Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x
- Puppet >= 6.1.0 < 8.0.0
- , , ,
Start using this module
Add this module to your Puppetfile:
mod 'puppet-keepalived', '3.2.0'
Learn more about managing modules with a PuppetfileDocumentation
keepalived
Table of Contents
- Description
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
This puppet module manages keepalived. The main goal of keepalived is to provide simple and robust facilities for loadbalancing and high-availability to Linux system and Linux based infrastructures.
Usage
Basic IP-based VRRP failover
This configuration will fail-over when:
- Master node is unavailable
node /node01/ {
include keepalived
keepalived::vrrp::instance { 'VI_50':
interface => 'eth1',
state => 'MASTER',
virtual_router_id => '50',
priority => '101',
auth_type => 'PASS',
auth_pass => 'secret',
virtual_ipaddress => [ '10.0.0.1/29' ],
track_interface => ['eth1','tun0'], # optional, monitor these interfaces.
}
}
node /node02/ {
include keepalived
keepalived::vrrp::instance { 'VI_50':
interface => 'eth1',
state => 'BACKUP',
virtual_router_id => '50',
priority => '100',
auth_type => 'PASS',
auth_pass => 'secret',
virtual_ipaddress => [ '10.0.0.1/29' ],
track_interface => ['eth1','tun0'], # optional, monitor these interfaces.
}
}
or hiera:
---
keepalived::vrrp_instance:
VI_50:
interface: 'eth1'
state: 'MASTER'
virtual_router_id: '50'
priority: '101'
auth_type: 'PASS'
auth_pass: 'secret'
virtual_ipaddress: '10.0.0.1/29'
track_interface:
- 'eth1'
- 'tun0'
Add floating routes
node /node01/ {
include keepalived
keepalived::vrrp::instance { 'VI_50':
interface => 'eth1',
state => 'MASTER',
virtual_router_id => '50',
priority => '101',
auth_type => 'PASS',
auth_pass => 'secret',
virtual_ipaddress => [ '10.0.0.1/29' ],
virtual_routes => [ { to => '168.168.2.0/24', via => '10.0.0.2' },
{ to => '168.168.3.0/24', via => '10.0.0.3' } ],
virtual_rules => [ { from => '168.168.2.42', lookup => 'customroute' } ]
}
}
hiera:
---
keepalived::vrrp_instance:
VI_50:
interface: 'eth1'
state: 'MASTER'
virtual_router_id: '50'
priority: '101'
auth_type: 'PASS'
auth_pass: 'secret'
virtual_ipaddress: '10.0.0.1/29'
virtual_routes:
- to: '168.168.2.0/24'
via: '10.0.0.2'
- to: 168.168.3.0/24'
via: '10.0.0.3'
virtual_rules:
- from: '168.168.2.42'
lookup: 'customroute'
Detect application level failure
This configuration will fail-over when:
- NGinX daemon is not running
- Master node is unavailable
node /node01/ {
include ::keepalived
keepalived::vrrp::script { 'check_nginx':
script => '/usr/bin/killall -0 nginx',
}
keepalived::vrrp::instance { 'VI_50':
interface => 'eth1',
state => 'MASTER',
virtual_router_id => '50',
priority => '101',
auth_type => 'PASS',
auth_pass => 'secret',
virtual_ipaddress => '10.0.0.1/29',
track_script => 'check_nginx',
}
}
node /node02/ {
include ::keepalived
keepalived::vrrp::script { 'check_nginx':
script => '/usr/bin/killall -0 nginx',
}
keepalived::vrrp::instance { 'VI_50':
interface => 'eth1',
state => 'BACKUP',
virtual_router_id => '50',
priority => '100',
auth_type => 'PASS',
auth_pass => 'secret',
virtual_ipaddress => '10.0.0.1/29',
track_script => 'check_nginx',
}
}
or hiera:
---
keepalived::vrrp_script:
check_nginx:
script: '/usr/bin/killall -0 nginx'
keepalived::vrrp_instance:
VI_50:
interface: 'eth1'
state: 'MASTER'
virtual_router_id: '50'
priority: '101'
auth_type: 'PASS'
auth_pass: 'secret'
virtual_ipaddress: '10.0.0.1/29'
track_script: check_nginx
or using process tracking (keepalived 2.0.11+):
node /node01/ {
include ::keepalived
keepalived::vrrp::track_process { 'check_nginx':
proc_name => 'nginx',
weight => 10,
quorum => 2,
delay => 10,
}
keepalived::vrrp::instance { 'VI_50':
interface => 'eth1',
state => 'MASTER',
virtual_router_id => '50',
priority => '101',
auth_type => 'PASS',
auth_pass => 'secret',
virtual_ipaddress => '10.0.0.1/29',
track_process => 'check_nginx',
}
}
IPv4 and IPv6 virtual IP, with application level failure detection
This configuration will fail-over both the IPv4 address and the IPv6 address when:
- NGINX daemon is not running
- Master node is unavailable
It is not possible to configure both IPv4 and IPv6 addresses as virtual_ipaddresses in a single vrrp_instance; the reason is that the VRRP protocol doesn't support it. The two VRRP instances can both use the same virtual_router_id since VRRP IPv4 and IPv6 instances are completely independent of each other. Both nodes have state set to BACKUP, which will prevent them from entering MASTER state until the check script(s) have succeeded and the election has been held.
