目录
[1 实验环境](#1 实验环境)
[2 主备模式](#2 主备模式)
[3 单波模式](#3 单波模式)
[4 日志分离](#4 日志分离)
[5 独立子配置文件](#5 独立子配置文件)
[6 非抢占模式](#6 非抢占模式)
[7 延迟抢占](#7 延迟抢占)
[8 业务VIP迁移告警](#8 业务VIP迁移告警)
[8.1 邮件告警环境](#8.1 邮件告警环境)
[8.2 设定告警脚本](#8.2 设定告警脚本)
[9 双主互备模式](#9 双主互备模式)
1 实验环境
# RS配服务
[root@RS1 ~]# dnf install httpd -y >/dev/null
[root@RS1 ~]# echo RS1 - 172.25.254.20 > /var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd
[2026-02-22 02:16.46] ~
[Is XiaFeng Computer.IsXiaFengComputer] ⮞ curl 172.25.254.20
RS1 - 172.25.254.20
[2026-02-22 02:18.05] ~
[Is XiaFeng Computer.IsXiaFengComputer] ⮞ curl 172.25.254.30
RS2 - 172.25.254.30
# 设定本地解析(四台都有彼此的)
[root@KA1 ~]# vim /etc/hosts
[root@KA1 ~]# tail -n4 /etc/hosts
172.25.254.50 KA1
172.25.254.60 KA2
172.25.254.20 RS1
172.25.254.30 RS1
[root@KA1 ~]# for i in {60,20,30};do
> scp /etc/hosts 172.25.254.$i:/etc/hosts
> done
# KA时间源同步
# KA1允许KA2同步时间源
[root@KA1 ~]# vim /etc/chrony.conf
26 #allow 192.168.0.0/16
27 allow 172.25.254.60/32
28
29 # Serve time even if not synchronized to a time source.
30 #local stratum 10
31 local stratum 10
[root@KA1 ~]# systemctl restart chronyd
[root@KA1 ~]# systemctl enable --now chronyd
# KA2同步KA1时间源
[root@KA2 ~]# vim /etc/chrony.conf
3 #pool 2.rhel.pool.ntp.org iburst
4 pool 172.25.254.50 iburst
[root@KA2 ~]# systemctl restart chronyd
[root@KA2 ~]# systemctl enable --now chronyd
[root@KA2 ~]# chronyc sources -v
………………
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* KA1 2 6 17 4 +1285ns[ +27us] +/- 50ms2 主备模式
# KA1设定为Master,KA2设定为Backup
[root@KA2 ~]# dnf install keepalived.x86_64 -y >/dev/null
# 在Master
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
3 global_defs {
………………
12 router_id KA1
13 vrrp_skip_check_adv_addr
14 #vrrp_strict
15 vrrp_garp_interval 1
16 vrrp_gna_interval 1
17 vrrp_mcast_group4 224.0.0.44
18 }
20 vrrp_instance VI_1 {
………………
30 virtual_ipaddress {
31 172.25.254.100/24 dev eth0 label eth0:0
32 }
33 }
[root@KA1 ~]# keepalived -t -f /etc/keepalived/keepalived.conf
[root@KA1 ~]# systemctl enable --now keepalived.service
[root@KA1 ~]# scp /etc/keepalived/keepalived.conf root@172.25.254.60:/etc/keepalived/keepalived.conf
[root@KA1 ~]# ip a | grep eth0:0$
inet 172.25.254.100/24 scope global secondary eth0:0
# 在Backup
# 改state、priority即可
3 global_defs {
………………
12 router_id KA2
………………
18 }
20 vrrp_instance VI_1 {
21 state BACKUP
22 interface eth0
23 virtual_router_id 51
24 priority 80 # 比主(100)低即可
………………
33 }测试:
3 单波模式
为什么要单播,组播模式使用的网址资源最少,但是不能跨网络,如果主备两台主机是跨网络的,那么只能启用单播来实现vrrp通告。
# KA1
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
3 global_defs {
………………
17 #vrrp_mcast_group4 224.0.0.44 # 关闭组播
18 }
19
20 vrrp_instance WEB_VIP {
………………
24 priority 100
25 advert_int 1
26 unicast_src_ip 172.25.254.50 # 指定单播源地址,通常是本机IP
27 unicast_peer {
28 172.25.254.60 # 指定单播接收地址
29 }
………………
37 }
[root@KA1 ~]# systemctl reload keepalived.service
# KA2
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
3 global_defs {
………………
17 #vrrp_mcast_group4 224.0.0.44
18 }
19
20 vrrp_instance WEB_VIP {
………………
24 priority 80
25 advert_int 1
26 unicast_src_ip 172.25.254.60 # 指定单播源地址,通常是本机IP
27 unicast_peer {
28 172.25.254.50 # 指定单播接收地址
29 }
………………
37 }
[root@KA2 ~]# systemctl reload keepalived.service
# 测试:
# 在KA1正常时KA2播报信息不显示通告内容;KA1出现故障时VIP会被迁移到KA2,KA2上开始显示播报内容,当KA1恢复时,VIP因为优先级被KA1抢占,KA2中播报停止。
4 日志分离
默认情况下。keepalived的日志会被保存在/var/log/messages文件中,这个文件中除了含有keepalived的日志外,还有其他服务的日志信息,这样不利于对于keepalived的日志进行查看
[root@KA1 ~]# vim /etc/sysconfig/keepalived
