Bug #1820245 “Netplan and Keepalived not work” : Bugs : Netplan

Revision history for this message

Evgeniy Yablokov (eyablokov) wrote on 2019-03-20:

#1

Can you provide configs, please? Cause I've it working.

Revision history for this message

Mathieu Trudel-Lapierre (cyphermox) wrote on 2019-03-20:

#2

Evgeniy Yablokov:

Could you also please send me configs (after sanitizing them for IPs you don't want to share, etc.)? I'd be quite curious to see how you did your setup, how it works, etc.

There are some known issues, especially in running 'netplan apply' which might cause netwrokd to blast away the addresses.

Changed in netplan:
status:	New → Incomplete
Changed in netplan.io (Ubuntu):
status:	New → Incomplete

Revision history for this message

Ronan Lanore (ronan-lanore) wrote on 2019-03-20:

#3

Download full text (4.7 KiB)

here config of keepalive

```
# Global Configuration
global_defs {
  notification_email {
    <email address hidden>
  }
  notification_email_from <email address hidden>
  smtp_server smtp_server smtp.foo.bar
  smtp_connect_timeout 30
  router_id fqdn_of_host
}

# describe virtual service ip
vrrp_instance front-loadbalancer {
  state MASTER
  interface ens192
  virtual_router_id 164
  priority 100
  authentication {
    auth_type PASS
    auth_pass XXXXXXX
  }
  virtual_ipaddress {
    aa.bb.cc.dd
  }
  # Invoked to master transition
  notify_master "/etc/keepalived/bypass_ipvs.sh del aa.bb.cc.dd"
  # Invoked to slave transition
  notify_backup "/etc/keepalived/bypass_ipvs.sh add aa.bb.cc.dd"
  # Invoked to fault transition
  notify_fault "/etc/keepalived/bypass_ipvs.sh add aa.bb.cc.dd"
  # Invoked to stop transition
  notify_stop "/etc/keepalived/bypass_ipvs.sh add aa.bb.cc.dd"
}

# describe virtual mail server
virtual_server aa.bb.cc.dd 10514 {
  delay_loop 5
  lb_algo rr
  lb_kind DR
  protocol TCP

  real_server dd.cc.bb.aa1 10514 {
    MISC_CHECK {
      misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa1:9601"
      misc_timeout 10
    }

  }
  real_server dd.cc.bb.aa2 10514 {
    MISC_CHECK {
      misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa2:9601"
      misc_timeout 10
    }

}
}

virtual_server aa.bb.cc.dd 10514 {
  delay_loop 5
  lb_algo rr
  lb_kind DR
  #persistence_timeout 50
  ops
  protocol UDP

  real_server dd.cc.bb.aa1 10514 {
    MISC_CHECK {
      misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa1:9601"
      misc_timeout 10
    }
  }
  real_server dd.cc.bb.aa2 10514 {
    MISC_CHECK {
      misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa2:9601"
      misc_timeout 10
    }
  }
}

```

and bypass script
```
#! /bin/bash
#set -x
#
# Gael Charriere <email address hidden>
# 10.11.2008
#
# Invoked by keepalived from master/slave
# to slave/master transition to add or remove
# a PREROUTING rule
#
# Essential for slave to redirect incoming
# service packet to localhost. Otherwise a
# loop can appear between master and slave.
#
# The routing table is consulted when a packet
# that creates a new connection is encountered.
# PREROUTING rule alters packets as soon as they come in.
# REDIRECT statement redirects the packet to the machine
# itself by changing the destination IP to the primary
# address of the incoming interface (locally-generated
# packets are mapped to the 127.0.0.1 address).

# Check number of command line args
EXPECTED_ARGS=2
if [ $# -ne $EXPECTED_ARGS ]; then
echo "Usage: $0 {add|del} ipaddress"
exit 1
fi

# Check if second arg is a valid ip address
VIP=$2
OLD_IFS=$IFS
IFS="."
VIP=( $VIP )
IFS=$OLD_IFS
# Check that ip has 4 parts
if [ ${#VIP[@]} -ne 4 ]; then
  echo "IP address must have 4 parts"
  echo "Usage: $0 {add|del} ipaddress"
  exit 1
fi

# Check that each parts is a number which
# varies between 0 and 255
for oct in ${VIP[@]} ; do
  echo $oct | egrep "^[0-9]+$" >/dev/null 2>&1
  if [ $? -ne 0 ]; then
    echo "$oct: Not numeric"
    echo "Usage: $0 {add|del} ipaddress"
    exit 1
  else
    if [ $oct -lt 0 -o $oct -gt 255 ]; then
      echo "$oct: Out of range"
      echo "Usage: $0 {add|del} ipaddr...

here config of keepalive

```
# Global Configuration
global_defs {
  notification_email {
    mail@foo.bar
  }
  notification_email_from keepalived@foo.bar
  smtp_server smtp_server smtp.foo.bar
  smtp_connect_timeout 30
  router_id fqdn_of_host
}

# describe virtual service ip
vrrp_instance front-loadbalancer {
  state MASTER
  interface ens192
  virtual_router_id 164
  priority 100
  authentication {
    auth_type PASS
    auth_pass XXXXXXX
  }
  virtual_ipaddress {
    aa.bb.cc.dd
  }
  # Invoked to master transition
  notify_master "/etc/keepalived/bypass_ipvs.sh del aa.bb.cc.dd"
  # Invoked to slave transition
  notify_backup "/etc/keepalived/bypass_ipvs.sh add aa.bb.cc.dd"
  # Invoked to fault transition
  notify_fault "/etc/keepalived/bypass_ipvs.sh add aa.bb.cc.dd"
  # Invoked to stop transition
  notify_stop "/etc/keepalived/bypass_ipvs.sh add aa.bb.cc.dd"
}

