In the previous article we looked at what’s the use LVS, to have a system of load balancing built into the Linux kernel. As mentioned, however, LVS was born to be good in one thing: the load balance, but does not provide additional options, such as monitoring the progress of the machines on which we are balancing service and in case of trouble in one machine remove it from the active machines.
To accomplish this goal and many more wel” take a look at ldirectord
ldirectord is a daemon to monitor and administer real servers in a LVS cluster of load balanced virtual servers. ldirectord typically used as a resource for Linux-HA , but can also be run from the command line.
A LVS cluster consists or one or more virtual services each of which may have zero or more real servers. The IP address of a virtual service is what end-users connect to and is typically advertised over DNS. When a connection is made to a virtual service, it is allocated a real server, and all packets for this connection are forwarded to this real server. A more detailed overview of LVS can be found here.
ldirectord has a configuration file which specifies the virtual services and their associated real servers. When ldirectord is initialised it creates the virtual services for the clutster.
ldirectord monitors the health of the real servers by periodically requesting a known URL and checking that the response contains an expected response. If a real server fails then the server is removed and will be reactivated once it comes back on line. If all the real servers are down then a fall-back server is inserted into the pool, which will made quiescent one of the real web servers comes back on line. Typically, the fall-back server is localhost. For example if an HTTP virtual service is being provided then it is useful to run an Apache HTTP server as fall-back that returns a page indicating that the service is temporarily inaccessible.
Example of configuration
The ldirectord configuration file is divided into two main areas, the global configuration and the Virtual Server configuration.
# Global Directives checktimeout=10 checkinterval=15 #fallback=127.0.0.1:80 autoreload=no #logfile="/var/log/ldirectord.log" logfile="local0" quiescent=yes
This is an example of a block with global directives, some of the most important things are the timeout in seconds (10) before considering a server as down and the interval in seconds when the check is repeated (15)
# Virtual Server for HTTP virtual=192.168.6.240:80 fallback=127.0.0.1:80 real=192.168.6.4:80 gate real=192.168.6.5:80 gate service=http request="index.html" receive="Test Page" scheduler=rr #persistent=600 protocol=tcp checktype=negotiate
This is the configuration of a virtual server, we can configure
- VIP defined as
virtual=192.168.6.240this is the address of the service, where our client will connect
fallback=127.0.0.1:80This is the address when your client will be sent when all your real servers are down, usually it’s a web page that give information of downtime or maintenance periods, but could be anything.
real=xxx.xxx.xxx.xx gatethese 2 directives give the address of the 2 real servers, and the methods gate that means that we’ll use LVS-DR
request="index.html"This object will be requested each checkinterval seconds on each real server. The string must be inside quotes. Note that this string may be overridden by an
optional per real-server based request-string
receive="Test Page"If the requested result contains this regexp to compare, the real server is declared alive. The regexp must be inside quotes. Keep in mind that regexps are not plain strings and that you need to escape the special characters if they should as litterals. Note that this regexp may be overridden by an optional per real-server based receive regexp.
checktype=negotiateType of check to perform. Negotiate sends a request and matches a receive string.
Connect only attemts to make a TCP/IP connection, thus the the request and receive strings may be omitted. If checktype is a number then negotiate and connect is combined so that after each N connect attempts one negotiate attempt is performed.This is useful to check often if a service answers and in much longer intervalls a negotiating check is done. Off means no checking will take place and no real or fallback servers will be activated. Default is negotiate.
Once this is done in a configuration file is sufficient to give the command
ldirectord filename start and ldirectord will configure your servers and real VIP and start to check the behavior of the real servers, removing them and re-adding them in case of problems.
We have made a load balancer with ldirectord (and LVS) much more resilient to the down of a real server and so offering a better service for our customers.
- Linux Security: How to hide processes from other users
- Productivity boosting with open source applications
- 8 Simple To Follow Tips To Secure Your Apache Web Server
- The Humble “Open Source” Bundle
- Linux Games: FTL Advanced Edition expansion
Find me on Google+