LucidTesting

Differences between revisions 13 and 58 (spanning 45 versions)
Revision 13 as of 2010-02-07 16:27:48
Size: 19857
Editor: iskon4466
Comment:
Revision 58 as of 2011-02-03 13:53:54
Size: 38532
Editor: 87
Comment: ocfs2 needs openais installed for CKPT service
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
For this tests you'll need couple of machines or KVMs with Ubuntu 10.04. I strongly suggest three or more of them.

Each test will be enumerated. Following this steps you shouldn't have problems. Note that each step is marked with [ALL] or [ONE]. If it's marked with [ALL], you should repeat it on each server in your cluster. If it's marked with [ONE], pick one server and do that step only on that server.
For these tests you'll need a couple of machines or KVMs with Ubuntu 10.04. I strongly suggest three or more of them.

Each test will be enumerated. Following these steps, you shouldn't have any problem. Note that each step is marked with [ALL] or [ONE]. If it's marked with [ALL], you should repeat it on each server in your cluster. If it's marked with [ONE], pick one server and do that step only on that server.
Line 19: Line 19:
deb http://ppa.launchpad.net/ubuntu-ha/ppa/ubuntu lucid main deb http://ppa.launchpad.net/ubuntu-ha/lucid-cluster/ubuntu lucid main
Line 40: Line 40:
In /etc/corosync/corosync.conf replace bindnetaddr (by defaults it's 127.0.0.1) with network address of your server, replacing last digit with 0. For example, if your IP is 192.168.1.101, then you would put 192.168.1.0. In /etc/corosync/corosync.conf, replace bindnetaddr (by default it is 127.0.0.1), with the network address of your server, replacing the last number by 0 to get the network address. For example, if your IP is 192.168.1.101, then you would put 192.168.1.0.
Line 61: Line 61:
In this example, I'll create failover for apache2 and vsftpd service. I'll also add two additional IPs and tie apache2 with one of them, while vsftpd will be grouped with another one. In this example, I'll create failover for the apache2 and vsftpd services. I'll also add two additional IPs and tie apache2 to one of them, while vsftpd will be grouped with another one.

''Note: Some shells like ZSH can cause committing the crm configure to fail, use an actual root login shell e.g. '''sudo su -l''' to do the following.''
Line 75: Line 78:
Add following lines bellow 'node' declarations. Replace X.X.X.X and X.X.X.Y with addresses that will fail over - do not put IPs of your servers there. Do not save and exit after adding this lines:
{{{
primitive apache2 lsb:apache2 op monitor interval="5s"
Add following lines bellow the 'node' declaration lines. Replace X.X.X.X and X.X.X.Y with addresses that will fail over - do not put the IP of your main server there. Do NOT save and exit after adding the following lines:
{{{
primitive apache2 ocf:heartbeat:apache2 params configfile="/etc/apache2/apache2.conf" httpd="/usr/sbin/apache2" op monitor interval="5s"
Line 86: Line 89:
Now that you've put some services into configuration, you should also define how many servers are needed for a quorum and what stonith devices will be used. For this test, we won't use stonith devices. Now that you've configured some services, you should also define how many servers are needed for a quorum and what stonith devices will be used. For this test, we won't use stonith devices.
Line 173: Line 176:
Line 185: Line 189:
colocation mnt_on_master inf: fs_drbd ms_drbd:Master
order mount_after_drbd inf: ms_drbd:promote fs_drbd:start
}}}

If you have extra nodes that shouldn't run drbd service, add the below and replace lucidclusterX with hostname of node that doesn't have drbd.
{{{
Line 187: Line 197:
colocation mnt_on_master inf: fs_drbd ms_drbd:Master
order mount_after_drbd inf: ms_drbd:promote fs_drbd:start
}}}
Replace lucidclusterX with hostname of node that doesn't have drbd. Save and fire up crm_mon. You should get something like this:
}}}

Save and fire up crm_mon. You should get something like this:
Line 205: Line 214:
     apache2 (lsb:apache2): Started lucidcluster2      apache2 (ocf:heartbeat:apache2): Started lucidcluster2
Line 218: Line 227:
== Pacemaker, drbd8 and OCFS8 == == Pacemaker, drbd8 and OCFS2 or GFS2 ==
Line 230: Line 239:
deb http://ppa.launchpad.net/ubuntu-ha/ppa/ubuntu lucid main deb http://ppa.launchpad.net/ubuntu-ha/lucid-cluster/ubuntu lucid main
Line 239: Line 248:
sudo apt-get install linux-headers-server
}}}

And then install these packages:

{{{
sudo apt-get install pacemaker pacemaker-dlm ocfs2-tools drbd8-utils
}}}
sudo apt-get install linux-headers-server psmisc
}}}

If you want OCFS2 install these packages:

{{{
sudo apt-get install pacemaker libdlm3-pacemaker ocfs2-tools drbd8-utils openais
}}}

If you want GFS2 install these packages:

{{{
sudo apt-get install pacemaker gfs2-pacemaker drbd8-utils
}}}

At this point I would suggest reboot, cause we need udevd to load new udev rule that was installed. I'm not that much familiar with udev, so I'm not sure how to tell it to read new rule. Reboot is always a sure thing :)
Line 251: Line 267:

Add file /etc/corosync/service.d/ckpt containing:

{{{
service {
        ver: 0
        name: openais_ckpt
}
}}}
Line 300: Line 307:

Create drbd resource:
{{{
sudo drbdadm create-md disk0
}}}
You should get:
{{{
Writing meta data...
initializing activity log
NOT initialized bitmap
New drbd meta data block successfully created.
success
}}}
Line 304: Line 325:
Pacemaker will handle starting and stoping drbd services, so remove its init script:
{{{
sudo update-rc.d -f drbd remove
}}}
Line 311: Line 336:
=== [ONE] 5. Add drbd, dlm and o2cb resources to pacemaker ===

You should arange your cib to look like this (by running {{{ sudo crm configure edit }}}):
=== [ONE] 5. Add drbd, dlm and o2cb (or gfs_controld) resources to pacemaker ===

For OCFS2 you should arange your cib to look like this (by running {{{ sudo crm configure edit }}}):
Line 339: Line 364:
 stonith-enabled="false" \
        no-quorum-policy="ignore"
}}}

For GFS2 you should arange your cib to look like this (by running {{{ sudo crm configure edit }}}):
{{{
node lucidcluster1
node lucidcluster2
primitive resDLM ocf:pacemaker:controld \
 op monitor interval="120s"
primitive resDRBD ocf:linbit:drbd \
 params drbd_resource="disk0" \
 operations $id="resDRBD-operations" \
 op monitor interval="20" role="Master" timeout="20" \
 op monitor interval="30" role="Slave" timeout="20"
primitive resGFSD ocf:pacemaker:controld \
 params daemon="gfs_controld.pcmk" args="" \
 op monitor interval="120s"
ms msDRBD resDRBD \
 meta resource-stickines="100" notify="true" master-max="2" interleave="true"
clone cloneDLM resDLM \
 meta globally-unique="false" interleave="true"
clone cloneGFSD resGFSD \
 meta globally-unique="false" interleave="true" target-role="Started"
colocation colDLMDRBD inf: cloneDLM msDRBD:Master
colocation colGFSDDLM inf: cloneGFSD cloneDLM
order ordDLMGFSD 0: cloneDLM cloneGFSD
order ordDRBDDLM 0: msDRBD:promote cloneDLM
property $id="cib-bootstrap-options" \
 dc-version="1.0.7-54d7869bfe3691eb723b1d47810e5585d8246b58" \
 cluster-infrastructure="openais" \
Line 343: Line 399:
Once you save it, {{{ sudo crm_mon }}} should show: Once you save it, {{{ sudo crm_mon }}} should show (OCFS2):
Line 363: Line 419:
If this is true, create ocfs2 filesystem on /dev/drbd/by-res/disk0: If this is true, create filesystem on /dev/drbd/by-res/disk0. For OCFS2:
Line 368: Line 424:
When filesystem is created, you need to add FS resource to pacemaker. Run {{{ sudo crm configure edit }}} and add: For GFS2:
{{{
sudo mkfs.gfs2 -p lock_dlm -j2 -t pcmk:pcmk /dev/drbd/by-res/disk0
}}}
When filesystem is created, you need to add FS resource to pacemaker. Run {{{ sudo crm configure edit }}} and for OCFS2 add:
Line 377: Line 437:
}}}
For GFS2 add:
{{{
primitive resFS ocf:heartbeat:Filesystem \
 params device="/dev/drbd/by-res/disk0" directory="/opt" fstype="gfs2" \
 op monitor interval="120s" \
 meta target-role="Started"
clone cloneFS resFS \
 meta interleave="true" ordered="true" target-role="Started"
colocation colFSGFSD inf: cloneFS cloneGFSD
order ordGFSDFS 0: cloneGFSD cloneFS
Line 433: Line 504:
||ivoks||Pacemaker, DRBD, GFS2||Passed||2 KVMs - no issues||
||ivoks||Pacemaker, DRBD, OCFS2||Passed||2 KVMs - no issues||
Line 435: Line 508:
||TREllis||Pacemaker, standalone||Passed||3 KVMs - no issues||
||TREllis||Pacemaker, with DRBD||Passed||3 KVMs - no issues||
||MarcRisse||Pacemaker, with DRBD, GFS2, Bonding||Passed||2 KVMs - no issues||
Line 609: Line 685:

= Load Balancing =
{{attachment:IconsPage/warning.png}} '''This guide is an early draft.'''

== Config Overview ==
For this tests you'll need at least 3 machines or KVMs with Ubuntu 10.04. We strongly suggest 4 or more. If you want to set up Load Balancing with a backup server for failover, you will need at least 4 machines (Detailed below).

If you follow this steps you shouldn't have problems. Note that each step is marked with [ALL-*] or [ONE-*]. If it's marked with [ALL], you should repeat it on each server in your cluster. If it's marked with [ONE], pick one server and do that step only on that server.

== Testing Environment ==

The testing environment will consist of 2 Load balance and 2 Web Servers (You can add more) using NAT.

The two Load Balancers have 2 interfaces, eth0 is going to be connected to the outside network and eth1 is going to be connected to the inside network. They will also use two Virtual IPs (VIP). The first VIP will be used for clients in the outside network to access the service (Web Service), and the second VIP will be used as the default gateway for the Web Servers. Each Web Server will need to be configured using as gateway the VIP for the Inside Network. Everything is detailed as follows:

 * Load Balancers):
   * Load Balancer 1
     * eth0: 192.168.1.254/24
     * eth1: 10.10.10.254/24
   * Load Balancer 2
     * eth0: 192.168.1.253/24
     * eth1: 10.10.10.253/24
   * VIPs:
     * VIP eth0: 192.168.1.100/24
     * VIP eth1: 10.10.10.1

 * Web Servers
   * Web Server 1:
     * eth0: 10.10.10.100/24
     * Gateway: 10.10.10.1
   * Web Server 2:
     * eth0: 10.10.10.20/24
     * Gateway: 10.10.10.1

Note that the Load Balancers are going to be configured in Active/Passive mode.

== IPVS Configuration ==

=== 1. [ALL-BALANCERS] Enabling IP Forwarding ===

Edit /etc/sysctl.conf and add/or uncomment the following:

{{{
net.ipv4.ip_forward=1
}}}

Then, enable it:

{{{
sudo sysctl -p
}}}

=== 2. [ALL-BALANCERS] Enabling IPVS Modules ===

First, lets install ipvsadm:
{{{
sudo apt-get install ipvsadm
}}}

Second, enter the root console by doing:
{{{
sudo -i
}}}

Then, do the following:

{{{
echo ip_vs_dh >> /etc/modules
echo ip_vs_ftp >> /etc/modules
echo ip_vs >> /etc/modules
echo ip_vs_lblc >> /etc/modules
echo ip_vs_lblcr >> /etc/modules
echo ip_vs_lc >> /etc/modules
echo ip_vs_nq >> /etc/modules
echo ip_vs_rr >> /etc/modules
echo ip_vs_sed >> /etc/modules
echo ip_vs_sh >> /etc/modules
echo ip_vs_wlc >> /etc/modules
echo ip_vs_wrr >> /etc/modules
}}}

Finally, enable the modules:

{{{
modprobe ip_vs_dh
modprobe ip_vs_ftp
modprobe ip_vs
modprobe ip_vs_lblc
modprobe ip_vs_lblcr
modprobe ip_vs_lc
modprobe ip_vs_nq
modprobe ip_vs_rr
modprobe ip_vs_sed
modprobe ip_vs_sh
modprobe ip_vs_wlc
modprobe ip_vs_wrr
}}}

== Load Balancing with Keepalived ==

=== 1. [ALL] Installing Keepalived ===

Before we begin, we need to install keepalived:

{{{
sudo apt-get install keepalived
}}}

=== 2. [ONE] Primary Load Balancer ===

Now that we have keepalived installed in our primary loadbalancer, we need to edit /etc/keepalived/keepalived.conf as follows:

{{{
global_defs {
   router_id UBUNTULVS1
}

vrrp_sync_group VG1 {
   group {
      VI_IP1
   }
}

vrrp_instance VI_IP1 {
    state MASTER
    interface eth0
    lvs_sync_daemon_interface eth0
    virtual_router_id 50
    priority 250
    authentication {
        auth_type PASS
        auth_pass password
    }
    virtual_ipaddress {
        192.168.1.100/24 dev eth0
        10.10.10.1/24 dev eth1
    }
    preempt_delay 300
}

virtual_server 192.168.1.100 80 {
    delay_loop 10
    lb_algo wrr
    lb_kind NAT
    nat_mask 255.255.255.0
    protocol TCP

    real_server 10.10.10.100 80 {
        weigth 1
        TCP_CHECK {
           connect_port 80
           connect_timeout 3
        }
    }

    real_server 10.10.10.110 80 {
        weight 1
        TCP_CHECK {
           connect_port 80
           connect_timeout 3
        }
    }
}
}}}

=== 3. [ONE] Backup Load Balancer ===

To have a backup Load Balancer for failover purposes, we need to copy the configuration above to the second Load Balancer and change the following:

 a. '''router_id''' to UBUNTULVS2
 a. '''state''' to BACKUP
 a. '''priority''' to 200

=== 4. [ALL] Setting up iptables ===

The following iptables should be entered:

{{{
iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE
}}}

== Load Balancing with Pacemaker/ldirectord ==

=== 1. [ALL] Install pacemaker/ipvsadm/ldirectord ===

{{{
sudo apt-get install pacemaker ipvsadm ldirectord
}}}

=== 2. [ALL] Enable Corosync ===

Edit /etc/default/corosync and enable corosync

{{{
START=yes
}}}

=== 3. [ONE] Generate corosync authkey ===

{{{
sudo corosync-keygen
}}}

(this can take a while if there's no enough entropy; download ubuntu iso image on the same machine while generating to speed it up or use keyboard to generate entropy)

'''NOTE:''' copy /etc/corosync/authkey to second Load Balancer (make sure it is owned by root:root and has 400 permissions).

=== 4. [ALL] Configure corosync ===

In /etc/corosync/corosync.conf replace bindnetaddr (by defaults it's 127.0.0.1) with network address of eth0 of the loadbalancer. It should end up like this:

{{{
[...]
bindnetaddr: 192.168.1.0
[...]
}}}

=== 5. [ALL] Start corosync ===

{{{
sudo /etc/init.d/corosync start
}}}

Now the cluster is configured. Wait a few seconds to verify that the two loadbalancers have synced.

