1

KEEPALIVED %H

Keepalived: The Definitive Guide

Šöµ FinalBSD(Kevin Kuang) ooÊcn

www.sanotes.net
 3

Kevin Kuang Pk‡

c 2009 ±9Ö¤ku1‡"3¤k|"
ù°©´¤¶3gd^‡|„…Ù GNU Ï^чNŒy^±e§
\Œ±2‡½ö?U§"NŒyŒ±´1‡§½ö?Û U‡£‘\¿¤"
 8¹

1 VRRP 1
1.1 VRRPÆ{0 . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 óŠÅ› . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2 KEEPALIVED 3
2.1 KeepalivedOÚ¢y . . . . . . . . . . . . . . . . . . . . . 3
2.1.1 õ?§ª . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.2 ››¡† . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.3 WatchDog . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.4 IPVSµC . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2 KeepAlivedSC . . . . . . . . . . . . . . . . . . . . . . . . 5
2.3 KeepAlived˜) . . . . . . . . . . . . . . . . . . . . . . . 6
2.3.1 Û˜ . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.3.2 VRRPD˜ . . . . . . . . . . . . . . . . . . . . . . . 8
2.3.3 LVS˜ . . . . . . . . . . . . . . . . . . . . . . . . . . 11

3 A^¢~ 15
3.1 ^Keepalived‰HA . . . . . . . . . . . . . . . . . . . . . . . . 15
3.1.1 HAProxyÚwebÑÖì˜ . . . . . . . . . . . . . . . 15
3.1.2 Keepalived˜ . . . . . . . . . . . . . . . . . . . . . . 15
3.2 ^Keepalived˜LVS . . . . . . . . . . . . . . . . . . . . . . 19

ë©z 21
 1˜Ù VRRP

Keepalived´VRRP{¢y§Ïd30Keepalivedƒc§·‚k7
‡k
)VRRPn"
)VRRPÐ©#LuVRRPRFC©1 "

1.1 VRRPÆ{0
3y¢䂸¥('XInternet)§üI‡Ï&ÌÅ(end-host)Œ
õꜹe¿vk†Ônë"éuùœ¹§§‚ƒm´dN
oÀJºÌÅXÛÀ½ˆ8ÌÅe˜a´d§ù´˜‡¯K"Ï~
)û{kü«µ

• 3ÌÅþ¦^Ä´dÆ('XRIP,OSPF)

• 3ÌÅþ˜·´d

é²w§3ÌÅþ˜Ä´dÆ´š~؃¢S§Ï+n!
‘o¤±9´Ä|±Ãõ¯K"@o˜·´dÒC›©6
1"¢Sþ§ù«ª·‚–8˜†3^"´§´dì(½ö`%@
'default gateway)%²~¤ü:"Ҏ˜
õ‡·´d§%Ϗ7
L­éäâU) CØ¢^"
VRRP8Ò´
)û·´dü:æ¯Kœ
VRRPÏL˜«¿À(election)Æ5Äò´d?Ö‰LAN¥J
[´dì¥,VRRP´dì"ùpwå5é7§Ïkü‡'…¶
c:J[´dìÚVRRP´dì"

VRRP´dì

VRRP´dìÒ´˜´d짐ØLþ¡$1
VRRPDù§S
5¢yVRRPÆ ®§ù´Ôn´dì"˜VRRP´d쌱 uõ
‡J[´dì"
1
´RFC 3768 Ø´2338§XJ\U§Òw2338j
2 VRRP

VRRPJ[´dì

¤¢J[§Ò´`¿Ø´¢S3§´˜‡Ü6 Ø´Ôn´d
ì"J[´dìÏ~dõ(Ôn)VRRP´dìÏL,«ª|¤§ÒÐ
'ù
Ôn´dìÑ¿˜‡³(pool)p¡§‡poolé wå5Җ
´˜´dì§Ù¢SÜkõ"J[´dìI£¡VRID"

MASTERÚBACKUP

3˜‡VRRPJ[´d쥧kõÔnVRRP´d짴ùõ
ÔnÅì¿ØӞóŠ2 § ´d˜¡MASTERKI´dóŠ§Ù
¦Ñ´BACKUP§MASTER¿š˜¤ØC§VRRPÆ4z‡VRRP´
dì놿À§ª¼‘Ò´MASTER"MASTERk˜
A3 §'X
PkJ[´dìIP/Œ§·‚ÌÅÒ´^ù‡IP/ŒŠ·´d
"PkAMASTER‡KI=uux‰'/ŒÚAARPž
¦"

