{"id":509,"date":"2015-02-23T14:28:28","date_gmt":"2015-02-23T14:28:28","guid":{"rendered":"http:\/\/general.sio57.info\/wp\/?p=509"},"modified":"2021-03-10T14:04:23","modified_gmt":"2021-03-10T14:04:23","slug":"ipfire-redondance","status":"publish","type":"post","link":"http:\/\/general.sio57.info\/wp\/?p=509","title":{"rendered":"IpFire -redondance"},"content":{"rendered":"<p>On a d\u00e9j\u00e0 install\u00e9 et param\u00e9trer un <a title=\"Firewall\" href=\"http:\/\/general.sio57.info\/wp\/?p=412\" target=\"_blank\" rel=\"noopener\">parefeu Ipfire<\/a>. Mais avoir un pare feu qui fait \u00e9ventuellement proxy c&rsquo;est bien, en avoir un 2ieme redondant c&rsquo;est mieux.<\/p>\n<p>Aussi ce petit article montre comment facilement et rapidement mettre en place de la redondance avec 2 Ipfire.<\/p>\n<p>Pour info :<\/p>\n<ul>\n<li><strong>HeartBeat<\/strong> s&rsquo;assure que pas plus d&rsquo;un noeud n&rsquo;est actif en m\u00eame temps. C&rsquo;est id\u00e9al dans le cas de de la haute disponibilit\u00e9 sur des syst\u00e8mes de fichiers.<\/li>\n<li><strong>KeepAlived<\/strong> lui s&rsquo;assure qu&rsquo;au moins un n\u0153ud est actif. Il permet de g\u00e9n\u00e9rer une IP virtuelle. Il peut aussi faire du loadbalancing entre deux serveurs web. Ce n&rsquo;est\u00a0 pas le propos ici, mais il suffit de regarder dans le dossier \u00ab\u00a0samples\u00a0\u00bb de keepalived.<\/li>\n<\/ul>\n<p><!--more--><\/p>\n<h1>Principe<\/h1>\n<ul>\n<li>ipfire 1 : interface verte= 10.9.199.254<\/li>\n<li>ipfire2 : interface verte= 10.9.199.253<\/li>\n<li>Ipvirtuelle :interface verte= 10.9.199.252<\/li>\n<\/ul>\n<h1>Installation<\/h1>\n<p>Le pakfire keepalived est facilement installable&#8230;IPfire , pakfire, choisir l&rsquo;addons via l&rsquo;interface web d&rsquo;Ipfire<\/p>\n<p><a href=\"http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/pakfire-keep-alive.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-510\" src=\"http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/pakfire-keep-alive-300x210.jpg\" alt=\"pakfire keep alive\" width=\"300\" height=\"210\" srcset=\"http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/pakfire-keep-alive-300x210.jpg 300w, http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/pakfire-keep-alive.jpg 612w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<ul>\n<li>Red\u00e9marrer IPfire<\/li>\n<\/ul>\n<h1>Configuration<\/h1>\n<p>Sur les machines IPfire :\u00a0modifier les fichiers de configuration de Keepalived<\/p>\n<ul>\n<li>Dans la partie Vrrp (le protocole de redondance) :<\/li>\n<\/ul>\n<p style=\"padding-left: 30px;\">L&rsquo;\u00e9tat est soit MASTER, soit BACKUP<\/p>\n<p style=\"padding-left: 30px;\">L&rsquo;interface n&rsquo;est pas eth0 mais <strong>green0<\/strong> ou (orange0)<\/p>\n<p style=\"padding-left: 30px;\">La priorit\u00e9 est soit 150 pour le master, soit 100 pour le backup<\/p>\n<p style=\"padding-left: 30px;\">Modifier le mot de passe&#8230;<\/p>\n<p style=\"padding-left: 30px;\">Modifier la virtual ipaddress<\/p>\n<p style=\"padding-left: 30px;\">ex : 10.9.199.252\/24 brd 10.9.199.255 dev green0 scope global<\/p>\n<p>vi \/etc\/keepalived\/keepalived.conf \u00a0(<a title=\"Commandes Vi\" href=\"http:\/\/free-electrons.com\/doc\/vi_memento_fr.pdf\" target=\"_blank\" rel=\"noopener\">commandes vi<\/a>)<\/p>\n<p><a href=\"http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-2.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-1489\" src=\"http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-2.jpg\" alt=\"\" width=\"732\" height=\"408\" srcset=\"http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-2.jpg 965w, http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-2-300x167.jpg 300w, http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-2-768x427.jpg 768w\" sizes=\"auto, (max-width: 732px) 100vw, 732px\" \/><\/a><\/p>\n<p>\u00a0<\/p>\n<p>Attention au fichier par d\u00e9faut, il est pr\u00e9vu pour g\u00e9rer aussi le service web. Il faut donc supprimer les lignes en trop.\u00a0<\/p>\n<p>D\u00e9marrer \u00a0keepalived\u00a0 via la commande<\/p>\n<p><span class=\"ezoeItemCustomTag code_par\">\/etc\/init.d\/keepalived start<\/span><\/p>\n<p><span class=\"ezoeItemCustomTag code_par\">\/etc\/init.d\/keepalived stop -&gt; avant si vous avez fait une modification<\/span><\/p>\n<p>V\u00e9rifier l&rsquo;adressage de votre 1er IPfire avec la commande ip addr show dev green0<\/p>\n<p><a href=\"http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-ipadd.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1490\" src=\"http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-ipadd.jpg\" alt=\"\" width=\"549\" height=\"159\" srcset=\"http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-ipadd.jpg 549w, http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-ipadd-300x87.jpg 300w\" sizes=\"auto, (max-width: 549px) 100vw, 549px\" \/><\/a><\/p>\n<h1>\u00a0<\/h1>\n<h1>Test<\/h1>\n<p>Couper la connexion de l&rsquo;IP fire principal, le deuxi\u00e8me prend le relais.