Keepalived 是 Linux 下轻量级、开源、基于 VRRP 协议 的高可用(HA)与负载均衡管理工具,核心解决单点故障 与自动故障转移 问题,广泛用于构建高可用集群;是构建 轻量级、低成本、高可靠 集群的首选工具,尤其适合 主备模式 与 LVS/Nginx 负载均衡 场景。它通过 VRRP 实现 VIP 漂移,配合健康检查与脚本扩展,可快速实现服务高可用,是 Linux 运维中解决单点故障的核心方案。
一.环境配置
为ka1,ka2,rs1,rs2配置ip地址:
在rs1和rs2上部署httpd:
bash
[root@rs1 ~] dnf install httpd -y
[root@rs1 ~] echo RS1 - 172.25.254.10 > /var/www/html/index.html
[root@rs1 ~] systemctl enable --now httpd
[root@rs2 ~] dnf install httpd -y
[root@rs2 ~] echo RS2 - 172.25.254.20 > /var/www/html/index.html
[root@rs2 ~] systemctl enable --now httpd
在ka1,ka2,rs1,rs2上设定本地解析:
bash
[root@KA1 ~] vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.50 KA1
172.25.254.60 KA2
172.25.254.10 rs1
172.25.254.20 rs2
# 同步到ka2,rs1,rs2
[root@KA1 ~] for i in 60 10 20
> do
> scp /etc/hosts 172.25.254.$i:/etc/hosts
> done
在ka1中开启时间同步服务:
bash
[root@KA1 ~] vim /etc/chrony.conf
allow 0.0.0.0/0
local stratum 10
[root@KA1 ~] systemctl restart chronyd
[root@KA1 ~] systemctl enable --now chronyd
在ka2中使用ka1的时间同步服务:
bash
[root@KA2 ~] vim /etc/chrony.conf
pool 172.25.254.50 iburst
[root@KA2 ~] systemctl restart chronyd
[root@KA2 ~] systemctl enable --now chronyd
二.Keepalived虚拟路由配置
1.Keepalived安装
bash
[root@KA1 ~] dnf install keepalived.x86_64 -y
[root@KA2 ~] dnf install keepalived.x86_64 -y2.配置虚拟路由
bash
#在master
[root@KA1 ~] vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
timinglee_zln@163.com
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 1
vrrp_gna_interval 1
vrrp_mcast_group4 224.0.0.44
}
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
[root@KA1 ~] systemctl enable --now keepalived.service
在KA2中设定:
bash
[root@KA2 ~] vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
timinglee_zln@163.com
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 1
vrrp_gna_interval 1
vrrp_mcast_group4 224.0.0.44
}
vrrp_instance WEB_VIP {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
[root@KA2 ~] systemctl enable --now keepalived.service
验证:
测试故障:
#在kA1中模拟故障
在KA2中看vip是否被迁移到当前主机:
3.Keepalived日志分离
默认情况下。keepalived的日志会被保存在/var/log/messages文件中,这个文件中除了含有keepalived的日志外,还有其他服务的日志信息,这样不利于对于keepalived的日志进行查看。
bash
[root@KA1 ~] vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
[root@KA1 ~] systemctl restart keepalived.service
[root@KA1 ~] vim /etc/rsyslog.conf
local7.* /var/log/keepalived.log
[root@KA1 ~] systemctl restart rsyslog.service
三.Keepalived的子配置文件设定
[root@KA1 ~] vim /etc/keepalived/keepalived.conf
include /etc/keepalived/conf.d/*.conf #指定独立子配置文件
[root@KA1 ~] mkdir /etc/keepalived/conf.d -p
[root@KA1 ~] vim /etc/keepalived/conf.d/webvip.conf
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
[root@KA1 ~] keepalived -t -f /etc/keepalived/keepalived.conf #语法检查
[root@KA1 ~] systemctl restart keepalived.service
四.抢占模式和非抢占模式
1.抢占模式( 默认的,谁优先级高就把vip放到哪里)
2.非抢占模式(持有vip只要vrrp通告正常就不做vip迁移)
bash
[root@KA1 ~] vim /etc/keepalived/conf.d/webvip.conf
vrrp_instance WEB_VIP {
state BACKUP #非抢占模式互为backup
interface eth0
virtual_router_id 51
nopreempt #启动非抢占模式
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
[root@KA1 ~] systemctl stop keepalived.service
#KA2中
[root@KA2 ~] vim /etc/keepalived/conf.d/webvip.conf
vrrp_instance WEB_VIP {
state BACKUP
interface eth0
virtual_router_id 51
nopreempt #开启非抢占模式
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
[root@KA2 ~] systemctl stop keepalived.serviceka1中:
ka2中:
测试:
3.延迟抢占(抢占延迟模式,即优先级高的主机恢复后,不会立即抢回VIP,而是延迟一段时间(默认300s)再抢回 VIP)
bash
#kA1中
[root@KA1 ~] vim /etc/keepalived/conf.d/webvip.conf
vrrp_instance WEB_VIP {
state BACKUP #非抢占模式互为backup
interface eth0
virtual_router_id 51
preempt_delay 10 #启动延迟抢占,延迟10s抢占
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
[root@KA1 ~] systemctl stop keepalived.service
