> 技术文档 > 高可用集群KEEPALIVED

高可用集群KEEPALIVED

        Keepalived 是一款专为 ​​高可用性(High Availability, HA)集群​​ 设计的开源工具,核心功能是通过 ​​VRRP(虚拟路由冗余协议)​​ 实现虚拟 IP(VIP)的自动故障转移,确保关键服务在主节点宕机时快速切换至备用节点,避免服务中断。以下从核心机制、工作原理、典型应用及部署要点展开说明:

一、核心机制:VRRP 协议​

VRRP(Virtual Router Redundancy Protocol,虚拟路由冗余协议)是 IETF 标准(RFC 3768),用于解决单一路由器故障导致的网络中断问题。其核心思想是将多台物理路由器组成一个 ​​虚拟路由器组​​,对外暴露一个虚拟 IP(VIP),客户端仅感知 VIP,无需关心具体物理路由器的切换。

  • ​角色划分​​:

    • ​Master(主节点)​​:实际持有 VIP,负责处理所有流量。
    • ​Backup(备份节点)​​:监控 Master 状态,当 Master 失效时接管 VIP。
    • ​Virtual Router(虚拟路由器)​​:逻辑概念,由 Master 或 Backup 代表,对外提供 VIP 服务。
  • ​选举规则​​:

    • 组内节点通过优先级(Priority,默认 100,范围 1-255)选举 Master,优先级高者胜出。
    • 若优先级相同,IP 地址较大的节点成为 Master。
    • Master 定期发送 ​​心跳报文(Advertisement)​​ 告知 Backup 自身存活(默认间隔 1 秒)。
    • Backup 若超时(默认 3 倍心跳间隔,即 3 秒)未收到心跳,则触发切换,成为新 Master。

​二、Keepalived 的工作原理​

Keepalived 基于 VRRP 协议扩展,不仅实现网络层的冗余,还支持 ​​应用层健康检查​​,确保服务真正可用(而非仅节点存活)。

​1. 核心组件​

  • ​VRRP 实例(VRRP Instance)​​:定义一组参与高可用的节点(Master/Backup),关联虚拟 IP(VIP)。
  •  ​​健康检查脚本(vrrp_script)​​:自定义脚本(如检查 Nginx 进程、MySQL 端口、HTTP 接口等),用于监控应用服务状态。若检查失败,可将节点标记为“不可用”,触发优先级调整或切换。
  • ​通知脚本(Notify)​​:在状态切换(如 Master→Backup 或 Backup→Master)时触发,用于执行自定义操作(如发送告警、同步配置)。​​                                                                         

2. 典型流程​

  1. ​初始化​​:各节点启动 Keepalived,读取配置文件,加入同一 VRRP 实例组。
  2. ​选举 Master​​:根据优先级选出 Master,绑定 VIP 到本地网卡(通常为 lo 接口)。
  3. ​流量转发​​:客户端请求 VIP,由 Master 节点处理(实际流量通过本地路由转发至后端服务)。
  4. ​健康监控​​:
    • VRRP 层:Backup 持续监听 Master 的心跳报文。
    • 应用层:Master 运行 vrrp_script 检查服务状态(如 check_script 定期执行 curl http://localhost),若失败则降低自身优先级(或直接退出),触发 Backup 接管。
  5. ​故障切换​​:当 Master 心跳中断或应用服务不可用时,Backup 提升为 Master,绑定 VIP,接管流量;原 Master 恢复后重新加入组,成为 Backup(默认不抢占,需配置 nopreempt 或调整优先级)。

​三、典型应用场景​

Keepalived 适用于需要 ​​单点冗余​​ 的服务,常见场景包括:

  • ​负载均衡器冗余​​:如 Nginx、HAProxy 双机热备,避免负载均衡器成为单点。
  • ​数据库主节点冗余​​:配合主从复制(如 MySQL 主从),当主库宕机时,Keepalived 切换 VIP 至新主库(需结合中间件或脚本实现自动主从切换)。
  • ​API 服务器高可用​​:Web 服务集群前端部署 Keepalived,确保入口 IP 持续可用。

四、实验

1、前期的配置与安装

[root@KA1 ~]# dnf install keepalived -y[root@KA1 ~]# systemctl start keepalived
#配置master端[root@KA1 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {   notification_email {        594233887@qq.com   }   notification_email_from keepalived@KA1.timinglee.org   smtp_server 127.0.0.1   smtp_connect_timeout 30   router_id KA1.timinglee.org   vrrp_skip_check_adv_addr   #vrrp_strict #nft list ruleset   vrrp_garp_interval 1vrrp_gna_interval 1   vrrp_mcast_group4 224.0.0.18}vrrp_instance VI_1 {   state MASTER   interface eth0   virtual_router_id 20   priority 100   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {        172.25.254.100/24 dev eth0 label eth0:0   }}配置slave端[root@KA2 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {   notification_email {        594233887@qq.com   }   notification_email_from keepalived@timinglee.org   smtp_server 127.0.0.1   smtp_connect_timeout 30   router_id KA2.timinglee.org   vrrp_skip_check_adv_addr   #vrrp_strict   vrrp_garp_interval 1   vrrp_gna_interval 1   vrrp_mcast_group4 224.0.0.18}vrrp_instance VI_1 {   state BACKUP   interface eth0   virtual_router_id 20 #相同id管理同一个虚拟路由   priority 80 #低优先级   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {        172.25.254.100/24 dev eth0 label eth0:0   }}#检测配置文件语法[root@KA1 ~]# keepalived -t -f /etc/keepalived/keepalived.conf
测试[root@KA2 ~]# tcpdump -i eth0 -nn host 224.0.0.18dropped privs to tcpdumptcpdump: verbose output suppressed, use -v[v]... for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes22:48:23.294894 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 20, prio 100, authtype none, intvl 1s, length 2022:48:24.084793 IP 172.25.254.30 > 224.0.0.18: VRRPv2, Advertisement, vrid 30, prio 80, authtype none, intvl 1s, length 2022:48:24.295075 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 20, prio 100, authtype none, intvl 1s, length 2022:48:25.085256 IP 172.25.254.30 > 224.0.0.18: VRRPv2, Advertisement, vrid 30, prio 80, authtype none, intvl 1s, length 2022:48:25.296296 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 20, prio 100, authtype none, intvl 1s, length 2022:48:26.085843 IP 172.25.254.30 > 224.0.0.18: VRRPv2, Advertisement, vrid 30, prio 80, authtype none, intvl 1s, length 20关闭KA1后再看组播信息

2、独立keepalived日志

[root@KA1 ~]# vim /etc/sysconfig/keepalivedKEEPALIVED_OPTIONS=\"-D -S 6\" #日志级别为0-7[root@ka1 ~]#vim /etc/rsyslog.conflocal6.*                                               /var/log/keepalived.log [root@ka1 ~]#systemctl restart keepalived.service rsyslog.service [root@ka1 ~]#tail -f /var/log/keepalived.log Apr 14 09:25:51 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:51 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:51 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:51 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:56 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:56 ka1 Keepalived_vrrp[1263]: (VI_1) Sending/queueing gratuitous ARPs on eth0 for 10.0.0.10Apr 14 09:25:56 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:56 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:56 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:56 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10

3、独立子配置文件

[root@KA1 ~]# mkdir /etc/keepalived/conf.d[root@KA1 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {   notification_email {        594233887@qq.com   }   notification_email_from keepalived@KA1.timinglee.org   smtp_server 127.0.0.1   smtp_connect_timeout 30   router_id KA1.timinglee.org   vrrp_skip_check_adv_addr   vrrp_strict   vrrp_garp_interval 0   vrrp_gna_interval 0   vrrp_ipsets keepalived   vrrp_iptables}include /etc/keepalived/conf.d/*.conf #相关子配置文件[root@KA1 ~]# vim /etc/keepalived/conf.d/router.confvrrp_instance VI_1 {   state MASTER   interface eth0   virtual_router_id 20   priority 100   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {        172.25.254.100/24 dev eth0 label eth0:0   }}

