Setting up a failover between two webservers using Keepalived

Introduction:

Floating IP addresses are an important part of setting up a High Availability (HA) infrastructure, as the name already suggests its advantage is that it can be re-assigned to different servers in case of a failover.

 

Pre-requisites:

For this tutorial we'll need the following software:

- Keepalived's latest package. You can download the latest package from http://www.keepalived.org/download.html
- Two servers with IP's in the same network range, running CentOS or AlmaLinux.
- IPv4 failover address (Instructions on how to obtain such an address can be found on https://support.tilaa.com/hc/en-us/articles/228650467

- Asynchronous routing should then be enabled by adding the following to /etc/sysctl.conf :

 net.ipv4.conf.default.rp_filter = 0 
net.ipv4.conf.all.rp_filter = 0

 

Installation

Step 1. Download & Install Keepalived

The most convenient and easiest solution is to install Keepalived using the package manager. To do so please run the following command:

yum install keepalived

Alternatively, you can install it from source using the instructions below:

yum install gcc kernel-headers openssl-devel 
wget http://www.keepalived.org/software/keepalived-1.2.22.tar.gz
tar -zxvf keepalived-1.2.22.tar.gz
cd keepalived-1.2.22
./configure --prefix=/; make; make install
chkconfig keepalived on

 

Step 2. Configure Keepalived

Keepalived saves its configuration file in: /etc/keepalived/keepalived.conf You can use the below example configuration on webserver1 (MASTER):

vrrp_script chk_httpd { 
  script "pidof httpd" 
  interval  2  
  } 
  vrrp_instance VI_1 {
    # The interface keepalived will manage 
   interface eth0  
   state MASTER  
   # How often to send out VRRP advertisements 
   advert_int 2  
    # The virtual router id number to assign the routers to 
   virtual_router_id   51  
    # The priority to assign to this device. This controls  
    # who will become the MASTER and BACKUP for a given  
    # VRRP instance (a lower number get's less priority)  
   priority   100  
  authentication { 
  auth_type  PASS  
  auth_pass  SimplePassword  
  } 
  unicast_src_ip  primary_ip_of_web1  
  unicast_peer {  primary_ip_of_web2  
  } track_script { 
   chk_httpd  
  }  # The virtual IP addresses to float between nodes.  
  virtual_ipaddress {  failover_ipv4_address  } }

The following configuration should be placed on webserver2 ( BACKUP ):

vrrp_script chk_httpd {
script "pidof httpd"
interval 2
}

vrrp_instance VI_1 {
# The interface keepalived will manage
interface eth0
state BACKUP
# How often to send out VRRP advertisements
advert_int 2
# The virtual router id number to assign the routers to
virtual_router_id 51
# The priority to assign to this device. This controls
# who will become the MASTER and BACKUP for a given
# VRRP instance (a lower number get's less priority).
priority 50
authentication {
auth_type PASS
auth_pass SimplePassword
}
unicast_src_ip primary_ip_of_web2
unicast_peer {
primary_ip_of_web1
}
track_script {
chk_httpd
}
# The virtual IP addresses to float between nodes.
virtual_ipaddress {
failover_ipv4_address
}
}

Verify your setup!

To verify your setup is working we can check the following:

- Use tcpdump to verify if VRRP traffic is exchanged between the two nodes.
- Check your server logs
- Verify if the VIP is assigned to your network interface
- Firewall exceptions

 

1. Using tcpdump to check for VRRP traffic:

If you've followed this tutorial then you can use the following command in order to verify if VRRP packets are being exchanged:

sudo tcpdump -n -v -i eth0 vrrp

 

2. Inspect the server logs:

Try starting keepalived with the -d flag, this will dump your configuration to your server log. It won't report errors but you'll get a clear overview of the setup. In addition during a failover you'll notice that the backup host will accept it's new MASTER state, these messages are typically found in

/var/log/messages.

 

3. Verify if the VIP is assigned correctly:

You can use the following command in order to verify if the failover IP has been assigned correctly:

ip a s dev eth0 

You should see the failover IP mentioned in the output.

 

4. Firewall exceptions:

VRRP uses protocol number 112, so make sure ingoing/outbound traffic is allowed. For IPTables you can use the rules mentioned below, alternatively, you may specify a source and destination address using the -s and -d flags respectively:

iptables -I INPUT -p vrrp -j ACCEPT
iptables -I OUTPUT -p vrrp -j ACCEPT

 

 

Tips & Tricks / References:

Obviously, the above-mentioned configuration is just a basic example but it offers a basic starting point to go from. Keepalived offers a lot of additional information and instructions making it very flexible in its use. I strongly encourage to keep reading more documentation, there're several sources available:

http://www.keepalived.org/documentation.html <-- Documentation is deprecated but can still be quite useful.
https://github.com/acassen/keepalived <- Github repository

 

 

 

 

 

 

 

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section

See more