VRRP安装配置实做笔记
1.下载keepalived的源码 官方网站http://www.keepalived.org 直接链接:http://www.keepalived.org/software/keepalived-1.1.12.tar.gz
2.将下载的源码复制到/usr/src,解压缩
cp keepalived-1.1.12.tar.gz /usr/src
cd /usr/src
tar xvzf keepalived-1.1.12.tar.gz
cd keepalived-1.1.12
3.生成编译配置文件
./configure (默认安装到/usr/local,可以使用--prefix=参数指定安装目录)
make
make install
安装程序会复制下列文件和配置:
* keepalived : keepalived守护程序
* genhash : MD5生成器
* /etc/keepalived/keepalived.conf keepalived配置文件
=======
注意在Redhat 9中会报下面的错误:
> checking openssl/ssl.h usability... no
> checking openssl/ssl.h presence... no
> checking for openssl/ssl.h... no
> configure: error:
> !!! OpenSSL is not properly installed on your system. !!!
> !!! Can not include OpenSSL headers files. !!!
其实这个问题与openssl没有关系,是因为Kerberos include文件的位置的问题。 使用以下方法解决:
在/etc/profile文件中增加 : export CPPFLAGS=-I/usr/kerberos/include
然后:
1.) export CPPFLAGS=-I/usr/kerberos/include
2.) make clean
(或者删掉整个源码目录,重新解压)
3.) 重新编译
4.编辑master的配置文件,/usr/local/etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER #(主机为MASTER,备用机为BACKUP)
interface eth0 #(HA监测网络接口)
track_interface { #其他要监测状态的接口
eth1
}
virtual_router_id 51 #(主、备机的virtual_router_id必须相同)
priority 500 #(主、备机取不同的优先级,主机值较大,备份机值较小,值越大优先级越高)
advert_int 1 #(VRRP Multicast广播周期秒数)
authentication {
auth_type PASS #(VRRP认证方式)
auth_pass 1111 #(VRRP口令字)
}
virtual_ipaddress {
192.168.3.3 #(VRRP HA虚拟地址)
}
}
6.编辑backup上的配置文件,/usr/local/etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
track_interface { # Interfaces state we monitor
eth1
}
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.3.3
}
}
track_interface的意思是将Linux中你想监控的网络接口卡监控起来,当其中的一块出现故障是keepalived都将视为路由器出现故障。
- 分别在两台机器上启用Multicast路由,注意这步很重要!!!
route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0
8.在master和backup上启动keepalived
/usr/local/keepalived/sbin/keepalived –D –f /usr/local/keepalived/etc/keepalived/keepalived.conf
在启动Master上的keepalived之前,我们先看一下Master上eth0的情况:
--------------------------------------------------------------
# ip add show eth0
8: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:4c:3a:d7:25 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.1/24 brd 192.168.3.255 scope global eth1
inet6 fe80::2e0:4cff:fe3a:d725/64 scope link
--------------------------------------------------------------
我们看到只有一个IP地址:192.168.3.1/24,现在我们启动Master上的keepalived
#/usr/local/keepalived/sbin/keepalived –D –f /usr/local/keepalived/etc/keepalived/keepalived.conf
现在我们再看一下Master上eth0的情况:
--------------------------------------------------------------
# ip add show eth0
8: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:4c:3a:d7:25 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.1/24 brd 192.168.3.255 scope global eth1
inet 192.168.3.3/32 scope global eth1
inet6 fe80::2e0:4cff:fe3a:d725/64 scope link
---------------------------------------------------------------
我们看到有两个IP地址,其中一个就是V-Gate:192.168.3.3/32
用同样的方法启动Backup上的keepalived
#/usr/local/keepalived/sbin/keepalived –D –f /usr/local/keepalived/etc/keepalived/keepalived.conf
这样,当Master失效时,Backup就会通过MultiCast地址:224.0.0.18这个组播地址,获得这个消息,并将192.168.3.3这个地址接管过来。