forked from acassen/keepalived
-
Notifications
You must be signed in to change notification settings - Fork 1
/
INSTALL
321 lines (254 loc) · 10.1 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
Kernel needs
==============
Compile a kernel with the following options :
Kernel/User netlink socket
LinuxVirtualServer
Keepalived supports all LVS code.
Library dependencies
====================
In order to compile Keepalived needs the following libraries (depending
on the Linux flavour):
Linux flavours
==============
RedHat based systems (RedHat Enterprise/CentOS/Fedora)
------------------------------------------------------
The following build packages are needed:
make
autoconf automake (to build from git source tree rather than tarball)
The following libraries need to be installed:
openssl-devel libnl3-devel
For iptables support:
iptables-devel ipset-devel
For magic file identification support:
file-devel
For SNMP support:
net-snmp-devel
For DBUS support:
glib2-devel
For PCRE support
pcre2-devel
For nftables support
libnftnl-devel libmnl-devel
For systemd integration
systemd-devel
For efficient module loading
kmod-devel
For setting VMAC interfaces unmanaged by NetworkManager. This is not needed for
NetworkManager >= 1.18, and possibly some earlier versions, but is needed for
NetworkManager 1.0.6.
NetworkManager-libnm-devel
For building with sanitizers
libasan libubsan libhwasan liblsan (gcc)
compiler-rt (clang)
For building the documentation, the following packages need to be installed:
Fedora: python-sphinx (will pull in: python2-sphinx_rtd_theme)
CentOS-and-friends: python-sphinx epel-release python-sphinx_rtd_theme
For latex or pdf files, the following are also needed:
Fedora: latexmk python-sphinx-latex
CentOS-and-friends: latexmk texlive texlive-titlesec texlive-framed texlive-threeparttable texlive-wrapfig texlive-multirow
To build using clang/llvm
clang compiler-rt lld
Debian/Ubuntu
-------------
For building packages:
build-essential pkg-config, and to build from git repo automake autoconf
The following libraries need to be installed:
iptables-dev libipset-dev libnl-3-dev libnl-genl-3-dev libssl-dev
or for more recent versions of the distros (e.g. Ubuntu Focal):
libxtables-dev libip4tc-dev libip6tc-dev libipset-dev libnl-3-dev libnl-genl-3-dev libssl-dev
For magic file identification support:
libmagic-dev
For SNMP support:
libsnmp-dev
For DBUS support:
libglib2.0-dev
For PCRE support:
libpcre2-dev
For nftables support
libnftnl-dev libmnl-dev
For systemd integration
libsystemd-dev
For efficient module loading
libkmod-dev
For setting VMAC interfaces unmanaged by NetworkManager (see comment above).
libnm-dev
For building the documentation, the following packages need to be installed:
python-sphinx python-sphinx-rtd-theme
For latex or pdf files, the following are also needed:
texlive-latex-base texlive-generic-extra texlive-latex-recommended texlive-fonts-recommended texlive-latex-extra
For runtime:
For SNMP support
libsnmp30 (Ubuntu 18.04), libsnmp35 (Ubuntu 20.04)
For ipset support
libipset3 (Ununtu 18.04), libipset13 (Ubuntu 20.04)
To build using clang/llvm
apt install clang llvm
Alpine Linux (apk add ...)
------------
For building packages
automake autoconf alpine-sdk
The following libraries need to be installed:
linux-headers iptables-dev ipset-dev libnl3-dev musl-dev libnftnl-dev and openssl-dev or libressl-dev
For magic file identification support:
file-dev
For SNMP support:
net-snmp-dev (requires libressl-dev and not openssl-dev)
For PCRE support
pcre2-dev
For setting VMAC interfaces unmanaged by NetworkManager (see comment above).
networkmanager-dev
For building the documentation, the following packages need to be installed:
py-sphinx py3-sphinx_rtd_theme
For latex or pdf files, you'll need texlive or similar, which is not yet
available as a distro package.
Archlinux
---------
Run the following to install the required libraries:
pacman -S ipset libnl1
For magic file identification support:
TDB
For SNMP support:
pacman -S net-snmp
for PCRE support:
pcre-2 (may be installed by default)
For building the documentation, the following packages need to be installed:
python-sphinx python-sphinx_rtd_theme
For latex or pdf files, the following are also needed:
texlive-core texlive-bin texlive-latexextra
openSUSE
========
1. zypper install -t pattern devel_C_C++
2. Install packages with same names as Red Hat variants (except libopenssl-devel instead of openssl-devel and libkmod-devel instead of kmod-devel)
Kernel configuration requirements
---------------------------------
The following list is probably incomplete, and will be updated as other
options become known.
BPF
EPOLL
SIGNALFD
TIMERFD
SYSCTL
PROC_FS
INET
IP_MULTICAST
IPV6
IP_VS (unless --disable-lvs is specified)
IP_VS suboptions to match the real_server/virtual_server configuration
NETFILTER_XTABLES - if strict_mode or no_accept.
