{"id":273,"date":"2009-04-14T14:21:13","date_gmt":"2009-04-14T14:21:13","guid":{"rendered":"https:\/\/www.mohanjith.net\/blog\/?p=273"},"modified":"2010-01-10T10:28:16","modified_gmt":"2010-01-10T10:28:16","slug":"load-balanced-and-high-availability-cluster-for-your-web-site-under-usd-60-pm-part-2","status":"publish","type":"post","link":"https:\/\/mohanjith.net\/blog\/2009\/04\/load-balanced-and-high-availability-cluster-for-your-web-site-under-usd-60-pm-part-2.html","title":{"rendered":"Load balanced and High Availability cluster for your web site under USD 60 pm – Part 2"},"content":{"rendered":"

Update 2009-09-02:<\/strong> Now I’m using a single Linode and a Xen VPS from my very own hosting service<\/a>. This means the VPSes have one less thing in common; hosting company.<\/p>\n

As I promised, here is the post that will discuss in detail how I configured my cluster of 2 nodes to host my sites.<\/p>\n

Setting up SSH tunnels<\/strong><\/p>\n

You have to setup a SSH tunnel between the nodes. In order to do that you need to allow restricted root logins into your nodes. Using your favourite text editor edit \/etc\/ssh\/sshd_config<\/code> and change the line PermitRootLogin<\/code> to PermitRootLogin forced-commands-only<\/code>.<\/p>\n

Then generate SSH authentication keys for all your nodes and add the public keys to \/root\/.ssh\/authorized_keys<\/code> on other nodes. Keys can be generated by running ssh-keygen<\/code>. By default your private key is stored in \/root\/.ssh\/id_rsa<\/code> and public key in \/root\/.ssh\/id_rsa.pub<\/code>. Your public key will look similar to bellow (Key shortened for brevity)<\/p>\n

[source lang='plain' options='toolbar: false; gutter: false;' ]ssh-rsa AAAA...w== root@example.com[\/source]<\/code><\/p>\n

To enable tunnel only access via root you need to add tunnel=\"0\",command=\"\/sbin\/ifdown tun0;\/sbin\/ifup tun0\" <\/code> before your public key in \/root\/.ssh\/authorized_keys<\/code>. Your \/root\/.ssh\/authorized_keys<\/code> will look something like bellow.<\/p>\n

[source lang='plain' options='toolbar: false; gutter: false;' ]tunnel='0',command='\/sbin\/ifdown tun0;\/sbin\/ifup tun0' ssh-rsa AAAA...w== root@example.com[\/source]<\/code><\/p>\n

Now setup the actual tunnel. Add following lines to \/etc\/network\/interfaces<\/code> in the “server”<\/p>\n

[source lang='plain']
\nauto tun0
\niface tun0 inet static
\naddress 10.100.2.1
\nnetmask 255.255.255.0
\npointopoint 10.100.2.2
\n[\/source]<\/code><\/p>\n

and the following in the “client”<\/p>\n

[source lang='plain']
\nauto tun0
\niface tun0 inet static
\npre-up ssh -S \/var\/run\/ssh-myvpn-tunnel-control -M -f -w 0:0 example.com true
\npre-up sleep 5
\naddress 10.100.2.2
\npointopoint 10.100.2.1
\nnetmask 255.255.255.0
\nup route add -net 10.100.2.0 netmask 255.255.255.0 gw 10.100.2.0 tun0
\npost-down ssh -S \/var\/run\/ssh-myvpn-tunnel-control -O exit example.com
\n[\/source]<\/code><\/p>\n

Now you only have to restart networking to enable the tunnel. Now your nodes will be in their own VPN.<\/p>\n

Setting up document root replication (rsync<\/code>)<\/strong><\/p>\n

Share \/var\/www via rsync. You need to install rsync and add following to \/etc\/rsyncd.conf if they are not already there.<\/p>\n

[source lang='plain']max connections = 2
\nlog file = \/var\/log\/rsync.log
\ntimeout = 300<\/p>\n

[www]
\ncomment = DOC Root
\npath = \/var\/www
\nread only = yes
\nlist = yes
\nuid = www-data
\ngid = www-data
\nauth users = replicator
\nsecrets file = \/etc\/rsyncd.secrets[\/source]<\/code><\/p>\n

Add following cron jobs to www-data crontab (crontab -e)<\/p>\n

[source lang='plain' options='gutter: false; toolbar: false;' ]
\n1\/10 * * * * test -r \/tmp\/rsync.docroot.lock || touch \/tmp\/rsync.docroot.lock && rsync -aP rsync:\/\/replicator@10.100.2.2\/www\/ \/var\/www\/ --password-file=\/etc\/rsync.secrets --contimeout=30 > \/dev\/null 2>1 && rm \/tmp\/rsync.docroot.lock[\/source]<\/code><\/p>\n

