Merge pull request #184 from sigbjorntux/feature/native_ipv6

add support for native_ipv6 in vrrp instances

README.md

@@ -210,6 +210,75 @@ node /node01/ {
 }
 ```
 
+### IPv4 and IPv6 virtual IP, with application level failure detection
+
+This configuration will fail-over both the IPv4 address and the IPv6 address when:
+
+a. NGINX daemon is not running
+b. Master node is unavailable
+
+It is not possible to configure both IPv4 and IPv6 addresses as
+virtual\_ipaddresses in a single vrrp\_instance; the reason is that the VRRP
+protocol doesn't support it. The two VRRP instances can both use the same
+virtual\_router\_id since VRRP IPv4 and IPv6 instances are completely
+independent of each other. Both nodes have state set to BACKUP, which will
+prevent them from entering MASTER state until the check script(s) have succeeded
+and the election has been held.
+
+To ensure that the IPv4 and IPv6 vrrp\_instances are always in the same state as
+each other, configure a vrrp\_sync\_group to include both the instances. The
+vrrp\_sync\_group require the global\_tracking flag to be enabled to prevent
+keepalived from ignoring the tracking scripts for the vrrp\_sync\_group's
+vrrp\_instance members.
+
+Configure the vrrp\_instance with the native\_ipv6 flag to force the instance to
+use IPv6. An IPv6 vrrp\_instance without the "native\_ipv6" keyword does not
+configure the virtual IPv6 address with the "deprecated nodad" options.
+
+RFC 3484, “Default Address Selection for Internet Protocol version 6 (IPv6)”:
+Configure a /128 mask for the IPv6 address for keepliaved to set
+preferred\_lft to 0 to avoid the VI to be used for outgoing connections.
+
+RFC5798 section 5.2.9 requires that if the protocol is IPv6, then the first
+address must be the link local address of the virtual router.
+
+IPv6 VRRP uses VRRP version 3, which does not support authentication, so the
+auth\_type and auth\_pass parameters are removed for the IPv6 VRRP instance.
+
+```puppet
+node /node0x/ {
+  keepalived::vrrp::script { 'check_nginx':
+    script => '/usr/bin/pkill -0 nginx',
+  }
+
+  keepalived::vrrp::sync_group { 'VI_50':
+    group               => [ 'VI_50_IPV4', 'VI_50_IPV6' ],
+    global_tracking     => true,
+  }
+
+  keepalived::vrrp::instance { 'VI_50_IPV4':
+    interface           => 'eth0',
+    state               => 'BACKUP',
+    virtual_router_id   => 50,
+    priority            => 100,
+    auth_type           => 'PASS',
+    auth_pass           => 'secret',
+    virtual_ipaddress   => '10.0.0.1/32',
+    track_script        => 'check_nginx',
+  }
+
+  keepalived::vrrp::instance { 'VI_50_IPV6':
+    interface           => 'eth0',
+    state               => 'BACKUP',
+    virtual_router_id   => 50,
+    priority            => 100,
+    virtual_ipaddress   => ['fe80::50/128', '2001:db8::50/128', ],
+    track_script        => 'check_nginx',
+    native_ipv6         => true,
+  }
+}
+```
+
 ### Global definitions
 
 ```puppet

manifests/vrrp/instance.pp

@@ -143,6 +143,9 @@
 # $vmac_xmit_base::        When using virtual MAC addresses transmit and receive
 #                          VRRP messaged on the underlying interface whilst ARP
 #                          will happen from the the VMAC interface.
+#
+# $native_ipv6::           Force instance to use IPv6 (when mixed IPv4 and IPv6 config)
+#
 
 define keepalived::vrrp::instance (
   $interface,
@@ -176,6 +179,7 @@
   $dont_track_primary                       = false,
   $use_vmac                                 = false,
   $vmac_xmit_base                           = true,
+  Boolean $native_ipv6                      = false,
 
 ) {
   $_name = regsubst($name, '[:\/\n]', '')

manifests/vrrp/sync_group.pp

@@ -22,12 +22,13 @@
 #
 define keepalived::vrrp::sync_group (
   $group,
-  $notify_script_master = undef,
-  $notify_script_backup = undef,
-  $notify_script_fault  = undef,
-  $notify_script        = undef,
-  $smtp_alert           = undef,
-  $nopreempt            = undef,
+  $notify_script_master    = undef,
+  $notify_script_backup    = undef,
+  $notify_script_fault     = undef,
+  $notify_script           = undef,
+  $smtp_alert              = undef,
+  $nopreempt               = undef,
+  Boolean $global_tracking = false,
 ) {
   $_name = regsubst($name, '[:\/\n]', '')
 

spec/defines/keepalived_vrrp_instance_spec.rb

@@ -973,6 +973,21 @@
             )
         }
       end
+      describe 'with native_ipv6' do
+        let(:params) do
+          mandatory_params.merge(
+            native_ipv6: true
+          )
+        end
+
+        it { is_expected.to create_keepalived__vrrp__instance('_NAME_') }
+        it {
+          is_expected.to \
+            contain_concat__fragment('keepalived.conf_vrrp_instance__NAME_').with(
+              'content' => %r{native_ipv6}
+            )
+        }
+      end
     end
   end
 end

spec/defines/keepalived_vrrp_sync_group_spec.rb

@@ -134,6 +134,23 @@
             )
         }
       end
+
+      describe 'with parameter global_tracking' do
+        let(:params) do
+          {
+            group: '_GROUP_',
+            global_tracking: true
+          }
+        end
+
+        it { is_expected.to create_keepalived__vrrp__sync_group('_NAME_') }
+        it {
+          is_expected.to \
+            contain_concat__fragment('keepalived.conf_vrrp_sync_group__NAME_').with(
+              'content' => %r{global_tracking}
+            )
+        }
+      end
     end
   end
 end

templates/vrrp_instance.erb

@@ -31,8 +31,12 @@ vrrp_instance <%= @_name %> {
   <%- if @vmac_xmit_base -%>
   vmac_xmit_base
   <%- end -%>
+  <%- end -%>
 
+  <%- if @native_ipv6 -%>
+  native_ipv6
   <%- end -%>
+
   # notify scripts and alerts are optional
   #
   # filenames of scripts to run on transitions

templates/vrrp_sync_group.erb

@@ -42,5 +42,11 @@ vrrp_sync_group <%= @_name %> {
   <%- if @smtp_alert -%>
   smtp_alert
   <%- end -%>
+
+  <%- if @global_tracking -%>
+  # All VRRP share the same tracking config.
+  global_tracking
+  <%- end -%>
+
 }