keepalived | conntrackd | fuck-martinez
tested on slackware current (oct 2021)
slackpkg install sysvinit-functions ls -lF /etc/rc.d/init.d/functions ls -lF /sbin/consoletype slackpkg install iptables libnftnl libpcap dbus-1 slackpkg install nftables jansson
sbopkg -i keepalived cat /etc/default/keepalived # no change required
we need a dedicated user for the check and notify scripts to run
grep ^keepalive /etc/group grep ^keepalive /etc/passwd groupadd --system keepalive useradd --system -s /bin/bash -g keepalive -d /var/tmp --no-create-home keepalive # -s /sbin/nologin
we’re being brutal as we want to keep the same configuration around the cluster. for that, we’re defining BACKUP as the initial state of the instance on all nodes, and with the lowest priority.
mv -i /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.dist vi /etc/keepalived/keepalived.conf global_defs { max_auto_priority -1 notification_email { root@localhost } notification_email_from keepalive@DOMAIN.TLD checker_log_all_failures default_interface xenbr0 enable_script_security script_user keepalive keepalive } vrrp_instance VRRP1 { state BACKUP interface xenbr0 virtual_router_id 51 priority 1 advert_int 1 virtual_ipaddress { 10.0.0.209/24 } # default route remains anyhow #virtual_routes { # 0.0.0.0/0 via x.x.x.x dev xenbr0 #} notify "/var/tmp/notify.bash" }
for the second and third use-cases we need to identify the nodes
#sbopkg -i thttpd wget https://lab.nethence.com/slackpkgs/2021-10/thttpd-2.29-x86_64-1_SBo.tgz installpkg --terse thttpd-2.29-x86_64-1_SBo.tgz echo '<p>hello this is node1' > /var/www/thttpd/index.html echo '<p>hello this is node2' > /var/www/thttpd/index.html echo '<p>hello this is node3' > /var/www/thttpd/index.html
we’re enabling the check script only and we should avoid being contra-productive here, the restriction needs to be as light as possible, as with pidof
.
vrrp_script checkacme { script "/sbin/pidof thttpd" #weight 50 interval 1 fall 2 rise 1 } vrrp_instance ACME { state BACKUP interface xenbr0 virtual_router_id 51 priority 1 advert_int 1 virtual_ipaddress { 10.0.0.209/24 } track_script { checkacme } notify "/var/tmp/notify.bash" }
see postfix-relay-ha
check the configuration and populate across the cluster
slack1
keepalived -t scp /etc/keepalived/keepalived.conf slack2:/etc/keepalived/ scp /etc/keepalived/keepalived.conf slack3:/etc/keepalived/ dsh -e -g xen /etc/rc.d/rc.keepalived reload
start
ls -lF /etc/rc.d/rc.keepalived # already enabled /etc/rc.d/rc.keepalived start
and enable at boot-time
vi /etc/rc.d/rc.local # self-verbose sysctl -w net.ipv4.ip_nonlocal_bind=1 /etc/rc.d/rc.keepalived start
status
pgrep -a keepalived ps auxfw | grep keepalived
reload
/etc/rc.d/rc.keepalived reload
restart (donno why restart
itself doesn’t work)
/etc/rc.d/rc.keepalived stop /etc/rc.d/rc.keepalived start
we use the overall notify script only to check about the various states, and prefer to use specific notify_state definitions instead.
vi /var/tmp/notify.bash #!/bin/bash echo `date` -- $HOSTNAME received $@ >> /var/tmp/keepalive.log chmod +x /var/tmp/notify.bash
14.2 > Network > keepalived (2.2.2) https://slackbuilds.org/repository/14.2/network/keepalived/
keepalived.conf - configuration file for Keepalived https://www.keepalived.org/manpage.html
keepalived.conf - configuration file for Keepalived https://fossies.org/linux/keepalived/doc/man/man5/keepalived.conf.5
16.5 Installing and Configuring Keepalived https://docs.oracle.com/cd/E37670_01/E41138/html/section_ksr_psb_nr.html
16.5.1 About the Keepalived Configuration File https://docs.oracle.com/cd/E37670_01/E41138/html/section_wv3_hjn_pr.html
16.6 Configuring Simple Virtual IP Address Failover Using Keepalived https://docs.oracle.com/cd/E37670_01/E41138/html/section_uxg_lzh_nr.html
16.10 Making HAProxy Highly Available Using Keepalived https://docs.oracle.com/cd/E37670_01/E41138/html/section_sm3_svy_4r.html
Nginx and Keepalived https://warlord0blog.wordpress.com/2018/05/15/nginx-and-keepalived/
Keepalived and high availability: Advanced topics https://www.redhat.com/sysadmin/advanced-keepalived
Deploying Highly Available Virtual Interfaces With Keepalived https://prefetch.net/articles/linuxkeepalivedvrrp.html
Keepalived and Virtual IP: The friends are not always helping! https://www.linkedin.com/pulse/keepalived-virtual-ip-friends-always-helping-angelo-giannattasio/
Setting up a Linux cluster with Keepalived: Basic configuration https://www.redhat.com/sysadmin/keepalived-basics
View Current State of Keepalived https://serverfault.com/questions/560024/view-current-state-of-keepalived
16.11 About Keepalived Notification and Tracking Scripts https://docs.oracle.com/cd/E37670_01/E41138/html/section_hxz_zdw_pr.html
Keepalived Check and Notify Scripts https://tobru.ch/keepalived-check-and-notify-scripts/
Keepalived check and notify scripts https://wenchma.github.io/2017/04/19/keepalived-check-and-notify-scripts.html
Nginx and Keepalived https://warlord0blog.wordpress.com/2018/05/15/nginx-and-keepalived/
High Availability Support for NGINX Plus in On-Premises Deployments | NGINX Plus
High Availability Support for NGINX Plus in On-Premises Deployments https://docs.nginx.com/nginx/admin-guide/high-availability/ha-keepalived/
Active-Passive HA for NGINX Plus on AWS Using Elastic IP Addresses https://docs.nginx.com/nginx/deployment-guides/amazon-web-services/high-availability-keepalived/
aws-ha-elastic-ip/nginx-ha-notify https://github.com/nginxinc/aws-ha-elastic-ip/blob/master/nginx-ha-notify
Split-brain split brain problem (Keepalived) https://titanwolf.org/Network/Articles/Article?AID=abc85391-3972-4f2f-8a1a-a4817b4174ea
How to set up Keepalived for High Availability and Load Balancing https://www.marksei.com/howto-keepalived-high-availability-load-balancing/
Keepalived’s virtual_router_id - should it be unique per node? https://serverfault.com/questions/473058/keepaliveds-virtual-router-id-should-it-be-unique-per-node
keepalived: create keepalived_script system user/group #224 https://github.com/hap-wi/roxy-wi/issues/224
Adoption https://wiki.nftables.org/wiki-nftables/index.php/Adoption
nftables support #924 https://github.com/acassen/keepalived/issues/924
Re: nftable rule for VRRP traffic https://www.spinics.net/lists/netfilter/msg59869.html