HOWTO ------------------------------------------------------------------- This document briefly explains how to use the Red Hat Piranha software to set up and administer a highly-available Web/FTP site. Hardware/Connection Requirements -------------------------------- LVS Nodes You need: * A server machine that will be the pirmary LVS node. Minimally, the machine must have two network adapters, one connecting it to the Internet and the other to a private network of Web/FTP servers. For avoiding single points of failure (SPoFs), the node may have additional adapters. * Another machine that will be the backup LVS node. Functionally the backup node is optional, but it is required if you want high-availability. This machine also has two network adapters connecting it to the Internet and to a private network of Web/FTP servers. Note that the backup LVS node is purely a stand-by machine. Web/FTP Server Hosts Job requests received by the primary LVS node are redirected to a pool of Web/FTP server hosts. Each will have at least one network adapter connecting it to a private IP subnet. These may be any kind of computing platform or HTTPD host with one exception: the weighted least_connection scheduling method can examine active connections only on Linux Web/FTP hosts. During configuration, you will assign weights to these hosts reflecting their processing capacity (memory, processor speed, number of processors, etc.) relative to one another. Thus, you should be prepared to make accurate assignments. Software Requirements/Prerequisites ----------------------------------- Kernel The LVS nodes require Red Hat 6.1 (or later). Red Hat 6.2 or later is recommended. Masquerading Masquerading must be enabled on the LVS nodes. You can do this in two ways: * In the /etc/sysctl.conf file, set ip_forward and ip_always_defrag to 1. * Issue these commands: echo 1 >/proc/sys/net/ipv4/ip_forward echo 1 >/proc/sys/net/ipv4/ip_always_defrag ipchains -A forward -j MASQ -s n.n.n.n/24 -d 0.0.0.0/0 n.n.n.n is the address of the private subnet of the Web/FTP hosts. IP Addresses During configuration, you will be asked to supply at least two floating IP addresses: * One will be for the NAT router. This will be a secondary address of the network adapter connecting the LVS nodes to the network of Web/FTP server hosts. * One or more will be for virtual servers: the public address(es), including port number(s), where incoming requests for service from Web/FTP clients arrive. Configuring the LVS Cluster ========================== We assume you will use the Piranha GUI to set up, monitor, and administer your LVS cluster. The fields on its screens are explained below. If you prefer to use the command line tools, see the man pages: ipvsadm(8), lvs(8), pulse(8), nanny(8), lvs.cf(5). The piranha configuration tool is a web interface requiring Apache and PHP. It uses its own instance of httpd and configuration file, and a dedicated TCP/IP port number. To start it; execute the command: /etc/rc.d/init.d/piranha-gui start Once running, use a web browser to connect to your server, and specify port number 3636 like so: http://xxx.xxx.xxx.xxx:3636/ where "xxx.xxx.xxx.xxx" is the virtual IP address of your cluster. When you enter the configuration screens, you will see four main sections: Controls/Monitoring. The initial tab. Used to monitor the runtime status and synchronize configuration on the LVS nodes. See "Control/Monitoring Tab." Global Settings. Use to set the IP address of the primary LVS node and NAT routing. See "Global Setting Tab." Redundancy: Use to set the address of the backup LVS server and set the pulse(8) parameters. See "Redundancy Tab." Virtual Servers. Use to set service addresses and set up routing between service addresses and real Web/FTP server hosts. See "Virtual Servers Tab." Piranha windows have one or more of these buttons along the bottom: OK - Apply changes and exit. Apply - Apply changes without exiting. Close - Exit without applying changes. Controls/Monitoring ------------------- Start Click to start the pulse daemon. Add pulse daemon to this runlevel Select to start pulse at system boot. Update information now Display current LVS runtime status. Auto-update Select to display LVS runtime status automatically at the specified interval. Global Settings --------------- Primary LVS server IP: Contains the public IP address of the primary LVS node. Primary server private IP: This field may be left blank. It's purpose is to offer an alternative network path for checking that the IP service on the partner box is alive LVS type: This can be one of two differing solutions. FOS/LVS. FOS provides for a system of only two servers and rudementry shared data LVS offers a load balance network setup over more than 2 or servers though it will frequently be made up of 4 or more boxes Under LVS settings ------------------ Routing: Can be wither NAT, Tunneling, or Direct Routing NAT Router IP: Contains the floating IP address associated with the network adapter connecting the node with the real server host subnet. If this node fails, this address migrates to the backup LVS node. NAT Router Device: Associate the floating NAT router address with the network adapter name, which must be the same on both LVS nodes. Sync tool: Click to select rsh or ssh as the tool used to synchronize files on the primary and backup nodes. Under FOS settings ------------------ Shared data This section is optional. If left blank, no actions are taken. In a two node setup, it is possible to connect an external disk via a shared scsi cable strung between the nodes. Care should taken with both termination of the scsi chain and also attention should