|
Joseph Mack NA3T wrote:
On Mon, 24 Sep 2007, Steve Wray wrote:
Perhaps it might pay to have a single page with just this most common
example and its associated config files?
Wonderful idea. Would you like to write one up?
Thats cool, its something that I've just gone into as a total newbie and
have just managed to figure out and get a working example of.
This week I have to set up a mysql server, NFS server, webservers with
load balancers and failover all from scratch but I'll submit my
currently working examples of config files and sometime try to get
something that reads like a howto in.
For now though, here are my config files. This is all Debian so the
*.interfaces files are what goes in /etc/network/interfaces on the
respective hosts. The *.cf and the haresources files go into /etc/ha.d/
There are 4 servers in this picture;
web1 and web2 are on 192.168.0.0/24 and simply run apache webservers.
Their default routes are a floating IP address on either of the directors.
Remember that the webservers must both serve a page which corresponds to
what the directors are looking for. See ldirectord.cf
web-lb1 and web-lb2 are the directors. They have two floating IP
addresses between them; one the VIP which is the IP address of the
virtual webserver and one being on the 192.168.0.0/24 network as a
default route for the real webservers.
The directors use heartbeat to check on one anothers status and switch
both the VIP and the gateway IP as required.
I think that these config files are about all that is required to
provide a working example, other than the fact that the network
interface config is Debian-ish (though it'll be about the same on Ubuntu
as well).
The iptables rules are needed in order to get the real webservers access
to the outside network. I'm not certain that they are required for the
web traffic to get out, perhaps the LVS system takes care of this, but
in my case they were pretty useless without proper masqueraded access to
the 'net.
The stock kernel in my distribution supports all of this with no need
for me to think about compiling a kernel.
The software packages which come with Debian Etch work fine so theres no
need to build these from source:
ipvsadm
iptables
ldirectord-2
I think thats about it.
When you get right down to it, it really is extremely simple and should
be explainable on a single page of A4 :)
web-lb1 \
ldirectord::ldirectord.cf \
LVSSyncDaemonSwap::master \
IPaddr2::10.10.0.15/16/eth0/10.10.255.255 \
IPaddr2::192.168.0.254/24/eth1
logfacility local0
bcast eth0
mcast eth0 225.0.0.1 694 1 0
auto_failback off
node web-lb1
node web-lb2
respawn hacluster /usr/lib/heartbeat/ipfail
apiauth ipfail gid=haclient uid=hacluster
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.0.4
netmask 255.255.255.0
gateway 192.168.0.254
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.0.3
netmask 255.255.255.0
gateway 192.168.0.254
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.10.0.14
netmask 255.255.0.0
broadcast 10.10.255.255
gateway 10.10.10.1
auto eth1
iface eth1 inet static
address 192.168.0.2
netmask 255.255.255.0
up iptables -t nat -A POSTROUTING -j MASQUERADE -s 192.168.0.0/24
down iptables -t nat -D POSTROUTING -j MASQUERADE -s 192.168.0.0/24
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.10.0.13
netmask 255.255.0.0
broadcast 10.10.255.255
gateway 10.10.10.1
auto eth1
iface eth1 inet static
address 192.168.0.1
netmask 255.255.255.0
up iptables -t nat -A POSTROUTING -j MASQUERADE -s 192.168.0.0/24
down iptables -t nat -D POSTROUTING -j MASQUERADE -s 192.168.0.0/24
checktimeout=10
checkinterval=2
autoreload=no
logfile="local0"
quiescent=yes
virtual=10.10.0.15:80
fallback=127.0.0.1:80 masq
real=192.168.0.4:80 masq
real=192.168.0.3:80 masq
service=http
request="ldirector.html"
receive="Test Page"
scheduler=rr
protocol=tcp
checktype=negotiate
| 