Keepalived is a routing software written in C language. It is an extended project of lvs. It is mainly used for the health check of RealServer and the implementation of failover between LoadBalance and BackUP hosts. Keepalived is a software similar to layer3, 4 & 7 exchange mechanism, which is what we usually call layer 3, layer 4 and layer 7 switching. This article mainly introduces its installation process for your reference.
1、 Obtain installation software
Download link: http://www.keepalived.org/download.html
You can download the latest version 1.2.13 directly, or you can download it automatically through wget
# wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz
2、 Installation prerequisites
a. Ensure that ipvs has been installed
# As follows, execute ipvsadm to check whether ipvs has been installed(Currently most Linux is installed by default)[root@HKBO ~]# ipvsadm
IP Virtual Server version 1.2.1(size=4096)
Prot LocalAddress:Port Scheduler Flags
- > RemoteAddress:Port Forward Weight ActiveConn InActConn
# Check the currently loaded kernel module to see if there is ip_vs module
[ root@HKBO ~]# lsmod|grep ip_vs
ip_vs 1221130
b. Install the corresponding dependency package
# yum -y install gcc gcc-c++ gcc-g77 ncurses-devel bison libaio-devel \
> cmake libnl* libpopt* popt-static openssl-devel
3、 Install keepalived
[ root@HKBO ~]# more /etc/issue
CentOS release 5.9(Final)
# mkdir /usr/local/keepalived
# cd /usr/local/src
# wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz
# tar -xvf keepalived-1.2.13.tar.gz
# cd keepalived-1.2.13
# . /configure --disable-fwmark --prefix=/usr/local/keepalived
...............
Keepalived configuration
------------------------
Keepalived version :1.2.13
Compiler : gcc
Compiler flags :-g -O2 -DETHERTYPE_IPV6=0x86dd
Extra Lib :-lssl -lcrypto -lcrypt
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : No
fwmark socket support : No
Use VRRP Framework : Yes
Use VRRP VMAC : No
SNMP support : No
SHA1 support : No
Use Debug flags : No
# make && make install
# ls /usr/local/keepalived/ #After the installation is complete, 4 directories are generated
bin etc sbin share
# cd /usr/local/keepalived/etc
[ root@HKBO etc]# tree
.|- - keepalived
||- - keepalived.conf #Configuration example of keepalived
|`- - samples
| |- - client.pem
| |- - dh1024.pem
| |- - keepalived.conf.HTTP_GET.port
| |- - keepalived.conf.IPv6
| |- - keepalived.conf.SMTP_CHECK
| |- - keepalived.conf.SSL_GET
| |- - keepalived.conf.fwmark
| |- - keepalived.conf.inhibit
| |- - keepalived.conf.misc_check
| |- - keepalived.conf.misc_check_arg
| |- - keepalived.conf.quorum
| |- - keepalived.conf.sample
| |- - keepalived.conf.status_code
| |- - keepalived.conf.track_interface
| |- - keepalived.conf.virtual_server_group
| |- - keepalived.conf.virtualhost
| |- - keepalived.conf.vrrp
| |- - keepalived.conf.vrrp.localcheck
| |- - keepalived.conf.vrrp.lvs_syncd
| |- - keepalived.conf.vrrp.routes
| |- - keepalived.conf.vrrp.scripts
| |- - keepalived.conf.vrrp.static_ipaddress
| |- - keepalived.conf.vrrp.sync
| |- - root.pem
| `- - sample.misccheck.smbcheck.sh
|- - rc.d
|`- - init.d
| `- - keepalived
`- - sysconfig
`- - keepalived
# cd /usr/local/keepalived/sbin
# . /keepalived --help #Get some help with keepalived
Usage:./keepalived [OPTION...]-f,--use-file=FILE Use the specified configuration file
- P,--vrrp Only run with VRRP subsystem
- C,--check Only run with Health-checker subsystem
- l,--log-console Log messages to local console
- D,--log-detail Detailed log messages
- S,--log-facility=[0-7] Set syslog facility to LOG_LOCAL[0-7]-V,--dont-release-vrrp Don't remove VRRP VIPs and VROUTEs on daemon stop
- I,--dont-release-ipvs Don't remove IPVS topology on daemon stop
- R,--dont-respawn Don't respawn child processes
- n,--dont-fork Don't fork the daemon process
- d,--dump-conf Dump the configuration data
- p,--pid=FILE Use specified pidfile for parent process
- r,--vrrp_pid=FILE Use specified pidfile for VRRP child process
- c,--checkers_pid=FILE Use specified pidfile for checkers child process
- v,--version Display the version number
- h,--help Display this help message
# mkdir /etc/keepalived/
# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
# service keepalived restart
Stopping keepalived:[FAILED]
Starting keepalived:[ OK ]
# service keepalived status
keepalived(pid 12092) is running...
