osixia / docker-keepalived Goto Github PK

View Code? Open in Web Editor NEW

389.0 13.0 138.0 111 KB

Keepalived container image 🐳🌴

License: MIT License

Makefile 7.96% Shell 74.57% Dockerfile 17.47%

docker keepalived docker-image

docker-keepalived's Introduction

osixia/keepalived

Latest release: 2.0.20 - Keepalived 2.0.20 - Changelog | Docker Hub

A docker image to run Keepalived.

keepalived.org

osixia/keepalived

Quick start

This image require the kernel module ip_vs loaded on the host (modprobe ip_vs) and need to be run with : --cap-add=NET_ADMIN --net=host

docker run --cap-add=NET_ADMIN --cap-add=NET_BROADCAST --cap-add=NET_RAW --net=host -d osixia/keepalived:2.0.20

Beginner Guide

Use your own Keepalived config

This image comes with a keepalived config file that can be easily customized via environment variables for a quick bootstrap, but setting your own keepalived.conf is possible. 2 options:

Link your config file at run time to /container/service/keepalived/assets/keepalived.conf :

docker run --volume /data/my-keepalived.conf:/container/service/keepalived/assets/keepalived.conf --detach osixia/keepalived:2.0.20

Add your config file by extending or cloning this image, please refer to the Advanced User Guide

Fix docker mounted file problems

You may have some problems with mounted files on some systems. The startup script try to make some file adjustment and fix files owner and permissions, this can result in multiple errors. See Docker documentation.

To fix that run the container with --copy-service argument :

	docker run [your options] osixia/keepalived:2.0.20 --copy-service

Debug

The container default log level is info. Available levels are: none, error, warning, info, debug and trace.

Example command to run the container in debug mode:

docker run --detach osixia/keepalived:2.0.20 --loglevel debug

See all command line options:

docker run osixia/keepalived:2.0.20 --help

Environment Variables

Environment variables defaults are set in image/environment/default.yaml

See how to set your own environment variables

KEEPALIVED_INTERFACE: Keepalived network interface. Defaults to eth0
KEEPALIVED_PASSWORD: Keepalived password. Defaults to d0cker
KEEPALIVED_PRIORITY Keepalived node priority. Defaults to 150
KEEPALIVED_ROUTER_ID Keepalived virtual router ID. Defaults to 51
KEEPALIVED_UNICAST_PEERS Keepalived unicast peers. Defaults to : - 192.168.1.10 - 192.168.1.11

If you want to set this variable at docker run command add the tag #PYTHON2BASH: and convert the yaml in python:
```
docker run --env KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:['192.168.1.10', '192.168.1.11']" --detach osixia/keepalived:2.0.20
```
To convert yaml to python online : http://yaml-online-parser.appspot.com/
KEEPALIVED_VIRTUAL_IPS Keepalived virtual IPs. Defaults to :
```
- 192.168.1.231
- 192.168.1.232
```
If you want to set this variable at docker run command convert the yaml in python, see above.
KEEPALIVED_NOTIFY Script to execute when node state change. Defaults to /container/service/keepalived/assets/notify.sh
KEEPALIVED_COMMAND_LINE_ARGUMENTS Keepalived command line arguments; Defaults to --log-detail --dump-conf
KEEPALIVED_STATE The starting state of keepalived; it can either be MASTER or BACKUP.

Set your own environment variables

Use command line argument

Environment variables can be set by adding the --env argument in the command line, for example:

docker run --env KEEPALIVED_INTERFACE="eno1" --env KEEPALIVED_PASSWORD="password!" \
--env KEEPALIVED_PRIORITY="100" --detach osixia/keepalived:2.0.20

Link environment file

For example if your environment file is in : /data/environment/my-env.yaml

docker run --volume /data/environment/my-env.yaml:/container/environment/01-custom/env.yaml \
--detach osixia/keepalived:2.0.20

Take care to link your environment file to /container/environment/XX-somedir (with XX < 99 so they will be processed before default environment files) and not directly to /container/environment because this directory contains predefined baseimage environment files to fix container environment (INITRD, LANG, LANGUAGE and LC_CTYPE).

Make your own image or extend this image

This is the best solution if you have a private registry. Please refer to the Advanced User Guide just below.

Advanced User Guide

Extend osixia/keepalived:2.0.20 image

If you need to add your custom TLS certificate, bootstrap config or environment files the easiest way is to extends this image.

Dockerfile example:

FROM osixia/keepalived:2.0.20
MAINTAINER Your Name <[email protected]>

ADD keepalived.conf /container/service/keepalived/assets/keepalived.conf
ADD environment /container/environment/01-custom
ADD scripts.sh /container/service/keepalived/assets/notify.sh

Make your own keepalived image

Clone this project :

git clone https://github.com/osixia/docker-keepalived
cd docker-keepalived

Adapt Makefile, set your image NAME and VERSION, for example :

NAME = osixia/keepalived
VERSION = 1.3.5

becomes :
NAME = billy-the-king/keepalived
VERSION = 0.1.0

Add your custom scripts, environment files, config ...

Build your image :

make build

Run your image :

docker run -d billy-the-king/keepalived:0.1.0

Tests

We use Bats (Bash Automated Testing System) to test this image:

https://github.com/bats-core/bats-core

Install Bats, and in this project directory run :

make test

Under the hood: osixia/light-baseimage

This image is based on osixia/light-baseimage. More info: https://github.com/osixia/docker-light-baseimage

Security

If you discover a security vulnerability within this docker image, please send an email to the Osixia! team at [email protected]. For minor vulnerabilities feel free to add an issue here on github.

Please include as many details as possible.

Changelog

Please refer to: CHANGELOG.md

docker-keepalived's People

Stargazers

Watchers

Forkers

pnegahdar keontang chenjun3092 softputer nos86 chrismoos jljlpch toolchainx rongfengliang samavasi hughwang10 tangfeixiong stormning zllovesuki cbehrends troyying devrandom0 ukhomeoffice jonasbollack ifa6 saqib-ahmed macauleycheng thomasronk msamichev mysunshine92 moonboat splattner jakehigg stevennick 10liuguang01 qingfeng786 ygqygq2 frankiegu yerhy wolfcym jileilei eaware cmconner156 vanquishsecurity weizhoublue tanzhiliangit sun363587351 kenxt 3fong cloud-sandbox awsomedpm researchiteng jackmao90 benmccown zalmanzhao robert091 cnrancher thaihust xiongjungit 00986014 thericho binlabnet jephilc desabel liupeng0518 llhhbc vbear microestc juniversey du-do zyliu404 aland-zhang hilevin workforce39 linkvt hyman1105 kammous ridewind linqing2017 izeqube xaxiong pwfoo whantt shenyunshe zkoesters genchsusu-bin dramasamy dcasado mkumatag warmchang coryhawkless lucaber cxliuneu sglim6216 litalidev daaang mwhahaha lynn-huang lisingle dgierejkiewicz mtt0 defcon84 josonjiang cpatscheider rkpegoraro

docker-keepalived's Issues

startup failes with own keepalived.conf

First of all thank you for providing this image.
it works great.
But i think i found a bug, or maybe its classified as improvment

The startup failes if there is a own keepalived.conf configured.
within docker-compose file:

...
    volumes:
      - ./keepalived.conf:/container/service/keepalived/assets/keepalived.conf

The error is:

sed: can't move '/container/service/keepalived/assets/keepalived.confBHIheG' to '/container/service/keepalived/assets/keepalived.conf': Resource busy

so i found that there is a check on first-run and if first run is not done, the sed commands try to replace things in config from the environment.
so it was needed to also map that firstrun ist done.

    volumes:
      - ./keepalived.conf:/container/service/keepalived/assets/keepalived.conf
      - ./keepalived-first-start-done:/container/run/state/docker-keepalived-first-start-done

maybe there should be a flag to disable the sed commands when using own keepalived.conf.

when using our own keepalived config file, and then we modify it, actually it has no effect

when use our own config file, eg:
docker run
--cap-add=NET_ADMIN
-v /data/safe_town/ha/data/keepalived/conf/keepalived.conf:/container/service/keepalived/assets/keepalived.conf
--net=host
--name=keepalived
--privileged=true
-d 360/keepalived_cluster:1.4.2 --loglevel debug --copy-service
obviously,the config file is /data/safe_town/ha/data/keepalived/conf/keepalived.conf, then we edit it for some reason, but it has no effect.
after reviewing your code, I found that in the start.sh:
if [ ! -e "/usr/local/etc/keepalived/keepalived.conf" ]; then
ln -sf ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf /usr/local/etc/keepalived/keepalived.conf
fi
so, we check the /usr/local/etc/keepalived/keepalived.conf file and the ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf file, we find that the ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf has modified as expected, but the /usr/local/etc/keepalived/keepalived.conf does not, WHY?
And then I found https://github.com/moby/moby/issues/13382, itseems that symbol link files are not well supported within docker,so I suggested that U can remove the link symbol file in order to support modifying configuration on the fly(at least restart).

sorry, we found that the problem is the two directory(/container/run/service and /container/service) are not consistent.

Configuration file is not a regular non-executable file

If i run this docker with my own configuration file, i keep getting this error:

Keepalived[54]: Configuration file '/usr/local/etc/keepalived/keepalived.conf' is not a regular non-executable file
Keepalived[54]: Stopped Keepalived v2.0.20 (01/22,2020)

run command:
docker run --rm -it --volume /srv/docker/keepalived/keepalived.conf:/container/service/keepalived/assets/keepalived.conf osixia/keepalived:2.0.20 --copy-service --loglevel debug

full log:

*** CONTAINER_LOG_LEVEL = 4 (debug)
*** Copy /container/service to /container/run/service
*** Search service in CONTAINER_SERVICE_DIR = /container/run/service :
*** link /container/run/service/keepalived/startup.sh to /container/run/startup/keepalived
*** link /container/run/service/keepalived/process.sh to /container/run/process/keepalived/run
*** link /container/run/service/keepalived/finish.sh to /container/run/process/keepalived/finish
*** Set environment for startup files
*** ignore : LANG = C.UTF-8 (keep LANG = en_US.UTF-8 )
*** ignore : LANGUAGE = C.UTF-8 (keep LANGUAGE = en_US:en )
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.yaml

