Shulou(Shulou.com)06/01 Report--

Editor to share with you how to achieve dual Nginx+Keepalived active and standby, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to understand it!

First of all, let's introduce Keepalived, which is a high-performance server high availability or hot backup solution. At first, it was designed for LVS load balancing software. Keepalived is mainly to prevent the server from a single point of failure. It can cooperate with Nginx to achieve the high availability of web servers.

Keepalived is based on VRRP protocol. VRRP is the abbreviation of Virtual Router Redundancy Protocol (Virtual routing redundancy Protocol). VRRP protocol virtualizes two or more router devices into one device and provides virtual router IP (one or more).

The purpose of VRRP is to solve the problem of single point of failure of static routes. it can ensure that the whole network can run uninterrupted when individual nodes are down.

Let's take a look at the deployment and installation of nginx keepalived high-availability scenarios.

Environmental preparation

Prepare the following compressed files on both hosts:

Keepalived-2.0.20.tar.gz

Nginx-1.16.1.tar.gz

Virtual IP

Real IP

Nginx port

Principal and subordinate

192.168.124.20

192.168.124.13

eighty

MASTER

192.168.124.20

192.168.124.14

eighty

BACKUP

Install nginx

Create a new user:

Useradd tianyan

Determine the installation directory. My installation directory here is: / home/tianyan/tianyan_soft/nginx.install.

Create two new directories under this directory to install nginx and keepalived, and extract the two packages.

Execute the installation command:

. / configure-- prefix=/home/tianyan/tianyan_soft/nginx.install\-- sbin-path=/home/tianyan/tianyan_soft/nginx.install/sbin/nginx-- conf-path=/home/tianyan/tianyan_soft/nginx.install/conf/nginx.conf\-- error-log-path=/home/tianyan/tianyan_soft/nginx.install/error.log\-- http-log-path=/home/tianyan/tianyan_soft/nginx.install/access.log\-- pid-path=/home/ Tianyan/tianyan_soft/nginx.install/nginx.pid\-- lock-path=/home/tianyan/tianyan_soft/nginx.install/nginx.lock\-- user=tianyan-- group=tianyan\-- with-http_stub_status_module\-- with-http_gzip_static_module\-- with-http_ssl_module\-- with-http_realip_module\-with-threads\-- with-pcre\-- http-client-body-temp-path=/home/tianyan/tianyan_soft/nginx .install / client/\-http-proxy-temp-path=/home/tianyan/tianyan_soft/nginx.install/proxy/\-http-fastcgi-temp-path=/home/tianyan/tianyan_soft/nginx.install/fcgi/\-http-uwsgi-temp-path=/home/tianyan/tianyan_soft/nginx.install/uwsgi\-http-scgi-temp-path=/home/tianyan/tianyan_soft/nginx.install/scgi

If you report an error, remember to install related dependencies:

Yum install gcc gcc-c++nginx: [emerg] bind () to 0.0.0.0 failed (13: Permission denied).

Note: when starting with non-root permissions, the nginx: [emerg] bind () to 0.0.0.0 to 80 failed (13: Permission denied) error occurs.

Reason: only root users in Linux can use ports below 1024.

Solution:

1. Start according to root permission

two。 Change port 80 in the / usr/local/nginx/conf/nginx.conf file to more than 1024.

Install keepalived

. / configure-- prefix=/usr/local/keepalived

Continue to execute the above order after the completion of the execution:

Make & & make install

After installation, the directory looks like this:

Copy the configuration file to the directory corresponding to the system

Mkdir / etc/keepalivedcp / usr/local/keepalived/etc/keepalived/keepalived.conf / etc/keepalived/keepalived.confcp / usr/local/keepalived/etc/sysconfig/keepalived / etc/sysconfig/keepalived

Edit the keepalived.conf of the master node

Vim / etc/keepalived/keepalived.conf

The content references are as follows:

