1KEEPALIVED(8) System Manager's Manual KEEPALIVED(8)
2
3
4
6 keepalived - load-balancing and high-availability service
7
8
10 keepalived [-f|--use-file=FILE] [-P|--vrrp] [-C|--check] [-B|--no_bfd]
11 [--all] [-l|--log-console] [-D|--log-detail]
12 [-S|--log-facility={0-7|local{0-7}|user|daemon}] [-g|--log-file=FILE]
13 [--flush-log-file] [-G|--no-syslog] [-X|--release-vips]
14 [-V|--dont-release-vrrp] [-I|--dont-release-ipvs] [-R|--dont-respawn]
15 [-n|--dont-fork] [-d|--dump-conf] [-p|--pid=FILE] [-r|--vrrp_pid=FILE]
16 [-T|--genhash] [-c|--checkers_pid=FILE] [-a|--address-monitoring]
17 [-b|--bfd_pid=FILE] [-s|--namespace=NAME] [-e|--all-config]
18 [-i|--config-id id] [-x|--snmp] [-A|--snmp-agent-socket=FILE]
19 [-u|--umask=NUMBER] [-m|--core-dump] [-M|--core-dump-pattern[=PATTERN]]
20 [--signum=SIGFUNC] [-t|--config-test[=FILE]] [--perf[={all|run|end}]]
21 [--debug[=debug-options]] [--no-mem-check] [-v|--version] [-h|--help]
22
23
25 Keepalived provides simple and robust facilities for load-balancing and
26 high-availability. The load-balancing framework relies on the
27 well-known and widely used Linux Virtual Server (IPVS) kernel module
28 providing Layer4 load-balancing. Keepalived implements a set of
29 checkers to dynamically and adaptively maintain and manage a
30 load-balanced server pool according to their health. Keepalived also
31 implements the VRRPv2 and VRRPv3 protocols to achieve high-availability
32 with director failover.
33
34
36 -f, --use-file=FILE
37 Use the specified configuration file. The default configuration
38 file is "/usr/local/etc/keepalived/keepalived.conf".
39
40 -P, --vrrp
41 Only run the VRRP subsystem. This is useful for configurations
42 that do not use the IPVS load balancer.
43
44 -C, --check
45 Only run the healthcheck subsystem. This is useful for
46 configurations that use the IPVS load balancer with a single
47 director with no failover.
48
49 -B, --no_bfd
50 Don't run the BFD subsystem.
51
52 --all Run all subsystems, even if they have no configuration.
53
54 -l, --log-console
55 Log messages to the local console. The default behavior is to
56 log messages to syslog.
57
58 -D, --log-detail
59 Detailed log messages.
60
61 -S, --log-facility={0-7|local{0-7}|user|daemon}
62 Set syslog facility to LOG_LOCAL[0-7], LOG_USER or LOG_DAEMON.
63 The default syslog facility is LOG_DAEMON.
64
65 -g, --log-file=FILE
66 Write log entries to FILE. FILE will have _vrrp,
67 _healthcheckers, and _bfd inserted before the last '.' in FILE
68 for the log output for those processes.
69
70 --flush-log-file
71 If using the -g option, the log file stream will be flushed
72 after each write.
73
74 -G, --no-syslog
75 Do not write log entries to syslog. This can be useful if the
76 rate of writing log entries is sufficiently high that syslog
77 will rate limit them, and the -g option is used instead.
78
79 -X, --release-vips
80 Drop VIP on transition from signal.
81
82 -V, --dont-release-vrrp
83 Don't remove VRRP VIPs and VROUTEs on daemon stop. The default
84 behavior is to remove all VIPs and VROUTEs when keepalived
85 exits.
86
87 -I, --dont-release-ipvs
88 Don't remove IPVS topology on daemon stop. The default behavior
89 it to remove all entries from the IPVS virtual server table when
90 keepalived exits.
91
92 -R, --dont-respawn
93 Don't respawn child processes. The default behavior is to
94 restart the VRRP and checker processes if either process exits.
95
96 -n, --dont-fork
97 Don't fork the daemon process. This option will cause keepalived
98 to run in the foreground.
99
100 -d, --dump-conf
101 Dump the configuration data.
102
103 -p, --pid=FILE
104 Use the specified pidfile for the parent keepalived process. The
105 default pidfile for keepalived is "/run/keepalived.pid", unless
106 a network namespace is being used. See NAMESPACES below for more
107 details.
