.

Symas How-To Guide

Step 1: Apache Fortress-OpenLDAP Virtual IP Setup


Step 1: Configuring Apache Fortress-OpenLDAP for High Availability


Introduction

This document describes how to setup a VIP (Virtual IP Address) over 2 servers (fortress1 and fortress2).  The concepts should work on any platform but were tailored for Redhat7+.

Here, the two servers can be seen from the clients as one single server, with one single IP address. However, only one server will be reachable, until the VIP switches from one server to the other.

Here is a picture showing the logical view, with the VIP pointing to fortress1 or fortress2 and a fictional set of IP numbers.

In any case, server names aren't all that relevant when it comes to configuring a VIP.

Getting network information

We first need to list the existing network devices on each node. This is done using the ifconfig command :

[myuser@FORTRESS1 ~]$ ifconfig
ens160: flags=4163 mtu 1500
inet 10.71.6.25 netmask 255.255.255.0 broadcast 10.71.6.255
inet6 fe80::20c:29ff:feb0:e2f6 prefixlen 64 scopeid 0x20
ether 00:0c:29:b0:e2:f6 txqueuelen 1000 (Ethernet)

lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)

Do the same on the other machine.

Creating a new virtual IP

This command creates a new IP associated with the existing one. This will not survive a reboot or network restart.

[myuser@FORTRESS1 ~]$ sudo ifconfig ens160:0 10.71.6.100
[myuser@FORTRESS1 ~]$ ifconfig
ens160: flags=4163 mtu 1500
inet 10.71.6.25 netmask 255.255.255.0 broadcast 10.71.6.255
inet6 fe80::20c:29ff:feb0:e2f6 prefixlen 64 scopeid 0x20
ether 00:0c:29:b0:e2:f6 txqueuelen 1000 (Ethernet)

ens160:0: flags=4163 mtu 1500
inet 10.71.6.100 netmask 255.0.0.0 broadcast 10.255.255.255
ether 00:0c:29:b0:e2:f6 txqueuelen 1000 (Ethernet)

lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)

Do the same on the other machine.

Creating a new permanent virtual IP

If we want this VIP to be up when the server is started, we need to create a network script for it.

Assuming the physical network device is ens160, and its associated network script is /etc/sysconfig/network-scripts/ifcfg-ens160, we need to copy this file and give it a new name ending with :0 :

[myuser@FORTRESS1 ~]$ sudo cp /etc/sysconfig/network-scripts/ifcfg-ens160 /etc/sysconfig/network-scripts/ifcfg-ens160:0
[myuser@FORTRESS1 ~]$ sudo chmod 644 /etc/sysconfig/network-scripts/ifcfg-ens160:0

Now change the DEVICE and IPADDR values :

[myuser@FORTRESS1 ~]$ sudo vi /etc/sysconfig/network-scripts/ifcfg-ens160:0

DEVICE=ens160:0
BOOTPROTO=none
HWADDR=
ONBOOT=yes
TYPE=Ethernet
NETMASK=255.255.255.0
IPADDR=10.71.6.100
GATEWAY=10.71.6.1

Finally, restart the network :

[myuser@FORTRESS1 ~]$ sudo service network restart
Restarting network (via systemctl): [ OK ]

We can check that the VIP is up and running :

[myuser@FORTRESS1 ]$ ifconfig
ens160: flags=4163 mtu 1500
inet 10.71.6.25 netmask 255.255.255.0 broadcast 10.71.6.255
inet6 fe80::20c:29ff:feb0:e2f6 prefixlen 64 scopeid 0x20
ether 00:0c:29:b0:e2:f6 txqueuelen 1000 (Ethernet)

ens160:0: flags=4163 mtu 1500
inet 10.71.6.100 netmask 255.255.255.0 broadcast 10.71.6.255
ether 00:0c:29:b0:e2:f6 txqueuelen 1000 (Ethernet)

lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)

Do the same on the other server.

NOTE: two servers can't have the same IP network address at the same time, which means the VIP will always be associated to only one server.

Activate/De-activate a server

If we want to change the server that is seen as the VIP, we just have to shutdown the active server's interface and activate the new server's interface :

[myuser@FORTRESS1 ]$ sudo ifconfig ens160:0 down

and on the other server :

[myuser@FORTRESS2 ]$ sudo service network restart
Developed by: Emmanuel Lécharny

Speak With Us Today

Our staff are here to answer your questions. 
+1 650.963.7601