! Configuration File for keepalivedglobal_defs {# router_id hyq_slave} # ng whether to run vrrp_script chk_nginx {script "/ etc/keepalived/nginx_check.sh" interval 2 weight-20} vrrp_instance VI_1 {state BACKUP # required, can be MASTER or BACKUP interface ens33 virtual_router_id 101 priority 90 advert_int 1 # if multicast is disabled on the uplink switch of both nodes Then use vrrp unicast advertisement # Native ip unicast_src_ip 192.168.124.14 unicast_peer {# other machines ip 192.168.124.13} # set nopreempt to prevent preemption of resources nopreempt authentication {auth_type PASS auth_pass 1111} # and the above nginx health check echoes track_script {chk_nginx} virtual_ipaddress {192.168.124.20}}

Edit the keepalived.conf of the slave node

Vim / etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {# router_id hyq_slave} # ng whether to run vrrp_script chk_nginx {script "/ etc/keepalived/nginx_check.sh" interval 2 weight-20} vrrp_instance VI_1 {state BACKUP # required, can be MASTER or BACKUP interface ens33 virtual_router_id 101 priority 90 advert_int 1 # if multicast is disabled on the uplink switch of both nodes Then use vrrp unicast advertisement # Native ip unicast_src_ip 192.168.124.14 unicast_peer {# other machines ip 192.168.124.13} # set nopreempt to prevent preemption of resources nopreempt authentication {auth_type PASS auth_pass 1111} # and the above nginx health check echoes track_script {chk_nginx} virtual_ipaddress {192.168.124.20}}

Write nginx_check.sh scripts

Create a new nginx_check.sh script in the / etc/keepalived directory

Touch nginx_check.sh

Edit it as follows:

#! / bin/shA= `ps-C nginx-- no-header | wc-l`if [$A-eq 0] then / usr/sbin/nginx sleep 1 A2 = `ps-C nginx-- no-header | wc-l`if [$A2-eq 0] then systemctl stop keepalived fifi

The implication is: if nginx stops running, try to start, but if it cannot be started, then kill the native keepalived process, and keepalied will bind the virtual ip to the BACKUP machine. Note: / usr/sbin/nginx is the startup command for nginx. If you install it to another directory, replace it accordingly.

Keepalived's log

The default location of the Keepalived log is in the / var/log/messages directory. Let's modify it.

Because the system is centos7, modify the location to: / lib/systemd/system/keepalived.service

Original content:

EnvironmentFile=-/usr/local/keepalived/etc/sysconfig/keepalived

ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS

Modified to:

Reload service after modification

Systemctl daemon-reload

Create a command soft connection:

Ln-s / usr/local/keepalived/sbin/keepalived / usr/sbin/keepalived

Execute:

Keepalived-D-f / etc/keepalived/keepalived.conf

-D outputs the log to the message log, and the default log is also in message

-f is the specified profile

Modify / etc/sysconfig/keepalived

Modify KEEPALIVED_OPTIONS= "- D" to: KEEPALIVED_OPTIONS= "- D-d-S 0"

Add at the end of / etc/rsyslog.conf

Local0.*/var/log/keepalived.log

Finally, execute the command:

Service rsyslog restart

After restarting keepalived, you can see that the log is under / var/log/keepalived.log.

Test and verify VIP

When both keepalived and nginx are started, let's test it.

First, access three addresses in the browser.

Http://192.168.124.20 (vip)

Http://192.168.124.13 (master)

Http://192.168.124.14(slave)

I modified the index.html of nginx and can see that the current vip points to the master node that is 13:

Then we manually stop nginx on 13 and visit http://192.168.124.20 again.

Indicates that the installation was successful.

The change of the network card can be observed through the ip address command

At the end of the experiment, we have completed the installation and deployment of the master-slave configuration of keepalived + nginx.

Thinking: how to open the dual-master mode

What is the dual-master mode?

Introduce the two configurations respectively

1. Nginx+keepalived master-slave configuration

This solution is described above. One vip address is used, and two machines are used at the front end, one as the master and one as the backup, but only one machine works at the same time. When the master machine does not fail, the other backup machine is always in a state of waste and is only used for disaster preparedness and is usually idle.

2. Nginx+keepalived dual master configuration

In this scheme, two vip addresses are used, and two machines are used at the front end, which are active and standby to each other, and two machines are working at the same time. When one machine fails, the request of the two machines is transferred to the burden of one machine, as shown below:

The above is all the contents of the article "how to achieve dual-computer active and standby in Nginx+Keepalived". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.