我在 Oracle Linux 8 上使用 keepalived 时遇到问题。VIP 被分配给两个节点,并且两个节点都处于 MASTER 模式。
我的keepalived配置是:
节点 1 cat /etc/keepalived/keepalived.conf
global_defs {
vrrp_priority -20
checker_priority -19
script_user root
}
vrrp_script chk_haproxy {
script "/usr/bin/killall -0 haproxy" # check the haproxy process
interval 2 # every 2 seconds
weight 2 # add 2 points if OK
timeout 3
fall 3
}
vrrp_instance VI_1 {
interface ens192 # interface to monitor
state BACKUP # MASTER on haproxy1, BACKUP on haproxy2
nopreempt
virtual_router_id 52
priority 101 # 101 on haproxy1, 100 on haproxy2
virtual_ipaddress {
VIP_adcat /vardress # virtual ip address
}
track_script {
chk_haproxy
}
}
节点 2 cat /etc/keepalived/keepalived.conf
global_defs {
vrrp_priority -20
checker_priority -19
script_user root
}
vrrp_script chk_haproxy {
script "/usr/bin/killall -0 haproxy" # check the haproxy process
interval 2 # every 2 seconds
weight 2 # add 2 points if OK
timeout 3
fall 3
}
vrrp_instance VI_1 {
interface ens192 # interface to monitor
state BACKUP # MASTER on haproxy1, BACKUP on haproxy2
nopreempt
virtual_router_id 52
priority 100 # 101 on haproxy1, 100 on haproxy2
virtual_ipaddress {
VIP_adress # virtual ip address
}
track_script {
chk_haproxy
}
}
我已向防火墙添加了规则:
防火墙命令——list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources: here are ip addreses of both nodes
services: cockpit dhcpv6-client ssh
ports: 3306/tcp 3305/tcp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" destination address="224.1.0.0/16" accept
rule family="ipv4" destination address="224.0.0.18" protocol value="ip" accept
rule protocol value="vrrp" accept
当我禁用防火墙时,一切正常并且正常工作,但启动防火墙后,我得到了具有 VIP 的两个节点。
在日志中我可以找到日志:Keepalived_vrrp[1077307]: (VI_1) 接收广告超时
有任何想法吗?
答案1
如果当防火墙关闭时它可以工作,但是当防火墙启动时它不工作,那么这就是防火墙的问题。
您能通过 tcpdump 检查一下吗?
但是,keepalived 和防火墙的相同问题也出现在以下示例中:https://stackoverflow.com/questions/12908701/keepalived-works-well-without-iptables
您是否已测试过如何解决这些问题?