keepalived 启动失败启动失败,求大神。

来源:蜘蛛抓取(WebSpider) 时间:2018-07-06 02:51 标签: keepalived 轮询 失败
先锋游戏知道信息频道欢迎您
keepalived+nginx出现脑裂问题怎么解决? 求大神帮助 (最好是解决思路)
[╬═☆我ぁ低調單純ル] [ 16:54:55] (<span id="tgd) (<span id="tfd) &&
最佳答案在配置keepalived和haproxy的时候遇到脑裂的问题,还请大家帮助我分析一下,谢谢。我的环境信息如下: 一共两台虚拟机,是同个一共模板复制出来的(我怀疑问题出在这里)。 主机ip:备机ip: vip:主机的keepalived的配置如下:global_defs { & &notification_email { & & &root & &} & &notification_email_from root & &smtp_server
& &smtp_connect_timeout 30 & &router_id haproxy } vrrp_script chk_haproxy { & & & & & & & & script &/opt/& & & & & & & & & interval 2 & & & & & & & & weight 2 } vrrp_instance haproxy1 { & state master #标示状态为master 备份机为backup& interface eth0 & virtual_router_id 51 & priority 100 #master权重为100,backup权重为90 & advert_int 1 & authentication { & & &auth_type pass #主从服务器验证方式& & &auth_pass 1111 & } & & track_interface { & & & & & # 监控的接口& & & eth0 & & & eth1 & & } & virtual_ipaddress { & & &/24 dev eth0&& } & track_script {& & & &chk_haproxy ### 执行监控的服务& & } }备机的keepalived的配置如下:global_defs { & &notification_email { & & root & &} & &notification_email_from root & &smtp_server
& &smtp_connect_timeout 30 & &router_id haproxy } vrrp_script chk_haproxy { & & & & & & & & script &/opt/& & & & & & & & & interval 2 & & & & & & & & weight 2 }vrrp_instance haproxy1 { & state backup #标示状态为master 备份机为backup #interface eth0:1 & #interface
& interface eth0 & virtual_router_id 51 & priority 90 #master权重为100,backup权重为90 & advert_int 1 & authentication { & & &auth_type pass #主从服务器验证方式& & &auth_pass 1111 & } & & track_interface { & & & & & # 监控的接口& & & eth0 & & & eth1 & & } & virtual_ipaddress { & & &/24 dev eth0&& } & track_script {& & & &chk_haproxy ### 执行监控的服务& & } }主备机网络是通的。 主备机操作系统是,keepalived的版本是keepalived 。在我的环境中,我用上面的配置在主备机分别启动keepalived以后,发现备机先进入backup在转换到master模式。如下为日志keepalived[22262]: starting keepalived
(03/15,2015) keepalived[22263]: starting vrrp child process, pid=22264 keepalived_vrrp[22264]: netlink reflector reports ip
added keepalived_vrrp[22264]: netlink reflector reports ip
addedkeepalived_vrrp[22264]: netlink reflector reports ip fe80::250:56ff:feb5:311e added keepalived_vrrp[22264]: netlink reflector reports ip fe80::250:56ff:feb5:b8c4 added keepalived_vrrp[22264]: registering kernel netlink reflector keepalived_vrrp[22264]: registering kernel netlink command channel keepalived_vrrp[22264]: registering gratuitous arp shared channel keepalived_vrrp[22264]: opening file &#39;/etc/keepalived/&#39;. keepalived_vrrp[22264]: configuration is using : 66715 bytes keepalived_vrrp[22264]: using linkwatch kernel netlink reflector...keepalived_vrrp[22264]: vrrp_instance(haproxy1) entering backup state keepalived_vrrp[22264]: vrrp sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)] keepalived_vrrp[22264]: vrrp_script(chk_haproxy) succeeded keepalived_vrrp[22264]: vrrp_instance(haproxy1) transition to master state keepalived_vrrp[22264]: vrrp_instance(haproxy1) entering master state
keepalived_vrrp[22264]: vrrp_instance(haproxy1) setting protocol vips. keepalived_vrrp[22264]: vrrp_instance(haproxy1) sending gratuitous arps on eth0 for
avahi-daemon[1783]: registering new address record for
on . keepalived_vrrp[22264]: vrrp_instance(haproxy1) sending gratuitous arps on eth0 for
昵称: 验证码:
评论仅供网友表达个人看法,并不表明本站同意其观点或证实其描述
其它单机游戏相关知识
