High-Availability

沒有流量通過 openstack 浮動 IP 和起搏器/corosync 到達

  • December 29, 2018

我正在遵循https://fuga.cloud/academy/tutorials/ha-vip-with-corosync-on-openstack/中的步驟。

我錯過了為什麼進入外部浮動 IP 的流量沒有正確到達綁定到相關網路埠的機器上的原因。

下面的程式碼將創建:

  • 3 台具有外部 ips 的 LB 機器(curl port80 顯示 nginx 響應)
  • 3 個額外的網路埠,用於內部故障轉移 IP 10.0.0.20{1,2,3}
  • 3 個額外的外部 IP 綁定到這些網路埠(curl port80 超時)

在內部 ping/curl 10.0.0.20{1,2,3} ips 工作得很好。但是,如果我嘗試通過外部 IP 訪問它 - 超時。此外:tcpdump 顯示沒有流量到達機器上。

負載均衡器網路埠和機器創建:

變數:子網 10.0.0.0/24 ,vip =

$$ 201,202,203 $$, lb_count = 3 個安全組:全域允許 80 埠

resource "opentelekomcloud_networking_port_v2" "port_lb" {
 depends_on     = ["opentelekomcloud_networking_router_interface_v2.router_interface_1"]
 count          = "${var.lb_count}"
 name           = "${var.environment}-${var.name}-port-lb-${format("%02d", count.index+1)}"
 network_id     = "${opentelekomcloud_networking_network_v2.network_lb.id}"
 admin_state_up = "true"

 security_group_ids = ["${opentelekomcloud_compute_secgroup_v2.secgroup_lb.id}"]

 # all 3 IPs need to be allowed on each port. They are rotating on failover.
 allowed_address_pairs {      
   ip_address = "${cidrhost(var.lb_subnet, element(var.vips, 0))}"
 }
 allowed_address_pairs {      
   ip_address = "${cidrhost(var.lb_subnet, element(var.vips, 1))}"
 }
 allowed_address_pairs {      
   ip_address = "${cidrhost(var.lb_subnet, element(var.vips, 2))}"
 } 
}   

resource "opentelekomcloud_networking_floatingip_v2" "ip_lb" {
 depends_on  = ["opentelekomcloud_networking_port_v2.port_lb"]
 count       = "${var.lb_count}" 
 pool        = "admin_external_net"
 port_id     = "${element(opentelekomcloud_networking_port_v2.port_lb.*.id, count.index)}"
}   

resource "opentelekomcloud_compute_instance_v2" "lb" {
 depends_on        = ["opentelekomcloud_networking_floatingip_v2.ip_lb", "opentelekomcloud_networking_port_v2.port_lb"]

 count             = "${var.lb_count}"             
 name              = "${var.environment}-${var.name}-lb-${format("%02d", count.index+1)}"
 key_pair          = "${var.keypair_name}"         
 availability_zone = "${element(var.azs, count.index)}"

 flavor_name       = "${var.lb_flavour_name}"
 block_device {               
   uuid                  = "${var.lb_image_id}"          
   source_type           = "image" 
   volume_size           = "${var.lb_disk_size_gb}"      
   boot_index            = 0  
   destination_type      = "volume"
   delete_on_termination = true
 }

 network {
   port = "${element(opentelekomcloud_networking_port_v2.port_lb.*.id, count.index)}"
 }
}

網路埠 - 10.0.0.20{1,2,3} 的虛擬 ip

resource "opentelekomcloud_networking_port_v2" "port_vip" {
 count          = "${var.lb_count}"
 name           = "${var.environment}-${var.name}-port-vip-${format("%02d", count.index+1)}"
 network_id     = "${opentelekomcloud_networking_network_v2.network_lb.id}"
 admin_state_up = "true"      

 security_group_ids = ["${opentelekomcloud_compute_secgroup_v2.secgroup_lb.id}"]

 fixed_ip = [ { 
   subnet_id = "${opentelekomcloud_networking_subnet_v2.subnet_lb.id}"
   ip_address = "${cidrhost(var.lb_subnet, element(var.vips, count.index))}"
  }]
} 

resource "opentelekomcloud_networking_floatingip_v2" "vip_ip" {
 count    = "${var.lb_count}" 
 pool     = "admin_external_net" 
 port_id  = "${element(opentelekomcloud_networking_port_v2.port_vip.*.id, count.index)}"
} 

