keepalived应用 - 技术栈

Keepalived 是一个基于 VRRP（虚拟路由冗余协议）实现的高可用解决方案，常用于构建高可用性的服务器集群，特别是在负载均衡场景中，可确保服务的不间断运行。以下为你详细介绍它：

0主要功能

高可用性：借助 VRRP 协议，Keepalived 能在多台服务器间自动切换，当主服务器出现故障时，备用服务器可迅速接替工作，保障服务的持续可用。
负载均衡：Keepalived 可与 LVS（Linux 虚拟服务器）集成，实现对多台服务器的负载均衡，依据预设的算法将客户端请求分发到不同的服务器上。
健康检查：它能对服务器的健康状况进行检查，实时监测服务器的服务状态，一旦发现服务器异常，就会将其从服务列表中移除，待恢复正常后再添加回来。

Keepalived 的工作原理主要基于 VRRP 协议。VRRP 将多台路由器（或服务器）组成一个虚拟路由器，这个虚拟路由器有一个唯一的虚拟 IP 地址（VIP）。在这个虚拟路由器中，有一个主路由器（Master）和多个备用路由器（Backup）。

主路由器：承担处理客户端请求的任务，同时定期发送 VRRP 通告给备用路由器，告知它们自己的存活状态。
备用路由器：处于监听状态，接收主路由器发送的 VRRP 通告。若在一定时间内未收到通告，备用路由器会认为主路由器出现故障，然后通过选举机制选出新的主路由器，并接管虚拟 IP 地址，继续提供服务。

1环境准备

IP地址	主机名	软件	节点
192.168.72.30	master	keepalived, nginx	主节点
192.168.72.32	backup	keepalived, nginx	从节点
192.168.72.100			Vip地址

1.1前期准备

1.1.1修改IP

#master
$root@master \~\]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.33.30/24 ipv4.gateway 192.168.33.30 ipv4.dns 223.5.5.5 connection.autoconnect yes \[root@master \~\]# nmcli c up ens160 #backup \[root@master \~\]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.33.30/24 ipv4.gateway 192.168.33.30 ipv4.dns 223.5.5.5 connection.autoconnect yes \[root@master \~\]# nmcli c up ens160$

1.1.2关闭防火墙

$root@master \~\]# systemctl stop firewalld \[root@backup \~\]# systemctl stop firewalld$

1.1.3安装nginx服务

#master
$root@master \~\]# systemctl stop firewalld \[root@master \~\]# mount /dev/sr0 /mnt mount: /mnt: WARNING: source write-protected, mounted read-only. \[root@master \~\]# dnf install nginx -y Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. BaseOS 757 kB/s \| 2.7 kB 00:00 AppStream 1.3 MB/s \| 3.2 kB 00:00 baseos 2.7 MB/s \| 2.7 kB 00:00 appstream 3.1 MB/s \| 3.2 kB 00:00 Dependencies resolved. ================================================= Package Arch Version Repo Size ================================================= Installing: nginx x86_64 2:1.20.1-20.el9 AppStream 40 k Installing dependencies: nginx-core x86_64 2:1.20.1-20.el9 AppStream 574 k Transaction Summary ================================================= Install 2 Packages Total size: 614 k Installed size: 1.7 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : nginx-core-2:1.20.1-2 1/2 Installing : nginx-2:1.20.1-20.el9 2/2 Running scriptlet: nginx-2:1.20.1-20.el9 2/2 Verifying : nginx-2:1.20.1-20.el9 1/2 Verifying : nginx-core-2:1.20.1-2 2/2 Installed products updated. Installed: nginx-2:1.20.1-20.el9.x86_64 nginx-core-2:1.20.1-20.el9.x86_64 Complete! #backup \[root@backup \~\]# mount /dev/sr0 /mnt mount: /mnt: WARNING: source write-protected, mounted read-only. \[root@backup \~\]# dnf install nginx -y Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. BaseOS 1.4 MB/s \| 2.7 kB 00:00 AppStream 1.4 MB/s \| 3.2 kB 00:00 baseos 2.7 MB/s \| 2.7 kB 00:00 appstream 3.1 MB/s \| 3.2 kB 00:00 Dependencies resolved. ============================================= Package Arch Version Repo Size ============================================= Installing: nginx x86_64 2:1.20.1-20.el9 AppStream 40 k Installing dependencies: nginx-core x86_64 2:1.20.1-20.el9 AppStream 574 k Transaction Summary ============================================= Install 2 Packages Total size: 614 k Installed size: 1.7 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : nginx-core-2:1.20 1/2 Installing : nginx-2:1.20.1-20 2/2 Running scriptlet: nginx-2:1.20.1-20 2/2 Verifying : nginx-2:1.20.1-20 1/2 Verifying : nginx-core-2:1.20 2/2 Installed products updated. Installed: nginx-2:1.20.1-20.el9.x86_64 nginx-core-2:1.20.1-20.el9.x86_64 Complete! #区分页面 \[root@master \~\]# echo "hello master" \> /usr/share/nginx/html/index.html \[root@backup \~\]# echo "hello backup" \> /usr/share/nginx/html/index.html #启动服务 \[root@master \~\]# systemctl start nginx \[root@backup \~\]# systemctl start nginx #测试 \[root@master \~\]# curl 192.168.33.30 hello master \[root@backup \~\]# curl 192.168.33.32 hello backup$

