/
keepalived.conf.SYNOPSIS
269 lines (220 loc) · 8.6 KB
/
keepalived.conf.SYNOPSIS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
This file describe all the Keepalived available keywords. The keepalived.conf
file is compounded by three configurations parts :
* Globals configurations
* VRRP configuration
* LVS configuration
0. Comment string
There is 2 valid comment valid string : # or ! If you want to add comment
in you configuration file use this char.
1. Globals configurations
This block is divided in 2 sub-block :
* Global definitions
* Static routes
1.1. Global definitions
The configuration block looks like :
global_defs { # Block identification
notification_email { # Email to send alertes to
<EMAIL ADDRESS> # Standard email address
<EMAIL ADDRESS>
...
}
notification_email_from <EMAIL ADDRESS> # Email From dealing with SMTP proto
smtp_server <IP ADDRESS> # SMTP server IP address
smtp_connect_timeout <INTEGER> # Number of seconds timeout connect
# remote SMTP server
lvs_id <STRING> # String identifying router
}
1.2. Static addresses
The configuration block looks like :
static_ipaddress { # block identification
<IP ADDRESS>/<MASK> dev <STRING> scope <SCOPE>
<IP ADDRESS>/<MASK> dev <STRING> scope <SCOPE>
...
}
SCOPE can take the following values :
* site
* link
* host
* nowhere
* global
1.3. Static routes
The configuration block looks like :
static_routes { # block identification
src <IP ADDRESS> [to] <IP ADDRESS>/<MASK> via|gw <IP ADDRESS> dev <STRING> scope <SCOPE> table <TABLE-ID> # to is optional
src <IP ADDRESS> [to] <IP ADDRESS>/<MASK> via|gw <IP ADDRESS> dev <STRING> scope <SCOPE> table <TABLE-ID> # to is optional
...
}
SCOPE can take the following values :
* site
* link
* host
* nowhere
* global
2. VRRP configuration
This block is divided in 2 sub-block :
* VRRP synchronization group
* VRRP instance
2.1. VRRP synchronization group
The configuration block looks like :
vrrp_sync_group <STRING> { # VRRP sync group declaration
group { # group of instance to sync together
<STRING> # a
<STRING> # set
... # of VRRP_Instance string
}
notify_master <STRING>|<QUOTED-STRING> # Script to run during MASTER transit
notify_backup <STRING>|<QUOTED-STRING> # Script to run during BACKUP transit
notify_fault <STRING>|<QUOTED-STRING> # Script to run during FAULT transit
notify <STRING>|<QUOTED-STRING> # Script to run during ANY state transit (1)
smtp_alert # Send email notif during state transit
}
(1) The "notify" script is called AFTER the corresponding notify_* script has
been called, and is given exactly 3 arguments (the whole string is interpreted
as a litteral filename so don't add parameters!):
$1 = A string indicating whether it's a "GROUP" or an "INSTANCE"
$2 = The name of said group or instance
$3 = The state it's transitioning to ("MASTER", "BACKUP" or "FAULT")
$1 and $3 are ALWAYS sent in uppercase, and the possible strings sent are the
same ones listed above ("GROUP"/"INSTANCE", "MASTER"/"BACKUP"/"FAULT").
2.2. VRRP instance
The configuration block looks like :
vrrp_instance <STRING> { # VRRP instance declaration
state MASTER|BACKUP # Start-up default state
interface <STRING> # Binding interface
track_interface { # Interfaces state we monitor
<STRING>
<STRING>
...
}
mcast_src_ip <IP ADDRESS> # src_ip to use into the VRRP packets
lvs_sync_daemon_interface <STRING> # Binding interface for lvs syncd
garp_master_delay <INTEGER> # delay for gratuitous ARP after MASTER
# state transition
virtual_router_id <INTEGER-0..255> # VRRP VRID
priority <INTEGER-0..255> # VRRP PRIO
advert_int <INTEGER> # VRRP Advert interval (use default)
authentication { # Authentication block
auth_type PASS|AH # Simple Passwd or IPSEC AH
auth_pass <STRING> # Password string
}
virtual_ipaddress { # VRRP IP addres block
<IP ADDRESS>/<MASK> dev <STRING> scope <SCOPE>
<IP ADDRESS>/<MASK> dev <STRING> scope <SCOPE>
...
}
virtual_ipaddress_excluded { # VRRP IP excluded from VRRP
<IP ADDRESS>/<MASK> dev <STRING> scope <SCOPE> # packets
<IP ADDRESS>/<MASK> dev <STRING> scope <SCOPE>
...
}
virtual_routes { # VRRP virtual routes
src <IP ADDRESS> [to] <IP ADDRESS>/<MASK> via|gw <IP ADDRESS> dev <STRING> scope <SCOPE> table <TABLE-ID> # to is optional
src <IP ADDRESS> [to] <IP ADDRESS>/<MASK> via|gw <IP ADDRESS> dev <STRING> scope <SCOPE> table <TABLE-ID> # to is optional
...
}
preempt # VRRP preempt mode (default set)
debug # Debug level
notify_master <STRING>|<QUOTED-STRING> # Same as vrrp_sync_group
notify_backup <STRING>|<QUOTED-STRING> # Same as vrrp_sync_group
notify_fault <STRING>|<QUOTED-STRING> # Same as vrrp_sync_group
notify <STRING>|<QUOTED-STRING> # Same as vrrp_sync_group
smtp_alert # Same as vrrp_sync_group
}
SCOPE can take the following values :
* site
* link
* host
* nowhere
* global
3. LVS configuration
This block is divided in 2 sub-block :
* Virtual server group
* Virtual server
3.1. Virtual server group
The configuration block looks like :
virtual_server_group <STRING> {
<IP ADDRESS> <PORT> # VIP VPORT
<IP ADDRESS> <PORT>
...
<IP ADDRESS RANGE> <PORT> # VIP range VPORT
<IP ADDRESS RANGE> <PORT>
...
fwmark <INTEGER> # fwmark
fwmark <INTEGER>
...
}
Note: <IP ADDRESS RANGE> has the form of : XXX.YYY.ZZZ.WWW-VVV, define
the IP address range starting at WWW and monotonaly incremented by
one to VVV. Example : 192.168.200.1-10 means .1 to .10 IP addresses.
3.2. Virtual server
The configuration block looks like :
A virtual_server can be either :
* vip vport declaration
* fwmark declaration
* group declaration
virtual_server <IP ADDRESS> <PORT> { # VS IP/PORT declaration
virtual_server fwmark <INTEGER> { # VS fwmark declaration
virtual_server group <STRING> { # VS group declaration
delay_loop <INTEGER> # delay timer for service polling
lb_algo rr|wrr|lc|wlc|lblc|sh|dh # LVS scheduler used
lb_kind NAT|DR|TUN # LVS method used
persistence_timeout <INTEGER> # LVS persistence timeout
persistence_granularity <NETMASK> # LVS granularity mask
protocol TCP # Only TCP is implemented
ha_suspend # If VS IP address is not set, suspend
# healthcheckers activity
virtualhost <STRING> # VirtualHost string to use for
# HTTP_GET or SSL_GET
sorry_server <IP ADDRESS> <PORT> # RS to add to LVS topology when all
# realserver are down
real_server <IP ADDRESS> <PORT> { # RS declaration
weight <INTEGER> # weight to use (default: 1)
inhibit_on_failure # Set weight to 0 on healtchecker
# failure
notify_up <STRING>|<QUOTED-STRING> # Script to launch when
# healthchecker consider service
# as up.
notify_down <STRING>|<QUOTED-STRING> # Script to launch when
# healthchecker consider service
# as down.
HTTP_GET|SSL_GET { # HTTP and SSL healthcheckers
url { # A set of url to test
path <STRING> # Path
digest <STRING> # Digest computed with genhash
status_code <INTEGER> # status code returned into the HTTP
} # header.
url {
path <STRING>
digest <STRING>
status_code <INTEGER>
}
...
connect_port <PORT> # TCP port to connect
bindto <IP ADDRESS> # IP address to bind to
connect_timeout <INTEGER> # Timeout connection
nb_get_retry <INTEGER> # number of get retry
delay_before_retry <INTEGER> # delay before retry
}
}
real_server <IP ADDRESS> <PORT> { # Idem
weight <INTEGER> # Idem
inhibit_on_failure # Idem
notify_up <STRING>|<QUOTED-STRING> # Idem
notify_down <STRING>|<QUOTED-STRING> # Idem
TCP_CHECK { # TCP healthchecker
connect_port <PORT> # TCP port to connect
bindto <IP ADDRESS> # IP address to bind to
connect_timeout <INTEGER> # Timeout connection
}
}
real_server <IP ADDRESS> <PORT> { # Idem
weight <INTEGER> # Idem
inhibit_on_failure # Idem
notify_up <STRING>|<QUOTED-STRING> # Idem
notify_down <STRING>|<QUOTED-STRING> # Idem
MISC_CHECK { # MISC healthchecker
misc_path <STRING>|<QUOTED-STRING> # External system script or program
misc_timeout <INTEGER> # Script execution timeout
}
}
}