=== 6. [ALL] Configure ldirectord ===

First, we are going to disable ldirectord's init scripts:

{{{
update-rc.d -f ldirectord remove
}}}

Now, we need to configure ldirectord for the Load Balancing to work. This is done in /etc/ha.d/ldirectord.cf. The file should be like the following:

{{{
checktimeout=10
checkinterval=2
autoreload=no
logfile="local0"
quiescent=yes

virtual=192.168.1.90:80
        real=10.10.10.100:80 masq
        real=10.10.10.110:80 masq
        fallback=127.0.0.1:80 gate
        service=http
        scheduler=rr
        protocol=tcp
        checktype=connect
}}}

=== 7. [ONE] Configure Pacemaker Resources ===

Once corosync and ldirectord are configured, we need to add the resources for the cluster. We do it as follows:
{{{
sudo crm configure edit
}}}
It you get empty file, close it and wait for couple of seconds (10-20) and try again. You should get something like this:
{{{
node lucidbalancer1
node lucidbalancer2
property $id="cib-bootstrap-options" \
        dc-version="1.0.6-fdba003eafa6af1b8d81b017aa535a949606ca0d" \
        cluster-infrastructure="openais" \
        expected-quorum-votes="2"
}}}
Add following lines bellow 'node' declarations. R

{{{
primitive ip1 ocf:heartbeat:IPaddr2 \
        params ip="192.168.1.90" nic="eth0" cidr_netmask="24" broadcast="192.168.1.255"
primitive ip2 ocf:heartbeat:IPaddr2 \
        params ip="10.10.10.1" nic="eth1" cidr_netmask="24" broadcast="10.10.10.255"
primitive ldirectord1 ocf:heartbeat:ldirectord \
        params configfile="/etc/ha.d/ldirectord.cf" \
        op monitor interval="15s" timeout="20s" \
        meta migration-threshold="10" target-role="Started"
group group1 ip1 ip2 ldirectord1
order ip_before_lvs inf: ip1:start ip2:start ldirectord1:start
}}}

Now that you've put some services into configuration, you should also define how many servers are needed for a quorum and what stonith devices will be used. For this test, we won't use stonith devices. Under property, we need to modify expected-quorum-votes and add the stonith-enabled property, so that it looks like this. Note that under expected-quorum-votes should be less or equal to N-1, but not 1 unless there are only two servers in cluster. In our case, since we only have two loadbalancers, it should be 1.
{{{
property $id="cib-bootstrap-options" \
 dc-version="1.0.6-fdba003eafa6af1b8d81b017aa535a949606ca0d" \
 cluster-infrastructure="openais" \
 stonith-enabled="false" \
 no-quorum-policy="ignore"
}}}
Save and quit.

=== [ALL] 8. Restarting ===

I recommend you restart both loadbalancers because in my own tests, the cluster was not bringing up ldirectord, and I had to restart the cluster nodes to be able to do that.

=== [ALL] 9. Set up iptables ===

In the loadbalancers set up iptables so that the outcoming request are also nated.
{{{
iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE
}}}

== Setting up all Real Servers (Web Servers) ==

Now that the Load Balancers are ready, we need to set up the real servers. For this we only install the web server of your preference. In my case, I'm using nginx:

{{{
sudo apt-get install nginx
}}}

Make sure the service is running.

== Tests ==
If you follow the step-by-step guide, you should have everything up and running correctly to be able to perform the following tests:

=== Test Keepalived ===

=== Test Pacemaker/ldirectord ===

==== Test 1: Load Balancing ====

The first test we are going to perform is to verify if Load Balancing is working.

'''STEP 1:'''[ALL] First, determine that IPVS is running by issuing:
{{{
sudo ipvsadm -L -n
}}}

The result should be as follows:

{{{
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.100:80 rr
  -> 10.10.10.100:80 Masq 1 0 0
  -> 10.10.10.110:80 Masq 1 0 0
}}}

'''STEP 2:'''[ALL] Now, determine that the MASTER (Specified in Keepalived configuration file) loadbalancer has the VIP's. Also verify that the BACKUP doesn't have VIP's
{{{
ip addr sh eth0 && ip addr sh eth1
}}}

The master server will have something similar to this:

{{{
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 54:52:00:5a:92:24 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.253/24 brd 192.168.1.255 scope global eth0
    inet 192.168.1.100/24 scope global secondary eth0
    inet6 fe80::5652:ff:fe5a:9224/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 54:52:00:5a:92:20 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.253/24 brd 10.10.10.255 scope global eth1
    inet 10.10.10.1/24 scope global secondary eth1
    inet6 fe80::5652:ff:fe5a:9220/64 scope link
       valid_lft forever preferred_lft forever
}}}

'''STEP 3:'''Now, use a web browser from a machine in the same network as the VIP=192.168.1.100 and see if the loadbalancing is working. To prove it it should open a web site. Once it is done, check IPVS status as follows:

{{{
sudo ipvsadm -L -n
}}}

The result should similar to:

{{{
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.100:80 rr
  -> 10.10.10.100:80 Masq 1 0 1
  -> 10.10.10.110:80 Masq 1 0 0
}}}

==== Test 2: Failover ====

Not, we need to test that in case of a failure in the Master loadbalancer, the second loadbalancer will take control of the service. To do this, please '''Force Off''' the Master Loadbalancer in KVM. Once this is done, repeat steps 1 to 3 for the BACKUP server.

==== Test 1: Load Balancing ====

The first test we are going to perform is to verify if Load Balancing is working.

'''STEP 1:'''[ALL] First, issue the following on both loadbalancers:

{{{
sudo crm status
}}}

And you should get something similar to the following:

{{{
============
Last updated: Fri Mar 12 16:11:09 2010
Stack: openais
Current DC: server1 - partition with quorum
Version: 1.0.7-0bf7d14dd5541b31f7dee605e5041bb44d78b336
2 Nodes configured, 1 expected votes
1 Resources configured.
============

Online: [ server2 server1 ]

 Resource Group: group1
     ip1 (ocf::heartbeat:IPaddr2): Started server2
     ip2 (ocf::heartbeat:IPaddr2): Started server2
     ldirectord1 (ocf::heartbeat:ldirectord): Started server2

}}}

'''STEP 2:'''[ALL] Now, determine which loadbalancer has the VIP's. To do this do the following on BOTH loadbalancers:

{{{
server2:~$ ip addr sh eth0 && ip addr sh eth1
}}}

The master server will have something similar to this:

{{{
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 54:52:00:5a:92:24 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.253/24 brd 192.168.1.255 scope global eth0
    inet 192.168.1.100/24 scope global secondary eth0
    inet6 fe80::5652:ff:fe5a:9224/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 54:52:00:5a:92:20 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.253/24 brd 10.10.10.255 scope global eth1
    inet 10.10.10.1/24 scope global secondary eth1
    inet6 fe80::5652:ff:fe5a:9220/64 scope link
       valid_lft forever preferred_lft forever
}}}

'''STEP 3:'''[ONE] Now, verify that ipvsadm is working by issuing the following in the Master load balancer:

{{{
sudo ipvsadm -L -n
}}}

The result should be as follows:

{{{
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.100:80 rr
  -> 10.10.10.100:80 Masq 1 0 0
  -> 10.10.10.110:80 Masq 1 0 0
}}}

'''STEP 4:'''Now, use a web browser from a machine in the same network as the VIP=192.168.1.100 and see if the loadbalancing is working. To prove it it should open a web site. Once it is done, check IPVS status as follows:

{{{
sudo ipvsadm -L -n
}}}

The result should similar to:

{{{
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.100:80 rr
  -> 10.10.10.100:80 Masq 1 0 1
  -> 10.10.10.110:80 Masq 1 0 0
}}}

==== Test 2: Failover ====

Not, we need to test that in case of a failure in the Master loadbalancer, the second loadbalancer will take control of the service. To do this, please '''Force Off''' the Master Loadbalancer in KVM. Once this is done, repeat steps 2 (Only on the remaining loadbalancer) to 4.

