#=========Global Config==============# #Email notification global_defs { notification_email { root@localhost //Accept email address } #Mailserver Settings notification_email_from keepalived@localhost //Mailing address smtp_server 127.0.0.1 //Send mail server IP smtp_connect_timeout 30 //Mail connection timeout #Rounting settings #here master on the seconday lb02 it must called be slave router_id backup #An identity that identifies the keepalived server running (type an string) } #======= End Globals ==========# #======= HA for Floating IP ===# vrrp_instance VI_1 { #VRRP instance definition section state BACKUP #Specify that the node is the primary node (uppercase) and the standby node is BACKUP interface ens18 #Network interface bound to virtual IP virtual_router_id 51 #VRRP group name, two nodes need to be set the same to indicate that each node belongs to the same VRRP group. Must be an integer priority 99 #Priority of the primary node (1-254), default 100, note that the secondary node priority needs to be lower than the primary node advert_int 1 #Set the time interval between synchronization checks between two nodes, the two nodes need to be consistent. Value in seconds authentication { #Set validation information, two nodes need to be consistent auth_type PASS #Set up authentication types, mainly PASS and AH auth_pass 8nzlTBSoSrpJP0i77TgL! #Set the authentication password, two nodes must use the same secret under a vrrp_instance } virtual_ipaddress { #Specify virtual IP (floating IPs), two nodes need to be set the same, can have more than one, one per line. as paremeter dev the network device were the ip additionally assigned 49.12.154.74 dev ens18 } #Notify section, when wiched to run a script ins stated (eg script to assign floating ip per script, at Hetzner or other) #only notify will called at any state. But the following parameters are overgiven #notify /path_to_script/script_allstates.sh #In the script allstates there are 3 parameters that can checked #Type contains value "GROUP" or "INSTANCE" #TYPE = $1 #Name contains teh name of group or intance #NAME = $2 #State contains, the state. These are "MASTER" "BACKUP" "FAULT" with * you can catch an unknown state #STATE = $3 #example script_allstate.sh below in next code box #These calls the scripts in the given state, so no check in sh script is necessary #notify_master /path_to_script/script_master.sh # (or notify_master “ /path_to_script/script_master.sh ”) #notify_backup /path_to_script/script_backup.sh # (or notify_backup “ /path_to_script/script_backup.sh ”) #notify_fault /path_to_script/script_fault.sh # (or notify_fault “ /path_to_script/script_fault.sh ”) } #=== End Ha for Floating IP =========================# #==========Virtual Server - Definition which floating ip and Ports #========== Virtual Server for OpenVPN UDP 1194============# virtual_server 49.12.154.74 1194 { #Virtual IP Service delay_loop 6 #Set interval to check actual server lvs_sched fo #Specify LVS Scheduling Algorithm (fo, switched at weight, the heighest wins) #if Dr Mode dont forget to set iptables nat to the virtual ip on the realservers eg. on 49.12.154.75 #iptables -t nat -A PREROUTING -d 49.12.154.74 -j REDIRECT #its virtual ip : 49.12.154.74 #LVS direct routing lvs_method DR #Specify LVS mode, mainly NAT, TUN, DR protocol UDP #Forwarding protocol is UDP #Real-Server - here Specify nodes 1-n. Can have an other port, when whished #================= Reaslserver UDP 1194 VPN02 real_server 49.12.154.75 1194 { #Backend Real Server Configuration for VPN01 weight 10 #Set the weight value of the server node. The highest is preferred connection, if available. #this is an Standard TCP check, but we will check UDP VPN we need an own check script, that return 0 or 1. 0 = OK, 1 = fail #TCP_CHECK { #Real Server State Detection Settings section, in seconds # connect_timeout 3 #Connection timeout # nb_get_retry 3 #retry count # delay_before_retry 3 #retry interval # connect_port 80 #Connection Port #} #This done with, misc check MISC_CHECK{ #misc_path /path/to/check_whatever.sh or py. Hint when parameters given it must be quoted misc_path "/root/check_vpn.py -p 1194 49.12.154.75" #misc_path /root/check_vpn.sh } } #=================== Realserver UDP 1194 LB02 ==============# real_server 49.12.154.76 1194 { #Backend Real Server Configuration for VPN02 weight 9 #Set the weight value of the server node. The highest is preferred connection, if available. #this is an Standard TCP check, but we will check UDP VPN we need an own check script, that return 0 or 1. 0 = OK, 1 = fail #TCP_CHECK { #Real Server State Detection Settings section, in seconds # connect_timeout 3 #Connection timeout # nb_get_retry 3 #retry count # delay_before_retry 3 #retry interval # connect_port 80 #Connection Port #} #This done with, misc check MISC_CHECK{ #misc_path /path/to/check_whatever.sh or py. Hint when parameters given it must be quoted misc_path "/root/check_vpn.py -p 1194 49.12.154.76" } } #============= End Realsserver ======================# } #=== End Virtual Server UDP 1194===================# #===Virtual Server TCP VPN 443 virtual_server 49.12.154.74 443 { #Virtual IP Service delay_loop 6 #Set interval to check actual server lvs_sched fo #Specify LVS Scheduling Algorithm (fo, switched at weight, the heighest wins) #f Dr Mode dont forget to set iptables nat to the virtual ip on the realservers eg. on 49.12.154.75 #iptables -t nat -A PREROUTING -d 192.168.35.127 -j REDIRECT #its virtual ip : 49.12.154.74 lvs_method DR #Specify LVS mode, mainly NAT, TUN, DR # persistence_timeout 50 #Session Hold Time protocol TCP #Forwarding protocol is TCP #Real-Server - here Specify nodes 1-n. Can have an other port, when whished #================= Reaslserver TCP 443 VPN02 real_server 49.12.154.75 443 { #Backend Real Server Configuration for VPN01 weight 10 #Set the weight value of the server node. The highest is preferred connection, if available. MISC_CHECK { #Real Server State Detection Settings section, in seconds misc_path "/root/check_vpn.py -p 443 -t 49.12.154.75" } } #=================== Realserver TCP 443 LB02 ==============# real_server 49.12.154.76 443 { #Backend Real Server Configuration for VPN02 weight 9 #Set the weight value of the server node. The highest is preferred connection, if available. MISC_CHECK { #Real Server State Detection Settings section, in seconds misc_path "/root/check_vpn.py -p 443 -t 49.12.154.76" } } #============ End Real Server =================# } #================ End Virtual Server TCP 443 #===Virtual Server TCP VPN 10443 virtual_server 49.12.154.74 10443 { #Virtual IP Service delay_loop 6 #Set interval to check actual server lvs_sched fo #Specify LVS Scheduling Algorithm (fo, switched at weight, the heighest wins) #f Dr Mode dont forget to set iptables nat to the virtual ip on the realservers eg. on 49.12.154.75 #iptables -t nat -A PREROUTING -d 192.168.35.127 -j REDIRECT #its virtual ip : 49.12.154.74 lvs_method DR #Specify LVS mode, mainly NAT, TUN, DR # persistence_timeout 50 #Session Hold Time protocol TCP #Forwarding protocol is TCP #Real-Server - here Specify nodes 1-n. Can have an other port, when whished #================= Reaslserver TCP 10443 VPN02 real_server 49.12.154.75 10443 { #Backend Real Server Configuration for VPN01 weight 10 #Set the weight value of the server node. The highest is preferred connection, if available. TCP_CHECK { #Real Server State Detection Settings section, in seconds connect_timeout 3 #Connection timeout nb_get_retry 3 #retry count delay_before_retry 3 #retry interval connect_port 10443 #Connection Port } } #=================== Realserver TCP 10443 LB02 ==============# real_server 49.12.154.76 10443 { #Backend Real Server Configuration for VPN02 weight 9 #Set the weight value of the server node. The highest is preferred connection, if available. TCP_CHECK { #Real Server State Detection Settings section, in seconds connect_timeout 3 #Connection timeout nb_get_retry 3 #retry count delay_before_retry 3 #retry interval connect_port 10443 #Connection Port } } #============ End Real Server =================# } #================ End Virtual Server TCP 10443 #========== End Virtual Server - Definition which floating ip and Ports ==================# #========== End config file =================#