KeepAlived 部署

安装：KeepAlived

1. 查看IPVS模块是否已经编译到内核中

cat /boot/config-`uname -r` |grep -i ipvs
# IPVS transport protocol load balancing support
# IPVS scheduler
# IPVS application helper

modprobe -l |grep ipvs

kernel/net/netfilter/ipvs/ip_vs.ko
kernel/net/netfilter/ipvs/ip_vs_rr.ko
kernel/net/netfilter/ipvs/ip_vs_wrr.ko
kernel/net/netfilter/ipvs/ip_vs_lc.ko
kernel/net/netfilter/ipvs/ip_vs_wlc.ko
kernel/net/netfilter/ipvs/ip_vs_lblc.ko
kernel/net/netfilter/ipvs/ip_vs_lblcr.ko
kernel/net/netfilter/ipvs/ip_vs_dh.ko
kernel/net/netfilter/ipvs/ip_vs_sh.ko
kernel/net/netfilter/ipvs/ip_vs_sed.ko
kernel/net/netfilter/ipvs/ip_vs_nq.ko
kernel/net/netfilter/ipvs/ip_vs_ftp.ko
kernel/net/netfilter/ipvs/ip_vs_pe_sip.ko

2. 安装keepalived的依赖组件
   安装依赖组件

yum install gcc openssl openssl-devel popt popt-devel libnl libnl-devel -y

安装ipvsadm组件，它是keepalived的基础

yum install -y ipvsadm

查看ipvsadm当前的规则（默认为空）

ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

3. 安装keepalived

tar -axf keepalived-1.2.16.tar.gz
cd keepalived-1.2.16
\##默认情况下，keepalived主体文件会编译安装在/usr/local/etc/keepalived/目录中。
./configure
make
make install
find / -path "/root" -prune -o -name keep\*
……
/usr/local/etc/keepalived/keepalived.conf           ##这是keepalived主体配置文件
/usr/local/etc/sysconfig/keepalived                 ##这是keepalived选项配置文件
/usr/local/etc/rc.d/init.d/keepalived               ##这是keepalived服务启动脚本。
/usr/local/share/man/man5/keepalived.conf.5
/usr/local/share/man/man8/keepalived.8
/usr/local/sbin/keepalived                      ##这是keepalived命令文件
/usr/share/selinux/targeted/keepalived.pp.bz2
……
mkdir /etc/keepalived
## 备份keepalived主体配置文件
test -f /usr/local/etc/keepalived/keepalived.conf.bak || cp /usr/local/etc/keepalived/keepalived.conf /usr/local/etc/keepalived/keepalived.conf.bak
## 在/etc/keepalived/目录中，创建keepalived主体配置文件的链接文件
ln -s /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
## 在/etc/sysconfig/目录中，创建keepalived选项配置文件的链接文件
ln -s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/keepalived
## 在/sbin/目录中，创建keepalived命令文件的链接文件，方便系统通过默认的PATH路径来检索执行该命令
ln -s /usr/local/sbin/keepalived /sbin/keepalived
## 将keepalived服务启动脚本复制到开机启动脚本目录中
cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/keepalived
## 赋予keepalived服务开机启动脚本的可执行权限
chmod +x /etc/rc.d/init.d/keepalived
4. 启动keepalived服务
chkconfig keepalived on         ##设置keepalived服务开机自启动。
service keepalived start            ##启动keepalived服务。
ps aux| grep keepalived |grep -v grep
root       3361  0.0  0.1  44480  1036 ?        Ss   10:27   0:00 keepalived -D
root       3363  0.1  0.2  48784  2420 ?        S    10:27   0:00 keepalived -D
root       3364  0.1  0.1  48656  1652 ?        S    10:27   0:00 keepalived -D
创建KeepAlived高可用HA主备切换
1. 创建：HAproxy健康检测脚本
cat > /etc/keepalived/check_haproxy.sh <

