(2)LVS+Keepalived+nginx高可用负载均衡架构原理及配置
1、Keepalived 介绍
2、Keepalived 优缺点
3、Keepalived 应用场景
4、LVS+Keepalived 高可用负载均衡(主备模式)
5、LVS+Keepalived 高可用负载均衡(双主模式)
6、Keepalived+nginx 高可用
7、Keepalived 切换原理
8、Keepalived 脑裂问题
9、keepalived性能优化
10、keepalived常见故障
10.1 keepalived 脑裂问题
10.2 keepalived 服务器自动停止问题,报vip6提示
10.3 Keepalived两节点出现双VIP的情况
请注意:
全文全部手打,肯定有错误之处,如果有错误请指出。
有问题去解决问题,便于加深记忆!!
一、keepalived 介绍
1.keepalived 定义
keepalived是一个基于VRRP(virtual route redundent protocol)协议来实现的LVS服务高可用方案,可以利用其来避免单点故障。
一个LVS服务会有2台 服务器运行keepalived,一台为主服务器,一台为备服务器,但对外表现一个虚拟IP。
主服务会发送特定的消息给备服务器,当备服务器无法接收到主服务器的消息时,即认为主服务器宕机,备服务器会接管主服务器的VIP,继续提供服务,从而保证高可用性。
2.VRRP协议介绍
VRRP的目的就是为了解决静态路由单点故障问题,VRRP通过竞选协议来动态的将路由任务交给LAN中虚拟路由器中的某台VRRP路由器。
当有多台VRRP时,通过竞选,只有一台能成为master,master能拿到VIP,来转发送给网关的地址和包响应arp请求。
VRRP通过协议来竞选master,协议报文都是通过IP多播包形式发送的,对外都使用同一个mac地址,客户端主机不会因为master的更改来自己的路由配置,对于客户端来说master的主从切换是透明的。
正常情况下 master会一直发送vrrp通告信息,backup不会抢占master,除非backup的优先级比master更高,当master的宕机,优先级最高的backup在>1s的时间内进行抢占。
二、keepalived 优点缺点
优点: 轻量级、配置简单
缺点:不能实现服务状态级别的高可用
HA与LB的区别
HA:实现服务的高可用
LB:实现流量入口的最大化
三、keepalived应用场景
keepalived中实现轻量级的高可用,一般用于前端高可用,且不需要共享存储,一般常用语两个节点的高可用;
常见组合:
lvs+keepalived
nginx+keepalived
haproxy+keepalived
与heartbeat、corosync比较
heartbeat与corosync一般用于服务的高可用,且需要共享存储,一般用于多节点的高可用。
四、LVS+Keepalived 高可用负载均衡(主备模式)
4.1软件环境安装准备
系统:Centos 6.5
yum源:本地yum源
地址规划:
Keepalived VIP: 192.168.200.139
LVS主机2台: 192.168.200.132 192.168.200.133
real-server 主机2台: 192.168.200.134 192.168.200.135
4.2 LVS+Keepalived 安装
从centos6.3以后keeplive收录到base
#yum -y install keeplived ipvsadm //使用本地或者网络Yum源进行安装
#yum info keeplived //查看安装的信息
#rpm -ql keeplived ipvsadm //查看是否安装完成
4.3 Keepalived配置文件介绍
#vim /etc/keeplived/keeplived.conf //配置文件
配置文件组成部分:
global_configuration 全局配置段
vrrpd configuration vrrp配置进程
vrrp instance
vrrp synchonization group
lvs configuration lvs配置段
shell>man keepalived.conf //配置手册
4.4 Keepalived主备高可用模式
4.4.1 LVS主节点(192.168.200.132)配置
创建一个实例,实现VIP 192.168.200.139
shell>vim /etc/keeplived/keeplived.conf //默认是开启抢占模式的
global_defs { //全局配置段,
notification_email { //定义接收邮件
[email protected]
}
notification_email_from root
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL //集群组ID
vrrp_mcast_group //定义广播地址用于心跳通信,双主不需要定义,双主会影响
}
vrrp_script chk_xxx { //定义脚本策略,用户在线切换vip
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1 //2秒发一次检查
weight -2 //down文件存在优先级减去2
}
vrrp_instance VI_1 { //keepalived实例段
state MASTER //keepalived主节点
interface eth0 //通信端口
virtual_router_id 51 //定义虚拟路由id,同一个实例必须一样,可以定义多个实例
priority 102 //定义实例优先级,越大越优先,0-255
advert_int 1 //检查时间间隔,不能太长不能太短
nopreempt //设置非抢占
authentication { //加密验证
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { //定义虚拟VIP
192.168.200.139 dev eth0 label eth0:0
}
track_script {
chk_xxx //调用脚本进行检查
}
}
virtual_server 192.168.200.139 80 { //vip
delay_loop 6 //检查失败转6圈
lb_algo rr //调度方式
lb_kind DR //lvs类型
nat_mask 255.255.255.0 //掩码
#persistence_timeout 50 //持久连接
protocol TCP
sorry_server 127.0.0.1 //无法提供访问返回页面
real_server 192.168.200.134 80 {
weight 1
HTTP_GET {
url {
path / #请求根,可以给多个url
status_code 200 #返回状态值
}
connect_timeout 2 #连接超时
nb_get_retry 3 #失败重试
delay_before_retry 1
}
real_server 192.168.200.135 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
sorry_server 127.0.0.1 80 如果全部故障就返回lvs主机的web网页
}
}
4.4.2 LVS备节点(192.168.200.133)配置
shell>vim /etc/keeplived/keeplived.conf //默认是开启抢占模式的
global_defs { //全局配置段,
