This commit is contained in:
Bertrand Gouny 2017-07-06 14:26:30 +02:00
commit 7fcab02dab
11 changed files with 124 additions and 62 deletions

View File

@ -1,5 +1,10 @@
# Changelog
## 1.3.6
- Fix startup.sh and finish.sh ip address removal
- Use linux alpine
- Add keepalived_script script user
## 1.3.5
- Keepalived version 1.3.5

View File

@ -1,5 +1,5 @@
NAME = osixia/keepalived
VERSION = 1.3.5
VERSION = 1.3.5-1-1
.PHONY: all build build-nocache test tag_latest release

View File

@ -6,7 +6,7 @@
[hub]: https://hub.docker.com/r/osixia/keepalived/
Latest release: 1.3.5 - Keepalived 1.3.5 - [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/keepalived/) 
Latest release: 1.3.5-1 - Keepalived 1.3.5 - [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/keepalived/) 
**A docker image to run Keepalived.**
> [keepalived.org](http://keepalived.org/)
@ -22,7 +22,7 @@ Latest release: 1.3.5 - Keepalived 1.3.5 - [Changelog](CHANGELOG.md) | [Docker H
- [Link environment file](#link-environment-file)
- [Make your own image or extend this image](#make-your-own-image-or-extend-this-image)
- [Advanced User Guide](#advanced-user-guide)
- [Extend osixia/keepalived:1.3.5 image](#extend-osixiakeepalived135-image)
- [Extend osixia/keepalived:1.3.5-1 image](#extend-osixiakeepalived135-1-image)
- [Make your own keepalived image](#make-your-own-keepalived-image)
- [Tests](#tests)
- [Under the hood: osixia/light-baseimage](#under-the-hood-osixialight-baseimage)
@ -32,7 +32,7 @@ Latest release: 1.3.5 - Keepalived 1.3.5 - [Changelog](CHANGELOG.md) | [Docker H
This image require the kernel module ip_vs loaded on the host (`modprobe ip_vs`) and need to be run with : --cap-add=NET_ADMIN --net=host
docker run --cap-add=NET_ADMIN --net=host -d osixia/keepalived:1.3.5
docker run --cap-add=NET_ADMIN --net=host -d osixia/keepalived:1.3.5-1
## Beginner Guide
@ -42,7 +42,7 @@ but setting your own keepalived.conf is possible. 2 options:
- Link your config file at run time to `/container/service/keepalived/assets/keepalived.conf` :
docker run --volume /data/my-keepalived.conf:/container/service/keepalived/assets/keepalived.conf --detach osixia/keepalived:1.3.5
docker run --volume /data/my-keepalived.conf:/container/service/keepalived/assets/keepalived.conf --detach osixia/keepalived:1.3.5-1
- Add your config file by extending or cloning this image, please refer to the [Advanced User Guide](#advanced-user-guide)
@ -52,7 +52,7 @@ You may have some problems with mounted files on some systems. The startup scrip
To fix that run the container with `--copy-service` argument :
docker run [your options] osixia/keepalived:1.3.5 --copy-service
docker run [your options] osixia/keepalived:1.3.5-1 --copy-service
### Debug
@ -61,11 +61,11 @@ Available levels are: `none`, `error`, `warning`, `info`, `debug` and `trace`.
Example command to run the container in `debug` mode:
docker run --detach osixia/keepalived:1.3.5 --loglevel debug
docker run --detach osixia/keepalived:1.3.5-1 --loglevel debug
See all command line options:
docker run osixia/keepalived:1.3.5 --help
docker run osixia/keepalived:1.3.5-1 --help
## Environment Variables
@ -85,7 +85,7 @@ See how to [set your own environment variables](#set-your-own-environment-variab
If you want to set this variable at docker run command add the tag `#PYTHON2BASH:` and convert the yaml in python:
docker run --env KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:['192.168.1.10', '192.168.1.11']" --detach osixia/keepalived:1.3.5
docker run --env KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:['192.168.1.10', '192.168.1.11']" --detach osixia/keepalived:1.3.5-1
To convert yaml to python online : http://yaml-online-parser.appspot.com/
@ -107,7 +107,7 @@ See how to [set your own environment variables](#set-your-own-environment-variab
Environment variables can be set by adding the --env argument in the command line, for example:
docker run --env KEEPALIVED_INTERFACE="eno1" --env KEEPALIVED_PASSWORD="password!" \
--env KEEPALIVED_PRIORITY="100" --detach osixia/keepalived:1.3.5
--env KEEPALIVED_PRIORITY="100" --detach osixia/keepalived:1.3.5-1
#### Link environment file
@ -115,7 +115,7 @@ Environment variables can be set by adding the --env argument in the command lin
For example if your environment file is in : /data/environment/my-env.yaml
docker run --volume /data/environment/my-env.yaml:/container/environment/01-custom/env.yaml \
--detach osixia/keepalived:1.3.5
--detach osixia/keepalived:1.3.5-1
Take care to link your environment file to `/container/environment/XX-somedir` (with XX < 99 so they will be processed before default environment files) and not directly to `/container/environment` because this directory contains predefined baseimage environment files to fix container environment (INITRD, LANG, LANGUAGE and LC_CTYPE).
@ -125,13 +125,13 @@ This is the best solution if you have a private registry. Please refer to the [A
## Advanced User Guide
### Extend osixia/keepalived:1.3.5 image
### Extend osixia/keepalived:1.3.5-1 image
If you need to add your custom TLS certificate, bootstrap config or environment files the easiest way is to extends this image.
Dockerfile example:
FROM osixia/keepalived:1.3.5
FROM osixia/keepalived:1.3.5-1
MAINTAINER Your Name <your@name.com>
ADD keepalived.conf /container/service/keepalived/assets/keepalived.conf

View File

@ -1,25 +1,29 @@
# Use osixia/light-baseimage
# sources: https://github.com/osixia/docker-light-baseimage
FROM osixia/light-baseimage:0.2.6
FROM osixia/alpine-light-baseimage:0.1.2
MAINTAINER Bertrand Gouny <bertrand.gouny@osixia.net>
# Keepalived version
ENV KEEPALIVED_VERSION 1.3.5
RUN addgroup -S keepalived_script && adduser -D -S -G keepalived_script keepalived_script
# Download, build and install Keepalived
RUN apt-get -y update \
&& LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
RUN apk --no-cache add \
curl \
gcc \
ipset \
ipset-dev \
iptables \
iptables-dev \
libipset-dev \
libnl-3-dev \
libnl-genl-3-dev \
libnl-route-3-dev \
libnfnetlink \
libnfnetlink-dev \
libssl-dev \
libnl3 \
libnl3-dev \
make \
pkg-config \
musl-dev \
openssl \
openssl-dev \
&& curl -o keepalived.tar.gz -SL http://keepalived.org/software/keepalived-${KEEPALIVED_VERSION}.tar.gz \
&& mkdir -p /container/keepalived-sources \
&& tar -xzf keepalived.tar.gz --strip 1 -C /container/keepalived-sources \
@ -27,11 +31,19 @@ RUN apt-get -y update \
&& ./configure --disable-dynamic-linking \
&& make && make install \
&& cd - && mkdir -p /etc/keepalived \
&& apt-get remove -y --purge --auto-remove curl make gcc pkg-config \
&& rm -f keepalived.tar.gz \
&& rm -rf /container/keepalived-sources \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
&& apk --no-cache del \
curl \
gcc \
ipset-dev \
iptables-dev \
libnfnetlink-dev \
libnl3-dev \
make \
musl-dev \
openssl-dev
# Add service directory to /container/service
ADD service /container/service

