当前位置：首页 > news >正文

KEEPALIVED 全csdn最详细----理论+实验（干货扎实，包教会的）

news 文章来源：https://blog.csdn.net/m0_63022423/article/details/141203066 2024/9/22 7:36:51

环境准备

主机名	IP	虚拟IP（VIP）	功能
ka1	172.25.254.10	172.25.254.100	keepalived服务
ka2	172.25.254.20	172.25.254.100	keepalived服务
realserver1	172.25.254.110		web服务
realserver2	172.25.254.120		web服务

注意一定要关闭selinux,和防火墙，不然在后面配置vrrp时不起作用

#在realserver1上配置
[root@realserver1 ~]# yum install httpd -y
[root@realserver1 ~]# echo realserver1 172.25.254.110 > /var/www/html/index.html
[root@realserver1 ~]# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.#在realserver2上配置
[root@realserver2 ~]# yum install httpd -y
[root@realserver2 ~]# echo realserver2 172.25.254.120 > /var/www/html/index.html
[root@realserver2 ~]# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.#在ka上面测试能否访问
[root@ka1 ~]# curl 172.25.254.110
realserver1 172.25.254.110
[root@ka1 ~]# curl 172.25.254.120
realserver2 172.25.254.120[root@ka2 ~]# curl 172.25.254.110
realserver1 172.25.254.110
[root@ka2 ~]# curl 172.25.254.120
realserver2 172.25.254.120

在ka1,ka2上面配置keepalived:

[root@ka1 ~]#   yum install keepalived -y
[root@ka1 ~]#   systemctl enable --now keepalived[root@ka2 ~]#   yum install keepalived -y
[root@ka2 ~]#   systemctl enable --now keepalived

keepalived基本配置

keepalived的主配置文件为/etc/keepalived/keepalived.conf，我们主要是在这里面进行配置

在ka1上面的配置

首先打开配置文件，找到global_defs（全局配置），vrrp_instance VI_1 (配置虚拟子接口)进行如下配置：

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalivedglobal_defs {notification_email {2787013485@qq.com}notification_email_from keepalived@xie.comsmtp_server 172.0.0.1smtp_connect_timeout 30router_id ka1.xie.comvrrp_skip_check_adv_addrvrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0vrrp_mcast_group4 224.0.0.18vrrp_iptables
}vrrp_instance VI_1 {state MASTERinterface eth0virtual_router_id 100priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.100/24 dev eth0 label eth0:1}
}

其优先级为100，其作为主服务器。

然后我们要重启keepalived服务,进行测试，其就出现VIP来供我们使用。

[root@ka1 ~]# systemctl restart keepalived
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.25.254.10  netmask 255.255.255.0  broadcast 172.25.254.255inet6 fe80::20c:29ff:fe67:d0cc  prefixlen 64  scopeid 0x20<link>ether 00:0c:29:67:d0:cc  txqueuelen 1000  (Ethernet)RX packets 5119  bytes 363815 (355.2 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 9498  bytes 713779 (697.0 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.25.254.100  netmask 255.255.255.0  broadcast 0.0.0.0ether 00:0c:29:67:d0:cc  txqueuelen 1000  (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536inet 127.0.0.1  netmask 255.0.0.0inet6 ::1  prefixlen 128  scopeid 0x10<host>loop  txqueuelen 1000  (Local Loopback)RX packets 8  bytes 600 (600.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 8  bytes 600 (600.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0[root@ka1 ~]#

如下图所示

修改ka2

[root@ka2 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {notification_email {2787013485@qq.com}notification_email_from keepalived@xie.comsmtp_server 172.0.0.1smtp_connect_timeout 30router_id ka1.xie.comvrrp_skip_check_adv_addrvrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0vrrp_mcast_group4 224.0.0.18vrrp_iptables
}vrrp_instance VI_1 {state BACKUPinterface eth0virtual_router_id 100priority 80advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.100/24 dev eth0 label eth0:1}
}

