高可用集群keepalived

1.不同操作系统的安装

1.1 不同系统编译安装

ubuntu环境

apt-get - y install libssl-dev libpopt-dev daemon build-essential libssl-dev openssl libpopt-dev libsnmp-dev libnl-3-dev libnl-genl-3-dev

centos环境（其他的下同）

yum install - y gcc curl openssl-devel libnl3-devel net-snmp-devel

ubuntu server版本编译环境配置 - 时间可能有些长

apt update

apt - y install make gcc ipvsadm build-essential pkg-config automake autoconf libipset-dev libnl-3-dev libnl-genl-3-dev libssl-dev libxtables-dev libip4tc-dev libip6tc-dev libmagic-dev libsnmp-dev libglib2 .0 - dev libpcre2-dev libnftnl-dev libmnl-dev libsystemd-dev libpopt-dev daemon

ubuntu server 安装日志环境

apt install rsyslog - y

获取软件并解压

mkdir / data / {server,softs} - p && cd / data / softs

wget https :// keepalived.org / software / keepalived-2 .3.2 .tar.gz

tar xvf keepalived-2 .3.2 .tar.gz

配置文件

cd keepalived-2 .3.2

. / configure -- prefix =/ data / server / keepalived

编译于安装

make

makeinstall

使用默认的服务启动文件

cp keepalived / keepalived.service / lib / systemd / system /

定制专属的配置文件

/data/server/keepalived/sbin/keepalived --help

Usage : / data / server / keepalived / sbin / keepalived [OPTION .. .]

-f , -- use-file = FILE Use the specified configuration file

default

'/data/server/keepalived/etc/keepalived/keepalived.conf' or '/etc/keepalived/keepalived.conf'

配置的文件路径：

/ data / server / keepalived / etc / keepalived / keepalived.conf （优先高）

或者

/ etc / keepalived / keepalived.conf （优先级低）

直接使用模版文件

cd / data / server / keepalived / etc / keepalived /

mkdir / etc / keepalived

mv keepalived.conf.sample / etc / keepalived / keepalived.conf

定制服务配置文件（注意此操作不管是源安装还是编译安装都需要进行否则服务起不来）

sed - i '/virtual_server/,$d' / etc / keepalived / keepalived.conf

sed - i 's/eth0/ens33/g' / etc / keepalived / keepalived.conf 注：ens33不是唯一根据对应网卡修改

同时ubuntu源安装后还要注意

[root@ubantu24 ~]# mv /etc/keepalived/keepalived.conf.sample /etc/keepalived/keepalived.conf #更改配置文件名，否则服务起不来

启动服务

# systemctl daemon-reload

# systemctl start keepalived

1.2 防火墙规则 nftables

hostname -I # 检测服务后的 ip 效果

root @ubuntu24-13: ~ # apt install iputils-ping psmisc -y

root @ubuntu24-13: ~ # ping -c1 192.168.200.16

# 结果无法反应，处于阻塞的状态 ..

它存在新式的防火墙规则， nftables 规则

root @ubuntu24-13: ~ # apt -y install nftables (若没有则可以安装，本人测试的时候没有安装)

