（转）keepalived 配置

34rfdw

VRRP介绍
　　keepalived是VRRP的完美实现，因此在介绍keepalived之前，先介绍一下VRRP的原理。了解VRRP最好的文档莫过于VRRP的RFC文档(RFC3768)。

[编辑] VRRP协议简介
　　在现实的网络环境中，两台需要通信的主机大多数情况下并没有直接的物理连接。对于这样的情况，它们之间路由怎样选择？主机如何选定到达目的主机的下一跳路由，这个问题通常的解决方法有二种：

• 在主机上使用动态路由协议(RIP、OSPF等)
  
• 在主机上配置静态路由
  

　　很明显，在主机上配置路态路由是非常不切实际的，因为管理、维护成本以及是否支持等诸多问题。配置静态路由就变得十分流行，但路由器(或者说默认网关default gateway)却经常成为单点。
　　VRRP的目的就是为了解决静态路由单点故障问题。
　　VRRP通过一竞选(election)协议来动态的将路由任务交给LAN中虚拟路由器中的某台VRRP路由器。

[编辑] 工作机制
　　在一个VRRP虚拟路由器中，有多台物理的VRRP路由器，但是这多台的物理的机器并不能同时工作，而是由一台称为MASTER的负责路由工作，其 它的都是BACKUP，MASTER并非一成不变，VRRP让每个VRRP路由器参与竞选，最终获胜的就是MASTER。MASTER拥有一些特权，比如 拥有虚拟路由器的IP地址，我们的主机就是用这个IP地址作为静态路由的。拥有特权的MASTER要负责转发发送给网关地址的包和响应ARP请求。
　　VRRP通过竞选协议来实现虚拟路由器的功能，所有的协议报文都是通过IP多播(multicast)包(多播地址 224.0.0.18)形式发送的。虚拟路由器由VRID(范围0-255)和一组IP地址组成，对外表现为一个周知的MAC地址。所以，在一个虚拟路由 器中，不管谁是MASTER，对外都是相同的MAC和IP(称之为VIP)。客户端主机并不需要因为MASTER的改变而修改自己的路由配置，对他们来 说，这种主从的切换是透明的。
　　在一个虚拟路由器中，只有作为MASTER的VRRP路由器会一直发送VRRP广告包(VRRP Advertisement message)，BACKUP不会抢占MASTER，除非它的优先级(priority)更高。当MASTER不可用时(BACKUP收不到广告包)， 多台BACKUP中优先级最高的这台会被抢占为MASTER。这种抢占是非常快速的(<1s)，以保证服务的连续性。
　　由于安全性考虑，VRRP包使用了加密协议进行加密。

[编辑] KEEPALIVED安装
　　安装KEEPALIVED和安装其它开源软件一样，非常的简单:

• 解压进入目录
  
• ./configure
  
• make
  
• make install
  
• cp keepalived/etc/init.d/keepalived.rh.init /etc/init.d/keepalived
  
• chmod +x /etc/init.d/keepalived
  
• cp keepalived/etc/init.d/keepalived.sysconfig /etc/sysconfig/keepalived
  
• chkconfig -add keepalived
  
• chkconfig --level 345 keepalived on
  
• cp /usr/local/sbin/keepalived /bin/
  

　　在configure正确的执行后，可以得到如下的输出：

Keepalived configuration
------------------------
Keepalived version       : 1.1.19
Compiler                 : gcc
Compiler flags           : -g -O2
Extra Lib                : -lpopt -lssl -lcrypto
Use IPVS Framework       : No
IPVS sync daemon support : No
Use VRRP Framework       : Yes
Use Debug flags          : No
　　Use VRRP Framwork VRRP框架，这基本上是必须的，Keepalived的核心进程vrrpd。

[编辑] 启动KEEPALIVED服务

service keepalived start
[编辑] 停止KEEPALIVED服务

service keepalived stop
[编辑] KEEPALIVED配置
　　KEEPALIVED的所有配置在一个配置文件里面配置，支持的配置项也比较多。分为三类：

• 全局配置(Global Configuration)
  
• VRRPD配置
  
• LVS配置
  

　　很明显，全局配置就是对整个keepalived起效的配置，不管是否使用LVS。VRRPD是KEEPALIVED的核心，LVS配置只在要使用KEEPALIVED来配置和管理LVS时需要使用，如果仅用KEEPALIVED来做HA，LVS的配置是完全不需要的。

