我正在尝试找到一种方法来在整个集群、主节点和备份节点上保留 keepalived 虚拟 IP。
默认情况下,keepalived 仅在扮演主角色的节点上激活虚拟 IP。所有其他节点都将删除它。
我想要实现的是让这个虚拟IP在所有节点(主节点和备份节点)上始终处于活动状态,即使主节点重新启动后也是如此。
到目前为止,我可以通过运行以下命令在所有节点上激活 VIP:
sudo ip addr add 192.168.1.100/24 dev enp0s3
但这样做的问题是:一旦我重新启动主节点,VIP 将从备份节点中删除。
我需要一些东西即使在主服务器重新启动后也能保留这些 VIP。有任何想法吗?
谢谢
我正在使用 keepalived 在两个 Alma 8 Nginx 服务器之间提供可用性(如果有任何相关性,则托管在 VMWare 上)。启用 firewalld 后,尽管为 VRRP 设置了丰富的规则,但当我启动 firewalld 时,两台主机都开始响应虚拟 IP:
root@dca-nfs01:~# arping 172.31.5.233
60 bytes from 00:50:56:84:ac:d0 (172.31.5.233): index=39 time=1.960 usec
60 bytes from 00:50:56:84:ac:d0 (172.31.5.233): index=40 time=20.660 usec
60 bytes from 00:50:56:84:52:ed (172.31.5.233): index=41 time=24.930 usec
60 bytes from 00:50:56:84:ac:d0 (172.31.5.233): index=42 time=534.616 msec
60 bytes from 00:50:56:84:52:ed (172.31.5.233): index=43 time=534.646 msec
我的 keepalived 配置取自标准教程模板,如下所示:
[root@dca-ngx01-al ~]# cat /etc/keepalived/keepalived.conf
global_defs {
# Keepalived process identifier
router_id nginx
}
# Script to check whether Nginx is running or not
vrrp_script check_nginx {
script "/sbin/pidof nginx"
interval 2
weight 50
}
# Virtual interface - The priority specifies the order in which the assigned interface to take over in a failover
vrrp_instance VI_01 {
state MASTER
interface ens192
virtual_router_id 151
priority 110
# The virtual ip address shared between the two NGINX Web Server which will float
virtual_ipaddress {
172.31.5.233
}
track_script {
check_nginx
}
authentication {
auth_type AH
auth_pass secret
}
}
两个盒子都有一个简单的单区防火墙,我添加了一个丰富的规则来允许两台主机之间的 VRRP 通信:
[root@dca-ngx01-al ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: dhcpv6-client http https ssh
ports: 10050/tcp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule protocol value="vrrp" accept
我也net.ipv4.ip_forward = 1入了/etc/sysctl.conf。
当firewalld在两个盒子上都停止时,keepalived行为正确,但是当启用时,双方似乎失去了联系,只是重复发送免费的ARP数据包:
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2022-03-25 12:48:25 GMT; 2h 35min ago
Process: 7140 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 12966 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 12967 (keepalived)
Tasks: 2 (limit: 11406)
Memory: 1.8M
CGroup: /system.slice/keepalived.service
├─12967 /usr/sbin/keepalived -D
└─12968 /usr/sbin/keepalived -D
Mar 25 15:08:15 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:15 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:15 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:15 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: (VI_01) Sending/queueing gratuitous ARPs on ens192 for 1>
Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233
然而,我可以通过使用 TCPDump 看到,当 firewalld 处于活动状态时,来自其他主机的常规 VRRP 数据包至少会到达网络接口:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
15:25:21.532300 IP dca-ngx02-al.REDACTED.local > vrrp.mcast.net: AH(spi=0xac1f05e5,seq=0x3160): VRRPv2, Advertisement, vrid 151, prio 150, authtype ah, intvl 1s, length 20
15:25:22.532419 IP dca-ngx02-al.REDACTED.local > vrrp.mcast.net: AH(spi=0xac1f05e5,seq=0x3161): VRRPv2, Advertisement, vrid 151, prio 150, authtype ah, intvl 1s, length 20
15:25:23.532476 IP dca-ngx02-al.REDACTED.local > vrrp.mcast.net: AH(spi=0xac1f05e5,seq=0x3162): VRRPv2, Advertisement, vrid 151, prio 150, authtype ah, intvl 1s, length 20
15:25:24.532544 IP dca-ngx02-al.REDACTED.local > vrrp.mcast.net: AH(spi=0xac1f05e5,seq=0x3163): VRRPv2, Advertisement, vrid 151, prio 150, authtype ah, intvl 1s, length 20
有人对我如何进一步解决此问题有任何想法吗?
提前致谢。
在keepalived中启动虚拟IP之前是否可以配置延迟?
背景:我有多个主/主 MySQL 设置。一次只使用一个Master。Keepalived 用于用于 mysql 流量的 VIP。当 VIP 切换到另一个 master 时,应该有 5 秒的延迟,VIP 才会再次出现。确保对方有足够的时间完成最后的复制流量。
我正在使用 keepalived 使 HA 成为当前 maxscale 并在 keepalived 上使用虚拟 IP。如果我更改 keepalived 上的虚拟 IP,我必须重新启动 VM 上的操作系统或仅重新启动 keepalived 服务?
我仍然对此感到困惑。
在尝试将实验性 Kubernetes 集群(在我的笔记本电脑上的几个虚拟机中)配置为“高可用”时,我发现建议使用 keepalived 和 haproxy 的组合来执行此操作(https://github.com/kubernetes/kubeadm/blob /master/docs/ha-considerations.md#options-for-software-load-balancing)。
查看我阅读的配置设置
${STATE} 对于一个主机是 MASTER,对于所有其他主机是 BACKUP,因此虚拟 IP 最初将分配给 MASTER。
主服务器上的 ${PRIORITY} 应该高于备份服务器。因此,分别为 101 和 100 就足够了。
这些设置让我感到惊讶。似乎我必须选择这些系统中的哪一个作为初始主控系统,并且我必须在节点本身中“硬”配置它。
对我来说,这种“高可用性”设置偏离了我在 Kubernetes 中发现的“宠物”/“牛”类比。
其他系统,例如 HBase,具有类似的设置(一个活动领导者和多个备用领导者),并且都配置“相同”(通过 ZooKeeper 完成选举)。
有没有一种方法可以配置 Keepalived(用于 Kubernetes),使所有节点都具有相同的配置并且仍然可以正常工作?
我有两个 Linux 路由器 (RHEL 7) 参与了由 keepalived 软件包版本 2.0.20 提供的冗余 VRRP 配置。这两个路由器曾经运行 RHEL 6 和 keepalived 版本 2.0.16,但我们最近将它们升级到上述版本。
在我们升级之前,我有一个可以在备份路由器上运行的脚本,它会导致路由器接管为主路由器。该脚本将收集当前主路由器的优先级值,然后将其自身的优先级提高 1,然后重新启动 keepalived 服务。这将导致备份路由器接管为主。
该脚本将通过发出以下命令来收集当前主路由器的值:
kill -s $(keepalived --signum=DATA) $(cat /var/run/keepalived.pid)
vrrpPriority='more /tmp/keepalived.data | grep -m1 "Master priority" | awk '{print $4}''
现在我们已经升级了,看起来第一个命令不再做任何事情了。该命令似乎执行没有错误,但我从未在 /tmp/keepalived.data 中获得生成的文件。所以第二个命令失败,因为该文件不存在。
是否有更好或不同的方法来收集当前主路由器的优先级值?
