High-Availability Load Balancer setup

Discussion in 'HOWTO-Related Questions' started by wxman, Sep 9, 2008.

  1. wxman

    wxman New Member

    I'm looking into setting up something like what's in the article "Setting Up A High-Availability Load Balancer (With Failover and Session Support) With HAProxy/Heartbeat On Debian Etch" (http://www.howtoforge.com/high-availability-load-balancer-haproxy-heartbeat-debian-etch), except I'm using the latest Ubuntu server. I have two identical physical servers running behind a monowall firewall/router. I also have the local network going through the same router, and then to a wireless router.

    I've read all the articles about load balancing, and failover, and I want to set up mine better that what I'm doing now, which is just cron jobs mirroring my Mysql, web files, etc., from my primary to the secondary server.

    My problem is that I don't understand how to physically set up a system to do like what's in the above article. I can't seem to figure out things like, where do I actually install the load balancers? Do I need more NIC's to connect the two computers? Do I actually need two more physical systems to make it work? I guess what I needed to find was a diagram showing the physical systems, what's installed in the, and how they're connected.

    Sorry if I'm sounding clueless. It took me a while to work up the courage to actually ask this. Thanks.
  2. falko

    falko Super Moderator ISPConfig Developer

    In the tutorial you have four (physical or virtual) systems: two load balancers and two web servers. The virtual IP is floating between the load balancers (they are in an active-passive configuration, i.e. the active load balancer holds the virtual IP). The requests go to the active load balancer which then passes them on to the web servers.

    The load balancers work fine with just one NIC.
  3. wxman

    wxman New Member

    Thanks Falko. I'm sorry, but I still seem to be missing something.
    I have two PC's, with a single NIC in each of them. they in turn are connected to the WAN through a network switch, then my router/firewall. The router has four NIC's, three are being used now for the current setup (WAN, LAN, servers). I have a public IP that's NATed to internal IPs.

    If I'm picturing the setup in your tutorial correctly, I can install the load balancers on the same PC's as the server's are now? Then follow the setup to have the LB send the traffic on to the two servers. If that's correct, then are the LB's installed on a virtual system? Do I still need backup systems, or is it correct that the LB will distribute all the files to both servers?

    I really am sorry that I'm having such a blind spot in figuring this out. I just want the best way of doing this, and hopefully not having to buy another computer.
    Last edited: Sep 12, 2008
  4. falko

    falko Super Moderator ISPConfig Developer

    You can install the load balancers and the servers in virtual machines, so you end up with four virtual machines; each physical server holds one load balancer vm and one web server vm.

    The load balancers have one virtual IP address (it's a private IP from your LAN), and you configure your router to forward requests to that virtual IP.

    The active load balancer distributes the requests to both web servers. if one web server fails, the active load balancer notices this and forwards all requests to the remaining web server.
  5. wxman

    wxman New Member

    I think I get it now.
    Can I still use the two servers as my two name servers. Right now my two physical servers are running Bind, and I have them configured to be NS1 and NS2?
  6. falko

    falko Super Moderator ISPConfig Developer

    Yes, that's no problem.
  7. wxman

    wxman New Member

    Thanks Falko. As usual you've been a big help.
  8. wxman

    wxman New Member

    I know this is an old thread by now, but I had another question that fit here.
    If I did the setup described above, and needed primary and secondary nameservers, do I install Bind in the same vm as each of the webservers, or in their own 5th and 6th vm's? If that's the way to do it, does Bind care when one goes down?
  9. falko

    falko Super Moderator ISPConfig Developer

    Doesn't matter.

    That's why you need at least two nameservers, so that name resolution works even if one nameserver is down.
  10. wxman

    wxman New Member

    In your opinion/experience, do you think that this system works better than a manual one I'm using now?

    Right now I have two physical servers set up behind the firewall/router using ISPConfig on both to manage sites. I have the DB, and all the site files, mirrored to the second server. Bind uses uses server 1 as master and server 2 as slave. My plan, in theory, is if server 1 goes down, I switch the IP address in the router pointing to the second server, making it the primary while I fix server 1. I realize that having an automated system sound safer, but I already have it set up like this now. I'm not using the servers in production yet, and I've been debating if I ought to tear it all down, and go with the HA load balancing, and failover before we start using it for real.

    Maybe a stupid sounding question; when editing or adding new web sites, do you only do that on one of the virtual servers? So all you need to do to add a new site is use ISPConfig to set it up, and it sets everything, including any Mysql db's, emails, etc, on the other virtual server?
    Last edited: Apr 5, 2009
  11. falko

    falko Super Moderator ISPConfig Developer

    Are you referring to ISPConfig 2 or 3?
  12. wxman

    wxman New Member

    What the heck! I posted a reply to this yesterday, and it vanished.

    Right now, I'm using separate ISPConfig 2 installs with the current two server system.

    From what I've read, it sounds to me that the HA load balancing, and failover system looks like the better idea for our server. We'll have several hosted sites, with shopping carts, message boards, and frequent updates. I've seen several articles on different installations, using different components. If I go this route, I need to pin down the needed components, other than Ubuntu server 8.04. I saw these:
    http://www.howtoforge.com/installing-and-using-openvz-on-ubuntu8.04 for the virtual servers.
    http://www.howtoforge.com/the-perfe...ervers-running-xen-on-ubuntu-8.04-hardy-heron sounded close to what I needed for the actual servers. I would probably use the "perfect server" setup article again.
    http://www.howtoforge.com/high_availability_nfs_drbd_heartbeat seems to be the answer for automating the mirroring of the two servers data.
    I'm not sure, but it seems that I would still have to set up the MySql databases to be master/master replication. I saw you (Falko) say in one of your articles about problems with replication and Drupal sites. We'll be running at least three Drupal sites. You said caching had to be shut off. Was that Drupal or MySql

    Also, does this make it so I would set up, or edit a site on the primary server, and it would automatically mirror it all on the second server. It will probably make more sense once I start, but I'm running out of time. I really need these servers running as soon as I can. I wish I knew for sure if I could keep my setup that way it is now, but make the replication/mirroring, be more efficient. You can see in what I brought up here, http://www.howtoforge.com/forums/showthread.php?p=180047#post180047, the problem with ISPConfig 2 I'm having.
    Last edited: Apr 8, 2009
  13. falko

    falko Super Moderator ISPConfig Developer

    Are you sure it was submitted? We didn't delte any of your posts.

    The main problem with using ISPconfig in a HA setup is that both servers use different IPs. If you find a way of making the second ISPconfig server take over if the first one fails, you must implement a solution that rewrites all the IP information in the configuration files (e.g. in the Apache vhosts).
  14. wxman

    wxman New Member

    That's no problem because I plan to be here to manually do that.

    What about the rest of it though like I asked above. Does this system handle all the replication and mirroring needed to keep a backup up to date (Drupal problems)?
    Do I need the NFS server as well?
    Is the Postfix email also backed up?
    Running my own secondary DNS server seems impossible because mirroring ISPConfig will just copy over master records, so is it better to use an outside DNS service for that?

    Sorry for all the questions. I know all the answers are out there, I just can't seem to put it all together to make it work. Other places must do the something similar so they never loose their servers.
  15. falko

    falko Super Moderator ISPConfig Developer

    Sorry, this is really confusing me now. Can you break this down into easier-to-answer parts? ;)
  16. wxman

    wxman New Member

    Sorry. I think I've been fighting with this for so long, I'm confused about what I want too.

    If I was to go the HA route with my two servers, what procedures need to be done, and in what order? For example, after the initial Ubuntu install, do I install the virtual server system as spelled out in "Installing And Using OpenVZ On Ubuntu 8.04 LTS Server", then follow one of the HA load balancing, and failover system setups?

    If I'm using ISPConfig, which version? There doesn't seem to be any detailed descriptions yet of what version 3 is needed for.

    With the HA load balancing, and failover system, does it act as a single server? In other words, do I enter new web sites, updates, etc., in a single place, and it propagates to the backup server?

    Do I still need master/master replication for the MySql database?

    Are there other files that will be needed to mirror over using cron jobs, like email, passwords, etc.?

    Would it be better for me just to keep my two servers as they are now as separate servers. Then set up a better way to mirror the primary server onto the backup. I am going to outsource the secondary name server to get rid of that headache. I already have a master/master db replication set up. The web files are mirrored using cron jobs. I don't have Postfix email system, and I know there are other system files needed that I'm missing as well.

    I'll be here if I need to swap to a backup, so I can fix the vhosts file when I change the router to point to the backup server.

    By the way. Thank you for all your help, and patience, with me.
  17. falko

    falko Super Moderator ISPConfig Developer

    Generally yes, but the HA tutorials don't work with OpenVZ (unless you manage to run the OpenVZ guests with veth interfaces instead of venet interfaces) - better use Xen or KVM.

    The main difference is that ISPConfig 3 configures most services to read their configuration directly from the MySQL database (as far as this is possible - Apache, for example, still has no MySQL plugin), while ISPConfig 2 is writing plain old configuration files. Plus, the ISPConfig 3 installation is much faster.

    To the outside world, the setup appears to be one single system because of the virtual IP address. Behind the load balancers, you have your web servers, but you still need to sync stuff between these web servers (e.g. with rsync, MySQL replication, or by using a shared storage (which again must be set up in a high-availability fashion, becasue otherwise you create another single point of failure).

    If you want to run two MySQL servers, then that's the way I would do it.
  18. wxman

    wxman New Member

    Things are becoming clearer now.

    I find two howto's that look the part:
    Setting Up A High-Availability Load Balancer (With Failover and Session Support) With HAProxy/Heartbeat On Debian Etch
    The Perfect Load-Balanced & High-Availability Web Cluster With 2 Servers Running Xen On Ubuntu 8.04 Hardy Heron

    The first thing I notice is there is no mention of ISPConfig installation, either 2 or 3, in either article. I'm assuming version 3 would be the better choice. I'm not sure if I'm reading it right, but it looks like version 3 allows you to set up a second server, and it keeps itself updated. Also it sounds like I can have my slave DNS back here again because of it using dyndns instead of Bind.

    Will the HAProxy/Heartbeat On Debian Etch work with Ubuntu 8.04 or 8.10?

    We will be running forums, and shopping carts, which is talked about in the first howto, but not the second.

    I like the sound of "Creating Xen Bridges for local data transfers" in the second howto. I need to save bandwidth as much as I can. Can this still be done if I go with the HAProxy/Heartbeat howto?

    Do I still need to mirror files with ISPConfig 3? if so, I don't suppose you know where to find a complete list of server files needed to mirror if I go with ISPConfig 3?
    Last edited: Apr 10, 2009
  19. falko

    falko Super Moderator ISPConfig Developer

    I assume so.

    I think so, although I haven't tried this.

    Yes. With ISPConfig 3, you can manage multiple servers, but this doesn't mean you can manage mirrors or high-availability setups with it.
  20. wxman

    wxman New Member

    Sorry, I think I have just a couple more questions, then I'm going to try it.

    Your article said "HAProxy is session-aware, which means you can use it with any web application that makes use of sessions (such as forums, shopping carts, etc.)". I'm going to be doing just that, but I can't find anywhere if just using heartbeat and ldirectord is just as reliable for that purpose. Does it make a difference?

    After that's decided, I think I might try adapting your howto, With HAProxy/Heartbeat On Debian Etch, to Ubuntu. I assume your "The Perfect Server - Ubuntu 8.10 [ISPConfig 3]" will work as the install for the two apache servers http1 and http2?
    After that I'll try to add the "Xen Bridges for local data transfers" idea.

    If it all works, it will be a miracle!
    Last edited: Apr 11, 2009

Share This Page