This topic describes how to implement high availability for primary and secondary Elastic Compute Service (ECS) instances through high-availability virtual IP addresses (HAVIPs) and keepalived.

Prerequisites

Background information

The following scenario is used as an example in this topic. A company has created two ECS instances and NGINX is deployed on both ECS instances. High availability is required for the development of the company business.

The ECS instances can function as a primary and secondary ECS instance with HAVIPs and keepalived. By default, the primary ECS instance (ECS 1) is accessed by the clients. If ECS 1 is faulty, the secondary ECS instance (ECS 2) takes over the services and virtual IP addresses of ECS 1. This implements high availability for your workloads.

Scenario

Procedure

Procedure

Step 1: Create an HAVIP

HAVIPs are private IP resources that can be independently created and released. After you associate an HAVIP with an Elastic Compute Service (ECS) instance, the ECS instance can advertise this HAVIP by sending Address Resolution Protocol (ARP) messages.

To create an HAVIP, perform the following steps:

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click HaVip Addresses.
  3. In the top navigation bar, select the region where you want to create the HAVIP.
  4. On the HaVip Addresses page, click the Create HaVip Address tab.
  5. In the Create HaVip Address dialog box, set the following parameters and click OK.
    • Region: displays the region where the HAVIP is created.
    • VPC: specifies the VPC to which the HAVIP belongs.
    • VSwitch: specifies the VSwitch to which the HAVIP belongs.
    • VSwitch CIDR Block: displays the CIDR block of the VSwitch.
    • Private IP Address: specifies the private IP address of the HAVIP.
      Note You must specify an idle private IP address that falls within the CIDR block of the VSwitch.
After you create the HAVIP, you can view the HAVIP on the HaVip Addresses page.Create an HAVIP

Step 2: Install keepalived on the primary and secondary ECS instances

Keepalived can check the status of an ECS instance. If ECS 1 is faulty, ECS 2 takes over the services and virtual IP addresses of ECS 1. This implements high availability for your workloads.

The following procedure describes how to install keepalived on a CentOS-based ECS instance.

  1. Log on to ECS 1.
  2. Run the following command to install keepalived:
    yum install keepalived
  3. Modify the configuration file of keepalived.
    1. Run the following command to modify the keepalived.conf file:
      vim /etc/keepalived/keepalived.conf
    2. Run the following command to enter the input mode:
      i
    3. Modify the configuration file based on the following information:
      ! Configuration File for keepalived
      global_defs {
         notification_email {
           acassen@firewall.loc
           failover@firewall.loc
           sysadmin@firewall.loc
         }
         notification_email_from Alexandre.Cassen@firewall.loc
         smtp_server 192.168.200.1
         smtp_connect_timeout 30
         router_id LVS_DEVEL
         vrrp_skip_check_adv_addr
         vrrp_garp_interval 0
         vrrp_gna_interval 0
      }
      #vrrp_script checkhaproxy
      #{
      #    script "/etc/keepalived/do_sth.sh"
      #    interval 5
      #}
      vrrp_instance VI_1 {
      state MASTER           #Specify the ECS as the primary ECS instance.
          interface eth0          #Specify the name for the network interface controller (NIC). eth0 is used in this example.  
          virtual_router_id 51
          nopreempt              
      #    preempt_delay 10
          priority 100             #Specify the priority for the secondary ECS instance. A larger number indicates a higher priority. 100 is used in this example.
          advert_int 1        
          authentication {
              auth_type PASS
              auth_pass 1111
          }
          unicast_src_ip 192.168.0.209   #Specify the private IP address for the ECS instance. 192.168.0.209 is used in this example.
          unicast_peer {
              192.168.0.210           #Specify the private IP address for the peer ECS instance. 192.168.0.210 is used in this example.
          }
          virtual_ipaddress {
              192.168.0.88          #Specify the IP address for the HAVIP. 192.168.0.88 is used in this example. 
          }
          notify_master "/etc/keepalived/notify_action.sh MASTER"
          notify_backup "/etc/keepalived/notify_action.sh BACKUP"
          notify_fault "/etc/keepalived/notify_action.sh FAULT"
          notify_stop "/etc/keepalived/notify_action.sh STOP"
          garp_master_delay 1
          garp_master_refresh 5
      
              track_interface {
                      eth0                #Specify a name for the NIC of the ECS instance. eth0 is used in this example.
              }
      #    track_script {
      #        checkhaproxy 
      #    }
      }
    4. Run the following command to save the modification and quit:
      :wq
  4. Run the following command to start keepalived on ECS 1:
    systemctl start keepalived
  5. Log on to ECS 2.
  6. Run the following command to install keepalived:
    yum install keepalived
  7. Modify the configuration file of keepalived.
    1. Run the following command to modify keepalived.conf:
      vim /etc/keepalived/keepalived.conf
    2. Run the following command to enter the input mode:
      i
    3. Modify the configuration file based on the following information:
      ! Configuration File for keepalived
      global_defs {
         notification_email {
           acassen@firewall.loc
           failover@firewall.loc
           sysadmin@firewall.loc
         }
         notification_email_from Alexandre.Cassen@firewall.loc
         smtp_server 192.168.200.1
         smtp_connect_timeout 30
         router_id LVS_DEVEL
         vrrp_skip_check_adv_addr
         vrrp_garp_interval 0
         vrrp_gna_interval 0
      }
      #vrrp_script checkhaproxy
      #{
      #    script "/etc/keepalived/do_sth.sh"
      #    interval 5
      #}
      vrrp_instance VI_1 {
      state BACKUP           #Specify the ECS instance as the secondary ECS instance.
          interface eth0          #Specify the name for the NIC. eth0 is used in this example.  
          virtual_router_id 51
          nopreempt              
      #    preempt_delay 10
          priority 10             #Specify the priority for the secondary ECS instance. A larger number indicates a higher priority. 10 is used in this example.
          advert_int 1        
          authentication {
              auth_type PASS
              auth_pass 1111
          }
          unicast_src_ip 192.168.0.210   #Specify the private IP address for the ECS instance. 192.168.0.210 is used in this example.
          unicast_peer {
              192.168.0.209           #Specify the private IP address for the peer ECS instance. 192.168.0.209 is used in this example.
          }
          virtual_ipaddress {
              192.168.0.88          #Specify an IP address for the HAVIP. 192.168.0.88 is used in this example. 
          }
          notify_master "/etc/keepalived/notify_action.sh MASTER"
          notify_backup "/etc/keepalived/notify_action.sh BACKUP"
          notify_fault "/etc/keepalived/notify_action.sh FAULT"
          notify_stop "/etc/keepalived/notify_action.sh STOP"
          garp_master_delay 1
          garp_master_refresh 5
      
              track_interface {
                      eth0                #Specify a name for the NIC of the ECS instance. eth0 is used in this example.
              }
      #    track_script {
      #        checkhaproxy 
      #    }
      }
    4. Run the following command to save the modification and quit:
      :wq
  8. Run the following command to start keepalived on ECS 2:
    systemctl start keepalived

Step 3: Associate the HAVIP with both ECS instances

You can associate the HAVIP with both the primary and secondary ECS instances. After the association, the ECS instances can advertise this HAVIP by sending ARP messages.
Note An HAVIP must be associated with ECS instances that belong to the same VSwitch. Each HAVIP can be associated with at most two ECS instances.

Perform the following steps to associate the HAVIP with both the primary and secondary ECS instances.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click HaVip Addresses.
  3. In the top navigation bar, select the region of the HAVIP.
  4. Find the HAVIP that you created in Step 1 and click Manage in the Actions column.
  5. In the Resources section, click .
  6. In the dialog box that appears, select ECS 1 and click OK.
  7. Repeat the preceding step to associate the HAVIP with ECS 2.
  8. On the HaVip Details page, you can click Refresh to view the ECS instances that are associated with the HAVIP.
    Associate the HAVIP with ECS instances

Step 4: Associate the HAVIP with an EIP

You can associate the HAVIP with an EIP. After the association, the HAVIP can provide services over the Internet.

Perform the following steps to associate the HAVIP with an EIP:

  1. In the Resources section, click The association icon.
    Associate the HAVIP with an EIP
  2. In the dialog box that appears, select the EIP and click OK.
After the association, you can view the EIPs that are associated with the HAVIP.Associate the HAVIP with an EIP

Step 5: Test high availability

Perform the following steps to test high availability:

  1. Open a browser on the computer.
  2. Enter the IP address of the EIP to access NGINX deployed on the ECS instances.
    Test results:
    • When ECS 1 works as expected, ECS 1 is accessed by the clients.Test result 1
    • When ECS 1 is faulty, ECS 2 takes over the virtual IP address and services of ECS 1. This implements high availability for you workloads.Test result 2