一、下载安装
http://www.keepalived.org/software/keepalived-1.4.2.tar.gz
1、操作系统:CentOS 7.4,先确保安装了openssl,安装方法:
yum -y install openssl-devel
没有OpenSSL的话,configure会报错:
!!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files.2、解压编译
tar -zxf keepalived-1.4.2.tar.gz
chmod -R 777 keepalived-1.4.2
cd keepalived-1.4.2./configure #默认安装
make
make install
会在以下路径生成:
/usr/local/etc/keepalived/keepalived.conf
/usr/local/etc/sysconfig/keepalived
/usr/local/sbin/keepalived
然后我们需要手动做以下事情:
1、mkdir /etc/keepalived #新建文件夹
再把/usr/local/etc/keepalived/keepalived.conf拷贝到/etc/keepalived/keepalived.conf,
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
内容修改为:
- ! Configuration File for keepalived
- global_defs {
- notification_email { #指定Keepalived在发生事情的时候,发送邮件通知,每行一个地址
- acassen@firewall.loc
- failover@firewall.loc
- sysadmin@firewall.loc
- }
- notification_email_from Alexandre.Cassen@firewall.loc #指定发件人
- smtp_server 192.168.200.1 #发送email的smtp地址
- smtp_connect_timeout 30 #超时时间
- router_id lb01 #运行Keepalived的机器标识号,主从机必须不同
- ##vrrp_skip_check_adv_addr #注释掉vrrp_strict相关是为了解决虚拟ip,ping不通的问题
- ##vrrp_strict
- ##vrrp_garp_interval 0
- ##vrrp_gna_interval 0
- }
- vrrp_instance VI_1 {
- state MASTER
- interface ens33 #物理网卡名称,主节点和备节点需要相同
- virtual_router_id 100 #唯一的id,主从机必须相同
- priority 150 #优先级,主节点大于备节点,建议至少相差50
- advert_int 1 #通信检查间隔时间1s
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 172.16.6.200 #虚拟ip,会绑定在ens33网卡
- }
- }
注意:配置keepalived后发现虚拟ip ping不通的解决办法,vim /etc/keepalived/keepalived.conf。把vrrp_strict相关的语句注释就可以了。
2、在路径/etc/init.d/下新建keepalived.sh脚本,内容如下,重点关注exec和sysconfig的路径要对的上:
- #!/bin/sh
- #
- # keepalived High Availability monitor built upon LVS and VRRP
- #
- # chkconfig: - 86 14
- # description: Robust keepalive facility to the Linux Virtual Server project \
- # with multilayer TCP/IP stack checks.
- ### BEGIN INIT INFO
- # Provides: keepalived
- # Required-Start: $local_fs $network $named $syslog
- # Required-Stop: $local_fs $network $named $syslog
- # Should-Start: smtpdaemon httpd
- # Should-Stop: smtpdaemon httpd
- # Default-Start:
- # Default-Stop: 0 1 2 3 4 5 6
- # Short-Description: High Availability monitor built upon LVS and VRRP
- # Description: Robust keepalive facility to the Linux Virtual Server
- # project with multilayer TCP/IP stack checks.
- ### END INIT INFO
- # Source function library.
- . /etc/rc.d/init.d/functions
- exec="/usr/local/sbin/keepalived"
- prog="keepalived"
- config="/etc/keepalived/keepalived.conf"
- [ -e /usr/local/etc/sysconfig/$prog ] && /usr/local/etc/sysconfig/$prog
- lockfile=/var/lock/subsys/keepalived
- start() {
- [ -x $exec ] || exit 5
- [ -e $config ] || exit 6
- echo -n $"Starting $prog: "
- daemon $exec $KEEPALIVED_OPTIONS
- retval=$?
- echo
- [ $retval -eq 0 ] && touch $lockfile
- return $retval
- }
- stop() {
- echo -n $"Stopping $prog: "
- killproc $prog
- retval=$?
- echo
- [ $retval -eq 0 ] && rm -f $lockfile
- return $retval
- }
- restart() {
- stop
- start
- }
- reload() {
- echo -n $"Reloading $prog: "
- killproc $prog -1
- retval=$?
- echo
- return $retval
- }
- force_reload() {
- restart
- }
- rh_status() {
- status $prog
- }
- rh_status_q() {
- rh_status &>/dev/null
- }
- case "$1" in
- start)
- rh_status_q && exit 0
- $1
- ;;
- stop)
- rh_status_q || exit 0
- $1
- ;;
- restart)
- $1
- ;;
- reload)
- rh_status_q || exit 7
- $1
- ;;
- force-reload)
- force_reload
- ;;
- status)
- rh_status
- ;;
- condrestart|try-restart)
- rh_status_q || exit 0
- restart
- ;;
- *)
- echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
- exit 2
- esac
- exit $?
