The following is a set of instructions on setting up Keepalived service on CentOS7.
Assume network as below:
LB1:Loadbalancer 1:192.168.1.80
LB2:Loadbalancer 2:192.168.1.81
Vip1:Virtual IP:192.168.1.82
We want to use LB1 as the master LB, LB2 as standby. If LB1 fails, LB2 will take over as master. Whoever is the master will take over the Vip of 192.168.1.82.
To configure LB1:192.168.1.80, ssh into LB1:
[root@LB1 ~]# yum install keepalivedTo allow kernel binding non-local IP into the hosts and apply the changes:
[root@LB1 ~]# echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf [root@LB1 ~]# sysctl -p
[root@LB1 ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
admin1@domain.com
}
notification_email_from admin@local
smtp_server 192.168.1.99
smtp_connect_timeout 30
}
vrrp_script chk_curl {
script "/usr/bin/curl http://192.168.1.80"
interval 2
weight -4
timeout 5
fall 2
rise 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.82/32 dev eth0
}
track_script {
chk_curl
}
}
[root@LB1 ~]# service keepalived start
Next configure LB2:192.168.1.81, ssh into LB2:
[root@LB2 ~]# yum install keepalivedTo allow kernel binding non-local IP into the hosts and apply the changes:
[root@LB2 ~]# echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf [root@LB2 ~]# sysctl -p
[root@LB2 ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
admin1@domain.com
}
notification_email_from admin@local
smtp_server 192.168.1.99
smtp_connect_timeout 30
}
vrrp_script chk_curl {
script "/usr/bin/curl http://192.168.1.81"
interval 2
weight -4
timeout 5
fall 2
rise 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.82/32 dev eth0
}
track_script {
chk_curl
}
}
[root@LB2 ~]# service keepalived startchk_curl is a checking script, in above is to check if the httpd service is functioning. 192.168.1.80 is having higher piority(101),1.80 will be master while 1.81 will be backup. If the curl fails, eg httpd down, the vip(192.168.1.82) will swing to 192.168.1.81.
This custom checking script is useful, if you have other checking criteria, you script it in. Basically vrrp_script will check the return value of the script.(eg $? in bash)
Nice, but both boxes are coming up with the VIP :(
ReplyDeleteCheck that the multicast IP and protocol for VRRP are allowed in the firewall on both servers. For firewalld:
Delete# firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface eth0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
# firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --out-interface eth0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
# firewall-cmd --reload
It has an error
DeleteLB02 should be:
state SLAVE
in LB2,
ReplyDeleteShouldnt state BACKUP -- Instead of MASTER ?
It really doesn't matter. Keepalived conducts an election and the one with higher priority value becomes the MASTER .. In this case LB1 has a priority value of 101 and becomes MASTER . But i would strongly recommend configuring the BACKUP state correctly in the initial configuration, so that you get the benefits of PREEMPT and few other functionalities which depend on the state.
Delete