To ensure that the IPv4 and IPv6 vrrp_instances are always in the same state as each other, configure a vrrp_sync_group to include both the instances. The vrrp_sync_group require the global_tracking flag to be enabled to prevent keepalived from ignoring the tracking scripts for the vrrp_sync_group's vrrp_instance members.
Configure the vrrp_instance with the native_ipv6 flag to force the instance to use IPv6. An IPv6 vrrp_instance without the "native_ipv6" keyword does not configure the virtual IPv6 address with the "deprecated nodad" options.
RFC 3484, "Default Address Selection for Internet Protocol version 6 (IPv6)": Configure a /128 mask for the IPv6 address for keepliaved to set preferred_lft to 0 to avoid the VI to be used for outgoing connections.
RFC5798 section 5.2.9 requires that if the protocol is IPv6, then the first address must be the link local address of the virtual router.
IPv6 VRRP uses VRRP version 3, which does not support authentication, so the auth_type and auth_pass parameters are removed for the IPv6 VRRP instance.
node /node0x/ {
keepalived::vrrp::script { 'check_nginx':
script => '/usr/bin/pkill -0 nginx',
}
keepalived::vrrp::sync_group { 'VI_50':
group => [ 'VI_50_IPV4', 'VI_50_IPV6' ],
global_tracking => true,
}
keepalived::vrrp::instance { 'VI_50_IPV4':
interface => 'eth0',
state => 'BACKUP',
virtual_router_id => 50,
priority => 100,
auth_type => 'PASS',
auth_pass => 'secret',
virtual_ipaddress => '10.0.0.1/32',
track_script => 'check_nginx',
}
keepalived::vrrp::instance { 'VI_50_IPV6':
interface => 'eth0',
state => 'BACKUP',
virtual_router_id => 50,
priority => 100,
virtual_ipaddress => ['fe80::50/128', '2001:db8::50/128', ],
track_script => 'check_nginx',
native_ipv6 => true,
}
}
Global definitions
class { 'keepalived::global_defs':
notification_email => 'no@spam.tld',
notification_email_from => 'no@spam.tld',
smtp_server => 'localhost',
smtp_connect_timeout => '60',
router_id => 'your_router_instance_id',
}
Soft-restart the Keepalived daemon
class { '::keepalived':
service_restart => 'service keepalived reload', # When using SysV Init
# service_restart => 'systemctl reload keepalived', # When using SystemD
}
Opt out of having the service managed by the module
class { '::keepalived':
service_manage => false,
}
Unicast instead of Multicast
Caution: unicast support has only been added to Keepalived since version 1.2.8
By default Keepalived will use multicast packets to determine failover conditions. However, in many cloud environments it is not possible to use multicast because of network restrictions. Keepalived can be configured to use unicast in such environments:
Enable automatic unicast configuration with exported resources by setting parameter 'collect_unicast_peers => true'
Automatic unicast configuration:
keepalived::vrrp::instance { 'VI_50':
interface => 'eth1',
state => 'BACKUP',
virtual_router_id => '50',
priority => '100',
auth_type => 'PASS',
auth_pass => 'secret',
virtual_ipaddress => '10.0.0.1/29',
track_script => 'check_nginx',
collect_unicast_peers => true,
}
Manual unicast configuration or override auto default IP:
keepalived::vrrp::instance { 'VI_50':
interface => 'eth1',
state => 'BACKUP',
virtual_router_id => '50',
priority => '100',
auth_type => 'PASS',
auth_pass => 'secret',
virtual_ipaddress => '10.0.0.1/29',
track_script => 'check_nginx',
unicast_source_ip => $::ipaddress_eth1,
unicast_peers => ['10.0.0.1', '10.0.0.2']
}
The 'unicast_source_ip' parameter is optional as Keepalived will bind to the specified interface by default. This value will be exported in place of the default when 'collect_unicast_peers => true'. The 'unicast_peers' parameter contains an array of ip addresses that correspond to the failover nodes.
