High Availability Openshift using VRRP in OpenStack
4 min readSep 23, 2018
Hi folks!
In this new episode, we will configure in HA Openshift 3.7 (only the API) using VRRP in Red Hat OpenStack Platform 10.
This is an Openshift HA example but this post can be useful also with another application or services, like a Tomcat, Wildfly, Apache, etc..
Architecture
Steps ( SO RHEL )
- - Create Port in OpenStack
$ neutron port-create --name openshift-console-vip $YOUR_OPENSHIFT_NETWORK_NAME --os-tenant-id $YOUR_TENANT_ID# Example
[stack@my-openstack~]$ neutron port-create --name openshift-console-vip openshift-network --os-tenant-id 95959a0e0a8a100445fb0be3eb4b98109+------------------------+------------------------------------------
| Field | Value |
+------------------------+------------------------------------------
| admin_state_up | True |
| allowed_address_pairs | |
| binding:vnic_type | normal |
| created_at | 2018-08-15T16:48:07Z |
| description | |
| device_id | |
| device_owner | |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "f5c897ee-b27b-4453-929e-af0cfea108ad", "ip_address": "192.168.10.1"} |
| id | 3d494967-0fdb-459c-acb8-a626ba243c75 |
| mac_address | fa:16:3e:34:28:b5 |
| name | openshift-console-vip |
| network_id | e81f1402-d219-4798-8db4-0da98e46310b |
| nuage_floatingip | |
| nuage_policy_groups | |
| nuage_redirect_targets | |
| port_security_enabled | True |
| project_id | ########################### |
| revision_number | 5 |
| security_groups | ############################ |
| status | DOWN |
| tenant_id | 95959a0e0a8a100445fb0be3eb4b98109 |
| updated_at | 2018-08-15T16:48:07Z |
+------------------------+------------------------------------------
Save this: “ip_address”: “192.168.10.1”
2.-In OpenStack using Neutron, find the port to HaProxy instances, for example, HAProxy 1 has IP: 192.168.10.2 and the Haproxy 2 has IP: 192.168.10.3, to find the port by instance execute the next command:
[stack@my-openstack~]$ neutron port-list | grep 192.168.10.2
| 1ee8e39d-7133-4c9f-99a7-b3db05bba039 | | fa:16:3e:98:a7:2d | {"subnet_id": "f5c897ee-b27b-4453-929e-af0cfea108ad", "ip_address": "192.168.10.2"} |
[stack@my-openstack~]$ neutron port-list | grep 192.168.10.3
| 4199b0ae-9f13-4dd0-8e9e-f55e4bd85292 | | fa:16:3e:96:a8:01 | {"subnet_id": "f5c897ee-b27b-4453-929e-af0cfea108ad", "ip_address": "192.168.10.3"} |Save the port id, in this case, 1ee8e39d-7133–4c9f-99a7-b3db05bba039 for HaProxy 1 and 4199b0ae-9f13–4dd0–8e9e-f55e4bd85292 for HaProxy 2
3.- Update ports HaProxy Instances.
[stack@my-openstack~]$neutron port-update 1ee8e39d-7133-4c9f-99a7-b3db05bba039 --allowed-address-pairs type=dict list=true ip_address=192.168.10.1
[stack@my-openstack~]$ neutron port-update 4199b0ae-9f13-4dd0-8e9e-f55e4bd85292 --allowed-address-pairs type=dict list=true ip_address=192.168.10.14.- Configure HaProxy in instance 1 and 2
Example, the configuration is the same in the two HaProxy.
[my-user@haproxy-1~]$ sudo vi /etc/haproxy/haproxy.cfg
# Global settings
#---------------------------------------------------------------------
global
maxconn 20000
log /dev/log local0 info
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
# option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 300s
timeout server 300s
timeout http-keep-alive 10s
timeout check 10s
maxconn 20000
listen stats :9000
mode http
stats enable
stats uri /
frontend atomic-openshift-api
bind *:8443
default_backend atomic-openshift-api
mode tcp
option tcplog
backend atomic-openshift-api
balance source
mode tcp
server master0 192.168.10.4:8443 check
server master1 192.168.10.5:8443 check
server master2 192.168.10.6:8443 check[my-user@haproxy-1~]$ sudo service haproxy restart
5.- Configure Keepalived HaProxy 1
[my-user@haproxy-1~]$ sudo vi /etc/sysctl.conf
## Add this line
net.ipv4.ip_nonlocal_bind=1
## Save change
[my-user@haproxy-1~]$ sudo su
[my-user@haproxy-1~]# sysctl -p
[my-user@haproxy-1~]# exit
[my-user@haproxy-1~]$ sudo vi /etc/keepalived/keepalived.conf
global_defs {
# Keepalived process identifier
lvs_id haproxy_DH
}
# Script used to check if HAProxy is running
vrrp_script check_haproxy {
script "killall -0 haproxy"
interval 2
weight 2
}
# Virtual interface
# The priority specifies the order in which the assigned interface to take over in a failover
vrrp_instance VI_01 {
state MASTER
interface eth0
virtual_router_id 51
priority 101
# The virtual ip address shared between the two loadbalancers
virtual_ipaddress {
192.168.10.1
}
track_script {
check_haproxy
}
}
[my-user@haproxy-1~]$ sudo service keepalived restart5.- Configure Keepalived HaProxy 2
[my-user@haproxy-2~]$ sudo vi /etc/sysctl.conf
## Add this line
net.ipv4.ip_nonlocal_bind=1
## Save change
[my-user@haproxy-2~]$ sudo su
[my-user@haproxy-2~]# sysctl -p
[my-user@haproxy-2~]# exit
[my-user@haproxy-2~]$ sudo vi /etc/keepalived/keepalived.conf
global_defs {
# Keepalived process identifier
lvs_id haproxy_DH_passive
}
# Script used to check if HAProxy is running
vrrp_script check_haproxy {
script "killall -0 haproxy"
interval 2
weight 2
}
# Virtual interface
# The priority specifies the order in which the assigned interface to take over in a failover
vrrp_instance VI_01 {
state SLAVE
interface eth0
virtual_router_id 51
priority 100
# The virtual ip address shared between the two loadbalancers
virtual_ipaddress {
192.168.10.1
}
track_script {
check_haproxy
}
}
[my-user@haproxy-2~]$ sudo service keepalived restartTesting
# Check status HAProxy
$ sudo service haproxy status
# Check status Keepalived
$ sudo service keepalived statusOpen in your browser http://192.168.10.1:9000 you must to see the next page:
Or same page.
I hope this post be useful to you :)
Sien jou later!
