命令启动HA
前提条件
- 已完成编译keepalived二进制文件,成功编译出开源keepalived二进制文件并上传到运行环境的指定目录下。
- 已完成在边缘设备上部署HA,成功修改配置文件。
操作步骤
- 以root用户执行以下命令设置权限。
umask 0077 chmod 755 "/opt/middleware/keepalived" chmod -R 500 "/opt/middleware/keepalived/src" chmod -R 500 "/opt/middleware/keepalived/bin" chmod -R 700 "/opt/middleware/keepalived/conf" chmod 600 "/opt/middleware/keepalived/conf/env.json" "/opt/middleware/keepalived/conf/keepalived-start.service" cp "/opt/middleware/keepalived/conf/keepalived-start.service" "/usr/lib/systemd/system/keepalived-start.service" chmod 600 "/usr/lib/systemd/system/keepalived-start.service" chown -Rh "MindXEdge":"MindXEdge" "/opt/middleware/keepalived/src" chown -Rh "MindXEdge":"MindXEdge" "/opt/middleware/keepalived/bin" chown -Rh "MindXEdge":"MindXEdge" "/opt/middleware/keepalived/conf"
表1 命令说明 命令
说明
umask 0077
设置创建文件的权限掩码。
chmod 755 /opt/middleware/keepalived
设置keepalived目录的权限。
chmod -R 500 "/opt/middleware/keepalived/src"
设置src目录及所包含内容的权限。
chmod -R 500 "/opt/middleware/keepalived/bin"
设置bin目录及所包含内容的权限。
chmod -R 700 "/opt/middleware/keepalived/conf"
设置conf目录及所包含内容的权限。
chmod 600 "/opt/middleware/keepalived/conf/env.json" "/opt/middleware/keepalived/conf/keepalived-start.service"
设置env.json和keepalived-start.service的权限。
cp "/opt/middleware/keepalived/conf/keepalived-start.service" "/usr/lib/systemd/system/keepalived-start.service"
复制service文件到“/usr/lib/systemd/system/”目录。
chmod 600 "/usr/lib/systemd/system/keepalived-start.service"
设置keepalived-start.service的权限。
chown -Rh "MindXEdge":"MindXEdge" "/opt/middleware/keepalived/src"
设置src目录及所包含内容的属主和属组。
chown -Rh "MindXEdge":"MindXEdge" "/opt/middleware/keepalived/bin"
设置bin目录及所包含内容的属主和属组。
chown -Rh "MindXEdge":"MindXEdge" "/opt/middleware/keepalived/conf"
设置conf目录及所包含内容的属主和属组。
- 执行setcap 'cap_net_admin+ep cap_net_raw+ep' /opt/middleware/keepalived/bin/keepalived命令,设置keepalived运行所需的权限。
- 若Atlas 500 智能小站(型号:3000)部署环境ping命令普通用户无法执行,需执行setcap 'cap_net_raw+ep' /bin/ping命令设置相关能力集;若arping命令普通用户无法执行,需执行setcap 'cap_net_raw+ep' /usr/bin/arping命令设置相关能力集。
- 由于HA服务需要修改VIP、脑裂检查需要普通用户执行ping和arping命令,因此以上命令都需要特权能力,但是命令本身存在较小的安全风险。当边缘设备不需要执行HA服务时,需要去除对相关文件(如keepalived、ping和arping)设置过的特权能力,以降低安全风险。
- 以root用户依次执行chattr +i -R "/opt/middleware/keepalived"命令和chattr -i -R "/opt/middleware/keepalived/conf"命令为HA相关文件和文件夹进行文件锁的设置。
- 执行systemctl start keepalived-start.service命令启动HA。
- 当前HA的管理依靠service服务,相关文件为“/usr/lib/systemd/system/keepalived-start.service”。
- 当keepalived-start.service文件更改后,须执行systemctl daemon-reload命令更新配置。
- Atlas 500 智能小站(型号:3000)重启后,默认加载“/etc/systemd/system/”下的服务配置,不会加载“/usr/lib/systemd/system/keepalived-start.service”。用户若需要在Atlas 500 智能小站(型号:3000)重启后使keepalived-start.service服务生效,请以root用户执行ln -sf /usr/lib/systemd/system/keepalived-start.service /etc/systemd/system/multi-user.target.wants/keepalived-start.service命令创建软链接。
- 查看HA启动结果。
执行命令ps -ef | grep /opt/middleware/keepalived/src/start.py,结果显示“/opt/middleware/keepalived/src/start.py”,表示进程存在;执行命令tail -f /var/alog/keepalived/keepalived.log,结果显示“Start keepalived success.”此时表明HA已成功启动。
目前HA软件不支持升级,仅支持重装。
Atlas 500 智能小站(型号:3000)升级固件后会因切区导致持久化配置失效,需要重新配置keepalived-start.service。