+++

Author: RootShell-coder

.github/workflows/docker-publish.yml

@@ -0,0 +1,40 @@
+---
+name: Docker
+
+on:
+  push:
+    branches: master
+    paths:
+      - 'docker/**'
+
+env:
+  IMAGE_NAME: swarm-keepalived
+
+defaults:
+  run:
+    working-directory: docker
+
+jobs:
+  test:
+    runs-on: [ ubuntu-latest ]
+    steps:
+      - uses: actions/checkout@v3
+      - name: Build Test
+        run: docker build -f Dockerfile .
+
+  push:
+    needs: [ test ]
+    name: Publish to Docker Hub
+    runs-on: [ ubuntu-latest ]
+    steps:
+      - uses: actions/checkout@v3
+      - name: Build image
+        run: |
+          docker build -f Dockerfile -t ${{ secrets.DOCKERHUB_USER }}/${IMAGE_NAME}:${GITHUB_SHA::5} .
+          docker tag ${{ secrets.DOCKERHUB_USER }}/${IMAGE_NAME}:${GITHUB_SHA::5} ${{ secrets.DOCKERHUB_USER }}/${IMAGE_NAME}:latest
+      - name: Login to Docker Hub
+        run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u ${{ secrets.DOCKERHUB_USER }} --password-stdin
+      - name: Push Image to Docker Hub
+        run: |
+          docker push ${{ secrets.DOCKERHUB_USER }}/${IMAGE_NAME}:${GITHUB_SHA::5}
+          docker push ${{ secrets.DOCKERHUB_USER }}/${IMAGE_NAME}:latest

README.md

@@ -1 +1,19 @@
-# swarm-keepalived
+# swarm keepalived
+
+docker
+
+`echo "modprobe ip_vs" >> /etc/modules`
+
+```bash
+docker run -d --restart=always \
+  --cap-add=NET_ADMIN --cap-add=NET_BROADCAST --cap-add=NET_RAW \
+  --net=host \
+  -e KEEPALIVED_UNICAST_SRC_IP="172.16.5.4" \
+  -e KEEPALIVED_UNICAST_PEER="172.16.5.5" \
+  -e KEEPALIVED_VIRTUAL_IPADDRESS=192.168.100.254/32 \
+  -e KEEPALIVED_PRIORITY=100 \
+  -e KEEPALIVED_INTERFACE="eth0" \
+  rootshellcoder/swarm-keepalived:latest
+```
+
+[docker-swarm](./keepalived-service.yml)

docker/Dockerfile

@@ -0,0 +1,104 @@
+FROM alpine:latest AS build
+
+WORKDIR /tmp
+ADD https://keepalived.org/software/keepalived-2.2.8.tar.gz .
+
+RUN set eux; \
+  addgroup -S keepalived_script; \
+  adduser -D -S -G keepalived_script keepalived_script;
+
+RUN set eux; \
+  apk add --update --no-cache \
+  binutils \
+  file \
+  file-dev \
+  gcc \
+  glib \
+  glib-dev \
+  ipset \
+  ipset-dev \
+  iptables \
+  iptables-dev \
+  libmnl-dev \
+  libnftnl-dev \
+  libnl3 \
+  libnl3-dev \
+  make \
+  musl-dev \
+  net-snmp-dev \
+  openssl \
+  openssl-dev \
+  pcre2 \
+  pcre2-dev \
+  autoconf \
+  automake; \
+  tar xvzf keepalived-2.2.8.tar.gz; \
+  cd /tmp/keepalived-2.2.8/; \
+  ./autogen.sh; \
+  ./configure \
+  --disable-dynamic-linking \
+  --prefix=/usr \
+  --exec-prefix=/usr \
+  --bindir=/usr/bin \
+  --sbindir=/usr/sbin \
+  --sysconfdir=/etc \
+  --datadir=/usr/share \
+  --localstatedir=/var \
+  --mandir=/usr/share/man \
+  --with-dbus-data-dir=/usr/share \
+  --enable-bfd \
+  --enable-dbus \
+  --enable-regex \
+  --enable-snmp \
+  --enable-snmp-rfc \
+  --enable-nftables \
+  --disable-iptables \
+  --enable-json; \
+  make; \
+  make install; \
+  strip /usr/sbin/keepalived; \
+  cd -; \
+  rm -rf /tmp/keepalived-2.2.8; \
+  apk --no-cache del \
+  binutils \
+  file-dev \
+  gcc \
+  glib-dev \
+  ipset-dev \
+  iptables-dev \
+  libmnl-dev \
+  libnl3-dev \
+  libnftnl-dev \
+  make \
+  musl-dev \
+  openssl-dev \
+  pcre2-dev \
+  autoconf \
+  automake
+
+FROM alpine:latest
+WORKDIR /src/keepalived
+COPY keepalived.conf /etc/keepalived/
+COPY entrypoint /usr/bin/
+RUN set eux; \
+  apk add --update --no-cache \
+  sudo \
+  bash \
+  file \
+  glib \
+  ipset \
+  iptables \
+  libnl3 \
+  net-snmp-dev \
+  openssl \
+  pcre2; \
+  addgroup -S keepalived; \
+  adduser -S keepalived -G keepalived -h /src/keepalived -s /bin/bash; \
+  addgroup keepalived sudo; \
+  chmod a+x /usr/bin/entrypoint; \
+  sed -i '/# %sudo/c keepalived ALL=(ALL:ALL) NOPASSWD:/usr/sbin/keepalived' /etc/sudoers; \
+  chown -R keepalived:keepalived /etc/keepalived/ /run;
+COPY --from=build /usr/sbin/ /usr/sbin/
+USER keepalived
+ENTRYPOINT ["entrypoint"]
+CMD ["sudo", "/usr/sbin/keepalived", "--dont-fork", "--log-console", "--use-file", "/etc/keepalived/keepalived.conf"]

