Analysis of the implementation process of Nginx high availability solution in production environment

Preparation:

192.168.16.128

192.168.16.129

Two virtual machines. Install Nginx

Install Nginx

Update the yum source file:

rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

Install Nginx:

yum -y install nginx

Operation command:

systemctl start nginx; #Start Nginx
systemctl stop nginx; #Stop Nginx

What is high availability?

High availability (HA) is one of the factors that must be considered in the design of distributed system architecture. It usually refers to reducing the time that the system cannot provide services through design. If a system can provide services all the time, then the availability is 100%, but accidents happen. So we can only reduce service failures as much as possible.

Problem solved?

In production environments, Nginx is often used as a reverse proxy to provide external services, but one day Nginx will inevitably encounter failures, such as server downtime. When Nginx goes down, all external interfaces will become inaccessible.

Although we cannot guarantee that the server is 100% available, we must find a way to avoid this tragedy. Today we use keepalived to implement Nginx

High availability.

Dual-machine hot standby solution

This solution is the most common high-availability solution among domestic enterprises. Dual-machine hot standby actually means that one server is providing a service while the other is in standby status for a certain service. When one server is unavailable, the other will take its place.

What is keepalived?

Keepalived software was originally designed for LVS load balancing software to manage and monitor the status of each service node in the LVS cluster system. Later, the VRRP (Virtual Router Redundancy Protocol) function was added to achieve high availability. Therefore, in addition to managing LVS software, Keepalived can also be used as a high-availability solution software for other services (such as Nginx, Haproxy, MySQL, etc.)

Failover mechanism

Failover transfer between Keepalived high-availability services is achieved through VRRP.

When the Keepalived service is working normally, the main Master node will continuously send (multicast) heartbeat messages to the backup node to tell the backup node that it is still alive. When the main Master node fails, it cannot send heartbeat messages, and the backup node can no longer detect the heartbeat from the main Master node. Therefore, it calls its own takeover program to take over the IP resources and services of the main Master node. When the main Master node recovers, the backup node will release the IP resources and services that it took over when the main node failed, and return to its original backup role.

Implementation process

Install keepalived

You can install it directly using yum, which will automatically install dependencies:

yum -y install keepalived

Modify the host (192.168.16.128) keepalived configuration file

The configuration file installed by yum will be generated under /etc/keepalived:

vi keepalived.conf

keepalived.conf:

#Detection script vrrp_script chk_http_port {
 script "/usr/local/src/check_nginx_pid.sh" #Heartbeat execution script to detect whether nginx is started interval 2 #(the interval between script executions, in seconds)
 weight 2 #weight}
#vrrp instance definition section vrrp_instance VI_1 {
 state MASTER #Specify the role of keepalived, MASTER is the main one, BACKUP is the backup oneinterface ens33 #The network interface card currently performing VRRP communication (currently the network card of centos). Use ifconfig to view your specific network cardvirtual_router_id 66 #Virtual router ID, the master and slave should always be the samepriority 100 #Priority, the larger the value, the higher the priority of obtaining processing requestsadvert_int 1 #Check interval, the default is 1s (VRRP multicast cycle seconds)
 #Authorize access authentication {
  auth_type PASS #Set the authentication type and password. MASTER and BACKUP must use the same password for normal communication auth_pass 1111
 }
 track_script {
  chk_http_port # (call detection script)
 }
 virtual_ipaddress {
  192.168.16.130 # Define virtual ip (VIP), multiple settings are allowed, one per line}
}

You can configure vip in virtual_ipaddress and access services online through vip.

The interface needs to be set according to the server network card. Usually the viewing method is ip addr

The authentication configuration authorization access to the backup machine also requires the same configuration

Modify the keepalived configuration file of the standby machine (192.168.16.129)

keepalived.conf:

#Detection script vrrp_script chk_http_port {
 script "/usr/local/src/check_nginx_pid.sh" #Heartbeat execution script to detect whether nginx is started interval 2 #(detection script execution interval)
 weight 2 #weight}
#vrrp instance definition section vrrp_instance VI_1 {
 state BACKUP #Specify the role of keepalived, MASTER is the main one, BACKUP is the backup one interface ens33 #The network interface card currently performing VRRP communication (currently the network card of centos). Use ifconfig to view your specific network card virtual_router_id 66 #Virtual router ID, the master and slave should always be priority 99 #Priority, the larger the value, the higher the priority of obtaining processing requests advert_int 1 #Check interval, the default is 1s (VRRP multicast cycle seconds)
 #Authorize access authentication {
  auth_type PASS #Set the authentication type and password. MASTER and BACKUP must use the same password for normal communication auth_pass 1111
 }
 track_script {
  chk_http_port # (call detection script)
 }
 virtual_ipaddress {
  192.168.16.130 # Define virtual ip (VIP), multiple settings are allowed, one per line}
}

Detection script:

#!/bin/bash
#Check whether nginx is started A=`ps -C nginx --no-header |wc -l`  
if [ $A -eq 0 ];then #If nginx is not started, start nginx      
  systemctl start nginx #Restart nginx
  if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then #If nginx restart fails, stop the keepalived service and transfer VIP killall keepalived     
  fi
fi

Script authorization: chmod 775 check_nginx_pid.sh

Note: The script must be authorized, otherwise there is no permission to access it. Here we have two servers to execute, VIP(virtual_ipaddress:192.168.16.130), we directly access the service through VIP in the production environment.

Simulate nginx failure:

Modify the Nginx html page that the two servers access by default as a distinction.

First visit 192.168.16.130 and access it through VIP. The page shows 192.168.16.128 , which means that the service is currently provided by the main server.

At this time, 192.168.16.128 main server executes the command:

systemctl stop nginx; #Stop nginx

Visit vip ( 192.168.16.130 ) again and find that the page still shows: 192.168.16.128 . This is the automatic restart in the script.

Now shut down the 192.168.16.128 server directly and access vip ( 192.168.16.130 ) here. Now you will find that the page shows 192.168.16.129 . At this time, keepalived will automatically fail over, and a high-availability solution for an enterprise-level production environment will be built.

There are many other functions in keepalived , such as email reminders, etc. I will not operate them here. You can go to the official website to read the documents.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.