Cheap VPS & Xen Server


Residential Proxy Network - Hourly & Monthly Packages

Set Up A Simple High-Availability Web Server For A Small Company Using Debian Lenny


This tutorial was written for the Debian Lenny distribution and supposes that the user has knowledge about what load balancing is and some basic skills of Linux, our two load balancers consist out of 2 machines that monitor each other [heartbeat], if the master stops responding the secondary one [Backup] will take the master role [Backup -> Master].

For this setup, we will need 3 IP addresses, 2 for each node and one virtual IP address that will be used by the master node (master node will catch this IP). At the end we will install Apache as our web server.

1. Enable IPVS On Both Nodes

IPVS (IP Virtual Server):

lb01/lb02

echo ip_vs_dh >> /etc/modules
echo ip_vs_ftp >> /etc/modules
echo ip_vs >> /etc/modules
echo ip_vs_lblc >> /etc/modules
echo ip_vs_lblcr >> /etc/modules
echo ip_vs_lc >> /etc/modules
echo ip_vs_nq >> /etc/modules
echo ip_vs_rr >> /etc/modules
echo ip_vs_sed >> /etc/modules
echo ip_vs_sh >> /etc/modules
echo ip_vs_wlc >> /etc/modules
echo ip_vs_wrr >> /etc/modules

modprobe ip_vs_dh
modprobe ip_vs_ftp
modprobe ip_vs
modprobe ip_vs_lblc
modprobe ip_vs_lblcr
modprobe ip_vs_lc
modprobe ip_vs_nq
modprobe ip_vs_rr
modprobe ip_vs_sed
modprobe ip_vs_sh
modprobe ip_vs_wlc
modprobe ip_vs_wrr

If you get errors, it means that you are not using debian lenny or you have recompiled lenny original kernel . Kernel must be compiled with IPVS.

 

2. Install Ultra Monkey On The Load Balancers

To install Ultra Monkey, edit /etc/apt/sources.list and add these two lines (don’t remove other repositories):

lb01/lb02

pico /etc/apt/sources.list

deb http://www.ultramonkey.org/download/latest/ sarge main
deb-src http://www.ultramonkey.org/download/latest sarge main

Next we do this:

lb01/lb02

apt-get update

If you get this error…

W: GPG error: http://www.ultramonkey.org sarge Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 03C0023E05410E97
W: You may want to run apt-get update to correct these problems

… there are few workarounds, but here goes the most trusted one on the job!

Create a file named: key.asc and use the following code:

pico /home/key.asc

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.0
mQGiBEOBaH4RBACmZGWUpGxm6fOtwvrlOu38+cSh6iwdr9KMeNc9+qna8Ena3sEqV2FX9qxj
aALm/VnrfbtUu823VpjpiNy7rMjvOl17omDS8v4S6HSBRFuOFxmIoPi4BLDPlTWhfTYZJ3rH
Gx/2J3JFjvzkVoM1Htq1jbeZzzqPaHAvGJrnIY+6DwCg7aCaaKfOQzwaVeTq1jhu4zH0MMsD
/00cd61uRttV97JBGBDx4Zwp5CBzlnra24kZkHf43iQiexI7JzOx0xvqmbAhz2Aei3UcQXM7
c90EaA6FgFJplaRFUcwYJkdxu3+quK0R1EmKmDA50ugiUzu8qt30ODBoJav7ZM8/pq4DvcrT
mHLBK/hlKOcAhAVrAqwTztynILPdA/0YRs8GYGIqrAEKfX4/8mhBbCCrD6yJViohbSJ3lRTD
jKnMI3vNj/+s6eeT9B1vF8CyEuzZufmEBXL329CnhDRNWaVbTgpBl/GLI1FSXTiDSnDGdReP
mF7h5HHlL0IFwWTYl+oiXz5RF2hAOUALIxfX+RQTU6mH/Raz59VH2j7pW7QfU2ltb24gSG9y
bWFuIDxob3Jtc0BkZWJpYW4ub3JnPohGBBARAgAGBQJDgW2HAAoJENUjpuZgBiiEx2AAn0dk
OefzVqNYB+CmQgOgRjS5A/fnAJsHVdO3i/8NckSuQeJ9z/MyO6iCE4hGBBARAgAGBQJDgW+R
AAoJEBcFOQ7mbJuwAGQAoJDv1/chu75aQOIxK5DIQEZ09jRVAJwJtwDyqgdUnd1AEc//OrNZ
1kIuwohGBBARAgAGBQJDgXq1AAoJEFPlmVtRVTMKiCYAn1KlsPSPSdWFeAiHf3Qm54gXH9Yp
AJ9DIJ4jy1Z9IXfp9i1fVnwKHicZxohGBBARAgAGBQJIQuQaAAoJEPaNV/uq5zQnFQEAn0cZ
cG/XW3nZn7XJkmTQ7BhCct7wAKCFofIDm0ecW2LIku5W3ByRpwpTYIhGBBARAgAGBQJJt0yC
AAoJEBjYpOLQ7bZNKBsAn15fxX5vOVPxcCjG0MTkKq1KL+6uAJ9NBuT48l0lZrHoodrEK7HJ
yBATAIhGBBARAgAGBQJJt2+7AAoJEGykGndDuNbIWVsAnjgyEhiDo5Mje4EbPoX7BYQlYq+5
AJ47SpquAYY6zLB6u2lmzQ8DaHbm4IhMBBMRAgAMBQJDlAzMBYMSuV6yAAoJEAgFz2XePm2T
uMQAn1fWqSGo1EMJiglmWV+AQypVaz09AKCUH6rBS7sbPboBV2Xy+1I1oZdJMIhmBBMRAgAm
BQJDgWi5AhsDBQkSzAMABgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQA8ACPgVBDpew7wCg
273GZJS2311rS3/3C8VJa8cM9LwAn3QzO5DFhKN/3XOGI99vxaK+x0zCtCFTaW1vbiBIb3Jt
YW4gPGhvcm1zQHZlcmdlLm5ldC5hdT6IRgQQEQIABgUCQ4FthQAKCRDVI6bmYAYohM+7AJ4n
3bKIpEaejv/1pbHKLL11fse1DQCfXjFRojcLeRIXXkwvSWBDY/xpGvCIRgQQEQIABgUCQ4Fv
jQAKCRAXBTkO5mybsAjoAJ41mgdVAz23U51NJ8cgpWp+KaWYWwCfdE1q/K/DNbx+Pix8kkOL
NhQ2T6qIRgQQEQIABgUCQ4F6rwAKCRBT5ZlbUVUzCsoiAJ9GZNyA1XDcCdotS1qTFlp33tnA
OQCfWYzBttAL7etuutb4CDJqPwOh4j+IRgQQEQIABgUCSELkGgAKCRD2jVf7quc0J3OXAJ4/
nzcUCOYJKNtjYZtPaqVj0cW7BgCfb/Trs4uvS3vooJizh0cJyPQqjymIRgQQEQIABgUCSbdM
ggAKCRAY2KTi0O22TVM/AJ4yWpNFyqo67oYYOgr8OqQfMJnijACfbF0TqBE3xJYraCK3MIW5
Z1Yr+AuIRgQQEQIABgUCSbdvuwAKCRBspBp3Q7jWyEgjAJ98Zu4GfDiOylz+EDbm2T7P1BE7
kQCfbECHQARujttCnPxy2q3vXwL0yrWITAQTEQIADAUCQ5QMzAWDErlesgAKCRAIBc9l3j5t
kwVzAJ4wywabgeuYCDMWZuGAsC2hDSFlFQCfQbdeCT0VoUveXfh3e58f8GJV4h6IZgQTEQIA
JgUCQ4FofgIbAwUJEswDAAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEAPAAj4FQQ6XyuEA
n3jEhRhdOW2sftDoYVN4yxxwihw6AKDgTV6czvp1mp1n1/3IPRNdzHXqwIhpBBMRAgApAhsD
BQkSzAMABgsJCAcDAgQVAggDBBYCAwECHgECF4AFAkOBa6sCGQEACgkQA8ACPgVBDpeYsACg
6YLLgyAExRHb7/HoY9kHFsG1W+QAn3D/G7LJJgKv+Ak623nzyhhu/grVuQINBEOBaIoQCADP
7yaGkyu2a5A5clGb7sD6nDnKjz/rJrpFkluQ0Rwz73KxajjLzQeNGp2EV91UDRXbg1NCkf2E
F97maJO00SYR7ZbQdyBKORgQZuLU/aSJn8UR15ChsuWxe874p/QGylzwEea/JVJUltud3Aep
Dm8sB1nErPzz++iDZSFSdGqM5ltcv3geP0Ax+SDNqe7HWdmgv/EKaFgRUN62yS05V+HWylN+
wuj/SJJiKUhtiZQ26NiawQNDUcxUPgb8oYgGyZRL1GcGWs45RADiEUNSHifqm+CcRSkQFXex
GFHDDnHKFFnyVHKaWrwG6Ty9TFlx7+jo8gwDyphBLV0nsTYQcJvjAAMFCACSMCA/aewrLvVo
C63o90CKgftkpwt53lp/1vqBvRzuZlCTLQ5ijbA2Pn/9oqPfWUqeIObr2YCRlpwnw5jfOKah
wknlujA9nAzruqA2xwkDp2jpyEOoh1meDhbeaPa8lx4A2sxYwfSMCDDZ3Jwm/c0lFdhmlUEA
dm9tnXL024evFr5BJVmmgbQsHErSwfyI6CDWjVXbySO60j3K3GVIvTm55iB0rlsMjwhRD4Sy
5PO5aaCktmICqBtSDBHZjje7PWPKN92ZhHr24g11Xc3u42U1bQ+J9oNmuTJMI20NcR0lgJNR
d8oQvqHyU7B5mRMBalCKNDdtVLbTuh2Cs6vrS6jFiE8EGBECAA8FAkOBaIoCGwwFCRLMAwAA
CgkQA8ACPgVBDpfxKACeIfmJdm0wyb6FNyfP9/yYlSak1T8AoJjH/Pc+Uwq5T0kUEdcurSEm
MZd1
=5NNR
-----END PGP PUBLIC KEY BLOCK-----

