On 04.03.24 20:00, caspernetherlands@gmail.com wrote:
It doesn’t seem terribly different from VRRP which I am familiar with since it seems like keepalived is based on the same RFC’s anyway.
Yes, keepalived is indeed doing VRRP for the "switch over per floating IP" part of its functionality.
I only don’t understand one of your comments:
What stunnel AFAIK does *not* do is check the backends for liveliness and do failovers *for them*. You'd need something external to keep tabs on the backends "remotely" (which keepalived doesn't do), and restart
What do you mean by this?
You did not specify *which* service (stunnel or its backends) you want to HA, nor *which* set of machines is supposed to *do* the failover.
If you want the stunnel machines to failover stunnel, VRRP can do that. Same if you want the backends to failover the backend service.
The third possibility is that you want the frontends (to run stunnel and) switch from one backend to the other (assuming that they're separate machines, of course), like a load balancer would. Then your HA solution needs to remotely sense which backends are currently operational, and instruct the stunnels to switch away from a TILT one to one of the OK ones. keepalived is not particularly suited to do *that*, and restarting the stunnels would leave you with an additional (if very short) outage still.
Kind regards,