Konfigurasi High Available Load Balancer dengan Keepalived dan Haproxy pada Centos 7

HAProxy adalah sebuah aplikasi opensource berbasis Linux yang biasa digunakan sebagai load balancing trafic jaringan. Load balancing adalah teknik untuk mendistribusikan beban trafik pada dua atau lebih jalur koneksi secara seimbang agar trafik dapat berjalan optimal, memaksimalkan throughput, memperkecil waktu tanggap dan menghindari overload pada salah satu jalur koneksi. Teknik balancing dapat menggunakan beberapa cara yang berbeda, tergantung kekompleksan yang ada.

Load balancing umumnya dikelompokkan dalam dua kategori : Layer 4 dan Layer 7, Layer 4 load balance bertindak pada data di network TCP (IP, TCP, FTP,UDP). Layer 7 load balance mendistribusikan permintaan dari client berdasarkan data yang ditemukan pada layer Application seperti HTTP. Maka dari itu sangat penting untuk mengerti, apa yang sebenarnya dibutuhkan jaringan sebelum membuat keputusan melakukan konfigurasi load balancer.

Keepalived merupakan routing software yang dapat dikombinasikan dengan Haproxy, keepalived mengunakan protokol VRRP (Virtual Routing Redudancy Protocol) yang bisa melakukan metode failover, terhadap Haproxy pada 2 load balancer

Topologi

a

Load Balancer
Konfigurasi Load Balancer 1
[root@LB-1 ~]# yum install keepalived haproxy

Tambahkan pada file /etc/sysctl.conf untuk Keepalived VIP dan NAT

[root@LB-1 ~]# nano /etc/sysctl.conf 
net.ipv4.ip_nonlocal_bind=1
net.ipv4.ip_forward=1

Konfigurasi Keepalived

[root@LB-1 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.back
[root@LB-1 ~]# nano /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
	notification_email {
                alan@routecloud.net
        }
	notification_email_from admin@routecloud.net
        smtp_server 127.0.0.1
        smpt_connect_timeout 30
        lvs_id B1
}

vrrp_script chk_haproxy {
        script "/usr/bin/kill -0 haproxy"
        interval 2
        weight 2
        timeout 2
        fall 2
	rise 2
}

vrrp_instance VI_1 {
        state MASTER
        interface enp0s3
        virtual_router_id 51
        priority 101
        advert_int 1
        authentication {
        auth_type PASS
        auth_pass 1111
        }


virtual_ipaddress {
        192.168.36.100 dev enp0s3
        192.168.36.101 dev enp0s3
}
        track_script {
                chk_haproxy
}
}

vrrp_instance VI_2 {
        state MASTER
        interface enp0s8
        virtual_router_id 52
        priority 101
        advert_int 1
        authentication {
        auth_type PASS
        auth_pass 1111
        }

virtual_ipaddress {
        10.10.10.5 dev enp0s8
}
track_script {
	chk_haproxy
}
}

Load balancer-1 dijadikan MASTER, dengan prioritas 101

Mengaktifkan Keepalived

[root@LB-1 ~]# systemctl enable keepalived
[root@LB-1 ~]# systemctl restart keepalived

Lihat Status Keepalived

[root@LB-1 ~]# systemctl status keepalived
keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled)
   Active: active (running) since Kam 2016-01-14 02:57:03 EST; 1min 6s ago
  Process: 6556 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 6557 (keepalived)
   CGroup: /system.slice/keepalived.service
           ├─6557 /usr/sbin/keepalived -D
           ├─6558 /usr/sbin/keepalived -D
           └─6559 /usr/sbin/keepalived -D

Konfigurasi HAproxy di LB-1

Backup File haproxy.cfg

[root@LB-1 /]# cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.back 
[root@LB-1 /]# nano /etc/haproxy/haproxy.cfg 
global
      	log     127.0.0.1 local2 info
        chroot  /var/lib/haproxy
        pidfile /var/run/haproxy.pid
        maxconn 256
        user    haproxy
        group   haproxy
        daemon
defaults
        mode    http
        option  forwardfor
        option  http-server-close
        log     global
        option  httplog
        timeout connect 10s
        timeout client  30s
        timeout server  30s
frontend http-in
        bind *:80
        mode http
        reqadd X-Forwarded-Proto:\ http
        default_backend rcn_servers
        option  forwardfor
        stats   enable
        stats   auth    admin:bujangan
        stats   hide-version
        stats   show-node
        stats refresh 30s
        stats uri /haproxy?stats
backend rcn_servers
        mode http
        balance roundrobin
        server  web-rcn01 10.10.10.10:8080 check #server backend 1
        server  web-rcn02 10.10.10.11:8080 check #server backend 2

