Skip to content

Instantly share code, notes, and snippets.

@faasie

faasie/debian-keepalived.md

Forked from scyto/debian-keepalived.md
Created April 21, 2023 00:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save faasie/f59ebcc0b84b59eab8b5aea96c0943cd to your computer and use it in GitHub Desktop.
Save faasie/f59ebcc0b84b59eab8b5aea96c0943cd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
debian-keepalived.md

Using keepalived for node ingress and dns relaibility

This assumes you have installed a docker swarm

Introduction

When one has a docker swarm a container running on any node in the swarm can be accesed using any IP address of any swarm memeber.

For example if you had a single web server running on port 80, on one node of a swarm you could access the web server with any of the following IP addresses:

  • server1-ip:80
  • server2-ip:80
  • serverN-ip:80

Because you want to get to the app even if one swarm node is down typically folks use roud robin DNS to try each of the IP in sequence, this has the disadvantage of failed requests if the node fails. This gist show how i chose to implement a sigle IP and DNS name to improve reachability and consistency

Install keepalve on all nodes

run the following on each docker node

sudo apt-get install keepalived

create the keepalived.conf file on the first node

sudo nano /etc/keepalived/keepalived.conf

paste in the following

		! Configuration File for keepalived
		
		global_defs {
		   notification_email {
		     sysadmin@mydomain.com
		     support@mydomain.com
		   }
		   notification_email_from lb1@mydomain.com
		   smtp_server localhost
		   smtp_connect_timeout 30
		}
		
		vrrp_instance VI_1 {
		    state MASTER
		    interface eth0
		    virtual_router_id 10
		    priority 100
		    advert_int 1
		    authentication {
		        auth_type PASS
		        auth_pass 1111
		    }
		    virtual_ipaddress {
		        192.168.1.45/24
		    }
}

Note you may want to:

  • remove the global_defs section if you dont have SMTP configured on your host
  • change the PASS to your prefered password
  • change the IP to the IP you want
  • if you followed the rest of my gists you shouldnt have to change ETH0

Once you have created the file save and exit

Then start the service

sudo systemctl start keepalived 
sudo systemctl enable  keepalived

create keepalived.conf all other nodes

sudo nano /etc/keepalived/keepalived.conf

paste in the following

		! Configuration File for keepalived
		
		global_defs {
		   notification_email {
		     sysadmin@mydomain.com
		     support@mydomain.com
		   }
		   notification_email_from lbN@mydomain.com
		   smtp_server localhost
		   smtp_connect_timeout 30
		}
		
		vrrp_instance VI_1 {
		    state MASTER
		    interface eth0
		    virtual_router_id 10
		    priority 50
		    advert_int 1
		    authentication {
		        auth_type PASS
		        auth_pass 1111
		    }
		    virtual_ipaddress {
		        192.168.1.45/24
		    }
}
  • change the N in the SMTP alias to match your node number (e.g. on second node set to 2, third node set to 3)
  • note the priority is different to the first note
  • earlier notes apply to these too

Once you have created the file save and exit

Then start the service

sudo systemctl start keepalived 
sudo systemctl enable  keepalived

Add a local DNS entry to your internal DNS server

for example

swarm.mydomain.com A 192.168.1.45

use this name when you want to address any container in the swarm

Testing

if you want a simple test ping the vip (e.g. 192.168.1.45) and see what happens when you shutdown each of the nodes!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment