高可用集群keepalived

1.不同操作系統的安裝

1.1 不同系統編譯安裝

ubuntu環境

apt-get - y install libssl-dev libpopt-dev daemon build-essential libssl-dev openssl libpopt-dev libsnmp-dev libnl-3-dev libnl-genl-3-dev

centos環境（其他的下同）

yum install - y gcc curl openssl-devel libnl3-devel net-snmp-devel

ubuntu server版本編譯環境配置 - 時間可能有些長

apt update

apt - y install make gcc ipvsadm build-essential pkg-config automake autoconf libipset-dev libnl-3-dev libnl-genl-3-dev libssl-dev libxtables-dev libip4tc-dev libip6tc-dev libmagic-dev libsnmp-dev libglib2 .0 - dev libpcre2-dev libnftnl-dev libmnl-dev libsystemd-dev libpopt-dev daemon

ubuntu server 安裝日志環境

apt install rsyslog - y

獲取軟件并解壓

mkdir / data / {server,softs} - p && cd / data / softs

wget https :// keepalived.org / software / keepalived-2 .3.2 .tar.gz

tar xvf keepalived-2 .3.2 .tar.gz

配置文件

cd keepalived-2 .3.2

. / configure -- prefix =/ data / server / keepalived

編譯于安裝

make

makeinstall

使用默認的服務啟動文件

cp keepalived / keepalived.service / lib / systemd / system /

定制專屬的配置文件

/data/server/keepalived/sbin/keepalived --help

Usage : / data / server / keepalived / sbin / keepalived [OPTION .. .]

-f , -- use-file = FILE ? ? ? ? ?Use the specified configuration file ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?

default

'/data/server/keepalived/etc/keepalived/keepalived.conf' or '/etc/keepalived/keepalived.conf'

配置的文件路徑：

/ data / server / keepalived / etc / keepalived / keepalived.conf （優先高）

或者

/ etc / keepalived / keepalived.conf （優先級低）

直接使用模版文件

cd / data / server / keepalived / etc / keepalived /

mkdir / etc / keepalived

mv keepalived.conf.sample / etc / keepalived / keepalived.conf

定制服務配置文件（注意此操作不管是源安裝還是編譯安裝都需要進行?否則服務起不來）

sed - i '/virtual_server/,$d' / etc / keepalived / keepalived.conf

sed - i 's/eth0/ens33/g' / etc / keepalived / keepalived.conf? ? 注：ens33不是唯一?根據對應網卡修改

同時ubuntu源安裝后還要注意

[root@ubantu24 ~]# mv /etc/keepalived/keepalived.conf.sample /etc/keepalived/keepalived.conf?? ? ? ? ? ? ? ? ? ?#更改配置文件名，否則服務起不來

啟動服務

# systemctl daemon-reload

# systemctl start keepalived

1.2 防火墻規則 nftables

hostname -I? ? ?# 檢測服務后的 ip 效果

root @ubuntu24-13: ~ # apt install iputils-ping psmisc -y

root @ubuntu24-13: ~ # ping -c1 192.168.200.16

# 結果無法反應，處于阻塞的狀態 ..

它存在新式的防火墻規則， nftables 規則

root @ubuntu24-13: ~ # apt -y install nftables? ?(若沒有則可以安裝，本人測試的時候沒有安裝)

