Keepalived - Funky Penguin's Geek Cookbook

funkypenguin · September 29, 2017, 1:11pm

While having a self-healing, scalable docker swarm is great for availability and scalability, none of that is any good if nobody can connect to your cluster.

This is a companion discussion topic for the original entry at https://geek-cookbook.funkypenguin.co.nz/ha-docker-swarm/keepalived/

ggilley · October 2, 2017, 2:10am

For the Intel SkullCanyon NUC’s I’m using, I had to add -e KEEPALIVED_INTERFACE=enp0s31f6

seffyroff · July 23, 2018, 8:22pm

Stupid Question Alert! If I have my Docker Swarm running, and the ingress network handling routing, with Traefik on top of that globally deployed, do I need keepalived?

funkypenguin · July 23, 2018, 9:16pm

It depends how traffic is arriving to your swarm. If you have an external load-balancer, then no. But if you have a single IP (one of the swarm nodes) receiving all the ingress traffic, and that node fails, then all your swarminess won’t help you, and you need keepalived

manseuk · August 16, 2018, 2:47pm

Question on the setup of the Keepalived containers - the IP Addresses you specify in the UNICAT_PEERS env variable - are they the external ip addresses of the docker severs ?

funkypenguin · August 16, 2018, 8:52pm

If the docker servers are externally addressed already, then yes. If you’re running your swarm on private IPs behind a NATing firewall, then no

macfreaker · August 21, 2018, 7:30pm

I have the same nuc. Do you have any ssd / hd installed to setup.

ggilley · August 21, 2018, 10:52pm

I did have an ssd installed when I set it up.

ggilley · September 19, 2018, 6:38pm

Every time I reboot my master, keepalived does not return control to the master. I have to reboot the slave to get control to switch. Anyone else having this problem?

Timo · October 8, 2018, 1:40pm

Hey, it seems i do not understand this fully i do not understand the concept of the VIP. Maybe you can give me a hint.

I have 3 docker nodes running as swarm. All of them have an external IP. So 3 IPs: 82.xx.xx.xx.
I can connect to each of the IPs to find my website. This is working without Keepalived.

But with my URL i get an single point of failure.
My URL is pointing to on of this IPs. If this node is going down i have a problem. All services can’t be accessed via URL. If i buy a new IP i have to assign this IP to one of the nodes and can’t assign this to all of them.

cmconner156 · October 8, 2018, 3:21pm

That’s what Keepalived is for. It manages that IP across multiple nodes. It knows which node the IP is running on. If that node goes down, it brings up that IP on a different node that is still up. So no more single point of failure.

Timo · October 8, 2018, 4:05pm

Sounds perfect! I will try this now…

Timo · October 8, 2018, 7:52pm

I got Keepalived to the point that it was transfering the IP to the BACKUP-Server. Unfortunately my problem here is not the function of Keepalived.

As mentioned in the article it seems like my hosting provider 1und1 do not have the function to have such a “floating IP/virtual IP” address for the servers… I have to assign the IP to one of my hosts. The IP can’t be moved to the other server…
They have their own LoadBalancer. It seems I have to use this one…

Does someone knows a provider where i can do this kind of configuration?

funkypenguin · October 8, 2018, 9:20pm

Hi Timo, I’ve encountered the same issue with Google Cloud… you have to use their load balancer (which is very good, but costs a lot). I worked around it by standing up a single, low-touch VM running haproxy with my nodes as backends, and using that as my VIP. Yes, the VM may go down, so it’s not perfect, but it’s better than using one of my heavily-loaded K8s nodes! (plus, on GKE, you pay per-port for loadbalancing, whereas with my haproxy VM, I can have as many ports as I want)

cristain_dkb · June 11, 2020, 10:31pm

docker-compose.yml example

services:
  keepalived:
    cap_add:
    - NET_ADMIN
    container_name: keepalived
    network_mode: host
    deploy:
      restart_policy:
        condition: always
    environment:
      KEEPALIVED_INTERFACE: 'enp0s3'  #depends on hosts interface
      KEEPALIVED_UNICAST_PEERS: "#PYTHON2BASH:['192.168.1.252', '192.168.1.253']" #IP of others nodes
      KEEPALIVED_PRIORITY: '200' #change between nodes
      KEEPALIVED_VIRTUAL_IPS: 192.168.1.250
    image: osixia/keepalived:2.0.20

scyto · June 15, 2020, 10:45pm

I am little confused when one needs to go to the trouble of using a docker container vs using ipsvadm on the docker host to service the requests and pass them to the ingress network?

funkypenguin · June 15, 2020, 11:10pm

Thanks @scyto! If this is a viable option, then I’m all for the simplest solution. I hadn’t come across the ipvsadm solution before - can you point me to an example?

Thanks!
D

scyto · June 15, 2020, 11:27pm

@funkypenguin well i have no idea what I am doing i am trying to understand the options.

I read this article How to setup simple load balancing with IPVS, demo with docker. - DEV Community

I know keepalived uses ipvs under the hood, i can’t for the life of me work out what it offers on top of ipvs for this sceanrio. I was hoping an expert could explain it to me!

funkypenguin · June 16, 2020, 2:23am

On first glance, it would appear that ipvs supports load balancing, but not a mechanism to provide a highly-available virtual IP. i.e., without keepalived to facilitate communications between nodes A, B, and C, how will the nodes agree which one of them is currently the “primary” and which are the “backups” ?

scyto · June 16, 2020, 2:57am

Thanks, that is what i was missing.

It never occurred to me someone would make something like IPVS only marginally better than round robin DNS.

Next question: why run keepalive in a docker container rather than on the docker host directly?
(like this How to Setup IP Failover with KeepAlived on Ubuntu & Debian - TecAdmin)?