Keepalived ========== Keepalived static pod is deployed in the controllers using unicast over srvc0 interface. The virtual ip is constructed using Hex(FabricId) + Hex(virt) + MAC (last 3 octets). .. image:: _static/keepalived.png :align: center :alt: Keepalived Prerequisites ------------- Get the code and build the image -------------------------------- .. note:: Update etc/keepalived.conf .. code-block:: sh git clone https://gitlab.stroila.ca/ocp/keepalived.git cd keepalived make build Configuration ------------- The configuration of the keepalived daemon is recorded in /etc/keepalived/keepalived.conf. The configuration blocks in the file control notification settings, the VIPs to manage, and the health checks to use to test the services that rely on VIPs. * Each node in the HA setup needs its own copy of the configuration file, with values for the priority, unicast_src_ip, and unicast_peer directives that are appropriate to the node’s role (primary or backup). * The priority directive controls which host becomes the primary. * The notify directive names the notification script included in the distribution, which can be used to generate syslog messages (or other notifications) when a state transition or fault occurs. * The value for the virtual_router_id directive in the vrrp_instance VI_1 block is necessary to be unique in your environment. * If you have multiple pairs of keepalived instances (or other VRRP instances) running in your local network, create a vrrp_instance block for each one, with a unique name and virtual_router_id number. Keepailved config template: .. literalinclude:: config/keepalived.conf :linenos: :language: text Example of an Active-Active-Active configuration using FabricId=666 **Node 1** .. literalinclude:: config/keepalived-1.conf :linenos: :language: text **Node 2** .. literalinclude:: config/keepalived-2.conf :linenos: :language: text **Node 3** .. literalinclude:: config/keepalived-3.conf :linenos: :language: text Deployment ---------- On each participating node set nonlocal bind to 1, which allows processes to bind() to non-local IPv6 addresses, which is needed by vrrp. .. code-block:: sh sysctl -w net.ipv4.ip_nonlocal_bind=1 sysctl -w net.ipv6.ip_nonlocal_bind=1 Copy the `keepalived manifest file `_ in /etc/kubernetes/manifests on each participating node. .. literalinclude:: config/keepalived.yaml :linenos: :language: text **Node 1** .. code-block:: text srvc0: flags=4163 mtu 9000 inet6 fd02:9a01::90b1:1c26:6aa2 prefixlen 64 scopeid 0x0 inet6 fd02:9a01::1 prefixlen 64 scopeid 0x0 inet6 fe80::c4b6:57ff:fe33:3017 prefixlen 64 scopeid 0x20 ether c6:b6:57:33:30:17 txqueuelen 1000 (Ethernet) RX packets 103589 bytes 8143914 (7.7 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 105139 bytes 12430874 (11.8 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 **Node 2** .. code-block:: text srvc0: flags=4163 mtu 9000 inet6 fe80::a4ee:baff:fea2:d780 prefixlen 64 scopeid 0x20 inet6 fd02:9a01::549f:3509:8eac prefixlen 64 scopeid 0x0 inet6 fd02:9a01::2 prefixlen 64 scopeid 0x0 ether a6:ee:ba:a2:d7:80 txqueuelen 1000 (Ethernet) RX packets 106466 bytes 8755192 (8.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 109836 bytes 12536384 (11.9 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 **Node 3** .. code-block:: text srvc0: flags=4163 mtu 9000 inet6 fd02:9a01::3 prefixlen 64 scopeid 0x0 inet6 fd02:9a01::1866:dae6:4674 prefixlen 64 scopeid 0x0 inet6 fe80::14ed:bff:fecd:51de prefixlen 64 scopeid 0x20 ether 16:ed:0b:cd:51:de txqueuelen 1000 (Ethernet) RX packets 189387 bytes 22707506 (21.6 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 181485 bytes 14359254 (13.6 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Reference --------- * `Keepalived Man `_