.TH KEEPALIVED "8" "July 2018"

.na

.nh

.SH "NAME"

keepalived \- load\-balancing and high\-availability service

.SH "SYNOPSIS"

\fBkeepalived\fP

[\fB\-f\fP|\fB\-\-use\-file\fP=FILE]

[\fB\-P\fP|\fB\-\-vrrp\fP]

[\fB\-C\fP|\fB\-\-check\fP]

[\fB\-B\fP|\fB\-\-no_bfd\fP]

[\fB\-\-all\fP]

[\fB\-l\fP|\fB\-\-log\-console\fP]

[\fB\-D\fP|\fB\-\-log\-detail\fP]

[\fB\-S\fP|\fB\-\-log\-facility\fP={0-7}]

[\fB\-g\fP|\fB\-\-log\-file\fP=FILE]

[\fB\-\-flush\-log\-file\fP]

[\fB\-G\fP|\fB\-\-no\-syslog\fP]

[\fB\-X\fP|\fB\-\-release\-vips\fP]

[\fB\-V\fP|\fB\-\-dont\-release\-vrrp\fP]

[\fB\-I\fP|\fB\-\-dont\-release\-ipvs\fP]

[\fB\-R\fP|\fB\-\-dont\-respawn\fP]

[\fB\-n\fP|\fB\-\-dont\-fork\fP]

[\fB\-d\fP|\fB\-\-dump\-conf\fP]

[\fB\-p\fP|\fB\-\-pid\fP=FILE]

[\fB\-r\fP|\fB\-\-vrrp_pid\fP=FILE]

[\fB\-c\fP|\fB\-\-checkers_pid\fP=FILE]

[\fB\-a\fP|\fB\-\-address-monitoring\fP]

[\fB\-b\fP|\fB\-\-bfd_pid\fP=FILE]

[\fB\-s\fP|\fB\-\-namespace\fP=NAME]

[\fB\-i\fP|\fB\-\-config-id\fP id]

[\fB\-x\fP|\fB\-\-snmp\fP]

[\fB\-A\fP|\fB\-\-snmp-agent-socket\fP=FILE]

[\fB\-u\fP|\fB\-\-umask\fP=NUMBER]

[\fB\-m\fP|\fB\-\-core\-dump\fP]

[\fB\-M\fP|\fB\-\-core\-dump\-pattern\fP[=PATTERN]]

[\fB\-\-signum\fP=SIGFUNC]

[\fB\-t\fP|\fB\-\-config\-test\fP[=FILE]]

[\fB\-\-perf\fP[={all|run|end}]]

[\fB\-\-debug\fP[=debug-options]]

[\fB\-v\fP|\fB\-\-version\fP]

[\fB\-h\fP|\fB\-\-help\fP]

.SH "DESCRIPTION"

Keepalived provides simple and robust facilities for load\-balancing

and high\-availability. The load\-balancing framework relies on the

well\-known and widely used Linux Virtual Server (IPVS) kernel module

providing Layer4 load\-balancing. Keepalived implements a set of

checkers to dynamically and adaptively maintain and manage a

load\-balanced server pool according to their health. Keepalived also

implements the VRRPv2 and VRRPv3 protocols to achieve high\-availability

with director failover.

.SH "OPTIONS"

.TP

\fB -f, --use-file\fP=FILE

Use the specified configuration file. The default configuration file

is "/etc/keepalived/keepalived.conf".

.TP

\fB -P, --vrrp\fP

Only run the VRRP subsystem. This is useful for configurations that do

not use the IPVS load balancer.

.TP

\fB -C, --check\fP

Only run the healthcheck subsystem. This is useful for configurations

that use the IPVS load balancer with a single director with no failover.

.TP

\fB -B, --no_bfd\fP

Don't run the BFD subsystem.

.TP

\fB --all\fP

Run all subsystems, even if they have no configuration.

.TP

\fB -l, --log-console\fP

Log messages to the local console. The default behavior is to log

messages to syslog.

.TP

\fB -D, --log-detail\fP

Detailed log messages.

.TP

\fB -S, --log-facility\fP=[0-7]

Set syslog facility to LOG_LOCAL[0-7]. The default syslog facility is LOG_DAEMON.

.TP

\fB -g, --log-file\fP=FILE

Write log entries to FILE. FILE will have _vrrp, _healthcheckers, and _bfd

inserted before the last '.' in FILE for the log output for those processes.

