Now that we have finished configuring our Virtual Server and Real Servers. Now lets go back and activate the Virtual Server.
Click the Virtual Servers tab in the top right of your browser.
Just like before, when we activated our hosts, we need to activate the Virtual Server.
Select the virtual server and click the (De)Activate button.
Now we have finished configuring our IPVS set up. Now we need to start the service to read in our new config file that the Web UI has created.
On your primary load balancer, start the “pulse” service.
[root@lb01 ~]# service pulse start Starting pulse: [ OK ] [root@lb01 ~]#
Once the service has started, under the Control/Monitoring tab in Piranha, you will now see your running configuration.
See screen shot.
We now have IPVS running ready to accept requests. One last thing you need to do if you have iptables enabled on your load balancers, is allow the port which you configured in your Virtual Server.
E.g. we configured port 80.
Your load balancers (yes, both of them), will need to have port 80 open on each in order to allow the requests to come in and reach the pulse service.
[root@lb01 ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT [root@lb01 ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@lb01 ~]#
If you were to browse to your VIP in your browser now, it would not actually come back with anything just yet, despite the load balancer being fully configured.
The reason for this is because we are using direct routing. Our web servers will be receiving requests destined for an IP address that is not themselves. In order for the response to the client making the request to be correct, the response needs to come from that specific IP address as well.
In order for us to achieve this, we need to tell our real servers, to reply to requests using the VIP address, instead of their own.
To achieve this, add the below rule to iptables on each of your real servers.
Note: the IP address and port number used are those we configured in our virtual server configuration on the load balancer.
[root@web01 ~]# iptables -t nat -A PREROUTING -p tcp -d 10.0.1.60 --dport 80 -j REDIRECT [root@web01 ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@web01 ~]#
Now go and browse to your VIP, or use an FQDN if you have set one up in DNS. You should see one of the host names of your real servers.
If you press the refresh button, it will change to one of the other real services.
If your requests are bouncing around between your real servers then you have configured your load balancing solution correctly.
The last thing we need to set up is the secondary load balancer which we specified in our configuration earlier.
Copy the below files to your secondary load balancer.
/etc/sysconfig/iptables and /etc/sysconfig/ha/lvs.cf
[root@lb01 ~]# scp /etc/sysconfig/iptables root@lb02.example.com:/etc/sysconfig/ root@lb02.example.com's password: iptables 100% 614 0.6KB/s 00:00 [root@lb01 ~]# scp /etc/sysconfig/ha/lvs.cf root@lb02.example.com:/etc/sysconfig/ha/lvs.cf root@lb02.example.com's password: lvs.cf 100% 833 0.8KB/s 00:00 [root@lb01 ~]#
Once you have copied the lvs.cf file from your primary to your secondary, don’t forget to start pulse on your secondary. Otherwise the load balancer service will not failover if the primary failes.
[root@lb02 ~]# service pulse start Starting pulse: [ OK ] [root@lb02 ~]#
If you use iptables on your load balancers, don’t forget to restart iptables on your secondary.
[root@lb02 ~]# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] [root@lb02 ~]#
this is only relevant if you are using iptables as well. Allow UDP traffic from each load balancer to each other.
From the Primary
[root@lb01 ~]# iptables -I INPUT -p udp --dport 539 -s 10.0.1.62 -j ACCEPT [root@lb01 ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@lb01 ~]#
and from the Secondary
[root@lb02 ~]# iptables -I INPUT -p udp --dport 539 -s 10.0.1.61 -j ACCEPT [root@lb02 ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@lb02 ~]#
That’s all folks. Hopefully this process should not have taken you more than about 20 minutes to complete.
Don’t forget that IPVS can be used for any form of load balancing. All you need to know is what ports your services require and have a few real servers to pass the packets to.
One thing to note is that although we have configured a load balanced web server, each time a page is refreshed or requested, the returned data is different. It is important to remember that when using web services or other services which require consistent data, you should ensure that all of your real servers have the ability to access some form of shared storage consistently at the same time.
I recently covered the use of using GlusterFS with Red Hat Storage server. This would be a good example of where to use Gluster. You can also stay tuned as I will be covering the use of Red Hat GFS (Global File System) in an upcoming article also.
I hope you have all found this useful.
Take care.
Can u pls suggest how to manually switch active to standby and vice versa
Hi,
Do we need to configure virtual IP(that is pointed our doman) on LVS router hosts? apart from web real servers
Hello,
I configured it and it is running fine for http.
Now added one more virtual host for https and enabled 443 on firewall. but somehow it is not working. Any idea? Realserver direct https url is working fine.