Keepalived用于配置虚拟IP时的调测方法

Keepalived ## 4.1 土办法检测: ssh登录VIP后通过域名等检测当前是哪台机器

不多说了。

4.2 arping

在第三台机器上执行 arping 命令，查看VIP目前绑定到了哪个MAC地址上，再将MAC地址与两台主机的IP地址相对比。（执行 arping 命令的机器必须在该VIP的广播范围内，否则是无法查到的。并且不能在keepalived这两台机器上查询——其实是不能在VIP MASTER上查询，而在VIP BACKUP上是可以的，只是得先弄清楚哪台是BACKUP。）

root@SZX1000085521:~# arping 10.93.172.42                                 
ARPING 10.93.172.42                                                       
60 bytes from 28:6e:d4:89:86:b5 (10.93.172.42): index=0 time=1.001 sec    
60 bytes from 28:6e:d4:89:86:b5 (10.93.172.42): index=1 time=511.242 msec 
60 bytes from 28:6e:d4:89:86:b5 (10.93.172.42): index=2 time=940.422 msec 
60 bytes from 28:6e:d4:89:86:b5 (10.93.172.42): index=3 time=1.001 sec

4.3 syslog

keepalived会采用syslog来记录日志。对于较老的系统，对应的日志文件是 /var/log/messages , 而 Ubuntu 14.04 上这个文件是 /var/log/syslog 。

tail -f /var/log/syslog
Feb 21 04:06:15 lb0 Keepalived_vrrp: Netlink reflector reports IP 202.54.1.1 added
Feb 21 04:06:20 lb0 Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 202.54.1.1

这里面的信息不多，只有关键的事件信息。如果要了解详细的信息，需要用 keepalived -D 启动服务（对于Debian/Ubuntu而言，是在 /etc/default/keepalived 里面修改配置；对于 CentOS 则是修改/etc/sysconfig/keepalived ），或者用后面的 tcpdump 方法来调试。

参考: CentOS / Redhat Linux: Install Keepalived To Provide IP Failover For Web Cluster

示例

本VM开始是 BACKUP 状态（该VM上priority配置得比较低）

  May 10 10:43:17 SZX1000054493 Keepalived_vrrp[111942]: VRRP_Instance(VI_1) Entering BACKUP STATE
  May 10 10:43:17 SZX1000054493 Keepalived_vrrp[111942]: VRRP_Instance(VI_1) removing protocol VIPs.
  May 10 10:43:17 SZX1000054493 Keepalived_healthcheckers[111941]: Netlink reflector reports IP 10.93.144.58 removed

在MASTER VM上执行 /etc/init.d/keepalived stop 之后，本VM进入 MASTER 状态

  May 10 15:54:16 SZX1000054493 Keepalived_vrrp[111942]: VRRP_Instance(VI_1) Transition to MASTER STATE
  May 10 15:54:17 SZX1000054493 Keepalived_vrrp[111942]: VRRP_Instance(VI_1) Entering MASTER STATE
  May 10 15:54:17 SZX1000054493 Keepalived_vrrp[111942]: VRRP_Instance(VI_1) setting protocol VIPs.
  May 10 15:54:17 SZX1000054493 Keepalived_healthcheckers[111941]: Netlink reflector reports IP 10.93.144.58 added
  May 10 15:54:17 SZX1000054493 Keepalived_vrrp[111942]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.93.144.58
  May 10 15:54:22 SZX1000054493 Keepalived_vrrp[111942]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.93.144.58

在MASTER VM上重新执行 /etc/init.d/keepalived start 之后，由于未设置 nopreempt 选项，该VM重新获得 MASTER 地位，本VM进入 BACKUP 状态

  May 10 15:55:36 SZX1000054493 Keepalived_vrrp[111942]: VRRP_Instance(VI_1) Received higher prio advert
  May 10 15:55:36 SZX1000054493 Keepalived_vrrp[111942]: VRRP_Instance(VI_1) Entering BACKUP STATE
  May 10 15:55:36 SZX1000054493 Keepalived_vrrp[111942]: VRRP_Instance(VI_1) removing protocol VIPs.
  May 10 15:55:36 SZX1000054493 Keepalived_healthcheckers[111941]: Netlink reflector reports IP 10.93.144.58 removed

4.4 tcpdump

在安装keepalived的这两台机器上执行下面的命令，观察VRRP协议相关报文的输出

tcpdump -v -i eth1 host 224.0.0.18
#or: tcpdump -vvv -n -i eth0 host 224.0.0.18

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:54:01.743275 IP (tos 0x0, ttl 255, id 451, offset 0, flags [none], proto: VRRP (112), length: 96) 10.10.28.5 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 103, authtype simple, intvl 1s, length 76, addrs(15): 123.12.15.2,123.12.15.3[|vrrp]
16:54:02.744241 IP (tos 0x0, ttl 255, id 452, offset 0, flags [none], proto: VRRP (112), length: 96) 10.10.28.5 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 103, authtype simple, intvl 1s, length 76, addrs(15): 123.12.15.2,123.12.15.3[|vrrp]

我这边的输出实例:

    189-124-161-57.cable.cabotelecom.com.br > vrrp.mcast.net: vrrp 189-124-161-57.cable.cabotelecom.com.br > vrrp.mcast.net: 
VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20, addrs: 189-124-160-100.cable.cabotelecom.com.br auth "1234^@^@^@^@"
    189-124-160-136.cable.cabotelecom.com.br > vrrp.mcast.net: vrrp 189-124-160-136.cable.cabotelecom.com.br > vrrp.mcast.net:
VRRPv2, Advertisement, vrid 50, prio 102, authtype simple, intvl 1s, length 20, addrs: 189-124-160-100.cable.cabotelecom.com.br auth "1234^@^@^@^@"

可以看出，189.124.161.57 和 189.124.160.136 都在申明虚拟IP 189.124.160.100 的所有权，但vrid没有配置成一样，所以会两个都抢，需要将vrid改成一样才能工作。

在安装keepalived的这两台机器上执行下面的命令（其中一个），然后在其它机器上通过VIP访问服务（比如ssh, http），并行观察tcpdump的输出，看请求发到了哪端。

参考: Verify: Keepalived IP Failover Working Or Not With tcpdump Command