우분투에서 Keepalived를 사용하여 고가용성(High Availability, HA)을 구성하는 방법

우분투에서 Keepalived를 사용하여 고가용성(High Availability, HA)을 구성하는 방법

테스트 환경

• 운영체제 버전 정보

$ lsb_release -d
Description:    Ubuntu 22.04.3 LTS

• 시스템 현황

호스트 이름	네트워크 인터페이스	아이피 주소	비고
node01	eth0	172.19.0.3
node02	eth0	172.19.0.2
vip	eth0:1	172.19.0.10

/etc/sysctl.conf 파일의 특정 설정 값을 변경

• 설정 값 확인

sysctl -a | egrep 'net.ipv4.ip_forward|net.ipv4.ip_nonlocal_bind'

$ sysctl -a | egrep 'net.ipv4.ip_forward|net.ipv4.ip_nonlocal_bind'
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
net.ipv4.ip_nonlocal_bind = 0

cat /etc/sysctl.conf | egrep 'net.ipv4.ip_forward|net.ipv4.ip_nonlocal_bind'

$ cat /etc/sysctl.conf | egrep 'net.ipv4.ip_forward|net.ipv4.ip_nonlocal_bind'
#net.ipv4.ip_forward=1

• IP 포워딩 활성화

sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf

• 로컬 주소가 아닌 IP 주소에 대한 바이딩을 허용

echo "net.ipv4.ip_nonlocal_bind=1" >> /etc/sysctl.conf

• 설정 값 확인

$ cat /etc/sysctl.conf | egrep 'net.ipv4.ip_forward|net.ipv4.ip_nonlocal_bind'
net.ipv4.ip_forward=1
net.ipv4.ip_nonlocal_bind=1

$ sysctl -a | egrep 'net.ipv4.ip_forward|net.ipv4.ip_nonlocal_bind'
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
net.ipv4.ip_nonlocal_bind = 1

Keepalived 패키지 설치

sudo apt-get update

sudo apt-get install -y keepalived

HAProxy 패키지 설치

sudo apt-get install -y haproxy

Keepalived 구성

• keepalived.conf 편집

vim /etc/keepalived/keepalived.conf

• node01 keepalived 구성

global_defs {
    notification_email {
        admin@example.com
    }
    notification_email_from admin@example.com
    #smtp_server smtp.example.com
    #smtp_connect_timeout 30
    router_id LVS_DEVEL
    enable_script_security
    script_user root
}

vrrp_script haproxy_check {
    script "/etc/keepalived/haproxy_check.sh"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.19.0.10/24 dev eth0 label eth0:1
    }
    track_script {
        haproxy_check
    }
}

keepalived -t

• node02 keepalived 구성

global_defs {
    notification_email {
        admin@example.com
    }
    notification_email_from admin@example.com
    #smtp_server smtp.example.com
    #smtp_connect_timeout 30
    router_id LVS_DEVEL
    enable_script_security
    script_user root
}

vrrp_script haproxy_check {
    script "/etc/keepalived/haproxy_check.sh"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.19.0.10/24 dev eth0 label eth0:1
    }
    track_script {
        haproxy_check
    }
}

keepalived -t

스크립트 파일 생성

• HAProxy Check 스크립트 파일 생성 (node01, node02)

vim /etc/keepalived/haproxy_check.sh

#!/bin/bash

# 이 스크립트는 HAProxy가 실행 중인지 확인합니다.
# HAProxy가 실행 중이면 0을 반환하고 그렇지 않으면 1을 반환합니다.

if pidof haproxy > /dev/null; then
    exit 0
else
    exit 1
fi

• 실행 권한 부여

sudo chmod +x /etc/keepalived/haproxy_check.sh

Keepalived 재시작

sudo systemctl restart keepalived

HAProxy 재시작

sudo systemctl restart haproxy

Keepalived 상태 확인

sudo systemctl status keepalived

728x90

Keepalived 페일오버 테스트

• node ip 확인(node01, node02)

ip -brief address show

root@node01:~$ ip -brief address show
lo               UNKNOWN        127.0.0.1/8 
eth0@if804       UP             172.19.0.3/16 172.19.0.10/24

$ ip -brief address show
lo               UNKNOWN        127.0.0.1/8 
eth0@if802       UP             172.19.0.2/16

• ping을 사용하여 VIP에 대한 테스트

ping -c 4 172.19.0.10

$ ping -c 4 172.19.0.10
PING 172.19.0.10 (172.19.0.10) 56(84) bytes of data.
64 bytes from 172.19.0.10: icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from 172.19.0.10: icmp_seq=2 ttl=64 time=0.029 ms
64 bytes from 172.19.0.10: icmp_seq=3 ttl=64 time=0.031 ms
64 bytes from 172.19.0.10: icmp_seq=4 ttl=64 time=0.031 ms

--- 172.19.0.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3072ms
rtt min/avg/max/mdev = 0.029/0.033/0.041/0.004 ms

• Keepalived 서비스 중지(node01)

systemctl stop keepalived

root@node01:~$ systemctl stop keepalived

• node ip 확인(node01, node02)

ip -brief address show

$ ip -brief address show
lo               UNKNOWN        127.0.0.1/8 
eth0@if804       UP             172.19.0.3/16

$ ip -brief address show
lo               UNKNOWN        127.0.0.1/8 
eth0@if802       UP             172.19.0.2/16 172.19.0.10/24

• ping을 사용하여 VIP에 대한 테스트

ping -c 4 172.19.0.10

$ ping -c 4 172.19.0.10
PING 172.19.0.10 (172.19.0.10) 56(84) bytes of data.
64 bytes from 172.19.0.10: icmp_seq=1 ttl=64 time=0.046 ms
64 bytes from 172.19.0.10: icmp_seq=2 ttl=64 time=0.025 ms
64 bytes from 172.19.0.10: icmp_seq=3 ttl=64 time=0.028 ms
64 bytes from 172.19.0.10: icmp_seq=4 ttl=64 time=0.027 ms

--- 172.19.0.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3074ms
rtt min/avg/max/mdev = 0.025/0.031/0.046/0.008 ms

• Keepalived 서비스 다시 시작(node01)

systemctl start keepalived

• node ip 확인(node01, node02)

ip -brief address show

$ ip -brief address show
lo               UNKNOWN        127.0.0.1/8 
eth0@if804       UP             172.19.0.3/16 172.19.0.10/24

$ ip -brief address show
lo               UNKNOWN        127.0.0.1/8 
eth0@if802       UP             172.19.0.2/16