here config of keepalive ``` # Global Configuration global_defs { notification_email { m...@foo.bar } notification_email_from keepali...@foo.bar smtp_server smtp_server smtp.foo.bar smtp_connect_timeout 30 router_id fqdn_of_host }
# describe virtual service ip vrrp_instance front-loadbalancer { state MASTER interface ens192 virtual_router_id 164 priority 100 authentication { auth_type PASS auth_pass XXXXXXX } virtual_ipaddress { aa.bb.cc.dd } # Invoked to master transition notify_master "/etc/keepalived/bypass_ipvs.sh del aa.bb.cc.dd" # Invoked to slave transition notify_backup "/etc/keepalived/bypass_ipvs.sh add aa.bb.cc.dd" # Invoked to fault transition notify_fault "/etc/keepalived/bypass_ipvs.sh add aa.bb.cc.dd" # Invoked to stop transition notify_stop "/etc/keepalived/bypass_ipvs.sh add aa.bb.cc.dd" } # describe virtual mail server virtual_server aa.bb.cc.dd 10514 { delay_loop 5 lb_algo rr lb_kind DR protocol TCP real_server dd.cc.bb.aa1 10514 { MISC_CHECK { misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa1:9601" misc_timeout 10 } } real_server dd.cc.bb.aa2 10514 { MISC_CHECK { misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa2:9601" misc_timeout 10 } } } virtual_server aa.bb.cc.dd 10514 { delay_loop 5 lb_algo rr lb_kind DR #persistence_timeout 50 ops protocol UDP real_server dd.cc.bb.aa1 10514 { MISC_CHECK { misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa1:9601" misc_timeout 10 } } real_server dd.cc.bb.aa2 10514 { MISC_CHECK { misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa2:9601" misc_timeout 10 } } } ``` and bypass script ``` #! /bin/bash #set -x # # Gael Charriere <gael.charri...@gmail.com> # 10.11.2008 # # Invoked by keepalived from master/slave # to slave/master transition to add or remove # a PREROUTING rule # # Essential for slave to redirect incoming # service packet to localhost. Otherwise a # loop can appear between master and slave. # # The routing table is consulted when a packet # that creates a new connection is encountered. # PREROUTING rule alters packets as soon as they come in. # REDIRECT statement redirects the packet to the machine # itself by changing the destination IP to the primary # address of the incoming interface (locally-generated # packets are mapped to the 127.0.0.1 address). # Check number of command line args EXPECTED_ARGS=2 if [ $# -ne $EXPECTED_ARGS ]; then echo "Usage: $0 {add|del} ipaddress" exit 1 fi # Check if second arg is a valid ip address VIP=$2 OLD_IFS=$IFS IFS="." VIP=( $VIP ) IFS=$OLD_IFS # Check that ip has 4 parts if [ ${#VIP[@]} -ne 4 ]; then echo "IP address must have 4 parts" echo "Usage: $0 {add|del} ipaddress" exit 1 fi # Check that each parts is a number which # varies between 0 and 255 for oct in ${VIP[@]} ; do echo $oct | egrep "^[0-9]+$" >/dev/null 2>&1 if [ $? -ne 0 ]; then echo "$oct: Not numeric" echo "Usage: $0 {add|del} ipaddress" exit 1 else if [ $oct -lt 0 -o $oct -gt 255 ]; then echo "$oct: Out of range" echo "Usage: $0 {add|del} ipaddress" exit 1 fi fi done # If we are here, ip address is validated VIP="${VIP[0]}.${VIP[1]}.${VIP[2]}.${VIP[3]}" # Add or remove the prerouting rule case "$1" in add) # check if the rule was already specified n=$(iptables -n -t nat -L| grep $VIP | wc -l) t=$(iptables -n -t nat -L| grep 'dpt:514' | wc -l) if [[ $t > 0 ]]; then #iptables -D PREROUTING -t nat -p tcp --dport 514 -j DNAT --to-destination $VIP:10514 iptables -D PREROUTING -t nat -p tcp --dport 514 -j REDIRECT --to-port 10514 iptables -D PREROUTING -t nat -p udp --dport 514 -j REDIRECT --to-port 10514 fi if [[ $n == 0 ]]; then # the rule was not found, add it iptables -A PREROUTING -t nat -d $VIP -p tcp -j REDIRECT iptables -A PREROUTING -t nat -d $VIP -p udp -j REDIRECT fi ;; del) # check if the rule was already specified n=$(iptables -n -t nat -L| grep $VIP | wc -l) t=$(iptables -n -t nat -L| grep 'dpt:514' | wc -l) if [[ $t == 0 ]]; then #iptables -A PREROUTING -t nat -p tcp --dport 514 -j DNAT --to-destination $VIP:10514 iptables -A PREROUTING -t nat -p tcp --dport 514 -j REDIRECT --to-port 10514 iptables -A PREROUTING -t nat -p udp --dport 514 -j REDIRECT --to-port 10514 fi while [[ $n > 0 ]]; do # remove the rule iptables -D PREROUTING -t nat -d $VIP -p tcp -j REDIRECT iptables -D PREROUTING -t nat -d $VIP -p udp -j REDIRECT n=$(($n-1)) done ;; *) echo "Usage: $0 {add|del} ipaddress" exit 1 esac exit 0 ``` -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1820245 Title: Netplan and Keepalived not work To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/1820245/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs