1KEEPALIVED(8)               System Manager's Manual              KEEPALIVED(8)
2
3
4

NAME

6       keepalived - load-balancing and high-availability service
7
8

SYNOPSIS

10       keepalived [-f|--use-file=FILE] [-P|--vrrp] [-C|--check] [-B|--no_bfd]
11       [--all] [-l|--log-console] [-D|--log-detail]
12       [-S|--log-facility={0-7|local{0-7}|user|daemon}] [-g|--log-file=FILE]
13       [--flush-log-file] [-G|--no-syslog] [-X|--release-vips]
14       [-V|--dont-release-vrrp] [-I|--dont-release-ipvs] [-R|--dont-respawn]
15       [-n|--dont-fork] [-d|--dump-conf] [-p|--pid=FILE] [-r|--vrrp_pid=FILE]
16       [-T|--genhash] [-c|--checkers_pid=FILE] [-a|--address-monitoring]
17       [-b|--bfd_pid=FILE] [-s|--namespace=NAME] [-e|--all-config]
18       [-i|--config-id id] [-x|--snmp] [-A|--snmp-agent-socket=FILE]
19       [-u|--umask=NUMBER] [-m|--core-dump] [-M|--core-dump-pattern[=PATTERN]]
20       [--signum=SIGFUNC] [-t|--config-test[=FILE]] [--perf[={all|run|end}]]
21       [--debug[=debug-options]] [--no-mem-check] [-v|--version] [-h|--help]
22
23

DESCRIPTION

25       Keepalived provides simple and robust facilities for load-balancing and
26       high-availability. The load-balancing framework relies on the
27       well-known and widely used Linux Virtual Server (IPVS) kernel module
28       providing Layer4 load-balancing. Keepalived implements a set of
29       checkers to dynamically and adaptively maintain and manage a
30       load-balanced server pool according to their health. Keepalived also
31       implements the VRRPv2 and VRRPv3 protocols to achieve high-availability
32       with director failover.
33
34

OPTIONS

36        -f, --use-file=FILE
37              Use the specified configuration file. The default configuration
38              file is "/usr/local/etc/keepalived/keepalived.conf".
39
40        -P, --vrrp
41              Only run the VRRP subsystem. This is useful for configurations
42              that do not use the IPVS load balancer.
43
44        -C, --check
45              Only run the healthcheck subsystem. This is useful for
46              configurations that use the IPVS load balancer with a single
47              director with no failover.
48
49        -B, --no_bfd
50              Don't run the BFD subsystem.
51
52        --all Run all subsystems, even if they have no configuration.
53
54        -l, --log-console
55              Log messages to the local console. The default behavior is to
56              log messages to syslog.
57
58        -D, --log-detail
59              Detailed log messages.
60
61        -S, --log-facility={0-7|local{0-7}|user|daemon}
62              Set syslog facility to LOG_LOCAL[0-7], LOG_USER or LOG_DAEMON.
63              The default syslog facility is LOG_DAEMON.
64
65        -g, --log-file=FILE
66              Write log entries to FILE. FILE will have _vrrp,
67              _healthcheckers, and _bfd inserted before the last '.' in FILE
68              for the log output for those processes.
69
70        --flush-log-file
71              If using the -g option, the log file stream will be flushed
72              after each write.
73
74        -G, --no-syslog
75              Do not write log entries to syslog. This can be useful if the
76              rate of writing log entries is sufficiently high that syslog
77              will rate limit them, and the -g option is used instead.
78
79        -X, --release-vips
80              Drop VIP on transition from signal.
81
82        -V, --dont-release-vrrp
83              Don't remove VRRP VIPs and VROUTEs on daemon stop. The default
84              behavior is to remove all VIPs and VROUTEs when keepalived
85              exits.
86
87        -I, --dont-release-ipvs
88              Don't remove IPVS topology on daemon stop. The default behavior
89              it to remove all entries from the IPVS virtual server table when
90              keepalived exits.
91
92        -R, --dont-respawn
93              Don't respawn child processes. The default behavior is to
94              restart the VRRP and checker processes if either process exits.
95
96        -n, --dont-fork
97              Don't fork the daemon process. This option will cause keepalived
98              to run in the foreground.
99
100        -d, --dump-conf
101              Dump the configuration data.
102
103        -p, --pid=FILE
104              Use the specified pidfile for the parent keepalived process. The
105              default pidfile for keepalived is "/run/keepalived.pid", unless
106              a network namespace is being used. See NAMESPACES below for more
107              details.
108
109        -r, --vrrp_pid=FILE
110              Use the specified pidfile for the VRRP child process. The
111              default pidfile for the VRRP child process is
112              "/run/keepalived_vrrp.pid", unless a network namespace is being
113              used.
114
115        -T, --genhash
116              Enter genhash utility mode. Previous versions of keepalived were
117              shipped with a dedicated genhash utility. genhash is now part of
118              the mainline code. We keep compatibility with previous genhash
119              utility command line option. For more information please refer
120              to the genhash(1) manpage.
121
122        -c, --checkers_pid=FILE
123              Use the specified pidfile for checkers child process. The
124              default pidfile for the checker child process is
125              "/run/keepalived_checkers.pid" unless a network namespace is
126              being used.
127
128        -a, --address-monitoring
129              Log all address additions/deletions reported by netlink.
130
131        -b, --bfd_pid=FILE
132              Use the specified pidfile for the BFD child process. The default
133              pidfile for the BFD child process is "/run/keepalived_bfd.pid"
134              unless a network namespace is being used.
135
136        -s, --namespace=NAME
137              Run keepalived in network namespace NAME. See NAMESPACES below
138              for more details.
139
140        -e, --all-config
141              Don't load if any configuration file is missing or cannot be
142              read.
143
144        -i, --config-id ID
145              Use configuration id ID, for conditional configuration (defaults
146              to hostname without the domain name).
147
148        -x, --snmp
149              Enable the SNMP subsystem.
150
151        -A, --snmp-agent-socket=FILE
152              Use the specified socket for connection to SNMP master agent.
153
154        -u, --umask=NUMBER
155              The umask specified in the usual numeric way - see man umask(2)
156
157        -m, --core-dump
158              Override the RLIMIT_CORE hard and soft limits to enable
159              keepalived to produce a coredump in the event of a segfault or
160              other failure.  This is most useful if keepalived has been built
161              with 'make debug'.  Core dumps will be created in /, unless
162              keepalived is run with the --dont-fork option, in which case
163              they will be created in the directory from which keepalived was
164              run, or they will be created in the directory of a configuraton
165              file if the fault occurs while reading the file.
166
167        -M, --core-dump-pattern[=PATTERN]
168              Sets option --core-dump, and also updates
169              /proc/sys/kernel/core_pattern to the pattern specified, or
170              'core' if none specified.  Provided the parent process doesn't
171              terminate abnormally, it will restore
172              /proc/sys/kernel/core_pattern to its original value on exit.
173
174              Note: This will also affect any other process producing a core
175              dump while keepalived is running.
176
177        --signum=PATTERN
178              Returns the signal number to use for STOP, RELOAD, DATA, STATS,
179              STATS_CLEAR, JSON and TDATA.  For example, to stop keepalived
180              running, execute:
181
182              kill -s $(keepalived --signum=STOP) $(cat /run/keepalived.pid)
183
184        -t, --config-test[=FILE]
185              Keepalived will check the configuration file and exit with non-
186              zero exit status if there are errors in the configuration,
187              otherwise it exits with exit status 0 (see Exit status below for
188              details).
189
190              Rather that writing to syslog, it will write diagnostic messages
191              to stderr unless file is specified, in which case it will write
192              to the file.
193
194        --perf[={all|run|end}]
195              Record perf data for vrrp process. Data will be written to
196              /perf_vrrp.data.  The data recorded is for use with the perf
197              tool.
198
199        --no-mem-check
200              Disable malloc() etc mem-checks if they have been compiled into
201              keepalived.
202
203        --debug[=debug-options]]
204              Enables debug options if they have been compiled into
205              keepalived.  debug-options is made up of a sequence of strings
206              of the form Ulll.
207              The upper case letter specifies the debug option, and the lower
208              case letters specify for which processes the option is to be
209              enabled.
210              If a debug option is not followed by any lower case letters, the
211              debug option is enabled for all processes.
212
213              The characters to identify the processes are:
214
215              Chr   Process
216              ──────────────────────
217               p    Parent process
218               b    BFD process
219               c    Checker process
220               v    VRRP process
221
222              The characters used to identify the debug options are:
223
224              Chr   Debug option
225              ────────────────────────────────────────────
226               D    Epoll thread dump
227               E    Epoll debug
228               F    VRRP fd debug
229               N    Netlink timers
230               P    Network timestamp
231               X    Regex timers
232               M    Email alert debug
233               T    Timer debug
234               S    TSM debug
235               R    Regex debug
236               B    Smtp connect debug
237               U    Checksum diagnostics
238               O    Track process debug
239               A    Track process debug with extra detail
240               C    Parser (config) debug
241               H    Checker debug
242               Z    Memory alloc/free error debug
243               G    VRRP recvmsg() debug
244               J    VRRP recvmsg() log rx data
245               V    Script debugging
246               K    Dump keywords
247
248              Example: --debug=DvEcvNR
249
250        -v, --version
251              Display the version and exit.
252
253        -h, --help
254              Display this help message and exit.
255
256   Exit status:
257       0      if OK
258
259       1      if unable to malloc memory
260
261       2      if cannot initialise subsystems
262
263       3      if running with --config-test and configuration cannot be run
264
265       4      if running with --config-test and there are configuration errors
266              but keepalived will run after modifying the configuration
267
268       5      if running with --config-test and script security hasn't been
269              enabled but scripts are configured.
270

