I'm attempting to set up a cluster of two VMware VMs running Heartbeat, Pacemaker and Varnish on Ubuntu Server 10.04, with the intent of using them as a main and backup loader balancer to further VMs. Varnish is working fine, and Heartbeat is picking up both VMs as intended with the following ha.cf configuration:
autojoin none
bcast eth0
crm respawn
deadtime 20
initdead 120
keepalive 2
logfacility syslog
node VMViper
node VMJester
warntime 5
VPViper has an IP of 192.168.1.54, and VMJester has an IP of 192.168.1.53. I've set these in /etc/hosts and using static DHCP on my physical router (WRT54GL with Tomato 1.28). I can see the backend website via either of these IPs in a browser.
IPTables looks like:
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 694 -j ACCEPT
I'd now like to have a single virtual IP in Pacemaker that that serves the site. I've got as far as:
sudo crm configure property stonith-enabled=false
sudo crm configure primitive cluster ocf:heartbeat:IPaddr params ip=192.168.1.61 op monitor interval=10s
which creates a working cluster (admittedly missing any significant configuration so far):
node $id="08a94061-336c-422d-bf72-910662045127" vmviper
node $id="d4364751-0307-4a71-a303-5df01cbc919c" vmjester
primitive mycluster ocf:heartbeat:IPaddr \
params ip="192.168.1.61" \
op monitor interval="10s"
property $id="cib-bootstrap-options" \
dc-version="1.0.8-042548a451fce8400660f6031f4da6f0223dd5dd" \
cluster-infrastructure="Heartbeat" \
stonith-enabled="false"
Taking down either VM moves the location of the cluster (sudo crm resource status mycluster) to the working machine. So far so good, but now my lack of networking talent means I've hit a wall. So now I have lots of questions:
I don't really understand the concept of a virtual IP. I've added 192.168.1.61 into the Pacemaker config as my virtual IP, but haven't referenced this anywhere else. Should I expect to see a MAC address for a new virtual interface in my router interface? What do I need to change to make this visible?
Presumably I should also be looking to hide 192.168.1.54 and 192.168.1.53 from the outside world. How do I go about this?
One of the articles I've read says that I need to set net.ipv4.ip_forward = 1 in /etc/sysctl.conf. Is this a necessary step?
Best Answer
The Virtual IP (VIP) floats between the two real IP addresses. The purpose there is to have a consistent IP address to use from the outside world in the event your primary cluster node goes down. It uses the MAC address of the interface holding the real IP address.
You may want to hide the .53 and .54 addresses eventually but I wouldn't worry about that right of the bat.
You need ip_forward if you have other servers sitting behind your redundant load balancers as your load balancers will be acting as routers and therefore need to forward traffic.
What do you get when you point a browser at the 192.168.1.61 address?