tripleo

keepalived configuration generates invalid haproxy vrrp script

Bug #1825366 reported by Damien Ciabrini on 2019-04-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	High	Alex Schultz	tripleo train-1

Bug Description

When deploying a Stein undercloud, the containerized keepalived logs an error during startup:

2019-04-16T11:55:57.368030988+00:00 stderr F Tue Apr 16 11:55:57 2019: ------< VRRP Scripts >------
2019-04-16T11:55:57.368030988+00:00 stderr F Tue Apr 16 11:55:57 2019: VRRP Script = haproxy
2019-04-16T11:55:57.368030988+00:00 stderr F Tue Apr 16 11:55:57 2019: Command = '/usr/bin/test' '-S' '/var/lib/haproxy/stats' '&&' 'echo' 'show'
[...]
2019-04-16T11:55:57.371142270+00:00 stderr F Tue Apr 16 11:55:57 2019: Script `haproxy` now returning 2
2019-04-16T11:55:57.371142270+00:00 stderr F Tue Apr 16 11:55:57 2019: VRRP_Script(haproxy) failed (exited with status 2)

This is because the keepalived config uses the following script to monitor the VIPs:

vrrp_script haproxy {
  script "test -S /var/lib/haproxy/stats && echo "show info" | socat /var/lib/haproxy/stats stdio"
  interval 2
  weight 2
}

The script has a quoting issue and assumes that keepalived will wrap it into a /bin/sh call, which is not the case from startup logs.

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-18: Fix proposed to puppet-tripleo (master)

Fix proposed to branch: master
Review: https://review.openstack.org/653739

Bogdan Dobrelya (bogdando) on 2019-04-18

Changed in tripleo:
importance:	Undecided → High
tags:	added: rocky-backport-potential stein-backport-potential

OpenStack Infra (hudson-openstack) on 2019-04-18

Changed in tripleo:
assignee:	Damien Ciabrini (dciabrin) → Alex Schultz (alex-schultz)

Alex Schultz (alex-schultz) on 2019-04-23

Changed in tripleo:
milestone:	stein-rc1 → train-1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-23: Fix merged to puppet-tripleo (master)

Reviewed: https://review.opendev.org/653739
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=f5d6110a79ca11f00728429660428ab99f5292d1
Submitter: Zuul
Branch: master

commit f5d6110a79ca11f00728429660428ab99f5292d1
Author: Damien Ciabrini <email address hidden>
Date: Thu Apr 18 15:29:33 2019 +0200

Fix keepalived VIP monitoring script

    Currently keepalived monitors VIPs by running some shell commands
    that target HAProxy. The generated shell command is invalid, which
    makes keepalived log errors.

    Tue Apr 16 11:55:57 2019: Command = '/usr/bin/test' '-S' '/var/lib/haproxy/stats' '&&' 'echo' 'show'
    Tue Apr 16 11:55:57 2019: Script `haproxy` now returning 2
    Tue Apr 16 11:55:57 2019: VRRP_Script(haproxy) failed (exited with status 2)

Fix quoting and invoke /bin/sh explicitely to fix the error:

Thu Apr 18 13:16:35 2019: Command = '/usr/bin/sh' '-c' 'test -S /var/lib/haproxy/stats && echo show info | socat /var/lib/haproxy/stats stdio'
Thu Apr 18 13:16:35 2019: VRRP_Script(haproxy) succeeded

Change-Id: I5a757f88963270e77c8ec411cd292a30f89c6bc0
Closes-Bug: #1825366

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-24: Fix proposed to puppet-tripleo (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/655421

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-24: Fix proposed to puppet-tripleo (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/655422

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-25: Fix merged to puppet-tripleo (stable/stein)

Reviewed: https://review.opendev.org/655421
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=24fa66cfd828e986fda897133c58078bcb97b1ce
Submitter: Zuul
Branch: stable/stein

commit 24fa66cfd828e986fda897133c58078bcb97b1ce
Author: Damien Ciabrini <email address hidden>
Date: Thu Apr 18 15:29:33 2019 +0200

Fix keepalived VIP monitoring script

    Currently keepalived monitors VIPs by running some shell commands
    that target HAProxy. The generated shell command is invalid, which
    makes keepalived log errors.

Fix quoting and invoke /bin/sh explicitely to fix the error:

Thu Apr 18 13:16:35 2019: Command = '/usr/bin/sh' '-c' 'test -S /var/lib/haproxy/stats && echo show info | socat /var/lib/haproxy/stats stdio'
Thu Apr 18 13:16:35 2019: VRRP_Script(haproxy) succeeded

    Change-Id: I5a757f88963270e77c8ec411cd292a30f89c6bc0
    Closes-Bug: #1825366
    (cherry picked from commit f5d6110a79ca11f00728429660428ab99f5292d1)

tags:

added: in-stable-stein

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-25: Fix merged to puppet-tripleo (stable/rocky)

Reviewed: https://review.opendev.org/655422
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=638ba0b92d881623483d2bc968c474bca1f2fc49
Submitter: Zuul
Branch: stable/rocky

commit 638ba0b92d881623483d2bc968c474bca1f2fc49
Author: Damien Ciabrini <email address hidden>
Date: Thu Apr 18 15:29:33 2019 +0200

Fix keepalived VIP monitoring script

    Currently keepalived monitors VIPs by running some shell commands
    that target HAProxy. The generated shell command is invalid, which
    makes keepalived log errors.

Fix quoting and invoke /bin/sh explicitely to fix the error:

Thu Apr 18 13:16:35 2019: Command = '/usr/bin/sh' '-c' 'test -S /var/lib/haproxy/stats && echo show info | socat /var/lib/haproxy/stats stdio'
Thu Apr 18 13:16:35 2019: VRRP_Script(haproxy) succeeded

    Change-Id: I5a757f88963270e77c8ec411cd292a30f89c6bc0
    Closes-Bug: #1825366
    (cherry picked from commit f5d6110a79ca11f00728429660428ab99f5292d1)