其它单机游戏其他问题如题所示,keepalived安装配置好之后能够正常启动,但是虚IP并没有生成。接着检查防火墙(iptables)发现也没有相关的限制。稍微郁闷了一下之后,查看了keepalived的日志文件,这次成功发现了问题所在:keepalived的日志文件路径:/var/log/messages相关的日志信息如下:可以发现,出现这个问题的原因在于我在 keepalived.conf 配置文件中将 virtual_router_id 参数设置了默认id——51,然后同一内网内还有其他keepalived集群也设置了51这个默认路由id,因此keepalived爆“目前xxx这个虚拟IP不能绑定到51这个路由id上”的错误解决方案:将keepalived.conf文件中的 virtual_router_id 参数设置成其他即可,如:79、89、101。只要取值范围在取值0-255就行注:修改之后的keepalived.conf文件如下:
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
notification_email_from Alexandre.Cassen@firewall.loc
#smtp_server 192.168.100.1
#smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 79
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
virtual_ipaddress {
192.168.100.10
virtual_server 192.168.100.10 3306 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.1 3306 {
notify_down /etc/keepalived/kill_keepalived.sh
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152! Configuration File for keepalived&global_defs {&& notification_email {&&&& acassen@firewall.loc&&&& failover@firewall.loc&&&& sysadmin@firewall.loc&& }&& notification_email_from Alexandre.Cassen@firewall.loc&& #smtp_server 192.168.100.1&& #smtp_connect_timeout 30&& router_id LVS_DEVEL&& vrrp_skip_check_adv_addr&& vrrp_strict&& vrrp_garp_interval 0&& vrrp_gna_interval 0}&vrrp_instance VI_1 {&&&&state BACKUP&&&&interface eth0&&&&virtual_router_id 79&&&&priority 100&&&&advert_int 1&&&&nopreempt&&&&authentication {&&&&&&&&auth_type PASS&&&&&&&&auth_pass 1111&&&&}&&&&virtual_ipaddress {&&&&&&&&192.168.100.10&&&&}}&virtual_server 192.168.100.10 3306 { &&&&delay_loop 6 &&&&lb_algo rr &&&&lb_kind DR &&&&persistence_timeout 50 &&&&protocol TCP
&&&&real_server 192.168.100.1 3306 { &&&&&&&&weight 3&&&&&&&&notify_down /etc/keepalived/kill_keepalived.sh&&&&&&&&TCP_CHECK { &&&&&&&&&&&&connect_timeout 10 &&&&&&&&&&&&nb_get_retry 3 &&&&&&&&&&&&delay_before_retry 3 &&&&&&&&&&&&connect_port 3306 &&&&&&&&} &&&&}}&**keepalive自启动服务报错,问题的解决
移动keepalived服务报错
# service keepalived start
Job for keepalived.service failed because a configured resource limit was exceeded. See "systemctl status keepalived.service" and "journalctl -xe" for details.
Job for keepalived.service failed because a configured resource limit was exceeded. See "systemctl status keepalived.service" and "journalctl -xe" for
# systemctl status keepalived.service
我们可以看到日志,是写日志出了问题[root@zk-02 sbin]# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived. vendor preset: disabled)
Active: failed (Result: resources) since Fri
15:32:31 CST; 4min 59s ago
Process: 16764 ExecStart=/usr/local/program/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Aug 04 15:32:25 zk-02 Keepalived_healthcheckers[16768]: Activating healthchecker for service [10.10.10.2]:1358
Aug 04 15:32:25 zk-02 Keepalived_healthcheckers[16768]: Activating healthchecker for service [10.10.10.3]:1358
Aug 04 15:32:25 zk-02 Keepalived_healthcheckers[16768]: Activating healthchecker for service [10.10.10.3]:1358
Aug 04 15:32:25 zk-02 Keepalived_vrrp[16769]: (VI_1): No VIP at least one is required
Aug 04 15:32:26 zk-02 Keepalived[16766]: Keepalived_vrrp exited with permanent error CONFIG. Terminating
Aug 04 15:32:26 zk-02 Keepalived[16766]: Stopping
Aug 04 15:32:31 zk-02 systemd[1]: keepalived.service never wrote its PID file. Failing.
##写日志出了问题
Aug 04 15:32:31 zk-02 systemd[1]: Failed to start LVS and VRRP High Availability Monitor.
Aug 04 15:32:31 zk-02 systemd[1]: Unit keepalived.service entered failed state.
Aug 04 15:32:31 zk-02 systemd[1]: keepalived.service failed.
