最近,有遇到過一次比較尷尬的情況,特此記錄一下。
有兩台同一個網段的虛擬機,上面分別安裝源碼包的keepaliaved用了跟數據庫做負載均衡,兩台機器的防火牆都關閉了,selinux的配置也設置成了disabled。
但是,同一網段內,外部服務器無法連通vip,具體的配置如下。
master機器的keepalived配置
cat keepalived.conf
global_defs {
notification_email {
123@139.com
}
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NodeA
}
vrrp_script chk {
script "/apps/sh/check.sh"
interval 2
weight -2
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 182
priority 100
advert_int 1
smtp alert
track_interface {
eth1
}
track_script {
chk
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.2 dev eth1 label eth1:1
}
notify_fault "/apps/sh/keepalived.sh stop"
}
backup機器的keepalived配置
cat keepalived.conf
global_defs {
notification_email {
123@139.com
}
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NodeB
}
vrrp_script chk {
script "/apps/sh/check.sh"
interval 2
weight -2
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 182
priority 99
advert_int 1
smtp alert
track_interface {
eth1
}
track_script {
chk
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.2 dev eth1 label eth1:1 }
notify_fault
"/apps/sh/keepalived.sh stop" }
}
啟動keepalived的命令都是
/apps/svr/keepalived/sbin/keepalived -D -S 1 -P -f /apps/conf/keepalived/keepalived.conf -p /apps/run/keepalived/keepalived.pid -r \ /apps/run/keepalivekeepalived_vrrp.pid
目前的狀態是 192.168.1.0的網斷的除了keepalived的master機以外,其它的服務器都不能ping通 vip 192.168.1.2,但是192.168.1..0網段內的其它機器是互通的,檢查配置沒有發現問題,沒有第三方防火牆存在。
最終有人告知,是因為虛擬機是屬於openstack下面的機器,所以需要物理機上面講vip的mac地址跟實ip的mac地址設置一樣才可以正常訪問。
具體如何操作就不知道了,但是歸根結底不是keepalived本身的問題。