Suse Linux Server上源碼安裝Keepalived HA
提示:請先閱讀一遍再進行操作,因為文檔是邊操作邊寫的,過程中有一些坑,先閱讀一遍,可以避開
一:安裝
**注:**如果的鏡像源可以直接使用就忽略環境準備環節,直接使用源安裝依賴sudo zypper in libnl3 libnl3-devel
環境準備【如果已有可以忽略】在執行Keepalived配置的時候會有提示
執行:./configure --prefix=/usr/local/keepalived
參考提示:*** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.
1.原始機器确實libnl-3包的依賴: libnl/libnl-3 dev
2. 擷取依賴包:wget http://www.infradead.org/~tgr/libnl/files/libnl-3.2.25.tar.gz
3. 解壓依賴包并編譯安裝:
<1>: tar -zxvf libnl-3.2.25.tar.gz
<2>: cd libnl-3.2.25
<3>: ./configure --prefix=/usr \
--sysconfdir=/etc \
--disable-static && make
<4>: sudo make install
安裝完成後還是有問題,還是上面的提示,接着安裝:libnl 和 libnl3-devel 這兩個依賴
官方提示:對1.1.x版本的支援有限,隻能根據要求提供後端端口。 不要開發基于libnl1的新應用程式,并考慮将應用程式移植到libnl3
- 這一步可能沒必要【如果不好使請補上這一步】:
<1>: wget https://github.com/thom311/libnl/releases/download/libnl3_5_0/libnl-3.5.0.tar.gz
<2>: tar -zxvf libnl-3.5.0.tar.gz -C ~
<3>: cd libnl-3.5.0/
<4>: ./configure --prefix=/usr \
--sysconfdir=/etc \
--disable-static && make
<5>: sudo make install
- 依次安裝依賴【依賴有先後順序】:
- libnl-config依賴
<1>: wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/plater/Leap_15.1/noarch/libnl-config-3.4-lp151.80.4.noarch.rpm
# 如果直接執行安裝就會報如下錯誤:sudo rpm -ivh libnl-config-3.4-lp151.80.4.noarch.rpm
# 使用zyppera安裝也會報錯:sudo zypper in libnl-config-3.4-lp151.80.4.noarch.rpm
# warning: libnl-config-3.4-lp151.80.4.noarch.rpm: Header V3 RSA/SHA256 Signature, key # ID 9e79112d: NOKEY
# Preparing... ################################# [100%]
# file /etc/libnl/classid from install of libnl-config-3.4-lp151.80.4.noarch # conflicts with file from package libnl-config-3.2.23-2.21.noarch
# file /etc/libnl/pktloc from install of libnl-config-3.4-lp151.80.4.noarch # conflicts with file from package libnl-config-3.2.23-2.21.noarch
# 檔案有沖突,因為這個包已經安裝過了,隻是版本低而已
# 是以如果系統已經安裝了【隻是版本較低】隻需要更新即可,如果原機器沒有安裝,這個指令同樣可以安裝而不是更新
<2>: sudo rpm -Uvh libnl-config-3.4-lp151.80.4.noarch.rpm
- libnl3-200依賴
<1>: wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home%3A/plater/Leap_15.1/x86_64/libnl3-200-3.4-lp151.80.4.x86_64.rpm
<2>: sudo rpm -Uvh libnl3-200-3.4-lp151.80.4.x86_64.rpm
- libnl3-devel依賴
<1>: wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home%3A/plater/Leap_15.1/x86_64/libnl3-devel-3.4-lp151.80.4.x86_64.rpm
<2>: sudo rpm -Uvh libnl3-devel-3.4-lp151.80.4.x86_64.rpm
- 依賴安裝完後,開始安裝Keepalived
<1>: cd keepalived-2.0.18
<2>: ./configure --prefix=/usr/local/keepalived # 指定安裝目錄
<3>: make
<4>: sudo make install
- 注冊為系統服務:
<1>: sudo cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
在源檔案的目錄[注意:是解壓檔案的目錄,不是安裝檔案的目錄,安裝檔案的目錄沒有etc/init.d這個目錄存在]下有兩個個快捷啟動檔案一個是【解壓目錄keepalived/etc/init.d/keepalived檔案】和【解壓目錄keepalived/etc/sysconfig/keepalived檔案[這個檔案和安裝目錄的一樣,拷貝那個都行]】下一個keepalived.conf配置檔案需要複制,具體執行如下指令:
拷貝解壓目錄的這個檔案到系統的/etc/init.d目錄下:
<2>: sudo cp /home/vi030241/keepalived-2.0.18/keepalived/etc/init.d/keepalived /etc/init.d/
<3>: sudo cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
# 或者,這兩個檔案一樣
sudo cp /home/vi030241/keepalived-2.0.18/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
建立系統的keepalived.conf配置檔案目錄,然後拷貝配置檔案到這個目錄中
<4>: sudo mkdir /etc/keepalived/
<5>: sudo cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
到此Keepalived的安裝就算完成了,接下來就是修改配置檔案【兩台機器安裝操作類似】
二:配置
- 修改/etc/keepalived/keepalived.conf配置檔案
MASTER:
! Configuration File for keepalived
global_defs {
notification_email {
[email protected] #下面幾行均為全局通知配置,可以實作出現問題後報警,但功能有限,是以注釋掉,并采用Nagios監視lvs運作情況
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id cc_monitor_HA # 這種唯一ID,主備相同,在一個網絡内應該是唯一的
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 { # 設定vrrp組,唯一且同一LVS伺服器組要相同
state BACKUP # 設定為非搶占模式,兩個節點都必須設定為BACKUP,通過priority參數來确定MASTER
interface eth0 # 設定對外服務的接口
virtual_router_id 51 #設定虛拟路由辨別
priority 150 # MASTER的值至少大于BACKUP 50個點以上
advert_int 1 # 設定同步時間間隔
nopreempt # 設定為非搶占模式,而且隻在MASTER一側設定,BACKUP不能設定【參考官網對改屬性的說明】
authentication { # 設定驗證類型和密碼,master和buckup一定要設定一樣
auth_type PASS
auth_pass 1qaz!QAZ...
}
virtual_ipaddress {
10.188.146.XXX # 虛拟IP,自己機器試驗的同一網段即可,因為是客戶機器,本IP可能是客戶提供、可以多個,每個占一行
}
}
# 配置LVS的,如果配了,啟動會報下面的截圖的錯誤,不是配置的問題,是機器本身的原因
#virtual_server 10.188.XXX.YYY 8090 {
# delay_loop 3 # 健康檢查時間間隔,機關s
# 1:輪叫排程(Round-Robin Scheduling)
# 2: 權重輪叫排程(Weighted Round-Robin Scheduling)
# 3:最小連接配接排程(Least-Connection Scheduling)
# 4:權重最小連接配接排程(Weighted Least-Connection Scheduling)
# 5:基于局部性的最少連結(Locality-Based Least Connections Scheduling)
# 6:帶複制的基于局部性最少連結(Locality-Based Least Connections with Replication Scheduling)
# 7:目标位址散列排程(Destination Hashing Scheduling)
# 8:源位址散列排程(Source Hashing Scheduling)
# 9:最短預期延時排程(Shortest Expected Delay Scheduling)
# 10:不排隊排程(Never Queue Scheduling)
# 對應: rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq
# lb_algo wrr # 負載均衡排程算法設定為權重輪叫、預設是輪詢rr
# lb_kind NAT # 負載均衡轉發規則
# nat_mask 255.255.255.0 # 網絡掩碼,DR轉發規則模式要保障真實伺服器和lvs在同一網段
# persistence_timeout 50 # 會話保持時間,機關s
# protocol TCP # 協定
#
# real_server 10.188.XXX.YYY 8090 { # 真實伺服器配置,8090表示端口
# weight 3 # 權重
# HTTP_GET {
# url {
# path /
# digest 640205b7b0fc66c1ea91c463fac6334d
# }
# url {
# path /testurl2/test.jsp
# digest 640205b7b0fc66c1ea91c463fac6334d
# }
# url {
# path /testurl3/test.jsp
# digest 640205b7b0fc66c1ea91c463fac6334d
# }
# connect_timeout 3
# retry 3
# delay_before_retry 3
# }
# }
#
# real_server可以配置多個
# real_server 10.188.XXX.YYY 8090 {
# weight 1
# 舉例說明
# eg1:
# TCP_CHECK { # 伺服器檢測方式設定 keepalived的健康檢查方式 有:HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK
# connect_timeout 5 # 連接配接逾時時間
# nb_get_retry 3 # 失敗重試次數
# delay_before_retry 3 # 失敗重試的間隔時間
# connect_port 8090 # 連接配接的後端端口
}
# eg2:
# HTTP_GET {
# url {
# path /
# digest 640205b7b0fc66c1ea91c463fac6334d
# }
# url {
# path /testurl2/test.jsp
# digest 640205b7b0fc66c1ea91c463fac6334d
# }
# url {
# path /testurl3/test.jsp
# digest 640205b7b0fc66c1ea91c463fac6334d
# }
# connect_timeout 3
# retry 3
# delay_before_retry 3
# }
# }
#}
BACKUP:
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id cc_monitor_HA # 參考上面的說明
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP # 參考上面的說明
interface eth0
virtual_router_id 51
priority 99 # 參考上面的說明
advert_int 1
authentication {
auth_type PASS
auth_pass 1qaz!QAZ...
