1KEEPALIVED.CONF(5) File Formats Manual KEEPALIVED.CONF(5)
2
3
4
6 /etc/keepalived/keepalived.conf - configuration file for keepalived
7
9 keepalived.conf is the configuration file which describes all the
10 keepalived keywords. keywords are placed in hierachies of blocks (and
11 subblocks), each layer being delimited by '{' and '}' pairs.
12
13 Comments start with '#' or '!' to the end of the line and can start
14 anywhere in a line.
15
17 GLOBAL CONFIGURATION
18
19 VRRPD CONFIGURATION
20
21 LVS CONFIGURATION
22
24 contains subblocks of Global definitions and Static routes
25
27 global_defs # Block id
28 {
29 notification_email # To:
30 {
31 admin@example1.com
32 ...
33 }
34 # From: from address that will be in header
35 notification_email_from admin@example.com
36 smtp_server 127.0.0.1 # IP
37 smtp_connect_timeout 30 # integer, seconds
38 router_id my_hostname # string identifying the machine,
39 # (doesn't have to be hostname).
40 }
41
42
43
45 keepalived can configure static addresses and routes with ip (ie if
46 addresses are not already on the machine). These addresses are NOT
47 moved by vrrpd, they stay on the machine. If you already have IPs and
48 routes on your machines and your machines can ping each other, you
49 don't need this section.
50
51 The whole string is fed to ip addr add. You can truncate the string
52 anywhere you like and let ip addr add use defaults for the rest of the
53 string. If you just feed the string "192.168.1.1", the IP will be
54 192.168.1.1/32, which you probably don't want. This is different to
55 ifconfig which will configure the IP with the standard class, here
56 192.168.1.1/24. The minimum string then would be the IP/netmask, eg
57 192.168.1.1/24
58
59 static_ipaddress
60 {
61 192.168.1.1/24 brd + dev eth0 scope global
62 ...
63 }
64
65 The whole string is fed to ip route add. You can truncate the string
66 allowing ip route add to use defaults.
67
68 static_routes
69 {
70 src $SRC_IP to $DST_IP dev $SRC_DEVICE
71 ...
72 src $SRC_IP to $DST_IP via $GW dev $SRC_DEVICE
73 }
74
76 contains subblocks of VRRP synchronization group(s) and VRRP
77 instance(s)
78
80 #string, name of group of IPs that failover together
81 vrrp_sync_group VG_1 {
82 group {
83 inside_network # name of vrrp_instance (below)
84 outside_network # One for each moveable IP.
85 ...
86 }
87
88 # notify scripts and alerts are optional
89 #
90 # filenames of scripts to run on transitions
91 # can be unquoted (if just filename)
92 # or quoted (if has parameters)
93 # to MASTER transition
94 notify_master /path/to_master.sh
95 # to BACKUP transition
96 notify_backup /path/to_backup.sh
97 # FAULT transition
98 notify_fault "/path/fault.sh VG_1"
99
100 # for ANY state transition.
101 # "notify" script is called AFTER the
102 # notify_* script(s) and is executed
103 # with 3 arguments provided by keepalived
104 # (ie don't include parameters in the notify line).
105 # arguments
106 # $1 = "GROUP"|"INSTANCE"
107 # $2 = name of group or instance
108 # $3 = target state of transition
109 # ("MASTER"|"BACKUP"|"FAULT")
110 notify /path/notify.sh
111
112 # Send email notifcation during state transition,
113 # using addresses in global_defs above.
114 smtp_alert
115 }
116
117
119 describes the moveable IP for each instance of a group in
120 vrrp_sync_group. Here are described two IPs (on inside_network and on
121 outside_network), on machine "my_hostname", which belong to the group
122 VG_1 and which will transition together on any state change.
123 #You will need to write another block for outside_network.
124 vrrp_instance inside_network {
125 # Initial state, MASTER|BACKUP
126 # As soon as the other machine(s) come up,
127 # an election will be held and the machine
128 # with the highest "priority" will become MASTER.
129 # So the entry here doesn't matter a whole lot.
130 state MASTER
131
132 # interface for inside_network, bound by vrrp
133 interface eth0
134
135 # Ignore VRRP interface faults (default unset)
136 dont_track_primary
137
138 # optional, monitor these as well.
139 # go to FAULT state if any of these go down.
140 track_interface {
141 eth0
142 eth1
143 ...
144 }
145
146 #default IP for binding vrrpd is the primary IP
147 #on interface. If you want to hide location of vrrpd,
148 #use this IP as src_addr for multicast vrrp packets.
149 #(since it's multicast, vrrpd will get the reply
150 #packet no matter what src_addr is used).
