keepalived（2）- keepalived安装和配置

---

目录

• 1. keepalived安装配置
  • 1.1 keepalived安装环境
  • 1.2 keepalived日志文件
  • 1.3 keepalived配置文件
• 2. keepalived配置
  • 2.1 keepalived单示例配置
    • 2.1.1 keepalived节点配置文件
    • 2.1.2 启动keepalived服务
    • 2.1.3 keepalived状态切换
    • 2.1.4 配置keepalived的非抢占模式
  • 2.2. keepalived多实例配置
    • 2.2.1 解决多组Keepalived服务器在一个局域网的冲突问题

---

1. keepalived安装配置

1.1 keepalived安装环境

• keepalived可以直接使用yum方式进行安装：

  [root@nginx-lb01 ~]# yum install keepalived
  
  [root@nginx-lb01 ~]# rpm -q keepalived 
  keepalived-1.3.5-16.el7.x86_64
  

• keepalived的程序文件如下：

  [root@nginx-lb01 ~]# rpm -ql keepalived 
  /etc/keepalived
  /etc/keepalived/keepalived.conf
  /etc/sysconfig/keepalived
  /usr/bin/genhash
  /usr/lib/systemd/system/keepalived.service
  /usr/libexec/keepalived
  /usr/sbin/keepalived
  /usr/share/doc/keepalived-1.3.5
  /usr/share/doc/keepalived-1.3.5/AUTHOR
  /usr/share/doc/keepalived-1.3.5/CONTRIBUTORS
  /usr/share/doc/keepalived-1.3.5/COPYING
  /usr/share/doc/keepalived-1.3.5/ChangeLog
  /usr/share/doc/keepalived-1.3.5/NOTE_vrrp_vmac.txt
  /usr/share/doc/keepalived-1.3.5/README
  /usr/share/doc/keepalived-1.3.5/TODO
  /usr/share/doc/keepalived-1.3.5/keepalived.conf.SYNOPSIS
  /usr/share/doc/keepalived-1.3.5/samples
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.HTTP_GET.port
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.IPv6
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.SMTP_CHECK
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.SSL_GET
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.fwmark
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.inhibit
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.misc_check
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.misc_check_arg
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.quorum
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.sample
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.status_code
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.track_interface
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.virtual_server_group
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.virtualhost
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.localcheck
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.lvs_syncd
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.routes
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.rules
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.scripts
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.static_ipaddress
  /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.sync
  /usr/share/doc/keepalived-1.3.5/samples/sample.misccheck.smbcheck.sh
  /usr/share/man/man1/genhash.1.gz
  /usr/share/man/man5/keepalived.conf.5.gz
  /usr/share/man/man8/keepalived.8.gz
  /usr/share/snmp/mibs/KEEPALIVED-MIB.txt
  /usr/share/snmp/mibs/VRRP-MIB.txt
  /usr/share/snmp/mibs/VRRPv3-MIB.txt
  

  其中主要的文件说明如下：

  • /etc/keepalived/keepalived.conf：keepalived的主配置文件

  • /etc/sysconfig/keepalived：定义keepalived运行方式

  • /usr/lib/systemd/system/keepalived.service：keepalived的system unit file

  • /usr/sbin/keepalived：二进制文件

1.2 keepalived日志文件

默认keepalived的日志存放在系统日志：/var/log/messages下。

若需要把日志单独存放在/var/log/keepalived.log中：

1. 修改/etc/sysconfig/keepalived

   把KEEPALIVED_OPTIONS="-D" 修改为：KEEPALIVED_OPTIONS="-D -d -S 0"

   [root@nginx-lb01 ~]# cat /etc/sysconfig/keepalived
   # Options for keepalived. See `keepalived --help' output and keepalived(8) and
   # keepalived.conf(5) man pages for a list of all options. Here are the most
   # common ones :
   #
   # --vrrp               -P    Only run with VRRP subsystem.
   # --check              -C    Only run with Health-checker subsystem.
   # --dont-release-vrrp  -V    Dont remove VRRP VIPs & VROUTEs on daemon stop.
   # --dont-release-ipvs  -I    Dont remove IPVS topology on daemon stop.
   # --dump-conf          -d    Dump the configuration data.
   # --log-detail         -D    Detailed log messages.
   # --log-facility       -S    0-7 Set local syslog facility (default=LOG_DAEMON)
   #
   
   KEEPALIVED_OPTIONS="-D -d -S 0"
   

2. 在/etc/rsyslog.conf 末尾添加

   [root@nginx-lb01 ~]# vim /etc/rsyslog.conf
   local0.*                         /var/log/keepalived.log
   

3. 重启日志记录服务和keepalived服务

   [root@nginx-lb01 ~]# systemctl restart rsyslog.service 
   

1.3 keepalived配置文件

keepalived的配置文件格式如下：

global_defs {                        #全局定义部分
   notification_email {              #设置警报邮箱
     acassen@firewall.loc            #接收方邮箱地址
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc      #设置发件人地址
   smtp_server 192.168.50.1    #设置smtp server地址
   smtp_connect_timeout 30     #设置smtp超时连接时间    以上参数可以不配置
   router_id LVS_DEVEL         #是Keepalived服务器的路由标识在一个局域网内，这个标识（router_id）是唯一的
   vrrp_mcast_group4 224.0.100.19   #vrrp通告的组播地址，可以修改。
   script_user root
   enable_script_security
}

vrrp_instance VI_1 {      #VRRP实例定义名字VI_1
    state MASTER          #表示当前实例VI_1的角色状态，这个状态只能有MASTER和BACKUP两种状态，并且需要大写这些字符，MASTER为主节点，BACKUP为备用的状态
    interface eth0       #绑定为当前虚拟路由器使用的物理接口；
    virtual_router_id 51 #虚拟路由ID标识,这个标识最好是一个数字,在一个keepalived.conf配置中是唯一的, MASTER和BACKUP配置中相同实例的virtual_router_id必须是一致的.
    priority 100                #priority为优先级 越大越优先，优先级大的选举为MASTER
    advert_int 1               #为同步通知间隔。MASTER与BACKUP之间通信检查的时间间隔，单位为秒，默认为1.
    authentication {           #authentication为权限认证配置不要改动,同一vrrp实例的MASTER与BACKUP使用相同的密码才能正常通信。
        auth_type PASS
        auth_pass 1111         #密码最长为8位，超过8位启动取前8位作为密码进行认证
    }
    virtual_ipaddress {         #设置虚拟IP地址
    	<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>
   		192.168.200.17/24 dev eth1
    	192.168.50.16         #此格式ip addr命令显示 ifconfig不显示
    	192.168.50.17/24 dev eth0 label eth0:1    #绑定接口为eth0，别名为eth0：1
    }
	track_interface {  #配置要监控的网络接口，一旦其中任意接口出现故障，则keepalived转为FAULT状态，VIP进行切换；
		eth0
		eth1
		...
	}
	nopreempt：定义工作模式为非抢占模式；
	preempt_delay 300：抢占式模式下，节点上线后触发新选举操作的延迟时长；
定义通知脚本：
	notify_master <STRING>|<QUOTED-STRING>：当前节点成为主节点时触发的脚本；
	notify_backup <STRING>|<QUOTED-STRING>：当前节点转为备节点时触发的脚本；
	notify_fault <STRING>|<QUOTED-STRING>：当前节点转为“失败”状态时触发的脚本；
	notify <STRING>|<QUOTED-STRING>：通用格式的通知触发机制，一个脚本可完成以上三种状态的转换时的通知；

script_user root

enable_script_security

以上两条命令是配合vrrp_script脚本使用，否则日志中会报错：

Jul  8 17:42:23 nginx-lb02 Keepalived_vrrp[2309]: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
Jul  8 17:42:23 nginx-lb02 Keepalived_vrrp[2309]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.

