Scalable Linux Clusters with LVS



Similar documents
Scalable Linux Clusters with LVS

High Availability Low Dollar Load Balancing

1. Configuring Apache2 Load Balancer with failover mechanism

ClusterLoad ESX Virtual Appliance quick start guide v6.3

Configuring HAproxy as a SwiftStack Load Balancer

Smoothwall Web Filter Deployment Guide

Lab 5 Explicit Proxy Performance, Load Balancing & Redundancy

Creating Web Farms with Linux (Linux High Availability and Scalability)

PVFS High Availability Clustering using Heartbeat 2.0

Linux Virtual Server Administration. RHEL5: Linux Virtual Server (LVS)

Load Balancing Smoothwall Secure Web Gateway

Twin Peaks Software High Availability and Disaster Recovery Solution For Linux Server

ICS 351: Today's plan

Availability Digest. Redundant Load Balancing for High Availability July 2013

How to Configure an Initial Installation of the VMware ESXi Hypervisor

Load Balancing Sophos Web Gateway. Deployment Guide

Load Balancing McAfee Web Gateway. Deployment Guide

F-Secure Messaging Security Gateway. Deployment Guide

Load Balancing Bloxx Web Filter. Deployment Guide

Appliance Administration Manual. v6.21

Linux Virtual Server Administration. Linux Virtual Server (LVS) for Red Hat Enterprise Linux 5.2

Load Balancing Web Proxies Load Balancing Web Filters Load Balancing Web Gateways. Deployment Guide

Load Balancing Trend Micro InterScan Web Gateway

LISTSERV in a High-Availability Environment DRAFT Revised

Linux Virtual Server (LVS) for Red Hat Enterprise Linux 5.0

NETWORK ADMINISTRATION

Snapt Redundancy Manual

This howto is also a bit old now. But I thought of uploading it in the howtos section, as it still works.

Load Balancing RSA Authentication Manager. Deployment Guide

Microsoft Internet Information Services (IIS) Deployment Guide

Load Balancing Barracuda Web Filter. Deployment Guide

Veritas Cluster Server

Network Load Balancing

Get quick control over your Linux server with server commands

THE HONG KONG POLYTECHNIC UNIVERSITY Department of Electronic and Information Engineering

Setting Up A High-Availability Load Balancer (With Failover and Session Support) With Perlbal/Heartbeat On Debian Etch

Load Balancing Microsoft Sharepoint 2010 Load Balancing Microsoft Sharepoint Deployment Guide

Loadbalancer.org. Loadbalancer.org appliance quick setup guide. v6.6

DEPLOYMENT GUIDE CONFIGURING THE BIG-IP LTM SYSTEM WITH FIREPASS CONTROLLERS FOR LOAD BALANCING AND SSL OFFLOAD

Deployment Guide: Transparent Mode

Load Balancing Clearswift Secure Web Gateway

Load Balancing VMware Horizon View. Deployment Guide

A High Availability Clusters Model Combined with Load Balancing and Shared Storage Technologies for Web Servers

Introduction to Linux Virtual Server and High Availability

GLBP - Gateway Load Balancing Protocol

Appliance Quick Start Guide. v7.6

LOCKSS on LINUX. CentOS6 Installation Manual 08/22/2013

F-SECURE MESSAGING SECURITY GATEWAY

Appliance Quick Start Guide v6.21

Loadbalancer.org Appliance Setup v5.9

Load Balancing Microsoft AD FS. Deployment Guide

EQUELLA. Clustering Configuration Guide. Version 6.0

Appliance Administration Manual. v7.2

Load Balancing VMware Horizon View. Deployment Guide

Linux High Availability

ERserver. iseries. TCP/IP routing and workload balancing

Networking TCP/IP routing and workload balancing

Configuring MDaemon for High Availability

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

VMware Identity Manager Connector Installation and Configuration

Setting Up B2B Data Exchange for High Availability in an Active/Active Configuration

Load Balancing Microsoft Terminal Services. Deployment Guide

Introducing the BIG-IP and SharePoint Portal Server 2003 configuration

Load Balancing Microsoft Remote Desktop Services. Deployment Guide

HP Load Balancing Module

Practical Load Balancing

The PostBase Connectivity Wizard

Active-Active ImageNow Server

ALOHA Load-Balancer. Virtual Appliance quickstart guide. Document version: v1.0. Aloha version concerned: v5.0.x

IP Address: the per-network unique identifier used to find you on a network

HIGH AVAILABILITY (HA) WITH OPENSIPS

System Admin Module User Guide. Schmooze Com Inc.

