search

acassen / keepalived

Keepalived
https://www.keepalived.org
GNU General Public License v2.0
4k stars 738 forks source link

notify scripts in group with one instance (again) #1912

Closed ospalax closed 3 years ago

ospalax commented 3 years ago

Describe the bug Notify scripts (defined in group) are not executed if there is only one instance in the group. This worked fine in 2.0.19 version.

Basically the issue was already encountered here: https://github.com/acassen/keepalived/issues/594

And it was (IMHO) reintroduced in this commit: https://github.com/acassen/keepalived/commit/21cb73d00d61f296b31ec1a58e17bba4c66f4d71

To Reproduce Any steps necessary to reproduce the behaviour:

Just use config similar to this and start keepalived (2.2.0 for example) - notify script will not be run:

global_defs {
  script_user root
  enable_script_security
}

vrrp_sync_group vrouter {
  group {
    ETH0
  }

  notify /etc/keepalived/ha-failover.sh root
}

vrrp_instance ETH0 {
  state BACKUP
  interface eth0
  virtual_router_id 1
  priority 100
  advert_int 1
  virtual_ipaddress {
     192.168.150.101/24
  }

}

This will be written in the console/log:

localhost:~# /usr/sbin/keepalived --dont-fork --use-file=/etc/keepalived/keepalived.conf -l
Thu Jun  3 16:38:41 2021: Starting Keepalived v2.2.0 (01/10,2021), git commit v3.13.0_rc3-143-ge8dac67b72+
Thu Jun  3 16:38:41 2021: Running on Linux 5.10.38-0-virt #1-Alpine SMP Fri, 21 May 2021 11:41:13 UTC (built for Linux 5.7.8)
Thu Jun  3 16:38:41 2021: Command line: '/usr/sbin/keepalived' '--dont-fork' '--use-file=/etc/keepalived/keepalived.conf' '-l'
Thu Jun  3 16:38:41 2021: Configuration file /etc/keepalived/keepalived.conf
Thu Jun  3 16:38:41 2021: NOTICE: setting config option max_auto_priority should result in better keepalived performance
Thu Jun  3 16:38:41 2021: Starting VRRP child process, pid=4079
Thu Jun  3 16:38:41 2021: Sync group vrouter has only 1 virtual router(s) - this probably isn't what you want - removing
Thu Jun  3 16:38:41 2021: (ETH0) Entering BACKUP STATE (init)
Thu Jun  3 16:38:44 2021: (ETH0) Entering MASTER STATE

Expected behavior PLEASE, accept once and for all a group with just one interface and don't flip-flop between the behavior... It has its uses... In my scenario it is a dynamic configuration and ad hoc adding and removing interfaces...

Keepalived version

Keepalived v2.2.0 (01/10,2021), git commit v3.13.0_rc3-143-ge8dac67b72+

Copyright(C) 2001-2021 Alexandre Cassen, <acassen@gmail.com>

Built with kernel headers for Linux 5.7.8
Running on Linux 5.10.38-0-virt #1-Alpine SMP Fri, 21 May 2021 11:41:13 UTC
Distro: Alpine Linux v3.13

configure options: --build=x86_64-alpine-linux-musl --host=x86_64-alpine-linux-musl --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man --localstatedir=/var --enable-vrrp --enable-sha1 build_alias=x86_64-alpine-linux-musl host_alias=x86_64-alpine-linux-musl CC=gcc CFLAGS=-Os -fomit-frame-pointer LDFLAGS=-Wl,--as-needed CPPFLAGS=-Os -fomit-frame-pointer

Config options:  LVS VRRP VRRP_AUTH OLD_CHKSUM_COMPAT FIB_ROUTING

System options:  PIPE2 SIGNALFD INOTIFY_INIT1 VSYSLOG EPOLL_CREATE1 MEMFD_CREATE IPV4_DEVCONF IPV6_ADVANCED_API LIBNL3 RTA_ENCAP RTA_EXPIRES RTA_NEWDST RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_SUPPRESS_IFGROUP FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTEXT_FILTER_SKIP_STATS FRA_L3MDEV FRA_UID_RANGE RTAX_FASTOPEN_NO_COOKIE RTA_VIA FRA_OIFNAME FRA_PROTOCOL FRA_IP_PROTO FRA_SPORT_RANGE FRA_DPORT_RANGE RTA_TTL_PROPAGATE IFA_FLAGS IP_MULTICAST_ALL LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA NET_LINUX_IF_H_COLLISION NETINET_LINUX_IF_ETHER_H_COLLISION LIBIPTC_LINUX_NET_IF_H_COLLISION LIBIPVS_NETLINK IPVS_DEST_ATTR_ADDR_FAMILY IPVS_SYNCD_ATTRIBUTES IPVS_64BIT_STATS IPVS_TUN_TYPE IPVS_TUN_CSUM IPVS_TUN_GRE VRRP_VMAC VRRP_IPVLAN IFLA_LINK_NETNSID CN_PROC SOCK_NONBLOCK SOCK_CLOEXEC O_PATH INET6_ADDR_GEN_MODE VRF SO_MARK SCHED_RESET_ON_FORK

Distro (please complete the following information):

Details of any containerisation or hosted service (e.g. AWS) Running as QEMU/KVM VM in OpenNebula.

