配置文件:
主:192.168.1.14
! Configuration File for keepalived global_defs { script_user root enable_script_security } vrrp_script check_nginx { script "/etc/keepalived/nginx_check.sh" interval 10 } vrrp_instance VI_1 { state BACKUP nopreempt interface eth0 virtual_router_id 101 priority 100 unicast_src_ip 192.168.1.14 unicast_peer { 192.168.1.15 } advert_int 1 authentication { auth_type PASS auth_pass test123 } virtual_ipaddress { 118.24.101.16/24 dev eth1 } track_interface { eth0 } track_script { check_nginx } } keepalived.conf
備:192.168.1.15
! Configuration File for keepalived global_defs { script_user root enable_script_security } vrrp_script check_nginx { script "/etc/keepalived/nginx_check.sh" interval 10 } vrrp_instance VI_1 { state BACKUP nopreempt interface eth0 virtual_router_id 101 priority 50 unicast_src_ip 192.168.1.15 unicast_peer { 192.168.1.14 } advert_int 1 authentication { auth_type PASS auth_pass test123 } virtual_ipaddress { 118.24.101.16/24 dev eth1 } track_interface { eth0 } track_script { check_nginx } }
#!/bin/bash A=`ps -C nginx --no-header |wc -l` if [ $A -eq 0 ]; then systemctl restart nginx.service sleep 1 if [ `ps -C nginx --no-header |wc -l` -eq 0 ]; then systemctl restart keepalived.service fi fi
配置說明:
! Configuration File for keepalived global_defs { script_user root enable_script_security } vrrp_script check_nginx { script "/etc/keepalived/nginx_check.sh" interval 10 } vrrp_instance VI_1 { # 定義一個實例 state BACKUP # 指定Keepalived的角色,MASTER表示此主機是主服務器,BACKUP表示此主機是備用服務器,所以設置priority時要注意MASTER比BACKUP高。如果設置了nopreempt,那么state的這個值不起作用,主備靠priority決定。 nopreempt # 設置為不搶占 interface eth0 #指定監測網絡的接口,當LVS接管時,將會把IP地址添加到該網卡上。 virtual_router_id 101 #虛擬路由標識,同一個vrrp實例使用唯一的標識,同一個vrrp_instance下,MASTER和BACKUP必須一致。 priority 100 #指定這個實例優先級 unicast_src_ip 192.168.1.14 # 配置單播的源地址 unicast_peer { 192.168.1.15 #配置單播的目標地址 } #keepalived在組播模式下所有的信息都會向224.0.0.18的組播地址發送,產生眾多的無用信息,並且會產生干擾和沖突,可以將組播的模式改為單撥。這是一種安全的方法,避免局域網內有大量的keepalived造成虛擬路由id的沖突。 advert_int 1 #心跳報文發送間隔 authentication { auth_type PASS #設置驗證類型,主要有PASS和AH兩種 auth_pass test123 #設置驗證密碼,同一個vrrp_instance下,MASTER和BACKUP的密碼必須一致才能正常通信 } virtual_ipaddress { #設置虛擬IP地址,可以設置多個虛擬IP地址,每行一個 118.24.101.16/24 dev eth1 } track_interface { # 設置額外的監控,里面那個網卡出現問題都會切換 eth0 } track_script { check_nginx } }
問題:兩台機器上面都有VIP的情況
排查:
1.檢查防火牆,發現已經是關閉狀態。
2. keepalived.conf配置問題。
3.可能是上聯交換機禁用了arp的廣播限制,造成keepalive無法通過廣播通信,兩台服務器搶占vip,出現同時都有vip的情況。
tcpdump -i eth0 vrrp -n 檢查發現 14和15都在對224.0.0.18發送消息。但是在正常情況下,備節點如果收到主節點的心跳消息時,優先級高於自己,就不會主動對外發送消息。
解決方法,將多播調整為單播然后重啟服務:
[root@test-15]# vim /etc/keepalived.conf
priority 50
unicast_src_ip 172.19.1.15 #本機ip
unicast_peer {
172.19.1.14 #對端ip
}
[root@test-14]# vim /etc/keepalived.conf
priority 100
unicast_src_ip 172.19.1.14 #本機ip
unicast_peer {
172.19.1.15 #對端ip
}
配置完成后恢復正常,查看:
tcpdump -i eth0 vrrp -n
16:38:45.085456 IP 192.168.1.14 > 192.168.1.15: VRRPv2, Advertisement, (ttl 254), vrid 101, prio 150, authtype simple, intvl 1s, length 20 16:38:45.097735 IP 192.168.1.125 > 224.0.0.18: VRRPv2, Advertisement, vrid 91, prio 101, authtype simple, intvl 1s, length 20 16:38:45.098797 IP 192.168.1.6 > 224.0.0.18: VRRPv2, Advertisement, vrid 60, prio 102, authtype simple, intvl 1s, length 24 16:38:45.098941 IP 192.168.1.59 > 224.0.0.18: VRRPv2, Advertisement, vrid 127, prio 150, authtype simple, intvl 1s, length 20 16:38:45.104014 IP 192.168.1.110 > 224.0.0.18: VRRPv2, Advertisement, vrid 171, prio 102, authtype simple, intvl 1s, length 20 16:38:46.086591 IP 192.168.1.14 > 192.168.1.15: VRRPv2, Advertisement, (ttl 254), vrid 101, prio 150, authtype simple, intvl 1s, length 20 16:38:46.098630 IP 192.168.1.125 > 224.0.0.18: VRRPv2, Advertisement, vrid 91, prio 101, authtype simple, intvl 1s, length 20 16:38:46.099057 IP 192.168.1.59 > 224.0.0.18: VRRPv2, Advertisement, vrid 127, prio 150, authtype simple, intvl 1s, length 20 16:38:46.104108 IP 192.168.1.110 > 224.0.0.18: VRRPv2, Advertisement, vrid 171, prio 102, authtype simple, intvl 1s, length 20 16:38:47.087652 IP 192.168.1.14 > 192.168.1.15: VRRPv2, Advertisement, (ttl 254), vrid 101, prio 150, authtype simple, intvl 1s, length 20