Configuring Windows Server Clusters

CS312 Solutions #6. March 13, 2015

Internet Redundancy How To. Version 8.0.0

Firewalls with IPTables. Jason Healy, Director of Networks and Systems

Configuring the BIG-IP system for FirePass controllers

LOCKSS on LINUX. Network Data Transition 02/17/2011

Computer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University

Building a Scale-Out SQL Server 2008 Reporting Services Farm

Prestige 310. Cable/xDSL Modem Sharing Router. User's Guide Supplement

Appliance Quick Start Guide v6.21

axsguard Gatekeeper Internet Redundancy How To v1.2

Appliance Administration v6.1

CE363 Data Communications & Networking. Chapter 6 Network Layer: Logical Addressing

Subnetting and Network Management Omer F. Rana. Networks and Data Communications 1

Load Balancing Microsoft IIS. Deployment Guide

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server

Authenticating a Lucent Portmaster 3 with Microsoft IAS and Active Directory

6.0. Getting Started Guide

Installing and Using the vnios Trial

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

Enterprise AWS Quick Start Guide. v8.0.1

Implementing Network Address Translation and Port Redirection in epipe

FILECLOUD HIGH AVAILABILITY

Data Center Automation with the VM-Series

Integrating CoroSoft Datacenter Automation Suite with F5 Networks BIG-IP

Transcription:

Scalable Linux Clusters with LVS Considerations and Implementation, Part II Eric Searcy Tag1 Consulting, Inc. emsearcy@tag1consulting.com May 2008 Abstract Whether you are perusing mailing lists or reading the large LVS- HOWTO, much of the available information on creating a high-availability Linux cluster can be difficult to sift through. Relevant information shares space with obscure comments and implementation details that date back to version 2.0 of the Linux kernel. This two-part article attempts to present an up-to-date tutorial on setting up LVS for your network, with an emphasis on designing a system that matches your infrastructure s needs. 1 Review Part I of this article walked through the setup of a Linux Virtual Server (LVS) cluster that matches the diagram in Figure 1. This cluster used IPVS direct routing as the method of directing requests from the load balancer to the destination node. While this provides an easy way to add and remove nodes from the cluster and to scale the service, this solution is no better than DNS round-robin in terms of high availability. Most of this article concerns preparation and configuration of the Heartbeat setup. If you had followed part one of the article and have moved your service over to a manually-configured load balancer, your service will not be affected until the final section of the article when the Heartbeat service is started. This final section will have a recommended grouping of steps that will minimize any downtime to a negligible amount. 1

Internet load1 www1 www2 Figure 1: LVS Direct Routing 2 Heartbeat The High Availability Linux project s goal is to Provide a high availability solution for Linux which promotes reliability, availability, and serviceability through a community development effort. 1 The flagship component of this project is the Heartbeat program. Heartbeat provides failover of resources between multiple hosts. In the context of LVS, Heartbeat can be used to provide failover of the IP address of your load balancer. If the load balancer is unavailable, a second load balancer can take over the role of the original load balancer by claiming the IP address. Heartbeat ensures that only one of these load balancers is able to hold the IP address (the resource ) at a time. Figure 2 shows the addition of a failover load balancer to the previous network setup. The dotted line coming from the Internet indicates that this load balancer would receive traffic from the Internet in the event that the primary load balancer is unavailable. 1 http://www.linux-ha.org/ 2

Internet load1 load2 www1 www2 Figure 2: Load Balancer Redundancy 2.1 Installation The additional load balancer needs to be added to the same subnet as the rest of the machines from part one. Then, install Heartbeat on both load balancers. Heartbeat should be available in your distribution s package repository. If not, you can install it from source. 2 There are two distinct versions of Heartbeat, version 1 and version 2, and two corresponding ways to configure Heartbeat resources. One is the legacy approach from Heartbeat version 1, which uses the haresources file. While this approach is still supported by version 2, a new XML configuration format was introduced for the new Cluster Resource Manager (CRM). Because the CRM system is much more complicated than haresources, and its features are not relevant to a network like the one in Figure 2, this article will continue using the version 1 configuration. You should install install version 2 regardless, in case you end up needing the CRM system in the future. 2 http://linux-ha.org/download/index.html 3