14 #KEEPALIVED_OPTIONS="-D"
15 KEEPALIVED_OPTIONS="-D -S 6"
[root@KA1 ~]# systemctl restart keepalived.service # 这里用reload的话不会产生文件
[root@KA1 ~]# vim /etc/rsyslog.conf
69 local6.* /var/log/keepalived.log
[root@KA1 ~]# systemctl restart rsyslog.service
[root@KA1 ~]# ll /var/log/keepalived.log
-rw------- 1 root root 6827 Feb 22 04:12 /var/log/keepalived.log5 独立子配置文件
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
19 include /etc/keepalived/conf.d/*.conf #指定独立子配置文件
[root@KA1 ~]# mkdir -p /etc/keepalived/conf.d
[root@KA1 ~]# vim /etc/keepalived/conf.d/webvip.conf
1 vrrp_instance WEB_VIP {
………………
14 }
15
16 vrrp_instance DB_VIP {
………………
28 }
29 }
[root@KA1 ~]# keepalived -t -f /etc/keepalived/keepalived.conf
[root@KA1 ~]# systemctl reload keepalived.service
[root@KA1 ~]# ip a s |grep eth0:1
inet 172.25.254.100/24 scope global secondary eth0:16 非抢占模式
抢占模式 (默认):谁优先级高就把vip放到哪里。
非抢占模式:持有vip只要vrrp通告正常就不做vip迁移
# 非抢占模式互为backup
#kA1中
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance WEB_VIP {
state BACKUP
interface eth0
virtual_router_id 51
nopreempt # 启动非抢占模式
priority 100
………………
}
[root@KA1 ~]# systemctl stop keepalived.service
#KA2中
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance WEB_VIP {
state BACKUP
interface eth0
virtual_router_id 51
nopreempt #开启非抢占模式
priority 80
………………
}
[root@KA2 ~]# systemctl stop keepalived.service
#测试:
[root@KA1 ~]# systemctl start keepalived.service
[root@KA2 ~]# systemctl start keepalived.service
[root@KA1 ~]# ifconfig
………………
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet)
………………
[root@KA1 ~]# systemctl stop keepalived.service
ifconfig[root@KA2 ~]# ifconfig
………………
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:1e:fd:7a txqueuelen 1000 (Ethernet)
………………
# 开启KA1的服务ip不会被抢占到1中
[root@KA1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.50 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::3901:aeea:786a:7227 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet)
RX packets 19102 bytes 1561277 (1.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 35034 bytes 3375682 (3.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
………………7 延迟抢占
# KA1
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
20 vrrp_instance WEB_VIP {
21 state BACKUP # 非抢占模式互为backup
22 interface eth0
23 virtual_router_id 51
24 preempt_delay 10 # 启动延迟抢占,延迟10s抢占
25 priority 100
………………
34 }
[root@KA1 ~]# systemctl stop keepalived.service
# KA2
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
20 vrrp_instance WEB_VIP {
21 state BACKUP
22 interface eth0
23 virtual_router_id 51
24 preempt_delay 10 # 启动延迟抢占,延迟10s抢占
25 priority 80
………………
34 }
[root@KA2 ~]# systemctl stop keepalived.service
# 测试
[root@KA1 ~]# systemctl start keepalived.service
[root@KA2 ~]# systemctl start keepalived.service
[root@KA1 ~]# watch -n 1 ifconfig测试:
8 业务VIP迁移告警
8.1 邮件告警环境
# 安装邮件软件
[root@KA1 ~]# dnf install s-nail postfix -y >/dev/null
[root@KA2 ~]# dnf install s-nail postfix -y >/dev/null
# 启动邮件代理
[root@KA1 ~]# systemctl start postfix.service
[root@KA2 ~]# systemctl start postfix.service开启IMAP/SMT服务
#在Linux主机中配置mailrc(KA1+KA2)
[root@KA1+KA2 ~]# vim /etc/mail.rc
set smtp=smtp.163.com # SMTP 服务器地址
set smtp-auth=login # 认证方式,使用 LOGIN 明文认证
set smtp-auth-user= # 发件邮箱账号
set smtp-auth-password= # 邮箱密码或授权码,授权码就是刚刚开启IMAP/SMT服务时给的
set from= # 发件人显示地址(通常与 smtp-auth-user 相同)
set ssl-verify=ignore # 忽略 SSL 证书验证
#测试邮件
[root@KA1 mail]# echo hello | mailx -s test 2319125958@qq.com