[root@zk-02 sbin]# vi /var/run/keepalived.pid
[root@zk-02 sbin]# vim /lib/systemd/system/keepalived.service
[root@zk-02 sbin]# vim /lib/systemd/system/keepalived.service
查看keepalived.service
# vi /lib/systemd/system/keepalived.service内容如下
Description=LVS and VRRP High Availability Monitor
After=syslog.target network-online.target
Type=forking
PIDFile=/usr/local/program/keepalived/var/run/keepalived.pid
##发现这个目录不存在,无法写入keepalived.pid
KillMode=process
EnvironmentFile=-/usr/local/program/keepalived/etc/sysconfig/keepalived
ExecStart=/usr/local/program/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
WantedBy=multi-user.target
PIDFile=/usr/local/program/keepalived/var/run/keepalived.pid
##发现这个目录不存在,无法写入keepalived.pid
PIDFile=/var/run/keepalived.pid
# systemctl daemon-reload
#重新载入 systemd,扫描新的或有变动的单元
在运行就Ok了
service keepalived start
Starting keepalived (via systemctl):
没有更多推荐了,centos7下keepalived1.4.0安装启动卸载 - 简书
centos7下keepalived1.4.0安装启动卸载
1.下载keepalived下载地址:,这里下载的版本是linux下的最新版:keepalived-1.4.0.tar.gz2.安装keepalived[root@localhost ~]# tar -zxvf keepalived-1.4.0.tar.gz
解压后需要安装gcc命令,否则在configure时会报错,如下:
[root@localhost ~]# yum install -y gcc openssl-devel popt-devel
安装好gcc后进入解压的keepalived目录下,执行[root@localhost ~]# ./configure --prefix=/usr/local/keepalived
[root@localhost ~]# make && make install 以上步骤如果没有错误,则说明编译安装成功。但此时还不能直接使用安装的keepalived,需要拷贝几个文件到指定的目录下才可以直接使用。拷贝的文件如下:[root@localhost ~]# cp keepalived-1.4.0/keepalived/etc/init.d/keepalived
/etc/init.d/
[root@localhost ~]# mkdir /etc/keepalived[root@localhost ~]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf
/etc/keepalived/
[root@localhost ~]# cp keepalived-1.4.0/keepalived/etc/sysconfig/keepalived
/etc/sysconfig/
[root@localhost ~]# cp /usr/local/keepalived/sbin/keepalived
/usr/sbin/ 复制完后启动keepalived。(3)启动keepalived[root@localhost ~]# service keepalived start
Starting keepalived (via systemctl):
(4)验证是否启动成功[root@localhost ~]# ps -aux |grep keepalived
如果输出如下:
正常启动后,这里有3条记录,其中一个是父进程,负责监控其子进程。一个是vrrp子进程,另外一个是checkers子进程。其他情况说明启动失败。(5)设置开启启动: [root@localhost ~]# chkconfig keepalived on(6)卸载卸载时,进入keepalived解压目录的keepalived目录下,执行: [root@localhost ~]# make uninstall然后删除相关文件,即步骤2中拷贝的几个文件。这里就不一一列出了。
reap what you sow
【MySQL】Linux下MySQL 5.5、5.6和5.7的RPM、二进制和源码安装 1.1BLOG文档结构图 1.2前言部分 1.2.1导读和注意事项 各位技术爱好者,看完本文后,你可以掌握如下的技能,也可以学到一些其它你所不知道的知识,~O(∩_∩)O~: ①MySQ...
一、项目目标 搭建一个高可用web集群网站 二、项目规划 2.1 ip地址规划 2.2 拓扑图 2.3 相关说明 2.3.1 数据库采用mysql主主复制和mmm高可用2.3.2 web集群为lvs+dr模式,keeplived实现高可用2.3.3 nfs使两个web服务器...
负载均衡技术对于一个网站尤其是大型网站的web服务器集群来说是至关重要的!做好负载均衡架构,可以实现故障转移和高可用环境,避免单点故障,保证网站健康持续运行。关于负载均衡介绍,可以参考:linux负载均衡总结性说明(四层负载/七层负载)由于业务扩展,网站的访问量不断加大,负...
安装前的准备源码包下载查看系统是否安装了PHP,MYSQL,APACHE查看是否安装[root@localhost ~]#rpm -q httpd mysql php 如果安装请卸载[root@localhost ~]#rpm -e httpd --nodeps [root...
一、场景需求 二、Keepalived 简要介绍 Keepalived 是一种高性能的服务器高可用或热备解决方案,Keepalived 可以用来防止服务器单点故障的发生,通过配合 Nginx 可以实现 web 前端服务的高可用。 Keepalived 以 VRRP 协议为实...
字里行间透着清寂,风雅,温暖,柔美,又浩荡,阳刚,风骨。它没有苍凉与失意,没有惆怅和凄惶。只有青青草木,风动花香。一字一意,石破天惊,叫人过目不忘。我知道,这世间再也没有哪一本书能让我如此倾倒,着迷,疯狂,仰慕了。 封面上的人物。消瘦,须发斑白,盛开的莲花一样淡雅安然的眼神...
项目地址:https://github.com/KrisCan/wxa-cnode 一、功能介绍 基于cnode社区Api,实现了一下功能: 1)主题的新建、查看、修改及收藏; 2)评论的查看、回复、发表及点赞; 3)未读消息的提醒、查看。 二、效果预览 1)首页 2)主题...
不知不觉,参加第三期中国式众筹培训班到现在已经十个多月的时间了,通过参与、分享、互动和践行,对中国式众筹的理解和收获颇多,尤其是在原创写作群的参与的过程中有很多体会,与大家分享:
一:总有一个入门的理由
参加中国式众筹学习,正赶上原创写作群刚成立不久,杨众筹号召...
