阿里云-云小站(无限量代金券发放中)
【腾讯云】云服务器、云数据库、COS、CDN、短信等热卖云产品特惠抢购

CentOS 5.9下安装配置Keepalived

153次阅读
没有评论

共计 12667 个字符,预计需要花费 32 分钟才能阅读完成。

Keepalived 是由 C 语言编写的路由软件,是 lvs 的扩展项目,主要用作 RealServer 的健康状态检查以及 LoadBalance 主机和 BackUP 主机之间 failover 的实现。keepalived 是一个类似于 layer3, 4 & 7 交换机制的软件,也就是我们平时说的第 3 层、第 4 层和第 7 层交换。本文主要介绍了其安装过程供大家参考。

1、获取安装软件

下载地址:http://www.keepalived.org/download.html

可以直接下载最新的版本 1.2.13,也可以通过 wget 自动下载

# wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz

2、安装前提

a、确保 ipvs 已经被安装
# 如下,执行 ipvsadm 检查 ipvs 是否已经安装 (当前大多数 Linux 缺省已安装)
[root@HKBO ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port          Forward Weight ActiveConn InActConn

# 检查当前加载的内核模块,看是否存在 ip_vs 模块
[root@HKBO ~]# lsmod|grep ip_vs
ip_vs                122113  0

b、安装相应的依赖包
# yum -y install gcc gcc-c++ gcc-g77 ncurses-devel bison libaio-devel \
> cmake libnl* libpopt* popt-static openssl-devel

3、安装 keepalived 

[root@HKBO ~]# more /etc/issue
CentOS release 5.9 (Final)

# mkdir /usr/local/keepalived
# cd /usr/local/src
# wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz
# tar -xvf keepalived-1.2.13.tar.gz
# cd keepalived-1.2.13
# ./configure –disable-fwmark –prefix=/usr/local/keepalived
        ……………
Keepalived configuration
————————
Keepalived version      : 1.2.13
Compiler                : gcc
Compiler flags          : -g -O2 -DETHERTYPE_IPV6=0x86dd
Extra Lib                : -lssl -lcrypto -lcrypt
Use IPVS Framework      : Yes
IPVS sync daemon support : Yes
IPVS use libnl          : No
fwmark socket support    : No
Use VRRP Framework      : Yes
Use VRRP VMAC            : No
SNMP support            : No
SHA1 support            : No
Use Debug flags          : No

# make && make install
# ls /usr/local/keepalived/  #查看安装完成后,生成了 4 个目录
bin  etc  sbin  share

# cd /usr/local/keepalived/etc
[root@HKBO etc]# tree
.
|– keepalived
|  |– keepalived.conf  #keepalived 的配置样例
|  `– samples
|      |– client.pem
|      |– dh1024.pem
|      |– keepalived.conf.HTTP_GET.port
|      |– keepalived.conf.IPv6
|      |– keepalived.conf.SMTP_CHECK
|      |– keepalived.conf.SSL_GET
|      |– keepalived.conf.fwmark
|      |– keepalived.conf.inhibit
|      |– keepalived.conf.misc_check
|      |– keepalived.conf.misc_check_arg
|      |– keepalived.conf.quorum
|      |– keepalived.conf.sample
|      |– keepalived.conf.status_code
|      |– keepalived.conf.track_interface
|      |– keepalived.conf.virtual_server_group
|      |– keepalived.conf.virtualhost
|      |– keepalived.conf.vrrp
|      |– keepalived.conf.vrrp.localcheck
|      |– keepalived.conf.vrrp.lvs_syncd
|      |– keepalived.conf.vrrp.routes
|      |– keepalived.conf.vrrp.scripts
|      |– keepalived.conf.vrrp.static_ipaddress
|      |– keepalived.conf.vrrp.sync
|      |– root.pem
|      `– sample.misccheck.smbcheck.sh
|– rc.d
|  `– init.d
|      `– keepalived
`– sysconfig
    `– keepalived

# cd /usr/local/keepalived/sbin
# ./keepalived –help            #获取 keepalived 的一些帮助
Usage: ./keepalived [OPTION…]
  -f, –use-file=FILE          Use the specified configuration file
  -P, –vrrp                  Only run with VRRP subsystem
  -C, –check                  Only run with Health-checker subsystem
  -l, –log-console            Log messages to local console
  -D, –log-detail            Detailed log messages
  -S, –log-facility=[0-7]    Set syslog facility to LOG_LOCAL[0-7]
  -V, –dont-release-vrrp      Don’t remove VRRP VIPs and VROUTEs on daemon stop
  -I, –dont-release-ipvs      Don’t remove IPVS topology on daemon stop
  -R, –dont-respawn          Don’t respawn child processes
  -n, –dont-fork              Don’t fork the daemon process
  -d, –dump-conf              Dump the configuration data
  -p, –pid=FILE              Use specified pidfile for parent process
  -r, –vrrp_pid=FILE          Use specified pidfile for VRRP child process
  -c, –checkers_pid=FILE      Use specified pidfile for checkers child process
  -v, –version                Display the version number
  -h, –help                  Display this help message