[root@KA1 mail]# mailq # 查看邮件队列
Mail queue is empty
[root@KA1 mail]# mail # 查看是否又退信
s-nail version v14.9.22. Type `?' for help
/var/spool/mail/root: 1 message
▸ 1 Mail Delivery Subsys 2026-01-28 16:26 69/2210 "Returned mail: see transcript for details "
&q # 退出
#查看对应邮箱是否有邮件收到8.2 设定告警脚本
[root@KA1 ~]# mkdir -p /etc/keepalived/scripts
[root@KA2 ~]# mkdir -p /etc/keepalived/scripts
[root@KA1 ~]# vim /etc/keepalived/scripts/warning.sh
#!/bin/bash
mail_dest='2319125958@qq.com'
mail_send()
{
mail_subj="$HOSTNAME to be $1 vip 转移"
mail_mess="`date +%F\ %T`: vrrp 转移,$HOSTNAME 变为 $1"
echo "$mail_mess" | mail -s "$mail_subj" $mail_dest
}
case $1 in
master)
mail_send master
;;
backup)
mail_send backup
;;
fault)
mail_send fault
;;
*)
exit 1
;;
esac
[root@KA1 ~]# chmod +x /etc/keepalived/scripts/warning.sh # 后续配置keepalived告警
[root@KA1 ~]# scp /etc/keepalived/scripts/warning.sh root@172.25.254.60:/etc/keepalived/scripts/warning.sh
[root@KA1 ~]# sh /etc/keepalived/scripts/warning.sh master
# 对应邮箱中会出现邮件
# 配置keepalived告警
global_defs {
notification_email {
2319125958@qq.com # 收件人
}
notification_email_from xiafeng_68@163.com # 发件人显示
smtp_server 127.0.0.1 # 走本地 Postfix
smtp_connect_timeout 30
………………
enable_script_security
script_user root
}
vrrp_instance WEB_VIP {
………………
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
# 使用本地global_defs {}中的脚本时注释掉这些钩子,使用这些钩子时注释掉global_defs {}中的邮件设置。
#notify_master "/etc/keepalived/scripts/waring.sh master"
#notify_backup "/etc/keepalived/scripts/waring.sh backup"
#notify_fault "/etc/keepalived/scripts/waring.sh fault"
}当 KA1 的 WEB_VIP 从 master 变 fault 时:Keepalived 会通过内置 SMTP 逻辑,直接调用本地 Postfix 给notification_email { 收件人 }发一封固定内容的邮件(内容由 Keepalived 内置,无法自定义) 。
| 配置项 | 作用 | 触发方式 | 是否依赖 Postfix |
|---|---|---|---|
global_defs中的 SMTP 配置 |
Keepalived 内置邮件告警 | Keepalived 进程直接触发(无脚本) | 是(依赖本地 SMTP 服务器) |
notify_* 钩子 + 自定义脚本 |
自定义告警(邮件 / 日志 / 其他) | 仅通过 notify_* 钩子触发脚本 |
是(脚本里调用 mail 命令依赖) |
9 双主互备模式
# 双主模式目标:两台服务器各持有一个VIP,互为备份。
# KA1是WEB_VIP主、DB_VIP备;KA2是DB_VIP主、WEB_VIP备。(KA1拿100VIP,KA2拿200VIP)
# KA1
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
20 vrrp_instance WEB_VIP {
21 state MASTER # 第一个虚拟路由,以master身份设定
22 interface eth0
23 virtual_router_id 51
24 priority 100
…………
30 virtual_ipaddress {
31 172.25.254.100/24 dev eth0 label eth0:1
32 }
33 }
34
35 vrrp_instance DB_VIP {
36 state BACKUP # 第二个虚拟路由,以backup身份设定
37 interface eth0
38 virtual_router_id 52
39 priority 80
………………
45 virtual_ipaddress {
46 172.25.254.200/24 dev eth0 label eth0:0
47 }
48 }
[root@KA1 ~]# keepalived -t -f /etc/keepalived/keepalived.conf
[root@KA1 ~]# scp /etc/keepalived/keepalived.conf root@172.25.254.60:/etc/keepalived/keepalived.conf
[root@KA1 ~]# systemctl reload keepalived.service
# KA2
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
20 vrrp_instance WEB_VIP {
21 state BACKUP
22 interface eth0
23 virtual_router_id 51
24 preempt_delay 10 # 避免VIP“抖动”、保障服务就绪
25 priority 80
………………
34 }
35
36 vrrp_instance DB_VIP {
37 state MASTER
38 interface eth0
39 virtual_router_id 52
40 preempt_delay 10
41 priority 100
………………
50 }
[root@KA2 ~]# keepalived -t -f /etc/keepalived/keepalived.conf
(DB_VIP) Warning - preempt delay will not work with initial state MASTER - clearing
[root@KA2 ~]# systemctl reload keepalived.servicepreempt_delay 10:延迟10秒后才会尝试抢占VIP
10 秒的延迟能确保:
故障节点的服务(WEB/DB)完全启动,而非仅 Keepalived 服务启动。
网络、心跳检测稳定,避免因临时网络波动导致的误抢占。
减少 VIP 切换对业务的冲击,给应用层足够的时间适应。
这种延迟机制在高可用环境中非常重要,可以有效避免因网络抖动或不稳定导致的频繁切换。
测试:
