AskOverflow.Dev

AskOverflow.Dev Logo AskOverflow.Dev Logo

AskOverflow.Dev Navigation

  • 主页
  • 系统&网络
  • Ubuntu
  • Unix
  • DBA
  • Computer
  • Coding
  • LangChain

Mobile menu

Close
  • 主页
  • 系统&网络
    • 最新
    • 热门
    • 标签
  • Ubuntu
    • 最新
    • 热门
    • 标签
  • Unix
    • 最新
    • 标签
  • DBA
    • 最新
    • 标签
  • Computer
    • 最新
    • 标签
  • Coding
    • 最新
    • 标签
主页 / server / 问题

问题[keepalived](server)

Martin Hope
Yonoss
Asked: 2023-07-27 01:49:24 +0800 CST

Keepalived 如何定义在主节点和备份节点上重新启动后仍保留的 VIP?

  • 5

我正在尝试找到一种方法来在整个集群、主节点和备份节点上保留 keepalived 虚拟 IP。

默认情况下,keepalived 仅在扮演主角色的节点上激活虚拟 IP。所有其他节点都将删除它。

我想要实现的是让这个虚拟IP在所有节点(主节点和备份节点)上始终处于活动状态,即使主节点重新启动后也是如此。

到目前为止,我可以通过运行以下命令在所有节点上激活 VIP:

sudo ip addr add 192.168.1.100/24 dev enp0s3

但这样做的问题是:一旦我重新启动主节点,VIP 将从备份节点中删除。

我需要一些东西即使在主服务器重新启动后也能保留这些 VIP。有任何想法吗?

谢谢

keepalived
  • 1 个回答
  • 24 Views
Martin Hope
motorleague
Asked: 2022-03-26 07:35:55 +0800 CST

当 Firewalld 运行时,Keepalived 脑裂

  • 0

我正在使用 keepalived 在两个 Alma 8 Nginx 服务器之间提供可用性(如果有任何相关性,则托管在 VMWare 上)。启用 firewalld 后,尽管为 VRRP 设置了丰富的规则,但当我启动 firewalld 时,两台主机都开始响应虚拟 IP:

root@dca-nfs01:~# arping 172.31.5.233
60 bytes from 00:50:56:84:ac:d0 (172.31.5.233): index=39 time=1.960 usec
60 bytes from 00:50:56:84:ac:d0 (172.31.5.233): index=40 time=20.660 usec
60 bytes from 00:50:56:84:52:ed (172.31.5.233): index=41 time=24.930 usec
60 bytes from 00:50:56:84:ac:d0 (172.31.5.233): index=42 time=534.616 msec
60 bytes from 00:50:56:84:52:ed (172.31.5.233): index=43 time=534.646 msec

我的 keepalived 配置取自标准教程模板,如下所示:

[root@dca-ngx01-al ~]# cat /etc/keepalived/keepalived.conf
global_defs {
  # Keepalived process identifier
  router_id nginx
}

# Script to check whether Nginx is running or not
vrrp_script check_nginx {
  script "/sbin/pidof nginx"
  interval 2
  weight 50
}

# Virtual interface - The priority specifies the order in which the assigned interface to take over in a failover
vrrp_instance VI_01 {
  state MASTER
  interface ens192
  virtual_router_id 151
  priority 110

  # The virtual ip address shared between the two NGINX Web Server which will float
  virtual_ipaddress {
    172.31.5.233
  }
  track_script {
    check_nginx
  }
  authentication {
    auth_type AH
    auth_pass secret
  }
}

两个盒子都有一个简单的单区防火墙,我添加了一个丰富的规则来允许两台主机之间的 VRRP 通信:

[root@dca-ngx01-al ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens192
  sources:
  services: dhcpv6-client http https ssh
  ports: 10050/tcp
  protocols:
  forward: no
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
        rule protocol value="vrrp" accept

我也net.ipv4.ip_forward = 1入了/etc/sysctl.conf。

当firewalld在两个盒子上都停止时,keepalived行为正确,但是当启用时,双方似乎失去了联系,只是重复发送免费的ARP数据包:

● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-03-25 12:48:25 GMT; 2h 35min ago
  Process: 7140 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
  Process: 12966 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 12967 (keepalived)
    Tasks: 2 (limit: 11406)
   Memory: 1.8M
   CGroup: /system.slice/keepalived.service
           ├─12967 /usr/sbin/keepalived -D
           └─12968 /usr/sbin/keepalived -D

Mar 25 15:08:15 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:15 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:15 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:15 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: (VI_01) Sending/queueing gratuitous ARPs on ens192 for 1>
Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233

然而,我可以通过使用 TCPDump 看到,当 firewalld 处于活动状态时,来自其他主机的常规 VRRP 数据包至少会到达网络接口:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
15:25:21.532300 IP dca-ngx02-al.REDACTED.local > vrrp.mcast.net: AH(spi=0xac1f05e5,seq=0x3160): VRRPv2, Advertisement, vrid 151, prio 150, authtype ah, intvl 1s, length 20
15:25:22.532419 IP dca-ngx02-al.REDACTED.local > vrrp.mcast.net: AH(spi=0xac1f05e5,seq=0x3161): VRRPv2, Advertisement, vrid 151, prio 150, authtype ah, intvl 1s, length 20
15:25:23.532476 IP dca-ngx02-al.REDACTED.local > vrrp.mcast.net: AH(spi=0xac1f05e5,seq=0x3162): VRRPv2, Advertisement, vrid 151, prio 150, authtype ah, intvl 1s, length 20
15:25:24.532544 IP dca-ngx02-al.REDACTED.local > vrrp.mcast.net: AH(spi=0xac1f05e5,seq=0x3163): VRRPv2, Advertisement, vrid 151, prio 150, authtype ah, intvl 1s, length 20

有人对我如何进一步解决此问题有任何想法吗?

提前致谢。

linux nginx high-availability keepalived vrrp
  • 1 个回答
  • 373 Views
Martin Hope
Mario Nette
Asked: 2021-04-09 08:00:52 +0800 CST

启动 ip 之前的 keepalived 延迟

  • 0

在keepalived中启动虚拟IP之前是否可以配置延迟?

背景:我有多个主/主 MySQL 设置。一次只使用一个Master。Keepalived 用于用于 mysql 流量的 VIP。当 VIP 切换到另一个 master 时,应该有 5 秒的延迟,VIP 才会再次出现。确保对方有足够的时间完成最后的复制流量。

mysql replication mysql-replication keepalived master-master
  • 1 个回答
  • 647 Views
Martin Hope
febry
Asked: 2020-10-14 19:27:28 +0800 CST

在keepalived上更改虚拟IP后需要重新启动操作系统级别

  • 0

我正在使用 keepalived 使 HA 成为当前 maxscale 并在 keepalived 上使用虚拟 IP。如果我更改 keepalived 上的虚拟 IP,我必须重新启动 VM 上的操作系统或仅重新启动 keepalived 服务?

我仍然对此感到困惑。

linux high-availability keepalived
  • 1 个回答
  • 323 Views
Martin Hope
Niels Basjes
Asked: 2020-08-25 03:40:57 +0800 CST

我可以在所有 Keepalived 节点上拥有相同的配置吗?

  • 0

在尝试将实验性 Kubernetes 集群(在我的笔记本电脑上的几个虚拟机中)配置为“高可用”时,我发现建议使用 keepalived 和 haproxy 的组合来执行此操作(https://github.com/kubernetes/kubeadm/blob /master/docs/ha-considerations.md#options-for-software-load-balancing)。

查看我阅读的配置设置

${STATE} 对于一个主机是 MASTER,对于所有其他主机是 BACKUP,因此虚拟 IP 最初将分配给 MASTER。

主服务器上的 ${PRIORITY} 应该高于备份服务器。因此,分别为 101 和 100 就足够了。

这些设置让我感到惊讶。似乎我必须选择这些系统中的哪一个作为初始主控系统,并且我必须在节点本身中“硬”配置它。

对我来说,这种“高可用性”设置偏离了我在 Kubernetes 中发现的“宠物”/“牛”类比。

其他系统,例如 HBase,具有类似的设置(一个活动领导者和多个备用领导者),并且都配置“相同”(通过 ZooKeeper 完成选举)。

有没有一种方法可以配置 Keepalived(用于 Kubernetes),使所有节点都具有相同的配置并且仍然可以正常工作?

kubernetes keepalived
  • 2 个回答
  • 388 Views
Martin Hope
dutsnekcirf
Asked: 2020-03-12 12:06:13 +0800 CST

获取主 VRRP 路由器 Keepalived 的状态

  • 0

我有两个 Linux 路由器 (RHEL 7) 参与了由 keepalived 软件包版本 2.0.20 提供的冗余 VRRP 配置。这两个路由器曾经运行 RHEL 6 和 keepalived 版本 2.0.16,但我们最近将它们升级到上述版本。

在我们升级之前,我有一个可以在备份路由器上运行的脚本,它会导致路由器接管为主路由器。该脚本将收集当前主路由器的优先级值,然后将其自身的优先级提高 1,然后重新启动 keepalived 服务。这将导致备份路由器接管为主。

该脚本将通过发出以下命令来收集当前主路由器的值:

kill -s $(keepalived --signum=DATA) $(cat /var/run/keepalived.pid)
vrrpPriority='more /tmp/keepalived.data | grep -m1 "Master priority" | awk '{print $4}''

现在我们已经升级了,看起来第一个命令不再做任何事情了。该命令似乎执行没有错误,但我从未在 /tmp/keepalived.data 中获得生成的文件。所以第二个命令失败,因为该文件不存在。

是否有更好或不同的方法来收集当前主路由器的优先级值?

另一个区别是,当我们在 RHEL 6 中运行时,keepalived 作为新贵脚本运行,而今天 keepalived 作为 systemd 服务运行。keepalived 的所有其他方面似乎工作正常。

linux redhat linux-networking keepalived
  • 1 个回答
  • 1490 Views
Martin Hope
Dero
Asked: 2020-02-28 02:57:01 +0800 CST

Keepalived:无效的主转换

  • 0

我们有一个两台机器的 keepalived 设置,两台机器的配置方式相同。

vrrp_instance RP_VI_1 {
  interface                 eth3
  state                     BACKUP
  virtual_router_id         61
  priority                  150
  advert_int                1
  garp_master_delay         5

  virtual_ipaddress {
    x.x.x.x dev eth2
  }
}

两台机器已经在这个配置下运行了大约半年,没有任何问题,但是今晚出现了一个看似错误的状态转换。

host1: in BACKUP state
host2: in MASTER state

03:44:44: host1: Transition to MASTER state
03:44:45: host1: Entering MASTER STATE
03:44:46: host1: Received higher prio advert 150
03:44:46: host1: Entering BACKUP state

在那段时间,host2 没有在任何状态之间转换,也没有记录任何信息。因此,host1 向网络发送了一个免费的 ARP,它的 mac 地址被缓存了几个小时,同时丢弃了所有流量。

我们最大的问题是,host1 恢复到 BACKUP 状态,说收到“更高优先级广告”,而两个主机的优先级相同,都是 150。如果系统没有随后通信来决定谁应该留下,怎么可能触发了这个转换master 并因此发送一个新的免费 ARP 以确保数据包被传输到正确的主机?

keepalived vrrp
  • 1 个回答
  • 151 Views
Martin Hope
ZedTuX
Asked: 2019-12-06 03:28:28 +0800 CST

Keepalived 在 Tinc VPN 网格中,选举后无法 ping VIP

  • 0

描述

配置

我有 3 个节点,使用 Tinc VPN 连接在一起,我想在其中安装 HAproxy 并拥有一个 VIP,以便 HAproxy 本身处于高可用性模式。

以下是节点详细信息:

  • 节点 1在接口vpn上的 IP 地址为10.0.0.222/32
  • 节点 2在接口vpn上的 IP 地址为10.0.0.13/32
  • 节点 3在接口vpn上的 IP 地址为10.0.0.103/32

为此,我keepalived在每台机器上都安装了。

我还启用了以下 sysctl:

net.ipv4.ip_forward = 1
net.ipv4.ip_nonlocal_bind = 1

节点 1 具有以下/etc/keepalived/keepalived.conf文件:

global_defs {
  enable_script_security
  router_id node-1
}

vrrp_script haproxy-check {
    script "/usr/bin/killall -0 haproxy"
    interval 2
    weight 2
}

vrrp_instance haproxy-vip {
    state MASTER
    priority 150
    interface vpn
    virtual_router_id 1
    advert_int 1

    virtual_ipaddress {
        10.0.0.1/32
    }

    track_script {
        haproxy-check
    }
}

节点 2 和 3 具有以下/etc/keepalived/keepalived.conf文件:

global_defs {
  enable_script_security
  router_id node-2 # Node 3 has "node-3" here.
}

vrrp_script haproxy-check {
    script "/usr/bin/killall -0 haproxy"
    interval 2
    weight 2
}

vrrp_instance haproxy-vip {
    state BACKUP
    priority 100
    interface vpn
    virtual_router_id 1
    advert_int 1

    virtual_ipaddress {
        10.0.0.1/32
    }

    track_script {
        haproxy-check
    }
}

当所有节点都在运行keepalived时,节点 1 是主节点,并且 VIP10.0.0.1配置良好,其他 2 个节点 ping 它。

节点 1 日志

启动时的日志keepalived:

Dec  5 14:07:53 node-1 systemd[1]: Starting Keepalive Daemon (LVS and VRRP)...
Dec  5 14:07:53 node-1 Keepalived[5870]: Starting Keepalived v1.3.2 (12/03,2016)
Dec  5 14:07:53 node-1 systemd[1]: Started Keepalive Daemon (LVS and VRRP).
Dec  5 14:07:53 node-1 Keepalived[5870]: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
Dec  5 14:07:53 node-1 Keepalived[5870]: Opening file '/etc/keepalived/keepalived.conf'.
Dec  5 14:07:53 node-1 Keepalived[5871]: Starting Healthcheck child process, pid=5872
Dec  5 14:07:53 node-1 Keepalived_healthcheckers[5872]: Initializing ipvs
Dec  5 14:07:53 node-1 Keepalived_healthcheckers[5872]: Registering Kernel netlink reflector
Dec  5 14:07:53 node-1 Keepalived_healthcheckers[5872]: Registering Kernel netlink command channel
Dec  5 14:07:53 node-1 Keepalived_healthcheckers[5872]: Opening file '/etc/keepalived/keepalived.conf'.
Dec  5 14:07:53 node-1 Keepalived[5871]: Starting VRRP child process, pid=5873
Dec  5 14:07:53 node-1 Keepalived_vrrp[5873]: Registering Kernel netlink reflector
Dec  5 14:07:53 node-1 Keepalived_vrrp[5873]: Registering Kernel netlink command channel
Dec  5 14:07:53 node-1 Keepalived_vrrp[5873]: Registering gratuitous ARP shared channel
Dec  5 14:07:53 node-1 Keepalived_vrrp[5873]: Opening file '/etc/keepalived/keepalived.conf'.
Dec  5 14:07:53 node-1 Keepalived_healthcheckers[5872]: Using LinkWatch kernel netlink reflector...
Dec  5 14:07:53 node-1 Keepalived_vrrp[5873]: Using LinkWatch kernel netlink reflector...
Dec  5 14:07:53 node-1 Keepalived_vrrp[5873]: VRRP_Script(haproxy-check) succeeded
Dec  5 14:07:54 node-1 Keepalived_vrrp[5873]: VRRP_Instance(haproxy-vip) Transition to MASTER STATE
Dec  5 14:07:54 node-1 Keepalived_vrrp[5873]: VRRP_Instance(haproxy-vip) Changing effective priority from 150 to 152
Dec  5 14:07:55 node-1 Keepalived_vrrp[5873]: VRRP_Instance(haproxy-vip) Entering MASTER STATE
Dec  5 14:07:57 node-1 ntpd[946]: Listen normally on 45 vpn 10.0.0.1:123

节点 1 ip addr:

vpn: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.0.0.222/24 scope global vpn
   valid_lft forever preferred_lft forever
inet 10.0.0.1/24 scope global secondary vpn
   valid_lft forever preferred_lft forever