Creating ip-based virtual server instances with two real servers
This sets up a virtual server www.example.com that directs traffic to example1.example.com and example2.example.com by matching on an IP address and port.
keepalived::lvs::virtual_server { 'www.example.com':
ip_address => '1.2.3.4',
port => '80',
delay_loop => '7',
lb_algo => 'wlc',
lb_kind => 'DR',
persistence_timeout => 86400,
virtualhost => 'www.example.com',
protocol => 'TCP'
}
keepalived::lvs::real_server { 'example1.example.com':
virtual_server => 'www.example.com',
ip_address => '1.2.3.8',
port => '80',
options => {
weight => '1000',
'TCP_CHECK' => {
connection_timeout => '3',
}
}
}
keepalived::lvs::real_server { 'example2.example.com':
virtual_server => 'www.example.com',
ip_address => '1.2.3.9',
port => '80',
options => {
weight => '1000',
'TCP_CHECK' => {
connection_timeout => '3',
}
}
}
or hiera:
---
keepalived::lvs_virtual_server:
www.example.com:
ip_address: '1.2.3.4'
port: 80
delay_loop: 7
lb_algo: 'wlc'
lb_kind: 'DR'
persistence_timeout: 86400
virtualhost: 'www.example.com'
protocol: 'TCP'
keepalived::lvs_real_server:
example1.example.com:
virtual_server: 'www.example.com'
ip_address: '1.2.3.8'
port: 80
options:
weight: '1000'
TCP_CHECK:
connect_timeout: 3
example2.example.com:
virtual_server: 'www.example.com'
ip_address: '1.2.3.9'
port: 80
options:
weight: '1000'
TCP_CHECK:
connect_timeout: 3
Creating firewall mark based virtual server instances with two real servers
This sets up a virtual server www.example.com that directs traffic to example1.example.com and example2.example.com by matching on a firewall mark set in iptables or something similar.
keepalived::lvs::virtual_server { 'www.example.com':
fwmark => '123',
delay_loop => '7',
lb_algo => 'wlc',
lb_kind => 'DR',
persistence_timeout => 86400,
virtualhost => 'www.example.com',
protocol => 'TCP'
}
keepalived::lvs::real_server { 'example1.example.com':
virtual_server => 'www.example.com',
ip_address => '1.2.3.8',
port => '80',
options => {
weight => '1000',
'TCP_CHECK' => {
connection_timeout => '3',
}
}
}
keepalived::lvs::real_server { 'example2.example.com':
virtual_server => 'www.example.com',
ip_address => '1.2.3.9',
port => '80',
options => {
weight => '1000',
'TCP_CHECK' => {
connection_timeout => '3',
}
}
}
Reference
Reference documentation coming soon.
Limitations
Details in metadata.json
.
Development
The contributing guide is in CONTRIBUTING.md.
Release Notes/Contributors/Etc.
Details in CHANGELOG.md
.
Migrated from https://github.com/arioch/puppet-keepalived to Vox Pupuli.
Reference
Table of Contents
Classes
keepalived
: Install and configure keepalivedkeepalived::config
: Configure keepalived modulekeepalived::global_defs
: Manage keepalived notifictionskeepalived::install
: Install keepalived packagekeepalived::service
: Manage keepalived service
Defined types
Public Defined types
keepalived::lvs::real_server
: Add a real server to a Linux Virtual Server with keepalivedkeepalived::lvs::virtual_server
: Configure a Linux Virtual Server with keepalived
Work in progress, supports:
- single IP/port virtual servers
- TCP_CHECK healthchecks
keepalived::vrrp::instance
: Configure VRRP instancekeepalived::vrrp::script
: Configure VRRP scriptkeepalived::vrrp::sync_group
: Configure the group for instancekeepalived::vrrp::track_process
: Configure the process tracker
Private Defined types
keepalived::vrrp::unicast_peer
: Define a unicast peer for a vrrp instance.
Data types
Keepalived::Options
: keepalived::optionsKeepalived::Vrrp::Instance::VRule
: keepalived::vrrp::instance::vrule
Classes
keepalived
Install and configure keepalived
Parameters
The following parameters are available in the keepalived
class:
sysconf_dir
sysconf_options
config_dir
config_dir_mode
config_file_mode
config_group
config_owner
daemon_group
daemon_user
pkg_ensure
pkg_list
service_enable
service_ensure
service_hasrestart
service_hasstatus
service_manage
service_name
service_restart
vrrp_instance
vrrp_script
vrrp_track_process
vrrp_sync_group
lvs_real_server
lvs_virtual_server
sysconf_dir
Data type: String[1]
sysconf_options
Data type: String
config_dir
Data type: Stdlib::Absolutepath
Default value: '/etc/keepalived'
config_dir_mode
Data type: Stdlib::Filemode
Default value: '0755'
config_file_mode
Data type: Stdlib::Filemode
Default value: '0644'
config_group
Data type: String[1]
Default value: 'root'
config_owner
Data type: String[1]
Default value: 'root'
daemon_group
Data type: String[1]
Default value: 'root'
daemon_user
Data type: String[1]
Default value: 'root'
pkg_ensure
Data type: String[1]
Default value: 'present'
pkg_list
Data type: Array[String[1]]
Default value: ['keepalived']
service_enable
Data type: Boolean
Default value: true
service_ensure
Data type: Stdlib::Ensure::Service
Default value: 'running'
service_hasrestart
Data type: Boolean
service_hasstatus
Data type: Boolean
service_manage
Data type: Boolean
Default value: true
service_name
Data type: String[1]
Default value: 'keepalived'
service_restart
Data type: Optional[String[1]]
Default value: undef
vrrp_instance
Data type: Hash
Default value: {}
vrrp_script
Data type: Hash
Default value: {}
vrrp_track_process
Data type: Hash
Default value: {}
vrrp_sync_group
Data type: Hash
Default value: {}
lvs_real_server
Data type: Hash
Default value: {}
lvs_virtual_server
Data type: Hash
Default value: {}
keepalived::config
Configure keepalived module
keepalived::global_defs
Manage keepalived notifictions
Parameters
The following parameters are available in the keepalived::global_defs
class:
notification_email
notification_email_from
smtp_server
smtp_connect_timeout
router_id
script_user
enable_script_security
snmp_socket
enable_snmp_keepalived
enable_snmp_vrrp
enable_snmp_checker
enable_snmp_rfc
enable_snmp_rfcv2
enable_snmp_rfcv3
enable_traps
enable_dbus
vrrp_higher_prio_send_advert
vrrp_garp_lower_prio_repeat
vrrp_garp_master_refresh
vrrp_garp_lower_prio_delay
vrrp_startup_delay
notification_email
Data type: Any
Array of notification email Recipients.