2.2 Configuration There are three files that must be edited: ha.cf, authkeys, and haresources. Usually these are located in /etc/ha.d/. The ha.cf file needs a minimum of three configuration options: a method to communicate with other nodes, an option whether to automatically move a resource back to the primary host after an outage, and a list of Heartbeat nodes. 1 bcast eth1 2 a u t o f a i l b a c k on 3 node load1 load2 Listing 1: The ha.cf configuration file While these three are sufficient, usually there are more configuration options you should set, such as where to write logs. Your distribution should have a default configuration file present. Make changes for the three necessary values, and confirm that the rest of the file is filled out reasonably (the default file is hopefully commented). Make the same changes on both load balancers, unless you use a unicast connection for communication. In this case, each host will be set to communicate with the real IP address of the other load balancer in its configuration. If you can, it is beneficial to hook the load balancers together on a crossover cable connection, in which case the broadcast method works well and requires minimal configuration effort. Next best is to put the machines on a backend network, in which case unicast would be better as it avoids excess broadcast traffic. The next file is authkeys, which provides a key to secure communication between the load balancers. The content of this file is simple, and needs to be the same on both load balancers. Replace long random password with a random string to use as the key. Also, set the permissions on the file to prevent reading by any users except root. 1 auth 1 Listing 2: The authkeys configuration file 2 1 sha1 long random password The third file for your Heartbeat setup is haresources. This file only needs one line: the VIP address you are using to access the service on. 4

Listing 3: The haresources configuration file 1 load1 1 2. 3. 4. 5 0 / 3 2 / eth0 l d i r e c t o r d load1 is the hostname of the primary host for this resource. This file must be the same on both load balancers; do not use the hostname of the second load balancer in this file on either host. Replace the IP address above with your VIP, and leave the netmask of 32 unchanged this will keep this address from being used to route outbound traffic. 3 Also, change eth0 to the public interface you are using. The last portion of the line, ldirectord, specifies the service to start and stop along with bringing the interface up. Rather than strictly being a service, as if it were starting or stopping a web server, this resource will instead start a tool called ldirectord for managing the IPVS configuration. Heartbeat should now be configured correctly. However, do not start the service yet. If you followed part one of this article and already have the VIP address set up on the load balancer, Heartbeat would not be able to control it as a resource. Furthermore, without ldirectord configured yet, the destination nodes would not have any traffic routed to them. 3 ldirectord The ldirectord daemon manages the setup of IPVS on the load balancer. It checks the availability of the services provided by the destination nodes and removes them from the load balancer if they become unavailable. This prevents the load balancer from passing requests on to nodes that are malfunctioning. 3.1 Installation ldirectord is written in Perl, so you will have to have a working Perl system (most Unix systems do). It will require extra Perl modules dependent on which services you will be validating. ldirectord may be available in your package repository as a standalone package (perhaps called heartbeatldirectord ) or as an option for the heartbeat package. The ldirectord website also describes how to download a snapshot of the code repository for a 3 32 is a subnet mask in Classless Inter-Domain Routing (CIDR) notation. It corresponds to the dotted-decimal subnet mask 255.255.255.255, which is represented in binary by a string of 32 ones. 5

source installation. 4 Double-check that there is a reference to ldirectord in the directory /etc/ha.d/resource.d. If you installed a package, it should have created it there. Otherwise, create a symlink ldirectord in that directory to wherever the ldirectord daemon resides (like /usr/sbin/ldirectord). At this point, you may want to set up the load balancers to provide a fallback service in case all the nodes are down. For HTTP services, a simple fallback service would be a web server on each load balancer with no web pages and a custom 404 page that tells the user your web cluster is unavailable. A fallback service does not replace your actual service, but it is good to have regardless as most users will prefer a notice that something is wrong to a timeout. 3.2 Configuration The configuration for ldirectord includes a list of services to be load balanced. For each service, the destination nodes are specified, as well as the method to determine whether each node is functioning or not. This article will look at a simple configuration for HTTP load balancing; further service-checking options can be found in the ldirectord documentation. Listing 4: The ldirectord.cf configuration file 1 l o g f i l e = l o c a l 0 2 c h e c k i n t e r v a l = 5 3 a u t o r e l o a d = yes 4 v i r t u a l = 1 2. 3. 4. 5 0 : 8 0 5 r e a l = 1 2. 3. 4. 1 0 0 : 8 0 gate 5 6 r e a l = 1 2. 3. 4. 1 0 1 : 8 0 gate 5 7 f a l l b a c k = 1 2 7. 0. 0. 1 : 8 0 gate 8 s c h e d u l e r = wrr 9 p r o t o c o l = tcp 10 checktype = 4 11 r e q u e s t = / s e r v e r s t a t u s 12 r e c e i v e = Apache Server Status 13 n e g o t i a t e t i m e o u t = 20 Create the ldirectord.cf file in /etc/ha.d/ or /etc/ha.d/conf/. Your distribution may already have a sample file in one of these directories if 4 http://www.vergenet.net/linux/ldirectord/download.shtml 6