节点 2 和 3 日志

Dec  5 14:14:32 node-2 systemd[1]: Starting Keepalive Daemon (LVS and VRRP)...
Dec  5 14:14:32 node-2 Keepalived[13745]: Starting Keepalived v1.3.2 (12/03,2016)
Dec  5 14:14:32 node-2 Keepalived[13745]: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
Dec  5 14:14:32 node-2 Keepalived[13745]: Opening file '/etc/keepalived/keepalived.conf'.
Dec  5 14:14:32 node-2 Keepalived[13746]: Starting Healthcheck child process, pid=13747
Dec  5 14:14:32 node-2 Keepalived_healthcheckers[13747]: Initializing ipvs
Dec  5 14:14:32 node-2 systemd[1]: Started Keepalive Daemon (LVS and VRRP).
Dec  5 14:14:32 node-2 Keepalived_healthcheckers[13747]: Registering Kernel netlink reflector
Dec  5 14:14:32 node-2 Keepalived_healthcheckers[13747]: Registering Kernel netlink command channel
Dec  5 14:14:32 node-2 Keepalived[13746]: Starting VRRP child process, pid=13748
Dec  5 14:14:32 node-2 Keepalived_healthcheckers[13747]: Opening file '/etc/keepalived/keepalived.conf'.
Dec  5 14:14:32 node-2 Keepalived_vrrp[13748]: Registering Kernel netlink reflector
Dec  5 14:14:32 node-2 Keepalived_vrrp[13748]: Registering Kernel netlink command channel
Dec  5 14:14:32 node-2 Keepalived_vrrp[13748]: Registering gratuitous ARP shared channel
Dec  5 14:14:32 node-2 Keepalived_vrrp[13748]: Opening file '/etc/keepalived/keepalived.conf'.
Dec  5 14:14:32 node-2 Keepalived_healthcheckers[13747]: Using LinkWatch kernel netlink reflector...
Dec  5 14:14:32 node-2 Keepalived_vrrp[13748]: Using LinkWatch kernel netlink reflector...
Dec  5 14:14:32 node-2 Keepalived_vrrp[13748]: VRRP_Instance(haproxy-vip) Entering BACKUP STATE
Dec  5 14:14:32 node-2 Keepalived_vrrp[13748]: VRRP_Script(haproxy-check) succeeded
Dec  5 14:14:33 node-2 Keepalived_vrrp[13748]: VRRP_Instance(haproxy-vip) Changing effective priority from 100 to 102

节点 2 和 3 ip addr:

节点 2

vpn: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.0.0.13/24 scope global vpn
   valid_lft forever preferred_lft forever

节点 3

vpn: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.0.0.103/24 scope global vpn
   valid_lft forever preferred_lft forever

问题

但是,当我停keepalived在节点 1 上时,节点 3 被选为主节点,并注册了 VIP,只有节点 3 ping 10.0.0.1。

节点 1 日志

停止时:

Dec  5 14:15:26 node-1 systemd[1]: Stopping Keepalive Daemon (LVS and VRRP)...
Dec  5 14:15:26 node-1 Keepalived[5871]: Stopping
Dec  5 14:15:26 node-1 Keepalived_healthcheckers[5872]: Stopped
Dec  5 14:15:26 node-1 Keepalived_vrrp[5873]: VRRP_Instance(haproxy-vip) sent 0 priority
Dec  5 14:15:27 node-1 Keepalived_vrrp[5873]: Stopped
Dec  5 14:15:27 node-1 Keepalived[5871]: Stopped Keepalived v1.3.2 (12/03,2016)
Dec  5 14:15:27 node-1 systemd[1]: Stopped Keepalive Daemon (LVS and VRRP).
Dec  5 14:15:28 node-1 ntpd[946]: Deleting interface #45 vpn, 10.0.0.1#123, interface stats: received=0, sent=0, dropped=0, active_time=451 secs

节点 1 ip addr:

vpn: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.0.0.222/24 scope global vpn
   valid_lft forever preferred_lft forever

节点 2 日志

Dec  5 14:15:27 node-2 Keepalived_vrrp[13748]: VRRP_Instance(haproxy-vip) Transition to MASTER STATE
Dec  5 14:15:27 node-2 Keepalived_vrrp[13748]: VRRP_Instance(haproxy-vip) Received advert with higher priority 102, ours 102
Dec  5 14:15:27 node-2 Keepalived_vrrp[13748]: VRRP_Instance(haproxy-vip) Entering BACKUP STATE

节点 2 ip addr:

vpn: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.0.0.13/24 scope global vpn
   valid_lft forever preferred_lft forever

节点 3 日志

Dec  5 14:15:27 node-3 Keepalived_vrrp[31252]: VRRP_Instance(haproxy-vip) Transition to MASTER STATE
Dec  5 14:15:27 node-3 Keepalived_vrrp[31252]: VRRP_Instance(haproxy-vip) Received advert with lower priority 102, ours 102, forcing new election
Dec  5 14:15:28 node-3 Keepalived_vrrp[31252]: VRRP_Instance(haproxy-vip) Entering MASTER STATE
Dec  5 14:15:29 node-3 ntpd[27734]: Listen normally on 36 vpn 10.0.0.1:123

节点 3 ip addr:

vpn: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.0.0.103/24 scope global vpn
   valid_lft forever preferred_lft forever
inet 10.0.0.1/24 scope global secondary vpn
   valid_lft forever preferred_lft forever

更多细节

跟踪路由

我用来traceroute尝试获取有关该问题的更多信息。

当所有节点都在运行keepalived并且 ping VIP 无处不在时,traceroute显示所有节点:

$ traceroute 10.0.0.1
traceroute to 10.0.0.1 (10.0.0.1), 30 hops max, 60 byte packets
 1  10.0.0.1 (10.0.0.1)  0.094 ms  0.030 ms  0.019 ms

当keepalived节点1上停止时,节点3选举了,节点1无法弄清楚VIP在哪里:

$ traceroute 10.0.0.1
traceroute to 10.0.0.1 (10.0.0.1), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 ...
 29  * * *
 30  * * *

节点 2 期望节点 1 拥有 VIP:

$ traceroute 10.0.0.1
traceroute to 10.0.0.1 (10.0.0.1), 30 hops max, 60 byte packets
 1  10.0.0.222 (10.0.0.222)  0.791 ms  0.962 ms  1.080 ms
 2  * * *
 3  * * *
 ...

并且节点 3 有 VIP,所以它可以工作。

Tinc 设备类型

我阅读了一些邮件存档,建议DeviceType = tap在 Tinc 配置中使用 以便传输 ARP 包(据我了解),但它没有帮助。

实际上,随着选举的发生,我不确定 Tinc 是根本原因。

尝试不使用 Tinc

我更改了keepalived配置,使其使用公共互联网接口,使用单播。

我在每个节点上的每个 keepalived 配置中添加了以下块(这里是 for node-1):

    unicast_src_ip XXX.XXX.XXX.XXX # node's public IP address
    unicast_peer {
        XXX.XXX.XXX.XXX # other node's public IP address
        XXX.XXX.XXX.XXX # other node's public IP address
    }

但是行为与上面描述的完全一样,所以 Tinc 不应该是相关的。

要求

谁能帮我找出问题所在并解决这个问题,以便在进行新的选举时,节点可以在新位置找到 VIP?

keepalived
  • 1 个回答
  • 619 Views
Martin Hope
Gerald Schneider
Asked: 2019-02-13 00:09:20 +0800 CST

keepalived 未检测到虚拟 IP 丢失

  • 9

我正在使用 keepalived 在两个虚拟机之间切换浮动 IP。

/etc/keepalived/keepalived.conf在虚拟机 1 上:

vrrp_instance VI_1 {
    state MASTER
    interface ens160
    virtual_router_id 101
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass secret
    }
    virtual_ipaddress {
        1.2.3.4
    }
}

/etc/keepalived/keepalived.conf在虚拟机 2 上:

vrrp_instance VI_1 {
    state MASTER
    interface ens160
    virtual_router_id 101
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass secret
    }
    virtual_ipaddress {
        1.2.3.4
    }
}

这基本上可以正常工作,但有一个例外:每次 systemd 更新(它运行的是 Ubuntu 18.04)时,它都会重新加载它的网络组件,导致浮动 IP 丢失,因为它没有在系统中配置。由于两个 keepalived 实例仍然可以相互 ping 通,因此它们都没有发现任何问题,也没有对此做出反应,导致浮动 IP 保持关闭。

我发现您可以使用如下简单脚本检查 IP:

vrrp_script chk_proxyip {
    script "/sbin/ip addr |/bin/grep 1.2.3.4"
}

vrrp_instance VI_1 {
    # [...]
    track_script {
        chk_proxyip
    }
}

但我不确定这是否是一种可行的方法。

如果我理解正确,如果我在 VM1 上配置此脚本,则会发生以下情况:

  1. 由于 systemd 重新启动,VM1 丢失了 IP
  2. VM1 上的 keepalived 检测到 IP 丢失
  3. keepalived 切换到FAULT状态并停止广播 vrrp 包
  4. VM2 上的 keepalived 检测到 VM1 上的 keepalived 丢失并将浮动 IP

此时 IP 再次在 VM2 上工作,但 VM1 将保持此状态,因为 IP 再也不会在 VM1 上出现。如果 VM2 出现故障(无论出于何种原因),VM1 不会接管它,因为它仍处于FAULT状态。

如何确保浮动 IP 始终在其中一个 VM 上运行?