另一个区别是,当我们在 RHEL 6 中运行时,keepalived 作为新贵脚本运行,而今天 keepalived 作为 systemd 服务运行。keepalived 的所有其他方面似乎工作正常。
我们有一个两台机器的 keepalived 设置,两台机器的配置方式相同。
vrrp_instance RP_VI_1 {
interface eth3
state BACKUP
virtual_router_id 61
priority 150
advert_int 1
garp_master_delay 5
virtual_ipaddress {
x.x.x.x dev eth2
}
}
两台机器已经在这个配置下运行了大约半年,没有任何问题,但是今晚出现了一个看似错误的状态转换。
host1: in BACKUP state
host2: in MASTER state
03:44:44: host1: Transition to MASTER state
03:44:45: host1: Entering MASTER STATE
03:44:46: host1: Received higher prio advert 150
03:44:46: host1: Entering BACKUP state
在那段时间,host2 没有在任何状态之间转换,也没有记录任何信息。因此,host1 向网络发送了一个免费的 ARP,它的 mac 地址被缓存了几个小时,同时丢弃了所有流量。
我们最大的问题是,host1 恢复到 BACKUP 状态,说收到“更高优先级广告”,而两个主机的优先级相同,都是 150。如果系统没有随后通信来决定谁应该留下,怎么可能触发了这个转换master 并因此发送一个新的免费 ARP 以确保数据包被传输到正确的主机?
我有 3 个节点,使用 Tinc VPN 连接在一起,我想在其中安装 HAproxy 并拥有一个 VIP,以便 HAproxy 本身处于高可用性模式。
以下是节点详细信息:
为此,我keepalived在每台机器上都安装了。
我还启用了以下 sysctl:
net.ipv4.ip_forward = 1
net.ipv4.ip_nonlocal_bind = 1
节点 1 具有以下/etc/keepalived/keepalived.conf文件:
global_defs {
enable_script_security
router_id node-1
}
vrrp_script haproxy-check {
script "/usr/bin/killall -0 haproxy"
interval 2
weight 2
}
vrrp_instance haproxy-vip {
state MASTER
priority 150
interface vpn
virtual_router_id 1
advert_int 1
virtual_ipaddress {
10.0.0.1/32
}
track_script {
haproxy-check
}
}
节点 2 和 3 具有以下/etc/keepalived/keepalived.conf文件:
global_defs {
enable_script_security
router_id node-2 # Node 3 has "node-3" here.
}
vrrp_script haproxy-check {
script "/usr/bin/killall -0 haproxy"
interval 2
weight 2
}
vrrp_instance haproxy-vip {
state BACKUP
priority 100
interface vpn
virtual_router_id 1
advert_int 1
virtual_ipaddress {
10.0.0.1/32
}
track_script {
haproxy-check
}
}
当所有节点都在运行keepalived时,节点 1 是主节点,并且 VIP10.0.0.1配置良好,其他 2 个节点 ping 它。
启动时的日志keepalived:
Dec 5 14:07:53 node-1 systemd[1]: Starting Keepalive Daemon (LVS and VRRP)...
Dec 5 14:07:53 node-1 Keepalived[5870]: Starting Keepalived v1.3.2 (12/03,2016)
Dec 5 14:07:53 node-1 systemd[1]: Started Keepalive Daemon (LVS and VRRP).
Dec 5 14:07:53 node-1 Keepalived[5870]: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
Dec 5 14:07:53 node-1 Keepalived[5870]: Opening file '/etc/keepalived/keepalived.conf'.
Dec 5 14:07:53 node-1 Keepalived[5871]: Starting Healthcheck child process, pid=5872
Dec 5 14:07:53 node-1 Keepalived_healthcheckers[5872]: Initializing ipvs
Dec 5 14:07:53 node-1 Keepalived_healthcheckers[5872]: Registering Kernel netlink reflector
Dec 5 14:07:53 node-1 Keepalived_healthcheckers[5872]: Registering Kernel netlink command channel
Dec 5 14:07:53 node-1 Keepalived_healthcheckers[5872]: Opening file '/etc/keepalived/keepalived.conf'.
