1KEEPALIVED(8) System Manager's Manual KEEPALIVED(8)
2
6 keepalived - load-balancing and high-availability service
7
10 keepalived [-f|--use-file=FILE] [-P|--vrrp] [-C|--check] [-B|--no_bfd]
11 [--all] [-l|--log-console] [-D|--log-detail] [-S|--log-facility={0-7}]
12 [-g|--log-file=FILE] [--flush-log-file] [-G|--no-syslog]
13 [-X|--release-vips] [-V|--dont-release-vrrp] [-I|--dont-release-ipvs]
14 [-R|--dont-respawn] [-n|--dont-fork] [-d|--dump-conf] [-p|--pid=FILE]
15 [-r|--vrrp_pid=FILE] [-c|--checkers_pid=FILE] [-a|--address-monitoring]
16 [-b|--bfd_pid=FILE] [-s|--namespace=NAME] [-i|--config-id id]
17 [-x|--snmp] [-A|--snmp-agent-socket=FILE] [-u|--umask=NUMBER]
18 [-m|--core-dump] [-M|--core-dump-pattern[=PATTERN]] [--signum=SIGFUNC]
19 [-t|--config-test[=FILE]] [--perf[={all|run|end}]] [--debug[=debug-
20 options]] [-v|--version] [-h|--help]
21
24 Keepalived provides simple and robust facilities for load-balancing and
25 high-availability. The load-balancing framework relies on the
26 well-known and widely used Linux Virtual Server (IPVS) kernel module
27 providing Layer4 load-balancing. Keepalived implements a set of
28 checkers to dynamically and adaptively maintain and manage a
29 load-balanced server pool according to their health. Keepalived also
30 implements the VRRPv2 and VRRPv3 protocols to achieve high-availability
31 with director failover.
32
35 -f, --use-file=FILE
36 Use the specified configuration file. The default configuration
37 file is "/etc/keepalived/keepalived.conf".
38 -P, --vrrp
40 Only run the VRRP subsystem. This is useful for configurations
41 that do not use the IPVS load balancer.
42 -C, --check
44 Only run the healthcheck subsystem. This is useful for
45 configurations that use the IPVS load balancer with a single
46 director with no failover.
47 -B, --no_bfd
49 Don't run the BFD subsystem.
50 --all Run all subsystems, even if they have no configuration.
52 -l, --log-console
54 Log messages to the local console. The default behavior is to
55 log messages to syslog.
56 -D, --log-detail
58 Detailed log messages.
59 -S, --log-facility=[0-7]
61 Set syslog facility to LOG_LOCAL[0-7]. The default syslog
62 facility is LOG_DAEMON.
63 -g, --log-file=FILE
65 Write log entries to FILE. FILE will have _vrrp,
66 _healthcheckers, and _bfd inserted before the last '.' in FILE
67 for the log output for those processes.
68 --flush-log-file
70 If using the -g option, the log file stream will be flushed
71 after each write.
72 -G, --no-syslog
74 Do not write log entries to syslog. This can be useful if the
75 rate of writing log entries is sufficiently high that syslog
76 will rate limit them, and the -g option is used instead.
77 -X, --release-vips
79 Drop VIP on transition from signal.
80 -V, --dont-release-vrrp
82 Don't remove VRRP VIPs and VROUTEs on daemon stop. The default
83 behavior is to remove all VIPs and VROUTEs when keepalived
84 exits.
85 -I, --dont-release-ipvs
87 Don't remove IPVS topology on daemon stop. The default behavior
88 it to remove all entries from the IPVS virtual server table when
89 keepalived exits.
90 -R, --dont-respawn
92 Don't respawn child processes. The default behavior is to
93 restart the VRRP and checker processes if either process exits.
94 -n, --dont-fork
96 Don't fork the daemon process. This option will cause keepalived
97 to run in the foreground.
98 -d, --dump-conf
100 Dump the configuration data.
101 -p, --pid=FILE
103 Use the specified pidfile for the parent keepalived process. The
104 default pidfile for keepalived is "/run/keepalived.pid", unless
105 a network namespace is being used. See NAMESPACES below for more
106 details.
107 -r, --vrrp_pid=FILE
109 Use the specified pidfile for the VRRP child process. The
110 default pidfile for the VRRP child process is
111 "/run/keepalived_vrrp.pid", unless a network namespace is being
112 used.
113 -c, --checkers_pid=FILE
115 Use the specified pidfile for checkers child process. The
116 default pidfile for the checker child process is
117 "/run/keepalived_checkers.pid" unless a network namespace is
118 being used.
119 -a, --address-monitoring
121 Log all address additions/deletions reported by netlink.
122 -b, --bfd_pid=FILE
124 Use the specified pidfile for the BFD child process. The default
125 pidfile for the BFD child process is "/run/keepalived_bfd.pid"
126 unless a network namespace is being used.
127 -s, --namespace=NAME
129 Run keepalived in network namespace NAME. See NAMESPACES below
130 for more details.
131 -i, --config-id ID
133 Use configuration id ID, for conditional configuration (defaults
134 to hostname without the domain name).