not you can choose either location for the file. The line starting with the keyword virtual should have the VIP address of your service, along with the port your service runs on. The next two lines define the destination nodes. Use the RIP addresses of the nodes, these are the real servers. The gate keyword tells ldirectord to set up these servers in IPVS using direct routing, following the example started in part one of the article. The service will use weighted-round-robin ( wrr ) as the algorithm to balance traffic, and both nodes are given equal weights of five. Aside from the declaration of the service and the nodes that provide it, the check mechanism is specified. In this case checktype is set to 4. The numbered checktypes are actually a hybrid between the negotiate and connect checktypes. The service will be checked every five seconds (the checkinterval ) and, in this case, every fourth check will be negotiate. The intermediate checks will be of type connect. The interval between negotiate checks, four, corresponds to the number 4 we used for the checktype. The negotiate check will make an HTTP connection 5 to the service, while the connect checks just open and close a TCP connection. The HTTP connection here is configured to send the request URL /server-status and expect to receive back a page that contains the text Apache Server Status. If any of these checks fail, the node is removed from the pool of available servers. Lastly, the negotiatetimeout setting sets how long to wait for the HTTP response. Normally, you would not want to set this higher than the checkinterval (if you did and the service was near to the timeout limit, you would have multiple requests out at a time). However, the fact that only every fourth check will have this timeout allows negotiatetimeout to equal the product of checkinterval and checktype. If you encounter the situation where ldirectord only sees your service as being down when it appears up to you, make sure you can connect directly from the load balancer to the service on the RIP address. Also, if you are using HTTP to check the contents of one of your web pages, you may be hitting a problem with virtual hosts. Specifying the virtualhost parameter under the virtual service in ldirectord.cf will allow you to choose the correct virtual host. 6 5 The service to be used is auto-determined from the port number if possible. 6 For more reading on virtual hosts, see the Apache Virtual Host documentation at http://httpd.apache.org/docs/2.2/vhosts/. 7

4 Turning it on Before turning on Heartbeat, you will have to undo certain steps from the previous article. Running all the following steps together will provide the least downtime (if all goes well, it should be unnoticeable). First, the manually-configured IPVS service must be removed. This command clears any IPVS configuration: ipvsadm -C Next, the IP address for the VIP on the load balancer has to be brought down. Run the following command, substituting the VIP address for the keyword VIP: ip addr del VIP dev eth0 or, if using ifconfig: ifconfig eth0:1 down Without the manually-configured resources in the way, we can start Heartbeat. On most systems, this looks something like: /etc/init.d/heartbeat start If you were reading ahead before doing any of the three step, run the commands now. The second load balancer should not have any of the manual configurations, so just run the last command to start Heartbeat. Also, do not forget to add this service to a runlevel on both load balancers so that Heartbeat will start again after a reboot. There are several layers involved if you need to debug because something goes wrong. First, you can always check the log files to get an idea of where the error may be occurring. To check whether Heartbeat has added the VIP, run ip addr list or ifconfig on the primary load balancer. Also, run ipvsadm without any arguments to see whether or not the nodes have been added to IPVS. If the service shows up, but no nodes, then there was likely a problem with the ldirectord availability checks. If the service and nodes show up, then there is a routing problem to diagnose. The final test for your high-availability service is to test failover. Bring one of your destination nodes down. The node s weight will be set to zero in the IPVS table, meaning no requests will be passed to it. Then, try shutting down heartbeat on the primary load balancer. The IP address should be removed from that load balancer, and added to the backup load balancer. 8

In addition, ldirectord should add the entries for the service and destination nodes to IPVS. The next time you have an unforeseen problem with any node or even with the load balancer, you can be confident that your infrastructure is ready to work around the problem to continue providing an available service. This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License. http://creativecommons.org/licenses/by-sa/3.0/us/ 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information