Mengaktifkan Haproxy

[root@LB-1 /]# systemctl enable haproxy

Restart Haproxy

[root@LB-1 /]# systemctl restart haproxy
[root@LB-1 /]# systemctl status haproxy
haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled)
   Active: active (running) since Kam 2016-01-14 03:21:30 EST; 39s ago
 Main PID: 8071 (haproxy-systemd)
   CGroup: /system.slice/haproxy.service
           ├─8071 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
           ├─8072 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
           └─8073 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds

Jan 14 03:21:30 LB-1 systemd[1]: Started HAProxy Load Balancer.
Jan 14 03:21:31 LB-1 haproxy-systemd-wrapper[8071]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg ...pid -Ds
Hint: Some lines were ellipsized, use -l to show in full.

 

Konfigurasi Load Balancer 2

[root@LB-2 ~]# yum install keepalived haproxy

Tambahkan pada file /etc/sysctl.conf untuk Keepalived VIP dan NAT

[root@LB-2 ~]# nano /etc/sysctl.conf 
net.ipv4.ip_nonlocal_bind=1
net.ipv4.ip_forward=1

Konfigurasi Keepalived

[root@LB-2 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.backup
[root@LB-2 ~]# nano /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
	notification_email {
                alan@routecloud.net
        }
	notification_email_from admin@routecloud.net
        smtp_server 127.0.0.1
        smpt_connect_timeout 30
        lvs_id B2
}

vrrp_script chk_haproxy {
        script "/usr/bin/kill -0 haproxy"
        interval 2
        weight 2
        timeout 2
        fall 2
	rise 2
}

vrrp_instance VI_1 {
        state BACKUP
        interface enp0s3
        virtual_router_id 51
        priority 100
        advert_int 1
        authentication {
        auth_type PASS
        auth_pass 1111
        }



virtual_ipaddress {
        192.168.36.100 dev enp0s3
        192.168.36.101 dev enp0s3
}
        track_script {
                chk_haproxy
}
}

vrrp_instance VI_2 {
        state BACKUP
        interface enp0s8
        virtual_router_id 52
        priority 100
        advert_int 1
        authentication {
        auth_type PASS
        auth_pass 1111
        }

virtual_ipaddress {
        10.10.10.5 dev enp0s8
}
track_script {
	chk_haproxy
}
}

Load balancer-2 dijadikan BACKUP, dengan prioritas 100

Mengaktifkan Keepalived

[root@LB-2 ~]# systemctl enable keepalived
[root@LB-2 ~]# systemctl restart keepalived

Lihat Status Keepalived

[root@LB-2 ~]# systemctl status keepalived
keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled)
   Active: active (running) since Kam 2016-01-14 03:12:18 EST; 1min 54s ago
  Process: 7510 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 7511 (keepalived)
   CGroup: /system.slice/keepalived.service
           ├─7511 /usr/sbin/keepalived -D
           ├─7512 /usr/sbin/keepalived -D
           └─7513 /usr/sbin/keepalived -D

Jan 14 03:12:18 LB-2 Keepalived_healthcheckers[7512]: Registering Kernel netlink reflector
Jan 14 03:12:18 LB-2 Keepalived_healthcheckers[7512]: Registering Kernel netlink command channel
Jan 14 03:12:18 LB-2 Keepalived_healthcheckers[7512]: Opening file '/etc/keepalived/keepalived.conf'.
Jan 14 03:12:18 LB-2 Keepalived_healthcheckers[7512]: Configuration is using : 7813 Bytes
Jan 14 03:12:18 LB-2 Keepalived_healthcheckers[7512]: Using LinkWatch kernel netlink reflector...
Jan 14 03:12:18 LB-2 systemd[1]: Started LVS and VRRP High Availability Monitor.
Jan 14 03:12:18 LB-2 Keepalived_vrrp[7513]: VRRP_Instance(VI_2) Entering BACKUP STATE
Jan 14 03:12:18 LB-2 Keepalived_vrrp[7513]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Jan 14 03:12:18 LB-2 Keepalived_vrrp[7513]: VRRP sockpool: [ifindex(3), proto(112), unicast(0), fd(12,13)]
Jan 14 03:12:18 LB-2 Keepalived_vrrp[7513]: VRRP_Script(chk_haproxy) succeeded

