Offends/Linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cee91802b306b6c9e9662a0210e502ed8e6f1562
Linux/资源安装/Keepalived部署.md
offends cee91802b3
Some checks failed
continuous-integration/drone Build is failing
Details
synchronization
2025-08-25 15:57:40 +08:00

4.4 KiB
Raw Blame History

本文作者:丁辉

Keepalived部署使用

介绍:当前配置完全可以在大规模生产集群中使用

节点 网关IP VIP
主网关一 192.168.1.11
从网关二 192.168.1.12
192.168.1.10

安装 keepalived

yum install -y keepalived

主节点

编辑配置文件

mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
vi /etc/keepalived/keepalived.conf

内容如下

! Configuration File for keepalived
  
global_defs {
   router_id LVS_DEVEL # 负载均衡标识, 在局域网内应该是唯一的
}

#vrrp_script check_health {
  # 检测脚本
  #script "/etc/keepalived/check_health_status.sh"
  # 执行间隔时间
  #interval 5
#}

vrrp_instance VI_1 {
    # 备用状态(当 MASTER 宕机之后根据优先级提升 BACKUP 为 MASTER )
    state BACKUP
    # 网卡设备名
    interface eth0
    # 标识虚拟路由器的ID(在局域网内应该是唯一的, 0-255)
    virtual_router_id 50
    # 优先级
    priority 100
    # MASTER与BACKUP同步检查的时间间隔
    advert_int 1
    # 非抢占模式
    nopreempt
    # 本机IP地址
    unicast_src_ip 192.168.1.11
    # 对端IP地址
    unicast_peer { 
        192.168.1.12
    }
    authentication {
        # 指定认证方式
        auth_type PASS
        # 指定认证所使用的密码
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.10/24 dev eth0
    }
    # 路由检测, 通过检测指定的网卡是否存在来判断服务是否正常
    track_interface {
        eth0
    }
    # 开启检测脚本
    #track_script {
      #check_health
    #}
}

从节点

编辑配置文件

mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
vi /etc/keepalived/keepalived.conf

内容如下

! Configuration File for keepalived
  
global_defs {
   router_id LVS_DEVEL # 负载均衡标识, 在局域网内应该是唯一的
}

#vrrp_script check_health {
  # 检测脚本
  #script "/etc/keepalived/check_health_status.sh"
  # 执行间隔时间
  #interval 5
#}

vrrp_instance VI_1 {
    # 备用状态(当 MASTER 宕机之后根据优先级提升 BACKUP 为 MASTER )
    state BACKUP
    # 网卡设备名
    interface eth0
    # 标识虚拟路由器的ID(在局域网内应该是唯一的, 0-255)
    virtual_router_id 50
    # 优先级
    priority 50
    # MASTER与BACKUP同步检查的时间间隔
    advert_int 1
    # 非抢占模式
    nopreempt
    # 本机IP地址
    unicast_src_ip 192.168.1.12
    # 对端IP地址
    unicast_peer { 
        192.168.1.11
    }
    authentication {
        # 指定认证方式
        auth_type PASS
        # 指定认证所使用的密码
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.10/24 dev eth0
    }

    # 路由检测, 通过检测指定的网卡是否存在来判断服务是否正常
    track_interface {
        eth0
    }
    # 开启检测脚本
    #track_script {
      #check_health
    #}
}

启动 keepalived

systemctl start keepalived
systemctl enable keepalived
systemctl status keepalived

配置健康检测

  1. 编辑脚本

    vi /etc/keepalived/check_health_status.sh

    内容如下

    #!/bin/bash                                                                                             
/usr/bin/curl -I http://localhost:10254/healthz 

if [ $? -ne 0 ];then

     cat /var/run/keepalived.pid | xargs kill

fi

  2. 授权

    chmod +x /etc/keepalived/check_health_status.sh

  3. 确保服务启动后,编辑 keepalived 配置文件取消检测注释,重启后生效

    systemctl restart keepalived

配置 Keepalived 自恢复

更改 Keepalived Systemd 配置文件, 加入如下内容, Keepalived会一直重启检测服务是否恢复正常

vi /lib/systemd/system/keepalived.service

[Service]
# 总是重启该服务
Restart=always
# 重启间隔时间
RestartSec=10

防火墙配置

开放其中一种即可

  • 允许vrrp流量

    iptables -A INPUT -p vrrp -j ACCEPT

  • 允许组播流量

    iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT