一、Keepalived 核心理论

1 定义与定位

Keepalived 是开源 Linux 路由软件，核心提供负载均衡与高可用能力，适配 Nginx、MySQL 等各类服务，适用于轻量级无数据同步的高可用场景，最初专为 LVS 设计，现已突破 LVS 生态限制。

2 核心特性

• 高可用核心：基于 VRRP 协议，解决静态路由单点故障，保障关键服务不中断。
• 负载均衡：依赖 IPVS 模块实现四层负载均衡，支持多种调度算法，仅向健康节点分发流量。
• 健康检查：支持 ICMP、TCP 端口、HTTP/HTTPS 及自定义脚本检测，故障节点自动剔除、恢复后自动加入。
• 快速响应：集成 BFD 协议，故障切换延迟控制在秒级，实现服务无缝衔接。
• 灵活可扩展：支持多播/单播，可自定义脚本，开源可扩展源码。

3 核心组件

采用模块化设计，核心由三大模块+辅助组件构成：

1. Core 核心模块：启动维护主进程，解析配置文件，协调各模块工作。
2. VRRP 协议模块：实现主备选举、状态同步、VIP 绑定/释放，是高可用核心。
3. Check 健康检查模块：监控节点与服务状态，同步结果给 VRRP 模块作为切换依据。
4. 辅助组件：含 IPVS 管理、邮件告警等，提升运维便利性。

4 应用场景

核心价值是消除单点故障，典型场景：Web 服务、负载均衡器、数据库、网络设备的高可用冗余。

二、Keepalived 核心原理

1 底层核心：VRRP 协议详解

VRRP 是 Keepalived 高可用底层协议，核心是将多台物理节点虚拟为一个逻辑虚拟路由器，通过选举机制避免单点故障。

1.1 VRRP 核心概念

• 虚拟路由器：多节点逻辑集合，含唯一 VRID，主备节点 VRID 需一致。
• VIP：统一访问入口，正常由主节点绑定，备节点不绑定。
• 主/备节点：主节点优先级最高，处理流量并发送通告；备节点待命，主节点故障时升级。
• VRRP 通告报文：主节点周期性发送，用于状态同步，默认多播地址 224.0.0.18。

1.2 VRRP 选举机制

核心依据优先级（数值越大越高，默认 100），分初始选举（优先级最高者为 Master）和故障重选（备节点超时未收报文则重选），默认开启抢占模式。

2 Keepalived 工作流程（高可用）

以双节点主备为例，分4阶段，全程自动化：

1. 初始化：启动服务，解析配置，选举 Master（绑定 VIP）和 Backup（待命）。
2. 状态维护：Master 周期性发送通告，Backup 监听；Check 模块持续检测健康状态。
3. 故障切换：Master 故障停发通告，Backup 超时升级为 Master，绑定 VIP 接管流量（切换耗时 1-3 秒）。
4. 故障恢复：原 Master 恢复后，开启抢占则重获 Master 角色，否则保持 Backup 状态。

3 健康检查原理

分节点检测（基于 VRRP 心跳，检测节点/进程存活）和服务检测（TCP 端口、HTTP 等），检测结果直接影响 VRRP 选举，确保切换后服务可用。

4 负载均衡原理（基于 IPVS）

Master 节点通过 IPVS 配置虚拟服务器与后端节点，客户端请求经 VIP 转发至健康节点；Master 故障时，Backup 同步 IPVS 配置，继续提供服务。

5 常见问题：脑裂

主备同时认为自己是 Master，核心原因是通信链路中断；规避方案：单播配置、冗余链路、脑裂检测脚本、邮件告警。

三、Keepalived基础与进阶实验

笔记时间：2026-01-28

1 基础准备：实验环境搭建

1.1 实验环境拓扑图

1.2 实验环境具体配置步骤

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

#部署rs1和rh2（单网卡NAT模式）
[root@rs1 ~]# vmset.sh rs1 eth0 172.25.254.10 
[root@rs1 ~]# dnf install httpd -y
[root@rs1 ~]# echo RS1 - 172.25.254.10 > /var/www/html/index.html
[root@rs1 ~]# systemctl enable --now httpd

