(*
Module: Test_Keepalived
Provides unit tests and examples for the <Keepalived> lens.
*)
module Test_Keepalived =
(* Variable: conf
A full configuration file *)
let conf = "! This is a comment
! Configuration File for keepalived
global_defs {
! this is who emails will go to on alerts
notification_email {
admins@example.com
fakepager@example.com
! add a few more email addresses here if you would like
}
notification_email_from admins@example.com
smtp_server 127.0.0.1 ! I use the local machine to relay mail
smtp_connect_timeout 30
! each load balancer should have a different ID
! this will be used in SMTP alerts, so you should make
! each router easily identifiable
lvs_id LVS_EXAMPLE_01
vrrp_mcast_group4 224.0.0.18
vrrp_mcast_group6 ff02::12
}
vrrp_sync_group VG1 {
group {
inside_network # name of vrrp_instance (below)
outside_network # One for each moveable IP.
}
notify /usr/bin/foo
notify_master /usr/bin/foo
smtp_alert
}
vrrp_instance VI_1 {
state MASTER
interface eth0
track_interface {
eth0 # Back
eth1 # DMZ
}
track_script {
check_apache2 # weight = +2 si ok, 0 si nok
}
garp_master_delay 5
garp_master_repeat 5
garp_master_refresh 5
garp_master_refresh_repeat 5
priority 50
advert_int 2
authentication {
auth_type PASS
auth_pass mypass
}
virtual_ipaddress {
10.234.66.146/32 dev eth0
}
lvs_sync_daemon_interface eth0
ha_suspend
notify_master \"/svr/scripts/notify_master.sh\"
notify_backup \"/svr/scripts/notify_backup.sh\"
notify_fault \"/svr/scripts/notify_fault.sh\"
notify \"/svr/scripts/notify.sh\"
! each virtual router id must be unique per instance name!
virtual_router_id 51
! MASTER and BACKUP state are determined by the priority
! even if you specify MASTER as the state, the state will
! be voted on by priority (so if your state is MASTER but your
! priority is lower than the router with BACKUP, you will lose
! the MASTER state)
! I make it a habit to set priorities at least 50 points apart
! note that a lower number is lesser priority - lower gets less vote
priority 150
! how often should we vote, in seconds?
advert_int 1
! send an alert when this instance changes state from MASTER to BACKUP
smtp_alert
! this authentication is for syncing between failover servers
! keepalived supports PASS, which is simple password
! authentication
! or AH, which is the IPSec authentication header.
! I don't use AH
! yet as many people have reported problems with it
authentication {
auth_type PASS
auth_pass example
}
! these are the IP addresses that keepalived will setup on this
! machine. Later in the config we will specify which real
! servers are behind these IPs
! without this block, keepalived will not setup and takedown the
! any IP addresses
virtual_ipaddress {
192.168.1.11
10.234.66.146/32 dev vlan933 # parse it well
! and more if you want them
}
use_vmac
vmac_xmit_base
native_ipv6
dont_track_primary
preempt_delay
mcast_src_ip 192.168.1.1
unicast_src_ip 192.168.1.1
unicast_peer {
192.168.1.2
192.168.1.3
}
}
virtual_server 192.168.1.11 22 {
delay_loop 6
! use round-robin as a load balancing algorithm
lb_algo rr
! we are doing NAT
lb_kind NAT
nat_mask 255.255.255.0
protocol TCP
sorry_server 10.20.40.30 22
! there can be as many real_server blocks as you need
real_server 10.20.40.10 22 {
! if we used weighted round-robin or a similar lb algo,
! we include the weight of this server
weight 1
! here is a health checker for this server.
! we could use a custom script here (see the keepalived docs)
! but we will just make sure we can do a vanilla tcp connect()
! on port 22
! if it fails, we will pull this realserver out of the pool
! and send email about the removal
TCP_CHECK {
connect_timeout 3
connect_port 22
}
}
}
virtual_server_group DNS_1 {
192.168.0.1 22
10.234.55.22-25 36
10.45.58.59/32 27
}
vrrp_script chk_apache2 { # Requires keepalived-1.1.13
script \"killall -0 apache2\" # faster
interval 2 # check every 2 seconds
weight 2 # add 2 points of prio if OK
fall 5
raise 5
}
! that's all
"
(* Test: Keepalived.lns
Test the full <conf> *)
test Keepalived.lns get conf =
{ "#comment" = "This is a comment" }
{ "#comment" = "Configuration File for keepalived" }
{}
{ "global_defs"
{ "#comment" = "this is who emails will go to on alerts" }
{ "notification_email"
{ "email" = "admins@example.com" }
{ "email" = "fakepager@example.com" }
{ "#comment" = "add a few more email addresses here if you would like" } }
{ "notification_email_from" = "admins@example.com" }
{ }
{ "smtp_server" = "127.0.0.1"
{ "#comment" = "I use the local machine to relay mail" } }
{ "smtp_connect_timeout" = "30" }
{}
{ "#comment" = "each load balancer should have a different ID" }
{ "#comment" = "this will be used in SMTP alerts, so you should make" }
{ "#comment" = "each router easily identifiable" }
{ "lvs_id" = "LVS_EXAMPLE_01" }
{}
{ "vrrp_mcast_group4" = "224.0.0.18" }
{ "vrrp_mcast_group6" = "ff02::12" } }
{}
{ "vrrp_sync_group" = "VG1"
{ "group"
{ "inside_network"
{ "#comment" = "name of vrrp_instance (below)" } }
{ "outside_network"
{ "#comment" = "One for each moveable IP." } } }
{ "notify" = "/usr/bin/foo" }
{ "notify_master" = "/usr/bin/foo" }
{ "smtp_alert" } }
{}
{ "vrrp_instance" = "VI_1"
{ "state" = "MASTER" }
{ "interface" = "eth0" }
{ }
{ "track_interface"
{ "eth0" { "#comment" = "Back" } }
{ "eth1" { "#comment" = "DMZ" } } }
{ "track_script"
{ "check_apache2" { "#comment" = "weight = +2 si ok, 0 si nok" } } }
{ "garp_master_delay" = "5" }
{ "garp_master_repeat" = "5" }
{ "garp_master_refresh" = "5" }
{ "garp_master_refresh_repeat" = "5" }
{ "priority" = "50" }
{ "advert_int" = "2" }
{ "authentication"
{ "auth_type" = "PASS" }
{ "auth_pass" = "mypass" } }
{ "virtual_ipaddress"
{ "ipaddr" = "10.234.66.146"
{ "prefixlen" = "32" }
{ "dev" = "eth0" } } }
{ }
{ "lvs_sync_daemon_interface" = "eth0" }
{ "ha_suspend" }
{ }
{ "notify_master" = "\"/svr/scripts/notify_master.sh\"" }
{ "notify_backup" = "\"/svr/scripts/notify_backup.sh\"" }
{ "notify_fault" = "\"/svr/scripts/notify_fault.sh\"" }
{ "notify" = "\"/svr/scripts/notify.sh\"" }
{ }
{ "#comment" = "each virtual router id must be unique per instance name!" }
{ "virtual_router_id" = "51" }
{ }
{ "#comment" = "MASTER and BACKUP state are determined by the priority" }
{ "#comment" = "even if you specify MASTER as the state, the state will" }
{ "#comment" = "be voted on by priority (so if your state is MASTER but your" }
{ "#comment" = "priority is lower than the router with BACKUP, you will lose" }
{ "#comment" = "the MASTER state)" }
{ "#comment" = "I make it a habit to set priorities at least 50 points apart" }
{ "#comment" = "note that a lower number is lesser priority - lower gets less vote" }
{ "priority" = "150" }
{ }
{ "#comment" = "how often should we vote, in seconds?" }
{ "advert_int" = "1" }
{ }
{ "#comment" = "send an alert when this instance changes state from MASTER to BACKUP" }
{ "smtp_alert" }
{ }
{ "#comment" = "this authentication is for syncing between failover servers" }
{ "#comment" = "keepalived supports PASS, which is simple password" }
{ "#comment" = "authentication" }
{ "#comment" = "or AH, which is the IPSec authentication header." }
{ "#comment" = "I don't use AH" }
{ "#comment" = "yet as many people have reported problems with it" }
{ "authentication"
{ "auth_type" = "PASS" }
{ "auth_pass" = "example" } }
{ }
{ "#comment" = "these are the IP addresses that keepalived will setup on this" }
{ "#comment" = "machine. Later in the config we will specify which real" }
{ "#comment" = "servers are behind these IPs" }
{ "#comment" = "without this block, keepalived will not setup and takedown the" }
{ "#comment" = "any IP addresses" }
{ }
{ "virtual_ipaddress"
{ "ipaddr" = "192.168.1.11" }
{ "ipaddr" = "10.234.66.146"
{ "prefixlen" = "32" }
{ "dev" = "vlan933" }
{ "#comment" = "parse it well" } }
{ "#comment" = "and more if you want them" } }
