Tuesday 5 July 2016

Setup VRRP on CentOS 7 with Keepalived

VRRP commonly used with routers and firewalls in an alternative to Cisco's own HSRP and similar to CARP in many ways.

Keepalived allows us to utilize VRRP on Linux systems - which in this case will be a cluster of NGINX servers.

In this scenerio we want to ensure that clients are accessing the reverse proxy cluster from a single IP - and if in the event that one of the nodes in the cluster goes down that the other one will take over the shared IP address.

I would reccomend using a dedicated interface on each node that will have the shared IP address assigned to it and a separate management interface for administrative purposes.

We will firstly need to install the following on each node:

yum install keepalived

and then create a new keepalived configuration:

mv /etc/keepalived/keepalived.conf /etc/keepalived/_keepalived.conf
vi /etc/keepalived/keepalived.conf

and add the following to NODE 1 (primary) - replacing where necessary:

! Configuration File for keepalived

global_defs {
   notification_email {
     alerts@yourdomain.com
   }
   notification_email_from keepalived@yourdomain.com
   smtp_server 10.11.12.13
   smtp_connect_timeout 30
}

vrrp_instance VI_1 {
    state MASTER
    interface eth1
    virtual_router_id 10
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass yoursecurepassword
    }
    virtual_ipaddress {
        10.11.12.254
    }
}

and then add the following on NODE 2 (secondary):

mv /etc/keepalived/keepalived.conf /etc/keepalived/_keepalived.conf
vi /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     alerts@yourdomain.com
   }
   notification_email_from keepalived@yourdomain.com
   smtp_server 10.11.12.13
   smtp_connect_timeout 30
}

vrrp_instance VI_1 {
    state MASTER
    interface eth1
    virtual_router_id 10
    priority 101
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass yoursecurepassword
    }
    virtual_ipaddress {
        10.11.12.254
    }
}

** Some points to keep in mind - the node with the highest priority should take presidence over any other nodes with lower priorities. The virtual_router_id attribute should be the same for each router part of the same set.

and then - on BOTH nodes we should ensure that the services starts up automatically at boot:

sudo systemctl enable keepalived
sudo systemctl start keepalived

Now we can verify the ip configuration with:

ip addr show

and then turn of the primary node and ensure that we can still ping the shared ip address we setup.

You can also verify the failover by tailing the messages file:

tail -f /var/log/messages

0 comments:

Post a Comment