Différences
Ci-dessous, les différences entre deux révisions de la page.
systemes:web:keepalived [2017/09/08 14:03] william |
systemes:web:keepalived [2019/02/06 14:03] |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
- | ====== KeepAlived ( Haute disponibilité ) ====== | ||
- | <callout type=" | ||
- | ===== Introduction ===== | ||
- | Keepalived est un logiciel de routage. Le principal objectif de ce projet est de mettre en place du loadbalancing et/ou de la haute disponibilité pour les systèmes Linux et des infrastructures basées sur Linux. Le Loadbalancing repose sur Linux Virtual Server (IPVS) et la haute disponibilité fonctionne via le protocole VRRP. | ||
- | </ | ||
- | |||
- | |||
- | ===== Installation de keepalived ===== | ||
- | |||
- | ==== Récupération des sources ==== | ||
- | |||
- | <code bash> | ||
- | yum/apt-get install keepalived | ||
- | </ | ||
- | |||
- | ==== Configuration Actif/ | ||
- | |||
- | Dans le cas d'une infrastructure web avec deux proxys en amont, en état master/ | ||
- | |||
- | * Serveur Proxy1 : | ||
- | * <file bash / | ||
- | # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
- | # | ||
- | # Configuration Keepalived: FailOver | ||
- | # | ||
- | # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
- | |||
- | global_defs { | ||
- | notification_email | ||
- | { | ||
- | mail.a.prevenir@domaine.fr | ||
- | } | ||
- | |||
- | notification_email_from proxy1@domaine.fr | ||
- | smtp_server xxx.xxx.xxx.xxx # il vaut mieux l'ip que le hostname des problèmes peuvent survenir | ||
- | smtp_connect_timeout 30 | ||
- | |||
- | } | ||
- | |||
- | # instance VRRP pour smtp | ||
- | vrrp_instance VI1 { | ||
- | |||
- | interface ens192 | ||
- | state MASTER | ||
- | virtual_router_id 11 | ||
- | priority 101 # 101 on master, 100 on backup | ||
- | |||
- | virtual_ipaddress { | ||
- | 192.168.1.4/ | ||
- | } | ||
- | |||
- | smtp_alert | ||
- | |||
- | authentication | ||
- | { | ||
- | auth_type PASS | ||
- | auth_pass mdp8char | ||
- | } | ||
- | |||
- | } | ||
- | </ | ||
- | |||
- | * Serveur Proxy2 : | ||
- | * <file bash / | ||
- | # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
- | # | ||
- | # Configuration Keepalived: FailOver | ||
- | # | ||
- | # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
- | |||
- | global_defs { | ||
- | notification_email | ||
- | { | ||
- | mail.a.prevenir@domaine.fr | ||
- | } | ||
- | |||
- | notification_email_from proxy2@domaine.fr | ||
- | smtp_server xxx.xxx.xxx.xxx | ||
- | smtp_connect_timeout 30 | ||
- | |||
- | } | ||
- | |||
- | # instance VRRP pour smtp | ||
- | vrrp_instance VI1 { | ||
- | |||
- | interface ens192 | ||
- | state SLAVE | ||
- | virtual_router_id 11 | ||
- | priority 100 # 101 on master, 100 on backup | ||
- | |||
- | virtual_ipaddress { | ||
- | 192.168.1.4/ | ||
- | } | ||
- | |||
- | smtp_alert | ||
- | |||
- | authentication | ||
- | { | ||
- | auth_type PASS | ||
- | auth_pass mdp8char | ||
- | } | ||
- | |||
- | } | ||
- | </ | ||
- | |||
- | |||
- | ==== Configuration Actif/ | ||
- | |||
- | Dans le cas d'une infrastructure ldap avec deux proxys en amont, les deux étant actif dont ldap2 reçoit deux fois plus de requêtes que ldap1 | ||
- | |||
- | * Serveur LDAP1 : | ||
- | * <file bash / | ||
- | # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
- | # | ||
- | # Configuration Keepalived: FailOver & Round Robin Pondéré | ||
- | # | ||
- | # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
- | |||
- | |||
- | global_defs { | ||
- | notification_email { | ||
- | user@domaine.fr | ||
- | } | ||
- | notification_email_from ldaptest1@domaine.fr | ||
- | smtp_server IP_SMTP | ||
- | smtp_connect_timeout 30 | ||
- | } | ||
- | |||
- | |||
- | |||
- | vrrp_instance VI-LDAP1 { | ||
- | state MASTER | ||
- | virtual_router_id 25 | ||
- | priority 150 | ||
- | interface eno16777984 | ||
- | protocol TCP | ||
- | |||
- | virtual_ipaddress { | ||
- | IP_VIP/24 brd 1.2.3.255 dev em1 | ||
- | } | ||
- | |||
- | smtp_alert | ||
- | advert_int 10 | ||
- | |||
- | |||
- | notify_master "/ | ||
- | notify_backup "/ | ||
- | notify_fault "/ | ||
- | |||
- | authentication{ | ||
- | auth_type AH | ||
- | auth_pass password | ||
- | } | ||
- | |||
- | } | ||
- | |||
- | |||
- | virtual_server IP_VIP 389 { | ||
- | delay_loop 10 | ||
- | lb_algo rr | ||
- | lb_kind DR | ||
- | protocol TCP | ||
- | |||
- | real_server IP_LDAP1 389 { | ||
- | weight 1 | ||
- | TCP_CHECK { | ||
- | | ||
- | | ||
- | } | ||
- | } | ||
- | |||
- | real_server IP_LDAP2 389 { | ||
- | weight 2 | ||
- | TCP_CHECK { | ||
- | connect_port | ||
- | connect_timeout 5 | ||
- | } | ||
- | } | ||
- | |||
- | } | ||
- | |||
- | virtual_server IP_VIP 636 { | ||
- | delay_loop 10 | ||
- | lb_algo rr | ||
- | lb_kind DR | ||
- | protocol TCP | ||
- | |||
- | real_server IP_LDAP1 636 { | ||
- | weight 1 | ||
- | MISC_CHECK { | ||
- | misc_path "/ | ||
- | } | ||
- | |||
- | } | ||
- | |||
- | real_server IP_LDAP2 636 { | ||
- | weight 2 | ||
- | MISC_CHECK { | ||
- | misc_path "/ | ||
- | } | ||
- | } | ||
- | </ | ||
- | |||
- | [[systemes: |