1KEEPALIVED(8) System Manager's Manual KEEPALIVED(8)
2
6 keepalived - load-balancing and high-availability service
7
10 keepalived [-f|--use-file=FILE] [-P|--vrrp] [-C|--check] [-B|--no_bfd]
11 [--all] [-l|--log-console] [-D|--log-detail]
12 [-S|--log-facility={0-7|local{0-7}|user|daemon}] [-g|--log-file=FILE]
13 [--flush-log-file] [-G|--no-syslog] [-X|--release-vips]
14 [-V|--dont-release-vrrp] [-I|--dont-release-ipvs] [-R|--dont-respawn]
15 [-n|--dont-fork] [-d|--dump-conf] [-p|--pid=FILE] [-r|--vrrp_pid=FILE]
16 [-c|--checkers_pid=FILE] [-a|--address-monitoring] [-b|--bfd_pid=FILE]
17 [-s|--namespace=NAME] [-e|--all-config] [-i|--config-id id] [-x|--snmp]
18 [-A|--snmp-agent-socket=FILE] [-u|--umask=NUMBER] [-m|--core-dump]
19 [-M|--core-dump-pattern[=PATTERN]] [--signum=SIGFUNC]
20 [-t|--config-test[=FILE]] [--perf[={all|run|end}]] [--debug[=debug-
21 options]] [--no-mem-check] [-v|--version] [-h|--help]
22
25 Keepalived provides simple and robust facilities for load-balancing and
26 high-availability. The load-balancing framework relies on the
27 well-known and widely used Linux Virtual Server (IPVS) kernel module
28 providing Layer4 load-balancing. Keepalived implements a set of
29 checkers to dynamically and adaptively maintain and manage a
30 load-balanced server pool according to their health. Keepalived also
31 implements the VRRPv2 and VRRPv3 protocols to achieve high-availability
32 with director failover.
33
36 -f, --use-file=FILE
37 Use the specified configuration file. The default configuration
38 file is "/usr/local/etc/keepalived/keepalived.conf".
39 -P, --vrrp
41 Only run the VRRP subsystem. This is useful for configurations
42 that do not use the IPVS load balancer.
43 -C, --check
45 Only run the healthcheck subsystem. This is useful for
46 configurations that use the IPVS load balancer with a single
47 director with no failover.
48 -B, --no_bfd
50 Don't run the BFD subsystem.
51 --all Run all subsystems, even if they have no configuration.
53 -l, --log-console
55 Log messages to the local console. The default behavior is to
56 log messages to syslog.
57 -D, --log-detail
59 Detailed log messages.
60 -S, --log-facility={0-7|local{0-7}|user|daemon}
62 Set syslog facility to LOG_LOCAL[0-7], LOG_USER or LOG_DAEMON.
63 The default syslog facility is LOG_DAEMON.
64 -g, --log-file=FILE
66 Write log entries to FILE. FILE will have _vrrp,
67 _healthcheckers, and _bfd inserted before the last '.' in FILE
68 for the log output for those processes.
69 --flush-log-file
71 If using the -g option, the log file stream will be flushed
72 after each write.
73 -G, --no-syslog
75 Do not write log entries to syslog. This can be useful if the
76 rate of writing log entries is sufficiently high that syslog
77 will rate limit them, and the -g option is used instead.
78 -X, --release-vips
80 Drop VIP on transition from signal.
81 -V, --dont-release-vrrp
83 Don't remove VRRP VIPs and VROUTEs on daemon stop. The default
84 behavior is to remove all VIPs and VROUTEs when keepalived
85 exits.
86 -I, --dont-release-ipvs
88 Don't remove IPVS topology on daemon stop. The default behavior
89 it to remove all entries from the IPVS virtual server table when
90 keepalived exits.
91 -R, --dont-respawn
93 Don't respawn child processes. The default behavior is to
94 restart the VRRP and checker processes if either process exits.
95 -n, --dont-fork
97 Don't fork the daemon process. This option will cause keepalived
98 to run in the foreground.
