Install Keepalived
Run this command on both load balance servers:
Code:
sudo apt install keepalived
Master Load Balancer Firewall Rules
Edit the firewall script that was created during the initial setup of the server (if you followed my instructions):
Code:
vi /var/scripts/prod/en-firewall.sh
Add (or enable) the following:
NOTE: If you have more than 1 backup load balancer (VRRP Router), be sure to add their IP addresses as well.
Code:
echo "Adding Database Server rules"
ufw allow proto tcp to any port 3306 comment 'MariaDB' 1>/dev/null 2>&1
echo "Adding VRRP rules"
ufw allow to 224.0.0.18 comment 'VRRP Broadcast' 1>/dev/null 2>&1
ufw allow from 192.168.107.165 comment 'VRRP Router' 1>/dev/null 2>&1
Run the updated rules:
Code:
/var/scripts/prod/en-firewall.sh
Slave Load Balancer Firewall Rules
Code:
vi /var/scripts/prod/en-firewall.sh
Add the following:
Code:
echo "Adding Database Server rules"
ufw allow proto tcp to any port 3306 comment 'MariaDB' 1>/dev/null 2>&1
echo "Adding VRRP rules"
ufw allow to 224.0.0.18 comment 'VRRP Broadcast' 1>/dev/null 2>&1
ufw allow from 192.168.107.164 comment 'VRRP Router' 1>/dev/null 2>&1
Run the updated rules:
Code:
/var/scripts/prod/en-firewall.sh
Master Keepalive Config
On the master server (srv-lbdb1), create the keepalive configuration file:
Code:
sudo touch /etc/keepalived/keepalived.conf
sudo chown root:root /etc/keepalived/keepalived.conf
sudo chmod 600 /etc/keepalived/keepalived.conf
Edit the configuration file:
Code:
sudo vi /etc/keepalived/keepalived.conf
Add the following to the file (substituting for your own values):
Code:
global_defs {
notification_email {
my_email@mydomain.com
}
notification_email_from keepalived@mydomain.com
smtp_server 192.168.107.25
smtp_connect_timeout 30
}
vrrp_script chk_haproxy {
script "/usr/bin/killall -0 haproxy"
interval 1 # check every second
weight 2 # add 2 points of priority if OK
}
vrrp_instance VI_1 {
interface ens32
state MASTER
smtp_alert
virtual_router_id 51 # Should be same on all LBs
priority 101 # 101 on master, 100 on slaves
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.107.166
}
track_script {
chk_haproxy
}
}
Restart the service:
Code:
sudo systemctl restart keepalived
Slave Keepalive Config
On the slave server (srv-lbdb2), create the keepalive configuration file:
Code:
sudo touch /etc/keepalived/keepalived.conf
sudo chown root:root /etc/keepalived/keepalived.conf
sudo chmod 600 /etc/keepalived/keepalived.conf
Edit the configuration file:
Code:
sudo vi /etc/keepalived/keepalived.conf
Add the following to the file (substituting for your own values):
Code:
global_defs {
notification_email {
my_email@mydomain.com
}
notification_email_from keepalived@mydomain.com
smtp_server 192.168.107.25
smtp_connect_timeout 30
}
vrrp_script chk_haproxy {
script "/usr/bin/killall -0 haproxy"
interval 1 # check every second
weight 2 # add 2 points of priority if OK
}
vrrp_instance VI_1 {
interface ens32
state MASTER
smtp_alert
virtual_router_id 51 # Should be same on all LBs
priority 100 # 101 on master, 100 on slaves
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.107.166
}
track_script {
chk_haproxy
}
}
Restart the service:
Code:
sudo systemctl restart keepalived
Test Keepalived
You should be able to ping the virtual IP address at this point. If you reboot srv-lb1 while continuously pinging the virtual IP, you should only see 1 or maybe 2 drops in the ping when the slave takes over for the master. When the master comes back, another 1 or 2 drops in the ping will occur again as the virtual IP moves back from the slave to the master.
This is what the master NIC should look like (while active):
Code:
# ip addr show ens32
Code:
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:50:56:bf:27:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.107.164/24 brd 192.168.107.255 scope global ens32
valid_lft forever preferred_lft forever
inet 192.168.107.166/32 scope global ens32
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:febf:27cc/64 scope link
valid_lft forever preferred_lft forever
This is what the slave NIC should look like (while inactive):
Code:
# ip addr show ens32
Code:
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:50:56:bf:6a:52 brd ff:ff:ff:ff:ff:ff
inet 192.168.107.165/24 brd 192.168.107.255 scope global ens32
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:febf:6a52/64 scope link
valid_lft forever preferred_lft forever
When the slave NIC is active with the virtual IP, you will see the virtual IP on it just like the master.
Bookmarks