安装 Keepalived
您可以通过两种方式安装 Keepalived :
- 从存储库中安装
- 源代码编译安装(推荐)
当前我的操作系统为 RockyLinux 8.10
-
从存储库中安装
Shell > dnf info keepalived Shell > dnf -y install keepalived安装结束后,以下的文件会比较重要:
/etc/keepalived /etc/keepalived/keepalived.conf /etc/sysconfig/keepalived /usr/bin/genhash /usr/lib/systemd/system/keepalived.service /usr/libexec/keepalived -
源代码编译安装
# 依赖包安装 Shell > dnf -y install wget make gcc openssl openssl-devel libnl3-devel libnl3 tar bzip2 gzip zip xz # 下载源代码并提取全部文件 Shell > wget -c https://keepalived.org/software/keepalived-2.3.2.tar.gz && tar -xvf keepalived-2.3.2.tar.gz -C /usr/local/src/ # 查阅编译选项的帮助信息 Shell > cd /usr/local/src/keepalived-2.3.2 && ./configure --help在编译时,这些编译选项比较重要:
--prefix=DIR– 安装位置--with-init=(upstart|systemd|SYSV|SUSE|openrc)– 初始化类型,一般都是 systemd--with-systemdsystemunitdir=DIR– systemd unit 所在的目录
# 开始编译,\ 表示命令未结束 Shell > cd /usr/local/src/keepalived-2.3.2 && ./configure --prefix=/usr/local/keepalived/ --with-init=systemd \ --with-systemdsystemunitdir=/usr/lib/systemd/system && make && make install编译成功后,这是它的目录树结构:
Shell > tree /usr/local/keepalived/ /usr/local/keepalived/ ├── bin │ └── genhash -> ../sbin/keepalived ├── etc │ ├── keepalived │ │ ├── keepalived.conf.sample │ │ └── samples │ │ ├── keepalived.conf.conditional_conf │ │ ├── keepalived.conf.fwmark │ │ ├── keepalived.conf.HTTP_GET.port │ │ ├── keepalived.conf.inhibit │ │ ├── keepalived.conf.IPv6 │ │ ├── keepalived.conf.misc_check │ │ ├── keepalived.conf.misc_check_arg │ │ ├── keepalived.conf.PING_CHECK │ │ ├── keepalived.conf.quorum │ │ ├── keepalived.conf.sample │ │ ├── keepalived.conf.SMTP_CHECK │ │ ├── keepalived.conf.SSL_GET │ │ ├── keepalived.conf.status_code │ │ ├── keepalived.conf.track_interface │ │ ├── keepalived.conf.UDP_CHECK │ │ ├── keepalived.conf.virtualhost │ │ ├── keepalived.conf.virtual_server_group │ │ ├── keepalived.conf.vrrp │ │ ├── keepalived.conf.vrrp.localcheck │ │ ├── keepalived.conf.vrrp.lvs_syncd │ │ ├── keepalived.conf.vrrp.routes │ │ ├── keepalived.conf.vrrp.rules │ │ ├── keepalived.conf.vrrp.scripts │ │ ├── keepalived.conf.vrrp.static_ipaddress │ │ ├── keepalived.conf.vrrp.sync │ │ ├── sample.misccheck.smbcheck.sh │ │ └── sample_notify_fifo.sh │ └── sysconfig │ └── keepalived ├── sbin │ └── keepalived └── share ├── doc │ └── keepalived │ └── README ├── man │ ├── man1 │ │ └── genhash.1 │ ├── man5 │ │ └── keepalived.conf.5 │ └── man8 │ └── keepalived.8 └── snmp └── mibs Shell > ls -lh /usr/lib/systemd/system/keepalived.service -rw-r--r-- 1 root root 540 Dec 21 21:00 /usr/lib/systemd/system/keepalived.service
配置文件说明
/usr/local/keepalived/etc/keepalived/keepalived.conf.sample 为一个配置文件的样例参考,其由三部分组成:
Shell > vim /usr/local/keepalived/etc/keepalived/keepalived.conf.sample
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.16
192.168.200.17
192.168.200.18
}
# Allow packets addressed to the VIPs above to be received
accept
}
