1KEEPALIVED(8)               System Manager's Manual              KEEPALIVED(8)
2
3
4

NAME

6       keepalived - load-balancing and high-availability service
7
8

SYNOPSIS

10       keepalived [-f|--use-file=FILE] [-P|--vrrp] [-C|--check] [-B|--no_bfd]
11       [--all] [-l|--log-console] [-D|--log-detail]
12       [-S|--log-facility={0-7|local{0-7}|user|daemon}] [-g|--log-file=FILE]
13       [--flush-log-file] [-G|--no-syslog] [-X|--release-vips]
14       [-V|--dont-release-vrrp] [-I|--dont-release-ipvs] [-R|--dont-respawn]
15       [-n|--dont-fork] [-d|--dump-conf] [-p|--pid=FILE] [-r|--vrrp_pid=FILE]
16       [-c|--checkers_pid=FILE] [-a|--address-monitoring] [-b|--bfd_pid=FILE]
17       [-s|--namespace=NAME] [-e|--all-config] [-i|--config-id id] [-x|--snmp]
18       [-A|--snmp-agent-socket=FILE] [-u|--umask=NUMBER] [-m|--core-dump]
19       [-M|--core-dump-pattern[=PATTERN]] [--signum=SIGFUNC]
20       [-t|--config-test[=FILE]] [--perf[={all|run|end}]] [--debug[=debug-
21       options]] [--no-mem-check] [-v|--version] [-h|--help]
22
23

DESCRIPTION

25       Keepalived provides simple and robust facilities for load-balancing and
26       high-availability. The load-balancing framework relies on the
27       well-known and widely used Linux Virtual Server (IPVS) kernel module
28       providing Layer4 load-balancing. Keepalived implements a set of
29       checkers to dynamically and adaptively maintain and manage a
30       load-balanced server pool according to their health. Keepalived also
31       implements the VRRPv2 and VRRPv3 protocols to achieve high-availability
32       with director failover.
33
34

