Provides unit tests and examples for the Keepalived lens.
Test_Keepalived | Provides unit tests and examples for the Keepalived lens. |
Augeas Variables | |
conf | A full configuration file |
Augeas Tests | |
Keepalived.lns | Test the full conf |
Augeas Variables | |
tcp_check | An example of a TCP health checker |
misc_check | An example of a MISC health checker |
smtp_check | An example of an SMTP health checker |
http_check | An example of an HTTP health checker |
let conf = "! This is a comment ! Configuration File for keepalived global_defs { ! this is who emails will go to on alerts notification_email { admins@example.com fakepager@example.com ! add a few more email addresses here if you would like } notification_email_from admins@example.com smtp_server 127.0.0.1 ! I use the local machine to relay mail smtp_connect_timeout 30 ! each load balancer should have a different ID ! this will be used in SMTP alerts, so you should make ! each router easily identifiable lvs_id LVS_EXAMPLE_01 vrrp_mcast_group4 224.0.0.18 vrrp_mcast_group6 ff02::12 } vrrp_sync_group VG1 { group { inside_network # name of vrrp_instance (below) outside_network # One for each moveable IP. } notify /usr/bin/foo notify_master /usr/bin/foo smtp_alert } vrrp_instance VI_1 { state MASTER interface eth0 track_interface { eth0 # Back eth1 # DMZ } track_script { check_apache2 # weight = +2 si ok, 0 si nok } garp_master_delay 5 garp_master_repeat 5 garp_master_refresh 5 garp_master_refresh_repeat 5 priority 50 advert_int 2 authentication { auth_type PASS auth_pass mypass } virtual_ipaddress { 10.234.66.146/32 dev eth0 } lvs_sync_daemon_interface eth0 ha_suspend notify_master \"/svr/scripts/notify_master.sh\" notify_backup \"/svr/scripts/notify_backup.sh\" notify_fault \"/svr/scripts/notify_fault.sh\" notify \"/svr/scripts/notify.sh\" ! each virtual router id must be unique per instance name! virtual_router_id 51 ! MASTER and BACKUP state are determined by the priority ! even if you specify MASTER as the state, the state will ! be voted on by priority (so if your state is MASTER but your ! priority is lower than the router with BACKUP, you will lose ! the MASTER state) ! I make it a habit to set priorities at least 50 points apart ! note that a lower number is lesser priority - lower gets less vote priority 150 ! how often should we vote, in seconds? advert_int 1 ! send an alert when this instance changes state from MASTER to BACKUP smtp_alert ! this authentication is for syncing between failover servers ! keepalived supports PASS, which is simple password ! authentication ! or AH, which is the IPSec authentication header. ! I don't use AH ! yet as many people have reported problems with it authentication { auth_type PASS auth_pass example } ! these are the IP addresses that keepalived will setup on this ! machine. Later in the config we will specify which real ! servers are behind these IPs ! without this block, keepalived will not setup and takedown the ! any IP addresses virtual_ipaddress { 192.168.1.11 10.234.66.146/32 dev vlan933 # parse it well ! and more if you want them } use_vmac vmac_xmit_base native_ipv6 dont_track_primary preempt_delay mcast_src_ip 192.168.1.1 unicast_src_ip 192.168.1.1 unicast_peer { 192.168.1.2 192.168.1.3 } } virtual_server 192.168.1.11 22 { delay_loop 6 ! use round-robin as a load balancing algorithm lb_algo rr ! we are doing NAT lb_kind NAT nat_mask 255.255.255.0 protocol TCP sorry_server 10.20.40.30 22 ! there can be as many real_server blocks as you need real_server 10.20.40.10 22 { ! if we used weighted round-robin or a similar lb algo, ! we include the weight of this server weight 1 ! here is a health checker for this server. ! we could use a custom script here (see the keepalived docs) ! but we will just make sure we can do a vanilla tcp connect() ! on port 22 ! if it fails, we will pull this realserver out of the pool ! and send email about the removal TCP_CHECK { connect_timeout 3 connect_port 22 } } } virtual_server_group DNS_1 { 192.168.0.1 22 10.234.55.22-25 36 10.45.58.59/32 27 } vrrp_script chk_apache2 { # Requires keepalived-1.1.13 script \"killall -0 apache2\" # faster interval 2 # check every 2 seconds weight 2 # add 2 points of prio if OK fall 5 raise 5 } ! that's all "
A full configuration file
test Keepalived.lns get conf = { "#comment" = "This is a comment" } { "#comment" = "Configuration File for keepalived" } {} { "global_defs" { "#comment" = "this is who emails will go to on alerts" } { "notification_email" { "email" = "admins@example.com" } { "email" = "fakepager@example.com" } { "#comment" = "add a few more email addresses here if you would like" } } { "notification_email_from" = "admins@example.com" } { } { "smtp_server" = "127.0.0.1" { "#comment" = "I use the local machine to relay mail" } } { "smtp_connect_timeout" = "30" } {} { "#comment" = "each load balancer should have a different ID" } { "#comment" = "this will be used in SMTP alerts, so you should make" } { "#comment" = "each router easily identifiable" } { "lvs_id" = "LVS_EXAMPLE_01" } {} { "vrrp_mcast_group4" = "224.0.0.18" } { "vrrp_mcast_group6" = "ff02::12" } } {} { "vrrp_sync_group" = "VG1" { "group" { "inside_network" { "#comment" = "name of vrrp_instance (below)" } } { "outside_network" { "#comment" = "One for each moveable IP." } } } { "notify" = "/usr/bin/foo" } { "notify_master" = "/usr/bin/foo" } { "smtp_alert" } } {}
Test the full conf
let tcp_check = "virtual_server 192.168.1.11 22 { real_server 10.20.40.10 22 { TCP_CHECK { connect_timeout 3 connect_port 22 bindto 192.168.1.1 } } } " test Keepalived.lns get tcp_check = { "virtual_server" { "ip" = "192.168.1.11" } { "port" = "22" } { "real_server" { "ip" = "10.20.40.10" } { "port" = "22" } { "TCP_CHECK" { "connect_timeout" = "3" } { "connect_port" = "22" } { "bindto" = "192.168.1.1" } } } }
An example of a TCP health checker
let misc_check = "virtual_server 192.168.1.11 22 { real_server 10.20.40.10 22 { MISC_CHECK { misc_path /usr/local/bin/server_test misc_timeout 3 misc_dynamic } } } " test Keepalived.lns get misc_check = { "virtual_server" { "ip" = "192.168.1.11" } { "port" = "22" } { "real_server" { "ip" = "10.20.40.10" } { "port" = "22" } { "MISC_CHECK" { "misc_path" = "/usr/local/bin/server_test" } { "misc_timeout" = "3" } { "misc_dynamic" } } } }
An example of a MISC health checker
let smtp_check = "virtual_server 192.168.1.11 22 { real_server 10.20.40.10 22 { SMTP_CHECK { host { connect_ip 10.20.40.11 connect_port 587 bindto 192.168.1.1 } connect_timeout 3 retry 5 delay_before_retry 10 helo_name \"Testing Augeas\" } } } " test Keepalived.lns get smtp_check = { "virtual_server" { "ip" = "192.168.1.11" } { "port" = "22" } { "real_server" { "ip" = "10.20.40.10" } { "port" = "22" } { "SMTP_CHECK" { "host" { "connect_ip" = "10.20.40.11" } { "connect_port" = "587" } { "bindto" = "192.168.1.1" } } { "connect_timeout" = "3" } { "retry" = "5" } { "delay_before_retry" = "10" } { "helo_name" = "\"Testing Augeas\"" } } } }
An example of an SMTP health checker
let http_check = "virtual_server 192.168.1.11 22 { real_server 10.20.40.10 22 { HTTP_GET { url { path /mrtg2/ digest 9b3a0c85a887a256d6939da88aabd8cd status_code 200 } connect_timeout 3 connect_port 8080 nb_get_retry 5 delay_before_retry 10 } SSL_GET { connect_port 8443 } } } " test Keepalived.lns get http_check = { "virtual_server" { "ip" = "192.168.1.11" } { "port" = "22" } { "real_server" { "ip" = "10.20.40.10" } { "port" = "22" } { "HTTP_GET" { "url" { "path" = "/mrtg2/" } { "digest" = "9b3a0c85a887a256d6939da88aabd8cd" } { "status_code" = "200" } } { "connect_timeout" = "3" } { "connect_port" = "8080" } { "nb_get_retry" = "5" } { "delay_before_retry" = "10" } } { "SSL_GET" { "connect_port" = "8443" } } } }
An example of an HTTP health checker
A full configuration file
let conf = "! This is a comment ! Configuration File for keepalived global_defs { ! this is who emails will go to on alerts notification_email { admins@example.com fakepager@example.com ! add a few more email addresses here if you would like } notification_email_from admins@example.com smtp_server 127.0.0.1 ! I use the local machine to relay mail smtp_connect_timeout 30 ! each load balancer should have a different ID ! this will be used in SMTP alerts, so you should make ! each router easily identifiable lvs_id LVS_EXAMPLE_01 vrrp_mcast_group4 224.0.0.18 vrrp_mcast_group6 ff02::12 } vrrp_sync_group VG1 { group { inside_network # name of vrrp_instance (below) outside_network # One for each moveable IP. } notify /usr/bin/foo notify_master /usr/bin/foo smtp_alert } vrrp_instance VI_1 { state MASTER interface eth0 track_interface { eth0 # Back eth1 # DMZ } track_script { check_apache2 # weight = +2 si ok, 0 si nok } garp_master_delay 5 garp_master_repeat 5 garp_master_refresh 5 garp_master_refresh_repeat 5 priority 50 advert_int 2 authentication { auth_type PASS auth_pass mypass } virtual_ipaddress { 10.234.66.146/32 dev eth0 } lvs_sync_daemon_interface eth0 ha_suspend notify_master \"/svr/scripts/notify_master.sh\" notify_backup \"/svr/scripts/notify_backup.sh\" notify_fault \"/svr/scripts/notify_fault.sh\" notify \"/svr/scripts/notify.sh\" ! each virtual router id must be unique per instance name! virtual_router_id 51 ! MASTER and BACKUP state are determined by the priority ! even if you specify MASTER as the state, the state will ! be voted on by priority (so if your state is MASTER but your ! priority is lower than the router with BACKUP, you will lose ! the MASTER state) ! I make it a habit to set priorities at least 50 points apart ! note that a lower number is lesser priority - lower gets less vote priority 150 ! how often should we vote, in seconds? advert_int 1 ! send an alert when this instance changes state from MASTER to BACKUP smtp_alert ! this authentication is for syncing between failover servers ! keepalived supports PASS, which is simple password ! authentication ! or AH, which is the IPSec authentication header. ! I don't use AH ! yet as many people have reported problems with it authentication { auth_type PASS auth_pass example } ! these are the IP addresses that keepalived will setup on this ! machine. Later in the config we will specify which real ! servers are behind these IPs ! without this block, keepalived will not setup and takedown the ! any IP addresses virtual_ipaddress { 192.168.1.11 10.234.66.146/32 dev vlan933 # parse it well ! and more if you want them } use_vmac vmac_xmit_base native_ipv6 dont_track_primary preempt_delay mcast_src_ip 192.168.1.1 unicast_src_ip 192.168.1.1 unicast_peer { 192.168.1.2 192.168.1.3 } } virtual_server 192.168.1.11 22 { delay_loop 6 ! use round-robin as a load balancing algorithm lb_algo rr ! we are doing NAT lb_kind NAT nat_mask 255.255.255.0 protocol TCP sorry_server 10.20.40.30 22 ! there can be as many real_server blocks as you need real_server 10.20.40.10 22 { ! if we used weighted round-robin or a similar lb algo, ! we include the weight of this server weight 1 ! here is a health checker for this server. ! we could use a custom script here (see the keepalived docs) ! but we will just make sure we can do a vanilla tcp connect() ! on port 22 ! if it fails, we will pull this realserver out of the pool ! and send email about the removal TCP_CHECK { connect_timeout 3 connect_port 22 } } } virtual_server_group DNS_1 { 192.168.0.1 22 10.234.55.22-25 36 10.45.58.59/32 27 } vrrp_script chk_apache2 { # Requires keepalived-1.1.13 script \"killall -0 apache2\" # faster interval 2 # check every 2 seconds weight 2 # add 2 points of prio if OK fall 5 raise 5 } ! that's all "
