真的是搞了很久 结果一问人才知道真的是neutron的问题
当然前提是设置unicast 而不是默认设置
先贴出来后面再更新图片
[root@haproxy1 ~]# cat /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 10.0.0.121
unicast_peer {
10.0.0.122
}
==== haproxy2
[root@haproxy2 ~]# cat /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state SLAVE
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 10.0.0.122
unicast_peer {
10.0.0.121
}
virtual_ipaddress {
10.0.0.200/24 brd 10.0.0.255 dev eth0 label eth0:vip
}
}
[root@haproxy2 ~]#
测试arp
# tcpdump -i eth0 vrrp -n
可以显示VIP 但是就是无法ping通vip 10.0.0.200
问题出在openstack中的
ALLOWED-ADDRESS-PAIRS
Allowed-address-pairs allow you to specify mac_address/ip_address (CIDR) pairs that pass through a port regardless of subnet. This enables the use of protocols such as VRRP, which floats an IP address between two instances to enable fast data plane failover.
haproxy1
| 59f73969-0126-4e87-b829-9ece9d905541 | | fa:16:3e:d8:70:a2 | {"subnet_id": "36350ca0-2734-44ca-9167-7713ff9925e2", "ip_address": "10.0.0.121"}
haproxy2
| 7b49f386-e908-42ac-89ef-dc9d977b37e5 | | fa:16:3e:4e:55:8b | {"subnet_id": "36350ca0-2734-44ca-9167-7713ff9925e2", "ip_address": "10.0.0.122"}
set vip = 200
ubuntu@p01-neutron-a1-e1c7g7:~$ neutron port-update 7b49f386-e908-42ac-89ef-dc9d977b37e5 --allowed-address-pairs type=dict list=true ip_address=10.0.0.200
Updated port: 7b49f386-e908-42ac-89ef-dc9d977b37e5
ubuntu@p01-neutron-a1-e1c7g7:~$
然后就好了。。还真是无语