Default value: undef
notification_email_from
Data type: Any
Define the notification email Sender.
Default value: undef
smtp_server
Data type: Any
Define the smtp server addres.
Default value: undef
smtp_connect_timeout
Data type: Any
Define the smtp connect timeout.
Default value: undef
router_id
Data type: Any
Define the router ID.
Default value: undef
script_user
Data type: Any
Set the global script_user option.
Default value: undef
enable_script_security
Data type: Any
Set the enable_script_security option.
Default value: undef
snmp_socket
Data type: Any
Define snmp master agent socker
Default value: 'unix:/var/agentx/master'
enable_snmp_keepalived
Data type: Any
Set enable_snmp_keepalived option.
Default value: undef
enable_snmp_vrrp
Data type: Any
Set enable_snmp_vrrp option.
Default value: undef
enable_snmp_checker
Data type: Any
Set enable_snmp_checker option
Default value: undef
enable_snmp_rfc
Data type: Any
Set enable_snmp_rfc option.
Default value: undef
enable_snmp_rfcv2
Data type: Any
Set enable_snmp_rfcv2 option.
Default value: undef
enable_snmp_rfcv3
Data type: Any
Set enable_snmp_rfcv3 option.
Default value: undef
enable_traps
Data type: Any
Set enable_traps option.
Default value: undef
enable_dbus
Data type: Boolean
Set enable_dbus option
Default value: false
vrrp_higher_prio_send_advert
Data type: Optional[Boolean]
Set vrrp_higher_prio_send_advert option.
Default value: undef
vrrp_garp_lower_prio_repeat
Data type: Optional[Integer]
Set vrrp_garp_lower_prio_repeat option.
Default value: undef
vrrp_garp_master_refresh
Data type: Optional[Integer]
Set vrrp_garp_master_refresh option.
Default value: undef
vrrp_garp_lower_prio_delay
Data type: Optional[Integer]
Set vrrp_garp_lower_prio_delay option.
Default value: undef
vrrp_startup_delay
Data type: Optional[Float]
Set vrrp_startup_delay option.
Default value: undef
keepalived::install
Install keepalived package
keepalived::service
Manage keepalived service
Defined types
keepalived::lvs::real_server
Add a real server to a Linux Virtual Server with keepalived
Parameters
The following parameters are available in the keepalived::lvs::real_server
defined type:
virtual_server
Data type: String[1]
The name of the virtual server this real server will be added to
ip_address
Data type: Stdlib::IP::Address
The ip address of the real server
port
Data type: Stdlib::Port
Real sever IP port. (if ommitted the port defaults to the VIP port)
options
Data type: Keepalived::Options
One or more options to include in the real_server block
@example options => { inhibit_on_failure => true, SMTP_CHECK => { connect_timeout => 10 host => { connect_ip => '127.0.0.1' } } }
Default value: {}
keepalived::lvs::virtual_server
Configure a Linux Virtual Server with keepalived
Work in progress, supports:
- single IP/port virtual servers
- TCP_CHECK healthchecks
Examples
real_server_options => {
inhibit_on_failure => true,
SMTP_CHECK => {
connect_timeout => 10
host => {
connect_ip => '127.0.0.1'
}
}
}
Parameters
The following parameters are available in the keepalived::lvs::virtual_server
defined type:
ip_address
port
fwmark
lb_algo
delay_loop
protocol
lb_kind
ha_suspend
alpha
omega
sh_port
sh_fallback
quorum
quorum_up
quorum_down
hysteresis
tcp_check
real_server_options
sorry_server
sorry_server_inhibit
persistence_timeout
virtualhost
real_servers
collect_exported
ip_address
Data type: Optional[Stdlib::IP::Address]
Virtual server IP address.
Default value: undef
port
Data type: Optional[Stdlib::Port]
Virtual sever IP port.