查看防火墻規則，這里顯示出來拒絕了 keepalived 生產的三個默認的 vip 地址? 命令: nft list ruleset

(1)root @ubuntu24-13: ~ # nft flush ruleset? ? #臨時清理

(2)ruleset 規則在 keepalive 每次重啟后，都會存在， 如果不想讓它存在，可以清理默認的策略規則

root @ubuntu24-13: ~ # systemctl stop nftables? ? 首先關閉服務

root @ubuntu24-13: ~ # nft flush ruleset ? ? 清理默認規則

root @ubuntu24-13: ~ # > /etc/nftables.conf? ? 清理開機自啟動服務規則

root @ubuntu24-13: ~ # systemctl restart nftables? ? 重啟服務

root @ubuntu24-13: ~ # nft list ruleset? ?? 確認效果

1.3?環境部署腳本

也可以通過下面的腳本進行安裝

#!/bin/bash
# 定義日志文件路徑
LOG_FILE="/var/log/keepalived_install.log"# 定義環境變量
KEEPALIVED_VERSION="2.3.2"
KEEPALIVED_INSTALL_PATH="/data/server/keepalived"
KEEPALIVED_TAR_NAME="keepalived-${KEEPALIVED_VERSION}"# 讀取節點角色
read -p "當前節點的角色(MASTER|BACKUP): " KEEPALIVED_ROLE# 定義日志記錄函數
function log() {local timestamp=$(date "+%Y-%m-%d %H:%M:%S")local message="$1"echo "[${timestamp}] ${message}" | tee -a ${LOG_FILE}
}# 定義函數：基本環境定制
function setup_environment() {log "開始基本環境定制"echo "正在更新軟件包列表..."apt update 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "軟件包列表更新成功"elselog "軟件包列表更新失敗"exit 1fiecho "正在安裝必要的軟件包..."apt -y install make gcc ipvsadm build-essential pkg-config automake autoconf \libipset-dev libnl-3-dev libnl-genl-3-dev libssl-dev libxtables-dev libip4tc-dev \libip6tc-dev libmagic-dev libsnmp-dev libglib2.0-dev libpcre2-dev libnftnl-dev \libmnl-dev libsystemd-dev libpopt-dev daemon 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "必要軟件包安裝成功"elselog "必要軟件包安裝失敗"exit 1fi
}# 定義函數：下載軟件
function download_software() {log "開始下載軟件"echo "正在創建目錄并下載 Keepalived ${KEEPALIVED_VERSION}..."mkdir -p /data/{server,softs} 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "目錄創建成功"elselog "目錄創建失敗"exit 1ficd /data/softsif [ ! -f ${KEEPALIVED_TAR_NAME}.tar.gz ]; thenlocal keepalived_url="https://keepalived.org/software/${KEEPALIVED_TAR_NAME}.tar.gz"wget "${keepalived_url}" 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "Keepalived ${KEEPALIVED_VERSION} 下載成功"elselog "Keepalived ${KEEPALIVED_VERSION} 下載失敗"exit 1fifiecho "正在解壓 Keepalived ${KEEPALIVED_VERSION}..."local untar_dir="/data/softs/${KEEPALIVED_TAR_NAME}"[ -d ${untar_dir} ] && rm -rf ${untar_dir}tar xvf "${KEEPALIVED_TAR_NAME}.tar.gz" 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "Keepalived ${KEEPALIVED_VERSION} 解壓成功"elselog "Keepalived ${KEEPALIVED_VERSION} 解壓失敗"exit 1fi
}# 定義函數：編譯安裝
function compile_and_install() {log "開始編譯安裝"echo "正在進入解壓目錄并進行配置..."cd "${KEEPALIVED_TAR_NAME}"./configure --prefix="${KEEPALIVED_INSTALL_PATH}" 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "配置成功，安裝路徑為 ${KEEPALIVED_INSTALL_PATH}"elselog "配置失敗，安裝路徑為 ${KEEPALIVED_INSTALL_PATH}"exit 1fiecho "正在編譯 Keepalived ${KEEPALIVED_VERSION}..."make 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "編譯成功"elselog "編譯失敗"exit 1fiecho "正在安裝 Keepalived ${KEEPALIVED_VERSION} 到 ${KEEPALIVED_INSTALL_PATH}..."make install 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "安裝成功，安裝路徑為 ${KEEPALIVED_INSTALL_PATH}"elselog "安裝失敗，安裝路徑為 ${KEEPALIVED_INSTALL_PATH}"exit 1fi
}# 定義函數：定制服務文件
function customize_service_file() {log "開始定制服務文件"echo "正在復制服務文件..."cd /data/softs/${KEEPALIVED_TAR_NAME}/keepalivedcp keepalived.service /lib/systemd/system/ 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "服務文件復制成功"elselog "服務文件復制失敗"exit 1fi
}# 定義函數：定制配置文件
function customize_config_file() {log "開始定制配置文件"echo "正在定制配置文件..."cd "${KEEPALIVED_INSTALL_PATH}/etc/keepalived/"[ ! -d /etc/keepalived ] && mkdir /etc/keepalived || rm -rf /etc/keepalived/*mv keepalived.conf.sample /etc/keepalived/keepalived.conf 2>&1 | tee -a ${LOG_FILE}local net_name=$(ip a | awk -F " |:" '/MULTICAST/{print $3}'|head -n1)sed -i "s/eth0/${net_name}/g" /etc/keepalived/keepalived.confsed -i '/virtual_server/,$d' /etc/keepalived/keepalived.confif [ "${KEEPALIVED_ROLE}" == "BACKUP" ]; thensed -i 's/MASTER/BACKUP/' /etc/keepalived/keepalived.confsed -i 's/ty 100/ty 90/' /etc/keepalived/keepalived.conf  # 注意：這里可能存在拼寫錯誤（ty應為priority）fiif [ $? -eq 0 ]; thenlog "配置文件定制成功，安裝路徑為 ${KEEPALIVED_INSTALL_PATH}"elselog "配置文件定制失敗，安裝路徑為 ${KEEPALIVED_INSTALL_PATH}"exit 1fi
}# 定義函數：啟動服務
function start_service() {log "開始啟動服務"echo "正在重新加載 systemd 管理器配置..."systemctl daemon-reload 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "systemd 管理器配置重新加載成功"systemctl start keepalivedelselog "systemd 管理器配置重新加載失敗"exit 1fi
}# 主函數，按順序調用各個子函數
function main() {# 檢查環境變量是否為空if [ -z "${KEEPALIVED_VERSION}" ]; thenlog "錯誤：KEEPALIVED_VERSION 環境變量為空"exit 1fiif [ -z "${KEEPALIVED_INSTALL_PATH}" ]; thenlog "錯誤：KEEPALIVED_INSTALL_PATH 環境變量為空"exit 1fisetup_environmentdownload_softwarecompile_and_installcustomize_service_filecustomize_config_filestart_servicelog "Keepalived ${KEEPALIVED_VERSION} 安裝及配置完成，安裝路徑為 ${KEEPALIVED_INSTALL_PATH}！"echo "Keepalived ${KEEPALIVED_VERSION} 安裝及配置完成，安裝路徑為 ${KEEPALIVED_INSTALL_PATH}！"
}# 執行主函數
main

