|
Hi Victor,
Hi. I couldn't find keepalived mailinglist for general questions so I
thought maybe I could post here.
I am trying to set up keepalived failover on two directors. I am a bit
confused by the vocabulary in the VRRP section of the config.
1. Does each director in keepalived cluster need to have it's own config
file or can they share one file that is synced?
Have you red the UserGuide.pdf ? the last part explain the typical config
Each director run keepalived with the same configuration file. The only
difference reside in the VRRP instance. For example :
1. On director 1
vrrp_instance D1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type AH
auth_pass TEST
}
virtual_ipaddress {
10.0.0.110
}
}
vrrp_instance D2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type AH
auth_pass TEST
}
virtual_ipaddress {
10.0.0.111 <= IP must be different...
}
}
2. On director 2
vrrp_instance D1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type AH
auth_pass TEST
}
virtual_ipaddress {
10.0.0.110
}
}
vrrp_instance D2 {
state MASTER
interface eth0
virtual_router_id 52
priority 150
advert_int 1
authentication {
auth_type AH
auth_pass TEST
}
virtual_ipaddress {
10.0.0.111
}
}
=> Using this config you will have a active/active setup on your both
director on device eth0
=> You have 2 VRRP VIPs 10.0.0.110 & 10.0.0.111 that you will use for your
LVS VIP (virtual_server)
=> This a symetric configuration so you need one file on each director (not
1 file shared for 2 directors)
2. How would I set up an active/passive setup with two examples below? I
have two directors with one ethernet card in each. They loadbalance
10.0.0.110:80.
1. On director 1
vrrp_instance D1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type AH
auth_pass TEST
}
virtual_ipaddress {
10.0.0.110
}
}
2. On director 2
vrrp_instance D1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type AH
auth_pass TEST
}
virtual_ipaddress {
10.0.0.110
}
}
=> active/passive configuration
=> VRRP VIP is 10.0.0.110 usable as LVS VIP
Perhaps as a test, would be interesting to do an active/active setup
loadbalancing two addresses (.110 and 111, where one goes to first web group
and .111 to another, but making sure that each one covers the other one).
=> yes, my sample ... But I have to warn that synchronization instance must
be considered as beta version. But in a DR env you do not need this
functionnality (only for LVS NAT)
3. VRRP Section: Is virtual_ipaddress the VIP? or is it the DIP? How do I
assign the vrrp_instance to a specific Director? or is each director
supposed to have a sep file? I looked at the
http://keepalived.sourceforge.net/pdf/LVS-HA-using-VRRPv2.pdf but it seemed
to use two interfaces and to be honest, I didn't really grasp exactly what
was going on there.
Yes, you define your VRRP topology defining VRRP VIPs, those VIP can be
used to your LVS topology description. In your case you can define :
virtual_server 10.0.0.110 80 {
....
}
http://keepalived.sourceforge.net/pdf/UserGuide.pdf (the last page)
We have 4 VIP's, [192.168.1.10 -- 192.168.1.10.13]
.10 and .11 -> .10 (mapped using sync ?)
.12 and .13 -> .11 (mapped using sync ?)
Sync is used for NATed LVS : when you define VRRP instance on different
device interface. For example eth0 & eth1. the sync_instance garantee that
2 VRRP instance synchronized on a director stay in the same state. If
takeover on VRRP instance on eth0 the syn_instance defined on eth1 will
follow the takeover.
Why do we need .13? Also, that means the client is supposed to connect to
(.10,.11,.12,.13) ? How would this be done? Woul a domain have to be define
with DNS rr setup pointing to multiple IPs?
Yes this sample setup,
1. On eth0 : we define VI_1(.100.10 & .100.11) active on one director and
VI_3(.100.12 & .100.13) active on the other
2. On eth1 : we define VI_2(.200.10) active on one director and
VI_4(.200.11) active on the other
Then because we use NAT routing path for VI_1 & VI_2 must be preserved (the
same for VI_3 & VI_4), this is why we use sync_instance.
If VI_1 then VI_1 VIPs are taked over on other director, and according to
sync_instance algo, VI_2 will be taked oved on director too, that will own
the 4 VRRP VIPs...
No DNS rr, one VIP can be used for WWW, other for SMTP, other for SSL, ...
Ok, this is the data for question (2) What I want is to setup two directors,
one active one passive for a VIP 10.0.0.110:
DIP1: 10.0.0.249
DIP2: 10.0.0.250
VIP: 10.0.0.110
RIP1: 10.0.0.5
VIP interface is on eth0:110
DIP interface is on eth0
vrrp_instance D1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type AH
auth_pass TEST
}
virtual_ipaddress {
10.0.0.110
}
}
vrrp_instance D2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type AH
auth_pass TEST
}
virtual_ipaddress {
10.0.0.110
}
}
What I don't understand is where is the binding that D2 goes to Secondary
Director and D1 goes to Primary director? Or is that done by having multiple
config files: one for D1 and one for D2?
According to the VRRP state declaration => If VRRP instance is configured
as MASTER then the VRRP VIPs will be owned by this director (on the other
director the state must be BACKUP otherwise there will be an forced master
election).
(I am using the dr method)
virtual_server 10.0.10.110 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 10.0.0.5 80 {
weight 1
HTTP_GET {
url {
path /
digest 2psb62f60cf378tad80336a8c362596a
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
Best regards,
Alexandre
| 