Configuring ifstated for Apache

While I have seen a lot of reading about ifstated for firewalls, but I want to use it for Apache.

I am trying to solve a few problems:

In this example there is only a single interface, but it is easy to add more interfaces to the list.

First, configure the CARP interface in rc.conf:

ifconfig_carp31="vhid 31 pass blahblah advskew 254 192.168.1.31/24"
ifconfig_carp32="vhid 32 pass blahblah advskew 254 192.168.1.32/24"

First off, note that the advskew is set to 254, the highest possible value. This makes sure the Interface comes up in BACKUP state when the system first boots and as long as there is another machine that has a higher advskew.

Also configure the Apache server-status page since that is what we will be testing against.

With an ifstated.conf config file like the following will move traffic around based on if Apache responds to a request for the /server-status page.

init-state auto

apache_check = '( "/usr/local/bin/curl -s http://192.168.1.30/server-status" every 10)'


state auto {
        if ! $apache_check {
                set-state carp_demoted
        }

        if $apache_check {
                set-state carp_promoted
        }
}

state carp_demoted {
        init {
                run "ifconfig carp31 advskew 250"
                run "ifconfig carp32 advskew 250"
        }

        if $apache_check {
                set-state carp_promoted
        }
}

state carp_promoted {
        init {
                run "ifconfig carp31 advskew 0"
                run "ifconfig carp32 advskew 100"
        }

        if ! $apache_check {
                set-state carp_demoted
        }
}

Note that the carp32 interface advskew is set to 100. On the other box, flip the advskew values. That way when both hosts are up, the two interfaces are balanced between the machines. In practice I do this with a lot of CARP interfaces, over 30. Spread across 4 servers. All that is needed to scale it out is to balance the advskew numbers further in each config.

Powered by FreeBSD! r4l domain registration