利用VRRP Script 实现全能高可用

2301_816374332026-05-06 13:44

一、实验整体目标

简单说:让对外提供服务的 VIP(172.25.254.100)始终绑定在健康的服务器上,即使其中一台服务器的 HAProxy 挂了 / 关键文件丢失,VIP 会自动漂移到另一台正常的服务器,保证用户访问 VIP 时服务不中断。

实验分 3 个核心阶段:

部署 HAProxy(四层 / 七层反向代理),让它代理后端 web 服务;

用 VRRP Script 检测 "关键文件是否存在",验证 Keepalived 的脚本检测能力;

用 VRRP Script 检测 HAProxy 进程是否存活,实现 HAProxy+Keepalived 的高可用。

1.实验环境

复制代码 
#在KA1和KA2中安装haproxy
[root@KA1+2 ~]# dnf install haproxy-2.4.22-4.el9.x86_64  -y
[root@KA1 ~]# vim /etc/sysctl.conf

[root@KA1+2 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1

[root@KA1+2 ~]# vim /etc/haproxy/haproxy.cfg
listen webserver
    bind 172.25.254.100:80
    mode http
    server web1 172.25.254.10:80 check
    server web2 172.25.254.20:80 check
    
[root@KA1+2 ~]# systemctl enable --now haproxy.service

2.利用案例理解vrrp_scripts

复制代码 
#在KA1主机中
[root@KA1 ~]# vim /etc/keepalived/scripts/test.sh
#!/bin/bash
[ ! -f "/mnt/lee" ]

[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_script check_lee {
    script "/etc/keepalived/scripts/test.sh"
    interval 1
    weight -30
    fall 2
    rise 2
    timeout 2
    user root
}
vrrp_instance DB_VIP {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:1
    }
    track_script {
        check_lee
    }
}

[root@KA1 ~]# systemctl restart keepalived.service


#测试:
[root@KA1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.50  netmask 255.255.255.0  broadcast 172.25.254.255
        inet6 fe80::3901:aeea:786a:7227  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:26:33:d9  txqueuelen 1000  (Ethernet)
        RX packets 98198  bytes 9235557 (8.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 145101  bytes 12247386 (11.6 MiB)
        TX errors 0  dropped 9 overruns 0  carrier 0  collisions 0

eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.100  netmask 255.255.255.0  broadcast 0.0.0.0
        ether 00:0c:29:26:33:d9  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 932  bytes 72195 (70.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 932  bytes 72195 (70.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@KA1 ~]# touch /mnt/lee

[root@KA1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.50  netmask 255.255.255.0  broadcast 172.25.254.255
        inet6 fe80::3901:aeea:786a:7227  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:26:33:d9  txqueuelen 1000  (Ethernet)
        RX packets 97968  bytes 9216259 (8.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 144858  bytes 12219108 (11.6 MiB)
        TX errors 0  dropped 9 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 932  bytes 72195 (70.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 932  bytes 72195 (70.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@KA1 ~]# rm -fr /mnt/lee

[root@KA1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.50  netmask 255.255.255.0  broadcast 172.25.254.255
        inet6 fe80::3901:aeea:786a:7227  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:26:33:d9  txqueuelen 1000  (Ethernet)
        RX packets 98198  bytes 9235557 (8.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 145101  bytes 12247386 (11.6 MiB)
        TX errors 0  dropped 9 overruns 0  carrier 0  collisions 0

eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.100  netmask 255.255.255.0  broadcast 0.0.0.0  
        ether 00:0c:29:26:33:d9  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 932  bytes 72195 (70.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 932  bytes 72195 (70.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

3.keepalived + haproxy

复制代码 
[root@KA1 ~]# vim /etc/keepalived/scripts/haproxy_check.sh
#!/bin/bash
killall -0 haproxy &> /dev/null

[root@KA1 ~]# chmod +x /etc/keepalived/scripts/haproxy_check.sh
vrrp_script haporxy_check {
    script "/etc/keepalived/scripts/haproxy_check.sh"
    interval 1
    weight -30
    fall 2
    rise 2
    timeout 2
    user root
}
vrrp_instance WEB_VIP {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:0
    }
    track_script {
        haporxy_check
    }
}

[root@KA1 ~]# systemctl restart keepalived.service


#测试
通过关闭和开启haproxy来观察vip是否迁移
热门推荐
01要裂开了!ChatGPT要手机号验证了?注册Codex要求验证电话号码怎么办?2026年登陆Codex要手机号验证的解决办法02GitHub 镜像站点03Linux 核弹级高危漏洞 CVE-2026-31431 完整修复指南04Codex 接入 DeepSeek API 完整配置文档05零基础教你claude code 接入 deepseek V406CVE-2026-31431 (Copy Fail) 漏洞复现与验证记录07裂开!ChatGPT 居然开始要手机号验证,附详细解决方法08【AI】2026 年具身智能模型和世界模型总结09CC-Switch & Claude 基于 Linux 服务器安装使用指南10VScode的claude code插件报错command ‘claude-vscode.editor.openLast‘ not found