重启测试，然后就发现ka2上是没有VIP的。

抓包测试

[root@ka1 ~]# tcpdump -i eth0 -nn host 224.0.0.18

首先是172.25.254.10为主在发送数据。

然后关闭ka1的keepalived服务再查看该走向，其VIP就会到ka2上面

然后再重启ka1的keepalived服务，再查看，发现又出现了。

使得ka1,ka2能够ping vip

最开始ping VIP172.25.254.100是ping不通的，想要ping通有以下两种方法

1.加上vrrp_iptables

在配置文件里面加上vrrp_iptables，就可以实现了。-----注意ka1,ka2都要设置，这样才能都实现

测试界面如下：

2.注释掉 vrrp_strict

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {notification_email {2787013485@qq.com}notification_email_from keepalived@xie.comsmtp_server 172.0.0.1smtp_connect_timeout 30router_id ka1.xie.comvrrp_skip_check_adv_addr# vrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0vrrp_mcast_group4 224.0.0.18}[root@ka2 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {notification_email {2787013485@qq.com}notification_email_from keepalived@xie.comsmtp_server 172.0.0.1smtp_connect_timeout 30router_id ka1.xie.comvrrp_skip_check_adv_addr# vrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0vrrp_mcast_group4 224.0.0.18}#测试注释掉  # vrrp_strict  ping 172.25.254.100 能否ping通
[root@ka1 ~]# systemctl restart keepalived
[root@ka1 ~]# ping 172.25.254.100
PING 172.25.254.100 (172.25.254.100) 56(84) bytes of data.
64 bytes from 172.25.254.100: icmp_seq=1 ttl=64 time=0.011 ms
64 bytes from 172.25.254.100: icmp_seq=2 ttl=64 time=0.059 ms
64 bytes from 172.25.254.100: icmp_seq=3 ttl=64 time=0.054 ms
64 bytes from 172.25.254.100: icmp_seq=4 ttl=64 time=0.037 ms#测试注释掉  # vrrp_strict  ping 172.25.254.100 能否ping通
[root@ka2 ~]# systemctl restart keepalived
[root@ka2 ~]# ping 172.25.254.100
PING 172.25.254.100 (172.25.254.100) 56(84) bytes of data.
64 bytes from 172.25.254.100: icmp_seq=1 ttl=64 time=0.309 ms
64 bytes from 172.25.254.100: icmp_seq=2 ttl=64 time=0.750 ms
64 bytes from 172.25.254.100: icmp_seq=3 ttl=64 time=0.613 ms
^C
--- 172.25.254.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.309/0.557/0.750/0.185 ms
[root@ka2 ~]#

启用keepalived日志


[root@ka1 ~]# vim /etc/sysconfig/keepalived# Options for keepalived. See `keepalived --help' output and keepalived(8) and
# keepalived.conf(5) man pages for a list of all options. Here are the most
# common ones :
#
# --vrrp               -P    Only run with VRRP subsystem.
# --check              -C    Only run with Health-checker subsystem.
# --dont-release-vrrp  -V    Dont remove VRRP VIPs & VROUTEs on daemon stop.
# --dont-release-ipvs  -I    Dont remove IPVS topology on daemon stop.
# --dump-conf          -d    Dump the configuration data.
# --log-detail         -D    Detailed log messages.
# --log-facility       -S    0-7 Set local syslog facility (default=LOG_DAEMON)
#KEEPALIVED_OPTIONS="-D -S 6"[root@ka1 ~]# vim /etc/rsyslog.conf
#-----------------------------------------省略---------------------------------------------
# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log
local6.*                                                /var/log/keepalived
#-----------------------------------------省略-------------------------------------------[root@ka1 ~]#  systemctl restart rsyslog.service
[root@ka1 ~]#  systemctl restart keepalived.service[root@ka1 ~]# ll /var/log/keepalived.log
-rw------- 1 root root 4005 Aug 17 16:07 /var/log/keepalived.log[root@ka1 ~]# tail -f  /var/log/keepalived.log
Aug 17 16:07:38 ka1 Keepalived_healthcheckers[55872]: Timeout connecting server [192.168.201.100]:443.
Aug 17 16:07:38 ka1 Keepalived_healthcheckers[55872]: Check on service [192.168.201.100]:443 failed after 3 retry.
Aug 17 16:07:38 ka1 Keepalived_healthcheckers[55872]: Removing service [192.168.201.100]:443 from VS [192.168.200.100]:443
Aug 17 16:07:38 ka1 Keepalived_healthcheckers[55872]: Lost quorum 1-0=1 > 0 for VS [192.168.200.100]:443
Aug 17 16:07:38 ka1 Keepalived_healthcheckers[55872]: Remote SMTP server [172.0.0.1]:25 connected.
Aug 17 16:07:53 ka1 Keepalived_healthcheckers[55872]: Error reading data from remote SMTP server [172.0.0.1]:25.

