@dereckson While testing and modifying the GRE tunnel, it took so long on Ysul that SSH stopped responding, and we lost access to the machine.

Now, regardless of whether router-002 or router-003 is the primary router, the tunnel with Windriver works perfectly. However, there is still an issue with Ysul: the tunnel works when router-003 is primary, but it does not work when router-002 is primary.

We noticed that Windriver is unable to ping the public IP addresses of router-002 and router-003. However, GRE tunnel creation is successful, and tunnel connectivity works with router-002, although pinging its public IP is still unsuccessful.

When creating a GRE tunnel to the alias IP of ysul as an endpoint the tunnel is unpingable however when creating the GRE tunnel using the public IP of ysul, GRE tunnel responds well to ping.
I suspect that the problem might come from using an alias IP as GRE endpoint that might cause this as it suggest encapsulation/decapsulation issues

I created and tested a Salt reactor that listens for the carp/master event sent by the routers. For now, the reactor only runs a test command on Ysul and Windriver to confirm that the event is correctly received and that the master can trigger actions on those hosts.

Test to validate Salt event emission and reception on the master :

Was initially caught by kzonecheck after deployment of the zone file, and before reloading knot.

• Tail /var/log/maillog and trigger compilation
  • Monitor in nagios (done while writing this)

When router-003 (The MASTER) become unavailable :

The script to test if we can access to the OVH credentials (application_key, application_secret, consumer_key):

The script to test the connection to Vault, using a YAML configuration file that tells the secretsmith client how to connect to Vault :

Software has been renamed to Redpanda Connect:

Ah, that's now what we need, nice for the script!

The file /usr/local/etc/devd/carp.conf :