# chkconfig keepalived on
# ip addr
1: lo:<LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:84:04:2c brd ff:ff:ff:ff:ff:ff
inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0
inet 192.168.200.16/32 scope global eth0
inet 192.168.200.17/32 scope global eth0
inet 192.168.200.18/32 scope global eth0
inet6 fe80::250:56ff:fe84:42c/64 scope link
valid_lft forever preferred_lft forever
3: sit0:<NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
4、 Configuration items related to keepalived.conf
[ root@HKBO keepalived]# more keepalived.conf
! Configuration File for keepalived
# The global definition block contains the mail definition part,
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL //Load balancer identifier, it should be unique within a network}
# VRRP instance definition block, responsible for failover between load balancers
vrrp_instance VI_1 {
state MASTER //There are only two states of MASTER and BACKUP, the master is MASTER, the slave is BACKUP, use uppercase interfaceeth0//Monitored network interface
virtual_router_id 51//Virtual under the same instance_router_id must be the same
priority 100//Define the priority, the higher the number, the higher the priority
advert_int 1//The time interval of synchronization check between MASTER and BACKUP load balancer, in seconds
authentication {//Authentication type and password
auth_type PASS
auth_pass 1111}
virtual_ipaddress {//Virtual ip address virtual_ipaddress,You can define more than 192.168.200.16192.168.200.17192.168.200.18}}
# Virtual server definition block
virtual_server 192.168.200.100443{//Define virtual server
delay_loop 6//delay_loop, the health check interval, in seconds
lb_algo rr //Load scheduling algorithm, here is set to rr, that is, the polling algorithm, Internet applications often use wlc or rr
lb_kind NAT //Load balancing forwarding rules. Generally includes DR,NAT,TUN 3 kinds, in my plan, all use DR
nat_mask 255.255.255.0//Subnet mask
persistence_timeout 50//Session retention time, in seconds (you can extend the time appropriately to maintain the session)
protocol TCP //Forwarding protocol type, there are two kinds of tcp and udp
real_server 192.168.201.100443{//Real server IP and port
weight 1//Default is 1,0 is invalid
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3}}}
virtual_server 10.10.10.21358{
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
sorry_server 192.168.200.2001358
real_server 192.168.200.21358{
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3}}
real_server 192.168.200.31358{
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3}}}
5、 Configure active and standby keepalived
a, configure active and standby keepalived
# Main, keepalived is mainly listed below.conf difference part
vrrp_instance VI_1 {
state MASTER
interfaceeth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111}
virtual_ipaddress {192.168.1.220192.168.1.230}}
# Prepared, the following mainly lists keepalived.conf difference part
vrrp_instance VI_1 {
state BACKUP
interfaceeth0
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111}
virtual_ipaddress {192.168.1.220192.168.1.230}}
b, test the main and standby keepalived
# Start the keepalived service on the main server
[ root@MASTER ~]# service keepalived start
Starting keepalived:[ OK ][root@SZ-SYS-APP01 ~]# ip addr
1: lo:<LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:84:1f:37 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.220/32 scope global eth0 #You can see the virtual IP of 220 and 230
inet 192.168.1.230/32 scope global eth0
inet6 fe80::250:56ff:fe84:1f37/64 scope link
valid_lft forever preferred_lft forever
3: sit0:<NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
# Start the keepalived service on the standby server
[ root@BACKUP ~]# service keepalived start
Starting keepalived:[ OK ]
# In the query result below, the virtual IP 220 and 230 do not appear on the backup server
[ root@HKBO ~]# ip addr
1: lo:<LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:84:04:2c brd ff:ff:ff:ff:ff:ff
inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0
inet6 fe80::250:56ff:fe84:42c/64 scope link
valid_lft forever preferred_lft forever
3: sit0:<NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
# Close the keepalived service on the main service and observe whether the VIP will drift to the backup service
[ root@MASTER ~]# service keepalived stop
Stopping keepalived:[ OK ][root@MASTER ~]# ip addr #After closing, the command can see that the virtual IPs of 220 and 230 no longer exist in the main server
1: lo:<LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:84:1f:37 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0
inet6 fe80::250:56ff:fe84:1f37/64 scope link
valid_lft forever preferred_lft forever
3: sit0:<NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
# At this time, the drifting VIP address was viewed on the standby server
[ root@BACKUP ~]# ip addr
1: lo:<LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:84:04:2c brd ff:ff:ff:ff:ff:ff
inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.220/32 scope global eth0
inet 192.168.1.230/32 scope global eth0
inet6 fe80::250:56ff:fe84:42c/64 scope link
valid_lft forever preferred_lft forever
3: sit0:<NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
# If the keepalived service on the main server is started again, the vip will automatically drift to the main server without verification.
# Author : Leshami
# Blog :http://blog.csdn.net/leshami
6、 Configure dual master keepalived
The dual-master keepalived mode is actually the master and backup of each other to avoid a single point of failure
# Configure active and standby keepalived
MasterA:192.168.1.65, VirtualIP:192.168.1.220
MasterB:192.168.1.66, VirtualIP:192.168.1.230
# Main, keepalived is mainly listed below.conf difference part
vrrp_instance VI_1 {
state MASTER
interfaceeth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111}
virtual_ipaddress {192.168.1.220}}
vrrp_instance VI_2 {
state BACKUP
interfaceeth0
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111}
virtual_ipaddress {192.168.1.230}}
# Prepared, the following mainly lists keepalived.conf difference part
vrrp_instance VI_1 {
state BACKUP
interfaceeth0
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111}
virtual_ipaddress {192.168.1.220}}
vrrp_instance VI_2 {
state MASTER
interfaceeth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111}
virtual_ipaddress {192.168.1.230}}
# As can be seen from the above configuration file, a vrrp instance is actually added
# The verification process is slightly
7、 Compile time error No SO_MARK
# If you encounter No SO during compilation_MARK error, as follows
# . /configure
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
...........
checking for nl_socket_alloc in-lnl-3... no
checking for nl_socket_modify_cb in-lnl... no
configure: WARNING: keepalived will be built without libnl support.
checking for kernel version...2.6.18
checking for IPVS syncd support... yes
checking for kernel macvlan support... no
checking whether SO_MARK is declared... no
configure: error: No SO_MARK declaration in headers
# You can increase disable-fwmark parameter to solve
- - disable-fwmark compile without SO_MARK support
Recommended Posts