CentOS 5.9 Installation Configuration keepalived

Keepalived is a routing software written by C language and an extension project for LVS, which is mainly used for realserver health check and failover between LoadBalance host and backup host. Keepalived is a software similar to the Layer3, 4 & 7 switch, which is what we normally call the 3rd, 4th, and 7th layers of exchange. This article mainly introduces its installation process for everyone's reference.

1. Get the installation software
:http://www.keepalived.org/download.html
You can download the latest version 1.2.13 directly, or you can download it automatically via wget
# wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz

2. Installation Prerequisites

A, make sure Ipvs has been installed # as follows, perform ipvsadm check if Ipvs is installed (most Linux defaults are installed) [[email protected] ~]# IPVSADMIP Virtual Server version 1.2.1 ( size=4096) Prot localaddress:port Scheduler Flags,  remoteaddress:port           Forward Weight activeconn inactconn #检查当前加载的内核模块 to see if the Ip_vs module exists [[email protected] ~]# lsmod|grep ip_vs ip_vs 122113  0 B, install the appropriate Dependency pack # Yum-y install GCC GC c-c++ gcc-g77 ncurses-devel Bison libaio-devel > CMake libnl* libpopt* popt-static openssl-devel

3, installation keepalived

[[email protected] ~]# More/etc/issuecentos release 5.9 (Final) # mkdir/usr/local/keepalived# cd/usr/local/src# WG ET http://www.keepalived.org/software/keepalived-1.2.13.tar.gz# tar-xvf keepalived-1.2.13.tar.gz # CD keepalived-1.2.13#./configure--disable-fwmark--prefix=/usr/local/keepalived ....., ..... keepalived configuration------------------------keepalived version:1.2.13compiler:gcccompiler FL  AGS:-g-o2-dethertype_ipv6=0x86ddextra Lib:-lssl-lcrypto-lcrypt use IPVS Framework: Yesipvs Sync daemon Support:yesipvs use libnl:nofwmark socket support:nouse VRRP framework:yes  Use VRRP vmac:nosnmp support:nosha1 support:nouse Debug flags:no# make && make install# ls/usr/local/keepalived/#查看安装完成后, generated 4 directories bin etc sbin share# cd/usr/local/keepalived/etc[[ Email protected] etc]# tree.|   --keepalived| |--keepaliveD.conf #keepalived的配置样例 |       '--samples|       |--client.pem|       |--dh1024.pem|       |--keepalived.conf.http_get.port|       |--keepalived.conf.ipv6|       |--keepalived.conf.smtp_check|       |--keepalived.conf.ssl_get|       |--keepalived.conf.fwmark|       |--keepalived.conf.inhibit|       |--keepalived.conf.misc_check|       |--keepalived.conf.misc_check_arg|       |--keepalived.conf.quorum|       |--keepalived.conf.sample|       |--keepalived.conf.status_code|       |--keepalived.conf.track_interface|       |--keepalived.conf.virtual_server_group|       |--keepalived.conf.virtualhost|       |--keepalived.conf.vrrp|       |--keepalived.conf.vrrp.localcheck|       |--keepalived.conf.vrrp.lvs_syncd|       |--keepalived.conf.vrrp.routes|       |--keepalived.conf.vrrp.scripts|       |--keepalived.conf.vrrp.static_ipaddress|       |--keepalived.conf.vrrp.sync|       |--root.pem|   '--sample.misccheck.smbcheck.sh|--rc.d|       '--init.d| '--KeepalivEd '--sysconfig '--keepalived# cd/usr/local/keepalived/sbin#./keepalived--help #获取keepalived的一些帮助Usage:  ./keepalived [OPTION ...] -F,--use-file=file use the specified configuration file-p,--VRRP only run with VRRP Subsyst Em-c,--check only run with Health-checker subsystem-l,--log-console log messages to Loca L CONSOLE-D,--log-detail detailed log messages-s,--log-facility=[0-7] Set syslog facility to Log_loc AL[0-7]-V,--DONT-RELEASE-VRRP don ' t remove VRRP VIPs and vroutes on daemon stop-i,--dont-release-ipvs don '              T remove IPVS topology on daemon stop-r,--dont-respawn Don ' t respawn child processes-n,--dont-fork               Don ' t fork the daemon process-d,--dump-conf dump the configuration data-p,--pid=file Use specified pidfile for the parent process-r,--vrrp_pid=file use specified pidfile for VRRP child process-C,--checkers_pid=file use specified pidfile for Checkers child Process-v,--version Display the Ver Sion Number-h,--help Display this help message# mkdir/etc/keepalived/# cp/usr/local/keepalived/etc/ keepalived/keepalived.conf/etc/keepalived/# cp/usr/local/keepalived/etc/rc.d/init.d/keepalived/etc/init.d/# CP/ usr/local/keepalived/etc/sysconfig/keepalived/etc/sysconfig/# ln-s/usr/local/keepalived/sbin/keepalived/sbin/# Service keepalived restartstopping keepalived: [failed]starting keepalived: [OK]# service keepalived statuskeepalived     (PID 12092) is running...# chkconfig keepalived on# IP addr1:lo: <LOOPBACK,UP,LOWER_UP> MTU 16436 Qdisc noqueue        Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00 inet 127.0.0.1/8 Scope host lo inet6:: 1/128 Scope Host Valid_lft Forever preferred_lft Forever2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU, Qdisc pfifo_fast Qlen Link/ether 00:50:56:84:04:2c BRD ff:ff:ff:ff:ff:ff inet 192.168.1.66/24 BRD 192.168.1.255 scope global eth0 inet 192.168.200.16/32 scope Global Eth0 inet 192.168.200.17/32 Scope global eth0 inet 192.168.200.18/32 scope global eth0 Inet6 fe80::250:56ff:fe84: 42C/64 scope link Valid_lft forever preferred_lft forever3:sit0: <NOARP> MTU 1480 Qdisc noop link/sit 0. 0.0.0 BRD 0.0.0.0

