High Availability Squid Web Cache Cluster with DRBD Heartbeat by Babar Zahoor

Learn | Teach Open Source Technologies

High Availability Squid Web Cache Cluster with DRBD Heartbeat by Babar Zahoor

High Availability Linux Cluster Setup using  DRBD  and Heart Beat on CentOS 5.x 6.x /RHEL 5.x 6.X/ Fedora

#### This How To belongs to My video on High Availability Squid Cache using DRBD and HeartBeat ####

OS CentOS 5.3 on both machines.

We will setup for Transparent squid on High Availability Cluster.

Packages are available on CentOS extras repository.

Our Scenario

We have two servers

baber 192.168.1.50 Primary server

farrukh 192.168.1.60 Secondry server

Setup for IP to name resolve ## we don’t have DNS we need this step

Basic Setup Configuration

[[email protected] ~]# vim /etc/hosts
192.168.1.50 baber
192.168.1.60 farrukh
wq!
[[email protected] ~]# ping baber
PING baber (192.168.1.50) 56(84) bytes of data.
64 bytes from baber (192.168.1.50): icmp_seq=1 ttl=64 time=4.15 ms
64 bytes from baber (192.168.1.50): icmp_seq=2 ttl=64 time=0.126 ms
64 bytes from baber (192.168.1.50): icmp_seq=3 ttl=64 time=1.88 ms
[1]+ Stopped ping baber
[[email protected] ~]# ping farrukh
PING farrukh (192.168.1.60) 56(84) bytes of data.
64 bytes from farrukh (192.168.1.60): icmp_seq=1 ttl=64 time=1.32 ms
64 bytes from farrukh (192.168.1.60): icmp_seq=2 ttl=64 time=0.523 ms
64 bytes from farrukh (192.168.1.60): icmp_seq=3 ttl=64 time=1.79 ms
[2]+ Stopped ping farrukh


[[email protected] ~]#
[[email protected] ~]# scp /etc/hosts 192.168.1.60:/etc/hosts

On Node1 servers:

stop unwanted services on both servers

[[email protected] ~]# /etc/init/sendmail stop
[[email protected] ~]# chkconfig –level 235 sendmail off
[[email protected] ~]# iptables -F
[[email protected] ~]#service iptables save
[[email protected] ~]# /etc/init/sendmail stop
[[email protected] ~]# chkconfig –level 235 sendmail off
[[email protected] ~]# iptables -F
[[email protected] ~]#service iptables save
[[email protected] ~]# rpm -qa | grep ntp
 ntp-4.2.2p1-9.el5.centos.1

Then we need to open ntp server configuration file.

[[email protected] ~]# vi /etc/ntp.conf
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
### Edited By Babar Zahoor Jun 16 2009 ###
#server 0.centos.pool.ntp.org
#server 1.centos.pool.ntp.org
#server 2.centos.pool.ntp.org
#broadcast 192.168.1.255 key 42 # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 key 42 # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 key 42 # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
########## for server use this and on clients comment this and use server serverIP ##################
server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()’ing
# it to the file.
# driftfile /var/lib/ntp/drift
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
# Specify the key identifiers which are trusted.
# trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
# requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
keys /etc/ntp/keys
wq!

[[email protected] ~]#
[[email protected] ~]# /etc/init.d/ntpd start
[[email protected] ~]# chkconfig –level 235 ntpd on

[[email protected] ~]# vim /etc/ntp.conf
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
#restrict 127.0.0.1
#estrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 192.168.1.50 ### add this line on second server ###
#server 0.centos.pool.ntp.org
#server 1.centos.pool.ntp.org
#server 2.centos.pool.ntp.org
#broadcast 192.168.1.255 key 42 # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 key 42 # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 key 42 # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
#server 127.127.1.0 # local clock ##### #####
#fudge 127.127.1.0 stratum 10
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()’ing
# it to the file.
driftfile /var/lib/ntp/drift
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
wq!

[[email protected] ~]# /etc/init.d/ntpd start
[[email protected] ~]# chkconfig –level 235 ntpd on
[[email protected] ~]# ntpdate -u 192.168.1.50
[[email protected] ~]# watch ntpq -p -n[[email protected] ~]# watch ntpq -p -n

PARTITION SETUP On Both Servers.

Partion setup on both server identical same with fdisk

We have 3GB disks on both servers.