notification_email { //定义接收邮件
[email protected]
}
notification_email_from root
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL //集群组ID
vrrp_mcast_group //定义广播地址用于心跳通信,双主不需要定义,双主会影响
}
vrrp_script chk_xxx { //定义脚本策略,用户在线切换vip
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1 //2秒发一次检查
weight -2 //down文件存在优先级减去2
}
vrrp_instance VI_1 { //keepalived实例段
state BACKUP //keepalived备节点
interface eth0 //通信端口
virtual_router_id 51 //定义虚拟路由id,同一个实例必须一样,可以定义多个实例
priority 100 //定义实例优先级,越大越优先,0-255
advert_int 1 //检查时间间隔,不能太长不能太短
nopreempt //设置非抢占
authentication { //加密验证
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { //定义虚拟VIP
192.168.200.139 dev eth0 label eth0:0
}
track_script {
chk_xxx //调用脚本进行检查
}
virtual_server 192.168.200.139 80 { //vip
delay_loop 6 //检查失败转6圈
lb_algo rr //调度方式
lb_kind DR //lvs类型
nat_mask 255.255.255.0 //掩码
#persistence_timeout 50 //持久连接
protocol TCP
sorry_server 127.0.0.1 //无法提供访问返回页面
real_server 192.168.200.134 80 {
weight 1
HTTP_GET {
url {
path / #请求根,可以给多个url
status_code 200 #返回状态值
}
connect_timeout 2 #连接超时
nb_get_retry 3 #失败重试
delay_before_retry 1
}
real_server 192.168.200.135 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
sorry_server 127.0.0.1 80
}
}
4.4.3 解析
【这就是vrrp_script、track_script脚本基本工作机制;】
【可利用这样的脚本来判断http服务是否ok,实现出现故障时,地址自动浮动到另一节点上继续提供服务;】
【要判断一个服务是否在线,脚本应写的越简单越好;】
shell> killall -0 httpd
httpd: no process found
shell> echo $?
【显示为1】
在实例上添加一个vrrp_script chk_httpd策略,然后调用在实例中,即可实现对网站httpd程序的监控
配置完成后,会自动在ipvsadm 中添加一个虚拟主机和2个real-server主机。
shell> ipvsadm -Ln 进行查看
4.4.4 日志定义
#vim /etc/sysconfig/keepalived 添加日志
KEEPALIVED_OPSTION "D -S 3"
vim /etc/rsyslog.conf
local3.* /var/log/keepalived.log
#systemctl restart rsyslog.service
#systemctl restart keepalived.service
4.4.5 邮件通知脚本
邮件通知脚本,主备切换后自动通过邮件报警
shell> vim /etc/keepalived/notify.sh
#!/bin/bash
vip=192.168.200.139
contact=x.x.x.x @qq.com
{ notify()
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date' +%F %H:%M:%S'` : vrrp transition, `hostname` changed to be $1"
echo $mailbody | mail -s "$mailsubject" $contact
}
case "$1" in
master)
notify master
exit 0
;;
backup)
notify backup
exit 0
;;
fault)
notify fault
exit 0
;;
*)
echo 'usage: `basename $0` {master|backup|fault}'
exit 1
;;
esac
}
shell>chmod o+x /etc/keepalived/notify.sh
4.4.6 real-server 配置
通过脚本实现real server 配置
real server192.168.200.134-135配置
shell>vim /etc/rc.d/init.d/realserver.sh
#!/bin/bash
#description: Config realserver lo and apply noarp
SNS_VIP=192.168.200.139
/etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP
/sbin/route add -host $SNS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK" /bin/true
;;
stop)
ifconfig lo:0 down
route del $SNS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped" /bin/true
;;
*)
echo "Usage: $0 {start|stop}" /bin/false
exit 1
esac
exit 0五、LVS+Keepalived 高可用负载均衡(双主模式)
在配置文件中建立2个实例,互为主备,当域名有2个A记录是,实现双主调度
注意不要定义组播地址:
vrrp_instance VI_2
state BACKUP
interface eth0:1
vritual_router_id 61 //不能与实例1一样
priority 99 //低于master
advert_int 1
authentication //不能与实例一一样
virtual_ipaddress {
192.168.200.139/16 dev eth0 label eth0:0
}定义一个ipvs集群
virtual_server 192.168.200.139 80 { //vip
delay_loop 6 //检查失败转6圈
lb_algo rr //调度方式
lb_kind DR //lvs类型
nat_mask 255.255.255.0 //掩码
#persistence_timeout 50 //持久连接
protocol TCP
sorry_server 127.0.0.1 //无法提供访问返回页面
real_server 192.168.200.134 80 {
weight 1
HTTP_GET {
url {
