{"id":15013966,"url":"https://github.com/voxpupuli/puppet-keepalived","last_synced_at":"2026-03-16T22:37:24.328Z","repository":{"id":5654272,"uuid":"6863314","full_name":"voxpupuli/puppet-keepalived","owner":"voxpupuli","description":"Puppet Module to manage Keepalived","archived":false,"fork":false,"pushed_at":"2024-09-17T00:34:37.000Z","size":703,"stargazers_count":49,"open_issues_count":29,"forks_count":152,"subscribers_count":43,"default_branch":"master","last_synced_at":"2024-10-29T14:22:37.225Z","etag":null,"topics":["centos-puppet-module","debian-puppet-module","hacktoberfest","linux-puppet-module","puppet","redhat-puppet-module","ubuntu-puppet-module"],"latest_commit_sha":null,"homepage":"https://forge.puppet.com/puppet/keepalived","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"benel/TP-Git","license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/voxpupuli.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"open_collective":"vox-pupuli","github":"voxpupuli"}},"created_at":"2012-11-26T10:22:35.000Z","updated_at":"2024-09-17T00:34:40.000Z","dependencies_parsed_at":"2023-12-15T04:03:35.271Z","dependency_job_id":"1415a6c2-27b1-455a-926e-3e02e0e24475","html_url":"https://github.com/voxpupuli/puppet-keepalived","commit_stats":{"total_commits":486,"total_committers":113,"mean_commits":4.300884955752212,"dds":0.7880658436213992,"last_synced_commit":"610ea911fe433439f5610ab5793070a3a18c2d9c"},"previous_names":["arioch/puppet-keepalived"],"tags_count":47,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-keepalived","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-keepalived/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-keepalived/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-keepalived/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/voxpupuli","download_url":"https://codeload.github.com/voxpupuli/puppet-keepalived/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247217209,"owners_count":20903009,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["centos-puppet-module","debian-puppet-module","hacktoberfest","linux-puppet-module","puppet","redhat-puppet-module","ubuntu-puppet-module"],"created_at":"2024-09-24T19:45:00.669Z","updated_at":"2026-03-11T04:03:08.738Z","avatar_url":"https://github.com/voxpupuli.png","language":"Ruby","funding_links":["https://opencollective.com/vox-pupuli","https://github.com/sponsors/voxpupuli"],"categories":[],"sub_categories":[],"readme":"# keepalived\n\n[![License](https://img.shields.io/github/license/voxpupuli/puppet-keepalived.svg)](https://github.com/voxpupuli/puppet-keepalived/blob/master/LICENSE)\n![Build Status](https://github.com/voxpupuli/puppet-keepalived/actions/workflows/ci.yml/badge.svg?branch=master)\n[![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/keepalived.svg)](https://forge.puppetlabs.com/puppet/keepalived)\n[![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/keepalived.svg)](https://forge.puppetlabs.com/puppet/keepalived)\n[![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/keepalived.svg)](https://forge.puppetlabs.com/puppet/keepalived)\n[![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/keepalived.svg)](https://forge.puppetlabs.com/puppet/keepalived)\n\n#### Table of Contents\n\n1. [Description](#description)\n2. [Usage - Configuration options and additional functionality](#usage)\n3. [Limitations - OS compatibility, etc.](#limitations)\n4. [Development - Guide for contributing to the module](#development)\n\n## Description\n\nThis puppet module manages [keepalived](http://www.keepalived.org/).\nThe main goal of keepalived is to provide simple and robust facilities for loadbalancing and high-availability to Linux system and Linux based infrastructures.\n\n## Usage\n\n### Basic IP-based VRRP failover\n\nThis configuration will fail-over when:\n\n1. Master node is unavailable\n\n```puppet\nnode /node01/ {\n  include keepalived\n\n  keepalived::vrrp::instance { 'VI_50':\n    interface         =\u003e 'eth1',\n    state             =\u003e 'MASTER',\n    virtual_router_id =\u003e 50,\n    priority          =\u003e 101,\n    auth_type         =\u003e 'PASS',\n    auth_pass         =\u003e 'secret',\n    virtual_ipaddress =\u003e [ '10.0.0.1/29' ],\n    track_interface   =\u003e ['eth1','tun0'], # optional, monitor these interfaces.\n  }\n}\n\nnode /node02/ {\n  include keepalived\n\n  keepalived::vrrp::instance { 'VI_50':\n    interface         =\u003e 'eth1',\n    state             =\u003e 'BACKUP',\n    virtual_router_id =\u003e 50,\n    priority          =\u003e 100,\n    auth_type         =\u003e 'PASS',\n    auth_pass         =\u003e 'secret',\n    virtual_ipaddress =\u003e [ '10.0.0.1/29' ],\n    track_interface   =\u003e ['eth1','tun0'], # optional, monitor these interfaces.\n  }\n}\n```\n\nor hiera:\n\n```yaml\n---\nkeepalived::vrrp_instance:\n  VI_50:\n    interface: 'eth1'\n    state: 'MASTER'\n    virtual_router_id: 50\n    priority: 101\n    auth_type: 'PASS'\n    auth_pass: 'secret'\n    virtual_ipaddress: '10.0.0.1/29'\n    track_interface:\n      - 'eth1'\n      - 'tun0'\n```\n\n### Add floating routes\n\n```puppet\nnode /node01/ {\n  include keepalived\n\n  keepalived::vrrp::instance { 'VI_50':\n    interface         =\u003e 'eth1',\n    state             =\u003e 'MASTER',\n    virtual_router_id =\u003e 50,\n    priority          =\u003e 101,\n    auth_type         =\u003e 'PASS',\n    auth_pass         =\u003e 'secret',\n    virtual_ipaddress =\u003e [ '10.0.0.1/29' ],\n    virtual_routes    =\u003e [ { to   =\u003e '168.168.2.0/24', via =\u003e '10.0.0.2' },\n                           { to   =\u003e '168.168.3.0/24', via =\u003e '10.0.0.3' } ],\n    virtual_rules     =\u003e [ { from =\u003e '168.168.2.42', lookup =\u003e 'customroute' } ]\n  }\n}\n```\n\nhiera:\n\n```yaml\n---\nkeepalived::vrrp_instance:\n  VI_50:\n    interface: 'eth1'\n    state: 'MASTER'\n    virtual_router_id: 50\n    priority: 101\n    auth_type: 'PASS'\n    auth_pass: 'secret'\n    virtual_ipaddress: '10.0.0.1/29'\n    virtual_routes:\n      - to: '168.168.2.0/24'\n        via: '10.0.0.2'\n      - to: 168.168.3.0/24'\n        via: '10.0.0.3'\n    virtual_rules:\n      - from: '168.168.2.42'\n        lookup: 'customroute'\n```\n\n### Detect application level failure\n\nThis configuration will fail-over when:\n\n1. NGinX daemon is not running\n1. Master node is unavailable\n\n```puppet\nnode /node01/ {\n  include keepalived\n\n  keepalived::vrrp::script { 'check_nginx':\n    script =\u003e '/usr/bin/killall -0 nginx',\n  }\n\n  keepalived::vrrp::instance { 'VI_50':\n    interface         =\u003e 'eth1',\n    state             =\u003e 'MASTER',\n    virtual_router_id =\u003e 50,\n    priority          =\u003e 101,\n    auth_type         =\u003e 'PASS',\n    auth_pass         =\u003e 'secret',\n    virtual_ipaddress =\u003e '10.0.0.1/29',\n    track_script      =\u003e ['check_nginx'],\n  }\n}\n\nnode /node02/ {\n  include keepalived\n\n  keepalived::vrrp::script { 'check_nginx':\n    script =\u003e '/usr/bin/killall -0 nginx',\n  }\n\n  keepalived::vrrp::instance { 'VI_50':\n    interface         =\u003e 'eth1',\n    state             =\u003e 'BACKUP',\n    virtual_router_id =\u003e 50,\n    priority          =\u003e 100,\n    auth_type         =\u003e 'PASS',\n    auth_pass         =\u003e 'secret',\n    virtual_ipaddress =\u003e '10.0.0.1/29',\n    track_script      =\u003e ['check_nginx'],\n  }\n}\n```\n\nor hiera:\n\n```yaml\n---\nkeepalived::vrrp_script:\n  check_nginx:\n    script: '/usr/bin/killall -0 nginx'\n\nkeepalived::vrrp_instance:\n  VI_50:\n    interface: 'eth1'\n    state: 'MASTER'\n    virtual_router_id: 50\n    priority: 101\n    auth_type: 'PASS'\n    auth_pass: 'secret'\n    virtual_ipaddress: '10.0.0.1/29'\n    track_script:\n      - check_nginx\n```\n\nor using process tracking (keepalived 2.0.11+):\n\n```puppet\nnode /node01/ {\n  include keepalived\n\n  keepalived::vrrp::track_process { 'check_nginx':\n    proc_name =\u003e 'nginx',\n    weight    =\u003e 10,\n    quorum    =\u003e 2,\n    delay     =\u003e 10,\n  }\n\n  keepalived::vrrp::instance { 'VI_50':\n    interface         =\u003e 'eth1',\n    state             =\u003e 'MASTER',\n    virtual_router_id =\u003e 50,\n    priority          =\u003e 101,\n    auth_type         =\u003e 'PASS',\n    auth_pass         =\u003e 'secret',\n    virtual_ipaddress =\u003e '10.0.0.1/29',\n    track_process     =\u003e ['check_nginx'],\n  }\n}\n```\n\n### IPv4 and IPv6 virtual IP, with application level failure detection\n\nThis configuration will fail-over both the IPv4 address and the IPv6 address when:\n\n1. NGINX daemon is not running\n1. Master node is unavailable\n\nIt is not possible to configure both IPv4 and IPv6 addresses as\nvirtual\\_ipaddresses in a single vrrp\\_instance; the reason is that the VRRP\nprotocol doesn't support it. The two VRRP instances can both use the same\nvirtual\\_router\\_id since VRRP IPv4 and IPv6 instances are completely\nindependent of each other. Both nodes have state set to BACKUP, which will\nprevent them from entering MASTER state until the check script(s) have succeeded\nand the election has been held.\n\nTo ensure that the IPv4 and IPv6 vrrp\\_instances are always in the same state as\neach other, configure a vrrp\\_sync\\_group to include both the instances. The\nvrrp\\_sync\\_group require the global\\_tracking flag to be enabled to prevent\nkeepalived from ignoring the tracking scripts for the vrrp\\_sync\\_group's\nvrrp\\_instance members.\n\nConfigure the vrrp\\_instance with the native\\_ipv6 flag to force the instance to\nuse IPv6. An IPv6 vrrp\\_instance without the \"native\\_ipv6\" keyword does not\nconfigure the virtual IPv6 address with the \"deprecated nodad\" options.\n\nRFC 3484, \"Default Address Selection for Internet Protocol version 6 (IPv6)\":\nConfigure a /128 mask for the IPv6 address for keepliaved to set\npreferred\\_lft to 0 to avoid the VI to be used for outgoing connections.\n\nRFC5798 section 5.2.9 requires that if the protocol is IPv6, then the first\naddress must be the link local address of the virtual router.\n\nIPv6 VRRP uses VRRP version 3, which does not support authentication, so the\nauth\\_type and auth\\_pass parameters are removed for the IPv6 VRRP instance.\n\n```puppet\nnode /node0x/ {\n  keepalived::vrrp::script { 'check_nginx':\n    script =\u003e '/usr/bin/pkill -0 nginx',\n  }\n\n  keepalived::vrrp::sync_group { 'VI_50':\n    group               =\u003e [ 'VI_50_IPV4', 'VI_50_IPV6' ],\n    global_tracking     =\u003e true,\n  }\n\n  keepalived::vrrp::instance { 'VI_50_IPV4':\n    interface           =\u003e 'eth0',\n    state               =\u003e 'BACKUP',\n    virtual_router_id   =\u003e 50,\n    priority            =\u003e 100,\n    auth_type           =\u003e 'PASS',\n    auth_pass           =\u003e 'secret',\n    virtual_ipaddress   =\u003e '10.0.0.1/32',\n    track_script        =\u003e 'check_nginx',\n  }\n\n  keepalived::vrrp::instance { 'VI_50_IPV6':\n    interface           =\u003e 'eth0',\n    state               =\u003e 'BACKUP',\n    virtual_router_id   =\u003e 50,\n    priority            =\u003e 100,\n    virtual_ipaddress   =\u003e ['fe80::50/128', '2001:db8::50/128', ],\n    track_script        =\u003e 'check_nginx',\n    native_ipv6         =\u003e true,\n  }\n}\n```\n\n### Global definitions\n\n```puppet\nclass { 'keepalived::global_defs':\n  notification_email      =\u003e 'no@spam.tld',\n  notification_email_from =\u003e 'no@spam.tld',\n  smtp_server             =\u003e 'localhost',\n  smtp_connect_timeout    =\u003e '60',\n  router_id               =\u003e 'your_router_instance_id',\n  bfd_rlimit_rttime       =\u003e 10000,\n  checker_rlimit_rttime   =\u003e 10000,\n  vrrp_rlimit_rttime      =\u003e 10000,\n  bfd_priority            =\u003e -20,\n  checker_priority        =\u003e -20,\n  vrrp_priority           =\u003e -20,\n  bfd_rt_priority         =\u003e 50,\n  checker_rt_priority     =\u003e 50,\n  vrrp_rt_priority        =\u003e 50,\n  bfd_no_swap             =\u003e true,\n  checker_no_swap         =\u003e true,\n  vrrp_no_swap            =\u003e true,\n  vrrp_version            =\u003e 3,\n  max_auto_priority       =\u003e 99,\n  vrrp_notify_fifo        =\u003e '/run/keepalived.fifo',\n  vrrp_notify_fifo_script =\u003e 'your_fifo_script_path',\n}\n```\nor hiera:\n\n```yaml\n---\nkeepalived::global_defs:\n  notification_email: 'no@spam.tld'\n  notification_email_from: 'no@spam.tld'\n  smtp_server: 'localhost'\n  smtp_connect_timeout: '60'\n  router_id: 'your_router_instance_id'\n  bfd_rlimit_rttime: 10000\n  checker_rlimit_rttime: 10000\n  vrrp_rlimit_rttime: 10000\n  bfd_priority: -20\n  checker_priority: -20\n  vrrp_priority: -20\n  bfd_rt_priority: 50\n  checker_rt_priority: 50\n  vrrp_rt_priority: 50\n  bfd_no_swap: true\n  checker_no_swap: true\n  vrrp_no_swap: true\n  vrrp_version: 3\n  max_auto_priority: 99\n  vrrp_notify_fifo: '/run/keepalived.fifo'\n  vrrp_notify_fifo_script: 'your_fifo_script_path'\n```\n### Soft-restart the Keepalived daemon\n\n```puppet\nclass { 'keepalived':\n  service_restart =\u003e 'service keepalived reload',     # When using SysV Init\n  # service_restart =\u003e 'systemctl reload keepalived', # When using SystemD\n}\n```\n\n### Opt out of having the service managed by the module\n\n```puppet\nclass { 'keepalived':\n  service_manage =\u003e false,\n}\n```\n\n### Opt out of having the package managed by the module\n\n```puppet\nclass { 'keepalived':\n  manage_package =\u003e false,\n}\n```\n\n### Opt out include unmanaged keepalived config files\n\nIf you need to include a Keepalived config fragment managed by another tool,\ninclude_external_conf_files takes an array of config path.\n\n**Caution: config file must be readable by Keepalived daemon**\n\n```puppet\nclass { 'keepalived':\n  include_external_conf_files =\u003e ['/etc/keepalived/unmanaged-config.cfg']\n}\n```\n\n### Unicast instead of Multicast\n\n**Caution: unicast support has only been added to Keepalived since version 1.2.8**\n\nBy default Keepalived will use multicast packets to determine failover conditions.\nHowever, in many cloud environments it is not possible to use multicast because of\nnetwork restrictions.\nKeepalived can be configured to use unicast in such environments:\n\nEnable automatic unicast configuration with exported resources by setting\nparameter 'collect\\_unicast\\_peers =\u003e true'\n\nAutomatic unicast configuration:\n\n```puppet\n  keepalived::vrrp::instance { 'VI_50':\n    interface         =\u003e 'eth1',\n    state             =\u003e 'BACKUP',\n    virtual_router_id =\u003e '50',\n    priority          =\u003e '100',\n    auth_type         =\u003e 'PASS',\n    auth_pass         =\u003e 'secret',\n    virtual_ipaddress =\u003e '10.0.0.1/29',\n    track_script      =\u003e 'check_nginx',\n    collect_unicast_peers =\u003e true,\n  }\n```\n\nManual unicast configuration or override auto default IP:\n\n```puppet\n  keepalived::vrrp::instance { 'VI_50':\n    interface         =\u003e 'eth1',\n    state             =\u003e 'BACKUP',\n    virtual_router_id =\u003e 50,\n    priority          =\u003e 100,\n    auth_type         =\u003e 'PASS',\n    auth_pass         =\u003e 'secret',\n    virtual_ipaddress =\u003e '10.0.0.1/29',\n    track_script      =\u003e 'check_nginx',\n    unicast_source_ip =\u003e $::ipaddress_eth1,\n    unicast_peers     =\u003e ['10.0.0.1', '10.0.0.2']\n  }\n```\n\nThe 'unicast\\_source\\_ip' parameter is optional as Keepalived will bind to the\nspecified interface by default. This value will be exported in place of the default\nwhen 'collect\\_unicast\\_peers =\u003e true'.\nThe 'unicast\\_peers' parameter contains an array of ip addresses that correspond\nto the failover nodes.\n\n### Creating ip-based virtual server instances with two real servers\n\nThis sets up a virtual server www.example.com that directs traffic to\nexample1.example.com and example2.example.com by matching on an IP address\nand port.\n\n```puppet\nkeepalived::lvs::virtual_server { 'www.example.com':\n  ip_address          =\u003e '1.2.3.4',\n  port                =\u003e '80',\n  delay_loop          =\u003e '7',\n  lb_algo             =\u003e 'wlc',\n  lb_kind             =\u003e 'DR',\n  persistence_timeout =\u003e 86400,\n  virtualhost         =\u003e 'www.example.com',\n  protocol            =\u003e 'TCP'\n}\n\nkeepalived::lvs::real_server { 'example1.example.com':\n  virtual_server =\u003e 'www.example.com',\n  ip_address     =\u003e '1.2.3.8',\n  port           =\u003e '80',\n  options        =\u003e {\n    weight      =\u003e '1000',\n    'TCP_CHECK' =\u003e {\n       connection_timeout =\u003e '3',\n    }\n  }\n}\n\nkeepalived::lvs::real_server { 'example2.example.com':\n  virtual_server =\u003e 'www.example.com',\n  ip_address     =\u003e '1.2.3.9',\n  port           =\u003e '80',\n  options        =\u003e {\n    weight      =\u003e '1000',\n    'TCP_CHECK' =\u003e {\n       connection_timeout =\u003e '3',\n    }\n  }\n}\n```\n\nor hiera:\n\n```yaml\n---\nkeepalived::lvs_virtual_server:\n  www.example.com:\n    ip_address: '1.2.3.4'\n    port: 80\n    delay_loop: 7\n    lb_algo: 'wlc'\n    lb_kind: 'DR'\n    persistence_timeout: 86400\n    virtualhost: 'www.example.com'\n    protocol: 'TCP'\n\nkeepalived::lvs_real_server:\n  example1.example.com:\n    virtual_server: 'www.example.com'\n    ip_address: '1.2.3.8'\n    port: 80\n    options:\n      weight: '1000'\n      TCP_CHECK:\n        connect_timeout: 3\n  example2.example.com:\n    virtual_server: 'www.example.com'\n    ip_address: '1.2.3.9'\n    port: 80\n    options:\n      weight: '1000'\n      TCP_CHECK:\n        connect_timeout: 3\n```\n\n### Creating firewall mark based virtual server instances with two real servers\n\nThis sets up a virtual server www.example.com that directs traffic to\nexample1.example.com and example2.example.com by matching on a firewall mark\nset in iptables or something similar.\n\n```puppet\nkeepalived::lvs::virtual_server { 'www.example.com':\n  fwmark              =\u003e '123',\n  delay_loop          =\u003e '7',\n  lb_algo             =\u003e 'wlc',\n  lb_kind             =\u003e 'DR',\n  persistence_timeout =\u003e 86400,\n  virtualhost         =\u003e 'www.example.com',\n  protocol            =\u003e 'TCP'\n}\n\nkeepalived::lvs::real_server { 'example1.example.com':\n  virtual_server =\u003e 'www.example.com',\n  ip_address     =\u003e '1.2.3.8',\n  port           =\u003e '80',\n  options        =\u003e {\n    weight      =\u003e '1000',\n    'TCP_CHECK' =\u003e {\n       connection_timeout =\u003e '3',\n    }\n  }\n}\n\nkeepalived::lvs::real_server { 'example2.example.com':\n  virtual_server =\u003e 'www.example.com',\n  ip_address     =\u003e '1.2.3.9',\n  port           =\u003e '80',\n  options        =\u003e {\n    weight      =\u003e '1000',\n    'TCP_CHECK' =\u003e {\n       connection_timeout =\u003e '3',\n    }\n  }\n}\n```\n\n## Reference\n\nReference documentation [coming soon](https://github.com/voxpupuli/puppet-keepalived/issues/158).\n\n## Limitations\n\nDetails in `metadata.json`.\n\n## Development\n\nThe contributing guide is in [CONTRIBUTING.md](https://github.com/voxpupuli/puppet-keepalived/blob/master/.github/CONTRIBUTING.md).\n\n## Release Notes/Contributors/Etc.\n\nDetails in `CHANGELOG.md`.\n\nMigrated from https://github.com/arioch/puppet-keepalived to Vox Pupuli.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoxpupuli%2Fpuppet-keepalived","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvoxpupuli%2Fpuppet-keepalived","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoxpupuli%2Fpuppet-keepalived/lists"}