made to what the SCSI ID's of the host adapters are (eg Node 1: ID7, Node 2: ID6, shared disk ID4). Note, not all scsi adators are capable of having their scsi ID numbers reset. Because it is possible that teh disk naming on both machines may differ it is necessary to provide the device name that each box sees the externally shared drive as. In most cases it will probably be the same however this is not guarreteed The current shared data implementation is done via scsi reservation, which is a means by which the scsi disk is locked to respond only to commands from a particular scsi ID, thus guarrenting that only one machine has write access to the drive. This reservation can only be broken through the use of a scsi reset, so care about scsi adaptor abilities to reset the bus have to be made. The locking is done by the external program scsi_reserve and we encourage you to read the theory of it's operation (/usr/sbin/scsi_reserve --help) Primary server disk name: The device name of the external disk as the primary server sees it eg /dev/sdb Redundant server disk name: The device name of the external disk as the redundant server sees it This may be the same or different from the primary server disk name eg /dev/sdd Scsi reservation conflict: This dictates what action piranha should use when an unexpected scsi reservation conflict occurs during failover. Additionally it will *not* wait any appreciable time between the reset and the reserve command so that the greatest possibility of stealing the reservation from the other node's adapter is made. Redundancy ---------- Enable redundant server Select to enable failover. Redundant server IP: Contains the public IP address of the backup LVS node. Redundant server private IP: Same as the primary server private IP except that it's only offered as an item if he primary server private IP has been set. Heartbeat interval (seconds): Contains the number of seconds between heartbeats: the interval at which the backup LVS node checks to see if the primary LVS node is alive. Assume dead after (seconds): If this number of seconds lapses without a response from the primary LVS node, the backup node initiates failover. Virtual Servers --------------- This screen displays a row of information for each currently defined virtual server. Click a row to select it. The buttons on the right side of the screen apply to the currently selected virtual server. Click Delete to remove the selected virtual server. Status Displays Active or Down. Click Disable to take down a selected active virtual server; click Activate to enable a selected down virtual server. Name The node's name (not the hostname, although it could be). Port The listen port for incoming requests for service. Protocol specify tcp or udp Add/Edit a Virtual Server Click the Add button to create a new, undefined virtual server. Click the Edit button (or double-click the row) to define a newly-created virtual server or change an existing virtual server. Click the Real Servers tab to set up routing of job requests from this virtual server to the Web/FTP server hosts that will process the requests (see the next section). Name: Enter a descriptive name. Application: Click to select HTTP or FTP. Port: Enter the listening port for incoming requests. Address: Enter the floating IP address where requests for service arrive. If this node fails, the address and port are failed-over to the backup LVS node. Device: Associate the floating IP address with the network adapter that connects the LVS nodes to the public network. Re-entry Time: Enter the number of seconds that a failed Web/FTP server host associated with this virtual server must remain alive before it will be re-added to the pool. Load monitoring tool: Select the tool to use (uptime, rup, ruptime, or none) for determining the workload on Web/FTP server hosts. Scheduling: Select the altorithm for request routing from this virtual server to the Web/FTP server hosts that will perform the services: Select Weighted least-connections Assign more jobs to hosts that are least busy relative to their processing capacity. Weighted round robin Assign more jobs to hosts with greater processing capacity. Round robin Distribute jobs equally among the hosts. Edit Scripts: This section allows you to specify a send/expect string sequence for verifying an IP service is functional. Only one send and/or expect sequence is allowed, and can only contain printable characters plus (\n, \r, \t, and/or \') Persistence: If greater than zero, enables persistent connection support and specifies a timeout value. Persistence Network Mask: If persistence is enabled, this is a netmask to apply to routing rules for enabling subnets for persistence. Real Servers This screen displays a row of information for each currently defined Web/FTP server. Click a row to select it. The buttons on the right side of the screen apply to the currently selected server host. Click Delete to remove the selected host. Status Displays Active or Down. Click Disable to deactivate a selected server host; click Activate to enable a selected down host. Name The server's name (not the hostname, although it could). Address: The server's IP address. Add/Edit a Real Server Click the Add button to create an association with a new, undefined Web/server host. Click the Edit button (or double-click the row) to define a new host or change an existing one. Name: Enter a descriptive name. Address: Enter the Web/FTP server's IP address. The listening port will be the one specified for the associated virtual server. Weight: Assign an integer to indicate this host's processing capacity relative to that of other hosts in the pool.