This file describe all the Keepalived available keywords. The keepalived.conf file is compounded by three configurations parts : * Globals configurations * VRRP configuration * LVS configuration 0. Comment string There is 2 valid comment valid string : # or ! If you want to add comment in you configuration file use this char. 1. Globals configurations This block is divided in 2 sub-block : * Global definitions * Static routes 1.1. Global definitions The configuration block looks like : global_defs { # Block identification notification_email { # Email to send alertes to <EMAIL ADDRESS> # Standard email address <EMAIL ADDRESS> ... } notification_email_from <EMAIL ADDRESS> # Email From dealing with SMTP proto smtp_server <IP ADDRESS> # SMTP server IP address smtp_connect_timeout <INTEGER> # Number of seconds timeout connect # remote SMTP server router_id <STRING> # String identifying router } 1.2. Static addresses The configuration block looks like : static_ipaddress { # block identification <IP ADDRESS>/<MASK> brd <IP ADDRESS> dev <STRING> scope <SCOPE> <IP ADDRESS>/<MASK> brd <IP ADDRESS> dev <STRING> scope <SCOPE> ... } SCOPE can take the following values : * site * link * host * nowhere * global 1.3. Static routes The configuration block looks like : static_routes { # block identification src <IP ADDRESS> [to] <IP ADDRESS>/<MASK> via|gw <IP ADDRESS> dev <STRING> scope <SCOPE> table <TABLE-ID> # to is optional src <IP ADDRESS> [to] <IP ADDRESS>/<MASK> via|gw <IP ADDRESS> dev <STRING> scope <SCOPE> table <TABLE-ID> # to is optional src <IP ADDRESS> [to] <IP ADDRESS>/<MASK> via|gw <IP ADDRESS> or <IP ADDRESS> dev <STRING> scope <SCOPE> table <TABLE-ID> # will use multipath route blackhole <IP ADDRESS>[/<MASK>] ... } SCOPE can take the following values : * site * link * host * nowhere * global 2. VRRP configuration This block is divided in 3 sub-block : * VRRP scripts * VRRP synchronization group * VRRP instance 2.1. VRRP scripts The configuration block looks like : vrrp_script <STRING> { # VRRP script declaration script <QUOTED_STRING> # script to run periodically interval <INTEGER> # run the script this every seconds weight <INTEGER:-254..254> # adjust priority by this weight } The script will be executed periodically, every <interval> seconds. Its exit code will be recorded for all VRRP instances which will want to monitor it. Note that the script will only be executed if at least one VRRP instance monitors it with a non-zero weight. Thus, any number of scripts may be declared without taking the system down. If unspecified, the weight equals 2, which means that a success will add +2 to the priority of all VRRP instances which monitor it. On the opposite, a negative weight will be subtracted from the initial priority in case of failure. 2.2. VRRP synchronization group The configuration block looks like : vrrp_sync_group <STRING> { # VRRP sync group declaration group { # group of instance to sync together <STRING> # a <STRING> # set ... # of VRRP_Instance string } notify_master <STRING>|<QUOTED-STRING> # Script to run during MASTER transit notify_backup <STRING>|<QUOTED-STRING> # Script to run during BACKUP transit notify_fault <STRING>|<QUOTED-STRING> # Script to run during FAULT transit notify <STRING>|<QUOTED-STRING> # Script to run during ANY state transit (1) smtp_alert # Send email notif during state transit } (1) The "notify" script is called AFTER the corresponding notify_* script has been called, and is given exactly 3 arguments (the whole string is interpreted as a litteral filename so don't add parameters!): $1 = A string indicating whether it's a "GROUP" or an "INSTANCE" $2 = The name of said group or instance $3 = The state it's transitioning to ("MASTER", "BACKUP" or "FAULT") $1 and $3 are ALWAYS sent in uppercase, and the possible strings sent are the same ones listed above ("GROUP"/"INSTANCE", "MASTER"/"BACKUP"/"FAULT"). Important: for a SYNC group to run reliably, it is vital that all instances in the group are MASTER or that they are all either BACKUP or FAULT. A situation with half instances having higher priority on machine A half others with higher priority on machine B will lead to constant re-elections. For this reason, when instances are grouped, their tracking weights are automatically set to zero, in order to avoid inconsistent priorities across instances. 