Is it not possible to use keepalived in EC2
Solution 1
No. This is what Elastic Load Balancer is for, anyway.
Solution 2
Update 2021. You can use it. But you probably shouldn't. There is very little justification to do so now. The Elastic Load Balancer should do most of what most people would need.
The accepted answer is no longer true.
In general you should use the ELB. However you may find a rare need that the ELB can't fulfil and you'd prefer to use keepalived even though it goes against best practice.
Keepalived & VRRP works within an Amazon VPC. It does not work with ec2-classic.
With keepalived you use the notify or notify_master commands in keepalived.conf.
The notify script then calls the aws cli with disassociate-address and associate-address options to unbind and then bind the address, rather than through the VIP mechanism of keepalived itself. It works OK.
Here is an example notify script:
#!/bin/bash
TYPE=$1
NAME=$2
STATE=$3
function die
{
echo "${1-Died} at ${BASH_SOURCE[1]}:${FUNCNAME[1]} line ${BASH_LINENO[0]}."
exit 1
}
function master
{
# Check if an elastic IP is defined
test -n "$EC2_EIP" || die 'elastic ip not defined'
# Attempt to read the instance-id
EC2_INSTANCE_ID="`wget -q -O - http://instance-data/latest/meta-data/instance-id || die \"wget instance-id has failed: $?\"`"
test -n "$EC2_INSTANCE_ID" || die 'cannot obtain instance-id'
if [ -z $EC2_REGION ]; then
# Get the region if not set
EC2_AVAIL_ZONE=`wget -q -O - http://instance-data/latest/meta-data/placement/availability-zone`
EC2_REGION="`echo \"$EC2_AVAIL_ZONE\" | sed -e 's:\([0-9][0-9]*\)[a-z]*\$:\\1:'`"
fi
# Call into ec2. Make sure ec2 output
echo "aws ec2 disassociate-address --public-ip $EC2_EIP --region=$EC2_REGION"
/usr/bin/aws ec2 disassociate-address --public-ip $EC2_EIP --region=$EC2_REGION
if [ $? -eq 0 ]; then
echo "disassocate-address: success"
fi;
echo "aws ec2 associate-address --public-ip $EC2_EIP --instance-id $EC2_INSTANCE_ID --region=$EC2_REGION"
/usr/bin/aws ec2 associate-address --public-ip $EC2_EIP --instance-id $EC2_INSTANCE_ID --region=$EC2_REGION
if [ $? -eq 0 ]; then
echo "associate-address: success"
fi;
}
case $STATE in
"MASTER") master
exit 0
;;
"BACKUP") exit 0
;;
"FAULT") exit 0
;;
*) echo "unknown state"
exit 1
;;
esac
For more detailed information and working examples visit the following links:
- keepalived and haproxy in aws an exploratory guide
- IP Multicast on ec2 -- who said vrrp doesn't work on AWS? --
Related videos on Youtube
03 : 34
![[Fixed] Cant Connect to EC2 instance /ssh](https://i.ytimg.com/vi/6h13JGeiE2Y/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLCzofi8Xv7ZuPFzRbiu0TammD6RtA)
05 : 21
02 : 25
09 : 08
04 : 01
Howard
Updated on September 18, 2022Comments
-
Howard almost 2 years
The problem is two of my EC2 instances (ha proxy) need to bind a single virtual IP if I want to use
keepalived, but they are not possible in EC2 as only a single instance can use a elastic IP at a given time, so it is not possible, right? -
ceejayoz over 8 yearsIt's probably possible to hook it up on EC2, but the accepted answer is still correct that it's usually better to let the ELB handle this.
-
hookenz over 8 yearsThere are some instances where the ELB is not the preferred choice. It is in most cases, but not in every situation.
-
hookenz over 8 yearsFor example, ELB doesn't support the SPDY protocol. The point of my answer here is to show that it is now possible to use keepalived. Not that you should use it.
-
ceejayoz over 8 yearsFair enough, have an upvote. :)
-
jtslugmaster08 over 3 yearsIt's useful for Layer 3 routing, which the ELB doesn't support.
