Keepalive Loadbalancer einrichten

Für CentOS 7

Diese Befehle auf beiden Loadbalancer Hosts ausführen (in diesem Beispiel keepalived-1.lan.local und keepalived-2.lan.local)

Packet Forwarding aktivieren

vi /etc/sysctl.d/local.conf
#
# ip_forward - BOOLEAN
#
# Forward Packets between interfaces.
#
# This variable is special, its change resets all configuration
# parameters to their default state (RFC1122 for hosts, RFC1812
# for routers)
net.ipv4.ip_forward = 1

#
# ip_nonlocal_bind - BOOLEAN
#
# If set, allows processes to bind() to non-local IP addresses,
# which can be quite useful - but may break some applications.
net.ipv4.ip_nonlocal_bind = 1

Firewall

vi /etc/sysconfig/iptables
-I INPUT -p vrrp -j ACCEPT
systemctl restart iptables

Keepalived

Keepalived installieren:

yum install keepalived ipvsadm

Beispiel Konfiguration:

vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
! keepalived-1.lan.local
 
#
# global options
#
global_defs {
	notification_email {
		support@lan.local
	}
	router_id LB_DMZ
}
 
#
# vrr and virtual ips
#
vrrp_instance VI_DMZ {
	state MASTER
	interface eth0
	virtual_router_id 20
	priority 150
	advert_int 1
	authentication {
		auth_type PASS
		auth_pass H6Rs_J
	}
	virtual_ipaddress {
		192.168.1.120
		192.168.1.90
	}
	notify /etc/keepalived/notify.sh
}
 
#
# virtual servers
#
 
# mail server
virtual_server 192.168.1.120 25 {
	delay_loop 10
	lb_algo rr
	lb_kind DR
	protocol TCP
 
	real_server 192.168.1.121 25 {
		weight 1
		SMTP_CHECK {
			connect_timeout 5
			retry 3
			delay_before_retry 5
			helo_name "keepalived-1.lan.local"
		}
	}
	real_server 192.168.1.122 25 {
		weight 1
		SMTP_CHECK {
			connect_timeout 5
			retry 3
			delay_before_retry 5
			helo_name "keepalived-1.lan.local"
		}
	}
}
 
# ftp server
virtual_server 192.168.1.90 21 {
	delay_loop 10
	lb_algo rr
	lb_kind DR
	persistence_timeout 600
	protocol TCP
 
	real_server 192.168.1.91 21 {
			weight 1
			TCP_CHECK {
			  connect_port 21
			  connect_timeout 5
			  nb_get_retry 3
			  delay_before_retry 3
			}
	}
 
	real_server 192.168.1.92 21 {
			weight 1
			TCP_CHECK {
			  connect_port 21
			  connect_timeout 5
			  nb_get_retry 3
			  delay_before_retry 3
			}
	}
}
 
# web server 
virtual_server 192.168.1.90 80 {
	delay_loop 10
	lb_algo rr
	lb_kind DR
	persistence_timeout 600
	protocol TCP
	sorry_server 192.168.1.18 80
 
	real_server 192.168.1.91 80 {
			weight 1
			HTTP_GET {
					url {
							path /hello.htm
							status_code 200
					}
			connect_timeout 5
			nb_get_retry 3
			delay_before_retry 3
			}
	}
 
	real_server 192.168.1.92 80 {
			weight 1
			HTTP_GET {
					url {
							path /hello.htm
							status_code 200
					}
			connect_timeout 5
			nb_get_retry 3
			delay_before_retry 3
			}
	}
}
 
# web server ssl
virtual_server 192.168.1.90 443 {
	delay_loop 10
	lb_algo rr
	lb_kind DR
	persistence_timeout 600
	protocol TCP
	sorry_server 192.168.1.18 443
 
	real_server 192.168.1.91 443 {
			weight 1
			SSL_GET {
					url {
							path /hello.htm
							status_code 200
					}
			connect_timeout 5
			nb_get_retry 3
			delay_before_retry 3
			}
	}
 
	real_server 192.168.1.92 443 {
			weight 1
			SSL_GET {
					url {
							path /hello.htm
							status_code 200
					}
			connect_timeout 5
			nb_get_retry 3
			delay_before_retry 3
			}
	}
}

Die Konfiguration ist fast identisch für beide Loadbalancer Hosts, Ausnahme ist die Option priority, diese Option steuert wer der Master sein soll, Host mit der höchsten Priorität ist der Master. Beispiel für keepalived-1.lan.local priority 150, keepalived-2.lan.local priority 100.

Notify Script erstellen:

vi /etc/keepalived/notify.sh
#!/bin/bash
 
echo $1 $2 is in $3 state > /var/run/keepalive.state
chmod +x /etc/keepalived/notify.sh
systemctl enable keepalived
systemctl start keepalived

IP Virtual Server Tabelle anzeigen:

ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.90:80 rr persistent 600
  -> 192.168.1.91:80             Route   1      1          1
  -> 192.168.1.92:80             Route   1      0          1
TCP  192.168.1.90:443 rr persistent 600
  -> 192.168.1.91:443            Route   1      7          5
  -> 192.168.1.92:443            Route   1      38         10

Sie haben weitere Fragen zu dieser Anleitung und möchten gerne mehr Informationen oder brauchen Unterstützung? Wir helfen Ihnen gerne, unsere Kontaktdaten finden Sie hier: https://df-informatik.ch/kontakt/