神探夏洛克 第四季 Sherlock Season 4 在广大腐女的期待中如期到来。 时光荏苒,白驹过隙。 本尼迪克特·康伯巴奇饰演的神探夏洛克眼角的皱纹提醒我们这部牛x哄哄的英剧从首播至今已经过去了整整七个年头。 回想2010年的七月,人人影视还没有被...
本学期师生共读的第二本书是意大利作家亚米契斯的《爱的教育》。 《爱的教育》通过日记的形式,以一个小学生安利柯的口吻反应出了社会上不同阶层的人以及他们的关系。主人公安利柯是一个四年级的小学生,与朋友们一起开心的学习、玩耍,从不在意朋友的贫富、优劣。书中塑造了一个个了不起的人物...讨论与进步
Keepalived无法绑定VIP故障排查经历
一 故障描述
我在台湾合作方给定的两台虚拟机上部署HAProxy+Keepalived负载均衡高可用方案。在配置完Keepalived后,重新启动Keepalived,Keepalived没有绑定VIP。
Keepalived执行程序路径为/data/app_platform/keepalived/sbin/keepalived
配置文件路径为/data/app_platform/keepalived/conf/keepalived.conf
Keepalived的启动脚本为/etc/init.d/keepalived
keepalived.conf的内容
LB1 Master
! Configuration File for keepalived
global_defs {
notification_email {
notification_email_from
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LB1_MASTER
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
virtual_ipaddress {
10.1.1.200/24
brd 10.1.1.255
dev eth1 label eth1:vip
track_script {
chk_haproxy
重新启动Keepalived查看日志
3 18:09:00 cv-1 Keepalived[20138]: Stopping Keepalived v1.2.15 (02/28,2015)
3 18:09:00 cv-1 Keepalived[20259]: Starting Keepalived v1.2.15 (02/28,2015)
3 18:09:00 cv-1 Keepalived[20260]: Starting Healthcheck child process, pid=20261
3 18:09:00 cv-1 Keepalived[20260]: Starting VRRP child process, pid=20262
3 18:09:00 cv-1 Keepalived_vrrp[20262]: Registering Kernel netlink reflector
3 18:09:00 cv-1 Keepalived_vrrp[20262]: Registering Kernel netlink command channel
3 18:09:00 cv-1 Keepalived_vrrp[20262]: Registering gratuitous ARP shared channel
3 18:09:00 cv-1 Keepalived_healthcheckers[20261]: Registering Kernel netlink reflector
3 18:09:00 cv-1 Keepalived_healthcheckers[20261]: Registering Kernel netlink command channel
3 18:09:00 cv-1 Keepalived_healthcheckers[20261]: Configuration is using : 3924 Bytes
3 18:09:00 cv-1 Keepalived_healthcheckers[20261]: Using LinkWatch kernel netlink reflector...
3 18:09:00 cv-1 Keepalived_vrrp[20262]: Configuration is using : 55712 Bytes
3 18:09:00 cv-1 Keepalived_vrrp[20262]: Using LinkWatch kernel netlink reflector...
3 18:09:18 cv-1 kernel: __ratelimit: 1964 callbacks suppressed
3 18:09:18 cv-1 kernel: Neighbour table overflow.
3 18:09:18 cv-1 kernel: Neighbour table overflow.
3 18:09:18 cv-1 kernel: Neighbour table overflow.
3 18:09:18 cv-1 kernel: Neighbour table overflow.
3 18:09:18 cv-1 kernel: Neighbour table overflow.
3 18:09:18 cv-1 kernel: Neighbour table overflow.
3 18:09:18 cv-1 kernel: Neighbour table overflow.
3 18:09:18 cv-1 kernel: Neighbour table overflow.
3 18:09:18 cv-1 kernel: Neighbour table overflow.
3 18:09:18 cv-1 kernel: Neighbour table overflow.
查看VIP绑定情况
$ ifconfig eth1:vip
Link encap:Ethernet
HWaddr 00:16:3E:F2:37:6B
UP BROADCAST RUNNING MULTICAST
Interrupt:13
没有VIP绑定
二 排查过程
1)检查VIP的配置情况
向合作方确认提供的VIP的详细情况
10.1.1.200
255.255.255.0
10.1.1.255
这里设置的是
10.1.1.200/24
brd 10.1.1.255
dev eth1 label eth1:vip
2)检查iptables和selinux的设置情况
$ sudo service iptables stop
$ sudo setenforce 0
setenforce: SELinux is disabled
如果非要开启iptables的话,需要作些设定
iptables -I INPUT -i eth1 -d 224.0.0.0/8 -j ACCEPT
service iptables save
keepalived使用224.0.0.18作为Master和Backup健康检查的通信IP
3)检查相关的内核参数
HAProxy+Keepalived架构需要注意的内核参数有:
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
开启IP转发功能
net.ipv4.ip_nonlocal_bind = 1
开启允许绑定非本机的IP
如果使用LVS的DR或者TUN模式结合Keepalived需要在后端真实服务器上特别设置两个arp相关的参数。这里也设置好。
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
4)检查VRRP的设置情况
LB1 Master
state MASTER
interface eth1
virtual_router_id 51
priority 100
LB2 Backup
state BACKUP
interface eth1
virtual_router_id 51
priority 99
Master和Backup的virtual_router_id需要一样,priority需要不一样,数字越大,优先级越高
5)怀疑是编译安装Keepalived版本出现了问题
重新下载并编译2.1.13的版本,并重新启动keepalived,VIP仍然没有被绑定。
线上有个平台的keepalived是通过yum安装的,于是打算先用yum安装keepalived后将配置文件复制过去看看是否可以绑定VIP
rpm -ivh http://ftp.linux.ncsu.edu/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y install keepalived
cp /data/app_platform/keepalived/conf/keepalived.conf
/etc/keepalived/keepalived.conf
重新启动keepalived
然后查看日志
4 16:42:46 xxxxx Keepalived_healthcheckers[17332]: Registering Kernel netlink reflector
4 16:42:46 xxxxx Keepalived_healthcheckers[17332]: Registering Kernel netlink command channel
4 16:42:46 xxxxx Keepalived_vrrp[17333]: Opening file '/etc/keepalived/keepalived.conf'.