[root@rs2 ~]# vmset.sh rs2 eth0 172.25.254.20 
[root@rs2 ~]# dnf install httpd -y
[root@rs2 ~]# echo RS2 - 172.25.254.20 > /var/www/html/index.html
[root@rs2 ~]# systemctl enable --now httpd


#测试：
[Administrator.DESKTOP-VJ307M3] ➤ curl 172.25.254.10
RS1 - 172.25.254.10
                                                                                                    ✔
─────────────────────────────────────────────────────────────────────────────────────────────────────
[2026-01-28 10:36.42]  ~
[Administrator.DESKTOP-VJ307M3] ➤ curl 172.25.254.20
RS2 - 172.25.254.20



#设定ka1和ka2
[root@KA1 ~]# vmset.sh KA1 eth0 172.25.254.50 
[root@KA2 ~]# vmset.sh KA2 eth0 172.25.254.60 


#设定本地解析
[root@KA1 ~]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.50     KA1
172.25.254.60     KA2
172.25.254.10     rs1
172.25.254.20     rs2


[root@KA1 ~]# for i in 60 10 20; do scp /etc/hosts 172.25.254.$i:/etc/hosts; done

#在所有主机中查看/etc/hosts


#在ka1中开启时间同步服务
[root@KA1 ~]# vim /etc/chrony.conf
 26 allow 0.0.0.0/0
 29 local stratum 10
 
[root@KA1 ~]# systemctl restart chronyd
[root@KA1 ~]# systemctl enable --now chronyd



#在ka2中使用ka1的时间同步服务
[root@KA2 ~]# vim /etc/chrony.conf
pool 172.25.254.50 iburst

[root@KA2 ~]# systemctl restart chronyd
[root@KA2 ~]# systemctl enable --now chronyd

[root@KA2 ~]# chronyc sources -v

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* KA1                           3   6    17    13   +303ns[+6125ns] +/-   69ms 

2 核心配置：基础功能调优

2.1 Keepalived 日志分离配置

（独立日志，便于问题排查）

默认情况下。keepalived的日志会被保存在/var/log/messages文件中，这个文件中除了含有keepalived的日志外，还有其他服务的日志信息，这样不利于对于keepalived的日志进行查看

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

[root@KA1 ~]# vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
[root@KA1 ~]# systemctl restart keepalived.service

[root@KA1 ~]# vim /etc/rsyslog.conf
local6.*                                                /var/log/keepalived.log
[root@KA1 ~]# systemctl restart rsyslog.service


#测试
[root@KA1 ~]# ls -l /var/log/keepalived.log
ls: 无法访问 'keepalived.log': 没有那个文件或目录
[root@KA1 ~]# systemctl restart keepalived.service
[root@KA1 ~]#  ls -l /var/log/keepalived.log
-rw------- 1 root root 3294  1月 28 15:09 /var/log/keepalived.log

2.2 Keepalived 子配置文件拆分

（模块化管理配置）

在主配置文件中如果写入过多的配置不利于对于主配置文件的阅读

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     timinglee_zln@163.com
   }
   notification_email_from timinglee_zln@163.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id KA1
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 1
   vrrp_gna_interval 1
   vrrp_mcast_group4 224.0.0.44
}

include /etc/keepalived/conf.d/*.conf			#指定独立子配置文件

[root@KA1 ~]# mkdir  /etc/keepalived/conf.d -p
[root@KA1 ~]# vim /etc/keepalived/conf.d/webvip.conf
vrrp_instance WEB_VIP {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:0
    }
}