4、实现master/slave的 Keepalived 单主架构

MASTER配置[root@KA1 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {   notification_email {        594233887@qq.com}   notification_email_from keepalived@KA1.timinglee.org   smtp_server 127.0.0.1   smtp_connect_timeout 30   router_id KA1.timinglee.org   vrrp_skip_check_adv_addr   #vrrp_strict #添加此选项无法访问vip,可以用nft list ruleset查看   vrrp_garp_interval 1   vrrp_gna_interval 1   vrrp_mcast_group4 224.0.0.18}vrrp_instance VI_1 {   state MASTER   interface eth0   virtual_router_id 20   priority 100   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {        172.25.254.100/24 dev eth0 label eth0:0   }}BACKUP配置#配置文件和master基本一致,只需修改三行[root@KA2 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {   notification_email {        594233887@qq.com   }   notification_email_from keepalived@timinglee.org   smtp_server 127.0.0.1   smtp_connect_timeout 30   router_id KA2.timinglee.org   vrrp_skip_check_adv_addr   #vrrp_strict   vrrp_garp_interval 1   vrrp_gna_interval 1   vrrp_mcast_group4 224.0.0.18}vrrp_instance VI_1 {   state BACKUP   interface eth0   virtual_router_id 20 #相同id管理同一个虚拟路由   priority 80 #低优先级   advert_int   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {        172.25.254.100/24 dev eth0 label eth0:0   }}抓包观察tcpdump -i eth0 -nn host 224.0.0.18

5、抢占模式和非抢占模式

非抢占模式 nopreempt#ka1主机配置vrrp_instance VI_1 {   state BACKUP   interface eth0   virtual_router_id 20   priority 100 #优先级高   nopreempt #非抢占模式   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {        172.25.254.100/24 dev eth0 label eth0:0   }}   #KA2主机配置vrrp_instance VI_1 {   state BACKUP   interface eth0   virtual_router_id 20   priority 80 #优先级低 advert_int 1   nopreempt #非抢占模式   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {      172.25.254.100/24 dev eth0 label eth0:0   }}
抢占延迟模式 preempt_delay#ka1主机配置vrrp_instance VI_1 {   state BACKUP   interface eth0   virtual_router_id 20   priority 100 #优先级高   preempt_delay 10 #抢占延迟10s   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {        172.25.254.100/24 dev eth0 label eth0:0   }}   #KA2主机配置vrrp_instance VI_1 {   state BACKUP   interface eth0   virtual_router_id 20   priority 80 #优先级低   advert_int 1   preempt_delay 10 #抢占延迟10S   authentication {       auth_type PASS       auth_pass 1111}   virtual_ipaddress {      172.25.254.100/24 dev eth0 label eth0:0   }}

6、VIP单播配置

#master 主机配置[root@KA1 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {   notification_email {   594233887@qq.com   }   notification_email_from keepalived@KA1.timinglee.org   smtp_server 127.0.0.1   smtp_connect_timeout 30   router_id KA1.timinglee.org   vrrp_skip_check_adv_addr   #vrrp_strict #注释此参数,与vip单播模式冲突   vrrp_garp_interval 1   vrrp_gna_interval 1   vrrp_ipsets keepalived}vrrp_instance VI_1 {   state MASTER   interface eth0   virtual_router_id 20   priority 100   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {   172.25.254.100/24 dev eth0 label eth0:0   }   unicast_src_ip 172.25.254.20 #本机IP   unicast_peer {       172.25.254.30 #指向对方主机IP       #如果有多个keepalived,再加其它节点的IP   }}##在slave主机中[root@KA2 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalivedglobal_defs {   notification_email {   594233887@qq.com   }   notification_email_from keepalived@KA1.timinglee.org   smtp_server 127.0.0.1   smtp_connect_timeout 30   router_id KA1.timinglee.org   vrrp_skip_check_adv_addr   #vrrp_strict #注释此参数,与vip单播模式冲突   vrrp_garp_interval 0   vrrp_gna_interval 0   vrrp_ipsets keepalived}vrrp_instance VI_1 {   state BACKUP   interface eth0   virtual_router_id 20   priority 80   advert_int 1   preempt_delay 60   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {     172.25.254.100/24 dev eth0 label eth0:0   }unicast_src_ip 172.25.254.30 #本机ip   unicast_peer {     172.25.254.20 #对端主机IP   }}
[root@KA1 ~]# tcpdump -i eth0 -nn src host 172.25.254.20 and dst 172.25.254.30dropped privs to tcpdumptcpdump: verbose output suppressed, use -v[v]... for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes00:20:16.150917 IP 172.25.254.20 > 172.25.254.30: VRRPv2, Advertisement, vrid 20, prio 100, authtype simple, intvl 1s, length 2000:20:17.151569 IP 172.25.254.20 > 172.25.254.30: VRRPv2, Advertisement, vrid 20, prio 100, authtype simple, intvl 1s, length 2000:20:18.151754 IP 172.25.254.20 > 172.25.254.30: VRRPv2, Advertisement, vrid 20, prio 100, authtype simple, intvl 1s, length 2000:20:19.152290 IP 172.25.254.20 > 172.25.254.30: VRRPv2, Advertisement, vrid 20, prio 100, authtype simple, intvl 1s, length 20[root@KA2 ~]# tcpdump -i eth0 -nn src 172.25.254.30 and dst 172.25.254.20dropped privs to tcpdumptcpdump: verbose output suppressed, use -v[v]... for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes00:20:50.853174 IP 172.25.254.30 > 172.25.254.20: VRRPv2, Advertisement, vrid 30, prio 80, authtype simple, intvl 1s, length 2000:20:51.853798 IP 172.25.254.30 > 172.25.254.20: VRRPv2, Advertisement, vrid 30, prio 80, authtype simple, intvl 1s, length 20

