干货！keepalived非root用户部署启动

1、下载keepalived2.2.7，因2.2.4版本以后就支持非root用户部署。

https://www.keepalived.org/download.html

2、新建普通用户

[root@localhost keepalived-2.2.7]# useradd keepalived

3、安装依赖包

[root@localhost keepalived-2.2.7]# yum -y install gcc libnl libnl-devel openssl openssl-devel

4、下载二进制安装包传至/usr/local/下并解压

[root@localhost local]# tar -zxvf keepalived-2.2.7.tar.gz -C /usr/local/

5、赋权限

[root@localhost keepalived-2.2.7]# chown -R keepalived.keepalived /usr/local/keepalived-2.2.7

[root@localhost local]# cd keepalived-2.2.7

6、编译安装普通用户， 如失败，需要给几个目录给个普通用户权限

[root@localhost local]# chown -R keepalived.keepalived /usr/local/

[root@localhost local]# chown -R keepalived.keepalived /usr/lib/systemd/system/

[keepalived@localhost keepalived-2.2.7]$ ./configure --prefix=/usr/local/keepalived

[keepalived@localhost keepalived-2.2.7]$ make && make install

8、创建目录

[root@localhost ~]# mkdir /etc/keepalived

[root@localhost keepalived]# cd /usr/local/keepalived/etc/keepalived

[root@localhost keepalived]# cp keepalived.conf.sample keepalived.conf

9、编辑 keepalived.conf配置文件

[root@localhost keepalived]# cat keepalived.conf

vrrp_instance VI_1 {

    state BACKUP #角色

    interface ens33 #网卡名

    virtual_router_id 50 #在同一个虚拟路由里,id号必须相同

    nopreempt #非抢占

    #priority 6 #优先级,越高越可能是主

    advert_int 3 #心跳时间间隔

    unicast_src_ip 192.168.59.213 #本机ip

    unicast_peer {

192.168.59.214 #另一台机器ip

    }

    authentication { #密码组内交流

        auth_type PASS

        auth_pass 1111qwer

    }

    virtual_ipaddress { #对外虚拟ip

        192.168.59.230 #dev ens33 label ens33:0

    }

}

10、配置开机启动

[root@localhost keepalived]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

[root@localhost keepalived]# cp /usr/local/keepalived-2.2.7/keepalived/etc/init.d/keepalived /etc/init.d/

[root@localhost keepalived]# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/

[root@localhost keepalived]# ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/

[root@localhost keepalived]# chkconfig keepalived on

11、给 keepalived用户赋予systemd权限，用于启动 keepalived服务。

[root@localhost keepalived]# cp /usr/share/polkit-1/actions/org.freedesktop.systemd1.policy /usr/share/polkit-1/actions/org.freedesktop.systemd1.policy.bak

[root@localhost keepalived]# vi /usr/share/polkit-1/actions/org.freedesktop.systemd1.policy

把org.freedesktop.systemd1.manage-units节点下，defaults下的auth admin修改为yes

<allow_any>auth_admin</allow_any>改为<allow_any>yes</allow_any>

12、重启服务。

[root@localhost keepalived]# systemctl restart polkit

13、切到普通用户下i，启停 keepalived服务，至此部署完成。

[keepalived@localhost keepalived-2.2.7]$ systemctl status keepalived

[keepalived@localhost keepalived-2.2.7]$ systemctl start keepalived

#service服务也可以进行启动和维护。
[keepalived@localhost keepalived-2.2.7]$ service keepalived stop

[keepalived@localhost keepalived-2.2.7]$service keepalived start

[keepalived@localhost keepalived-2.2.7]$service keepalived status