Setting Up A High-Availability Load Balancer (With Failover and Session Support) With...

Options For This HowtoFree Support

Paid Support

Navigation

Howtos

Linux

CentOS

Debian

Fedora

Kernel

Mandriva

PCLinuxOS

SuSE

Ubuntu

Web Server

Apache

Cherokee

Lighttpd

nginx

Backup

Control Panels

ISPConfig

DNS

BIND

MyDNS

PowerDNS

djbdns

Desktop

Email

Anti-Spam/Virus

Postfix

Procmail

Sendmail

FTP

High-Availability

Monitoring

MySQL

Programming

C/C++

PHP

Samba

Security

Anti-Spam/Virus

Storage

FAQForgeSubscriptionContributeSearchNewsForumsHowtos

Setting Up A High-Availability Load Balancer (With Failover and Sessio... http://www.howtoforge.com/setting-up-a-high-availability-load-balancer-...

1 of 12 12/12/2010 2:34 PM

Virtualization

KVM

OpenVZ

VMware

VirtualBox

Xen

Other

FreeBSD

Commercial

Mini-Howtos

Forums

Contribute

Subscription

Login

Site Map/RSS Feeds

User loginUsername:

Password:

Remember Me?

Create a new account

Request new password

Who's onlineThere are currently 9 users and 2490 guests online.

HowtoForge ForumsCreate New Website

- Can't specify

domain!

Additional

Template

Clarification

Needed

error.log files

are empty

Dectivate site,

default site

Question!!!

After upgrade from

Ubuntu 9.10 to

10.10 Mail ...

Upgrade Nightmare!

Issue with website

hosted on Virtual

Redhat ...

Spamassassin not

working after


2 of 12 12/12/2010 2:34 PM

upgrade to 2.2.37

create my own

panel

NewsTop 10 Ideas for Upcoming Ubuntu Releases

Linux Can Deliver A Faster Gaming Experience Than Mac OS X

Why I'm *not* Signing Up for Google Chrome OS Pilot Program

Task warrior, the cli organizer

The case for a new Apache/Google “Java”

3 Awesome Ubuntu/Linux Multi Touch Demo Videos

21 More Notable Free Linux Games (Part 2 of 3)

21 More Notable Free Linux Games (Part 2 of 3)

Weekend Project: Set Up Safe Guest Wi-Fi with Linux

Guest Post: The Importance of Openness in Mobile Application Development

more

Recent commentsVirtual machines license issues with windows

19 hours 26 min ago

After waiting for this for a

1 day 12 hours ago

Re: FuzzyOcr error

1 day 13 hours ago

Version didn't updated

1 day 14 hours ago

This is a BAD IDEA!

1 day 14 hours ago

Hi, Why are you making a

1 day 21 hours ago

libdvdcss-1.2.10-5 .fc14.i686.rpm

1 day 22 hours ago

Re: Error to smbldap-populate

2 days 1 hour ago

If you install pure-ftpd in

2 days 3 hours ago

Re: Thumbs up

2 days 5 hours ago

NewsletterSubscribe to

HowtoForgeNewsletter

and stay informed

about our latest

HOWTOs and

projects.


3 of 12 12/12/2010 2:34 PM

(To unsubscribe from

our newsletter, visit

this link.)

Syndicate

HowtoForge Feed for Facebook®"Facebook" is a registered trademark of Facebook, Inc. All rights reserved.

English | Deutsch | Site Map/RSS Feeds | Advertise

You are here: Home » Setting Up A High-Availability Load Balancer (With Failover and Session Support) With HAProxy/Heartbeat

On Debian Lenny » Setting Up A High-Availability Load Balancer (With Failover And Session Support) With HAProxy/Heartbeat On

Debian Lenny - Page 2

Setting Up A High-Availability Load Balancer (With Failover and Session Support)

With HAProxy/Heartbeat On Debian Lenny - Page 2

Do you like HowtoForge? Please consider supporting us by becoming a

subscriber.

Submitted by falko (Contact Author) (Forums) on Sun, 2009-07-12 17:56. ::

5 Setting Up Heartbeat

We've just configured HAProxy to listen on the virtual IP address 192.168.0.99, but someone has to

tell lb1 and lb2 that they should listen on that IP address. This is done by heartbeat which we install

like this:

lb1/lb2:

aptitude install heartbeat

To allow HAProxy to bind to the shared IP address, we add the following line to /etc/sysctl.conf:

vi /etc/sysctl.conf


4 of 12 12/12/2010 2:34 PM

[...]net.ipv4.ip_nonlocal_bind=1

... and run:

sysctl -p

Now we have to create three configuration files for heartbeat, /etc/ha.d/authkeys, /etc/ha.d/ha.cf, and

/etc/ha.d/haresources. /etc/ha.d/authkeys and /etc/ha.d/haresources must be identical on lb1 and

lb2, and /etc/ha.d/ha.cf differs by just one line!

lb1/lb2:

vi /etc/ha.d/authkeys

auth 33 md5 somerandomstring

somerandomstring is a password which the two heartbeat daemons on lb1 and lb2 use to authenticate against

each other. Use your own string here. You have the choice between three authentication mechanisms. I use

md5 as it is the most secure one.

/etc/ha.d/authkeys should be readable by root only, therefore we do this:

lb1/lb2:


5 of 12 12/12/2010 2:34 PM

chmod 600 /etc/ha.d/authkeys

lb1:

vi /etc/ha.d/ha.cf

## keepalive: how many seconds between heartbeats#keepalive 2## deadtime: seconds-to-declare-host-dead#deadtime 10## What UDP port to use for udp or ppp-udp communication?#udpport 694bcast eth0mcast eth0 225.0.0.1 694 1 0ucast eth0 192.168.0.101

Important: As nodenames we must use the output of

uname -n

on lb1 and lb2.

The udpport, bcast, mcast, and ucast options specify how the two heartbeat nodes communicate with each

other to find out if the other node is still alive. You can leave the udpport, bcast, and mcast lines as shown

above, but in the ucast line it's important that you specify the IP address of the other heartbeat node; in this

case it's 192.168.0.101 (lb2.example.com).

On lb2 the file looks pretty much the same, except that the ucast line holds the IP address of lb1:

lb2:

vi /etc/ha.d/ha.cf


6 of 12 12/12/2010 2:34 PM

## keepalive: how many seconds between heartbeats#keepalive 2## deadtime: seconds-to-declare-host-dead#deadtime 10## What UDP port to use for udp or ppp-udp communication?#udpport 694bcast eth0mcast eth0 225.0.0.1 694 1 0ucast eth0 192.168.0.100

lb1/lb2:

vi /etc/ha.d/haresources

lb1.example.com 192.168.0.99

The first word is the output of

uname -n

on lb1, no matter if you create the file on lb1 or lb2! It is followed by our virtual IP address (192.168.0.99 in

our example).

Finally we start heartbeat on both load balancers:

lb1/lb2:

/etc/init.d/heartbeat start

Then run:

lb1:


7 of 12 12/12/2010 2:34 PM

ip addr sh eth0

... and you should find that lb1 is now listening on the shared IP address, too:

lb1:/etc/ha.d# ip addr sh eth0

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000

link/ether 00:0c:29:63:f7:5c brd ff:ff:ff:ff:ff:ff

inet 192.168.0.100/24 brd 192.168.0.255 scope global eth0

inet 192.168.0.99/24 brd 192.168.0.255 scope global secondary eth0:0

inet6 fe80::20c:29ff:fe63:f75c/64 scope link

valid_lft forever preferred_lft forever

lb1:/etc/ha.d#

You can check this again by running:

ifconfig

lb1:/etc/ha.d# ifconfig

eth0 Link encap:Ethernet HWaddr 00:0c:29:63:f7:5c

inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:fe63:f75c/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:15838 errors:0 dropped:0 overruns:0 frame:0

TX packets:8761 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:21111826 (20.1 MiB) TX bytes:844920 (825.1 KiB)

Interrupt:18 Base address:0x1400

eth0:0 Link encap:Ethernet HWaddr 00:0c:29:63:f7:5c




lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1




RX bytes:560 (560.0 B) TX bytes:560 (560.0 B)

lb1:/etc/ha.d#

As lb2 is the passive load balancer, it should not be listening on the virtual IP address as long as lb1 is up. We

can check that with:

lb2:

ip addr sh eth0

The output should look like this:


8 of 12 12/12/2010 2:34 PM

lb2:~# ip addr sh eth0


link/ether 00:0c:29:be:7b:3b brd ff:ff:ff:ff:ff:ff


inet6 fe80::20c:29ff:febe:7b3b/64 scope link


lb2:~#

The output of

ifconfig

shouldn't display the virtual IP address either:

lb2:~# ifconfig

eth0 Link encap:Ethernet HWaddr 00:0c:29:be:7b:3b


inet6 addr: fe80::20c:29ff:febe:7b3b/64 Scope:Link





RX bytes:21151306 (20.1 MiB) TX bytes:879697 (859.0 KiB)


lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1




RX bytes:560 (560.0 B) TX bytes:560 (560.0 B)

lb2:~#

6 Starting HAProxy

Now we can start HAProxy:

lb1/lb2:

/etc/init.d/haproxy start

7 Testing

Our high-availability load balancer is now up and running.

You can now make HTTP requests to the virtual IP address 192.168.0.99 (or to any domain/hostname that is

pointing to the virtual IP address), and you should get content from the backend web servers.

You can test its high-availability/failover capabilities by switching off one backend web server - the load


9 of 12 12/12/2010 2:34 PM

balancer should then redirect all requests to the remaining backend web server. Afterwards, switch off the

active load balancer (lb1) - lb2 should take over immediately. You can check that by running:

lb2:

ip addr sh eth0

You should now see the virtual IP address in the output on lb2:

lb2:~# ip addr sh eth0


link/ether 00:0c:29:be:7b:3b brd ff:ff:ff:ff:ff:ff


inet 192.168.0.99/24 brd 192.168.0.255 scope global secondary eth0:0

inet6 fe80::20c:29ff:febe:7b3b/64 scope link


lb2:~#

The same goes for the output of

ifconfig

When lb1 comes up again, it will take over the master role again.

8 HAProxy Statistics

You might have noticed that we have used the options stats enable and stats auth

someuser:somepassword in the HAProxy configuration in chapter 4. This allow us to access (password-

protected) HAProxy statistics under the URL http://192.168.0.99/haproxy?stats. This is how it looks:


10 of 12 12/12/2010 2:34 PM

previous

Setting Up A High-Availability Load Balancer (With

Failover and Session Support) With

HAProxy/Heartbeat On Debian Lenny

If you don't need the statistics, just comment out or remove the stats lines from the HAProxy configuration.

9 Links

HAProxy: http://haproxy.1wt.eu

Heartbeat: http://www.linux-ha.org/Heartbeat

Debian: http://www.debian.org

up

Copyright © 2009 Falko Timme

All Rights Reserved.

add comment | view as pdf | print: this | all page(s) |

Related Tutorials

Setting Up A High-Availability Load Balancer With HAProxy/Keepalived On Debian Lenny

Please do not use the comment function to ask for help! If you need help, please use our forum.

Comments will be published after administrator approval.

There seems a flaw in this techniqueSubmitted by Jonathan (not registered) on Tue, 2009-10-20 01:53.

First of all, thanks for the tutorial it was very helpful. However, what happens if haproxy process dies? Heartbeat won't

flip the IP will it?

reply | view as pdf

Howtos | Mini-Howtos | Forums | News | Search | Contribute | SubscriptionSite Map/RSS Feeds | Advertise | Contact | Disclaimer | Imprint

Copyright © 2010 HowtoForge - Linux Howtos and TutorialsAll Rights Reserved.


11 of 12 12/12/2010 2:34 PM


12 of 12 12/12/2010 2:34 PM

Setting Up A High-Availability Load Balancer (With Failover and Session Support) With...

Documents

Transcript of Setting Up A High-Availability Load Balancer (With Failover and Session Support) With...