Objectifs du projet
Transformer les serveurs individuels en un cluster pour renforcer la stabilité du site Web et optimiser la gestion des requêtes concurrentes.
Objectifs spécifiques :
- Reconfigurer l'architecture serveur actuelle en un cluster haute disponibilité pour éliminer les points de défaillance uniques.
- Implémenter l'équilibrage de charge et la haute disponibilité via LVS+Keepalived ou Nginx+Keepalived.
- Séparer les contenus dynamiques et statiques afin d'améliorer les performances globales.
- Maintenir la cohérence des sessions pour permettre une architecture sans état.
Préparation de l'environnement
sudo apt update
sudo apt install -y curl wget build-essential libssl-dev libpcre3 libpcre3-dev zlib1g-dev
Installation de Redis
Sur le nœud balanceur-principal :
cd /tmp
wget https://download.redis.io/redis-stable.tar.gz
tar xzf redis-stable.tar.gz
cd redis-stable
Compilation et installation :
sudo apt install -y build-essential tcl
make && make test
sudo make install
Installation de LVS + Keepalived
Sur balanceur-principal et noeud-web-1 :
sudo apt install -y build-essential libssl-dev libnl-3-dev libnl-genl-3-dev
Installation de LVS :
cd /tmp
wget https://www.kernel.org/pub/linux/utils/kernel/ipvsadm/ipvsadm-1.31.tar.gz
tar xzf ipvsadm-1.31.tar.gz
cd ipvsadm-1.31
make
sudo make install
Installation de Keepalived :
cd /tmp
wget https://www.keepalived.org/software/keepalived-2.3.2.tar.gz
tar xzf keepalived-2.3.2.tar.gz
cd keepalived-2.3.2
./configure --prefix=/opt/keepalived
make
sudo make install
Installation de Nginx
cd /tmp
wget https://nginx.org/download/nginx-1.26.2.tar.gz
tar xzf nginx-1.26.2.tar.gz
cd nginx-1.26.2
./configure --prefix=/opt/nginx --with-http_ssl_module --with-http_stub_status_module
make
sudo make install
Configuration de Redis
Créer le fichier de configuraton :
sudo mkdir -p /etc/redis
sudo cp redis.conf /etc/redis/redis.conf
Modifier /etc/redis/redis.conf avec :
bind 0.0.0.0
requirepass motdepasse123
Créer le service systemd /etc/systemd/system/redis.service :
[Unit]
Description=Service Redis en mémoire
After=network.target
[Service]
ExecStart=/usr/local/bin/redis-server /etc/redis/redis.conf
ExecStop=/usr/local/bin/redis-cli shutdown
Restart=always
User=redis
Group=redis
[Install]
WantedBy=multi-user.target
sudo useradd --system --no-create-home --user-group redis
sudo chown redis:redis /etc/redis/redis.conf
sudo systemctl daemon-reload
sudo systemctl start redis
sudo systemctl enable redis
Assurer la cohérence des sessions sur noeud-web-1, noeud-web-2 et noeud-web-3 (avec redis-tools installé) :
session.save_handler = redis
session.save_path = "tcp://10.0.0.10:6379?auth=motdepasse123"
Solution LVS+Keepalived
Configuration de LVS sur balanceur-principal :
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
sudo ip addr add 10.0.0.100/24 dev eth0
sudo ipvsadm -A -t 10.0.0.100:80 -s rr
sudo ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.11:80 -g
sudo ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.12:80 -g
sudo ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.13:80 -g
Configuration de Keepalived sur balanceur-principal et noeud-web-1 :
sudo mkdir -p /etc/keepalived
sudo vim /etc/keepalived/keepalived.conf
Fichier /etc/keepalived/keepalived.conf (pour balanceur-principal) :
global_defs {
router_id PRINCIPAL_LVS
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass securite456
}
virtual_ipaddress {
10.0.0.100
}
}
virtual_server 10.0.0.100 80 {
delay_loop 5
lb_algo rr
lb_kind DR
protocol TCP
real_server 10.0.0.11 80 {
weight 1
TCP_CHECK {
connect_timeout 2
nb_get_retry 3
delay_before_retry 2
}
}
real_server 10.0.0.12 80 {
weight 1
TCP_CHECK {
connect_timeout 2
nb_get_retry 3
delay_before_retry 2
}
}
real_server 10.0.0.13 80 {
weight 1
TCP_CHECK {
connect_timeout 2
nb_get_retry 3
delay_before_retry 2
}
}
}
sudo /opt/keepalived/sbin/keepalived -f /etc/keepalived/keepalived.conf
Solution Nginx+Keepalived
Sur balanceur-principal, noeud-web-1, noeud-web-2 et noeud-web-3, installer Nginx.
Configurer /opt/nginx/conf/nginx.conf :
http {
upstream cluster_web {
server 10.0.0.11;
server 10.0.0.12;
server 10.0.0.13;
}
server {
listen 80;
server_name site.exemple.fr;
location / {
proxy_pass http://cluster_web;
proxy_set_header Hote $host;
proxy_set_header X-Adresse-Reelle $remote_addr;
proxy_set_header X-Pour-Pour $proxy_add_x_forwarded_for;
proxy_set_header X-Proto $scheme;
}
location /assets/ {
root /var/www/html;
expires 30d;
}
}
}
sudo /opt/nginx/sbin/nginx
Configuration de Keepalived pour Nginx :
Fichier /etc/keepalived/keepalived.conf (sur balanceur-principal) :
global_defs {
router_id PRINCIPAL_NGINX
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 200
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass securite789
}
virtual_ipaddress {
10.0.0.100
}
}
virtual_server 10.0.0.100 80 {
delay_loop 4
lb_algo rr
lb_kind NAT
protocol TCP
real_server 10.0.0.11 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 10.0.0.12 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 10.0.0.13 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
Fichier /etc/keepalived/keepalived.conf (sur noeud-web-1) :
global_defs {
router_id SECOURS_NGINX
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 200
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass securite789
}
virtual_ipaddress {
10.0.0.100
}
}
sudo /opt/keepalived/sbin/keepalived -f /etc/keepalived/keepalived.conf