7、实现 Keepalived 状态切换的通知脚本

创建通知脚本[root@KA1 ~]# vim /etc/keepalived/mail.sh#!/bin/bashmail_dest=\'594233887@qq.com\'mail_send(){   mail_subj=\"$HOSTNAME to be $1 vip 转移\"   mail_mess=\"`date +%F\\ %T`: vrrp 转移,$HOSTNAME 变为 $1\"   echo \"$mail_mess\" | mail -s \"$mail_subj\" $mail_dest}case $1 in   master)   mail_send master   ;;   backup)   mail_send backup   ;;   fault)   mail_send fault   ;;   *)   exit 1   ;;esac安装邮件发送工具[root@KA2 ~]# dnf install mailx -yQQ邮箱配置[root@KA1 ~]# vim /etc/mail.rc#######mail set##########set smtp=smtp.163.comset smtp-auth=loginset smtp-auth-user=timinglee_zln@163.comset smtp-auth-password=TAb9vYbWevbPtN4mset from=timinglee_zln@163.comset ssl-verify=ignore 发送测试邮件[root@KA1 ~]# dnf install s-nail sendmail   -y[root@KA1 ~]# systemctl enable --now sendmail.service[root@KA1 ~]# echo test message |mail -s test 594233887@qq.com
#在所有 keepalived节点配置如下[root@KA1 + KA2 ~]# vim /etc/keepalived/mail.sh#!/bin/bashmail_dest=\'594233887@qq.com\'mail_send(){    mail_subj=\"$HOSTNAME to be $1 vip 转移\"    mail_mess=\"`date +%F\\ %T`: vrrp 转移,$HOSTNAME 变为 $1\"    echo \"$mail_mess\" | mail -s \"$mail_subj\" $mail_dest}case $1 in   master)   mail_send master   ;;   backup)   mail_send backup   ;;   fault)   mail_send fault   ;;   *)    exit 1   ;;esac[root@KA1 +KA2 ~]# chmod +x /etc/keepalived/mail.sh[root@KA1 +K2 ~]#vim /etc/keepalived/keepalived.confglobal_defs {   notification_email {     timinglee_zln@163.com   }   notification_email_from timinglee@timinglee.orgsmtp_server 127.0.0.1   smtp_connect_timeout 30   router_id KA1.timinglee.org   vrrp_skip_check_adv_addr   #vrrp_strict   vrrp_garp_interval 1   vrrp_gna_interval 1   enable_script_security #开启keepalived执行脚本功能   script_user root #指定脚本执行用户身份}vrrp_instance VI_1 {   state MASTER   interface eth0   virtual_router_id 20   priority 100   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {    172.25.254.100/24 dev eth0 label eth0:0   }   unicast_src_ip 172.25.254.20   unicast_peer {        172.25.254.30   }   notify_master \"/etc/keepalived/mail.sh master\"   notify_backup \"/etc/keepalived/mail.sh backup\"   notify_fault \"/etc/keepalived/mail.sh fault\"}#模拟master故障[root@ka1-centos8 ~]#killall keepalived测试:在浏览器中观察邮件即可

