1、下载源码包
cd /usr/local/src/ wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz
2、安装环境依赖包
yum -y install kernel-devel gcc make openssl-devel popt-devel libnl-devel
3、解压并编译安装keepalived服务
cd /usr/local/src/ tar xvf keepalived-1.2.7.tar.gz cd keepalived-1.2.7 ./configure --with-kernel-dir=/usr/src/kernels/2.6.32-71.el6.x86_64/ --prefix=/opt/keepalive make make install
4、配置运行环境
ln -s /opt/keepalive/etc/rc.d/init.d/keepalived /etc/init.d/ ln -s /opt/keepalive/etc/keepalived/ /etc/ ln -s /opt/keepalive/sbin/keepalived /usr/sbin/ ln -s /opt/keepalive/etc/sysconfig/keepalived /etc/sysconfig/ #设置开机自启动 chkconfig keepalived --add chkconfig keepalived --list chkconfig keepalived on
5、修改keepalived配置
cd /etc/keepalived/ cp keepalived.conf keepalived.conf-bak >keepalived.conf cat >> keepalived.conf << eof ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } #notification_email_from Alexandre.Cassen@firewall.loc #smtp_server 192.168.200.1 #smtp_connect_timeout 30 router_id LVS_DEVEL } #检测本机端口是否正常 vrrp_script chk_squid_port { script "</dev/tcp/127.0.0.1/8080" interval 1 } vrrp_instance VI_1 { state MASTER #MASTER主 备 BACKUP interface eth0 virtual_router_id 51 #主备必须一致 priority 100 # 主为100 备用 90 主备不相同 主的值大于备用 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.205.103.33 #配置虚ip地址 } #如果端口不正常,则keepalived 切换到备用 track_script { chk_squid_port } } eof
6、启动服务
service keepalived reload #修改keepalived.conf配置后重新加载 service keepalived start #启动keepalived service keepalived restart service keepalived stop
7、防火墙设置
-A INPUT -i eth0 -p vrrp -s 10.205.103.170 -j ACCEPT -A INPUT -d 224.0.0.0/8 -i eth0 -p vrrp -j ACCEPT -A OUTPUT -d 224.0.0.0/8 -o eth0 -p vrrp -j ACCEPT -A INPUT -p vrrp -j ACCEPT
***以下配置为测试过的squid代理+ss5+keepalived模式之keepalived配置***
! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } #notification_email_from Alexandre.Cassen@firewall.loc #smtp_server 192.168.200.1 #smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_squid_port { script "</dev/tcp/127.0.0.1/8080" interval 1 } vrrp_script chk_ss5_port { script "</dev/tcp/127.0.0.1/1080" interval 1 } vrrp_instance VI_1 { state MASTER interface eth2 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.0.6/24 } track_script { chk_squid_port } } vrrp_instance VI_2 { state BACKUP interface eth2 virtual_router_id 151 priority 70 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.0.7/24 } track_script { chk_ss5_port } }
转载于:https://blog.51cto.com/531117978/2311583