2.3. VRRP instance The configuration block looks like : vrrp_instance <STRING> { # VRRP instance declaration state MASTER|BACKUP # Start-up default state interface <STRING> # Binding interface track_interface { # Interfaces state we monitor <STRING> <STRING> <STRING> weight <INTEGER:-254..254> ... } track_script { # Scripts state we monitor <STRING> <STRING> weight <INTEGER:-254..254> ... } dont_track_primary # (default unset) ignore VRRP interface faults. # useful for cross-connect VRRP config. mcast_src_ip <IP ADDRESS> # src_ip to use into the VRRP packets lvs_sync_daemon_interface <STRING> # Binding interface for lvs syncd garp_master_delay <INTEGER> # delay for gratuitous ARP after MASTER # state transition virtual_router_id <INTEGER-0..255> # VRRP VRID priority <INTEGER-0..255> # VRRP PRIO advert_int <INTEGER> # VRRP Advert interval (use default) authentication { # Authentication block auth_type PASS|AH # Simple Passwd or IPSEC AH auth_pass <STRING> # Password string } virtual_ipaddress { # VRRP IP addres block <IP ADDRESS>/<MASK> brd <IP ADDRESS> dev <STRING> scope <SCOPE> label <LABEL> <IP ADDRESS>/<MASK> brd <IP ADDRESS> dev <STRING> scope <SCOPE> label <LABEL> ... } virtual_ipaddress_excluded { # VRRP IP excluded from VRRP <IP ADDRESS>/<MASK> brd <IP ADDRESS> dev <STRING> scope <SCOPE> # packets <IP ADDRESS>/<MASK> brd <IP ADDRESS> dev <STRING> scope <SCOPE> ... } virtual_routes { # VRRP virtual routes src <IP ADDRESS> [to] <IP ADDRESS>/<MASK> via|gw <IP ADDRESS> dev <STRING> scope <SCOPE> table <TABLE-ID> metric <METRIC> # to is optional src <IP ADDRESS> [to] <IP ADDRESS>/<MASK> via|gw <IP ADDRESS> dev <STRING> scope <SCOPE> table <TABLE-ID> metric <METRIC> # to is optional src <IP ADDRESS> [to] <IP ADDRESS>/<MASK> via|gw <IP ADDRESS> or <IP ADDRESS> dev <STRING> scope <SCOPE> table <TABLE-ID> # will use multipath route ... blackhole <IP ADDRESS>[/<MASK>] } nopreempt # Override VRRP RFC preemption default preempt_delay # Seconds after startup until # preemption. 0 (default) to 1,000 debug # Debug level notify_master <STRING>|<QUOTED-STRING> # Same as vrrp_sync_group notify_backup <STRING>|<QUOTED-STRING> # Same as vrrp_sync_group notify_fault <STRING>|<QUOTED-STRING> # Same as vrrp_sync_group notify_stop <STRING>|<QUOTED-STRING> # Script to launch when stopping vrrp notify <STRING>|<QUOTED-STRING> # Same as vrrp_sync_group smtp_alert # Same as vrrp_sync_group } SCOPE can take the following values : * site * link * host * nowhere * global LABEL is optional and creates a name for the alias. For compatibility with "ifconfig", it should be of the form <realdev>:<anytext>, for example eth0:1 for an alias on eth0. METRIC is optional and specify a route priority. When a weight is specified in track_interface, instead of setting the vrrp instance to the FAULT state in case of failure, its priority will be increased by the weight when the interface is up (for positive weights), or decreased by the weight's absolute value when the interface is down (for negative weights). The weight must be comprised between -254 and +254 inclusive. 0 is the default behaviour which means that a failure implies a FAULT state. The common practise is to use positive weights to count a limited number of good services so that the server with the highest count becomes master. Negative weights are better to count unexpected failures among a high number of interfaces, as it will not saturate even with high number of interfaces. The same principle can be applied to track_script entries, except that an unspecified weight means that the default weight declared in the script will be used. 3. LVS configuration This block is divided in 2 sub-block : * Virtual server group * Virtual server 3.1. Virtual server group The configuration block looks like : virtual_server_group <STRING> { <IP ADDRESS> <PORT> # VIP VPORT <IP ADDRESS> <PORT> ... <IP ADDRESS RANGE> <PORT> # VIP range VPORT <IP ADDRESS RANGE> <PORT> ... fwmark <INTEGER> # fwmark fwmark <INTEGER> ... } Note: <IP ADDRESS RANGE> has the form of : XXX.YYY.ZZZ.WWW-VVV, define the IP address range starting at WWW and monotonaly incremented by one to VVV. Example : 192.168.200.1-10 means .1 to .10 IP addresses. 