135 -x, --snmp
137 Enable the SNMP subsystem.
138 -A, --snmp-agent-socket=FILE
140 Use the specified socket for connection to SNMP master agent.
141 -u, --umask=NUMBER
143 The umask specified in the usual numeric way - see man umask(2)
144 -m, --core-dump
146 Override the RLIMIT_CORE hard and soft limits to enable
147 keepalived to produce a coredump in the event of a segfault or
148 other failure. This is most useful if keepalived has been built
149 with 'make debug'. Core dumps will be created in /, unless
150 keepalived is run with the --dont-fork option, in which case
151 they will be created in the directory from which keepalived was
152 run, or they will be created in the directory of a configuraton
153 file if the fault occurs while reading the file.
154 -M, --core-dump-pattern[=PATTERN]
156 Sets option --core-dump, and also updates
157 /proc/sys/kernel/core_pattern to the pattern specified, or
158 'core' if none specified. Provided the parent process doesn't
159 terminate abnormally, it will restore
160 /proc/sys/kernel/core_pattern to its original value on exit.
161 Note: This will also affect any other process producing a core
163 dump while keepalived is running.
164 --signum=PATTERN
166 Returns the signal number to use for STOP, RELOAD, DATA, STATS,
167 STATS_CLEAR and JSON. For example, to stop keepalived running,
168 execute:
169 kill -s $(keepalived --signum=STOP) $(cat /run/keepalived.pid)
171 -t, --config-test[=FILE]
173 Keepalived will check the configuration file and exit with non-
174 zero exit status if there are errors in the configuration,
175 otherwise it exits with exit status 0 (see Exit status below for
176 details).
177 Rather that writing to syslog, it will write diagnostic messages
179 to stderr unless file is specified, in which case it will write
180 to the file.
181 --perf[={all|run|end}]
183 Record perf data for vrrp process. Data will be written to
184 /perf_vrrp.data. The data recorded is for use with the perf
185 tool.
186 --debug[=debug-options]]
188 Enables debug options if they have been compiled into
189 keepalived. debug-options is made up of a sequence of strings
190 of the form Ulll.
191 The upper case letter specifies the debug option, and the lower
192 case letters specify for which processes the option is to be
193 enabled.
194 If a debug option is not followed by any lower case letters, the
195 debug option is enabled for all processes.
196 The characters to identify the processes are:
198 Chr Process
200 ──────────────────────
201 p Parent process
202 b BFD process
204 c Checker process
205 v VRRP process
206 The characters used to identify the debug options are:
208 Chr Debug option
210 ────────────────────────
211 D Epoll thread dump
212 E Epoll debug
213 F VRRP fd debug
214 N Netlink timers
215 P Network timestamp
216 X Regex timers
217 M Email alert debug
218 T Timer debug
219 S TSM debug
220 R Regex debug
221 Example: --debug=DvEcvNR
223 -v, --version
225 Display the version and exit.
226 -h, --help
228 Display this help message and exit.
229 Exit status:
231 0 if OK
232 1 if unable to malloc memory
234 2 if cannot initialise subsystems
236 3 if running with --config-test and configuration cannot be run
238 4 if running with --config-test and there are configuration errors
240 but keepalived will run after modifying the configuration
241 5 if running with --config-test and script security hasn't been
243 enabled but scripts are configured.
244
246 keepalived can be run in a network namespace (see keepalived.conf(5)
247 for configuration details). When run in a network namespace, a local
248 mount namespace is also created, and
249 /run/keepalived/keepalived_NamespaceName is mounted on /run/keepalived.
250 By default, pid files with the usual default names are then created in
251 /run/keepalived from the perspective of a process in the mount
252 namespace, and they will be visible in
253 /run/keepalived/keepalived_NamespaceName for a process running in the
254 default mount namespace.
255
258 keepalived reacts to a set of signals. You can send a signal to the
259 parent keepalived process using the following:
260 kill -SIGNAL $(cat /run/keepalived.pid)
262 or better:
264 kill -s $(keepalived --signum=SIGFUNC) $(cat /run/keepalived.pid)
266 Note that if the first option is used, -SIGNAL must be replaced with
268 the actual signal you are trying to send, e.g. with HUP. So it then
269 becomes:
270 kill -HUP $(cat /run/keepalived.pid)
272 Signals other than for STOP, RELOAD, DATA and STATS may change
274 depending on the kernel, and also what functionality is included in the
275 version of the keepalived depending on the build options used.
276 HUP or SIGFUNC=RELOAD
278 This causes keepalived to close down all interfaces, reload its
279 configuration, and start up with the new configuration.
280 TERM, INT or SIGFUNC=STOP
282 keepalived will shut down.
283 USR1 or SIGFUNC=DATA
285 Write configuration data to /tmp/keepalived.data
286 USR2 or SIGFUNC=STATS
288 Write statistics info to /tmp/keepalived.stats
289 SIGFUNC=STATS_CLEAR
291 Write statistics info to /tmp/keepalived.stats and clear the
292 statistics counters
293 SIGFUNC=JSON
295 Write configuration data in JSON format to /tmp/keepalived.json
296
298 If you are running a firewall (see firewalld(8)) you must allow VRRP
299 protocol traffic through the firewall. For example if this instance of
300 keepalived(8) has a peer node on IPv4 address 192.168.0.1:
301 # firewall-cmd \
303 --add-rich-rule="rule family='ipv4' \
304 source address='192.168.0.1' \
305 protocol value='vrrp' accept" --permanent
306 # firewall-cmd --reload
307
309 keepalived.conf(5), ipvsadm(8)
310
313 This man page was written by Ryan O'Hara <rohara@redhat.com>
314 July 2018 KEEPALIVED(8)