Describe in detail why external and internal keepalived ping addresses should be separated
Change-Id: Iae5c21ee0d604fb015593337815840981ab10ef9
This commit is contained in:
parent
18bcb0f2eb
commit
d9fa4351db
@ -128,6 +128,13 @@ By default, OpenStack-Ansible configures keepalived to ping one of the root
|
|||||||
DNS servers operated by RIPE. You can change this IP address to a different
|
DNS servers operated by RIPE. You can change this IP address to a different
|
||||||
external address or another address on your internal network.
|
external address or another address on your internal network.
|
||||||
|
|
||||||
|
If external connectivity fails, it is important that internal services can
|
||||||
|
still access an HAProxy instance. In a situation, when ping to some external
|
||||||
|
host fails and internal ping is not separated, all keepalived instances enter
|
||||||
|
the fault state despite internal connectivity being still available. Separate
|
||||||
|
ping check for internal and external connectivity ensures that when one
|
||||||
|
instance fails the other VIP remains in operation.
|
||||||
|
|
||||||
Securing HAProxy communication with SSL certificates
|
Securing HAProxy communication with SSL certificates
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user