Dockerized keepalived to ease HA in deployments with multiple hosts. Provides failover for Virtual IPs (VIP) to be always online even if a host fails. Initially aimed to help Rancher HA deployments
License: MIT License
I get the following issue when I try and build the docker container from the Dockerfile.
Step 2 : RUN echo "http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && apk --update -t add keepalived iproute2 grep bash tcpdump sed && rm -f /var/cache/apk/* /tmp/*
---> Running in b588e66b2363
fetch http://dl-cdn.alpinelinux.org/alpine/v3.4/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.4/community/x86_64/APKINDEX.tar.gz
fetch http://nl.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
ERROR: unsatisfiable constraints:
so:libcrypto.so.38 (missing):
required by:
keepalived-common-1.2.23-r2[so:libcrypto.so.38]
keepalived-1.2.23-r2[so:libcrypto.so.38]
so:libssl.so.39 (missing):
required by:
keepalived-common-1.2.23-r2[so:libssl.so.39]
keepalived-1.2.23-r2[so:libssl.so.39]
add-0:
masked in: cache
satisfies: world[add]
The command '/bin/sh -c echo "http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && apk --update -t add keepalived iproute2 grep bash tcpdump sed && rm -f /var/cache/apk/* /tmp/*' returned a non-zero code: 5
I've done pretty much everything as documented, and the container seems to start correctly (at start i see the proper config), but the container crashes with the following error(s):
10-7-2017 22:05:31Starting Keepalived in the background...
10-7-2017 22:05:31Starting Keepalived v1.2.24 (04/19,2017)
10-7-2017 22:05:31Keepalived[31]: Starting Keepalived v1.2.24 (04/19,2017)
10-7-2017 22:05:31Opening file '/etc/keepalived/keepalived.conf'.
10-7-2017 22:05:31Keepalived[31]: Opening file '/etc/keepalived/keepalived.conf'.
10-7-2017 22:05:31daemon is already running
10-7-2017 22:05:31Keepalived[31]: daemon is already running
10-7-2017 22:05:31/usr/bin/keepalived.sh: line 93: wait: pid 21 is not a child of this shell
10-7-2017 22:05:31pid 33 exited with status 256
10-7-2017 22:05:31Keepalived_vrrp[21]: pid 33 exited with status 256
10-7-2017 22:05:32pid 37 exited with status 256
10-7-2017 22:05:32Keepalived_vrrp[21]: pid 37 exited with status 256
10-7-2017 22:05:32VRRP_Instance(lb-vips) Now in FAULT state
10-7-2017 22:05:32Keepalived_vrrp[21]: VRRP_Instance(lb-vips) Now in FAULT state
10-7-2017 22:05:33pid 41 exited with status 256
10-7-2017 22:05:33Keepalived_vrrp[21]: pid 41 exited with status 256
10-7-2017 22:05:34pid 45 exited with status 256
10-7-2017 22:05:34Keepalived_vrrp[21]: pid 45 exited with status 256
10-7-2017 22:05:35pid 49 exited with status 256
10-7-2017 22:05:35Keepalived_vrrp[21]: pid 49 exited with status 256
10-7-2017 22:05:36pid 53 exited with status 256
10-7-2017 22:05:36Keepalived_vrrp[21]: pid 53 exited with status 256
The configuration:
version: '2'
services:
keepalived:
cap_add:
- NET_ADMIN
- NET_BROADCAST
image: 192.168.1.3:5000/docker-keepalived
environment:
CHECK_IP: any
CHECK_PORT: '80'
INTERFACE: ens192
VIRTUAL_IP: 10.0.24.50
VIRTUAL_MASK: '24'
VRID: '150'
stdin_open: true
network_mode: host
tty: true
labels:
io.rancher.scheduler.global: 'true'
loadbalancer:
image: rancher/lb-service-haproxy:v0.7.5
ports:
- 0.0.0.0:80:80/tcp
labels:
io.rancher.container.agent.role: environmentAdmin
io.rancher.container.create_agent: 'true'
io.rancher.scheduler.global: 'true'
Any idea?
I can't figure out why, but keepalived keeps crashing and restarting. I went through and configured everything. I even have all of my ports open.
Hey guys,
I've just updated my rancher server to the latest version (v1.2.1) on a CoreOS host (stable 1185.5.0) and now my keepalived container does not seem to be working.
Maybe this has something to do with Rancher's new network service?
Here's the container logs:
12/20/2016 9:57:43 PM Name = vethbba019de
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: Name = vethbba019de
12/20/2016 9:57:43 PM index = 20
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: index = 20
12/20/2016 9:57:43 PM IPv4 address = 0.0.0.0
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: IPv4 address = 0.0.0.0
12/20/2016 9:57:43 PM IPv6 address = fe80::e8db:b8ff:fee2:57b6
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: IPv6 address = fe80::e8db:b8ff:fee2:57b6
12/20/2016 9:57:43 PM MAC = ea:db:b8:e2:57:b6
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: MAC = ea:db:b8:e2:57:b6
12/20/2016 9:57:43 PM is UP
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: is UP
12/20/2016 9:57:43 PM is RUNNING
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: is RUNNING
12/20/2016 9:57:43 PM MTU = 1500
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: MTU = 1500
12/20/2016 9:57:43 PM HW Type = ETHERNET
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: HW Type = ETHERNET
12/20/2016 9:57:43 PM Enabling NIC ioctl refresh polling
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: Enabling NIC ioctl refresh polling
12/20/2016 9:57:43 PM------< NIC >------
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: ------< NIC >------
12/20/2016 9:57:43 PM Name = vethc273286f
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: Name = vethc273286f
12/20/2016 9:57:43 PM index = 21
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: index = 21
12/20/2016 9:57:43 PM IPv4 address = 0.0.0.0
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: IPv4 address = 0.0.0.0
12/20/2016 9:57:43 PM IPv6 address = fe80::1827:9dff:fe00:81a4
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: IPv6 address = fe80::1827:9dff:fe00:81a4
12/20/2016 9:57:43 PM MAC = 1a:27:9d:00:81:a4
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: MAC = 1a:27:9d:00:81:a4
12/20/2016 9:57:43 PM is UP
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: is UP
12/20/2016 9:57:43 PM is RUNNING
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: is RUNNING
12/20/2016 9:57:43 PM MTU = 1500
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: MTU = 1500
12/20/2016 9:57:43 PM HW Type = ETHERNET
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: HW Type = ETHERNET
12/20/2016 9:57:43 PM Enabling NIC ioctl refresh polling
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: Enabling NIC ioctl refresh polling
12/20/2016 9:57:43 PMUsing LinkWatch kernel netlink reflector...
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: Using LinkWatch kernel netlink reflector...
12/20/2016 9:57:43 PMVRRP_Instance(lb-vips) Entering BACKUP STATE
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: VRRP_Instance(lb-vips) Entering BACKUP STATE
12/20/2016 9:57:43 PMVRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
12/20/2016 9:57:43 PMpid 22 exited with status 256
12/20/2016 9:57:43 PMKeepalived_vrrp[21]: pid 22 exited with status 256
12/20/2016 9:57:44 PMpid 26 exited with status 256
12/20/2016 9:57:44 PMKeepalived_vrrp[21]: pid 26 exited with status 256
12/20/2016 9:57:45 PMDisplaying resulting /etc/keepalived/keepalived.conf contents...
12/20/2016 9:57:45 PM global_defs {
12/20/2016 9:57:45 PM router_id your_hostname
12/20/2016 9:57:45 PM vrrp_version 2
12/20/2016 9:57:45 PM vrrp_garp_master_delay 1
12/20/2016 9:57:45 PM vrrp_garp_master_refresh
12/20/2016 9:57:45 PM #Uncomment the next line if you'd like to use unique multicast groups
12/20/2016 9:57:45 PM #vrrp_mcast_group4 224.0.0.150
12/20/2016 9:57:45 PM }
12/20/2016 9:57:45 PM
12/20/2016 9:57:45 PM vrrp_script chk_haproxy {
12/20/2016 9:57:45 PM script "ss -ltn 'src any' | grep 80"
12/20/2016 9:57:45 PM timeout 1
12/20/2016 9:57:45 PM interval 1 # check every 1 second
12/20/2016 9:57:45 PM fall 2 # require 2 failures for KO
12/20/2016 9:57:45 PM rise 2 # require 2 successes for OK
12/20/2016 9:57:45 PM }
12/20/2016 9:57:45 PM
12/20/2016 9:57:45 PM vrrp_instance lb-vips {
12/20/2016 9:57:45 PM state BACKUP
12/20/2016 9:57:45 PM interface eth0
12/20/2016 9:57:45 PM virtual_router_id 150
12/20/2016 9:57:45 PM priority 100
12/20/2016 9:57:45 PM advert_int 1
12/20/2016 9:57:45 PM nopreempt
12/20/2016 9:57:45 PM track_script {
12/20/2016 9:57:45 PM chk_haproxy
12/20/2016 9:57:45 PM }
12/20/2016 9:57:45 PM authentication {
12/20/2016 9:57:45 PM auth_type PASS
12/20/2016 9:57:45 PM auth_pass blahblah
12/20/2016 9:57:45 PM }
12/20/2016 9:57:45 PM virtual_ipaddress {
12/20/2016 9:57:45 PM 192.168.32.74/24 dev eth0
12/20/2016 9:57:45 PM }
12/20/2016 9:57:45 PM }
12/20/2016 9:57:45 PMStarting Keepalived in the background...
12/20/2016 9:57:45 PMStarting Keepalived v1.2.24 (11/19,2016), git commit v3.5.0_rc2-45-g813ce7d+
12/20/2016 9:57:45 PMKeepalived[31]: Starting Keepalived v1.2.24 (11/19,2016), git commit v3.5.0_rc2-45-g813ce7d+
12/20/2016 9:57:45 PMOpening file '/etc/keepalived/keepalived.conf'.
12/20/2016 9:57:45 PMKeepalived[31]: Opening file '/etc/keepalived/keepalived.conf'.
12/20/2016 9:57:45 PMdaemon is already running
12/20/2016 9:57:45 PMKeepalived[31]: daemon is already running
12/20/2016 9:57:45 PM/usr/bin/keepalived.sh: line 93: wait: pid 21 is not a child of this shell
12/20/2016 9:57:45 PMpid 33 exited with status 256
12/20/2016 9:57:45 PMKeepalived_vrrp[21]: pid 33 exited with status 256
12/20/2016 9:57:46 PMpid 37 exited with status 256
12/20/2016 9:57:46 PMKeepalived_vrrp[21]: pid 37 exited with status 256
12/20/2016 9:57:47 PMVRRP_Instance(lb-vips) Now in FAULT state
12/20/2016 9:57:47 PMKeepalived_vrrp[21]: VRRP_Instance(lb-vips) Now in FAULT state
12/20/2016 9:57:47 PMpid 41 exited with status 256
12/20/2016 9:57:47 PMKeepalived_vrrp[21]: pid 41 exited with status 256
12/20/2016 9:57:48 PMpid 45 exited with status 256
12/20/2016 9:57:48 PMKeepalived_vrrp[21]: pid 45 exited with status 256
12/20/2016 9:57:49 PMpid 49 exited with status 256
12/20/2016 9:57:49 PMKeepalived_vrrp[21]: pid 49 exited with status 256
12/20/2016 9:57:50 PMpid 53 exited with status 256
12/20/2016 9:57:50 PMKeepalived_vrrp[21]: pid 53 exited with status 256
12/20/2016 9:57:51 PMpid 57 exited with status 256
12/20/2016 9:57:51 PMKeepalived_vrrp[21]: pid 57 exited with status 256
12/20/2016 9:57:52 PMpid 61 exited with status 256
12/20/2016 9:57:52 PMKeepalived_vrrp[21]: pid 61 exited with status 256
12/20/2016 9:57:53 PMpid 65 exited with status 256
12/20/2016 9:57:53 PMKeepalived_vrrp[21]: pid 65 exited with status 256
12/20/2016 9:57:54 PMpid 69 exited with status 256
...
Spun up some new load balancers docker hosts last night and attempted to migrate the keepalived service to those hosts but the VIP would never come up.
This is a snippet of the logs:
9/19/2018 1:56:29 PMWed Sep 19 13:56:29 2018: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(8,9)]
9/19/2018 1:56:29 PMWed Sep 19 13:56:29 2018: Script `chk_haproxy` now returning 2
9/19/2018 1:56:29 PMWed Sep 19 13:56:29 2018: VRRP_Script(chk_haproxy) failed (exited with status 2)
9/19/2018 1:56:29 PMWed Sep 19 13:56:29 2018: (lb-vips) Entering FAULT STATE
9/19/2018 1:56:29 PMWed Sep 19 13:56:29 2018: Kernel/system configuration issue causing multicast packets to be received but IP_MULTICAST_ALL unset
9/19/2018 1:56:31 PMDisplaying resulting /etc/keepalived/keepalived.conf contents...
9/19/2018 1:56:31 PMWed Sep 19 13:56:31 2018: Starting Keepalived v2.0.4 (06/24,2018), git commit v3.8.0_rc8-47-g5ec10636b6
9/19/2018 1:56:31 PMWed Sep 19 13:56:31 2018: WARNING - keepalived was build for newer Linux 4.4.6, running on Linux 3.10.0-862.11.6.el7.x86_64 #1 SMP Tue Aug 14 21:49:04 UTC 2018
9/19/2018 1:56:31 PMWed Sep 19 13:56:31 2018: Opening file '/etc/keepalived/keepalived.conf'.
9/19/2018 1:56:31 PM global_defs {
9/19/2018 1:56:31 PM #Hostname will be used by default
9/19/2018 1:56:31 PM #router_id your_name
9/19/2018 1:56:31 PM vrrp_version 2
9/19/2018 1:56:31 PM vrrp_garp_master_delay 1
9/19/2018 1:56:31 PM vrrp_garp_master_refresh 60
9/19/2018 1:56:31 PM #Uncomment the next line if you'd like to use unique multicast groups
9/19/2018 1:56:31 PM #vrrp_mcast_group4 224.0.0.12
9/19/2018 1:56:31 PM script_user root
9/19/2018 1:56:31 PM }
9/19/2018 1:56:31 PM
9/19/2018 1:56:31 PM vrrp_script chk_haproxy {
9/19/2018 1:56:31 PM script "iptables -t nat -nL CATTLE_PREROUTING | grep ':80'"
9/19/2018 1:56:31 PM timeout 1
9/19/2018 1:56:31 PM interval 1 # check every 1 second
9/19/2018 1:56:31 PM fall 2 # require 2 failures for KO
9/19/2018 1:56:31 PM rise 2 # require 2 successes for OK
9/19/2018 1:56:31 PM }
9/19/2018 1:56:31 PM
9/19/2018 1:56:31 PM vrrp_instance lb-vips {
9/19/2018 1:56:31 PM state BACKUP
9/19/2018 1:56:31 PM interface eth0
9/19/2018 1:56:31 PM virtual_router_id 12
9/19/2018 1:56:31 PM priority 100
9/19/2018 1:56:31 PM advert_int 1
9/19/2018 1:56:31 PM nopreempt #Prevent fail-back
9/19/2018 1:56:31 PM track_script {
9/19/2018 1:56:31 PM chk_haproxy
9/19/2018 1:56:31 PM }
9/19/2018 1:56:31 PM authentication {
9/19/2018 1:56:31 PM auth_type PASS
9/19/2018 1:56:31 PM auth_pass blahblah
9/19/2018 1:56:31 PM }
9/19/2018 1:56:31 PM virtual_ipaddress {
9/19/2018 1:56:31 PM 10.XX.XX.12/24 dev eth0
9/19/2018 1:56:31 PM }
9/19/2018 1:56:31 PM }
9/19/2018 1:56:31 PMStarting Keepalived in the background...
9/19/2018 1:56:31 PMWed Sep 19 13:56:31 2018: daemon is already running
9/19/2018 1:56:31 PM/usr/bin/keepalived.sh: line 101: wait: pid 19 is not a child of this shell
I saw that the new hosts were using an image that was created 5 weeks ago. I went to the previous host that had the image that was created 13 months ago, tagged it & pushed it to our Docker image server. I configured the service to use that tagged image and the VIP came up on the new hosts so there's something in this new image since it's the only thing that changed.
Also, the check port script should probably be changed from grep ':${CHECK_PORT}'" to grep 'dpt:${CHECK_PORT} '" because otherwise the script could show a false positive when something is also running on port 8000 (i.e.traefik) on that host:
iptables -t nat -nL CATTLE_PREROUTING | grep ':80'
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.XX.XX.45:80
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ADDRTYPE match dst-type LOCAL to:10.XX.XX.45:80
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:10.XX.XX.45:8000
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 ADDRTYPE match dst-type LOCAL to:10.XX.XX.45:8000
Is it possible to setup more than two containers to share a VIP between 3+ hosts?
We are preparing to use this in production, and it would be nice to have versioned images instead of just "latest".
Something like neoassist/docker-keepalived:1.0.0 or even timestamp versioning like 201610071051 would be fine.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.