Merge pull request #6853 from inverse-inc/feature/centralize-vip

Allow to centralize the virtual IPs on the same server

conf/documentation.conf

@@ -1558,6 +1558,13 @@ description=<<EOT
 Defines the MariaDB password for Galera replication
 EOT
 
+[active_active.centralize_vips]
+type=toggle
+options=enabled|disabled
+description=<<EOT
+Centralize the virtual IP addresses on the same node instead of distributing them on the two first nodes of the cluster
+EOT
+
 [parking]
 guide_anchor=_parked_devices
 

conf/pf.conf.defaults

@@ -1157,6 +1157,12 @@ galera_replication_username=
 #
 # Defines the replication password to be used for the MariaDB Galera cluster replication
 galera_replication_password=
+#
+# active_active.centralize_vips
+#
+# Centralize the virtual IP addresses on the same node instead of distributing them on the two first nodes of the cluster
+centralize_vips=disabled
+
 
 [parking]
 #

html/pfappserver/root/src/views/Configuration/activeActive/_components/TheForm.vue

@@ -30,6 +30,11 @@
       :text="$i18n.t('Set the gateway option in DHCP replies to point only to the VIP in cluster mode rather than to all servers in the cluster.')"
     />
 
+    <form-group-centralize-vips namespace="centralize_vips"
+      :column-label="$i18n.t('Centralized virtual IPs')"
+      :text="$i18n.t('Centralize the virtual IP addresses on the same node instead of distributing them on the two first nodes of the cluster.')"
+    />
+
     <form-group-centralized-deauth namespace="centralized_deauth"
       :column-label="$i18n.t('Centralized access reevaluation')"
       :text="$i18n.t('Centralize the deauthentication to the management node of the cluster.')"
@@ -75,6 +80,7 @@ import schemaFn from '../schema'
 import {
   FormGroupAuthOnManagement,
   FormGroupCentralizedDeauth,
+  FormGroupCentralizeVips,
   FormGroupConflictResolutionThreshold,
   FormGroupDnsOnVipOnly,
   FormGroupGatewayOnVipOnly,
@@ -92,6 +98,7 @@ const components = {
 
   FormGroupAuthOnManagement,
   FormGroupCentralizedDeauth,
+  FormGroupCentralizeVips,
   FormGroupConflictResolutionThreshold,
   FormGroupDnsOnVipOnly,
   FormGroupGatewayOnVipOnly,

html/pfappserver/root/src/views/Configuration/activeActive/_components/index.js

@@ -16,6 +16,7 @@ export {
 
   BaseFormGroupToggleDisabledEnabled  as FormGroupAuthOnManagement,
   BaseFormGroupToggleDisabledEnabled  as FormGroupCentralizedDeauth,
+  BaseFormGroupToggleDisabledEnabled  as FormGroupCentralizeVips,
   BaseFormGroupIntervalUnit           as FormGroupConflictResolutionThreshold,
   BaseFormGroupToggleDisabledEnabled  as FormGroupDnsOnVipOnly,
   BaseFormGroupToggleDisabledEnabled  as FormGroupGatewayOnVipOnly,

lib/pf/services/manager/keepalived.pm

@@ -104,11 +104,13 @@ EOT
         foreach my $interface ( @ints ) {
             my $cfg = $Config{"interface $interface"};
             next unless $cfg;
-            my $priority = 100 - pf::cluster::reg_cluster_index();
+            my $priority = 100 - pf::cluster::cluster_index();
+            if(isdisabled($Config{active_active}{centralize_vips})) {
+                $priority = 100 - pf::cluster::reg_cluster_index();
+            }
             my $process_tracking = "haproxy_portal";
             if ($Config{"interface $interface"}{'type'} =~ /management/i || $Config{"interface $interface"}{'type'} =~ /radius/i) {
                 $process_tracking = "radius_load_balancer";
-                $priority = 100 - pf::cluster::cluster_index();
             }
             my $cluster_ip = pf::cluster::cluster_ip($interface);
             $tags{'vrrp'} .= <<"EOT";