Shulou(Shulou.com)06/02 Report--

Introduction to keepalived

Keepalive is a highly reliable software, usually deployed on two servers, divided into one master and one standby. Keepalived can detect processes on this machine. Once Master (primary) detects a problem with a process, it switches itself to Backup (secondary) state, and then notifies another node to switch to Master (primary) state.

Https://www.keepalived.org/download.html

Http://nginx.org/en/download.html# unzipped keepalived to / usr/local directory tar-zxvf keepalived-2.0.11.tar.gz-C / usr/local to / usr/local/keepalived-2.0.11 directory

Cd / usr/local/keepalived-2.0.11

Start configure

. / configure-- prefix=/usr/local/keepalived

# compile and install

Make & & make install

The following message indicates that the Keepalived configuration was compiled successfully

Keepalived version: 2.0.11

Compiler: gcc

Preprocessor flags:

Compiler flags:-Wall-Wunused-Wstrict-prototypes-Wextra-Winit-self-g-D_GNU_SOURCE-fPIE-Wformat-Werror=format-security-Wp,-D_FORTIFY_SOURCE=2-fexceptions-fstack-protector-strong-- param=ssp-buffer-size=4-grecord-gcc-switches-O2

Linker flags:-pie

Extra Lib:-lcrypto-lssl-lnl

Use IPVS Framework: Yes

IPVS use libnl: Yes

IPVS syncd attributes: No

IPVS 64 bit stats: No

HTTP_GET regex support: No

Fwmark socket support: Yes

Use VRRP Framework: Yes

Use VRRP VMAC: Yes

Use VRRP authentication: Yes

With ip rules/routes: Yes

Use BFD Framework: No

SNMP vrrp support: No

SNMP checker support: No

SNMP RFCv2 support: No

SNMP RFCv3 support: No

DBUS support: No

SHA1 support: No

Use JSON output: No

Libnl version: 1

Use IPv4 devconf: No

Use iptables: Yes

Use libiptc: No

Use libipset: No

Use nftables: No

Init type: systemd

Strict config checks: No

Build genhash: Yes

Build documentation: No

Problems that may arise in compiling * WARNING-this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS. Execute the yum command yum-y install libnl libnl-devel to resolve the above warning problem yum-y install libnl libnl-devel

Configure: error: in / usr/local/keepalived-2.0.11':configure: error: no acceptable C compiler found in $PATHSeeconfig.log' for more details

Yum install gcc

Configure: error:

!!! OpenSSL is not properly installed on your system. !!!

!!! Can not include OpenSSL headers files. !!!

[root@dajia keepalived-2.0.11] #

After the yum-y install openssl-devel installation is complete, re-execute configure... Command to add keepalived to system service path description / usr/local/keepalived-2.0.10 decompressed source code storage path / usr/local/keepalived installation directory # copy execution file cp / usr/local/keepalived/sbin/keepalived / usr/sbin/# copy the initialization script to cp / usr/local/keepalived-2.0.10/keepalived/etc/init.d/keepalived / etc/ under the system initialization directory Init.d/# copies keepalived configuration file to cp / usr/local/keepalived-2.0.10/keepalived/etc/sysconfig/keepalived / etc/sysconfig/# under etc to create keepalived folder mkdir / etc/keepalived/# copies keepalived configuration file to cp / usr/local/keepalived-2.0.10/keepalived/etc/keepalived/keepalived.conf / etc/keepalived/# under etc to add executable permissions chmod + x / etc/init.d/keepalived# Add keepalived to boot chkconfig-add keepalivedchkconfig keepalived on has joined the system service at this time can start using services # start service keepalived start# stop service keepalived stop# restart service keepalived restart# check startup ps-aux | grep keepalived configuration keepalived virtual IP modify the configuration file just added to the system: vi / etc/keepalived/keepalived.conf Note is the system configuration file (/ etc/keepalived/keepalived.conf) Note is the system configuration document Note that the configuration file (/ etc/keepalived/keepalived.conf) of the system is not the installation directory / usr/local... Under

Vrrp_instance VI_1 {

State MASTER / / MASTER primary node, standby node set to state BACKUP

Interface ens33 / / the two nodes of the network card bound to the virtual machine IP are the same as the corresponding network card address according to the ipaddr

Virtual_router_id 51 / / VRRP group name, the settings of primary and secondary nodes must be the same, indicating that each node belongs to the same VRRP group, and the nodes of the same group compete with each other for IP

Priority 100 / / priority (between 1 and 254), the standby node must have a lower priority than the primary node

Advert_int 1 / / Multicast message sending interval, the settings of the two nodes must be the same

Authentication {/ / sets the authentication information. The settings of the two nodes must be the same, which is used for encryption when forwarding information between nodes.

Auth_type PASS

Auth_pass 1111

}

Virtual_ipaddress {/ / Virtual IP the settings of two nodes must be the same, and the two nodes grab an io at the same time.

192.168.33.60 ip 24 / / if the ip of the two nginx is 192.168.33.61, respectively, then the virtual ip here can represent the subnet mask of three 255s on the same network segment as the two.

}

}

If you want to ping 192.168.33.60, you also need to comment out the # vrrp_strict problem in the configuration file. Both the master and backup have grabbed the virtual ip using tcpdump to grab the packet location problem. The following is the packet capture result of the master node of 192.168.93.141 tcpdump-I ens33 vrrp-n! [] (https://cache.yisu.com/upload/information/20200309/28/9034.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90, Type_ZmFuZ3poZW5naGVpdGk=) the following is the packet capture result tcpdump-I ens33 vrrp-n! [] of the slave node at 10.11.4.187 (https://cache.yisu.com/upload/information/20200309/28/9036.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) can be seen from the figure above. The two IP of 192.168.93.140 and 192.168.93.141 are sending multicast signals in turn. Normally, the MASTER server should send multicast. If the BACKUP does not receive the multicast signal of the MASTER, then it is determined that the MASTER is down, and the BACKUP will take over the VIP problem. The firewall prevents the vrrp group packet from sending. If it is the Firewalld firewall, the master and standby run the following command.

[root@dajia sysconfig] # firewall-cmd-direct-permanent-add-rule ipv4 filter INPUT 0-protocol vrrp-j ACCEPT

Success

[root@dajia sysconfig] # firewall-cmd-- reload

Success

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.