Solved HA active-passive cluster, for a pair of java application servers.

Freebsd4me

Freebsd4me

Greetings and salutations my good people! ?

I've just joined this forum since I'm a recent hire at a company that requires me to cluster some freebsd app servers, and from what I've found so far online, it ain't gonna work in a linuxy way. So, I figured I'd go ahead and join and let my first official question here be a doozy. So here goes.

My question really isn't about getting into the weeds, but merely a high level question as to what's currently the best way to go about my specific need. Namely, a HA active-passive cluster, with at most ONE instance being up at any given time. An 'active' node and a 'standby' node. There's no shared storage or split brain to worry about, so I just need something pretty simple. Ideally a way to do a 'pre' and a 'post' script to handle the switcheroo gracefully. I've found 'carp', but this seems more suited for active-active - unless I'm missing something.

Here's some related packages I've found that may be useful, but I'm unable to find a good reference for how to get these installed and working together. Zookeeper may be unnecessary, I think corosync would be the 'heartbeat' checker and pacemaker would work to manage the services. I've also ran across some old documents that also used keepalived, but I'm not finding that in the repo, so if necessary I guess I'd be building from source.

pacemaker1-1.1.24_4 Scalable High-Availability cluster resource manager
pacemaker2-2.1.2_4 Scalable High-Availability cluster resource manager

zookeeper-3.8.0 Coordination Service for Distributed Applications

corosync2-2.4.6 Corosync Cluster Engine
corosync3-2.99.5_1 Corosync Cluster Engine

Any thoughts and suggestions will be much appreciated!
 
Freebsd4me said:
I've just joined this forum
Click to expand...
Hello, and welcome. Please read Forum Rules and Guidelines (REQUIRED READING), specifically Select the right forum for new threads.

The howto section is not for asking how to do things. Thread moved.

Freebsd4me said:
My question really isn't about getting into the weeds, but merely a high level question as to what's currently the best way to go about my specific need. Namely, a HA active-passive cluster, with at most ONE instance being up at any given time. An 'active' node and a 'standby' node. There's no shared storage or split brain to worry about, so I just need something pretty simple. Ideally a way to do a 'pre' and a 'post' script to handle the switcheroo gracefully. I've found 'carp', but this seems more suited for active-active - unless I'm missing something.
Click to expand...
CARP has a MASTER and BACKUP node, the MASTER is active, BACKUP is passive. Which is exactly what you're looking for. You do need three IP addresses, one for each individual node and a virtual address that 'floats' between them. And there has to be a layer 2 connection between the two nodes. Your clients connect to the virtual IP address and the MASTER node will accept the connection. If you switch off the master node the backup will automagically become master.

33.10. Common Address Redundancy Protocol (CARP)

You can do some tricks with devd(8) to automatically start/stop something when the state of the interface changes.

Code: 
% cat /etc/devd/carp.conf
notify 0 {
        match "system"    "CARP";
        match "subsystem" "[0-9]+@[0-9a-z]+";
        match "type"      "(MASTER|BACKUP)";
        action "/root/bin/carpcontrol.sh $type $subsystem";

Freebsd4me said:
I've also ran across some old documents that also used keepalived, but I'm not finding that in the repo, so if necessary I guess I'd be building from source.
Click to expand...
Keepalived is often used on Linux. It's a poor-mans version of a userland-based virtual IP that can move between hosts. It heavily depends on IPTables, which is rather specific to Linux. If you're specifically looking for a userland based solution you may want to have a look at net/ucarp.

There used to be a net/keepalived port, but it depended on net/ipvs. That port was specific to FreeBSD 5.x and was never updated to support the later FreeBSD versions. So this all got removed a really long time ago.
 
Yep - exactly how I've done that on linux, using 'heartbeat' and a VIP. Allrightythen, guess I'm off to the races with CARP. Good times!

Thanks SirDice! You're all right, I don't care what anyone else says!
 