NAMESPACES

272       keepalived can be run in a network namespace (see keepalived.conf(5)
273       for configuration details). When run in a network namespace, a local
274       mount namespace is also created, and
275       /run/keepalived/keepalived_NamespaceName is mounted on /run/keepalived.
276       By default, pid files with the usual default names are then created in
277       /run/keepalived from the perspective of a process in the mount
278       namespace, and they will be visible in
279       /run/keepalived/keepalived_NamespaceName for a process running in the
280       default mount namespace.
281
282

SIGNALS

284       keepalived reacts to a set of signals.  You can send a signal to the
285       parent keepalived process using the following:
286
287              kill -SIGNAL $(cat /run/keepalived.pid)
288
289       or better:
290
291              kill -s $(keepalived --signum=SIGFUNC) $(cat /run/keepalived.pid)
292
293       Note that if the first option is used, -SIGNAL must be replaced with
294       the actual signal you are trying to send, e.g. with HUP. So it then
295       becomes:
296
297              kill -HUP $(cat /run/keepalived.pid)
298
299       Signals other than for STOP, RELOAD, DATA and STATS may change
300       depending on the kernel, and also what functionality is included in the
301       version of the keepalived depending on the build options used.
302
303       HUP or SIGFUNC=RELOAD
304              This causes keepalived to close down all interfaces, reload its
305              configuration, and start up with the new configuration.
306
307              Note: If a virtual_ipaddress, virtual_route or virtual_rule is
308              being moved from one VRRP instance to another one, two reloads
309              will be necessary, the first to remove the virtual
310              ipaddress/route/rule, and the second reload to add it to the
311              VRRP instance it is now to be configured on. Failing to do this
312              can result in the ipaddress/route/rule not being configured on
313              the new instance if both the old and new instances are in master
314              state.  It will usually work with a single reload, however, if
315              either of the VRRP instances is not in MASTER state or if the
316              VRRP instance the ipaddress/route/rule the VRRP instance is
317              being added to is later in the original configuration file than
318              the instance it is being removed from.
319
320       TERM, INT or SIGFUNC=STOP
321              keepalived will shut down.
322
323       USR1 or SIGFUNC=DATA
324              Write configuration data to /tmp/keepalived.data
325
326       USR2 or SIGFUNC=STATS
327              Write statistics info to /tmp/keepalived.stats
328
329       SIGFUNC=STATS_CLEAR
330              Write statistics info to /tmp/keepalived.stats and clear the
331              statistics counters
332
333       SIGFUNC=JSON
334              Write configuration data in JSON format to /tmp/keepalived.json
335
336       SIGFUNC=TDATA
337              This causes keepalived to write the current state of its
338              internal threads to the log
339

USING KEEPALIVED WITH FIREWALLD

341       If you are running a firewall (see firewalld(8)) you must allow VRRP
342       protocol traffic through the firewall. For example if this instance of
343       keepalived(8) has a peer node on IPv4 address 192.168.0.1:
344
345              # firewall-cmd \
346                  --add-rich-rule="rule family='ipv4' \
347                                   source address='192.168.0.1' \
348                                   protocol value='vrrp' accept" --permanent
349              # firewall-cmd --reload
350

SEE ALSO

352       keepalived.conf(5), ipvsadm(8)
353
354

AUTHOR

356       This man page was written by Ryan O'Hara <rohara@redhat.com>
357
358
359
360                                  2021-07-05                     KEEPALIVED(8)
Impressum