<\/p>\n<ul>\n<li>Tracert permet de v\u00e9rifier le passage \u00ab\u00a0r\u00e9el\u00a0\u00bb<\/li>\n<li>Arp permet de voir le lien MAC entre l&rsquo;adresse IP r\u00e9elle et la virtuelle.<\/li>\n<\/ul>\n<p>Ici c&rsquo;est d&rsquo;abord le second qui avait &lsquo;ip virtuelle (elle n&rsquo;est attribu\u00e9e qu&rsquo;\u00e0 un seul serveur en m\u00eame temps)<\/p>\n<p><a href=\"http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-test.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-1491\" src=\"http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-test-1024x491.jpg\" alt=\"\" width=\"571\" height=\"274\" srcset=\"http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-test-1024x491.jpg 1024w, http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-test-300x144.jpg 300w, http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-test-768x368.jpg 768w, http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-test.jpg 1143w\" sizes=\"auto, (max-width: 571px) 100vw, 571px\" \/><\/a><\/p>\n<p>On change de serveur\u00a0<\/p>\n<p><a href=\"http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-test2.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-1492\" src=\"http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-test2-1024x474.jpg\" alt=\"\" width=\"640\" height=\"296\" srcset=\"http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-test2-1024x474.jpg 1024w, http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-test2-300x139.jpg 300w, http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-test2-768x356.jpg 768w, http:\/\/general.sio57.info\/wp\/wp-content\/uploads\/2015\/02\/vrrp-test2.jpg 1125w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/a><\/p>\n<p>Attention au service <strong>DHCP<\/strong> si il est h\u00e9berg\u00e9 sur IPfire, il faudra aller modifier le fichier de configuration et car on ne peut pas attribuer l&rsquo;adresse IP virtuelle aux clients par l&rsquo;interface graphique.<\/p>\n<p>Il faut bien sur avoir le service DHCP fonctionnel sur les deux IPfire avec des \u00e9tendues compl\u00e9mentaires et\u00a0\u00a0\u00e9diter\u00a0 <strong>\/var\/ipfire\/dhcp\/dhcpd.conf.local<\/strong>\u00a0<\/p>\n<p>Dans option<span style=\"font-size: inherit;\"> routers remplacer l&rsquo;adresse ip de la passerelle par l&rsquo;adresse IP virtuelle;<\/span><\/p>\n<div class=\"codehilite\">\n<pre><code><\/code><\/pre>\n<\/div>\n<h3 id=\"66-make-keepalived-run-at-boot\">\u00a0Faire que keepalived d\u00e9marre au boot<\/h3>\n<p>Sur les deux IPFires, editer <strong>\/etc\/sysconfig\/rc.local<\/strong> and ajouter <strong>\/etc\/init.d\/keepalived start<\/strong><\/p>\n<p>On peut (doit) aller plus loin en faisant du loadbalancing , il\u00a0 faut consulter les fichiers \u00ab\u00a0exemples fournis dans \/etc\/keepalived\/samples.<\/p>\n\n\n<p>A consulter aussi <a href=\"https:\/\/wiki.ipfire.org\/addons\/keepalived\">https:\/\/wiki.ipfire.org\/addons\/keepalived<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On a d\u00e9j\u00e0 install\u00e9 et param\u00e9trer un parefeu Ipfire. Mais avoir un pare feu qui fait \u00e9ventuellement proxy c&rsquo;est bien, en avoir un 2ieme redondant c&rsquo;est mieux. Aussi ce petit article montre comment facilement et rapidement mettre en place de la redondance avec 2 Ipfire. Pour info : HeartBeat s&rsquo;assure que pas plus d&rsquo;un noeud [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[59,71,45,44],"tags":[75,74,53],"class_list":["post-509","post","type-post","status-publish","format-standard","hentry","category-7-application","category-7-application-supervision","category-linux","category-sisr5","tag-ipfire","tag-keepalived","tag-redondances"],"_links":{"self":[{"href":"http:\/\/general.sio57.info\/wp\/index.php?rest_route=\/wp\/v2\/posts\/509","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/general.sio57.info\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/general.sio57.info\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/general.sio57.info\/wp\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/general.sio57.info\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=509"}],"version-history":[{"count":7,"href":"http:\/\/general.sio57.info\/wp\/index.php?rest_route=\/wp\/v2\/posts\/509\/revisions"}],"predecessor-version":[{"id":1493,"href":"http:\/\/general.sio57.info\/wp\/index.php?rest_route=\/wp\/v2\/posts\/509\/revisions\/1493"}],"wp:attachment":[{"href":"http:\/\/general.sio57.info\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=509"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/general.sio57.info\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=509"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/general.sio57.info\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=509"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}