实现独立子配置文件

将原来的主配置文件的虚拟路由部分注释掉，添 include"/etc/keepalived/conf.d/*.conf"，重新写一个子配置文件

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {notification_email {2787013485@qq.com}notification_email_from keepalived@xie.comsmtp_server 172.0.0.1smtp_connect_timeout 30router_id ka1.xie.comvrrp_skip_check_adv_addr# vrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0vrrp_mcast_group4 224.0.0.18# vrrp_iptables
}#vrrp_instance VI_1 {
#    state MASTER
#    interface eth0
#    virtual_router_id 100
#    priority 100
#    advert_int 1
#    authentication {
#        auth_type PASS
#        auth_pass 1111
#    }
#    virtual_ipaddress {
#       172.25.254.100/24 dev eth0 label eth0:1
#    }
#}
include "/etc/keepalived/conf.d/*.conf"[root@ka1 ~]# mkdir -p /etc/keepalived/conf.d
[root@ka1 ~]#  vim /etc/keepalived/conf.d/172.25.254.100.confvrrp_instance VI_1 {state MASTERinterface eth0virtual_router_id 100priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.100/24 dev eth0 label eth0:1}
}[root@ka1 ~]#  systemctl restart keepalived.service
#测试
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.25.254.10  netmask 255.255.255.0  broadcast 172.25.254.255inet6 fe80::20c:29ff:fe67:d0cc  prefixlen 64  scopeid 0x20<link>ether 00:0c:29:67:d0:cc  txqueuelen 1000  (Ethernet)RX packets 35127  bytes 2447462 (2.3 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 71612  bytes 7215886 (6.8 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.25.254.100  netmask 255.255.255.0  broadcast 0.0.0.0ether 00:0c:29:67:d0:cc  txqueuelen 1000  (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536inet 127.0.0.1  netmask 255.0.0.0inet6 ::1  prefixlen 128  scopeid 0x10<host>loop  txqueuelen 1000  (Local Loopback)RX packets 35  bytes 2896 (2.8 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 35  bytes 2896 (2.8 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

keepalived企业应用实例

抢占模式和非抢占模式
非抢占模式
nopreempt

默认为抢占模式preempt，即当高优先级的主机恢复在线后，会抢占低先级的主机的master角色，这样会使vip在KA主机中来回漂移，造成网络抖动，建议设置为非抢占模式 nopreempt ，即高优先级主机恢复后，并不会抢占低优先级主机的master角色。

非抢占模块下,如果原主机down机, VIP迁移至的新主机, 后续也发生down时,仍会将VIP迁移回原主机。

注意：要关闭 VIP抢占，必须将各 keepalived 服务器state配置为BACKUP

ka1上主配置文件的配置：添加nopreempt，并修改BACKUP。

[root@ka1 ~]# vim /etc/keepalived/keepalived.confvrrp_instance VI_1 {state BACKUP     #改为BACKUPinterface eth0virtual_router_id 100priority 100nopreempt        #添加非抢占模式advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.100/24 dev eth0 label eth0:1}
}
[root@ka1 ~]#  systemctl restart keepalived.service[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {state BACKUPinterface eth0virtual_router_id 100priority 80nopreemptadvert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.100/24 dev eth0 label eth0:1}
}[root@ka2 ~]# systemctl restart keepalived