[root@KA1 ~]# keepalived -t -f /etc/keepalived/keepalived.conf
[root@KA1 ~]# systemctl restart keepalived.service
[root@KA1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.50  netmask 255.255.255.0  broadcast 172.25.254.255
        inet6 fe80::3901:aeea:786a:7227  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:26:33:d9  txqueuelen 1000  (Ethernet)
        RX packets 17383  bytes 1417554 (1.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 32593  bytes 3135052 (2.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.100  netmask 255.255.255.0  broadcast 0.0.0.0
        ether 00:0c:29:26:33:d9  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 118  bytes 6828 (6.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 118  bytes 6828 (6.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

3 核心模式：VRRP 核心机制

1. 抢占模式（默认机制）

   • 原理：优先级高的节点抢占 VIP

2. 非抢占模式

   • 原理：持有 VIP 的节点只要存活，不触发 VIP 迁移

   • 适用场景与配置

     1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112

     #kA1中 [root@KA1 ~]# vim /etc/keepalived/keepalived.conf vrrp_instance WEB_VIP { state BACKUP #非抢占模式互为backup interface eth0 virtual_router_id 51 nopreempt #启动非抢占模式 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 } } [root@KA1 ~]# systemctl stop keepalived.service #KA2中 [root@KA2 ~]# vim /etc/keepalived/keepalived.conf vrrp_instance WEB_VIP { state BACKUP interface eth0 virtual_router_id 51 nopreempt #开启非抢占模式 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 } } [root@KA2 ~]# systemctl stop keepalived.service #测试： [root@KA1 ~]# systemctl start keepalived.service [root@KA2 ~]# systemctl start keepalived.service [root@KA1 ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.50 netmask 255.255.255.0 broadcast 172.25.254.255 inet6 fe80::3901:aeea:786a:7227 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet) RX packets 18917 bytes 1546417 (1.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 34775 bytes 3349412 (3.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 162 bytes 9028 (8.8 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 162 bytes 9028 (8.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@KA1 ~]# systemctl stop keepalived.service [root@KA2 ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.60 netmask 255.255.255.0 broadcast 172.25.254.255 inet6 fe80::26df:35e5:539:56bc prefixlen 64 scopeid 0x20<link> ether 00:0c:29:1e:fd:7a txqueuelen 1000 (Ethernet) RX packets 22521 bytes 1553701 (1.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 18517 bytes 1535122 (1.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:1e:fd:7a txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 84 bytes 5128 (5.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 84 bytes 5128 (5.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 #开启KA1的服务ip不会被抢占到1中 [root@KA1 ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.50 netmask 255.255.255.0 broadcast 172.25.254.255 inet6 fe80::3901:aeea:786a:7227 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet) RX packets 19102 bytes 1561277 (1.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 35034 bytes 3375682 (3.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 162 bytes 9028 (8.8 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 162 bytes 9028 (8.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

3. 延迟抢占模式

   • 原理：避免网络抖动导致的 VIP 频繁切换

   • 配置参数与调优

     1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51

     #kA1中 [root@KA1 ~]# vim /etc/keepalived/keepalived.conf vrrp_instance WEB_VIP { state BACKUP #非抢占模式互为backup interface eth0 virtual_router_id 51 preempt_delay 10 #启动延迟抢占，延迟10s抢占 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 } } [root@KA1 ~]# systemctl stop keepalived.service #KA2中 [root@KA2 ~]# vim /etc/keepalived/keepalived.conf vrrp_instance WEB_VIP { state BACKUP interface eth0 virtual_router_id 51 preempt_delay 10 #启动延迟抢占，延迟10s抢占 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 } } [root@KA2 ~]# systemctl stop keepalived.service #测试： [root@KA1 ~]# systemctl start keepalived.service [root@KA2 ~]# systemctl start keepalived.service #在一个独立的shell中开启ip的监控 [root@KA1 ~]# watch -n 1 ifconfig #在KA1另外的shell中关闭keepalived [root@KA1 ~]# systemctl stop keepalived.service [root@KA1 ~]# systemctl start keepalived.service #操作完毕后观察监控中vip的迁移延迟过程