Dec 5 14:07:53 node-1 Keepalived[5871]: Starting VRRP child process, pid=5873
Dec 5 14:07:53 node-1 Keepalived_vrrp[5873]: Registering Kernel netlink reflector
Dec 5 14:07:53 node-1 Keepalived_vrrp[5873]: Registering Kernel netlink command channel
Dec 5 14:07:53 node-1 Keepalived_vrrp[5873]: Registering gratuitous ARP shared channel
Dec 5 14:07:53 node-1 Keepalived_vrrp[5873]: Opening file '/etc/keepalived/keepalived.conf'.
Dec 5 14:07:53 node-1 Keepalived_healthcheckers[5872]: Using LinkWatch kernel netlink reflector...
Dec 5 14:07:53 node-1 Keepalived_vrrp[5873]: Using LinkWatch kernel netlink reflector...
Dec 5 14:07:53 node-1 Keepalived_vrrp[5873]: VRRP_Script(haproxy-check) succeeded
Dec 5 14:07:54 node-1 Keepalived_vrrp[5873]: VRRP_Instance(haproxy-vip) Transition to MASTER STATE
Dec 5 14:07:54 node-1 Keepalived_vrrp[5873]: VRRP_Instance(haproxy-vip) Changing effective priority from 150 to 152
Dec 5 14:07:55 node-1 Keepalived_vrrp[5873]: VRRP_Instance(haproxy-vip) Entering MASTER STATE
Dec 5 14:07:57 node-1 ntpd[946]: Listen normally on 45 vpn 10.0.0.1:123
ip addr:vpn: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.0.0.222/24 scope global vpn
valid_lft forever preferred_lft forever
inet 10.0.0.1/24 scope global secondary vpn
valid_lft forever preferred_lft forever
Dec 5 14:14:32 node-2 systemd[1]: Starting Keepalive Daemon (LVS and VRRP)...
Dec 5 14:14:32 node-2 Keepalived[13745]: Starting Keepalived v1.3.2 (12/03,2016)
Dec 5 14:14:32 node-2 Keepalived[13745]: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
Dec 5 14:14:32 node-2 Keepalived[13745]: Opening file '/etc/keepalived/keepalived.conf'.
Dec 5 14:14:32 node-2 Keepalived[13746]: Starting Healthcheck child process, pid=13747
Dec 5 14:14:32 node-2 Keepalived_healthcheckers[13747]: Initializing ipvs
Dec 5 14:14:32 node-2 systemd[1]: Started Keepalive Daemon (LVS and VRRP).
Dec 5 14:14:32 node-2 Keepalived_healthcheckers[13747]: Registering Kernel netlink reflector
Dec 5 14:14:32 node-2 Keepalived_healthcheckers[13747]: Registering Kernel netlink command channel
Dec 5 14:14:32 node-2 Keepalived[13746]: Starting VRRP child process, pid=13748
Dec 5 14:14:32 node-2 Keepalived_healthcheckers[13747]: Opening file '/etc/keepalived/keepalived.conf'.
Dec 5 14:14:32 node-2 Keepalived_vrrp[13748]: Registering Kernel netlink reflector
Dec 5 14:14:32 node-2 Keepalived_vrrp[13748]: Registering Kernel netlink command channel
Dec 5 14:14:32 node-2 Keepalived_vrrp[13748]: Registering gratuitous ARP shared channel
Dec 5 14:14:32 node-2 Keepalived_vrrp[13748]: Opening file '/etc/keepalived/keepalived.conf'.
Dec 5 14:14:32 node-2 Keepalived_healthcheckers[13747]: Using LinkWatch kernel netlink reflector...
Dec 5 14:14:32 node-2 Keepalived_vrrp[13748]: Using LinkWatch kernel netlink reflector...
Dec 5 14:14:32 node-2 Keepalived_vrrp[13748]: VRRP_Instance(haproxy-vip) Entering BACKUP STATE
Dec 5 14:14:32 node-2 Keepalived_vrrp[13748]: VRRP_Script(haproxy-check) succeeded
Dec 5 14:14:33 node-2 Keepalived_vrrp[13748]: VRRP_Instance(haproxy-vip) Changing effective priority from 100 to 102
ip addr:节点 2
vpn: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.0.0.13/24 scope global vpn
valid_lft forever preferred_lft forever
节点 3
vpn: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.0.0.103/24 scope global vpn
valid_lft forever preferred_lft forever
但是,当我停keepalived在节点 1 上时,节点 3 被选为主节点,并注册了 VIP,只有节点 3 ping 10.0.0.1。
停止时:
Dec 5 14:15:26 node-1 systemd[1]: Stopping Keepalive Daemon (LVS and VRRP)...
Dec 5 14:15:26 node-1 Keepalived[5871]: Stopping
Dec 5 14:15:26 node-1 Keepalived_healthcheckers[5872]: Stopped
Dec 5 14:15:26 node-1 Keepalived_vrrp[5873]: VRRP_Instance(haproxy-vip) sent 0 priority
Dec 5 14:15:27 node-1 Keepalived_vrrp[5873]: Stopped
Dec 5 14:15:27 node-1 Keepalived[5871]: Stopped Keepalived v1.3.2 (12/03,2016)
Dec 5 14:15:27 node-1 systemd[1]: Stopped Keepalive Daemon (LVS and VRRP).
Dec 5 14:15:28 node-1 ntpd[946]: Deleting interface #45 vpn, 10.0.0.1#123, interface stats: received=0, sent=0, dropped=0, active_time=451 secs
ip addr:vpn: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.0.0.222/24 scope global vpn
valid_lft forever preferred_lft forever
Dec 5 14:15:27 node-2 Keepalived_vrrp[13748]: VRRP_Instance(haproxy-vip) Transition to MASTER STATE
Dec 5 14:15:27 node-2 Keepalived_vrrp[13748]: VRRP_Instance(haproxy-vip) Received advert with higher priority 102, ours 102
Dec 5 14:15:27 node-2 Keepalived_vrrp[13748]: VRRP_Instance(haproxy-vip) Entering BACKUP STATE
ip addr:vpn: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.0.0.13/24 scope global vpn
valid_lft forever preferred_lft forever
Dec 5 14:15:27 node-3 Keepalived_vrrp[31252]: VRRP_Instance(haproxy-vip) Transition to MASTER STATE
Dec 5 14:15:27 node-3 Keepalived_vrrp[31252]: VRRP_Instance(haproxy-vip) Received advert with lower priority 102, ours 102, forcing new election
Dec 5 14:15:28 node-3 Keepalived_vrrp[31252]: VRRP_Instance(haproxy-vip) Entering MASTER STATE
Dec 5 14:15:29 node-3 ntpd[27734]: Listen normally on 36 vpn 10.0.0.1:123
ip addr:vpn: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.0.0.103/24 scope global vpn
valid_lft forever preferred_lft forever
inet 10.0.0.1/24 scope global secondary vpn
valid_lft forever preferred_lft forever
我用来traceroute尝试获取有关该问题的更多信息。
当所有节点都在运行keepalived并且 ping VIP 无处不在时,traceroute显示所有节点:
$ traceroute 10.0.0.1
traceroute to 10.0.0.1 (10.0.0.1), 30 hops max, 60 byte packets
1 10.0.0.1 (10.0.0.1) 0.094 ms 0.030 ms 0.019 ms
当keepalived节点1上停止时,节点3选举了,节点1无法弄清楚VIP在哪里:
$ traceroute 10.0.0.1
traceroute to 10.0.0.1 (10.0.0.1), 30 hops max, 60 byte packets
1 * * *
2 * * *
...
29 * * *
30 * * *
节点 2 期望节点 1 拥有 VIP:
$ traceroute 10.0.0.1
traceroute to 10.0.0.1 (10.0.0.1), 30 hops max, 60 byte packets
1 10.0.0.222 (10.0.0.222) 0.791 ms 0.962 ms 1.080 ms
2 * * *
3 * * *
...
并且节点 3 有 VIP,所以它可以工作。
我阅读了一些邮件存档,建议DeviceType = tap在 Tinc 配置中使用 以便传输 ARP 包(据我了解),但它没有帮助。
实际上,随着选举的发生,我不确定 Tinc 是根本原因。
我更改了keepalived配置,使其使用公共互联网接口,使用单播。
我在每个节点上的每个 keepalived 配置中添加了以下块(这里是 for node-1):
unicast_src_ip XXX.XXX.XXX.XXX # node's public IP address
unicast_peer {
XXX.XXX.XXX.XXX # other node's public IP address
XXX.XXX.XXX.XXX # other node's public IP address
}
但是行为与上面描述的完全一样,所以 Tinc 不应该是相关的。
谁能帮我找出问题所在并解决这个问题,以便在进行新的选举时,节点可以在新位置找到 VIP?
我正在使用 keepalived 在两个虚拟机之间切换浮动 IP。
/etc/keepalived/keepalived.conf在虚拟机 1 上:
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 101
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass secret
}
virtual_ipaddress {
1.2.3.4
}
}
/etc/keepalived/keepalived.conf在虚拟机 2 上:
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 101
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass secret
}
virtual_ipaddress {
1.2.3.4
}
}
这基本上可以正常工作,但有一个例外:每次 systemd 更新(它运行的是 Ubuntu 18.04)时,它都会重新加载它的网络组件,导致浮动 IP 丢失,因为它没有在系统中配置。由于两个 keepalived 实例仍然可以相互 ping 通,因此它们都没有发现任何问题,也没有对此做出反应,导致浮动 IP 保持关闭。
我发现您可以使用如下简单脚本检查 IP:
vrrp_script chk_proxyip {
script "/sbin/ip addr |/bin/grep 1.2.3.4"
}
vrrp_instance VI_1 {
# [...]
track_script {
chk_proxyip
}
}
但我不确定这是否是一种可行的方法。
如果我理解正确,如果我在 VM1 上配置此脚本,则会发生以下情况:
FAULT状态并停止广播 vrrp 包此时 IP 再次在 VM2 上工作,但 VM1 将保持此状态,因为 IP 再也不会在 VM1 上出现。如果 VM2 出现故障(无论出于何种原因),VM1 不会接管它,因为它仍处于FAULT状态。
如何确保浮动 IP 始终在其中一个 VM 上运行?
进一步测试:
我尝试 ping 浮动 IP,而不是检查它是否在 check_script 中的特定主机上处于活动状态:
vrrp_script chk_proxyip {
script "/bin/ping -c 1 -w 1 1.2.3.4"
interval 2
}
在节点 2 上配置此脚本会导致以下结果:
BACKUP为FAULTMASTER结果:IP 保持不变。
在节点 1 上配置脚本会导致以下结果:
MASTER为FAULTBACKUP为MASTER,在节点 2 上配置浮动 IP嗯,然后……
Feb 13 10:11:26 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Transition to MASTER STATE
Feb 13 10:11:27 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering MASTER STATE
Feb 13 10:11:29 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Received advert with higher priority 150, ours 100
Feb 13 10:11:29 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering BACKUP STATE
Feb 13 10:11:32 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Transition to MASTER STATE
Feb 13 10:11:33 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering MASTER STATE
Feb 13 10:11:36 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Received advert with higher priority 150, ours 100
Feb 13 10:11:36 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering BACKUP STATE
Feb 13 10:11:38 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Transition to MASTER STATE
Feb 13 10:11:39 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering MASTER STATE
Feb 13 10:11:41 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Received advert with higher priority 150, ours 100
Feb 13 10:11:41 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering BACKUP STATE
Feb 13 10:11:44 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Transition to MASTER STATE
Feb 13 10:11:45 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering MASTER STATE
Feb 13 10:11:47 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Received advert with higher priority 150, ours 100
...
我不得不在 node1 上重新启动 keepalived 以停止节点之间的乒乓球比赛。
keepalived.conf 中的参数virtual_server.lvs_sched支持两个我找不到解释的选项:
fo和md.
有人知道它们的含义吗?