*** --- process file : /container/environment/99-default/default.yaml ---
/container/tool/run:294: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
  env_vars = yaml.load(f)
*** Run commands before startup...
*** Running /container/run/startup/keepalived...
*** ------------ Environment dump ------------
*** PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
*** HOSTNAME = b88d1858596c
*** TERM = xterm
*** LANG = en_US.UTF-8
*** LANGUAGE = en_US:en
*** LC_ALL = en_US.UTF-8
*** HOME = /root
*** CONTAINER_SERVICE_DIR = /container/run/service
*** CONTAINER_STATE_DIR = /container/run/state
*** CONTAINER_LOG_LEVEL = 4
*** INITRD = no
*** LC_CTYPE = C.UTF-8
*** KEEPALIVED_COMMAND_LINE_ARGUMENTS = --log-detail --dump-conf
*** KEEPALIVED_INTERFACE = eth0
*** KEEPALIVED_PASSWORD = d0cker
*** KEEPALIVED_PRIORITY = 150
*** KEEPALIVED_UNICAST_PEERS = #COMPLEX_BASH_ENV:TABLE: KEEPALIVED_UNICAST_PEERS_ROW_1 KEEPALIVED_UNICAST_PEERS_ROW_2
*** KEEPALIVED_VIRTUAL_IPS = #COMPLEX_BASH_ENV:TABLE: KEEPALIVED_VIRTUAL_IPS_ROW_1 KEEPALIVED_VIRTUAL_IPS_ROW_2
*** KEEPALIVED_NOTIFY = /container/service/keepalived/assets/notify.sh
*** KEEPALIVED_ROUTER_ID = 51
*** KEEPALIVED_STATE = BACKUP
*** KEEPALIVED_UNICAST_PEERS_ROW_1 = 192.168.1.10
*** KEEPALIVED_UNICAST_PEERS_ROW_2 = 192.168.1.11
*** KEEPALIVED_VIRTUAL_IPS_ROW_1 = 192.168.1.231
*** KEEPALIVED_VIRTUAL_IPS_ROW_2 = 192.168.1.232
*** ------------------------------------------
*** Set environment for container process
*** ignore : LANG = C.UTF-8 (keep LANG = en_US.UTF-8 )
*** ignore : LANGUAGE = C.UTF-8 (keep LANGUAGE = en_US:en )
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.yaml

*** --- process file : /container/environment/99-default/default.yaml ---
*** Run commands before process...
*** ------------ Environment dump ------------
*** PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
*** HOSTNAME = b88d1858596c
*** TERM = xterm
*** LANG = en_US.UTF-8
*** LANGUAGE = en_US:en
*** LC_ALL = en_US.UTF-8
*** HOME = /root
*** CONTAINER_SERVICE_DIR = /container/run/service
*** CONTAINER_STATE_DIR = /container/run/state
*** CONTAINER_LOG_LEVEL = 4
*** INITRD = no
*** LC_CTYPE = C.UTF-8
*** KEEPALIVED_COMMAND_LINE_ARGUMENTS = --log-detail --dump-conf
*** KEEPALIVED_INTERFACE = eth0
*** KEEPALIVED_PASSWORD = d0cker
*** KEEPALIVED_PRIORITY = 150
*** KEEPALIVED_UNICAST_PEERS = #COMPLEX_BASH_ENV:TABLE: KEEPALIVED_UNICAST_PEERS_ROW_1 KEEPALIVED_UNICAST_PEERS_ROW_2
*** KEEPALIVED_VIRTUAL_IPS = #COMPLEX_BASH_ENV:TABLE: KEEPALIVED_VIRTUAL_IPS_ROW_1 KEEPALIVED_VIRTUAL_IPS_ROW_2
*** KEEPALIVED_NOTIFY = /container/service/keepalived/assets/notify.sh
*** KEEPALIVED_ROUTER_ID = 51
*** KEEPALIVED_STATE = BACKUP
*** KEEPALIVED_UNICAST_PEERS_ROW_1 = 192.168.1.10
*** KEEPALIVED_UNICAST_PEERS_ROW_2 = 192.168.1.11
*** KEEPALIVED_VIRTUAL_IPS_ROW_1 = 192.168.1.231
*** KEEPALIVED_VIRTUAL_IPS_ROW_2 = 192.168.1.232
*** ------------------------------------------
*** Running /container/run/process/keepalived/run...
*** /container/run/process/keepalived/run started as PID 54
Waiting config file /usr/local/etc/keepalived/keepalived.confok
Thu Dec 10 10:18:12 2020: Starting Keepalived v2.0.20 (01/22,2020)
Keepalived[54]: Starting Keepalived v2.0.20 (01/22,2020)
Thu Dec 10 10:18:12 2020: WARNING - keepalived was build for newer Linux 4.19.36, running on Linux 4.15.0-55-generic #60-Ubuntu SMP Tue Jul 2 18:22:20 UTC 2019
Keepalived[54]: WARNING - keepalived was build for newer Linux 4.19.36, running on Linux 4.15.0-55-generic #60-Ubuntu SMP Tue Jul 2 18:22:20 UTC 2019
Thu Dec 10 10:18:12 2020: Command line: '/usr/local/sbin/keepalived' '-f' '/usr/local/etc/keepalived/keepalived.conf'
Keepalived[54]: Command line: '/usr/local/sbin/keepalived' '-f' '/usr/local/etc/keepalived/keepalived.conf'
Thu Dec 10 10:18:12 2020:               '--dont-fork' '--log-console' '--log-detail' '--dump-conf'
Keepalived[54]:               '--dont-fork' '--log-console' '--log-detail' '--dump-conf'
Thu Dec 10 10:18:12 2020: Configuration file '/usr/local/etc/keepalived/keepalived.conf' is not a regular non-executable file
Keepalived[54]: Configuration file '/usr/local/etc/keepalived/keepalived.conf' is not a regular non-executable file
Thu Dec 10 10:18:12 2020: Stopped Keepalived v2.0.20 (01/22,2020)
Keepalived[54]: Stopped Keepalived v2.0.20 (01/22,2020)
*** /container/run/process/keepalived/run exited with status 6
*** Run commands before finish...
*** Running /container/run/process/keepalived/finish...
*** ------------ Environment dump ------------
*** PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
*** HOSTNAME = b88d1858596c
*** TERM = xterm
*** LANG = en_US.UTF-8
*** LANGUAGE = en_US:en
*** LC_ALL = en_US.UTF-8
*** HOME = /root
*** CONTAINER_SERVICE_DIR = /container/run/service
*** CONTAINER_STATE_DIR = /container/run/state
*** CONTAINER_LOG_LEVEL = 4
*** INITRD = no
*** LC_CTYPE = C.UTF-8
*** KEEPALIVED_COMMAND_LINE_ARGUMENTS = --log-detail --dump-conf
*** KEEPALIVED_INTERFACE = eth0
*** KEEPALIVED_PASSWORD = d0cker
*** KEEPALIVED_PRIORITY = 150
*** KEEPALIVED_UNICAST_PEERS = #COMPLEX_BASH_ENV:TABLE: KEEPALIVED_UNICAST_PEERS_ROW_1 KEEPALIVED_UNICAST_PEERS_ROW_2
*** KEEPALIVED_VIRTUAL_IPS = #COMPLEX_BASH_ENV:TABLE: KEEPALIVED_VIRTUAL_IPS_ROW_1 KEEPALIVED_VIRTUAL_IPS_ROW_2
*** KEEPALIVED_NOTIFY = /container/service/keepalived/assets/notify.sh
*** KEEPALIVED_ROUTER_ID = 51
*** KEEPALIVED_STATE = BACKUP
*** KEEPALIVED_UNICAST_PEERS_ROW_1 = 192.168.1.10
*** KEEPALIVED_UNICAST_PEERS_ROW_2 = 192.168.1.11
*** KEEPALIVED_VIRTUAL_IPS_ROW_1 = 192.168.1.231
*** KEEPALIVED_VIRTUAL_IPS_ROW_2 = 192.168.1.232
*** ------------------------------------------
*** Killing all processes...

Issues running on Ubuntu Server 16.04.6

I switched from CoreOS to Ubuntu Server 16.04.6 and ran into issues.
I have to run keepalived version 2.0.16 because the higher version require a newer kernel

Still, I get these errors:

me@server:~$ docker run -d --name keepalived \
--env KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:['192.168.1.52']" \
--env KEEPALIVED_VIRTUAL_IPS=192.168.1.99/32 \
--env KEEPALIVED_INTERFACE=eth1 \
osixia/keepalived:2.0.16

e386a377465cc16b8a83d3ed47a9dc93af3557e7d30e262b56c8267cf9ccb626

me@server:~$ docker logs keepalived

*** CONTAINER_LOG_LEVEL = 3 (info)
*** Search service in CONTAINER_SERVICE_DIR = /container/service :
*** link /container/service/keepalived/startup.sh to /container/run/startup/keepalived
*** link /container/service/keepalived/process.sh to /container/run/process/keepalived/run
*** link /container/service/keepalived/finish.sh to /container/run/process/keepalived/finish
*** Set environment for startup files
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.yaml

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running /container/run/startup/keepalived...
*** Set environment for container process
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.yaml

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running /container/run/process/keepalived/run...
Waiting config file /usr/local/etc/keepalived/keepalived.confok
Thu Jul 30 16:04:21 2020: Starting Keepalived v2.0.16 (05/03,2019), git commit v2.0.15-96-g4d492740+
Thu Jul 30 16:04:21 2020: Running on Linux 4.15.0-45-generic #48~16.04.1-Ubuntu SMP Tue Jan 29 18:03:48 UTC 2019 (built for Linux 4.4.6)
Thu Jul 30 16:04:21 2020: Command line: '/usr/local/sbin/keepalived' '-f' '/usr/local/etc/keepalived/keepalived.conf'
Thu Jul 30 16:04:21 2020:               '--dont-fork' '--log-console' '--log-detail' '--dump-conf'
Thu Jul 30 16:04:21 2020: Opening file '/usr/local/etc/keepalived/keepalived.conf'.
Thu Jul 30 16:04:21 2020: Failed to bind to process monitoring socket - errno 1 - Operation not permitted
Thu Jul 30 16:04:21 2020: Starting VRRP child process, pid=45
Thu Jul 30 16:04:21 2020: Registering Kernel netlink reflector
Thu Jul 30 16:04:21 2020: Registering Kernel netlink command channel
Thu Jul 30 16:04:21 2020: WARNING - default interface eth1 doesn't exist
Thu Jul 30 16:04:21 2020: Opening file '/usr/local/etc/keepalived/keepalived.conf'.
Thu Jul 30 16:04:21 2020: (Line 6) WARNING - interface eth1 for vrrp_instance VI_1 doesn't exist
Thu Jul 30 16:04:21 2020: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
Thu Jul 30 16:04:21 2020: Non-existent interface specified in configuration
Thu Jul 30 16:04:21 2020: Stopped - used 0.001016 user time, 0.000000 system time
Thu Jul 30 16:04:21 2020: Keepalived_vrrp exited with permanent error CONFIG. Terminating
Thu Jul 30 16:04:21 2020: Stopped Keepalived v2.0.16 (05/03,2019), git commit v2.0.15-96-g4d492740+
*** /container/run/process/keepalived/run exited with status 0
*** Running /container/run/process/keepalived/finish...
Unknown state
*** Killing all processes...

What's wrong and how can I fix it? This worked fine in CoreOS...

run error

$ docker run -d --name kmaster -v /SHEIN-Docker/keepalived/conf/mykeepalived.conf:/container/service/keepalived/assets/keepalived.conf osixia/keepaliv
ed --copy-service

Log message

*** CONTAINER_LOG_LEVEL = 3 (info)
*** Copy /container/service to /container/run/service
*** Search service in CONTAINER_SERVICE_DIR = /container/run/service :
*** link /container/run/service/keepalived/startup.sh to /container/run/startup/keepalived
*** link /container/run/service/keepalived/process.sh to /container/run/process/keepalived/run
*** link /container/run/service/keepalived/finish.sh to /container/run/process/keepalived/finish
*** Set environment for startup files
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.yaml

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running /container/run/startup/keepalived...
*** Set environment for container process
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.yaml

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running /container/run/process/keepalived/run...
Waiting config file /usr/local/etc/keepalived/keepalived.confok
Wed May 29 02:48:18 2019: Starting Keepalived v2.0.15 (04/04,2019), git commit v2.0.14-53-g9de2817c+
Wed May 29 02:48:18 2019: Running on Linux 4.14.116-boot2docker #1 SMP Tue May 7 00:02:53 UTC 2019 (built for Linux 4.4.6)
Wed May 29 02:48:18 2019: Command line: '/usr/local/sbin/keepalived' '-f' '/usr/local/etc/keepalived/keepalived.conf'
Wed May 29 02:48:18 2019: '--dont-fork' '--log-console' '--log-detail' '--dump-conf'
Wed May 29 02:48:18 2019: Configuration file '/usr/local/etc/keepalived/keepalived.conf' is not a regular non-executable file
Wed May 29 02:48:18 2019: Stopped Keepalived v2.0.15 (04/04,2019), git commit v2.0.14-53-g9de2817c+
*** /container/run/process/keepalived/run exited with status 6
*** Running /container/run/process/keepalived/finish...
*** Killing all processes...

Not Available on dockerhub now

This container no longer exsisits on docker hub.

Can some one re run the CI build

malformed unicast peer

Im getting this error when starting keepalived docker

(Line 21) Configuration error: VRRP instance[VI_1] malformed unicast peer address[#PYTHON2BASH:['xx.x.xx.x','xx.x.xx.xx']]. Skipping...

Any idea what it is?

I'm using the 2.0.17 version and updated it to the latest stable version 2.0.20. Still the same issue

Erratum in README.md

Hi,

if you execute docker run --cap-add=NET_ADMIN --net=host -d osixia/keepalived:1.4.2 and you execute docker logs. You will see this messages

*** Running /container/run/process/keepalived/run...
Waiting config file /usr/local/etc/keepalived/keepalived.confok
Wed May 9 12:27:04 2018: Starting Keepalived v1.4.2 (02/24,2018), git commit v1.4.1-41-g6a2987e+
Wed May 9 12:27:04 2018: WARNING - keepalived was build for newer Linux 4.4.6, running on Linux 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018
Wed May 9 12:27:04 2018: Opening file '/usr/local/etc/keepalived/keepalived.conf'.
Wed May 9 12:27:04 2018: Starting Healthcheck child process, pid=54
Wed May 9 12:27:04 2018: Starting VRRP child process, pid=55
Wed May 9 12:27:04 2018: Opening file '/usr/local/etc/keepalived/keepalived.conf'.
Wed May 9 12:27:04 2018: Cannot find default interface eth0

And finally the container will exit.

Therefore, if we want running the container without error. Please update line above from README.md with this line.

run --cap-add=NET_ADMIN --net=bridge -d osixia/keepalived:1.4.2

Regards,
Francisco Perez

`nopreempt` doesn't seem to work for keepalived 1.4.5

Problem

nopreempt works great when docker service stops/restarts; when my network interface goes down; and when I restart the keepalived container, but when I restart the machine with 51 priority, it takes back the control from the other node(it preempts). Following the discussion here, I added a 60s delay before startup of the keepalived service inside my container (in process.sh) but it still preempts the node with lower priority after a minute. What could possibly be wrong here? Obviously it isn't the network because it doesn't take that long to initialize. This is a clone of this issue.

Configuration

My configuration file looks like below:

global_defs {
  default_interface enp0s3
}

vrrp_script chk_dockerd {
        script "pidof dockerd"      # verify the pid exists
        interval 2                  # check every 2 seconds
}

vrrp_instance VI_1 {
  interface enp0s3

  state BACKUP
  virtual_router_id 51
  priority 51                   # Second node has 50 priority, everything else is same
  nopreempt
  #advert_int 1

  unicast_peer {
    192.168.1.141
  }

  virtual_ipaddress {
    192.168.1.238
  }

  authentication {
    auth_type PASS
    auth_pass d0cker
  }

  track_script {
          chk_dockerd
  }

  notify "/container/service/keepalived/assets/notify.sh"
}

Logs

I also tried to manually start the container after some time upon reboot and it still preempts the lower priority node. I'm getting following logs after rebooting higher priority node:

Mon Jun  4 21:16:14 2018: VRRP_Instance(VI_1) Transition to MASTER STATE
Mon Jun  4 21:16:15 2018: VRRP_Instance(VI_1) Entering MASTER STATE
Mon Jun  4 21:16:15 2018: VRRP_Instance(VI_1) setting protocol VIPs.
Mon Jun  4 21:16:15 2018: Sending gratuitous ARP on enp0s3 for 192.168.8.235
Mon Jun  4 21:16:15 2018: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on enp0s3 for 192.168.8.235
Mon Jun  4 21:16:15 2018: Sending gratuitous ARP on enp0s3 for 192.168.8.235
Mon Jun  4 21:16:15 2018: Sending gratuitous ARP on enp0s3 for 192.168.8.235
Mon Jun  4 21:16:15 2018: Sending gratuitous ARP on enp0s3 for 192.168.8.235
Mon Jun  4 21:16:15 2018: Sending gratuitous ARP on enp0s3 for 192.168.8.235
Mon Jun  4 21:16:15 2018: Opening script file /container/service/keepalived/assets/notify.sh
Mon Jun  4 21:16:20 2018: Sending gratuitous ARP on enp0s3 for 192.168.8.235
Mon Jun  4 21:16:20 2018: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on enp0s3 for 192.168.8.235
Mon Jun  4 21:16:20 2018: Sending gratuitous ARP on enp0s3 for 192.168.8.235
Mon Jun  4 21:16:20 2018: Sending gratuitous ARP on enp0s3 for 192.168.8.235
Mon Jun  4 21:16:20 2018: Sending gratuitous ARP on enp0s3 for 192.168.8.235
Mon Jun  4 21:16:20 2018: Sending gratuitous ARP on enp0s3 for 192.168.8.235

#########################
Preemption after a minute
#########################

Mon Jun  4 21:17:58 2018: VRRP_Instance(VI_1) Master received advert with higher priority 51, ours 50
Mon Jun  4 21:17:58 2018: VRRP_Instance(VI_1) Entering BACKUP STATE
Mon Jun  4 21:17:58 2018: VRRP_Instance(VI_1) removing protocol VIPs.
Mon Jun  4 21:17:58 2018: Opening script file /container/service/keepalived/assets/notify.sh

`tcpdump`

I got the tcpdump at the reboot time of the higher priority node. Machine 1.89 has 51 priority and 1.141 has 50 priority (on which I'm dumping) with the above-mentioned configuration.

13:13:13.474199 IP (tos 0xc0, ttl 255, id 1171, offset 0, flags [none], proto VRRP (112), length 40)
    192.168.1.89 > 192.168.1.141: vrrp 192.168.1.89 > 192.168.1.141: VRRPv2, Advertisement, vrid 51, prio 51, authtype simple, intvl 1s, length 20, addrs: 192.168.1.238 auth "d0cker^@^@"
	0x0000:  45c0 0028 0493 0000 ff70 31dc c0a8 0159  E..(.....p1....Y
	0x0010:  c0a8 018d 2133 3301 0101 bb25 c0a8 01ee  ....!33....%....
	0x0020:  6430 636b 6572 0000 0000 0000 0000       d0cker........
13:13:14.753181 IP (tos 0xc0, ttl 255, id 1172, offset 0, flags [none], proto VRRP (112), length 40)
    192.168.1.89 > 192.168.1.141: vrrp 192.168.1.89 > 192.168.1.141: VRRPv2, Advertisement, vrid 51, prio 0, authtype simple, intvl 1s, length 20, addrs: 192.168.1.238 auth "d0cker^@^@"
	0x0000:  45c0 0028 0494 0000 ff70 31db c0a8 0159  E..(.....p1....Y
	0x0010:  c0a8 018d 2133 0001 0101 ee25 c0a8 01ee  ....!3.....%....
	0x0020:  6430 636b 6572 0000 0000 0000 0000       d0cker........
13:13:15.489759 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.141 tell 192.168.1.89, length 46
	0x0000:  0001 0800 0604 0001 0050 56a7 bf4b c0a8  .........PV..K..
	0x0010:  0159 0000 0000 0000 c0a8 018d 0000 0000  .Y..............
	0x0020:  0000 0000 0000 0000 0000 0000 0000       ..............

###############
1.89 shuts down
###############

13:13:15.805985 IP (tos 0xc0, ttl 64, id 54050, offset 0, flags [none], proto ICMP (1), length 68)
    192.168.1.89 > 192.168.1.141: ICMP 192.168.1.89 protocol 112 unreachable, length 48
	IP (tos 0xc0, ttl 255, id 370, offset 0, flags [none], proto VRRP (112), length 40)
    192.168.1.141 > 192.168.1.89: vrrp 192.168.1.141 > 192.168.1.89: VRRPv2, Advertisement, vrid 51, prio 50, authtype simple, intvl 1s, length 20, addrs: 192.168.1.238 auth "d0cker^@^@"
	0x0000:  45c0 0044 d322 0000 4001 22a0 c0a8 0159  E..D."..@."....Y
	0x0010:  c0a8 018d 0302 fcfd 0000 0000 45c0 0028  ............E..(
	0x0020:  0172 0000 ff70 34fd c0a8 018d c0a8 0159  .r...p4........Y
	0x0030:  2133 3201 0101 bc25 c0a8 01ee 6430 636b  !32....%....d0ck
	0x0040:  6572 0000                                er..

############
1.89 reboots
############

13:13:37.026592 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.89 is-at 00:50:56:a7:bf:4b (oui Unknown), length 46
	0x0000:  0001 0800 0604 0002 0050 56a7 bf4b c0a8  .........PV..K..
	0x0010:  0159 0050 56a7 bf4b c0a8 0159 0000 0000  .Y.PV..K...Y....
	0x0020:  0000 0000 0000 0000 0000 0000 0000       ..............
13:13:37.087711 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.92 tell 192.168.1.89, length 46
	0x0000:  0001 0800 0604 0001 0050 56a7 bf4b c0a8  .........PV..K..
	0x0010:  0159 0000 0000 0000 c0a8 015c 0000 0000  .Y.........\....
	0x0020:  0000 0000 0000 0000 0000 0000 0000       ..............
13:13:37.814611 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.141 tell 192.168.1.89, length 46
	0x0000:  0001 0800 0604 0001 0050 56a7 bf4b c0a8  .........PV..K..
	0x0010:  0159 0000 0000 0000 c0a8 018d 0000 0000  .Y..............
	0x0020:  0000 0000 0000 0000 0000 0000 0000       ..............
13:13:37.814993 IP (tos 0xc0, ttl 64, id 50728, offset 0, flags [none], proto ICMP (1), length 68)
    192.168.1.89 > 192.168.1.141: ICMP host 192.168.1.89 unreachable - admin prohibited, length 48
	IP (tos 0xc0, ttl 255, id 392, offset 0, flags [none], proto VRRP (112), length 40)
    192.168.1.141 > 192.168.1.89: vrrp 192.168.1.141 > 192.168.1.89: VRRPv2, Advertisement, vrid 51, prio 50, authtype simple, intvl 1s, length 20, addrs: 192.168.1.238 auth "d0cker^@^@"
	0x0000:  45c0 0044 c628 0000 4001 2f9a c0a8 0159  E..D.(..@./....Y
	0x0010:  c0a8 018d 030a fcf5 0000 0000 45c0 0028  ............E..(
	0x0020:  0188 0000 ff70 34e7 c0a8 018d c0a8 0159  .....p4........Y
	0x0030:  2133 3201 0101 bc25 c0a8 01ee 6430 636b  !32....%....d0ck
	0x0040:  6572 0000                                er..

