最近,有遇到过一次比较尴尬的情况,特此记录一下。
有两台同一个网段的虚拟机,上面分别安装源码包的keepaliaved用了跟数据库做负载均衡,两台机器的防火墙都关闭了,selinux的配置也设置成了disabled。
但是,同一网段内,外部服务器无法连通vip,具体的配置如下。
master机器的keepalived配置
cat keepalived.conf
global_defs {
notification_email {
123@139.com
}
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NodeA
}
vrrp_script chk {
script "/apps/sh/check.sh"
interval 2
weight -2
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 182
priority 100
advert_int 1
smtp alert
track_interface {
eth1
}
track_script {
chk
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.2 dev eth1 label eth1:1
}
notify_fault "/apps/sh/keepalived.sh stop"
}
backup机器的keepalived配置
cat keepalived.conf
global_defs {
notification_email {
123@139.com
}
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NodeB
}
vrrp_script chk {
script "/apps/sh/check.sh"
interval 2
weight -2
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 182
priority 99
advert_int 1
smtp alert
track_interface {
eth1
}
track_script {
chk
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.2 dev eth1 label eth1:1 }
notify_fault
"/apps/sh/keepalived.sh stop" }
}
启动keepalived的命令都是
/apps/svr/keepalived/sbin/keepalived -D -S 1 -P -f /apps/conf/keepalived/keepalived.conf -p /apps/run/keepalived/keepalived.pid -r \ /apps/run/keepalivekeepalived_vrrp.pid
目前的状态是 192.168.1.0的网断的除了keepalived的master机以外,其它的服务器都不能ping通 vip 192.168.1.2,但是192.168.1..0网段内的其它机器是互通的,检查配置没有发现问题,没有第三方防火墙存在。
最终有人告知,是因为虚拟机是属于openstack下面的机器,所以需要物理机上面讲vip的mac地址跟实ip的mac地址设置一样才可以正常访问。
具体如何操作就不知道了,但是归根结底不是keepalived本身的问题。