Linux High Availability Part 1

I have been itching to dive into high availability clusters for quite some time now. As a network administrator uptime is a crucial part of my field. My goal in this series of blogs is to share my experience with setting up a high availability cluster using Linux systems. Debriefing: I will set up two virtual machines using VirtualBox. The two machines will both run Debian 5.0.2 i386 and will be on their own private network 192.168.2.0/24. The two nodes will together provide a high availability web and database service via Apache2 and MySQL using HA. With clustering an important factor is keeping data synchronized, that will be handled by DRDB.

Getting Up To Speed: At this point I have setup my two virtual machines, Bravo and Echo, yes very original. I am using iptables on the host machine to masquerade the packets that need to go out to the Internet for the virtual machines. I have installed HA and drbd8 via the Debian packaging system. I configured HA using the Installing Heartbeat (Newbie) screencast tutorial. Similarly I configured a very simple setup of DRBD following the documentation. Now then, lets get into the details of my progress so far. Networking Woes: Ok, so the networking part of this mission was a slight barrier. I recall in the past I struggled to get multiple virtual machines to communicate with each other with VirtualBox. This time I seem to have planted that issue right on its ass, and I’m going to explain just how I did it. In order to get virtual machines to network we need to change the guest operating systems from NAT to Host Interface in the Network settings. If only it were this simple! Well we actually need a TAP interface for the guest operating system to use. Lets hop into the trenches shall we? First we need to let the kernel know wish to act like a router, forwarding packets: Note this can also be set in /etc/sysctl.conf then it will not have to be set at every boot.

echo 1 > /proc/sys/net/ipv4/ip_forward

Next we need to create our TAP interfaces: The interface names are arbitrary but it is important that the same name is used when assigning them to each virtual machine.

tunctl -t tap0 -u username tunctl -t tap1 -u username ifconfig tap0 up ifconfig tap1 up

Now lets create a bridge interface and add our TAP interfaces: The IP assigned is arbitrary but do make note of it

brctl addbr br0 brctl addif br0 tap0 brctl addif br0 tap1 ifconfig br0 up ifconfig br0 192.168.2.1

Now assign each one of the TAP interfaces to each virtual machine and start them up. Assign an IP address to each virtual machine that is in the same network as the bridge interface on the host system. The virtual machines should be able to ping each other as well as the host system. Notice that they can not get out to the Internet though. For this we will need some help from iptables: Beware that using MASQUERADE target is not technically proper with static IP addresses, however its the only way I can get NAT to work properly in this situation. The rule below should not be considered a permanent solution, I don’t plan on leaving it that way at least.

iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE

Now the virtual machines should be able to ping each other, and also make it out to the Internet, assuming that other barriers do not exist like firewalls etc. I will end part 1 at this point. I will catch up on configuring HA and DRBD in part 2 and hopefully at that point also have some more information to share, for now its off to bed and preparing for Monday. So long