LVS
m (→ldirectord: what happens when real server dies) |
(mucking around) |
||
| Line 1: | Line 1: | ||
| + | ==Hashar's setup proposal== | ||
| + | |||
This text is a '''DRAFT''', do not use it, base any work on it or anything else. | This text is a '''DRAFT''', do not use it, base any work on it or anything else. | ||
| Line 13: | Line 15: | ||
So bascily we handle everything on our side, no more dns load balancing. | So bascily we handle everything on our side, no more dns load balancing. | ||
| − | == Hearbeat == | + | === Hearbeat === |
Configuration file (/etc/heartbeat/ha.cf) sample in [[LVS/ha.cf|ha.cf]]. | Configuration file (/etc/heartbeat/ha.cf) sample in [[LVS/ha.cf|ha.cf]]. | ||
| Line 21: | Line 23: | ||
Squid failure is handled directly by [[LVS#ldirectord|ldirectord]]. | Squid failure is handled directly by [[LVS#ldirectord|ldirectord]]. | ||
| − | == ldirectord == | + | === ldirectord === |
Configuration file (/etc/ha.d/ldirectord.cf) sample in [[LVS/ldirectord.cf|ldirectord.cf]]. | Configuration file (/etc/ha.d/ldirectord.cf) sample in [[LVS/ldirectord.cf|ldirectord.cf]]. | ||
| Line 29: | Line 31: | ||
When one of the real server die, it will detect the failure automaticly and either gracefully discontinue it ( quiescent = yes) or remove it from the pool ( quiescent = no). If no more real server are available, a fallback can be set with an emergency page. | When one of the real server die, it will detect the failure automaticly and either gracefully discontinue it ( quiescent = yes) or remove it from the pool ( quiescent = no). If no more real server are available, a fallback can be set with an emergency page. | ||
| − | == ipvsadm == | + | === ipvsadm === |
ipvsadm is the tool to configure and check the virtual table. The table itself is set up by ldirectord so you probably do not want to mess things. | ipvsadm is the tool to configure and check the virtual table. The table itself is set up by ldirectord so you probably do not want to mess things. | ||
| − | == IP assignment == | + | === IP assignment === |
VIP 207.142.131.213 | VIP 207.142.131.213 | ||
LVS 192.168.0.1 | LVS 192.168.0.1 | ||
| Line 48: | Line 50: | ||
| − | == Network configuration == | + | === Network configuration === |
ldirector server(s) and squids need to be in the SAME broadcast network. They all share the VIP so the squids should not honour arp requests directed to the virtual VIP. | ldirector server(s) and squids need to be in the SAME broadcast network. They all share the VIP so the squids should not honour arp requests directed to the virtual VIP. | ||
| Line 70: | Line 72: | ||
The squid daemon is then set to listen on VIP (wich is on lo:0). | The squid daemon is then set to listen on VIP (wich is on lo:0). | ||
| + | |||
| + | ==Tim's mucking around== | ||
| + | |||
| + | I'm mucking around with LVS on dalembert, basically not knowing what I'm doing. It went something like this: | ||
| + | |||
| + | yum install ipvsadm | ||
| + | ipvsadm -C | ||
| + | ipvsadm -A -t 10.0.0.13:80 -s lc | ||
| + | for x in `</usr/local/dsh/node_groups/apaches`;do ipvsadm -a -t 10.0.0.13:80 -r $x; done | ||
| + | |||
| + | I also tried it in masquerading (NAT) mode. Neither worked. When I did "telnet dalembert 80" from friedrich, I just got silence, no connection established. The packets did show up in the stats: | ||
| + | |||
| + | <pre> | ||
| + | [root@dalembert ~]# ipvsadm -l --stats | ||
| + | IP Virtual Server version 1.2.1 (size=4096) | ||
| + | Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes | ||
| + | -> RemoteAddress:Port | ||
| + | TCP dalembert.pmtpa.wmnet:http 1 5 0 300 0 | ||
| + | -> srv50.pmtpa.wmnet:http 1 5 0 300 0 | ||
| + | </pre> | ||
| + | |||
| + | but no worky. Configuring it to listen on localhost instead of its external address got me even less joy: | ||
| + | |||
| + | <pre> | ||
| + | [0320][tstarling@friedrich:~]$ telnet dalembert 80 | ||
| + | Trying 10.0.0.13... | ||
| + | telnet: connect to address 10.0.0.13: Connection refused | ||
| + | telnet: Unable to connect to remote host: Connection refused | ||
| + | </pre> | ||
| + | |||
| + | Now I need a network guru to fix it for me. | ||
Revision as of 03:20, 12 October 2005
Contents |
Hashar's setup proposal
This text is a DRAFT, do not use it, base any work on it or anything else.