4 通信模式：单播配置

4.1 单播模式配置步骤与验证

（替代组播，适用于跨网段场景）

为什么要单播，组播模式使用的网址资源最少，但是不能跨网络，如果主备两台主机是跨网络的，那么只能启用单播来实现vrrp通告

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

#在KA1中
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     timinglee_zln@163.com
   }
   notification_email_from timinglee_zln@163.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id KA1
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 1
   vrrp_gna_interval 1
   #vrrp_mcast_group4 224.0.0.44			#关闭组播
}

vrrp_instance WEB_VIP {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    unicast_src_ip 172.25.254.50		#指定单播源地址，通常是本机IP
    unicast_peer {
      172.25.254.60						#指定单播接收地址
    }
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:0
    }
}

#在KA2中
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     timinglee_zln@163.com
   }
   notification_email_from timinglee_zln@163.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id KA1
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 1
   vrrp_gna_interval 1
   #vrrp_mcast_group4 224.0.0.44			#关闭组播
}

vrrp_instance WEB_VIP {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    unicast_src_ip 172.25.254.60		#指定单播源地址，通常是本机IP
    unicast_peer {
      172.25.254.50						#指定单播接收地址
    }
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:0
    }
}

[root@KA1 ~]# systemctl restart keepalived.service
[root@KA2 ~]# systemctl restart keepalived.service

#测试
#在KA1中开启独立shell监控播报信息
[root@KA1 ~]# tcpdump -i eth0 -nn src host 172.25.254.50 and dst 172.25.254.60

#在KA2中开启独立shell监控播报信息
[root@KA2 ~]# tcpdump -i eth0 -nn src host 172.25.254.60 and dst 172.25.254.50


#在KA1正常时
#ka2播报信息不显示通告内容

[root@KA1 ~]# systemctl stop keepalived.service

#vip会被迁移到KA2,KA2上开始显示播报内容

[root@KA1 ~]# systemctl start keepalived.service

#vip因为优先级被KA1抢占，KA2中播报停止

4.2 Keepalived业务vip迁移告警

(1) 邮件告警环境构建

1
2
3
4
5
6
7
8
9
10

#安装邮件软件
[root@KA1 ~]#  dnf install s-nail postfix   -y
[root@KA2 ~]#  dnf install s-nail postfix   -y


#启动邮件代理
[root@KA1 ~]# systemctl start postfix.service
[root@KA2 ~]# systemctl start postfix.service

#设定sendmail可以通过公网邮箱发送邮件下面方式人选其一

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

#在Linux主机中配置mailrc（KA1+KA2）
[root@KA1+KA2 ~]# vim /etc/mail.rc
set smtp=smtp.qq.com
set smtp-auth=login
set smtp-auth-user=kaitumei@foxmail.com
set smtp-auth-password=oxsfthfenecmfaae
set from=kaitumei@foxmail.com
set ssl-verify=ignore

#测试邮件
[root@KA1 mail]# echo hello | mailx -s test kaitumei@163.com

[root@KA1 mail]# mailq		#查看邮件队列
Mail queue is empty


[root@KA1 mail]# mail		#查看是否又退信
s-nail version v14.9.22.  Type `?' for help
/var/spool/mail/root: 1 message
▸   1 Mail Delivery Subsys  2026-01-28 16:26   69/2210  "Returned mail: see transcript for details  "
&q 退出


#查看对应邮箱是否有邮件收到

(2) 设定keepalived告警脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

[root@KA1 ~]# mkdir  -p /etc/keepalived/scripts
[root@KA2 ~]#  mkdir  -p /etc/keepalived/scripts

#编写告警脚本
[root@KA1+2 ~]#  vim /etc/keepalived/scripts/waring.sh
#!/bin/bash
mail_dest='kaitumei@163.com'

mail_send()
{
    mail_subj="$HOSTNAME to be $1 vip 转移"
    mail_mess="`date +%F\ %T`: vrrp 转移,$HOSTNAME 变为 $1"
    echo "$mail_mess" | mail -s "$mail_subj" $mail_dest
}
case $1 in
    master)
    mail_send master
    ;;
    backup)
    mail_send backup
    ;;
    fault)
    mail_send fault
    ;;
    *)
    exit 1
    ;;
esac


[root@KA1+2 ~]# chmod  +x /etc/keepalived/scripts/waring.sh

[root@KA1 ~]# /etc/keepalived/scripts/waring.sh master

#对应邮箱中会出现邮件

(3) 配置keepalived告警

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

#在KA1和KA2中设定配置文件
! Configuration File for keepalived

global_defs {
   notification_email {
     timinglee_zln@163.com
   }
   notification_email_from timinglee_zln@163.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id KA1
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 1
   vrrp_gna_interval 1
   vrrp_mcast_group4 224.0.0.44
   enable_script_security
   script_user root
}
vrrp_instance WEB_VIP {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
  # unicast_src_ip 172.25.254.50
  # unicast_peer {
  #   172.25.254.60
#   }
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:0
    }
    notify_master "/etc/keepalived/scripts/waring.sh master"
    notify_backup "/etc/keepalived/scripts/waring.sh backup"
    notify_fault "/etc/keepalived/scripts/waring.sh fault"
}


[root@KA1+2 ~]# systemctl restart keepalived.service



#测试
[root@KA1 ~]# systemctl stop keepalived.service		#停止服务后查看邮件
[root@KA1 ~]# systemctl start keepalived.service	#开启服务后查看邮件

5 架构进阶：双主模式

1. 双主模式核心原理（两个节点各持有独立 VIP，互为主备）

2. 双主模式代理不同业务（实现多业务高可用）

   • 实验环境准备

     1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157

     #在KA1中 [root@KA1 ~]# vim /etc/keepalived/keepalived.conf vrrp_instance WEB_VIP { #第一个虚拟路由，以master身份设定 state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 } } vrrp_instance DB_VIP { #第二个虚拟路由。以backup身份设定 state BACKUP interface eth0 virtual_router_id 52 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.200/24 dev eth0 label eth0:1 } } #KA2中 [root@KA2 ~]# vim /etc/keepalived/keepalived.conf vrrp_instance WEB_VIP { state BACKUP interface eth0 virtual_router_id 51 preempt_delay 10 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 } } vrrp_instance DB_VIP { state MASTER interface eth0 virtual_router_id 52 preempt_delay 10 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.200/24 dev eth0 label eth0:1 } } [root@KA1 ~]# systemctl restart keepalived.service [root@KA2 ~]# systemctl restart keepalived.service #测试 [root@KA1 ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.50 netmask 255.255.255.0 broadcast 172.25.254.255 inet6 fe80::3901:aeea:786a:7227 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet) RX packets 38766 bytes 3548249 (3.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 67456 bytes 6209788 (5.9 MiB) TX errors 0 dropped 2 overruns 0 carrier 0 collisions 0 eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 782 bytes 60465 (59.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 782 bytes 60465 (59.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@KA2 ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.60 netmask 255.255.255.0 broadcast 172.25.254.255 inet6 fe80::26df:35e5:539:56bc prefixlen 64 scopeid 0x20<link> ether 00:0c:29:1e:fd:7a txqueuelen 1000 (Ethernet) RX packets 46164 bytes 3559703 (3.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 38170 bytes 3306899 (3.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.200 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:1e:fd:7a txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 532 bytes 39588 (38.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 532 bytes 39588 (38.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@KA1 ~]# systemctl stop keepalived.service [root@KA2 ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.60 netmask 255.255.255.0 broadcast 172.25.254.255 inet6 fe80::26df:35e5:539:56bc prefixlen 64 scopeid 0x20<link> ether 00:0c:29:1e:fd:7a txqueuelen 1000 (Ethernet) RX packets 46204 bytes 3562823 (3.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 38240 bytes 3313319 (3.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:1e:fd:7a txqueuelen 1000 (Ethernet) eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.200 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:1e:fd:7a txqueuelen 1000 (Ethernet) [root@KA2 ~]# systemctl stop keepalived.service [root@KA1 ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.50 netmask 255.255.255.0 broadcast 172.25.254.255 inet6 fe80::3901:aeea:786a:7227 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet) RX packets 39277 bytes 3653121 (3.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 67902 bytes 6264989 (5.9 MiB) TX errors 0 dropped 2 overruns 0 carrier 0 collisions 0 eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet) eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.200 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet)

