Skip to main content Logo (IEC resistor symbol)logo

Quis custodiet ipsos custodes?
Home | About | All pages | RSS Feed | Gopher

Keepalived notify script, execute action on failover

Published: 26-10-2014 | Author: Remy van Elst | Text only version of this article

Table of Contents

Keepalived supports running scripts on VRRP state change. This can come in handywhen you need to execute an action when a failover occurs. In my case, I have aVPN running on a Virtual IP and want to make sure the VPN only runs on the nodewith the Virtual IP.

If you like this article, consider sponsoring me by trying out a Digital OceanVPS. With this link you'll get $100 credit for 60 days). (referral link)

If you want to set up a simple keepalived cluster, see my tutorial on that.

The VPN uses strongswan and is a simple ipsec site to site VPN. The two nodesare datacenter redundant. The nodes function as NAT/firewall proxies for abackend network. The backend servers need access to some other servers onlyreachable over the VPN.

A notify script can be used to take actions, not only removing or adding an IPto an interface. It can for example start or stop a daemon, depending on theVRRP state.

It is defined in the keepalived config like this:

vrrp_instance Example_VRRP {    [...]    notify /usr/local/sbin/}

The script can be written in any language as long as it is executable. Itreceives the following parameters:

This is the bash script I use for the strongswan VPN:

#!/bin/bashTYPE=$1NAME=$2STATE=$3case $STATE in        "MASTER") /usr/sbin/service strongswan start                  ;;        "BACKUP") /usr/sbin/service strongswan stop                  ;;        "FAULT")  /usr/sbin/service strongswan stop                  exit 0                  ;;        *)        /sbin/logger "ipsec unknown state"                  exit 1                  ;;esac
Tags: cluster, heartbeat, high-availability, keepalived, network, strongswan, tutorials, vpn, vrrp