1(* 2Module: Test_Keepalived 3 Provides unit tests and examples for the <Keepalived> lens. 4*) 5 6module Test_Keepalived = 7 8(* Variable: conf 9 A full configuration file *) 10 let conf = "! This is a comment 11! Configuration File for keepalived 12 13global_defs { 14 ! this is who emails will go to on alerts 15 notification_email { 16 admins@example.com 17 fakepager@example.com 18 ! add a few more email addresses here if you would like 19 } 20 notification_email_from admins@example.com 21 22 smtp_server 127.0.0.1 ! I use the local machine to relay mail 23 smtp_connect_timeout 30 24 25 ! each load balancer should have a different ID 26 ! this will be used in SMTP alerts, so you should make 27 ! each router easily identifiable 28 lvs_id LVS_EXAMPLE_01 29 30 vrrp_mcast_group4 224.0.0.18 31 vrrp_mcast_group6 ff02::12 32} 33 34vrrp_sync_group VG1 { 35 group { 36 inside_network # name of vrrp_instance (below) 37 outside_network # One for each moveable IP. 38 } 39 notify /usr/bin/foo 40 notify_master /usr/bin/foo 41 smtp_alert 42} 43 44vrrp_instance VI_1 { 45 state MASTER 46 interface eth0 47 48 track_interface { 49 eth0 # Back 50 eth1 # DMZ 51 } 52 track_script { 53 check_apache2 # weight = +2 si ok, 0 si nok 54 } 55 garp_master_delay 5 56 garp_master_repeat 5 57 garp_master_refresh 5 58 garp_master_refresh_repeat 5 59 priority 50 60 advert_int 2 61 authentication { 62 auth_type PASS 63 auth_pass mypass 64 } 65 virtual_ipaddress { 66 10.234.66.146/32 dev eth0 67 } 68 69 lvs_sync_daemon_interface eth0 70 ha_suspend 71 72 notify_master \"/svr/scripts/notify_master.sh\" 73 notify_backup \"/svr/scripts/notify_backup.sh\" 74 notify_fault \"/svr/scripts/notify_fault.sh\" 75 notify \"/svr/scripts/notify.sh\" 76 77 ! each virtual router id must be unique per instance name! 78 virtual_router_id 51 79 80 ! MASTER and BACKUP state are determined by the priority 81 ! even if you specify MASTER as the state, the state will 82 ! be voted on by priority (so if your state is MASTER but your 83 ! priority is lower than the router with BACKUP, you will lose 84 ! the MASTER state) 85 ! I make it a habit to set priorities at least 50 points apart 86 ! note that a lower number is lesser priority - lower gets less vote 87 priority 150 88 89 ! how often should we vote, in seconds? 90 advert_int 1 91 92 ! send an alert when this instance changes state from MASTER to BACKUP 93 smtp_alert 94 95 ! this authentication is for syncing between failover servers 96 ! keepalived supports PASS, which is simple password 97 ! authentication 98 ! or AH, which is the IPSec authentication header. 99 ! I don't use AH 100 ! yet as many people have reported problems with it 101 authentication { 102 auth_type PASS 103 auth_pass example 104 } 105 106 ! these are the IP addresses that keepalived will setup on this 107 ! machine. Later in the config we will specify which real 108 ! servers are behind these IPs 109 ! without this block, keepalived will not setup and takedown the 110 ! any IP addresses 111 112 virtual_ipaddress { 113 192.168.1.11 114 10.234.66.146/32 dev vlan933 # parse it well 115 ! and more if you want them 116 } 117 118 use_vmac 119 vmac_xmit_base 120 native_ipv6 121 dont_track_primary 122 preempt_delay 123 124 mcast_src_ip 192.168.1.1 125 unicast_src_ip 192.168.1.1 126 127 unicast_peer { 128 192.168.1.2 129 192.168.1.3 130 } 131} 132 133virtual_server 192.168.1.11 22 { 134 delay_loop 6 135 136 ! use round-robin as a load balancing algorithm 137 lb_algo rr 138 139 ! we are doing NAT 140 lb_kind NAT 141 nat_mask 255.255.255.0 142 143 protocol TCP 144 145 sorry_server 10.20.40.30 22 146 147 ! there can be as many real_server blocks as you need 148 149 real_server 10.20.40.10 22 { 150 151 ! if we used weighted round-robin or a similar lb algo, 152 ! we include the weight of this server 153 154 weight 1 155 156 ! here is a health checker for this server. 157 ! we could use a custom script here (see the keepalived docs) 158 ! but we will just make sure we can do a vanilla tcp connect() 159 ! on port 22 160 ! if it fails, we will pull this realserver out of the pool 161 ! and send email about the removal 162 TCP_CHECK { 163 connect_timeout 3 164 connect_port 22 165 } 166 } 167} 168 169virtual_server_group DNS_1 { 170 192.168.0.1 22 171 10.234.55.22-25 36 172 10.45.58.59/32 27 173} 174 175vrrp_script chk_apache2 { # Requires keepalived-1.1.13 176 script \"killall -0 apache2\" # faster 177 interval 2 # check every 2 seconds 178 weight 2 # add 2 points of prio if OK 179 fall 5 180 raise 5 181} 182 183! that's all 184" 185 186 187(* Test: Keepalived.lns 188 Test the full <conf> *) 189 test Keepalived.lns get conf = 190 { "#comment" = "This is a comment" } 191 { "#comment" = "Configuration File for keepalived" } 192 {} 193 { "global_defs" 194 { "#comment" = "this is who emails will go to on alerts" } 195 { "notification_email" 196 { "email" = "admins@example.com" } 197 { "email" = "fakepager@example.com" } 198 { "#comment" = "add a few more email addresses here if you would like" } } 199 { "notification_email_from" = "admins@example.com" } 200 { } 201 { "smtp_server" = "127.0.0.1" 202 { "#comment" = "I use the local machine to relay mail" } } 203 { "smtp_connect_timeout" = "30" } 204 {} 205 { "#comment" = "each load balancer should have a different ID" } 206 { "#comment" = "this will be used in SMTP alerts, so you should make" } 207 { "#comment" = "each router easily identifiable" } 208 { "lvs_id" = "LVS_EXAMPLE_01" } 209 {} 210 { "vrrp_mcast_group4" = "224.0.0.18" } 211 { "vrrp_mcast_group6" = "ff02::12" } } 212 {} 213 { "vrrp_sync_group" = "VG1" 214 { "group" 215 { "inside_network" 216 { "#comment" = "name of vrrp_instance (below)" } } 217 { "outside_network" 218 { "#comment" = "One for each moveable IP." } } } 219 { "notify" = "/usr/bin/foo" } 220 { "notify_master" = "/usr/bin/foo" } 221 { "smtp_alert" } } 222 {} 223 { "vrrp_instance" = "VI_1" 224 { "state" = "MASTER" } 225 { "interface" = "eth0" } 226 { } 227 { "track_interface" 228 { "eth0" { "#comment" = "Back" } } 229 { "eth1" { "#comment" = "DMZ" } } } 230 { "track_script" 231 { "check_apache2" { "#comment" = "weight = +2 si ok, 0 si nok" } } } 232 { "garp_master_delay" = "5" } 233 { "garp_master_repeat" = "5" } 234 { "garp_master_refresh" = "5" } 235 { "garp_master_refresh_repeat" = "5" } 236 { "priority" = "50" } 237 { "advert_int" = "2" } 238 { "authentication" 239 { "auth_type" = "PASS" } 240 { "auth_pass" = "mypass" } } 241 { "virtual_ipaddress" 242 { "ipaddr" = "10.234.66.146" 243 { "prefixlen" = "32" } 244 { "dev" = "eth0" } } } 245 { } 246 { "lvs_sync_daemon_interface" = "eth0" } 247 { "ha_suspend" } 248 { } 249 { "notify_master" = "\"/svr/scripts/notify_master.sh\"" } 250 { "notify_backup" = "\"/svr/scripts/notify_backup.sh\"" } 251 { "notify_fault" = "\"/svr/scripts/notify_fault.sh\"" } 252 { "notify" = "\"/svr/scripts/notify.sh\"" } 253 { } 254 { "#comment" = "each virtual router id must be unique per instance name!" } 255 { "virtual_router_id" = "51" } 256 { } 257 { "#comment" = "MASTER