Is it not possible to use keepalived in EC2

amazon-web-services amazon-ec2 high-availability keepalived amazon-elastic-ip

Solution 1:

No. This is what Elastic Load Balancer is for, anyway.

Solution 2:

Update 2021. You can use it. But you probably shouldn't. There is very little justification to do so now. The Elastic Load Balancer should do most of what most people would need.

The accepted answer is no longer true.

In general you should use the ELB. However you may find a rare need that the ELB can't fulfil and you'd prefer to use keepalived even though it goes against best practice.

Keepalived & VRRP works within an Amazon VPC. It does not work with ec2-classic.

With keepalived you use the notify or notify_master commands in keepalived.conf.

The notify script then calls the aws cli with disassociate-address and associate-address options to unbind and then bind the address, rather than through the VIP mechanism of keepalived itself. It works OK.

Here is an example notify script:

#!/bin/bash

TYPE=$1
NAME=$2
STATE=$3
      
function die
{
    echo "${1-Died} at ${BASH_SOURCE[1]}:${FUNCNAME[1]} line ${BASH_LINENO[0]}."
    exit 1
}

function master
{
    # Check if an elastic IP is defined
    test -n "$EC2_EIP" || die 'elastic ip not defined'

    # Attempt to read the instance-id
    EC2_INSTANCE_ID="`wget -q -O - http://instance-data/latest/meta-data/instance-id || die \"wget instance-id has failed: $?\"`"
    test -n "$EC2_INSTANCE_ID" || die 'cannot obtain instance-id'

    if [ -z $EC2_REGION ]; then
        # Get the region if not set
        EC2_AVAIL_ZONE=`wget -q -O - http://instance-data/latest/meta-data/placement/availability-zone`
      EC2_REGION="`echo \"$EC2_AVAIL_ZONE\" | sed -e 's:\([0-9][0-9]*\)[a-z]*\$:\\1:'`"
    fi

    # Call into ec2. Make sure ec2 output
    echo "aws ec2 disassociate-address --public-ip $EC2_EIP --region=$EC2_REGION"
    /usr/bin/aws ec2 disassociate-address --public-ip $EC2_EIP --region=$EC2_REGION
    if [ $? -eq 0 ]; then
        echo "disassocate-address: success"
    fi;

    echo "aws ec2 associate-address --public-ip $EC2_EIP --instance-id $EC2_INSTANCE_ID --region=$EC2_REGION"
    /usr/bin/aws ec2 associate-address --public-ip $EC2_EIP --instance-id $EC2_INSTANCE_ID --region=$EC2_REGION
    if [ $? -eq 0 ]; then
        echo "associate-address: success"
    fi;
}

case $STATE in
        "MASTER") master
                  exit 0
                  ;;
        "BACKUP") exit 0
                  ;;
        "FAULT")  exit 0
                  ;;
        *)        echo "unknown state"
                  exit 1
                  ;;
esac

For more detailed information and working examples visit the following links:

  • keepalived and haproxy in aws an exploratory guide
  • IP Multicast on ec2 -- who said vrrp doesn't work on AWS? --

Related

How to use LiteSpeed server with Apache?
Azure Global Admin without Office 365
How to check if latest Windows Updates are installed via PowerShell?
How many data channel ports do I need for an FTPS server running behind NAT?
WebBrowsers don't obey ProxyFire rules
hMailServer IP got blocked, what should I do?
Access service on subdomain in Kubernetes
Connecting SCA-2 Ultra320 disk to some controller using some cable
How to setup IPv6 with docker-compose
execute C++ from String variable
XML Parse Error - Extra content at the end of the document
limiting memory usage in R under linux