.TP

\fB --flush-log-file\fP

If using the -g option, the log file stream will be flushed after each write.

.TP

\fB -G, --no-syslog\fP

Do not write log entries to syslog. This can be useful if the rate of writing

log entries is sufficiently high that syslog will rate limit them, and the -g

option is used instead.

.TP

\fB -X, --release-vips\fP

Drop VIP on transition from signal.

.TP

\fB -V, --dont-release-vrrp\fP

Don't remove VRRP VIPs and VROUTEs on daemon stop. The default

behavior is to remove all VIPs and VROUTEs when keepalived exits.

.TP

\fB -I, --dont-release-ipvs\fP

Don't remove IPVS topology on daemon stop. The default behavior it to

remove all entries from the IPVS virtual server table when

keepalived exits.

.TP

\fB -R, --dont-respawn\fP

Don't respawn child processes. The default behavior is to restart the

VRRP and checker processes if either process exits.

.TP

\fB -n, --dont-fork\fP

Don't fork the daemon process. This option will cause keepalived to

run in the foreground.

.TP

\fB -d, --dump-conf\fP

Dump the configuration data.

.TP

\fB -p, --pid\fP=FILE

Use the specified pidfile for the parent keepalived process. The default

pidfile for keepalived is "/run/keepalived.pid", unless a network

namespace is being used. See

.B NAMESPACES

below for more details.

.TP

\fB -r, --vrrp_pid\fP=FILE

Use the specified pidfile for the VRRP child process. The default pidfile

for the VRRP child process is "/run/keepalived_vrrp.pid", unless a

network namespace is being used.

.TP

\fB -c, --checkers_pid\fP=FILE

Use the specified pidfile for checkers child process. The default pidfile

for the checker child process is "/run/keepalived_checkers.pid" unless

a network namespace is being used.

.TP

\fB -a, --address-monitoring\fP

Log all address additions/deletions reported by netlink.

.TP

\fB -b, --bfd_pid\fP=FILE

Use the specified pidfile for the BFD child process. The default pidfile

for the BFD child process is "/run/keepalived_bfd.pid" unless

a network namespace is being used.

.TP

\fB -s, --namespace\fP=NAME

Run keepalived in network namespace NAME. See

.B NAMESPACES

below for more details.

.TP

\fB -i, --config-id ID

Use configuration id ID, for conditional configuration (defaults to

hostname without the domain name).

.TP

\fB -x, --snmp\fP

Enable the SNMP subsystem.

.TP

\fB -A, --snmp-agent-socket\fP=FILE

Use the specified socket for connection to SNMP master agent.

.TP

\fB -u, --umask\fP=NUMBER

The umask specified in the usual numeric way - see man umask(2)

.TP

\fB -m, --core-dump\fP

Override the RLIMIT_CORE hard and soft limits to enable keepalived to

produce a coredump in the event of a segfault or other failure.

This is most useful if keepalived has been built with 'make debug'.

Core dumps will be created in /, unless keepalived is run with the

--dont-fork option, in which case they will be created in the directory

from which keepalived was run, or they will be created in the directory

of a configuraton file if the fault occurs while reading the file.

.TP

\fB -M, --core-dump-pattern\fP[=PATTERN]

Sets option --core-dump, and also updates /proc/sys/kernel/core_pattern

to the pattern specified, or 'core' if none specified.

Provided the parent process doesn't terminate abnormally, it will restore

/proc/sys/kernel/core_pattern to its original value on exit.

\fBNote:\fP This will also affect any other process producing a core dump while keepalived is running.

.TP

\fB --signum\fP=PATTERN

Returns the signal number to use for STOP, RELOAD, DATA, STATS, STATS_CLEAR and JSON.

For example, to stop keepalived running, execute:

.IP

.nf

kill -s $(keepalived --signum=STOP) $(cat /run/keepalived.pid)

.fi

.TP

\fB -t, --config-test\fP[=FILE]

Keepalived will check the configuration file and exit with non-zero exit

status if there are errors in the configuration, otherwise it exits with

exit status 0 (see \fBExit status\fP below for details).

Rather that writing to syslog, it will write diagnostic messages to stderr

unless file is specified, in which case it will write to the file.

.TP

\fB --perf\fP[={all|run|end}]

Record perf data for vrrp process. Data will be written to /perf_vrrp.data.