4 16:42:46 xxxxx Keepalived_vrrp[17333]: Configuration is using : 65250 Bytes
4 16:42:46 xxxxx Keepalived_vrrp[17333]: Using LinkWatch kernel netlink reflector...
4 16:42:46 xxxxx Keepalived_vrrp[17333]: VRRP sockpool: [ifindex(3), proto(112), unicast(0), fd(10,11)]
4 16:42:46 xxxxx Keepalived_healthcheckers[17332]: Opening file '/etc/keepalived/keepalived.conf'.
4 16:42:46 xxxxx Keepalived_healthcheckers[17332]: Configuration is using : 7557 Bytes
4 16:42:46 xxxxx Keepalived_healthcheckers[17332]: Using LinkWatch kernel netlink reflector...
4 16:42:46 xxxxx Keepalived_vrrp[17333]: VRRP_Script(chk_haproxy) succeeded
4 16:42:47 xxxxx Keepalived_vrrp[17333]: VRRP_Instance(VI_1) Transition to MASTER STATE
4 16:42:48 xxxxx Keepalived_vrrp[17333]: VRRP_Instance(VI_1) Entering MASTER STATE
4 16:42:48 xxxxx Keepalived_vrrp[17333]: VRRP_Instance(VI_1) setting protocol VIPs.
4 16:42:48 xxxxx Keepalived_vrrp[17333]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 10.1.1.200
4 16:42:48 xxxxx Keepalived_healthcheckers[17332]: Netlink reflector reports IP 10.1.1.200 added
4 16:42:53 xxxxx Keepalived_vrrp[17333]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 10.1.1.200
再查看IP绑定情况
$ ifconfig eth1:vip
Link encap:Ethernet
HWaddr 00:16:3E:F2:37:6B
inet addr:10.1.1.200
Bcast:10.1.1.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST
Interrupt:13
再通过yum将keepalived卸载掉
yum remove keepalived
恢复到原来的启动脚本/etc/init.d/keepalived
重新启动keepalived后还是无法绑定VIP
怀疑是keepalived启动脚本/etc/init.d/keepalived的问题
检查/etc/init.d/keepalived
# Source function library.
. /etc/rc.d/init.d/functions
exec="/data/app_platform/keepalived/sbin/keepalived"
prog="keepalived"
config="/data/app_platform/keepalived/conf/keepalived.conf"
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
lockfile=/var/lock/subsys/keepalived
[ -x $exec ] || exit 5
[ -e $config ] || exit 6
echo -n $"Starting $prog: "
daemon $exec $KEEPALIVED_OPTIONS
[ $retval -eq 0 ] && touch $lockfile
return $retval
关键是这一行
daemon $exec $KEEPALIVED_OPTIONS
由于没有复制/etc/sysconfig/keepalived,所以将直接执行damon /data/app_platform/keepalived/sbin/keepalived
由于keepalived默认使用的是/etc/keepalived/keepalived.conf作为配置文件,而这里指定了不同的配置文件,所以要修改成为
daemon $exec -D -f $config
重新启动keepalived,查看日志和VIP绑定情况
$ ifconfig eth1:vip
Link encap:Ethernet
HWaddr 00:16:3E:F2:37:6B
inet addr:10.1.1.200
Bcast:10.1.1.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST
Interrupt:13
6)将LB2 Backup的keepalived启动脚本也修改一下,观察VIP接管情况
查看LB1 Master
$ ifconfig eth1:vip
Link encap:Ethernet
HWaddr 00:16:3E:F2:37:6B
inet addr:10.1.1.200
Bcast:10.1.1.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST
Interrupt:13
查看LB2 Backup
$ ifconfig eth1:vip
Link encap:Ethernet
HWaddr 00:16:3E:F2:37:6B
inet addr:10.1.1.200
Bcast:10.1.1.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST
Interrupt:13
问题出现了,LB1 Master和LB2 Backup都绑定了VIP 10.1.1.200,这是不正常的!!!!
