search

acassen / keepalived

Keepalived
https://www.keepalived.org
GNU General Public License v2.0
4.02k stars 735 forks source link

Docker and Netlink: filter function error #801

Closed ivomarino closed 6 years ago

ivomarino commented 6 years ago

hi all, running Docker 17.05.0~ce-0~ubuntu-trusty here along with keepalived 1:1.2.7-1ubuntu1, on /var/log/syslog I always get this issues:

Mar  9 11:02:56 compute-02 Keepalived_healthcheckers[10714]: Netlink: filter function error
Mar  9 11:02:56 compute-02 kernel: [ 3256.864468] IPVS: Creating netns size=2192 id=2270
Mar  9 11:02:56 compute-02 Keepalived_vrrp[10716]: Netlink: filter function error
Mar  9 11:02:56 compute-02 Keepalived_healthcheckers[10714]: Netlink: filter function error
Mar  9 11:02:56 compute-02 kernel: [ 3257.116227] br-f0052b4de44f: port 559(vethe6e6214) entered forwarding state
Mar  9 11:02:56 compute-02 Keepalived_vrrp[10716]: Netlink: filter function error
Mar  9 11:02:56 compute-02 Keepalived_healthcheckers[10714]: Netlink: filter function

seems some kind of conflict between Docker and keepalived, I got tons of those entries. Current keepalived config is set to:

global_defs {
  lvs_id compute-02
}

# Define the script used to check if haproxy is still working
vrrp_script chk_haproxy {
    script "killall -0 haproxy"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 1
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass foo
    }
    virtual_ipaddress {
        172.16.16.101 dev eth0
    }

    track_interface {
    eth0
    }

    # Use the script above to check if we should fail over
    track_script {
        chk_haproxy
    }

    notify /etc/keepalived/notify.sh
}

thanks for any suggestion on this.

pqarmitage commented 6 years ago

I've never seen this particular error before, but on the other hand there have been lots of problems running keepalived in a container.

What the error message means is that keepalived has detected unexpected contents in a netlink message returned by the kernel, more specifically that either the message is too short, or that a needed field is missing (see keepalived/core/keepalived_netlink.c).

Can you try running keepalived not in a container and see if you still get the problem. If you get the same problem when keepalived is not running in a container then that is something we could investigate; if you don't get the same problem then the issue you are experiencing would be something to do with the container.

ivomarino commented 6 years ago

hi @pqarmitage, I'm running keepalived side by side to docker on the same VM, not in a container. Anyway I've also updated keepalived to the latest trusty PPA and the issues seem different.

pqarmitage commented 6 years ago

My understanding was that Docker was for containerisation, so I'm now unclear about the environment you are running in.

Could you please provide the output of keepalived -v, a copy of the logs which show the problem you are now experiencing, and a description of the environment you are running in.

ivomarino commented 6 years ago

@pqarmitage upgrading to the latest PPA release for trusty seemed to solve the issue.