...
...
...


13:18:50.916774 IP (tos 0xc0, ttl 64, id 6988, offset 0, flags [none], proto ICMP (1), length 68)
    192.168.1.89 > 192.168.1.141: ICMP host 192.168.1.89 unreachable - admin prohibited, length 48
	IP (tos 0xc0, ttl 255, id 705, offset 0, flags [none], proto VRRP (112), length 40)
    192.168.1.141 > 192.168.1.89: vrrp 192.168.1.141 > 192.168.1.89: VRRPv2, Advertisement, vrid 51, prio 50, authtype simple, intvl 1s, length 20, addrs: 192.168.1.238 auth "d0cker^@^@"
	0x0000:  45c0 0044 1b4c 0000 4001 da76 c0a8 0159  [email protected]
	0x0010:  c0a8 018d 030a fcf5 0000 0000 45c0 0028  ............E..(
	0x0020:  02c1 0000 ff70 33ae c0a8 018d c0a8 0159  .....p3........Y
	0x0030:  2133 3201 0101 bc25 c0a8 01ee 6430 636b  !32....%....d0ck
	0x0040:  6572 0000                                er..
13:18:51.917283 IP (tos 0xc0, ttl 64, id 7758, offset 0, flags [none], proto ICMP (1), length 68)
    192.168.1.89 > 192.168.1.141: ICMP host 192.168.1.89 unreachable - admin prohibited, length 48
	IP (tos 0xc0, ttl 255, id 706, offset 0, flags [none], proto VRRP (112), length 40)
    192.168.1.141 > 192.168.1.89: vrrp 192.168.1.141 > 192.168.1.89: VRRPv2, Advertisement, vrid 51, prio 50, authtype simple, intvl 1s, length 20, addrs: 192.168.1.238 auth "d0cker^@^@"
	0x0000:  45c0 0044 1e4e 0000 4001 d774 c0a8 0159  [email protected]
	0x0010:  c0a8 018d 030a fcf5 0000 0000 45c0 0028  ............E..(
	0x0020:  02c2 0000 ff70 33ad c0a8 018d c0a8 0159  .....p3........Y
	0x0030:  2133 3201 0101 bc25 c0a8 01ee 6430 636b  !32....%....d0ck
	0x0040:  6572 0000                                er..

###################################
Keepalived Starts and 1.89 preempts
###################################

13:18:52.633415 IP (tos 0xc0, ttl 255, id 1, offset 0, flags [none], proto VRRP (112), length 40)
    192.168.1.89 > 192.168.1.141: vrrp 192.168.1.89 > 192.168.1.141: VRRPv2, Advertisement, vrid 51, prio 51, authtype simple, intvl 1s, length 20, addrs: 192.168.1.238 auth "d0cker^@^@"
	0x0000:  45c0 0028 0001 0000 ff70 366e c0a8 0159  E..(.....p6n...Y
	0x0010:  c0a8 018d 2133 3301 0101 bb25 c0a8 01ee  ....!33....%....
	0x0020:  6430 636b 6572 0000 0000 0000 0000       d0cker........
13:18:53.635410 IP (tos 0xc0, ttl 255, id 2, offset 0, flags [none], proto VRRP (112), length 40)
    192.168.1.89 > 192.168.1.141: vrrp 192.168.1.89 > 192.168.1.141: VRRPv2, Advertisement, vrid 51, prio 51, authtype simple, intvl 1s, length 20, addrs: 192.168.1.238 auth "d0cker^@^@"
	0x0000:  45c0 0028 0002 0000 ff70 366d c0a8 0159  E..(.....p6m...Y
	0x0010:  c0a8 018d 2133 3301 0101 bb25 c0a8 01ee  ....!33....%....
	0x0020:  6430 636b 6572 0000 0000 0000 0000       d0cker........
13:18:54.635747 IP (tos 0xc0, ttl 255, id 3, offset 0, flags [none], proto VRRP (112), length 40)
    192.168.1.89 > 192.168.1.141: vrrp 192.168.1.89 > 192.168.1.141: VRRPv2, Advertisement, vrid 51, prio 51, authtype simple, intvl 1s, length 20, addrs: 192.168.1.238 auth "d0cker^@^@"
	0x0000:  45c0 0028 0003 0000 ff70 366c c0a8 0159  E..(.....p6l...Y
	0x0010:  c0a8 018d 2133 3301 0101 bb25 c0a8 01ee  ....!33....%....
	0x0020:  6430 636b 6572 0000 0000 0000 0000       d0cker........
13:18:55.636675 IP (tos 0xc0, ttl 255, id 4, offset 0, flags [none], proto VRRP (112), length 40)
    192.168.1.89 > 192.168.1.141: vrrp 192.168.1.89 > 192.168.1.141: VRRPv2, Advertisement, vrid 51, prio 51, authtype simple, intvl 1s, length 20, addrs: 192.168.1.238 auth "d0cker^@^@"
	0x0000:  45c0 0028 0004 0000 ff70 366b c0a8 0159  E..(.....p6k...Y
	0x0010:  c0a8 018d 2133 3301 0101 bb25 c0a8 01ee  ....!33....%....
	0x0020:  6430 636b 6572 0000 0000 0000 0000       d0cker........

In this dump, the machine with priority 51 (1.89) goes down at 13:13:15 and comes alive again at 13:13:37. Keepalived is started after 5 minutes delay and the preemption occurs. You can see the preemption happening at 13:18:52. Let me know if any further information is required to point out the issue.

many core files created

when I run "docker run -itd --name keepalived --cap-add=NET_ADMIN --net host -v /root/keepalived/keepalived.conf:/container/service/keepalived/assets/keepalived.conf:rw osixia/keepalived --copy-service" in system:centos7 docker logs containerId：the logs as follow：
Keepalived[53]: immediately before the crash, and your configuration file.
Healthcheck child process(941) died: Respawning
Keepalived[53]: Healthcheck child process(941) died: Respawning
Starting Healthcheck child process, pid=943
Keepalived[53]: Starting Healthcheck child process, pid=943
Initializing ipvs
Keepalived_healthcheckers[943]: Initializing ipvs
modprobe: can't change directory to '/lib/modules': No such file or directory
IPVS: Can't initialize ipvs: Protocol not available
Keepalived_healthcheckers[943]: IPVS: Can't initialize ipvs: Protocol not available
Keepalived_healthcheckers exited due to segmentation fault (SIGSEGV).
Keepalived[53]: Keepalived_healthcheckers exited due to segmentation fault (SIGSEGV).
Please report a bug at https://github.com/acassen/keepalived/issues
Keepalived[53]: Please report a bug at https://github.com/acassen/keepalived/issues
and include this log from when keepalived started, what happened
Keepalived[53]: and include this log from when keepalived started, what happened
immediately before the crash, and your configuration file.
Keepalived[53]: immediately before the crash, and your configuration file.
Healthcheck child process(943) died: Respawning
Keepalived[53]: Healthcheck child process(943) died: Respawning
Starting Healthcheck child process, pid=945
Keepalived[53]: Starting Healthcheck child process, pid=945
Initializing ipvs
Keepalived_healthcheckers[945]: Initializing ipvs
modprobe: can't change directory to '/lib/modules': No such file or directory
IPVS: Can't initialize ipvs: Protocol not available
Keepalived_healthcheckers[945]: IPVS: Can't initialize ipvs: Protocol not available
Keepalived_healthcheckers exited due to segmentation fault (SIGSEGV).
^Cepalived[53]: Keepalived_healthcheckers exited due to segmentation fault (SIGSEGV).

and when I run "docker exec -it containerId sh", execute "ls" command ,there are many core files created:
core.12132 core.14300 core.16472 core.18640 core.20810 core.2298 core.3460 core.5656 core.7828 core.9996
core.12134 core.14302 core.16474 core.18642 core.20812 core.22980 core.3462 core.5658 core.783 core.9998
core.12136 core.14304 core.16476 core.18644 core.20814 core.22982 core.3464 core.5660 core.7830 dev
core.12138 core.14306 core.16478 core.18646 core.20816 core.22984 core.3466 core.5662 core.7832 etc
core.1214 core.14308 core.1648 core.18648 core.20818 core.22986 core.3468 core.5664 core.7834 home
core.12140 core.14310 core.16480 core.18650 core.2082 core.22988 core.347 core.5666 core.7836 lib
core.12142 core.14312 core.16482 core.18652 core.20820 core.22990 core.3470 core.5668 core.7838 media
core.12144 core.14314 core.16484 core.18654 core.20822 core.22992 core.3472 core.567 core.7840 mnt
core.12146 core.14316 core.16486 core.18656 core.20824 core.22994 core.3474 core.5670 core.7842 proc
core.12148 core.14318 core.16488 core.18658 core.20826 core.22996 core.3476 core.5672 core.7844 root
core.12150 core.1432 core.16490 core.1866 core.20828 core.22998 core.3478 core.5674 core.7846 run
core.12152 core.14320 core.16492 core.18660 core.20830 core.2300 core.3480 core.5676 core.7848 sbin
core.12154 core.14322 core.16494 core.18662 core.20832 core.23000 core.3482 core.5678 core.785 srv
core.12156 core.14324 core.16496 core.18664 core.20834 core.23002 core.3484 core.5680 core.7850 sys
core.12158 core.14326 core.16498 core.18666 core.20836 core.23004 core.3486 core.5682 core.7852 tmp
core.1216 core.14328 core.165 core.18668 core.20838 core.23006 core.3488 core.5684 core.7854 usr
core.12160 core.14330 core.1650 core.18670 core.2084 core.23008 core.349 core.5686 core.7856 var

more perms required

--cap-add=NET_ADMIN does not seem to be enough, as it gives:
Cant send advert to 192.168.1.195 (Operation not permitted)

By adding --privileged, everything seems ok.

When it gives error, I am running with:
docker run --name ka --env KEEPALIVED_INTERFACE=$(ip route | grep default | head -1 | cut -d" " -f5) --env KEEPALIVED_PASSWORD="d0cker" --cap-add=NET_ADMIN --net=host --env KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:['192.168.1.176', '192.168.1.195', '192.168.1.92']" --env KEEPALIVED_VIRTUAL_IPS="#PYTHON2BASH:['192.168.1.99']" --detach osixia/keepalived:1.4.1 --loglevel debug

Fri Feb 23 23:27:08 2018:  Default script uid:gid 0:0
Fri Feb 23 23:27:12 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.195 (Operation not permitted)
Fri Feb 23 23:27:12 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.92 (Operation not permitted)
Fri Feb 23 23:27:12 2018: VRRP_Instance(VI_1) Transition to MASTER STATE
Fri Feb 23 23:27:13 2018: VRRP_Instance(VI_1) Entering MASTER STATE
Fri Feb 23 23:27:13 2018: VRRP_Instance(VI_1) setting protocol VIPs.
Fri Feb 23 23:27:13 2018: Sending gratuitous ARP on enp0s3 for 192.168.1.99
Fri Feb 23 23:27:13 2018: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on enp0s3 for 192.168.1.99
Fri Feb 23 23:27:13 2018: Sending gratuitous ARP on enp0s3 for 192.168.1.99
Fri Feb 23 23:27:13 2018: Sending gratuitous ARP on enp0s3 for 192.168.1.99
Fri Feb 23 23:27:13 2018: Sending gratuitous ARP on enp0s3 for 192.168.1.99
Fri Feb 23 23:27:13 2018: Sending gratuitous ARP on enp0s3 for 192.168.1.99
Fri Feb 23 23:27:13 2018: Opening script file /container/service/keepalived/assets/notify.sh
Fri Feb 23 23:27:13 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.195 (Operation not permitted)
Fri Feb 23 23:27:13 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.92 (Operation not permitted)
I'm the MASTER! Whup whup.
Fri Feb 23 23:27:14 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.195 (Operation not permitted)
Fri Feb 23 23:27:14 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.92 (Operation not permitted)
Fri Feb 23 23:27:15 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.195 (Operation not permitted)
Fri Feb 23 23:27:15 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.92 (Operation not permitted)
Fri Feb 23 23:27:16 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.195 (Operation not permitted)
Fri Feb 23 23:27:16 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.92 (Operation not permitted)
Fri Feb 23 23:27:17 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.195 (Operation not permitted)
Fri Feb 23 23:27:17 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.92 (Operation not permitted)
Fri Feb 23 23:27:18 2018: Sending gratuitous ARP on enp0s3 for 192.168.1.99
Fri Feb 23 23:27:18 2018: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on enp0s3 for 192.168.1.99
Fri Feb 23 23:27:18 2018: Sending gratuitous ARP on enp0s3 for 192.168.1.99
Fri Feb 23 23:27:18 2018: Sending gratuitous ARP on enp0s3 for 192.168.1.99
Fri Feb 23 23:27:18 2018: Sending gratuitous ARP on enp0s3 for 192.168.1.99
Fri Feb 23 23:27:18 2018: Sending gratuitous ARP on enp0s3 for 192.168.1.99
Fri Feb 23 23:27:18 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.195 (Operation not permitted)
Fri Feb 23 23:27:18 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.92 (Operation not permitted)
Fri Feb 23 23:27:19 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.195 (Operation not permitted)
Fri Feb 23 23:27:19 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.92 (Operation not permitted)
Fri Feb 23 23:27:20 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.195 (Operation not permitted)
Fri Feb 23 23:27:20 2018: VRRP_Instance(VI_1) Cant send advert to 192.168.1.92 (Operation not permitted)

docker run error

docker run --volume /data/keepalived.conf:/container/service/keepalived/assets/keepalived.conf osixia/keepalived:1.3.9

*** CONTAINER_LOG_LEVEL = 3 (info)
*** Search service in CONTAINER_SERVICE_DIR = /container/service :
*** link /container/service/keepalived/startup.sh to /container/run/startup/keepalived
*** link /container/service/keepalived/process.sh to /container/run/process/keepalived/run
*** link /container/service/keepalived/finish.sh to /container/run/process/keepalived/finish
*** Set environment for startup files
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.yaml

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running /container/run/startup/keepalived...
sed: can't move '/container/service/keepalived/assets/keepalived.confALkEhK' to '/container/service/keepalived/assets/keepalived.conf': Resource busy
*** /container/run/startup/keepalived failed with status 1

*** Running /container/run/process/keepalived/finish...
*** Killing all processes...

vrrp_check scritp don't respond.

I mounted kepalived.conf and a track_script on docker run. When you run this, in the server message logs we can see "WARNING - script '/container/service/keepalived/assets/vvrp_check_status.sh' is not executable for uid:gid 0:0 - disabling." notify.sh is the same notify.sh used in the image.

I don't know whether I have done something wrong, Can you please help me?

keepalived.conf

global_defs {
default_interface {{ KEEPALIVED_INTERFACE }}
}

vrrp_script chk_nginx_service {
script "/container/service/keepalived/assets/vvrp_check_status.sh"
interval 2
weight 2
fall 2
rise 1
}

vrrp_instance VI_1 {
interface {{ KEEPALIVED_INTERFACE }}

state BACKUP
virtual_router_id {{ KEEPALIVED_ROUTER_ID }}
priority {{ KEEPALIVED_PRIORITY }}
nopreempt

unicast_peer {
{{ KEEPALIVED_UNICAST_PEERS }}
}

virtual_ipaddress {
{{ KEEPALIVED_VIRTUAL_IPS }}
}

track_script {
chk_nginx_service
}

authentication {
auth_type PASS
auth_pass {{ KEEPALIVED_PASSWORD }}
}

notify "/container/service/keepalived/assets/notify.sh"
}

vrrp_script

#!/bin/bash

STATE=$(curl -LI http://localhost/xxxxxxx.gif -o /dev/null -w '%{http_code}\n' -s)

if [ $STATE = 200 ]; then
logger -t info keepalived "Connection Sucess with $STATE "
exit 1
else
logger -t info keepalived "Connection failed with $STATE "
exit 0
fi

Floating IP Stays After Container Is Stopped

Hi,

Have you seen where the floating IP persists on the host even after the container is stopped? The only way I'm able to remediate this is to reboot.

Could this be used in Docker Cloud to configure Digital Ocean's Floating IPs?

I've setup a floating IP in digital ocean pointing to a node running a load balancer which is part of a docker cloud stack. Just wondering if this image could be used as part of this setup to switch between two load balancers?

https://www.digitalocean.com/community/tutorials/how-to-set-up-highly-available-web-servers-with-keepalived-and-floating-ips-on-ubuntu-14-04

Cheers.

Official docker image for keepalived

Hi,

Want to check if this docker image can be considered to be converted to a docker official image? That would bring the image under https://hub.docker.com/explore/

The steps and considerations for doing the same are here: https://docs.docker.com/docker-hub/official_repos/#how-do-i-create-a-new-official-repository

I would like to know if it makes sense for this container to be an official image in the first place? thanks!

The keepalived vip address cannot be transferred to other nodes

There are 3 nodes in the k8s cluster to deploy keepalived, and each node runs a keepalived started by a docker container. After the keepalived container state exits on the high-priority node, the VIP will not drift to other nodes.

Question: Why state is hard coded to BACKUP?

In the default keepalived.conf file, the state has been hardcoded to BACKUP. Shouldn't there be an environment variable to decide the state of the node?

...
vrrp_instance VI_1 {
  interface {{ KEEPALIVED_INTERFACE }}

  track_interface {
    {{ KEEPALIVED_INTERFACE }}
  }

  state BACKUP
  virtual_router_id {{ KEEPALIVED_ROUTER_ID }}
  priority {{ KEEPALIVED_PRIORITY }}
  nopreempt
...

Keepalived Blocks Docker's Overlay Network

Setup:

5 Physical nodes

Node1: 192.168.1.100 - manager
Node2: 192.168.1.101 - manager
Node3: 192.168.1.102 - manager
Node4: 192.168.1.104 - worker
Node5: 192.168.1.105 - worker

Create Test Overlay Network

docker create network test -d overlay --attachable

Deploy Test Stack

docker stack deploy test-stack --compose-file ./test-stack.yml

Run Tests

First find whichever node ubuntu1 (test server) is running on:

docker stack ps test-stack

Pick any other node and docker exec or ssh into ubuntu2

Running any of the following 5 commands produce a response from the test server:

ping test-stack_ubuntu1

curl test-stack_ubuntu1:8000
curl <ANY-MANAGER-NODE-IP>:8000

telnet test-stack_ubuntu1:8000
telnet <ANY-MANAGER-NODE-IP>:8000

Start osixia/keepalived:2.0.20

Run this on any of the manager nodes:

docker-compose -f ./keepalived.yml up -d

Re-Run Test

Re-running the tests above ping seems to work, but all others fail to connect

keepalived-sample-configs.zip

Please merge issue #19 solution (Hardcoded BACKUP)

I have created my own image out of #19 commit (f97ea92)
and the results are good!
This commit is substantial in my opinion.

keepalived inside the docker don't expose outside port when the network mode is host

the virtual_server 192.168.113.133 1358 how to export the 1358 port
host machine how to access.

the follow is keepalived file

global_defs {
router_id 150
}

vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass d0cker
}
virtual_ipaddress {
192.168.113.133
}
}

virtual_server 192.168.113.133 1358 {
delay_loop 3
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP

real_server 192.168.113.136 1358 {
    weight 1
    HTTP_GET {
        url {
          path /testurl/test
          digest 640205b7b0fc66c1ea91c463fac6334d
        }
        url {
          path /testurl2/test
          digest 640205b7b0fc66c1ea91c463fac6334d
        }
        url {
          path /testurl3/test
          digest 640205b7b0fc66c1ea91c463fac6334d
        }
        connect_timeout 30
        retry 3
        delay_before_retry 30
    }
}

real_server 192.168.113.137 1358 {
    weight 1
    HTTP_GET {
        url {
          path /testurl/test
          digest 640205b7b0fc66c1ea91c463fac6334d
        }
        url {
          path /testurl2/test
          digest 640205b7b0fc66c1ea91c463fac6334d
        }
        url {
          path /testurl3/test
          digest 640205b7b0fc66c1ea91c463fac6334d
        }
        connect_timeout 30
        retry 3
        delay_before_retry 30
    }
}

}

Is this replaced by shawly/docker-keepalived?

Since this has not been maintained in 4 years, and the company that supported it with two devs is no longer in business, is https://github.com/shawly/docker-keepalived a suitable replacement that is kept up to date?

That at least has multiple architectures and is being updated to the latest releases of keepalived.

Has anyone else find a more supported version that is kept up to date than this?

Important use CPU, loop process IPVS

hi,

I use keepalived container in VM ubuntu 14.04, He important use CPU, because a process to inititialize IPVS start loop.

15/2/2016 03:00:46Initializing ipvs 2.6
15/2/2016 03:00:46Keepalived_healthcheckers[15852]: Initializing ipvs 2.6

15/2/2016 03:00:46IPVS: Can't initialize ipvs: Protocol not available
15/2/2016 03:00:46Keepalived_healthcheckers[15852]: IPVS: Can't initialize ipvs: Protocol not available

15/2/2016 03:00:46Healthcheck child process(15852) died: Respawning
15/2/2016 03:00:46Keepalived[9]: Healthcheck child process(15852) died: Respawning

15/2/2016 03:00:46Starting Healthcheck child process, pid=15854
15/2/2016 03:00:46Keepalived[9]: Starting Healthcheck child process, pid=15854

15/2/2016 03:00:46Initializing ipvs 2.6
15/2/2016 03:00:46Keepalived_healthcheckers[15854]: Initializing ipvs 2.6
15/2/2016 03:00:46IPVS: Can't initialize ipvs: Protocol not available
15/2/2016 03:00:46Keepalived_healthcheckers[15854]: IPVS: Can't initialize ipvs: Protocol not available

An idea to resolve it please ?

NB: Virtual IP works well

WARNING - equal priority advert received from remote host with our IP address

Getting this warnings on the master, but I cant see any strange vrrp packets with tcpdump.

WARNING - equal priority advert received from remote host with our IP address.

Keepalive works fine its only filling the log in the master, backup log normal.
The warnings logs every second, feels like the master detects its own packets.
I have tested several config and versions with the same results.
I tried with different prioritys on the two nodes
Example of configs with the same behavior

docker run  -d --name keepalive --cap-add=NET_ADMIN --net=host --env KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:['172.20.95.112', '172.20.95.114']" --env KEEPALIVED_VIRTUAL_IPS="#PYTHON2BASH:['172.20.95.31']" --detach osixia/keepalived:2.0.13
docker run  -d --name keepalive --cap-add=NET_ADMIN --cap-add=NET_BROADCAST --cap-add=NET_RAW --network host --env KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:['172.20.95.112', '172.20.95.114']" --env KEEPALIVED_VIRTUAL_IPS="#PYTHON2BASH:['172.20.95.31']" --detach osixia/keepalived:2.0.17
docker run  -d --name keepalive --cap-add=NET_ADMIN --cap-add=NET_BROADCAST --cap-add=NET_RAW --env KEEPALIVED_PRIORITY="200" --network host --env KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:['172.20.95.112', '172.20.95.114']" --env KEEPALIVED_VIRTUAL_IPS="#PYTHON2BASH:['172.20.95.31']" --detach osixia/keepalived:2.0.17
docker run  -d --name keepalive --cap-add=NET_ADMIN --cap-add=NET_BROADCAST --cap-add=NET_RAW --net=host --env KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:['172.20.95.112', '172.20.95.114']" --env KEEPALIVED_VIRTUAL_IPS="#PYTHON2BASH:['172.20.95.31']" --detach osixia/keepalived:2.0.17
docker run  -d --name keepalive --cap-add=NET_ADMIN --env KEEPALIVED_PRIORITY="200" --network host --env KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:['172.20.95.112', '172.20.95.114']" --env KEEPALIVED_VIRTUAL_IPS="#PYTHON2BASH:['172.20.95.31']" --detach osixia/keepalived:2.0.17

versions

 cat /etc/os-release
NAME="SLES"
VERSION="12-SP4"
VERSION_ID="12.4"
PRETTY_NAME="SUSE Linux Enterprise Server 12 SP4"
ID="sles"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:12:sp4"
# docker version
Client:
 Version:           19.03.1
 API version:       1.40
 Go version:        go1.12.6
 Git commit:        74b1e89e8ac6
 Built:             Tue Aug  6 15:25:24 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          19.03.1
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.6
  Git commit:       74b1e89e8ac6
  Built:            Thu Jul 25 20:38:41 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.2.6
  GitCommit:        894b81a4b802e4eb2a91d1ce216b8817763c29fb
 runc:
  Version:          1.0.0-rc8
  GitCommit:        425e105d5a03fabd737a126ad93d62a9eeede87f
 docker-init:
  Version:          0.1.3_catatonit
  GitCommit:
[infra] root@infra-lbngxk8-01:~ #

Any Idea what I done wrong?
Thanks in advance!

when system reboot or unexpected shutdown, keepalived never start up again

reproduce step((assume the container name is keepalived):
1.docker kill keepalived
2.docker start keeplaived
3.docker logs -f keepalived

logs:
*** ------------------------------------------
*** Running /container/run/process/keepalived/run...
*** /container/run/process/keepalived/run started as PID 25
Mon May 28 14:51:33 2018: Starting Keepalived v1.4.2 (02/24,2018), git commit v1.4.1-41-g6a2987e+
Mon May 28 14:51:33 2018: WARNING - keepalived was build for newer Linux 4.4.6, running on Linux3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017
Mon May 28 14:51:33 2018: Opening file '/usr/local/etc/keepalived/keepalived.conf'.
Mon May 28 14:51:33 2018: daemon is already running
*** /container/run/process/keepalived/run exited with status 0
*** Run commands before finish...
*** Running /container/run/process/keepalived/finish...
*** ------------ Environment dump ------------
*** KEEPALIVED_PRIORITY = 150
*** LC_CTYPE = C.UTF-8
*** INITRD = no
*** HOME = /root
*** PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
*** LANG = en_US.UTF-8
*** CONTAINER_SERVICE_DIR = /container/run/service
*** LANGUAGE = en_US:en
*** KEEPALIVED_VIRTUAL_IPS_ROW_2 = 192.168.1.232
*** KEEPALIVED_NOTIFY = /container/service/keepalived/assets/notify.sh
*** KEEPALIVED_COMMAND_LINE_ARGUMENTS = --log-detail --dump-conf
*** KEEPALIVED_VIRTUAL_IPS_ROW_1 = 192.168.1.231
*** KEEPALIVED_UNICAST_PEERS = #COMPLEX_BASH_ENV:TABLE: KEEPALIVED_UNICAST_PEERS_ROW_1 KEEPALIVED_UNICAST_PEERS_ROW_2
*** CONTAINER_LOG_LEVEL = 4
*** LC_ALL = en_US.UTF-8
*** KEEPALIVED_VIRTUAL_IPS = #COMPLEX_BASH_ENV:TABLE: KEEPALIVED_VIRTUAL_IPS_ROW_1 KEEPALIVED_VIRTUAL_IPS_ROW_2
*** KEEPALIVED_INTERFACE = eth0
*** KEEPALIVED_UNICAST_PEERS_ROW_1 = 192.168.1.10
*** KEEPALIVED_UNICAST_PEERS_ROW_2 = 192.168.1.11
*** HOSTNAME = localhost.localdomain
*** CONTAINER_STATE_DIR = /container/run/state
*** KEEPALIVED_PASSWORD = d0cker
*** ------------------------------------------
*** Killing all processes...

docker version
Client:
Version: 17.10.0-ce
API version: 1.33
Go version: go1.8.3
Git commit: f4ffd25
Built: Tue Oct 17 19:04:05 2017
OS/Arch: linux/amd64

Server:
Version: 17.10.0-ce
API version: 1.33 (minimum version 1.12)
Go version: go1.8.3
Git commit: f4ffd25
Built: Tue Oct 17 19:05:38 2017
OS/Arch: linux/amd64
Experimental: false

hint: is the keepalived pid fille caused this problem?

Virtual IP can not achieve the master switchover

Hi,
Through keepalived nginx master and backup, but the main nginx lost, the virtual IP will not drift to nginx, configured as follows:
10.10.14.9 The host hosts the main nginx and keepalived containers
10.10.14.8 The host has prepared nginx and keepalived containers
keepalived configure:
global_defs {
default_interface ens33
}

#vrrp_script chk_nginx {

script "/etc/keepalived/check_nginx.sh"

interval 2

weight -5

fall 3

rise 2

vrrp_instance VI_1 {
interface ens33

track_interface {
ens33
}

state MASTER
virtual_router_id 51
priority 100
nopreempt

unicast_peer {
10.10.14.8
10.10.14.9
}

virtual_ipaddress {
10.10.14.16
}

authentication {
auth_type PASS
auth_pass 1111
}

track_script {

chk_nginx

}

notify "/container/service/keepalived/assets/notify.sh"

Gratuitous ARPs stop after 2nd send

Love the container image but after two sends of the gratuitous arps for the VIPs, five seconds apart, they just stop, the arp table entries age out on routers and my virtual servers go down.

I have tried this on a Centos7 docker host, an Ubtunu 16:04 docker host and on my Debian Jessie workstation, as well as various run options ( using defaults, specifying options with ENV variables and using my own config file ).

Log file just stops after 2nd arp send:

Fri Aug 25 15:43:53 2017: Sending gratuitous ARP on eth0 for 192.168.122.201
Fri Aug 25 15:43:53 2017: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.122.201
Fri Aug 25 15:43:53 2017: Sending gratuitous ARP on eth0 for 192.168.122.201
Fri Aug 25 15:43:53 2017: Sending gratuitous ARP on eth0 for 192.168.122.201
Fri Aug 25 15:43:53 2017: Sending gratuitous ARP on eth0 for 192.168.122.201
Fri Aug 25 15:43:53 2017: Sending gratuitous ARP on eth0 for 192.168.122.201
Fri Aug 25 15:43:58 2017: Sending gratuitous ARP on eth0 for 192.168.122.201
Fri Aug 25 15:43:58 2017: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.122.201
Fri Aug 25 15:43:58 2017: Sending gratuitous ARP on eth0 for 192.168.122.201
Fri Aug 25 15:43:58 2017: Sending gratuitous ARP on eth0 for 192.168.122.201
Fri Aug 25 15:43:58 2017: Sending gratuitous ARP on eth0 for 192.168.122.201
Fri Aug 25 15:43:58 2017: Sending gratuitous ARP on eth0 for 192.168.122.201

I actually took down a real server just to make something appear in the log and confirm that keepalived was alive:

Fri Aug 25 15:46:59 2017: Error connecting server [192.168.122.224]:tcp:80.
Fri Aug 25 15:47:02 2017: Error connecting server [192.168.122.224]:tcp:80.
Fri Aug 25 15:47:05 2017: Error connecting server [192.168.122.224]:tcp:80.
Fri Aug 25 15:47:08 2017: Error connecting server [192.168.122.224]:tcp:80.
Fri Aug 25 15:47:08 2017: Check on service [192.168.122.224]:tcp:80 failed after 3 retry.
Fri Aug 25 15:47:08 2017: Removing service [192.168.122.224]:tcp:80 from VS [192.168.122.201]:tcp:80
Fri Aug 25 15:47:08 2017: Remote SMTP server [165.161.12.120]:25 connected.
Fri Aug 25 15:47:08 2017: Error processing RCPT cmd on SMTP server [165.161.12.120]:25. SMTP status code = 554
Fri Aug 25 15:47:08 2017: Can not read data from remote SMTP server [165.161.12.120]:25.

Seems really odd that nobody else is seeing this.

I have keepalived working fine in same environment outside of containers.

