February 2, 20251 yr Anyone know if there is a pihole docker image with keepalived in there ? I am looking to make my pihole setup more redundant. Orbitalsync (if you add the appropriate variable to sync static ip addresses) works fine for keeping the configuration inline, but I need to find a way to "failover" to the secondary system in case of unavailability of the primary one. Seems like I can do this on my VM running pihole (primary) but my secondary is a docker...
February 2, 20251 yr Community Expert I'd recommend installing and using the lxc plugging and make a Debian os host install pihole and keepalived: as seen here: https://dchan.tech/books/pi-hole/page/high-availability-pi-hole-setup-using-keepalived and https://dchan.tech/books/pi-hole/page/high-availability-pi-hole-setup-using-keepalived there are some inherit issues with gravity sync and pihole to coexist within the same docker environment due to how pihole is running and release in a docker. I was unable to find a github/docker image/ nor group that docker image packages both keepalived and pihole together... I'm a fan of zapyzaps docker verion: https://hub.docker.com/r/devzwf/pihole-dot-doh phile, doh/dot, unbound intergration... etc... I ahve moved to adguard for me dns features and tools... However You can make your own docker installing both...: mkdir /mnt/user/appdata/piholekeepalive cd /mnt/user/appdata/piholekeepalive touch dockerfile nano dockerfile Docker file: FROM devzwf/pihole-dot-doh:latest # Install keepalived RUN apt-get update && \ apt-get install -y keepalived && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* # Copy Keepalived configuration files (optional example path) COPY keepalived.conf /etc/keepalived/keepalived.conf # Expose necessary ports (default Pi-hole and DNS ports) EXPOSE 53/tcp 53/udp 80/tcp 443/tcp 67/udp # Health check HEALTHCHECK CMD dig @127.0.0.1 pi-hole.net || exit 1 CMD ["/start.sh"] docker run example: #!/bin/bash docker run -d \ --name pihole-keepalive \ --restart=unless-stopped \ --hostname pihole \ --net=host \ -v /mnt/user/appdata/piholekeepalive/etc-pihole:/etc/pihole \ -v /mnt/user/appdata/piholekeepalive/etc-dnsmasq.d:/etc/dnsmasq.d \ -v /mnt/user/appdata/piholekeepalive/keepalived.conf:/etc/keepalived/keepalived.conf \ -e TZ="America/New_York" \ # Set your timezone -e WEBPASSWORD="your_password_here" \ # Set Pi-hole admin password -e DNSMASQ_LISTENING="all" \ -e PIHOLE_DNS_1="127.0.0.1#5335" \ -e PIHOLE_DNS_2="1.1.1.1" \ --cap-add=NET_ADMIN \ --cap-add=NET_RAW \ pihole-keepalive:latest example eepalived.conf: vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass securepassword } virtual_ipaddress { 192.168.1.100/24 } track_script { chk_pihole } } vrrp_script chk_pihole { script "pgrep pihole-FTL" interval 2 weight 2 } I have no interest in building and maintainingg this... You can if you want...
February 2, 20251 yr I second the idea of using LXC. That is what i use myself for pihole with keepalived. I also recommend looking into Orbital Sync rather than gravity sync.
February 2, 20251 yr Author I tried this in another way (did not read your reply yet). i installed two vm’s and set them up for keepalived… it seems however that it will not work since unraid does not have “promiscues mode” enabled on the bridge… does that sound logical ?
February 2, 20251 yr Author Just now, primeval_god said: I second the idea of using LXC. That is what i use myself for pihole with keepalived. I also recommend looking into Orbital Sync rather than gravity sync. Am already using orbitalsync, with the extra variable it keeps the configs perfectly in sync.
February 2, 20251 yr Just now, Helmonder said: Am already using orbitalsync, with the extra variable it keeps the configs perfectly in sync. Yeah i see that now. I saw gravity sync mentioned in the reply I my mind just went "Must mention the alternative" lol .
February 2, 20251 yr Author 1 hour ago, bmartino1 said: I'd recommend installing and using the lxc plugging and make a Debian os host install pihole and keepalived: as seen here: https://dchan.tech/books/pi-hole/page/high-availability-pi-hole-setup-using-keepalived and https://dchan.tech/books/pi-hole/page/high-availability-pi-hole-setup-using-keepalived there are some inherit issues with gravity sync and pihole to coexist within the same docker environment due to how pihole is running and release in a docker. I was unable to find a github/docker image/ nor group that docker image packages both keepalived and pihole together... I'm a fan of zapyzaps docker verion: https://hub.docker.com/r/devzwf/pihole-dot-doh phile, doh/dot, unbound intergration... etc... I ahve moved to adguard for me dns features and tools... However You can make your own docker installing both...: mkdir /mnt/user/appdata/piholekeepalive cd /mnt/user/appdata/piholekeepalive touch dockerfile nano dockerfile Docker file: FROM devzwf/pihole-dot-doh:latest # Install keepalived RUN apt-get update && \ apt-get install -y keepalived && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* # Copy Keepalived configuration files (optional example path) COPY keepalived.conf /etc/keepalived/keepalived.conf # Expose necessary ports (default Pi-hole and DNS ports) EXPOSE 53/tcp 53/udp 80/tcp 443/tcp 67/udp # Health check HEALTHCHECK CMD dig @127.0.0.1 pi-hole.net || exit 1 CMD ["/start.sh"] docker run example: #!/bin/bash docker run -d \ --name pihole-keepalive \ --restart=unless-stopped \ --hostname pihole \ --net=host \ -v /mnt/user/appdata/piholekeepalive/etc-pihole:/etc/pihole \ -v /mnt/user/appdata/piholekeepalive/etc-dnsmasq.d:/etc/dnsmasq.d \ -v /mnt/user/appdata/piholekeepalive/keepalived.conf:/etc/keepalived/keepalived.conf \ -e TZ="America/New_York" \ # Set your timezone -e WEBPASSWORD="your_password_here" \ # Set Pi-hole admin password -e DNSMASQ_LISTENING="all" \ -e PIHOLE_DNS_1="127.0.0.1#5335" \ -e PIHOLE_DNS_2="1.1.1.1" \ --cap-add=NET_ADMIN \ --cap-add=NET_RAW \ pihole-keepalive:latest example eepalived.conf: vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass securepassword } virtual_ipaddress { 192.168.1.100/24 } track_script { chk_pihole } } vrrp_script chk_pihole { script "pgrep pihole-FTL" interval 2 weight 2 } I have no interest in building and maintainingg this... You can if you want... I actually did it a bit differently (did not see your reply yet) and installed two fresh piholes in ubuntu vm's and installed keepalive on them.. The install is succesfull but it seems the virtual address cannot be reached and this might be related to "promiscues mode" not beiing enabled on the unraid bridge... Does that sound like something to anyone ?
February 2, 20251 yr Author 33 minutes ago, Helmonder said: I actually did it a bit differently (did not see your reply yet) and installed two fresh piholes in ubuntu vm's and installed keepalive on them.. The install is succesfull but it seems the virtual address cannot be reached and this might be related to "promiscues mode" not beiing enabled on the unraid bridge... Does that sound like something to anyone ? Solved my own issue.... Apparently everything was correct but the ARP was confused... I flushed the network tables and that solved the issue !
February 2, 20251 yr Author Dang.... I think I just realised that all of this was completely useless.... The whole thing works... But before this I just had a primary and a secondary DNS server so it never was an issue... I use Pihole as my dhcp server... And the idea was to make sure that I would always have a dhcp server running at the virtual address.. However.. That means I have to have both pihole serves with active DHCP... and DHCP requests will just be answered by both piholes... Useless... Damn.. stupid me ...
February 4, 20251 yr Community Expert ? unraid is packaged with dhcpd. ? vm forbidden router run openwrt/pfsense/ipfire in a vm Would need more info to assist. as you can invite trouble by running 2 dhcp server with the same subnet.
February 15, 20251 yr I run a 2 pihole system, the dhcp issues can be worked around by having the static dhcp leases the same for both piholes (using whatever method you prefer), but dynamic ranges should not clash. Therefore anything with a static lease gets the same IP from either pihole and anything that is truly dynamic will get a lease from the unique range for the first to answer pihole. pihole1 = 192.168.0.41 - 192.168.0.140 pihole2 = 192.168.0.141 - 192.168.0.240 This appears simpler and safer than stopping/starting DHCP on keepalived failover. Admittedly I run 95% static but have not had issues with static dhcp leases or dynamic in 5+ years.
March 15, 20251 yr This works for me: sudo apt update && sudo apt install keepalived -y sudo nano /etc/keepalived/keepalived.conf vrrp_instance FAILOVER { state BACKUP interface eth0 # Change if using Wi-Fi (wlan0) virtual_router_id 51 priority 90 # Lower than Master (Unraid) advert_int 2 authentication { auth_type PASS auth_pass 12345 } virtual_ipaddress { IP.TO.TAKE.OVER/24 dev eth0 } track_script { check_unraid } } vrrp_script check_unraid { script "/bin/ping -c 3 -W 2 IP.TO.TAKE.OVER || exit 1" interval 5 weight 5 } When IP.TO.TAKE.OVER no longer responds to ping, my physical pihole assumes the IP.TO.TAKE.OVER.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.