4, configuration items related to keepalived.conf

[[email protected] keepalived]# more keepalived.conf! Configuration File for keepalived# global definition block, containing the message definition section, Global_defs {notification_email {[email protected] [Emai L protected] [email protected]} notification_email_from [email protected] Smtp_server 192.168.20  0.1 smtp_connect_timeout router_id lvs_devel//Load balancer identity, within a network, it should be unique} #VRRP实例定义块, responsible for failover between load balancers vrrp_instance vi_1                                            {State master//Only Master and Backup 2 States, Master as master, slave for backup, use uppercase interface eth0//monitoring network Interface virtual_router_id 5 1//virtual_router_id must be equal to priority 100//In the same instance, the larger the number , the higher the priority Advert_int 1//master The time interval between synchronization checks with the backup load balancer, in seconds aut                                               hentication {//authentication type and password         Auth_type PASS auth_pass 1111} virtual_ipaddress {///virtual IP address virtual_ipaddress, you can define multiple                               192.168.200.16 192.168.200.17 192.168.200.18}} #虚拟服务器定义块virtual_server 192.168.200.100 443 {                                                   Defining a virtual Server Delay_loop 6                                                     Delay_loop, health check interval, unit is seconds Lb_algo RR                                                    Load scheduling algorithm, set here as RR, polling algorithm, Internet applications often use WLC or RR Lb_kind NAT Load-balanced forwarding rules. Generally including dr,nat,tun3 species, in my scenario, all use Dr's Way Nat_mask 255.255.255.0//Subnet mask pers                                    Istence_timeout 50//Session hold time in seconds (can be extended appropriately to maintain session)             Protocol TCP//forwarding protocol type, with two types of TCP and UDP                                                                            Real_server 192.168.201.100 443 {                                                   Real server IP and port weight 1                                                                               The default is 1,0 for invalid Ssl_get {                                                                              URL {path/                                           Digest ff20ad2481f97b1754ef3e12ecd3a9cc } URL {path/mrtg/digest 9b3a0c85a887a256d6939    DA88AABD8CD} connect_timeout 3 Nb_get_retry 3 delay_before_retry 3} }}virtual_server 10.10.10.2 1358 {delay_loop 6 Lb_algo RR lb_kind NAT persistence_timeout protocol T CP Sorry_server 192.168.200.200 1358 Real_server 192.168.200.2 1358 {weight 1 http_get {url {path /testurl/test.jsp Digest 640205b7b0fc66c1ea91c463fac6334d} URL {path/t esturl2/test.jsp Digest 640205b7b0fc66c1ea91c463fac6334d} URL {path/te            sturl3/test.jsp Digest 640205b7b0fc66c1ea91c463fac6334d} connect_timeout 3 Nb_get_retry 3 delay_before_retry 3}} real_server 192.168.200.3 1358 {weight 1 HT            Tp_get {url {path/testurl/test.jsp digest 640205b7b0fc66c1ea91c463fac6334c            } URL {path/testurl2/test.jsp Digest 640205b7b0fc66c1ea91c463fac6334c } connect_timeout 3 Nb_get_retry 3 delay_before_retry 3}}

5, configuring the primary and Standby keepalived

A, configure the main preparation keepalived# master, the following main list keepalived.conf difference part vrrp_instance vi_1 {State Master interface eth0 virtual_router_id 51  Priority Advert_int 1 Authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {192.168.1.220 192.168.1.230}}      #备, the following main list keepalived.conf differences section vrrp_instance vi_1 {State BACKUP interface eth0 virtual_router_id Wuyi Priority 90 Advert_int 1 Authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {192.1 68.1.220 192.168.1.230}}b, test master standby keepalived# start keepalived service on the primary server [[email protected] ~]# Services keepalived STA Rtstarting keepalived: [OK][[email protected] ~]# IP addr1:lo: <LOOPBACK,UP,LOWER_UP> MTU 16436 Qdisc noqu Eue link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00 inet 127.0.0.1/8 Scope host lo inet6:: 1/128 scope hos T Valid_lft forever preferred_lft Forever2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU Qdisc pfifo_fast qlen link/ether 00:50:56:84:1f:37 brd ff:ff:ff:ff:ff:ff inet 192.168.1.65/24 BRD 192  .168.1.255 Scope Global eth0 inet 192.168.1.220/32 scope global eth0 #可以看到220和230的虚IP inet 192.168.1.230/32 Scope Global eth0 inet6 fe80::250:56ff:fe84:1f37/64 scope link Valid_lft forever preferred_lft forever3:sit0: <no Arp> MTU 1480 Qdisc noop link/sit 0.0.0.0 brd 0.0.0.0# start keepalived Services on the standby server [[email protected] ~]# service Keep alived startstarting keepalived: [OK] #下面的查询结果中, virtual IP220 and 230 and for the standby server appears [[email protected] ~]# IP addr1:lo: &LT;LOOPB Ack,up,lower_up> MTU 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 Scope host lo inet6:: 1/128 scope host Valid_lft forever Preferred_lft Forever2:eth0: <broadcast,multicast,u P,lower_up> MTU Qdisc pfifo_fast qlen-link/ether 00:50:56:84:04:2c brd ff:ff:ff:ff:ff:ff inet 192.168.1 .66/24 BRD 192.168.1.255 Scope Global eth0 Inet6 fe80::250:56ff:fe84:42c/64 scope link Valid_lft forever preferred_lft forever3:sit0: & Lt Noarp> MTU 1480 Qdisc noop link/sit 0.0.0.0 BRD 0.0.0.0# shut down the keepalived service on the main service to see if the VIP will drift to the standby service [[Email pro Tected] ~]# service keepalived stopstopping keepalived: [OK][[email protected] ~]# IP addr #关闭后, the command can see 220 and 230 The virtual IP already does not exist on the primary server 1:lo: <LOOPBACK,UP,LOWER_UP> MTU 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 BRD 00:00:00 : 00:00:00 inet 127.0.0.1/8 Scope host lo inet6:: 1/128 scope host Valid_lft forever Preferred_lft forever2:e Th0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU qdisc pfifo_fast qlen-link/ether 00:50:56:84:1f:37 BRD FF:FF        : Ff:ff:ff:ff inet 192.168.1.65/24 BRD 192.168.1.255 scope global eth0 inet6 fe80::250:56ff:fe84:1f37/64 scope link Valid_lft Forever preferred_lft forever3:sit0: <NOARP> MTU 1480 Qdisc noop link/sit 0.0.0.0 BRD 0.0.0.0# This On the standby server to see the drift of the VIP address [[email protected] ~]# IP addr1:lo: <LOOPBACK,UP,LOWER_UP> MTU 16436 qdisc noqueue link/loopback 00:00:00:0 0:00:00 BRD 00:00:00:00:00:00 inet 127.0.0.1/8 Scope host lo inet6:: 1/128 scope host Valid_lft Forever Prefe Rred_lft forever2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU qdisc pfifo_fast qlen link/ether 00:50:5 6:84:04:2C BRD ff:ff:ff:ff:ff:ff inet 192.168.1.66/24 BRD 192.168.1.255 scope global eth0 inet 192.168.1.220/32 SCOP E Global eth0 inet 192.168.1.230/32 scope global eth0 inet6 fe80::250:56ff:fe84:42c/64 scope link Valid_lft f Orever preferred_lft forever3:sit0: <NOARP> MTU 1480 Qdisc noop link/sit 0.0.0.0 BRD 0.0.0.0# If you start Keepal on the primary server again ived service, the VIP will automatically drift to the primary server, no longer verified. #Author: Leshami#blog:http://blog.csdn.net/leshami

