Posted on Leave a comment

Deploy Always Available Infrastructure on Azure

Availability is a critical matter when it refers to systems. The ideal scenario for an administrator would be 100% availability for a virtual server/appliance.

However this is not achievable when we deal with infrastructure as we need to close the systems on purpose (patching, maintenance tasks, etc) but also disasters or other nonphysical causes create a downtime.

When we deal with Azure cloud we have the following options that we can use:

  • Availability sets
  • Availability zone

An Availability Zone is a high-availability offering that protects your applications and data from datacenter failures. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there’s a minimum of three separate zones in all enabled regions

Availability sets are another datacenter configuration to provide VM redundancy and availability. This configuration within a datacenter ensures that during either a planned or unplanned maintenance event, at least one virtual machine is available and meets the 99.95% Azure SLA. For more information, see the SLA for Virtual Machines.

When you create a new VM resource on Azure, you should choose between availability sets or availability zone (depending on the region on which you deployed your server)

However as stated in the first article from Microsoft:

To achieve comprehensive business continuity on Azure, build your application architecture using the combination of Availability Zones with Azure region pairs. You can synchronously replicate your applications and data using Availability Zones within an Azure region for high-availability and asynchronously replicate across Azure regions for disaster recovery protection.

So the final image is the below. Based on your needs you could choose whichever option is more appropriate for you. However as recommended from Microsoft, you should use availability zones (newer feature than availability sets)

Below are some very good resources that Microsoft provides:

https://docs.microsoft.com/en-us/azure/availability-zones/az-overview

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability

https://docs.microsoft.com/en-us/azure/best-practices-availability-paired-regions

Posted on Leave a comment

Configure HAproxy to load balance Centos httpd containers

In this article I will explain a HAproxy installation on docker centos images. First things first, 3 centos images should be deployed. Two of them will be simple web servers with httpd installed and the third one will have haproxy installed to load balance between the two web servers.

In order to deploy 3 new centos docker images you should first download the latest centos image.

Just pull the Centos docker image from dockerHub by using the below command

docker pull centos

And then deploy 3 instances of it:

docker container run -it --name centos-lab1 -d centos:latest
docker container run -it --name centos-lab2 -d centos:latest
docker container run -it --name centos-lab3 -d centos:latest

Verify that containers have been deployed succesfully and execute some interactive commands on them.

docker exec -it centos-lab1 uname -r

You will get a result like the below, depending on the image you have installed.

4.19.76-linuxkit

Install httpd package on the two web servers. I am using portainer so that I can interact easier with containers. You could also execute an interactive command as shown below.

yum install httpd
docker exec -it centos-lab2 yum install httpd

Lastly you should install haproxy package for the third server that will be used as a load balancer.

yum install haproxy
[root@ad1d23c22355 /]# haproxy -v
HA-Proxy version 1.8.15 2018/12/13
Copyright 2000-2018 Willy Tarreau

Verify connectivity between your containers. Based on the default network that have been deployed on my computer I get the following 3 IP’s.

172.17.0.4 , 172.17.0.5 , 172.17.0.6

Install a test html page on web servers that will be used to identify the node.

echo "this is centos-lab1" > /var/www/html/index.html
echo "this is centos-lab2" > /var/www/html/index.html

Enable and start httpd server on web servers and test that their page is up and running by running a curl from load balancer (server 3). You will get a respond like the below:

apache is running and responding on web servers 1,2

In order to use systemctl and systemd commands, check my previous article about deploying a Centos Image with systemd enabled.

Edit haproxy configuration setting under /etc/haproxy/haproxy.cfg and add your two webservers as backend servers of app section.

haproxy configuration

Restart haproxy so that configuration changes are loaded:

systemctl restart haproxy

Curl loadbalancer and verify from the results that load is balanced between centos-1 and centos-2 webservers:

Posted on 1 Comment

Deploy a CentOS container image with systemd enabled

In order to deploy a CentOS container with systemd enabled to perform and use commands as systemctl you could do the following:

Download the official Centos image with systemd integrated from DockerHub and create a file name Dockerfile on your current working directory. The following dockerfile will install/enable httpd package with yum and systemctl.

FROM centos/systemd
MAINTAINER "Your Name" you@example.com
RUN yum -y install httpd; yum clean all; systemctl enable httpd.service
EXPOSE 80
CMD ["/usr/sbin/init"]

Build your image:

docker build --rm --no-cache -t centos-sd-1 .

And then deploy a new container from your created image:

docker run --privileged --name centos-sd-1 -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 80:80 -d centos-sd-1

Verify that you can run successfully systemd commands:

[root@179a5c228835 /]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2020-04-05 13:18:06 UTC; 9min ago
Docs: man:httpd(8)
man:apachectl(8)
Posted on Leave a comment

Upgrade HAproxy to 2.1.3 – Red Hat Enterprise Linux server/Centos

I was struggling a couple of hours to upgrade HAproxy package to its latest version on a Red Hat Enterprise Linux server 7.6 and as I could not find a well documented page, I decided to create this article in order to explain the procedure.

The latest version that is available and supported from Red Hat for a Red Hat licensed server is 1.5.8. However we can upgrade the version by compiling the source code that is distributed online from the official page. HAproxy package is open source and its code is distributed so it can be built with make.

For the people that do not know HAproxy, it is a very widely known high performance tcp/http load balancer for Linux/Unix operating systems. More information can be also found on its page.

First things first haproxy-2.1.3.tar.gz must be downloaded and uploaded to the server.

In order to compile successfully and do not face hundred of errors during make you have to be sure that the below libraries are installed on your server. If a package from the below is missing you will get make errors.

  • gcc and all its dependencies
  • openssl and all its dependencies
  • systemd-devel
  • readline-devel

LUA is needed in order to make the package. Although LUA 5.1 was installed on the red hat server, during the compilation the variable could not be found so I had to manually install LUA latest version and also use its downloaded directory for the compilation of HAproxy.

Install LUA using the following commands. LUA directory may be needed

curl -R -O http://www.lua.org/ftp/lua-5.3.4.tar.gz
tar -zxf /root/lua-5.3.4.tar.gz
cd lua-5.3.4
make linux test
sudo make install

Finally make source code of HAproxy 2.1.3

make -j $(nproc) TARGET=linux-glibc USE_OPENSSL=1 USE_ZLIB=1 USE_LUA=1 USE_PCRE=1 USE_SYSTEMD=1 LUA_LIB=/root/lua-5.3.5/src/ LUA_INC=/root/lua-5.3.5/src/

sudo make install

Normally you should not get any error with the above commands. If so, then the version should be the upgraded. As a last step, reboot the server and then you will get the updated version.