virtual_server 192.168.200.100 443 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.201.100 443 {
weight 1
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
...- GLOBAL CONFIGURATION:全局配置。
- VRRPD CONFIGURATION:VRRPD 配置。具体服务的实例配置,一个
vrrp_instance <STRING> { }就是一个 vrrpd 实例。 - LVS CONFIGURATION:LVS 配置,先略过。
全局配置说明
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}-
notification_email { },定义宕机或切换时邮件的接收者,可以定义多个。一般这种邮件告警机制通过 zabbix 实现。(可选) -
notification_email_from,指定邮件的发送者。(可选) -
smtp_server,定义邮件的 smtp 服务器,smtp 即简单邮件传输协议,默认 tcp 25 端口,加密后使用 tcp 465 端口。(可选) -
smtp_connect_timeout 30,smtp 连接超时时间。(可选) -
router_id,定义 keepalived 的唯一路由标识,一个局域网内,该标识必须 唯一。 -
vrrp_skip_check_adv_addr,master 一直周期性地向 backup 发送 Advertisement 报文,如果 backup 收到的 Advertisement 报文与之前的 Advertisement 报文来自同一个 master,则不会进行检查。 -
vrrp_strict,严格遵守 VRRP 协议(可选)。以下情况不会启动 keepalived:- 没有 VIP
- 单播邻居
- VRRP v2中有 IPV6 地址
-
vrrp_garp_interval 0,在接口上发送免费 ARP 消息(gratuitous ARP messages)之间的延迟,单位为秒,默认0。可以最高支持到毫秒级,例如vrrp_garp_interval 0.001。(可选) -
vrrp_gna_interval 0,在接口上发送未经请求的 NA 消息(unsolicited NA messages)之间的延迟,单位为秒,默认0。可以最高支持到微秒级,例如vrrp_garp_interval vrrp_gna_interval 0.000001。(可选)
VRRPD 配置的说明
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.16
192.168.200.17
192.168.200.18
}
accept
}state MASTER|BACKUP,指定初始状态,具体取决于 优先级。若优先级一样,则依据物理网卡的 IP 地址大小来协商,大的那个 IP 地址会称为 Masterinterface eth0,VRRP 实例绑定的物理网卡virtual_router_id 51,虚拟路由器的唯一标识符,用于区分多个 VRRPD 实例,值范围为 1~255priority 100,前面《Keepalived 01—简述》说过,值范围 0-255(手工能配置的值为 1-254),值越大,优先级越高。官方建议,若要成为 master ,则此值建议比其他机器的值高 50advert_int 1,master 向 backup 发送 Advertisement 报文的间隔,单位为秒authentication { },身份验证方式,auth_type PASS|AH,PASS 表示使用简单密码。auth_pass 1111表示明文密码,最多8个字符。所有机器的身份验证必须都是相同的。若启用了 VRRP 严格遵循(即全局配置中的vrrp_strict),则身份验证会被忽略-
virtual_ipaddress { },表示虚拟ip地址(VIP)列表,一行一个VIP。可以有这样的书写样式:- 10.1.1.5
- 192.168.100.5/24
- 172.16.1.5/24 dev eth1 label eth1:1
LVS 配置的说明
略。
其他未配置的语法以及参数请参阅—— man -l /usr/local/keepalived/share/man/man5/keepalived.conf.5
配置参考
在实际使用时,您可以将 keepalived.conf.sample 另外复制一份并命名为 keepalived.conf。
Master 的配置参考:
global_defs {
router_id VRRP01
vrrp_skip_check_adv_addr
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.3/24
}
}Backup 的配置参考:
global_defs {
router_id VRRP02
vrrp_skip_check_adv_addr
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.3/24
}
}注意点:
router_id <STRING>,必须是不同且唯一的- master 和 backup 的实例名称需要一样,我们这里都是 VI_1
- master 的优先级要比 backup 的优先级高50
- VRID 需要一样,这里都是
virtual_router_id 51 - Master 和 Backup 配置文件的某些项不一致可能会导致高可用的「脑裂」问题
脑裂(split-brain):全称叫「大脑分裂」,如果光从字面意思理解,就是本来的一个完整 "大脑" 被拆分称两个或多个独立的 "大脑",人只有一个大脑外加双手双脚,如果有多个大脑,整个身体系统处于不协调的状态,比如一个大脑发出用这只左手拿这个杯子的指令,另外一个大脑却对右手发出放下杯子的指令。在计算机领域,在一个高可用(HA)的系统中,因为异常情况出现,导致本身联系着的两个节点断开联系,一个整体的系统就分裂为两个独立节点,每个节点都想当 master 节点或角色,形成了某种意义上的小集群或子集群,这将带来争抢资源、系统无法协调甚至无法使用、数据不一致等问题。「脑裂」问题几乎是高可用必须要解决的问题。
配置文件的语法检查
Shell > /usr/local/keepalived/sbin/keepalived -t -f /usr/local/keepalived/etc/keepalived/keepalived.conf