View File

@ -1,16 +0,0 @@
KEEPALIVED_INTERFACE: eth0
KEEPALIVED_PASSWORD: d0cker
# For electing MASTER, highest priority wins.
# to be MASTER, make 50 more than other machines
KEEPALIVED_PRIORITY: 150
KEEPALIVED_UNICAST_PEERS:
- 192.168.1.10
- 192.168.1.11
KEEPALIVED_VIRTUAL_IPS:
- 192.168.1.231
- 192.168.1.232
KEEPALIVED_NOTIFY: /container/service/keepalived/assets/notify.sh

View File

@ -1 +1,18 @@
KEEPALIVED_COMMAND_LINE_ARGUMENTS: --log-detail --dump-conf
KEEPALIVED_INTERFACE: eth0
KEEPALIVED_PASSWORD: d0cker
# For electing MASTER, highest priority wins.
# to be MASTER, make 50 more than other machines
KEEPALIVED_PRIORITY: 150
KEEPALIVED_UNICAST_PEERS:
- 192.168.1.10
- 192.168.1.11
KEEPALIVED_VIRTUAL_IPS:
- 192.168.1.231
- 192.168.1.232
KEEPALIVED_NOTIFY: /container/service/keepalived/assets/notify.sh

View File

@ -1,27 +1,31 @@
global_defs {
default_interface {{ KEEPALIVED_INTERFACE }}
}
vrrp_instance VI_1 {
interface {{ keepalived_interface }}
interface {{ KEEPALIVED_INTERFACE }}
track_interface {
{{ keepalived_interface }}
{{ KEEPALIVED_INTERFACE }}
}
state BACKUP
virtual_router_id 51
priority {{ keepalived_priority }}
priority {{ KEEPALIVED_PRIORITY }}
nopreempt
unicast_peer {
{{ keepalived_unicast_peers }}
{{ KEEPALIVED_UNICAST_PEERS }}
}
virtual_ipaddress {
{{ keepalived_virtual_ips }}
{{ KEEPALIVED_VIRTUAL_IPS }}
}
authentication {
auth_type PASS
auth_pass {{ keepalived_password }}
auth_pass {{ KEEPALIVED_PASSWORD }}
}
{{ keepalived_notify }}
{{ KEEPALIVED_NOTIFY }}
}

View File

@ -7,7 +7,20 @@ log-helper level eq trace && set -x
# try to delete virtual ips from interface
for vip in $(complex-bash-env iterate KEEPALIVED_VIRTUAL_IPS)
do
ip addr del ${vip}/32 dev ${KEEPALIVED_INTERFACE} || true
IP=$(echo ${!vip} | awk '{print $1}')
IP_INFO=$(ip addr list | grep ${IP}) || continue
IP_V6=$(echo "${IP_INFO}" | grep "inet6") || true
# ipv4
if [ -z "${IP_V6}" ]; then
IP_INTERFACE=$(echo "${IP_INFO}" | awk '{print $5}')
# ipv6
else
echo "skipping address: ${IP} - ipv6 not supported yet :("
continue
fi
ip addr del ${IP} dev ${IP_INTERFACE} || true
done
exit 0

View File

@ -0,0 +1,5 @@
#!/bin/bash -e
# this script is run during the image build
# delete keepalived default config file
rm /usr/local/etc/keepalived/keepalived.conf

View File

@ -4,4 +4,12 @@
# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/log-helper
log-helper level eq trace && set -x
exec /usr/local/sbin/keepalived -f /etc/keepalived/keepalived.conf --dont-fork --log-console ${KEEPALIVED_COMMAND_LINE_ARGUMENTS}
echo -n "Waiting config file /usr/local/etc/keepalived/keepalived.conf"
while [ ! -e "/usr/local/etc/keepalived/keepalived.conf" ]
do
echo -n "."
sleep 0.1
done
echo "ok"
exec /usr/local/sbin/keepalived -f /usr/local/etc/keepalived/keepalived.conf --dont-fork --log-console ${KEEPALIVED_COMMAND_LINE_ARGUMENTS}

View File

@ -11,30 +11,31 @@ if [ ! -e "$FIRST_START_DONE" ]; then
#
# bootstrap config
#
sed -i --follow-symlinks "s|{{ keepalived_interface }}|$KEEPALIVED_INTERFACE|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
sed -i --follow-symlinks "s|{{ keepalived_priority }}|$KEEPALIVED_PRIORITY|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
sed -i --follow-symlinks "s|{{ keepalived_password }}|$KEEPALIVED_PASSWORD|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
sed -i "s|{{ KEEPALIVED_INTERFACE }}|$KEEPALIVED_INTERFACE|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
sed -i "s|{{ KEEPALIVED_PRIORITY }}|$KEEPALIVED_PRIORITY|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
sed -i "s|{{ KEEPALIVED_PASSWORD }}|$KEEPALIVED_PASSWORD|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
if [ -n "$KEEPALIVED_NOTIFY" ]; then
sed -i --follow-symlinks "s|{{ keepalived_notify }}|notify \"$KEEPALIVED_NOTIFY\"|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
sed -i "s|{{ KEEPALIVED_NOTIFY }}|notify \"$KEEPALIVED_NOTIFY\"|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
chown keepalived_script:keepalived_script $KEEPALIVED_NOTIFY
chmod +x $KEEPALIVED_NOTIFY
else
sed -i --follow-symlinks "/{{ keepalived_notify }}/d" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
sed -i "/{{ KEEPALIVED_NOTIFY }}/d" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
fi
# unicast peers
for peer in $(complex-bash-env iterate KEEPALIVED_UNICAST_PEERS)
do
sed -i --follow-symlinks "s|{{ keepalived_unicast_peers }}|${!peer}\n {{ keepalived_unicast_peers }}|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
sed -i "s|{{ KEEPALIVED_UNICAST_PEERS }}|${!peer}\n {{ KEEPALIVED_UNICAST_PEERS }}|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
done
sed -i --follow-symlinks "/{{ keepalived_unicast_peers }}/d" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
sed -i "/{{ KEEPALIVED_UNICAST_PEERS }}/d" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
# virtual ips
for vip in $(complex-bash-env iterate KEEPALIVED_VIRTUAL_IPS)
do
sed -i --follow-symlinks "s|{{ keepalived_virtual_ips }}|${!vip}\n {{ keepalived_virtual_ips }}|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
sed -i "s|{{ KEEPALIVED_VIRTUAL_IPS }}|${!vip}\n {{ KEEPALIVED_VIRTUAL_IPS }}|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
done
sed -i --follow-symlinks "/{{ keepalived_virtual_ips }}/d" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
sed -i "/{{ KEEPALIVED_VIRTUAL_IPS }}/d" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
touch $FIRST_START_DONE
fi
@ -42,11 +43,24 @@ fi
# try to delete virtual ips from interface
for vip in $(complex-bash-env iterate KEEPALIVED_VIRTUAL_IPS)
do
ip addr del ${vip}/32 dev ${KEEPALIVED_INTERFACE} || true
IP=$(echo ${!vip} | awk '{print $1}')
IP_INFO=$(ip addr list | grep ${IP}) || continue
IP_V6=$(echo "${IP_INFO}" | grep "inet6") || true
# ipv4
if [ -z "${IP_V6}" ]; then
IP_INTERFACE=$(echo "${IP_INFO}" | awk '{print $5}')
# ipv6
else
echo "skipping address: ${IP} - ipv6 not supported yet :("
continue
fi
ip addr del ${IP} dev ${IP_INTERFACE} || true
done
if [ ! -e "/etc/backup-manager.conf" ]; then
ln -sf ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf /etc/keepalived/keepalived.conf
if [ ! -e "/usr/local/etc/keepalived/keepalived.conf" ]; then
ln -sf ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf /usr/local/etc/keepalived/keepalived.conf
fi
exit 0