现象VIP不漂移
排查方法:日志+google
grep Keepalived /var/log/syslog|tail -n 12发现问题:
脚本执行权限 (与centos系列有差别,这里需要指定用户)
严格设置故障优先级,否者keepalived比较优先级可能导致vip漂移失败
max_auto_priority 配置选项可以提高 Keepalived 的性能。max_auto_priority 选项可以设置 VRRP 实例的最大自动优先级。 测试了没啥改变,,资料较少,配置上减少告警
优先级的改变:master的priority + weight的值,backup不变
当检测脚本检测到异常,通知权限变化
优先级的改变:master的priority + weight的值 ----> master预设priority ,backup的priority+weight的值
如果,backup的priority+weight的值 < master预设priority, VIP 不会漂移
cat install_keepalived_haproxy.yml
---
- hosts: ha-keep
become: true
tasks:
- name: Install required packages
apt:
name: "{{ item }}"
state: present
update_cache: yes
loop:
- keepalived
- haproxy
- name: Configure HAProxy
copy:
dest: /etc/haproxy/haproxy.cfg
content: |
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
option tcplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend kubernetes
bind *:6443
mode tcp
default_backend kubernetes-backend
backend kubernetes-backend
mode tcp
balance roundrobin
server kube-apiserver-1 v141.k8s.in:6443 check
server kube-apiserver-2 v142.k8s.in:6443 check
server kube-apiserver-3 v143.k8s.in:6443 check
notify:
- restart haproxy
- name: Configure keepalived
template:
src: templates/keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
notify:
- restart keepalived
handlers:
- name: restart haproxy
systemd:
name: haproxy
state: restarted
- name: restart keepalived
systemd:
name: keepalived
state: restarted
root@ansible:~/ansible# cat templates/keepalived.conf.j2
global_defs {
max_auto_priority 10
notification_email {
Hao.Ding@163.com
}
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
enable_script_security
}
vrrp_script chk_haproxy {
user root
script "/usr/bin/killall -0 haproxy"
interval 2
weight 6
}
vrrp_instance VI_1 {
state {{ 'MASTER' if ansible_host == '192.168.122.149' else 'BACKUP' }}
priority 90
interface eth0
virtual_router_id 60
advert_int 1
{% if ansible_host == '192.168.122.149' %}
{% else %}
priority 85
{% endif %}
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip {{ ansible_host }}
unicast_peer {
{% if ansible_host == '192.168.122.149' %}
192.168.122.148
{% else %}
192.168.122.149
{% endif %}
}
virtual_ipaddress {
192.168.122.9/24
}
track_script {
chk_haproxy
}
}