Default value: undef
fwmark
Data type: Optional[Integer[1]]
Virtual Server firewall mark. (overrides ip_address and port)
Default value: undef
lb_algo
Data type: Enum['rr','wrr','lc','wlc','lblc','sh','dh']
Must be one of rr, wrr, lc, wlc, lblc, sh, dh
delay_loop
Data type: Optional[Integer[1]]
Default value: undef
protocol
Data type: Enum['TCP','UDP']
Default value: 'TCP'
lb_kind
Data type: Enum['NAT','DR','TUN']
Must be one of NAT, TUN, DR.
Default value: 'NAT'
ha_suspend
Data type: Boolean
Default value: false
alpha
Data type: Boolean
Default value: false
omega
Data type: Boolean
Default value: false
sh_port
Data type: Boolean
Default value: false
sh_fallback
Data type: Boolean
Default value: false
quorum
Data type: Optional[Integer[1]]
Default value: undef
quorum_up
Data type: Optional[String[1]]
Default value: undef
quorum_down
Data type: Optional[String[1]]
Default value: undef
hysteresis
Data type: Optional[Integer[0]]
Default value: undef
tcp_check
Data type: Optional[Hash]
The TCP_CHECK to configure for real_servers.
Default value: undef
real_server_options
Data type: Hash
One or more options to apply to all real_server blocks inside this virtual_server.
Default value: {}
sorry_server
Data type: Optional[Struct[{ ip_address => Stdlib::IP::Address, port => Stdlib::Port }]]
The sorry_server to define
Default value: undef
sorry_server_inhibit
Data type: Boolean
Default value: false
persistence_timeout
Data type: Optional[Integer[1]]
Default value: undef
virtualhost
Data type: Optional[Stdlib::Fqdn]
Default value: undef
real_servers
Data type: Array[Hash]
The real servers to balance to.
Default value: []
collect_exported
Data type: Boolean
Boolean. Automatically collect exported @@keepalived::lvs::real_servers with a virtual_server equal to the name/title of this resource. This allows you to easily export a real_server resource on each node in the pool.
Default value: true
keepalived::vrrp::instance
Configure VRRP instance
Examples
May be specified as either:
a) ip address (or array of IP addresses)
e.g. `'10.0.0.1'`
b) a hash (or array of hashes) containing
extra properties
e.g. `{ 'ip' => '10.0.0.1', 'label' => 'webvip' }`
Supported properties: dev, brd, label, scope.
May be specified as a hash (or array of hashes)
containing extra properties
e.g. `{ 'src' => '10.0.0.1',
'to' => '192.168.30.0/24',
'via' => '10.0.0.254',
'metric' => '15' }`
Supported properties: src, to, via, dev, scope, table, metric
May be specified as a hash (or array of hashes)
containing extra properties
e.g. `{ 'from' => '10.0.0.1',
'via' => '10.0.0.254',
'lookup' => 'customroute',
'metric' => '15' }`
Supported properties: from, to, dev, lookup, metric
May be specified as either:
a) ip address (or array of IP addresses)
e.g. `'10.0.0.1'`
b) a hash (or array of hashes) containing
extra properties
e.g. `{ 'ip'=>'10.0.0.1', 'scope'=>'local' }`
Supported properties: dev, brd, label, scope.
Parameters
The following parameters are available in the keepalived::vrrp::instance
defined type:
interface
priority
state
virtual_ipaddress_int
virtual_ipaddress
virtual_routes
virtual_rules
virtual_ipaddress_excluded
virtual_router_id
auth_type
auth_pass
track_script
track_process
track_interface
lvs_interface
smtp_alert
nopreempt
preempt_delay
advert_int
garp_master_delay
garp_master_refresh
notify_script_master
notify_script_backup
notify_script_fault
notify_script_stop
notify_script
multicast_source_ip
notify_script_master_rx_lower_pri
unicast_source_ip
unicast_peers
dont_track_primary
use_vmac
vmac_xmit_base
native_ipv6
garp_lower_prio_repeat
higher_prio_send_advert
collect_unicast_peers
interface
Data type: Any
Define which interface to listen on.
priority
Data type: Integer[1,254]
Set instance priority.
state
Data type: Any
Set instance state.
virtual_ipaddress_int
Data type: Any
Set interface for VIP to be assigned to,
Default value: undef
virtual_ipaddress
Data type: Any
Set floating IP address.
Default value: undef
virtual_routes
Data type: Any
Set floating routes.
Default value: undef
virtual_rules
Data type: Optional[Array[Keepalived::Vrrp::Instance::VRule]]
Set floating rules.
Default value: undef
virtual_ipaddress_excluded
Data type: Any
For cases with large numbers (eg 200) of IPs on the same interface. To decrease the number of packets sent in adverts, you can exclude most IPs from adverts.
Default value: undef
virtual_router_id
Data type: Integer[1,255]
Set virtual router id.
auth_type
Data type: Any
Set authentication method.
Default value: undef
auth_pass
Data type: Optional[Variant[String, Sensitive[String]]]
Authentication password.
Default value: undef
track_script
Data type: Any
Define which script to run to track service states.
Default value: undef
track_process
Data type: Optional[Array[String[1]]]
Define which process trackers to run.
Default value: undef
track_interface
Data type: Any
Define which interface(s) to monitor. Go to FAULT state if one of these interfaces goes down. May be specified as either: a) interface name b) array of interfaces names
Default value: undef
lvs_interface
Data type: Any
Define lvs_sync_daemon_interface.
Default value: undef
smtp_alert
Data type: Any
Send status alerts via SMTP. Requires user provided in SMTP settings in keepalived::global_defs class.
Default value: false
nopreempt
Data type: Any
Allows the lower priority machine to maintain the master role, when a higher priority machine comes back online. NOTE: For this to work, the initial state of this entry must be BACKUP
Default value: false
preempt_delay
Data type: Any
Seconds after startup until preemption Range: 0 to 1,000 NOTE: For this to work, the initial state of this entry must be BACKUP
Default value: undef
advert_int
Data type: Any
The interval between VRRP packets
Default value: 1
garp_master_delay
Data type: Any
The delay for gratuitous ARP after transition to MASTER
Default value: 5
garp_master_refresh
Data type: Any
Repeat gratuitous ARP after transition to MASTER this often.
Default value: undef
notify_script_master
Data type: Any
Define the notify master script.
Default value: undef
notify_script_backup
Data type: Any
Define the notify backup script.
Default value: undef
notify_script_fault
Data type: Any
Define the notify fault script.
Default value: undef
notify_script_stop
Data type: Any
Define the notify stop script.
Default value: undef
notify_script
Data type: Any
Define the notify script.
Default value: undef
multicast_source_ip
Data type: Any
default IP for binding vrrpd is the primary IP on interface. If you want to hide the location of vrrpd, use this IP as src_addr for multicast vrrp packets.
Default value: undef
notify_script_master_rx_lower_pri
Data type: Optional[Stdlib::Absolutepath]
Define the notify_master_rx_lower_pri script. This is executed if a master receives an advert with priority lower than the master's advert.
Default value: undef
unicast_source_ip
Data type: Optional[Stdlib::IP::Address]
default IP for binding vrrpd is the primary IP on interface. If you want to hide the location of vrrpd, use this IP as src_addr for unicast vrrp packets.
Default value: undef
unicast_peers
Data type: Variant[Array[Stdlib::IP::Address], Stdlib::IP::Address]
Do not send VRRP adverts over VRRP multicast group. Instead send adverts to the list of ip addresses using a unicast design fashion.
May be specified as an array with ip addresses
Default value: []
dont_track_primary
Data type: Any
Tells keepalived to ignore VRRP interface faults. Can be useful on setup where two routers are connected directly to each other on the interface used for VRRP. Without this feature the link down caused by one router crashing would also inspire the other router to lose (or not gain) MASTER state, since it was also tracking link status. Default: false.
Default value: false
use_vmac
Data type: Any
Use virtual MAC address for virtual IP addresses.
Default value: false
vmac_xmit_base
Data type: Any
When using virtual MAC addresses transmit and receive VRRP messaged on the underlying interface whilst ARP will happen from the the VMAC interface.
Default value: true
native_ipv6
Data type: Boolean
Force instance to use IPv6 (when mixed IPv4 and IPv6 config)
Default value: false
garp_lower_prio_repeat
Data type: Optional[Integer]
Default value: undef
higher_prio_send_advert
Data type: Optional[Boolean]
Default value: undef
collect_unicast_peers
Data type: Boolean
Default value: false
keepalived::vrrp::script
Configure VRRP script
Parameters
The following parameters are available in the keepalived::vrrp::script
defined type:
interval
Data type: Any
Set the interval to run the vrrp script.
Default value: '2'
script
Data type: String[1]
Which command or script to execute.
weight
Data type: Any
The weight the script should add to the instance.
Default value: undef
fall
Data type: Any
required number of failures for KO switch.
Default value: undef
rise
Data type: Any
required number of successes for OK switch.
Default value: undef
timeout
Data type: Any
max time to wait for the vrrp script to return.
Default value: undef
user
Data type: Any
user to run the vrrp script under.
Default value: undef
group
Data type: Any
group to run the vrrp script under - only used if $user is also set.
Default value: undef
no_weight
Data type: Any
Default value: false
keepalived::vrrp::sync_group
Configure the group for instance
Parameters
The following parameters are available in the keepalived::vrrp::sync_group
defined type:
group
notify_script_master
notify_script_backup
notify_script_fault
notify_script
notify_script_master_rx_lower_pri
smtp_alert
nopreempt
global_tracking
group
Data type: Any
Define vrrp instances to group (Array)
notify_script_master
Data type: Any
Define the notify master script.
Default value: undef
notify_script_backup
Data type: Any
Define the notify backup script.
Default value: undef
notify_script_fault
Data type: Any
Define the notify fault script.
Default value: undef
notify_script
Data type: Any
Define the notify script.
