Sunday, March 15, 2015

Synchronizing Multiple VIP Failover with Keepalived


Tepat setahun yang lalu, saya sempat menuangkan langkah-langkah bagaimana mengkonfigurasi 2 node HAProxy cluster secara active/passive dengan menggunakan Keepalived [1]. Konfigurasi tersebut dapat digunakan ketika HAProxy berada di belakang DMZ. Namun bagaimana jika HAProxy dan Keepalived berada di DMZ dan harus me-manage 2 VIP address? Misalnya pada kasus 1 public VIP address sebagai frontend IP address yang diakses oleh client dan 1 private VIP address yang diakses oleh aplikasi backend untuk komunikasi dengan database. Dalam konfigurasi ini, Keepalived harus mengatur failover kedua VIP secara bersamaan, dengan asumsi ketika salah satu VIP (public atau private) fail di node master, maka kedua VIP akan pindah ke node backup.

Gambar berikut ini menunjukkan topologi HAProxy sebagai load balancer di sisi public network.
HAProxy/Keepalived with Public VIP

Sedangkan gambar berikut menunjukkan topologi HAProxy ketika berperan sebagai load balancer di sisi private network.
HAProxy/Keepalived with Private VIP

Keepalived memiliki subblock configuration untuk kebutuhan ini, yaitu dengan menggunakan VRRP instance synchronization group subblock vrrp_sync_group [2][3].

Berikut adalah konfigurasi Keepalived yang digunakan di node master:
okky@hap01:~$ cat /etc/keepalived/keepalived.conf
vrrp_script chk_haproxy {
 script "killall -0 haproxy"
 interval 2
 weight 2
}

vrrp_sync_group VSG {
 group {
  VI_PUBLIC
  VI_PRIVATE
 }
}

vrrp_instance VI_PUBLIC {
 interface eth0
 state MASTER
 virtual_router_id 51
 priority 101
 virtual_ipaddress {
  100.100.100.100/24 brd 100.100.100.255 dev eth0
 }
 track_script {
  chk_haproxy
 }
}

vrrp_instance VI_PRIVATE {
 interface eth1
 state MASTER
 virtual_router_id 52
 priority 101
 virtual_ipaddress {
  192.168.1.100/24 brd 192.168.1.255 dev eth1
 }
 track_script {
  chk_haproxy
  }
}

Sedangkan konfigurasi di node backup adalah sebagai berikut:
okky@hap02:~$ cat /etc/keepalived/keepalived.conf
vrrp_script chk_haproxy {
 script "killall -0 haproxy"
 interval 2
 weight 2
}

vrrp_sync_group VSG {
 group {
  VI_PUBLIC
  VI_PRIVATE
 }
}

vrrp_instance VI_PUBLIC {
 interface eth0
 state BACKUP
 virtual_router_id 51
 priority 50
 virtual_ipaddress {
  100.100.100.100/24 brd 100.100.100.255 dev eth0
 }
 track_script {
  chk_haproxy
 }
}

vrrp_instance VI_PRIVATE {
 interface eth1
 state BACKUP
 virtual_router_id 52
 priority 50
 virtual_ipaddress {
  192.168.1.100/24 brd 192.168.1.255 dev eth1
 }
 track_script {
  chk_haproxy
 }
}

Restart service Keepalived di kedua node (master dan backup) setelah melakukan perubahan konfigurasi Keepalived tersebut. Output dari command ip addr show pada node master adalah seperti berikut:
okky@hap01:~$ ip addr show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: venet0:  mtu 1500 qdisc noop state DOWN
    link/void
3: eth0:  mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 00:18:51:47:76:40 brd ff:ff:ff:ff:ff:ff
    inet 100.100.100.101/24 brd 100.100.100.255 scope global eth0
    inet 100.100.100.100/24 brd 100.100.100.255 scope global secondary eth0
    inet6 fe80::218:51ff:fe47:7640/64 scope link tentative dadfailed
       valid_lft forever preferred_lft forever
4: eth1:  mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 00:18:51:a2:f0:65 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.101/24 brd 192.168.1.255 scope global eth1
    inet 192.168.1.100/24 brd 192.168.1.255 scope global secondary eth1
    inet6 fe80::218:51ff:fea2:f065/64 scope link tentative dadfailed
       valid_lft forever preferred_lft forever

Sedangkan output command tersebut pada node backup adalah:
okky@hap02:~$ ip addr show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: venet0:  mtu 1500 qdisc noop state DOWN
    link/void
3: eth0:  mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 00:18:51:54:c7:5f brd ff:ff:ff:ff:ff:ff
    inet 100.100.100.102/24 brd 100.100.100.255 scope global eth0
    inet6 fe80::218:51ff:fe54:c75f/64 scope link tentative dadfailed
       valid_lft forever preferred_lft forever
4: eth1:  mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 00:18:51:49:a2:f1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.102/24 brd 192.168.1.255 scope global eth1
    inet6 fe80::218:51ff:fe49:a2f1/64 scope link tentative dadfailed
       valid_lft forever preferred_lft forever

Selamat mencoba! :)

[1] Active Passive HAProxy with Keepalived
[2] LVS NAT + Keepalived HOWTO
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)