在LB1和LB2上登录10.1.1.200看看
[lb1 ~]$ ssh 10.1.1.200
Last login: Wed Mar
4 17:31:33 2015 from 10.1.1.200
[lb2 ~]$ ssh 10.1.1.200
Last login: Wed Mar
4 17:54:57 2015 from 101.95.153.246
在LB1上停掉keepalived,ping下10.1.1.200这个IP,发现无法ping通
在LB2上停掉keepalived,ping下10.1.1.200这个IP,发现也无法ping通
然后开启LB1上的keepalived,LB1上可以ping通10.1.1.200,LB2上不行
开启LB2上的keepalived,LB2上可以ping通10.1.1.200
由此得出,LB1和LB2各自都将VIP 10.1.1.200绑定到本机的eth1网卡上。两台主机并没有VRRP通信,没有VRRP的优先级比较。
7)排查影响VRRP通信的原因
重新启动LB1 Master的Keepalived查看日志
5 15:45:36 gintama-taiwan-lb1 Keepalived_vrrp[32303]: Configuration is using : 65410 Bytes
5 15:45:36 gintama-taiwan-lb1 Keepalived_vrrp[32303]: Using LinkWatch kernel netlink reflector...
5 15:45:36 gintama-taiwan-lb1 Keepalived_vrrp[32303]: VRRP sockpool: [ifindex(3), proto(112), unicast(0), fd(10,11)]
5 15:45:36 gintama-taiwan-lb1 Keepalived_vrrp[32303]: VRRP_Script(chk_haproxy) succeeded
5 15:45:37 gintama-taiwan-lb1 Keepalived_vrrp[32303]: VRRP_Instance(VI_1) Transition to MASTER STATE
5 15:45:38 gintama-taiwan-lb1 Keepalived_vrrp[32303]: VRRP_Instance(VI_1) Entering MASTER STATE
5 15:45:38 gintama-taiwan-lb1 Keepalived_vrrp[32303]: VRRP_Instance(VI_1) setting protocol VIPs.
5 15:45:38 gintama-taiwan-lb1 Keepalived_vrrp[32303]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 10.1.1.200
5 15:45:38 gintama-taiwan-lb1 Keepalived_healthcheckers[32302]: Netlink reflector reports IP 10.1.1.200 added
5 15:45:43 gintama-taiwan-lb1 Keepalived_vrrp[32303]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 10.1.1.200
发现LB1 Master上的Keepalived直接进入Master状态,然后接管VIP
再重新启动LB2 Backup上的Keepalived,查看日志
5 15:47:42 gintama-taiwan-lb2 Keepalived_vrrp[30619]: Configuration is using : 65408 Bytes
5 15:47:42 gintama-taiwan-lb2 Keepalived_vrrp[30619]: Using LinkWatch kernel netlink reflector...
5 15:47:42 gintama-taiwan-lb2 Keepalived_vrrp[30619]: VRRP_Instance(VI_1) Entering BACKUP STATE
5 15:47:42 gintama-taiwan-lb2 Keepalived_vrrp[30619]: VRRP sockpool: [ifindex(3), proto(112), unicast(0), fd(10,11)]
5 15:47:46 gintama-taiwan-lb2 Keepalived_vrrp[30619]: VRRP_Instance(VI_1) Transition to MASTER STATE
5 15:47:47 gintama-taiwan-lb2 Keepalived_vrrp[30619]: VRRP_Instance(VI_1) Entering MASTER STATE
5 15:47:47 gintama-taiwan-lb2 Keepalived_vrrp[30619]: VRRP_Instance(VI_1) setting protocol VIPs.
5 15:47:47 gintama-taiwan-lb2 Keepalived_vrrp[30619]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 10.1.1.200
5 15:47:47 gintama-taiwan-lb2 Keepalived_healthcheckers[30618]: Netlink reflector reports IP 10.1.1.200 added
5 15:47:52 gintama-taiwan-lb2 Keepalived_vrrp[30619]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 10.1.1.200
可以看到LB2上的Keepalived先进入BACKUP状态,然后又转为MASTER状态,然后接管VIP
这样就说明VRRP组播有问题。
既然VRRP组播有问题,就尝试使用单播发送VRRP报文。修改LB1和LB2的配置
添加以下配置
unicast_src_ip
unicast_peer {
添加以下配置
unicast_src_ip
unicast_peer {
unicast_src_ip 表示发送VRRP单播报文使用的源IP地址
unicast_peer 表示对端接收VRRP单播报文的IP地址
然后各自重新加载keepalived,观察日志
5 16:13:35 gintama-taiwan-lb1 Keepalived_vrrp[2551]: VRRP_Instance(VI_1) setting protocol VIPs.
