The Schworak Site | Log In | Up A Level

8. System administration commands (usually only for root)

Enter a Linux command to search for:

KEEPALIVED

Section: Maintenance Commands (8)
Updated: 2021-07-05
Index  |  Return to Main Contents

 

NAME

keepalived - load-balancing and high-availability service

 

SYNOPSIS

keepalived [-f|--use-file=FILE] [-P|--vrrp] [-C|--check] [-B|--no_bfd] [--all] [-l|--log-console] [-D|--log-detail] [-S|--log-facility={0-7|local{0-7}|user|daemon}] [-g|--log-file=FILE] [--flush-log-file] [-G|--no-syslog] [-X|--release-vips] [-V|--dont-release-vrrp] [-I|--dont-release-ipvs] [-R|--dont-respawn] [-n|--dont-fork] [-d|--dump-conf] [-p|--pid=FILE] [-r|--vrrp_pid=FILE] [-T|--genhash] [-c|--checkers_pid=FILE] [-a|--address-monitoring] [-b|--bfd_pid=FILE] [-s|--namespace=NAME] [-e|--all-config] [-i|--config-id id] [-x|--snmp] [-A|--snmp-agent-socket=FILE] [-u|--umask=NUMBER] [-m|--core-dump] [-M|--core-dump-pattern[=PATTERN]] [--signum=SIGFUNC] [-t|--config-test[=FILE]] [--perf[={all|run|end}]] [--debug[=debug-options]] [--no-mem-check] [-v|--version] [-h|--help]

 

DESCRIPTION

Keepalived provides simple and robust facilities for load-balancing and high-availability. The load-balancing framework relies on the well-known and widely used Linux Virtual Server (IPVS) kernel module providing Layer4 load-balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage a load-balanced server pool according to their health. Keepalived also implements the VRRPv2 and VRRPv3 protocols to achieve high-availability with director failover.

 

OPTIONS

-f, --use-file=FILE
Use the specified configuration file. The default configuration file is "/usr/local/etc/keepalived/keepalived.conf".
-P, --vrrp
Only run the VRRP subsystem. This is useful for configurations that do not use the IPVS load balancer.
-C, --check
Only run the healthcheck subsystem. This is useful for configurations that use the IPVS load balancer with a single director with no failover.
-B, --no_bfd
Don't run the BFD subsystem.
--all
Run all subsystems, even if they have no configuration.
-l, --log-console
Log messages to the local console. The default behavior is to log messages to syslog.
-D, --log-detail
Detailed log messages.
-S, --log-facility={0-7|local{0-7}|user|daemon}
Set syslog facility to LOG_LOCAL[0-7], LOG_USER or LOG_DAEMON. The default syslog facility is LOG_DAEMON.
-g, --log-file=FILE
Write log entries to FILE. FILE will have _vrrp, _healthcheckers, and _bfd inserted before the last '.' in FILE for the log output for those processes.
--flush-log-file
If using the -g option, the log file stream will be flushed after each write.
-G, --no-syslog
Do not write log entries to syslog. This can be useful if the rate of writing log entries is sufficiently high that syslog will rate limit them, and the -g option is used instead.
-X, --release-vips
Drop VIP on transition from signal.
-V, --dont-release-vrrp
Don't remove VRRP VIPs and VROUTEs on daemon stop. The default behavior is to remove all VIPs and VROUTEs when keepalived exits.
-I, --dont-release-ipvs
Don't remove IPVS topology on daemon stop. The default behavior it to remove all entries from the IPVS virtual server table when keepalived exits.
-R, --dont-respawn
Don't respawn child processes. The default behavior is to restart the VRRP and checker processes if either process exits.
-n, --dont-fork
Don't fork the daemon process. This option will cause keepalived to run in the foreground.
-d, --dump-conf
Dump the configuration data.
-p, --pid=FILE
Use the specified pidfile for the parent keepalived process. The default pidfile for keepalived is "/run/keepalived.pid", unless a network namespace is being used. See NAMESPACES below for more details.
-r, --vrrp_pid=FILE
Use the specified pidfile for the VRRP child process. The default pidfile for the VRRP child process is "/run/keepalived_vrrp.pid", unless a network namespace is being used.
-T, --genhash
Enter genhash utility mode. Previous versions of keepalived were shipped with a dedicated genhash utility. genhash is now part of the mainline code. We keep compatibility with previous genhash utility command line option. For more information please refer to the genhash(1) manpage.
-c, --checkers_pid=FILE
Use the specified pidfile for checkers child process. The default pidfile for the checker child process is "/run/keepalived_checkers.pid" unless a network namespace is being used.
-a, --address-monitoring
Log all address additions/deletions reported by netlink.
-b, --bfd_pid=FILE
Use the specified pidfile for the BFD child process. The default pidfile for the BFD child process is "/run/keepalived_bfd.pid" unless a network namespace is being used.
-s, --namespace=NAME
Run keepalived in network namespace NAME. See NAMESPACES below for more details.
-e, --all-config
Don't load if any configuration file is missing or cannot be read.
-i, --config-id ID
Use configuration id ID, for conditional configuration (defaults to hostname without the domain name).
-x, --snmp
Enable the SNMP subsystem.
-A, --snmp-agent-socket=FILE
Use the specified socket for connection to SNMP master agent.
-u, --umask=NUMBER
The umask specified in the usual numeric way - see man umask(2)
-m, --core-dump
Override the RLIMIT_CORE hard and soft limits to enable keepalived to produce a coredump in the event of a segfault or other failure. This is most useful if keepalived has been built with 'make debug'. Core dumps will be created in /, unless keepalived is run with the --dont-fork option, in which case they will be created in the directory from which keepalived was run, or they will be created in the directory of a configuraton file if the fault occurs while reading the file.
-M, --core-dump-pattern[=PATTERN]
Sets option --core-dump, and also updates /proc/sys/kernel/core_pattern to the pattern specified, or 'core' if none specified. Provided the parent process doesn't terminate abnormally, it will restore /proc/sys/kernel/core_pattern to its original value on exit.