进一步测试:

我尝试 ping 浮动 IP,而不是检查它是否在 check_script 中的特定主机上处于活动状态:

vrrp_script chk_proxyip {
    script "/bin/ping -c 1 -w 1 1.2.3.4"
    interval 2
}

在节点 2 上配置此脚本会导致以下结果:

  1. 删除节点 1 上的 IP 进行测试
  2. 节点 2 检测到 IP 丢失并从 更改BACKUP为FAULT
  3. 节点 1 忽略状态变化并停留MASTER

结果:IP 保持不变。

在节点 1 上配置脚本会导致以下结果:

  1. 删除节点 1 上的 IP
  2. 节点 1 检测到 IP 丢失并从 更改MASTER为FAULT
  3. 节点 2 检测到节点 1 上的状态变化并从 更改BACKUP为MASTER,在节点 2 上配置浮动 IP

嗯,然后……

Feb 13 10:11:26 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Transition to MASTER STATE
Feb 13 10:11:27 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering MASTER STATE
Feb 13 10:11:29 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Received advert with higher priority 150, ours 100
Feb 13 10:11:29 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering BACKUP STATE
Feb 13 10:11:32 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Transition to MASTER STATE
Feb 13 10:11:33 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering MASTER STATE
Feb 13 10:11:36 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Received advert with higher priority 150, ours 100
Feb 13 10:11:36 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering BACKUP STATE
Feb 13 10:11:38 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Transition to MASTER STATE
Feb 13 10:11:39 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering MASTER STATE
Feb 13 10:11:41 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Received advert with higher priority 150, ours 100
Feb 13 10:11:41 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering BACKUP STATE
Feb 13 10:11:44 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Transition to MASTER STATE
Feb 13 10:11:45 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering MASTER STATE
Feb 13 10:11:47 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Received advert with higher priority 150, ours 100
...

我不得不在 node1 上重新启动 keepalived 以停止节点之间的乒乓球比赛。

keepalived
  • 5 个回答
  • 10385 Views
Martin Hope
Younes
Asked: 2019-01-24 12:41:01 +0800 CST

keepalived:什么是 `fo` 和 `mh` lvs 调度算法?

  • 3

keepalived.conf 中的参数virtual_server.lvs_sched支持两个我找不到解释的选项: fo和md.

有人知道它们的含义吗?

keepalived
  • 1 个回答
  • 1189 Views

Sidebar

Stats

  • 问题 205573
  • 回答 270741
  • 最佳答案 135370
  • 用户 68524
  • 热门
  • 回答
  • Marko Smith

    新安装后 postgres 的默认超级用户用户名/密码是什么?

    • 5 个回答
  • Marko Smith

    SFTP 使用什么端口?

    • 6 个回答
  • Marko Smith

    命令行列出 Windows Active Directory 组中的用户?

    • 9 个回答
  • Marko Smith

    什么是 Pem 文件,它与其他 OpenSSL 生成的密钥文件格式有何不同?

    • 3 个回答
  • Marko Smith

    如何确定bash变量是否为空?

    • 15 个回答
  • Martin Hope
    Tom Feiner 如何按大小对 du -h 输出进行排序 2009-02-26 05:42:42 +0800 CST
  • Martin Hope
    Noah Goodrich 什么是 Pem 文件,它与其他 OpenSSL 生成的密钥文件格式有何不同? 2009-05-19 18:24:42 +0800 CST
  • Martin Hope
    Brent 如何确定bash变量是否为空? 2009-05-13 09:54:48 +0800 CST
  • Martin Hope
    cletus 您如何找到在 Windows 中打开文件的进程? 2009-05-01 16:47:16 +0800 CST

热门标签

linux nginx windows networking ubuntu domain-name-system amazon-web-services active-directory apache-2.4 ssh

Explore

  • 主页
  • 问题
    • 最新
    • 热门
  • 标签
  • 帮助

Footer

AskOverflow.Dev

关于我们

  • 关于我们
  • 联系我们

Legal Stuff

  • Privacy Policy

Language

  • Pt
  • Server
  • Unix

© 2023 AskOverflow.DEV All Rights Reserve