Friday, November 13, 2020

Set Up Highly Available Web Servers with Keepalived and Floating IPs


Keepalived runs on an active LVS server as well as one or more optional backup LVS server. The active LVS server serves two roles:
  • To balance the load across the real servers.
  • To check the integrity of the services on each real server.
The active (master) server informs the backup server of its active status using the Virtual Router Redundancy Protocol (VRRP), which requires the master server to send out advertisements at regular intervals. If the active server stops sending advertisements, a new master is elected.

Prerequisites 

  • Need two linux servers any web server configured and should be up and running.
  • Port 80 should we open from firewall level
In this example I am using two CentOS-7 servers and I am using nginx as my webserver. You can use any OS and webserver as you like.


Nginx Server 1 --> 192.168.1.17
Nginx Server 2 --> 192.168.1.18




Install and configure Keepalived

Thin this setup we need another additional IP which need to configure as our VIP. This VIP can we assign to either "Webserver 1" or "Webserver-2".

In this example we are using 192.168.1.20 as our VIP.


  • Create a loopback interface in each servers (Webserver-1 and Webserver-2)
Go to below location and create a file call "ifcfg-lo:vip". This file should contain below content.

DEVICE=lo:vip
IPADDR=192.168.1.20 # Change this to your VIP
NETMASK=255.255.255.255
#NETWORK=
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
#BROADCAST=
ONBOOT=yes
NAME=loopback



  • Then UP the newly created interface
ifup ifcfg-lo:vip
 

 

  • Install keepalived in both servers
yum install keepalived


  • Enable the keepalived service
systemctl enable keepalived
 

  • Goto keepalived configuration folder and backup the existing configuration file. 

  • Create a nginx status check script with below content.

#!/bin/bash

_status=`pgrep -f "nginx.conf" | wc -l`

if [ $_status -gt 0 ];
then
        exit 0
else
        exit 1
fi

  • Set Execution permission for that script
chmod 755 /usr/bin/status_nginx
 
  • Create a keepalived.conf file and add below content in each server.
Values highlighted in yellow should be change according to your environment.

In Webserver-1 

vrrp_script chk_nginx_status {
    script "/usr/bin/status_nginx"
    interval 10
}

vrrp_instance Float_NGINX {
    state BACKUP
    interface enp0s3 #Interface ID
    virtual_router_id 93 #This should be unique within the network
    priority 101        #101 on master, 100 on backup
    advert_int 1
    nopreempt

    track_script {
        chk_nginx_status #Nginx status check script
    }

    virtual_ipaddress {
        192.168.1.20/24 #VIP need to assign
    }
}
 
virtual_server 192.168.1.20 80 {
        lvs_sched rr
        lvs_method DR
        protocol TCP
        real_server 192.168.1.17 80 {
        weight 1
        TCP_CHECK {
                connect_port 80
                connect_timeout 3
                retry 3
                delay_before_retry 2
                }
        }
        real_server 192.168.1.18 80 {
        weight 1
        TCP_CHECK {
                connect_port 80
                connect_timeout 3
                retry 3
                delay_before_retry 2
                }
        }
}

In Webserver-2

vrrp_script chk_nginx_status {
    script "/usr/bin/status_nginx"
    interval 10
}

vrrp_instance Float_NGINX {
    state BACKUP
    interface enp0s3 #Interface ID
    virtual_router_id 93 #This should be unique within the network
    priority 100        #101 on master, 100 on backup
    advert_int 1
    nopreempt

    track_script {
        chk_nginx_status #Nginx status check script
    }

    virtual_ipaddress {
        192.168.1.20/24 #VIP need to assign
    }
}
 
virtual_server 192.168.1.20 80 {
        lvs_sched rr
        lvs_method DR
        protocol TCP
        real_server 192.168.1.17 80 {
        weight 1
        TCP_CHECK {
                connect_port 80
                connect_timeout 3
                retry 3
                delay_before_retry 2
                }
        }
        real_server 192.168.1.18 80 {
        weight 1
        TCP_CHECK {
                connect_port 80
                connect_timeout 3
                retry 3
                delay_before_retry 2
                }
        }

} 

  • vrrp_instance defines an individual instance of the VRRP protocol running on an interface. I have arbitrarily named this instance VI_1.
  • state defines the initial state that the instance should start in.
  • interface defines the interface that VRRP runs on.
  • virtual_router_id is the unique identifier that you learned about in the first article of this series.
  • priority is the advertised priority that you learned about in the first article of this series. As you will learn in the next article, priorities can be adjusted at runtime.
  • advert_int specifies the frequency that advertisements are sent at (1 second, in this case).
  • virtual_ipaddress defines the IP addresses (there can be multiple) that VRRP is responsible for.
Now check the VIP is successfuly assign to a server. It can be Webserver-1 or Webserver-2

You can simply type "ip addr" command to verify this.



You have to install "ipvsadm" package to inspect the virtual server table. From this tool you can see available nodes under your keepalived instance.



Type below command to get the available instance 

ipvsadm -L -n


Now brows the website with VIP in your browser.


Now Try to shutdown the web-server which VIP current being assign. Once you shutdown it, VIP should automatically assign to other server. Try to access your side also after you shutdown the server.

on

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)