11 Jan

Freebsd 11.0 – Carp

In this short article i’ll go through CARP(Common Address Redundancy Protocol), how it works and when/where it could be applied. And in the end a basic practical example how to activate and configure CARP on freebsd 11.0.

This is CARP

Carp is a network protocol which allows multiple hosts / servers on the same network to share a set of ip addresses thus creating virtual addresses. This is to prevent downtime by creating a failover redundancy group, but it could also provide load balancing functionality. Carp could be compared to other protocols such as VRRP and HSRP.

It’s like having two office buildings next to each other sharing the same entrance. That way you have one master door leading to the master office, and a backup door leading backup office, but they are sharing the same address. If master door & office is blocked by some reason or out of service, the backup door/office becomes the master till the moment the other door is unblocked or works again. That way a visitor a.k.a client will be able to use the service without noticing anything different.

TL;DR one virtual / shared ip address on several hosts, one server goes down the backup takes over, thus failover but ip only level.

Practical exampel

The example bellow will show how to setup two server with CARP, each server will have their own static ip and a shared virtual ip. And we also have a password to prevent abuse. The setup will be as the picture bellow. And one usage area could be as in this example: proxy interface, if one proxy server goes down the other one continues, thus redundancy.

Master Working

Backup line taking over

Server 1 – /etc/rc.conf
# setup interface em0 with ip 10.0.2.2 and start it.
ifconfig_em0="inet 10.0.2.2 netmask 255.255.255.0"

# Clone interface and name it carp0
cloned_interfaces="carp0"

# set default route to gw in this case 10.0.2.1
defaultrouter="10.0.2.1"

# skew must be =<100
# setup virtual iface on interface carp0, virtual host id 1, advskew 100(master)
# shared password passwd, shared Virtual ip 10.0.2.5
ifconfig_carp0_proxy="inet vhid 1 advskew 100 pass paswd alias 10.0.2.5/32"
Server 2 - /etc/rc.conf
# setup interface em0 with ip 10.0.2.2 and start it.
ifconfig_em0="inet 10.0.2.3 netmask 255.255.255.0"

# Clone interface and name it carp0
cloned_interfaces="carp0"

# set default route to gw in this case 10.0.2.1
defaultrouter="10.0.2.1"

# skew must be =<100
# setup virtual iface on interface em0, virtual host id 1, advskew 200(slave/backup) 
# shared password passwd, shared Virtual ip 10.0.2.5
ifconfig_carp0_proxy="inet vhid 1 advskew 200 pass paswd alias 10.0.2.5/32"
Server 1 & 2 - /boot/loader.conf
# load carp upon boot
carp_load="YES"
Server 1 & 2 - /etc/sysctl.conf
# Allow carp data on the interfaces (enabled by default, but just to make sure)
net.inet.carp.allow=1
# Unsure how to explain but, servers will look ahead and make sure master is master
# and backup is a backup.
net.inet.carp.preempt=1
# Enable logging of the vhid's, logging bad carp data. 
net.inet.carp.log=1
Testing

Could be done by allowing a client to ping 10.0.2.5, and shutdown server 1. Or setup a web-server on both servers with the same configuration on both servers and visit http://10.0.2.5 and do some basic tests to ensure that it works.

Source

And for those who wants more information about carp, look at the good freebsd documentation bellow
https://www.freebsd.org/doc/handbook/carp.html

06 Jan

Freebsd 11.0 – NginX

A quick installation of NginX with a standard configuration. This is by no mean optimal. NginX is a lightweight web-server, which also could be used for loadbalancing, cache server, and it offers many nice features that could be used to provide different services.

Portsnap installation of NginX:
# Keep portsnap up to date before installing.
portsnap fetch update

#Enter the NginX portsnap folder.
cd /usr/ports/www/nginx

# Compilation config for NginX and the same for the required packages.
# Accept default settings unless you have read the manual and you are sure
# what modules to add to the build.
make config-recursive

# Install everything / also compiles all extra features selected and clean up
make install clean

# start nginx at boot
echo 'nginx_enable="YES"' >> /etc/rc.conf
Latest version just by compiling it on your own:
# Enter the tmp folder
cd /tmp

# Replace the x.y.z with the latest stable version
# First we have to install pcre, won't work with pcre2.
# (ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/)
fetch ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-x.y.tar.gz

# Un-tar the file
tar -zxf pcre-x.y.tar.gz

# Setup the conf for the compile
./configure

# Compile
make

# Install the files
make install

# Delete temp files
cd /tmp | rm -R /tmp/pcre-x.y/ | rm /tmp/pcre-x.y.tar.gz

# Download the latest version of Nginx Directly from the site (http://nginx.org/en/download.html)
fetch http://nginx.org/download/nginx-x.y.z.tar.gz

# Un-tar the file
tar -zxf nginx-x.y.z.tar.gz

# Enter the folder
cd nginx-x.y.z

# Configure before the compile (options here: http://nginx.org/en/docs/configure.html).
./configure --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --with-cc-opt="-I /usr/local/include" --with-ld-opt="-L /usr/local/lib" --with-http_stub_status_module

# Compile
make

# Copy the files into the correct folder and so on.
make install

# Remove the un-needed files, this will auto delete if you have installed 
# freebsd 11.0 with the security option 'empty temp upon reboot'
cd /tmp | rm -R /tmp/nginx-x.y.z/ | rm /tmp/nginx-x.y.z.tar.gz

# Create this directory if it doesn't exist
mkdir /usr/local/etc/rc.d

#Download the nginx boot script and chmod it with +x
cd /usr/local/etc/rc.d | fetch --no-verify-peer https://lyxi.ga/wp-content/uploads/nginx | chmod +x /usr/local/etc/rc.d/nginx

#Adding NginX into rc.conf to get it to start upon boot.
echo 'nginx_enable="YES"' &gt;&gt; /etc/rc.conf
Files and hints
# Configuration files located in: /usr/local/etc/nginx/
# Bin: /usr/local/sbin/nginx
# Pid file: /var/run/nginx.pid
# Logs for debugging located in: /usr/local/nginx/logs

# Start, stop, restart, & checkconfiguration
/usr/local/etc/rc.d/nginx start
/usr/local/etc/rc.d/nginx stop
/usr/local/etc/rc.d/nginx restart
/usr/local/etc/rc.d/nginx checkconfig
Sources worth reading

https://www.nginx.com/resources/admin-guide/installing-nginx-open-source/
http://nginx.org/en/docs/configure.html
http://nginx.org/en/docs/beginners_guide.html