Answer the question
In order to leave comments, you need to log in
P
P
pavellll2015-12-04 16:00:22
pavellll, 2015-12-04 16:00:22
Why doesn't Keepalived vrrp_script set fault state?
Good afternoon. There is a cluster of two virtual (vmawre) machines with OS Centos 7.1.
Keepalived and haproxy are installed on both hosts, a common virtual address is configured. When you turn off one host from the network, everything works fine, the virtual address moves to the backup host, and returns when the master appears on the network.
Then I wrote a script, whether haproxy is running, and so when the process ends, the virtual address does not move.
[[email protected] keepalived]# tail /var/log/messages
Nov 30 10:35:24 cks-hatest1 Keepalived_vrrp[5891]: VRRP_Script(ha_check) failed
Nov 30 10:35:33 cks-hatest1 systemd: Started HAProxy load balancer.
Nov 30 10:35:45 cks-hatest1 systemd: Stopping HAProxy Load Balancer...
Nov 30 10:35:45 cks-hatest1 systemd: Stopped HAProxy Load Balancer.
Nov 30 10:35:46 cks-hatest1 Keepalived_vrrp[5891]: VRRP_Script(ha_check) succeeded
Judging by the logs, the script is working, but then nothing happens.
Here is the hosts configuration:
vrrp_script ha_check {
script "/etc/keepalived/haproxy_check"
interval 2
weight 21
}
vrrp_instance VI_1 {
state MASTER
interface eno16777984
virtual_router_id 151
priority 101
advert_int 1
authentication { auth_type
PASS auth_pass
11111
} virtual_ipaddress
{
10.0.10
}
haertp_al track
2nd node:
vrrp_script ha_check {
script "/etc/keepalived/haproxy_check"
interval 2
fall 2
rise 2
timeout 1
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777984
virtual_router_id 151
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 11111
} virtual_ipaddress
{
0.2p.10
} track_script { ha_check }
Script:
cat /etc/keepalived/haproxy_check
systemctl status haproxy | grep "inactive"
I tried to write killall -0 haproxy - no difference. The logs say successed/failed but nothing happens. The server backup logs are empty.
tcpdump shows nothing but multicasts.
Script work:
[[email protected] ~]# systemctl start haproxy
[[email protected] ~]# /etc/keepalived/haproxy_check
[[email protected] ~]# systemctl stop haproxy
[[email protected] ~]# /etc /keepalived/haproxy_check
Active: inactive (dead)
keepalived started c -D -d
Tell me where to dig?
Thanks in advance
[[+comments_count]] answer(s)
@pavellll
P
pavellll, 2015-12-18 @pavellll
The problem is in Selinux on the backup server.
audit.log:
type=AVC msg=audit(1450360594.423:2215): avc: denied { open } for pid=10927 comm="sh" path="/usr/bin/systemctl" dev="dm-0" ino=33559177 scontext=system_u :system_r:keepalived_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1450360594.423:2215): arch=c000003e syscall=2 success=no exit=-13 a0=9ee1f0 a1=0 a2 =43 a3=8 items=0 ppid=10926 pid=10927 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm ="sh" exe="/usr/bin/bash" subj=system_u:system_r:keepalived_t:s0 key=(null)
I tried to use audit2allow to fix it but it didn't work so far
Similar questions
R
F
J
N
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question