keepalived实战案例

最新推荐文章于 2025-05-13 20:38:43 发布

哈密瓜小贼

最新推荐文章于 2025-05-13 20:38:43 发布

阅读量349

点赞数

CC 4.0 BY-SA版权

分类专栏： shell 文章标签：负载均衡

本文链接：https://blog.csdn.net/weixin_44515412/article/details/105800850

shell 专栏收录该内容

5 篇文章

订阅专栏

本文详细介绍了Keepalived的双主配置、通知配置及与LVS结合实现高可用性的具体步骤。包括VRRP实例设置、邮件通知脚本、HAProxy和Nginx的健康检查脚本、LVS-DR模式下的web服务器配置，以及Keepalived与LVS联合部署的完整案例。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

一、案例：Keepalived双主配置

两个或以上VIP分别运行在不同的keepalived服务器，以实现服务器并行提供web访问的目的，提高服务器资源利用率。

101：
 vrrp_instance VI_2 {
 	state BACKUP
 	interface eth0
 	virtual_router_id 81
	priority 60
 	advert_int 1
 	unicast_src_ip 192.168.7.101 #本机源IP
 	unicast_peer {  
 		192.168.7.102
 	}
 	virtual_ipaddress {
 		192.168.7.249 dev eth0 label eth0:0
 	} 
}
[root@s2 ~]# tcpdump -i eth0 -nn host 172.18.200.101 and host 172.18.200.102
102：
 vrrp_instance VI_2 {
 	state MASTER
 	interface eth0
 	virtual_router_id 81
	priority 100
 	advert_int 1
 	unicast_src_ip 192.168.7.102 #本机源IP
 	unicast_peer {  
 		192.168.7.101
 	}
 	virtual_ipaddress {
 		192.168.7.249 dev eth0 label eth0:0
 	} 
 }

二、案例：Keepalived通知配置

#1、发件人配置:
[root@s2 ~]# vim /etc/mail.rc
set from=2973707860@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=2973707860@qq.com
set smtp-auth-password=mfcjxxjezawgdgee
set smtp-auth=login
set ssl-verify=ignore

#2、Keepalived通知脚本
[root@localhost keepalived]# cat /etc/keepalived/notify.sh 
#!/bin/bash
contact='2973707860@qq.com'
notify() {
mailsubject="$(hostname) to be $1, vip 转移"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac

#3、keepalived配置：
vrrp_instance VI_2 {
 	state BACKUP
 	interface eth0
 	virtual_router_id 81
	priority 60
 	advert_int 1
 	unicast_src_ip 192.168.7.101 
 	unicast_peer {  
 		192.168.7.102
 	}
 	authentication {
 		auth_type PASS
 		auth_pass 1111qwer
 	}
 	virtual_ipaddress {
 		192.168.7.249 dev eth0 label eth0:0
 	} 
	notify_master "/etc/keepalived/notify.sh master"
	notify_backup "/etc/keepalived/notify.sh backup"
	notify_fault "/etc/keepalived/notify.sh fault"

#4、Keepalived通知验证
#停止keepalived服务，验证IP切换后是否收到通知邮件

三、案例：高可用HAProxy/Nginx

#1、高可用HAProxy
vrrp_script chk_haproxy {
	script "/etc/keepalived/chk_haproxy.sh"
	interval 1
	weight -80
	fall 3 #3次检测失败为失败
	rise 5 #5次检测成功为成功
	timeout 2
}
track_script {
	chk_haproxy
}
[root@s1 ~]# yum install psmisc -y
[root@s1 ~]# cat /etc/keepalived/chk_haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy
[root@s1 ~]# chmod a+x /etc/keepalived/chk_haproxy.sh

#2、高可用Nginx（将以上chk_haproxy全改为chk_nginx，其他不变）

四、案例：实现LVS-DR模式

#1、准备web服务器并使用脚本绑定VIP至web服务器lo网卡
[root@s3 ~]# bash lvs-dr.sh start
[root@s3 ~]# ifconfig lo:0

#2、配置keepalived
virtual_server 172.18.200.248 80 {
	delay_loop 6
	lb_algo wrr
	lb_kind DR
	#persistence_timeout 120 #会话保持时间
	protocol TCP
	sorry_server 172.18.200.105 80
	real_server 172.18.200.103 80 {
		weight 1
		TCP_CHECK {
			connect_timeout 5
			nb_get_retry 3
			delay_before_retry 3
			connect_port 80
		} 
	}
	real_server 172.18.200.104 80 {
		weight 1
		TCP_CHECK {
			connect_timeout 5
			nb_get_retry 3
			delay_before_retry 3
			connect_port 80
		} 
	} 
}

#3、测试web访问
# while true;do curl http://192.168.7.248 && sleep 1;done

#4、real_server http监测
real_server 192.168.7.103 80 {
	weight 1
	HTTP_GET {
		url {
			path /index.html
			status_code 200
		} 
	}
	connect_timeout 5
	nb_get_retry 3
	delay_before_retry 3 
}

五、实现LVS+Keepalived高可用

! Configuration File for keepalived  
global_defs {   
	notification_email {   
	root@localhost   
	}  
notification_email_from kaadmin@localhost  
smtp_server 127.0.0.1  
smtp_connect_timeout 30  
router_id node1  
vrrp_mcast_group4 224.0.100.100  
} 

vrrp_instance VI_1 { 
state MASTER 
interface eth0 
virtual_router_id 6 
priority 100 
advert_int 1 
authentication {  
	auth_type PASS  
	auth_pass f1bf7fde } 
virtual_ipaddress {  
	172.16.0.80/16 dev eth0 label eth0:0 
} 

track_interface {  
	eth0 
} 
notify_master "/etc/keepalived/notify.sh master" 
notify_backup "/etc/keepalived/notify.sh backup" 
notify_fault "/etc/keepalived/notify.sh fault" } 

vrrp_instance VI_2 {  
	state BACKUP  
	interface eth0  
	virtual_router_id 8  
	priority 98  
	advert_int 1  
	authentication {   
		auth_type PASS   
		auth_pass f2bf7ade  
	} 

virtual_ipaddress {  
	172.16.0.90/16 dev eth0 label eth0:1 
} track_interface {  
	eth0 
} 
notify_master "/etc/keepalived/notify.sh master" 
notify_backup "/etc/keepalived/notify.sh backup" 
notify_fault "/etc/keepalived/notify.sh fault" } 

virtual_server fwmark 3 { 
delay_loop 2 
lb_algo rr 
lb_kind DR 
nat_mask 255.255.0.0 
protocol TCP 
sorry_server 127.0.0.1 80 
real_server 172.16.0.11 80 {  
	weight 1  
	HTTP_GET {  
	url {   
		path /   
		status_code 200  
		}  
		connect_timeout 2  
		nb_get_retry 3  
		delay_before_retry 3  
		} 
} 

real_server 172.16.0.12 80 {  
	weight 1  
	HTTP_GET {   
	url {    
		path /    
		status_code 200   
		}   
		connect_timeout 2   
		nb_get_retry 3   
		delay_before_retry 3   
		}  
	} 
}

六、其他

[root@s2 keepalived]# iptables -D INPUT -s 0.0.0.0/0 -d 192.168.7.248 -j DROP #yum安装会自动生成防火墙策略，可以删除或禁止生成
[root@s2 keepalived]# tcpdump -i eth0 -nn host 224.0.0.18
[root@s2 ~]# ping 192.168.7.248