=== Test Results ===

||'''Name'''||''Test''||''Passed/Failed''||''Comments''||
||RoAkSoAx||Keepalived, balancing||Passed||4 KVMs - no issues||
||RoAkSoAx||Keepalived, failover/balancing||Passed||4 KVMs - no issues||
||RoAkSoAx||Pacemaker/ldirectord, balancing||Passed||4 KVMs - no issues||
||RoAkSoAx||Pacemaker/ldirectord, failover/balancing||Passed||4 KVMs - no issues||

= Comments/Questions/Recommendations/Proposed Fixes =

On 1.2 "Pacemaker, standalone": on section 7 I had to replace ocf:heartbeat:apache2 with ocf:heartbeat:apache on this line:

primitive apache2 ocf:heartbeat:apache2 params configfile="/etc/apache2/apache2.conf" httpd="/usr/sbin/apache2" op monitor interval="5s"

to make it work.

Test cases for cluster components in Ubuntu 10.04

Contents

Overview

For these tests you'll need a couple of machines or KVMs with Ubuntu 10.04. I strongly suggest three or more of them.

Each test will be enumerated. Following these steps, you shouldn't have any problem. Note that each step is marked with [ALL] or [ONE]. If it's marked with [ALL], you should repeat it on each server in your cluster. If it's marked with [ONE], pick one server and do that step only on that server.

Pacemaker, standalone

1. [ALL] Add testing PPA

Add this PPA to your /etc/apt/sources.list:

deb http://ppa.launchpad.net/ubuntu-ha/lucid-cluster/ubuntu lucid main

2. [ALL] install pacemaker

sudo apt-get install pacemaker

edit /etc/default/corosync and enable corosync (START=yes)

3. [ONE] generate corosync authkey

sudo corosync-keygen

(this can take a while if there's no enough entropy; download ubuntu iso image on the same machine while generating to speed it up or use keyboard to generate entropy)

copy /etc/corosync/authkey to all servers that will form this cluster (make sure it is owned by root:root and has 400 permissions).

4. [ALL] configure corosync

In /etc/corosync/corosync.conf, replace bindnetaddr (by default it is 127.0.0.1), with the network address of your server, replacing the last number by 0 to get the network address. For example, if your IP is 192.168.1.101, then you would put 192.168.1.0.

5. [ALL] start corosync

sudo /etc/init.d/corosync start

Now your cluster is configured and ready to monitor, stop and start your services on all your cluster servers.

6. [ALL] install services that will fail over between servers

In this example, I'm installing apache2 and vsftpd. You may install any other service...

sudo apt-get install apache2 vsftpd

Disable their init scripts:

update-rc.d -f apache2 remove
update-rc.d -f vsftpd remove

7. [ONE] add some services

In this example, I'll create failover for the apache2 and vsftpd services. I'll also add two additional IPs and tie apache2 to one of them, while vsftpd will be grouped with another one.

Note: Some shells like ZSH can cause committing the crm configure to fail, use an actual root login shell e.g. sudo su -l to do the following.

sudo crm configure edit

It you get empty file, close it and wait for couple of seconds (10-20) and try again. You should get something like this:

node lucidcluster1
node lucidcluster2
node lucidcluster3
property $id="cib-bootstrap-options" \
        dc-version="1.0.6-fdba003eafa6af1b8d81b017aa535a949606ca0d" \
        cluster-infrastructure="openais" \
        expected-quorum-votes="2"

Add following lines bellow the 'node' declaration lines. Replace X.X.X.X and X.X.X.Y with addresses that will fail over - do not put the IP of your main server there. Do NOT save and exit after adding the following lines:

primitive apache2 ocf:heartbeat:apache2 params configfile="/etc/apache2/apache2.conf" httpd="/usr/sbin/apache2" op monitor interval="5s"
primitive vsftpd lsb:vsftpd op monitor interval="5s"
primitive ip1 ocf:heartbeat:IPaddr2 params ip="X.X.X.X" nic="eth0"
primitive ip2 ocf:heartbeat:IPaddr2 params ip="X.X.X.Y" nic="eth0"
group group1 ip1 apache2
group group2 ip2 vsftpd
order apache_after_ip inf: ip1:start apache2:start
order vsftpd_after_ip inf: ip2:start vsftpd:start

Now that you've configured some services, you should also define how many servers are needed for a quorum and what stonith devices will be used. For this test, we won't use stonith devices.

Under property, add expected-quorum-votes and stonith-enabled, so that it looks like this (don't forget '\'!). Replace 'X' with number of servers needed for quorum (X should be less or equal to N-1, but not 1 unless there are only two servers in cluster, where N is number of servers):

property $id="cib-bootstrap-options" \
        dc-version="1.0.6-fdba003eafa6af1b8d81b017aa535a949606ca0d" \
        cluster-infrastructure="openais" \
        expected-quorum-votes="X" \
        stonith-enabled="false"

Save and quit.

8. [ALL] monitor and stress test

On each server start crm_mon (sudo crm_mon) and monitor how services are grouped and started. Then, one by one, reboot or shutdown servers, leaving at least on running.

First test with normal shutdown, then with pulling the AC plug (destroying domains in KVM).

In all this cases, once servers are up, they should be Online (monitor servers status in crm_mon) after some time. Services should migrate between them without problems.

Pacemaker with DRBD

You will need at least two servers. Each of those two servers must have one empty partition of the same size. All other servers can be part of the pacemaker cluster, but will not have drbd resources started on them.

1. Complete test with standalone Pacemaker

2. [ALL] Install DRBD and other needed tools

sudo apt-get install linux-headers-server psmisc
sudo apt-get install drbd8-utils

Since we will be using pacemaker for stoping and starting of drbd, remove it from runlevels:

sudo update-rc.d -f drbd remove

3. [ALL] Set up DRBD

Create /etc/drbd.d/disk0.res file, containing:

resource disk0 {
        protocol C;
        net {
                cram-hmac-alg sha1;
                shared-secret "lucid";
        }
        on lucidclusterX {
                device /dev/drbd0;
                disk /dev/sdXY;
                address X.X.X.X:7788;
                meta-disk internal;
        }
        on lucidclusterY {
                device /dev/drbd0;
                disk /dev/sdXY;
                address X.X.X.Y:7788;
                meta-disk internal;
        }
}

Make sure to replace lucidclusterX|Y with real hostnames of your two servers. Change X.X.X.X and X.X.X.Y to real IPs of those servers and sdXY to real partitions that will be used for drbd.

