Comment 4 for bug 1793102

Hua Zhang (zhhuabj) wrote :

I have tried the following 4 methods, but they did not help.

1, chmod +x /var/lib/neutron/ha_confs/909c6b55-9bc6-476f-9d28-c32d031c41d7/ha_check_script_1.sh

root@juju-23f84c-queens-dvr-5:~# ll /var/lib/neutron/ha_confs/909c6b55-9bc6-476f-9d28-c32d031c41d7/ha_check_script_1.sh
-r-x-w---- 1 neutron neutron 109 Sep 18 03:45 /var/lib/neutron/ha_confs/909c6b55-9bc6-476f-9d28-c32d031c41d7/ha_check_script_1.sh*
root@juju-23f84c-queens-dvr-5:~# chmod +x /var/lib/neutron/ha_confs/909c6b55-9bc6-476f-9d28-c32d031c41d7/ha_check_script_1.sh
root@juju-23f84c-queens-dvr-5:~# ll /var/lib/neutron/ha_confs/909c6b55-9bc6-476f-9d28-c32d031c41d7/ha_check_script_1.sh
-r-x-wx--x 1 neutron neutron 109 Sep 18 03:45 /var/lib/neutron/ha_confs/909c6b55-9bc6-476f-9d28-c32d031c41d7/ha_check_script_1.sh*

2, sudo -u neutron /var/lib/neutron/ha_confs/909c6b55-9bc6-476f-9d28-c32d031c41d7/ha_check_script_1.sh || echo 'error'

root@juju-23f84c-queens-dvr-5:~# cat /var/lib/neutron/ha_confs/909c6b55-9bc6-476f-9d28-c32d031c41d7/ha_check_script_1.sh
#!/bin/bash -eu
ip a | grep fe80::f816:3eff:fe78:bd5c || exit 0
ping -c 1 -w 1 10.5.0.1 1>/dev/null || exit 1

root@juju-23f84c-queens-dvr-5:~# /var/lib/neutron/ha_confs/909c6b55-9bc6-476f-9d28-c32d031c41d7/ha_check_script_1.sh || echo 'error'
root@juju-23f84c-queens-dvr-5:~# sudo -u neutron /var/lib/neutron/ha_confs/909c6b55-9bc6-476f-9d28-c32d031c41d7/ha_check_script_1.sh || echo 'error'

3, added the line 'user neutron' into the section vrrp_script of the file /var/lib/neutron/ha_confs/909c6b55-9bc6-476f-9d28-c32d031c41d7/keepalived.conf

vrrp_script ha_health_check_1 {
    script "/var/lib/neutron/ha_confs/909c6b55-9bc6-476f-9d28-c32d031c41d7/ha_check_script_1.sh"
    interval 10
    fall 2
    rise 2
    user neutron
}

4, added the line 'enable_script_security' into the section global_defs of the file /var/lib/neutron/ha_confs/909c6b55-9bc6-476f-9d28-c32d031c41d7/keepalived.conf, it can stop VRRP transitions but seems the VRRP script was stoped as well.

global_defs {
    notification_email_from <email address hidden>
    router_id neutron
    enable_script_security
}