当前位置：首页 > article >正文

keepalived应用

article 2025/3/20 15:20:11

Keepalived 是一个基于 VRRP（虚拟路由冗余协议）实现的高可用解决方案，常用于构建高可用性的服务器集群，特别是在负载均衡场景中，可确保服务的不间断运行。以下为你详细介绍它：

0主要功能

高可用性：借助 VRRP 协议，Keepalived 能在多台服务器间自动切换，当主服务器出现故障时，备用服务器可迅速接替工作，保障服务的持续可用。
负载均衡：Keepalived 可与 LVS（Linux 虚拟服务器）集成，实现对多台服务器的负载均衡，依据预设的算法将客户端请求分发到不同的服务器上。
健康检查：它能对服务器的健康状况进行检查，实时监测服务器的服务状态，一旦发现服务器异常，就会将其从服务列表中移除，待恢复正常后再添加回来。

Keepalived 的工作原理主要基于 VRRP 协议。VRRP 将多台路由器（或服务器）组成一个虚拟路由器，这个虚拟路由器有一个唯一的虚拟 IP 地址（VIP）。在这个虚拟路由器中，有一个主路由器（Master）和多个备用路由器（Backup）。

主路由器：承担处理客户端请求的任务，同时定期发送 VRRP 通告给备用路由器，告知它们自己的存活状态。
备用路由器：处于监听状态，接收主路由器发送的 VRRP 通告。若在一定时间内未收到通告，备用路由器会认为主路由器出现故障，然后通过选举机制选出新的主路由器，并接管虚拟 IP 地址，继续提供服务。

1环境准备

IP地址	主机名	软件	节点
192.168.72.30	master	keepalived, nginx	主节点
192.168.72.32	backup	keepalived, nginx	从节点
192.168.72.100			Vip地址

1.1前期准备

1.1.1修改IP

#master

[root@master ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.33.30/24 ipv4.gateway 192.168.33.30 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@master ~]# nmcli c up ens160

#backup

[root@master ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.33.30/24 ipv4.gateway 192.168.33.30 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@master ~]# nmcli c up ens160

1.1.2关闭防火墙

[root@master ~]# systemctl stop firewalld

[root@backup ~]# systemctl stop firewalld

1.1.3安装nginx服务

#master

[root@master ~]# systemctl stop firewalld
[root@master ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@master ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.

BaseOS 757 kB/s | 2.7 kB 00:00
AppStream 1.3 MB/s | 3.2 kB 00:00
baseos 2.7 MB/s | 2.7 kB 00:00
appstream 3.1 MB/s | 3.2 kB 00:00
Dependencies resolved.
=================================================
Package Arch Version Repo Size
=================================================
Installing:
nginx x86_64 2:1.20.1-20.el9 AppStream 40 k
Installing dependencies:
nginx-core
x86_64 2:1.20.1-20.el9 AppStream 574 k

Transaction Summary
=================================================
Install 2 Packages

Total size: 614 k
Installed size: 1.7 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : nginx-core-2:1.20.1-2 1/2
Installing : nginx-2:1.20.1-20.el9 2/2
Running scriptlet: nginx-2:1.20.1-20.el9 2/2
Verifying : nginx-2:1.20.1-20.el9 1/2
Verifying : nginx-core-2:1.20.1-2 2/2
Installed products updated.

Installed:
nginx-2:1.20.1-20.el9.x86_64
nginx-core-2:1.20.1-20.el9.x86_64

Complete!

#backup

[root@backup ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@backup ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.

BaseOS 1.4 MB/s | 2.7 kB 00:00
AppStream 1.4 MB/s | 3.2 kB 00:00
baseos 2.7 MB/s | 2.7 kB 00:00
appstream 3.1 MB/s | 3.2 kB 00:00
Dependencies resolved.
=============================================
Package
Arch Version Repo Size
=============================================
Installing:
nginx
x86_64 2:1.20.1-20.el9 AppStream 40 k
Installing dependencies:
nginx-core
x86_64 2:1.20.1-20.el9 AppStream 574 k

Transaction Summary
=============================================
Install 2 Packages

Total size: 614 k
Installed size: 1.7 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : nginx-core-2:1.20 1/2
Installing : nginx-2:1.20.1-20 2/2
Running scriptlet: nginx-2:1.20.1-20 2/2
Verifying : nginx-2:1.20.1-20 1/2
Verifying : nginx-core-2:1.20 2/2
Installed products updated.

