How to add IP failover to Linux (using UCARP)

  • ucarp allows hosts to share common IP addresses in order to provide automatic failover of an address from one machine to another. Its a userland implementation of CARP, OpenBSD’s alternative to VRRP

note: The disadvantages is that it only provide IP failover, the configuration of the services running on top of the server (postfix, apache, mysql, …) are not transferred, nor synchronized.

## install
$ sudo apt-get install ucarp | sudo yum install ucarp (EPEL)

(configure ucarp on each server; --vhid/--password/--addr must be same on all hosts)
ucarp [-i, --interface=INTERFACE]  [-s, --srcip=IPADDRESS]
       [-v, --vhid=VHID]  [-p, --pass=PASSWORD]  [-o, --passfile=PASSFILE]
       [-P, --preempt]  [-n, --neutral]  [-a, --addr=IPADDR]  [-h, --help]
       [-b, --advbase=SECS]  [-k, --advskew=SKEW]  [-u, --upscript=SCRIPT]
       [-d, --downscript=SCRIPT]  [-r, --deadratio=RATIO]  [-z, --shutdown]
       [-B, --daemonize]  [-f, --facility=FACILITY]  [-x, --xparam PARAM]
       [-S, --ignoreifstate]  [-M, --nomcast]
'-P/--preempt' turn on preemptive failover, this causes an instance of ucarp to assume master status right immediately
'-z/--shutdown' calls '--downscript' when ucarp shuts down
'-b/--advbase SECONDS' interval in seconds that advertisements will occur (defaults to 1 second)
'-k/--advskew SKEW' advertisement skew [1-255] (defaults to 0) ensures backup host advertises later than the master, controls the order of precedence on multiple backup servers
'-r/--deadratio RATIO' ratio used by the backup to determine how long to wait for an unresponsive master before considering it dead
'-u/--upscript SCRIPT' '/usr/share/ucarp/vip-up' for debian/ubuntu and '/usr/libexec/ucarp/vip-up' for centos/rhel
'-d/--downscript SCRIPT' '/usr/share/ucarp/vip-down' for debian/ubuntu and '/usr/libexec/ucarp/vip-down' for centos/rhel

$(server1) export SOURCE_ADDRESS=172.17.0.74; export OPTIONS="-P -z -k 1"
$(server2) export SOURCE_ADDRESS=172.17.0.75; export OPTIONS="-P -z -k 100"
$ export VIP_ADDRESS=172.17.0.76; export ID=1; export BIND_INTERFACE=eth0; export PASSWORD=secret
$ ucarp -i $BIND_INTERFACE -p $PASSWORD -v %ID -a $VIP_ADDRESS -s $SOURCE_ADDRESS $OPTIONS -u $UPSCRIPT -d $DOWNSCRIPT

from ucarp@man

## for ubuntu/debian; 'etc/network/if-up.d/ucarp' parsers '/etc/network/interfaces' and calls ucarp when if goes up
$ cat /etc/network/interfaces
# primary network interface
auto eth0
iface eth0 inet static
    # your current/private ip address
    address 172.17.0.74 (for server1) 
    address 172.17.0.75 (for server2)
...
    ucarp-vid 1
    ucarp-vip 172.17.0.76
    ucarp-password secret
    ucarp-advskew 1 (for server1)
    ucarp-advskew 100 (for server2)
    ucarp-master yes (for server1)
    ucarp-master no (for server2)
# carp network interface, on top of eth1
iface eth0:ucarp inet static
        address 172.17.0.76
        netmask 255.255.240.0
$ service networking restart

## carp is active on server1/master but not in server2
(server1) $ sudo ifconfig
...
eth0:ucarp Link encap:Ethernet  HWaddr 00:0c:29:5b:d8:03
          inet addr:172.17.0.74  Bcast:172.17.15.255  Mask:255.255.240.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
(but when shutdown server1/master, carp ip is transferred to server2; and if server1/master is booted again it gets carp back)

from ucarp in ubuntu/debian

## for upstart centos6/rhel6
$ cp /etc/ucarp/vip-001.conf.example /etc/ucarp/vip-001.conf
$ cat /etc/ucarp/vip-001.conf
ID=001
BIND_INTERFACE="eth0"
SOURCE_ADDRESS="172.17.0.75" (for server1)
SOURCE_ADDRESS="172.17.0.76" (for server2)
VIP_ADDRESS="172.17.0.74"
PASSWORD="secret"
OPTIONS="–shutdown –preempt --advskew=1" (for server1)
OPTIONS="–shutdown –preempt --advskew=100" (for server2)
UPSCRIPT=/usr/libexec/ucarp/vip-up
DOWNSCRIPT=/usr/libexec/ucarp/vip-down
$ service ucarp start

## for systemd centos7/rhel7; already provide unit files but not miss configuration, see http://www.cageorge.com/2014/02/ucarp-on-arch-linux/
$ cat /run/systemd/system/ucarp@.service
[Unit]
Description=UCARP virtual interface %I
After=network.target
[Service]
Type=simple
EnvironmentFile=-/etc/ucarp/vip-common.conf
EnvironmentFile=-/etc/ucarp/vip-%I.conf
ExecStart=/usr/sbin/ucarp -i $BIND_INTERFACE -p $PASSWORD -v %I -a $VIP_ADDRESS -s $SOURCE_ADDRESS $OPTIONS -u $UPSCRIPT -d $DOWNSCRIPT
KillMode=control-group
[Install]
WantedBy=multiuser.target
$ systemctl start ucarp@001

from ucarp in centos/rhel

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s