LVS+Keepalived 高可用集群部署手册

前言在企业级服务架构中单点故障与性能瓶颈是核心风险。LVSLinux Virtual Server实现四层负载均衡Keepalived 基于 VRRP 协议实现故障自动切换二者结合可构建高可用、高并发、无间断的负载均衡集群广泛用于 Web、邮件、数据库等核心服务。本文基于 CentOS 7/OpenEuler 24 环境完整复现 LVS-DR Keepalived 部署流程包含全部实操命令、配置文件与关键原理覆盖双机热备、负载调度、健康检查、故障漂移全场景。一、核心基础知识点1.1 LVS 核心概念LVSLinux 内核级负载均衡器工作在传输层TCP/UDP性能远超 Nginx 七层代理。DR 模式Direct RouteLVS 最优模式调度器仅修改请求 MAC 地址响应由后端服务器直接返回客户端吞吐量最高、延迟最低。关键工具ipvsadmLVS 规则管理工具。1.2 Keepalived 核心原理基于VRRP虚拟路由冗余协议实现多机热备同一集群内只有主节点MASTER持有 VIP虚拟 IP。核心能力VIP 自动漂移、节点健康检查、LVS 规则自动配置。关键角色MASTER主调度器优先级高持有 VIP。BACKUP备调度器监听主节点状态主节点故障自动接管 VIP。关键参数virtual_router_id集群唯一标识、priority优先级越大越优先、auth_pass集群认证密码。1.3 集群架构规划表格角色主机名物理 IP服务主调度器LVS-MASTERlb01192.168.10.101Keepalived、ipvsadm备调度器LVS-BACKUPlb02192.168.10.102Keepalived、ipvsadm后端 Web 节点 1web01192.168.10.103Nginx/Apache后端 Web 节点 2web02192.168.10.104Nginx/Apache集群虚拟 IPVIP-192.168.10.172对外统一访问入口二、环境初始化所有节点执行2.1 关闭防火墙与 SELinuxbash运行# 临时关闭 systemctl stop firewalld setenforce 0 # 永久禁用 systemctl disable firewalld sed -i s/^SELINUX.*/SELINUXdisabled/ /etc/selinux/config # 关闭NetworkManager避免干扰VIP systemctl stop NetworkManager systemctl disable NetworkManager2.2 加载 LVS 内核模块调度器bash运行# 加载ip_vs模块 modprobe ip_vs # 查看模块加载状态 lsmod | grep ip_vs # 查看LVS版本 cat /proc/net/ip_vs三、主调度器lb01192.168.10.101配置3.1 备份 Keepalived 配置文件bash运行dnf install -y keepalived ipvsadm cd /etc/keepalived/ cp keepalived.conf keepalived.conf.bak3.2 编辑主配置文件完整可直接复制bash运行vi /etc/keepalived/keepalived.confconf! Configuration File for keepalived # 全局配置 global_defs { notification_email { admindemo.com } notification_email_from keepalivedlb01.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_MASTER # 主节点唯一标识 vrrp_skip_check_adv_addr vrrp_garp_interval 0 vrrp_gna_interval 0 } # VRRP热备实例 vrrp_instance VI_1 { state MASTER # 主节点标识 interface ens33 # 绑定物理网卡需与本机一致 virtual_router_id 51 # 集群ID主备必须一致 priority 100 # 优先级主节点备节点 advert_int 1 # 心跳间隔秒 authentication { auth_type PASS # 认证类型 auth_pass 1111 # 集群认证密码主备一致 } virtual_ipaddress { 192.168.10.172 # 集群VIP } } # LVS虚拟服务器配置 virtual_server 192.168.10.172 80 { delay_loop 6 # 健康检查间隔秒 lb_algo rr # 调度算法rr轮询、wrr加权轮询、lc最少连接 lb_kind DR # LVS模式DR直接路由 nat_mask 255.255.255.0 protocol TCP # 协议类型 # 后端Web节点1 real_server 192.168.10.103 80 { weight 1 # 节点权重 TCP_CHECK { # 四层健康检查 connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } # 后端Web节点2 real_server 192.168.10.104 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }3.3 配置 DR 模式内核参数禁止发送重定向报文bash运行vi /etc/sysctl.conf添加以下内容confnet.ipv4.conf.all.send_redirects 0 net.ipv4.conf.default.send_redirects 0 net.ipv4.conf.ens33.send_redirects 0bash运行# 生效内核参数 sysctl -p3.4 启动 Keepalived 并设置开机自启bash运行systemctl start keepalived systemctl enable keepalived # 查看VIP是否绑定成功 ip addr show dev ens33四、备调度器lb02192.168.10.102配置4.1 备份配置文件bash运行dnf install -y keepalived ipvsadm cd /etc/keepalived/ cp keepalived.conf keepalived.conf.bak4.2 编辑备节点配置文件仅 3 处与主节点不同bash运行vi /etc/keepalived/keepalived.confconfglobal_defs { router_id LVS_BACKUP # 1.