查看防火墙规则，这里显示出来拒绝了 keepalived 生产的三个默认的 vip 地址命令: nft list ruleset

(1)root @ubuntu24-13: ~ # nft flush ruleset #临时清理

(2)ruleset 规则在 keepalive 每次重启后，都会存在， 如果不想让它存在，可以清理默认的策略规则

root @ubuntu24-13: ~ # systemctl stop nftables 首先关闭服务

root @ubuntu24-13: ~ # nft flush ruleset 清理默认规则

root @ubuntu24-13: ~ # > /etc/nftables.conf 清理开机自启动服务规则

root @ubuntu24-13: ~ # systemctl restart nftables 重启服务

root @ubuntu24-13: ~ # nft list ruleset 确认效果

1.3 环境部署脚本

也可以通过下面的脚本进行安装

#!/bin/bash
# 定义日志文件路径
LOG_FILE="/var/log/keepalived_install.log"# 定义环境变量
KEEPALIVED_VERSION="2.3.2"
KEEPALIVED_INSTALL_PATH="/data/server/keepalived"
KEEPALIVED_TAR_NAME="keepalived-${KEEPALIVED_VERSION}"# 读取节点角色
read -p "当前节点的角色(MASTER|BACKUP): " KEEPALIVED_ROLE# 定义日志记录函数
function log() {local timestamp=$(date "+%Y-%m-%d %H:%M:%S")local message="$1"echo "[${timestamp}] ${message}" | tee -a ${LOG_FILE}
}# 定义函数：基本环境定制
function setup_environment() {log "开始基本环境定制"echo "正在更新软件包列表..."apt update 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "软件包列表更新成功"elselog "软件包列表更新失败"exit 1fiecho "正在安装必要的软件包..."apt -y install make gcc ipvsadm build-essential pkg-config automake autoconf \libipset-dev libnl-3-dev libnl-genl-3-dev libssl-dev libxtables-dev libip4tc-dev \libip6tc-dev libmagic-dev libsnmp-dev libglib2.0-dev libpcre2-dev libnftnl-dev \libmnl-dev libsystemd-dev libpopt-dev daemon 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "必要软件包安装成功"elselog "必要软件包安装失败"exit 1fi
}# 定义函数：下载软件
function download_software() {log "开始下载软件"echo "正在创建目录并下载 Keepalived ${KEEPALIVED_VERSION}..."mkdir -p /data/{server,softs} 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "目录创建成功"elselog "目录创建失败"exit 1ficd /data/softsif [ ! -f ${KEEPALIVED_TAR_NAME}.tar.gz ]; thenlocal keepalived_url="https://keepalived.org/software/${KEEPALIVED_TAR_NAME}.tar.gz"wget "${keepalived_url}" 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "Keepalived ${KEEPALIVED_VERSION} 下载成功"elselog "Keepalived ${KEEPALIVED_VERSION} 下载失败"exit 1fifiecho "正在解压 Keepalived ${KEEPALIVED_VERSION}..."local untar_dir="/data/softs/${KEEPALIVED_TAR_NAME}"[ -d ${untar_dir} ] && rm -rf ${untar_dir}tar xvf "${KEEPALIVED_TAR_NAME}.tar.gz" 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "Keepalived ${KEEPALIVED_VERSION} 解压成功"elselog "Keepalived ${KEEPALIVED_VERSION} 解压失败"exit 1fi
}# 定义函数：编译安装
function compile_and_install() {log "开始编译安装"echo "正在进入解压目录并进行配置..."cd "${KEEPALIVED_TAR_NAME}"./configure --prefix="${KEEPALIVED_INSTALL_PATH}" 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "配置成功，安装路径为 ${KEEPALIVED_INSTALL_PATH}"elselog "配置失败，安装路径为 ${KEEPALIVED_INSTALL_PATH}"exit 1fiecho "正在编译 Keepalived ${KEEPALIVED_VERSION}..."make 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "编译成功"elselog "编译失败"exit 1fiecho "正在安装 Keepalived ${KEEPALIVED_VERSION} 到 ${KEEPALIVED_INSTALL_PATH}..."make install 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "安装成功，安装路径为 ${KEEPALIVED_INSTALL_PATH}"elselog "安装失败，安装路径为 ${KEEPALIVED_INSTALL_PATH}"exit 1fi
}# 定义函数：定制服务文件
function customize_service_file() {log "开始定制服务文件"echo "正在复制服务文件..."cd /data/softs/${KEEPALIVED_TAR_NAME}/keepalivedcp keepalived.service /lib/systemd/system/ 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "服务文件复制成功"elselog "服务文件复制失败"exit 1fi
}# 定义函数：定制配置文件
function customize_config_file() {log "开始定制配置文件"echo "正在定制配置文件..."cd "${KEEPALIVED_INSTALL_PATH}/etc/keepalived/"[ ! -d /etc/keepalived ] && mkdir /etc/keepalived || rm -rf /etc/keepalived/*mv keepalived.conf.sample /etc/keepalived/keepalived.conf 2>&1 | tee -a ${LOG_FILE}local net_name=$(ip a | awk -F " |:" '/MULTICAST/{print $3}'|head -n1)sed -i "s/eth0/${net_name}/g" /etc/keepalived/keepalived.confsed -i '/virtual_server/,$d' /etc/keepalived/keepalived.confif [ "${KEEPALIVED_ROLE}" == "BACKUP" ]; thensed -i 's/MASTER/BACKUP/' /etc/keepalived/keepalived.confsed -i 's/ty 100/ty 90/' /etc/keepalived/keepalived.conf  # 注意：这里可能存在拼写错误（ty应为priority）fiif [ $? -eq 0 ]; thenlog "配置文件定制成功，安装路径为 ${KEEPALIVED_INSTALL_PATH}"elselog "配置文件定制失败，安装路径为 ${KEEPALIVED_INSTALL_PATH}"exit 1fi
}# 定义函数：启动服务
function start_service() {log "开始启动服务"echo "正在重新加载 systemd 管理器配置..."systemctl daemon-reload 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "systemd 管理器配置重新加载成功"systemctl start keepalivedelselog "systemd 管理器配置重新加载失败"exit 1fi
}# 主函数，按顺序调用各个子函数
function main() {# 检查环境变量是否为空if [ -z "${KEEPALIVED_VERSION}" ]; thenlog "错误：KEEPALIVED_VERSION 环境变量为空"exit 1fiif [ -z "${KEEPALIVED_INSTALL_PATH}" ]; thenlog "错误：KEEPALIVED_INSTALL_PATH 环境变量为空"exit 1fisetup_environmentdownload_softwarecompile_and_installcustomize_service_filecustomize_config_filestart_servicelog "Keepalived ${KEEPALIVED_VERSION} 安装及配置完成，安装路径为 ${KEEPALIVED_INSTALL_PATH}！"echo "Keepalived ${KEEPALIVED_VERSION} 安装及配置完成，安装路径为 ${KEEPALIVED_INSTALL_PATH}！"
}# 执行主函数
main

2.配置解读

1.1 配置简介

keepalived 默认配置文件主要有三部分组成， global_defs 、 vrrp_instance 、 virtual_server 其中最重要的配置内容是 vrrp_instance ，在这个配置段中，设置了 keepalived 对外提供的统一入口。

修改两台 keepalived 主机的global_defs 和 vrrp_instance 部分内容，就能让 keepalived 正常启动。

global_defs - 全局配置段router_id 设定当前keepalived提供的路由标识，它在keepalived集群中必须唯一vrrp_instance - vrrp配置段state 描述keepalived主机间的角色定位的，一般只有两个值MASTER、BACKUPinterface 指定在哪个网卡上绑定VIPvirtual_router_id 指定VIP的唯一标识，在keepalived集群中，此配置必须一致。priority 被VRRP协议来判断那个router_id作为主路由，值越大，优先级越高authentication 多个路由之间通信的认证virtual_ipaddress 指定VIP的地址，可以是多个。virtual_server - vs配置段lb_algo 定制算法信息protocol 数据通信协议的定制real_server 后端真实主机的定制

查看帮助信息

二进制包安装方式

man keepalived.conf

源码包安装方式

man /usr/share/man/man5/keepalived.conf.5.gz

1.2 配置细节

root @ubuntu24-13: ~ # tcpdump -i ens33 host 224.0.0.18 -nn # vrrp 通信数据

1.3 简单实践

两台主机安装nginx(略)

keepalived里面修改

virtual_ipaddress {

192.168.8.100

}

interface ens224

每个主机都增加一个网卡例如ens224

最终修改实现的效果如下

命令：for i in {1..10};do curl 192.168.8.100;done

结果显示： VIP 效果完全正常，可以替代原来的 web 地址访问效果

15主机上抓包 tcpdump -i ens224 -nn host 224.0.0.18 12主机优先级高所以它占用vip

停掉12主机 15主机抢了VIP,说明keepalived默认 工作模式是 抢占式，开启12主机后又恢复。

1.4 日志功能

（1）日志存放在哪里

默认情况下， keepalived 的日志功能是放入到 syslog 文件里面的，但是 syslog 文件不仅仅给 keepalived使用，还给很多其他的服务去使用，所以，一般情况下，我们需要将keepalived 的日志功能，单独独立出来。

cat /data/server/keepalived/etc/sysconfig/keepalived #查看依赖的配置文件

KEEPALIVED_OPTIONS = "-D" # 记录详细的日志

data/server/keepalived/sbin/keepalived --help # 查看 keepalived 的命令启动选项

KEEPALIVED_OPTIONS="-D -S 6" 注：里面解释了左边命令所写的原因

（2）定制日志输出

在/etc/rsyslog.d/目录下创建 keepalived的日志配置文件keepalived.conf

[root@rocky9-15 ~]# vim /etc/rsyslog.d/keepalived.conf

local6. * / var / log / keepalived.log

& ~

注意: & ~ 表示 keepalived 日志仅仅写入 / var / log / keepalived.log 中，不写入 / var / log / syslog 文件。

[root@rocky9-15 ~]# vim /etc/sysconfig/keepalived # apt 安装的在 / etc / default / keepalived

KEEPALIVED_OPTIONS = "-D -S 6"

systemctl restart rsyslog.service #重启rsyslog服务

systemctl restart keepalived.service #重启keepalived服务

tail /var/log/keepalived.log #查看日志效果

1.5 子配置[M]

当生产环境复杂时， / etc / keepalived / keepalived.conf 文件中内容过多，除了全局级别的配

置，还有大量的业务级别的配置，相当的不易管理。利用 include 指令可以实现包含子配置文件。

配置格式：

include / path / file

定制主从配置文件其中#里面的内容是定制从节点配置要写的

global_defs {router_id kpmaster   #kpbackup
}vrrp_instance VI_1 {state MASTER         #BACKUP interface ens224virtual_router_id 50priority 100         #100以下，例99authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.8.100}
}

确定确认要截取的内容