4

Environment:

Centos 7

Keepalived

Machine I

enp0s3 --> 192.168.1.38 (connects to the outside world) en0s8 --> 192.168.100.101 (connects to internal network)

Machine II

enp0s3 --> 192.168.100.102 default gw --> 192.168.100.101

Machine II

enp0s3 --> 192.168.100.103 default gw --> 192.168.100.101

I have followed the tutorial here step by step. And while everyone in the comments says it works beautifully for them, I can´t get the keepalived demon to listen to its config file. It's a really simple set up. All I want to do is:

  1. Machine I acts as virtual server to the outside world, connecting to two real web servers (Machine II and Machine III).
  2. Machine I will first try to serve Machine II's service, if Machine II goes down nothing should happen, clients shouldn´t notice, and Machine I should instantly start serving Machine III's service.

Point 2) is supposed to get done with Keepalived, but it just won´t work. Here's the config file from /etc/keepalived/keepalived.conf 

global_defs{ 
   notification_email{ 
        fake@yahoo.es 
   } 
   notification_email_from keepalived@domain.com 
   smtp_server 193.145.147.51 
   smtp_connect_timeout 30 
   lvs_id LVS_MAIN 
} 

vrrp_instance VI_1 {
     interface enp0s3
     state MASTER
     virtual_router_id 51
     priority 150
     advert_int 1

    virtual_ipaddress {
            192.168.100.105/24 dev enp0s8
    }
}


virtual_server 192.168.100.105 80 { !This would hosted in Machine I enp0s8
       delay_loop 3 
       lb_algo wrr 
       lb_kind NAT
       nat_mask 255.255.255.0
       protocol TCP 

      real_server 192.168.100.102 8000 { !Machine II
           weight 1 
           TCP_CHECK { 
                 connect_timeout 3
            connect_port 8000
           } 
      } 

     real_server 192.168.100.103 8000 { !Machine III 
           weight 1 
                        TCP_CHECK { 
                 connect_timeout 3
            connect_port 8000
           } 
     } 
 }

When I run keepalived, and do sudo ip addr show enp0s8 I can see that keepalived has given the interface the virtual IP address 192.168.100.105 but when I go to Machine I's browser and put in as URL the ip addrss 192.168.100.105 nothing is given back, just timeout connection. But if I put in 192.168.100.102:8000 or 192.168.100.103:8000 I am greeted with my web service.

What could I have wrong with keepalived?

I appreciate any help.

Chayemor
  • 151
  • 1
  • 5
  • 2
    Maybe it's out-of-scope but usually keepalived is used for moving virtual IP from one host to another. Why not using HAProxy in TCP mode here instead ? – DevOps Jan 03 '17 at 17:53
  • You have one paragraph "Machine I" and two paragraphs "Machine II". I guess the second one is supposed to be "Machine III". – Hauke Laging Apr 25 '20 at 12:11

1 Answers1

2

in my case, i use LVS-DR. If you're using LVS-DR

Based on http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.ipvsadm.html

LVS-DR, LVS-Tun: the default gw cannot be the director - use some local router.

Change the virtual address to 

virtual_ipaddress {
        192.168.100.105 dev enp0s8
}

Change default gateway on your real servers to router NOT Director.

Change 

lb_kind NAT

to 

lb_kind DR

Also you need to add iptables rules on real-server.

http://www.centos.org/docs/5/html/Virtual_Server_Administration/s2-lvs-direct-iptables-VSA.html

On Real Server 192.168.100.102 and 192.168.100.103 

iptables -t nat -A PREROUTING -p <tcp|udp> -d <vip> --dport <port> -j REDIRECT

In this case become:

iptables -t nat -A PREROUTING -p tcp -d 192.168.100.105 --dport 8000 -j REDIRECT
chocripple
  • 2,039
  • 14
  • 9