8、实现 master/master 的 Keepalived 双主架构

#ha1主机配置[root@rhel7-ka1 ~]# vim /etc/keepalived/keepalived.conf@@@@ 内容省略 @@@@vrrp_instance VI_1 {   state MASTER #主   interface ens33   virtual_router_id 50   priority 100   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {       172.25.254.50 dev ens33 label ens33:0   }}vrrp_instance VI_60 {   state BACKUP #备   interface ens33   virtual_router_id 60   priority 80   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {       172.25.254.60 dev ens33 label ens33:1   }}#ka2主机配置,和ka1配置只需五行不同[root@rhel7-ka2 ~]# vim /etc/keepalived/keepalived.conf@@@@ 内容省略 @@@@vrrp_instance VI_1 {   state BACKUP #备   interface ens33   virtual_router_id 50   priority 80   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {       172.25.254.50 dev ens33 label ens33:0   }}vrrp_instance VI_60 {   state MASTER #主   interface ens33v virtual_router_id 60 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111} virtual_ipaddress { 172.25.254.60 dev etho label eth0:1 }} 

9、实 现 I P V S 的 高 可 用 性-实现单主的 LVS-DR 模式

#准备两台后端RS主机[root@rs1 ~]# yum install httpd -y[root@rs1 ~]# echo RS1 - 172.25.254.101 > /var/www/html/index.html[root@rs1 ~]# ip addr add 172.25.254.100/32 dev lo[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce[root@rs2 ~]# yum install httpd -y[root@rs1 ~]# echo RS1 - 172.25.254.101 > /var/www/html/index.html[root@rs2 ~]# ip addr add 172.25.254.100/32 dev lo[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce[root@node30 ~]# yum install httpd -y[root@node30 ~]# echo RS1 - 172.25.254.101 > /var/www/html/index.html[root@node30 ~]# ip addr add 172.25.254.100/32 dev lo[root@node30 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore[root@node30 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore[root@node30~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
配置keepalived#ka1节点的配置[root@rhel7-ka1 ~]# vim /etc/keepalived/keepalived.conf@@@@ 省略内容 @@@@virtual_server 172.25.254.100 80 {   delay_loop 6   lb_algo wrr   lb_kind DR   protocol TCP   sorry_server 172.25.254.30   real_server 172.25.254.101 80 { weight 1       TCP_CHECK {           connect_timeout 5           retry 3           delay_before_retry 3           connect_port 80       }   }   real_server 172.25.254.102 80 {       weight 1       HTTP_GET {           url {               path /               status_code 200           }           connect_timeout 1           retry 3           delay_before_retry 1       }   }}#ka2节点的配置,配置和ka1基本相同,只需修改三行[root@rhel7-ka2 ~]# vim /etc/keepalived/keepalived.conf@@@@ 省略内容 @@@@virtual_server 172.25.254.100 80 {   delay_loop 6   lb_algo wrr   lb_kind DR   protocol TCP   sorry_server 172.25.254.30   real_server 172.25.254.101 80 {       weight 1       TCP_CHECK {           connect_timeout 5           retry 3           delay_before_retry 3           connect_port 80       }   }   real_server 172.25.254.102 80 {       weight 1       HTTP_GET {           url {               path /               status_code 200           }           connect_timeout 1           retry 3           delay_before_retry 1       }   }}
[Administrator.WIN-20240602BIS] ➤ for i in {1..6}; do curl 172.25.254.100; doneRS1 - 172.25.254.101RS2 - 172.25.254.102RS1 - 172.25.254.101RS2 - 172.25.254.102RS1 - 172.25.254.101RS2 - 172.25.254.102[root@rhel7-ka1 ~]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port           Forward Weight ActiveConn InActConnTCP 172.25.254.100:80 wrr -> 172.25.254.101:80           Route   1     0         6 -> 172.25.254.102:80           Route   1     0         6
模拟故障#第一台RS1故障,自动切换至RS2[root@rs1 ~]# systemctl stop httpd #当RS1故障[Administrator.WIN-20240602BIS] ➤ for i in {1..6}; do curl 172.25.254.100; done #全部流浪被定向到RS2中RS2 - 172.25.254.102RS2 - 172.25.254.102RS2 - 172.25.254.102RS2 - 172.25.254.102RS2 - 172.25.254.102RS2 - 172.25.254.102[root@rhel7-ka1 ~]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port           Forward Weight ActiveConn InActConnTCP 172.25.254.100:80 wrr -> 172.25.254.102:80           Route   1     0         12 #RS1被踢出保留RS2#后端RS服务器都故障,启动Sorry Server[root@rs2 ~]#systemctl stop httpd[Administrator.WIN-20240602BIS] ➤ for i in {1..6}; do curl 172.25.254.100; donesorry serversorry serversorry serversorry serversorry serversorry server[root@rhel7-ka1 ~]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port           Forward Weight ActiveConn InActConnTCP 172.25.254.100:80 wrr -> 172.25.254.30:80             Route   1     0         3#陆续启动RS1 RS2[root@rhel7-ka1 ~]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port           Forward Weight ActiveConn InActConnTCP 172.25.254.100:80 wrr -> 172.25.254.101:80           Route   1     0         3 -> 172.25.254.102:80           Route   1     0         9#ka1故障,自动切换至ka2[root@rhel7-ka1 ~]# systemctl stop keepalived.service[root@rhel7-ka2 ~]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port           Forward Weight ActiveConn InActConnTCP 172.25.254.100:80 wrr -> 172.25.254.101:80           Route   1     0         0 -> 172.25.254.102:80           Route   1     0         0

