Openshift
  • Introduction
  • Get start
    • CLI
  • Application
  • Containers & Pods
  • Router
    • keepalived
  • SELinux
Powered by GitBook
On this page

Was this helpful?

  1. Router

keepalived

For each VIP, keepalived keeps the state of the node. The VIP on the node may be in MASTER, BACKUP, or FAULT state.

Keepalived is in MASTER state when it is servicing the VIP, in BACKUP state when another node is servicing the VIP, or in FAULT` state when the check script fails.

All VIPs on the node that are not in the FAULT state participate in the negotiation to decide which will be MASTER for the VIP. All of the losers enter the BACKUP state. This negotiation is done by all the keepalived daemons and it determines which nodes will service which VIPs.

When the check script on the MASTER fails, the VIP enters the FAULT state and triggers a renegotiation. When the BACKUP fails, the VIP enters the FAULT state.

When a host leaves the FAULT state by passing the check script, the host becomes a BACKUP if the new host has lower priority than the host currently in the MASTER state.

When the check script passes again on a VIP in the FAULT state, it exits FAULT and negotiates for MASTER. The resulting state is either MASTER or BACKUP.

Keepalived monitors the health of the application by periodically running an optional user supplied check script. the script can test a web server by issuing a request and verifying the response.

When a host running Keepalived passes the check script, the host can become in the MASTER state based on its priority and the priority of the current MASTER, as determined by the preemption strategy.

This pod runs Keepalived which uses VRRP (Virtual Router Redundancy Protocol) among all the Keepalived daemons to ensure that the service on the watched port is available, and if it is not, Keepalived will automatically float the VIPs.

Each ipfailover pod managed by the ipfailover deployment configuration (1 pod per node/replica) runs a keepalived daemon.

Create IP failover deployment configuration, by running the

oc adm ipfailover command.
$ oc adm ipfailover --selector="router=us-west-ha" \
    --virtual-ips="1.2.3.4,10.1.1.100-104,5.6.7.8" \
    --watch-port=80 --replicas=4 \
    --check-script=<script> \
    --check-interval=<seconds> \
    --create

the command below will create an IP failover configuration on a selection of nodes labeled router=us-west-ha (on 4 nodes with 7 virtual IPs monitoring a service listening on port 80, such as the router process).

  • The script must exit with 0 for PASS or 1 for FAIL. By default, the check is done every two seconds, but can be changed using the --check-interval=<seconds> option.

  • When a check script is not provided, a simple default script is run that tests the TCP connection. This default test is suppressed when the monitor port is 0.

there are ipfailover, router, and geo-cache pods on each node. The set of VIPs for each ipfailover configuration must not overlap and they must not be used elsewhere in the external or cloud environments.

PreviousRouterNextSELinux

Last updated 5 years ago

Was this helpful?