NETFILTER_XT options and IP_SET
NF_TABLES and associated components - to use nftables for strict_mode or no_accept
IP_ADVANCED_ROUTER and various associated options if static/dynamic routes specified
FIB_RULES if static or dynamic rules are specified
PROC_EVENTS for track_process
Installing from a git repo
==========================
To install from a git repo, execute:
1. Ensure you have autoconf and automake installed
2. git clone https://github.com/acassen/keepalived.git
3. cd keepalived
4. ./autogen.sh # generate the autoconf and automake environment
5. Follow the instructions below for Installation, omitting the first two steps.
Installation
============
1. tar -xf TARFILE
2. cd into the directory
3. './configure [BUILD_OPTIONS]'
4. 'make'
5. 'make install'. This will install keepalived on your system,
binaries and configuration filei etc. The location the files are
install to will depend on the configure options used :
* keepalived : The keepalived daemon program.
* genhash : The MD5 url digest generator. You need it to
configure HTTP GET check and SSL GET check in
order to compute MD5SUM digest etalon.
* /etc/keepalived/keepalived.conf
* /etc/keepalived/samples/*
* man pages
* /usr/share/snmp/mibs/{KEEPALIVED,VRRP,VRRPv3}-MIB.txt if SNMP is enabled
* /usr/lib/systemd/system/keepalived.service if using systemd
* If keepalived is built with DBus support:
/etc/dbus-1/system.d/org.keepalived.Vrrp1.conf
/usr/share/dbus-1/interfaces/org.keepalived.Vrrp1.{Instance,Vrrp}.xml
6. If you are using systemd, to enable the keepalived execute:
systemctl enable keepalived
If you are using an init, link keepalived.init into your runlevel directory.
On Red Hat systems :
ln -s /etc/rc.d/init.d/keepalived.init /etc/rc.d/rc3.d/S99keepalived
By default the configure script uses /usr/local as base directory. You can
change this value to your own by passing it the --prefix value.
eg: './configure --prefix=/usr/'
run './configure --help' to see all options.
Building RPM files
==================
If building from tarball:
1a. tar -xf TARFILE
1b. cd into the directory
If building from git clone:
1. ./build_setup
For tarball and git
2. ./configure
3. make rpm
The .rpm files will be created in directory `rpm --eval "%{_rpmdir}"`/ARCH
Modifying source code
=====================
If you modify the source code, especially configure.ac or any Makefile.am
file, you will need to regenerate the build files. Keepalived uses automake
and so you will need to have automake and autoconf installed.
Configuration
=============
Just take a look at the /etc/keepalived/keepalived.conf file installed.
It will give you all the information needed. Alternativley, run
'man keepalived.conf' or look at doc/keepalived.conf.SYNOPSIS.
If you want more information about keepalived, please refer to the
keepalived homepage into the documentation section.
http://www.keepalived.org
Creating a docker container
===========================
The simplest way to build a docker image is to execute the following
commands:
./configure OPTIONS
make
make docker
Alternatively there is a very useful github project that was maintained
by osixia for building a docker container with keepalived.
To use, run the following:
git clone https://github.com/osixia/docker-keepalived.git
cd docker-keepalived
make build
docker run --name keepalived --cap-add=NET_ADMIN --net=host \
--env KEEPALIVED_INTERFACE=eth0 -d osixia/keepalived:1.3.5 \
# or whatever version of keepalived you have
To update the keepalived source code, put a new tarball in the image
directory (the Dockerfile may need updating with a new version).
Useful docker commands are:
docker logs keepalived 2>&1 | less # view system logs of container
docker exec -it keepalived bash # execute shell in container
docker rm -f keepalived # Remove the container
keepalived is unable to load the ip_tables, ip6_tables, xt_set and ip_vs
modules from within the container, so ensure they are already loaded in
the host system.
To generate a core file in the root filesystem of the container,
/proc/sys/kernel/core_pattern needs to be updated in the host system,
and not from the container (or in other words the -M option to keepalived
does not work within a container. Installing gdb in the container (edit
the image/Dockerfile to add it before make build) may be helpful if you
need to examine core files in the container.
Running in an AWS container
===========================
The VRRP protocol is not enabled in AWS security groups. If you are using AWS,
create a rule in the AWS security group. The rule should be "Custom Protocol"
and value should be "112" (the VRRP protocol number). All ports should be opened.
Running with SELinux
====================
If the system running keepalived has SELinux enabled in enforcing mode, keepalived
may have difficulty running scripts, accessing configuration files, etc, especially
if keepalived is being started by systemd.
By default, scripts should be located in /usr/libexec/keepalived, or alternatively,
to set the necessary security context for a script, execute:
chcon -t keepalived_unconfined_script_exec_t PATH_TO_SCRIPT
See
https://www.mankier.com/8/keepalived_selinux and
https://www.mankier.com/8/keepalived_unconfined_script_selinux
for further details of SElinux and keepalived.
Have fun with it !
Alexandre, <[email protected]>