How to implement dual-machine master and backup with Nginx+Keepalived

Preface

First, let me introduce Keepalived, which is a high-performance server high availability or hot standby solution. It was originally designed for LVS load balancing software. Keepalived is mainly used to prevent single point failures of the server. It can achieve high availability of the web server through its cooperation with Nginx.

Keepalived is based on the VRRP protocol. VRRP is the abbreviation of Virtual Router Redundancy Protocol. The VRRP protocol virtualizes two or more router devices into one device and provides virtual router IP (one or more) to the outside world.

The purpose of VRRP is to solve the single point failure problem of static routing. It can ensure that the entire network can run uninterruptedly when individual nodes fail.

Next, we introduce the deployment and installation of the nginx keepalived high availability solution.

Environment Preparation

Prepare the following compressed files on both hosts:

• keepalived-2.0.20.tar.gz
• nginx-1.16.1.tar.gz

Virtual IP

Real IP

nginx port

Master-Slave

192.168.124.20

192.168.124.13

80

MASTER

192.168.124.20

192.168.124.14

80

BACKUP

Install nginx

Create a new user:

useradd tianyan

Determine the installation directory. My installation directory is: /home/tianyan/tianyan_soft/nginx.install.

Create two new directories in this directory for installing nginx and keepalived, and decompress the two compressed packages.

Execute the installation command:

./configure --prefix=/home/tianyan/tianyan_soft/nginx.install \
--sbin-path=/home/tianyan/tianyan_soft/nginx.install/sbin/nginx --conf-path=/home/tianyan/tianyan_soft/nginx.install/conf/nginx.conf \
--error-log-path=/home/tianyan/tianyan_soft/nginx.install/error.log \
--http-log-path=/home/tianyan/tianyan_soft/nginx.install/access.log \
--pid-path=/home/tianyan/tianyan_soft/nginx.install/nginx.pid \
--lock-path=/home/tianyan/tianyan_soft/nginx.install/nginx.lock \
--user=tianyan --group=tianyan \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-http_ssl_module \
--with-http_realip_module \
--with-threads \
--with-pcre \
--http-client-body-temp-path=/home/tianyan/tianyan_soft/nginx.install/client/ \
--http-proxy-temp-path=/home/tianyan/tianyan_soft/nginx.install/proxy/ \
 --http-fastcgi-temp-path=/home/tianyan/tianyan_soft/nginx.install/fcgi/ \
--http-uwsgi-temp-path=/home/tianyan/tianyan_soft/nginx.install/uwsgi \
--http-scgi-temp-path=/home/tianyan/tianyan_soft/nginx.install/scgi

If an error occurs, remember to install related dependencies:

yum install gcc gcc-c++

nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied).

Note: When started with non-root permissions, the error nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied) will appear.

Reason: Only root users can use ports below 1024 in Linux

Solution:

1. Start with root privileges

2. Change port 80 in the /usr/local/nginx/conf/nginx.conf file to 1024 or above.

Install keepalived

./configure --prefix=/usr/local/keepalived

After the above command is executed, continue to execute:

make && make install

After the installation is complete, the directory looks like this:

Copy the configuration file to the directory corresponding to the system

mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived

Edit the keepalived.conf of the master node

vim /etc/keepalived/keepalived.conf

The content is as follows:

! Configuration File for keepalived

global_defs {
  #A unique name is enough router_id hyq_slave
  }


#ngWhether to run vrrp_script chk_nginx {
    script "/etc/keepalived/nginx_check.sh"
    interval 2
    weight -20
}

vrrp_instance VI_1 {
  state BACKUP # required, can be MASTER or BACKUP

  interface ens33
  virtual_router_id 101
  priority 90
  advert_int 1

  # If the uplink switches of the two nodes disable multicast, use VRRP unicast notification # Local ip
  unicast_src_ip 192.168.124.14
  unicast_peer {
    # Other machine ip
    192.168.124.13
  }
  # Set nopreempt to prevent resource preemption

  authentication
    auth_type PASS
    auth_pass 1111
  }

  # Echoes the nginx health check above track_script {
    chk_nginx
  }
  virtual_ipaddress {
    192.168.124.20
  }
}

Edit the keepalived.conf of the slave node

vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
  #A unique name is enough router_id hyq_slave
  }