2. keepalived配置

2.1 keepalived单示例配置

实验环境规划如下：

名称	IP地址	角色	router_id	优先级
nginx-lb01	192.168.20.19	MASTER	keepalived01	120
nginx-lb02	192.168.20.20	BACKUP	keepalived02	100
VIP	192.168.20.28	-	-	-

2.1.1 keepalived节点配置文件

• MASTER节点的配置文件如下：

  [root@nginx-lb01 keepalived]# cat keepalived.conf
  ! Configuration File for keepalived
  
  global_defs {
     notification_email {
       root@localhost
     }
     notification_email_from keepalived@localhost
     smtp_server 127.0.0.1
     smtp_connect_timeout 30
     router_id keepalived01
     script_user root
     enable_script_security
  }
  
  vrrp_instance VI_1 {
      state MASTER
      interface eth1
      virtual_router_id 51
      priority 120
      advert_int 3
      authentication {
          auth_type PASS
          auth_pass 1111
      }
      virtual_ipaddress {
          192.168.20.28/24 dev eth1
      }
  
      notify_master "/etc/keepalived/notify.sh master"
      notify_backup "/etc/keepalived/notify.sh backup"
      notify_fault "/etc/keepalived/notify.sh fault"
  }
  
  

• BACKUP节点的配置文件如下：

  [root@nginx-lb02 keepalived]# cat keepalived.conf
  ! Configuration File for keepalived
  
  global_defs {
     notification_email {
       root@localhost
     }
     notification_email_from keepalived@localhost
     smtp_server 127.0.0.1
     smtp_connect_timeout 30
     router_id keepalived02
  }
  
  vrrp_instance VI_1 {
      state BACKUP
      interface eth1
      virtual_router_id 51
      priority 100
      advert_int 3
      authentication {
          auth_type PASS
          auth_pass 1111
      }
      virtual_ipaddress {
          192.168.20.28/24 dev eth1
      }
  
      notify_master "/etc/keepalived/notify.sh master"
      notify_backup "/etc/keepalived/notify.sh backup"
      notify_fault "/etc/keepalived/notify.sh fault"
  }
  

• 通知脚本notify.sh如下：

  [root@nginx-lb01 keepalived]# cat notify.sh 
  #!/bin/bash
  
  contact='root@localhost'
  notify() {
  	    local mailsubject="$(hostname) to be $1, vip floating"
  		local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
  	    echo "$mailbody" | mail -s "$mailsubject" $contact
  }
  
  case $1 in
  master)
      notify master
  	;;
  backup)
  	notify backup
      ;;
  fault)
      notify fault
  	;;
  *)
  	echo "Usage: $(basename $0) {master|backup|fault}"
  	exit 1
  	;;
  esac
  
  #增加执行权限
  [root@nginx-lb01 keepalived]# chmod +x notify.sh
  

2.1.2 启动keepalived服务

• 启动keepalived服务：

  [root@nginx-lb01 keepalived]# systemctl start keepalived.service
  [root@nginx-lb01 keepalived]# systemctl start keepalived.service
  
  #查看服务状态：
  [root@nginx-lb01 keepalived]# systemctl status keepalived.service 
  ● keepalived.service - LVS and VRRP High Availability Monitor
     Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
     Active: active (running) since Thu 2021-07-08 17:27:56 CST; 21min ago
    Process: 2402 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
   Main PID: 2403 (keepalived)
     CGroup: /system.slice/keepalived.service
             ├─2403 /usr/sbin/keepalived -D -d -S 0
             ├─2404 /usr/sbin/keepalived -D -d -S 0
             └─2405 /usr/sbin/keepalived -D -d -S 0
  
  [root@nginx-lb01 keepalived]# ps -ef | grep keepalived
  root       2403      1  0 17:27 ?        00:00:00 /usr/sbin/keepalived -D -d -S 0
  root       2404   2403  0 17:27 ?        00:00:00 /usr/sbin/keepalived -D -d -S 0
  root       2405   2403  0 17:27 ?        00:00:00 /usr/sbin/keepalived -D -d -S 0
  

• MASTER节点的日志如下：

  [root@nginx-lb01 keepalived]# tail -f /var/log/keepalived.log
  Jul  8 17:52:25 nginx-lb01 Keepalived_vrrp[2533]: VRRP sockpool: [ifindex(3), proto(112), unicast(0), fd(10,11)]
  Jul  8 17:52:27 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) Transition to MASTER STATE 
  Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) Entering MASTER STATE  <==进入MASTER状态
  Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) setting protocol VIPs. <==VIP部署在本机
  Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Sending gratuitous ARP on eth1 for 192.168.20.28 <==发送免费ARP报文
  Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth1 for 192.168.20.28
  Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Sending gratuitous ARP on eth1 for 192.168.20.28
  Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Sending gratuitous ARP on eth1 for 192.168.20.28
  Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Sending gratuitous ARP on eth1 for 192.168.20.28
  Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Sending gratuitous ARP on eth1 for 192.168.20.28
  Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Opening script file /etc/keepalived/notify.sh   <==触发通知脚本
  
  #notify.sh自动发送的邮件信息：
  [root@nginx-lb01 keepalived]# mail
   N  3 root                  Thu Jul  8 17:52  18/712   "nginx-lb01 to be master, vip floating"
  & 3
  Message  3:
  From root@nginx-lb01.localdomain  Thu Jul  8 17:52:30 2021
  Return-Path: <root@nginx-lb01.localdomain>
  X-Original-To: root@localhost
  Delivered-To: root@localhost.localdomain
  Date: Thu, 08 Jul 2021 17:52:30 +0800
  To: root@localhost.localdomain
  Subject: nginx-lb01 to be master, vip floating
  User-Agent: Heirloom mailx 12.5 7/5/10
  Content-Type: text/plain; charset=us-ascii
  From: root@nginx-lb01.localdomain (root)
  Status: R
  
  2021-07-08 17:52:30: vrrp transition, nginx-lb01 changed to be master
  
  

• BACKUP节点的日志如下：

  [root@nginx-lb02 keepalived]# tail -f /var/log/keepalived.log
  Jul  8 17:52:27 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Received advert with higher priority 120, ours 100 <==收到对方优先级更高的报文
  Jul  8 17:52:27 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Entering BACKUP STATE  <==本机进入BACKUP状态
  Jul  8 17:52:27 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) removing protocol VIPs. <==移除本机VIP
  Jul  8 17:52:27 nginx-lb02 Keepalived_vrrp[2309]: Opening script file /etc/keepalived/notify.sh  <==触发通知脚本
  
  #notify.sh自动发送的邮件信息：
  [root@nginx-lb02 keepalived]# mail
   N  2 root                  Thu Jul  8 17:52  18/712   "nginx-lb02 to be backup, vip floating"
  & 2
  Message  2:
  From root@nginx-lb02.localdomain  Thu Jul  8 17:52:27 2021
  Return-Path: <root@nginx-lb02.localdomain>
  X-Original-To: root@localhost
  Delivered-To: root@localhost.localdomain
  Date: Thu, 08 Jul 2021 17:52:27 +0800
  To: root@localhost.localdomain
  Subject: nginx-lb02 to be backup, vip floating
  User-Agent: Heirloom mailx 12.5 7/5/10
  Content-Type: text/plain; charset=us-ascii
  From: root@nginx-lb02.localdomain (root)
  Status: R
  
  2021-07-08 17:52:27: vrrp transition, nginx-lb02 changed to be backup
  

• 虚拟IP地址的使用情况：

  #VIP存在于MASTER节点中：
  [root@nginx-lb01 keepalived]# ip add show eth1
  3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
      link/ether 00:0c:29:33:71:d0 brd ff:ff:ff:ff:ff:ff
      inet 192.168.20.19/24 brd 192.168.20.255 scope global noprefixroute eth1
         valid_lft forever preferred_lft forever
      inet 192.168.20.28/24 scope global secondary eth1
         valid_lft forever preferred_lft forever
      inet6 fe80::f0da:450f:5a80:de8b/64 scope link noprefixroute 
         valid_lft forever preferred_lft forever
  
  #BACKUP节点没有VIP信息：
  [root@nginx-lb02 keepalived]# ip add show eth1
  3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
      link/ether 00:0c:29:21:9d:5c brd ff:ff:ff:ff:ff:ff
      inet 192.168.20.20/24 brd 192.168.20.255 scope global noprefixroute eth1
         valid_lft forever preferred_lft forever
      inet6 fe80::52b0:737b:a3cb:c6a5/64 scope link noprefixroute 
         valid_lft forever preferred_lft forever
         
  #在其他节点查看arp表信息，VIP的MAC地址与MASTER节点的MAC地址相同：
  [C:\~]$ arp -a
  接口: 192.168.20.1 --- 0x8
    Internet 地址         物理地址              类型
    192.168.20.19         00-0c-29-33-71-d0     动态        
    192.168.20.20         00-0c-29-21-9d-5c     动态        
    192.168.20.28         00-0c-29-33-71-d0     动态 
  

2.1.3 keepalived状态切换

模拟MASTER节点故障

#1.停止MASTER节点的keepalived服务，模拟MASTER节点故障
[root@nginx-lb01 keepalived]# systemctl stop keepalived.service 
[root@nginx-lb01 keepalived]# ps aux | grep keepalived
root       2738  0.0  0.0 112808   968 pts/0    R+   19:07   0:00 grep --color=auto keepalived

#2.查看MASTER节点日志
[root@nginx-lb01 keepalived]# tail -f /var/log/keepalived.log 
Jul  8 19:07:36 nginx-lb01 Keepalived[2531]: Stopping
Jul  8 19:07:36 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) sent 0 priority  <==发送0优先级报文
Jul  8 19:07:36 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) removing protocol VIPs.  <==移除VIP
Jul  8 19:07:36 nginx-lb01 Keepalived_healthcheckers[2532]: Stopped
Jul  8 19:07:37 nginx-lb01 Keepalived_vrrp[2533]: Stopped
Jul  8 19:07:37 nginx-lb01 Keepalived[2531]: Stopped Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2

BACKUP节点的状态如下：

#1.查看日志信息
[root@nginx-lb02 keepalived]# tail -f /var/log/keepalived.log 
Jul  8 19:07:37 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Transition to MASTER STATE   <==切换为MASTER节点
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Entering MASTER STATE
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) setting protocol VIPs.
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth1 for 192.168.20.28
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Opening script file /etc/keepalived/notify.sh
Jul  8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth1 for 192.168.20.28
Jul  8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28

#2.查看虚IP信息：
[root@nginx-lb02 keepalived]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:21:9d:5c brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.20/24 brd 192.168.20.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet 192.168.20.28/24 scope global secondary eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::52b0:737b:a3cb:c6a5/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

#3.触发脚本：
[root@nginx-lb02 keepalived]# mail
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/spool/mail/root": 4 messages 4 new
>N  1 root                  Thu Jul  8 17:42  18/712   "nginx-lb02 to be backup, vip floating"
 N  2 root                  Thu Jul  8 17:52  18/712   "nginx-lb02 to be backup, vip floating"
 N  3 root                  Thu Jul  8 17:52  18/712   "nginx-lb02 to be master, vip floating"
 N  4 root                  Thu Jul  8 19:07  18/712   "nginx-lb02 to be master, vip floating"
& 4
Message  4:
From root@nginx-lb02.localdomain  Thu Jul  8 19:07:40 2021
Return-Path: <root@nginx-lb02.localdomain>
X-Original-To: root@localhost
Delivered-To: root@localhost.localdomain
Date: Thu, 08 Jul 2021 19:07:40 +0800
To: root@localhost.localdomain
Subject: nginx-lb02 to be master, vip floating
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: root@nginx-lb02.localdomain (root)
Status: R

