keepalived vip removed with dhcp renewal【原创】

最近发现公司云平台服务器的vip有丢失的现象，查看keepalived日志

Jun   :: lb1 dhclient: DHCPREQUEST of 10.0.0.2 on eth0 to 10.0.0.3 port  (xid=0x6deab016)
Jun   :: lb1 dhclient: DHCPNAK from 10.0.0.3 (xid=0x6deab016)
Jun   :: lb1 dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port  interval  (xid=0x37e1db6a)
Jun   :: lb1 dhclient: DHCPREQUEST of 10.0.0.2 on eth0 to 255.255.255.255 port  (xid=0x37e1db6a)
Jun   :: lb1 dhclient: DHCPOFFER of 10.0.0.2 from 10.0.0.3
Jun   :: lb1 dhclient: DHCPACK of 10.0.0.2 from 10.0.0.3
Jun   :: lb1 dhclient: bound to 10.0.0.2 -- renewal in  seconds.
Jun   :: lb1 ntpd[]: Deleting interface # eth0, 10.0.255.254#, interface stats: received=, sent=, dropped=, active_time= secs
Jun   :: lb1 ntpd[]: peers refreshed

发现是云平台DHCP刷新直接把vip删掉，但是由于俩台机器的keepalived vrrp_script监控应用服务都是正常的，所以主备关系没有改变，如果没有特意加ping vip的策略，会导致keepalived没有发现此问题。

解决方法：

1、如果应平台的服务器可以改成固定IP，可以将网卡改为固定IP，这样就不会使用DHCP了

cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=10.0.0.2
NETMASK=255.255.255.0
GATEWAY=10.0.0.1

2、如果不可以更改网卡IP，就在keepalived配置文件中增加dont_track_primary参数

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    dont_track_primary
    virtual_router_id
    priority
    advert_int
    nopreempt
    authentication {
        auth_type PASS
        auth_pass
    }
    virtual_ipaddress {
        10.0.0.17
    }
}

dont track primary：忽略VRRP的interface错误

如果有两块网卡，可以搭配track interface使用

track interface：跟踪接口，设置额外的监控，里面任意一块网卡出现问题，都会进入故障(FAULT)状态，例如，用nginx做均衡器的时候，内网必须正常工作，如果内网出问题了，这个均衡器也就无法运作了，所以必须对内外网同时做健康检查

vrrp_instance http {
state MASTER
interface eth0
dont_track_primary
track_interface {
eth0
eth1
}

官方原文

# Ignore VRRP interface faults (default unset)
           dont_track_primary

           # optional, monitor these as well.
           # go to FAULT state if any of these go down if unweighted.
           # When a weight is specified in track_interface, instead of setting the vrrp
           # instance to the FAULT state in case of failure, its priority will be
           # increased by the weight when the interface is up (for positive weights),
           # or decreased by the weight's absolute value when the interface is down
           # (for negative weights). The weight must be comprised between - and +
           # inclusive.  is the default behaviour which means that a failure implies a
           # FAULT state. The common practice is to use positive weights to count a
           # limited number of good services so that the server with the highest count
           # becomes master. Negative weights are better to count unexpected failures
           # among a high number of interfaces, as it will not saturate even with high
           # number of interfaces.
           track_interface {
               eth0
               eth1
               eth2 weight <-..>
                ...
           }

           # add a tracking script to the interface
           # (<SCRIPT_NAME> is the name of the vrrp_track_script entry)
           # The same principle as track_interface can be applied to track_script entries,
           # except that an unspecified weight means that the default weight declared in
           # the script will be used (which itself defaults to ).

参考

https://serverfault.com/questions/601670/keepalived-vip-removed-with-dhcp-renewal

https://www.keepalived.org/manpage.html