Debian 12 bookworm
Sponsored Link

Keepalived : Monitor with script2023/08/25
 

It's possible to monitor processes or services and other state of programs with script by Keepalived.

This example is based on the environment like follows. 

                            VIP:10.0.0.30
+----------------------+          |          +----------------------+
|  [node01.srv.world]  |10.0.0.51 | 10.0.0.52|  [node02.srv.world]  |
|     Keepalived#1     +----------+----------+     Keepalived#2     |
|                      |                     |                      |
+----------------------+                     +----------------------+
[1]

Configure basic Keepalived settings, refer to here.

[2] For example, in addition to basic Keepalived settings, add settings to monitor HAProxy service and HTTP port.
root@node01:~#
vi /etc/keepalived/keepalived.conf 
global_defs {
    router_id node01
    notification_email {
        root@localhost
    }
    notification_email_from root@node01.srv.world
    smtp_server localhost
    smtp_connect_timeout 30
    # add
    enable_script_security
    # specify a user who runs script
    # for security reasons, it should not use root
    script_user root
}

# add monitoring setting for haproxy service
# possible to set any commands or your original scripts for [script] argument
vrrp_script track_haproxy {
    script "systemctl is-active haproxy"
    # interval to run the script above (sec)
    interval 5
    # if script returns non-zero 4 times, enter FAULT state
    fall 4
    # if script returns zero 2 times, exit FAULT state
    rise 2
}

# add monitoring setting for HTTP port
vrrp_script track_http_port {
    script "nc -zv localhost 80"
    interval 5
    fall 4
    rise 2
}

vrrp_instance VRRP1 {
    state MASTER
    # nopreempt
    interface enp1s0
    virtual_router_id 101
    priority 200
    advert_int 1
    virtual_ipaddress {
        10.0.0.30/24
    }
    # add
    track_script {
        track_haproxy
        track_http_port
    }
    smtp_alert
}
root@node01:~#
systemctl restart keepalived
[3] That's OK. Verify failover and failback when HAProxy would be down.
# primary node

root@node01:~#
ip address show enp1s0 

2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:5b:6d:b6 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.51/24 brd 10.0.0.255 scope global enp1s0
       valid_lft forever preferred_lft forever
    inet 10.0.0.30/24 scope global secondary enp1s0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe5b:6db6/64 scope link
       valid_lft forever preferred_lft forever
root@node01:~#
systemctl stop haproxy

root@node01:~#
systemctl is-active haproxy

inactive
root@node01:~#
echo $?

3
root@node01:~#
nc -zv localhost 80

localhost [127.0.0.1] 80 (http) : Connection refused
root@node01:~#
echo $?

1
root@node01:~#
ip address show enp1s0 

2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:5b:6d:b6 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.51/24 brd 10.0.0.255 scope global enp1s0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe5b:6db6/64 scope link
       valid_lft forever preferred_lft forever
root@node01:~#
ssh debian@node02 "ip address show enp1s0" 

debian@node02's password:
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:17:b6:c0 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.52/24 brd 10.0.0.255 scope global enp1s0
       valid_lft forever preferred_lft forever
    inet 10.0.0.30/24 scope global secondary enp1s0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe17:b6c0/64 scope link
       valid_lft forever preferred_lft forever
Matched Content