9、双主分别实现httpd和mysql服务的调度

准备实验素材在RS1和RS2中准备httpd和mysql环境在RS1中:[root@rs1 ~]# ip addr add 172.25.254.200/32 dev lo[root@rs1 ~]# yum install mariadb-server -yroot@rs1 ~]# vim /etc/my.cnfserver-id=1[root@rs1 ~]# systemctl enable --now mariadb[root@rs1 ~]# mysql -e \"grant ALL on *.* to lee@\'%\' identified by \'lee\'\"[root@rs1 ~]# mysql -ulee -plee -h172.25.254.101 -e \'select @@server_id\'+-------------+| @@server_id |+-------------+|           1 |+-------------+在RS2中:[root@rs2 ~]# ip addr add 172.25.254.200/32 dev lo[root@rs2 ~]# yum install mariadb-server -y[root@rs2 ~]# vim /etc/my.cnfserver-id=2[root@rs2 ~]# systemctl enable --now mariadb[root@rs2 ~]# mysql -e \"grant ALL on *.* to lee@\'%\' identified by \'lee\'\"[root@rs2 ~]# mysql -ulee -plee -h172.25.254.102 -e \'select @@server_id\'+-------------+| @@server_id |+-------------+|           2 |+-------------+#配置双主模式[root@rhel7-ka1 ~]# vim /etc/keepalived/keepalived.confvrrp_instance web {   state MASTER   interface ens33   virtual_router_id 100   priority 100   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {       172.25.254.100 dev ens33 label ens33:0   }}vrrp_instance sql {   state BACKUP   interface ens33   virtual_router_id 200   priority 80   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {       172.25.254.200 dev ens33 label ens33:1   }}include \"/etc/keepalived/conf.d/web.conf\"include \"/etc/keepalived/conf.d/sql.conf\"[root@rhel7-ka1 ~]# vim /etc/keepalived/conf.d/web.confvirtual_server 172.25.254.100 80 {   delay_loop 6   lb_algo wrr   lb_kind DR   protocol TCP   sorry_server 172.25.254.30 80   real_server 172.25.254.101 80 {       weight 1       TCP_CHECK {           connect_timeout 5           nb_get_retry 3           delay_before_retry 3           connect_port 80       }   }   real_server 172.25.254.102 80 {       weight 1       HTTP_GET {           url {               path /               status_code 200           }           connect_timeout 1           nb_get_retry 3           delay_before_retry 1       }   }}[root@rhel7-ka1 ~]# vim /etc/keepalived/conf.d/sql.confvirtual_server 172.25.254.200 3306 {   delay_loop 3   lb_algo rr   lb_kind DR   protocol TCP   real_server 172.25.254.101 3306 {       weight 1       TCP_CHECK {           connect_timeout 5           retry 3           delay_before_retry 3           connect_port 3306       }   }   real_server 172.25.254.102 3306 {       weight 1       TCP_CHECK {connect_timeout 5           nb_get_retry 3           delay_before_retry 3           connect_port 3306       }   }}##在ka2中:[root@rhel7-ka2 ~]# vim /etc/keepalived/keepalived.confvrrp_instance web {   state BACKUP #备机   interface eth0   virtual_router_id 50   priority 80   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {       172.25.254.100 dev eth0 label eth0:0   }}vrrp_instance sql {   state MASTER #主机   interface eth0   virtual_router_id 60   priority 100   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {       172.25.254.200 dev eth0 label eth0:1   }}include \"/etc/keepalived/conf.d/web.conf\"include \"/etc/keepalived/conf.d/sql.conf\"[root@rhel7-ka2 ~]# vim /etc/keepalived/conf.d/web.confvirtual_server 172.25.254.100 80 {   delay_loop 6   lb_algo wrr   lb_kind DR   protocol TCP   sorry_server 172.25.254.30 80   real_server 172.25.254.101 80 {       weight 1       TCP_CHECK {connect_timeout 5           nb_get_retry 3           delay_before_retry 3           connect_port 80       }   }   real_server 172.25.254.102 80 {       weight 1       HTTP_GET {           url {               path /               status_code 200           }           connect_timeout 1           nb_get_retry 3           delay_before_retry 1       }   }}[root@rhel7-ka2 ~]# vim /etc/keepalived/conf.d/web.confvirtual_server 172.25.254.200 3306 {   delay_loop 3   lb_algo rr   lb_kind DR   protocol TCP   real_server 172.25.254.101 3306 {       weight 1       TCP_CHECK {           connect_timeout 5           nb_get_retry 3           delay_before_retry 3           connect_port 3306       }   }   real_server 172.25.254.102 3306 {       weight 1       TCP_CHECK {           connect_timeout 5           nb_get_retry 3           delay_before_retry 3           connect_port 3306       }   }}             [root@rhel7-ka1 ~]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port           Forward Weight ActiveConn InActConnTCP 172.25.254.100:80 wrr -> 172.25.254.101:80           Route   1     0         0 -> 172.25.254.102:80           Route   1     0         0TCP 172.25.254.200:3306 rr-> 172.25.254.101:3306         Route   1     0         0 -> 172.25.254.102:3306         Route   1     0         0#测试[root@node30 html]# mysql -ulee -plee -h172.25.254.200 -e \'select @@server_id\'+-------------+| @@server_id |+-------------+|           2 |+-------------+[root@node30 html]# mysql -ulee -plee -h172.25.254.200 -e \'select @@server_id\'+-------------+| @@server_id |+-------------+|           1 |+-------------+[root@node30 html]# mysql -ulee -plee -h172.25.254.200 -e \'select @@server_id\'

