Hi @sjiveson
Thanks so much for the details and for the example.
I’m a bit unsure about your comments in regards to:
The capabilities required are: CAP_NET_ADMIN and CAP_NET_BROADCAST. Obviously remove the CAP_ if specifying these in a Docker compose file.
Can you please explain better? I dont see any of them in your dockerfile or script in order to add/remove?
I’m checking about the values in the keepalive conf file, a few doubts only…
In your example x.x.x.x is the floating IP correct? And that is expressed both in the haproxy check, as well as in the virtual_ipaddress, right?
The other “variable” NNN I’m a bit unsure? Is the ip addres in the first global block the ip range you are using? In the keepalived config ocumentation I see the parameter mcast_group_4 is optional… and has a default value of 224.0.0.18… is this required? I understand this is the multicast ip it would use? presumably to find more nodes?
Basically my questions revolve around your setup and the following config entires:
global_defs {
router_id **blahblah**
vrrp_mcast_group4 224.0.1.**NNN**
}
(in this case, should blahblahblah be any value just so it is different from the other router_ids defined later?
and in the other secitions just to make sure:
vrrp_script chk_haproxy {
script "ss -ltn 'src x.x.x.x' | grep 443"
}
(in the above, x.x.x.x is the “virtual ip” correct? so it will be the same as below?)
vrrp_instance lb-vips {
virtual_router_id NNN
priority NNN
...
virtual_ipaddress {
x.x.x.x/24 dev eth0
}
}
I assume that each “NNN” is not actually the same value in these, correct? (and again, x.x.x.x is the same as the above x.x.x.x, right?)
I’ll try and make some tests with this soon… have you been running this from within a stack? I assume as a global container? Have you had any issues with the LBs on the hosts listening onto these vips? or are they just binding to 0.0.0.0?
Thanks for your time!!
EDIT: sorry abt that, I was a bit ignorant in regards to putting 2 & 2 together lol… I have added the Capabilities in the docker-compose file…