High availability stack

[gsanchietti]

This pull request includes several changes to the config/ha.conf file to add new packages and configurations for high availability (HA) support. The most important changes include adding packages for network functionality and keepalived configurations.

Added packages:

• keepalived
• conntrackd
• luci-app-keepalived

Current status:

• IP switch is working
• services are not restarted on the secondary machine

Limitations:

• WAN must be configured in DHCP
• SSH must listen on port 22

The following configurations are not synchronized:

• static routes

The following configurations are not supported:

• external storage
• WAN with PPPoE

See the README for the usage.

Improvements:

• create an API that automatically configures the ethernet interface
• import latest version of keepalived from upstream master: it contains important fixes
• disable heartbeat and inventory on secondary, enable it on primary
• disable controller connection, enable it on primary
• disable phonehome on secondary, enable it on primary
• disable crontab monitoring on secondary, enable it on primary
• disable remote backup on secondary, enable it on primary
• sync backup encryption password
• support static IP on wan scenario
• setup conntrackd (to be tested)
• use a custom dropbear configuration with a different port
• generate a strong password for vrrp authentication

Synchronize missing applications:

• ns-plug config file
• OpenVPN
• IPsec
• rsyslog
• nginx with certificates and proxy pass
• mwan3
• hotspot: note that when a mac address changes, a new registration is required
• qos
• users db
• objects db
• netmap
• banip db, local allowlist and local blocklist
• flashstart
• dpi db, dpi signatures
• nat helpers
• adblock
• netifyd informatics configuration
• dyndns
• snmp
• smtp
• extra packages

See also:

• https://openwrt.org/docs/guide-user/network/high-availability
• https://forum.openwrt.org/t/keepalived-sync-docs-and-config-examples/184531