2keepalived配置

2.1下载keepalived

#master
$root@master \~\]# dnf install keepalived -y Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. Last metadata expiration check: 0:08:59 ago on Tue 18 Mar 2025 07:25:43 PM CST. Dependencies resolved. ================================================= Package Arch Version Repo Size ================================================= Installing: keepalived x86_64 2.2.8-3.el9 AppStream 564 k Transaction Summary ================================================= Install 1 Package Total size: 564 k Installed size: 1.6 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : keepalived-2.2.8-3.el 1/1 Running scriptlet: keepalived-2.2.8-3.el 1/1 Verifying : keepalived-2.2.8-3.el 1/1 Installed products updated. Installed: keepalived-2.2.8-3.el9.x86_64 Complete! #backup \[root@backup \~\]# dnf install keepalived -y Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. Last metadata expiration check: 0:08:59 ago on Tue 18 Mar 2025 07:25:43 PM CST. Dependencies resolved. ============================================= Package Arch Version Repo Size ============================================= Installing: keepalived x86_64 2.2.8-3.el9 AppStream 564 k Transaction Summary ============================================= Install 1 Package Total size: 564 k Installed size: 1.6 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : keepalived-2.2.8- 1/1 Running scriptlet: keepalived-2.2.8- 1/1 Verifying : keepalived-2.2.8- 1/1 Installed products updated. Installed: keepalived-2.2.8-3.el9.x86_64 Complete!$

2.2配置keepalived

#备份配置文件
$root@master \~\]# rpm -qc keepalived /etc/keepalived/keepalived.conf /etc/sysconfig/keepalived \[root@master \~\]# cp /etc/keepalived//keepalived.conf{,.bak} \[root@backup \~\]# rpm -qc keepalived /etc/keepalived/keepalived.conf /etc/sysconfig/keepalived \[root@backup \~\]# cp /etc/keepalived//keepalived.conf{,.bak} #master \[root@master \~\]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id master } vrrp_instance VI_1 { state MASTER interface ens160 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.33.100 } } #backup \[root@backup \~\]# vim /etc/keepalived/keepalived.conf \[root@backup \~\]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id master } vrrp_instance VI_1 { state MASTER interface ens160 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.33.100 } } #启动keepalived服务 \[root@master \~\]# systemctl start keepalived \[root@backup \~\]# systemctl start keepalived #IP查看 \[root@master \~\]# ip add 1: lo: \ mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens160: \ mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:7b:ad:14 brd ff:ff:ff:ff:ff:ff altname enp3s0 inet 192.168.33.30/24 brd 192.168.33.255 scope global noprefixroute ens160 valid_lft forever preferred_lft forever inet 192.168.33.100/32 scope global ens160 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe7b:ad14/64 scope link noprefixroute valid_lft forever preferred_lft forever \[root@backup \~\]# ip add 1: lo: \ mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens160: \ mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:0f:fe:20 brd ff:ff:ff:ff:ff:ff altname enp3s0 inet 192.168.33.32/24 brd 192.168.33.255 scope global noprefixroute ens160 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe0f:fe20/64 scope link noprefixroute valid_lft forever preferred_lft forever # #暂停服务，虚拟ip消失 \[root@master \~\]# systemctl stop keepalived.service \[root@master \~\]# ip add 1: lo: \ mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens160: \ mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:7b:ad:14 brd ff:ff:ff:ff:ff:ff altname enp3s0 inet 192.168.33.30/24 brd 192.168.33.255 scope global noprefixroute ens160 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe7b:ad14/64 scope link noprefixroute valid_lft forever preferred_lft forever \[root@backup \~\]# ip add 1: lo: \ mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens160: \ mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:0f:fe:20 brd ff:ff:ff:ff:ff:ff altname enp3s0 inet 192.168.33.32/24 brd 192.168.33.255 scope global noprefixroute ens160 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe0f:fe20/64 scope link noprefixroute valid_lft forever preferred_lft forever$

实验完成！！！