The data recorded is for use with the perf tool.

.TP

\fB --debug\fP[=debug-options]]

Enables debug options if they have been compiled into keepalived.

\fIdebug-options\fP is made up of a sequence of strings of the form Ulll.

.br

The upper case letter specifies the debug option, and the lower case letters

specify for which processes the option is to be enabled.

.br

If a debug option is not followed by any lower case letters, the debug option

is enabled for all processes.

.PP

.RS

The characters to identify the processes are:

.TS

tab(@);

c l

c l.

Chr@Process

_

p@Parent process

b@BFD process

c@Checker process

v@VRRP process

.TE

.PP

The characters used to identify the debug options are:

.TS

tab(@);

c l.

Chr@Debug option

_

D@Epoll thread dump

E@Epoll debug

F@VRRP fd debug

N@Netlink timers

P@Network timestamp

X@Regex timers

M@Email alert debug

T@Timer debug

S@TSM debug

R@Regex debug

.TE

.PP

\fBExample:\fP --debug=DvEcvNR

.RE

.TP

\fB -v, --version\fP

Display the version and exit.

.TP

\fB -h, --help\fP

Display this help message and exit.

.SS "Exit status:"

.TP

0

if OK

.TP

1

if unable to malloc memory

.TP

2

if cannot initialise subsystems

.TP

3

if running with --config-test and configuration cannot be run

.TP

4

if running with --config-test and there are configuration errors but keepalived

will run after modifying the configuration

.TP

5

if running with --config-test and script security hasn't been enabled but scripts

are configured.

.SH NAMESPACES

.B keepalived

can be run in a network namespace (see

\fBkeepalived.conf\fP(5) for configuration details). When

run in a network namespace, a local mount namespace is also

created, and /run/keepalived/keepalived_NamespaceName

is mounted on /run/keepalived. By default, pid files with

the usual default names are then created in

/run/keepalived from the perspective of a process in the

mount namespace, and they will be visible in

/run/keepalived/keepalived_NamespaceName for a process

running in the default mount namespace.

.SH SIGNALS

.B keepalived

reacts to a set of signals.  You can send a signal to

the parent

.B keepalived

process using the following:

.IP

.nf

kill -SIGNAL $(cat /run/keepalived.pid)

.fi

.PP

or better:

.IP

.nf

kill -s $(keepalived --signum=SIGFUNC) $(cat /run/keepalived.pid)

.fi

.PP

Note that if the first option is used, -SIGNAL must be

replaced with the actual signal you are trying to send,

e.g. with HUP. So it then becomes:

.IP

.nf

kill -HUP $(cat /run/keepalived.pid)

.fi

.PP

Signals other than for STOP, RELOAD, DATA and STATS may change depending

on the kernel, and also what functionality is included in the version of

the keepalived depending on the build options used.

.PP

.TP

.B HUP\fP or \fBSIGFUNC=RELOAD

This causes

.B keepalived

to close down all interfaces, reload its configuration, and

start up with the new configuration.

.TP

.B TERM\fP, \fBINT\fP or \fBSIGFUNC=STOP

.B keepalived

will shut down.

.TP

.B USR1\fP or \fBSIGFUNC=DATA

Write configuration data to

.B /tmp/keepalived.data

.TP

.B USR2\fP or \fBSIGFUNC=STATS

Write statistics info to

.B /tmp/keepalived.stats

.TP

.B SIGFUNC=STATS_CLEAR

Write statistics info to

.B /tmp/keepalived.stats

and clear the statistics counters

.TP

.B SIGFUNC=JSON

Write configuration data in JSON format to

.B /tmp/keepalived.json

.LP

.SH "USING KEEPALIVED WITH FIREWALLD"

If you are running a firewall (see

.BR firewalld (8) )

you must allow VRRP protocol traffic through the firewall. For example

if this instance of

.B keepalived(8)

has a peer node on IPv4 address 192.168.0.1:

.IP

.nf

# firewall-cmd \\

    --add-rich-rule="rule family='ipv4' \\

                     source address='192.168.0.1' \\

                     protocol value='vrrp' accept" --permanent

# firewall-cmd --reload

.fi

.SH "SEE ALSO"

\fBkeepalived.conf\fP(5), \fBipvsadm\fP(8)

.SH "AUTHOR"

This man page was written by Ryan O'Hara <rohara@redhat.com>