path / #请求根,可以给多个url
status_code 200 #返回状态值
}
connect_timeout 2 #连接超时
nb_get_retry 3 #失败重试
delay_before_retry 1
}
real_server 192.168.200.135 80 {
weight 1
HTTP_GET {
url {
path / #请求根,可以给多个url
status_code 200 #返回状态值
}
connect_timeout 2 #连接超时
nb_get_retry 3 #失败重试
delay_before_retry
}
sorry_server 127.0.0.1 //故障提示
}
}
5.1 完整的基于keepalived的lvs实验
(双主只需多加入一个实例)
192.168.200.132 LVS主配置
#vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from root
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node132
}
vrrp_script chk_xxx {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit0"
interval 1
weight -20
}
vrrp_script chk_httpd {
script "killall -0 httpd"
interval 2
weight -5
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.139 dev eth0 label eth0:0
}
track_script {
chk_xxx
chk_httpd
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.200.139 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
protocol TCP
real_server 192.168.200.134 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
}
real_server 192.168.200.135 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
}
sorry_server 127.0.0.1 80
192.168.200.133 LVS次主配置
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from root
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node132
}
vrrp_script chk_xxx {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit0"
interval 1
weight -20
}
vrrp_script chk_httpd {
script "killall -0 httpd"
interval 2
weight -5
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 99
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.139 dev eth0 label eth0:0
}
track_script {
chk_xxx
chk_httpd
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.200.139 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
protocol TCP
real_server 192.168.200.134 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
}
real_server 192.168.200.135 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
}
sorry_server 127.0.0.1 80
}
}5.2 通过脚本实现real server 配置
real server192.168.200.134-135配置
shell>vim /etc/rc.d/init.d/realserver.sh
#!/bin/bash
#description: Config realserver lo and apply noarp
SNS_VIP=192.168.200.139
/etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP
/sbin/route add -host $SNS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK" /bin/true
;;
stop)
ifconfig lo:0 down
route del $SNS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped" /bin/true
;;
*)
echo "Usage: $0 {start|stop}" /bin/false
exit 1
esac
exit 0
六、Keepalived集群Nginx负载均衡
(双主配置)
正常安装nginx···
[root@test01 keepalived]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from root
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node133
}
vrrp_script chk_xxx {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit0" #当该目录有down文件就切换
interval 1
weight -20
}
vrrp_script chk_httpd {
script "killall -0 nginx"
interval 2
weight -5
}
vrrp_instance VI_11 {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.139 dev eth0 label eth0:0
}
track_script {
chk_xxx
chk_httpd
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_22 {
state MASTER
interface eth0
virtual_router_id 61
priority 110
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.200.137 dev eth0 label eth0:1
}
track_script {
chk_xxx
chk_httpd
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
sorry_server 127.0.0.1
[root@test02 keepalived]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from root