99 -d, --dump-conf
101 Dump the configuration data.
102 -p, --pid=FILE
104 Use the specified pidfile for the parent keepalived process. The
105 default pidfile for keepalived is "/run/keepalived.pid", unless
106 a network namespace is being used. See NAMESPACES below for more
107 details.
108 -r, --vrrp_pid=FILE
110 Use the specified pidfile for the VRRP child process. The
111 default pidfile for the VRRP child process is
112 "/run/keepalived_vrrp.pid", unless a network namespace is being
113 used.
114 -c, --checkers_pid=FILE
116 Use the specified pidfile for checkers child process. The
117 default pidfile for the checker child process is
118 "/run/keepalived_checkers.pid" unless a network namespace is
119 being used.
120 -a, --address-monitoring
122 Log all address additions/deletions reported by netlink.
123 -b, --bfd_pid=FILE
125 Use the specified pidfile for the BFD child process. The default
126 pidfile for the BFD child process is "/run/keepalived_bfd.pid"
127 unless a network namespace is being used.
128 -s, --namespace=NAME
130 Run keepalived in network namespace NAME. See NAMESPACES below
131 for more details.
132 -e, --all-config
134 Don't load if any configuration file is missing or cannot be
135 read.
136 -i, --config-id ID
138 Use configuration id ID, for conditional configuration (defaults
139 to hostname without the domain name).
140 -x, --snmp
142 Enable the SNMP subsystem.
143 -A, --snmp-agent-socket=FILE
145 Use the specified socket for connection to SNMP master agent.
146 -u, --umask=NUMBER
148 The umask specified in the usual numeric way - see man umask(2)
149 -m, --core-dump
151 Override the RLIMIT_CORE hard and soft limits to enable
152 keepalived to produce a coredump in the event of a segfault or
153 other failure. This is most useful if keepalived has been built
154 with 'make debug'. Core dumps will be created in /, unless
155 keepalived is run with the --dont-fork option, in which case
156 they will be created in the directory from which keepalived was
157 run, or they will be created in the directory of a configuraton
158 file if the fault occurs while reading the file.
159 -M, --core-dump-pattern[=PATTERN]
161 Sets option --core-dump, and also updates
162 /proc/sys/kernel/core_pattern to the pattern specified, or
163 'core' if none specified. Provided the parent process doesn't
164 terminate abnormally, it will restore
165 /proc/sys/kernel/core_pattern to its original value on exit.
166 Note: This will also affect any other process producing a core
168 dump while keepalived is running.
169 --signum=PATTERN
171 Returns the signal number to use for STOP, RELOAD, DATA, STATS,
172 STATS_CLEAR, JSON and TDATA. For example, to stop keepalived
173 running, execute:
174 kill -s $(keepalived --signum=STOP) $(cat /run/keepalived.pid)
176 -t, --config-test[=FILE]
178 Keepalived will check the configuration file and exit with non-
179 zero exit status if there are errors in the configuration,
180 otherwise it exits with exit status 0 (see Exit status below for
181 details).
182 Rather that writing to syslog, it will write diagnostic messages
184 to stderr unless file is specified, in which case it will write
185 to the file.
186 --perf[={all|run|end}]
188 Record perf data for vrrp process. Data will be written to
189 /perf_vrrp.data. The data recorded is for use with the perf
190 tool.
191 --no-mem-check
193 Disable malloc() etc mem-checks if they have been compiled into
194 keepalived.
195 --debug[=debug-options]]
197 Enables debug options if they have been compiled into
198 keepalived. debug-options is made up of a sequence of strings
199 of the form Ulll.
200 The upper case letter specifies the debug option, and the lower
201 case letters specify for which processes the option is to be
202 enabled.
203 If a debug option is not followed by any lower case letters, the
204 debug option is enabled for all processes.
