Saturday, October 19, 2013

Making a loadbalancer with CentOS using Linux Virtual Server

When you are new to all terminology Red Hat is using, it can be challenging to understand what actions to take to create a simple load-balancer with Linux. Here is some information to get you started.
  • piranha This is a package that provides a configuration interface for setting up LVS.
  • ipvs The name of the module that allows a load-balancing on Linux.
  • ipvsadm A package (and a command) that makes administrating ipvs possible. Be aware, you either user piranha-gui or /etc/sysconfig/ipvsadm to configure ipvs.
  • LVS Linux Virtual Server - the project name of all tools used in this document.
  • pulse A service (/etc/init.d/pulse) that runs on both active and backup machine and opens a port to make checking possible. piranha-gui configures everything, pulse actually activates all configurations.
  • nanny A process started by pulse to monitor the realservers.
  • nat Network Address Translation. A common combination with LVS. In case NAT is uses, the loadbalancer/director/LVS accepts traffic on one the VIP and sends traffic to the realservers. Be aware, the current implementation of ipvsadm does not properly use Source NAT, it currently does not rewrite the source address.
  • direct routing A method of routing available in LVS. Traffic is received on the VIP, sent through to the realservers. The realservers receive the traffic as if it was sent to the VIP, so the VIP must be configured on the realservers. To avoid arp-caches to register the wrong MAC-address-IP-address combination, a few "tricks" must be done.
  • wlc Weighted Least Connections, an algorithm to balance load to realservers.
  • VIP Virtual IP. The IP-address the service is configured on.
  • RIP Real server IP. The IP-address of a real-server.
  • realserver The server providing the actual service. This can be Linux, Windows, whatever.
Here is an overview of a possible setup:
Steps to finish before eternal succes:

Install piranha-gui

# yum install piranha-gui

(modify to whatever network you are using on the realserver network.)

Configure services

# chkconfig httpd on
# chkconfig piranha-gui on
# chkconfig pulse on
# sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/' /etc/sysctl.conf
# echo "*nat
:OUTPUT ACCEPT [431:32534]
:INPUT ACCEPT [4186:1094786]
:FORWARD ACCEPT [729:111992]
:OUTPUT ACCEPT [4266:388099]
-A FORWARD -i eth1 -j ACCEPT
COMMIT" > /etc/sysconfig/iptables
# chkconfig iptables on
# sed -i 's/SELINUX=enabled/SELINUX=disabled/' /etc/sysconfig/selinux

Configure via webinterface

Execute these steps to be able to use the piranha-gui web interface:
# service httpd start
# piranha-passwd
# service piranha-gui start

Open a browser and open your servers IP-address, port 3636. URL looks something like this:

Synchronize /etc/sysconfig/ha/

You will need to have the piranha configuration the same on both machines. Here are some hints. Do this on both machines, just switch the IP-address.
# ssh-keygen
# scp .ssh/id_rsa*
# cp .ssh/ .ssh/authorized_keys

Now you should be able to connect to both machines without using a password.
# cat

copiedserialno=$(grep serial_no /tmp/ | awk '{ print $NF }')
runningserialno=$(grep serial_no /etc/sysconfig/ha/ | awk '{ print $NF }')

if [ "$copiedserialno" -gt "$runningserialno" ] ; then
mv /tmp/ /etc/sysconfig/ha/
# crontab -l
* * * * * /usr/bin/scp /etc/sysconfig/ha/ > /dev/null
* * * * * /root/

Reboot the server.

To activate all changes, simply reboot the load-balancer.