1. Proposed title of this feature request
Improve configurability of ipfailover container
3. What is the nature and description of the request?
There is concern that the keepalived configuration doesn't monitor the IP address assignment is still current (restarting networking manually, or as a side-effect from yum update, or by an admin in error). Someone may also wish to add extra monitoring (of another service perhaps) to the check script. Similarly, they may wish to customize the actions taken when it cuts over (e.g. to program something upstream).
It is probably better to allow extension of the keepalived configuration to allow the user to specify custom check and notify scripts, or parts of them: https://tobrunet.ch/2013/07/keepalived-check-and-notify-scripts/
We may also want to allow the check period to be configured.
Part of this task is to look at the design and see what we want to allow to be customized. Ideally, we could customize the whole config, but given that it uses shell scripts at the moment rather than a templatized config file, we may not be able to do too much in that direction.
- Add a way to specify custom user-specified check and notify scripts to the keepalived configuration
- Document the method, and why you want to do it
7. Is there already an existing RFE upstream or in Red Hat Bugzilla?
10. List any affected packages or components.
This can be done with a configmap
root@wsfd-netdev22: ~ # oc get po | grep ipf
ipf-ha-router-5-ktol1 1/1 Running 0 3h
ipf-ha-router-5-t1xbd 1/1 Running 0 3h
root@wsfd-netdev22: ~ # oc rsh ipf-ha-router-5-ktol1 cat /etc/keepalived/keepalived.conf > save-file
Edit the save-file to add the desired checks and notifies then create a config map
with the file. Edit the dc/ipf-..... to include the config map setup and
an ENV, KEEPALIVED_OPTIONS="-f ppp" pointing to config map mount point.
The config map provides a complete replacement for the keepalived.conf file so you can do anything that keepalived supports.
I will verify that this will work.
email@example.com This corresponds to the Trello card I am working on, so I took the bug.
Spoke to Ben about this. The comment 2 approach is not flexible enough. The keepalived.conf file is created every time the pod is started and items can change in the file. A statically captured file passed in the config map won't have the changes.
Instead we will have a env var for the path names to the check and notify scripts. One way to supply the check and notify scripts is through configmaps.
Commit pushed to master at https://github.com/openshift/openshift-docs
Ipfailover check and notify script support
Openshift 3.5 feature.
Add options to 'oadm ipfailover' to configure the check script and
notify scripts and also control the period the check script runs.
Keepalived periodically checks whether the application is running
properly. In the default case the test is a simple verification that
something is listening on the watch port. This PR permits the user to
supply an additional check script that is run in the ipfailover container
context to verify that the application is operating properly. For
example, a web server can be tested by accessing the watch port and
verifying the response.
Whenever a node changes state to MASTER, BACKUP, or FAULT a notify
script can be called. This script has 3 parameters filled in by
$1 - "GROUP"|"INSTANCE"
$2 - name of group or instance
$3 - target state of transition ("MASTER"|"BACKUP"|"FAULT")
The check script is a script in the keepalived container that verifies
the service is running properly. The script must return 0 for OK and 1
These checks are in addition to verifying that the watch port is
The notify script is a script in the keepalived container that is
called whenever the keepalived state transitions to
The check script is run every seconds. Default is 2.
Note: the scripts name is the full path to the script.
Fixes bug 1362163
Signed-off-by: Phil Cameron <firstname.lastname@example.org>
*** Bug 1363697 has been marked as a duplicate of this bug. ***
Cloned this bug to add the preemption strategy support see 1466033