Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to achieve High availability with Keepalived+Nginx

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

Editor to share with you how to achieve high availability of Keepalived+Nginx, I hope you will learn something after reading this article, let's discuss it together!

The HA of keepalived is divided into preemptive mode and non-preemptive mode. When the MASTER recovers from the fault, it will preempt the VIP from the BACKUP node. Non-preemptive mode, that is, after MASTER is restored, it does not preempt the VIP after BACKUP is upgraded to MASTER. This paper introduces the configuration methods of preemptive mode and non-preemptive mode under CentOS7:

1. Programme planning

VIPIP Hostname Nginx Port 192.168.1.210192.168.1.201nginx-0180192.168.1.210192.168.1.202nginx-0280

The VIP of the two servers is 192.168.1.210

Install nginx and keepalived on two WEB servers:

1. To install Nginx, please refer to "Nginx source code installation"

2. To install Keepalived, please refer to "Keepalived installation and configuration"

3. Add arrp Multicast rules to the firewall or turn off the firewall

1 > iptables

Shell > vi / etc/sysconfig/iptables-An INPUT-p vrrp-d 224.0.0.18 ACCEPT 32-j

2 > firewall

Firewall-cmd-direct-permanent-add-rule ipv4 filter INPUT 0-in-interface enp4s0-destination 224.0.0.18-protocol vrrp-j ACCEPTfirewall-cmd-reload

4. Close selinux

Shell > vi / etc/sysconfig/selinux# modify: SELINUX=disabled#setenforce 0

2. Preemption mode configuration

Edit / etc/keepalived/keepalived.conf configuration file

1 > MASTER (192.168.1.201):

Global_defs {router_id nginx_01 # identifies the name of this node, usually hostname} # # keepalived will execute the script regularly and analyze the results of the script execution, and dynamically adjust the priority of the vrrp_instance. # # if the execution result of the script is 0 and the value configured by weight is greater than 0, the priority will be increased accordingly. If the result of the script execution is not 0 and the value of the weight configuration is less than 0, the priority is reduced accordingly. In other cases, the priority of the original configuration is maintained, that is, the corresponding value of priority in the configuration file. Vrrp_script chk_nginx {script "/ etc/keepalived/nginx_check.sh" interval 2 # failed to detect the running status of nginx every 2 seconds weight-20 # gave its priority-20} vrrp_instance VI_1 {state MASTER # status, the primary node is MASTER and the backup node is BACKUP interface enp0s3 # network interface bound to VIP Check the ID number of your network interface virtual_router_id 51 # virtual route through ifconfig. The settings of the two nodes must be the same. You can choose the last section of IP to use, and the same VRID is a group. He will determine the multicast MAC address mcast_src_ip 192.168.1.201 # Native IP address priority 100 # Node priority. The value range of 0such 254 master is higher than that of BACKUP 1 # Multicast message sending interval. The two nodes must be set the same, the default is 1 second # to set the authentication information, the two nodes must be consistent authentication {auth_type PASS auth_pass 1111} # virtual IP, and the two node settings must be the same. One virtual_ipaddress {192.168.1.210} track_script {chk_nginx # nginx Survival status Detection script} can be set up one line.

2 > BACKUP (192.168.1.202)

Global_defs {router_id nginx_02} vrrp_script chk_nginx {script "/ etc/keepalived/nginx_check.sh" interval 2 weight-20} vrrp_instance VI_1 {state BACKUP interface enp0s3 virtual_router_id 51 mcast_src_ip 192.168.1.202 priority 90 advert_int 1 authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {192.168.1.210} track_script {chk_nginx}}

3 > create a nginx service detection script

Create the nginx_check.sh script under the master / slave server / etc/keepalived directory, and add the execution permission chmod + x / etc/keepalived/nginx_check.sh to it. It is used for keepalived to regularly check the service status of nginx. If nginx stops, it will try to restart nginx. If it fails, it will kill the keepalived process and drift vip to the backup machine.

#! / bin/bashA= `ps-C nginx-- no-header | wc-l`if [$A-eq 0]; then / opt/nginx/sbin/nginx # attempted to restart nginx sleep 2 # sleep 2 seconds if [`ps-C nginx-- no-header | wc-l`-eq 0]; then killall keepalived # failed to start and killed the keepalived service. Drift vip to another backup node fifi

4 > start the keepalived service

Shell > service keepalived startshell > ps-ef | grep keepalived [root@localhost ~] # ps-ef | grep keepalivedroot 865 10 23:36? 00:00:00 keepalived-Droot 869 865 0 23:36? 00:00:00 keepalived-Droot 870 865 0 23:36? 00:00:00 keepalived-D

If you see the process information above, it means that keepalived has started successfully. Let's use the ip add command to view the vip binding, as shown in the following figure:

As you can see from the figure above, the vip address 192.168.1.210 is bound to the enp0s3 Nic of MASTER (192.168.1.201).

5 > Test failover

Stop keepalived on MASTER and see if vip drifts to 192.168.2.202.

Stop the keepalived service for 2011:

Shell > service keepalived stopshell > ip addr

As can be seen from the image above, vip has successfully drifted from 201 to 202. After the keepalived service of 2011is started at this time, the VIP of 2012will be preempted because 2011is MASTER.

Start the keepalived service of 2011:

Shell > service keepalived start

As a result, VIP returns to 201, as shown in the following figure:

3. Non-preemptive mode

After master recovers from a failure, it does not preempt the vip of the backup node.

1 > MASTER (192.168.1.201):

Global_defs {router_id nginx_01 # identifies the name of this node Usually hostname} vrrp_script chk_nginx {script "/ etc/keepalived/nginx_check.sh" interval 2 weight-20} vrrp_instance VI_1 {state BACKUP interface enp0s3 virtual_router_id 51 mcast_src_ip 192.168.1.201 priority 100 advert_int 1 nopreempt authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {192.168.1.210} track_script {chk_nginx # nginx Survival status Detection script}

2 > BACKUP (192.168.1.202)

Global_defs {router_id nginx_02} vrrp_script chk_nginx {script "/ etc/keepalived/nginx_check.sh" interval 2 weight-20} vrrp_instance VI_1 {state BACKUP interface enp0s3 virtual_router_id 51 mcast_src_ip 192.168.1.202 priority 90 advert_int 1 nopreempt authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {192.168.1.210} track_script {chk_nginx}}

Compared with the configuration in non-preemptive mode, only two things have been changed:

1 > nopreempt instructions have been added to each of the two nodes under the vrrp_instance block to indicate that they do not compete for vip.

2 > the state of all nodes is BACKUP

After both keepalived nodes are started, the default is BACKUP. After sending multicast messages, both parties will elect a MASTER according to their priority. Because both are configured with nopreempt, MASTER does not preempt vip when it recovers from a failure. This avoids service delays that may be caused by VIP handover.

After reading this article, I believe you have a certain understanding of "how to achieve high availability of Keepalived+Nginx". If you want to know more about it, you are welcome to follow the industry information channel. Thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report