OPTIONS

36        -f, --use-file=FILE
37              Use the specified configuration file. The default configuration
38              file is "/usr/local/etc/keepalived/keepalived.conf".
39
40        -P, --vrrp
41              Only run the VRRP subsystem. This is useful for configurations
42              that do not use the IPVS load balancer.
43
44        -C, --check
45              Only run the healthcheck subsystem. This is useful for
46              configurations that use the IPVS load balancer with a single
47              director with no failover.
48
49        -B, --no_bfd
50              Don't run the BFD subsystem.
51
52        --all Run all subsystems, even if they have no configuration.
53
54        -l, --log-console
55              Log messages to the local console. The default behavior is to
56              log messages to syslog.
57
58        -D, --log-detail
59              Detailed log messages.
60
61        -S, --log-facility={0-7|local{0-7}|user|daemon}
62              Set syslog facility to LOG_LOCAL[0-7], LOG_USER or LOG_DAEMON.
63              The default syslog facility is LOG_DAEMON.
64
65        -g, --log-file=FILE
66              Write log entries to FILE. FILE will have _vrrp,
67              _healthcheckers, and _bfd inserted before the last '.' in FILE
68              for the log output for those processes.
69
70        --flush-log-file
71              If using the -g option, the log file stream will be flushed
72              after each write.
73
74        -G, --no-syslog
75              Do not write log entries to syslog. This can be useful if the
76              rate of writing log entries is sufficiently high that syslog
77              will rate limit them, and the -g option is used instead.
78
79        -X, --release-vips
80              Drop VIP on transition from signal.
81
82        -V, --dont-release-vrrp
83              Don't remove VRRP VIPs and VROUTEs on daemon stop. The default
84              behavior is to remove all VIPs and VROUTEs when keepalived
85              exits.
86
87        -I, --dont-release-ipvs
88              Don't remove IPVS topology on daemon stop. The default behavior
89              it to remove all entries from the IPVS virtual server table when
90              keepalived exits.
91
92        -R, --dont-respawn
93              Don't respawn child processes. The default behavior is to
94              restart the VRRP and checker processes if either process exits.
95
96        -n, --dont-fork
97              Don't fork the daemon process. This option will cause keepalived
98              to run in the foreground.
99
100        -d, --dump-conf
101              Dump the configuration data.
102
103        -p, --pid=FILE
104              Use the specified pidfile for the parent keepalived process. The
105              default pidfile for keepalived is "/run/keepalived.pid", unless
106              a network namespace is being used. See NAMESPACES below for more
107              details.
108
109        -r, --vrrp_pid=FILE
110              Use the specified pidfile for the VRRP child process. The
111              default pidfile for the VRRP child process is
112              "/run/keepalived_vrrp.pid", unless a network namespace is being
113              used.
114
115        -c, --checkers_pid=FILE
116              Use the specified pidfile for checkers child process. The
117              default pidfile for the checker child process is
118              "/run/keepalived_checkers.pid" unless a network namespace is
119              being used.
120
121        -a, --address-monitoring
122              Log all address additions/deletions reported by netlink.
123
124        -b, --bfd_pid=FILE
125              Use the specified pidfile for the BFD child process. The default
126              pidfile for the BFD child process is "/run/keepalived_bfd.pid"
127              unless a network namespace is being used.
128
129        -s, --namespace=NAME
130              Run keepalived in network namespace NAME. See NAMESPACES below
131              for more details.
132
133        -e, --all-config
134              Don't load if any configuration file is missing or cannot be
135              read.
136
137        -i, --config-id ID
138              Use configuration id ID, for conditional configuration (defaults
139              to hostname without the domain name).
140
141        -x, --snmp
142              Enable the SNMP subsystem.
143
144        -A, --snmp-agent-socket=FILE
145              Use the specified socket for connection to SNMP master agent.
146
147        -u, --umask=NUMBER
148              The umask specified in the usual numeric way - see man umask(2)
149
150        -m, --core-dump
151              Override the RLIMIT_CORE hard and soft limits to enable
152              keepalived to produce a coredump in the event of a segfault or
153              other failure.  This is most useful if keepalived has been built
154              with 'make debug'.  Core dumps will be created in /, unless
155              keepalived is run with the --dont-fork option, in which case
156              they will be created in the directory from which keepalived was
157              run, or they will be created in the directory of a configuraton
158              file if the fault occurs while reading the file.
159
160        -M, --core-dump-pattern[=PATTERN]
161              Sets option --core-dump, and also updates
162              /proc/sys/kernel/core_pattern to the pattern specified, or
163              'core' if none specified.  Provided the parent process doesn't
164              terminate abnormally, it will restore
165              /proc/sys/kernel/core_pattern to its original value on exit.
166
167              Note: This will also affect any other process producing a core
168              dump while keepalived is running.
169
170        --signum=PATTERN
171              Returns the signal number to use for STOP, RELOAD, DATA, STATS,
172              STATS_CLEAR, JSON and TDATA.  For example, to stop keepalived
173              running, execute:
174
175              kill -s $(keepalived --signum=STOP) $(cat /run/keepalived.pid)
176
177        -t, --config-test[=FILE]
178              Keepalived will check the configuration file and exit with non-
179              zero exit status if there are errors in the configuration,
180              otherwise it exits with exit status 0 (see Exit status below for
181              details).
182
183              Rather that writing to syslog, it will write diagnostic messages
184              to stderr unless file is specified, in which case it will write
185              to the file.
186
187        --perf[={all|run|end}]
188              Record perf data for vrrp process. Data will be written to
189              /perf_vrrp.data.  The data recorded is for use with the perf
190              tool.
191
192        --no-mem-check
193              Disable malloc() etc mem-checks if they have been compiled into
194              keepalived.
195
196        --debug[=debug-options]]
197              Enables debug options if they have been compiled into
198              keepalived.  debug-options is made up of a sequence of strings
199              of the form Ulll.
200              The upper case letter specifies the debug option, and the lower
201              case letters specify for which processes the option is to be
202              enabled.
203              If a debug option is not followed by any lower case letters, the
204              debug option is enabled for all processes.
205
206              The characters to identify the processes are:
207
208              Chr   Process
209              ──────────────────────
210               p    Parent process
211               b    BFD process
212               c    Checker process
213               v    VRRP process
214
215              The characters used to identify the debug options are:
216
217              Chr   Debug option
218              ────────────────────────────────────────────
219               D    Epoll thread dump
220               E    Epoll debug
221               F    VRRP fd debug
222               N    Netlink timers
223               P    Network timestamp
224               X    Regex timers
225               M    Email alert debug
226               T    Timer debug
227               S    TSM debug
228               R    Regex debug
229               B    Smtp connect debug
230               U    Checksum diagnostics
231               O    Track process debug
232               A    Track process debug with extra detail
233               C    Parser (config) debug
234               H    Checker debug
235               Z    Memory alloc/free error debug
236               G    VRRP recvmsg() debug
237               J    VRRP recvmsg() log rx data
238               V    Script debugging
239               K    Dump keywords
240
241              Example: --debug=DvEcvNR
242
243        -v, --version
244              Display the version and exit.
245
246        -h, --help
247              Display this help message and exit.
248
249   Exit status:
250       0      if OK
251
252       1      if unable to malloc memory
253
254       2      if cannot initialise subsystems
255
256       3      if running with --config-test and configuration cannot be run
257
258       4      if running with --config-test and there are configuration errors
259              but keepalived will run after modifying the configuration
260
261       5      if running with --config-test and script security hasn't been
262              enabled but scripts are configured.
263