{ }
{ "use_vmac" }
{ "vmac_xmit_base" }
{ "native_ipv6" }
{ "dont_track_primary" }
{ "preempt_delay" }
{ }
{ "mcast_src_ip" = "192.168.1.1" }
{ "unicast_src_ip" = "192.168.1.1" }
{ }
{ "unicast_peer"
{ "ipaddr" = "192.168.1.2" }
{ "ipaddr" = "192.168.1.3" } } }
{ }
{ "virtual_server"
{ "ip" = "192.168.1.11" }
{ "port" = "22" }
{ "delay_loop" = "6" }
{ }
{ "#comment" = "use round-robin as a load balancing algorithm" }
{ "lb_algo" = "rr" }
{ }
{ "#comment" = "we are doing NAT" }
{ "lb_kind" = "NAT" }
{ "nat_mask" = "255.255.255.0" }
{ }
{ "protocol" = "TCP" }
{ }
{ "sorry_server"
{ "ip" = "10.20.40.30" }
{ "port" = "22" } }
{ }
{ "#comment" = "there can be as many real_server blocks as you need" }
{ }
{ "real_server"
{ "ip" = "10.20.40.10" }
{ "port" = "22" }
{ "#comment" = "if we used weighted round-robin or a similar lb algo," }
{ "#comment" = "we include the weight of this server" }
{ }
{ "weight" = "1" }
{ }
{ "#comment" = "here is a health checker for this server." }
{ "#comment" = "we could use a custom script here (see the keepalived docs)" }
{ "#comment" = "but we will just make sure we can do a vanilla tcp connect()" }
{ "#comment" = "on port 22" }
{ "#comment" = "if it fails, we will pull this realserver out of the pool" }
{ "#comment" = "and send email about the removal" }
{ "TCP_CHECK"
{ "connect_timeout" = "3" }
{ "connect_port" = "22" } } } }
{ }
{ "virtual_server_group" = "DNS_1"
{ "vip"
{ "ipaddr" = "192.168.0.1" }
{ "port" = "22" } }
{ "vip"
{ "ipaddr" = "10.234.55.22-25" }
{ "port" = "36" } }
{ "vip"
{ "ipaddr" = "10.45.58.59"
{ "prefixlen" = "32" } }
{ "port" = "27" } } }
{ }
{ "vrrp_script" = "chk_apache2"
{ "#comment" = "Requires keepalived-1.1.13" }
{ "script" = "\"killall -0 apache2\""
{ "#comment" = "faster" } }
{ "interval" = "2"
{ "#comment" = "check every 2 seconds" } }
{ "weight" = "2"
{ "#comment" = "add 2 points of prio if OK" } }
{ "fall" = "5" }
{ "raise" = "5" } }
{ }
{ "#comment" = "that's all" }
(* Variable: tcp_check
An example of a TCP health checker *)
let tcp_check = "virtual_server 192.168.1.11 22 {
real_server 10.20.40.10 22 {
TCP_CHECK {
connect_timeout 3
connect_port 22
bindto 192.168.1.1
}
}
}
"
test Keepalived.lns get tcp_check =
{ "virtual_server"
{ "ip" = "192.168.1.11" }
{ "port" = "22" }
{ "real_server"
{ "ip" = "10.20.40.10" }
{ "port" = "22" }
{ "TCP_CHECK"
{ "connect_timeout" = "3" }
{ "connect_port" = "22" }
{ "bindto" = "192.168.1.1" } } } }
(* Variable: misc_check
An example of a MISC health checker *)
let misc_check = "virtual_server 192.168.1.11 22 {
real_server 10.20.40.10 22 {
MISC_CHECK {
misc_path /usr/local/bin/server_test
misc_timeout 3
misc_dynamic
}
}
}
"
test Keepalived.lns get misc_check =
{ "virtual_server"
{ "ip" = "192.168.1.11" }
{ "port" = "22" }
{ "real_server"
{ "ip" = "10.20.40.10" }
{ "port" = "22" }
{ "MISC_CHECK"
{ "misc_path" = "/usr/local/bin/server_test" }
{ "misc_timeout" = "3" }
{ "misc_dynamic" } } } }
(* Variable: smtp_check
An example of an SMTP health checker *)
let smtp_check = "virtual_server 192.168.1.11 22 {
real_server 10.20.40.10 22 {
SMTP_CHECK {
host {
connect_ip 10.20.40.11
connect_port 587
bindto 192.168.1.1
}
connect_timeout 3
retry 5
delay_before_retry 10
helo_name \"Testing Augeas\"
}
}
}
"
test Keepalived.lns get smtp_check =
{ "virtual_server"
{ "ip" = "192.168.1.11" }
{ "port" = "22" }
{ "real_server"
{ "ip" = "10.20.40.10" }
{ "port" = "22" }
{ "SMTP_CHECK"
{ "host"
{ "connect_ip" = "10.20.40.11" }
{ "connect_port" = "587" }
{ "bindto" = "192.168.1.1" } }
{ "connect_timeout" = "3" }
{ "retry" = "5" }
{ "delay_before_retry" = "10" }
{ "helo_name" = "\"Testing Augeas\"" } } } }
(* Variable: http_check
An example of an HTTP health checker *)
let http_check = "virtual_server 192.168.1.11 22 {
real_server 10.20.40.10 22 {
HTTP_GET {
url {
path /mrtg2/
digest 9b3a0c85a887a256d6939da88aabd8cd
status_code 200
}
connect_timeout 3
connect_port 8080
nb_get_retry 5
delay_before_retry 10
}
SSL_GET {
connect_port 8443
}
}
}
"
test Keepalived.lns get http_check =
{ "virtual_server"
{ "ip" = "192.168.1.11" }
{ "port" = "22" }
{ "real_server"
{ "ip" = "10.20.40.10" }
{ "port" = "22" }
{ "HTTP_GET"
{ "url"
{ "path" = "/mrtg2/" }
{ "digest" = "9b3a0c85a887a256d6939da88aabd8cd" }
{ "status_code" = "200" } }
{ "connect_timeout" = "3" }
{ "connect_port" = "8080" }
{ "nb_get_retry" = "5" }
{ "delay_before_retry" = "10" } }
{ "SSL_GET"
{ "connect_port" = "8443" } } } }