执行脚本问题

请问一下，配置文件里添加了脚本路径，并把执行脚本挂载到容器中，脚本里是docker命令，所以容器内怎么使用docker命令呢

keepalived volume my keepalived config and error

my start command:

docker run --name=keepalived -d -v /data/keepalived/keepalived.conf:/container/service/keepalived/assets/keepalived.conf -v /data/keepalived/scripts:/etc/keepalived/scripts --net=host --cap-add=NET_ADMIN osixia/keepalived:2.0.17

ERROR

sed: can't move '/container/service/keepalived/assets/keepalived.confblOEki' to '/container/service/keepalived/assets/keepalived.conf': Resource busy

Version: 2.0.17

How to use the '--config-id' command line option

Hi,

I want to use keepalived's conditional configuration which requires the image to pass the '--config-id' command line option to keepalived.
Apparently this is blocked as can be seen here:

$ docker run --rm --cap-add=NET_ADMIN --net=host --name kad -v /data/keepalived.conf:/container/service/keepalived/assets/keepalived.conf osixia/keepalived:2.0.19 --copy-service --config-id main
usage: run [-h] [-e] [-s] [-p] [-f] [-o {startup,process,finish}]
           [-c COMMAND [WHEN={startup,process,finish} ...]] [-k]
           [--wait-state FILENAME] [--wait-first-startup] [--keep-startup-env]
           [--copy-service] [--dont-touch-etc-hosts] [--keepalive]
           [--keepalive-force] [-l {none,error,warning,info,debug,trace}]
           [MAIN_COMMAND [MAIN_COMMAND ...]]
run: error: unrecognized arguments: --config-id

Is it supported somehow?
Thanks

Suggestion: support multiple VRRPs for a load balance setup

I really enjoyed the image with a simple Yaml configuration. However, my team needs a more complicated setup for our environment.

Today, we have keepalived deployed natively on our servers. We are making the move to make a Docker deployment soon and your image has been of great value to us.

One of our structures relies on four frontend servers sharing the same virtual IPs. In order to create a load balance, we need four VRRPs declared on each server. This way, each server is the master of one virtual IP and everyone is a backup for the others.

This is what our configuration looks like for this setup (my local docker containers run on the bridge network 18.18.0.0/16):

    vrrp_instance VI_18_18_0_102 {
      interface eth0
      state MASTER
      priority 160

      virtual_router_id 51

      unicast_src_ip 18.18.0.2

      unicast_peer {
        18.18.0.3
        18.18.0.4
        18.18.0.5
      }

      authentication {
        auth_type PASS
        auth_pass d0cker
      }

      virtual_ipaddress {
        18.18.0.102
      }

      notify_master /container/service/keepalived/assets/notify.sh
    }

    vrrp_instance VI_18_18_0_103 {
      interface eth0
      state BACKUP
      priority 150

      virtual_router_id 52

      unicast_src_ip 18.18.0.2

      unicast_peer {
        18.18.0.3
        18.18.0.4
        18.18.0.5
      }

      authentication {
        auth_type PASS
        auth_pass d0cker
      }

      virtual_ipaddress {
        18.18.0.103
      }

      notify_master /container/service/keepalived/assets/notify.sh
    }

    vrrp_instance VI_18_18_0_104 {
      interface eth0
      state BACKUP
      priority 150

      virtual_router_id 53

      unicast_src_ip 18.18.0.2

      unicast_peer {
        18.18.0.3
        18.18.0.4
        18.18.0.5
      }

      authentication {
        auth_type PASS
        auth_pass d0cker
      }

      virtual_ipaddress {
        18.18.0.104
      }

      notify_master /container/service/keepalived/assets/notify.sh
    }

    vrrp_instance VI_18_18_0_105 {
      interface eth0
      state BACKUP
      priority 150

      virtual_router_id 54

      unicast_src_ip 18.18.0.2

      unicast_peer {
        18.18.0.3
        18.18.0.4
        18.18.0.5
      }

      authentication {
        auth_type PASS
        auth_pass d0cker
      }

      ## IP virtual deste VRRP
      virtual_ipaddress {
        18.18.0.105
      }

      notify_master /container/service/keepalived/assets/notify.sh
    }

It would be great to have support for this. In fact, I've modifed your image to meet the demands of my team. I'm running your image with a modified version of the startup.sh script.

#!/bin/bash -e

# set -x (bash debug) if log level is trace
# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/log-helper
log-helper level eq trace && set -x

FIRST_START_DONE="${CONTAINER_STATE_DIR}/docker-keepalived-first-start-done"
# container first start
if [ ! -e "$FIRST_START_DONE" ]; then

  rm -fr ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf

  # loop through KEEPALIVED_VIRTUAL_IPS
  # format si "PEERIP,VIRTUALIP"
  #
  for vipstring in $(complex-bash-env iterate KEEPALIVED_VIRTUAL_IPS)
  do

    # split PEERIP from VIRTUALIP
    pip=$(echo ${!vipstring} | awk -F ',' '{print $1}')
    vip=$(echo ${!vipstring} | awk -F ',' '{print $2}')

    # acquire IP from my own KEEPALIVED_INTERFACE
    my_IP=$(ifconfig eth0 | grep 'inet addr:' | awk '{print $2}' | sed 's/addr://')
    
    # loop through again to gather a list of peers, excluding my_IP
    my_PeerList=""
    for vipstring_2 in $(complex-bash-env iterate KEEPALIVED_VIRTUAL_IPS)
    do
      pip_2=$(echo ${!vipstring_2} | awk -F ',' '{print $1}')
      vip_2=$(echo ${!vipstring_2} | awk -F ',' '{print $2}')
      if [[ "$pip_2" != "$my_IP" ]]; then
        my_PeerList=$(printf "\n        %s" $my_PeerList $pip_2)
      fi
    done

    # replace dots with _ for sanitized VRRP name
    vip_sanitized=$(echo $vip | sed 's/\./_/g')

    vip_state="BACKUP"
    let KEEPALIVED_PRIORITY_REAL=$KEEPALIVED_PRIORITY
    if [[ "$pip" == "$my_IP" ]]; then
      vip_state="MASTER"
      let KEEPALIVED_PRIORITY_REAL=$KEEPALIVED_PRIORITY+10
    fi

    echo "
    vrrp_instance VI_${vip_sanitized} {
      interface ${KEEPALIVED_INTERFACE}
      state ${vip_state}
      priority ${KEEPALIVED_PRIORITY_REAL}

      virtual_router_id ${KEEPALIVED_VIRTUAL_ROUTER_ID}

      ## IP interno deste servidor
      unicast_src_ip ${my_IP}

      ## IPs internos dos peers
      unicast_peer {${my_PeerList}
      }

      authentication {
        auth_type PASS
        auth_pass ${KEEPALIVED_PASSWORD}
      }

      ## IP virtual deste VRRP
      virtual_ipaddress {
        ${vip}
      }

      # track_script {
      #   chk_nginx
      # }

      notify_master ${KEEPALIVED_NOTIFY}
    }


    " >> ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf

    let KEEPALIVED_VIRTUAL_ROUTER_ID=$KEEPALIVED_VIRTUAL_ROUTER_ID+1
  done

  touch $FIRST_START_DONE
fi

cat ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf

# try to delete virtual ips from interface
for vip in $(complex-bash-env iterate KEEPALIVED_VIRTUAL_IPS)
do
  
  # format is "PEERIP,VIRTUALIP"
  # pick virtual IP from variable
  vip=$(echo ${!vip} | awk -F ',' '{print $2}')

  IP=$(echo ${vip} | awk '{print $1}')
  IP_INFO=$(ip addr list | grep ${IP}) || continue
  IP_V6=$(echo "${IP_INFO}" | grep "inet6") || true

  # ipv4
  if [ -z "${IP_V6}" ]; then
    IP_INTERFACE=$(echo "${IP_INFO}" |  awk '{print $5}')
  # ipv6
  else
    echo "skipping address: ${IP} - ipv6 not supported yet :("
    continue
  fi

  ip addr del ${IP} dev ${IP_INTERFACE} || true
done

if [ ! -e "/usr/local/etc/keepalived/keepalived.conf" ]; then
  ln -sf ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf /usr/local/etc/keepalived/keepalived.conf
fi

exit 0

The configuration also needes a small adjustment to allow us to map each virtual IP to a peer in the list.

KEEPALIVED_COMMAND_LINE_ARGUMENTS: --log-detail --dump-conf

KEEPALIVED_INTERFACE: eth0
KEEPALIVED_PASSWORD: d0cker

KEEPALIVED_VIRTUAL_ROUTER_ID: 51

# For electing MASTER, highest priority wins.
# to be MASTER, make 50 more than other machines
KEEPALIVED_PRIORITY: 150

#
# List peers and virtual IPs in the format
# - PEER_IP,VIRTUAL_IP
#
# This format allows multiple VRRPs do be created, load balancing
# all traffic among all peers at the same time.
#
# It indicates that each PEER_IP will respond to its own VIRTUAL_IP as its master.
# When one of the hosts is offline, another peer will assume its virtual IP.
#
# The idea is to allow, not only failover, but also load balancing
#
KEEPALIVED_VIRTUAL_IPS:
  - 18.18.0.2,18.18.0.102
  - 18.18.0.3,18.18.0.103
  - 18.18.0.4,18.18.0.104
  - 18.18.0.5,18.18.0.105

KEEPALIVED_NOTIFY: /container/service/keepalived/assets/notify.sh

This would be an excellent addition. I hope you get a chance to merge the above example with your code. As far as I tested, this seems to work well in our test evironments, inside Docker.

To run this example, create four containers using the same Yaml above taking note of the IP ranges your local bridge is using. You could also statically assign IPs from the local bridge to each container if you can't rely on the automatic numering (102, 103, 104, 105, etc).

Future of this project?

Hi,

I use the containerized version and it works well, thanks so far!
I unfortunately have to say that I also noticed that there is quite some stuff which seems a bit outdated to me, like updates to keepalived which is available in 2.1.5 (I already tested it and can open a PR) or updates to the base (alpine 3.10 is EOL May 2021 and 3.12 is out) or updates to the tickets which are sometimes already solved but still open.

@BertrandGouny could you please share if you have any plans for this repo or the base image in the future?
I really like the project as it has some convenient features and understand that this is an open source project where you are of course not obliged to do something as owners, but if there is something that can be done to keep this alive the community could maybe support you here more.

After having a quick look and of course not knowing many use cases or the history it seems that this image could maybe be decoupled from the current base image and simplified a bit to keep it more uptodate and easier to maintain, not sure what you think about this.

Thanks, Vincent

Reload configuration

Hi,

Is there a way to reload the configuration without restating the container (the same as done in the not dockerized version with: systemctl reload keepalived).