[source lang='plain' options='gutter: false; toolbar: false;' ]
\n1\/10 * * * * test -r \/tmp\/rsync.docroot.lock || touch \/tmp\/rsync.docroot.lock && rsync -aP rsync:\/\/replicator@10.100.2.1\/www\/ \/var\/www\/ --password-file=\/etc\/rsync.secrets --contimeout=30 > \/dev\/null 2>1 && rm \/tmp\/rsync.docroot.lock[\/source]<\/code><\/p>\n

Setting up session_mysql<\/code><\/strong><\/p>\n

Next let us setup session_mysql<\/code> such that we can forget about replicating PHP session \ud83d\ude42 .<\/p>\n

Install php5-dev and libmysql++-dev, download session_mysql<\/code><\/a> and extract it, running following commands as root within the extracted location.<\/p>\n

[source lang='bash']export PHP_PREFIX='\/usr'
\n$PHP_PREFIX\/bin\/phpize
\n.\/configure --enable-session-mysql --with-php-config=$PHP_PREFIX\/bin\/php-config --with-mysql=$PHP_PREFIX
\nmake
\nmake install[\/source]<\/code><\/p>\n

Create the database to store the session data with the following SQL<\/p>\n

[source lang='sql']
\ncreate database phpsession;
\ngrant all privileges on phpsession.* to phpsession identified by 'phpsession'; -- CHANGE DEFAULT PASSWORD
\ncreate table phpsession(
\nsess_key char(64) not null,
\nsess_mtime int(10) unsigned not null,
\nsess_host char(64) not null,
\nsess_val mediumblob not null,<\/p>\n

index i_key(sess_key(6)),
\nindex i_mtime(sess_mtime),
\nindex i_host(sess_host)
\n);[\/source]<\/code><\/p>\n

Add the following to your php.ini<\/code> (or \/etc\/php5\/conf.d\/session_mysql.ini<\/code>)<\/p>\n

[source lang='plain']
\nsession.save_handler = 'mysql'
\nsession_mysql.db='host=localhost db=phpsession user=phpsession pass=phpsession'
\n[\/source]<\/code><\/p>\n

Do not forget to change the default password. Restart Apache or Lighttpd (or any other web server you are using).<\/p>\n

MySQL asynchronous two way replication<\/strong><\/p>\n

I’m sure some of you are asking why I went for asynchronous replication. Main reasons being flexibility and lack of nodes (My cluster is just 2 nodes).<\/p>\n

Stop MySQL from listening only to local connections. Remember to review your user table (mysql.user<\/code>) to make sure you don’t grant wild card access like 'user'@'%'<\/code>. Comment out bind-address in\/etc\/mysql\/my.cnf<\/code> in all nodes. Then add following to node1<\/p>\n

[source lang='plain']server-id = 1
\nreplicate-same-server-id = 0
\nauto-increment-increment = 2
\nauto-increment-offset = 1
\nlog_bin = \/var\/log\/mysql\/mysql-bin.log
\nexpire_logs_days = 10
\nmax_binlog_size = 100M<\/p>\n

master-host = 10.100.2.2
\nmaster-user = slave_user_0
\nmaster-password = your$password
\nmaster-connect-retry = 60[\/source]<\/code><\/p>\n

and following to node2<\/p>\n

[source lang='plain']server-id = 2
\nreplicate-same-server-id = 0
\nauto-increment-increment = 2
\nauto-increment-offset = 2
\nlog_bin = \/var\/log\/mysql\/mysql-bin.log
\nexpire_logs_days = 10
\nmax_binlog_size = 100M<\/p>\n

master-host = 10.100.2.1
\nmaster-user = slave_user_1
\nmaster-password = your$password
\nmaster-connect-retry = 60[\/source]<\/code><\/p>\n

Now create the users only granting them with replication rights. Also make sure you specify the hostname or the IP to make sure someone is not offloading your data \ud83d\ude00 . Following SQL will create the users given in the example. You will have to run the command in both nodes as the data in either node is identical.<\/p>\n

[source lang='sql']CREATE USER 'slave_user_1'@'10.100.2.1' IDENTIFIED BY 'your$password';<\/p>\n

GRANT REPLICATION SLAVE ON * . * TO 'slave_user_1'@'10.100.2.1' IDENTIFIED BY 'your$password' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;<\/p>\n

CREATE USER 'slave_user_2'@'10.100.2.2' IDENTIFIED BY 'your$password';<\/p>\n

GRANT REPLICATION SLAVE ON * . * TO 'slave_user_2'@'10.100.2.2' IDENTIFIED BY 'your$password' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;[\/source]<\/code><\/p>\n

Now start MySQL and run following in mysql<\/code> prompt on each of the nodes.<\/p>\n

[source lang='sql']reset master;
\nstop slave;
\nstart slave;[\/source]<\/code><\/p>\n

Finally<\/strong><\/p>\n

Now you have a cluster of 2 nodes where you can run your PHP site. Your databases are replicated, your user session data is replicated and your document root is replicated. Have fun, if you have issues please post it as a comment.<\/p>\n