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node132
}
vrrp_script chk_xxx {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit0"
interval 1
weight -20
}
vrrp_script chk_httpd {
script "killall -0 nginx"
interval 2
weight -5
}
vrrp_instance VI_11 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.139 dev eth0 label eth0:0
}
track_script {
chk_xxx
chk_httpd
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_22 {
state BACKUP
interface eth0
virtual_router_id 61
priority 99
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.200.137 dev eth0 label eth0:1
}
track_script {
chk_xxx
chk_httpd
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
sorry_server 127.0.0.1
}
}七、Keepalived 切换原理
七、Keepalived状态切换的条件和因素
1.keepalived 应用场景
keepalived的研发是针对LVS的,特点是轻量级、配置简洁。正因为这个特点,个人认为其适合应用在资源相对少,且无共享存储的环境下,尤其适合在负载均衡器上使用,如LVS、haproxy、nginx等上,也可以用于轻量级的http环境,作为其高可用组件。当然理论上很多高可用的场景其都可以实现,不过基于keepalived本身的资源切换方式功能并不推荐使用。
2、影响keepalived状态切换的因素
keepalived状态切换主要通过其VRRP协议中的weight值结合健康脚本实现,节点的优先级也会根据脚本的检测状态动态调整。其实keepalived实现根据资源健康情况进行自由切换会根据跑的业务类型会有差别的的,有些情况当master上的资源由于故障切换到backup上时候,那么如果想再切回来就需要关闭keepalived的服务才可以,可以通过脚本定义,实现手动切换。
1.MASTER、BACKUP、priority(优先级)
设定keepalived的master和backup值主要是在priority(优先级)相同的前提下才有意义,如果优先级不同的话,还是以优先级高的为master,而不管其设定了master还是backup,通常下我们两个节点最好指定不同的优先级。
2.vrrp_script脚本的weight值
这个weight值必须指定,否则有时候重启服务后该节点被显示为fault 状态。
weight值分为正值和负值,假定weight值为W,初始的优先级为P,
当weight值<0时:如果检测脚本返回值=0,则节点最终优先级不改变。
如果检测脚本返回值≠0,则节点最终优先级=P-W,优先级会减小
当weight值>0时如果检测脚本返回值=0,则节点最终优先级=P+W,优先级会增加
如果检测脚本返回值≠0,则节点最终优先级不改变。
节点优先级的变化和所在节点的业务状态会有很大关系,看下面两个表格:
一,当两个节点上的业务服务都处于启动状态,如httpd,那么优先级变化会如下:
二,当master节点业务启动,backup节点业务为停止状态,如,haproxy(因为haproxy没有监听的地址是无法启动的,其实很多业务都是两个节点一启一停的)
总结:由上可以看出,如果是第二种情况,那么只有关闭keepalived服务才能进行切换,这就是很多人做实验发现为什么业务停了却不能切换的原因,这种情况下我们可以改编初始优先级和weight值使 A切换到B,但是如果要切换回去,就手动停止keepalived才可以。这也是为什么keepalived不适合做大业务集群的原因,如果只是针对调度器做高可用的话还比较合适。
八、Keepalived 脑裂问题
8.1什么时脑裂?
在高可用系统中,当联系的2个节点的心跳失去联系时,原本为一体的2个节点,被一份为2,成为2个单独的个体,由于失去联系,都认为对方故障,使得2个节点之间争抢同一个资源。
会出现争服务、争资源的情况,如果争共享资源,可能会导致数据损坏。
8.2如果来避免与解决脑裂问题?
(1) 增加心跳线,从1根增加到2根,降低事故发生的几率。
(2) 设置仲裁机制,2个节点同时检查网关或者时固定的地址等,如果与该地址不通则认为自己故障,主动把自己的服务停掉
8.3方法有了如何实现了?
在keepalived中可以使用监控脚本来对服务进行监控,通用我们可以通过脚本来实现仲裁,不停的监控网关地址,如果网关地址故障,就自动关闭keepalived服务
最容易的是借助keepalived提供的vrrp_script及track_script实现。如下所示
在配置文件中添加2段:
track_script {
check_local
}
vrrp_script check_local {
script "/root/check_gateway.sh"
interval 5
}简单演示脚本如下:可以根据自己的需求去完善
#vim /root/check_gateway.sh
#!/bin/bash
ip="192.168.200.1"
while true
do
ping -c 1 -w 2 $ip > /dev/null 2>&1
a=$?
sleep 1
ping -c 1 -w 2 $ip > /dev/null 2>&1
b=$?
sleep 1
ping -c 1 -w 2 $ip > /dev/null 2>&1
c=$?
if [ $a -ne 0 -a $b -ne 0 -a $c -ne 0 ];then
./etc/init.d/keepalived stop
exit 1
else
echo "is ok"
fi
done8.4 keepalived 启动后,自动停止,日志报错,出现如下vip6的提示:
Jun 14 15:04:06 localhost Keepalived_healthcheckers[27981]: Netlink reflector reports IP fe80::250:56ff:fe9a:3c42 added
Jun 14 15:04:06 localhost Keepalived_healthcheckers[27981]: Registering Kernel netlink reflector
Jun 14 15:04:06 localhost Keepalived_healthcheckers[27981]: Registering Kernel netlink command channel
Jun 14 15:04:06 localhost kernel: IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
Jun 14 15:04:06 localhost kernel: IPVS: Connection hash table configured (size=4096, memory=64Kbytes)
Jun 14 15:04:06 localhost kernel: IPVS: ipvs loaded.