Configuration file:

global_defs {
  script_user root
  enable_script_security
}

vrrp_sync_group vrouter {
  group {
    ETH0
  }

  notify /etc/keepalived/ha-failover.sh root

}

vrrp_instance ETH0 {
  state BACKUP
  interface eth0
  virtual_router_id 1
  priority 100
  advert_int 1
  virtual_ipaddress {

  }

}

Notify and track scripts

#!/bin/sh

echo Running... >> /tmp/keepalived.log

System Log entries

Thu Jun  3 16:47:31 2021: Starting Keepalived v2.2.0 (01/10,2021), git commit v3.13.0_rc3-143-ge8dac67b72+
Thu Jun  3 16:47:31 2021: Running on Linux 5.10.38-0-virt #1-Alpine SMP Fri, 21 May 2021 11:41:13 UTC (built for Linux 5.7.8)
Thu Jun  3 16:47:31 2021: Command line: '/usr/sbin/keepalived' '--dont-fork' '--use-file=/etc/keepalived/keepalived.conf' '-l'
Thu Jun  3 16:47:31 2021:               '-D'
Thu Jun  3 16:47:31 2021: Opening file '/etc/keepalived/keepalived.conf'.
Thu Jun  3 16:47:31 2021: Configuration file /etc/keepalived/keepalived.conf
Thu Jun  3 16:47:31 2021: NOTICE: setting config option max_auto_priority should result in better keepalived performance
Thu Jun  3 16:47:31 2021: Starting VRRP child process, pid=5155
Thu Jun  3 16:47:31 2021: Registering Kernel netlink reflector
Thu Jun  3 16:47:31 2021: Registering Kernel netlink command channel
Thu Jun  3 16:47:31 2021: Sync group vrouter has only 1 virtual router(s) - this probably isn't what you want - removing
Thu Jun  3 16:47:31 2021: Assigned address 192.168.150.100 for interface eth0
Thu Jun  3 16:47:31 2021: Assigned address fe80::c0ff:fea8:9664 for interface eth0
Thu Jun  3 16:47:31 2021: Registering gratuitous ARP shared channel
Thu Jun  3 16:47:31 2021: (ETH0) removing VIPs.
Thu Jun  3 16:47:31 2021: (ETH0) Entering BACKUP STATE (init)
Thu Jun  3 16:47:31 2021: VRRP sockpool: [ifindex(  2), family(IPv4), proto(112), fd(12,13)]
Thu Jun  3 16:47:35 2021: (ETH0) Receive advertisement timeout
Thu Jun  3 16:47:35 2021: (ETH0) Entering MASTER STATE
Thu Jun  3 16:47:35 2021: (ETH0) setting VIPs.
Thu Jun  3 16:47:35 2021: (ETH0) Sending/queueing gratuitous ARPs on eth0 for 192.168.150.101
Thu Jun  3 16:47:35 2021: Sending gratuitous ARP on eth0 for 192.168.150.101
Thu Jun  3 16:47:35 2021: Sending gratuitous ARP on eth0 for 192.168.150.101
Thu Jun  3 16:47:35 2021: Sending gratuitous ARP on eth0 for 192.168.150.101
Thu Jun  3 16:47:35 2021: Sending gratuitous ARP on eth0 for 192.168.150.101
Thu Jun  3 16:47:35 2021: Sending gratuitous ARP on eth0 for 192.168.150.101

Additional context The requested behavior worked in Alpine 3.11 and keepalived 2.0.19 - it was broken with upgrade to Alpine 3.13 and keepalived version of 2.2.0.

ospalax commented 3 years ago

Also:

localhost:~# keepalived -t
Sync group vrouter has only 1 virtual router(s) - this probably isn't what you want
localhost:~# echo $?
4

No, it is what I want...

skydevil56 commented 3 years ago

Please return everything as it was in earlier versions of the product. We really need this in our use cases.

pqarmitage commented 3 years ago

@skydevil56 You request Please return everything as it was in earlier versions of the product. Can you be clear about how you want keepalived to work - there have been earlier versions where a sync group was allowed to have only one VRRP instance, and also versions where a sync group was NOT allowed to have only one VRRP instance.

pqarmitage commented 3 years ago

Commit ca175a5 now allows sync groups with only one VRRP instance again.

It was indeed commit 21cb73d that stopped sync groups with only one VRRP instance, although it looks as though that wasn't an intended change of the commit.

ospalax commented 3 years ago

@pqarmitage Thank you! I already did workaround this issue in my setup but it definitively uglyfied my scripts... Once the change gets into Alpine I will happily drop the workaround. Thanks again for the prompt solution!

skydevil56 commented 3 years ago

@skydevil56 You request Please return everything as it was in earlier versions of the product. Can you be clear about how you want keepalived to work - there have been earlier versions where a sync group was allowed to have only one VRRP instance, and also versions where a sync group was NOT allowed to have only one VRRP instance.

We need to be allowed to have one VRRP instance in sync groups.

skydevil56 commented 3 years ago

Commit ca175a5 now allows sync groups with only one VRRP instance again.

It was indeed commit 21cb73d that stopped sync groups with only one VRRP instance, although it looks as though that wasn't an intended change of the commit.

Thanks a lot for your job!

ospalax commented 3 years ago

@pqarmitage I checked out the commit https://github.com/acassen/keepalived/commit/ca175a582e877e669f3527a2549e1f5fc586dc78 and I have rebuild the keepalived in Alpine and I verified that the commit fixes the issue - I am closing this - feel free to reopen for whatever reason. Thanks!