15. IBM Cloud: VMware as a Service（VMWaaS) - 検証: VIP切り替えによる高可用性構成の確認（keepalived）

1. はじめに

前回の記事では、手動でVIPを切り替えていましたが、今回は念の為KeepalivedのようなソフトウェアもVMWaaS上で起動し、VIPを自動的に切り替えに使えることを確認します。

過去の記事はこちら。

• 01. IBM Cloud: VMware as a Service（VMWaaS)の概要
• 02. IBM Cloud: VMware as a Service（VMWaaS) - VDCの注文
• 03. IBM Cloud: VMware as a Service（VMWaaS) - VDCの追加注文
• 04. IBM Cloud: VMware as a Service（VMWaaS) - 外部接続のためのネットワークとNAT/Firewallを構成する
• 05. IBM Cloud: VMware as a Service（VMWaaS) - RHELをプロビジョニングして疎通確認を行う
• 06. IBM Cloud: VMware as a Service（VMWaaS) - 検証: IBM Cloud private networkへの通信におけるSNATの必要性
• 07. IBM Cloud: VMware as a Service（VMWaaS) - 検証: isolated networkとの通信
• 08. IBM Cloud: VMware as a Service（VMWaaS) - 検証: routed network間の通信
• 09. IBM Cloud: VMware as a Service（VMWaaS) - Data Center Groupの構成
• 10. IBM Cloud: VMware as a Service（VMWaaS) - Distributed Firewallの構成
• 11. IBM Cloud: VMware as a Service（VMWaaS) - VDC間のVM/vApp Migration
• 12. IBM Cloud: VMware as a Service（VMWaaS) - VMWaaS APIの実行例
• 13. IBM Cloud: VMware as a Service（VMWaaS) - VMware Cloud Director OpenAPIの実行例
• 14. IBM Cloud: VMware as a Service（VMWaaS) - 検証: VIP切り替えによる高可用性構成の確認（手動切替）
• 15. IBM Cloud: VMware as a Service（VMWaaS) - 検証: VIP切り替えによる高可用性構成の確認（keepalived）
• 16. IBM Cloud: VMware as a Service（VMWaaS) - Transit Gateway接続
• 17. IBM Cloud: VMware as a Service（VMWaaS) - Veeam Backup and Replication service連携

2. Keepalivedの導入・設定

[root@web01 ~]# dnf install keepalived

[root@web01 ~]# vi /etc/keepalived/keepalived.conf
（編集）

[root@web01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
}

vrrp_instance VI_1 {
    state MASTER
    interface ens192
    virtual_router_id 51
    priority 100
    advert_int 1
    virtual_ipaddress {
        192.168.100.100/24
    }
}

全く同様のことをWEB02でも実施します。設定ファイルも全く同じもので大丈夫です。

3. Keepalived起動前の確認

VIP(192.168.100.100/24)は付与されていません。

WEB01のIPアドレス情報

[root@web01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:14:01:b8 brd ff:ff:ff:ff:ff:ff
    altname enp11s0
    inet 192.168.100.3/24 brd 192.168.100.255 scope global noprefixroute ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe14:1b8/64 scope link
       valid_lft forever preferred_lft forever

WEB02のIPアドレス情報

[root@web02 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:14:01:ba brd ff:ff:ff:ff:ff:ff
    altname enp11s0
    inet 192.168.100.4/24 brd 192.168.100.255 scope global noprefixroute ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe14:1ba/64 scope link
       valid_lft forever preferred_lft forever

4. Keepalivedの起動

WEB01/WEB02でkeepalivedを起動

[root@web01 ~]# systemctl start keepalived

[root@web02 ~]# systemctl start keepalived

WEB01にて、VIP(192.168.100.100)が付与された

[root@web01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:14:01:b8 brd ff:ff:ff:ff:ff:ff
    altname enp11s0
    inet 192.168.100.3/24 brd 192.168.100.255 scope global noprefixroute ens192
       valid_lft forever preferred_lft forever
    inet 192.168.100.100/24 scope global secondary ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe14:1b8/64 scope link
       valid_lft forever preferred_lft forever
       
[root@web02 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:14:01:ba brd ff:ff:ff:ff:ff:ff
    altname enp11s0
    inet 192.168.100.4/24 brd 192.168.100.255 scope global noprefixroute ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe14:1ba/64 scope link
       valid_lft forever preferred_lft forever

WEB01/WEB02間のパケット確認。VRRPがMASTERであるWEB01から送付されている。。

[root@web02 ~]# tcpdump -i any vrrp -nn
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
06:43:54.657899 ens192 M   IP 192.168.100.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:43:55.657950 ens192 M   IP 192.168.100.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:43:56.658015 ens192 M   IP 192.168.100.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:43:57.658049 ens192 M   IP 192.168.100.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:43:58.658096 ens192 M   IP 192.168.100.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:43:59.658188 ens192 M   IP 192.168.100.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:44:00.658237 ens192 M   IP 192.168.100.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:44:01.658265 ens192 M   IP 192.168.100.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:44:02.658352 ens192 M   IP 192.168.100.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:44:03.658391 ens192 M   IP 192.168.100.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20

WEBサーバーアクセス。VIPが付与されているのはWEB01のため、VIPアクセス時にはWEB01からHTTP応答が返ってきている。

[root@jumpserver ~]# curl http://192.168.100.3
This is web01

[root@jumpserver ~]# curl http://192.168.100.4
This is web02

[root@jumpserver ~]# curl http://192.168.100.100
This is web01

syasuda@MacBook-Pro ~ % curl http://150.xxx.xx.xx
This is web01

5. WEB01サーバーの障害

WEB01の電源を強制停止（WEB01に障害が発生したという想定）のもと、VIPが自動的にWEB02に切り替わることを確認します。

VIP(192.168.100.100)がWEB02に付与された。

[root@web02 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:14:01:ba brd ff:ff:ff:ff:ff:ff
    altname enp11s0
    inet 192.168.100.4/24 brd 192.168.100.255 scope global noprefixroute ens192
       valid_lft forever preferred_lft forever
    inet 192.168.100.100/24 scope global secondary ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe14:1ba/64 scope link
       valid_lft forever preferred_lft forever

WEB01/WEB02間のパケット確認。VRRPが今度はMASTERであるWEB02から送付されている。

[root@web02 ~]# tcpdump -i any vrrp -nn
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
06:47:28.281219 ens192 Out IP 192.168.100.4 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:47:29.281269 ens192 Out IP 192.168.100.4 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:47:30.281357 ens192 Out IP 192.168.100.4 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:47:31.281410 ens192 Out IP 192.168.100.4 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:47:32.281498 ens192 Out IP 192.168.100.4 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:47:33.281581 ens192 Out IP 192.168.100.4 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:47:34.281670 ens192 Out IP 192.168.100.4 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20
06:47:35.281746 ens192 Out IP 192.168.100.4 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype none, intvl 1s, length 20

WEBサーバーアクセス。VIPが付与されているのはWEB02のため、VIPアクセス時にはWEB02からHTTP応答が返ってきている。

[root@jumpserver ~]# curl http://192.168.100.3
curl: (7) Failed to connect to 192.168.100.3 port 80: No route to host

[root@jumpserver ~]# curl http://192.168.100.4
This is web02

[root@jumpserver ~]# curl http://192.168.100.100
This is web02

syasuda@MacBook-Pro ~ % curl http://150.xxx.xx.xx
This is web02