Note: This will also affect any other process producing a core dump while keepalived is running.

--signum=PATTERN
Returns the signal number to use for STOP, RELOAD, DATA, STATS, STATS_CLEAR, JSON and TDATA. For example, to stop keepalived running, execute:
kill -s $(keepalived --signum=STOP) $(cat /run/keepalived.pid)
-t, --config-test[=FILE]
Keepalived will check the configuration file and exit with non-zero exit status if there are errors in the configuration, otherwise it exits with exit status 0 (see Exit status below for details).

Rather that writing to syslog, it will write diagnostic messages to stderr unless file is specified, in which case it will write to the file.

--perf[={all|run|end}]
Record perf data for vrrp process. Data will be written to /perf_vrrp.data. The data recorded is for use with the perf tool.
--no-mem-check
Disable malloc() etc mem-checks if they have been compiled into keepalived.
--debug[=debug-options]]
Enables debug options if they have been compiled into keepalived. debug-options is made up of a sequence of strings of the form Ulll.
The upper case letter specifies the debug option, and the lower case letters specify for which processes the option is to be enabled.
If a debug option is not followed by any lower case letters, the debug option is enabled for all processes.

The characters to identify the processes are:
ChrProcess

pParent process
bBFD process
cChecker process
vVRRP process

The characters used to identify the debug options are:

ChrDebug option

DEpoll thread dump
EEpoll debug
FVRRP fd debug
NNetlink timers
PNetwork timestamp
XRegex timers
MEmail alert debug
TTimer debug
STSM debug
RRegex debug
BSmtp connect debug
UChecksum diagnostics
OTrack process debug
ATrack process debug with extra detail
CParser (config) debug
HChecker debug
ZMemory alloc/free error debug
GVRRP recvmsg() debug
JVRRP recvmsg() log rx data
VScript debugging
KDump keywords

Example: --debug=DvEcvNR

-v, --version
Display the version and exit.
-h, --help
Display this help message and exit.
 

Exit status:

0
if OK
1
if unable to malloc memory
2
if cannot initialise subsystems
3
if running with --config-test and configuration cannot be run
4
if running with --config-test and there are configuration errors but keepalived will run after modifying the configuration
5
if running with --config-test and script security hasn't been enabled but scripts are configured.
 

NAMESPACES

keepalived can be run in a network namespace (see keepalived.conf(5) for configuration details). When run in a network namespace, a local mount namespace is also created, and /run/keepalived/keepalived_NamespaceName is mounted on /run/keepalived. By default, pid files with the usual default names are then created in /run/keepalived from the perspective of a process in the mount namespace, and they will be visible in /run/keepalived/keepalived_NamespaceName for a process running in the default mount namespace.

 

SIGNALS

keepalived reacts to a set of signals. You can send a signal to the parent keepalived process using the following:
kill -SIGNAL $(cat /run/keepalived.pid)

or better:

kill -s $(keepalived --signum=SIGFUNC) $(cat /run/keepalived.pid)

Note that if the first option is used, -SIGNAL must be replaced with the actual signal you are trying to send, e.g. with HUP. So it then becomes:

kill -HUP $(cat /run/keepalived.pid)

Signals other than for STOP, RELOAD, DATA and STATS may change depending on the kernel, and also what functionality is included in the version of the keepalived depending on the build options used.

HUP or SIGFUNC=RELOAD
This causes keepalived to close down all interfaces, reload its configuration, and start up with the new configuration.
Note: If a virtual_ipaddress, virtual_route or virtual_rule is being moved from one VRRP instance to another one, two reloads will be necessary, the first to remove the virtual ipaddress/route/rule, and the second reload to add it to the VRRP instance it is now to be configured on. Failing to do this can result in the ipaddress/route/rule not being configured on the new instance if both the old and new instances are in master state. It will usually work with a single reload, however, if either of the VRRP instances is not in MASTER state or if the VRRP instance the ipaddress/route/rule the VRRP instance is being added to is later in the original configuration file than the instance it is being removed from.
TERM, INT or SIGFUNC=STOP
keepalived will shut down.
USR1 or SIGFUNC=DATA
Write configuration data to /tmp/keepalived.data
USR2 or SIGFUNC=STATS
Write statistics info to /tmp/keepalived.stats
SIGFUNC=STATS_CLEAR
Write statistics info to /tmp/keepalived.stats and clear the statistics counters
SIGFUNC=JSON
Write configuration data in JSON format to /tmp/keepalived.json
SIGFUNC=TDATA
This causes keepalived to write the current state of its internal threads to the log

 

USING KEEPALIVED WITH FIREWALLD

If you are running a firewall (see firewalld(8)) you must allow VRRP protocol traffic through the firewall. For example if this instance of keepalived(8) has a peer node on IPv4 address 192.168.0.1:
# firewall-cmd \
    --add-rich-rule="rule family='ipv4' \
                     source address='192.168.0.1' \
                     protocol value='vrrp' accept" --permanent
# firewall-cmd --reload
 

SEE ALSO

keepalived.conf(5), ipvsadm(8)

 

AUTHOR

This man page was written by Ryan O'Hara <rohara@redhat.com>


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
Exit status:
NAMESPACES
SIGNALS
USING KEEPALIVED WITH FIREWALLD
SEE ALSO
AUTHOR

Return to Main Contents

All content on this site is copyright ©2004-2024 and is not to be reproduced without prior permission.