docker/entrypoint

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Default variables
+KEEPALIVED_INTERFACE=${KEEPALIVED_INTERFACE:-eth0}
+KEEPALIVED_VIRTUAL_ROUTER_ID=${KEEPALIVED_VIRTUAL_ROUTER_ID:-51}
+KEEPALIVED_PRIORITY=${KEEPALIVED_PRIORITY:-100}
+KEEPALIVED_AUTH_PASS=${KEEPALIVED_AUTH_PASS:-ETlE2RQr}
+
+# required variables
+# KEEPALIVED_UNICAST_SRC_IP
+# KEEPALIVED_UNICAST_PEER
+# KEEPALIVED_VIRTUAL_IPADDRESS
+# KEEPLAIVED_AUTH_PASS
+
+KEEPALIVED_CONF=/etc/keepalived/keepalived.conf
+
+sed -i "s!{{KEEPALIVED_INTERFACE}}!${KEEPALIVED_INTERFACE}!g" ${KEEPALIVED_CONF}
+sed -i "s!{{KEEPALIVED_VIRTUAL_ROUTER_ID}}!${KEEPALIVED_VIRTUAL_ROUTER_ID}!g" ${KEEPALIVED_CONF}
+sed -i "s!{{KEEPALIVED_PRIORITY}}!${KEEPALIVED_PRIORITY}!g" ${KEEPALIVED_CONF}
+sed -i "s!{{KEEPALIVED_UNICAST_SRC_IP}}!${KEEPALIVED_UNICAST_SRC_IP}!g" ${KEEPALIVED_CONF}
+
+UNICAST_PEER=$(echo $KEEPALIVED_UNICAST_PEER | sed "s/\s//g" | sed "s/,/ /g")
+for up in ${UNICAST_PEER[@]}; do
+  sed -i "s!{{KEEPALIVED_UNICAST_PEER}}!${up}\n    {{KEEPALIVED_UNICAST_PEER}}!" ${KEEPALIVED_CONF}
+done
+  sed -i "/{{KEEPALIVED_UNICAST_PEER}}/d" ${KEEPALIVED_CONF}
+
+VIPs=$(echo $KEEPALIVED_VIRTUAL_IPADDRESS | sed "s/\s//g" | sed "s/,/ /g")
+for vip in ${VIPs[@]}; do
+  sed -i "s!{{KEEPALIVED_VIRTUAL_IPADDRESS}}!${vip} dev ${KEEPALIVED_INTERFACE} label ${KEEPALIVED_INTERFACE}:0\n    {{KEEPALIVED_VIRTUAL_IPADDRESS}}!" ${KEEPALIVED_CONF}
+done
+  sed -i "/{{KEEPALIVED_VIRTUAL_IPADDRESS}}/d" ${KEEPALIVED_CONF}
+
+sed -i "s!{{KEEPALIVED_AUTH_PASS}}!${KEEPALIVED_AUTH_PASS}!g" ${KEEPALIVED_CONF}
+
+exec "$@"

docker/keepalived.conf

@@ -0,0 +1,21 @@
+global_defs {
+  default_interface {{KEEPALIVED_INTERFACE}}
+}
+vrrp_instance VI_1 {
+  interface {{KEEPALIVED_INTERFACE}}
+  state BACKUP
+  virtual_router_id {{KEEPALIVED_VIRTUAL_ROUTER_ID}}
+  priority {{KEEPALIVED_PRIORITY}}
+  nopreempt
+  unicast_src_ip {{KEEPALIVED_UNICAST_SRC_IP}}
+  unicast_peer {
+    {{KEEPALIVED_UNICAST_PEER}}
+  }
+  virtual_ipaddress {
+    {{KEEPALIVED_VIRTUAL_IPADDRESS}} dev agge label agge:0
+  }
+  authentication {
+    auth_type PASS
+    auth_pass {{KEEPALIVED_AUTH_PASS}}
+  }
+}

keepalived-service.yml

@@ -0,0 +1,47 @@
+---
+version: '3.9'
+
+networks:
+  outside:
+    external:
+      name: "host"
+
+services:
+  master:
+    image: rootshellcoder/swarm-keepalived:latest
+    environment:
+      KEEPALIVED_UNICAST_SRC_IP: "172.16.5.4"
+      KEEPALIVED_UNICAST_PEER: "172.16.5.5"
+      KEEPALIVED_VIRTUAL_IPADDRESS: 192.168.100.254
+      KEEPALIVED_PRIORITY: 200
+      KEEPALIVED_INTERFACE: "eth0"
+    networks:
+      - outside
+    cap_add:
+      - NET_ADMIN
+      - NET_BROADCAST
+      - NET_RAW
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+          - node.labels.keepalived_master == true
+  backup:
+    image: rootshellcoder/swarm-keepalived:latest
+    environment:
+      KEEPALIVED_UNICAST_SRC_IP: "172.16.5.5"
+      KEEPALIVED_UNICAST_PEER: "172.16.5.4"
+      KEEPALIVED_VIRTUAL_IPADDRESS: 192.168.100.254
+      KEEPALIVED_PRIORITY: 100
+      KEEPALIVED_INTERFACE: "eth0"
+    networks:
+      - outside
+    cap_add:
+      - NET_ADMIN
+      - NET_BROADCAST
+      - NET_RAW
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+          - node.labels.keepalived_backup == true