108
109 -r, --vrrp_pid=FILE
110 Use the specified pidfile for the VRRP child process. The
111 default pidfile for the VRRP child process is
112 "/run/keepalived_vrrp.pid", unless a network namespace is being
113 used.
114
115 -T, --genhash
116 Enter genhash utility mode. Previous versions of keepalived were
117 shipped with a dedicated genhash utility. genhash is now part of
118 the mainline code. We keep compatibility with previous genhash
119 utility command line option. For more information please refer
120 to the genhash(1) manpage.
121
122 -c, --checkers_pid=FILE
123 Use the specified pidfile for checkers child process. The
124 default pidfile for the checker child process is
125 "/run/keepalived_checkers.pid" unless a network namespace is
126 being used.
127
128 -a, --address-monitoring
129 Log all address additions/deletions reported by netlink.
130
131 -b, --bfd_pid=FILE
132 Use the specified pidfile for the BFD child process. The default
133 pidfile for the BFD child process is "/run/keepalived_bfd.pid"
134 unless a network namespace is being used.
135
136 -s, --namespace=NAME
137 Run keepalived in network namespace NAME. See NAMESPACES below
138 for more details.
139
140 -e, --all-config
141 Don't load if any configuration file is missing or cannot be
142 read.
143
144 -i, --config-id ID
145 Use configuration id ID, for conditional configuration (defaults
146 to hostname without the domain name).
147
148 -x, --snmp
149 Enable the SNMP subsystem.
150
151 -A, --snmp-agent-socket=FILE
152 Use the specified socket for connection to SNMP master agent.
153
154 -u, --umask=NUMBER
155 The umask specified in the usual numeric way - see man umask(2)
156
157 -m, --core-dump
158 Override the RLIMIT_CORE hard and soft limits to enable
159 keepalived to produce a coredump in the event of a segfault or
160 other failure. This is most useful if keepalived has been built
161 with 'make debug'. Core dumps will be created in /, unless
162 keepalived is run with the --dont-fork option, in which case
163 they will be created in the directory from which keepalived was
164 run, or they will be created in the directory of a configuraton
165 file if the fault occurs while reading the file.
166
167 -M, --core-dump-pattern[=PATTERN]
168 Sets option --core-dump, and also updates
169 /proc/sys/kernel/core_pattern to the pattern specified, or
170 'core' if none specified. Provided the parent process doesn't
171 terminate abnormally, it will restore
172 /proc/sys/kernel/core_pattern to its original value on exit.
173
174 Note: This will also affect any other process producing a core
175 dump while keepalived is running.
176
177 --signum=PATTERN
178 Returns the signal number to use for STOP, RELOAD, DATA, STATS,
179 STATS_CLEAR, JSON and TDATA. For example, to stop keepalived
180 running, execute:
181
182 kill -s $(keepalived --signum=STOP) $(cat /run/keepalived.pid)
183
184 -t, --config-test[=FILE]
185 Keepalived will check the configuration file and exit with non-
186 zero exit status if there are errors in the configuration,
187 otherwise it exits with exit status 0 (see Exit status below for
188 details).
189
190 Rather that writing to syslog, it will write diagnostic messages
191 to stderr unless file is specified, in which case it will write
192 to the file.
193
194 --perf[={all|run|end}]
195 Record perf data for vrrp process. Data will be written to
196 /perf_vrrp.data. The data recorded is for use with the perf
197 tool.
198
199 --no-mem-check
200 Disable malloc() etc mem-checks if they have been compiled into
201 keepalived.
202
203 --debug[=debug-options]]
204 Enables debug options if they have been compiled into
205 keepalived. debug-options is made up of a sequence of strings
206 of the form Ulll.
207 The upper case letter specifies the debug option, and the lower
208 case letters specify for which processes the option is to be
209 enabled.
210 If a debug option is not followed by any lower case letters, the
211 debug option is enabled for all processes.
212
213 The characters to identify the processes are:
214
215 Chr Process
216 ──────────────────────
217 p Parent process
218 b BFD process
219 c Checker process
220 v VRRP process
221
222 The characters used to identify the debug options are:
223
224 Chr Debug option
225 ────────────────────────────────────────────
226 D Epoll thread dump
227 E Epoll debug
228 F VRRP fd debug
229 N Netlink timers
230 P Network timestamp
231 X Regex timers
232 M Email alert debug
233 T Timer debug
234 S TSM debug
235 R Regex debug
236 B Smtp connect debug
237 U Checksum diagnostics
238 O Track process debug
239 A Track process debug with extra detail
240 C Parser (config) debug
241 H Checker debug
242 Z Memory alloc/free error debug
243 G VRRP recvmsg() debug
244 J VRRP recvmsg() log rx data
245 V Script debugging
246 K Dump keywords
247
248 Example: --debug=DvEcvNR
249
250 -v, --version
251 Display the version and exit.
252
253 -h, --help
254 Display this help message and exit.
255
256 Exit status:
257 0 if OK
258
259 1 if unable to malloc memory
260
261 2 if cannot initialise subsystems
262
263 3 if running with --config-test and configuration cannot be run
264
265 4 if running with --config-test and there are configuration errors
266 but keepalived will run after modifying the configuration
267
268 5 if running with --config-test and script security hasn't been
269 enabled but scripts are configured.
270
272 keepalived can be run in a network namespace (see keepalived.conf(5)
273 for configuration details). When run in a network namespace, a local
274 mount namespace is also created, and
275 /run/keepalived/keepalived_NamespaceName is mounted on /run/keepalived.
276 By default, pid files with the usual default names are then created in
277 /run/keepalived from the perspective of a process in the mount
278 namespace, and they will be visible in
279 /run/keepalived/keepalived_NamespaceName for a process running in the
280 default mount namespace.
281
282
284 keepalived reacts to a set of signals. You can send a signal to the
285 parent keepalived process using the following:
286
287 kill -SIGNAL $(cat /run/keepalived.pid)
288
289 or better:
290
291 kill -s $(keepalived --signum=SIGFUNC) $(cat /run/keepalived.pid)
292
293 Note that if the first option is used, -SIGNAL must be replaced with
294 the actual signal you are trying to send, e.g. with HUP. So it then
295 becomes:
296
297 kill -HUP $(cat /run/keepalived.pid)
298
299 Signals other than for STOP, RELOAD, DATA and STATS may change
300 depending on the kernel, and also what functionality is included in the
301 version of the keepalived depending on the build options used.
302
303 HUP or SIGFUNC=RELOAD
304 This causes keepalived to close down all interfaces, reload its
305 configuration, and start up with the new configuration.
306
307 Note: If a virtual_ipaddress, virtual_route or virtual_rule is
308 being moved from one VRRP instance to another one, two reloads
309 will be necessary, the first to remove the virtual
310 ipaddress/route/rule, and the second reload to add it to the
311 VRRP instance it is now to be configured on. Failing to do this
312 can result in the ipaddress/route/rule not being configured on
313 the new instance if both the old and new instances are in master
314 state. It will usually work with a single reload, however, if
315 either of the VRRP instances is not in MASTER state or if the
316 VRRP instance the ipaddress/route/rule the VRRP instance is
317 being added to is later in the original configuration file than
318 the instance it is being removed from.
319
320 TERM, INT or SIGFUNC=STOP
321 keepalived will shut down.
322
323 USR1 or SIGFUNC=DATA
324 Write configuration data to /tmp/keepalived.data
325
326 USR2 or SIGFUNC=STATS
327 Write statistics info to /tmp/keepalived.stats
328
329 SIGFUNC=STATS_CLEAR
330 Write statistics info to /tmp/keepalived.stats and clear the
331 statistics counters
332
333 SIGFUNC=JSON
334 Write configuration data in JSON format to /tmp/keepalived.json
335
336 SIGFUNC=TDATA
337 This causes keepalived to write the current state of its
338 internal threads to the log
339
341 If you are running a firewall (see firewalld(8)) you must allow VRRP
342 protocol traffic through the firewall. For example if this instance of
343 keepalived(8) has a peer node on IPv4 address 192.168.0.1:
344
345 # firewall-cmd \
346 --add-rich-rule="rule family='ipv4' \
347 source address='192.168.0.1' \
348 protocol value='vrrp' accept" --permanent
349 # firewall-cmd --reload
350
352 keepalived.conf(5), ipvsadm(8)
353
354
356 This man page was written by Ryan O'Hara <rohara@redhat.com>
357
358
359
360 2021-07-05 KEEPALIVED(8)