Skip to main content

Raymii.org Raymii.org Logo

Quis custodiet ipsos custodes?
Home | About | All pages | Cluster Status | RSS Feed

Keepalived notify script, execute action on failover

Published: 26-10-2014 | Author: Remy van Elst | Text only version of this article


❗ This post is over ten years old. It may no longer be up to date. Opinions may have changed.

Keepalived supports running scripts on VRRP state change. This can come in handy when you need to execute an action when a failover occurs. In my case, I have a VPN running on a Virtual IP and want to make sure the VPN only runs on the node with the Virtual IP.

Recently I removed all Google Ads from this site due to their invasive tracking, as well as Google Analytics. Please, if you found this content useful, consider a small donation using any of the options below:

I'm developing an open source monitoring app called Leaf Node Monitoring, for windows, linux & android. Go check it out!

Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.

You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $200 credit for 60 days. Spend $25 after your credit expires and I'll get $25!

If you want to set up a simple keepalived cluster, see my tutorial on that.

The VPN uses strongswan and is a simple ipsec site to site VPN. The two nodes are datacenter redundant. The nodes function as NAT/firewall proxies for a backend network. The backend servers need access to some other servers only reachable over the VPN.

A notify script can be used to take actions, not only removing or adding an IP to an interface. It can for example start or stop a daemon, depending on the VRRP state.

It is defined in the keepalived config like this:

vrrp_instance Example_VRRP {
    [...]
    notify /usr/local/sbin/notify-keepalived.sh
}

The script can be written in any language as long as it is executable. It receives the following parameters:

  • $1 = "INSTANCE" or "GROUP"
  • $2 = name of instance or group
  • $3 = target state of transition, "MASTER", "BACKUP" or "FAULT"

This is the bash script I use for the strongswan VPN:

#!/bin/bash
TYPE=$1
NAME=$2
STATE=$3
case $STATE in
        "MASTER") /usr/sbin/service strongswan start
                  ;;
        "BACKUP") /usr/sbin/service strongswan stop
                  ;;
        "FAULT")  /usr/sbin/service strongswan stop
                  exit 0
                  ;;
        *)        /sbin/logger "ipsec unknown state"
                  exit 1
                  ;;
esac
Tags: cluster , heartbeat , high-availability , keepalived , network , strongswan , tutorials , vpn , vrrp