2021-07-08 19:07:40: vrrp transition, nginx-lb02 changed to be master

#4.查看其它节点arp信息，虚IP对应的MAC已经更改为BACKUP节点的MAC
[C:\~]$ arp -a
接口: 192.168.20.1 --- 0x8
  Internet 地址         物理地址              类型
  192.168.20.19         00-0c-29-33-71-d0     动态        
  192.168.20.20         00-0c-29-21-9d-5c     动态        
  192.168.20.28         00-0c-29-21-9d-5c     动态 

再次恢复nginx-lb01节点，该节点的状态如下：

#1.查看日志情况，切换为MASTER状态，默认开启了抢占功能：
Jul  8 19:18:51 nginx-lb01 Keepalived_vrrp[2818]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jul  8 19:18:54 nginx-lb01 Keepalived_vrrp[2818]: VRRP_Instance(VI_1) Entering MASTER STATE
Jul  8 19:18:54 nginx-lb01 Keepalived_vrrp[2818]: VRRP_Instance(VI_1) setting protocol VIPs.
Jul  8 19:18:54 nginx-lb01 Keepalived_vrrp[2818]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:18:54 nginx-lb01 Keepalived_vrrp[2818]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth1 for 192.168.20.28

#2.查看VIP情况：
[root@nginx-lb01 ~]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:33:71:d0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.19/24 brd 192.168.20.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet 192.168.20.28/24 scope global secondary eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::f0da:450f:5a80:de8b/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

nginx-lb02节点情况如下：

#1.查看日志信息，收到优先级更高的vrrp报文，切换为BACKUP状态，移除VIP，触发通知脚本
[root@nginx-lb02 ~]# tail -f /var/log/keepalived.log 
Jul  8 19:18:51 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Received advert with higher priority 120, ours 100
Jul  8 19:18:51 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Entering BACKUP STATE
Jul  8 19:18:51 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) removing protocol VIPs.
Jul  8 19:18:51 nginx-lb02 Keepalived_vrrp[2309]: Opening script file /etc/keepalived/notify.sh

[root@nginx-lb02 keepalived]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:21:9d:5c brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.20/24 brd 192.168.20.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::52b0:737b:a3cb:c6a5/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

2.1.4 配置keepalived的非抢占模式

通常master服务故障后backup会变成master，但是当master服务又恢复的时候，master会抢占VIP，这样就会发生两次切换，对业务繁忙的网站来说并不是太友好，此时我们可以配置keepalived为非抢占式(前提两台主机的硬件配置信息一致)。

配置非抢占式步骤如下*

• 两个节点的state都必须配置为BACKUP(官方建议，非必须)

• 两个节点都在vrrp_instance中添加nopreempt参数

• 其中一个节点的优先级必须要高于另外一个节点的优先级。

两台服务器都角色状态启用nopreempt后，必须修改角色状态统一为BACKUP，唯一的区分就是优先级。

配置文件示例如下：

Master节点：
vrrp_instance VI_1 {
	state BACKUP 
	priority 150 
	nopreempt
} 

Backup节点：
vrrp_instance VI_1 { 
	state BACKUP 
	priority 100 
	nopreempt
}

2.2. keepalived多实例配置

keepalived多实例指的是在一组keepalived集群中存在多个vrrp_instance，每个实例对应一个虚IP，每个虚IP都对应后端一个不同的集群，实现负载均衡设备的分流互备。