5 16:13:35 gintama-taiwan-lb1 Keepalived_vrrp[2551]: VRRP_Script(chk_haproxy) considered successful on reload
5 16:13:35 gintama-taiwan-lb1 Keepalived_vrrp[2551]: Configuration is using : 65579 Bytes
5 16:13:35 gintama-taiwan-lb1 Keepalived_vrrp[2551]: Using LinkWatch kernel netlink reflector...
5 16:13:35 gintama-taiwan-lb1 Keepalived_vrrp[2551]: VRRP sockpool: [ifindex(3), proto(112), unicast(1), fd(10,11)]
5 16:13:36 gintama-taiwan-lb1 Keepalived_vrrp[2551]: VRRP_Instance(VI_1) Transition to MASTER STATE
5 16:13:48 gintama-taiwan-lb1 Keepalived_vrrp[2551]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election
5 16:13:48 gintama-taiwan-lb1 Keepalived_vrrp[2551]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 10.1.1.200
5 16:13:48 gintama-taiwan-lb1 Keepalived_vrrp[2551]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election
5 16:13:48 gintama-taiwan-lb1 Keepalived_vrrp[2551]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 10.1.1.200
5 16:13:48 gintama-taiwan-lb2 Keepalived_vrrp[453]: VRRP_Instance(VI_1) Received higher prio advert
5 16:13:48 gintama-taiwan-lb2 Keepalived_vrrp[453]: VRRP_Instance(VI_1) Entering BACKUP STATE
5 16:13:48 gintama-taiwan-lb2 Keepalived_vrrp[453]: VRRP_Instance(VI_1) removing protocol VIPs.
5 16:13:48 gintama-taiwan-lb2 Keepalived_healthcheckers[452]: Netlink reflector reports IP 10.1.1.200 removed
查看VIP绑定情况,发现LB2上的VIP已经移除
在LB1上LB2上执行ping 10.1.1.200这个VIP
[lb1 ~]$ ping -c 5 10.1.1.200
PING 10.1.1.200 (10.1.1.200) 56(84) bytes of data.
64 bytes from 10.1.1.200: icmp_seq=1 ttl=64 time=0.028 ms
64 bytes from 10.1.1.200: icmp_seq=2 ttl=64 time=0.020 ms
64 bytes from 10.1.1.200: icmp_seq=3 ttl=64 time=0.020 ms
64 bytes from 10.1.1.200: icmp_seq=4 ttl=64 time=0.021 ms
64 bytes from 10.1.1.200: icmp_seq=5 ttl=64 time=0.027 ms
--- 10.1.1.200 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.020/0.023/0.028/0.004 ms
[lb2 ~]$ ping -c 5 10.1.1.200
PING 10.1.1.200 (10.1.1.200) 56(84) bytes of data.
--- 10.1.1.200 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 14000ms
当LB1接管VIP的时候LB2居然无法ping通VIP,同样将LB1的Keepalived停掉,LB2可以接管VIP,但是在LB1上无法ping通这个VIP
在LB1和LB2上进行抓包
lb1 ~]$ sudo tcpdump -vvv
-i eth1 host 10.1.1.17
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
16:46:04.827357 IP (tos 0xc0, ttl 255, id 328, offset 0, flags [none], proto VRRP (112), length 40)
10.1.1.12 & 10.1.1.17: VRRPv2, Advertisement, vrid 51, prio 102, authtype simple, intvl 1s, length 20, addrs: 10.1.1.200 auth "1111^@^@^@^@"
16:46:05.827459 IP (tos 0xc0, ttl 255, id 329, offset 0, flags [none], proto VRRP (112), length 40)
10.1.1.12 & 10.1.1.17: VRRPv2, Advertisement, vrid 51, prio 102, authtype simple, intvl 1s, length 20, addrs: 10.1.1.200 auth "1111^@^@^@^@"
16:46:06.828234 IP (tos 0xc0, ttl 255, id 330, offset 0, flags [none], proto VRRP (112), length 40)
10.1.1.12 & 10.1.1.17: VRRPv2, Advertisement, vrid 51, prio 102, authtype simple, intvl 1s, length 20, addrs: 10.1.1.200 auth "1111^@^@^@^@"
16:46:07.828338 IP (tos 0xc0, ttl 255, id 331, offset 0, flags [none], proto VRRP (112), length 40)
10.1.1.12 & 10.1.1.17: VRRPv2, Advertisement, vrid 51, prio 102, authtype simple, intvl 1s, length 20, addrs: 10.1.1.200 auth "1111^@^@^@^@"
lb2 ~]$ sudo tcpdump -vvv -i eth1 host 10.1.1.12
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