}
virtual_ipaddress {
10.188.146.254 # 參考上面的說明
}
}
#virtual_server 10.188.XXX.YYY 8090 {
# delay_loop 3
# lb_algo rr
# lb_kind NAT
# persistence_timeout 50
# protocol TCP
#
# real_server 10.188.XXX.YYY 8090 {
# weight 3
# TCP_CHECK { # 伺服器檢測方式設定 keepalived的健康檢查方式 有:HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK
# connect_timeout 5 # 連接配接逾時時間
# nb_get_retry 3 # 失敗重試次數
# delay_before_retry 3 # 失敗重試的間隔時間
# connect_port 8090 # 連接配接的後端端口
}
# HTTP_GET {
# url {
# path /
# digest 640205b7b0fc66c1ea91c463fac6334d
# }
# url {
# path /testurl2/test.jsp
# digest 640205b7b0fc66c1ea91c463fac6334d
# }
# url {
# path /testurl3/test.jsp
# digest 640205b7b0fc66c1ea91c463fac6334d
# }
# connect_timeout 3
# retry 3
# delay_before_retry 3
# }
# }
#
# real_server 10.188.XXX.YYY 8090 {
# weight 1
# HTTP_GET {
# url {
# path /
# digest 640205b7b0fc66c1ea91c463fac6334d
# }
# url {
# path /testurl2/test.jsp
# digest 640205b7b0fc66c1ea91c463fac6334d
# }
# url {
# path /testurl3/test.jsp
# digest 640205b7b0fc66c1ea91c463fac6334d
# }
# connect_timeout 3
# retry 3
# delay_before_retry 3
# }
# }
#}
更多配置參數及配置參數的意思參考官方文檔
wget ftp://ftp.pbone.net/mirror/ftp.opensuse.org/distribution/leap/15.1/repo/oss/x86_64/ipvsadm-1.29-lp151.3.3.x86_64.rpm
如何上來就把LVS配上,啟動Keepalived的時候就報下面的錯誤【伺服器的原因,沒有IPVS子產品,這裡不管,因為這裡不需要配置LVS,是以上面被注釋的配置不用打開,這樣就沒有問題】
-
注釋掉上面LVS的配置後就可以正常啟動了
啟動後優先級設定得高的通過競選成為MASTER,另外一台則就是BACKUP
可以通過sudo less /var/log/messages日志檔案檢視到,這裡就不截圖了
同時可以使用: ip add show 來檢視VIP的飄移綁定情況
-
測試殺死MASTER,檢視BACKUP是否會接管成為MASTER,然後啟動MASTER,看是否會搶占
sudo pkill keepalived 然後檢視日志 sudo less /var/log/messages 并檢視BACKUP的VIP綁定 ip add show
然後重新啟動殺死的MASTER sudo /usr/sbin/keepalived 然後檢視日志,看VIP綁定情況
- 接下來解釋一下非搶占模式:意思是Keepalived也有可能挂掉的可能,那麼假設MASTER挂掉隻會,BACKUP會切換為MASTER,那麼當挂掉的這個MASTER修好後,又啟動了,此時接管BACKUP已經是MASTER了,那麼他是繼續當MASTER還是交出管理權給修改的機器,主動變成BACKUP?那就和剛剛上面設定的nopreempt參數有個了,如果設定了就不強占,修好的主動成為BACKUP,即使他的優先級高,這是也沒用,接管的還是MASTER,這樣可以提升性能,如果經常的切換是耗性能的,如果是BACKUP機器挂掉了就沒這個現象,因為他本身就不是MASTER