# mkdir /etc/keepalived/
# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ 
# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
# ln -s /usr/local/keepalived/sbin/keepalived /sbin/

# service keepalived restart
Stopping keepalived: [FAILED]
Starting keepalived: [OK]

# service keepalived status
keepalived (pid  12092) is running…

# chkconfig keepalived on

# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:50:56:84:04:2c brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0
    inet 192.168.200.16/32 scope global eth0
    inet 192.168.200.17/32 scope global eth0
    inet 192.168.200.18/32 scope global eth0
    inet6 fe80::250:56ff:fe84:42c/64 scope link
      valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0

4、有关 keepalived.conf 的配置项

[root@HKBO keepalived]# more keepalived.conf
! Configuration File for keepalived

# 全局定义块,包含邮件定义部分,
global_defs {
  notification_email {
    acassen@firewall.loc
    failover@firewall.loc
    sysadmin@firewall.loc
  }
  notification_email_from Alexandre.Cassen@firewall.loc
  smtp_server 192.168.200.1
  smtp_connect_timeout 30
  router_id LVS_DEVEL  // 负载均衡器标识,在一个网络内,它应该是唯一的
}

#VRRP 实例定义块,负责负载均衡器之间的失败切换
vrrp_instance VI_1 {
    state MASTER                      // 只有 MASTER 和 BACKUP 2 种状态,主为 MASTER,从为 BACKUP,使用大写                                       
    interface eth0                    // 监控的网络接口                                             
    virtual_router_id 51              // 同一实例下 virtual_router_id 必须相同                         
    priority 100                      // 定义优先级,数字越大,优先级越高                           
    advert_int 1                      //MASTER 与 BACKUP 负载均衡器之间同步检查的时间间隔,单位是秒     
    authentication {// 验证类型和密码                                               
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {// 虚拟 ip 地址 virtual_ipaddress, 可以定义多个
        192.168.200.16
        192.168.200.17
        192.168.200.18
    }
}

# 虚拟服务器定义块
virtual_server 192.168.200.100 443 {// 定义虚拟服务器                                         
    delay_loop 6                                                  //delay_loop,健康检查时间间隔,单位是秒                                   
    lb_algo rr                                                    // 负载调度算法,这里设置为 rr,即轮询算法,互联网应用常使用 wlc 或 rr                     
    lb_kind NAT                                                    // 负载均衡转发规则。一般包括 DR,NAT,TUN3 种,在我的方案中,都使用 DR 的方式 
    nat_mask 255.255.255.0                                        // 子网掩码     
    persistence_timeout 50                                        // 会话保持时间,单位是秒(可以适当延长时间以保持 session)
    protocol TCP                                                  // 转发协议类型,有 tcp 和 udp 两种
                                                                                   
    real_server 192.168.201.100 443 {// 真实服务器 IP 及端口                                           
        weight 1                                                  // 默认为 1,0 为失效                         
        SSL_GET {
            url {
              path /                                                               
              digest ff20ad2481f97b1754ef3e12ecd3a9cc                             
            }
            url {
              path /mrtg/
              digest 9b3a0c85a887a256d6939da88aabd8cd
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

virtual_server 10.10.10.2 1358 {
    delay_loop 6
    lb_algo rr
    lb_kind NAT
    persistence_timeout 50
    protocol TCP

    sorry_server 192.168.200.200 1358

    real_server 192.168.200.2 1358 {
        weight 1
        HTTP_GET {
            url {
              path /testurl/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl2/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl3/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.200.3 1358 {
        weight 1
        HTTP_GET {
            url {
              path /testurl/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334c
            }
            url {
              path /testurl2/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334c
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

5、配置主备 keepalived

a、配置主备 keepalived
# 主,以下主要列出 keepalived.conf 差异部分
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.220
        192.168.1.230
    }
}

# 备,以下主要列出 keepalived.conf 差异部分
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.220
        192.168.1.230
    }
}

b、测试主备 keepalived
# 启动主服务器上的 keepalived 服务
[root@MASTER ~]# service keepalived start
Starting keepalived: [OK]

