NetWitness Community

VLC Configuration steps

A) On Each VLC do following steps:

1) Enable yum repositories on VLC’s.
# vi /etc/yum.repos.d/CentOSBase.repo #set enable to 1

2) Install Keepalived on both VLC’s.
# yum install keepalived

3) Configure keepalived config on VLC-1.
# vi /etc/keepalived/keepalived.conf

4) Set config like below and change state, interface, priority & virtual IP address accordantly on VLC-1:

[root@VLC-1 ~]# vi /etc/keepalived/keepalived.conf
!Configuration File for keepalived created 
vrrp_script status_check {
script "/etc/keepalived/status_check.sh"
interval 5 # check every 5 seconds
fall 2 # require 2 failures for KO
rise 4 # require 4 successes for OK
}
vrrp_instance VR_1 {
state BACKUP
interface eth0
virtual_router_id 56
priority 100 #Give higher priority than Secondary VLC-2
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.1.217 #Primary VLC Physical Address
unicast_peer {
192.168.1.209 #Secondary VLC Physical Address
}
virtual_ipaddress {
192.168.1.207/24 brd 192.168.1.255 dev eth0 #Virtual IP Address
}
track_script {
status_check
}
}

5) Configure keepalived config on VLC-2.
# vi /etc/keepalived/keepalived.conf

6) Set config like below and change state, interface, priority & virtual IP address accordantly on VLC-2:

[root@VLC-1 ~]# vi /etc/keepalived/keepalived.conf
!Configuration File for keepalived created 
vrrp_instance VR_1 {
state BACKUP
interface eth0
virtual_router_id 56
priority 99 #Give lower priority than Primary VLC-1
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.1.217 #Secondary VLC-2 Physical Address
unicast_peer {
192.168.1.209 #Primary VLC-1 Physical Address
}
virtual_ipaddress {
192.168.1.207/24 brd 192.168.1.255 dev eth0 #Virtual IP Address
}
}

B) VLC Configuration steps (on Master only!)

7) Create a process monitoring script VIP is removed from Primary VLC-1when “nwlogcollector” stops running.
# vi /etc/keepalived/status_check.sh

😎 Create a similar script as shown below:
[root@VLC-1 ~]# vi /etc/keepalived/status_check.sh
#!/bin/bash
#nwlogcollertor process monitoring script removes VIP from node.
while :
do
CURRENT=$(status nwlogcollector | awk '{ print $2}' | sed 's/,//g')
THRESHOLD=start/running
if [ "$CURRENT" = "$THRESHOLD" ] ; then
logger -t nwlogcollector compliant
exit
else
/sbin/ip addr del 192.168.1.207
logger -t nwlogcollector not compliant
fi
done

9) Change status_check.sh to obtain execution rights
# chmod +x status_check.sh

10) Start keepalived on both VLC’s services.
# service keepalived start

11) Make Keepalived start at boot time on both VLC’s
# chkconfig keepalived on

12) Check for newly created VIP address
[root@VLC-1 ~]# ip address show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d1:08:f1 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.217/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.207/32 scope global eth0
inet6 fe80::20c:29ff:fed1:8f1/64 scope link
valid_lft forever preferred_lft forever

13) Test the script is running by checking the /var/log/messages entries. This should look like this:
# tailf /var/log/messages
Oct 18 20:50:06 VLC-1 puppet-agent[1666]: Finished catalog run in 22.05 seconds
Oct 18 20:50:07 VLC-1 nwlogcollector: compliant
Oct 18 20:50:22 VLC-1 nwlogcollector: compliant

<<--------------------------------------------->>

Note: This configuration is not officially supported by RSA customer support. However, customers who know or have Linux /Centos admins in their environment would find this easier to implement and maintain rather than a VM overheads on virtual HA solution for achieving high availability.

<<--------------------------------------------->>