16:48:07.000029 IP (tos 0xc0, ttl 255, id 450, offset 0, flags [none], proto VRRP (112), length 40)
10.1.1.12 & 10.1.1.17: VRRPv2, Advertisement, vrid 51, prio 102, authtype simple, intvl 1s, length 20, addrs: 10.1.1.200 auth "1111^@^@^@^@"
16:48:07.999539 IP (tos 0xc0, ttl 255, id 451, offset 0, flags [none], proto VRRP (112), length 40)
10.1.1.12 & 10.1.1.17: VRRPv2, Advertisement, vrid 51, prio 102, authtype simple, intvl 1s, length 20, addrs: 10.1.1.200 auth "1111^@^@^@^@"
16:48:08.999252 IP (tos 0xc0, ttl 255, id 452, offset 0, flags [none], proto VRRP (112), length 40)
10.1.1.12 & 10.1.1.17: VRRPv2, Advertisement, vrid 51, prio 102, authtype simple, intvl 1s, length 20, addrs: 10.1.1.200 auth "1111^@^@^@^@"
16:48:09.999560 IP (tos 0xc0, ttl 255, id 453, offset 0, flags [none], proto VRRP (112), length 40)
10.1.1.12 & 10.1.1.17: VRRPv2, Advertisement, vrid 51, prio 102, authtype simple, intvl 1s, length 20, addrs: 10.1.1.200 auth "1111^@^@^@^@"
在LB1和LB2所在物理机上的其他虚拟机进行VIP ping测试,同样只能是LB1上绑定的VIP只能是LB1所在的物理机上的虚拟机可以ping通,LB2所在的物理机上的虚拟机无法ping通,反之也是一样
有同行建议说VRRP和DHCP也有关系,经过查看对方提供的VM的IP地址居然是DHCP分配的,但是经过测试,VRRP和DHCP没有关系。线上环境最好不要使用DHCP来获取IP地址。
8)请对方技术人员配合检查VIP无法ping通的问题
最终查明对方的内网居然使用的虚拟网络,网关是没有实际作用的。所以部分虚拟机无法通过10.1.1.1这个网关去访问VIP。
让对方虚拟机提供方的技术人员到服务器调试HAProxy+Keepalived,他们通过网络设置使得10.1.1.200这个VIP可以通过内网访问。但是当我测试时,发现当HAProxy挂掉后,Keepalived无法作VIP的切换。
9)解决当HAProxy挂掉后,Keepalived无法对VIP切换的问题。
经过反复测试,发现当Keepalived挂掉后,VIP可以切换。但是当HAProxy挂掉后,VIP无法切换。
仔细检查配置文件和查阅相关资料,最终确定是Keepalived的weight和priority两个参数的大小设置问题。
原来的配置文件中我设置LB1的weight为2,priority为100。LB2的weight为2,priority为99
对方在调试的时候将LB1的priority更改为160.这样反复测试当LB1的HAProxy挂掉后,VIP都无法迁移到LB2上。将LB1上的priority更改为100就可以了。
这里需要注意的是:
主keepalived的priority值与vrrp_script的weight值相减的数字小于备用keepalived的priority 值即可!
vrrp_script 里的script返回值为0时认为检测成功,其它值都会当成检测失败
* weight 为正时,脚本检测成功时此weight会加到priority上,检测失败时不加。
主 priority & 从 priority + weight 时会切换。
主 priority + weight & 从 priority + weight 时,主依然为主
* weight 为负时,脚本检测成功时此weight不影响priority,检测失败时priority - abs(weight)
主 priority - abs(weight) & 从priority 时会切换主从
主 priority & 从priority 主依然为主。
最终的配置文件为:
! Configuration File for keepalived
global_defs {
notification_email {
notification_email_from
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LB1_MASTER
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
#设置外网的VIP
vrrp_instance eth0_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
unicast_src_ip
#使用VRRP的单播
unicast_peer {
virtual_ipaddress {
8.8.8.8/25
brd 8.8.8.255
dev eth0 label eth0:vip
track_script {
chk_haproxy
#设置内网的VIP
vrrp_instance eth1_VIP {
state MASTER
interface eth1
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
unicast_src_ip
unicast_peer {
virtual_ipaddress {
10.1.1.200/24
brd 10.1.1.255
dev eth1 label eth1:vip
track_script {
chk_haproxy
三 排查总结
在配置Keepalived的时候,需要注意以下几点:
A.内核开启IP转发和允许非本地IP绑定功能,如果是使用LVS的DR模式还需设置两个arp相关的参数。
B.如果Keepalived所在网络不允许使用组播,可以使用VRRP单播
C.需要注意主备的weight和priority的值,这两个值如果设置不合理可能会影响VIP的切换。
D.如果使用的配置文件不是默认的配置文件,在启动Keepalived的时候需要使用 -f 参数指定配置文件。
6.3下Haproxy+Keepalived+Apache配置笔记
Haproxy + KeepAlived 实现WEB群集 on CentOS 6
Keepalived+Haproxy配置高可用负载均衡
Haproxy+Keepalived构建高可用负载均衡
CentOS 7 ??配置LVS + Keepalived + ipvsadm
Keepalived高可用集群搭建
Keepalived 的详细介绍:Keepalived 的下载地址:
没有更多推荐了,

我要回帖

更多关于 keepalived 轮询 失败 的文章

 

随机推荐