Thanks

cant not use link config to config keepalived

I follow the section "Use your own Keepalived config"
run this command
docker run --cap-add=NET_ADMIN --net=host -v /home/ke.conf:/container/service/keepalived/assets/keepalived.conf -it osixia/keepalived:1.4.4 --loglevel debug

/home/ke.conf looks like this

global_defs {
  default_interface eth0
}

vrrp_instance VI_1 {
  interface eth0

  track_interface {
    eth0
  }

  state BACKUP
  virtual_router_id 51
  priority 150

  virtual_ipaddress {
    172.17.64.111
  }

  authentication {
    auth_type PASS
    auth_pass d0cker
  }

  notify "/container/service/keepalived/assets/notify.sh"
}

Through the BUG mode I got these info

sed: can't move '/container/service/keepalived/assets/keepalived.confJBHFPJ' to '/container/service/keepalived/assets/keepalived.conf': Resource busy

Can IPv6 be supported

My yaml template is

-Name: KEEPALIVED_ VIRTUAL_ IPS

Value: "IPv4 address dev network card name"

I want to configure dual stack, how to configure IPv6

Singals are ignored, breaking monitoring systems

Monitoring exporters, like this one: https://github.com/cafebazaar/keepalived-exporter rely on being able to send signal to docker container in order for keepalived to dump its stats/data files.

Because in this image the PID1 is merely a startup process (it doesn't exec keepalived), it is the one that receives the signals. It ignores those signals completely, causing it to fail. I believe fixing it might require allowing containers to register custom signal handlers here: https://github.com/osixia/docker-light-baseimage/blob/master/image/tool/run#L892-L894

TL;DR:
I'd expect running docker kill -s 12 keepalived to cause it to create /tmp/keepalived.stats.

vrrp_script not working with killall in docker

My current Keepalived/Haproxy setup without docker uses the killall script to check if haproxy is still running.
When i tried this in the docker setup it does not seem to work, i'm getting exit 127 errors in the logs.

Tue Feb 16 13:38:34 2021: Script `chk_haproxy` now returning 127,
Tue Feb 16 13:38:34 2021: VRRP_Script(chk_haproxy) failed (exited with status 127)

This is very weird because if I exec into the container the command runs as expected:

sudo docker exec keepalived /usr/bin/killall -0 haproxy
<no output>
sudo docker exec keepalived /usr/bin/killall -0 haproxyxxxx
killall: haproxyxxxx: no process killed

This is (almost) the same as on my current ubuntu server:

root@SKVLB01:/home/administrator# /usr/bin/killall -0 haproxy
<no output>
root@SKVLB01:/home/administrator# /usr/bin/killall -0 haproxyxxx
haproxyxxx: no process found

So I went back to the pidof version of the checker which works just fine, but im still curious why it wont work.
Maybe because the killall programs arent the same:
alpine:

sudo docker exec keepalived /usr/bin/killall --help
BusyBox v1.30.1 (2019-06-12 17:51:55 UTC) multi-call binary.

ubuntu:

/usr/bin/killall --version
killall (PSmisc) UNKNOWN
Copyright (C) 1993-2017 Werner Almesberger and Craig Small

My keepalived config:

global_defs {
	notification_email {
	script_user root root
	enable_script_security
}

vrrp_script chk_haproxy {
	script "/usr/bin/killall -0 haproxy"
	#script "/bin/pidof haproxy"
	weight 2
}

vrrp_instance VI_1 {
	interface ens18
	virtual_router_id 55
	state MASTER
	priority 10

	virtual_ipaddress {
		192.168.5.49
	}
	
	track_script {
		chk_haproxy
	}
}

My docker compose config:

  keepalived:
    container_name: keepalived
    image: osixia/keepalived:2.0.20
    network_mode: host
    pid: host
    volumes:
      - /srv/docker/keepalived/keepalived.conf:/container/service/keepalived/assets/keepalived.conf
    restart: always
    cap_add:
      - NET_ADMIN
      - NET_BROADCAST
      - NET_RAW
    command: [--copy-service, --loglevel, debug]
    environment:
      KEEPALIVED_COMMAND_LINE_ARGUMENTS: >-
        --log-detail
        --log-console

Can keepalived control the appending order of IPv6 protocol stack IPs?

Do you have a version that supports arrch64 architecture?

Is it possible to add a static mac address for a vrrp ip?

I am using a consumer grade Fritz!Box 7590 DSL router.
My problem is, that it does not allow to select the vrrp ip of my three instance keepalived "cluster" as it seems the default mode is ipvlan sharing the same mac adress as the hosts network interface.

Is it possible to configure a static mac address for the vrrp ip assigned to the master node?

Keepalived 2.2.7

Hi!

Will the docker image be updated for the newest version keepalived 2.2.7?

https://github.com/acassen/keepalived/tags

Best regards, Robin

Raspberry Pi Image

Hi,

As anyone got this working on a Raspberry Pi?

No matter what image I use of the Arm versions, I get the error which is usually associated with the wrong architecture:

keepalived | standard_init_linux.go:211: exec user process caused "exec format error"

I have tried latest, stable and the specific 2.0.19 images and both arm32v7 (as should be expected for a Pi 3) and just to try it the arm64v8 images too.

Any help much appreciated.

error:can not move conf file

when i run "docker run -itd --name keepalived --cap-add=NET_ADMIN --net host -v /root/keepalived/keepalived.conf:/container/service/keepalived/assets/keepalived.conf osixia/keepalived" docker logs containerId as follow:
*** CONTAINER_LOG_LEVEL = 3 (info)
*** Search service in CONTAINER_SERVICE_DIR = /container/service :
*** link /container/service/keepalived/startup.sh to /container/run/startup/keepalived
*** link /container/service/keepalived/process.sh to /container/run/process/keepalived/run
*** link /container/service/keepalived/finish.sh to /container/run/process/keepalived/finish
*** Set environment for startup files
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.yaml

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running /container/run/startup/keepalived...
sed: can't move '/container/service/keepalived/assets/keepalived.confHBCjcp' to '/container/service/keepalived/assets/keepalived.conf': Resource busy
*** /container/run/startup/keepalived failed with status 1

*** Running /container/run/process/keepalived/finish...
*** Killing all processes...

curl - check script

Provided that keepalived is mainly used for web purposes, and provided that keepalived usually needs a check script, I think the image needs curl package.

(see also #27).

How to use the keepalived with docker-compose.yml?

Docker version 18.03.1-ce, build 9ee9f40
docker-compose version 1.21.2, build a133471
docker-compose.yml version 3.6

the keepalived image built by https://github.com/osixia/docker-keepalived/tree/stable/image
what should i do?Give me some advice,plz!
Forgive me the poor English!

KEEPALIVED_INTERFACE - default to default gw interface

KEEPALIVED_INTERFACE instead of eth0, can you default to the default gw one?
$(ip route | grep default | head -1 | cut -d" " -f5)

I think this would cover most of the cases.

Netlink: error: Operation not permitted(1), type=RTM_NEWADDR(20), seq=1563327313, pid=0

docker image ，How to solve this problem？

New config isnt copied on container restart

Everytime i update the linked keepalived config on the host, i need to stop and remove the container, then create it again.
A container restart, recreate or edit(re-deploy through Portainer) does not copy the changed config file to the local folder.

I now do this:

sudo docker container stop keepalived
sudo docker container rm keepalived
sudo docker-compose up -d

And to test if the new config is loaded
sudo docker exec keepalived cat /usr/local/etc/keepalived/keepalived.conf

It should copy and use the new config file on every (re)start.

I use the following docker-compose config:

  keepalived:
    container_name: keepalived
    image: osixia/keepalived:2.0.20
    network_mode: host
    pid: host
    volumes:
      - /srv/docker/keepalived/keepalived.conf:/container/service/keepalived/assets/keepalived.conf
    restart: always
    cap_add:
      - NET_ADMIN
      - NET_BROADCAST
      - NET_RAW
    command: [--copy-service, --loglevel, debug]
    environment:
      KEEPALIVED_COMMAND_LINE_ARGUMENTS: >-
        --log-detail
        --log-console

arm64 image is not actually arm64; binaries are x86-64

[fedora@localhost ~]$ uname -a
Linux localhost.localdomain 5.7.17-200.fc32.aarch64 #1 SMP Fri Aug 21 15:10:15 UTC 2020 aarch64 aarch64 aarch64 GNU/Linux
[fedora@localhost ~]$ docker pull osixia/keepalived:2.0.20-arm64v8
2.0.20-arm64v8: Pulling from osixia/keepalived
Digest: sha256:acfac42f4e729a0b0347dac314318ed76d82e2380481b71f1c440b02c617717a
Status: Image is up to date for osixia/keepalived:2.0.20-arm64v8
docker.io/osixia/keepalived:2.0.20-arm64v8
[fedora@localhost ~]$ docker image inspect osixia/keepalived:2.0.20-arm64v8 | grep LowerDir | tr : '\n'
                "LowerDir"
 "/var/lib/docker/overlay2/82e7d7b3a9ec54fb689ac365823148e399f29ce39fa066f768887f966dd9bd65/diff
/var/lib/docker/overlay2/bb27491217a278a04554a5fb41153f184880d502bd2c00e6a1373ed3a801d931/diff
/var/lib/docker/overlay2/33b6cf12d14eb59b81567619525f07749e6c9b08a6a48b288bbb3c8e11207a4b/diff
/var/lib/docker/overlay2/7769b2cce70ac332dc788bf7af7d7a176fddd257de608a9095d06d74f89ec92e/diff
/var/lib/docker/overlay2/e02285343cab0c7ab8122b0b5f146a10a50aea6432524ff104258680dc123e49/diff
/var/lib/docker/overlay2/f5afe5e3ea71694a384fc805273e7d1202d9b61de9d6aa7a8808605eaa04b7b0/diff",
[fedora@localhost ~]$ sudo file /var/lib/docker/overlay2/33b6cf12d14eb59b81567619525f07749e6c9b08a6a48b288bbb3c8e11207a4b/diff/usr/local/sbin/keepalived
/var/lib/docker/overlay2/33b6cf12d14eb59b81567619525f07749e6c9b08a6a48b288bbb3c8e11207a4b/diff/usr/local/sbin/keepalived: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-musl-x86_64.so.1, with debug_info, not stripped
[fedora@localhost ~]$ sudo file /var/lib/docker/overlay2/7769b2cce70ac332dc788bf7af7d7a176fddd257de608a9095d06d74f89ec92e/diff/bin/bash
/var/lib/docker/overlay2/7769b2cce70ac332dc788bf7af7d7a176fddd257de608a9095d06d74f89ec92e/diff/bin/bash: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-musl-x86_64.so.1, stripped

This is probably the same problem as #35, but that seems to be focused on arm32; arm64 is also affected.

Error: an inet prefix is expected

When trying to run docker-keepalived, even with all defaults, it throws the the following error:

docker run --env KEEPALIVED_INTERFACE="eno1" --cap-add=NET_ADMIN osixia/keepalived:1.3.5
...
Error: an inet prefix is expected rather than "KEEPALIVED_VIRTUAL_IPS_ROW_1/32".
Error: an inet prefix is expected rather than "KEEPALIVED_VIRTUAL_IPS_ROW_2/32".
...

Stopped
Keepalived_vrrp exited with permanent error CONFIG. Terminating
Stopping
Stopped
Stopped Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2

Setting --env KEEPALIVED_VIRTUAL_IPS="#PYTHON2BASH:['1.1.1.1']" results in the same error.