Keepalived高可用学习总结及实验复现

1.基础简介

1.1Keepalived简介

1.2 VRRP协议原理

VRRP 是一种网络协议，允许多台路由器共享一个虚拟IP地址，实现路由器的高可用

工作模式：

Master（主设备）：实际持有虚拟IP，处理所有发往该IP的请求

Backup（备用设备）：监控Master状态，当Master故障时接管VIP

虚拟路由器：由一组路由器组成的逻辑实体，对外表现为一个具有固定IP的路由器

2.安装keepalived

$root@KA1 \~\]# dnf install keepalived.x86_64 -y \[root@KA2 \~\]# dnf install keepalived.x86_64 -y$

3.配置虚拟路由

KA1为master

#[root@KA1 ~]# vim /etc/keepalived/keepalived.conf

复制代码

global_defs {
  notification_email {
    timinglee_zln@163.com
  }
  notification_email_from timinglee_zln@163.com
  smtp_server 127.0.0.1
  smtp_connect_timeout 30
  router_id KA1
  vrrp_skip_check_adv_addr
  #vrrp_strict
  vrrp_garp_interval 1
  vrrp_gna_interval 1
  vrrp_mcast_group4 224.0.0.44
}
vrrp_instance WEB_VIP {
   state MASTER
   interface eth0
   virtual_router_id 51
   priority 100
   advert_int 1
   authentication {
       auth_type PASS
       auth_pass 1111
   }
   virtual_ipaddress {
       172.25.254.100/24 dev eth0 label eth0:0
   }
}

#[root@KA1 ~]# systemctl enable --now keepalived.service

Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.

#KA2同上

4.验证

$root@KA1 \~\]# tcpdump -i eth0 -nn host 224.0.0.44 11:38:46.183386 IP 172.25.254.50 \> 224.0.0.44: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 11:38:47.184051 IP 172.25.254.50 \> 224.0.0.44: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 11:38:48.184610 IP 172.25.254.50 \> 224.0.0.44: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 11:38:49.185084 IP 172.25.254.50 \> 224.0.0.44: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20$

5.日志分离

默认情况下。keepalived的日志会被保存在/var/log/messages文件中，这个文件中除了含有keepalived的日志外，还有其他服务的日志信息，这样不利于对于keepalived的日志进行查看

$root@KA1 \~\]# vim /etc/sysconfig/keepalived KEEPALIVED_OPTIONS="-D -S 6" \[root@KA1 \~\]# systemctl restart keepalived.service \[root@KA1 \~\]# vim /etc/rsyslog.conf local6.\* /var/log/keepalived.log \[root@KA1 \~\]# systemctl restart rsyslog.service$

#测试

$root@KA1 log\]# ls -l /var/log/keepalived.log ls: 无法访问 'keepalived.log': 没有那个文件或目录 \[root@KA1 log\]# ls keepalived.log keepalived.log$

6.keepalivd业务vip迁移警告

6.1.邮件告警环境构建

#安装邮件软件

$root@KA1 \~\]# dnf install s-nail postfix -y \[root@KA2 \~\]# dnf install s-nail postfix -y$

#启动邮件代理

$root@KA1 \~\]# systemctl start postfix.service \[root@KA2 \~\]# systemctl start postfix.service$

#设定sendmail可以通过公网邮箱发送邮件下面方式人选其一

#在Linux主机中配置mailrc（KA1+KA2）

$root@KA1+KA2 \~\]# vim /etc/mail.rc set smtp=smtp.163.com set smtp-auth=login set smtp-auth-user=timinglee_zln@163.com set smtp-auth-password=TGfdKaJT7EB set from=timinglee_zln@163.com set ssl-verify=ignore$

#测试邮件

$root@KA1 mail\]# echo hello \| mailx -s test 1122334455@qq.com \[root@KA1 mail\]# mailq #查看邮件队列 Mail queue is empty \[root@KA1 mail\]# mail #查看是否又退信 s-nail version v14.9.22. Type \`?' for help /var/spool/mail/root: 1 message ▸ 1 Mail Delivery Subsys 2026-01-28 16:26 69/2210 "Returned mail: see transcript for details " \&q 退出$

#查看对应邮箱是否有邮件收到

6.2.设定keepalived告警脚本

$root@KA1 \~\]# mkdir -p /etc/keepalived/scripts \[root@KA2 \~\]# mkdir -p /etc/keepalived/scripts$