Jun 14 15:04:06 localhost Keepalived_healthcheckers[27981]: Opening file '/etc/keepalived/keepalived.conf'.
Jun 14 15:04:06 localhost Keepalived_healthcheckers[27981]: Configuration is using : 8052 Bytes
Jun 14 15:04:06 localhost Keepalived_healthcheckers[27981]: Using LinkWatch kernel netlink reflector...
Jun 14 15:04:06 localhost Keepalived[27980]: Stopping Keepalived v1.2.13 (03/19,2015)
Jun 14 15:16:27 localhost Keepalived[28198]: Starting Keepalived v1.2.13 (03/19,2015)
Jun 14 15:16:27 localhost Keepalived[28199]: Starting Healthcheck child process, pid=28200
Jun 14 15:16:27 localhost Keepalived[28199]: Starting VRRP child process, pid=28201
Jun 14 15:16:27 localhost Keepalived_healthcheckers[28200]: Netlink reflector reports IP 10.10.64.4 added
Jun 14 15:16:27 localhost Keepalived_vrrp[28201]: Netlink reflector reports IP 10.10.64.4 added
Jun 14 15:16:27 localhost Keepalived_healthcheckers[28200]: Netlink reflector reports IP fe80::250:56ff:fe9a:3c42 added
Jun 14 15:16:27 localhost Keepalived_vrrp[28201]: Netlink reflector reports IP fe80::250:56ff:fe9a:3c42 added
Jun 14 15:16:27 localhost Keepalived_healthcheckers[28200]: Registering Kernel netlink reflector
Jun 14 15:16:27 localhost Keepalived_healthcheckers[28200]: Registering Kernel netlink command channel
Jun 14 15:16:27 localhost Keepalived_vrrp[28201]: Registering Kernel netlink reflector
Jun 14 15:16:27 localhost Keepalived_vrrp[28201]: Registering Kernel netlink command channel
Jun 14 15:16:27 localhost Keepalived_vrrp[28201]: Registering gratuitous ARP shared channel
Jun 14 15:16:27 localhost Keepalived_healthcheckers[28200]: Opening file '/etc/keepalived/keepalived.conf'.
Jun 14 15:16:27 localhost Keepalived_healthcheckers[28200]: Configuration is using : 8044 Bytes
Jun 14 15:16:27 localhost Keepalived_vrrp[28201]: Opening file '/etc/keepalived/keepalived.conf'.
Jun 14 15:16:27 localhost Keepalived_vrrp[28201]: Configuration is using : 69527 Bytes
Jun 14 15:16:27 localhost Keepalived_vrrp[28201]: Using LinkWatch kernel netlink reflector...
Jun 14 15:16:27 localhost Keepalived_healthcheckers[28200]: Using LinkWatch kernel netlink reflector...
Jun 14 15:16:27 localhost Keepalived_vrrp[28201]: VRRP_Instance(VI_2) Entering BACKUP STATE
Jun 14 15:16:27 localhost Keepalived_vrrp[28201]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Jun 14 15:16:27 localhost Keepalived[28199]: Stopping Keepalived v1.2.13 (03/19,2015)
故障原因:
服务器开启了vip6,导致匹配了vip6地址
解决方法:
核实服务器是否需要vip6,如果不需要,可以关闭
临时关闭方法:
shell> echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6
永久关闭
shell > vim /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
shell> source /etc/sysctl.conf
8.5keepalived 两节点出现双VIP情况(双主的情况下)
出现双主的情况,我一下子也没有从日志中找到原因,我做了2个操作
查看iptables 、查看selinux
发现iptables 有配置,所以百度了下,https://www.cnblogs.com/netonline/archive/2017/10/09/7642595.html Netonline作者的博客
需要通过iptables 放开vrrp 的广播报文。
配置iptables,允许vrrp流量,或者允许组播流量
[root@psql_standby ~]# vim /etc/sysconfig/iptables
-A INPUT -p vrrp -j ACCEPT
或者:-A INPUT -m pkttype --pkt-type multicast -j ACCEPT
重启iptables:
[root@psql_standby ~]# service iptables restart
我还犯了一个错误:
将策略-A 写在REJECAT后面,导致还是出现双vip的情况,一定要写在REJECT前面。
ACCEPT vrrp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
转载于:https://blog.51cto.com/7603402/2084915