CentOS 5.9下安裝配置keepalived，centoskeepalived

CentOS 5.9下安裝配置keepalived，centoskeepalived

    keepalived是由C語言編寫的路由軟體，是lvs的擴充項目，主要用作RealServer的健康狀態檢查以及LoadBalance主機和BackUP主機之間failover的實現。keepalived是一個類似於layer3, 4 & 7交換器制的軟體，也就是我們平時說的第3層、第4層和第7層交換。本文主要介紹了其安裝過程供大家參考。

 

1、擷取安裝軟體
  ：http://www.keepalived.org/download.html
  可以直接下載最新的版本1.2.13，也可以通過wget自動下載
  # wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz

 

2、安裝前提

a、確保ipvs已經被安裝#如下，執行ipvsadm檢查ipvs是否已經安裝(當前大多數Linux預設已安裝)[root@HKBO ~]# ipvsadmIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn#檢查當前載入的核心模組，看是否存在ip_vs模組[root@HKBO ~]# lsmod|grep ip_vs ip_vs                 122113  0 b、安裝相應的依賴包# yum -y install gcc gcc-c++ gcc-g77 ncurses-devel bison libaio-devel \> cmake libnl* libpopt* popt-static openssl-devel

3、安裝keepalived 

[root@HKBO ~]# more /etc/issueCentOS release 5.9 (Final)# mkdir /usr/local/keepalived# cd /usr/local/src# wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz# tar -xvf keepalived-1.2.13.tar.gz # cd keepalived-1.2.13# ./configure --disable-fwmark --prefix=/usr/local/keepalived         ...............Keepalived configuration------------------------Keepalived version       : 1.2.13Compiler                 : gccCompiler flags           : -g -O2 -DETHERTYPE_IPV6=0x86ddExtra Lib                : -lssl -lcrypto -lcrypt Use IPVS Framework       : YesIPVS sync daemon support : YesIPVS use libnl           : Nofwmark socket support    : NoUse VRRP Framework       : YesUse VRRP VMAC            : NoSNMP support             : NoSHA1 support             : NoUse Debug flags          : No# make && make install# ls /usr/local/keepalived/  #查看安裝完成後，產生了4個目錄bin  etc  sbin  share# cd /usr/local/keepalived/etc[root@HKBO etc]# tree.|-- keepalived|   |-- keepalived.conf   #keepalived的配置範例|   `-- samples|       |-- client.pem|       |-- dh1024.pem|       |-- keepalived.conf.HTTP_GET.port|       |-- keepalived.conf.IPv6|       |-- keepalived.conf.SMTP_CHECK|       |-- keepalived.conf.SSL_GET|       |-- keepalived.conf.fwmark|       |-- keepalived.conf.inhibit|       |-- keepalived.conf.misc_check|       |-- keepalived.conf.misc_check_arg|       |-- keepalived.conf.quorum|       |-- keepalived.conf.sample|       |-- keepalived.conf.status_code|       |-- keepalived.conf.track_interface|       |-- keepalived.conf.virtual_server_group|       |-- keepalived.conf.virtualhost|       |-- keepalived.conf.vrrp|       |-- keepalived.conf.vrrp.localcheck|       |-- keepalived.conf.vrrp.lvs_syncd|       |-- keepalived.conf.vrrp.routes|       |-- keepalived.conf.vrrp.scripts|       |-- keepalived.conf.vrrp.static_ipaddress|       |-- keepalived.conf.vrrp.sync|       |-- root.pem|       `-- sample.misccheck.smbcheck.sh|-- rc.d|   `-- init.d|       `-- keepalived`-- sysconfig    `-- keepalived# cd /usr/local/keepalived/sbin# ./keepalived --help            #擷取keepalived的一些協助Usage: ./keepalived [OPTION...]  -f, --use-file=FILE          Use the specified configuration file  -P, --vrrp                   Only run with VRRP subsystem  -C, --check                  Only run with Health-checker subsystem  -l, --log-console            Log messages to local console  -D, --log-detail             Detailed log messages  -S, --log-facility=[0-7]     Set syslog facility to LOG_LOCAL[0-7]  -V, --dont-release-vrrp      Don't remove VRRP VIPs and VROUTEs on daemon stop  -I, --dont-release-ipvs      Don't remove IPVS topology on daemon stop  -R, --dont-respawn           Don't respawn child processes  -n, --dont-fork              Don't fork the daemon process  -d, --dump-conf              Dump the configuration data  -p, --pid=FILE               Use specified pidfile for parent process  -r, --vrrp_pid=FILE          Use specified pidfile for VRRP child process  -c, --checkers_pid=FILE      Use specified pidfile for checkers child process  -v, --version                Display the version number  -h, --help                   Display this help message# mkdir /etc/keepalived/# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/  # cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/# ln -s /usr/local/keepalived/sbin/keepalived /sbin/# service keepalived restartStopping keepalived: [FAILED]Starting keepalived: [  OK  ]# service keepalived statuskeepalived (pid  12092) is running...# chkconfig keepalived on# ip addr1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000    link/ether 00:50:56:84:04:2c brd ff:ff:ff:ff:ff:ff    inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0    inet 192.168.200.16/32 scope global eth0    inet 192.168.200.17/32 scope global eth0    inet 192.168.200.18/32 scope global eth0    inet6 fe80::250:56ff:fe84:42c/64 scope link        valid_lft forever preferred_lft forever3: sit0: <NOARP> mtu 1480 qdisc noop     link/sit 0.0.0.0 brd 0.0.0.0

4、有關keepalived.conf的配置項

[root@HKBO keepalived]# more keepalived.conf! Configuration File for keepalived#全域定義塊，包含郵件定義部分，global_defs {   notification_email {     acassen@firewall.loc     failover@firewall.loc     sysadmin@firewall.loc   }   notification_email_from Alexandre.Cassen@firewall.loc   smtp_server 192.168.200.1   smtp_connect_timeout 30   router_id LVS_DEVEL  //負載平衡器標識，在一個網路內，它應該是唯一的}#VRRP執行個體定義塊，負責負載平衡器之間的失敗切換vrrp_instance VI_1 {    state MASTER                       //只有MASTER和BACKUP 2種狀態，主為MASTER，從為BACKUP，使用大寫                                            interface eth0                     //監控的網路介面                                                   virtual_router_id 51               //同一執行個體下virtual_router_id必須相同                               priority 100                       //定義優先順序，數字越大，優先順序越高                                advert_int 1                       //MASTER與BACKUP負載平衡器之間同步檢查的時間間隔，單位是秒          authentication {                   //驗證類型和密碼                                                        auth_type PASS        auth_pass 1111    }    virtual_ipaddress {                //虛擬ip地址virtual_ipaddress,可以定義多個        192.168.200.16        192.168.200.17        192.168.200.18    }}#虛擬伺服器定義塊virtual_server 192.168.200.100 443 {                               //定義虛擬伺服器                                               delay_loop 6                                                   //delay_loop，健全狀態檢查時間間隔，單位是秒                                        lb_algo rr                                                     //負載調度演算法，這裡設定為rr，即輪詢演算法，互連網應用常使用wlc或rr                           lb_kind NAT                                                    //負載平衡轉寄規則。一般包括DR,NAT,TUN3種，在我的方案中，都使用DR的方式       nat_mask 255.255.255.0                                         //子網路遮罩          persistence_timeout 50                                         //會話保持時間，單位是秒（可以適當延長時間以保持session）                                    protocol TCP                                                   //轉寄協議類型，有tcp和udp兩種                                                                                         real_server 192.168.201.100 443 {                              //真實伺服器IP及連接埠                                                    weight 1                                                   //預設為1,0為失效                                  SSL_GET {                                                                               url {                                                                                 path /                                                                              digest ff20ad2481f97b1754ef3e12ecd3a9cc                                           }            url {              path /mrtg/              digest 9b3a0c85a887a256d6939da88aabd8cd            }            connect_timeout 3            nb_get_retry 3            delay_before_retry 3        }    }}virtual_server 10.10.10.2 1358 {    delay_loop 6    lb_algo rr     lb_kind NAT    persistence_timeout 50    protocol TCP    sorry_server 192.168.200.200 1358    real_server 192.168.200.2 1358 {        weight 1        HTTP_GET {            url {               path /testurl/test.jsp              digest 640205b7b0fc66c1ea91c463fac6334d            }            url {               path /testurl2/test.jsp              digest 640205b7b0fc66c1ea91c463fac6334d            }            url {               path /testurl3/test.jsp              digest 640205b7b0fc66c1ea91c463fac6334d            }            connect_timeout 3            nb_get_retry 3            delay_before_retry 3        }    }    real_server 192.168.200.3 1358 {        weight 1        HTTP_GET {            url {               path /testurl/test.jsp              digest 640205b7b0fc66c1ea91c463fac6334c            }            url {               path /testurl2/test.jsp              digest 640205b7b0fc66c1ea91c463fac6334c            }            connect_timeout 3            nb_get_retry 3            delay_before_retry 3        }    }}