#编写告警脚本

$root@KA1+2 \~\]# vim /etc/keepalived/scripts/waring.sh #!/bin/bash mail_dest='594233887@qq.com' mail_send() { mail_subj="$HOSTNAME to be $1 vip 转移" mail_mess="\`date +%F\\ %T\`: vrrp 转移,$HOSTNAME 变为 $1" echo "$mail_mess" \| mail -s "$mail_subj" $mail_dest } case $1 in master) mail_send master ;; backup) mail_send backup ;; fault) mail_send fault ;; \*) exit 1 ;; esac \[root@KA1+2 \~\]# chmod +x /etc/keepalived/scripts/waring.sh \[root@KA1 \~\]# /etc/keepalived/scripts/waring.sh master$

6.3.配置keepalived告警

#在KA1和KA2中设定配置文件

! Configuration File for keepalived

global_defs {

notification_email {

timinglee_zln@163.com

}

notification_email_from timinglee_zln@163.com

smtp_server 127.0.0.1

smtp_connect_timeout 30

router_id KA1

vrrp_skip_check_adv_addr

#vrrp_strict

vrrp_garp_interval 1

vrrp_gna_interval 1

vrrp_mcast_group4 224.0.0.44

enable_script_security

script_user root

}

vrrp_instance WEB_VIP {

state MASTER

interface eth0

virtual_router_id 51

priority 100

advert_int 1

unicast_src_ip 172.25.254.50

unicast_peer {

172.25.254.60

}

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

172.25.254.100/24 dev eth0 label eth0:0

}

notify_master "/etc/keepalived/scripts/waring.sh master"

notify_backup "/etc/keepalived/scripts/waring.sh backup"

notify_fault "/etc/keepalived/scripts/waring.sh fault"

}
$root@KA1+2 \~\]# systemctl restart keepalived.service$

$root@KA1 \~\]# systemctl stop keepalived.service #停止服务后查看邮件 \[root@KA1 \~\]# systemctl start keepalived.service #开启服务后查看邮件$

7.KeepAlived长链接优化

7.1.设定长链接时间

$root@Nginx \~\]# vim /usr/local/nginx/conf/nginx.conf keepalive_timeout 5; \[root@Nginx \~\]# nginx -s reload$

#测试

$root@Nginx \~\]# dnf install telnet -y \[root@Nginx \~\]# telnet www.timinglee.org 80 Trying 172.25.254.100... Connected to www.timinglee.org. Escape character is '\^\]'. GET / HTTP/1.1 \<\<\<\< Host: www.timinglee.org \<\<\<\< \<\<\< HTTP/1.1 200 OK Server: nginx/1.28.1 Date: Sat, 31 Jan 2026 08:27:02 GMT Content-Type: text/html Content-Length: 10 Last-Modified: Thu, 29 Jan 2026 09:02:15 GMT Connection: keep-alive ETag: "697b2217-a" Accept-Ranges: bytes timinglee 显示的页面出现后根据设定的长链接时间会等待，超过时间后会自动退出 Connection closed by foreign host.$

7.2.设定长链接次数

$root@Nginx \~\]# vim /usr/local/nginx/conf/nginx.conf keepalive_requests 3; \[root@Nginx \~\]# nginx -s reload$

#测试

$root@Nginx \~\]# telnet www.timinglee.org 80 Trying 172.25.254.100... Connected to www.timinglee.org. Escape character is '\^\]'. GET / HTTP/1.1 Host: www.timinglee.org HTTP/1.1 200 OK #第一次 Server: nginx/1.28.1 Date: Sat, 31 Jan 2026 08:32:14 GMT Content-Type: text/html Content-Length: 10 Last-Modified: Thu, 29 Jan 2026 09:02:15 GMT Connection: keep-alive Keep-Alive: timeout=100 ETag: "697b2217-a" Accept-Ranges: bytes timinglee GET / HTTP/1.1 Host: www.timinglee.org HTTP/1.1 200 OK #第二次 Server: nginx/1.28.1 Date: Sat, 31 Jan 2026 08:32:24 GMT Content-Type: text/html Content-Length: 10 Last-Modified: Thu, 29 Jan 2026 09:02:15 GMT Connection: keep-alive Keep-Alive: timeout=100 ETag: "697b2217-a" Accept-Ranges: bytes timinglee GET / HTTP/1.1 Host: www.timinglee.org HTTP/1.1 200 OK #第三次 Server: nginx/1.28.1 Date: Sat, 31 Jan 2026 08:32:35 GMT Content-Type: text/html Content-Length: 10 Last-Modified: Thu, 29 Jan 2026 09:02:15 GMT Connection: close ETag: "697b2217-a" Accept-Ranges: bytes timinglee Connection closed by foreign host.$