Ubuntu 14.04 Server + Haproxy + keepalived + failover

I have a webserver [ubuntu, but I’m sure you can pretty much use the same setup for Centos/Fedora] running a few websites for family and friends, although I’m running the server in raid in case I lose a drive, I was still a bit worried about what happens if the whole server goes down.  I’ve wanted to play about with failover for a while, but never got round to it until tonight.  Heres how I did it.

webserver1 – ip
webserver2 [VM on an hyper-v server] – ip

Spare IP that I’m going to use for the transferable IP –

The following steps need to be done on both servers.

  • edit /etc/sysctl.conf add in the line
    net.ipv4.ip_nonlocal_bind=1 this tell the kernel we'll be using IP's that are not defined in the interfaces file.
  • run this
    sysctl -p it tells the server to activate what we put in the sysctl.conf file without rebooting the server
  • install the software we’re going to need –
    apt-get install keepalived haproxy
  • edit the keepalived conf [/etc/keepalived/keepalived.conf ] file add this into it or replace what’s there with this.  replace where it says haproxy1 with the name of your server and update the virtual_ipaddress with one that you have available, this will be the IP that moves between servers.
    global_defs {
      router_id haproxy1
    vrrp_script haproxy {
      script "killall -0 haproxy"
      interval 2
      weight 2
    vrrp_instance 50 {
      virtual_router_id 50
      advert_int 1
      priority 101
      state MASTER
      interface eth0
      virtual_ipaddress { dev eth0
      track_script {
  • edit the haproxy config file – etc/haproxy/haproxy.cfg I found I had to change the port from 80 to 89 or apache wouldn’t run.
    	chroot /var/lib/haproxy
    	user haproxy
    	group haproxy
    	log local0
    	stats socket /var/lib/haproxy/stats
    	maxconn 4000
    	log	global
    	mode	http
    	option	httplog
    	option	dontlognull
            contimeout 5000
            clitimeout 50000
            srvtimeout 50000
    	errorfile 400 /etc/haproxy/errors/400.http
    	errorfile 403 /etc/haproxy/errors/403.http
    	errorfile 408 /etc/haproxy/errors/408.http
    	errorfile 500 /etc/haproxy/errors/500.http
    	errorfile 502 /etc/haproxy/errors/502.http
    	errorfile 503 /etc/haproxy/errors/503.http
    	errorfile 504 /etc/haproxy/errors/504.http
    listen stats
            mode http
            stats enable
            stats uri /stats
            stats realm HAProxy Statistics
            stats auth admin:password
  • Now you need to enable haproxy – /etc/default/haproxy, 
    # Set ENABLED to 1 if you want the init script to start haproxy.
    # Add extra flags here.
    #EXTRAOPTS="-de -m 16"
  • restart the services –
    service keepalived restart
    service haproxy restart
  • on server 1, run this command sudo ip a | grep eth0 you should see something like this –                                                                                                                    
    paulmellors@rmcweb01:~$ sudo ip a | grep eth0
    [sudo] password for paulmellors:
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group defa ult qlen 1000
    inet brd scope global eth0
    inet scope global eth0
  • Note the, this is on the current server, if you’ve configured server correctly, when you reboot server1, it’ll move this IP over to server2

I tested by having my main website on server1, rebooted the server and on server2, checked the IP and as soon as it moved over, kept the site available. Now all I need to do is decide how to sync data between the boxes. I also setup the keepalived.conf slightly different on server2, I changed the state to slave and lowered the priority so that when server1 comes back up, it’ll move the IP back.

Seems to work ok for me 😀


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s