# describe virtual mail server
virtual_server aa.bb.cc.dd 10514 {
  delay_loop 5
  lb_algo rr
  lb_kind DR
  protocol TCP

real_server dd.cc.bb.aa1 10514 {
    MISC_CHECK {
      misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa1:9601"
      misc_timeout 10
    }

}
  real_server dd.cc.bb.aa2 10514 {
    MISC_CHECK {
      misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa2:9601"
      misc_timeout 10
    }

}
}

virtual_server aa.bb.cc.dd 10514 {
  delay_loop 5
  lb_algo rr
  lb_kind DR
  #persistence_timeout 50
  ops
  protocol UDP

real_server dd.cc.bb.aa1 10514 {
    MISC_CHECK {
      misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa1:9601"
      misc_timeout 10
    }
  }
  real_server dd.cc.bb.aa2 10514 {
    MISC_CHECK {
      misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa2:9601"
      misc_timeout 10
    }
  }
}

```

and bypass script
```
#! /bin/bash
#set -x
# 
# Gael Charriere <gael.charriere@gmail.com>
# 10.11.2008
#
# Invoked by keepalived from master/slave
# to slave/master transition to add or remove
# a PREROUTING rule
#
# Essential for slave to redirect incoming 
# service packet to localhost. Otherwise a
# loop can appear between master and slave.
# 
# The routing table is consulted when a packet
# that creates a new connection is encountered.
# PREROUTING rule alters packets as soon as they come in.
# REDIRECT statement redirects the packet to the machine
# itself by changing the destination IP to the primary
# address of the incoming interface (locally-generated
# packets are mapped to the 127.0.0.1 address).

# Check number of command line args
EXPECTED_ARGS=2
if [ $# -ne $EXPECTED_ARGS ]; then
  echo "Usage: $0 {add|del} ipaddress"
  exit 1
fi

# Check if second arg is a valid ip address
VIP=$2
OLD_IFS=$IFS
IFS="."
VIP=( $VIP )
IFS=$OLD_IFS
# Check that ip has 4 parts
if [ ${#VIP[@]} -ne 4 ]; then
  echo "IP address must have 4 parts"
  echo "Usage: $0 {add|del} ipaddress"
  exit 1
fi

# Check that each parts is a number which
# varies between 0 and 255
for oct in ${VIP[@]} ; do
  echo $oct | egrep "^[0-9]+$" >/dev/null 2>&1
  if [ $? -ne 0 ]; then
    echo "$oct: Not numeric"
    echo "Usage: $0 {add|del} ipaddress"
    exit 1
  else
    if [ $oct -lt 0 -o $oct -gt 255 ]; then
      echo "$oct: Out of range"
      echo "Usage: $0 {add|del} ipaddress"
      exit 1
    fi
  fi
done

# If we are here, ip address is validated
VIP="${VIP[0]}.${VIP[1]}.${VIP[2]}.${VIP[3]}"

# Add or remove the prerouting rule
case "$1" in
  add)
    # check if the rule was already specified
    n=$(iptables -n -t nat -L| grep $VIP | wc -l)
    t=$(iptables -n -t nat -L| grep 'dpt:514' | wc -l)
    if [[ $t > 0 ]]; then
      #iptables -D PREROUTING -t nat -p tcp --dport 514 -j DNAT --to-destination $VIP:10514
      iptables -D PREROUTING -t nat -p tcp --dport 514 -j REDIRECT --to-port 10514
      iptables -D PREROUTING -t nat -p udp --dport 514 -j REDIRECT --to-port 10514
    fi
    if [[ $n == 0 ]]; then
      # the rule was not found, add it
      iptables -A PREROUTING -t nat -d $VIP -p tcp -j REDIRECT
      iptables -A PREROUTING -t nat -d $VIP -p udp -j REDIRECT
    fi
    ;;
  del)
    # check if the rule was already specified
    n=$(iptables -n -t nat -L| grep $VIP | wc -l)
    t=$(iptables -n -t nat -L| grep 'dpt:514' | wc -l)
    if [[ $t == 0 ]]; then
      #iptables -A PREROUTING -t nat -p tcp --dport 514 -j DNAT --to-destination $VIP:10514
      iptables -A PREROUTING -t nat -p tcp --dport 514 -j REDIRECT --to-port 10514
      iptables -A PREROUTING -t nat -p udp --dport 514 -j REDIRECT --to-port 10514
    fi
    while [[ $n > 0 ]]; do
      # remove the rule
      iptables -D PREROUTING -t nat -d $VIP -p tcp -j REDIRECT
      iptables -D PREROUTING -t nat -d $VIP -p udp -j REDIRECT
      n=$(($n-1))
    done
    ;;
  *)
    echo "Usage: $0 {add|del} ipaddress"
    exit 1
esac
exit 0

```

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-05-20:

#4

[Expired for netplan.io (Ubuntu) because there has been no activity for 60 days.]

Changed in netplan.io (Ubuntu):
status:	Incomplete → Expired

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-05-20:

#5

[Expired for netplan because there has been no activity for 60 days.]

Changed in netplan:
status:	Incomplete → Expired

Affects		Status	Importance	Assigned to	Milestone
	Netplan	Expired	Undecided	Unassigned
	netplan.io (Ubuntu)	Expired	Undecided	Unassigned

Netplan

Netplan and Keepalived not work

Bug Description

Other bug subscribers

Remote bug watches