Obai Alsamadi thank you Obai for taking the time to leave a comment! Really appreciate it and glad you enjoyed the content ❤️

😊 thank you

Hope you enjoy it! take your time its a deep topic and always have an open mind that you can always learn more..

That is a very good question that I am afraid I don’t know the answer too (which is awesome it means research time) It really depends on whether the VRRP protocol is supported across different networks or not. Need to search that

Any news on this? I'm stock with it too...

Noah Williams thanks Noah, interesting question and loaded and need to do some more research .. The only security im worried about is VRRP in keepalived and this stinking user/password could be weak and could be controlled by anyone with access .. For TLS you absolutely need it on whatever reverse proxy is running on your keepalived cluster in my case I used HAProxy (I made a video showing that) so encrypting the traffic itself isn’t a problem the VRRP passes traffic blindly .

Hey Donald. No particular reason, When I see a technology I implement it to see for my self the pros and cons. Some people did suggested I check out Corosync which I will as well. As of know I don’t know which one is better. I know keepalived works perfectly. The only beef is it works only linux , pacemaker works on windows that will be an advantage I guess

@@hnasr Hi again! After reading more about HA solutions and keepalived, it turns out the split-brain problem can cause issues when both nodes think they are the master. If you heard/thought of a way to handle this issue it will be really helpful, maybe as a advanced next video :)

ssteva thank you ! Really I haven’t noticed the numbers should matter. Thanks for sharing and correcting the mistake 👍

So why do we need to put MASTER or BACKUP in the conf file ? if the highest priority is the master ?

Correct you have the VIP point to the servers directly HAProxy here is just acting like a reverse proxy which is a best practice (in case you want to make changes to your backend without bringing the whole site down

It should be the exact same thing KeepAlived config has nothing to do with HAProxy

Thanks Dinesh, yes for sure you can. In HAProxy have a rule that says acl (access control list) condition /webserver go to backend “apache” which have all servers running apache web server.. But if /db you can go to the “workbench” backend and that will have all servers running db workbench To learn more about ACL check out my haproxy video

Thank you so much of your reply, I saw that ha proxy crash course and now I got it. I became of your fan the way of you presenting content stuff along with engaging the viewers without boring

Aah I just watched the other video about possibility of a failed request until the local client ARP table getting updated when the backup sends a broadcast about Mac update

with everything configured

Papipop that means your backend is not available (anything behind haproxy) haproxy is available but no backend services.. check that

@@hnasr pls check my haproxy i can't find the solution #--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # haproxy.1wt.eu/download/1.4/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode httpchk log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- frontend main *:80 acl url_static path_beg -i /static /images /javascript /stylesheets acl url_static path_end -i .jpg .gif .png .css .js use_backend static if url_static default_backend app #--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #--------------------------------------------------------------------- backend static balance roundrobin server static 127.0.0.1:4331 check #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend app balance roundrobin server app1 127.0.0.1:5001 check server app2 127.0.0.1:5002 check server app3 127.0.0.1:5003 check server app4 127.0.0.1:5004 check # HAProxy Load Balancer for Apache Web Server frontend http-balancer bind 10.5.5.60:80 default_backend web-servers backend web-servers mode http balance roundrobin stats enable stats auth admin:123 server cluster01 10.5.5.31:80 check server cluster02 10.5.5.32:80 check

@@hnasr node01 ! Configuration File for keepalived global_defs { notification_email { root@cluster01.com } notification_email_from root@cluster01.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_instance keep.com { state MASTER interface eth0 virtual_router_id 51 priority 101 #used in election, 101 for master & 100 for backup advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.5.5.120/8 } } node02 ! Configuration File for keepalived global_defs { notification_email { root@webserver-02.example.com } notification_email_from root@webserver-02.example.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 100 #used in election, 101 for master & 100 for backup advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.5.5.120/8 } }

@@hnasr I'm desperate sorry for my behavior but I don't know what to do

What if haproxy failed?

@@hnasr good point because we have 2 instances of keepalived with same ip high availability is served.

👍👍

@@hnasr i have cross continent vpn using openvpn , i have 2 instances of haproxy, then should i use eth0 in keepalived config or tun0 ? All web server and haproxy and keepalived are inside same vpn.

Thanks for catching this, I updated the video description and pinned comment. It was my luck with different priorities as you said that caused my config to work.

@@hnasr I didn't add this to the comment thinking you'll never see this but thank you very much for all your other backend engineering videos and DevTools series. I highly appreciate you Hussein ♥️