Default value: undef
notify_script_master_rx_lower_pri
Data type: Optional[Stdlib::Absolutepath]
Define the notify_master_rx_lower_pri script. This is executed if a master receives an advert with priority lower than the master's advert.
Default value: undef
smtp_alert
Data type: Any
Send email on status change
Default value: undef
nopreempt
Data type: Any
Default value: undef
global_tracking
Data type: Boolean
Default value: false
keepalived::vrrp::track_process
Configure the process tracker
Parameters
The following parameters are available in the keepalived::vrrp::track_process
defined type:
proc_name
Data type: String[1]
process name to track
weight
Data type: Optional[Integer[0]]
The weight that should add to the instance.
Default value: undef
quorum
Data type: Integer[0]
Number of processes to expect running
Default value: 1
delay
Data type: Optional[Integer[0]]
Time to delay after process quorum lost before considering process failed (in fractions of second)
Default value: undef
full_command
Data type: Boolean
Match entire process cmdline
Default value: false
param_match
Data type: Optional[Enum['initial','partial']]
Set inital if command has no parameters or use partial if first n parameters match
Default value: undef
Data types
Keepalived::Options
keepalived::options
Alias of
Hash[String[1], Any]
Keepalived::Vrrp::Instance::VRule
keepalived::vrrp::instance::vrule
Alias of
Struct[{
Optional[from] => String,
Optional[to] => String,
Optional[dev] => String,
Optional[lookup] => String
}]
Changelog
All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.
v3.2.0 (2021-10-02)
Implemented enhancements:
- Add support for vrrp_startup_delay option #248 (fklajn)
- Add enable_dbus option #242 (aagor)
- Use Puppet-Datatype Sensitive for $auth_pass #241 (cocker-cc)
- create puppet strings based reference docs #209 (your1p)
Closed issues:
- Create puppet-strings based reference docs #158
Merged pull requests:
- Allow stdlib 8.0.0 #245 (smortex)
- Allow virtual_ipaddress_excluded to be a string #244 (aagor)
- Fix incorrect documentation #243 (aagor)
v3.1.0 (2021-05-21)
Implemented enhancements:
Fixed bugs:
v3.0.0 (2021-04-03)
Breaking changes:
- Drop Debian 8 support #235 (bastelfreak)
- Drop Puppet 5 support; add Puppet 7 support #234 (bastelfreak)
Implemented enhancements:
- Enable Debian 9 support #233 (bastelfreak)
- puppetlabs/concat: Allow 7.x / puppetlabs/stdlib: Allow 7.x #232 (bastelfreak)
- add vrrp_garp_master_refresh / vrrp_garp_lower_prio_delay params #206 (a-dekker)
- add support for virtual_rules #199 (derJD)
Fixed bugs:
Closed issues:
dev
is set onvirtual_ipaddress
whenuse_vmac
is enabled #215- support of additional parameters #205
- forge version of module vs current master - vrrp script timeouts #111
Merged pull requests:
- Enable automatic unicast configuration with exported resources - pass tests #227 (daaang)
- Drop EL6 support #226 (ekohl)
- Add enable_snmp_vrrp option #221 (ghost)
- Resolve puppet-lint notices #220 (jcpunk)
- modulesync 3.0.0 & puppet-lint updates #218 (bastelfreak)
- use hiera data in module instead of params.pp #210 (Dan33l)
- Use voxpupuli-acceptance #208 (ekohl)
- Use contain for sub classes in this module #202 (bastelfreak)
v2.2.0 (2019-10-22)
Implemented enhancements:
- Add support for sh-port and sh-fallback flags to lvs virtual servers #198 (hkbakke)
- Add notify_script_master_rx_lower_pri option to the module #195 (salindaliyanage)
- Support for higher_prio_send_advert and garp_lower_prio_repeat #194 (foosinn)
- LVS hiera support #190 (7matd7)
Fixed bugs:
Closed issues:
- Not able to set sh-port and sh-fallback flags in virtual_server #192
- Add Ubuntu to Metadata #175
- Hiera lookups and this module #116
Merged pull requests:
- Add Ubuntu 16.04 and 18.04 to list of supported OSes #188 (alexjfisher)
- Add CentOS 7 to list of supported OSes #187 (alexjfisher)
v2.1.0 (2019-06-09)
Implemented enhancements:
- Please add support for "native_ipv6" vrrp_instance statement #183
- add support for native_ipv6 in vrrp instances #184 (sigbjorntux)
- feat: add quorum_up and quorum_down in virtual_server #174 (rotulet)
- add keepalived vrrp track_process support w/tests #172 (jontow)
Fixed bugs:
- Problem with keepalived::vrrp::track_process fullcommand #179
- Allow puppetlabs/concat 6.x, puppetlabs/stdlib 6.x #182 (dhoppe)
- Change the fullcommand parameter to full_command for keepalived::vrrp::track_process #180 (fduranti)
Closed issues:
- Fix wrong warning #141
Merged pull requests:
- remove leading colons from variables #176 (Dan33l)
- use rspec-puppet-facts #173 (Dan33l)
- Support for metric argument in vrrp_instancevirtual_routes #128 (KrzysztofHajdamowicz)
v2.0.0 (2019-03-18)
This is the first release since the module was migrated to the Vox Pupuli puppet
namespace.
Breaking changes:
- Use data types instead of validate functions #163 (alexjfisher)
- Drop support for Puppet 3, Puppet 4 and Debian 7 #162 (alexjfisher)
Closed issues:
- Replace validate functions with data types #159
- Review acceptance tests #156
- No changelog available #148
- Target Concat_file with path or title '/keepalived.conf' or tag '_keepalived.conf not found in the catalog #143
- forge version 1.2.5 is outdated #131
- Concat issue #106
Merged pull requests:
- Add badges #166 (alexjfisher)
- Replace
create_resources
with iteration #165 (alexjfisher) - Fix Github License detection #164 (alexjfisher)
- Allow latest concat/stdlib and bump minimum versions #160 (alexjfisher)
- Enable beaker tests and drop Debian 6 support #157 (Dan33l)
- some README cleanup #155 (Dan33l)
- Rubocop Fixes #154 (alexjfisher)
- clean up of metadata.json #152 (Dan33l)
- * Allow user and group in vrrp::script #149 (SpoonOne)
1.3.0 (2018-09-06)
Closed issues:
- VIP for sandby ip ? #135
- Add "script_user" and "enable_script_security" options in global_defs class #130
- keepalived::vrrp::instance priority should support the value 255. #107
Merged pull requests:
- Fix 130 #134 (duritong)
- Avoid newline (and with this a refresh of service) for existing configs #115 (robertvargason)
1.2.5 (2016-09-23)
Closed issues:
- $ensure parameter to concat::fragment is deprecated #112
- Configuration option to use VMAC feature #108
- New release? #96
- misplaced curly brace #75
Merged pull requests:
- Support testing on Rubies \< 2.0.0 #113 (Phil-Friderici)
- Made virtual_ipaddress optional #101 (iwalz)
- simple ordering fix for #75 #97 (gattebury)
1.2.4 (2016-02-22)
Closed issues:
- Cannot add 2 ip's, each on different interfaces #84
- Comparison of: String \< Integer, is not possible #79
Merged pull requests:
- Extend hiera support #94 (mrdrup)
- Added mcast_src_ip option #93 (jkroepke)
- Keepalived should be restarted on Concat changes, not File #92 (ernetas)
- future parser: removed Class[ 'keepalived' ] #90 (hggh)
- Remove duplicate class parameter #89 (SanderKnape)
- Add instruction for hiera usage #87 (occelebi)
- Add hiera support #86 (occelebi)
1.2.3 (2015-11-06)
1.2.2 (2015-11-06)
Merged pull requests:
- Type cast strings to integers for puppet 4 #82 (danieldreier)
1.2.1 (2015-08-04)
Closed issues:
- order parameter contains invalid characters #70
Merged pull requests:
1.2.0 (2015-06-08)
Fixed bugs:
- keepalived_version fact not working #61
Closed issues:
- "Symlinks in modules are unsupported" failure installing 1.1.1 on puppet forge #64
Merged pull requests:
- Support broad range of puppet versions and fix tests #71 (duritong)
- Ignore .project files. #69 (arioch)
- instance scripts syntax fixed #68 (leftys)
1.1.1 (2015-02-01)
1.1.0 (2015-01-19)
1.0.4 (2015-01-05)
Closed issues:
1.0.3 (2014-12-03)
1.0.2 (2014-11-21)
Implemented enhancements:
- Reload keepalived on refresh instead of restart #52
1.0.1 (2014-10-28)
1.0.0 (2014-10-05)
0.1.2 (2014-09-25)
Closed issues:
- Error: Could not find dependent Exec[concat_/etc/keepalived/keepalived.conf] #46
0.1.1 (2014-08-15)
0.1.0 (2014-07-30)
Closed issues:
- global_def #43
0.0.16 (2014-07-08)
0.0.15 (2014-07-08)
Fixed bugs:
- keepalived::lvs::real_server options fails when using capital letters #38
Closed issues:
- Global_defs.pp depends on a not found Exec #40
0.0.14 (2014-06-16)
0.0.13 (2014-05-28)
0.0.12 (2014-05-22)
Closed issues:
0.0.11 (2014-05-08)
0.0.10 (2014-03-13)
0.0.9 (2014-03-12)
0.0.8 (2014-02-26)
0.0.7 (2014-02-18)
Closed issues:
- VirtualIP address not being overwritten on change #17
0.0.6 (2014-02-10)
0.0.5 (2013-12-09)
0.0.4 (2013-11-22)
0.0.3 (2013-10-25)
Merged pull requests:
0.0.1 (2013-07-25)
0.0.2 (2013-07-25)
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/concat (>= 4.1.0 < 8.0.0)
- puppetlabs/stdlib (>= 4.25.1 < 9.0.0)
Copyright (C) 2012 Tom De Vylder Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.