■Wheezy/Squeezeにkeepalivedを導入、VRRPで仮想IPにアクセス。
※Wheezy/Squeeze共に手順に差は無い。
$ apt-cache search vrrp
keepalived - Failover and monitoring daemon for LVS clusters
ucarp - user-space replacement to VRRP -- automatic IP fail-over
vrrpd - Virtual Router Redundancy Protocol user-space implementation
$ sudo apt-get install -y keepalived
■シンプルに設定します。
$ dpkg -L keepalived | grep "samples/.*.vrrp"
/usr/share/doc/keepalived/samples/keepalived.conf.vrrp.sync
/usr/share/doc/keepalived/samples/keepalived.conf.vrrp.scripts
/usr/share/doc/keepalived/samples/keepalived.conf.vrrp
/usr/share/doc/keepalived/samples/keepalived.conf.vrrp.routes
/usr/share/doc/keepalived/samples/keepalived.conf.vrrp.static_ipaddress
/usr/share/doc/keepalived/samples/keepalived.conf.vrrp.lvs_syncd
/usr/share/doc/keepalived/samples/keepalived.conf.vrrp.localcheck
$ cat /usr/share/doc/keepalived/samples/keepalived.conf.vrrp | \
sudo tee /etc/keepalived/keepalived.conf > /dev/null
■まずはメール通知を編集。
$ grep -B 1 -A 2 "acassen" /etc/keepalived/keepalived.conf
notification_email {
acassen
}
notification_email_from Alexandre.Cassen@firewall.loc
■送信先を「acassen」から自身の通知先メールアドレスに変更。
$ sudo sed -i s/"acassen"/"root@`hostname -f`"/g /etc/keepalived/keepalived.conf
■送信元は役割+優先度のダミーアカウントとします。
$ sudo sed -i s/"Alexandre.Cassen@firewall.loc"/"vrrp100@`hostname -f`"/g /etc/keepalived/keepalived.conf
■次はSMTPトラップを編集。
$ grep -A 4 smtp_server /etc/keepalived/keepalived.conf
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
■SMTPサーバを指定
$ sudo sed -i s/"\(smtp_server\) .*"/"\1 192.168.45.11"/ /etc/keepalived/keepalived.conf
■ルータIDのホスト名はコメントアウトし、SMTPトラップを有効にします。
※メール通知のSubject欄のホスト名に反映される。
実マシンのホスト名が同じ2台構成の場合は「router_id」を設定した方が良い。
$ man keepalived.conf | grep -A 1 "^ *router_id"
router_id my_hostname
$ sudo sed -i s/"router_id LVS_DEVEL"/"# &\n enable_traps"/ /etc/keepalived/keepalived.conf
■ここまでで一旦、ベースとします。
$ sudo mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.base
■VIはひとつだけでよいので、2番目以降は削除。
$ nl -ba /etc/keepalived/keepalived.conf.base | \
grep "vrrp_instance VI_2" | \
awk '{print $1-1}' | \
head -n `xargs` /etc/keepalived/keepalived.conf.base | \
sudo tee /etc/keepalived/keepalived.conf > /dev/null
■仮想IPを決めます。
$ grep -A 8 virtual_ipaddress /etc/keepalived/keepalived.conf
virtual_ipaddress {
192.168.200.16
192.168.200.17
192.168.200.18
192.168.200.18 label eth0:1
}
■ラベルをコメントアウト
$ sudo sed -i s/"192.168.200.18 label eth0:1"/"# &"/ /etc/keepalived/keepalived.conf
■初期で振っているIPをコメントアウト。
※「ip addr」コマンドでなく「ifconfig」での閲覧を望むなら、設定しましょう。
$ sudo sed -i s/"\( \)\(192.168.200.1[678]\)"/"\1# \2"/ /etc/keepalived/keepalived.conf
$ ip addr | grep 16/32
inet 192.168.45.16/32 scope global eth1
■仮想IPを振る。
$ sudo sed -i s/"virtual_ipaddress {"/"&\n 192.168.45.16"/ /etc/keepalived/keepalived.conf
■「interface eth0」を「eth1」に変更します。
$ grep -A 11 vrrp_instance /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
$ sudo sed -i s/"interface eth0"/"interface eth1"/ /etc/keepalived/keepalived.conf
■私の場合、「state MASTER」では無く、
両方とも「state BACKUP」にし、優先度で制御しています。