I see ucarp is available - after looking into what 'userland' is, I'm not clear on the difference, other than maybe the fact that CARP is inside the kernel and ucarp ain't? Why would one better serve my situation over the other? Pros/cons? I'm all ears.

ucarp-1.5.2.20171201 Userlevel Common Address Redundancy Protocol

And I'm not finding carp in the repo - which implies it's already 'in there'. So is it really just as easy as doing a
carp_load="YES" in rc.conf? ?

Another quick question to - I just happened across sysutils/monit - seems to be actively maintained - would this be a viable alternative also?
 
Ok - spun up two freebsd 13.1 instances, installed apache24 for testing failover, then configured CARP on my master node.
I can hit both apaches default It Works page by pointing my browser at their respective IP's.
I confirmed my VIP on my master node -

em0: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=481009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER,NOMAP>
ether 08:00:27:b5:e8:8c
inet 192.168.1.127 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.1.130 netmask 0xffffff00 broadcast 192.168.1.255 vhid 10
carp: MASTER vhid 10 advbase 1 advskew 0
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

So, before I even get to my Backup node, I want to be sure that I can hit the default apache page on my CARP VIP.

But I can't - and it occurs to me, of course I cannot, how would my laptop browser know how to find that IP? I can't even add a static route on my OpenWRT home router w/o a mac addy...

So, to set this up it seems like I need some layer 2 action - is this correct? I'm at home so I don't have any fancy switches, et. al.
Is there any way to hack together a virtual switch or something to make this VIP reachable on my LAN?

Thanks again!
 
It should just work(tm). Can you ping 192.168.1.130? If so it's probably that Apache is not listening on that interface.
 
Make sure Apache is actually binding to the VIP address.

Freebsd4me said:
spun up two freebsd 13.1 instances,
Click to expand...
VMs? Make sure you configure the VMs to allow 'promiscuous' mode on the interfaces.

Freebsd4me said:
So, to set this up it seems like I need some layer 2 action - is this correct?
Click to expand...
Both nodes need to be able to talk to each other on layer 2. But you don't need any special configuration on the switch for this. So it should work on a bog standard unmanaged switch.
 
Well - it's done. I really can't believe how easy it was to set this up, and it just works. Very surprising. Guess y'all can mark this one SOLVED.
For the record, here's how I got this done -

master 192.168.1.127 backup 192.168.1.128 VIP 192.168.1.130

pkg install apache24
sysrc apache24_enable=yes
service apache24 start
cp /usr/local/etc/apache24/httpd.conf /usr/local/etc/apache24/orig_httpd.conf
vim /usr/local/etc/apache24/httpd.conf #set ServerName, prob not necessary
vim /usr/local/www/apache24/data/index.html #changed master to It Works on Master! and backup to It Works on Backup!

- MASTER node -
vim /boot/loader.conf
carp_load="YES"

vim /etc/sysctl.conf #only done on master, this makes sure this one can preempt any other carp speakers on the network
net.inet.carp.preempt=1

vim /etc/rc.conf
ifconfig_em0_alias0="inet vhid 10 pass supersecret 192.168.1.130/24"

kldload carp
service netif restart
ifconfig

- BACKUP node -
vim /boot/loader.conf
carp_load="YES"

vim /etc/rc.conf
ifconfig_em0_alias0="inet vhid 10 pass supersecret advskew 100 192.168.1.130/24"

kldload carp
service netif restart
 
SirDice said:
Edit the first post of the thread.
Click to expand...
I don't see any way to do that either. I can share, unwatch, reply/quote, etc. No link anywhere to edit. Maybe because I have a new account?
Anyway, doesn't matter, I see somebody already marked it, just curious for future reference.
I suspect I'll be back here again! ?
 
ooo, after just making that post above, there's now an 'edit' link in the lower left corner.
But that link only exists on my last post above, none of the other earlier posts.
Smells like a commie plot!
 
You want "edit thread" under the three dots menu above your first post, then select "solved" from the dropdown next to the title.

1676072758648.png


1676072780628.png
 
Nope, no three dots...
I presume it's because I have a new account and haven't made it to official member status...
1676320606779.png
 
You must log in or register to reply here.
Back
Top