5、配置主備keepalived

a、配置主備keepalived#主，以下主要列出keepalived.conf差異部分vrrp_instance VI_1 {    state MASTER    interface eth0    virtual_router_id 51    priority 100    advert_int 1    authentication {        auth_type PASS        auth_pass 1111    }    virtual_ipaddress {        192.168.1.220        192.168.1.230    }}#備，以下主要列出keepalived.conf差異部分vrrp_instance VI_1 {    state BACKUP     interface eth0    virtual_router_id 51    priority 90     advert_int 1    authentication {        auth_type PASS        auth_pass 1111    }    virtual_ipaddress {        192.168.1.220        192.168.1.230    }}b、測試主備keepalived#啟動主伺服器上的keepalived服務[root@MASTER ~]# service keepalived startStarting keepalived: [  OK  ][root@SZ-SYS-APP01 ~]# ip addr1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000    link/ether 00:50:56:84:1f:37 brd ff:ff:ff:ff:ff:ff    inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0    inet 192.168.1.220/32 scope global eth0    #可以看到220和230的虛IP    inet 192.168.1.230/32 scope global eth0    inet6 fe80::250:56ff:fe84:1f37/64 scope link        valid_lft forever preferred_lft forever3: sit0: <NOARP> mtu 1480 qdisc noop     link/sit 0.0.0.0 brd 0.0.0.0#啟動待命伺服器上的keepalived服務[root@BACKUP ~]# service keepalived startStarting keepalived: [  OK  ]#下面的查詢結果中，虛IP220和230並為出現在待命伺服器[root@HKBO ~]# ip addr1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000    link/ether 00:50:56:84:04:2c brd ff:ff:ff:ff:ff:ff    inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0    inet6 fe80::250:56ff:fe84:42c/64 scope link        valid_lft forever preferred_lft forever3: sit0: <NOARP> mtu 1480 qdisc noop     link/sit 0.0.0.0 brd 0.0.0.0#關閉主服務上的keepalived服務，觀察vip是否會漂移到備用服務        [root@MASTER ~]# service keepalived stopStopping keepalived: [  OK  ][root@MASTER ~]# ip addr    #關閉後，該命令可以看到220和230的虛IP已經不存在於主伺服器1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000    link/ether 00:50:56:84:1f:37 brd ff:ff:ff:ff:ff:ff    inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0    inet6 fe80::250:56ff:fe84:1f37/64 scope link        valid_lft forever preferred_lft forever3: sit0: <NOARP> mtu 1480 qdisc noop     link/sit 0.0.0.0 brd 0.0.0.0#此時在待命伺服器上查看到了漂移的vip地址[root@BACKUP ~]# ip addr1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000    link/ether 00:50:56:84:04:2c brd ff:ff:ff:ff:ff:ff    inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0    inet 192.168.1.220/32 scope global eth0    inet 192.168.1.230/32 scope global eth0    inet6 fe80::250:56ff:fe84:42c/64 scope link        valid_lft forever preferred_lft forever3: sit0: <NOARP> mtu 1480 qdisc noop     link/sit 0.0.0.0 brd 0.0.0.0#如果再次啟動主伺服器上的keepalived服務，則會vip自動漂移到主伺服器，不再驗證。#Author : Leshami#Blog   ：http://blog.csdn.net/leshami

6、配置雙主keepalived

雙主的keepalived方式實際上是互為主備，以避免單點故障#配置主備keepalivedMasterA: 192.168.1.65, VirtualIP: 192.168.1.220MasterB: 192.168.1.66, VirtualIP: 192.168.1.230#主，以下主要列出keepalived.conf差異部分vrrp_instance VI_1 {    state MASTER    interface eth0    virtual_router_id 51    priority 100    advert_int 1    authentication {        auth_type PASS        auth_pass 1111    }    virtual_ipaddress {        192.168.1.220    }}vrrp_instance VI_2 {    state BACKUP    interface eth0    virtual_router_id 52    priority 90    advert_int 1    authentication {        auth_type PASS        auth_pass 1111    }    virtual_ipaddress {        192.168.1.230    }}#備，以下主要列出keepalived.conf差異部分vrrp_instance VI_1 {    state BACKUP    interface eth0    virtual_router_id 51    priority 90    advert_int 1    authentication {        auth_type PASS        auth_pass 1111    }    virtual_ipaddress {        192.168.1.220    }}vrrp_instance VI_2 {    state MASTER    interface eth0    virtual_router_id 52    priority 100    advert_int 1    authentication {        auth_type PASS        auth_pass 1111    }    virtual_ipaddress {        192.168.1.230    }}#從上面的設定檔中可以看出，實際上是增加了一個vrrp執行個體#驗證過程略

7、編譯時間的錯誤No SO_MARK               

#如果在編譯時間碰到了No SO_MARK錯誤，如下# ./configure checking for gcc... gccchecking whether the C compiler works... yeschecking for C compiler default output file name... a.outchecking for suffix of executables... checking whether we are cross compiling... nochecking for suffix of object files... o          ...........checking for nl_socket_alloc in -lnl-3... nochecking for nl_socket_modify_cb in -lnl... noconfigure: WARNING: keepalived will be built without libnl support.checking for kernel version... 2.6.18checking for IPVS syncd support... yeschecking for kernel macvlan support... nochecking whether SO_MARK is declared... noconfigure: error: No SO_MARK declaration in headers#可以通過增加disable-fwmark參數來解決--disable-fwmark        compile without SO_MARK support