How to Configure HAproxy Load Balancer with Keepalived in CentOS

To configure HAproxy with Keepalived in CentOS

HAproxy is a high available load balancer that performs load balancing for HTTP and other TCP-based services. It can be done by distributing load across real servers. The HAproxy is configured with keepalived to set-up load balance with two or more nodes. This article explains the configuration of HAproxy with Keepalived in CentOS.


Configuration of HAproxy with Keepalived

Two load balancer and backend webservers are required to configure HAproxy. In addition, use two load balancers for same virtual IP.

Testing Environment

Load Balancer-1:

Hostname - ha1.example.com
IP Address &ndash 192.168.5.157

Load Balancer-2:

Hostname - ha2.example.com
IP Address &ndash 192.168.5.158

Web Server-1:

Hostname - ws1.example.com
IP Address &ndash 192.168.5.159

Web Server-2:

Hostname - ws2.example.com
IP Address &ndash 192.168.5.160

Install Apache web-server packages on both the web-servers. If you don' t have DNS server, just add the entry in /etc/hosts file for Host-name resolution.


Installation of HAproxy

Utilize the following command to install the HAproxy package.

[root@ha2 ~]# yum install haproxy -y
Loaded plugins: fastestmirror, langpacks
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
base                                                                                                                                                                  | 3.6 kB  00:00:00     
extras                                                                                                                                                                | 3.4 kB  00:00:00     
updates                                                                                                                                                               | 3.4 kB  00:00:00     
(1/2): extras/7/x86_64/primary_db                                                                                                                                     | 166 kB  00:00:00     
(2/2): updates/7/x86_64/primary_db                                                                                                                                    | 9.1 MB  00:02:01     
Determining fastest mirrors
 * base: mirror.fibergrid.in
 * extras: mirror.fibergrid.in
.
.
.
Transaction test succeeded
Running transaction
  Installing : haproxy-1.5.14-3.el7.x86_64                                                                                                                                               1/1
  Verifying  : haproxy-1.5.14-3.el7.x86_64                                                                                                                                               1/1

Installed:
  haproxy.x86_64 0:1.5.14-3.el7                                                                                                                                                              

Complete!

Configure the HAproxy by replace the line ' frontend main *:5000' with ' frontend main *:80' and comment the line ' use_backend static if url_static' . Replace the web server' s IP address as shown below,

[root@ha2 ~]# vim /etc/haproxy/haproxy.cfg

Entry:

server ws1 192.168.5.159:80 check
server ws2 192.168.5.160:80 check

Then start and enable the service.

[root@ha2 ~]# systemctl start haproxy
[root@ha2 ~]# systemctl enable haproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.

Once the service is enabled, add the firewall by creating new file under /etc/firewalld/services.

[root@ha2 ~]# vim /etc/firewalld/services/haproxy.xml
HAProxy
HAProxy load-balancer

Assign the SELinux context with the following command.

[root@ha2 ~]# cd /etc/firewalld/services
[root@ha2 services]# restorecon haproxy.xml
[root@ha2 services]# chmod 640 haproxy.xml

Open the HAproxy port on the firewall.

[root@ha2 services]# firewall-cmd --permanent --add-service=haproxy
success
[root@ha2 services]# firewall-cmd --reload
Success

Now its time to configure Keepalived, use the following command to install the required packages.

[root@ha2 ~]# yum install keepalived -y
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirror.fibergrid.in
 * extras: mirror.fibergrid.in
 * updates: mirror.fibergrid.in
Resolving Dependencies
-->  Running transaction check
--->  Package keepalived.x86_64 0:1.2.13-7.el7 will be installed
-->  Processing Dependency: libnetsnmpmibs.so.31()(64bit) for package: keepalived-1.2.13-7.el7.x86_64
.
.
.
Installed:
  keepalived.x86_64 0:1.2.13-7.el7                                                                                                                                                           

Dependency Installed:
  net-snmp-agent-libs.x86_64 1:5.7.2-24.el7_2.1                                                                                                                                              

Complete!

Edit the configuration file by creating a backup for the default configuration. Create new configuration and add the below entry as shown below,

[root@ha2 ~]# cd /etc/keepalived/
[root@ha2 keepalived]# ls
keepalived.conf
[root@ha2 keepalived]# mv keepalived.conf keepalived.conf.bak
[root@ha2 keepalived]# ls
keepalived.conf.bak
[root@ha2 keepalived]# vim keepalived.conf

vrrp_script chk_haproxy {
  script " killall -0 haproxy"  # check the haproxy process
  interval 2 # every 2 seconds
  weight 2 # add 2 points if OK
}

vrrp_instance VI_1 {
  interface eth0 # interface to monitor
  state MASTER # MASTER on ha1, BACKUP on ha2
  virtual_router_id 51
  priority 101 # 101 on ha1, 100 on ha2
  virtual_ipaddress {
    192.168.5.200 # virtual ip address
  }
  track_script {
    chk_haproxy
  }
}

Once the above process is completed, then start and enable the service.

[root@ha2 ~]# systemctl stop haproxy
[root@ha2 ~]# systemctl status haproxy

Finally, it is set for high availability load balancer. Just enter IP address in the web browser to see the content of the configured web-server. You can also cross check it by calling IP address of Load Balancer for the same result.

It there is any failure in any one load balancer, it will not affect the client to view the web-server’ s.

Tag : Apache Load balancing Load balancer HAProxy
FAQ
Q
What are the possible architectures with layer7 load balancers?
A
Actually, only one: Proxy mode, but two main flavors of it are available:
Proxy mode
Transparent proxy mode
Q
What isHAproxy Load Balancer?
A
HAproxy is a high available load balancer that performs load balancing for HTTP and other TCP-based services. It can be done by distributing load across real servers. The HAproxy is configured with keepalived to set-up load balance with two or more nodes.
Q
What does layer 7 mean?
A
Layer 7 is related to the seventh layer of the OSI model: application level.
For example, HTTP, FTP, SMTP, DNS protocols are application level.
Q
What is layer 4 load-balancing?
A
A layer 4 load-balancer takes routing decision based on IPs and TCP or UDP ports
The layer 4 connection is established between the client and the server.
It is really fast but can’t perform any action on the protocol above layer 4.

The fastest layer4 load-balancers uses an ASIC to take routing decision
Q
What are the possible architectures with layer4 load balancers?
A
Mainly three architectures are doable, depending on your needs:

NAT or routed
Direct Server Return or Gateway mode
IP Tunnel mode