10、利用脚本实现主从角色切换

[root@rhel7-ka1 ~]# vim /mnt/check_lee.sh#!/bin/bash[ ! -f \"/mnt/lee\" ][root@rhel7-ka1 ~]# chmod +x /mnt/check_lee.sh[root@rhel7-ka1 ~]# vim /etc/keepalived/keepalived.conf@@@@ 省略内容 @@@@vrrp_script check_lee {   script \"/mnt/check_lee.sh\"interval 1   weight -30   fall 2   rise 2   timeout 2}vrrp_instance web {   state MASTER   interface ens33   virtual_router_id 50   priority 100   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {       172.25.254.100 dev ens33 label ens33:0   }   track_script {       check_lee   }}[root@rhel7-ka1 ~]# touch /mnt/lee[root@rhel7-ka1 ~]# tail -f /var/log/messages

11、实现HAProxy高可用

#在两个ka1和ka2先实现haproxy的配置[root@rhel7-ka1 & ka2 ~]# vim /etc/haproxy/haproxy.cfglisten webserver   bind 172.25.254.100:80   server web1 172.25.254.101:80 check   server web2 172.25.254.102:80 check#在两个ka1和ka2两个节点启用内核参数[root@rhel7-ka1 & ka2 ~]# vim /etc/sysctl.conf net.ipv4.ip_nonlocal_bind = 1[root@rhel7-ka1 & ka2 ~]# sysctl -p#在ka1中编写检测脚本[root@rhel7-ka1 ~]# vim /etc/keepalived/scripts/haproxy.sh#!/bin/bash/usr/bin/killall -0 haproxy[root@rhel7-ka1 ~]# chmod +X /etc/keepalived/scripts/haproxy.sh#在ka1中配置keepalived[root@ka1-centos8 ~]#cat /etc/keepalived/keepalived.confvrrp_script check_haproxy {   script \"/etc/keepalived/scripts/haproxy.sh\"   interval 1   weight -30   fall 2   rise 2   timeout 2}vrrp_instance web {   state MASTER   interface ens33   virtual_router_id 50   priority 100   advert_int 1   authentication {       auth_type PASS       auth_pass 1111   }   virtual_ipaddress {       172.25.254.100 dev ens33 label ens33:0   }   track_script {       check_haproxy   }}#测试root@rhel7-ka1 ~]# systemctl stop haproxy.service