User:Jhedden/notes/keepalived

QUICK example of using keepalived and VRRP to failover service ip addresses (or Virtual IP Address) on cloudVPS

pre-create the neutron ports, this helps reserve and save addresses if we re-create servers

OS_PROJECT_ID=testlabs openstack port create --network 7425e328-560c-4f00-8e99-706f3fb90bb4 jeh-hatest01
OS_PROJECT_ID=testlabs openstack port create --network 7425e328-560c-4f00-8e99-706f3fb90bb4 jeh-hatest02
OS_PROJECT_ID=testlabs openstack port create --network 7425e328-560c-4f00-8e99-706f3fb90bb4 jeh-hatest-vip

| 74758a61-4120-420d-a8bd-32fe5140bbfd | jeh-hatest01   | fa:16:3e:ab:9f:35 | ip_address='172.16.0.26', subnet_id='a69bdfad-d7d2-4cfa-8231-3d6d3e0074c9' |
| a848bf8a-a130-4f8b-bd86-a7d13b982e84 | jeh-hatest02   | fa:16:3e:61:fd:b6 | ip_address='172.16.0.38', subnet_id='a69bdfad-d7d2-4cfa-8231-3d6d3e0074c9' |
| 2252ef9a-40dc-4d83-9c33-ced7b4cf12d5 | jeh-hatest-vip | fa:16:3e:63:fd:d9 | ip_address='172.16.0.35', subnet_id='a69bdfad-d7d2-4cfa-8231-3d6d3e0074c9' |

By default neutron only allows the virtual machine to pass traffic using the assigned IP and MAC address pair. These commands configure the host ports to allow traffic over the VIP address (openstack client is too old doesn't support address pairs)

#OS_PROJECT_ID=testlabs openstack port set --allowed-address ip-address=172.16.0.35 74758a61-4120-420d-a8bd-32fe5140bbfd
#OS_PROJECT_ID=testlabs openstack port set --allowed-address ip-address=172.16.0.35 a848bf8a-a130-4f8b-bd86-a7d13b982e84

neutron port-update 74758a61-4120-420d-a8bd-32fe5140bbfd --allowed-address-pair ip_address=172.16.0.35
neutron port-update a848bf8a-a130-4f8b-bd86-a7d13b982e84 --allowed-address-pair ip_address=172.16.0.35

create load balancer VMs using the ports we created above

OS_PROJECT_ID=testlabs openstack server create --image b6b58ba2-8656-49b4-af13-d0530ac05365 --flavor 2 --nic port-id=74758a61-4120-420d-a8bd-32fe5140bbfd jeh-hatest01
OS_PROJECT_ID=testlabs openstack server create --image b6b58ba2-8656-49b4-af13-d0530ac05365 --flavor 2 --nic port-id=a848bf8a-a130-4f8b-bd86-a7d13b982e84 jeh-hatest02

| 492ac183-b88f-4804-8117-31f3d0c4f9e7 | jeh-hatest02 | ACTIVE | lan-flat-cloudinstances2b=172.16.0.38 | debian-10.0-buster |
| 1455f54c-8143-4f4e-8b67-c9654f01ff53 | jeh-hatest01 | ACTIVE | lan-flat-cloudinstances2b=172.16.0.26 | debian-10.0-buster |

install keepalived

root@jeh-hatest01: apt install keepalived
root@jeh-hatest02: apt install keepalived

configure keepalived

root@jeh-hatest01:/etc/keepalived# cat keepalived.conf
global_defs {
}

vrrp_instance VRRP1 {
    state MASTER
    interface eth0
    virtual_router_id 41
    priority 200
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass MASKED
    }
    virtual_ipaddress {
        172.16.0.35/21
    }
    unicast_peer {
        172.16.0.26
    }
}

global_defs {
}

root@jeh-hatest02:/etc/keepalived# cat keepalived.conf
vrrp_instance VRRP1 {
    state BACKUP
    interface eth0
    virtual_router_id 41
    priority 200
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass MASKED
    }
    virtual_ipaddress {
        172.16.0.35/21
    }
    unicast_peer {
        172.16.0.38
    }
}

restart keepalived

$ sudo systemctl restart keepavlied

start ping from a different host

jeh@tools-sgebastion-07:~$ ping 172.16.0.35
PING 172.16.0.35 (172.16.0.35) 56(84) bytes of data.
64 bytes from 172.16.0.35: icmp_seq=1 ttl=64 time=1.07 ms
64 bytes from 172.16.0.35: icmp_seq=2 ttl=64 time=0.551 ms
...

confirm VIP is on hatest01

root@jeh-hatest01:~# ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP group default qlen 1000
    inet 172.16.0.26/21 brd 172.16.7.255 scope global dynamic eth0
       valid_lft 84555sec preferred_lft 84555sec
    inet 172.16.0.35/21 scope global secondary eth0
       valid_lft forever preferred_lft forever

stop keepalived on hatest01 and watch logs on hatest02

root@jeh-hatest01:~# systemctl stop keepalived

root@jeh-hatest02:~# journalctl -u keepalived -f
Oct 18 22:04:50 jeh-hatest02 Keepalived_vrrp[23328]: Registering gratuitous ARP shared channel
Oct 18 22:04:50 jeh-hatest02 Keepalived_vrrp[23328]: (VRRP1) Entering BACKUP STATE (init)
Oct 18 22:05:05 jeh-hatest02 Keepalived_vrrp[23328]: (VRRP1) Backup received priority 0 advertisement
Oct 18 22:05:05 jeh-hatest02 Keepalived_vrrp[23328]: (VRRP1) Entering MASTER STATE

confirm VIP is active on hatest02

root@jeh-hatest02:/etc/keepalived# ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP group default qlen 1000
    inet 172.16.0.38/21 brd 172.16.7.255 scope global dynamic eth0
       valid_lft 83753sec preferred_lft 83753sec
    inet 172.16.0.35/21 scope global secondary eth0
       valid_lft forever preferred_lft forever