Run the following command to fetch the missing public key…

gpg –import /home/key.asc

… and add the key to the keyring…

apt-key add /root/.gnupg/pubring.gpg

… and issue..

apt-key update

… then…

apt-get update

Back to the tutorial. Install Ultra Monkey:

lb01/lb02

apt-get install ultramonkey

dpkg-reconfigure ipvsadm

Answer as follows:

Do you want to automatically load IPVS rules on boot?
No

Select a daemon method.
None

 

3. Enable Packet Forwarding On The Load Balancers

lb01/lb02

pico /etc/sysctl.conf

Uncomment the following line so that the load balancers are able to route traffic:

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

After that run this:

lb01/lb02

sysctl -p

4. Configure heartbeat And ldirectord

We have to create 3 configuration files for heartbeat.

lb01/lb02

pico /etc/ha.d/ha.cf

logfacility        local0
bcast        eth0                # Linux
mcast eth0 225.0.0.1 694 1 0
auto_failback off
node        lb01
node        lb02
respawn hacluster /usr/lib/heartbeat/ipfail
apiauth ipfail gid=haclient uid=hacluster

Important: As node we must use the output of

uname -n

on lb01 and lb02.

lb01/lb02

pico /etc/ha.d/haresources

lb01        \
        ldirectord::ldirectord.cf \
        LVSSyncDaemonSwap::master \
        IPaddr2::10.253.66.200/24/eth0/10.253.66.255

The first word is the output of

uname -n

on lb01, no matter if you create the file on lb01 or lb02! After IPaddr2 we put our virtual IP address 10.253.66.200.

lb01/lb02

pico /etc/ha.d/authkeys

auth 3
3 md5 secretstring

secretstring is a password which the two heartbeat daemons on lb01 and lb02 use to authenticate against each other. Use your own string here.

/etc/ha.d/authkeys should be readable by root only, therefore we do this:

lb01/lb02

chmod 600 /etc/ha.d/authkeys

ldirectord is the actual load balancer. We are going to configure our two load balancers (lb01.example.com and lb02.example.com) in an active/passive setup, which means we have one active load balancer, and the other one is a secondary and becomes active if the active one [Master] fails. To make it work, we must create the ldirectord configuration file /etc/ha.d/ldirectord.cf which again must be identical on lb01 and lb02.

lb01/lb02

pico /etc/ha.d/ldirectord.cf

checktimeout=10
checkinterval=2
autoreload=no
logfile="local0"
quiescent=yes

virtual=10.253.66.200:80
        fallback=127.0.0.1:80 gate

In the virtual= line type your virtual IP address (10.253.66.200 in this tutorial).

lb01/lb02

update-rc.d heartbeat start 75 2 3 4 5 . stop 05 0 1 6 .

update-rc.d -f ldirectord remove

Finally we start heartbeat (and with it ldirectord):

lb01/lb02

/etc/init.d/ldirectord stop

/etc/init.d/heartbeat start

 

5. Test The Load Balancers

Let’s check if both load balancers work as expected:

lb01/lb02:

ip addr sh eth0

The active load balancer [Master] should list the virtual IP address (10.253.66.200):

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
 link/ether 00:0c:29:b7:56:9c brd ff:ff:ff:ff:ff:ff
 inet 10.253.66.19/24 brd 10.253.66.255 scope global eth0
 inet 10.253.66.200/24 brd 10.253.66.255 scope global secondary eth0

The secndary one[Backup] should show this:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
 link/ether 00:0c:29:b7:56:9c brd ff:ff:ff:ff:ff:ff
 inet 10.253.66.19/24 brd 10.253.66.255 scope global eth0

lb01/lb02:

ldirectord ldirectord.cf status

Output on the active load balancer [Master]:

ldirectord for /etc/ha.d/ldirectord.cf is running with pid: 3728

Output on the secondary [Backup]:

ldirectord is stopped for /etc/ha.d/ldirectord.cf

lb01/lb02:

ipvsadm -L -n

Output on the active load balancer [Master]:

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.253.66.200:80 wrr
  -> 127.0.0.1:80                 Local   1      0          0

Output on the secondary [Backup]:

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

lb01/lb02:

/etc/ha.d/resource.d/LVSSyncDaemonSwap master status

Output on the active load balancer [Master]:

master running
 (ipvs_syncmaster pid: 3815)

Output on the secondary [Backup]:

master stopped

To test your virtual ip:

ping -c 4 10.253.66.200

PING 10.253.66.200 (10.253.66.200) 56(84) bytes of data.
64 bytes from 10.253.66.200: icmp_seq=1 ttl=64 time=1.94 ms
64 bytes from 10.253.66.200: icmp_seq=2 ttl=64 time=0.110 ms
64 bytes from 10.253.66.200: icmp_seq=3 ttl=64 time=0.049 ms
64 bytes from 10.253.66.200: icmp_seq=4 ttl=64 time=0.048 ms
--- 10.253.66.200 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3007ms
rtt min/avg/max/mdev = 0.048/0.539/1.949/0.814 ms

If your tests went fine, you can now configure the two Apache nodes.

 

6. Installation Of Apache + PHP With MySQL Support

Installing the packages:

If you do not have PHP installed already, use this to install the necessary packages:

lb01/lb02:

aptitude install apache2 php5 libapache2-mod-php5 php5-sqlite

This will install PHP, the Apache webserver and the necessary dependencies onto your system.

  1. Optional: If you want to use MySQL as persistence backend you’ll also need to install the mysql-pdo driver:

aptitude install php5-mysql

Start (or restart) apache by issuing one of these commands:

/etc/init.d/apache2 start

or

/etc/init.d/apache2 restart

 

7. Testing the installation:

Check that your Apache installation is working. Point a browser to http://10.253.66.200/.

E.g.

lynx http://10.253.66.200/

You should see a page displaying the words “It works!“.

 

Note

Test your PHP installation by creating a phpinfo.php file in your Apache document root, e.g. by issuing the following command:

echo ‘<?php phpinfo(); ?>’ > /var/www/phpinfo.php

Then fire up your browser and go to:

lynx http://10.253.66.200/phpinfo.php

You should see a phpinfo page with the correct version number (PHP) at the top.

DONE!

Comments

comments