   • 不同 VIP 绑定不同业务的配置

     • 实验环境

       1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

       #web服务设定再个实验已经设定完成 #在rs中设定lo添加vip2 172.25.254.200、32 #在rs中搭建数据库 [root@rs1+2 ~]# dnf install mariadb-server -y [root@rs1+2 ~]# systemctl enable --now mariadb [root@rs1+2 ~]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 3 Server version: 10.5.27-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE USER 'hua'@'%' identified by 'hua'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL ON *.* TO 'hua'@'%'; Query OK, 0 rows affected (0.001 sec) #测试 [root@rs1 ~]# mysql -uhua -phua -h172.25.254.10 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 4 Server version: 10.5.27-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> quit [root@rs1 ~]# mysql -ulee -plee -h172.25.254.20 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 4 Server version: 10.5.27-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> quit

     • 实现不同vip代理不同业务

       1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71

       #KA1和KA2 [root@KA1+2 ~]# vim /etc/keepalived/keepalived.conf include /etc/keepalived/conf.d/webserver.conf include /etc/keepalived/conf.d/datebase.conf [root@KA1+2 ~]# vim /etc/keepalived/conf.d/webserver.conf virtual_server 172.25.254.100 80 { delay_loop 6 lb_algo rr lb_kind DR protocol TCP real_server 172.25.254.10 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 1 retry 3 delay_before_retry 1 } } real_server 172.25.254.20 80 { weight 1 TCP_CHECK { connect_timeout 5 retry 3 delay_before_retry 3 connect_port 80 } } } [root@KA1 ~]# vim /etc/keepalived/conf.d/datebase.conf virtual_server 172.25.254.200 3306 { delay_loop 6 lb_algo rr lb_kind DR protocol TCP real_server 172.25.254.10 3306 { weight 1 TCP_CHECK { connect_timeout 5 retry 3 delay_before_retry 3 connect_port 3306 } } real_server 172.25.254.20 3306 { weight 1 TCP_CHECK { connect_timeout 5 retry 3 delay_before_retry 3 connect_port 3306 } } } [root@KA1+2 ~]# systemctl restart keepalived.service [root@rs1+2 ~]# vim /etc/NetworkManager/system-connections/lo.nmconnection address3=172.25.254.200/32 [root@rs1 ~]# nmcli connection reload [root@rs1 ~]# nmcli connection up lo

   • 业务可用性测试（故障模拟与恢复验证）

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

   [root@rs2 ~]# mysql -uhua -phua -h172.25.254.200 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 89 Server version: 10.5.27-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> [Administrator.DESKTOP-VJ307M3] ➤ curl 172.25.254.100 RS1 - 172.25.254.10 ✔ ───────────────────────────────────────────────────────────────────────────────────────────────────── [2026-01-29 11:58.55] ~ [Administrator.DESKTOP-VJ307M3] ➤ curl 172.25.254.100 RS2 - 172.25.254.20

6 实战进阶：全栈高可用方案

1. VRRP Script 环境准备

   1 2 3 4 5 6 7 8 9 10 11 12 13 14

   #在KA1和KA2中安装haproxy [root@KA1+2 ~]# dnf install haproxy-2.4.22-4.el9.x86_64 -y [root@KA1+2 ~]# vim /etc/sysctl.conf net.ipv4.ip_nonlocal_bind=1 [root@KA1+2 ~]# vim /etc/haproxy/haproxy.cfg listen webserver bind 172.25.254.100:80 mode http server web1 172.25.254.10:80 check server web2 172.25.254.20:80 check [root@KA1+2 ~]# systemctl enable --now haproxy.service

2. VRRP Script 实战案例

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176

   #在KA1主机中 [root@KA1 ~]# vim /etc/keepalived/scripts/test.sh #!/bin/bash [ ! -f "/mnt/lee" ] [root@KA1 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id KA1 vrrp_skip_check_adv_addr #vrrp_strict vrrp_garp_interval 1 vrrp_gna_interval 1 vrrp_mcast_group4 224.0.0.44 } vrrp_script check_lee { script "/etc/keepalived/scripts/test.sh" interval 1 weight -30 fall 2 rise 2 timeout 2 user root } vrrp_instance WEB_VIP { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 nopreempt no authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 } track_script { check_lee } } [root@KA2 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { timinglee_zln@163.com } notification_email_from timinglee_zln@163.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id KA2 vrrp_skip_check_adv_addr #vrrp_strict vrrp_garp_interval 1 vrrp_gna_interval 1 vrrp_mcast_group4 224.0.0.44 } vrrp_script check_lee { script "/etc/keepalived/scripts/test.sh" interval 1 weight -30 fall 2 rise 2 timeout 2 user root } vrrp_instance WEB_VIP { state BACKUP interface eth0 virtual_router_id 51 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 } track_script { check_lee } } [root@KA1 ~]# systemctl restart keepalived.service #测试： [root@KA1 ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.50 netmask 255.255.255.0 broadcast 172.25.254.255 inet6 fe80::3901:aeea:786a:7227 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet) RX packets 98198 bytes 9235557 (8.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 145101 bytes 12247386 (11.6 MiB) TX errors 0 dropped 9 overruns 0 carrier 0 collisions 0 eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 932 bytes 72195 (70.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 932 bytes 72195 (70.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@KA1 ~]# touch /mnt/lee [root@KA1 ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.50 netmask 255.255.255.0 broadcast 172.25.254.255 inet6 fe80::3901:aeea:786a:7227 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet) RX packets 97968 bytes 9216259 (8.7 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 144858 bytes 12219108 (11.6 MiB) TX errors 0 dropped 9 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 932 bytes 72195 (70.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 932 bytes 72195 (70.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@KA1 ~]# rm -fr /mnt/lee [root@KA1 ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.50 netmask 255.255.255.0 broadcast 172.25.254.255 inet6 fe80::3901:aeea:786a:7227 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet) RX packets 98198 bytes 9235557 (8.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 145101 bytes 12247386 (11.6 MiB) TX errors 0 dropped 9 overruns 0 carrier 0 collisions 0 eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 932 bytes 72195 (70.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 932 bytes 72195 (70.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

3. Keepalived + Haproxy 整合（实现负载均衡 + 高可用）

   • 整合配置步骤

     1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

     [root@KA1 ~]# vim /etc/keepalived/scripts/haproxy_check.sh #!/bin/bash killall -0 haproxy &> /dev/null [root@KA1 ~]# chmod +x /etc/keepalived/scripts/haproxy_check.sh [root@KA1 ~]# vim /etc/keepalived/keepalived.conf vrrp_script haporxy_check { script "/etc/keepalived/scripts/haproxy_check.sh" interval 1 weight -30 fall 2 rise 2 timeout 2 user root } vrrp_instance WEB_VIP { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 } track_script { haporxy_check } } [root@KA1 ~]# systemctl restart keepalived.service #测试 通过关闭和开启haproxy来观察vip是否迁移

   • 全链路可用性测试