#KA2中
[root@KA2 ~] vim /etc/keepalived/conf.d/webvip.conf
vrrp_instance WEB_VIP {
state BACKUP
interface eth0
virtual_router_id 51
preempt_delay 10 #启动延迟抢占,延迟10s抢占
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
[root@KA2 ~] systemctl stop keepalived.serviceka1:
ka2:
五.keepalived的单播模式
为什么要单播,组播模式使用的网址资源最少,但是不能跨网络,如果主备两台主机是跨网络的,那么只能启用单播来实现vrrp通告
bash
#在KA1中
[root@KA1 ~] vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
timinglee_zln@163.com
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 1
vrrp_gna_interval 1
#vrrp_mcast_group4 224.0.0.44 #关闭组播
}
[root@KA1 ~] vim /etc/keepalived/conf.d/webvip.conf
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
unicast_src_ip 172.25.254.50 #指定单播源地址,通常是本机IP
unicast_peer {
172.25.254.60 #指定单播接收地址
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
#在KA2中
[root@KA2 ~] vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
timinglee_zln@163.com
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 1
vrrp_gna_interval 1
#vrrp_mcast_group4 224.0.0.44 #关闭组播
}
[root@KA2 ~] vim /etc/keepalived/conf.d/webvip.conf
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
unicast_src_ip 172.25.254.60 #指定单播源地址,通常是本机IP
unicast_peer {
172.25.254.50 #指定单播接收地址
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
[root@KA1 ~] systemctl restart keepalived.service
[root@KA2 ~] systemctl restart keepalived.serviceka1中:
ka2中:
bash
#测试
#在KA1中开启独立shell监控播报信息
[root@KA1 ~] tcpdump -i eth0 -nn src host 172.25.254.50 and dst 172.25.254.60
#在KA2中开启独立shell监控播报信息
[root@KA2 ~] tcpdump -i eth0 -nn src host 172.25.254.60 and dst 172.25.254.50
#在KA1正常时
#ka2播报信息不显示通告内容
[root@KA1 ~] systemctl stop keepalived.service
#vip会被迁移到KA2,KA2上开始显示播报内容
[root@KA1 ~] systemctl start keepalived.service
#vip因为优先级被KA1抢占,KA2中播报停止六.Keepalived 通知
1.Keepalived业务vip迁移告警
bash
#安装邮件软件
[root@KA1 ~] dnf install s-nail postfix -y
[root@KA2 ~] dnf install s-nail postfix -y
#启动邮件代理
[root@KA1 ~] systemctl start postfix.service
[root@KA2 ~] systemctl start postfix.service设定sendmail可以通过公网邮箱发送邮件
bash
#在Linux主机中配置mailrc(KA1+KA2)
[root@KA1+KA2 ~] vim /etc/mail.rc
set smtp=smtp.qq.com
set smtp-auth=login
set smtp-auth-user=邮箱@qqcom
set smtp-auth-password=(个人授权码)
set from=邮箱@qq.com
set ssl-verify=ignore
[root@KA1+KA2 ~] systemctl restart postfix.service
#测试邮件
[root@KA1 mail] echo hello | mailx -s test 邮箱@qq.com
[root@KA1 mail] mailq #查看邮件队列
Mail queue is empty
[root@KA1 mail] mail #查看是否又退信
s-nail version v14.9.22. Type `?' for help
/var/spool/mail/root: 1 message
▸ 1 Mail Delivery Subsys 2026-01-28 16:26 69/2210 "Returned mail: see transcript for details "
&q 退出
2.设定keepalived告警脚本
bash
[root@KA1 ~] mkdir -p /etc/keepalived/scripts
[root@KA2 ~] mkdir -p /etc/keepalived/scripts
#编写告警脚本
[root@KA1+2 ~] vim /etc/keepalived/scripts/waring.sh
#!/bin/bash
mail_dest='邮箱@qq.com'
mail_send()
{
mail_subj="$HOSTNAME to be $1 vip 转移"
mail_mess="`date +%F\ %T`: vrrp 转移,$HOSTNAME 变为 $1"
echo "$mail_mess" | mail -s "$mail_subj" $mail_dest
}
case $1 in
master)
mail_send master
;;
backup)
mail_send backup
;;
fault)
mail_send fault
;;
*)
exit 1
;;
esac
[root@KA1+2 ~] chmod +x /etc/keepalived/scripts/waring.sh
[root@KA1 ~] /etc/keepalived/scripts/waring.sh master
#对应邮箱中会出现邮件
3.配置keepalived告警
bash
#在KA1和KA2中设定配置文件
[root@KA1+KA2 ~] vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
timinglee_zln@163.com
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 1
vrrp_gna_interval 1
vrrp_mcast_group4 224.0.0.44
enable_script_security
script_user root
}
[root@KA1+KA2 ~] vim /etc/keepalived/conf.d/webvip.conf
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
# unicast_src_ip 172.25.254.50
# unicast_peer {
# 172.25.254.60
# }
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
notify_master "/etc/keepalived/scripts/waring.sh master"
notify_backup "/etc/keepalived/scripts/waring.sh backup"
notify_fault "/etc/keepalived/scripts/waring.sh fault"
}
[root@KA1+2 ~]# systemctl restart keepalived.service
#测试
[root@KA1 ~]# systemctl stop keepalived.service #停止服务后查看邮件
[root@KA1 ~]# systemctl start keepalived.service #开启服务后查看邮件ka1:
ka2:
测试:
bash
[root@KA1 ~] systemctl stop keepalived.service #停止服务后查看邮件
[root@KA1 ~] systemctl start keepalived.service #开启服务后查看邮件
七.Keepalived双主模式
#在KA1中
[root@KA1 ~] vim vim /etc/keepalived/conf.d/webvip.conf
vrrp_instance WEB_VIP { #第一个虚拟路由,以master身份设定
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
vrrp_instance DB_VIP { #第二个虚拟路由。以backup身份设定
state BACKUP
interface eth0
virtual_router_id 52
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:1
}
}
#KA2中
[root@KA2 ~] vim /etc/keepalived/conf.d/webvip.conf
vrrp_instance WEB_VIP {
state BACKUP
interface eth0
virtual_router_id 51
preempt_delay 10
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
vrrp_instance DB_VIP {
state MASTER
interface eth0
virtual_router_id 52
preempt_delay 10
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:1
}
}
[root@KA1 ~] systemctl restart keepalived.service
[root@KA2 ~] systemctl restart keepalived.serviceka1中:
ka2中:
关闭ka1服务后:
关闭ka2服务后:
八.实现IPVS的高可用性
1.配置RS
bash
root@rs1+2 ~] cd /etc/NetworkManager/system-connections/
[root@rs1+2] system-connections]# ls
eth0.nmconnection
[root@rs1+2 system-connections] cp eth0.nmconnection lo.nmconnection -p
[root@rs1+2 system-connections] vim lo.nmconnection
[connection]
id=lo
type=loopback
interface-name=lo
[ipv4]
method=manual
address1=127.0.0.1/8
address2=172.25.254.100/32
[root@rs1+2 system-connections] nmcli connection reload
[root@rs1+2 system-connections] nmcli connection up lo
[root@rs1+2 system-connections] vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
[root@rs1+2 system-connections] sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
#安装ipvsadm
[root@KA1+KA2 ~] dnf install ipvsadm -yrs1:
rs2:
2.实现方法
bash
[root@KA1 ~] vim /etc/keepalived/keepalived.conf
测试:
bash
[root@KA1 ~] yum install -y ipvsadm
[root@KA1 ~] watch -n 1 ipvsadm -Ln
在RS1中关闭web服务查看lvs策略是否变化:
bash
[root@rs1 ~] systemctl stop httpd.service
把ka1中的keepalived关闭查看ka2中是否自动生成lvs策略:
九.双主模式代理不同业务实现高可用
1.实验环境
bash
#web服务设定在上个实验已经设定完成
#在rs中设定lo添加vip2 172.25.254.200、32
#在rs中搭建数据库
[root@rs1+2 ~] dnf install mariadb-server -y
[root@rs1+2 ~] systemctl enable --now mariadb
[root@rs1+2 ~] mysql
MariaDB [(none)]> CREATE USER lee@'%' identified by 'lee';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL ON *.* TO lee@'%';
Query OK, 0 rows affected (0.001 sec)
测试:
2.实现不同vip代理不同业务
bash
#KA1和KA2
[root@KA1+2 ~] vim /etc/keepalived/keepalived.conf
include /etc/keepalived/conf.d/webserver.conf
include /etc/keepalived/conf.d/datebase.conf
[root@KA1+2 ~] vim /etc/keepalived/conf.d/webserver.conf
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 172.25.254.10 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
retry 3
delay_before_retry 1
}
}
real_server 172.25.254.20 80 {
weight 1
TCP_CHECK {
connect_timeout 5
retry 3
delay_before_retry 3
connect_port 80
}
}
}
[root@KA1 ~] vim /etc/keepalived/conf.d/datebase.conf
virtual_server 172.25.254.200 3306 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 172.25.254.10 3306 {
weight 1
TCP_CHECK {
connect_timeout 5
retry 3
delay_before_retry 3
connect_port 3306
}
}
real_server 172.25.254.20 3306 {
weight 1
TCP_CHECK {
connect_timeout 5
retry 3
delay_before_retry 3
connect_port 3306
}
}
}
[root@KA1+2 ~] systemctl restart keepalived.service在rs1,rs2中设定lo添加vip2 172.25.254.200/32
测试:
