一、Keepalived概述
1.1 什么是Keepalived
Keepalived是一个用C语言编写的开源软件,主要用于实现高可用和负载均衡。它通过VRRP(虚拟路由冗余协议)协议实现服务器故障时的IP地址漂移,从而保证服务的连续性。
1.2 Keepalived的核心功能
| 功能 | 说明 |
|---|---|
| 高可用(HA) | 通过VRRP实现主备切换,保证服务不中断 |
| 健康检查 | 定期检测后端服务器状态,自动剔除故障节点 |
| 负载均衡(LVS) | 与LVS集成,实现四层负载均衡 |
| 故障通知 | 支持自定义脚本,实现故障告警 |
1.3 Keepalived vs Nginx负载均衡
| 特性 | Keepalived + LVS | Nginx |
|---|---|---|
| 工作层级 | 四层(传输层) | 七层(应用层) |
| 性能 | 极高,接近硬件负载均衡 | 较高,但有七层处理开销 |
| 功能 | 相对简单 | 功能丰富,支持URL路由、缓存等 |
| 配置复杂度 | 较低 | 中等 |
| 适用场景 | 高性能TCP/UDP负载均衡 | Web应用、API网关 |
注意:Keepalived通常与Nginx配合使用------Keepalived提供高可用(VIP漂移),Nginx提供七层负载均衡。
二、Keepalived工作原理
2.1 VRRP协议简介
VRRP(Virtual Router Redundancy Protocol)是一种容错协议,将多台路由器虚拟成一个虚拟路由器,通过竞选机制确定主路由器,其他作为备份。
2.2 VRRP工作机制
-
优先级竞选:优先级最高的设备成为Master
-
心跳检测:Master定期发送VRRP通告报文
-
故障切换:Backup在超时后未收到通告,自动接管VIP
-
抢占模式:高优先级设备恢复后可自动抢占Master角色
2.3 Keepalived进程架构
text
Keepalived
├── Watchdog(看门狗)
│ └── 监控子进程状态
├── Master进程
│ └── 负责VRRP协议处理
└── Healthcheck进程
└── 负责后端服务健康检查三、Keepalived安装
3.1 环境准备
bash
# 环境规划(示例)
主服务器: 192.168.1.101
备服务器: 192.168.1.102
虚拟IP: 192.168.1.100
# 确保服务器时间同步
ntpdate ntp.aliyun.com
# 关闭防火墙或开放VRRP协议(IP协议号112)
# 方式1:关闭防火墙(仅测试环境)
systemctl stop firewalld
systemctl disable firewalld
# 方式2:开放VRRP(生产环境推荐)
firewall-cmd --permanent --add-rich-rule='rule protocol value="vrrp" accept'
firewall-cmd --reload3.2 安装Keepalived
bash
# Ubuntu/Debian
apt-get update
apt-get install -y keepalived
# CentOS/RHEL
yum install -y keepalived
# 验证安装
keepalived -v
# 设置开机自启
systemctl enable keepalived四、基础高可用配置
4.1 主服务器配置
bash
# /etc/keepalived/keepalived.conf
vim /etc/keepalived/keepalived.confini
! Configuration File for keepalived
global_defs {
# 路由器标识,同一集群内唯一
router_id LVS_MASTER
# 启用脚本检查
enable_script_security
# 脚本执行用户
script_user root
}
# VRRP实例配置
vrrp_instance VI_1 {
# 角色:MASTER(主服务器)
state MASTER
# 网卡接口(根据实际修改)
interface eth0
# 虚拟路由ID,同一集群内一致(1-255)
virtual_router_id 51
# 优先级(主服务器设置更高)
priority 100
# VRRP通告间隔(秒)
advert_int 1
# 认证配置
authentication {
auth_type PASS
auth_pass 123456
}
# 虚拟IP地址
virtual_ipaddress {
192.168.1.100/24 dev eth0
192.168.1.101/24 dev eth0 # 可配置多个VIP
}
# 抢占模式(默认开启)
preempt
# 延迟抢占时间(秒)
preempt_delay 5
# 通知脚本
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}4.2 备服务器配置
ini
! Configuration File for keepalived
global_defs {
router_id LVS_BACKUP
enable_script_security
script_user root
}
vrrp_instance VI_1 {
# 角色:BACKUP(备服务器)
state BACKUP
interface eth0
virtual_router_id 51
priority 90 # 优先级低于主服务器
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.1.100/24 dev eth0
}
# 抢占模式(备服务器通常开启,但可关闭)
preempt
# 通知脚本
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}4.3 通知脚本
bash
# /etc/keepalived/notify.sh
#!/bin/bash
# 状态变化通知脚本
# 参数: $1 - 状态 (master/backup/fault)
case "$1" in
master)
echo "$(date): 成为MASTER节点" >> /var/log/keepalived.log
# 可在此添加业务操作,如启动服务、发送告警等
;;
backup)
echo "$(date): 成为BACKUP节点" >> /var/log/keepalived.log
;;
fault)
echo "$(date): 节点故障" >> /var/log/keepalived.log
;;
*)
echo "$(date): 未知状态" >> /var/log/keepalived.log
;;
esac
# 发送告警(可选)
# curl -X POST https://your-alert-api/alert -d "status=$1"bash
chmod +x /etc/keepalived/notify.sh4.4 启动与验证
bash
# 启动Keepalived
systemctl start keepalived
# 查看状态
systemctl status keepalived
# 查看VIP
ip addr show eth0
# 应看到192.168.1.100/24
# 查看Keepalived日志
tail -f /var/log/messages | grep Keepalived
# 测试故障切换
# 在主服务器上停止Keepalived
systemctl stop keepalived
# 在备服务器上查看VIP是否漂移
ip addr show eth0