keepalived兩臺機器同時出現vip問題
阿新 • • 發佈:2022-03-03
配置檔案:
主:192.168.1.14
keepalived.conf
! Configuration File for keepalived global_defs { script_user root enable_script_security } vrrp_script check_nginx { script "/etc/keepalived/nginx_check.sh" interval 10 } vrrp_instance VI_1 { state BACKUP nopreempt interface eth0 virtual_router_id101 priority 100 unicast_src_ip 192.168.1.14 unicast_peer { 192.168.1.15 } advert_int 1 authentication { auth_type PASS auth_pass test123 } virtual_ipaddress { 118.24.101.16/24 dev eth1 } track_interface { eth0 } track_script { check_nginx } }
備:192.168.1.15
keepalived.conf
! Configuration File for keepalived global_defs { script_user root enable_script_security } vrrp_script check_nginx { script "/etc/keepalived/nginx_check.sh" interval 10 } vrrp_instance VI_1 { state BACKUP nopreempt interface eth0 virtual_router_id101 priority 50 unicast_src_ip 192.168.1.15 unicast_peer { 192.168.1.14 } advert_int 1 authentication { auth_type PASS auth_pass test123 } virtual_ipaddress { 118.24.101.16/24 dev eth1 } track_interface { eth0 } track_script { check_nginx } }
nginx_check.sh
#!/bin/bash A=`ps -C nginx --no-header |wc -l` if [ $A -eq 0 ]; then systemctl restart nginx.service sleep 1 if [ `ps -C nginx --no-header |wc -l` -eq 0 ]; then systemctl restart keepalived.service fi fi
配置說明:
! Configuration File for keepalived global_defs { script_user root enable_script_security } vrrp_script check_nginx { script "/etc/keepalived/nginx_check.sh" interval 10 } vrrp_instance VI_1 { # 定義一個例項 state BACKUP # 指定Keepalived的角色,MASTER表示此主機是主伺服器,BACKUP表示此主機是備用伺服器,所以設定priority時要注意MASTER比BACKUP高。如果設定了nopreempt,那麼state的這個值不起作用,主備靠priority決定。 nopreempt # 設定為不搶佔 interface eth0 #指定監測網路的介面,當LVS接管時,將會把IP地址新增到該網絡卡上。 virtual_router_id 101 #虛擬路由標識,同一個vrrp例項使用唯一的標識,同一個vrrp_instance下,MASTER和BACKUP必須一致。 priority 100 #指定這個例項優先順序 unicast_src_ip 192.168.1.14 # 配置單播的源地址 unicast_peer { 192.168.1.15 #配置單播的目標地址 } #keepalived在組播模式下所有的資訊都會向224.0.0.18的組播地址傳送,產生眾多的無用資訊,並且會產生干擾和衝突,可以將組播的模式改為單撥。這是一種安全的方法,避免區域網內有大量的keepalived造成虛擬路由id的衝突。 advert_int 1 #心跳報文傳送間隔 authentication { auth_type PASS #設定驗證型別,主要有PASS和AH兩種 auth_pass test123 #設定驗證密碼,同一個vrrp_instance下,MASTER和BACKUP的密碼必須一致才能正常通訊 } virtual_ipaddress { #設定虛擬IP地址,可以設定多個虛擬IP地址,每行一個 118.24.101.16/24 dev eth1 } track_interface { # 設定額外的監控,裡面那個網絡卡出現問題都會切換 eth0 } track_script { check_nginx } }
問題:兩臺機器上面都有VIP的情況
排查:
1.檢查防火牆,發現已經是關閉狀態。
2. keepalived.conf配置問題。
3.可能是上聯交換機禁用了arp的廣播限制,造成keepalive無法通過廣播通訊,兩臺伺服器搶佔vip,出現同時都有vip的情況。
tcpdump -i eth0 vrrp -n 檢查發現 14和15都在對224.0.0.18傳送訊息。但是在正常情況下,備節點如果收到主節點的心跳訊息時,優先順序高於自己,就不會主動對外發送訊息。
解決方法,將多播調整為單播然後重啟服務:
[root@test-15]# vim /etc/keepalived.conf
priority 50
unicast_src_ip 172.19.1.15 #本機ip
unicast_peer {undefined
172.19.1.14 #對端ip
}
[root@test-14]# vim /etc/keepalived.conf
priority 100
unicast_src_ip 172.19.1.14 #本機ip
unicast_peer {undefined
172.19.1.15 #對端ip
}
配置完成後恢復正常,檢視: tcpdump -i eth0 vrrp -n
16:38:45.085456 IP 192.168.1.14 > 192.168.1.15: VRRPv2, Advertisement, (ttl 254), vrid 101, prio 150, authtype simple, intvl 1s, length 20 16:38:45.097735 IP 192.168.1.125 > 224.0.0.18: VRRPv2, Advertisement, vrid 91, prio 101, authtype simple, intvl 1s, length 20 16:38:45.098797 IP 192.168.1.6 > 224.0.0.18: VRRPv2, Advertisement, vrid 60, prio 102, authtype simple, intvl 1s, length 24 16:38:45.098941 IP 192.168.1.59 > 224.0.0.18: VRRPv2, Advertisement, vrid 127, prio 150, authtype simple, intvl 1s, length 20 16:38:45.104014 IP 192.168.1.110 > 224.0.0.18: VRRPv2, Advertisement, vrid 171, prio 102, authtype simple, intvl 1s, length 20 16:38:46.086591 IP 192.168.1.14 > 192.168.1.15: VRRPv2, Advertisement, (ttl 254), vrid 101, prio 150, authtype simple, intvl 1s, length 20 16:38:46.098630 IP 192.168.1.125 > 224.0.0.18: VRRPv2, Advertisement, vrid 91, prio 101, authtype simple, intvl 1s, length 20 16:38:46.099057 IP 192.168.1.59 > 224.0.0.18: VRRPv2, Advertisement, vrid 127, prio 150, authtype simple, intvl 1s, length 20 16:38:46.104108 IP 192.168.1.110 > 224.0.0.18: VRRPv2, Advertisement, vrid 171, prio 102, authtype simple, intvl 1s, length 20 16:38:47.087652 IP 192.168.1.14 > 192.168.1.15: VRRPv2, Advertisement, (ttl 254), vrid 101, prio 150, authtype simple, intvl 1s, length 20