配置：keepalived

1. 暂时关闭：iptables防火墙

service iptables stop

2. 配置：keepalived配置文件 server01

cat > /etc/keepalived/keepalived.conf <
vrrp_script check_haproxy {
       script "/etc/keepalived/check_haproxy.sh"
       interval 2
}
## 定义：故障转移组
vrrp_sync_group G1 {
  group {
    WAN
  }
}
vrrp_instance WAN {
    ## 定义：实例角色 
    state MASTER    
    ## 定义：承载VIP地址的物理接口
    interface eth0
    ## 定义：VIP的MAC地址中的vrrp值，（两个节点必须一致）
    virtual_router_id 51
    ## 定义：ARRP组播地址的<源IP地址>，即：心跳检测
    ##mcast_src_ip 192.168.10.9
    ## 定义：ARRP单播<源IP地址>，即：心跳检测
    unicast_src_ip 192.168.10.8
    ## 定义：ARRP单播<一个或多个目标IP地址>，即：心跳检测
    unicast_peer {
         192.168.10.9
    }
    ## 定义：优先级的初始值
    priority 100
    ## 定义：VRRP通知报文的时间间隔
    advert_int 1
    ## 设置：验证信息（两个节点必须一致）
    authentication {
        auth_type PASS
        auth_pass a123456!
    }
    ## 定义：本实例KeepAlived的VIP虚拟IP地址（两个节点必须一致）
    virtual_ipaddress {
        192.168.10.100/24 dev eth0 scope global
    }
    ## 定义：需要监控的网卡（可以包含额外的网卡）
    ## 注意：测试网卡故障转移时，必须彻底的断开网卡
    track_interface {
        eth0
        eth1
    }
    ## 定义：需要监控的<健康检测配置段>
    track_script {
        check_haproxy
    }
}
EOF
cat /etc/keepalived/keepalived.conf
service keepalived restart

3. 配置：keepalived配置文件 server02

cat > /etc/keepalived/keepalived.conf <
vrrp_script check_haproxy {
       script "/etc/keepalived/check_haproxy.sh"
       interval 2
}
## 定义：故障转移组
vrrp_sync_group G1 {
  group {
    WAN
  }
}
vrrp_instance WAN {
    ## 定义：实例角色
    state BACKUP    
    ## 定义：承载VIP地址的物理接口
    interface eth0
    ## 定义：VIP的MAC地址中的vrrp值，（两个节点必须一致）
    virtual_router_id 51
    ## 定义：ARRP组播地址的<源IP地址>，即：心跳检测
    ##mcast_src_ip 192.168.10.9
    ## 定义：ARRP单播<源IP地址>，即：心跳检测
    unicast_src_ip 192.168.10.9
    ## 定义：ARRP单播<一个或多个目标IP地址>，即：心跳检测
    unicast_peer {
         192.168.10.8
    }
    ## 定义：优先级的初始值
    priority 50
    ## 定义：VRRP通知报文的时间间隔
    advert_int 1
    ## 设置：验证信息（两个节点必须一致）
    authentication {
        auth_type PASS
        auth_pass a123456!
    }
    ## 定义：本实例KeepAlived的VIP虚拟IP地址（两个节点必须一致）
    virtual_ipaddress {
        192.168.10.100/24 dev eth0 scope global
    }
    ## 定义：需要监控的网卡（可以包含额外的网卡）
    ## 注意：测试网卡故障转移时，必须彻底的断开网卡
    track_interface {
        eth0
        eth1
    }
    ## 定义：需要监控的<健康检测配置段>
    track_script {
        check_haproxy
    }
}
EOF
cat /etc/keepalived/keepalived.conf
service keepalived restart

4. 检测vip绑定：

ip add show eth0

5. 防火墙

service iptables restart
iptables -D INPUT -p vrrp -j ACCEPT
iptables -I INPUT -p vrrp -j ACCEPT
service iptables save

测试

1. 检测vip绑定：

ip add show eth0
service keepalived stop
service keepalived status
service haproxy stop
service haproxy status

2. 检测心跳信息（VRRP数据包）：

tcpdump -p vrrp -n -i eth0

服务

service keepalived restart
service keepalived stop