Once you saved that file, create resource:

sudo drbdadm create-md disk0

You should get:

Writing meta data...
initializing activity log
NOT initialized bitmap
New drbd meta data block successfully created.
success

Finally, start drbd:

sudo /etc/init.d/drbd start

sudo drbdadm status should return:

<resource minor="0" name="disk0" cs="Connected" ro1="Secondary" ro2="Secondary" ds1="Inconsistent" ds2="Inconsistent" />

4. [ONE] Create filesystem

One of your servers will act as primary server for start. You'll use it to create filesystem and force the other cluster to sync from it. On chosen server force it to be primary and create filesystem:

sudo drbdadm -- --overwrite-data-of-peer primary disk0
sudo mkfs.ext3 /dev/drbd/by-res/disk0

5. [ONE] DRBD+Pacemaker

Edit pacemaker configuration:

crm configure edit

and add:

primitive drbd_disk ocf:linbit:drbd \
        params drbd_resource="disk0" \
        op monitor interval="15s"
primitive fs_drbd ocf:heartbeat:Filesystem \
        params device="/dev/drbd/by-res/disk0" directory="/mnt" fstype="ext3"
ms ms_drbd drbd_disk \
        meta master-max="1" master-node-max="1" clone-max="2" clone-node-max="1" notify="true"
colocation mnt_on_master inf: fs_drbd ms_drbd:Master
order mount_after_drbd inf: ms_drbd:promote fs_drbd:start

If you have extra nodes that shouldn't run drbd service, add the below and replace lucidclusterX with hostname of node that doesn't have drbd.

location loc-1 fs_drbd -inf: lucidclusterX
location loc-2 drbd_disk -inf: lucidclusterX

Save and fire up crm_mon. You should get something like this:

============
Last updated: Wed Jan 13 18:03:12 2010
Stack: openais
Current DC: lucidcluster2 - partition with quorum
Version: 1.0.6-fdba003eafa6af1b8d81b017aa535a949606ca0d
3 Nodes configured, 2 expected votes
4 Resources configured.
============

Online: [ lucidcluster2 lucidcluster3 lucidcluster1 ]

 Resource Group: group1
     ip1        (ocf::heartbeat:IPaddr2):       Started lucidcluster2
     apache2    (ocf:heartbeat:apache2):  Started lucidcluster2
 Resource Group: group2
     ip2        (ocf::heartbeat:IPaddr2):       Started lucidcluster3
     vsftpd     (lsb:vsftpd):   Started lucidcluster3
 Master/Slave Set: ms_drbd
     Masters: [ lucidcluster2 ]
     Slaves: [ lucidcluster1 ]
fs_drbd (ocf::heartbeat:Filesystem):    Started lucidcluster2

6. [ALL] Testing

Wait for drbd disks to get synced and start rebooting/killing your nodes.

Pacemaker, drbd8 and OCFS2 or GFS2

This test case is based on example from upstream documentation:

http://clusterlabs.org/wiki/Dual_Primary_DRBD_%2B_OCFS2

[ALL] 1. Package installation

In this test, you need two machines, with up to date Ubuntu Lucid.

Add this PPA to your /etc/apt/sources.list and update package cache:

deb http://ppa.launchpad.net/ubuntu-ha/lucid-cluster/ubuntu lucid main

sudo apt-get update

Install kernel-headers (-server, -virtual or -generic flavor, depending on running kernel)

sudo apt-get install linux-headers-server psmisc

If you want OCFS2 install these packages:

sudo apt-get install pacemaker libdlm3-pacemaker ocfs2-tools drbd8-utils openais

If you want GFS2 install these packages:

sudo apt-get install pacemaker gfs2-pacemaker drbd8-utils

At this point I would suggest reboot, cause we need udevd to load new udev rule that was installed. I'm not that much familiar with udev, so I'm not sure how to tell it to read new rule. Reboot is always a sure thing Smile :)

[ALL] 2. Enable corosync

Edit /etc/corosync/corosync.conf, generate authkey and enable it in /etc/default/corosync. For instructions, look at 2), 3) and 4) in first test case (Pacemaker standalone).

Start corosync with

sudo service corosync start

[ALL] 3. Configure drbd

On both nodes create file /etc/drbd.d/disk0.res containing (replace 'X' and 'Y' with real values):

resource disk0 {
        protocol C;
        net {
                cram-hmac-alg sha1;
                shared-secret "lucid";
                allow-two-primaries;
        }
        startup {
                become-primary-on both;
        }
        on lucidclusterX {
                device /dev/drbd0;
                disk /dev/sdXY;
                address X.X.X.X:7788;
                meta-disk internal;
        }
        on lucidclusterY {
                device /dev/drbd0;
                disk /dev/sdXY;
                address X.X.X.Y:7788;
                meta-disk internal;
        }
}

Erase any existing filesystem on /dev/sdXY:

sudo dd if=/dev/zero of=/dev/sdXY

Create drbd resource:

sudo drbdadm create-md disk0

You should get:

Writing meta data...
initializing activity log
NOT initialized bitmap
New drbd meta data block successfully created.
success

Start drbd:

sudo service drbd start

Pacemaker will handle starting and stoping drbd services, so remove its init script:

sudo update-rc.d -f drbd remove

[ONE] 4. Initialize drbd disk

sudo drbdadm -- --overwrite-data-of-peer primary disk0

[ONE] 5. Add drbd, dlm and o2cb (or gfs_controld) resources to pacemaker

For OCFS2 you should arange your cib to look like this (by running  sudo crm configure edit ):

node lucidcluster1
node lucidcluster2
primitive resDLM ocf:pacemaker:controld \
        op monitor interval="120s"
primitive resDRBD ocf:linbit:drbd \
        params drbd_resource="disk0" \
        operations $id="resDRBD-operations" \
        op monitor interval="20" role="Master" timeout="20" \
        op monitor interval="30" role="Slave" timeout="20"
primitive resO2CB ocf:pacemaker:o2cb \
        op monitor interval="120s"
ms msDRBD resDRBD \
        meta resource-stickines="100" notify="true" master-max="2" interleave="true"
clone cloneDLM resDLM \
        meta globally-unique="false" interleave="true"
clone cloneO2CB resO2CB \
        meta globally-unique="false" interleave="true"
colocation colDLMDRBD inf: cloneDLM msDRBD:Master
colocation colO2CBDLM inf: cloneO2CB cloneDLM
order ordDLMO2CB 0: cloneDLM cloneO2CB
order ordDRBDDLM 0: msDRBD:promote cloneDLM
property $id="cib-bootstrap-options" \
        dc-version="1.0.7-54d7869bfe3691eb723b1d47810e5585d8246b58" \
        cluster-infrastructure="openais" \
        stonith-enabled="false" \
        no-quorum-policy="ignore"

For GFS2 you should arange your cib to look like this (by running  sudo crm configure edit ):

node lucidcluster1
node lucidcluster2
primitive resDLM ocf:pacemaker:controld \
        op monitor interval="120s"
primitive resDRBD ocf:linbit:drbd \
        params drbd_resource="disk0" \
        operations $id="resDRBD-operations" \
        op monitor interval="20" role="Master" timeout="20" \
        op monitor interval="30" role="Slave" timeout="20"
primitive resGFSD ocf:pacemaker:controld \
        params daemon="gfs_controld.pcmk" args="" \
        op monitor interval="120s"
ms msDRBD resDRBD \
        meta resource-stickines="100" notify="true" master-max="2" interleave="true"
clone cloneDLM resDLM \
        meta globally-unique="false" interleave="true"
clone cloneGFSD resGFSD \
        meta globally-unique="false" interleave="true" target-role="Started"
colocation colDLMDRBD inf: cloneDLM msDRBD:Master
colocation colGFSDDLM inf: cloneGFSD cloneDLM
order ordDLMGFSD 0: cloneDLM cloneGFSD
order ordDRBDDLM 0: msDRBD:promote cloneDLM
property $id="cib-bootstrap-options" \
        dc-version="1.0.7-54d7869bfe3691eb723b1d47810e5585d8246b58" \
        cluster-infrastructure="openais" \
        expected-quorum-votes="1" \
        stonith-enabled="false"

Once you save it,  sudo crm_mon  should show (OCFS2):

============
Last updated: Sun Feb  7 10:47:48 2010
Stack: openais
Current DC: lucidcluster2 - partition with quorum
Version: 1.0.7-54d7869bfe3691eb723b1d47810e5585d8246b58
2 Nodes configured, 1 expected votes
3 Resources configured.
============

Online: [ lucidcluster2 lucidcluster1 ]

 Master/Slave Set: msDRBD
     Masters: [ lucidcluster2 lucidcluster1 ]
 Clone Set: cloneDLM
     Started: [ lucidcluster2 lucidcluster1 ]
 Clone Set: cloneO2CB
     Started: [ lucidcluster2 lucidcluster1 ]

If this is true, create filesystem on /dev/drbd/by-res/disk0. For OCFS2:

sudo mkfs.ocfs2 /dev/drbd/by-res/disk0

It might need  -F  (force) switch. For GFS2:

sudo mkfs.gfs2 -p lock_dlm -j2 -t pcmk:pcmk /dev/drbd/by-res/disk0

When filesystem is created, you need to add FS resource to pacemaker. Run  sudo crm configure edit  and for OCFS2 add:

primitive resFS ocf:heartbeat:Filesystem \
        params device="/dev/drbd/by-res/disk0" directory="/opt" fstype="ocfs2" \
        op monitor interval="120s"
clone cloneFS resFS \
        meta interleave="true" ordered="true"
colocation colFSO2CB inf: cloneFS cloneO2CB
order ordO2CBFS 0: cloneO2CB cloneFS

For GFS2 add:

primitive resFS ocf:heartbeat:Filesystem \
        params device="/dev/drbd/by-res/disk0" directory="/opt" fstype="gfs2" \
        op monitor interval="120s" \
        meta target-role="Started"
clone cloneFS resFS \
        meta interleave="true" ordered="true" target-role="Started"
colocation colFSGFSD inf: cloneFS cloneGFSD
order ordGFSDFS 0: cloneGFSD cloneFS

When saved,  sudo crm_mon  should show that filesystem is mounted:

============
Last updated: Sun Feb  7 10:52:44 2010
Stack: openais
Current DC: lucidcluster2 - partition with quorum
Version: 1.0.7-54d7869bfe3691eb723b1d47810e5585d8246b58
2 Nodes configured, 1 expected votes
4 Resources configured.
============

Online: [ lucidcluster2 lucidcluster1 ]

 Master/Slave Set: msDRBD
     Masters: [ lucidcluster2 lucidcluster1 ]
 Clone Set: cloneDLM
     Started: [ lucidcluster2 lucidcluster1 ]
 Clone Set: cloneO2CB
     Started: [ lucidcluster2 lucidcluster1 ]
 Clone Set: cloneFS
     Started: [ lucidcluster2 lucidcluster1 ]

If you combine that with Pacemaker, standalone example, you can get something like this:

============
Last updated: Sun Feb  7 10:52:44 2010
Stack: openais
Current DC: lucidcluster2 - partition with quorum
Version: 1.0.7-54d7869bfe3691eb723b1d47810e5585d8246b58
2 Nodes configured, 1 expected votes
6 Resources configured.
============

Online: [ lucidcluster2 lucidcluster1 ]

 Master/Slave Set: msDRBD
     Masters: [ lucidcluster2 lucidcluster1 ]
 Clone Set: cloneDLM
     Started: [ lucidcluster2 lucidcluster1 ]
 Clone Set: cloneO2CB
     Started: [ lucidcluster2 lucidcluster1 ]
 Clone Set: cloneFS
     Started: [ lucidcluster2 lucidcluster1 ]
 Resource Group: group1
     ip1        (ocf::heartbeat:IPaddr2):       Started lucidcluster2
     apache2    (lsb:apache2):  Started lucidcluster2
 Resource Group: group2
     ip2        (ocf::heartbeat:IPaddr2):       Started lucidcluster1
     vsftpd     (lsb:vsftpd):   Started lucidcluster1

Test results

Name

Test

Passed/Failed

Comments

ivoks

Pacemaker, standalone

Passed

3 KVMs - no issues

ivoks

Pacemaker with DRBD

Passed

3 KVMs - no issues

ivoks

Pacemaker, DRBD, GFS2

Passed

2 KVMs - no issues

ivoks

Pacemaker, DRBD, OCFS2

Passed

2 KVMs - no issues

Omahn

Pacemaker, standalone

Passed

3 node/ESX - no issues

Omahn

Pacemaker with DRBD

Passed

2 node/ESX - no issues

TREllis

Pacemaker, standalone

Passed

3 KVMs - no issues

TREllis

Pacemaker, with DRBD

Passed

3 KVMs - no issues

MarcRisse

Pacemaker, with DRBD, GFS2, Bonding

Passed

2 KVMs - no issues

Questions

BONUS : RHCS Samba file server cluster

IconsPage/warning.png This guide is an early draft.

Overview

Create a fully functional 2 node cluster, offering an active/active samba file server on shared storage.

Testing environment

  • A standard x86_64 pc running libvirt and virt-manager
  • 2 kvm guests to act as 2 nodes
  • A shared raw virtio image to act as shared storage

Cluster components :

  • Redhat Cluster Suite 3.0.6
  • Cluster LVM
  • GFS2
  • Samba + CTDB

Network : 192.168.122.0/24, gateway : 192.168.122.1

  • node01 192.168.122.201
  • node02 192.168.122.202

Cluster Configuration Steps

  • [HOST] : Step to be done on the KVM host.
  • [ONE] : Steps to be done on only ONE node.

  • [ALL] : Steps to be done on all nodes.

[HOST] Setup the host

  • Create 2 kvm guests, I strongly suggest to use libvirt since it will provide a fencing method for the nodes.
  • Add a shared raw disk image with cache=off to mimic the shared storage
  • Install the 2 nodes with the latest lucid-server-iso

[ALL] Prepare the nodes

Assign a static ip and add it to both hosts files

Add the ubuntu-ha experimental ppa to the source list

deb http://ppa.launchpad.net/ubuntu-ha/ppa/ubuntu lucid main
deb-src http://ppa.launchpad.net/ubuntu-ha/ppa/ubuntu lucid main

# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B64F0AFA
# apt-get update

Install Redhat Cluster Suite

 # apt-get install redhat-cluster-suite

[ONE] Prepare the shared drive

Partition the shared storage, one small partition for the quorum disk (50MB) and the rest for the cluster lvm.

 # parted /dev/vdb mklabel msdos
 # parted /dev/vdb mkpart primary 0 50MB
 # parted /dev/vdb mkpart primary 50MB 100%
 # parted /dev/vdb set 2 lvm on

Create the quorum disk, the label (-l) will be used in the cluster configuration.

 # mkqdisk -l bar01 -c /dev/vdb1

[ALL]

Reread the partition table

 # partprobe

Copy the cluster config file : /etc/cluster/cluster.conf TODO: Detail the cluster config file.

<?xml version="1.0"?>
<cluster name="Foo01" config_version="1">

    <!-- 1 vote per node and 1 vote for the quorum disk,
         the shared storage is the tie-breaker -->
    <cman two_node="0" expected_votes="3"/>

    <!-- Configure the quorum disk -->
    <quorumd interval="1" tko="10" votes="1" label="bar01">
        <heuristic program="ping 192.168.122.1 -c1 -t1" score="1" interval="2" tko="3"/>
    </quorumd>

    <!-- Leave a grace period of 20 second for nodes to join -->
    <fence_daemon post_join_delay="20"/>

    <!-- Enable debug logging -->
    <logging debug="off"/>

    <!-- Nodes definition (node ids are mandatory and have to be below 16)-->
    <clusternodes>
        <clusternode name="node01" nodeid="1">
            <fence>
                <method name="virsh">
                    <device name="virsh" port="node01" action="reboot"/>
                </method>
            </fence>
        </clusternode>

        <clusternode name="node02" nodeid="2">
            <fence>
                <method name="virsh">
                    <device name="virsh" port="node02" action="reboot"/>
                </method>
            </fence>
        </clusternode>
    </clusternodes>

    <!-- Use libvirt virsh to fence nodes -->
    <fencedevices>
        <fencedevice name="virsh" agent="fence_virsh" ipaddr="192.168.122.1" login="root" passwd="xxxxx"/>
    </fencedevices>
</cluster>

Simultaneously start the base cluster service (cman) on both nodes, if you don't the other node will get fenced when the post join delay expires.

