当keepalived启动时未找到配置文件或遇到SELinux权限问题,可能导致VIP无法正常工作。解决方法包括:将配置文件复制到指定路径,并处理SELinux的权限限制,例如通过`semanage port`命令添加端口类型或启用相应的布尔值。
[FAILED]
keepalived在启动的时候默认是读取/etc/keepalived/keepalived.conf下的配置文件,当我们的配置文件不在这里时。我们就要复制一份配置文件过来过来
解决方法:cp keepalived-1.4.4/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
2、keepalived+nginx架构:nginx宕机后VIP还在,查看keepalived错误日志发现,但是selinux机制是关闭的:
SELinux is preventing /usr/sbin/keepalived from name_connect access on the tcp_socket port 63781. For complete SELinux messages run: sealert -l e1ae27e5-04c5-42d2-a015-aa5580237c22
Jul 6 15:10:34 localhost python: SELinux is preventing /usr/sbin/keepalived from name_connect access on the tcp_socket port 63781.#012#012***** Plugin connect_ports (92.2 confidence) suggests *********************#012#012If you want to allow /usr/sbin/keepalived to connect to network port 63781#012Then you need to modify the port type.#012Do#012# semanage port -a -t PORT_TYPE -p tcp 63781#012 where PORT_TYPE is one of the following: agentx_port_t, connlcli_port_t, dns_port_t, dnssec_port_t, http_port_t, kerberos_port_t, mysqld_port_t, ocsp_port_t, smtp_port_t, snmp_port_t, squid_port_t.#012#012***** Plugin catchall_boolean (7.83 confidence) suggests ******************#012#012If you want to allow nis to enabled#012Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.#012You can read 'None' man page for more details.#012Do#012setsebool -P nis_enabled 1#012#012***** Plugin catchall (1.41 confidence) suggests **************************#012#012If you believe that keepalived should be allowed name_connect access on the port 63781 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'keepalived' --raw | audit2allow -M my-keepalived#012# semodule -i my-keepalived.pp#012
错误原因:
解决方法:
扫一扫
1201
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
