openstack
/
openstack-ansible-haproxy_server
Code Issues Proposed changes

Describe in detail why external and internal keepalived ping addresses should be separated 

Change-Id: Iae5c21ee0d604fb015593337815840981ab10ef9
This commit is contained in:
Marcus Klein 2021-12-24 15:32:15 +01:00
parent 036708b9ca
commit 00587968ac
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/source/configure-haproxy.rst
View File

@ -128,6 +128,13 @@ By default, OpenStack-Ansible configures keepalived to ping one of the root
DNS servers operated by RIPE. You can change this IP address to a different
external address or another address on your internal network.
If external connectivity fails, it is important that internal services can
still access an HAProxy instance. In a situation, when ping to some external
host fails and internal ping is not separated, all keepalived instances enter
the fault state despite internal connectivity being still available. Separate
ping check for internal and external connectivity ensures that when one
instance fails the other VIP remains in operation.
Securing HAProxy communication with SSL certificates
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~