Needed:
Linux kernel 2.6.10+ (for IPVS patch) heartbeat ipvsadm keepalived ldirectord
We can use IP, 207.142.131.213 which is free. All clients will be sent on this IP which is assigned to a director box on a virtual interface (eth0:1). In case of failure (detected by heartbeat, the ip is switched on the other director box). That IP is know as the virtual ip (VIP).
So bascily we handle everything on our side, no more dns load balancing.
Hearbeat
Configuration file (/etc/heartbeat/ha.cf) sample in ha.cf.
We will use it on the two ldirector box, if the main one fail, the other one will detect the failure and takeover the IP address automaticly. It is probably much better than the actual way of doing things: manually reassigning ip between squids.
Squid failure is handled directly by ldirectord.
ldirectord
Configuration file (/etc/ha.d/ldirectord.cf) sample in ldirectord.cf.
ldirectord is a daemon to that will set up LVS for you, much better to edit the configuration file than editing the table with ipvsadm :o)
When one of the real server die, it will detect the failure automaticly and either gracefully discontinue it ( quiescent = yes) or remove it from the pool ( quiescent = no). If no more real server are available, a fallback can be set with an emergency page.
ipvsadm
ipvsadm is the tool to configure and check the virtual table. The table itself is set up by ldirectord so you probably do not want to mess things.
IP assignment
VIP 207.142.131.213 LVS 192.168.0.1 LVS_back 192.168.0.2
# squids will 10.0.0.243 browne 10.0.0.229 srv10 10.0.0.194 srv9 10.0.0.195 srv8 10.0.0.196 srv7 10.0.0.197 srv6 10.0.0.198
Network configuration
ldirector server(s) and squids need to be in the SAME broadcast network. They all share the VIP so the squids should not honour arp requests directed to the virtual VIP.
The only server that should answer on the VIP is the ldirector box, so you have to stop squids from answering arp requests that does not match their real ip. This is done by editing /etc/sysctl.conf:
net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2
Now add VIP on the squid loopback:
/sbin/ip addr add 207.142.131.213/32 dev lo brd + scope host
Eventually apply /etc/sysctl changes:
echo '2' > /proc/sys/net/ipv4/conf/lo/arp_announce echo '1' > /proc/sys/net/ipv4/conf/lo/arp_ignore
scope host directive makes the address only valid on this host.
The squid daemon is then set to listen on VIP (wich is on lo:0).
Tim's mucking around
I'm mucking around with LVS on dalembert, basically not knowing what I'm doing. It went something like this:
yum install ipvsadm ipvsadm -C ipvsadm -A -t 10.0.0.13:80 -s lc for x in `</usr/local/dsh/node_groups/apaches`;do ipvsadm -a -t 10.0.0.13:80 -r $x; done
I also tried it in masquerading (NAT) mode. Neither worked. When I did "telnet dalembert 80" from friedrich, I just got silence, no connection established. The packets did show up in the stats:
[root@dalembert ~]# ipvsadm -l --stats IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes -> RemoteAddress:Port TCP dalembert.pmtpa.wmnet:http 1 5 0 300 0 -> srv50.pmtpa.wmnet:http 1 5 0 300 0
but no worky. Configuring it to listen on localhost instead of its external address got me even less joy:
[0320][tstarling@friedrich:~]$ telnet dalembert 80 Trying 10.0.0.13... telnet: connect to address 10.0.0.13: Connection refused telnet: Unable to connect to remote host: Connection refused
Now I need a network guru to fix it for me.