修改为备节点标识 } vrrp_instance VI_1 { state BACKUP # 2.修改为备节点 priority 99 # 3.优先级低于主节点 # 其余配置与主节点完全一致 interface ens33 virtual_router_id 51 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.10.172 } } # LVS虚拟服务器配置与主节点完全一致 virtual_server 192.168.10.172 80 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.255.0 protocol TCP real_server 192.168.10.103 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.10.104 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }4.3 配置内核参数与主节点一致bash运行vi /etc/sysctl.conf添加confnet.ipv4.conf.all.send_redirects 0 net.ipv4.conf.default.send_redirects 0 net.ipv4.conf.ens33.send_redirects 0bash运行sysctl -p4.4 启动服务bash运行systemctl start keepalived systemctl enable keepalived五、后端 Web 节点web01/web02配置DR 模式核心dnf install -y httpd5.1 核心原理DR 模式下后端节点必须配置 VIP且需抑制 ARP 响应避免客户端直接访问后端节点。5.2 配置 ARP 内核参数所有 Web 节点执行bash运行vi /etc/sysctl.conf添加confnet.ipv4.conf.all.arp_ignore 1 net.ipv4.conf.all.arp_announce 2 net.ipv4.conf.default.arp_ignore 1 net.ipv4.conf.default.arp_announce 2 net.ipv4.conf.lo.arp_ignore 1 net.ipv4.conf.lo.arp_announce 2bash运行sysctl -p5.3 绑定 VIP 到环回接口所有 Web 节点执行bash运行# 临时绑定VIP ip addr add 192.168.10.172/32 dev lo label lo:0 # 添加本地路由 ip route add local 192.168.10.172/32 dev lo # 永久生效开机自启 chmod x /etc/rc.local echo ip addr add 192.168.10.172/32 dev lo label lo:0 /etc/rc.local echo ip route add local 192.168.10.172/32 dev lo /etc/rc.local5.4 配置 Web 服务区分页面便于测试web01192.168.10.103bash运行systemctl start httpd systemctl enable httpd echo LVSKeepalived Test Web01 /var/www/html/index.htmlweb02192.168.10.104bash运行systemctl start httpd systemctl enable httpd echo LVSKeepalived Test Web02 /var/www/html/index.html六、集群功能测试6.1 负载均衡测试客户端执行以下命令观察轮询效果bash运行# 循环访问10次 for i in {1..10}; do curl http://192.168.10.172; done预期结果交替返回Web01、Web02。6.2 高可用故障切换测试客户端持续 ping VIPping 192.168.10.172 -t停止主调度器服务systemctl stop keepalived观察 ping 无中断VIP 自动漂移到备节点重启主调度器systemctl start keepalived主节点恢复后自动夺回 VIP6.3 健康检查测试停止 web01 的 httpd 服务systemctl stop httpd访问 VIP请求仅分发到 web02重启 httpd 后自动恢复负载均衡。七、关键补充知识点7.1 LVS 调度算法rr轮询平均分配wrr加权轮询按权重分配适合性能不同的节点lc最少连接动态分配给连接数最少的节点wlc加权最少连接默认算法生产最常用7.2 Keepalived 健康检查方式TCP_CHECK四层检查仅检测端口是否开放速度最快。HTTP_GET七层检查请求指定 URL校验状态码 / MD5。SSL_GETHTTPS 服务专用检查。MISC_CHECK自定义脚本检查灵活度最高。7.3 DR 模式必知坑点调度器与后端节点必须在同一物理网段。后端节点必须抑制 ARP否则 VIP 冲突导致服务不可用。不能在调度器本机访问 VIP需用独立客户端测试。7.4 常用运维命令bash运行# 查看LVS规则 ipvsadm -ln # 查看LVS连接状态 ipvsadm -lnc # 查看Keepalived日志 tail -f /var/log/messages | grep keepalived # 清空LVS规则 ipvsadm -C八、总结LVSKeepalived 是企业四层高可用负载均衡的标准方案LVS 负责流量分发支撑万级并发Keepalived 负责故障切换实现 0 业务中断DR 模式性能最优是生产环境首选完整覆盖负载均衡、高可用、健康检查三大核心能力。