3.2. Virtual server The configuration block looks like : A virtual_server can be either : * vip vport declaration * fwmark declaration * group declaration virtual_server <IP ADDRESS> <PORT> { # VS IP/PORT declaration virtual_server fwmark <INTEGER> { # VS fwmark declaration virtual_server group <STRING> { # VS group declaration delay_loop <INTEGER> # delay timer for service polling lvs_sched rr|wrr|lc|wlc|lblc|sh|dh # LVS scheduler used lvs_method NAT|DR|TUN # LVS method used persistence_timeout <INTEGER> # LVS persistence timeout persistence_granularity <NETMASK> # LVS granularity mask protocol TCP # Only TCP is implemented ha_suspend # If VS IP address is not set, suspend # healthcheckers activity virtualhost <STRING> # VirtualHost string to use for # HTTP_GET or SSL_GET # Assume silently all RSs down and healthchecks # failed on start. This helps preventing false # positive actions on startup. Alpha mode is # disabled by default. alpha # On daemon shutdown, consider quorum and RS # down notifiers for execution, where appropriate. # Omega mode is disabled by default. omega # Minimum total weight of all live servers in # the pool necessary to operate VS with no # quality regression. Defaults to 1. quorum <INT> # Tolerate this much weight units compared to the # nominal quorum, when considering quorum gain # or loss. A flap dampener. Defaults to 0. hysteresis <INT> # Script to launch when quorum is gained. quorum_up <STRING>|<QUOTED-STRING> # Script to launch when quorum is lost. quorum_down <STRING>|<QUOTED-STRING> sorry_server <IP ADDRESS> <PORT> # RS to add to LVS topology when all # realserver are down real_server <IP ADDRESS> <PORT> { # RS declaration weight <INTEGER> # weight to use (default: 1) inhibit_on_failure # Set weight to 0 on healtchecker # failure notify_up <STRING>|<QUOTED-STRING> # Script to launch when # healthchecker consider service # as up. notify_down <STRING>|<QUOTED-STRING> # Script to launch when # healthchecker consider service # as down. HTTP_GET|SSL_GET { # HTTP and SSL healthcheckers url { # A set of url to test path <STRING> # Path digest <STRING> # Digest computed with genhash status_code <INTEGER> # status code returned into the HTTP } # header. url { path <STRING> digest <STRING> status_code <INTEGER> } ... connect_port <PORT> # TCP port to connect bindto <IP ADDRESS> # IP address to bind to connect_timeout <INTEGER> # Timeout connection nb_get_retry <INTEGER> # number of get retry delay_before_retry <INTEGER> # delay before retry } } real_server <IP ADDRESS> <PORT> { # Idem weight <INTEGER> # Idem inhibit_on_failure # Idem notify_up <STRING>|<QUOTED-STRING> # Idem notify_down <STRING>|<QUOTED-STRING> # Idem TCP_CHECK { # TCP healthchecker connect_port <PORT> # TCP port to connect bindto <IP ADDRESS> # IP address to bind to connect_timeout <INTEGER> # Timeout connection } } real_server <IP ADDRESS> <PORT> { # Idem weight <INTEGER> # Idem inhibit_on_failure # Idem notify_up <STRING>|<QUOTED-STRING> # Idem notify_down <STRING>|<QUOTED-STRING> # Idem SMTP_CHECK { # SMTP healthchecker host { # Optional additional host/port to check connect_ip <IP ADDRESS> # IP address to connect to connect_port <PORT> # Port to connect to bindto <IP ADDRESS> # IP address to bind to } host { connect_ip <IP ADDRESS> connect_port <PORT> bindto <IP ADDRESS> } ... connect_timeout <INTEGER> # Connection and read/write timeout retry <INTEGER> # Number of times to retry a failed check delay_before_retry <INTEGER> # Delay in seconds before retrying helo_name <STRING>|<QUOTED-STRING> # Host to use for the HELO request } } real_server <IP ADDRESS> <PORT> { # Idem weight <INTEGER> # Idem inhibit_on_failure # Idem notify_up <STRING>|<QUOTED-STRING> # Idem notify_down <STRING>|<QUOTED-STRING> # Idem MISC_CHECK { # MISC healthchecker misc_path <STRING>|<QUOTED-STRING> # External system script or program misc_timeout <INTEGER> # Script execution timeout # If set, exit code from healthchecker is used # to dynamically adjust the weight as follows: # exit status 0: svc check success, weight # unchanged. # exit status 1: svc check failed. # exit status 2-255: svc check success, weight # changed to 2 less than exit status. # (for example: exit status of 255 would set # weight to 253) misc_dynamic } } }