NAMESPACES

265       keepalived can be run in a network namespace (see keepalived.conf(5)
266       for configuration details). When run in a network namespace, a local
267       mount namespace is also created, and
268       /run/keepalived/keepalived_NamespaceName is mounted on /run/keepalived.
269       By default, pid files with the usual default names are then created in
270       /run/keepalived from the perspective of a process in the mount
271       namespace, and they will be visible in
272       /run/keepalived/keepalived_NamespaceName for a process running in the
273       default mount namespace.
274
275

SIGNALS

277       keepalived reacts to a set of signals.  You can send a signal to the
278       parent keepalived process using the following:
279
280              kill -SIGNAL $(cat /run/keepalived.pid)
281
282       or better:
283
284              kill -s $(keepalived --signum=SIGFUNC) $(cat /run/keepalived.pid)
285
286       Note that if the first option is used, -SIGNAL must be replaced with
287       the actual signal you are trying to send, e.g. with HUP. So it then
288       becomes:
289
290              kill -HUP $(cat /run/keepalived.pid)
291
292       Signals other than for STOP, RELOAD, DATA and STATS may change
293       depending on the kernel, and also what functionality is included in the
294       version of the keepalived depending on the build options used.
295
296       HUP or SIGFUNC=RELOAD
297              This causes keepalived to close down all interfaces, reload its
298              configuration, and start up with the new configuration.
299
300              Note: If a virtual_ipaddress, virtual_route or virtual_rule is
301              being moved from one VRRP instance to another one, two reloads
302              will be necessary, the first to remove the virtual
303              ipaddress/route/rule, and the second reload to add it to the
304              VRRP instance it is now to be configured on. Failing to do this
305              can result in the ipaddress/route/rule not being configured on
306              the new instance if both the old and new instances are in master
307              state.  It will usually work with a single reload, however, if
308              either of the VRRP instances is not in MASTER state or if the
309              VRRP instance the ipaddress/route/rule the VRRP instance is
310              being added to is later in the original configuration file than
311              the instance it is being removed from.
312
313       TERM, INT or SIGFUNC=STOP
314              keepalived will shut down.
315
316       USR1 or SIGFUNC=DATA
317              Write configuration data to /tmp/keepalived.data
318
319       USR2 or SIGFUNC=STATS
320              Write statistics info to /tmp/keepalived.stats
321
322       SIGFUNC=STATS_CLEAR
323              Write statistics info to /tmp/keepalived.stats and clear the
324              statistics counters
325
326       SIGFUNC=JSON
327              Write configuration data in JSON format to /tmp/keepalived.json
328
329       SIGFUNC=TDATA
330              This causes keepalived to write the current state of its
331              internal threads to the log
332

USING KEEPALIVED WITH FIREWALLD

334       If you are running a firewall (see firewalld(8)) you must allow VRRP
335       protocol traffic through the firewall. For example if this instance of
336       keepalived(8) has a peer node on IPv4 address 192.168.0.1:
337
338              # firewall-cmd \
339                  --add-rich-rule="rule family='ipv4' \
340                                   source address='192.168.0.1' \
341                                   protocol value='vrrp' accept" --permanent
342              # firewall-cmd --reload
343

SEE ALSO

345       keepalived.conf(5), ipvsadm(8)
346
347

AUTHOR

349       This man page was written by Ryan O'Hara <rohara@redhat.com>
350
351
352
353                                  2021-02-21                     KEEPALIVED(8)
Impressum