埠的 Openstack 輸出:

root@dev-test-lb-01:~# openstack port list
+--------------------------------------+----------------------+-------------------+---------------------------------------------------------------------------+--------+
| ID                                   | Name                 | MAC Address       | Fixed IP Addresses                                                        | Status |
+--------------------------------------+----------------------+-------------------+---------------------------------------------------------------------------+--------+
| 053532a8-903f-463c-99ac-2aec93660993 | dev-test-port-vip-03 | fa:16:3e:ec:e1:56 | ip_address='10.0.0.203', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | DOWN   |
| 0ac8bfc2-781d-4d28-83e2-0005a5652fa4 | dev-test-port-lb-01  | fa:16:3e:57:6f:4e | ip_address='10.0.0.97', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244'  | ACTIVE |
| 0bc734b3-e6ff-4903-bd7c-f5e01d6278c9 | dev-test-port-lb-02  | fa:16:3e:35:2d:fd | ip_address='10.0.0.65', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244'  | ACTIVE |
| 2028f949-d8ad-4e72-bd7f-5911f3324c17 |                      | fa:16:3e:45:25:d3 | ip_address='10.0.0.179', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | ACTIVE |
| 3f41f038-8693-4fbc-8fd2-e5fb9e156262 |                      | fa:16:3e:22:60:43 | ip_address='10.0.0.254', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | DOWN   |
| 416e82f0-78f2-4ab4-8742-8827c1c7c787 |                      | fa:16:3e:b0:e2:ac | ip_address='10.0.0.151', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | ACTIVE |
| a3f8aaf6-5861-4849-a9cc-3047e069738b | dev-test-port-vip-01 | fa:16:3e:fd:9f:a2 | ip_address='10.0.0.201', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | DOWN   |
| cdc339a9-ec0a-41d5-ab3a-da7cb5fea848 |                      | fa:16:3e:11:b3:c3 | ip_address='10.0.0.1', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244'   | DOWN   |
| e41086f2-1164-4711-b4c0-e9e927fab956 | dev-test-port-vip-02 | fa:16:3e:2f:32:8b | ip_address='10.0.0.202', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | DOWN   |
| e8e087be-ec43-4c6e-909f-be0288a544ea |                      | fa:16:3e:ad:4b:be | ip_address='10.0.0.187', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | ACTIVE |
| f65c1e26-7e53-4c4a-9fb9-f8d657b6742b |                      | fa:16:3e:e8:3b:4b | ip_address='10.0.0.40', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244'  | ACTIVE |
| ff74621b-55a8-4cf1-852d-b340687348a3 | dev-test-port-lb-03  | fa:16:3e:ab:74:6e | ip_address='10.0.0.112', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | ACTIVE |
+--------------------------------------+----------------------+-------------------+---------------------------------------------------------------------------+--------+

浮動 ips 的 Openstack 輸出

root@dev-test-lb-01:~# openstack floating ip list
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
| ID                                   | Floating IP Address | Fixed IP Address | Port                                 | Floating Network                     | Project                          |
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
| 083b21f0-1603-4a30-8f2c-8f0300843640 | 80.158.34.243       | 10.0.0.179       | 2028f949-d8ad-4e72-bd7f-5911f3324c17 | 0a2228f2-7f8a-45f1-8e09-9039e1d09975 | 2d2df22319544c04a9f2fe3d6c9fa949 |
| 17af78fb-ef37-4175-8bf0-0f65f862ffbd | 80.158.32.83        | 10.0.0.97        | 0ac8bfc2-781d-4d28-83e2-0005a5652fa4 | 0a2228f2-7f8a-45f1-8e09-9039e1d09975 | 2d2df22319544c04a9f2fe3d6c9fa949 |
| 3d044a5b-a85d-40bb-939e-a365a6b32d34 | 80.158.47.178       | 10.0.0.203       | 053532a8-903f-463c-99ac-2aec93660993 | 0a2228f2-7f8a-45f1-8e09-9039e1d09975 | 2d2df22319544c04a9f2fe3d6c9fa949 |
| 43186ec8-603a-4f8a-8442-07c15dedc3d5 | 80.158.47.12        | 10.0.0.65        | 0bc734b3-e6ff-4903-bd7c-f5e01d6278c9 | 0a2228f2-7f8a-45f1-8e09-9039e1d09975 | 2d2df22319544c04a9f2fe3d6c9fa949 |
| 4700b406-ee3a-4f51-8e0e-a76c882a960f | 80.158.39.53        | 10.0.0.201       | a3f8aaf6-5861-4849-a9cc-3047e069738b | 0a2228f2-7f8a-45f1-8e09-9039e1d09975 | 2d2df22319544c04a9f2fe3d6c9fa949 |
| 55f5850c-2100-400d-b2b0-7d9695a5bead | 80.158.35.7         | 10.0.0.202       | e41086f2-1164-4711-b4c0-e9e927fab956 | 0a2228f2-7f8a-45f1-8e09-9039e1d09975 | 2d2df22319544c04a9f2fe3d6c9fa949 |
| c0b6b56c-7c9d-4087-87e3-54f7ea0af1ba | 80.158.43.231       | 10.0.0.112       | ff74621b-55a8-4cf1-852d-b340687348a3 | 0a2228f2-7f8a-45f1-8e09-9039e1d09975 | 2d2df22319544c04a9f2fe3d6c9fa949 |
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+

失去的部分是:

  • device_owner 必須在 port_vip 上設置:neutron:VIP_PORT
  • port_vip 資源還必須具有 allowed_address_pairs 塊(每個負載均衡器 3 個;我將 fixed_ips 添加到上述 port_lb 資源,我將它們列入 port_vip 的白名單)

希望這可以幫助某人

引用自:https://serverfault.com/questions/946774