본문 바로가기

리눅스

[draft] 우분투에서 Keepalived를 사용하여 고가용성(High Availability, HA)을 구성하는 방법

728x90

우분투에서 Keepalived를 사용하여 고가용성(High Availability, HA)을 구성하는 방법

테스트 환경

  • 운영체제 버전 정보
$ lsb_release -d
Description:    Ubuntu 22.04.3 LTS
  • 시스템 현황
호스트 이름 네트워크 인터페이스 아이피 주소 비고
node01 eth0 172.19.0.3  
node02 eth0 172.19.0.2  
vip eth0:1 172.19.0.10  

/etc/sysctl.conf 파일의 특정 설정 값을 변경

  • 설정 값 확인
sysctl -a | egrep 'net.ipv4.ip_forward|net.ipv4.ip_nonlocal_bind'
$ sysctl -a | egrep 'net.ipv4.ip_forward|net.ipv4.ip_nonlocal_bind'
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
net.ipv4.ip_nonlocal_bind = 0
cat /etc/sysctl.conf | egrep 'net.ipv4.ip_forward|net.ipv4.ip_nonlocal_bind'
$ cat /etc/sysctl.conf | egrep 'net.ipv4.ip_forward|net.ipv4.ip_nonlocal_bind'
#net.ipv4.ip_forward=1
  • IP 포워딩 활성화
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
  • 로컬 주소가 아닌 IP 주소에 대한 바이딩을 허용
echo "net.ipv4.ip_nonlocal_bind=1" >> /etc/sysctl.conf
  • 설정 값 확인
$ cat /etc/sysctl.conf | egrep 'net.ipv4.ip_forward|net.ipv4.ip_nonlocal_bind'
net.ipv4.ip_forward=1
net.ipv4.ip_nonlocal_bind=1
$ sysctl -a | egrep 'net.ipv4.ip_forward|net.ipv4.ip_nonlocal_bind'
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
net.ipv4.ip_nonlocal_bind = 1

Keepalived 패키지 설치

sudo apt-get update
sudo apt-get install -y keepalived

HAProxy 패키지 설치

sudo apt-get install -y haproxy

Keepalived 구성

  • keepalived.conf 편집
vim /etc/keepalived/keepalived.conf
  • node01 keepalived 구성
global_defs {
    notification_email {
        admin@example.com
    }
    notification_email_from admin@example.com
    #smtp_server smtp.example.com
    #smtp_connect_timeout 30
    router_id LVS_DEVEL
    enable_script_security
    script_user root
}

vrrp_script haproxy_check {
    script "/etc/keepalived/haproxy_check.sh"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.19.0.10/24 dev eth0 label eth0:1
    }
    track_script {
        haproxy_check
    }
}
keepalived -t
  • node02 keepalived 구성
global_defs {
    notification_email {
        admin@example.com
    }
    notification_email_from admin@example.com
    #smtp_server smtp.example.com
    #smtp_connect_timeout 30
    router_id LVS_DEVEL
    enable_script_security
    script_user root
}

vrrp_script haproxy_check {
    script "/etc/keepalived/haproxy_check.sh"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.19.0.10/24 dev eth0 label eth0:1
    }
    track_script {
        haproxy_check
    }
}
keepalived -t

스크립트 파일 생성

  • HAProxy Check 스크립트 파일 생성 (node01, node02)
vim /etc/keepalived/haproxy_check.sh
#!/bin/bash

# 이 스크립트는 HAProxy가 실행 중인지 확인합니다.
# HAProxy가 실행 중이면 0을 반환하고 그렇지 않으면 1을 반환합니다.

if pidof haproxy > /dev/null; then
    exit 0
else
    exit 1
fi
  • 실행 권한 부여
sudo chmod +x /etc/keepalived/haproxy_check.sh

Keepalived 재시작

sudo systemctl restart keepalived

HAProxy 재시작

sudo systemctl restart haproxy

Keepalived 상태 확인

sudo systemctl status keepalived
728x90

Keepalived 페일오버 테스트

  • node ip 확인(node01, node02)
ip -brief address show
root@node01:~$ ip -brief address show
lo               UNKNOWN        127.0.0.1/8 
eth0@if804       UP             172.19.0.3/16 172.19.0.10/24
$ ip -brief address show
lo               UNKNOWN        127.0.0.1/8 
eth0@if802       UP             172.19.0.2/16
  • ping을 사용하여 VIP에 대한 테스트
ping -c 4 172.19.0.10
$ ping -c 4 172.19.0.10
PING 172.19.0.10 (172.19.0.10) 56(84) bytes of data.
64 bytes from 172.19.0.10: icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from 172.19.0.10: icmp_seq=2 ttl=64 time=0.029 ms
64 bytes from 172.19.0.10: icmp_seq=3 ttl=64 time=0.031 ms
64 bytes from 172.19.0.10: icmp_seq=4 ttl=64 time=0.031 ms

--- 172.19.0.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3072ms
rtt min/avg/max/mdev = 0.029/0.033/0.041/0.004 ms
  • Keepalived 서비스 중지(node01)
systemctl stop keepalived
root@node01:~$ systemctl stop keepalived
  • node ip 확인(node01, node02)
ip -brief address show
$ ip -brief address show
lo               UNKNOWN        127.0.0.1/8 
eth0@if804       UP             172.19.0.3/16
$ ip -brief address show
lo               UNKNOWN        127.0.0.1/8 
eth0@if802       UP             172.19.0.2/16 172.19.0.10/24
  • ping을 사용하여 VIP에 대한 테스트
ping -c 4 172.19.0.10
$ ping -c 4 172.19.0.10
PING 172.19.0.10 (172.19.0.10) 56(84) bytes of data.
64 bytes from 172.19.0.10: icmp_seq=1 ttl=64 time=0.046 ms
64 bytes from 172.19.0.10: icmp_seq=2 ttl=64 time=0.025 ms
64 bytes from 172.19.0.10: icmp_seq=3 ttl=64 time=0.028 ms
64 bytes from 172.19.0.10: icmp_seq=4 ttl=64 time=0.027 ms

--- 172.19.0.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3074ms
rtt min/avg/max/mdev = 0.025/0.031/0.046/0.008 ms
  • Keepalived 서비스 다시 시작(node01)
systemctl start keepalived
  • node ip 확인(node01, node02)
ip -brief address show
$ ip -brief address show
lo               UNKNOWN        127.0.0.1/8 
eth0@if804       UP             172.19.0.3/16 172.19.0.10/24
$ ip -brief address show
lo               UNKNOWN        127.0.0.1/8 
eth0@if802       UP             172.19.0.2/16

 

728x90