Test the full conf
test Keepalived.lns get conf = { "#comment" = "This is a comment" } { "#comment" = "Configuration File for keepalived" } {} { "global_defs" { "#comment" = "this is who emails will go to on alerts" } { "notification_email" { "email" = "admins@example.com" } { "email" = "fakepager@example.com" } { "#comment" = "add a few more email addresses here if you would like" } } { "notification_email_from" = "admins@example.com" } { } { "smtp_server" = "127.0.0.1" { "#comment" = "I use the local machine to relay mail" } } { "smtp_connect_timeout" = "30" } {} { "#comment" = "each load balancer should have a different ID" } { "#comment" = "this will be used in SMTP alerts, so you should make" } { "#comment" = "each router easily identifiable" } { "lvs_id" = "LVS_EXAMPLE_01" } {} { "vrrp_mcast_group4" = "224.0.0.18" } { "vrrp_mcast_group6" = "ff02::12" } } {} { "vrrp_sync_group" = "VG1" { "group" { "inside_network" { "#comment" = "name of vrrp_instance (below)" } } { "outside_network" { "#comment" = "One for each moveable IP." } } } { "notify" = "/usr/bin/foo" } { "notify_master" = "/usr/bin/foo" } { "smtp_alert" } } {}
An example of a TCP health checker
let tcp_check = "virtual_server 192.168.1.11 22 { real_server 10.20.40.10 22 { TCP_CHECK { connect_timeout 3 connect_port 22 bindto 192.168.1.1 } } } " test Keepalived.lns get tcp_check = { "virtual_server" { "ip" = "192.168.1.11" } { "port" = "22" } { "real_server" { "ip" = "10.20.40.10" } { "port" = "22" } { "TCP_CHECK" { "connect_timeout" = "3" } { "connect_port" = "22" } { "bindto" = "192.168.1.1" } } } }
An example of a MISC health checker
let misc_check = "virtual_server 192.168.1.11 22 { real_server 10.20.40.10 22 { MISC_CHECK { misc_path /usr/local/bin/server_test misc_timeout 3 misc_dynamic } } } " test Keepalived.lns get misc_check = { "virtual_server" { "ip" = "192.168.1.11" } { "port" = "22" } { "real_server" { "ip" = "10.20.40.10" } { "port" = "22" } { "MISC_CHECK" { "misc_path" = "/usr/local/bin/server_test" } { "misc_timeout" = "3" } { "misc_dynamic" } } } }
An example of an SMTP health checker
let smtp_check = "virtual_server 192.168.1.11 22 { real_server 10.20.40.10 22 { SMTP_CHECK { host { connect_ip 10.20.40.11 connect_port 587 bindto 192.168.1.1 } connect_timeout 3 retry 5 delay_before_retry 10 helo_name \"Testing Augeas\" } } } " test Keepalived.lns get smtp_check = { "virtual_server" { "ip" = "192.168.1.11" } { "port" = "22" } { "real_server" { "ip" = "10.20.40.10" } { "port" = "22" } { "SMTP_CHECK" { "host" { "connect_ip" = "10.20.40.11" } { "connect_port" = "587" } { "bindto" = "192.168.1.1" } } { "connect_timeout" = "3" } { "retry" = "5" } { "delay_before_retry" = "10" } { "helo_name" = "\"Testing Augeas\"" } } } }
An example of an HTTP health checker
let http_check = "virtual_server 192.168.1.11 22 { real_server 10.20.40.10 22 { HTTP_GET { url { path /mrtg2/ digest 9b3a0c85a887a256d6939da88aabd8cd status_code 200 } connect_timeout 3 connect_port 8080 nb_get_retry 5 delay_before_retry 10 } SSL_GET { connect_port 8443 } } } " test Keepalived.lns get http_check = { "virtual_server" { "ip" = "192.168.1.11" } { "port" = "22" } { "real_server" { "ip" = "10.20.40.10" } { "port" = "22" } { "HTTP_GET" { "url" { "path" = "/mrtg2/" } { "digest" = "9b3a0c85a887a256d6939da88aabd8cd" } { "status_code" = "200" } } { "connect_timeout" = "3" } { "connect_port" = "8080" } { "nb_get_retry" = "5" } { "delay_before_retry" = "10" } } { "SSL_GET" { "connect_port" = "8443" } } } }