151 #optional
152 mcast_src_ip <IPADDR>
153
154 # Binding interface for lvs syncd
155 lvs_sync_daemon_interface eth1
156
157 # delay for gratuitous ARP after transition to MASTER
158 garp_master_delay 10 # secs, default 5
159
160 # arbitary unique number 0..255
161 # used to differentiate multiple instances of vrrpd
162 # running on the same NIC (and hence same socket).
163 virtual_router_id 51
164
165 # for electing MASTER, highest priority wins.
166 # to be MASTER, make 50 more than other machines.
167 priority 100
168
169 # VRRP Advert interval, secs (use default)
170 advert_int 1
171 authentication { # Authentication block
172 # PASS||AH
173 # PASS - Simple Passwd (suggested)
174 # AH - IPSEC (not recommended))
175 auth_type PASS
176 # Password for accessing vrrpd.
177 # should be the same for all machines.
178 auth_pass 1234
179
180 #addresses add|del on change to MASTER, to BACKUP.
181 #With the same entries on other machines,
182 #the opposite transition will be occuring.
183 virtual_ipaddress {
184 <IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label
185 <LABEL>
186 192.168.200.17/24 dev eth1
187 192.168.200.18/24 dev eth2 label eth2:1
188 }
189
190 #VRRP IP excluded from VRRP
191 #optional.
192 #For cases with large numbers (eg 200) of IPs
193 #on the same interface. To decrease the number
194 #of packets sent in adverts, you can exclude
195 #most IPs from adverts.
196 #The IPs are add|del as for virtual_ipaddress.
197 virtual_ipaddress_excluded {
198 <IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE>
199 <IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE>
200 ...
201 }
202 # routes add|del when changing to MASTER, to BACKUP
203 virtual_routes {
204 # src <IPADDR> [to] <IPADDR>/<MASK> via|gw <IPADDR> dev
205 <STRING> scope <SCOPE> tab
206 src 192.168.100.1 to 192.168.109.0/24 via 192.168.200.254 dev
207 eth1
208 192.168.110.0/24 via 192.168.200.254 dev eth1
209 192.168.111.0/24 dev eth2
210 192.168.112.0/24 via 192.168.100.254
211 }
212
213 # VRRP will normally preempt a lower priority
214 # machine when a higher priority machine comes
215 # online. "nopreempt" allows the lower priority
216 # machine to maintain the master role, even when
217 # a higher priority machine comes back online.
218 # NOTE: For this to work, the initial state of this
219 # entry must be BACKUP.
220 nopreempt
221
222 # Seconds after startup until preemption
223 # (if not disabled by "nopreempt").
224 # Range: 0 (default) to 1,000
225 # NOTE: For this to work, the initial state of this
226 # entry must be BACKUP.
227 preempt_delay 300 # waits 5 minutes
228
229 # Debug level, not implemented yet.
230 debug
231
232 # notify scripts, alert as above
233 notify_master <STRING>|<QUOTED-STRING>
234 notify_backup <STRING>|<QUOTED-STRING>
235 notify_fault <STRING>|<QUOTED-STRING>
236 notify <STRING>|<QUOTED-STRING>
237 smtp_alert
238 }
239
240
242 contains subblocks of Virtual server group(s) and Virtual server(s)
243
244 The subblocks contain arguments for ipvsadm(8). A knowlege of
245 ipvsadm(8) will be helpful here.
246
248 # optional
249 # this groups allows a service on a real_server
250 # to belong to multiple virtual services
251 # and to be only health checked once.
252 # Only for very large LVSs.
253 virtual_server_group <STRING> {
254 #VIP port
255 <IPADDR> <PORT>
256 <IPADDR> <PORT>
257 ...
258 #
259 # <IPADDR RANGE> has the form
260 # XXX.YYY.ZZZ.WWW-VVV eg 192.168.200.1-10
261 # range includes both .1 and .10 address
262 <IPADDR RANGE> <PORT># VIP range VPORT
263 <IPADDR RANGE> <PORT>
264 ...
265 fwmark <INT> # fwmark
266 fwmark <INT>
267 ... }
268
269
271 A virtual_server can be a declaration of one of
272
273 vip vport (IPADDR PORT pair)
274
275 fwmark <INT>
276
277 (virtual server) group <STRING>
278
279 #setup service
280 virtual_server IP port |
281 virtual_server fwmark int |
282 virtual_server group string
283 {
284 # delay timer for service polling
285 delay_loop <INT>
286
287 # LVS scheduler
288 lb_algo rr|wrr|lc|wlc|lblc|sh|dh
289 # LVS forwarding method
290 lb_kind NAT|DR|TUN
291 # LVS persistence timeout, sec
292 persistence_timeout <INT>
293 # LVS granularity mask (-M in ipvsadm)
294 persistence_granularity <NETMASK>
295 # Only TCP is implemented
296 protocol TCP
297 # If VS IP address is not set,
298 # suspend healthchecker's activity
299 ha_suspend
300
301 # VirtualHost string for HTTP_GET or SSL_GET
302 # eg virtualhost www.firewall.loc
303 virtualhost <STRING>
304
305 # Assume silently all RSs down and healthchecks
306 # failed on start. This helps preventing false
307 # positive actions on startup. Alpha mode is
308 # disabled by default.
309 alpha
310
311 # On daemon shutdown, consider quorum and RS
312 # down notifiers for execution, where appropriate.
313 # Omega mode is disabled by default.
314 omega
315
316 # Minimum total weight of all live servers in
317 # the pool necessary to operate VS with no
318 # quality regression. Defaults to 1.
319 quorum <INT>
320
321 # Tolerate this much weight units compared to the
322 # nominal quorum, when considering quorum gain
323 # or loss. A flap dampener. Defaults to 0.
324 hysteresis <INT>
325
326 # Script to launch when quorum is gained.
327 quorum_up <STRING>|<QUOTED-STRING>
328
329 # Script to launch when quorum is lost.
330 quorum_down <STRING>|<QUOTED-STRING>
331
332
333 # setup realserver(s)
334
335 # RS to add when all realservers are down
336 sorry_server <IPADDR> <PORT>
337
338 # one entry for each realserver
339 real_server <IPADDR> <PORT>
340 {
341 # relative weight to use, default: 1
342 weight <INT>
343 # Set weight to 0
344 # when healthchecker detects failure
345 inhibit_on_failure
346
347 # Script to launch when healthchecker
348 # considers service as up.
349 notify_up <STRING>|<QUOTED-STRING>
350 # Script to launch when healthchecker
351 # considers service as down.
352 notify_down <STRING>|<QUOTED-STRING>
353
354 # pick one healthchecker
355 # HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK
356
357 # HTTP and SSL healthcheckers
358 HTTP_GET|SSL_GET
359 {
360 # A url to test
361 # can have multiple entries here
362 url {
363 #eg path / , or path /mrtg2/
364 path <STRING>
365 # healthcheck needs status_code
366 # or status_code and digest
367 # Digest computed with genhash
368 # eg digest 9b3a0c85a887a256d6939da88aabd8cd
369 digest <STRING>
370 # status code returned in the HTTP header
371 # eg status_code 200
372 status_code <INT>
373 }
374 #IP, tcp port for service on realserver
375 connect_port <PORT>
376 bindto <IPADDR>
377 # Timeout connection, sec
378 connect_timeout <INT>
379 # number of get retry
380 nb_get_retry <INT>
381 # delay before retry
382 delay_before_retry <INT>
383 } #HTTP_GET|SSL_GET
384
385 #TCP healthchecker (bind to IP port)
386 TCP_CHECK
387 {
388 connect_port <PORT>
389 bindto <IPADDR>
390 connect_timeout <INT>
391 } #TCP_CHECK
392
393 # SMTP healthchecker
394 SMTP_CHECK
395 {
396 # An optional host interface to check.
397 # If no host directives are present, only
398 # the ip address of the real server will
399 # be checked.
400 host {
401 # IP address to connect to
402 connect_ip <IP ADDRESS>
403 # Optional port to connect to if not
404 # the default of 25
405 connect_port <PORT>
406 # Optional interface to use to
407 # originate the connection
408 bindto <IP ADDRESS>
409 }
410 # Connection and read/write timeout
411 # in seconds
412 connect_timeout <INTEGER>
413 # Number of times to retry a failed check
414 retry <INTEGER>
415 # Delay in seconds before retrying
416 delay_before_retry <INTEGER>
417 # Optional string to use for the smtp HELO request
418 helo_name <STRING>|<QUOTED-STRING>
419 } #SMTP_CHECK
420
421 #MISC healthchecker, run a program
422 MISC_CHECK
423 {
424 # External system script or program
425 misc_path <STRING>|<QUOTED-STRING>
426 # Script execution timeout
427 misc_timeout <INT>
428
429 # If set, exit code from healthchecker is used
430 # to dynamically adjust the weight as follows:
431 # exit status 0: svc check success, weight
432 # unchanged.
433 # exit status 1: svc check failed.
434 # exit status 2-255: svc check success, weight
435 # changed to 2 less than exit status.
436 # (for example: exit status of 255 would set
437 # weight to 253)
438 misc_dynamic
439 }
440 } # realserver defn
441 } # virtual service
442
443
444
446 Joseph Mack.
447 Information derived from doc/keepalived.conf.SYNOPSIS, doc/sam‐
448 ples/keepalived.conf.* and Changelog by Alexandre Cassen for
449 keepalived-1.1.4, and from HOWTOs by Adam Fletcher and Vince Worthing‐
450 ton.
451
453 ipvsadm(8), ip --help.
454
455
456
4574th Berkeley Distribution Jan 2004 KEEPALIVED.CONF(5)