Install and configure keepalived and centoskeepalived in CentOS 5.9

Install and configure keepalived and centoskeepalived in CentOS 5.9

Keepalived is a routing software written in C language and is an extension of lvs. It is mainly used for RealServer health check and failover implementation between LoadBalance host and BackUP host. Keepalived is a software similar to the layer3, 4 & 7 switching mechanism, that is, layer 3rd, layer 4th, and layer 7th switching. This article describes the installation process for your reference.

 

1. Obtain the installed software
: Http://www.keepalived.org/download.html
You can directly download the latest version 1.2.13 or automatically download it through wget.
# Wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz

 

2. Installation prerequisites

A. Make sure that ipvs has been installed. # Run ipvsadm to check whether ipvs is installed. (most Linux instances are installed by default.) [root @ HKBO ~] # Define sadmip Virtual Server version 1.2.1 (size = 4096) Prot LocalAddress: Port sched1_flags-> RemoteAddress: Port Forward Weight ActiveConn InActConn # Check the currently loaded kernel module, check whether the ip_vs module exists [root @ HKBO ~] # Lsmod | grep ip_vs 122113 0 B. install the corresponding dependency package # yum-y install gcc-c ++ gcc-g77 ncurses-devel bison libaio-devel \> cmake libnl * libpopt * popt-static openssl-devel

3. Install keepalived

[Root @ HKBO ~] # More/etc/issueCentOS release 5.9 (Final) # mkdir/usr/local/keepalived # cd/usr/local/src # wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz# tar-xvf keepalived-1.2.13.tar.gz # cd keepalived-1.2.13 #. /configure -- disable-fwmark -- prefix =/usr/local/keepalived ............... keepalived configuration Keepalived version: Protocol: javasflags:-g-O2-DETHERTYPE_IPV6 = javaslib:-lssl-lcrypto-lcrypt Use cipher s Framework: YesIPVS sync daemon support: YesIPVS use libnl: nofwmark socket support: NoUse VRRP Framework: YesUse vrrp vmac: NoSNMP support: NoSHA1 support: NoUse Debug flags: no # make & make install # ls/usr/local/keepalived/# After the installation is complete, four directories are generated: bin etc sbin share # cd/usr/local/keepalived/etc [root @ HKBO etc] # tree. | -- keepalived. conf # configuration example of keepalived | '-- samples | -- client. pem | -- dh1024.pem | -- keepalived. conf. HTTP_GET.port | -- keepalived. conf. IPv6 | -- keepalived. conf. SMTP_CHECK | -- keepalived. conf. SSL_GET | -- keepalived. conf. fwmark | -- keepalived. conf. inhibit | -- keepalived. conf. misc_check | -- keepalived. conf. misc_check_arg | -- keepalived. conf. quorum | -- keepalived. conf. sample | -- keepalived. conf. status_code | -- keepalived. conf. track_interface | -- keepalived. conf. virtual_server_group | -- keepalived. conf. virtualhost | -- keepalived. conf. vrrp | -- keepalived. conf. vrrp. localcheck | -- keepalived. conf. vrrp. lvs_syncd | -- keepalived. conf. vrrp. routes | -- keepalived. conf. vrrp. scripts | -- keepalived. conf. vrrp. static_ipaddress | -- keepalived. conf. vrrp. sync | -- root. pem | '-- sample. misccheck. smbcheck. sh | -- rc. d | '-- init. d | '-- keepalived' -- sysconfig' -- keepalived # cd/usr/local/keepalived/sbin #. /keepalived -- help # Get some help of keepalived Usage :. /keepalived [OPTION...] -f, -- use-file = FILE Use the specified configuration file-P, -- vrrp Only run with VRRP subsystem-C, -- check Only run with Health-checker subsystem-l, -- log-console Log messages to local console-D, -- log-detail Detailed log messages-S, -- log-facility = [0-7] Set syslog facility to LOG_LOCAL [0-7]-V, -- dont-release-vrrp Don't remove VRRP VIPs and VROUTEs on daemon stop-I, -- dont-release s Don't remove ipvs topology on daemon stop-R, -- dont-respawn Don't respawn child processes-n, -- dont-fork Don't fork the daemon process-d, -- dump-conf Dump the configuration data-p, -- pid = FILE Use specified pidfile for parent process-r, -- vrrp_pid = FILE Use specified pidfile for VRRP child process-c, -- checkers_pid = FILE Use specified pidfile for checkers child process-v, -- version Display the version number-h, -- help Display this help message # mkdir/etc/keepalived/# cp/usr/local/keepalived/etc/keepalived. conf/etc/keepalived/# cp/usr/local/keepalived/etc/rc. d/init. d/keepalived/etc/init. d/# cp/usr/local/keepalived/etc/sysconfig/# ln-s/usr/local/keepalived/sbin/# service keepalived restartStopping keepalived: [FAILED] Starting keepalived: [OK] # service keepalived statuskeepalived (pid 12092) is running... # chkconfig keepalived on # ip addr1: lo: <LOOPBACK, UP, LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 scope host lo inet6: 1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00: 50: 56: 84: 04: 2c brd ff: ff inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0 inet 192.168.200.16/32 scope global eth0 inet 192.168.200.17/32 scope global eth0 inet 192.168.200.18/32 scope global eth0 inet6 fe80 :: 250: 56ff: fe84: 42c/64 scope link valid_lft forever preferred_lft forever3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0

4. configuration items related to keepalived. conf

[Root @ HKBO keepalived] # more keepalived. conf! Configuration File for keepalived # global definition block, contains the mail definition section, global_defs {icationication_email {acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc} icationication_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL/Load balancer identifier, in a network, it should be a unique} # VRRP instance definition block, responsible for the failure to switch between the Server Load balancer vrrp_instance VI_1 {state MASTER // there are only two statuses: MASTER and BACKUP, MASTER: MASTER, slave: BACKUP, Use the upper-case interface eth0 // Monitoring Network interface virtual_router_id 51 // virtual_router_id must be the same priority 100 // defines the priority for the same instance. The larger the number, higher priority advert_int 1 // The interval between the MASTER and BACKUP Load balancer for synchronization check, the Unit is second authentication {// authentication type and password auth_type PASS auth_pass 1111} virtual_ipaddress {// virtual IP address virtual_ipaddress, multiple 192.168.200.16 192.168.200.17 192.168.200.18 }}# virtual server definition block virtual_server 192.168.200.100 443 {// define virtual server delay_loop 6 // delay_lo Op, health check interval, in the unit of second lb_algo rr // load scheduling algorithm, set here as rr, that is, round robin algorithm, internet applications often use wlc or rr lb_kind NAT // Server Load balancer forwarding rules. Generally, there are DR, NAT, and tun3. in my solution, we use the DR method nat_mask 255.255.255.0 // subnet mask persistence_timeout 50 // session persistence time, unit: seconds (you can extend the time to keep the session) protocol TCP // The type of the forwarding protocol, there are tcp and udp real_server 192.168.201.100 443 {// The Real Server IP address and port weight 1 // The default value is 1, 0 is invalid SSL_GET {url {path/digest ff20ad2481f97b1754ef3e12ecd3a9cc} url {path /digest timeout} connect_timeout 3 Route 3 Route 3 }}} virtual_server 10.10.10.2 1358 {delay_loop 6 lb_algo rr route NAT protocol 50 protocol TCP sorry_server 192.168.200.200 1358 real_server 192.168.200.2 1358 {weight 1 HTTP_GET {url {path/testurl/test. jsp digest 640205b7b0fc66c1ea91c463fac6334d} url {path/testurl2/test. jsp digest 640205b7b0fc66c1ea91c463fac6334d} url {path/testurl3/test. jsp digest detail} connect_timeout 3 nb_get_retry 3 delay_before_retry 3} real_server 192.168.200.3 1358 {weight 1 HTTP_GET {url {path/testurl/test. jsp digest 640205b7b0fc66c1ea91c463fac6334c} url {path/testurl2/test. jsp digest 640205b7b0fc66c1ea91c463fac6334c} connect_timeout 3 nb_get_retry 3 delay_before_retry 3 }}}