and BACKUP state are determined by the priority" } 258 { "#comment" = "even if you specify MASTER as the state, the state will" } 259 { "#comment" = "be voted on by priority (so if your state is MASTER but your" } 260 { "#comment" = "priority is lower than the router with BACKUP, you will lose" } 261 { "#comment" = "the MASTER state)" } 262 { "#comment" = "I make it a habit to set priorities at least 50 points apart" } 263 { "#comment" = "note that a lower number is lesser priority - lower gets less vote" } 264 { "priority" = "150" } 265 { } 266 { "#comment" = "how often should we vote, in seconds?" } 267 { "advert_int" = "1" } 268 { } 269 { "#comment" = "send an alert when this instance changes state from MASTER to BACKUP" } 270 { "smtp_alert" } 271 { } 272 { "#comment" = "this authentication is for syncing between failover servers" } 273 { "#comment" = "keepalived supports PASS, which is simple password" } 274 { "#comment" = "authentication" } 275 { "#comment" = "or AH, which is the IPSec authentication header." } 276 { "#comment" = "I don't use AH" } 277 { "#comment" = "yet as many people have reported problems with it" } 278 { "authentication" 279 { "auth_type" = "PASS" } 280 { "auth_pass" = "example" } } 281 { } 282 { "#comment" = "these are the IP addresses that keepalived will setup on this" } 283 { "#comment" = "machine. Later in the config we will specify which real" } 284 { "#comment" = "servers are behind these IPs" } 285 { "#comment" = "without this block, keepalived will not setup and takedown the" } 286 { "#comment" = "any IP addresses" } 287 { } 288 { "virtual_ipaddress" 289 { "ipaddr" = "192.168.1.11" } 290 { "ipaddr" = "10.234.66.146" 291 { "prefixlen" = "32" } 292 { "dev" = "vlan933" } 293 { "#comment" = "parse it well" } } 294 { "#comment" = "and more if you want them" } } 295 { } 296 { "use_vmac" } 297 { "vmac_xmit_base" } 298 { "native_ipv6" } 299 { "dont_track_primary" } 300 { "preempt_delay" } 301 { } 302 { "mcast_src_ip" = "192.168.1.1" } 303 { "unicast_src_ip" = "192.168.1.1" } 304 { } 305 { "unicast_peer" 306 { "ipaddr" = "192.168.1.2" } 307 { "ipaddr" = "192.168.1.3" } } } 308 { } 309 { "virtual_server" 310 { "ip" = "192.168.1.11" } 311 { "port" = "22" } 312 { "delay_loop" = "6" } 313 { } 314 { "#comment" = "use round-robin as a load balancing algorithm" } 315 { "lb_algo" = "rr" } 316 { } 317 { "#comment" = "we are doing NAT" } 318 { "lb_kind" = "NAT" } 319 { "nat_mask" = "255.255.255.0" } 320 { } 321 { "protocol" = "TCP" } 322 { } 323 { "sorry_server" 324 { "ip" = "10.20.40.30" } 325 { "port" = "22" } } 326 { } 327 { "#comment" = "there can be as many real_server blocks as you need" } 328 { } 329 { "real_server" 330 { "ip" = "10.20.40.10" } 331 { "port" = "22" } 332 { "#comment" = "if we used weighted round-robin or a similar lb algo," } 333 { "#comment" = "we include the weight of this server" } 334 { } 335 { "weight" = "1" } 336 { } 337 { "#comment" = "here is a health checker for this server." } 338 { "#comment" = "we could use a custom script here (see the keepalived docs)" } 339 { "#comment" = "but we will just make sure we can do a vanilla tcp connect()" } 340 { "#comment" = "on port 22" } 341 { "#comment" = "if it fails, we will pull this realserver out of the pool" } 342 { "#comment" = "and send email about the removal" } 343 { "TCP_CHECK" 344 { "connect_timeout" = "3" } 345 { "connect_port" = "22" } } } } 346 { } 347 { "virtual_server_group" = "DNS_1" 348 { "vip" 349 { "ipaddr" = "192.168.0.1" } 350 { "port" = "22" } } 351 { "vip" 352 { "ipaddr" = "10.234.55.22-25" } 353 { "port" = "36" } } 354 { "vip" 355 { "ipaddr" = "10.45.58.59" 356 { "prefixlen" = "32" } } 357 { "port" = "27" } } } 358 { } 359 { "vrrp_script" = "chk_apache2" 360 { "#comment" = "Requires keepalived-1.1.13" } 361 { "script" = "\"killall -0 apache2\"" 362 { "#comment" = "faster" } } 363 { "interval" = "2" 364 { "#comment" = "check every 2 seconds" } } 365 { "weight" = "2" 366 { "#comment" = "add 2 points of prio if OK" } } 367 { "fall" = "5" } 368 { "raise" = "5" } } 369 { } 370 { "#comment" = "that's all" } 371 372(* Variable: tcp_check 373 An example of a TCP health checker *) 374let tcp_check = "virtual_server 192.168.1.11 22 { 375 real_server 10.20.40.10 22 { 376 TCP_CHECK { 377 connect_timeout 3 378 connect_port 22 379 bindto 192.168.1.1 380 } 381 } 382} 383" 384test Keepalived.lns get tcp_check = 385 { "virtual_server" 386 { "ip" = "192.168.1.11" } 387 { "port" = "22" } 388 { "real_server" 389 { "ip" = "10.20.40.10" } 390 { "port" = "22" } 391 { "TCP_CHECK" 392 { "connect_timeout" = "3" } 393 { "connect_port" = "22" } 394 { "bindto" = "192.168.1.1" } } } } 395 396(* Variable: misc_check 397 An example of a MISC health checker *) 398let misc_check = "virtual_server 192.168.1.11 22 { 399 real_server 10.20.40.10 22 { 400 MISC_CHECK { 401 misc_path /usr/local/bin/server_test 402 misc_timeout 3 403 misc_dynamic 404 } 405 } 406} 407" 408test Keepalived.lns get misc_check = 409 { "virtual_server" 410 { "ip" = "192.168.1.11" } 411 { "port" = "22" } 412 { "real_server" 413 { "ip" = "10.20.40.10" } 414 { "port" = "22" } 415 { "MISC_CHECK" 416 { "misc_path" = "/usr/local/bin/server_test" } 417 { "misc_timeout" = "3" } 418 { "misc_dynamic" } } } } 419 420(* Variable: smtp_check 421 An example of an SMTP health checker *) 422let smtp_check = "virtual_server 192.168.1.11 22 { 423 real_server 10.20.40.10 22 { 424 SMTP_CHECK { 425 host { 426 connect_ip 10.20.40.11 427 connect_port 587 428 bindto 192.168.1.1 429 } 430 connect_timeout 3 431 retry 5 432 delay_before_retry 10 433 helo_name \"Testing Augeas\" 434 } 435 } 436} 437" 438test Keepalived.lns get smtp_check = 439 { "virtual_server" 440 { "ip" = "192.168.1.11" } 441 { "port" = "22" } 442 { "real_server" 443 { "ip" = "10.20.40.10" } 444 { "port" = "22" } 445 { "SMTP_CHECK" 446 { "host" 447 { "connect_ip" = "10.20.40.11" } 448 { "connect_port" = "587" } 449 { "bindto" = "192.168.1.1" } } 450 { "connect_timeout" = "3" } 451 { "retry" = "5" } 452 { "delay_before_retry" = "10" } 453 { "helo_name" = "\"Testing Augeas\"" } } } } 454 455(* Variable: http_check 456 An example of an HTTP health checker *) 457let http_check = "virtual_server 192.168.1.11 22 { 458 real_server 10.20.40.10 22 { 459 HTTP_GET { 460 url { 461 path /mrtg2/ 462 digest 9b3a0c85a887a256d6939da88aabd8cd 463 status_code 200 464 } 465 connect_timeout 3 466 connect_port 8080 467 nb_get_retry 5 468 delay_before_retry 10 469 } 470 SSL_GET { 471 connect_port 8443 472 } 473 } 474} 475" 476test Keepalived.lns get http_check = 477 { "virtual_server" 478 { "ip" = "192.168.1.11" } 479 { "port" = "22" } 480 { "real_server" 481 { "ip" = "10.20.40.10" } 482 { "port" = "22" } 483 { "HTTP_GET" 484 { "url" 485 { "path" = "/mrtg2/" } 486 { "digest" = "9b3a0c85a887a256d6939da88aabd8cd" } 487 { "status_code" = "200" } } 488 { "connect_timeout" = "3" } 489 { "connect_port" = "8080" } 490 { "nb_get_retry" = "5" } 491 { "delay_before_retry" = "10" } } 492 { "SSL_GET" 493 { "connect_port" = "8443" } } } } 494