抢占延迟模式 preempt_delay
抢占延迟模式，即优先级高的主机恢复后，不会立即抢回 VIP ，而是延迟一段时间（默认 300s）再抢回 VIP
preempt_delay # # 指定抢占延迟时间为 #s ，默认延迟 300s
注意：需要各 keepalived 服务器 state 为 BACKUP, 并且不要启用 vrrp_strict

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf# KA1主机配置抢占延迟模式vrrp_instance VI_1 {state BACKUPinterface eth0virtual_router_id 100priority 100advert_int 1preempt_delay 5sauthentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.100/24 dev eth0 label eth0:1}
}[root@ka2 ~]# vim /etc/keepalived/keepalived.conf# KA2上的非抢占模式与KA1相同，加上preempt_delay 5s参数即可
vrrp_instance VI_1 {state BACKUPinterface eth0virtual_router_id 100priority 100advert_int 1preempt_delay 5sauthentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.100/24 dev eth0 label eth0:1}
}

然后我们可以通过stop再进行restart keepalived

查看VIP，间隔时间为抢占延时时间。做完这个实验之后建议删掉或者注释·此配置。

4.3 VIP单播配置

默认 keepalived 主机之间利用多播相互通告消息，会造成网络拥塞，可以替换成单播，减少网络流量。

注意：启用 vrrp_strict 时，不能启用单播

# KA1配置组播变单播vrrp_instance VI_1 {state MASTERinterface eth0virtual_router_id 100priority 100advert_int 1#nopreempt#preempt_delay 5sauthentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.100/24 dev eth0 label eth0:1}unicast_src_ip 172.25.254.10unicast_peer {172.25.254.20}
}# KA2配置组播变单播vrrp_instance VI_1 {state BACKUPinterface eth0virtual_router_id 100priority 80advert_int 1#nopreempt#preempt_delay 5sauthentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.100/24 dev eth0 label eth0:1}unicast_src_ip 172.25.254.20unicast_peer {172.25.254.10}}

此时VIP在KA1上，利用抓包工具抓到从KA1传给KA2的流量

现在关掉KA1再做测试

此时VIP跑到KA2上，重新开启KA1后，VIP又会重新回到KA1上

keepalived通知脚本配置

邮件配置

安装邮件发送工具mailx，KA1和KA2都需要安装

[root@ka1 ~]# yum install mailx -y

QQ邮箱配置

[root@ka1 ~]# vim /etc/mail.rc# For Linux and BSD, this should be set.
set bsdcompat
set from=2787013485@qq.com  #自己的QQ邮箱
set smtp=smtp.qq.com
set smtp-auth-user=2787013485@qq.com
set smtp-auth-password=umyqzzecpjhqddbc  #在网页QQ邮箱中申请自己的授权码
set smtp-auth=login
set ssl-verify=ignore

[root@ka1 ~]# vim /etc/mail.rc
[root@ka1 ~]#  echo hello world | mail -s test 2787013485@qq.com

测试发送邮箱：


[root@ka1 ~]# vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dest='2787013485@qq.com'
send_message()
{mail_subj="$HOSTNAME to be $1 vip move"mail_mess="`date +%F\ %T`: vrrp move $HOSTNAME change $1"echo "$mail_mess" | mail -s "$mail_sub" $mail_dest
}case $1 inmaster)send_message master;;backup)send_message backup;;fault)send_message fault;;*);;
esac# 给脚本赋予权限
[root@ka1 ~]# chmod +x /etc/keepalived/mail.sh
# 执行脚本观察QQ邮箱
[root@ka1 ~]# /etc/keepalived/mail.sh master# 编辑配置文件实行脚本的调用
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
=================省略==================
vrrp_instance VI_1 {state MASTERinterface eth0virtual_router_id 100priority 100advert_int 1#nopreempt#preempt_delay 5sauthentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.100/24 dev eth0 label eth0:1}unicast_src_ip 172.25.254.10unicast_peer {172.25.254.20}notify_master "/etc/keepalived/mail.sh master"notify_backup "/etc/keepalived/mail.sh backup"notify_fault "/etc/keepalived/mail.sh fault"
}
=================省略==================# 重启服务
[root@ka1 ~]# systemctl restart keepalived.service#KA2也需要跟KA1做同样的操作,如果不想写可以直接复制
[root@ka2 keepalived]# scp -v 172.25.254.10:/etc/keepalived/mail.sh /etc/keepalived/# 最后停掉KA1的keepalived，然后在自己的QQ邮箱中查看是否发了邮件

实现master/master的Keepalived双主架构
双主架构用途：

master/slave的单主架构，同一时间只有一个Keepalived对外提供服务，此主机繁忙，而另一台主机却很空闲，利用率低下，可以使用master/master的双主架构，解决此问题。

即将两个或以上VIP分别运行在不同的keepalived服务器，以实现服务器并行提供web访问的目的，提高服务器资源利用率。

# KA1主机
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
=================省略==================
vrrp_instance VI_1 {state MASTERinterface eth0virtual_router_id 100priority 100advert_int 1#nopreempt#preempt_delay 5sauthentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.100/24 dev eth0 label eth0:1}unicast_src_ip 172.25.254.10unicast_peer {172.25.254.20}}
vrrp_instance VI_2 {state MASTERinterface eth0virtual_router_id 200priority 80advert_int 1#nopreempt#preempt_delay 5sauthentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.200/24 dev eth0 label eth0:2}unicast_src_ip 172.25.254.10unicast_peer {172.25.254.20}
}
=================省略==================#KA2上
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
=================省略==================
vrrp_instance VI_1 {state BACKUPinterface eth0virtual_router_id 100priority 80advert_int 1#nopreempt#preempt_delay 5sauthentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.100/24 dev eth0 label eth0:1}unicast_src_ip 172.25.254.20unicast_peer {172.25.254.10}
}
vrrp_instance VI_2 {state MASTERinterface eth0virtual_router_id 200priority 100#advert_int 1#nopreemptpreempt_delay 5sauthentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.200/24 dev eth0 label eth0:2}unicast_src_ip 172.25.254.20unicast_peer {172.25.254.10}
}
=================省略==================

此时两台Keepalived主机上都分别有一个VIP

# 在两台后端RealServer上安装httpd
[root@realserver1 ~]# yum install httpd -y
[root@realserver1 ~]# echo realserver1 - 172.25.254.110 > /var/www/html/index.html
[root@realserver1 ~]# systemctl enable --now httpd.service # 配置环回IP地址
[root@realserver1 ~]# ip a a 172.25.254.100/32 dev lo# 禁止ARP响应
[root@realserver1 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2[root@realserver2 ~]# sysctl --p
[root@realserver2 ~]# sysctl --system# RealServer2也做同样的配置
[root@realserver2 ~]# yum install httpd -y
[root@realserver2 ~]# echo realserver2 - 172.25.254.120 > /var/www/html/index.html
[root@realserver2 ~]# systemctl enable --now httpd.service # 配置环回IP地址
[root@realserver2 ~]# ip a a 172.25.254.100/32 dev lo# 禁止ARP响应
[root@realserver2 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2[root@realserver2 ~]# sysctl --p
[root@realserver2 ~]# sysctl --system