6, configuring dual-Master keepalived

The keepalived mode of the dual-master is actually the main preparation to avoid the single point of failure # Configuration Master standby keepalivedmastera:192.168.1.65, virtualip:192.168.1.220masterb:192.168.1.66 , virtualip:192.168.1.230# master, the following main list keepalived.conf difference section vrrp_instance vi_1 {State MASTER interface eth0 Virtual_ro UTER_ID Advert_int 1 Authentication {auth_type PASS auth_pass 1111} virtual _ipaddress {192.168.1.220}}vrrp_instance vi_2 {State BACKUP interface eth0 virtual_router_id p        Riority Advert_int 1 Authentication {auth_type PASS auth_pass 1111} virtual_ipaddress { 192.168.1.230}} #备, the following main list keepalived.conf differences section vrrp_instance vi_1 {State BACKUP interface eth0 Virtual_route R_ID Advert_int 1 Authentication {auth_type PASS auth_pass 1111} virtual_ipa ddress {192.168.1.220}}vrrp_instance vi_2 {State MASTER interface eth0 VIRTUAL_ROUTER_ID-Prior ity Advert_int 1 authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {192.168.1.230}} #从上面的配置文件中可以 See, actually added a VRRP instance # validation process slightly

7, compile-time error no so_mark                

#如果在编译时碰到了No So_mark error, as follows #./configure Checking for gcc ... gccchecking whether the C compiler works ... yeschecking for C c Ompiler default output file name ... a.outchecking for suffix of executables ... checking whether we are cross compiling ... nochecking for suffix of object files ... o .....          checking for Nl_socket_alloc in-lnl-3 ... nochecking for Nl_sock. ET_MODIFY_CB in-lnl ... noconfigure:WARNING:keepalived'll be a built without LIBNL support.checking for kernel version: . 2.6.18checking for IPVS SYNCD support ... yeschecking for kernel Macvlan support ... nochecking whether So_mark is declared. .. Noconfigure:error:No So_mark declaration in headers# can be solved by adding Disable-fwmark parameters to--disable-fwmark compile without so        _mark Support

CentOS 5.9 Installation Configuration keepalived