 # /etc/init.d/cman start

Once the cluster is quorate, start the secondary cluster services.

 # /etc/init.d/clvm start
 # /etc/init.d/rgmanager start

GFS Configuration Steps

Before starting this, you need a fully functionning quorate cluster.

[ONE] Prepare the cluster fs

Create the clustered volume group.

 # pvcreate /dev/vdb2
 # vgcreate vgcluster01 /dev/vdb2

Create a logical volume.

 # lvcreate vgcluster01 -l100%VG -n gfs01

Create the gfs2 filesystem.

 # mkfs.gfs2 -p lock_dlm -t Foo01:Gfs01 -j 3 /dev/mapper/vgcluster01-gfs01

[ALL]

Add the gfs filesystem to fstab.

 /dev/mapper/vgcluster01-gfs01   /mnt/gfs01      gfs2    defaults        0       0

Create the mountpoint.

 # mkdir /mnt/gfs01

Mount the filesystem.

 # /etc/init.d/gfs2-tools start

Both nodes should now be fully functional, stop them and start them simultaneously to see if the cluster get quorate. Currently plytmouth seems completely broken, so it's impossible to have the boot message to debug cluster initialization.

Samba Configuration Steps

Before starting this, you need a working clustered filesystem.

TODO: Samba + CTDB configuration.

Load Balancing

IconsPage/warning.png This guide is an early draft.

Config Overview

For this tests you'll need at least 3 machines or KVMs with Ubuntu 10.04. We strongly suggest 4 or more. If you want to set up Load Balancing with a backup server for failover, you will need at least 4 machines (Detailed below).

If you follow this steps you shouldn't have problems. Note that each step is marked with [ALL-*] or [ONE-*]. If it's marked with [ALL], you should repeat it on each server in your cluster. If it's marked with [ONE], pick one server and do that step only on that server.

Testing Environment

The testing environment will consist of 2 Load balance and 2 Web Servers (You can add more) using NAT.

The two Load Balancers have 2 interfaces, eth0 is going to be connected to the outside network and eth1 is going to be connected to the inside network. They will also use two Virtual IPs (VIP). The first VIP will be used for clients in the outside network to access the service (Web Service), and the second VIP will be used as the default gateway for the Web Servers. Each Web Server will need to be configured using as gateway the VIP for the Inside Network. Everything is detailed as follows:

  • Load Balancers):
    • Load Balancer 1
      • eth0: 192.168.1.254/24
      • eth1: 10.10.10.254/24
    • Load Balancer 2
      • eth0: 192.168.1.253/24
      • eth1: 10.10.10.253/24
    • VIPs:
      • VIP eth0: 192.168.1.100/24
      • VIP eth1: 10.10.10.1
  • Web Servers
    • Web Server 1:
      • eth0: 10.10.10.100/24
      • Gateway: 10.10.10.1
    • Web Server 2:
      • eth0: 10.10.10.20/24
      • Gateway: 10.10.10.1

Note that the Load Balancers are going to be configured in Active/Passive mode.

IPVS Configuration

1. [ALL-BALANCERS] Enabling IP Forwarding

Edit /etc/sysctl.conf and add/or uncomment the following:

net.ipv4.ip_forward=1

Then, enable it:

sudo sysctl -p

2. [ALL-BALANCERS] Enabling IPVS Modules

First, lets install ipvsadm:

sudo apt-get install ipvsadm

Second, enter the root console by doing:

sudo -i

Then, do the following:

echo ip_vs_dh >> /etc/modules
echo ip_vs_ftp >> /etc/modules
echo ip_vs >> /etc/modules
echo ip_vs_lblc >> /etc/modules
echo ip_vs_lblcr >> /etc/modules
echo ip_vs_lc >> /etc/modules
echo ip_vs_nq >> /etc/modules
echo ip_vs_rr >> /etc/modules
echo ip_vs_sed >> /etc/modules
echo ip_vs_sh >> /etc/modules
echo ip_vs_wlc >> /etc/modules
echo ip_vs_wrr >> /etc/modules

Finally, enable the modules:

modprobe ip_vs_dh
modprobe ip_vs_ftp
modprobe ip_vs
modprobe ip_vs_lblc
modprobe ip_vs_lblcr
modprobe ip_vs_lc
modprobe ip_vs_nq
modprobe ip_vs_rr
modprobe ip_vs_sed
modprobe ip_vs_sh
modprobe ip_vs_wlc
modprobe ip_vs_wrr

Load Balancing with Keepalived

1. [ALL] Installing Keepalived

Before we begin, we need to install keepalived:

sudo apt-get install keepalived

2. [ONE] Primary Load Balancer

Now that we have keepalived installed in our primary loadbalancer, we need to edit /etc/keepalived/keepalived.conf as follows:

global_defs {
   router_id UBUNTULVS1
}

vrrp_sync_group VG1 {
   group {
      VI_IP1
   }
}

vrrp_instance VI_IP1 {
    state MASTER
    interface eth0
    lvs_sync_daemon_interface eth0
    virtual_router_id 50
    priority 250
    authentication {
        auth_type PASS
        auth_pass password
    }
    virtual_ipaddress {
        192.168.1.100/24 dev eth0
        10.10.10.1/24 dev eth1
    }
    preempt_delay 300
}

virtual_server 192.168.1.100 80 {
    delay_loop 10
    lb_algo wrr
    lb_kind NAT
    nat_mask 255.255.255.0
    protocol TCP

    real_server 10.10.10.100 80 {
        weigth 1
        TCP_CHECK {
           connect_port 80
           connect_timeout 3
        }
    }

    real_server 10.10.10.110 80 {
        weight 1
        TCP_CHECK {
           connect_port 80
           connect_timeout 3
        }
    }
}

3. [ONE] Backup Load Balancer

To have a backup Load Balancer for failover purposes, we need to copy the configuration above to the second Load Balancer and change the following:

  1. router_id to UBUNTULVS2

  2. state to BACKUP

  3. priority to 200

4. [ALL] Setting up iptables

The following iptables should be entered:

iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE

Load Balancing with Pacemaker/ldirectord

1. [ALL] Install pacemaker/ipvsadm/ldirectord

sudo apt-get install pacemaker ipvsadm ldirectord

2. [ALL] Enable Corosync

Edit /etc/default/corosync and enable corosync

START=yes

3. [ONE] Generate corosync authkey

sudo corosync-keygen

(this can take a while if there's no enough entropy; download ubuntu iso image on the same machine while generating to speed it up or use keyboard to generate entropy)

NOTE: copy /etc/corosync/authkey to second Load Balancer (make sure it is owned by root:root and has 400 permissions).

4. [ALL] Configure corosync

In /etc/corosync/corosync.conf replace bindnetaddr (by defaults it's 127.0.0.1) with network address of eth0 of the loadbalancer. It should end up like this:

[...]
bindnetaddr: 192.168.1.0
[...]

5. [ALL] Start corosync

sudo /etc/init.d/corosync start

Now the cluster is configured. Wait a few seconds to verify that the two loadbalancers have synced.

