Setup Keepalived for VRRP instead of ucarp

Rumi,

I’ve the following setup:

network-0 – 192.168.2.11 (real)
network-1 – 192.168.2.12 (real)

I want to add “network” as 192.168.2.10 as the floating address.  I’ll need to do the following to both network-0 and network-1

  • Install keepalived
  • Configure keepalived
  • Start keepalived
  • Set keepalived to start at boot.

Install Keepalived

network-1 (Secondary Server)

[jsurles@network-1 ~]$ sudo yum -y install keepalived
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos-distro.1gservers.com
* epel: mirror.rnet.missouri.edu
* extras: repos-lax.psychz.net
* updates: mirrors.oit.uci.edu
Resolving Dependencies
--> Running transaction check
---> Package keepalived.x86_64 0:1.3.5-6.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================================================================
Package Arch Version Repository Size
=========================================================================================================================================
Installing:
keepalived x86_64 1.3.5-6.el7 base 329 k

Transaction Summary
=========================================================================================================================================
Install 1 Package

Total download size: 329 k
Installed size: 1.0 M
Downloading packages:
keepalived-1.3.5-6.el7.x86_64.rpm | 329 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : keepalived-1.3.5-6.el7.x86_64 1/1
Verifying : keepalived-1.3.5-6.el7.x86_64 1/1

Installed:
keepalived.x86_64 0:1.3.5-6.el7

Complete!
Network-0 (Primary Server)

[jsurles@network-0 ~]$ sudo yum -y install keepalived
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos-distro.1gservers.com
* epel: mirror.rnet.missouri.edu
* extras: repos-lax.psychz.net
* updates: mirrors.oit.uci.edu
Resolving Dependencies
--> Running transaction check
---> Package keepalived.x86_64 0:1.3.5-6.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================================================================
Package Arch Version Repository Size
=========================================================================================================================================
Installing:
keepalived x86_64 1.3.5-6.el7 base 329 k

Transaction Summary
=========================================================================================================================================
Install 1 Package

Total download size: 329 k
Installed size: 1.0 M
Downloading packages:
keepalived-1.3.5-6.el7.x86_64.rpm | 329 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : keepalived-1.3.5-6.el7.x86_64 1/1
Verifying : keepalived-1.3.5-6.el7.x86_64 1/1

Installed:
keepalived.x86_64 0:1.3.5-6.el7

Complete!

Configure Keepalived

Now that we have this installed, we can configure it.  By default it creates a nice big config file with tons of options in it.  You can read through that if you need to, or you want to comment stuff out.. I usually just save it to the side as a .orig file then wipe out the original and put what I want.

First I’ll start with the secondary, network-1

[jsurles@network-1 ~]$ sudo cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.orig
[jsurles@network-1 ~]$ sudo vi /etc/keepalived/keepalived.conf
[jsurles@network-1 ~]$ cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
youremail@domain.com
}
notification_email_from network-1@domain.com
smtp_server localhost
smtp_connect_timeout 30
}

vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass Secret123
}
virtual_ipaddress {
192.168.2.10
}
}

Start ‘er up!

[jsurles@network-1 ~]$ sudo chkconfig keepalived on

Note: Forwarding request to ‘systemctl enable keepalived.service’.
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.

[jsurles@network-1 ~]$ sudo systemctl start keepalived
[jsurles@network-1 ~]$ sudo tail -100f /var/log/messages | grep -i keepalive
Jul 31 14:10:53 network-1.domain.com Keepalived[15499]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Jul 31 14:10:53 network-1.domain.com Keepalived[15499]: Opening file '/etc/keepalived/keepalived.conf'.
Jul 31 14:10:53 network-1.domain.com systemd: PID file /var/run/keepalived.pid not readable (yet?) after start.
Jul 31 14:10:53 network-1.domain.com Keepalived[15500]: Starting Healthcheck child process, pid=15501
Jul 31 14:10:53 network-1.domain.com Keepalived[15500]: Starting VRRP child process, pid=15502
Jul 31 14:10:53 network-1.domain.com Keepalived_healthcheckers[15501]: Opening file '/etc/keepalived/keepalived.conf'.
Jul 31 14:10:53 network-1.domain.com Keepalived_vrrp[15502]: Registering Kernel netlink reflector
Jul 31 14:10:53 network-1.domain.com Keepalived_vrrp[15502]: Registering Kernel netlink command channel
Jul 31 14:10:53 network-1.domain.com Keepalived_vrrp[15502]: Registering gratuitous ARP shared channel
Jul 31 14:10:53 network-1.domain.com Keepalived_vrrp[15502]: Opening file '/etc/keepalived/keepalived.conf'.
Jul 31 14:10:53 network-1.domain.com Keepalived_vrrp[15502]: VRRP_Instance(VI_1) removing protocol VIPs.
Jul 31 14:10:53 network-1.domain.com Keepalived_vrrp[15502]: Using LinkWatch kernel netlink reflector...
Jul 31 14:10:53 network-1.domain.com Keepalived_vrrp[15502]: VRRP_Instance(VI_1) Entering BACKUP STATE
Jul 31 14:10:53 network-1.domain.com Keepalived_vrrp[15502]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Jul 31 14:10:57 network-1.domain.com Keepalived_vrrp[15502]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jul 31 14:10:58 network-1.domain.com Keepalived_vrrp[15502]: VRRP_Instance(VI_1) Entering MASTER STATE
Jul 31 14:10:58 network-1.domain.com Keepalived_vrrp[15502]: VRRP_Instance(VI_1) setting protocol VIPs.
Jul 31 14:10:58 network-1.domain.com Keepalived_vrrp[15502]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:10:58 network-1.domain.com Keepalived_vrrp[15502]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.2.10
Jul 31 14:10:58 network-1.domain.com Keepalived_vrrp[15502]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:10:58 network-1.domain.com Keepalived_vrrp[15502]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:10:58 network-1.domain.com Keepalived_vrrp[15502]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:10:58 network-1.domain.com Keepalived_vrrp[15502]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:11:03 network-1.domain.com Keepalived_vrrp[15502]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:11:03 network-1.domain.com Keepalived_vrrp[15502]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.2.10
Jul 31 14:11:03 network-1.domain.com Keepalived_vrrp[15502]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:11:03 network-1.domain.com Keepalived_vrrp[15502]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:11:03 network-1.domain.com Keepalived_vrrp[15502]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:11:03 network-1.domain.com Keepalived_vrrp[15502]: Sending gratuitous ARP on eth0 for 192.168.2.10

So as you can see, the BACKUP started up as a master because we have yet to setup the master.  Currently nework-1 is the only node running keepalived.  So let’s get the MASTER setup now.

Backup the original configuration, and setup new:

[jsurles@network-0 ~]$ sudo cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.orig
[sudo] password for jsurles:
[jsurles@network-0 ~]$ sudo vi /etc/keepalived/keepalived.conf
[jsurles@network-0 ~]$ cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
jsurles1@gmail.com
}
notification_email_from network-0@domain.com
smtp_server localhost
smtp_connect_timeout 30
}

vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass Secret123
}
virtual_ipaddress {
192.168.2.10
}
}

That looks good, let’s add it in and start her up!

[jsurles@network-0 ~]$ sudo chkconfig keepalived on

Note: Forwarding request to ‘systemctl enable keepalived.service’.
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.