#ngWhether to run vrrp_script chk_nginx {
    script "/etc/keepalived/nginx_check.sh"
    interval 2
    weight -20
}

vrrp_instance VI_1 {
  state BACKUP # required, can be MASTER or BACKUP  


  interface ens33
  virtual_router_id 101
  priority 90
  advert_int 1

  # If the uplink switches of the two nodes disable multicast, use VRRP unicast notification # Local ip
  unicast_src_ip 192.168.124.14
  unicast_peer {
    # Other machine ip
    192.168.124.13
  }
  # Set nopreempt to prevent resource preemption

  authentication
    auth_type PASS
    auth_pass 1111
  }

  # Echoes the nginx health check above track_script {
    chk_nginx
  }
  virtual_ipaddress {
    192.168.124.20
  }
}

Write the nginx_check.sh script

Create a new nginx_check.sh script in the /etc/keepalived directory

touch nginx_check.sh

Edit its content to:

#!/bin/sh
A=`ps -C nginx --no-header |wc -l`
if [ $A -eq 0 ]
then
 /usr/sbin/nginx
 sleep 1
 A2=`ps -C nginx --no-header |wc -l`
 if [ $A2 -eq 0 ]
 then
  systemctl stop keepalived
 fi
fi

Meaning: If nginx stops running, try to start it, but if it fails to start, kill the local keepalived process, and keepalived will bind the virtual ip to the BACKUP machine. Note: /usr/sbin/nginx is the startup command of nginx. If you install it to another directory, replace it accordingly.

Keepalived logs

The default location of Keepalived logs is in the /var/log/messages directory. Let's modify it.

Since the system is centos7, the modified location is: /lib/systemd/system/keepalived.service

Original content:

EnvironmentFile=-/usr/local/keepalived/etc/sysconfig/keepalived
ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS

Modified to:

Reload the service after modification

systemctl daemon-reload

Create a command soft link:

ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived

implement:

keepalived -D -f /etc/keepalived/keepalived.conf

-D Output the log to the message log. The default log is also in the message
-f is the specified configuration file

Modify /etc/sysconfig/keepalived

Change KEEPALIVED_OPTIONS="-D" to: KEEPALIVED_OPTIONS="-D -d -S 0"

Add at the end of /etc/rsyslog.conf

local0.*/var/log/keepalived.log 

Finally execute the command:

service rsyslog restart

After restarting keepalived, you can see the log in /var/log/keepalived.log.

Test and verify VIP

When both keepalived and nginx are started, let's test it.

First, visit three addresses in the browser

• http://192.168.124.20 (vip)
• http://192.168.124.13 (master)
• http://192.168.124.14(slave)

I modified the index.html of nginx and found that the current VIP points to the master node 13:

Then, we manually stop nginx on 13 and access http://192.168.124.20 again.

This indicates that the installation was successful.

The changes of the network card can be observed through the ip address command

At this point in the experiment, we have completed the installation and deployment of the keepalived + nginx master-slave configuration.

Thinking: How to enable dual-active mode

What is dual-active mode?

Let's introduce two configurations respectively.

1. Nginx+keepalived master-slave configuration

This solution is the one introduced above. It uses a VIP address and two machines on the front end, one as the main machine and the other as the backup machine. However, only one machine works at the same time. The other backup machine is always in a wasted state when the main machine does not fail. It is only used for disaster recovery and is usually idle.

2. Nginx+keepalived dual-master configuration

This solution uses two VIP addresses and two machines at the front end, which serve as the primary and backup machines for each other. When one of the machines fails, the requests of the two machines are transferred to one machine, as shown in the following figure:

[Actual] Case study on improving elasticsearch writing speed

Use Java to make a profitable WeChat group chat robot (PC protocol)

Efficiently import millions of Mysql data into Redis

Java online fault analysis + performance tuning

This is the end of this article about how to implement dual-machine master-slave with Nginx+Keepalived. For more information about Nginx Keepalived dual-machine master-slave, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!