Keepalived for haproxy

                                                Keepalived for haproxy

 

Keepalived is a routing software written in C. The main goal of this project is to provide simple and robust facilities for loadbalancing and high-availability to Linux system and Linux based infrastructures.

 

Here we are going to deploy Haproxy and Keepalived for owncloud web servers load balancing and high availability.

 

It will  be an active/passive load balancer with high availability cluster for web-server ( owncloud1 and owncloud2 ) using haproxy load-balancer and keepalived.

 

I’m using below IPs for explanation purposes.

 

  • Master node address: 172.16.1.1 ( for haproxy and keepalived )
  • Slave node address: 172.16.1.32 ( for haproxy and keepalived )
  • Shared/Floating Virtual address: 172.16.1.98 ( Virtual ip which will be assigned by Keepalived )
  • Webserver owncloud1 ( 172.16.1.217 )
  • Webserver owncloud2 ( 172.16.1.67 )

 

Below mentioned is the two scenario that can occur within a active/passive load balancer cluster.

 

Configuring HAProxy and Keepalived

Install HAProxy and Keepalived on both ubuntu nodes.

 

#apt-get install haproxy

#apt-get install keepalived

 

Load balancing in HAProxy also requires the ability to bind to an IP address that are nonlocal, meaning that it is not assigned to a device on the local system. Below configuration is added so that floating/shared IP can be assigned to one of the load balancers. Below line get it done.

 

net.ipv4.ip_nonlocal_bind=1

 

Now you know what’s happening with above lines let’s edit the sysctl.conf.

 

#vi /etc/sysctl.conf

 

Add the below lines.

net.ipv4.ip_nonlocal_bind=1

 

To enable the changes made in sysctl.conf you will need to run the command.

 

# sysctl -p

net.ipv4.ip_nonlocal_bind = 1

 

Lets Configure Keepalived

 

Now let’s create keepalived.conf file on each instances.

 

#vi /etc/keepalived/keepalived.conf

 

#=======================================================#

root@ops-testing:~# cat /etc/keepalived/keepalived.conf

global_defs {

router_id ops-testing

# Keepalived process identifier

lvs_id haproxy_DH_passive

}

# Script used to check if HAProxy is running

vrrp_script haproxy {

script “killall -0 haproxy”

interval 2

weight 2

}

# Virtual interface

# The priority specifies the order in which the assigned interface to take over in a failover

vrrp_instance 50 {

virtual_router_id 50

advert_int 1

priority 101

state MASTER

interface eth0

# The virtual ip address shared between the two loadbalancers

virtual_ipaddress {

172.16.1.98

}

track_script {

haproxy

}

}

#=======================================================#

 

Add the below configuration on the slave node.

 

###===================================================###

 

root@ops-server:~# cat /etc/keepalived/keepalived.conf

global_defs {

router_id ops-server

# Keepalived process identifier

lvs_id haproxy_DH_passive

}

# Script used to check if HAProxy is running

vrrp_script haproxy {

script “killall -0 haproxy”

interval 2

weight 2

}

# Virtual interface

# The priority specifies the order in which the assigned interface to take over in a failover

vrrp_instance 50 {

virtual_router_id 50

advert_int 1

priority 101

state SLAVE

interface eth0

# The virtual ip address shared between the two loadbalancers

virtual_ipaddress {

172.16.1.98

}

track_script {

haproxy

}

}

 

##=============================================##########

 

Restart Keepalived.

 

#service keepalived start

 

**************************************************************************************

Now let’s configure HAProxy on both instances. You will have do the below steps on master node as well as slave node.

 

#vi /etc/default/haproxy

 

set the property ENABLED to 1.

#/etc/haproxy/haproxy.cfg

 

Note that below configurations are as per my requirement.

 

###=====================================================#

global

       log /dev/log    local0

       log /dev/log    local1 notice

       chroot /var/lib/haproxy

       stats socket /run/haproxy/admin.sock mode 660 level admin

       stats timeout 30s

       user haproxy

       group haproxy

       daemon

 

       # Default SSL material locations

       ca-base /etc/ssl/certs

       crt-base /etc/ssl/private

 

       # Default ciphers to use on SSL-enabled listening sockets.

       # For more information, see ciphers(1SSL).

       ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL

 

defaults

       log     global

       mode    http

       option  httplog

       option  dontlognull

       timeout connect 5000

       timeout client  50000

       timeout server  50000

       errorfile 400 /etc/haproxy/errors/400.http

       errorfile 403 /etc/haproxy/errors/403.http

       errorfile 408 /etc/haproxy/errors/408.http

       errorfile 500 /etc/haproxy/errors/500.http

       errorfile 502 /etc/haproxy/errors/502.http

       errorfile 503 /etc/haproxy/errors/503.http

       errorfile 504 /etc/haproxy/errors/504.http

 

##### where HAProxy listens to connections

 

frontend localnodes

   bind *:80

   mode http

   default_backend owncloud_servers

 

###Where HAPoxy sends incoming connections

 

backend owncloud_servers

   mode http

   balance roundrobin

   cookie LBN insert indirect nocache

   option forwardfor

   http-request set-header X-Forwarded-Port %[dst_port]

   http-request add-header X-Forwarded-Proto https if { ssl_fc }

   option httpchk HEAD / HTTP/1.1\r\nHost:localhost

   server owncloud1 172.16.1.217:8090  cookie check

   server owncloud2 172.16.1.67:8090  cookie  check

 

### stats => setup HAProxy web tool for monitoring the load balancer and its nodes

   stats enable

   stats uri  /haproxy?stats

   stats hide-version

   stats auth admin:ozocom

   stats realm   Haproxy\ Statistics

 

#========================================================#

 

Testing

=========================================================

 

Let’s check whether our keepalive configuration has been done correctly. Try executing ip addr on master node. As you can see on the master node 172.16.1.98 IP is assigned.

 

root@ops-testing:~# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

   inet 127.0.0.1/8 scope host lo

      valid_lft forever preferred_lft forever

   inet6 ::1/128 scope host

      valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

   link/ether 6c:f0:49:43:34:b5 brd ff:ff:ff:ff:ff:ff

   inet 172.16.1.1/24 brd 172.16.1.254 scope global eth0

      valid_lft forever preferred_lft forever

   inet 172.16.1.98/32 scope global eth0

      valid_lft forever preferred_lft forever

   inet6 fe80::6ef0:49ff:fe43:34b5/64 scope link

      valid_lft forever preferred_lft forever

3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000

   link/ether 00:15:e9:3c:e7:6e brd ff:ff:ff:ff:ff:ff

4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN

   link/ether 56:84:7a:fe:97:99 brd ff:ff:ff:ff:ff:ff

   inet 172.17.42.1/16 scope global docker0

      valid_lft forever preferred_lft forever

 

Try executing ip addr on slave node.

 

root@ops-server:~# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN

   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

   inet 127.0.0.1/8 scope host lo

   inet6 ::1/128 scope host

      valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

   link/ether 00:e0:81:49:13:78 brd ff:ff:ff:ff:ff:ff

   inet 172.16.1.32/24 brd 172.16.1.255 scope global eth0

   inet6 fe80::2e0:81ff:fe49:1378/64 scope link

      valid_lft forever preferred_lft forever

3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000

   link/ether 00:e0:81:49:13:79 brd ff:ff:ff:ff:ff:ff

 

Let’s stop the HAProxy on the master node. Now you can see that IP address 172.16.1.98 will be assigned to the slave node. If you start HAproxy instance on the master node IP address 192.168.6.164 will be assigned back to master node. See the O/P below.

 

root@ops-server:~# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN

   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

   inet 127.0.0.1/8 scope host lo

   inet6 ::1/128 scope host

      valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

   link/ether 00:e0:81:49:13:78 brd ff:ff:ff:ff:ff:ff

   inet 172.16.1.32/24 brd 172.16.1.255 scope global eth0

   inet 172.16.1.98/32 scope global eth0

   inet6 fe80::2e0:81ff:fe49:1378/64 scope link

      valid_lft forever preferred_lft forever

 

Try http://172.16.1.98/haproxy?stats to login into statistics report for HAProxy.

 

Advertisements