# 在两台Keepalived主机上安装ipvsadm
#KA1
[root@ka1 ~]# yum install ipvsadm -y# 在Keepalived配置文件中配置Keepalived
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf=================省略==================
virtual_server 172.25.254.100 80 {delay_loop 6lb_algo wrrlb_kind DR#persistence_timeout 50protocol TCPreal_server 172.25.254.110 80 {weight 1HTTP_GET {url {path /status_code 200}connect_timeout 3nb_get_retry 2delay_before_retry 2}}real_server 172.25.254.120 80 {weight 1HTTP_GET {url {path /status_code 200}connect_timeout 3nb_get_retry 2delay_before_retry 2}}
}
------------省略--------------# KA2
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf 
=================省略==================
virtual_server 172.25.254.100 80 {delay_loop 6lb_algo wrrlb_kind DR#persistence_timeout 50protocol TCPreal_server 172.25.254.110 80 {weight 1HTTP_GET {url {path /status_code 200}connect_timeout 3nb_get_retry 2delay_before_retry 2}}real_server 172.25.254.120 80 {weight 1HTTP_GET {url {path /status_code 200}connect_timeout 3nb_get_retry 2delay_before_retry 2}}
}
=================省略==================
# 重启服务，在测试端进行访问测试结果
# 检查一下lvs策略
[root@ka1 ~]# systemctl restart keepalived.service 
[root@ka1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.254.100:80 wrr-> 172.25.254.110:80            Route   1      0          0         -> 172.25.254.120:80            Route   1      0          0        [root@test ~]# while true; do curl 172.25.254.100; sleep 0.5; done
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120# 模拟故障
#第一台RS1故障，自动切换至RS2
[root@realserver1 ~]# systemctl stop httpd #当RS1故障
[root@realserver1 ~]# while true; do curl 172.25.254.100; sleep 0.5; done
#全部流浪被定向到RS2中
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120#RS1策略被踢出保留RS2的lvs策略
[root@ka1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.254.100:80 wrr   -> 172.25.254.120:80            Route   1      0          0

# 在两台后端RealServer上删掉环回地址
[root@realserver1 ~]# ip a d 172.25.254.100/32 dev lo# 开启ARP响应
[root@realserver1 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=0
net.ipv4.conf.all.arp_announce=0
net.ipv4.conf.lo.arp_ignore=0
net.ipv4.conf.lo.arp_announce=0# 注释掉在Keepalived主机上的LVS策略部分# 两台keepalived主机上安装HAProxy
[root@ka1 ~]# yum install haproxy -y#在两个ka1和ka2两个节点启用内核参数
[root@ka1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
[root@ka1 ~]# sysctl -p# 在两个ka1和ka2实现haproxy的配置
[root@ka1 ~]# vim /etc/haproxy/haproxy.cfg=================省略==================
isten webclusterbind 172.25.254.100:80mode httpbalance roundrobinserver web1 172.25.254.110:80 check inter 3 fall 2 rise 5server web2 172.25.254.120:80 check inter 3 fall 2 rise 5# 编写脚本监测HAProxy状态
[root@ka1 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
killall -0 haproxy# 给脚本执行权限
[root@ka1 ~]# chmod +x /etc/keepalived/test.sh# 在ka1中配置keepalived
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf =================省略==================
vrrp_script check_haproxy {script "/etc/keepalived/test.sh"interval 1weight -30fall 2rise 2timeout 2
}vrrp_instance VI_1 {state MASTERinterface eth0virtual_router_id 100priority 100advert_int 1#nopreempt#preempt_delay 5sauthentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.100/24 dev eth0 label eth0:1}unicast_src_ip 172.25.254.10unicast_peer {172.25.254.20}track_script {check_haproxy}}vrrp_instance VI_2 {state MASTERinterface eth0virtual_router_id 200priority 80advert_int 1#nopreempt#preempt_delay 5sauthentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.200/24 dev eth0 label eth0:2}unicast_src_ip 172.25.254.10unicast_peer {172.25.254.20}
}=================省略==================# 在KA2上配置Keepalived
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf=================省略==================
vrrp_script check_haproxy {script "/etc/keepalived/test.sh"interval 1weight -30fall 2rise 2timeout 2
}vrrp_instance VI_1 {state BACKUPinterface eth0virtual_router_id 100priority 80advert_int 1#nopreempt#preempt_delay 5sauthentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.100/24 dev eth0 label eth0:1}unicast_src_ip 172.25.254.20unicast_peer {172.25.254.10}
}
vrrp_instance VI_2 {state MASTERinterface eth0virtual_router_id 200priority 100#advert_int 1#nopreemptpreempt_delay 5sauthentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.254.200/24 dev eth0 label eth0:2}unicast_src_ip 172.25.254.20unicast_peer {172.25.254.10}track_script {check_haproxy}}
=================省略==================# 重启服务进行测试