Keepalived not working?

Question

I'm trying to create HA for HAProxy using keepalived on CentOS 8, here's what I have:

Virtual IP: 10.10.10.14
HAProxy Server 1: 10.10.10.15
HAProxy Server 2: 10.10.10.18

and my keepalived configuration on MASTER:

vrrp_script chk_haproxy {
  script "killall -0 haproxy" # check the haproxy process
  interval 2 # every 2 seconds
  weight 2 # add 2 points if OK
}

vrrp_instance VI_1 {
  interface ens190 
  state MASTER 
  virtual_router_id 51
  priority 101 
  virtual_ipaddress {
    10.10.10.14 
  }
  track_script {
    chk_haproxy
  }
}

Keepalived config on BACKUP:

vrrp_script chk_haproxy {
  script "killall -0 haproxy" # check the haproxy process
  interval 2 # every 2 seconds
  weight 2 # add 2 points if OK
}

vrrp_instance VI_1 {
  interface ens165 
  state BACKUP 
  virtual_router_id 51
  priority 100 
  virtual_ipaddress {
    10.10.10.14 
  }
  track_script {
    chk_haproxy
  }
}

But every time I try to stop my HAProxy process it won't connect to the backup server. Instead it only works on the server with the recent start of keepalived.

My ip -a command would return like this for Master:

inet 10.10.10.15/24 brd 10.10.10.255 scope global noprefixroute ens190
inet 10.10.10.14/32 scope global ens190

For Backup:

inet 10.10.10.18/24 brd 10.10.10.255 scope global noprefixroute ens165
inet 10.10.10.14/32 scope global ens165

Anything wrong? I have also set net.ipv4.ip_nonlocal_bind = 1 on my sysctl configuration. My logs only show the start and stop of the service?

I do not know the command `ip -a`, but it resembles `ip addr`. The IP address `10.10.10.14/32` should not be up on both machines simultaneously, Keepalived will add and remove the address to the interface when necessary. Moreover, when Keepalived is not running on any host, then no host should have this IP address. You may check this first. — rexkogitans, Jul 15 '20 at 09:42

score 1 · Answer 1 · answered Jul 15 '20 at 23:51

1

My configuration works but the guide did not say anything regarding firewall rules. So I did some research and sudo firewall-cmd --zone=public --permanent --add-rich-rule='rule protocol value="vrrp" accept' makes this set up functional.

answered Jul 15 '20 at 23:51

Gwynn

41
1
4

rexkogitans · Answer 2 · 2020-07-15T10:48:33.210

0

HAProxy binds to the socket when it finished loading the configuration. Then it listens to 10.10.10.14, where this IP address may later be removed from the network interface by Keepalived.

However, in the moment the other instance of Keepalived adds the IP address, the HAProxy on the host does not automatically listen there. It is necessary to reload the HAProxy when Keepalived switches.

To achieve this, you may want to add a notify script in the section vrrp_instance VI_1:

notify "/usr/local/bin/toggle_keepalived"

And the file /usr/local/bin/toggle_keepalived is a shell script that just reloads HAProxy, say on a systemd system:

#!/bin/bash
systemctl reload haproxy

Make it executable, here you go.

edited Jul 15 '20 at 10:48

answered Jul 15 '20 at 10:11

rexkogitans

1,319
11
17

I haven't reloaded my HAProxy since starting keepalived but it still listens to the default ports. But I'll give your recommendation a try. BTW the one missing on my set up is the firewall, I need to run this command: `sudo firewall-cmd --zone=public --permanent --add-rich-rule='rule protocol value="vrrp" accept'` – Gwynn Jul 15 '20 at 23:50
@Gwynn "I haven't reloaded my HAProxy since starting keepalived but it still listens to the default ports." Exactly this is the problem. HAProxy **must** be reloaded when the network interface is assigned its address. – rexkogitans Jul 17 '20 at 06:59

Keepalived not working?

2 Answers2