keepalived两台机器同时出现vip问题

 配置文件：

主：192.168.1.14

! Configuration File for keepalived

global_defs {
  script_user root
  enable_script_security
}

vrrp_script check_nginx {
    script "/etc/keepalived/nginx_check.sh"
    interval 10
}

vrrp_instance VI_1 {
    state BACKUP
    nopreempt
    interface eth0
    virtual_router_id 101
    priority 100
    unicast_src_ip 192.168.1.14
    unicast_peer { 
        192.168.1.15
    }
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass test123
    }
    virtual_ipaddress {
        118.24.101.16/24 dev eth1
    }
    track_interface {
        eth0
    }
    track_script {
        check_nginx
    }
}

keepalived.conf

keepalived.conf

备：192.168.1.15

! Configuration File for keepalived

global_defs {
  script_user root
  enable_script_security
}

vrrp_script check_nginx {
    script "/etc/keepalived/nginx_check.sh"
    interval 10
}

vrrp_instance VI_1 {
    state BACKUP
    nopreempt
    interface eth0
    virtual_router_id 101
    priority 50
    unicast_src_ip 192.168.1.15
    unicast_peer { 
        192.168.1.14
    }
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass test123
    }
    virtual_ipaddress {
        118.24.101.16/24 dev eth1
    }
    track_interface {
        eth0
    }
    track_script {
        check_nginx
    }
}

keepalived.conf

#!/bin/bash
A=`ps -C nginx --no-header |wc -l`
if [ $A -eq 0 ]; then
   systemctl restart nginx.service
    sleep 1
   if [ `ps -C nginx --no-header |wc -l` -eq 0 ]; then
      systemctl restart keepalived.service 
   fi
fi

nginx_check.sh

 

配置说明：

! Configuration File for keepalived
global_defs {
  script_user root
  enable_script_security
}
vrrp_script check_nginx {
    script "/etc/keepalived/nginx_check.sh"
    interval 10
}
vrrp_instance VI_1 {  # 定义一个实例
    state BACKUP     # 指定Keepalived的角色，MASTER表示此主机是主服务器,BACKUP表示此主机是备用服务器，因此设置priority时要注意MASTER比BACKUP高。若是设置了nopreempt,那么state的这个值不起做用，主备靠priority决定。
    nopreempt    # 设置为不抢占 
    interface eth0   #指定监测网络的接口，当LVS接管时，将会把IP地址添加到该网卡上。
    virtual_router_id 101      #虚拟路由标识，同一个vrrp实例使用惟一的标识，同一个vrrp_instance下，MASTER和BACKUP必须一致。
    priority 100       #指定这个实例优先级
    unicast_src_ip 192.168.1.14  # 配置单播的源地址
    unicast_peer { 
        192.168.1.15       #配置单播的目标地址
    }    #keepalived在组播模式下全部的信息都会向224.0.0.18的组播地址发送，产生众多的无用信息，而且会产生干扰和冲突，能够将组播的模式改成单拨。这是一种安全的方法，避免局域网内有大量的keepalived形成虚拟路由id的冲突。
    advert_int 1      #心跳报文发送间隔
    authentication {
        auth_type PASS    #设置验证类型，主要有PASS和AH两种
        auth_pass test123   #设置验证密码，同一个vrrp_instance下，MASTER和BACKUP的密码必须一致才能正常通讯
    }
    virtual_ipaddress {    #设置虚拟IP地址，能够设置多个虚拟IP地址，每行一个
        118.24.101.16/24 dev eth1 
    }
    track_interface {  # 设置额外的监控，里面那个网卡出现问题都会切换
        eth0
    }
    track_script {
        check_nginx
    }
}

 

问题：两台机器上面都有VIP的状况

排查：

1.检查防火墙，发现已是关闭状态。

2. keepalived.conf配置问题。

3.多是上联交换机禁用了arp的广播限制，形成keepalive没法经过广播通讯，两台服务器抢占vip，出现同时都有vip的状况。

   tcpdump -i eth0 vrrp -n   检查发现 14和15都在对224.0.0.18发送消息。可是在正常状况下，备节点若是收到主节点的心跳消息时，优先级高于本身，就不会主动对外发送消息。

 

解决方法，将多播调整为单播而后重启服务：

[root@test-15]# vim /etc/keepalived.conf

    priority 50

    unicast_src_ip  172.19.1.15   #本机ip

    unicast_peer {              

        172.19.1.14      #对端ip

    }

[root@test-14]# vim /etc/keepalived.conf

    priority 100

    unicast_src_ip  172.19.1.14   #本机ip

    unicast_peer {              

        172.19.1.15      #对端ip

    }

配置完成后恢复正常，查看：   tcpdump -i eth0 vrrp -n

16:38:45.085456 IP 192.168.1.14 > 192.168.1.15: VRRPv2, Advertisement, (ttl 254), vrid 101, prio 150, authtype simple, intvl 1s, length 20
16:38:45.097735 IP 192.168.1.125 > 224.0.0.18: VRRPv2, Advertisement, vrid 91, prio 101, authtype simple, intvl 1s, length 20
16:38:45.098797 IP 192.168.1.6 > 224.0.0.18: VRRPv2, Advertisement, vrid 60, prio 102, authtype simple, intvl 1s, length 24
16:38:45.098941 IP 192.168.1.59 > 224.0.0.18: VRRPv2, Advertisement, vrid 127, prio 150, authtype simple, intvl 1s, length 20
16:38:45.104014 IP 192.168.1.110 > 224.0.0.18: VRRPv2, Advertisement, vrid 171, prio 102, authtype simple, intvl 1s, length 20
16:38:46.086591 IP 192.168.1.14 > 192.168.1.15: VRRPv2, Advertisement, (ttl 254), vrid 101, prio 150, authtype simple, intvl 1s, length 20
16:38:46.098630 IP 192.168.1.125 > 224.0.0.18: VRRPv2, Advertisement, vrid 91, prio 101, authtype simple, intvl 1s, length 20
16:38:46.099057 IP 192.168.1.59 > 224.0.0.18: VRRPv2, Advertisement, vrid 127, prio 150, authtype simple, intvl 1s, length 20
16:38:46.104108 IP 192.168.1.110 > 224.0.0.18: VRRPv2, Advertisement, vrid 171, prio 102, authtype simple, intvl 1s, length 20
16:38:47.087652 IP 192.168.1.14 > 192.168.1.15: VRRPv2, Advertisement, (ttl 254), vrid 101, prio 150, authtype simple, intvl 1s, length 20