$ sudo sed -i s/"state MASTER"/"state BACKUP"/ /etc/keepalived/keepalived.conf
■スレーブ側は以下のようになります。
$ cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@vmdebian-slave.myhome.local
}
notification_email_from vrrp100@vmdebian-slave.myhome.local
smtp_server 192.168.45.11
smtp_connect_timeout 30
enable_traps
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.45.16
}
}
■これをマスター側にコピーして優先度を高くし、メールのfromも変更します。
※優先度は0〜255まで。
$ sudo sed -i s/"priority 100"/"priority 200"/ /etc/keepalived/keepalived.conf
$ sudo sed -i s/"vrrp100"/"vrrp200"/ /etc/keepalived/keepalived.conf
■まずはマスター側を起動
※keepalived単独で使う間、
「IPVS: Can’t initialize ipvs: Protocol not available」が気になるなら、
「dpkg-reconfigure ipvsadm」で無効にしても良い。
$ sudo /etc/init.d/keepalived start
$ sudo tail -100 /var/log/syslog | grep -i "vrrp\|keepalived"
Jun 18 19:46:33 vmdebian-master Keepalived: Starting Keepalived v1.1.20 (03/24,2012)
Jun 18 19:46:33 vmdebian-master Keepalived: Starting Healthcheck child process, pid=2917
Jun 18 19:46:33 vmdebian-master Keepalived: Starting VRRP child process, pid=2918
Jun 18 19:46:33 vmdebian-master Keepalived_vrrp: Registering Kernel netlink reflector
Jun 18 19:46:33 vmdebian-master Keepalived_vrrp: Registering Kernel netlink command channel
Jun 18 19:46:33 vmdebian-master Keepalived_vrrp: Registering gratutious ARP shared channel
Jun 18 19:46:33 vmdebian-master Keepalived_vrrp: Initializing ipvs 2.6
Jun 18 19:46:33 vmdebian-master Keepalived_healthcheckers: Initializing ipvs 2.6
Jun 18 19:46:33 vmdebian-master Keepalived_vrrp: IPVS: Can't initialize ipvs: Protocol not available
Jun 18 19:46:33 vmdebian-master Keepalived_healthcheckers: IPVS: Can't initialize ipvs: Protocol not available
Jun 18 19:46:33 vmdebian-master Keepalived_healthcheckers: Registering Kernel netlink reflector
Jun 18 19:46:33 vmdebian-master Keepalived_healthcheckers: Registering Kernel netlink command channel
Jun 18 19:46:33 vmdebian-master Keepalived_vrrp: Opening file '/etc/keepalived/keepalived.conf'.
Jun 18 19:46:33 vmdebian-master Keepalived_healthcheckers: Opening file '/etc/keepalived/keepalived.conf'.
Jun 18 19:46:33 vmdebian-master Keepalived_vrrp: Configuration is using : 62958 Bytes
Jun 18 19:46:33 vmdebian-master Keepalived_vrrp: Using LinkWatch kernel netlink reflector...
Jun 18 19:46:33 vmdebian-master Keepalived_healthcheckers: Configuration is using : 7447 Bytes
Jun 18 19:46:33 vmdebian-master Keepalived_vrrp: VRRP_Instance(VI_1) Entering BACKUP STATE
Jun 18 19:46:33 vmdebian-master Keepalived_vrrp: Remote SMTP server [192.168.45.11:25] connected.
Jun 18 19:46:33 vmdebian-master Keepalived_healthcheckers: Using LinkWatch kernel netlink reflector...
Jun 18 19:46:33 vmdebian-master Keepalived_vrrp: SMTP alert successfully sent.
Jun 18 19:46:36 vmdebian-master Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE
Jun 18 19:46:37 vmdebian-master Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE
Jun 18 19:46:37 vmdebian-master Keepalived_vrrp: Remote SMTP server [192.168.45.11:25] connected.
Jun 18 19:46:37 vmdebian-master Keepalived_vrrp: SMTP alert successfully sent.
■2つの「SMTP alert successfully sent.」に応じた2つのメールが来る。
From: vrrp200@vmdebian-slave.example.jp
Subject: [vmdebian-master.example.jp] VRRP Instance VI_1 - Entering BACKUP state
X-Mailer: Keepalived
=> VRRP Instance is nolonger owning VRRP VIPs <=
From: vrrp200@vmdebian-slave.example.jp
Subject: [vmdebian-master.example.jp VRRP Instance VI_1 - Entering MASTER state
X-Mailer: Keepalived
=> VRRP Instance is now owning VRRP VIPs <=
■スレーブ側を起動
$ sudo /etc/init.d/keepalived start
$ sudo tail -100 /var/log/syslog | grep -i "vrrp\|keepalived"
Jun 18 19:49:39 vmdebian-slave Keepalived: Starting Keepalived v1.1.20 (03/24,2012)
Jun 18 19:49:39 vmdebian-slave Keepalived: Starting Healthcheck child process, pid=5138
Jun 18 19:49:39 vmdebian-slave Keepalived: Starting VRRP child process, pid=5140
Jun 18 19:49:39 vmdebian-slave Keepalived_healthcheckers: Initializing ipvs 2.6
Jun 18 19:49:39 vmdebian-slave Keepalived_vrrp: Registering Kernel netlink reflector
Jun 18 19:49:39 vmdebian-slave Keepalived_vrrp: Registering Kernel netlink command channel
Jun 18 19:49:39 vmdebian-slave Keepalived_vrrp: Registering gratutious ARP shared channel
Jun 18 19:49:39 vmdebian-slave Keepalived_vrrp: Initializing ipvs 2.6
Jun 18 19:49:39 vmdebian-slave Keepalived_healthcheckers: IPVS: Can't initialize ipvs: Protocol not available
Jun 18 19:49:39 vmdebian-slave Keepalived_healthcheckers: Registering Kernel netlink reflector
Jun 18 19:49:39 vmdebian-slave Keepalived_healthcheckers: Registering Kernel netlink command channel
Jun 18 19:49:39 vmdebian-slave Keepalived_healthcheckers: Opening file '/etc/keepalived/keepalived.conf'.
Jun 18 19:49:39 vmdebian-slave Keepalived_vrrp: IPVS: Can't initialize ipvs: Protocol not available
Jun 18 19:49:39 vmdebian-slave Keepalived_vrrp: Opening file '/etc/keepalived/keepalived.conf'.
Jun 18 19:49:39 vmdebian-slave Keepalived_healthcheckers: Configuration is using : 7247 Bytes
Jun 18 19:49:39 vmdebian-slave Keepalived_vrrp: Configuration is using : 62758 Bytes
Jun 18 19:49:39 vmdebian-slave Keepalived_healthcheckers: Using LinkWatch kernel netlink reflector...
Jun 18 19:49:39 vmdebian-slave Keepalived_vrrp: Using LinkWatch kernel netlink reflector...
Jun 18 19:49:39 vmdebian-slave Keepalived_vrrp: VRRP_Instance(VI_1) Entering BACKUP STATE
Jun 18 19:49:39 vmdebian-slave Keepalived_vrrp: Remote SMTP server [192.168.45.11:25] connected.
Jun 18 19:49:39 ibm-amddebian Keepalived_vrrp: SMTP alert successfully sent.
■メール通知のログは1つなので、1件のメールが確認できる。
From: vrrp100@vmdebian-slave.example.jp
Subject: [vmdebian-slave.example.jp] VRRP Instance VI_1 - Entering BACKUP state
X-Mailer: Keepalived
To: undisclosed-recipients:;
=> VRRP Instance is nolonger owning VRRP VIPs <=
■パケットキャプチャ
切り替わると、「prio 100」になる。GARPはWindowsが居ないネットワークセグメントである方がベター。
$ sudo tcpdump -n -i eth1 host 192.168.45.16 or vrrp or arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
20:03:09.956098 IP 192.168.45.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 200, authtype simple, intvl 1s, length 20
$ sudo tcpdump -n -i eth1 host 192.168.45.16 or vrrp or arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
20:03:09.956098 IP 192.168.45.11 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 200, authtype simple, intvl 1s, length 20
■pingを打つなどしてARP情報を更新しながら、MACアドレスが変わることを確認。
マスター側のMACを優先的に使用していることが分かる。
※keepalivedのVRRPの実装は仮想MACアドレスには対応していないため。
$ sudo arp -an | grep .16\)
? (192.168.45.16) at XX:XX:XX:XX:XX:df [ether] on eth1
$ sudo /etc/init.d/keepalived stop
Stopping keepalived: keepalived.
$ sudo arp -an | grep .16\)
? (192.168.45.16) at XX:XX:XX:XX:XX:ca [ether] on eth1
$ sudo /etc/init.d/keepalived start
Stopping keepalived: keepalived.
$ sudo arp -an | grep .16\)
? (192.168.45.16) at XX:XX:XX:XX:XX:df [ether] on eth1
■後はデフォルトの「auth_pass 1111」を変更し、余計なVRRPが参加しないようにする。
