论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2013-05-28 08:22 |只看该作者 |倒序浏览

配置完keepalived之后，启动后从日志里看总是把两个real server rmove掉了，好像是ssl报错，求大神帮忙。

以下是keepalived.conf 配置

[root@centos1 ~]# more /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
   zhaojianbosuper@163.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}

vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
      auth_type PASS
      auth_pass zhaojianbo
}
virtual_ipaddress {
      192.168.80.100
}
}

virtual_server 192.168.80.100 80{
delay_loop 6
lb_algo rr
lb_kind DR
natmask 255.255.255.0
persistence_timeout 50
protocol TCP

real_server 192.168.80.13 80{
      weight 3
      SSL_GET {
         url {
            path /
            digest ff20ad2481f97b1754ef3e12ecd3a9cc
         }
         url {
            path /mrtg/
            digest 9b3a0c85a887a256d6939da88aabd8cd
         }
         connect_timeout 3
         nb_get_retry 3
         delay_before_retry 3
      }
}
real_server 192.168.80.14 80{
      weight 3
      SSL_GET {
         url {
            path /
            digest ff20ad2481f97b1754ef3e12ecd3a9cc
         }
         url {
            path /mrtg/
            digest 9b3a0c85a887a256d6939da88aabd8cd
         }
         connect_timeout 3
         nb_get_retry 3
         delay_before_retry 3
      }
}
}

以下是ipvsadm -Ln结果，没有把real server加进去
[root@centos1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress

ort Scheduler Flags
-> RemoteAddress

ort Forward Weight ActiveConn InActConn
TCP 192.168.80.100:80 rr persistent 50

以下是message 日志，注意红色部分好像跟ssl有关系
May 26 02:56:01 centos1 Keepalived_healthcheckers[2950]: Opening file '/etc/keepalived/keepalived.conf'.
May 26 02:56:01 centos1 Keepalived_healthcheckers[2950]: Configuration is using : 20544 Bytes
May 26 02:56:01 centos1 Keepalived_healthcheckers[2950]: Using LinkWatch kernel netlink reflector...
May 26 02:56:01 centos1 Keepalived_healthcheckers[2950]: Activating healthchecker for service [192.168.80.13]:80
May 26 02:56:01 centos1 Keepalived_healthcheckers[2950]: Activating healthchecker for service [192.168.80.14]:80
May 26 02:56:01 centos1 Keepalived_vrrp[2951]: VRRP sockpool: [ifindex(2), proto(112), fd(11,12)]
May 26 02:56:02 centos1 Keepalived_healthcheckers[2950]: SSL handshake/communication error connecting to server (openssl errno: 1) [192.168.80.14]:80.
May 26 02:56:02 centos1 Keepalived_healthcheckers[2950]: Removing service [192.168.80.14]:80 from VS [192.168.80.100]:80
May 26 02:56:02 centos1 Keepalived_healthcheckers[2950]: Remote SMTP server [127.0.0.1]:25 connected.
May 26 02:56:02 centos1 Keepalived_healthcheckers[2950]: SSL handshake/communication error connecting to server (openssl errno: 1) [192.168.80.13]:80.
May 26 02:56:02 centos1 Keepalived_healthcheckers[2950]: Removing service [192.168.80.13]:80 from VS [192.168.80.100]:80
May 26 02:56:02 centos1 Keepalived_healthcheckers[2950]: Lost quorum 1-0=1 > 0 for VS [192.168.80.100]:80
May 26 02:56:02 centos1 Keepalived_healthcheckers[2950]: Remote SMTP server [127.0.0.1]:25 connected.

以下是ssh登录，有报警但是可以正常登录
[root@centos1 ~]# ssh 192.168.80.13
Address 192.168.80.13 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!root@192.168.80.13's password: