High-Availability
沒有流量通過 openstack 浮動 IP 和起搏器/corosync 到達
我正在遵循https://fuga.cloud/academy/tutorials/ha-vip-with-corosync-on-openstack/中的步驟。
我錯過了為什麼進入外部浮動 IP 的流量沒有正確到達綁定到相關網路埠的機器上的原因。
下面的程式碼將創建:
- 3 台具有外部 ips 的 LB 機器(curl port80 顯示 nginx 響應)
- 3 個額外的網路埠,用於內部故障轉移 IP 10.0.0.20{1,2,3}
- 3 個額外的外部 IP 綁定到這些網路埠(curl port80 超時)
在內部 ping/curl 10.0.0.20{1,2,3} ips 工作得很好。但是,如果我嘗試通過外部 IP 訪問它 - 超時。此外:tcpdump 顯示沒有流量到達機器上。
負載均衡器網路埠和機器創建:
變數:子網 10.0.0.0/24 ,vip =
$$ 201,202,203 $$, lb_count = 3 個安全組:全域允許 80 埠
resource "opentelekomcloud_networking_port_v2" "port_lb" { depends_on = ["opentelekomcloud_networking_router_interface_v2.router_interface_1"] count = "${var.lb_count}" name = "${var.environment}-${var.name}-port-lb-${format("%02d", count.index+1)}" network_id = "${opentelekomcloud_networking_network_v2.network_lb.id}" admin_state_up = "true" security_group_ids = ["${opentelekomcloud_compute_secgroup_v2.secgroup_lb.id}"] # all 3 IPs need to be allowed on each port. They are rotating on failover. allowed_address_pairs { ip_address = "${cidrhost(var.lb_subnet, element(var.vips, 0))}" } allowed_address_pairs { ip_address = "${cidrhost(var.lb_subnet, element(var.vips, 1))}" } allowed_address_pairs { ip_address = "${cidrhost(var.lb_subnet, element(var.vips, 2))}" } } resource "opentelekomcloud_networking_floatingip_v2" "ip_lb" { depends_on = ["opentelekomcloud_networking_port_v2.port_lb"] count = "${var.lb_count}" pool = "admin_external_net" port_id = "${element(opentelekomcloud_networking_port_v2.port_lb.*.id, count.index)}" } resource "opentelekomcloud_compute_instance_v2" "lb" { depends_on = ["opentelekomcloud_networking_floatingip_v2.ip_lb", "opentelekomcloud_networking_port_v2.port_lb"] count = "${var.lb_count}" name = "${var.environment}-${var.name}-lb-${format("%02d", count.index+1)}" key_pair = "${var.keypair_name}" availability_zone = "${element(var.azs, count.index)}" flavor_name = "${var.lb_flavour_name}" block_device { uuid = "${var.lb_image_id}" source_type = "image" volume_size = "${var.lb_disk_size_gb}" boot_index = 0 destination_type = "volume" delete_on_termination = true } network { port = "${element(opentelekomcloud_networking_port_v2.port_lb.*.id, count.index)}" } }網路埠 - 10.0.0.20{1,2,3} 的虛擬 ip
resource "opentelekomcloud_networking_port_v2" "port_vip" { count = "${var.lb_count}" name = "${var.environment}-${var.name}-port-vip-${format("%02d", count.index+1)}" network_id = "${opentelekomcloud_networking_network_v2.network_lb.id}" admin_state_up = "true" security_group_ids = ["${opentelekomcloud_compute_secgroup_v2.secgroup_lb.id}"] fixed_ip = [ { subnet_id = "${opentelekomcloud_networking_subnet_v2.subnet_lb.id}" ip_address = "${cidrhost(var.lb_subnet, element(var.vips, count.index))}" }] } resource "opentelekomcloud_networking_floatingip_v2" "vip_ip" { count = "${var.lb_count}" pool = "admin_external_net" port_id = "${element(opentelekomcloud_networking_port_v2.port_vip.*.id, count.index)}" }埠的 Openstack 輸出:
root@dev-test-lb-01:~# openstack port list +--------------------------------------+----------------------+-------------------+---------------------------------------------------------------------------+--------+ | ID | Name | MAC Address | Fixed IP Addresses | Status | +--------------------------------------+----------------------+-------------------+---------------------------------------------------------------------------+--------+ | 053532a8-903f-463c-99ac-2aec93660993 | dev-test-port-vip-03 | fa:16:3e:ec:e1:56 | ip_address='10.0.0.203', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | DOWN | | 0ac8bfc2-781d-4d28-83e2-0005a5652fa4 | dev-test-port-lb-01 | fa:16:3e:57:6f:4e | ip_address='10.0.0.97', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | ACTIVE | | 0bc734b3-e6ff-4903-bd7c-f5e01d6278c9 | dev-test-port-lb-02 | fa:16:3e:35:2d:fd | ip_address='10.0.0.65', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | ACTIVE | | 2028f949-d8ad-4e72-bd7f-5911f3324c17 | | fa:16:3e:45:25:d3 | ip_address='10.0.0.179', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | ACTIVE | | 3f41f038-8693-4fbc-8fd2-e5fb9e156262 | | fa:16:3e:22:60:43 | ip_address='10.0.0.254', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | DOWN | | 416e82f0-78f2-4ab4-8742-8827c1c7c787 | | fa:16:3e:b0:e2:ac | ip_address='10.0.0.151', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | ACTIVE | | a3f8aaf6-5861-4849-a9cc-3047e069738b | dev-test-port-vip-01 | fa:16:3e:fd:9f:a2 | ip_address='10.0.0.201', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | DOWN | | cdc339a9-ec0a-41d5-ab3a-da7cb5fea848 | | fa:16:3e:11:b3:c3 | ip_address='10.0.0.1', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | DOWN | | e41086f2-1164-4711-b4c0-e9e927fab956 | dev-test-port-vip-02 | fa:16:3e:2f:32:8b | ip_address='10.0.0.202', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | DOWN | | e8e087be-ec43-4c6e-909f-be0288a544ea | | fa:16:3e:ad:4b:be | ip_address='10.0.0.187', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | ACTIVE | | f65c1e26-7e53-4c4a-9fb9-f8d657b6742b | | fa:16:3e:e8:3b:4b | ip_address='10.0.0.40', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | ACTIVE | | ff74621b-55a8-4cf1-852d-b340687348a3 | dev-test-port-lb-03 | fa:16:3e:ab:74:6e | ip_address='10.0.0.112', subnet_id='761956cc-43e9-4748-a13a-c2523b6ab244' | ACTIVE | +--------------------------------------+----------------------+-------------------+---------------------------------------------------------------------------+--------+浮動 ips 的 Openstack 輸出
root@dev-test-lb-01:~# openstack floating ip list +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+ | ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project | +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+ | 083b21f0-1603-4a30-8f2c-8f0300843640 | 80.158.34.243 | 10.0.0.179 | 2028f949-d8ad-4e72-bd7f-5911f3324c17 | 0a2228f2-7f8a-45f1-8e09-9039e1d09975 | 2d2df22319544c04a9f2fe3d6c9fa949 | | 17af78fb-ef37-4175-8bf0-0f65f862ffbd | 80.158.32.83 | 10.0.0.97 | 0ac8bfc2-781d-4d28-83e2-0005a5652fa4 | 0a2228f2-7f8a-45f1-8e09-9039e1d09975 | 2d2df22319544c04a9f2fe3d6c9fa949 | | 3d044a5b-a85d-40bb-939e-a365a6b32d34 | 80.158.47.178 | 10.0.0.203 | 053532a8-903f-463c-99ac-2aec93660993 | 0a2228f2-7f8a-45f1-8e09-9039e1d09975 | 2d2df22319544c04a9f2fe3d6c9fa949 | | 43186ec8-603a-4f8a-8442-07c15dedc3d5 | 80.158.47.12 | 10.0.0.65 | 0bc734b3-e6ff-4903-bd7c-f5e01d6278c9 | 0a2228f2-7f8a-45f1-8e09-9039e1d09975 | 2d2df22319544c04a9f2fe3d6c9fa949 | | 4700b406-ee3a-4f51-8e0e-a76c882a960f | 80.158.39.53 | 10.0.0.201 | a3f8aaf6-5861-4849-a9cc-3047e069738b | 0a2228f2-7f8a-45f1-8e09-9039e1d09975 | 2d2df22319544c04a9f2fe3d6c9fa949 | | 55f5850c-2100-400d-b2b0-7d9695a5bead | 80.158.35.7 | 10.0.0.202 | e41086f2-1164-4711-b4c0-e9e927fab956 | 0a2228f2-7f8a-45f1-8e09-9039e1d09975 | 2d2df22319544c04a9f2fe3d6c9fa949 | | c0b6b56c-7c9d-4087-87e3-54f7ea0af1ba | 80.158.43.231 | 10.0.0.112 | ff74621b-55a8-4cf1-852d-b340687348a3 | 0a2228f2-7f8a-45f1-8e09-9039e1d09975 | 2d2df22319544c04a9f2fe3d6c9fa949 | +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
失去的部分是:
- device_owner 必須在 port_vip 上設置:neutron:VIP_PORT
- port_vip 資源還必須具有 allowed_address_pairs 塊(每個負載均衡器 3 個;我將 fixed_ips 添加到上述 port_lb 資源,我將它們列入 port_vip 的白名單)
希望這可以幫助某人