Set Up A Loadbalanced High-Availability Apache Cluster(1)

Test

This tutorial shows how to set up a two-node Apache web server cluster that provides high-availability. In front of the Apache cluster we create a load balancer that splits up incoming requests between the two Apache nodes. Because we do not want  the load balancer to become another "Single Point Of Failure", we must provide high-availability for the load balancer, too. Therefore our load balancer will in fact consist out of two load balancer nodes that monitor each other using heartbeat, and if one load balancer fails, the other takes over silently.
The advantage of using a load balancer compared to using  round robin DNS is that it takes care of the load on the web server nodes and tries to direct requests to the node with less load, and it also takes care of connections/sessions. Many web applications (e.g. forum software, shopping carts, etc.) make use of sessions, and if you are in a session on Apache node 1, you would lose that session if suddenly node 2 served your requests. In addition to that, if one of the Apache nodes goes down, the load balancer realizes that and directs all incoming requests to the remaining node which would not be possible with round robin DNS.
For this setup, we need four nodes (two Apache nodes and two load balancer nodes) and five IP addresses: one for each node and one virtual IP address that will be shared by the load balancer nodes and used for incoming HTTP requests.  
I will use the following setup here:

• Apache node 1: webserver1.example.com (webserver1)  - IP address: 192.168.0.101; Apache document root: /var/www
• Apache node 2: webserver2.example.com (webserver2) - IP address: 192.168.0.102; Apache document root: /var/www
• Load Balancer node 1: loadb1.example.com (loadb1) - IP address: 192.168.0.103
• Load Balancer node 2: loadb2.example.com (loadb2) - IP address: 192.168.0.104
• Virtual IP Address: 192.168.0.105 (used for incoming requests)
  

Have a look at the drawing on http://www.linuxvirtualserver.org/docs/ha/ultramonkey.html to understand how this setup looks like.
In this tutorial I will use Debian Sarge for all four nodes. I assume that you have installed a basic Debian installation on all four nodes, and that you have installed Apache on webserver1 and webserver2, with /var/www being the document root of the main web site.
I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!



1 Enable  IPVS On The Load Balancers First we must enable IPVS on our load balancers.  IPVS (IP Virtual Server) implements transport-layer load balancing inside the Linux kernel, so called Layer-4 switching.

loadb1/loadb2:

1. echo ip_vs_dh >> /etc/modules
   
2. echo ip_vs_ftp >> /etc/modules
   
3. echo ip_vs >> /etc/modules
   
4. echo ip_vs_lblc >> /etc/modules
   
5. echo ip_vs_lblcr >> /etc/modules
   
6. echo ip_vs_lc >> /etc/modules
   
7. echo ip_vs_nq >> /etc/modules
   
8. echo ip_vs_rr >> /etc/modules
   
9. echo ip_vs_sed >> /etc/modules
   
10. echo ip_vs_sh >> /etc/modules
    
11. echo ip_vs_wlc >> /etc/modules
    
12. echo ip_vs_wrr >> /etc/modules

复制代码

Then we do this:
loadb1/loadb2:

1. modprobe ip_vs_dh
   
2. modprobe ip_vs_ftp
   
3. modprobe ip_vs
   
4. modprobe ip_vs_lblc
   
5. modprobe ip_vs_lblcr
   
6. modprobe ip_vs_lc
   
7. modprobe ip_vs_nq
   
8. modprobe ip_vs_rr
   
9. modprobe ip_vs_sed
   
10. modprobe ip_vs_sh
    
11. modprobe ip_vs_wlc
    
12. modprobe ip_vs_wrr

复制代码

If you get errors, then most probably your kernel wasn't compiled with IPVS support, and you need to compile a new kernel with IPVS support (or install a kernel image with IPVS support) now.


2 Install Ultra Monkey On The Load Balancers Ultra Monkey is a project to create load balanced and highly available services on a local area network using Open Source components on the Linux operating system; the Ultra Monkey package provides heartbeat (used by the two load balancers to monitor each other and check if the other node is still alive) and ldirectord, the actual load balancer.
To install Ultra Monkey, we must edit /etc/apt/sources.list now and add these two lines  (don't remove the other repositories):
loadb1/loadb2:

1. vi /etc/apt/sources.list

复制代码

deb http://www.ultramonkey.org/download/3/ sarge main
deb-src http://www.ultramonkey.org/download/3 sarge main

Afterwards we do this:
loadb1/loadb2:

1. apt-get update

复制代码

and install Ultra Monkey:
loadb1/loadb2:

1. apt-get install ultramonkey

复制代码

If you see this warning:

¦ libsensors3 not functional                                               ¦
  ¦                                                                          ¦
  ¦ It appears that your kernel is not compiled with sensors support. As a   ¦
  ¦ result, libsensors3 will not be functional on your system.               ¦
  ¦                                                                          ¦
  ¦ If you want to enable it, have a look at "I2C Hardware Sensors Chip      ¦
  ¦ support" in your kernel configuration.                                   ¦

you can ignore it.
During the Ultra Monkey installation you will be asked a few question. Answer as follows:
Do you want to automatically load IPVS rules on boot?
<-- No
Select a daemon method.
<-- none