2.配置解讀

1.1?配置簡介

keepalived 默認配置文件主要有三部分組成， global_defs 、 vrrp_instance 、 virtual_server 其中最重要的配置內容是 vrrp_instance ，在這個配置段中，設置了 keepalived 對外提供的統一入口。

修改兩臺 keepalived 主機的global_defs 和 vrrp_instance 部分內容，就能讓 keepalived 正常啟動。

global_defs - 全局配置段router_id 設定當前keepalived提供的路由標識，它在keepalived集群中必須唯一vrrp_instance - vrrp配置段state 描述keepalived主機間的角色定位的，一般只有兩個值MASTER、BACKUPinterface 指定在哪個網卡上綁定VIPvirtual_router_id 指定VIP的唯一標識，在keepalived集群中，此配置必須一致。priority 被VRRP協議來判斷那個router_id作為主路由，值越大，優先級越高authentication 多個路由之間通信的認證virtual_ipaddress 指定VIP的地址，可以是多個。virtual_server - vs配置段lb_algo 定制算法信息protocol 數據通信協議的定制real_server 后端真實主機的定制

查看幫助信息

二進制包安裝方式

man keepalived.conf

源碼包安裝方式

man /usr/share/man/man5/keepalived.conf.5.gz

1.2?配置細節

root @ubuntu24-13: ~ # tcpdump -i ens33 host 224.0.0.18 -nn? ? # vrrp 通信數據

1.3?簡單實踐

兩臺主機安裝nginx(略)

keepalived里面修改

? ?virtual_ipaddress { ? ? ? ?

192.168.8.100

? ?}

?interface ens224

每個主機都增加一個網卡例如ens224

最終修改實現的效果如下

命令：for i in {1..10};do curl 192.168.8.100;done

結果顯示： VIP 效果完全正常，可以替代原來的 web 地址訪問效果

15主機上抓包? ? ?tcpdump -i ens224?-nn host 224.0.0.18 12主機優先級高所以它占用vip

停掉12主機? ?15主機搶了VIP,說明keepalived默認 工作模式是 搶占式，開啟12主機后又恢復。

1.4 日志功能

（1）日志存放在哪里

默認情況下， keepalived 的日志功能是放入到 syslog 文件里面的，但是 syslog 文件不僅僅給 keepalived使用，還給很多其他的服務去使用，所以，一般情況下，我們需要將keepalived 的日志功能，單獨獨立出來。

cat /data/server/keepalived/etc/sysconfig/keepalived? ? ? ? ? #查看依賴的配置文件

KEEPALIVED_OPTIONS = "-D" # 記錄詳細的日志

data/server/keepalived/sbin/keepalived --help? ? # 查看 keepalived 的命令啟動選項

KEEPALIVED_OPTIONS="-D -S 6"? 注：里面解釋了左邊命令所寫的原因

（2）定制日志輸出

在/etc/rsyslog.d/目錄下創建 keepalived的日志配置文件keepalived.conf

[root@rocky9-15 ~]# vim /etc/rsyslog.d/keepalived.conf

local6. * / var / log / keepalived.log

& ~

注意:? & ~ 表示 keepalived 日志僅僅寫入 / var / log / keepalived.log 中，不寫入 / var / log / syslog 文件。

[root@rocky9-15 ~]# vim /etc/sysconfig/keepalived? ?# apt 安裝的在 / etc / default / keepalived

KEEPALIVED_OPTIONS = "-D -S 6"

systemctl restart rsyslog.service? ? ? ? ? ? ? #重啟rsyslog服務

systemctl restart keepalived.service? ? ? ??#重啟keepalived服務

tail /var/log/keepalived.log? ? ? ? ? ? ? ? ? ? ? ?#查看日志效果

1.5?子配置[M]

當生產環境復雜時， / etc / keepalived / keepalived.conf 文件中內容過多，除了全局級別的配

置，還有大量的業務級別的配置，相當的不易管理。?利用 include 指令可以實現包含子配置文件。

配置格式：

include / path / file

定制主從配置文件? 其中#里面的內容是定制從節點配置要寫的

global_defs {router_id kpmaster   #kpbackup
}vrrp_instance VI_1 {state MASTER         #BACKUP interface ens224virtual_router_id 50priority 100         #100以下，例99authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.8.100}
}

確定確認要截取的內容