Partition Setup for Cluster Servers

We need to create LVM partition

[[email protected] ~]# fdisk -l
[[email protected] ~]# fdisk /dev/sdb
[[email protected] ~]# fdisk /dev/sd
 sda sda1 sda2 sdb sdb1

[[email protected] ~]# fdisk /dev/sdb
Command (m for help): m
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition’s system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
Command (m for help): p
Disk /dev/sdb: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 522 4192933+ 8e Linux LVM
Command (m for help): d
Selected partition 1
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-522, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-522, default 522): +4000M
Command (m for help): p
Disk /dev/sdb: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 487 3911796 83 Linux
Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 8e
Changed system type of partition 1 to 8e (Linux LVM)
Command (m for help): p
Disk /dev/sdb: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 487 3911796 8e Linux LVM
Command (m for help):
Command (m for help): w

[[email protected] ~]# partprobe
Create Physical Volume for LVM this is second step for LVM partition.

[[email protected] ~]# pvcreat /dev/sdb1

Create Volume Group with this command
[[email protected] ~]# vgcreate vgdrbd /dev/sdb1

Create Logical volume partition
[[email protected] ~]# lvcreate -n lvdrbd /dev/mapper/vgdrbd -L +4000M

Note: Create LVM on Both servers identical same ……………

Please add these three values in sysctl.conf

[[email protected] ~]#vi /etc/sysctl.conf
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
save & quit
[[email protected] ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
[[email protected] ~]#

DRBD Setup

Please install drbd82 & kmod-drbd82 rpms using yum command.

[[email protected] ~]#yum install -y drbd82 kmod-drbd82

open /etc/drbd.conf

[[email protected] ~]#vim /etc/drbd.conf
global {
usage-count yes;
}
common {
syncer { rate 10M; }
}
resource r0 {
protocol C;
handlers {
pri-on-incon-degr “echo o > /proc/sysrq-trigger ; halt -f”;
pri-lost-after-sb “echo o > /proc/sysrq-trigger ; halt -f”;
local-io-error “echo o > /proc/sysrq-trigger ; halt -f”;
outdate-peer “/usr/lib/heartbeat/drbd-peer-outdater -t 5″;
}
startup {
}
disk {
on-io-error detach;
}
net {
after-sb-0pri disconnect;
after-sb-1pri disconnect;
after-sb-2pri disconnect;
rr-conflict disconnect;
}
syncer {
rate 10M;
al-extents 257;
}
on node1 {
device /dev/drbd0;
disk /dev/VGdrbd/lvdrbd;
address 192.168.1.50:7788;
meta-disk internal;
}
on node2 {
device /dev/drbd0;
disk /dev/VGdrbd/lvdrbd;
address 192.168.1.60:7788;
meta-disk internal;
}
}
wq!
[[email protected] ~]#
[[email protected] ~]# scp /etc/drbd.conf farrukh:/etc/drbd.conf

We need to run module on both servers to run drbd

Load DRBD module both nodes:

[[email protected] ~]# modprobe drbd
[[email protected] ~]# echo “modprobe drbd” >> /etc/rc.local

[[email protected] ~]# modprobe drbd
[[email protected] ~]# echo “modprobe drbd” >> /etc/rc.local

##### run this on both servers ######

[[email protected] ~]#drbdadm create-md r0
[[email protected] ~]#drbdadm create-md r0
[[email protected] ~]#drbdadm attach r0
[[email protected] ~]#drbdadm attach r0
[[email protected] ~]#drbdadm syncer r0
[[email protected] ~]#drbdadm syncer r0
[[email protected] ~]#drbdadm connect r0
[[email protected] ~]#drbdadm connect r0

On Primary Node only

[[email protected] ~]#drbdadm — –overwrite-data-of-peer primary r0

On both Nodes:

[[email protected] ~]#drbdadm up all
[[email protected] ~]#drbdadm up all

On Primary Node only

[[email protected] ~]#drbdadm — primary all #### ON Node one Only ####
[[email protected] ~]#watch cat /proc/drbd

only on baber ########## Primary Node ########

[[email protected] ~]#mkfs.ext3 /dev/drbd0
[[email protected] ~]#mkdir /data/
[[email protected] ~]#mount /dev/drbd0 /data/
[[email protected] ~]#
[[email protected] ~]# df -hk
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
5967432 2625468 3033948 47% /
/dev/sda1 101086 12074 83793 13% /boot
tmpfs 257720 0 257720 0% /dev/shm
/dev/drbd0 4031516 107600 3719128 3% /data
[[email protected] ~]#

On farrukh ####### Secondry Node #######

[[email protected] ~]#mkdir /data
Heartbeat Setup:

Install heartbeat package using yum

Note: Internet connection is required or configure yum repository on your local machine with extras.