也可以把这些虚IP多对应一个集群，通过路由或者DNS轮询的方式让客户端的访问分散到这两个虚IP上，也可以实现负载均衡的分流互备，提高设备利用率。

实验环境说明：

节点名称	设备真实IP	vrrp示例1角色/优先级	vrrp示例1虚IP	vrrp示例2角色/优先级	vrrp示例2虚IP
nginx-lb01	192.168.20.19	MASTER/120	192.168.20.28	BACKUP/100	192.168.20.29
nginx-lb02	192.168.20.20	BACKUP/100	192.168.20.28	MASTER/120	192.168.20.29

• nginx-lb01的keepalived配置文件如下：

  [root@nginx-lb01 keepalived]# cat /etc/keepalived/keepalived.conf
  ! Configuration File for keepalived
  
  global_defs {
     notification_email {
       root@localhost
     }
     notification_email_from keepalived@localhost
     smtp_server 127.0.0.1
     smtp_connect_timeout 30
     router_id keepalived01
  }
  
  vrrp_instance VI_1 {
      state MASTER
      interface eth1
      virtual_router_id 51
      priority 120
      advert_int 3
      authentication {
          auth_type PASS
          auth_pass 1111
      }
      virtual_ipaddress {
          192.168.20.28/24 dev eth1
      }
  
      notify_master "/etc/keepalived/notify.sh master"
      notify_backup "/etc/keepalived/notify.sh backup"
      notify_fault "/etc/keepalived/notify.sh fault"
  }
  
  vrrp_instance VI_2 {
      state BACKUP
      interface eth1
      virtual_router_id 52
      priority 100
      advert_int 3
      authentication {
          auth_type PASS
          auth_pass 2222
      }
      virtual_ipaddress {
          192.168.20.29/24 dev eth1
      }
  
      notify_master "/etc/keepalived/notify.sh master"
      notify_backup "/etc/keepalived/notify.sh backup"
      notify_fault "/etc/keepalived/notify.sh fault"
  }
  
  [root@nginx-lb01 keepalived]# cat /etc/keepalived/notify.sh 
  #!/bin/bash
  
  contact='root@localhost'
  notify() {
  	        local mailsubject="$(hostname) to be $1, vip floating"
  		local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
  	        echo "$mailbody" | mail -s "$mailsubject" $contact
  }
  
  case $1 in
  master)
          notify master
  	;;
  backup)
  	notify backup
          ;;
  fault)
          notify fault
  	;;
  *)
  	echo "Usage: $(basename $0) {master|backup|fault}"
  	exit 1
  	;;
  esac
  

• nginx-lb02的keepalived配置文件如下：

  [root@nginx-lb02 keepalived]# cat /etc/keepalived/keepalived.conf
  ! Configuration File for keepalived
  
  global_defs {
     notification_email {
       root@localhost
     }
     notification_email_from keepalived@localhost
     smtp_server 127.0.0.1
     smtp_connect_timeout 30
     router_id keepalived02
  }
  
  vrrp_instance VI_1 {
      state BACKUP
      interface eth1
      virtual_router_id 51
      priority 100
      advert_int 3
      authentication {
          auth_type PASS
          auth_pass 1111
      }
      virtual_ipaddress {
          192.168.20.28/24 dev eth1
      }
  
      notify_master "/etc/keepalived/notify.sh master"
      notify_backup "/etc/keepalived/notify.sh backup"
      notify_fault "/etc/keepalived/notify.sh fault"
  }
  
  vrrp_instance VI_2 {
      state MASTER
      interface eth1
      virtual_router_id 52
      priority 120
      advert_int 3
      authentication {
          auth_type PASS
          auth_pass 2222
      }
      virtual_ipaddress {
          192.168.20.29/24 dev eth1
      }
  
      notify_master "/etc/keepalived/notify.sh master"
      notify_backup "/etc/keepalived/notify.sh backup"
      notify_fault "/etc/keepalived/notify.sh fault"
  }
  