Installed:
nginx-2:1.20.1-20.el9.x86_64
nginx-core-2:1.20.1-20.el9.x86_64

Complete!

#区分页面

[root@master ~]# echo "hello master" > /usr/share/nginx/html/index.html
[root@backup ~]# echo "hello backup" > /usr/share/nginx/html/index.html

#启动服务

[root@master ~]# systemctl start nginx

[root@backup ~]# systemctl start nginx

#测试

[root@master ~]# curl 192.168.33.30
hello master
[root@backup ~]# curl 192.168.33.32
hello backup

2keepalived配置

2.1下载keepalived

#master

[root@master ~]# dnf install keepalived -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.

Last metadata expiration check: 0:08:59 ago on Tue 18 Mar 2025 07:25:43 PM CST.
Dependencies resolved.
=================================================
Package Arch Version Repo Size
=================================================
Installing:
keepalived x86_64 2.2.8-3.el9 AppStream 564 k

Transaction Summary
=================================================
Install 1 Package

Total size: 564 k
Installed size: 1.6 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : keepalived-2.2.8-3.el 1/1
Running scriptlet: keepalived-2.2.8-3.el 1/1
Verifying : keepalived-2.2.8-3.el 1/1
Installed products updated.

Installed:
keepalived-2.2.8-3.el9.x86_64

Complete!

#backup

[root@backup ~]# dnf install keepalived -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.

Last metadata expiration check: 0:08:59 ago on Tue 18 Mar 2025 07:25:43 PM CST.
Dependencies resolved.
=============================================
Package Arch Version Repo Size
=============================================
Installing:
keepalived
x86_64 2.2.8-3.el9 AppStream 564 k

Transaction Summary
=============================================
Install 1 Package

Total size: 564 k
Installed size: 1.6 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : keepalived-2.2.8- 1/1
Running scriptlet: keepalived-2.2.8- 1/1
Verifying : keepalived-2.2.8- 1/1
Installed products updated.

Installed:
keepalived-2.2.8-3.el9.x86_64

Complete!

2.2配置keepalived

#备份配置文件

[root@master ~]# rpm -qc keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived
[root@master ~]# cp /etc/keepalived//keepalived.conf{,.bak}

[root@backup ~]# rpm -qc keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived
[root@backup ~]# cp /etc/keepalived//keepalived.conf{,.bak}

#master

[root@master ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
router_id master
}

vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.33.100
}
}

#backup

[root@backup ~]# vim /etc/keepalived/keepalived.conf
[root@backup ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
router_id master
}

vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.33.100
}
}

#启动keepalived服务

[root@master ~]# systemctl start keepalived
[root@backup ~]# systemctl start keepalived

#IP查看

[root@master ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:7b:ad:14 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.33.30/24 brd 192.168.33.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.33.100/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe7b:ad14/64 scope link noprefixroute
valid_lft forever preferred_lft forever

[root@backup ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:0f:fe:20 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.33.32/24 brd 192.168.33.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe0f:fe20/64 scope link noprefixroute
valid_lft forever preferred_lft forever
#

#暂停服务，虚拟ip消失

[root@master ~]# systemctl stop keepalived.service
[root@master ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:7b:ad:14 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.33.30/24 brd 192.168.33.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe7b:ad14/64 scope link noprefixroute
valid_lft forever preferred_lft forever

[root@backup ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:0f:fe:20 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.33.32/24 brd 192.168.33.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe0f:fe20/64 scope link noprefixroute
valid_lft forever preferred_lft forever