配置文件:
主:192.168.1.14
! Configuration File for keepalived global_defs { script_user root enable_script_security } vrrp_script check_nginx { script "/etc/keepalived/nginx_check.sh" interval 10 } vrrp_instance VI_1 { state BACKUP nopreempt interface eth0 virtual_router_id 101 priority 100 unicast_src_ip 192.168.1.14 unicast_peer { 192.168.1.15 } advert_int 1 authentication { auth_type PASS auth_pass test123 } virtual_ipaddress { 118.24.101.16/24 dev eth1 } track_interface { eth0 } track_script { check_nginx } } keepalived.conf
备:192.168.1.15
! Configuration File for keepalived global_defs { script_user root enable_script_security } vrrp_script check_nginx { script "/etc/keepalived/nginx_check.sh" interval 10 } vrrp_instance VI_1 { state BACKUP nopreempt interface eth0 virtual_router_id 101 priority 50 unicast_src_ip 192.168.1.15 unicast_peer { 192.168.1.14 } advert_int 1 authentication { auth_type PASS auth_pass test123 } virtual_ipaddress { 118.24.101.16/24 dev eth1 } track_interface { eth0 } track_script { check_nginx } }
#!/bin/bash A=`ps -C nginx --no-header |wc -l` if [ $A -eq 0 ]; then systemctl restart nginx.service sleep 1 if [ `ps -C nginx --no-header |wc -l` -eq 0 ]; then systemctl restart keepalived.service fi fi
配置说明:
! Configuration File for keepalived global_defs { script_user root enable_script_security } vrrp_script check_nginx { script "/etc/keepalived/nginx_check.sh" interval 10 } vrrp_instance VI_1 { # 定义一个实例 state BACKUP # 指定Keepalived的角色,MASTER表示此主机是主服务器,BACKUP表示此主机是备用服务器,所以设置priority时要注意MASTER比BACKUP高。如果设置了nopreempt,那么state的这个值不起作用,主备靠priority决定。 nopreempt # 设置为不抢占 interface eth0 #指定监测网络的接口,当LVS接管时,将会把IP地址添加到该网卡上。 virtual_router_id 101 #虚拟路由标识,同一个vrrp实例使用唯一的标识,同一个vrrp_instance下,MASTER和BACKUP必须一致。 priority 100 #指定这个实例优先级 unicast_src_ip 192.168.1.14 # 配置单播的源地址 unicast_peer { 192.168.1.15 #配置单播的目标地址 } #keepalived在组播模式下所有的信息都会向224.0.0.18的组播地址发送,产生众多的无用信息,并且会产生干扰和冲突,可以将组播的模式改为单拨。这是一种安全的方法,避免局域网内有大量的keepalived造成虚拟路由id的冲突。 advert_int 1 #心跳报文发送间隔 authentication { auth_type PASS #设置验证类型,主要有PASS和AH两种 auth_pass test123 #设置验证密码,同一个vrrp_instance下,MASTER和BACKUP的密码必须一致才能正常通信 } virtual_ipaddress { #设置虚拟IP地址,可以设置多个虚拟IP地址,每行一个 118.24.101.16/24 dev eth1 } track_interface { # 设置额外的监控,里面那个网卡出现问题都会切换 eth0 } track_script { check_nginx } }
问题:两台机器上面都有VIP的情况
排查:
1.检查防火墙,发现已经是关闭状态。
2. keepalived.conf配置问题。
3.可能是上联交换机禁用了arp的广播限制,造成keepalive无法通过广播通信,两台服务器抢占vip,出现同时都有vip的情况。
tcpdump -i eth0 vrrp -n 检查发现 14和15都在对224.0.0.18发送消息。但是在正常情况下,备节点如果收到主节点的心跳消息时,优先级高于自己,就不会主动对外发送消息。
解决方法,将多播调整为单播然后重启服务:
[root@test-15]# vim /etc/keepalived.conf
priority 50
unicast_src_ip 172.19.1.15 #本机ip
unicast_peer {
172.19.1.14 #对端ip
}
[root@test-14]# vim /etc/keepalived.conf
priority 100
unicast_src_ip 172.19.1.14 #本机ip
unicast_peer {
172.19.1.15 #对端ip
}
配置完成后恢复正常,查看: tcpdump -i eth0 vrrp -n
16:38:45.085456 IP 192.168.1.14 > 192.168.1.15: VRRPv2, Advertisement, (ttl 254), vrid 101, prio 150, authtype simple, intvl 1s, length 20 16:38:45.097735 IP 192.168.1.125 > 224.0.0.18: VRRPv2, Advertisement, vrid 91, prio 101, authtype simple, intvl 1s, length 20 16:38:45.098797 IP 192.168.1.6 > 224.0.0.18: VRRPv2, Advertisement, vrid 60, prio 102, authtype simple, intvl 1s, length 24 16:38:45.098941 IP 192.168.1.59 > 224.0.0.18: VRRPv2, Advertisement, vrid 127, prio 150, authtype simple, intvl 1s, length 20 16:38:45.104014 IP 192.168.1.110 > 224.0.0.18: VRRPv2, Advertisement, vrid 171, prio 102, authtype simple, intvl 1s, length 20 16:38:46.086591 IP 192.168.1.14 > 192.168.1.15: VRRPv2, Advertisement, (ttl 254), vrid 101, prio 150, authtype simple, intvl 1s, length 20 16:38:46.098630 IP 192.168.1.125 > 224.0.0.18: VRRPv2, Advertisement, vrid 91, prio 101, authtype simple, intvl 1s, length 20 16:38:46.099057 IP 192.168.1.59 > 224.0.0.18: VRRPv2, Advertisement, vrid 127, prio 150, authtype simple, intvl 1s, length 20 16:38:46.104108 IP 192.168.1.110 > 224.0.0.18: VRRPv2, Advertisement, vrid 171, prio 102, authtype simple, intvl 1s, length 20 16:38:47.087652 IP 192.168.1.14 > 192.168.1.15: VRRPv2, Advertisement, (ttl 254), vrid 101, prio 150, authtype simple, intvl 1s, length 20