I decided to backup my web server with an IP failover system. In this setup, if the master server becomes unavailable, a backup node that should have a copy of the data in the master will take over. I had problems making heartbeat work, but keepalived was simple to configure.
I got this configuration from the internet. Just create a file /etc/keepalived/keepalived.conf in each of the nodes and save the contents below, configuring with your own information.
Master node:
global_defs {
notification_email {
email@email.com
}
notification_email_from root@myserver.edu
smtp_server localhost
smtp_connect_timeout 30
}
vrrp_instance my_server {
state SERVER
interface eth0
virtual_router_id 52 # use same number in all nodes
priority 200 # high priority: tends to be the master
advert_int 1
smtp_alert # set this to receive emails when nodes change state
authentication {
auth_type PASS
auth_pass 123456789
}
virtual_ipaddress {
xxx.xxx.xxx.xxx # your public IP here
}
}
Backup node:
global_defs {
notification_email {
email@email.com
}
notification_email_from root@myserver.edu
smtp_server localhost
smtp_connect_timeout 30
}
vrrp_instance my_backup_node1 {
state SERVER
interface eth0
virtual_router_id 52
priority 100 # lower priority: should be different by at least 50
advert_int 1
smtp_alert
authentication {
auth_type PASS
auth_pass 123456789
}
virtual_ipaddress {
xxx.xxx.xxx.xxx
}
}
Substitute xxx.xxx.xxx.xxx by your public IP that you want to “float” between servers.
Start keepalived.
$ /etc/init.d/keepalived restart
You can check whether a given network interface owns both IPs, the actual one and the floating one:
$ ip addr sh eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 100 link/ether 00:0d:00:0b:00:00 brd ff:ff:ff:ff:ff:ff inet yyy.yyy.yyy.yyy/24 brd yyy.yyy.yyy.255 scope global eth0 inet xxx.xxx.xxx.xxx/32 scope global eth0 inet6 ff88::88f:8ff:ff8f:143/64 scope link valid_lft forever preferred_lft forever
IMPORTANT
Open UFW for communication between the two (or more) nodes to the non-floating IP’s in all nodes.
The servers exchange vrrp messages, which are blocked by UFW. I did not figure out how to open UFW for vrrp messages, so I had to open all ports. I tried opening 224.0.0.18/112 and port 51384, but it did not work. If I didn’t open UFW, then the servers didn’t see each other.
If you know how to open only vrrp for keepalived multicast, please let me know in the comments and I’ll update this post!
To test if failover is kicking in, just shutdown keepalived in the master and watch the backup take over. Restart the master and the IP will be moved to that node.
One note: my master node has a dynamic IP, no problems there.
E-notações 
VRRP traffic is its own IP protocol so there is no such thing as a ‘port’. You may have been seeing 51384 but that is just tcpdump (or whatever you used to see the packets) trying to interpret the data where the port info might be. Just use ‘ufw allow to 224.0.0.18’ and you’ll be good to go.
Thanks a lot for sharing your knowledge! It is useful when you install ubuntu server
I cannot thank you enough! I have been working with keepalived for years on RedHat and RedHat derivatives. The firewall rule with firewalld is: sudo firewall-cmd –add-rich-rule=’rule protocol value=”vrrp” accept’ –permanent. I could not find an equivalent for Ubuntu Server.
Unfortunately, this latest project I am working on is hosted on Ubuntu Server. I have been scratching my head for hours trying to find the same rule for ufw. Thanks to your post, I added the following rule to both servers and everything is now working: sudo ufw allow to 224.0.0.18 comment ‘keepalived multicast’.
Glad you find it useful and were able to solve your problem!