Setting Up A High-Availability Load Balancer (With Failover and Session Support) With HAProxy/Heartbeat On Fedora 8 - Page 2

Want to support HowtoForge? Become a subscriber!
 
Submitted by o.meyer (Contact Author) (Forums) on Thu, 2008-02-28 18:20. ::

3 LB1 & LB2

3.1 Firewall Configuration

In order that HTTP & HTTPS connections can be forwarded to the web servers and the heartbeat daemons can communicate with each other you have to open the corresponding ports on both load balancers.

system-config-firewall-tui

Set HTTP & HTTPS as trusted service and insert the heartbeat-port (694 udp) into the section "Other Ports" as shown on the screenshot below. After that save the settings.

 

3.2 Needed Packages On Both Load Balancers

Install the needed packages via:

yum -y install haproxy heartbeat

 

3.3 HAProxy Configuration

cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg_orig
cat /dev/null > /etc/haproxy/haproxy.cfg
vi /etc/haproxy/haproxy.cfg

The content should look like this on both load balancers.

global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        #log loghost    local0 info
        maxconn 4096
        #debug
        #quiet
        user haproxy
        group haproxy
		
defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

listen webfarm 192.168.0.120:80
       mode http
       stats enable
       stats auth someuser:somepassword
       balance roundrobin
       cookie JSESSIONID prefix
       option httpclose
       option forwardfor
       option httpchk HEAD /check.txt HTTP/1.0
       server webA 192.168.0.112:80 cookie A check
       server webB 192.168.0.113:80 cookie B check

Note: If you want to know more about the available options to configure HAProxy, you should take a look at http://haproxy.1wt.eu/download/1.3/doc/haproxy-en.txt and http://haproxy.1wt.eu/download/1.2/doc/architecture.txt.

 

3.4 Heartbeat Configuration

3.4.1 On Both Load Balancers

Heartbeat will tell LB1 & LB2 that they should listen on the shared IP (192.168.0.120). First we have to allow HAProxy to bind to the shared IP.

vi /etc/sysctl.conf

Add the following lines to the file ...

# Allow HAProxy shared IP
net.ipv4.ip_nonlocal_bind = 1

... and run:

sysctl -p

Now we have to create three configuration files for heartbeat.

vi /etc/ha.d/authkeys

The content should look like this - replace %auth_password% with a password of your choice. The heartbeat daemons on the both load balancers will use this password to authenticate against each other (so it should be a very secure password).

auth 3
3 md5 %authpassword%

Change the rights so that only root is allowed to access the file.

chmod 600 /etc/ha.d/authkeys

vi /etc/ha.d/haresources

The content should look like this (on both load balancers!) - the first word is the output of

uname -n

on load balancer 1.

lb1.example.com 192.168.0.120

 

3.4.2 On Load Balancer 1 (LB1)

vi /etc/ha.d/ha.cf

The content should look like this - the last two lines contain the output of "uname -n" from both load balancers!:

#
#       keepalive: how many seconds between heartbeats
#
keepalive 2
#
#       deadtime: seconds-to-declare-host-dead
#
deadtime 10
#
#       What UDP port to use for udp or ppp-udp communication?
#
udpport        694
bcast  eth0
mcast eth0 225.0.0.1 694 1 0
ucast eth0 192.168.0.110
#       What interfaces to heartbeat over?
udp     eth0
#
#       Facility to use for syslog()/logger (alternative to log/debugfile)
#
logfacility     local0
#
#       Tell what machines are in the cluster
#       node    nodename ...    -- must match uname -n
node    lb1.example.com
node    lb2.example.com

 

3.4.3 On Load Balancer 2 (LB2)

vi /etc/ha.d/ha.cf

The content should look like this - the last two lines contain the output of "uname -n" from both load balancers!:

#
#       keepalive: how many seconds between heartbeats
#
keepalive 2
#
#       deadtime: seconds-to-declare-host-dead
#
deadtime 10
#
#       What UDP port to use for udp or ppp-udp communication?
#
udpport        694
bcast  eth0
mcast eth0 225.0.0.1 694 1 0
ucast eth0 192.168.0.111
#       What interfaces to heartbeat over?
udp     eth0
#
#       Facility to use for syslog()/logger (alternative to log/debugfile)
#
logfacility     local0
#
#       Tell what machines are in the cluster
#       node    nodename ...    -- must match uname -n
node    lb1.example.com
node    lb2.example.com

Afterwards start heartbeat on both load balancers.

/etc/init.d/heartbeat start

 

3.4.4 Check Heartbeat On LB1

If all went well, the output of ...

ip addr sh eth0

... should also contain the shared IP - it's the active load balancer.

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:02:ae:eb brd ff:ff:ff:ff:ff:ff
inet 192.168.0.110/24 brd 192.168.0.255 scope global eth0
inet 192.168.0.120/24 brd 192.168.0.255 scope global secondary eth0:0
inet6 fe80::20c:29ff:fe02:aeeb/64 scope link
valid_lft forever preferred_lft forever

 

3.4.5 Check Heartbeat On LB2

If all went well, the output of ...

ip addr sh eth0

... should not contain the shared IP as long as load balancer 1 is up - it's the passive load balancer.

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:e6:66:18 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.111/24 brd 192.168.0.255 scope global eth1
inet6 fe80::20c:29ff:fee6:6618/64 scope link
valid_lft forever preferred_lft forever

Now we can add HAProxy to autostart and start HAProxy on both load balancers.

chkconfig --level 3 haproxy on
/etc/init.d/haproxy start

 

4 Failover Test

4.1 Web Server

Shut down one of the both web servers and make a HTTP request to the shared IP 192.168.0.120 (or to any domain/hostname that is pointing to the shared IP) - you should get content from the remaining web server.

 

4.2 Load Balancer

Shut down the active load balancer (LB1) - the passive loadbalancer (LB2) should take over immediately. The output of ...

ip addr sh eth0

... on the second load balancer (LB) should now also contain the shared ip.

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:e6:66:18 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.111/24 brd 192.168.0.255 scope global eth1
inet 192.168.0.120/24 brd 192.168.0.255 scope global secondary eth1:0
inet6 fe80::20c:29ff:fee6:6618/64 scope link
valid_lft forever preferred_lft forever

When the first load balancer (LB1) is up again, it will take over the active role again.

 

5 HAProxy Statistics

HAProxy provides a webinterface for statistics. You can access it via http://192.168.0.120/haproxy?stats within your preferred browser. Log in with the data you configured in the HAProxy configuration file (in this example you can log in with the username "someuser" and the password "somepassword" (both without the quotes). If you don't want/need statistics, simply remove the lines that begin with "stats" within the HAProxy configuration file on both load balancers.

 

6 Links


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Mojah (not registered) on Wed, 2010-11-03 10:37.
It remains to be said, that if the HAProxy service would fail, there would be no automatic failover. Heartbeat only covers the OS aspect (as in: the server is entirely unreachable). If the server is available, but HAProxy is not started, there would be no failover.
Submitted by Willy Tarreau (not registered) on Thu, 2010-11-04 00:19.

One more reason to use keepalived instead of heartbeat for this specific purpose. It has the ability to check for the presence and responsiveness of the haproxy process and use that to weigh the priorities and choose which node to elect as the master. Also, the master-backup switching is seamless and extremely fast (only the IP address is enabled/disabled, no process is restarted). A failure is covered in just a few seconds. Heartbeat is for clusters, not for handling virtual addresses.