1.2 óŠÅ›
VRRPÏL¿ÀÆ5¢yJ[´dìõU§¤kÆ©Ñ´
ÏLIPõÂ(multicast)£õÂ/Œ224.0.0.18¤/ªux"J[´dì
dVRID(‰Œ0–255)ژ|IP/Œ|¤§é Ly˜‡±MAC/
Œ µ00-00-5E-00-01-{VRID} 4 " ¤ ± § 3 ˜ ‡ J [ ´ d ì ¥ § Ø + X
´MASTER§é Ñ´ƒÓMACÚIP(¡ƒVIP)"ràÌÅ¿Ø
I‡ÏMASTERUC ?UgC´d˜§é¦‚5`§ù«Ìl
ƒ†´ß²"
3˜‡J[´d쥧kŠMASTERVRRP´d쬘†u
xVRRP2w(VRRP Advertisement message)§BACKUPجsÓMASTER§
ؚ§`k?(priority)p"MASTER،^ž£BACKUPÂØ2
w¤§õBACKUP¥`k?pù¬sӏMASTER"5 "ù
«sÓ´š~¯„(<1s)§±yÑÖëY5"
ÑuS5ħVRRP¦^
\—Æ?1\—"

2
¦+ùwå5éL¤
3
PŒo´kA
4
ùÒ´Ÿo ¡˜virtual router idŸoU´0. . . 255
5
ù`²
ŸoI‡state§kI‡priorityù˜
 1Ù KEEPALIVED

KeepalivedOÚ¢y,{ü§´˜kاÙ̇Ò
ãù
"

2.1 KeepalivedOÚ¢y
Keepalived´˜‡pݬzO^‡§ “è(qéN´
wÑù˜:§p¡k

check core libipfwc libipvs-2.4 libipvs-2.6 vrrp

ùo˜
8¹"
4 KEEPALIVED

core keepalivedØ%§S§'XÛ˜)Û§?§éĶ

vrrp Keepalivedvrrpdf?§±9ƒ'“è"

check keepalivedhealthcheckerf?§8¹§)
¤kèxu
ª±9éA˜)Û§LVS˜)ۏ3ù‡p¡

libipfwc iptables(ipchains)¥§Ì‡^5˜LVS¥firewall-mark"

libipvs* ´¦^LVSI‡^"

2.1.1 õ?§ª

keepalivedæ^
õ?§Oª§z‡?§KIØÓõU§·‚
3¦^LVSÅìþÏ~Œ±wù?§µ

111 Keepalived < I?§:S+n§i›f?§

112 \_ Keepalived < VRRPf?§
113 \_ Keepalived < healthcheckerf?§

k
·-1ëê5››Ømé,
?§§'XØ$1LVSÅìþ§m
éVRRPҌ±
(–P), XJ$1healthcheckerf?§,¦^–C"

2.1.2 ››¡†

¤¢››¡†Ò´é˜©‡?ÈÚ)Û§Keepalived˜©
‡)Û',a§¿Ø´˜gÚÚ)Û¤k˜§3^,¬ž
ÿâ)ۃA˜§3z‡¬p¡ÑŒ±wXXX parser.cù©
‡§Ò´‰ù‡Š^"

2.1.3 WatchDog

ù«µeJø
éf?§(VRRPÚhealthchecker)i›.

2.1.4 IPVSµC

Keepalivedp ¡ ¤ k éLVS ƒ ' ö Š ¿ Ø †  ¦ ^ipvsadmù  

^ r à § S § ´ †  ¦ ^IPVSJ ø  ¼ ê ? § ö Š § ù
“ è Ñ
3check/ipwrapper.c¥"
2.2 KeepAlivedSC 5

2.2 KeepAlivedSC
SCKeepalivedÚSCÙ¦m ^‡˜§š~{ü§configure§make§make
installҌ±t½§´·‚„´I‡{ü`²˜eù‡öŠL§µ

./configure --prefix=/ \
--mandir=/usr/local/share/man \
--with-kernel-dir=/usr/src/kernels/2.6.9-67.EL-smp-i686/
make
make install

`²Xeµ
1. prefix ù‡½/j§ù˜©‡¬˜8¹e§BöŠ"

2. mandir ù‡˜LinuxXÚ%@man8¹e§Bw"

3. with-kernel-dir ù´‡­‡ëê§ù‡ëê¿ØL«·‚‡r :X J ‡ ^ LVS§ â I ‡ ù   

½§ÄK´ØI‡§ …XJ‡¦
Keepalived? ? S Ø § ´  ¦ ^ S Ø è p ¡  Þ © ‡ §  Ò ^netlink§ „ I ‡link watch.cù ‡
©‡
´include8¹"

3confiure(‰1 §Œ±e¡Ñѵ

Keepalived configuration
------------------------
Keepalived version : 1.1.15
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
Use VRRP Framework : Yes
Use LinkWatch : Yes
Use Debug flags : No

 5¿

Use IPVS Framework IPVSµe—=LVSØ%“èµe§XJØ

¦^LVS§Œ±3configurež½ëêdisable-lvs§ù{§ùpw
Ò´No Ø´Yes"
6 KEEPALIVED

IPVS sync daemon support IPVSÓÚ?§§éw,§XJc¡@‘

´No{§@oùp’½´No§,XJc¡ù‘´Yes–=¦
^LVS§ ؎¦^LVSÓÚ?§(sync daemon), Œ±3configure
žÿ½disable-lvs-syncd "

Use VRRP Framework VRRPµe§ùÄþ´7L§Keepalived

Ø%?§vrrpd"

Use LinkWatch ¤¢LinkwatchŒV¿g´ÏLÂSØuÑ'u

kG&E5äkG§Ï´SØuÑ&E§ù3^
ràI‡ÓPù
&E=Œ§ƒ'†3^ràÏLÙ¦ª5
¢ywå5¬Ž] §Keepalived3k‡L20¬œ¹eí¦
^"1

{ óƒ§XJئ^LVSõU§@o‡wUse VRRP Frame-

work YesÒ Œ ± § ‡ ƒ § 7 L kUse IPVS Framework Yes§ Ù ¦ Ñ
´optional "
SCÄÒùo{ü§´\ŒU„k¦¯§.3=pe1Keepalivedº
†Keepalived(ejµwww.keepalived.org

2.3 KeepAlived˜)
Keepalived¤k˜Ñ3˜‡˜©‡p¡˜§|±˜‘'
õ"©naµ

1. Û˜(Global Configuration)

2. VRRPD˜

3. LVS˜

é ² w §  Û  ˜ Ò ´ é  ‡keepalivedå    ˜ § Ø + ´ Ä ¦
^LVS"VRRPD´keepalivedØ%§LVS˜3‡¦^keepalived5
˜Ú+nLVSžI‡¦^§XJ=¦^keepalived5‰HA2 §LVS˜
´ØI‡"
˜©‡Ñ´±¬(block)/ª|„§z‡¬Ñ3{Ú}Œ‰Œ
S"#Ú!mÞ1Ñ´5º"
1
I ‡link watch.cù ‡ © ‡ § d © ‡ 3LinuxS Ø  “ è ¥ § ´ » a
q/usr/src/kernels/2.6.9-67.EL-smp-i686/net/core/ link watch.c
2
'X`‰˜éHAProxyHA½öÙ¦aqHA
2.3 KeepAlived˜) 7

2.3.1 Û˜
Û˜)ü‡f˜§=¤¢µÛ½Â(global definition)Ú·
/Ϋd(static ipaddress/routes)

Û½Â

Û½Â̇˜keepalivedÏśÚI£µ

global_defs
{
notification_email
{
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
stmp_connect_timeout 30
router_id my_hostname
}

• notification email ½keepalived3 u ) ¯ ‡(' X ƒ †)ž § I ‡ u

xemail閧Œ±kõ‡§z1˜‡"

• smtp *½uxemailsmtpÑÖì§XJ/mé
sendmail{§
Œ±¦^þ¡%@˜"

• route id$1keepalivedÅ옇I£"

·/ŒÚ´d

¤¢·(static)Ò´`ج‘vrrpd instancem/' Cz§VIPÒ

Ø´static§¬‘Xvrrpd V\/íØ"ù‡˜Œ±^5‰ÑÖì˜
·IP/Œ/´d§,XJÑÖì˜p¡®²kù
˜§ùpÒ
ØI‡˜
"

static_ipaddress
{
192.168.1.1/24 brd + dev eth0 scope global
8 KEEPALIVED

...
}
static_routes
{
src $SRC_IP to $DST_IP dev $SRC_DEVICE
...
src $SRC_IP to $DST_IP via $GW dev $SRC_DEVICE
}

z˜1˜˜‡IP§ù
˜Ñ´Linuxeipù‡·-ëê§'Xþ
¡ 192.168.1.1/24 brd + dev eth0 scope global§keepalived ª ¬
†¦^ip addr add 192.168.1.1/24 brd + dev eth0 scope global 5V\§¤
±ùp˜Ñ‡ÎÜip·-5K"
ùÒ´Û˜ãÜ"

2.3.2 VRRPD˜
VRRPD˜)2Ü©:VRRPÓÚ|(synchroization group)ÚVRRP¢
~(VRRP Instance)"

VRRP Sync Groups(s)

Ø ¦ ^Sync Group {,X J Å ì(½ ö `router)k ü ‡  ã § ˜ ‡

S˜‡ ,z‡ãm阇VRRP¢~§bVRRP˜uS
§@o Ñy¯Kž§VRRPD@gCE,èx§@oجu
xMasterÚBackupƒ†§l —
¯K"Sync groupÒ´
)ûù
‡¯K§Œ±rü‡¢~ј?˜‡Sync Group§ù{§groupp¡?
ۘ‡¢~Ñy¯KѬu)ƒ†"

vrrp_sync_group VG_1 {
group {
inside_network # ùp´¢~¶('XVI_1)
outside_network
,
}
notify_master /path/to/to_master.sh
notify_backup /path_to/to_backup.sh
notify_fault "/path/fault.sh VG_1"
2.3 KeepAlived˜) 9

notify /path/to/notify.sh
smtp_alert
}

• notify master ½ƒ†Masterž§‰1§ù‡Œ±D

\ëê(ÚÒÚå)§Ù¦2‡aí"

• notify-k3‡ëê§ù
ëêdkeepalivedJøµ$1(GROUP—INSTANCE),$2(group½
öinstance¶i),$3(MASTER—BACKUP—FAULT)

• smtp alter ¦^global defsp¡½Âe‡/ŒÚsmtpÑÖì3ƒ†

uxe‡Ï"

VRRP¢~(instance)˜

VRRP¢~ÒL«3þ¡mé
VRRPƧù‡¢~`²
VRRP
˜
A 5 § ' X Ì l !VRID  § Œ ± 3 z ‡interfaceþ m é ˜ ‡ ¢
~"VRRP¢~˜Ì‡½Âvrrp sync groupp¡z‡|¤£IP"

vrrp_instance inside_network {
state MASTER
interface eth0
dont_track_primary

track_interface {
eth0
eth1
}

mcast_src_ip <IPADDR>
garp_master_delay 10
virtual_router_id 51
priority 100
advert_int 1

authentication {
auth_type PASS
autp_pass 1234
10 KEEPALIVED

virtual_ipaddress {
#<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPT> label <LABEL>
192.168.200.17/24 dev eth1
192.168.200.18/24 dev eth2 label eth2:1
}

virtual_routes {
# src <IPADDR> [to] <IPADDR>/<MASK> via|gw <IPADDR> dev <STRING> scope <SCOPE> t
src 192.168.100.1 to 192.168.109.0/24 via 192.168.200.254 dev eth1
192.168.110.0/24 via 192.168.200.254 dev eth1
192.168.111.0/24 dev eth2
192.168.112.0/24 via 192.168.100.254
}
nopreempt
preemtp_delay 300
debug
}

state state½instanceЩ(Initial)G§3ürouterÑéÄ §êþ

¬u)¿À§ppriority¬¿ÀMaster§¤±ùpstate¿ØL
«ùҘ†´Master"

interface inside network¢~”½k

dont track primary ÑVRRPinterface†Ø(%@ؘ)

track interface ˜ i›,p¡?¿˜‡kÑy¯K§Ñ¬?

