Friday, May 14, 2010

Setting Up A High-Availability Load Balancer(With Failover and Session Support) With HAProxy/Keepalived


I/INTRO
As you know,We any solution for load load blancer in Linux as:

Pfsense:http://conheotiensinh.blogspot.com/2009/09/load-balance-and-cluster-failover.htmlOnly support layer 4(can't deploy with system need Login)

Pen is a very simple load balancer for TCP protocols. It supports source IP-based persistence for up to 2048 clients. Supports IP-based ACLs. Uses select() and supports higher loads than Pound but will not scale very well to thousands of simultaneous connections.

Pound can be seen as a complement to HAProxy. It supports SSL, and can direct traffic according to the requested URL. Its code is very small and will stay small for easy auditing. Its configuration file is very small too. However, it does not support persistence, and the performance associated to its multi-threaded model limits its usage to medium sites only.

Beside We can use Linux Virtual Servers (LVS),Pure Load Balancer (PLB)But with load balance support layer 7 But with me HAproxy best choice.HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer 7 processing. Supporting tens of thousands of connections is clearly realistic with todays hardware. Its mode of operation makes its integration into existing architectures very easy and riskless, while still offering the possibility not to expose fragile web servers to the Net.

II/INSTALL


For this howto I set up four Centos systems (minimal installation without gui etc.) with the following configuration:

Load Balancer 1

IP: 192.168.236.128(eth0) and 192.168.127.128(eth1) Shared IP: 192.168.236.130

Load Balancer 2

IP: 192.168.236.129 192.168.127.129(eth1) Shared IP: 192.168.236.130

Web Server 1

IP: 192.168.127.130

Web Server 2


IP: 192.168.127.132

1/Intall Haproxy and keepalived

You can install from source but for easier you need install rpm packet(if you need lastest rpm packet of HAPROXY(version 1.4.5) and Keepalived(version 1.1.20) .Please contact me with email:quan.hoa@conheotiensinh.co.cc.I will give it to you

2/Edit /etc/haproxy/haproxy.cfg in both load balancer server as following:

global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon

defaults
mode http
log global
option dontlognull
option httpclose
option httplog
option forwardfor
option redispatch
timeout connect 10000 # default 10 second time out if a backend is not found
timeout client 300000
timeout server 300000
maxconn 60000
retries 3

listen webfarm 192.168.236.130:80
mode http
stats enable
stats auth test:123
#balance roundrobin
balance source
cookie JSESSIONID prefix
#balance source
#cookie SERVERID insert indirect
option httpclose
option forwardfor
option httpchk HEAD /check.txt HTTP/1.0
server web1 192.168.127.130:80 cookie A check
server web2 192.168.127.132:80 cookie B check

3/Configure Keepalived

As this Document I use keepalived for HA(beside you can use heartbeat and VRRP for cluster)

edit /etc/keepalived/keepalived.conf in both load balance(only change priority 101 on master, 100 on backup)


vrrp_script chk_haproxy { # Requires keepalived-1.1.13
script "killall -0 haproxy" # cheaper than pidof
interval 2 # check every 2 seconds
weight 2 # add 2 points of prio if OK
}

vrrp_instance VI_1 {
interface eth0
state MASTER
virtual_router_id 51
priority 101 # 101 on master, 100 on backup
virtual_ipaddress {
192.168.236.130
}
track_script {
chk_haproxy
}
}

4/Edit /etc/sysctl.conf in both load balance

# Allow HAProxy shared IP
net.ipv4.ip_nonlocal_bind = 1


5/Test

I setup 2 webmail roundcube for test this haproxy

a/Login webmail and check log



b/Stop LB1 and check log in Load balance 2

c/Check status HAPROXY with URL:http://192.168.236.130/haproxy?stats


Thanks