Internet
↓
firewall(ssg520)
↓
vip 10.20.0.100 (keepalived)
↓
haproxy A 10.20.0.12 + haproxy B 10.20.0.11
↓
web* 3 (10.20.0.100-103)
——————————————————————————————-
haproxy A setting files
# vi /opt/haproxy.cfg
global
maxconn 5120
chroot /usr/local/haproxy
group nobody
user nobody
daemon
quiet
#nbproc 8
defaults
log global
log 127.0.0.1 local3
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen webgrp 0.0.0.0:80
mode http
option httplog
option dontlognull
option forwardfor
option httpclose
cookie SERVERID rewrite
balance roundrobin
option httpchk HEAD /time.jsp HTTP/1.0
stats uri /status
stats auth admin:vivaz
server web01 10.30.0.100:80 cookie web01inst1 check inter 2000 rise 2 fall 5
server web02 10.30.0.101:80 cookie web01inst1 check inter 2000 rise 2 fall 5
server web03 10.30.0.102:80 cookie web01inst1 check inter 2000 rise 2 fall 5
# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
abc@abc.com
}
notification_email_from abc@abc.com
smtp_server localhost
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_haproxy { # Requires keepalived-1.1.13
script “killall -0 haproxy” # cheaper than pidof
interval 2 # check every 2 seconds
weight 2 # add 2 points of prio if OK
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 101
virtual_ipaddress {
10.20.0.100
}
track_script {
chk_haproxy
}
}
——————————————————————————————-
haproxy B setting files
# vi /opt/haproxy.cfg
global
maxconn 5120
chroot /usr/local/haproxy
group nobody
user nobody
daemon
quiet
#nbproc 8
defaults
log global
log 127.0.0.1 local3
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen webgrp 0.0.0.0:80
mode http
option httplog
option dontlognull
option forwardfor
option httpclose
cookie SERVERID rewrite
balance roundrobin
option httpchk HEAD /time.jsp HTTP/1.0
stats uri /status
stats auth admin:vivaz
server web01 10.30.0.100:80 cookie web01inst1 check inter 2000 rise 2 fall 5
server web02 10.30.0.101:80 cookie web01inst1 check inter 2000 rise 2 fall 5
server web03 10.30.0.102:80 cookie web01inst1 check inter 2000 rise 2 fall 5
# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
abc@abc.com
}
notification_email_from abc@abc.com
smtp_server localhost
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_haproxy { # Requires keepalived-1.1.13
script “killall -0 haproxy” # cheaper than pidof
interval 2 # check every 2 seconds
weight 2 # add 2 points of prio if OK
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
virtual_ipaddress {
10.20.0.100
}
track_script {
chk_haproxy
}
}
——————————————————————————————-
start master/slave daemon
# /etc/init.d/haproxy start
# /etc/init.d/keepalived start
check its working?
# tcpdump | grep VRRP
3:45:49.073458 IP 10.20.0.12 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 103, authtype none, intvl 1s, length 20
13:45:50.074463 IP 10.20.0.12 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 103, authtype none, intvl 1s, length 20
13:45:51.075474 IP 10.20.0.12 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 103, authtype none, intvl 1s, length 20
13:45:52.075483 IP 10.20.0.12 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 103, authtype none, intvl 1s, length 20
13:45:53.076495 IP 10.20.0.12 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 103, authtype none, intvl 1s, length 20
13:45:54.076505 IP 10.20.0.12 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 103, authtype none, intvl 1s, length 20
13:45:55.077511 IP 10.20.0.12 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 103, authtype none, intvl 1s, length 20
13:45:56.077520 IP 10.20.0.12 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 103, authtype none, intvl 1s, length 20
13:45:57.078531 IP 10.20.0.12 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 103, authtype none, intvl 1s, length 20
13:45:58.079536 IP 10.20.0.12 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 103, authtype none, intvl 1s, length 20
13:45:59.080550 IP 10.20.0.12 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 103, authtype none, intvl 1s, length 20
13:46:00.080558 IP 10.20.0.12 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 103, authtype none, intvl 1s, length 20
13:46:01.081568 IP 10.20.0.12 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 103, authtype none, intvl 1s, length 20
13:46:02.082574 IP 10.20.0.12 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 103, authtype none, intvl 1s, length 20
13:46:03.083585 IP 10.20.0.12 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 103, authtype none, intvl 1s, length 20
change to slave
13:46:23.700757 IP 10.20.0.11 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 102, authtype none, intvl 1s, length 20
13:46:24.701871 IP 10.20.0.11 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 102, authtype none, intvl 1s, length 20
13:46:25.702786 IP 10.20.0.11 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 102, authtype none, intvl 1s, length 20
13:46:26.706196 IP 10.20.0.11 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 102, authtype none, intvl 1s, length 20
13:46:27.706819 IP 10.20.0.11 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 102, authtype none, intvl 1s, length 20
13:46:28.707841 IP 10.20.0.11 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 102, authtype none, intvl 1s, length 20
13:46:29.708852 IP 10.20.0.11 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 102, authtype none, intvl 1s, length 20
13:46:30.709876 IP 10.20.0.11 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 102, authtype none, intvl 1s, length 20
13:46:31.709891 IP 10.20.0.11 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 51, prio 102, authtype none, intvl 1s, length 20