ipfailover - control preempt strategy

This allows the admin to control the VRRP preempt strategy.
The default strategy, preempt_delay <sec>, switches to the higher
priority master after a <sec> (default 300) delay. The second
strategy, nopreempt, suppresses switchin when a higher priority host
becomes available.

The 'oc adm ipfailover --preempt-strategy' option can set the desired
strategy. --preempt-strategy sets the OPENSHIFT_HA_PREEMPTION
environment variable.

bug 1465987
https://bugzilla.redhat.com/show_bug.cgi?id=1465987

openshift docs PR 4674
openshift/openshift-docs#4674

Author: pecameron

images/ipfailover/keepalived/conf/settings.sh

@@ -68,6 +68,15 @@ HA_NOTIFY_SCRIPT="${OPENSHIFT_HA_NOTIFY_SCRIPT:-""}"
 # Default is 2
 HA_CHECK_INTERVAL="${OPENSHIFT_HA_CHECK_INTERVAL:-"2"}"
 
+#  VRRP will preempt a lower priority machine when a higher priority one
+#  comes back online. You can change the preemption strategy to either:
+#     "nopreempt"  - which allows the lower priority machine to maintain its
+#                    'MASTER' status.
+#     OR
+#     "preempt_delay 300"  - waits 5 mins (in seconds) after startup to
+#                            preempt lower priority MASTERs.
+PREEMPTION="${OPENSHIFT_HA_PREEMPTION:-"preempt_delay 300"}"
+
 
 #  ========================================================================
 #  Default settings - not currently exposed or overridden on OpenShift.
@@ -94,17 +103,6 @@ SMTP_SERVER="${OPENSHIFT_HA_SMTP_SERVER:-"127.0.0.1"}"
 #  SMTP connect timeout (in seconds).
 SMTP_CONNECT_TIMEOUT=30
 
-
-#  VRRP will preempt a lower priority machine when a higher priority one
-#  comes back online. You can change the preemption strategy to either:
-#     "nopreempt"  - which allows the lower priority machine to maintain its
-#                    'MASTER' status.
-#     OR
-#     "preempt_delay 300"  - waits 5 mins (in seconds) after startup to
-#                            preempt lower priority MASTERs.
-PREEMPTION="preempt_delay 300"
-
-
 #  By default, the IP for binding vrrpd is the primary IP on the above
 #  specified interface. If you want to hide the location of vrrpd, you can
 #  specify a src_addr for multicast/unicast vrrp packets.

pkg/cmd/experimental/ipfailover/ipfailover.go

@@ -102,6 +102,7 @@ func NewCmdIPFailoverConfig(f *clientcmd.Factory, parentName, name string, out,
 	cmd.Flags().StringVar(&options.NotifyScript, "notify-script", "", "Run this script when state changes.")
 	cmd.Flags().StringVar(&options.CheckScript, "check-script", "", "Run this script at the check-interval to verify service is OK")
 	cmd.Flags().IntVar(&options.CheckInterval, "check-interval", ipfailover.DefaultCheckInterval, "Run the check-script at this interval (seconds)")
+	cmd.Flags().StringVar(&options.Preemption, "preemption-strategy", "preempt_delay 300", "Normlly VRRP will preempt a lower priority machine when a higher priority one comes online. 'nopreempt' allows the lower priority machine to maintain its MASTER status. The default 'preempt_delay 300' causes MASTER to switch after 5 min.")
 	cmd.Flags().StringVar(&options.IptablesChain, "iptables-chain", ipfailover.DefaultIptablesChain, "Add a rule to this iptables chain to accept 224.0.0.28 multicast packets if no rule exists. When iptables-chain is empty do not change iptables.")
 	cmd.Flags().StringVarP(&options.NetworkInterface, "interface", "i", "", "Network interface bound by VRRP to use for the set of virtual IP ranges/addresses specified.")
 

pkg/ipfailover/keepalived/generator.go

@@ -36,6 +36,7 @@ func generateEnvEntries(name string, options *ipfailover.IPFailoverConfigCmdOpti
 		"OPENSHIFT_HA_IPTABLES_CHAIN":    options.IptablesChain,
 		"OPENSHIFT_HA_NOTIFY_SCRIPT":     options.NotifyScript,
 		"OPENSHIFT_HA_CHECK_SCRIPT":      options.CheckScript,
+		"OPENSHIFT_HA_PREEMPTION":        options.Preemption,
 		"OPENSHIFT_HA_CHECK_INTERVAL":    interval,
 		// "OPENSHIFT_HA_UNICAST_PEERS":     "127.0.0.1",
 	})

pkg/ipfailover/types.go

@@ -26,6 +26,14 @@ const (
 	// between calls to the CheckScript
 	DefaultCheckInterval = 2
 
+	// DefaultPreemption strategy determines what to do when a lower
+	// priority machine has MASTER and a higher priority machine becomes
+	// available. The choices are "nopreempt" which leaves the lower priority
+	// machine as MASTER and "preempt_delay 300" (the default) which allows the
+	// supplied number of seconds to settle and then switches to the higher
+	// priority machine.
+	DefaultPreemption = "preempt_delay 300"
+
 	// DefaultIptablesChain is the default iptables chain on which to add
 	// a rule that accesses 224.0.0.18 (if none exists).
 	DefaultIptablesChain = "INPUT"
@@ -51,6 +59,7 @@ type IPFailoverConfigCmdOptions struct {
 	NotifyScript     string
 	CheckScript      string
 	CheckInterval    int
+	Preemption       string
 	NetworkInterface string
 	WatchPort        int
 	VRRPIDOffset     int

test/cmd/router.sh

@@ -84,6 +84,7 @@ os::cmd::expect_success_and_text 'oadm ipfailover --virtual-ips="1.2.3.4" --ipta
 os::cmd::expect_success_and_text 'oadm ipfailover --virtual-ips="1.2.3.4" --check-interval=1177 --dry-run -o yaml' 'value: "1177"'
 os::cmd::expect_success_and_text 'oadm ipfailover --virtual-ips="1.2.3.4" --check-script="ChkScript.sh" --dry-run -o yaml' 'value: ChkScript.sh'
 os::cmd::expect_success_and_text 'oadm ipfailover --virtual-ips="1.2.3.4" --notify-script="NotScript.sh" --dry-run -o yaml' 'value: NotScript.sh'
+os::cmd::expect_success_and_text 'oadm ipfailover --virtual-ips="1.2.3.4" --preemption-strategy="nopreempt" --dry-run -o yaml' 'value: nopreempt'
 os::cmd::expect_success_and_text 'oadm ipfailover --virtual-ips="1.2.3.4" --dry-run -o yaml --vrrp-id-offset=56' 'hostPort: 63056'
 os::cmd::expect_failure_and_text 'oadm ipfailover --virtual-ips="1.2.3.4" --dry-run -o yaml --vrrp-id-offset=255' 'error: The vrrp-id-offset must be in the range 0..254'
 os::cmd::expect_success 'oadm policy remove-scc-from-user privileged -z ipfailover'