命令启动keepalived

前提条件

• 已完成编译keepalived二进制文件，成功编译出开源keepalived二进制。
• 已完成在边缘设备上部署keepalived，成功设置配置文件。

操作步骤

1. 设置keepalived相关文件的权限和属主。

   以root用户依次执行如下命令：

   mkdir -p /opt/middleware/keepalived/conf/pids
   mkdir -p /var/alog/keepalived
   chown -R MindXEdge:MindXEdge /opt/middleware/keepalived
   chown -R MindXEdge:MindXEdge /var/alog/keepalived
   chmod 700 /var/alog/keepalived
   chmod -R 700 /opt/middleware/keepalived
   chmod -R 500 /opt/middleware/keepalived/src
   chmod -R 500 /opt/middleware/keepalived/bin
   chmod 600 /opt/middleware/keepalived/conf/template/*
   chmod 600 /opt/middleware/keepalived/conf/envfile.ini

   表1 命令说明

   命令	说明
   mkdir -p /opt/middleware/keepalived/conf/pids	创建pids文件。
   mkdir -p /var/alog/keepalived	创建keepalived日志路径，环境中已成功安装AtlasEdge软件，可不用执行此命令。
   chown -R MindXEdge:MindXEdge /opt/middleware/keepalived	设置keepalived文件夹及所包含的内容的宿主。
   chown -R MindXEdge:MindXEdge /var/alog/keepalived	设置keepalived日志路径的宿主。
   chmod 700 /var/alog/keepalived	设置keepalived日志路径的权限。
   chmod -R 700 /opt/middleware/keepalived	设置keepalived文件夹及所包含的内容的权限。
   chmod -R 500 /opt/middleware/keepalived/src	设置keepalived文件下src及所包含内容的权限。
   chmod -R 500 /opt/middleware/keepalived/bin	设置keepalived文件下bin及所包含内容的权限。
   chmod 600 /opt/middleware/keepalived/conf/template/*	设置keepalived文件下template所包含内容的权限。
   chmod 600 /opt/middleware/keepalived/conf/envfile.ini	设置envfile.ini配置文件的权限。

2. 执行setcap 'cap_net_admin+ep cap_net_raw+ep' /opt/middleware/keepalived/bin/keepalived命令，设置keepalived运行所需的权限。
   

   • 若Atlas 500 智能小站部署环境ping命令普通用户无法执行，需执行setcap 'cap_net_raw+ep' /bin/ping命令设置相关能力集；若arping命令普通用户无法执行，需执行setcap 'cap_net_raw+ep' /usr/bin/arping命令设置相关能力集。
   • 若Atlas 500 Pro 智能边缘服务器部署环境上ping命令普通用户无法执行，需执行setcap 'cap_net_raw+ep' /bin/ping命令设置相关能力集；若arping命令普通用户无法执行，需执行setcap 'cap_net_raw+ep' /usr/sbin/arping命令设置相关能力集。
   • 由于keepalived服务需要修改VIP，脑裂检查需要普通用户执行ping和arping命令，因此以上三条keepalived、ping、arping命令都需要特权能力，本身存在较小的安全风险。当边缘设备不需要执行keepalived服务时，需要去除对二进制文件设置过的特权能力（如keepalived或者ping、arping），以降低安全风险。
3. 用户可通过在“/usr/lib/systemd/system”中添加keepalived-start.service文件达到持久化keepalived的目的，也可以使用其他方式。参考步骤如下：
   1. 以root用户执行vi /usr/lib/systemd/system/keepalived-start.service命令创建文件，向文件中写入如下内容，用户可根据需要自行修改：

      [Unit]
      Description=keepalived start
      After=network.target atlasedge.service
      
      [Service]
      ExecStart=python3 /opt/middleware/keepalived/src/start.py
      Restart=on-failure
      TimeoutStartSec=0
      KillMode=control-group
      User=MindXEdge
      
      [Install]
      WantedBy=multi-user.target

   2. 执行chmod 644 /usr/lib/systemd/system/keepalived-start.service命令更改文件权限。
   3. 执行ln -sf /usr/lib/systemd/system/keepalived-start.service /etc/systemd/system/multi-user.target.wants/keepalived-start.service命令创建软链接。
   4. 执行systemctl start keepalived-start.service命令启动keepalived。
      

      Atlas 500 智能小站升级固件后会因切区导致持久化配置失效，需重新配置。

4. 查看keepalived启动结果

   执行命令ps -ef | grep /opt/middleware/keepalived/src/start.py，结果显示/opt/middleware/keepalived/src/start.py进程存在；执行命令tail -f /var/alog/keepalived/keepalived.log，结果显示“Start keepalived success.”此时表明keepalived已成功启动。