keepalive(1).jpg
编译环境:centos7.9
依赖安装:

yum install curl gcc openssl-devel libnl3-devel net-snmp-devel

离线安装:

yum localinstall *.rpm -y

下载解压:
也可以使用:curl -o keepalived-2.2.7.tar.gz https://keepalived.org/software/keepalived-2.2.7.tar.gz 下载到本地

curl —progress https://keepalived.org/software/keepalived-2.2.7.tar.gz | tar xz
cd keepalived-2.2.7
./configure —prefix=/usr/local/keepalived-2.2.7 —with-init=systemd
make
make install

配置:

cd /usr/local/keepalived-2.2.7/etc/keepalived/
cp keepalived.conf.sample keepalived.conf
cd /usr/local/keepalived-2.2.7/etc/sysconfig/
sed -i ‘s@KEEPALIVED_OPTIONS=.*@KEEPALIVED_OPTIONS=”-f /usr/local/keepalived-2.2.7/etc/keepalived/keepalived.conf -D -S 0”@’ keepalived

查看日志:tail -f /var/log/messages
修改配置文件:keepalived.conf
查看:/etc/sysconfig/network-scripts下的本地网卡名称或使用ifconfig
离线安装打包编译keepalived-2.2.7 - 图2
修改:将etho改为上一步查询到的网卡名称
离线安装打包编译keepalived-2.2.7 - 图3
state:MASTER(主节点)、BACKUP(备份节点)
priority: 优先级数字越大节点将依次进行选举
设置软连接:ln -s /etc/rc.d/init.d/keepalived.init /etc/rc.d/rc3.d/S99keepalived
设置开机启动:systemctl enable keepalived
启动服务:systemctl start keepalived
卸载:make uninstall
清除编译:make clean
清除编译及configure:make distclean
建立备忘录:

cd /usr/local/keepalived-2.2.7
cat >>README <1、启动服务在/usr/lib/systemd/system/keepalived.service,并设置了开机启动
2、修改日志文件存放位置/var/log/keepalived/keepalived.log
echo ‘local0.* /var/log/keepalived/keepalived.log’ >>/etc/rsyslog.conf
eof

rpm-build
安装构建工具
yum install rpm-build
安装构建依赖
yum install autoconf automake kmod-devel pcre2-devel glib2-devel
配置:

  1. ./configure --with-init=systemd --enable-snmp-checker --enable-snmp --enable-snmp-vrrp --enable-bfd --enable-snmp-rfc --enable-snmp-rfcv2 --enable-snmp-rfcv3 --enable-dbus --enable-sha1 --enable-regex --enable-regex-timers --enable-dependency-tracking --enable-json --enable-stacktrace --enable-dump-threads --enable-select-debug --enable-regex-debug --enable-tsm-debug --enable-strict-config-checks

修改:keepalived.spec文件,从2.2.4起,打包文件中keepalived.conf变更为keepalived.conf.sample
image.png
image.png
不知道什么原因,我的报libkmod缺少,我已经安装了kmod-devel,无法打包,索性注释掉
image.png
注意需要先:make rpm之后再改keepalived.spec文件
image.png
打包完成。
卸载Keepalived:

  1. rpm -qa|grep keepalived
  2. rpm -e keepalived-2.2.7-1.el7.x86_64

查找遗留文件:

  1. find / -iname keepalived

删除遗留文件:

  1. rm -rf /etc/keepalived
  2. rm -rf 其他文件

错误处理:Can’t open PID file /var/run/keepalived.pid
可能有进程引用文件,关闭关联进程:

  1. systemctl stop keepalived
  2. pkill keepalived

查询是否漂移:

  1. ip addr|grep 192.168.2.16

最基本配置:

  1. ! Configuration File for keepalived
  3. global_defs {
  4.    notification_email {
  5.      acassen@firewall.loc
  6.      failover@firewall.loc
  7.      sysadmin@firewall.loc
  8.    }
  9.    notification_email_from Alexandre.Cassen@firewall.loc
  10.    smtp_server 192.168.200.1
  11.    smtp_connect_timeout 30
  12.    router_id LVS_DEVEL_108
  13.    vrrp_skip_check_adv_addr
  14.    vrrp_strict
  15.    vrrp_garp_interval 0
  16.    vrrp_gna_interval 0
  17. }
  19. vrrp_instance VI_1 {
  20.     state BACKUP
  21.     interface ens192
  22.     virtual_router_id 51
  23.     priority 100
  24.     advert_int 1
  25.     authentication {
  26.         auth_type PASS
  27.         auth_pass 1111
  28.     }
  29.     virtual_ipaddress {
  30.         192.168.2.16
  31.     }
  32. }

主备模式:state都配置为BACKUP,方式主节点恢复后ip漂移。
global_defs->router_id:网络中要保持唯一性,一般选用主机名。
vrrp_instance->virtual_router_id:主备节点要保持一致。
检测脚本:

  1. #!/bin/bash
  2. pidof nginx
  3. if [ $? -ne 0 ];then
  4.     systemctl start nginx
  5.     sleep 2
  6.     pidof nginx
  7.     if [ $? -ne 0 ]; then
  8.         systemctl stop keepalived
  9.     fi
  10. fi

防火墙配置:

  1. firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
  2. firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
  3. firewall-cmd --reload

查看配置的规则


firewall-cmd —direct —get-rules ipv4 filter INPUT
firewall-cmd —direct —get-rules ipv4 filter OUTPUT