Konfigurasi HAproxy di LB-2

[root@LB-2 ~]# cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.back 
[root@LB-2 ~]# nano /etc/haproxy/haproxy.cfg 
global
      	log     127.0.0.1 local2 info
        chroot  /var/lib/haproxy
        pidfile /var/run/haproxy.pid
        maxconn 256
        user    haproxy
        group   haproxy
        daemon
defaults
        mode    http
        option  forwardfor
        option  http-server-close
        log     global
        option  httplog
        timeout connect 10s
        timeout client  30s
        timeout server  30s
frontend http-in
        bind *:80
        mode http
        reqadd X-Forwarded-Proto:\ http
        default_backend rcn_servers
        option  forwardfor
        stats   enable
        stats   auth    admin:bujangan
        stats   hide-version
        stats   show-node
        stats refresh 30s
        stats uri /haproxy?stats
backend rcn_servers
        mode http
        balance roundrobin
        server  web-rcn01 10.10.10.10:8080 check #server backend 1
        server  web-rcn02 10.10.10.11:8080 check #server backend 2

Mengaktifkan Haproxy

[root@LB-2 /]# systemctl enable haproxy

Restart Haproxy

[root@LB-2 /]# systemctl restart haproxy

Melihat Status Haproxy

[root@LB-2 ~]# systemctl status haproxy
haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled)
   Active: active (running) since Kam 2016-01-14 01:41:43 EST; 1h 47min ago
 Main PID: 852 (haproxy-systemd)
   CGroup: /system.slice/haproxy.service
           ├─ 852 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
           ├─ 988 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
           └─1309 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds

Jan 14 01:41:43 LB-2 systemd[1]: Starting HAProxy Load Balancer...
Jan 14 01:41:43 LB-2 systemd[1]: Started HAProxy Load Balancer.
Jan 14 01:41:44 LB-2 haproxy-systemd-wrapper[852]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -...pid -Ds
Hint: Some lines were ellipsized, use -l to show in full.

 

Menguji coba Kerja Keepalived pada Load Balancer 1

[root@LB-1 /]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:34:84:81 brd ff:ff:ff:ff:ff:ff
    inet 192.168.36.91/24 brd 192.168.36.255 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet 192.168.36.100/32 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet 192.168.36.101/32 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe34:8481/64 scope link 
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:ff:10:a1 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.1/24 brd 10.10.10.255 scope global enp0s8
       valid_lft forever preferred_lft forever
    inet 10.10.10.5/32 scope global enp0s8
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:feff:10a1/64 scope link 
       valid_lft forever preferred_lft forever

 

Menguji coba Kerja Keepalived pada Load Balancer 2

[root@LB-2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:0a:6e:f3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.36.92/24 brd 192.168.36.255 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe0a:6ef3/64 scope link 
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:75:7e:ae brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.2/24 brd 10.10.10.255 scope global enp0s8
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe75:7eae/64 scope link 
       valid_lft forever preferred_lft forever

Jika hasilnya seperti diatas, maka konfigurasi keepalived berhasil, Lihat pada load balancer 1, dia mendapatkan VIP dari keepalived karena LB-1 diterapkan sebagai MASTER dengan prioritas 101, sedangkan pada Load Balancer 2, tidak mendapatkan VIP karena LB-2 dijadikan sebagai BACKUP dengan prioritas 100. jadi LB-2 akan mendapatkan VIP jika LB-1 mengalami kegagalan system.

Pengujian

Pada Load Balancer 1

haproxy

Matikan Load Balancer 1

[root@LB-1 /]# systemctl poweroff

Kemudian cek lagi pada web browser

haproxy2

pada dashboard HAProxy akan mengarah pada LB-2 secara otomatis

Cek VIP pada LB2

[root@LB-2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:0a:6e:f3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.36.92/24 brd 192.168.36.255 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet 192.168.36.100/32 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet 192.168.36.101/32 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe0a:6ef3/64 scope link 
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:75:7e:ae brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.2/24 brd 10.10.10.255 scope global enp0s8
       valid_lft forever preferred_lft forever
    inet 10.10.10.5/32 scope global enp0s8
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe75:7eae/64 scope link 
       valid_lft forever preferred_lft forever

Hasilnya sesuai harapan, yaitu jika LB 1 mengalamai kegagalan maka, LB2 akan langsung men-takeover

Cukup sekian dulu tutorialnya, Wassalamualaikum warahmatullah

About the author
Alan Adi Prastyo

Routecloud Networks

Information about Server, Linux and Computer Network.

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Routecloud Networks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.