Version 1.0
  Author: Falko Timme <ft [at] falkotimme [dot] com>
  Last edited 04/26/2006

Test

3 Enable Packet Forwarding On The Load Balancers
The load balancers must be able to route traffic to the Apache nodes. Therefore we must enable packet forwarding on the load balancers. Add the following lines to /etc/sysctl.conf:
loadb1/loadb2:

1. vi /etc/sysctl.conf

复制代码

# Enables packet forwarding
net.ipv4.ip_forward = 1

Then do this:
loadb1/loadb2:

1. sysctl -p

复制代码

4 Configure heartbeat And ldirectord Now we have to create three configuration files for heartbeat. They must be identical on loadb1 and loadb2!
loadb1/loadb2:

1. vi /etc/ha.d/ha.cf

复制代码

logfacility        local0
bcast        eth0                # Linux
mcast eth0 225.0.0.1 694 1 0
auto_failback off
node        loadb1
node        loadb2
respawn hacluster /usr/lib/heartbeat/ipfail
apiauth ipfail gid=haclient uid=hacluster

Important: As nodenames we must use the output of

1. uname -n

复制代码

on loadb1 and loadb2.
loadb1/loadb2:

1. vi /etc/ha.d/haresources

复制代码

loadb1        \
        ldirectord::ldirectord.cf \
        LVSSyncDaemonSwap::master \
        IPaddr2::192.168.0.105/24/eth0/192.168.0.255

The first word is the output of

1. uname -n

复制代码

on loadb1, no matter if you create the file on loadb1 or loadb2! After IPaddr2 we put our virtual IP address 192.168.0.105.
loadb1/loadb2:

1. vi /etc/ha.d/authkeys

复制代码

auth 3
3 md5 somerandomstring

somerandomstring is a password which the two heartbeat daemons on loadb1 and loadb2 use to authenticate against each other. Use your own string here. You have the choice between three authentication mechanisms. I use md5 as it is the most secure one.
/etc/ha.d/authkeys should be readable by root only, therefore we do this:
loadb1/loadb2:

1. chmod 600 /etc/ha.d/authkeys

复制代码

ldirectord is the actual load balancer. We are going to configure our two load balancers (loadb1.example.com and loadb2.example.com) in an active/passive setup, which means we have one active load balancer, and the other one is a hot-standby and becomes active if the active one fails. To make it work, we must create the ldirectord configuration file /etc/ha.d/ldirectord.cf which again must be identical on loadb1 and loadb2.
loadb1/loadb2:

1. vi /etc/ha.d/ldirectord.cf

复制代码

checktimeout=10
checkinterval=2
autoreload=no
logfile="local0"
quiescent=yes

virtual=192.168.0.105:80
        real=192.168.0.101:80 gate
        real=192.168.0.102:80 gate
        fallback=127.0.0.1:80 gate
        service=http
        request="ldirector.html"
        receive="Test Page"
        scheduler=rr
        protocol=tcp
        checktype=negotiate

In the virtual= line we put our virtual IP address (192.168.0.105 in this example), and in the real= lines we list the IP addresses of our Apache nodes (192.168.0.101 and 192.168.0.102 in this example). In the request= line we list the name of a file on webserver1 and webserver2 that ldirectord will request repeatedly to see if webserver1 and webserver2 are still alive. That file (that we are going to create later on) must contain the string listed in the receive= line.
Afterwards we create the system startup links for heartbeat and remove those of ldirectord because ldirectord will be started by the heartbeat daemon:
loadb1/loadb2:

1. update-rc.d heartbeat start 75 2 3 4 5 . stop 05 0 1 6 .
   
2. update-rc.d -f ldirectord remove

复制代码

Finally we start heartbeat (and with it ldirectord):
loadb1/loadb2:

1. /etc/init.d/ldirectord stop
   
2. /etc/init.d/heartbeat start

复制代码

Test

5 Test The Load Balancers
Let's check if both load balancers work as expected:
loadb1/loadb2:

1. ip addr sh eth0

复制代码

The active load balancer should list the virtual IP address (192.168.0.105):

2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:16:3e:40:18:e5 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.103/24 brd 192.168.0.255 scope global eth0
    inet 192.168.0.105/24 brd 192.168.0.255 scope global secondary eth0

The hot-standby should show this:

2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:16:3e:50:e3:3a brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.104/24 brd 192.168.0.255 scope global eth0

loadb1/loadb2:

1. ldirectord ldirectord.cf status

复制代码

Output on the active load balancer:

ldirectord for /etc/ha.d/ldirectord.cf is running with pid: 1455

Output on the hot-standby:

ldirectord is stopped for /etc/ha.d/ldirectord.cf

loadb1/loadb2:

1. ipvsadm -L -n

复制代码

Output on the active load balancer:

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddressort Scheduler Flags
  -> RemoteAddressort           Forward Weight ActiveConn InActConn
TCP  192.168.0.105:80 rr
  -> 192.168.0.101:80             Route   0      0          0
  -> 192.168.0.102:80             Route   0      0          0
  -> 127.0.0.1:80                 Local   1      0          0

Output on the hot-standby:

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddressort Scheduler Flags
  -> RemoteAddressort           Forward Weight ActiveConn InActConn

loadb1/loadb2:

1. /etc/ha.d/resource.d/LVSSyncDaemonSwap master status

复制代码

Output on the active load balancer:

master running
(ipvs_syncmaster pid: 1591)

Output on the hot-standby:

master stopped

If your tests went fine, you can now go on and configure the two Apache nodes.

6 Configure The Two Apache Nodes
Finally we must configure our Apache cluster nodes webserver1.example.com and webserver2.example.com to accept requests on the virtual IP address 192.168.0.105.

webserver1/webserver2:

1. apt-get install iproute

复制代码

Add the following to /etc/sysctl.conf:
webserver1/webserver2:

1. vi /etc/sysctl.conf

复制代码

# Enable configuration of arp_ignore option
net.ipv4.conf.all.arp_ignore = 1

# When an arp request is received on eth0, only respond if that address is
# configured on eth0. In particular, do not respond if the address is
# configured on lo
net.ipv4.conf.eth0.arp_ignore = 1

# Ditto for eth1, add for all ARPing interfaces
#net.ipv4.conf.eth1.arp_ignore = 1


# Enable configuration of arp_announce option
net.ipv4.conf.all.arp_announce = 2

# When making an ARP request sent through eth0 Always use an address that
# is configured on eth0 as the source address of the ARP request.  If this
# is not set, and packets are being sent out eth0 for an address that is on
# lo, and an arp request is required, then the address on lo will be used.
# As the source IP address of arp requests is entered into the ARP cache on
# the destination, it has the effect of announcing this address.  This is
# not desirable in this case as adresses on lo on the real-servers should
# be announced only by the linux-director.
net.ipv4.conf.eth0.arp_announce = 2

# Ditto for eth1, add for all ARPing interfaces
#net.ipv4.conf.eth1.arp_announce = 2

Then run this:
webserver1/webserver2:

1. sysctl -p

复制代码

Add this section for the virtual IP address to /etc/network/interfaces:
webserver1/webserver2:

1. vi /etc/network/interfaces

复制代码

auto lo:0
iface lo:0 inet static
  address 192.168.0.105
  netmask 255.255.255.255
  pre-up sysctl -p > /dev/null

Then run this:
webserver1/webserver2:

1. ifup lo:0

复制代码

Finally we must create the file ldirector.html. This file is requested by the two load balancer nodes repeatedly so that they can see if the two Apache nodes are still running. I assume that the document root of the main apache web site on webserver1 and webserver2 is /var/www, therefore we create the file /var/www/ldirector.html:
webserver1/webserver2:

1. vi /var/www/ldirector.html

复制代码

Test Page

Test

7 Further Testing
You can now access the web site that is hosted by the two Apache nodes by typing http://192.168.0.105 in your browser.
Now stop the Apache on either webserver1 or webserver2. You should then still see the web site on http://192.168.0.105 because the load balancer directs requests to the working Apache node. Of course, if you stop both Apaches, then your request will fail.
Now let's assume that loadb1 is our active load balancer, and loadb2 is the hot-standby. Now stop heartbeat on loadb1:

loadb1:

1. /etc/init.d/heartbeat stop

复制代码

Wait a few seconds, and then try http://192.168.0.105 again in your browser. You should still see your web site because loadb2 has taken the active role now.   
Now start heartbeat again on loadb1:
loadb1:

1. /etc/init.d/heartbeat start

复制代码

loadb2 should still have the active role. Do the tests from chapter 5 again on loadb1 and loadb2, and you should see the inverse results as before.
If you have also passed these tests, then your loadbalanced Apache cluster is working as expected. Have fun!

8 Further ReadingThis tutorial shows how to loadbalance two Apache nodes. It does not show how to keep the files in the Apache document root in sync or how to create a storage solution like an NFS server that both Apache nodes can use, nor does it provide a solution how to manage your MySQL database(s). You can find solutions for these issues here:

• Mirror Your Web Site With rsync
• Setting Up A Highly Available NFS Server
• How To Set Up A Load-Balanced MySQL Cluster
• How To Set Up Database Replication In MySQL
  

9 Links

• heartbeat / The High-Availability Linux Project: http://linux-ha.org
• The Linux Virtual Server Project: http://www.linuxvirtualserver.org
• Ultra Monkey: http://www.ultramonkey.org