5. Configure Master/Slave keepalived

A. Configure the master and slave keepalived # Master. keepalived is listed below. conf difference section vrrp_instance VI_1 {state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {192.168.1.220 192.168.1.230} # backup. keepalived is listed below. conf difference section vrrp_instance VI_1 {state BACKUP interface eth0 virtual_router_id 51 priority 90 advert_int 1 authentication {auth_type PASS auth_pa Ss 1111} virtual_ipaddress {192.168.1.220 192.168.1.230} B. Test MASTER/Slave keepalived # Start the keepalived service on the MASTER server [root @ MASTER ~] # Service keepalived startstartstarting keepalived: [OK] [root @ SZ-SYS-APP01 ~] # Ip addr1: lo: <LOOPBACK, UP, LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 scope host lo inet6: 1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00: 50: 56: 84: 1f: 37 brd ff: ff inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0 in Et 192.168.1.220/32 scope global eth0 # The virtual IP inet 192.168.1.230/32 scope global eth0 inet6 fe80: 220: 56ff: fe84: 1f37/64 scope link valid_lft forever preferred_lft forever3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 # Start keepalived service on the BACKUP server [root @ BACKUP ~] # Service keepalived startstartstarting keepalived: [OK] # In the following query results, the virtual IP220 and 230 are displayed on the slave server [root @ HKBO ~] # Ip addr1: lo: <LOOPBACK, UP, LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 scope host lo inet6: 1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00: 50: 56: 84: 04: 2c brd ff: ff inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0 in Et6 fe80: 250: 56ff: fe84: 42c/64 scope link valid_lft forever preferred_lft forever3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 # disable the keepalived service on the MASTER service and check whether the vip will drift to the slave service [root @ MASTER ~] # Service keepalived stopstopstopping keepalived: [OK] [root @ MASTER ~] # Ip addr # After the command is disabled, you can see that the virtual IP addresses 220 and 230 do not exist on the master server 1: lo: <LOOPBACK, UP, LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 scope host lo inet6: 1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00: 50: 56: 84: 1f: 37 brd ff: ff inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0 inet6 fe80 :: 250: 56ff: fe84: 1f37/64 scope link valid_lft forever preferred_lft forever3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 # The drifting vip address is displayed on the slave server [root @ BACKUP ~] # Ip addr1: lo: <LOOPBACK, UP, LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 scope host lo inet6: 1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00: 50: 56: 84: 04: 2c brd ff: ff inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0 in Et 192.168.1.220/32 scope global eth0 inet 192.168.1.230/32 scope global eth0 inet6 fe80 :: 250: 56ff: fe84: 42c/64 scope link valid_lft forever preferred_lft forever3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 # If the keepalived service on the master server is started again, the vip will automatically drift to the master server without verification. # Author: Leshami # Blog: http://blog.csdn.net/leshami

6. Configure the dual-master keepalived

The keepalived mode of Dual-master is actually mutual master-slave mode to avoid single point of failure # configure master-slave keepalivedmascript: 192.168.1.65, VirtualIP: 192.168.1.220MasterB: 192.168.1.66, VirtualIP: 192.168.1.230 # Master, the following lists keepalived. conf difference section vrrp_instance VI_1 {state MASTER interface eth0 limit 51 priority 100 limit 1 authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {192.168.1.220} vrrp_instance VI_2 {state BACKUP interface eth0 limit 52 priority 90 limit 1 authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {192.168.1.230 }# standby, the following lists keepalived. conf difference section vrrp_instance VI_1 {state BACKUP interface eth0 limit 51 priority 90 limit 1 authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {192.168.1.220} vrrp_instance VI_2 {state MASTER interface eth0 limit 52 priority 100 limit 1 authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {192.168.1.230 }# as shown in the preceding configuration file, actually, a vrrp instance is added. # The verification process is omitted.

7. Compilation error No SO_MARK

# If the No SO_MARK error is encountered during compilation, as follows #. /configure checking for gcc... gccchecking whether the C compiler works... yeschecking for C compiler default output file name... a. outchecking for suffix of executables... checking whether we are cross compiling... nochecking for suffix of object files... o ........... checking for nl_socket_alloc in-lnl-3... nochecking for nl_socket_modify_cb in-lnl... noconfigure: WARNING: keepalived will be built without libnl support. checking for kernel version... 2.6.18checking for IPVS syncd support... yeschecking for kernel macvlan support... nochecking whether SO_MARK is declared... noconfigure: error: No SO_MARK declaration in headers # You can add the disable-fwmark parameter to solve -- disable-fwmark compile without SO_MARK support