Linux: Configuring cluster VIP (Virtual IP) with keepalived: Part 1

Some time ago I had a discussion about open source load balancing solutions (e.g. HAProxy)  especially with the focus on HA and VIP address failover (by VIP address failover we meant that the public IP is moved to the second node in case the first one is shutdown). It came to me that I have never in practice done that and I decided to built up such a solution - just to check the second point, namely the VIP address failover. For that I used my Ubuntu box together with two virtualized environments based on CentOS (these I had already available in kvm) - the configuration is shown on the picture below:

+

Figure 1 Network deployment of the test environment for
the keepalived's VIP failover

Ok, having the picture in mind let's get to work.

Test envrionment setup

The presented below points show how to configure it:

1. Define additional Interconnect network. For doing that I used the virt-manager GUI: Edit->Connection Details and there should a window appear (just as the one presented on the Figure 2). In the Virtual Networks tab you should add a new network (a '+' button in the bottom of the window)

   

   Figure 2 Interconnect virtual network

2. Install two machines (Host A and B) that will be hosting the keepalived. I already had one CentOS kvm which I cloned to have the Host B (using virt-manager it is very simple and can be done via main GUI)
3. Install keepalived. CentOS does not have the keepalived in its repos so I had to download the latest sources from the web: http://www.keepalived.org/software/keepalived-1.2.2.tar.gz. After unpacking I did not have to download any additional dependencies and I just followed the INSTALL instructions - as usual steps: configure, make, make install ;) In order to build the keepalived only once (for two hosts) you might also install it before cloning the image (after the image has been cloned it has the keepalived).
4. Configure sysctl. In the manual I read that one should enhance the sysctl configuration in order to allow the application to bind to non local addresses - add these line to /etc/sysctl.conf:
    net.ipv4.ip_nonlocal_bind = 1
   and execute:
    sysctl -p
5. Reconfigure firewall. The keepalived utilizes multicast address (224.0.0.18) for exchanging information about the status of the nodes belonging to specific groups. What needs to be done is to allow the multicast traffic to go over the Interconnect network (eth0) interface. In my case for testing purposes I have just disabled the firewall (in Gnome: System->Administration->Security Level and Firewall)
6. Configure the master host (Host A). One needs to adapt or create the /etc/keepalived/keepalived.conf file as follows:
   [root@localhost ~]# cat /etc/keepalived/keepalived.conf
   vrrp_instance VI_1 {
   state MASTER
   interface eth0
   virtual_router_id 51
   priority 102
   virtual_ipaddress {
   192.168.122.50/24 brd 192.168.122.255 dev eth1 label eth1:0
   }
   }
   where eth0 is the interface for interconnect and eth1 is the interface for communication with external world (VIP)
   
7. Configure the backup host (Host B). The configuration file /etc/keepalived/keepalived.conf would be mostly the same for both hosts (as for host A) - what one has to remember is to set the Host B into backup mode with lower priority
   [root@centos1-priv ~]# cat /etc/keepalived/keepalived.conf
   vrrp_instance VI_1 {
   state BACKUP
   interface eth0
   virtual_router_id 51
   priority 101
   virtual_ipaddress {
   192.168.122.50/24 brd 192.168.122.255 dev eth1 label eth1:0
   }
   }
   where eth0 is the interface for interconnect and eth1 is the interface for communication with external world (VIP)
   
   
8. Startup keepalived on both hosts. The best way to start the keepalived is to use the init/startup scripts provided with the source package
   # /etc/init.d/keepalived start
   If you cannot find the script you can get it from the keepalived source package
9. Proceed to the test (see Part 2)