[编辑] MASTER的配置

! Configuration File for keepalived  
global_defs {
     notification_email {
       nbaloverme@126.com
     }
     notification_email_from nbaloverme@126.com
     smtp_server 127.0.0.1
     smtp_connect_timeout 30
    router_id haproxy-ha
}
vrrp_instance VI_1 {
     state MASTER
     interface eth0
     virtual_router_id 51
     priority 150
     advert_int 1
     authentication {
         auth_type PASS
         auth_pass 1111
     }
     virtual_ipaddress {
         172.16.100.11
     }
}
[编辑] BACKUP的配置

! Configuration File for keepalived
global_defs {
  notification_email {
    nbaloverme@126.com
  }
  notification_email_from nbaloverme@126.com
  smtp_server 127.0.0.1
  smtp_connect_timeout 30
  router_id haproxy-ha
}
vrrp_instance VI_1 {
   state BACKUP
   interface eth0
   virtual_router_id 51
   priority 100
   advert_int 1
   authentication {
       auth_type PASS
       auth_pass 1111
   }
   virtual_ipaddress {
       172.16.100.11
   }
}
[编辑] 日志信息
　　日志信息可通过/var/log/message查看

• 这个是MASTER机keepalived调试信息
  

Nov  5 09:15:44 localhost Keepalived: Starting Keepalived v1.1.19 (11/03,2009)
Nov  5 09:15:44 localhost Keepalived_vrrp: Registering Kernel netlink reflector
Nov  5 09:15:44 localhost Keepalived_vrrp: Registering Kernel netlink command channel
Nov  5 09:15:44 localhost Keepalived_vrrp: Registering gratutious ARP shared channel
Nov  5 09:15:44 localhost Keepalived_vrrp: Opening file '/etc/keepalived/keepalived.conf'.
Nov  5 09:15:44 localhost Keepalived_vrrp: Configuration is using : 62380 Bytes
Nov  5 09:15:44 localhost Keepalived_vrrp: Using LinkWatch kernel netlink reflector...
Nov  5 09:15:44 localhost Keepalived: Starting VRRP child process, pid=18301
Nov  5 09:15:44 localhost Keepalived_vrrp: VRRP sockpool: [ifindex(2), proto(112), fd(9,10)]
Nov  5 09:15:44 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE
Nov  5 09:15:45 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE
Nov  5 09:15:45 localhost Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.
Nov  5 09:15:45 localhost avahi-daemon[11188]: Registering new address record for 172.16.100.11 on  eth0.
Nov  5 09:15:45 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.16.100.11
　　可以看到此机处于MASTER状态

• SLAVE机调试信息
  

Nov  5 21:41:17 localhost Keepalived: Starting Keepalived v1.1.19 (11/05,2009)
Nov  5 21:41:17 localhost Keepalived_vrrp: Registering Kernel netlink reflector
Nov  5 21:41:17 localhost Keepalived_vrrp: Registering Kernel netlink command channel
Nov  5 21:41:17 localhost Keepalived_vrrp: Registering gratutious ARP shared channel
Nov  5 21:41:17 localhost Keepalived_vrrp: Opening file '/etc/keepalived/keepalived.conf'.
Nov  5 21:41:17 localhost Keepalived_vrrp: Configuration is using : 63316 Bytes
Nov  5 21:41:17 localhost Keepalived_vrrp: Using LinkWatch kernel netlink reflector...
Nov  5 21:41:17 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Entering BACKUP STATE
Nov  5 21:41:17 localhost Keepalived_vrrp: VRRP sockpool: [ifindex(6), proto(112), fd(9,10)]
Nov  5 21:41:17 localhost Keepalived: Starting VRRP child process, pid=31263
　　可以看到此机此时处于BACKUP状态
　　
　　

常见错误一：
/var/log/messages has thousands of errors like this:
Jun 28 09:18:32 rust Keepalived_vrrp: receive an invalid ip number count
associated with VRID!
Jun 28 09:18:32 rust Keepalived_vrrp: bogus VRRP packet received on eth0 !!!
Jun 28 09:18:32 rust Keepalived_vrrp: VRRP_Instance(VI_1) Dropping received
VRRP packet...
The backup director starts up, but doesn't listen on the virtual addresses
at all.  Its /var/log/messages has thousands of errors like this:
Jun 28 06:25:05 stye Keepalived_vrrp: receive an invalid ip number count
associated with VRID!
Jun 28 06:25:05 stye Keepalived_vrrp: bogus VRRP packet received on eth0 !!!
Jun 28 06:25:05 stye Keepalived_vrrp: VRRP_Instance(VI_1) ignoring received
advertisment...
解决方法：
改变配置文件/etc/keepalived/keepalived.conf中virtual_router_id为另一个值即可。
（changed the vrid to another number and it worked fine）.