205 The characters to identify the processes are:
207 Chr Process
209 ──────────────────────
210 p Parent process
211 b BFD process
212 c Checker process
213 v VRRP process
214 The characters used to identify the debug options are:
216 Chr Debug option
218 ────────────────────────────────────────────
219 D Epoll thread dump
220 E Epoll debug
221 F VRRP fd debug
222 N Netlink timers
223 P Network timestamp
224 X Regex timers
225 M Email alert debug
226 T Timer debug
227 S TSM debug
228 R Regex debug
229 B Smtp connect debug
230 U Checksum diagnostics
231 O Track process debug
232 A Track process debug with extra detail
233 C Parser (config) debug
234 H Checker debug
235 Z Memory alloc/free error debug
236 G VRRP recvmsg() debug
237 J VRRP recvmsg() log rx data
238 V Script debugging
239 K Dump keywords
240 Example: --debug=DvEcvNR
242 -v, --version
244 Display the version and exit.
245 -h, --help
247 Display this help message and exit.
248 Exit status:
250 0 if OK
251 1 if unable to malloc memory
253 2 if cannot initialise subsystems
255 3 if running with --config-test and configuration cannot be run
257 4 if running with --config-test and there are configuration errors
259 but keepalived will run after modifying the configuration
260 5 if running with --config-test and script security hasn't been
262 enabled but scripts are configured.
263
265 keepalived can be run in a network namespace (see keepalived.conf(5)
266 for configuration details). When run in a network namespace, a local
267 mount namespace is also created, and
268 /run/keepalived/keepalived_NamespaceName is mounted on /run/keepalived.
269 By default, pid files with the usual default names are then created in
270 /run/keepalived from the perspective of a process in the mount
271 namespace, and they will be visible in
272 /run/keepalived/keepalived_NamespaceName for a process running in the
273 default mount namespace.
274
277 keepalived reacts to a set of signals. You can send a signal to the
278 parent keepalived process using the following:
279 kill -SIGNAL $(cat /run/keepalived.pid)
281 or better:
283 kill -s $(keepalived --signum=SIGFUNC) $(cat /run/keepalived.pid)
285 Note that if the first option is used, -SIGNAL must be replaced with
287 the actual signal you are trying to send, e.g. with HUP. So it then
288 becomes:
289 kill -HUP $(cat /run/keepalived.pid)
291 Signals other than for STOP, RELOAD, DATA and STATS may change
293 depending on the kernel, and also what functionality is included in the
294 version of the keepalived depending on the build options used.
295 HUP or SIGFUNC=RELOAD
297 This causes keepalived to close down all interfaces, reload its
298 configuration, and start up with the new configuration.
299 Note: If a virtual_ipaddress, virtual_route or virtual_rule is
301 being moved from one VRRP instance to another one, two reloads
302 will be necessary, the first to remove the virtual
303 ipaddress/route/rule, and the second reload to add it to the
304 VRRP instance it is now to be configured on. Failing to do this
305 can result in the ipaddress/route/rule not being configured on
306 the new instance if both the old and new instances are in master
307 state. It will usually work with a single reload, however, if
308 either of the VRRP instances is not in MASTER state or if the
309 VRRP instance the ipaddress/route/rule the VRRP instance is
310 being added to is later in the original configuration file than
311 the instance it is being removed from.
312 TERM, INT or SIGFUNC=STOP
314 keepalived will shut down.
315 USR1 or SIGFUNC=DATA
317 Write configuration data to /tmp/keepalived.data
318 USR2 or SIGFUNC=STATS
320 Write statistics info to /tmp/keepalived.stats
321 SIGFUNC=STATS_CLEAR
323 Write statistics info to /tmp/keepalived.stats and clear the
324 statistics counters
325 SIGFUNC=JSON
327 Write configuration data in JSON format to /tmp/keepalived.json
328 SIGFUNC=TDATA
330 This causes keepalived to write the current state of its
331 internal threads to the log
332
334 If you are running a firewall (see firewalld(8)) you must allow VRRP
335 protocol traffic through the firewall. For example if this instance of
336 keepalived(8) has a peer node on IPv4 address 192.168.0.1:
337 # firewall-cmd \
339 --add-rich-rule="rule family='ipv4' \
340 source address='192.168.0.1' \
341 protocol value='vrrp' accept" --permanent
342 # firewall-cmd --reload
343
345 keepalived.conf(5), ipvsadm(8)
346
349 This man page was written by Ryan O'Hara <rohara@redhat.com>
350 2021-02-21 KEEPALIVED(8)