Versions Compared

Old Version 7

changes.mady.by.user Brian Van Klaveren

Saved on

compared with

New Version 8

changes.mady.by.user Brian Van Klaveren

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

As for the choice of nginx, nginx as it has much better performance characteristics in the application of an HTTP reverse proxy, which is necessitated by our migration towards REST APIs which serve up scientific data for many experiments.

Operating NGINX

nginx is installed on both sca-nginx01 and sca-nginx02. You can stop, start, restart, and reload the service at any time. A reload keeps the server up but refreshes it's configuration based on configuration file changes.

 

To start:

sudo /sbin/service nginx16-nginx start

To stop:

sudo /sbin/service nginx16-nginx stop

To reload:

sudo /sbin/service nginx16-nginx reload

 

Care should be taken care to verify your configuration before performing a reload.

 

 

Configuration

Hosts

sca-www: Domain name tied to a floating IP 134.79.129.86; this is a floating IP address.

...

exo-data.slac.stanford.edu

cas.slac.stanford.edu

portal.lsstdesc.org

It also serves up pages for a few historical domains:

...

Code Block
automounter=autofs
%%if ($ENV{HOSTNAME} ne 'scalnx-v03')
#limit_login=u-scalnx
%%endif
network_device=eth0
monitoring=nagios,ganglia
iptables
sudo_workgroups=scalnx-vmm

 

keepalived

keepalived is to be configured on both machines.

The following is roughly the configuration for sca-nginx01. The configuration for sca-nginx02, which will be the failover machine, will be nearly identical, but the priority on the vrrp_instance MUST BE LOWER than the priority on the master. The password will be different.

The configuration is located in /etc/keepalived/keepalived.conf

Code Block
global_defs {
   notification_email {          # This should email you when there's a failover, but it's not working right now
     bvan@slac.stanford.edu
   }
   notification_email_from bvan@slac.stanford.edu
   smtp_server smtp.slac.stanford.edu
   smtp_connect_timeout 30
   router_id SCA_WWW             # This is the virtual router ID.
}

vrrp_script chk_nginx {           # The check script
      script "killall -0 nginx"   # Could use curl instead or call out to custom script.
      interval .2                 # execute every .2 seconds
      weight 2                    # This is subtracted from priority below. Highest point count = master
}

vrrp_instance VI_1 {
    state MASTER               
    interface eth0             # The virtual IP address is assigned to eth0
    virtual_router_id 85       # This should be unique per subnet. 85 is fine. If SCS uses keepalived, 
                               #   we may need to coordinate/register this with them.
    priority 101               # This primary machine should have the highest priority, 
                               #   the failover should be at least one point lower.
 
    advert_int 1               # Both of these are for authentication, but it's not really necessary
    authentication {           #   unless we can't trust the computers on the same subnet.
        auth_type PASS
        auth_pass 1111
    }

    virtual_ipaddress {
        134.79.129.86          # This is the sca-www IP address
    }

    track_script {
         chk_nginx             # Tell keepalived there is a script it should execute (Defined above)
    }

   unicast_src_ip 134.79.129.91   # Unicast specific option, this is the IP of the interface keepalived listens on
   unicast_peer {                 # Unicast specific option, this is the IP of the peer instance 
     134.79.129.92
   }
}

 

sca-nginx03

This server runs forum.linearcollider.org

...