Balanceo de carga en Ubuntu + LDAP

Hace poco implementamos un servidor ldap para la autenticación de los usuarios, ahora necesitábamos un poco de redundancia en este servicio así que usamos keepalived para balancear la carga de dos servidores ldap previamente sincronizados.

Necesitaremos 3 direcciones ips 2 para nuestros servidores reales 10.25.2.1 y 10.25.2.2 y una para nuestro servidor virtual 10.25.2.3

Mira el resto del artículo para la guía paso a paso


1. Agregamos una interfaz virtual con la ip de nuestro servidor virtual

#configuracion ip del servidor principal /etc/network/interfaces
iface eth0 inet static
address 10.25.2.1
netmask 255.255.255.0
network 10.25.2.0
broadcast 10.25.2.255
gateway 10.25.2.254

auto eth0:0
iface eth0:0 inet static
address 10.25.2.57
netmask 255.255.255.0
network 10.25.2.0
broadcast 10.25.2.255
gateway 10.25.2.254

#configuracion ip del servidor alterno /etc/network/interfaces
iface eth0 inet static
address 10.25.2.2
netmask 255.255.255.0
network 10.25.2.0
broadcast 10.25.2.255
gateway 10.25.2.254


auto eth0:0
iface eth0:0 inet static
address 10.25.2.3
netmask 255.255.255.0
network 10.25.2.0
broadcast 10.25.2.255
gateway 10.25.2.254


2. Instalamos keepalived en ambos servidores reales

sudo apt-get install keepalived

3. Creamos el siguiente script de configuracion en el master

# Keepalived Configuration File /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 10
priority 200
virtual_ipaddress {
10.25.2.3/24
}
notify_master "/etc/keepalived/notify.sh del 10.25.2.3"
notify_backup "/etc/keepalived/notify.sh add 10.25.2.3"
notify_fault "/etc/keepalived/notify.sh add 10.25.2.3"
}
virtual_server 10.25.2.3 389 {
delay_loop 30
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 10.25.2.1 389 {
weight 100
TCP_CHECK {
connect_timeout 3
connect_port 389
nb_get_retry 3
delay_before_retry 2
}
}
real_server 10.25.2.2 389 {
weight 100
TCP_CHECK {
connect_timeout 3
connect_port 389
nb_get_retry 3
delay_before_retry 2
}
}
}


4. Creamos el siguiente script de configuracion en el alterno

# Keepalived Configuration File /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 10
priority 100
virtual_ipaddress {
10.25.2.3/24
}
notify_master "/etc/keepalived/notify.sh del 10.25.2.3"
notify_backup "/etc/keepalived/notify.sh add 10.25.2.3"
notify_fault "/etc/keepalived/notify.sh add 10.25.2.3"
}
virtual_server 10.25.2.3 389 {
delay_loop 30
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 10.25.2.1 389 {
weight 100
TCP_CHECK {
connect_timeout 3
connect_port 389
nb_get_retry 3
delay_before_retry 2
}
}
real_server 10.25.2.2 389 {
weight 100
TCP_CHECK {
connect_timeout 3
connect_port 389
nb_get_retry 3
delay_before_retry 2
}
}
}


5. Se crea en ambos servidores un script para la comunicacion /etc/keepalived/notify.sh

#!/bin/bash
VIP="$2"
case "$1" in
add)
/sbin/iptables -A PREROUTING -t nat -d $VIP -p tcp -j REDIRECT
;;
del)
/sbin/iptables -D PREROUTING -t nat -d $VIP -p tcp -j REDIRECT
;;
*)
echo "Usage: $0 {add|del} ipaddress"
exit 1
esac
exit 0


6. Se reinicia keepalived en ambas maquinas
sudo /etc/init.d/keepalived start

7. Se activa la opcion net.ipv4.ip_forward = 1 en /etc/sysctl.conf en ambas maquinas

8. Reiniciamos la red
sudo /etc/init.d/networking restart

Comandos adicionales

Revisar las tablas de enrrutamiento
sudo ipvsadm -L -n

Revisar las conexiones
sudo ipvsadm -L -c -n