[root@SZ-SYS-APP01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:50:56:84:1f:37 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0
    inet 192.168.1.220/32 scope global eth0    #可以看到 220 和 230 的虚 IP
    inet 192.168.1.230/32 scope global eth0
    inet6 fe80::250:56ff:fe84:1f37/64 scope link
      valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0

# 启动备用服务器上的 keepalived 服务
[root@BACKUP ~]# service keepalived start
Starting keepalived: [OK]
# 下面的查询结果中,虚 IP220 和 230 并为出现在备用服务器
[root@HKBO ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:50:56:84:04:2c brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0
    inet6 fe80::250:56ff:fe84:42c/64 scope link
      valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0

# 关闭主服务上的 keepalived 服务,观察 vip 是否会漂移到备用服务       
[root@MASTER ~]# service keepalived stop
Stopping keepalived: [OK]
[root@MASTER ~]# ip addr    #关闭后,该命令可以看到 220 和 230 的虚 IP 已经不存在于主服务器
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:50:56:84:1f:37 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0
    inet6 fe80::250:56ff:fe84:1f37/64 scope link
      valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0

# 此时在备用服务器上查看到了漂移的 vip 地址
[root@BACKUP ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:50:56:84:04:2c brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0
    inet 192.168.1.220/32 scope global eth0
    inet 192.168.1.230/32 scope global eth0
    inet6 fe80::250:56ff:fe84:42c/64 scope link
      valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0

# 如果再次启动主服务器上的 keepalived 服务,则会 vip 自动漂移到主服务器,不再验证。
#Author : Leshami
#Blog:http://www.linuxidc.com

6、配置双主 keepalived

双主的 keepalived 方式实际上是互为主备,以避免单点故障
# 配置主备 keepalived
MasterA: 192.168.1.65, VirtualIP: 192.168.1.220
MasterB: 192.168.1.66, VirtualIP: 192.168.1.230
# 主,以下主要列出 keepalived.conf 差异部分
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.220
    }
}

vrrp_instance VI_2 {
    state BACKUP
    interface eth0
    virtual_router_id 52
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.230
    }
}

# 备,以下主要列出 keepalived.conf 差异部分
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.220
    }
}

vrrp_instance VI_2 {
    state MASTER
    interface eth0
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.230
    }
}

# 从上面的配置文件中可以看出,实际上是增加了一个 vrrp 实例
# 验证过程略

7、编译时的错误 No SO_MARK

# 如果在编译时碰到了 No SO_MARK 错误,如下
# ./configure
checking for gcc… gcc
checking whether the C compiler works… yes
checking for C compiler default output file name… a.out
checking for suffix of executables…
checking whether we are cross compiling… no
checking for suffix of object files… o
          ………..
checking for nl_socket_alloc in -lnl-3… no
checking for nl_socket_modify_cb in -lnl… no
configure: WARNING: keepalived will be built without libnl support.
checking for kernel version… 2.6.18
checking for IPVS syncd support… yes
checking for kernel macvlan support… no
checking whether SO_MARK is declared… no
configure: error: No SO_MARK declaration in headers

# 可以通过增加 disable-fwmark 参数来解决
–disable-fwmark        compile without SO_MARK support

CentOS 6.3 下 Haproxy+Keepalived+Apache 配置笔记 http://www.linuxidc.com/Linux/2013-06/85598.htm

Haproxy + KeepAlived 实现 WEB 群集 on CentOS 6 http://www.linuxidc.com/Linux/2012-03/55672.htm

Keepalived+Haproxy 配置高可用负载均衡 http://www.linuxidc.com/Linux/2012-03/56748.htm

Haproxy+Keepalived 构建高可用负载均衡 http://www.linuxidc.com/Linux/2012-03/55880.htm

CentOS 7 上配置 LVS + Keepalived + ipvsadm http://www.linuxidc.com/Linux/2014-11/109237.htm

Keepalived 高可用集群搭建 http://www.linuxidc.com/Linux/2014-09/106965.htm

Keepalived 的详细介绍 :请点这里
Keepalived 的下载地址 :请点这里

正文完
星哥说事-微信公众号
post-qrcode
 
星锅
版权声明:本站原创文章,由 星锅 2022-01-20发表,共计12667字。
转载说明:除特殊说明外本站文章皆由CC-4.0协议发布,转载请注明出处。
【腾讯云】推广者专属福利,新客户无门槛领取总价值高达2860元代金券,每种代金券限量500张,先到先得。
阿里云-最新活动爆款每日限量供应
评论(没有评论)
验证码
【腾讯云】云服务器、云数据库、COS、CDN、短信等云产品特惠热卖中