Hello list,
I've been doing some reading on LVS and HA, and was wondering if
people would mind giving me a sanity check on my plan?
We currently have 2 machines working as a
1/- firewall, proxy cache and ssl engine
2/- dynamic webpage generation and database
I need to expand the network to make it fully redundant, scalable
and expand its capacity.
My plan is to buy an additional 4 machines and arrange them as
pairs in 3 tiers.
Tier 1
------
runs firewall, proxy cache, ssl engine and LVS director. The machines
are connected with keepalived.
I use mod_proxy for the proxy cache, and will use this to forward
all non cached requests (ssl and non ssl) to a local port (say 8000).
This port is handled by LVS director, and load balances the 2
machines on tier 2.
Tier 2
------
2 real servers run the dynamic web page generation software and
nothing else. If a machine goes down then it seems to be easy to
remove that machine from the list of realservers. And we can add
more machines for times of predicted greater load.
Tier 3
------
2 machines connected with keepalived and running mysqld. They
will probably also be doing all the logging for the group, and
possibly allowing a diskless boot of the first 2 tier machines
(for easy maintenance).
I have some questions regarding this setup.
1/- what is recommended to keep 2 machine's filesystems in sync? This
is for the tier 3 database machines.
2/- I currently use NFS for exporting filesystems for logging
or serving static content, but I've never been happy with its
performance or reliability. Is there something else that people
use in a production environment?
3/- Is my idea for the 1st tier machines possible? I want to run
a proxy caching server because 70% of our throughput is images. I
don't want to have a cache on each of the real servers, so putting
it on the 1st tier machines seems like a good idea. I would just
use a rule like this for apache:
ProxyPass / local.safenet:8000
ProxyPassReverse / local.safenet:8000
And then use something like this for the LVS setup:
ipvsadm -A -t 1.2.3.4:8000 -s rr
ipvsadm -a -t 1.2.3.4:8000 -r 192.168.10.1:80 -m
ipvsadm -a -t 1.2.3.4:8000 -r 192.168.10.2:80 -m
Reasonable? Having said all that, maybe it would just be simpler to
run the whole proxy caching and ssl stuff on the real servers. I've
read some discussion on this in the docs (more related to hardware
ssl) and people seem to say you may as well run it on the real
servers for scalability.
4/- I'm in the UK and want to buy 1U rack machines from a supplier
who builds machines for running linux. Our current machines are
dell, but their linux support is so red hat centric that it is
not much use to me. Anyone got recommendations for good hardware
suppliers? Google isn't helping much!
Your comments are greatly appreciated!
Matt
--
If you want to bake an apple pie from scratch, you must first create
the Universe.
- Carl Sagan
|