Setting up Keepalived

tested on slackware current (oct 2021)

Requirements

slackpkg install sysvinit-functions
ls -lF /etc/rc.d/init.d/functions
ls -lF /sbin/consoletype

slackpkg install iptables libnftnl libpcap dbus-1
slackpkg install nftables jansson

Installation

sbopkg -i keepalived
cat /etc/default/keepalived # no change required

we need a dedicated user for the check and notify scripts to run

grep ^keepalive /etc/group
grep ^keepalive /etc/passwd

groupadd --system keepalive
useradd --system -s /bin/bash -g keepalive -d /var/tmp --no-create-home keepalive
# -s /sbin/nologin

Basic failover IP

we’re being brutal as we want to keep the same configuration around the cluster. for that, we’re defining BACKUP as the initial state of the instance on all nodes, and with the lowest priority.

mv -i /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.dist
vi /etc/keepalived/keepalived.conf

global_defs {
        max_auto_priority -1
        notification_email {
                root@localhost
        }
        notification_email_from keepalive@DOMAIN.TLD
        checker_log_all_failures
        default_interface xenbr0
        enable_script_security
        script_user keepalive keepalive
}

vrrp_instance VRRP1 {
        state BACKUP
        interface xenbr0
        virtual_router_id 51
        priority 1
        advert_int 1
        virtual_ipaddress {
                10.0.0.209/24
        }
        # default route remains anyhow
    #virtual_routes {
    #   0.0.0.0/0 via x.x.x.x dev xenbr0
    #}
        notify "/var/tmp/notify.bash"
}

THTTPD / HAPROXY / whatever runs on every node

for the second and third use-cases we need to identify the nodes

#sbopkg -i thttpd
wget https://lab.nethence.com/slackpkgs/2021-10/thttpd-2.29-x86_64-1_SBo.tgz
installpkg --terse thttpd-2.29-x86_64-1_SBo.tgz
echo '<p>hello this is node1' > /var/www/thttpd/index.html
echo '<p>hello this is node2' > /var/www/thttpd/index.html
echo '<p>hello this is node3' > /var/www/thttpd/index.html

we’re enabling the check script only and we should avoid being contra-productive here, the restriction needs to be as light as possible, as with pidof.

vrrp_script checkacme {
        script "/sbin/pidof thttpd"
        #weight 50
        interval 1
        fall 2
        rise 1
}

vrrp_instance ACME {
        state BACKUP
        interface xenbr0
        virtual_router_id 51
        priority 1
        advert_int 1
        virtual_ipaddress {
                10.0.0.209/24
        }
        track_script {
                checkacme
        }
    notify "/var/tmp/notify.bash"
}

Highly-available outbound MTA

see postfix-relay-ha

Ready to go

check the configuration and populate across the cluster

slack1

keepalived -t
scp /etc/keepalived/keepalived.conf slack2:/etc/keepalived/
scp /etc/keepalived/keepalived.conf slack3:/etc/keepalived/
dsh -e -g xen /etc/rc.d/rc.keepalived reload

Maintenance

start

ls -lF /etc/rc.d/rc.keepalived # already enabled
/etc/rc.d/rc.keepalived start

and enable at boot-time

vi /etc/rc.d/rc.local

# self-verbose
sysctl -w net.ipv4.ip_nonlocal_bind=1
/etc/rc.d/rc.keepalived start

status

pgrep -a keepalived
ps auxfw | grep keepalived

reload

/etc/rc.d/rc.keepalived reload

restart (donno why restart itself doesn’t work)

/etc/rc.d/rc.keepalived stop
/etc/rc.d/rc.keepalived start

Additional notes

we use the overall notify script only to check about the various states, and prefer to use specific notify_state definitions instead.

vi /var/tmp/notify.bash

#!/bin/bash

echo `date` -- $HOSTNAME received $@ >> /var/tmp/keepalive.log

chmod +x /var/tmp/notify.bash

Resources

14.2 > Network > keepalived (2.2.2) https://slackbuilds.org/repository/14.2/network/keepalived/

keepalived.conf - configuration file for Keepalived https://www.keepalived.org/manpage.html

keepalived.conf - configuration file for Keepalived https://fossies.org/linux/keepalived/doc/man/man5/keepalived.conf.5

guides

16.5 Installing and Configuring Keepalived https://docs.oracle.com/cd/E37670_01/E41138/html/section_ksr_psb_nr.html

16.5.1 About the Keepalived Configuration File https://docs.oracle.com/cd/E37670_01/E41138/html/section_wv3_hjn_pr.html

16.6 Configuring Simple Virtual IP Address Failover Using Keepalived https://docs.oracle.com/cd/E37670_01/E41138/html/section_uxg_lzh_nr.html

16.10 Making HAProxy Highly Available Using Keepalived https://docs.oracle.com/cd/E37670_01/E41138/html/section_sm3_svy_4r.html

Nginx and Keepalived https://warlord0blog.wordpress.com/2018/05/15/nginx-and-keepalived/

Keepalived and high availability: Advanced topics https://www.redhat.com/sysadmin/advanced-keepalived

Deploying Highly Available Virtual Interfaces With Keepalived https://prefetch.net/articles/linuxkeepalivedvrrp.html

ops

Keepalived and Virtual IP: The friends are not always helping! https://www.linkedin.com/pulse/keepalived-virtual-ip-friends-always-helping-angelo-giannattasio/

Setting up a Linux cluster with Keepalived: Basic configuration https://www.redhat.com/sysadmin/keepalived-basics

View Current State of Keepalived https://serverfault.com/questions/560024/view-current-state-of-keepalived

check & notify

16.11 About Keepalived Notification and Tracking Scripts https://docs.oracle.com/cd/E37670_01/E41138/html/section_hxz_zdw_pr.html

Keepalived Check and Notify Scripts https://tobru.ch/keepalived-check-and-notify-scripts/

Keepalived check and notify scripts https://wenchma.github.io/2017/04/19/keepalived-check-and-notify-scripts.html

nginx

Nginx and Keepalived https://warlord0blog.wordpress.com/2018/05/15/nginx-and-keepalived/

High Availability Support for NGINX Plus in On-Premises Deployments | NGINX Plus

High Availability Support for NGINX Plus in On-Premises Deployments https://docs.nginx.com/nginx/admin-guide/high-availability/ha-keepalived/

Active-Passive HA for NGINX Plus on AWS Using Elastic IP Addresses https://docs.nginx.com/nginx/deployment-guides/amazon-web-services/high-availability-keepalived/

aws-ha-elastic-ip/nginx-ha-notify https://github.com/nginxinc/aws-ha-elastic-ip/blob/master/nginx-ha-notify

Split-brain split brain problem (Keepalived) https://titanwolf.org/Network/Articles/Article?AID=abc85391-3972-4f2f-8a1a-a4817b4174ea

How to set up Keepalived for High Availability and Load Balancing https://www.marksei.com/howto-keepalived-high-availability-load-balancing/

troubles

Keepalived’s virtual_router_id - should it be unique per node? https://serverfault.com/questions/473058/keepaliveds-virtual-router-id-should-it-be-unique-per-node

keepalived: create keepalived_script system user/group #224 https://github.com/hap-wi/roxy-wi/issues/224

moar

Adoption https://wiki.nftables.org/wiki-nftables/index.php/Adoption

nftables support #924 https://github.com/acassen/keepalived/issues/924

netfilter

Re: nftable rule for VRRP traffic https://www.spinics.net/lists/netfilter/msg59869.html


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | NU | HTML5
Copyright © 2022 Pierre-Philipp Braun