二、运行测试
1、获得权限
chmod a+x /etc/init.d/keepalived
chmod a+x /usr/local/etc/sysconfig/keepalivedchmod a+x /usr/local/sbin/keepalived
2、启动
/etc/init.d/keepalived start
或者 service keepalived start
启动后,可以通过以下命令来查看是否安装正确,启动后有3个keepalive进程表示正确:
- [root@localhost init.d]# ps -ef|grep keep|grep -v grep
- root 20163 1 0 10:03 ? 00:00:00 /usr/local/sbin/keepalived -D
- root 20164 20163 0 10:03 ? 00:00:00 /usr/local/sbin/keepalived -D
- root 20165 20163 0 10:03 ? 00:00:00 /usr/local/sbin/keepalived -D
- [root@localhost ~]# ip add|grep 172.16
- inet 172.16.6.161/24 brd 172.16.6.255 scope global ens33
- inet 172.16.6.200/32 scope global ens33
ifconfig只能查看物理网卡,ip addr或者ip a才能看见虚拟ip,172.16.6.161是真实ip,172.16.6.200是虚拟ip
- [root@localhost init.d]# ip addr
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
- link/ether 00:0c:29:b9:7b:31 brd ff:ff:ff:ff:ff:ff
- inet 172.16.6.161/24 brd 172.16.6.255 scope global ens33
- valid_lft forever preferred_lft forever
- inet 172.16.6.200/32 scope global ens33
- valid_lft forever preferred_lft forever
- inet6 fe80::2176:1363:975e:6c17/64 scope link
- valid_lft forever preferred_lft forever
3、停止
/etc/init.d/keepalived stop
或者 service keepalived stop
4、通过终端命令来查看虚拟ip是否生效存在:
正确状态下,主机会生效,命令有返回查询结果;备机不生效,命令无查询结果。
主机异常时,备机才生效。
也就是说,正常两个主机启动keepalived的时候,应该是master 绑定了虚拟ip。通过命令 ip a 和ip add|grep 172.16.6.200,只有在master机器上能看到绑定的虚拟ip,而backup上是看不到的。
- [root@localhost ~]# ip add|grep 172.16.6.200
- inet 172.16.6.200/32 scope global ens33
5、本人的实测环境是:在一台电脑开了2个CentOS 7虚拟机,ip分别是
主服务器A:172.16.6.161
备服务器B:172.16.6.135
防火墙处于关闭状态,我通过service keepalived stop命令来测试主备的变化。
按照以上的配置信息,我现在遇到的问题:两个keepalived启动的时候,通过命令ip a和ip add|grep 172.16.6.200, 都能看到绑定了虚拟ip,相当于两台都是master,那怎么办呢?
出现这问题的场景是在服务器网络环境中,因为路由交换层禁用了ARP的广播限制,造成KEEPALIVE主备协议无法通过广播的方式进行通信,造成主备两台服务器都强占HAVIP地址,出现同时两台服务器都有VIP地址的情况出现,必须通过配置来指定IP的两台服务器间进行通讯。也就是说主备vvrp直接无法通信的原因,改成单播就ok了:
主机配置keepalived.conf如下,重点关注unicast_src_ip和unicast_peer字段。
- ! Configuration File for keepalived
- global_defs {
- notification_email { #指定Keepalived在发生事情的时候,发送邮件通知,每行一个地址
- acassen@firewall.loc
- failover@firewall.loc
- sysadmin@firewall.loc
- }
- notification_email_from Alexandre.Cassen@firewall.loc #指定发件人
- smtp_server 192.168.200.1 #发送email的smtp地址
- smtp_connect_timeout 30 #超时时间
- router_id lb01 #运行Keepalived的机器标识号,主从机必须不同
- ##vrrp_skip_check_adv_addr #注释掉vrrp_strict相关是为了解决虚拟ip,ping不通的问题
- ##vrrp_strict
- ##vrrp_garp_interval 0
- ##vrrp_gna_interval 0
- }
- vrrp_instance VI_1 {
- state MASTER
- interface ens33 #物理网卡名称,主节点和备节点需要相同
- virtual_router_id 100 #唯一的id,主从机必须相同
- priority 150 #优先级,主节点大于备节点,建议至少相差50
- unicast_src_ip 172.16.6.161 #本地IP地址
- unicast_peer {
- 172.16.6.135 #对端IP地址,此地址一定不能忘记
- }
- advert_int 1 #通信检查间隔时间1s
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 172.16.6.200 #虚拟ip,会绑定在ens33网卡
- }
- }
备机配置keepalived.conf如下,重点关注unicast_src_ip和unicast_peer字段。
- ! Configuration File for keepalived
- global_defs {
- notification_email { #指定Keepalived在发生事情的时候,发送邮件通知,每行一个地址
- acassen@firewall.loc
- failover@firewall.loc
- sysadmin@firewall.loc
- }
- notification_email_from Alexandre.Cassen@firewall.loc #指定发件人
- smtp_server 192.168.200.1 #发送email的smtp地址
- smtp_connect_timeout 30 #超时时间
- router_id lb02 #运行Keepalived的机器标识号,主从机必须不同
- ##vrrp_skip_check_adv_addr #注释掉vrrp_strict相关是为了解决虚拟ip,ping不通的问题
- ##vrrp_strict
- ##vrrp_garp_interval 0
- ##vrrp_gna_interval 0
- }
- vrrp_instance VI_1 {
- state BACKUP
- interface ens33 #物理网卡名称,主节点和备节点需要相同
- virtual_router_id 100 #唯一的id,主从机必须相同
- priority 100 #优先级,主节点大于备节点,建议至少相差50
- unicast_src_ip 172.16.6.135 #本地IP地址
- unicast_peer {
- 172.16.6.161 #对端IP地址,此地址一定不能忘记
- }
- advert_int 1 #通信检查间隔时间1s
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 172.16.6.200 #虚拟ip,会绑定在ens33网卡
- }
- }
6、如果开启firewall防火墙,则记得要放行VRRP默认的多播地址224.0.0.18,centos7下面改firewall防火墙命令如下:
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface ens33 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --reload