keepalived系列-自启动配置无效
文章目录
- keepalived系列-自启动配置无效
- 1. keepalived自启动配置
- 2. keepalived自启动失效原因1
keepalived系列-自启动配置无效
1. keepalived自启动配置
sudo systemctl enable keepalived
sudo systemctl daemon-reload
2. keepalived自启动失效原因1
- 查看日志
journalctl -u keepalived
- 异常日志如下
3月 12 10:18:57 localhost.localdomain systemd[1]: Starting LVS and VRRP High Availability Monitor...
3月 12 10:18:57 localhost.localdomain Keepalived[1287]: Starting Keepalived v2.0.20 (01/22,2020)
3月 12 10:18:57 localhost.localdomain Keepalived[1287]: Running on Linux 3.10.0-1160.an7.x86_64 #1 SMP Thu Oct 14 16:04:36 CST 2021 (built for Linux 3.10.0)
3月 12 10:18:57 localhost.localdomain Keepalived[1287]: Command line: '/usr/local/keepalived/sbin/keepalived' '-D'
3月 12 10:18:57 localhost.localdomain Keepalived[1287]: Opening file '/etc/keepalived/keepalived.conf'.
3月 12 10:18:57 localhost.localdomain Keepalived[1291]: Starting VRRP child process, pid=1292
3月 12 10:18:57 localhost.localdomain Keepalived_vrrp[1292]: Registering Kernel netlink reflector
3月 12 10:18:57 localhost.localdomain Keepalived_vrrp[1292]: Registering Kernel netlink command channel
3月 12 10:18:57 localhost.localdomain Keepalived_vrrp[1292]: Opening file '/etc/keepalived/keepalived.conf'.
3月 12 10:18:57 localhost.localdomain Keepalived_vrrp[1292]: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
3月 12 10:18:57 localhost.localdomain Keepalived_vrrp[1292]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.
3月 12 10:18:57 localhost.localdomain Keepalived_vrrp[1292]: Assigned address 10.10.102.19 for interface ens192
3月 12 10:18:57 localhost.localdomain Keepalived_vrrp[1292]: Assigned address fe80::6486:4af:586d:63ec for interface ens192
3月 12 10:18:57 localhost.localdomain Keepalived_vrrp[1292]: Registering gratuitous ARP shared channel
3月 12 10:18:57 localhost.localdomain Keepalived_vrrp[1292]: (VI_1) removing VIPs.
3月 12 10:18:57 localhost.localdomain Keepalived_vrrp[1292]: (VI_2) removing VIPs.
3月 12 10:18:57 localhost.localdomain Keepalived_vrrp[1292]: (VI_1) Entering BACKUP STATE (init)
3月 12 10:18:57 localhost.localdomain Keepalived_vrrp[1292]: (VI_2) Entering BACKUP STATE (init)
3月 12 10:18:57 localhost.localdomain Keepalived_vrrp[1292]: VRRP sockpool: [ifindex(2), family(IPv4), proto(112), unicast(0), fd(11,12)]
3月 12 10:18:57 localhost.localdomain systemd[1]: Started LVS and VRRP High Availability Monitor.
3月 12 10:18:58 localhost.localdomain systemd[1]: Stopping LVS and VRRP High Availability Monitor...
3月 12 10:18:58 localhost.localdomain Keepalived[1291]: Stopping
3月 12 10:18:59 localhost.localdomain Keepalived_vrrp[1292]: Stopped - used 0.000000 user time, 0.001586 system time
3月 12 10:18:59 localhost.localdomain systemd[1]: Stopped LVS and VRRP High Availability Monitor.
- 其中关键两句日志
# 缺少'keepalived_script'用户,导致脚本执行失败,服务无法正常运行,从而被终止。
1. WARNING - default user 'keepalived_script' for script execution does not exist - please create.
# 没有在配置中启用script_security选项,触发安全机制,服务自动停止。
2. SECURITY VIOLATION - scripts are being executed but script_security not enabled.
-
解决如下:
- 步骤1:
# 手动创建用户keepalived_script useradd -M -s /sbin/nologin keepalived_script # 验证:检查用户是否创建成功 id keepalived_script # 具有可执行权限 chmod +x /etc/keepalived/check_nginx.sh # 属于keepalived_script用户 chown keepalived_script:keepalived_script /etc/keepalived/check_nginx.sh- 步骤2:启用script_security配置,在keepalived.conf的global_defs段中启用脚本安全选项
global_defs { script_user keepalived_script # 指定脚本执行用户 enable_script_security # 允许执行脚本 }