Keepalived Fundamentals
Keepalived is an open-source software solution designed to monitor server health and manage failover scenarios. When a web node encounters downtime or errors, Keepalived automatically removes the affected node from the cluster and redistributes traffic to healthy servers. Once repairs are completed, the original node rejoins the group seamlessly without manual intervention.
This system relies on VRRP (Virtual Router Redundancy Protocol) to eliminate single points of failure associated with static gateways. By generating Virtual IPs (VIPs), it ensures network continuity even if individual nodes crash. The software also integrates IPVS (IP Virtual Server) for load balancing capabilities.
VRRP Mechanics
Operation Modes
- Preemptive Mode: A Backup node with a higher priority will forcibly take over as Master from the current active node.
- Non-Preemptive Mode: Once a Master is established, a Backup node with increased priority will not seize control unless the current Master fails completely.
Security Authentication
- None: No validation performed on VRRP packets; no security layer.
- Simple String: Uses a pre-shared key suitable for networks with moderate threat levels.
- MD5: Cryptographic verification recommended for untrusted environments.
Architecture Components
- VRRP Stack: Handles VIP announcements.
- Checkers: Monitors real server availability.
- System Calls: Executes scripts during state transitions.
- SMTP: Email notification handler.
- IPVS Wrapper: Manages IPVS rules for load distribution.
- Netlink Reflector: Interfaces with network kernel modules.
- WatchDog: Observes process health.
Installation Guide
Preparation
Download the source archive from the official repository. Ensure OpenSSL development libraries are present before compiling.
wget https://www.keepalived.org/download/keepalived-2.1.5.tar.gz
tar -xvf keepalived-2.1.5.tar.gz
cd keepalived-2.1.5
Compilation
If missing dependencies trigger configuration errors, install them via package manager. For offline scenarios, download RPMs manually and force installation.
yum install -y openssl-devel
./configure --prefix=/usr/local/keepalived
make && make install
To handle dependency issues during compilation:
rpm -Uvh *.rpm --nodeps --force
Service Management
Register the binary as a system service and set permissions correctly. Note that strict permissions are required for the configuration file.
cp /usr/local/sbin/keepalived /etc/init.d/
chmod 644 /etc/keepalived/keepalived.conf
systemctl start keepalived
Verify status using logs if startup fails:
journalctl -xe -f
Configuration Logic
Modify the global settings and define instance parameters according to your network topology. Priorities determine election outcomes where higher values indicate preferred master status.
global_defs {
router_id hua_cloud_node_A
}
vrrp_script check_service {
script "/etc/keepalived/check_nginx.sh"
interval 2
weight -10
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 60
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass secure_password
}
track_script {
check_service
}
virtual_ipaddress {
10.0.0.100
}
}
The check_service block allows custom scripts to influence prioritization dynamically based on application status rather than just network connectivity.
Health Check Script
Create a bash script to verify application running state. If the target service vanishes, the keepalived daemon lowers its priority or shuts down to allow a backup to assume responsibility.
#!/bin/bash
SERVICE_NAME=nginx
CHECK_INTERVAL=30
if [ $(pgrep -c $SERVICE_NAME) -eq 0 ]; then
systemctl restart nginx
sleep 2
if [ $(pgrep -c $SERVICE_NAME) -eq 0 ]; then
systemctl stop keepalived
fi
fi
Deployment Scenario
Configure two Elastic Cloud Servers (ECS) in Huawei Cloud acting as a master-slave pair.
| Node | IP Address | Priority | Role |
|---|---|---|---|
| ECS-1 | 192.168.10.20 | 150 | Master |
| ECS-2 | 192.168.10.21 | 120 | Backup |
| VIP | 192.168.10.50 | - | Shared |
Before deployment, ensure the floating IP is reserved and linked to both instances in the cloud console.
Master Configuration
Set state to MASTER and assign a high priority value.
! Master Node Config
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 60
priority 150
advertise_int 1
authentication {
auth_type PASS
auth_pass secret
}
track_script {
check_service
}
virtual_ipaddress {
192.168.10.50
}
}
Slave Configuration
Set state to BACKUP with a lower priority value.
! Slave Node Config
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 60
priority 120
advertise_int 1
authentication {
auth_type PASS
auth_pass secret
}
track_script {
check_service
}
virtual_ipaddress {
192.168.10.50
}
}
Verification
Once started, inspect network interfaces to confirm the VIP exists only on the active master.
ip addr show eth0
Traffic requests to the VIP should initially resolve to the primary node.
curl http://192.168.10.50
Simulate failure by stopping the master service or disabling Keepalived.
systemctl stop keepalived
Inspect the slave node immediately after. The VIP will migrate to the secondary server's interface automatically.
Subsequent access attempts should route through the new active host.
If you restart the master node and then disable the backend service (systemctl stop nginx), the check script executes. If it detects the service is still missing after retries, it stops its own Keepalived instance to prevent split-brain scenarios.