HAProxy + NFS + DRBD + DNS RR

High availability and load balancing - BTS SIO SISR

← Previous Home Next →

Objectives

Set up a high availability infrastructure with:

1. HAProxy (Load Balancer)

Installation

apt install haproxy -y

Configuration

nano /etc/haproxy/haproxy.cfg

Full configuration:

global
 log /dev/log local0
 log /dev/log local1 notice
 chroot /var/lib/haproxy
 stats socket /run/haproxy/admin.sock mode 660 level admin
 stats timeout 30s
 user haproxy
 group haproxy
 daemon

defaults
 log global
 mode http
 option httplog
 option dontlognull
 timeout connect 5000
 timeout client 50000
 timeout server 50000

frontend http_front
 bind *:80
 stats uri /haproxy?stats
 default_backend web_pool

backend web_pool
 balance roundrobin
 option httpchk GET /
 server web1 192.168.100.101:80 check
 server web2 192.168.100.102:80 check
 server webbackup 192.168.100.103:80 check backup
Explanations:
  • balance roundrobin: round-robin distribution
  • check: health check
  • backup: server used only when others fail

Start

systemctl enable haproxy
systemctl restart haproxy
systemctl status haproxy

Verification

Access statistics: http://HAPROXY_IP/haproxy?stats

2. NFS (Network File System)

NFS Server

# Installation
apt install nfs-kernel-server -y

# Create shared directory
mkdir -p /srv/partagenfs
chown nobody:nogroup /srv/partagenfs
chmod 777 /srv/partagenfs

# Configure exports
nano /etc/exports

/etc/exports content:

/srv/partagenfs 192.168.100.0/24(rw,sync,no_subtree_check,no_root_squash)
Options:
  • rw: read/write
  • sync: synchronous write (security)
  • no_root_squash: preserves root privileges (security risk!)
# Apply changes
exportfs -ra

# Restart NFS
systemctl restart nfs-kernel-server

NFS Client

# Install client
apt install nfs-common -y

# Manual mount
mkdir -p /mnt/nfs
mount 192.168.100.10:/srv/partagenfs /mnt/nfs

# Automatic mount (/etc/fstab)
nano /etc/fstab

192.168.100.10:/srv/partagenfs /mnt/nfs nfs defaults 0 0

3. DRBD (Distributed Replicated Block Device)

IMPORTANT: DRBD is NOT a shared file system! It is a disk replication in active/passive mode only.

Installation (on both nodes)

apt install drbd-utils -y
modprobe drbd

Configuration (simplified BTS-level example)

nano /etc/drbd.d/r0.res

Content:

resource r0 {
 protocol C;
 on node1 {
 device /dev/drbd0;
 disk /dev/sdb1;
 address 192.168.100.101:7789;
 meta-disk internal;
 }
 on node2 {
 device /dev/drbd0;
 disk /dev/sdb1;
 address 192.168.100.102:7789;
 meta-disk internal;
 }
}
DRBD Protocols:
  • A: asynchronous (fast, risk of data loss)
  • B: semi-synchronous
  • C: synchronous (slow, safe) ← recommended

Initialisation (on both nodes)

drbdadm create-md r0
drbdadm up r0

Set the primary node (node1)

drbdadm primary --force r0

Verification

cat /proc/drbd
drbdadm status r0
DRBD LIMITATION: Only one node can access the disk in read/write at a time. For true active/active sharing, use GFS2, OCFS2 or Ceph.

4. DNS Round Robin

BIND configuration (example)

nano /etc/bind/db.example.com

Add multiple A records with the same name:

www IN A 192.168.100.101
www IN A 192.168.100.102
www IN A 192.168.100.103

DNS queries will be distributed among the 3 servers

LIMITATION: DNS RR does NOT perform health checks. If a server goes down, DNS will keep distributing it → prefer HAProxy or a real load balancer.

5. VRRP (Virtual Router Redundancy Protocol)

Concept

VRRP creates a shared virtual IP between multiple routers/servers. If the master fails, a backup takes over automatically.

NOTE: VRRP is NOT dynamic routing (OSPF, BGP). It is gateway redundancy only.

Configuration (Cisco/pfSense example)

vrrp 10 ip 192.168.1.1
vrrp 10 priority 120
vrrp 10 preempt
Parameters:
  • vrrp 10: VRRP group ID
  • ip 192.168.1.1: shared virtual IP
  • priority 120: priority (higher = master)
  • preempt: reclaim master role if priority is higher

VRRP multicast address

224.0.0.18: multicast address used by VRRP for announcements

Key Points for the BTS Oral