How to use KeepAlived on CentOS 8 to set up highly available NGINX

How to use KeepAlived on CentOS 8 to set up highly available NGINX

Nginx is a free, open source and one of the most popular web servers in the world. It can also be used as a reverse proxy, load balancer, and HTTP cache. High availability allows applications to reroute work to another system in the event of a failure. There are different techniques that can be used to set up a high-availability system.

Keepalived is a system daemon that continuously monitors a service or system and achieves high availability in the event of a failure. If one node shuts down, the second node provides services for the resource.

In this tutorial, I will show you how to set up a highly available Nginx web server using KeepAlived on CentOS 8.

prerequisites

  • Two servers running CentOS 8, one for the primary node and one for the backup node.
  • A root password is configured on your server.

Install Nginx on both nodes

First, you need to install the Nginx package on both nodes. You can use the following command to install:

dnf install nginx -y

After installing Nginx on both nodes, start the Nginx service and enable it to start when the system restarts:

systemctl start nginxsystemctl enable nginx

Once completed, you can proceed to the next step.

Create Index.html file on two nodes

Next, you need to create a custom index.html file on the two nodes to identify each node.

On the first node, use the following command to create an index.html file:

echo "<h1>This is My First NGINX Web Server Node</h1>" | tee /usr/share/nginx/html/index.html

On the second node, use the following command to create an index.html file:

echo "<h1>This is My Second NGINX Web Server Node</h1>" | tee /usr/share/nginx/html/index.html

Save and close the file when you are done.

Install and configure Keepalived

Next, you need to install Keepalived on both nodes. By default, the Keepalived package is available in the CentOS 8 default repository. You can install it by running the following command:

dnf install keepalived -y

After installing the keepalived package on both nodes, you need to edit the keepalived default configuration file on both nodes.

On the first node, edit the keepalived.conf file:

nano /etc/keepalived/keepalived.conf

Delete the default content and add the following:

global_defs {
  # Keepalived process identifier
  router_id nginx
}

# Script to check whether Nginx is running or not
vrrp_script check_nginx {
  script "/bin/check_nginx.sh"
  interval 2
  weight 50
}

# Virtual interface - The priority specifies the order in which the assigned interface to take over in a failover
vrrp_instance VI_01 {
  state MASTER
  interface eth0
  virtual_router_id 151
  priority 110

  # The virtual ip address shared between the two NGINX Web Server which will float
  virtual_ipaddress {
    192.168.1.10/24
  }
  track_script {
    check_nginx
  }
  authentication {
    auth_type AH
    auth_pass secret
  }
}

Save and close the file when you are done.

On the second node, edit the keepalived.conf file:

nano /etc/keepalived/keepalived.conf

Delete the default content and add the following:

global_defs {
  # Keepalived process identifier
  router_id nginx
}

# Script to check whether Nginx is running or not
vrrp_script check_nginx {
  script "/bin/check_nginx.sh"
  interval 2
  weight 50
}

# Virtual interface - The priority specifies the order in which the assigned interface to take over in a failover
vrrp_instance VI_01 {
  state BACKUP
  interface eth0
  virtual_router_id 151
  priority 100

  # The virtual ip address shared between the two NGINX Web Server which will float
  virtual_ipaddress {
    192.168.1.10/24
  }
  track_script {
    check_nginx
  }
  authentication {
    auth_type AH
    auth_pass secret
  }
}

Save and close the file, then you will need to create a script to check if the Nginx service is running. You can create it with the following command:

notes: Just replaced MASTER with BACKUP and 110 with 100 in the above configuration file.

nano /bin/check_nginx.sh

Add the following lines: ads

#!/bin/sh
if [ -z "`pidof nginx`" ]; then
  exit 1
fi

Save and close the file, and then use the following command to set the appropriate permissions:

chmod 755 /bin/check_nginx.sh

Finally, use the following command to start the keepalived service and enable it to start when the system restarts:

systemctl start keepalivedsystemctl enable keepalived

You can also use the following command to check the status of the keepalived service:

systemctl status keepalived

You should get the following output:

? keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2021-04-08 04:24:22 EDT; 5s ago
  Process: 3141 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 3142 (keepalived)
    Tasks: 2 (limit: 12524)
   Memory: 2.1M
   CGroup: /system.slice/keepalived.service
           ??3142 /usr/sbin/keepalived -D
           ??3143 /usr/sbin/keepalived -D

Apr 08 04:24:22 node1 Keepalived_vrrp[3143]: (VI_01) Changing effective priority from 110 to 160
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: (VI_01) Receive advertisement timeout
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: (VI_01) Entering MASTER STATE
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: (VI_01) setting VIPs.
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: Sending gratuitous ARP on eth0 for 192.168.1.10
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: (VI_01) Sending/queueing gratuitous ARPs on eth0 for 192.168.1.10
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: Sending gratuitous ARP on eth0 for 192.168.1.10
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: Sending gratuitous ARP on eth0 for 192.168.1.10
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: Sending gratuitous ARP on eth0 for 192.168.1.10
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: Sending gratuitous ARP on eth0 for 192.168.1.10

You can also use the following command to verify the status of the virtual IP address on the Master node:

ip add show

You should see the virtual IP address 192.168.1.10 in the following output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:00:2d:3a:20:9b brd ff:ff:ff:ff:ff:ff
    inet 45.58.32.155/24 brd 45.58.32.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 192.168.1.10/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::200:2dff:fe3a:209b/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:00:0a:3a:20:9b brd ff:ff:ff:ff:ff:ff
    inet6 fe80::200:aff:fe3a:209b/64 scope link 
       valid_lft forever preferred_lft forever

Once completed, you can proceed to the next step.

Configure firewall on both nodes

Next, you need to allow port 80 and allow VRRP on both nodes. You can do this with the following command:

firewall-cmd --permanent --add-service=httpfirewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent

Next, reload firewalld to apply the changes:

firewall-cmd –reload

Verify Keepalived

At this point, Nginx and Keepalived are installed and configured. It’s time to test whether Nginx high availability is effective.

Open your web browser and visit the URL https://your-virtual-ip. You should see the following page:

Now, stop the Nginx service on the Master node and test whether the virtual IP is switched from Node 1 to Node 2.

On the Master node, use the following command to stop the Nginx service:

systemctl stop nginx

Next, log in to Node2 and verify the virtual IP using the following command:

ip add show

You should see your virtual IP in the following output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:00:2d:3a:26:37 brd ff:ff:ff:ff:ff:ff
    inet 45.58.38.55/24 brd 45.58.38.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 192.168.1.10/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::200:2dff:fe3a:2637/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:00:0a:3a:26:37 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::200:aff:fe3a:2637/64 scope link 
       valid_lft forever preferred_lft forever

Now, use the URL to access your Nginx web server https://your-virtual-ip. You should see the Node2 page:

Nginx on node 2

in conclusion

Congratulations! You have successfully set up a highly available Nginx server using Keepalived. I hope you now have enough knowledge to set up a highly available Nginx server in a production environment.

Related Posts