High Availability with keepalived
- 3 minsINTRODUCTION
keepalived can be used to monitor services or systems and to automatically failover to a standby node if problems occur. High availability is achieved by the Virtual Redundancy Routing Protocol (VRRP). As a result, high availabilty can be maintained across your environment.
WHAT IS KEEPALIVED
keepalived is a system daemon in Linux systems that provides frameworks for both high availability and load balancing.
IMPORTANT TERMINOLOGY
- VIP — Virtual IP, a virtual IP address able to automatically switch between the servers in case of a failure.
- Master — a server the VIP is currently active on.
- Backup — a server the VIP will switch to in case of a Master failure.
- VRID — Virtual Router ID.
IMPORTANT CONCEPTS
- Basic operation algorithm: at fixed intervals, the Master server sends VRRP packets (heartbeats) to the specific multicasting address 224.0.0.18, and all slave server listen to this address.
- If a Backup Server does not receive any heartbeat packets, it starts the Master selection procedure.
In this example, I go through the process of configuring keepalived on 2 Red Hat CentOS boxes.
REQUIREMENTS
- Lab environronment & 2 running instances of CentOS 7 LVS.
DEPLOYMENT PROCESS OVERVIEW
- Install keepalived
- Configure Master Server keepalived.conf File
- Configure Backup Server keepalived.conf File
- Verify Configuration
TIME TO IMPLEMENT: 15 minutes
INSTALL KEEPALIVED
- First, run the following commands to make sure everything is up to date/upgraded.
- Run the following command to install keepalived
sudo yum -y update
sudo yum -y upgrade
sudo yum -y install keepalived
CONFIGURATION OVERVIEW
Note: in this example we are configuring 2 Linux Virtual Servers with keepalived. keepalived uses /etc/keepalived/keepalive.conf as its primary configuration file. In this file, we will need specifiy the following on each server:
- Router ID - unique identifier for the server.
- State - state of server (Master of Slave).
- Priority - what server has priority (highest is selected as Master)
- Authentication - type of authentication (PASS) and what password.
- VIP - Virtual IP Address.
CONFIGURE THE KEEPALIVED.CONF FILE [MASTER SERVER]
- Open the keepalive.conf file in vim on LVS1 by issuing the following command:
- In /etc/keepalived/keepalive.conf configuration file, you need to specify the following:
- Feel free to add additional configurations, as noted under global_defs. Save and close keepalive.conf file.
- Run the following commmands to start the daemon:
sudo vim /etc/keepalived/keepalive.conf
#MASTER SERVER global_defs { notification_email { andrew@haratine.net } notification_email_from andrew@haratine.net smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id main_server } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 nopreempt advert_int 1 authentication { auth_type PASS auth_pass passwordhere } virtual_ipaddress { # virtual IP address 10.10.10.10 } }
systemctl enable keepalived systemctl start keepalived
CONFIGURE THE KEEPALIVED.CONF FILE [BACKUP SERVER]
- Open the keepalive.conf file in vim on LVS1 by issuing the following command:
- In /etc/keepalived/keepalive.conf configuration file, you need to specify the following:
- Save and close keepalive.conf file.
- Run the following commmands to start the daemon:
sudo vim /etc/keepalived/keepalive.conf
#BACKUP SERVER global_defs { notification_email { andrew@haratine.net } notification_email_from andrew@haratine.net smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id backup_server } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 99 nopreempt advert_int 1 authentication { auth_type PASS auth_pass passwordhere } virtual_ipaddress { # virtual IP address 10.10.10.10 } }
systemctl enable keepalived systemctl start keepalived
VERIFY CONFIGURATIONS
- To test the configuration, run the following command on both machines:
sudo systemctl status keepalived
SUMMARY
- Minimal congiruation is needed to configure high availibility.
- Attention to detail is key: ensure the Backup server has a lower priority than the Master, the STATE is set appropriately, and the VIP is not being used by another DHCP host in your environment.
- To be sure, keepalived is a great option if you are considering high availability for your critical infrastructure.