\FAULTG

mcast src ip u x õ    / Œ,X J Ø  ˜ § % @ ¦ ^ ” ½   k

primary IP"

garp master delay 3ƒ†MASTERG §ò´?1gratuitous ARPž

¦

virtual router id VRIDIP(0. . . 255)

2.3 KeepAlived˜) 11

priority 100 p`k?¿ÀMASTER§MASTER‡puBACKUP–50

advert int um…,%@1s

virtual ipaddress p¡½¤£/Œ(VIP)§Ò´ƒ†MASTERž§

ù
IP¬V\§ƒ†BACKUPž§ù
IPíØ(D‰ip addr
· -),¤ ± z  Ñ Ö ì þ Œ ± Ø ” ½ ? Û J [ / Œ § Ñ r ¦ ‚
˜virtual ipaddressp¡(Œ±õ‡)§keepalived¬gĦ^ip addr?
1”½(ØI‡±5ifcfg-eth0),ip addŒ±w

virtual routes Úvirtual ipaddress˜§u)ƒ†žV\/íØ´d

lvs sync daemon interface lvs syncd”½k

authentication ù˜ã˜@y

auth type @yª§|±PASSÚAH

auth pass @y—è

nopreempt ˜ØsÓ§5¿ù‡˜U˜3stateBACKUP
ÌÅþ§ …ù‡ÌÅpriority7L', ˜p

preempt delay sÓò´§%@5©¨

debug Debug?O

notify master Úsync groupp¡˜˜"

2.3.3 LVS˜
LVS  ˜   )2Ü ©:J [ Ì Å |(virtual server group)Ú J [ Ì
Å(virtual server)"ù
˜Ñ¬D4‰ipvsadmŠëê"

J[ÌÅ|

ù‡˜ã´ŒÀ§8´
4˜RealServerþ,‡serviceŒ
±áuõ‡Virtual Server§¿…‰˜gèxu"

virtual_server_group <STRING> {
# VIP port
<IPADDR> <PORT>
<IPADDR> <PORT>
12 KEEPALIVED

,
fwmark <INT>
}

J[ÌÅ

virtual serverŒ±±e¡3«ª¥?¿˜«˜µ

1. virtual server IP port

2. virtual server fwmark int

3. virtual server group string

Xe~µ

virtual_server 192.168.1.2 80 { # ˜˜‡virtual server: VIP:Vport

delay_loop 3 # service pollingdelayž
m
lb_algo rr|wrr|lc|wlc|lblc|sh|dh # LVSNݎ{
lb_kind NAT|DR|TUN # LVS8+ª
persistence_timeout 120 # ¬{±žm(¦)
persistence_granularity <NETMASK> # LVS¬{±âݧipvsadm¥
-Mëê§%@´0xffffffff§=Šâz‡rà‰¬{±"
protocol TCP # ¦^Æ´TCP„´UDP
ha_suspend # suspendhealthchecker’s activity

virtualhost <string> # HTTP_GET‰èxuž§

uWebÑÖìJ[ÌÅ£=Host:Þ¤

sorry_server <IPADDR> <PORT> # ^ŧ¤kreal server”

 é^

# zRealServerÑI‡˜‡e¡˜‘
real_server <IPADDR> <PORT>
{
weight 1 # %@1§0”
inhibit_on_failure # 3ÑÖìèxu”}
ž§òÙweight˜0§ Ø´†lIPVSp¡íØ"
2.3 KeepAlived˜) 13

notify_up <STRING> | <QUOTED-STRING> # 3uÿservice up

‰1
notify_down <STRING> | <QUOTED-STRING> # 3uÿservice down
‰1
# e¡˜?¿˜«èxuª:HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK
HTTP_GET | SSL_GET
{
url { # HTTP/SSLuURL§ùpŒ±½õ‡URL
path /
digest <STRING> # SSLu Á‡&E(genhashó
äŽÑ)
status_code 200 # HTTPuˆ£Gè
}
connect_port 80 # èxuà
# ±d/Œuxž¦éÑÖì?1èxu
bindto <IPADD>
connect_timeout # 뇞žm
nb_get_retry 3 # ­ëgê
delay_before_retry 2 # ­ëm…žm£¦¤
} # END OF HTTP_GET|SSL_GET

# TCPªèxu
TCP_CHECK {
connect_port 80
bindto 192.168.1.1
connect_timeout 4
} # TCP_CHECK

# SMTP ªèxu
SMTP_CHECK

# ùp˜¿ÂÚHTTPp¡aq
host {
connect_ip <IP ADDRESS>
connect_port <PORT> # %@u25à
14 KEEPALIVED

bindto <IP ADDRESS>

}
connect_timeout <INTEGER>
retry <INTEGER>
delay_before_retry <INTEGER>
# "smtp HELO"ž¦·-ë꧌À"
helo_name <STRING>|<QUOTED-STRING>
} #SMTP_CHECK

#MISCèxuª, ‰1˜‡§S
MISC_CHECK
{
# ܧS½´»
misc_path <STRING>|<QUOTED-STRING>
# ‰1‡žžm
misc_timeout <INT>

# X J  ˜
misc_dynamic { § healthchecker§ S
òÑGè¬^5ÄNÑÖì­(weight).
# ˆ£0: èxuOK§­Ø?U
# ˆ£1: èxu”}§­0
# ˆ£2-255: èxuOK, ­˜µ òÑGè-2§
'Xˆ£255§@oweight=255-2=253
misc_dynamic
}

} # Realserver
} # Virtual Server
 1nÙ A^¢~

Ù̇0ü«Keepalived¦^§˜«=¦^Keepalived‰HA§˜
«Q‰HAq^5˜LVS"

3.1 ^Keepalived‰HA
^Keepalived‰HA´Xd{ü§·‚¤k°åÑ3˜KeepalivedVRRPf
?§þ§ Œ±Ø+LVS˜"ù!·‚b‰ü$1HAProxy
Åì‰HA§JøVIP"eXeµ

shared IP=192.168.1.1
192.168.1.3 192.168.1.4 192.168.1.11-192.168.1.14 192.168.1.2
-------+------------+-----------+-----+-----+-----+--------+----
| | | | | | _|_db
+--+--+ +--+--+ +-+-+ +-+-+ +-+-+ +-+-+ (___)
| LB1 | | LB2 | | A | | B | | C | | D | (___)
+-----+ +-----+ +---+ +---+ +---+ +---+ (___)
haproxy haproxy 4 cheap web servers
keepalived keepalived

3.1.1 HAProxyÚwebÑÖì˜

ù Ü © Ø á u  © ? Ø ‰ Œ S § · ‚  ' 5 3haproxy Å ì þ
Keepalivedƒ'˜"

3.1.2 Keepalived˜

b haporxyÚ à webÑ Ö ì Ñ O  Ð
§ y 3 Ò Œ ± m © 
˜Keepalived
"ù«œ¹e§Ï·‚^KeepalivedHA§=‰virtual
16 A^¢~

routerõU§¤±I‡¤1Ùp¡£ãÛÚVRRP˜=Œ"
˜cI‡O&Eµ

1. VRID—·‚¦^%@511

2. VIP—þã192.168.1.1, VIP=Keepalivedp¡vritual addressip/

Œ

3. LBIP—ùpÒ´ühaproxy/Œ£192.168.1.3Ú1.4§¿bc
öMASTER¤

4. `k?–priority§3õ‡BACKUP¿ÀMASTERžÿ§`k?p
¬¼À"ùpb192.168.1.3`k?150§, ˜100

¤±§¢S‡˜µ

J[IP=192.168.1.1
192.168.1.3 192.168.1.4 192.168.1.11-192.168.1.14 192.168.1.2
-------+-----------------+------------+-----+-----+-----+--------+----
| prio:150 | prio:100 | | | | _|_db
+---+----+ +----+---+ +-+-+ +-+-+ +-+-+ +-+-+ (___)
| MASTER | | BACKUP | | A | | B | | C | | D | (___)
+--------+ +--------+ +---+ +---+ +---+ +---+ (___)
haproxy haproxy 4 cheap web servers
keepalived keepalived

ØsÓ

MASTERÑy¯K §BACKUP¬¿À#MASTER§@o
ƒcMASTER­#ONLINE §´UY¤MASTER„´C¤BACKUPQº
%@œ¹e§XJv˜ØsÓ§@oƒcMASTERå5 ¬UYsÓ
¤MASTER§Ò´`§‡L§I‡u)2gƒ†µ

1. MASTER->BACKUP

2. BACKUP->MASTER

ùé’Öª„ƒ†´ØUN=§Ïd·‚F"MASTERå5 §
¤BACKUPœ¤±‡˜ØsÓ"Keepalivedp¡Jø
nopreemptù
‡  ˜ §  ´ ù ‡  ˜  U ^ 3stateBACKUP Å ì þ §  ´ · ‚
1
ý´3$ʛ˜Bœ
3.1 ^Keepalived‰HA 17

²²F"´MASTERØ?1sÓ§v{§MASTERstate˜
¤BACKUP"Ò´`192.168.1.3Ú192.168.1.4чòstate˜BACKUPœ
@o.X´MASTERºsÓj§ÏLpriority§¤±·‚3üBACKUPþ
¡ÏL˜ØÓpriority54¦‚˜å5ÒsÓ§ppriority192.168.1.3¤
ÐMASTER"

SC

MASTERÚBACKUPþSCL§˜§¦^e¡·-(ùp
b3RedHat Enterprise AS4 Update 4þSC)µ

$wget http://www.keepalived.org/software/keepalived-1.1.17.tar.gz
$tar xzvf keepalived-1.1.17.tar.gz
$cd keepalived-1.1.17
$./configure --prefix=/ \
--mandir=/usr/local/share/man \
--with-kernel-dir=/usr/src/kernels/2.6.9-67.EL-smp-i686/
$make
#make install
#cp keepalived/etc/init.d/keepalived.rh.init /etc/init.d/keepalived
#chmod +x /etc/init.d/keepalived
#cp keepalived/etc/init.d/keepalived.sysconfig /etc/sysconfig/keepalived
#chkconfig --add keepalived
#chkconfig --level 345 keepalived on

MASTER˜

MASTER˜—192.168.1.3˜

global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id haproxy-ha
18 A^¢~

vrrp_sync_group VG1 {
group {
VI_1
}
}

vrrp_instance VI_1 {
state BACKUP
smtp_alert
notify_fault "/root/script/notify_mail.sh fault"
notify_master "/root/script/notify_mail.sh master"
nopreempt
interface eth1
track_interface {
eth0
eth1
}
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass fsaf..7&f
}
virtual_ipaddress {
192.168.1.1/24 dev eth1 scope global
}
}

BACKUP˜

BACKUP˜—192.168.1.4˜
BACKUP˜ÚMASTERʧk2‡ØÓ:µ

1. priority ˜100
3.2 ^Keepalived˜LVS 19

2. ؘnopreempt

éÄÑÖ

©O3üþ‰1service keepalived startéÄÑÖ"

3.2 ^Keepalived˜LVS

·‚be¡œ/µ
4webÑÖìÏL˜éLVS?1NݧLVS=uªNAT"˜éLVSÏ
LKeepalived‰HA§

J[IP=192.168.1.1
192.168.1.3 192.168.1.4 192.168.1.11-192.168.1.14 192.168.1.2
-------+-----------------+------------+-----+-----+-----+--------+----
| prio:150 | prio:100 | | | | _|_db
+---+----+ +----+---+ +-+-+ +-+-+ +-+-+ +-+-+ (___)
| MASTER | | BACKUP | | A | | B | | C | | D | (___)
+--------+ +--------+ +---+ +---+ +---+ +---+ (___)
LVS LVS 4 cheap web servers

3LVS¥§õ
A‡Vgµ

virtual server Ò ´VIP+VPORT§VIPI ‡ Ï LVRRPD ˜ ã ? 1 

˜"

real server ùpLVSNÝwebÑÖìIP/Œ§=ã¥192.168.11–14

lb algo Nݎ{§ùp¦^wlc

lb kind =uª§ùp¦^NAT

weight ­§%@ùpј3

SC

SCÚþ˜!3.1.2ùSC˜§ùpØ2Kã"
20 A^¢~

MASTERÚBACKUP˜

KeepalivedÛÚvrrp˜ãÚc˜!3.1.2˜§ùp·‚I
‡V\virtual server˜ãµ

virtual_server 192.168.1.1 80 {
delay_loop 3
lb_algo wlc
lb_kind DR
persistence_timeout 1200
protocol TCP
ha_suspend

real_server 192.168.1.11 80 {
weight 3
TCP_CHECK {
connect_timeout 3
}
}
real_server 192.168.1.12 80 {
weight 3
TCP_CHECK {
connect_timeout 3
}
}
}
 ë©z

[1] RFC 3768 — Virtual Router Redundancy Protocol (VRRP)

[2] man 5 keepalived.conf

[3] man 8 keepalived

[4] www.keepalived.org

[5] keepalived “è
22 ë©z