使用 keepalived 的多主情况

tag-icon tag-icon keepalived
使用 keepalived 的多主情况

我在三台机器上部署了keepalived,但VIP都出现在所有三个节点上,这是我的keepalived配置。

// 192.168.1.55
global_defs {
   router_id LVS_DEVEL
}

vrrp_script check_node_status {
  script "/etc/keepalived/check_node_status.sh"
  interval 3
  weight -5
  fall 2
  rise 10
}

vrrp_instance VI_1 {
    state MASTER
    interface ens192
    virtual_router_id 51
    priority 103
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.1.50
   }
   track_script {
        check_node_status
   }
}

// 192.168.1.58
global_defs {
   router_id LVS_DEVEL
}

vrrp_script check_node_status {
  script "/etc/keepalived/check_node_status.sh"
  interval 3
  weight -5
  fall 5
  rise 10
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens192
    virtual_router_id 51
    priority 102
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.1.50
    }
    track_script {
        check_node_status
    }
}

第三个节点的配置与第二个节点相同,只是优先级为 101。

检查节点状态.sh:

#!/bin/bash

VIRTUAL_IP="192.168.1.50"
CURRENT_HOSTNAME=$(hostname)


STATUS=$(/usr/bin/kubectl get node | grep $CURRENT_HOSTNAME | awk '{print $2}')

#LOG_FILE="/var/log/keeplived/my_script.log"
#echo "$(date):  $CURRENT_HOSTNAME status:$STATUS  , whoami: $(whoami)" >> "$LOG_FILE"

if [[ "$STATUS" = "NotReady" ]] ; then
    exit 1
fi

VRRP 消息在所有三个节点上发送,所有消息都具有相同的内容

# tcpdump -i ens192 -n vrrp
16:26:08.205093 IP 192.168.1.58 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 102, authtype simple, intvl 1s, length 20
16:26:08.370469 IP 192.168.1.52 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 101, authtype simple, intvl 1s, length 20
16:26:08.432093 IP 192.168.1.55 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 103, authtype simple, intvl 1s, length 20
16:26:09.206240 IP 192.168.1.58 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 102, authtype simple, intvl 1s, length 20
16:26:09.370725 IP 192.168.1.52 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 101, authtype simple, intvl 1s, length 20
16:26:09.432958 IP 192.168.1.55 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 103, authtype simple, intvl 1s, length 20

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
KUBE-IPVS-FILTER  all  --  anywhere             anywhere 
KUBE-PROXY-FIREWALL  all  --  anywhere             anywhere
KUBE-NODE-PORT  all  --  anywhere             anywhere 
KUBE-FIREWALL  all  --  anywhere             anywhere
ACCEPT     udp  --  localhost            anywhere             udp dpt:domain
DROP       udp  -- !kylin-worker02       anywhere             udp dpt:domain
ACCEPT     all  --  anywhere             vrrp.mcast.net

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
KUBE-PROXY-FIREWALL  all  --  anywhere             anywhere  
KUBE-FORWARD  all  --  anywhere             anywhere
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ANTREA-FORWARD  all  --  anywhere             anywhere  

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
KUBE-FIREWALL  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             vrrp.mcast.net

这是主人的日志。

4月 10 15:54:10 kylin-worker01 Keepalived_vrrp[5318]: Registering Kernel netlink command channel
4月 10 15:54:10 kylin-worker01 Keepalived_vrrp[5318]: Registering gratuitous ARP shared channel
4月 10 15:54:10 kylin-worker01 Keepalived_vrrp[5318]: Unable to load ipset library
4月 10 15:54:10 kylin-worker01 Keepalived_vrrp[5318]: Unable to initialise ipsets
4月 10 15:54:10 kylin-worker01 Keepalived_vrrp[5318]: Opening file '/etc/keepalived/keepalived.conf'.
4月 10 15:54:10 kylin-worker01 Keepalived_vrrp[5318]: Using LinkWatch kernel netlink reflector...
4月 10 15:54:10 kylin-worker01 Keepalived_healthcheckers[5317]: Using LinkWatch kernel netlink reflector...
4月 10 15:54:10 kylin-worker01 Keepalived_vrrp[5318]: VRRP_Script(check_node_status) succeeded
4月 10 15:54:11 kylin-worker01 Keepalived_vrrp[5318]: VRRP_Instance(VI_1) Transition to MASTER STATE
4月 10 15:54:12 kylin-worker01 Keepalived_vrrp[5318]: VRRP_Instance(VI_1) Entering MASTER STATE

这是 buckup 的日志。

4月 10 15:54:17 kylin58 Keepalived_vrrp[44251]: Registering gratuitous ARP shared channel
4月 10 15:54:17 kylin58 Keepalived_vrrp[44251]: Unable to load ipset library
4月 10 15:54:17 kylin58 Keepalived_vrrp[44251]: Unable to initialise ipsets
4月 10 15:54:17 kylin58 Keepalived_vrrp[44251]: Opening file '/etc/keepalived/keepalived.conf'.
4月 10 15:54:17 kylin58 Keepalived_vrrp[44251]: Using LinkWatch kernel netlink reflector...
4月 10 15:54:17 kylin58 Keepalived_vrrp[44251]: VRRP_Instance(VI_1) Entering BACKUP STATE
4月 10 15:54:17 kylin58 Keepalived_healthcheckers[44250]: Using LinkWatch kernel netlink reflector...
4月 10 15:54:17 kylin58 Keepalived_vrrp[44251]: VRRP_Script(check_node_status) succeeded
4月 10 15:54:20 kylin58 Keepalived_vrrp[44251]: VRRP_Instance(VI_1) Transition to MASTER STATE
4月 10 15:54:21 kylin58 Keepalived_vrrp[44251]: VRRP_Instance(VI_1) Entering MASTER STATE

我尝试过在没有 kubernetes 的虚拟机上部署,或者使用单播对等体,一切都很好。我怀疑我的 kubernetes 或插件的某些配置导致 keepalived 有多个主控,但我不知道哪里出了问题。

期待您的帮助。

相关内容