[[email protected] ~]#yum install -y heartbeat heartbeat-pils heartbeat-stonith heartbeat-devel

## Create this file and copy this text ##
[[email protected] ~]#vim /etc/ha.d/ha.cf 
logfacility local0
keepalive 2
#deadtime 30 # USE THIS!!!
deadtime 10
# we use two heartbeat links, eth2 and serial 0
bcast eth0 ####### We can use eth1 instead of eth0 it’s better option ########
#serial /dev/ttyS0
baud 19200
auto_failback on ################## Active Active state #################
node baber
node farrukh
save & quit.
Server Baber  (Primary Node)
[[email protected] ~]#vi /etc/ha.d/haresources
baber IPaddr::192.168.1.190/24/eth0 drbddisk::r0 Filesystem::/dev/drbd0::/data::ext3 squid
wq!
Server farrukh: Secondary Node
[[email protected] ~]#vi /etc/ha.d/haresources
farrukh IPaddr::192.168.1.190/24/eth0 drbddisk::r0 Filesystem::/dev/drbd0::/data::ext3 squid
wq!

On Both Servers:
[[email protected] ~]#vi /etc/ha.d/authkeys
auth 3
3 md5 redhat ######### Use Long name as password #########
both NODE:
[[email protected] ~]#chmod 600 /etc/ha.d/authkeys
[[email protected] ~]#scp /etc/ha.d/authkeys farrukh:/etc/ha.d/authkeys
[[email protected] ~]#chkconfig –level 235 heartbeat on

Note: if you have problem mounting /dev/drbd0 on /data then run these commands to check the status if you found the drbddisk stopped then start it.

[[email protected] ~]#/etc/ha.d/resource.d/drbddisk r0 status
[[email protected] ~]#/etc/ha.d/resource.d/drbddisk r0 start
[[email protected] ~]#/etc/ha.d/resource.d/drbddisk r0 restart

[[email protected] data]# service drbd status
drbd driver loaded OK; device status:
version: 8.0.13 (api:86/proto:86)
GIT-hash: ee3ad77563d2e87171a3da17cc002ddfd1677dbe build by [email protected], 2008-10-02 13:31:44
m:res cs st ds p mounted fstype
0:r0 Connected Primary/Secondary UpToDate/UpToDate C /data ext3
we can see that servers are in Primary/Secondary state and working well with /data directory mounted.

To takeover the machine node1 to node2 forcefully.

[[email protected] ~]#/usr/lib/heartbeat/hb_takeover
Transparent Squid Configuration on both servers.
[[email protected] ~]#vim /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1 #### If it is 0 make it 1 for packet forwarding ####
wq!

[[email protected] ~]#scp /etc/sysctl.conf farrukh:/etc/sysctl.conf
[[email protected] ~]#sysctl -p

[[email protected] ~]# sysctl -p
[[email protected] ~]#yum install -y squid
[[email protected] ~]#vim /etc/squid/squid.conf
search these options using / and edit as required
http_port 3128 transparent
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
cache_dir ufs /data/squid 1000 32 256 ##### cache directories must be at /data/squid #####
visible_hostname squid.ha-cluster.com
wq!
[[email protected]baber ~]# cd /data
[[email protected] ~]# mkdir squid
[[email protected] ~]# chown squid:squid squid

Note: This is required on only primary server i.e baber

[[email protected] ~]#scp /etc/squid/squid.conf farrukh:/etc/squid/squid.conf
[[email protected] ~]#iptables -F
[[email protected] ~]#iptables -t nat -A PREROUTING -p tcp -i eth0 –dport 80 -j REDIRECT –to-port 3128
[[email protected] ~]#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[[email protected] ~]#service iptables save
[[email protected] ~]#iptables -F
[[email protected] ~]#iptables -t nat -A PREROUTING -p tcp -i eth0 –dport 80 -j REDIRECT –to-port 3128
[[email protected] ~]#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[[email protected] ~]#service iptables save

On both servers

[[email protected] ~]#/etc/init/heartbeat start
[[email protected] ~]#ifconfig
[[email protected] ~]#tail -f /var/log/squid/access.log
[[email protected] ~]#/etc/init/heartbeat start
[[email protected] ~]#ifconfig

Note: We must use VIP/Service IP which we define in heartbeat i.e. 192.168.1.190 as default gateway IP for accessing the internet transparently.

ALHAMDULILLAH We have Done it………….