Keepalived 高可用热备配置教程
Keepalived 是一款基于 VRRP(虚拟路由冗余协议)的高可用软件,广泛用于实现服务器的主备自动切换。它通过虚拟 IP(VIP)漂移机制,在主服务器故障时自动将流量切换到备用服务器,实现服务的不间断运行。Keepalived 最常见的用法是与 HAProxy、Nginx 等负载均衡器搭配使用,消除单点故障。本文将介绍如何在搬瓦工 VPS 上配置 Keepalived 实现高可用架构。
一、VRRP 协议原理
- 虚拟路由器:多台物理服务器组成一个虚拟路由器组,对外提供统一的 VIP。
- Master/Backup:组内只有一台 Master 持有 VIP,其余为 Backup。
- 优先级竞选:优先级最高的节点成为 Master,Master 定期发送 VRRP 通告。
- 故障切换:Backup 节点在指定时间内未收到 Master 通告时,优先级最高的 Backup 接管 VIP。
二、安装 Keepalived
Ubuntu/Debian
apt update
apt install keepalived -yCentOS
yum install keepalived -y三、配置 Master 节点
在第一台搬瓦工 VPS 上配置 Master 角色:
cat > /etc/keepalived/keepalived.conf <<EOF
global_defs {
router_id LVS_MASTER
script_user root
enable_script_security
}
vrrp_script check_haproxy {
script "/usr/bin/killall -0 haproxy"
interval 2
weight -20
fall 3
rise 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass your_secret_password
}
virtual_ipaddress {
192.168.1.100/24
}
track_script {
check_haproxy
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
EOF四、配置 Backup 节点
在第二台 VPS 上配置 Backup 角色,主要区别是 state 和 priority:
cat > /etc/keepalived/keepalived.conf <<EOF
global_defs {
router_id LVS_BACKUP
script_user root
enable_script_security
}
vrrp_script check_haproxy {
script "/usr/bin/killall -0 haproxy"
interval 2
weight -20
fall 3
rise 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass your_secret_password
}
virtual_ipaddress {
192.168.1.100/24
}
track_script {
check_haproxy
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
EOF五、创建通知脚本
cat > /etc/keepalived/notify.sh <<'EOF'
#!/bin/bash
TYPE=$1
HOSTNAME=$(hostname)
DATE=$(date '+%Y-%m-%d %H:%M:%S')
case $TYPE in
master)
echo "$DATE - $HOSTNAME became MASTER" >> /var/log/keepalived-notify.log
;;
backup)
echo "$DATE - $HOSTNAME became BACKUP" >> /var/log/keepalived-notify.log
;;
fault)
echo "$DATE - $HOSTNAME entered FAULT state" >> /var/log/keepalived-notify.log
;;
esac
EOF
chmod +x /etc/keepalived/notify.sh六、自定义健康检查脚本
除了简单的进程检查,还可以编写更复杂的健康检查脚本:
cat > /etc/keepalived/check_service.sh <<'EOF'
#!/bin/bash
# 检查 HAProxy 是否正常响应
if curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:8404/stats | grep -q "200"; then
exit 0
else
exit 1
fi
EOF
chmod +x /etc/keepalived/check_service.sh在配置中引用此脚本:
vrrp_script check_service {
script "/etc/keepalived/check_service.sh"
interval 3
weight -30
fall 3
rise 2
}七、启动服务
在两台 VPS 上分别启动 Keepalived:
systemctl enable --now keepalived
systemctl status keepalived验证 VIP 是否在 Master 上生效:
ip addr show eth0应该能看到 VIP 地址绑定在 Master 的网卡上。
八、测试故障切换
在 Master 节点上停止 Keepalived 或被检测的服务:
systemctl stop haproxy观察 Backup 节点的日志和 IP 地址,VIP 应该会在几秒内漂移到 Backup 节点:
tail -f /var/log/keepalived-notify.log
ip addr show eth0九、非抢占模式
默认情况下,当 Master 恢复后会重新抢回 VIP。如果不希望频繁切换,可以配置非抢占模式:
vrrp_instance VI_1 {
state BACKUP
nopreempt
...
}注意:两台都需要设置为 BACKUP state,并且只在优先级较高的那台加上 nopreempt。
十、常见问题
两台都成为 Master(脑裂)
通常是 VRRP 组播包被防火墙阻止,确保放行 VRRP 协议(协议号 112):
iptables -A INPUT -p vrrp -j ACCEPTVIP 无法 ping 通
确认网卡名称是否正确,使用 ip link show 查看实际的网卡名。云环境中可能需要使用单播模式替代组播。
总结
Keepalived 是实现高可用架构的基石,配合 HAProxy 负载均衡器 可以构建一套完整的高可用负载均衡集群。在搬瓦工 VPS 上部署此架构,可以为你的生产服务提供可靠的容错能力。购买搬瓦工 VPS 请查看 全部方案,使用优惠码 NODESEEK2026 可享 6.77% 折扣,购买链接:bwh81.net。