优先级高
    nopreempt # 优先级高的设置 nopreempt 解决异常恢复后再次抢占的问题
    advert_int 1 # 组播信息发送间隔，两个节点设置必须一样，默认 1s
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    # 将 track_script 块加入 instance 配置块
    track_script {
        chk_nginx # 执行 Nginx 监控的服务
    }

    ### 虚拟IP地址配置规范
    virtual_ipaddress {
        192.168.153.13 # 虚拟ip,也就是解决写死程序的ip怎么能切换的ip,也可扩展，用途广泛。可配置多个。
    }
}

Turn off the firewall:

systemctl stop firewalld

installation Nginx

cd /usr/local/

wget http://nginx.org/download/nginx-1.9.10.tar.gz

tar -zxvf nginx-1.9.10.tar.gz

cd nginx-1.9.10

./configure

make && make install

Modify the htmlpage:

Start Nginx:

/usr/local/nginx/sbin/nginx

keepalived

service keepalived start

Use the virtual server address, found also visit: http://192.168.153.13/

6.3 nginx+ keepalivedsimple dual-master from the hot spare

6.3.1 Dual master from the hot spare Overview

Two machine can hot standby each other, usually responsible for their own services. When the update line cook, closing a server tomcatafter nginxautomatically switching traffic to a backup machine further service to update painless, sustained, increased service reliability services to ensure server 7*24hours run.

6.3.2 Nginx Upstreamsimple dual-master from the hot spare

Build 主备 Tomcatserver

    upstream testproxy {
        server 127.0.0.1:8080;
        server 127.0.0.1:8081 backup;
    }

    server {
        listen       80;
        server_name  localhost;
        
        location / {
            proxy_pass   http://testproxy;
            index  index.html index.htm;
        }
	    
	    ### nginx与上游服务器(真实访问的服务器)超时时间 后端服务器连接的超时时间_发起握手等候响应超时时间
	    proxy_connect_timeout 1s;
		### nginx发送给上游服务器(真实访问的服务器)超时时间
        proxy_send_timeout 1s;
	    ### nginx接受上游服务器(真实访问的服务器)超时时间
        proxy_read_timeout 1s;

    }

As long as the wish to become a backup server ipbehind more than add a backupparameter, this server will be the backup server.

Is not used in normal times, nginxwill not give it to forward any requests. Only when all other nodes can not connect, nginxit will enable this node.

Once recovery service is available node, the node is no longer in use, and to enter into reserve status.

6.3.3 - 6.3.5: Build 主备 Nginxserver

6.3.3 Nginx+ keepalivedsimple dual-master from the hot spare

Each service virtual install keepaliveda virtual one VIP, configure the master-slave relationship, when the main hang up, go directly to the backup machine.

• KeepalivedVirtual VIPAddress: 192.168.153.13
• A server: 192.168.153.11
• B Server: 192.168.153.12

Cloned directly 192.168.153.11into192.168.153.12

6.3.4 modify the primary keepalivedinformation

Modify the master Nginxserver keepalivedfile:

vi /etc/keepalived/keepalived.conf 

• State for MASTER
• mcast_src_ip：192.168.153.11

! Configuration File for keepalived

vrrp_script chk_nginx {
    script "/etc/keepalived/nginx_check.sh" #运行脚本，脚本内容下面有，就是起到一个nginx宕机以后，自动开启服务
    interval 2 #检测时间间隔
    weight -20 #如果条件成立的话，则权重 -20
}
# 定义虚拟路由，VI_1 为虚拟路由的标示符，自己定义名称
vrrp_instance VI_1 {
    state MASTER # 来决定主从
    interface ens33 # 绑定虚拟 IP 的网络接口，根据自己的机器填写
    virtual_router_id 121 # 虚拟路由的 ID 号， 两个节点设置必须一样
    mcast_src_ip 192.168.153.11 #填写本机ip
    priority 100 # 节点优先级,主要比从节点优先级高
    nopreempt # 优先级高的设置 nopreempt 解决异常恢复后再次抢占的问题
    advert_int 1 # 组播信息发送间隔，两个节点设置必须一样，默认 1s
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    # 将 track_script 块加入 instance 配置块
    track_script {
        chk_nginx # 执行 Nginx 监控的服务
    }

    virtual_ipaddress {
        192.168.153.13 # 虚拟ip,也就是解决写死程序的ip怎么能切换的ip,也可扩展，用途广泛。可配置多个。
    }
}

6.3.5 modify the keepalivedinformation

Modify the master Nginxserver keepalivedfile

/etc/keepalived/keepalived.conf

• State for BACKUP
• mcast_src_ip：192.168.153.12

! Configuration File for keepalived

vrrp_script chk_nginx {
    script "/etc/keepalived/nginx_check.sh" #运行脚本，脚本内容下面有，就是起到一个nginx宕机以后，自动开启服务
    interval 2 # 检测时间间隔
    weight -20 # 如果条件成立的话，则权重 -20
}
# 定义虚拟路由，VI_1 为虚拟路由的标示符，自己定义名称
vrrp_instance VI_1 {
    state BACKUP # 来决定主从
    interface ens33 # 绑定虚拟 IP 的网络接口，根据自己的机器填写
    virtual_router_id 121 # 虚拟路由的 ID 号， 两个节点设置必须一样
    mcast_src_ip 192.168.153.12 # 填写本机ip
    priority 100 # 节点优先级,主要比从节点优先级高
    nopreempt # 优先级高的设置 nopreempt 解决异常恢复后再次抢占的问题
    advert_int 1 # 组播信息发送间隔，两个节点设置必须一样，默认 1s
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    # 将 track_script 块加入 instance 配置块
    track_script {
        chk_nginx # 执行 Nginx 监控的服务
    }

    virtual_ipaddress {
        192.168.153.13 # 虚拟ip,也就是解决写死程序的ip怎么能切换的ip,也可扩展，用途广泛。可配置多个。
    }
}

to sum up

KeepalivedIs LVSbased on the realization heartbeat detection, monitoring server failover, if the server goes down time, it will automatically attempt to retry the script. If multiple retries or fails, it will send a message to the operation and maintenance personnel.

When the server in the production environment downtime occurs, how to deal with?

• Failover
• Heartbeat
• Load Balancing
• Automatic restart

6.4 nginx+ keepalivedhigh availability

Written nginx_check.shscript:

vi /etc/keepalived/nginx_check.sh

#!/bin/bash
A=`ps -C nginx –no-header |wc -l`
if [ $A -eq 0 ];then
    /usr/local/nginx/sbin/nginx
    sleep 2
    if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
        killall keepalived
    fi
fi

Note: The script must be authorized

chmod 777 nginx_check.sh