[jsurles@network-0 ~]$ sudo systemctl start keepalived && sudo tail -100f /var/log/messages | grep -i keepalived
Jul 31 14:18:22 network-0.domain.com Keepalived[14466]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Jul 31 14:18:22 network-0.domain.com Keepalived[14466]: Opening file '/etc/keepalived/keepalived.conf'.
Jul 31 14:18:22 network-0.domain.com systemd: PID file /var/run/keepalived.pid not readable (yet?) after start.
Jul 31 14:18:22 network-0.domain.com Keepalived[14467]: Starting Healthcheck child process, pid=14468
Jul 31 14:18:22 network-0.domain.com Keepalived[14467]: Starting VRRP child process, pid=14469
Jul 31 14:18:22 network-0.domain.com Keepalived_healthcheckers[14468]: Opening file '/etc/keepalived/keepalived.conf'.
Jul 31 14:18:22 network-0.domain.com Keepalived_vrrp[14469]: Registering Kernel netlink reflector
Jul 31 14:18:22 network-0.domain.com Keepalived_vrrp[14469]: Registering Kernel netlink command channel
Jul 31 14:18:22 network-0.domain.com Keepalived_vrrp[14469]: Registering gratuitous ARP shared channel
Jul 31 14:18:22 network-0.domain.com Keepalived_vrrp[14469]: Opening file '/etc/keepalived/keepalived.conf'.
Jul 31 14:18:22 network-0.domain.com Keepalived_vrrp[14469]: VRRP_Instance(VI_1) removing protocol VIPs.
Jul 31 14:18:22 network-0.domain.com Keepalived_vrrp[14469]: Using LinkWatch kernel netlink reflector...
Jul 31 14:18:22 network-0.domain.com Keepalived_vrrp[14469]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Jul 31 14:18:23 network-0.domain.com Keepalived_vrrp[14469]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jul 31 14:18:24 network-0.domain.com Keepalived_vrrp[14469]: VRRP_Instance(VI_1) Entering MASTER STATE
Jul 31 14:18:24 network-0.domain.com Keepalived_vrrp[14469]: VRRP_Instance(VI_1) setting protocol VIPs.
Jul 31 14:18:24 network-0.domain.com Keepalived_vrrp[14469]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:18:24 network-0.domain.com Keepalived_vrrp[14469]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.2.10
Jul 31 14:18:24 network-0.domain.com Keepalived_vrrp[14469]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:18:24 network-0.domain.com Keepalived_vrrp[14469]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:18:24 network-0.domain.com Keepalived_vrrp[14469]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:18:24 network-0.domain.com Keepalived_vrrp[14469]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:18:29 network-0.domain.com Keepalived_vrrp[14469]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:18:29 network-0.domain.com Keepalived_vrrp[14469]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.2.10
Jul 31 14:18:29 network-0.domain.com Keepalived_vrrp[14469]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:18:29 network-0.domain.com Keepalived_vrrp[14469]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:18:29 network-0.domain.com Keepalived_vrrp[14469]: Sending gratuitous ARP on eth0 for 192.168.2.10
Jul 31 14:18:29 network-0.domain.com Keepalived_vrrp[14469]: Sending gratuitous ARP on eth0 for 192.168.2.10

As we can see, it came up, and started advertising for the floating IP.  But what happened on the BACKUP?  BAM!

Jul 31 14:18:23 network-1.domain.com Keepalived_vrrp[15502]: VRRP_Instance(VI_1) Received advert with higher priority 100, ours 50
Jul 31 14:18:23 network-1.domain.com Keepalived_vrrp[15502]: VRRP_Instance(VI_1) Entering BACKUP STATE
Jul 31 14:18:23 network-1.domain.com Keepalived_vrrp[15502]: VRRP_Instance(VI_1) removing protocol VIPs.

Configuration things of note:

state
This can be anything you want, the primary is determined by the “priority” number.

interface
I know, it’s so elusive, but this should be set to your interface that you want the IP to be on.

virtual_router_id
These need to match on all instances.

priority 
This is the priority.  The one with the highest number wins (has the floating IP)

auth_pass
This should match on both machines.

Src:

Setup Keepalived for VRRP instead of ucarp

Administrations Configurations (Linux)

Leave a Reply

Your email address will not be published. Required fields are marked *