  [root@nginx-lb02 keepalived]# cat /etc/keepalived/notify.sh 
  #!/bin/bash
  
  contact='root@localhost'
  notify() {
  	        local mailsubject="$(hostname) to be $1, vip floating"
  		local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
  	        echo "$mailbody" | mail -s "$mailsubject" $contact
  }
  
  case $1 in
  master)
          notify master
  	;;
  backup)
  	notify backup
          ;;
  fault)
          notify fault
  	;;
  *)
  	echo "Usage: $(basename $0) {master|backup|fault}"
  	exit 1
  	;;
  esac
  
  

• 重启keepalived服务，观察虚IP情况：

  #1.两台节点重启keepalived服务
  [root@nginx-lb01 keepalived]# systemctl restart keepalived.service
  
  [root@nginx-lb02 keepalived]# systemctl restart keepalived.service 
  
  #2.查看nginx-lb01节点的日志：
  [root@nginx-lb01 keepalived]# tail -f /var/log/keepalived.log
  Jul  8 23:00:09 nginx-lb01 Keepalived_vrrp[3323]: VRRP_Instance(VI_2) Entering BACKUP STATE
  Jul  8 23:00:12 nginx-lb01 Keepalived_vrrp[3323]: VRRP_Instance(VI_1) Transition to MASTER STATE
  
  #3.查看nginx-lb02节点的日志：
  [root@nginx-lb02 keepalived]# tail -f /var/log/keepalived.log
  Jul  8 22:59:59 nginx-lb02 Keepalived_vrrp[3152]: VRRP_Instance(VI_1) Entering BACKUP STATE
  Jul  8 23:00:05 nginx-lb02 Keepalived_vrrp[3152]: VRRP_Instance(VI_2) Entering MASTER STATE
  Jul  8 23:00:05 nginx-lb02 Keepalived_vrrp[3152]: VRRP_Instance(VI_2) setting protocol VIPs.
  
  #4.查看虚IP地址192.168.20.28的MASTER为nginx-lb01节点
  [root@nginx-lb01 keepalived]# ip add show eth1
  3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
      link/ether 00:0c:29:33:71:d0 brd ff:ff:ff:ff:ff:ff
      inet 192.168.20.19/24 brd 192.168.20.255 scope global noprefixroute eth1
         valid_lft forever preferred_lft forever
      inet 192.168.20.28/24 scope global secondary eth1
         valid_lft forever preferred_lft forever
      inet6 fe80::f0da:450f:5a80:de8b/64 scope link noprefixroute 
         valid_lft forever preferred_lft forever
  
  #5.查看虚IP地址192.168.20.29的MASTER为nginx-lb02节点
  [root@nginx-lb02 keepalived]# ip add show eth1
  3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
      link/ether 00:0c:29:21:9d:5c brd ff:ff:ff:ff:ff:ff
      inet 192.168.20.20/24 brd 192.168.20.255 scope global noprefixroute eth1
         valid_lft forever preferred_lft forever
      inet 192.168.20.29/24 scope global secondary eth1
         valid_lft forever preferred_lft forever
      inet6 fe80::52b0:737b:a3cb:c6a5/64 scope link noprefixroute 
         valid_lft forever preferred_lft forever
  

2.2.1 解决多组Keepalived服务器在一个局域网的冲突问题

当在同一个局域网内部署了多组Keepalived服务器对，而又未使用专门的心跳线通信时，可能会发生高可用接管的严重故障问题。之前已经讲解过Keepalived高可用功能是通过VRRP协议实现的，VRRP协议默认通过IP多播的形式实现高可用对之间的通信，如果同一个局域网内存在多组Keepalived服务器对，就会造成IP多播地址冲突问题，导致接管错乱，不同组的Keepalived都会使用默认的224.0.0.18作为多播地址。此时的解决办法是，在同组的Keepalived服务器所有的配置文件里指定独一无二的多播地址，配置如下：

global_defs {                   #全局配置
router_id LVS_19                #服务标识
vrrp_mcast_group4 224.0.0.19   #这个就是指定多播地址的配置
}

#提示：

1）不同实例的通信认证密码也最好不同，以确保接管正常。