6. [ALL] Configure ldirectord

First, we are going to disable ldirectord's init scripts:

update-rc.d -f ldirectord remove

Now, we need to configure ldirectord for the Load Balancing to work. This is done in /etc/ha.d/ldirectord.cf. The file should be like the following:

checktimeout=10
checkinterval=2
autoreload=no
logfile="local0"
quiescent=yes

virtual=192.168.1.90:80
        real=10.10.10.100:80 masq
        real=10.10.10.110:80 masq
        fallback=127.0.0.1:80 gate
        service=http
        scheduler=rr
        protocol=tcp
        checktype=connect

7. [ONE] Configure Pacemaker Resources

Once corosync and ldirectord are configured, we need to add the resources for the cluster. We do it as follows:

sudo crm configure edit

It you get empty file, close it and wait for couple of seconds (10-20) and try again. You should get something like this:

node lucidbalancer1
node lucidbalancer2
property $id="cib-bootstrap-options" \
        dc-version="1.0.6-fdba003eafa6af1b8d81b017aa535a949606ca0d" \
        cluster-infrastructure="openais" \
        expected-quorum-votes="2"

Add following lines bellow 'node' declarations. R

primitive ip1 ocf:heartbeat:IPaddr2 \
        params ip="192.168.1.90" nic="eth0" cidr_netmask="24" broadcast="192.168.1.255"
primitive ip2 ocf:heartbeat:IPaddr2 \
        params ip="10.10.10.1" nic="eth1" cidr_netmask="24" broadcast="10.10.10.255"
primitive ldirectord1 ocf:heartbeat:ldirectord \
        params configfile="/etc/ha.d/ldirectord.cf" \
        op monitor interval="15s" timeout="20s" \
        meta migration-threshold="10" target-role="Started"
group group1 ip1 ip2 ldirectord1
order ip_before_lvs inf: ip1:start ip2:start ldirectord1:start

Now that you've put some services into configuration, you should also define how many servers are needed for a quorum and what stonith devices will be used. For this test, we won't use stonith devices. Under property, we need to modify expected-quorum-votes and add the stonith-enabled property, so that it looks like this. Note that under expected-quorum-votes should be less or equal to N-1, but not 1 unless there are only two servers in cluster. In our case, since we only have two loadbalancers, it should be 1.

property $id="cib-bootstrap-options" \
        dc-version="1.0.6-fdba003eafa6af1b8d81b017aa535a949606ca0d" \
        cluster-infrastructure="openais" \
        stonith-enabled="false" \
        no-quorum-policy="ignore"

Save and quit.

[ALL] 8. Restarting

I recommend you restart both loadbalancers because in my own tests, the cluster was not bringing up ldirectord, and I had to restart the cluster nodes to be able to do that.

[ALL] 9. Set up iptables

In the loadbalancers set up iptables so that the outcoming request are also nated.

iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE

Setting up all Real Servers (Web Servers)

Now that the Load Balancers are ready, we need to set up the real servers. For this we only install the web server of your preference. In my case, I'm using nginx:

sudo apt-get install nginx

Make sure the service is running.

Tests

If you follow the step-by-step guide, you should have everything up and running correctly to be able to perform the following tests:

Test Keepalived

Test Pacemaker/ldirectord

Test 1: Load Balancing

The first test we are going to perform is to verify if Load Balancing is working.

STEP 1:[ALL] First, determine that IPVS is running by issuing:

sudo ipvsadm -L -n

The result should be as follows:

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.100:80 rr
  -> 10.10.10.100:80              Masq    1      0          0         
  -> 10.10.10.110:80              Masq    1      0          0

STEP 2:[ALL] Now, determine that the MASTER (Specified in Keepalived configuration file) loadbalancer has the VIP's. Also verify that the BACKUP doesn't have VIP's

ip addr sh eth0 && ip addr sh eth1

The master server will have something similar to this:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 54:52:00:5a:92:24 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.253/24 brd 192.168.1.255 scope global eth0
    inet 192.168.1.100/24 scope global secondary eth0
    inet6 fe80::5652:ff:fe5a:9224/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 54:52:00:5a:92:20 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.253/24 brd 10.10.10.255 scope global eth1
    inet 10.10.10.1/24 scope global secondary eth1
    inet6 fe80::5652:ff:fe5a:9220/64 scope link 
       valid_lft forever preferred_lft forever

STEP 3:Now, use a web browser from a machine in the same network as the VIP=192.168.1.100 and see if the loadbalancing is working. To prove it it should open a web site. Once it is done, check IPVS status as follows:

sudo ipvsadm -L -n

The result should similar to:

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.100:80 rr
  -> 10.10.10.100:80              Masq    1      0          1         
  -> 10.10.10.110:80              Masq    1      0          0

Test 2: Failover

Not, we need to test that in case of a failure in the Master loadbalancer, the second loadbalancer will take control of the service. To do this, please Force Off the Master Loadbalancer in KVM. Once this is done, repeat steps 1 to 3 for the BACKUP server.

Test 1: Load Balancing

The first test we are going to perform is to verify if Load Balancing is working.

STEP 1:[ALL] First, issue the following on both loadbalancers:

sudo crm status

And you should get something similar to the following:

============
Last updated: Fri Mar 12 16:11:09 2010
Stack: openais
Current DC: server1 - partition with quorum
Version: 1.0.7-0bf7d14dd5541b31f7dee605e5041bb44d78b336
2 Nodes configured, 1 expected votes
1 Resources configured.
============

Online: [ server2 server1 ]

 Resource Group: group1
     ip1        (ocf::heartbeat:IPaddr2):       Started server2
     ip2        (ocf::heartbeat:IPaddr2):       Started server2
     ldirectord1        (ocf::heartbeat:ldirectord):    Started server2

STEP 2:[ALL] Now, determine which loadbalancer has the VIP's. To do this do the following on BOTH loadbalancers:

server2:~$ ip addr sh eth0 && ip addr sh eth1

The master server will have something similar to this:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 54:52:00:5a:92:24 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.253/24 brd 192.168.1.255 scope global eth0
    inet 192.168.1.100/24 scope global secondary eth0
    inet6 fe80::5652:ff:fe5a:9224/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 54:52:00:5a:92:20 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.253/24 brd 10.10.10.255 scope global eth1
    inet 10.10.10.1/24 scope global secondary eth1
    inet6 fe80::5652:ff:fe5a:9220/64 scope link 
       valid_lft forever preferred_lft forever

STEP 3:[ONE] Now, verify that ipvsadm is working by issuing the following in the Master load balancer:

sudo ipvsadm -L -n

The result should be as follows:

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.100:80 rr
  -> 10.10.10.100:80              Masq    1      0          0         
  -> 10.10.10.110:80              Masq    1      0          0

STEP 4:Now, use a web browser from a machine in the same network as the VIP=192.168.1.100 and see if the loadbalancing is working. To prove it it should open a web site. Once it is done, check IPVS status as follows:

sudo ipvsadm -L -n

The result should similar to:

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.100:80 rr
  -> 10.10.10.100:80              Masq    1      0          1         
  -> 10.10.10.110:80              Masq    1      0          0

Test 2: Failover

Not, we need to test that in case of a failure in the Master loadbalancer, the second loadbalancer will take control of the service. To do this, please Force Off the Master Loadbalancer in KVM. Once this is done, repeat steps 2 (Only on the remaining loadbalancer) to 4.

Test Results

Name

Test

Passed/Failed

Comments

RoAkSoAx

Keepalived, balancing

Passed

4 KVMs - no issues

RoAkSoAx

Keepalived, failover/balancing

Passed

4 KVMs - no issues

RoAkSoAx

Pacemaker/ldirectord, balancing

Passed

4 KVMs - no issues

RoAkSoAx

Pacemaker/ldirectord, failover/balancing

Passed

4 KVMs - no issues

Comments/Questions/Recommendations/Proposed Fixes

On 1.2 "Pacemaker, standalone": on section 7 I had to replace ocf:heartbeat:apache2 with ocf:heartbeat:apache on this line:

primitive apache2 ocf:heartbeat:apache2 params configfile="/etc/apache2/apache2.conf" httpd="/usr/sbin/apache2" op monitor interval="5s"

to make it work.

ClusterStack/LucidTesting (last edited 2012-02-15 17:31:40 by soho85-138)