KeepAlived and HAproxy

Keepalived with HAProxy

This can be done using Virtual Box as a test

Set up 2 Centos VMs on Virtual Box which will have keepalived and haproxy installed and 2 Debian VMs on Virtual Box whch will contain the backend nginx web servers

Bridged only adapter use so IP address of the local network is used instead of default NAT only adapter for VMs on Virtual Box

Keepalived installation

Keepalived is available within the standard package repositories and is easily installed using yum:

$yum install -y keepalived 
 
$keepalived --version 
Keepalived v2.0.10 (11/12,2018)

$systemctl status keepalived

keepalived.service - LVS and VRRP High Availability Monitor Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disab Active: inactive (dead)

$systemctl enabled keepalived

$systemctl start keepalived

Some people have reported issues with the package from the repository and have had better results from compiling from source

In the below keepalived configuration the tracking script and email notification alert has been commented this can be enabled for tracking and sending notification alert just set your smtp server

MASTER Keepalived.conf

! Configuration File for keepalived 

 

#global_defs { 

#   notification_email { 

#     sysadmin@abc.com

#   } 

#   notification_email_from alert@abc.com 

#   smtp_server 192.168.200.1 

#   smtp_connect_timeout 30 

#   router_id LVS_DEVEL 

#   vrrp_skip_check_adv_addr 

#   vrrp_strict 

#   vrrp_garp_interval 0 

#   vrrp_gna_interval 0 

#} 

#vrrp_script keepalived_check { 

#     script "/usr/local/bin/keepalived_check.sh" 

#     interval 1 

#    timeout 5 

#     rise 3 

#     fall 3 

#} 

vrrp_instance VI_1 { 

    state MASTER 

    interface enp0s3 

    virtual_router_id 51 

    priority 201 

    advert_int 1 

    authentication { 

        auth_type PASS 

        auth_pass 1111 

    } 

    virtual_ipaddress { 

       192.168.1.199    

} 

#    track_script { 

#      keepalived_check 

#    } 

}

BACKUP keepalived.conf

! Configuration File for keepalived 

#global_defs { 

#   notification_email { 

#     sysadmin@abc.com

#   } 

#   notification_email_from alert@abc.com 

#   smtp_server 192.168.200.1 

#   smtp_connect_timeout 30 

#   router_id LVS_DEVEL 

#   vrrp_skip_check_adv_addr 

#   vrrp_strict 

#   vrrp_garp_interval 0 

#   vrrp_gna_interval 0 

#} 

#vrrp_script keepalived_check {  

#     script "/usr/local/bin/keepalived_check.sh" 

#     interval 1 

#    timeout 5 

#     rise 3 

#     fall 3 

#} 

vrrp_instance VI_1 { 

    state BACKUP 

    interface enp0s3 

    virtual_router_id 51 

    priority 101 

    advert_int 1 

    authentication { 

        auth_type PASS 

        auth_pass 1111 

    } 

    virtual_ipaddress { 

       192.168.1.199    

} 

#    track_script { 

#      keepalived_check 

#    } 

}

HAPROXY config

global 

    log         127.0.0.1 local2 

    chroot      /var/lib/haproxy 

    pidfile     /var/run/haproxy.pid 

    maxconn     4000 

    user        haproxy 

    group       haproxy 

    daemon 

    # turn on stats unix socket 

    stats socket /var/lib/haproxy/stats 

    # utilize system-wide crypto-policies 

    ssl-default-bind-ciphers PROFILE=SYSTEM 

    ssl-default-server-ciphers PROFILE=SYSTEM 

#--------------------------------------------------------------------- 
defaults 

    mode                    http 

    log                     global 

    option                  httplog 

    option                  dontlognull 

    option http-server-close 

    option forwardfor       except 127.0.0.0/8 

    option                  redispatch 

    retries                 3 

    timeout http-request    10s 

    timeout queue           1m 

    timeout connect         10s 

    timeout client          1m 

    timeout server          1m 

    timeout http-keep-alive 10s 

    timeout check           10s 

    maxconn                 3000 

# main frontend which proxys to the backends 

frontend main 

    bind *:80 

    acl url_static       path_beg       -i /static /images /javascript /stylesheets 

    acl url_static       path_end       -i .jpg .gif .png .css .js 


    use_backend static          if url_static 

    default_backend             app 

#--------------------------------------------------------------------- 

# static backend for serving up images, stylesheets and such 

#--------------------------------------------------------------------- 

backend static 

    balance     roundrobin 

    server      static 127.0.0.1:4331 check 

#--------------------------------------------------------------------- 

# round robin balancing between the various backends 

#--------------------------------------------------------------------- 

backend app 

    balance     roundrobin 

    server  app1 192.168.1.117:80 check 

    server  app2 192.168.1.118:80 check 

#    server  app3 127.0.0.1:5003 check 

#    server  app4 127.0.0.1:5004 check

Nginx web server install on Debian

$sudo apt install nginx

$sudo systemctl enable nginx

$sudo systemctl start nginx

$sudo systemctl status nginx

in the index html add webserver 1 on server 1 and add webserver 2 on server

this will help to find out which web server is being hit

Shutdown master server (LB1) and check if ips are automatically assigned to slave server.

ip addr show eth0

Now start LB1 and stop slave server (LB2). IPs will be automatically assigned to master server.

ip addr show eth0

Watch log files to ensure its working

tail /var/log/syslog

These writings represent my own personal views alone.
Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.