"transition-script" doesn't work on "sync-group"
set high-availability vrrp sync-group SYN transition-script fault /config/scripts/*
set high-availability vrrp sync-group SYN transition-script backup /config/scripts/*
set high-availability vrrp sync-group SYN transition-script master /config/scripts/***
LOG VRRP when scripn on "sync-group"
Dec 02 09:33:42 systemd[1]: Started Keepalive Daemon (LVS and VRRP).
Dec 02 09:33:43 Keepalived[7328]: Starting Keepalived v2.1.5 (07/13,2020)
Dec 02 09:33:43 Keepalived[7328]: Running on Linux 5.4.162-amd64-vyos #1 SMP Fri Nov 26 20:35:17 UTC 2021 (built for Linux 4.19.160)
Dec 02 09:33:43 Keepalived[7328]: Command line: '/usr/sbin/keepalived' '--use-file' '/run/keepalived/keepalived.conf' '--pid'
Dec 02 09:33:43 Keepalived[7328]: '/run/keepalived/keepalived.pid' '--dont-fork' '--snmp'
Dec 02 09:33:43 Keepalived[7328]: Opening file '/run/keepalived/keepalived.conf'.
Dec 02 09:33:43 Keepalived[7328]: NOTICE: setting config option max_auto_priority should result in better keepalived performance
Dec 02 09:33:43 Keepalived[7328]: Starting VRRP child process, pid=7329
Dec 02 09:33:43 Keepalived_vrrp[7329]: Registering Kernel netlink reflector
Dec 02 09:33:43 Keepalived_vrrp[7329]: Registering Kernel netlink command channel
Dec 02 09:33:43 Keepalived_vrrp[7329]: Opening file '/run/keepalived/keepalived.conf'.
Dec 02 09:33:43 Keepalived_vrrp[7329]: Starting SNMP subagent
Dec 02 09:33:43 Keepalived_vrrp[7329]: Warning: Failed to connect to the agentx master agent ([NIL]):
Dec 02 09:33:43 Keepalived_vrrp[7329]: Unsafe permissions found for script '/config/scripts/vrrp-check.sh' - disabling.
Dec 02 09:33:43 Keepalived_vrrp[7329]: Disabling track script healthcheck_outside due to insecure
Dec 02 09:33:43 Keepalived_vrrp[7329]: Registering gratuitous ARP shared channel
Dec 02 09:33:43 Keepalived_vrrp[7329]: (inside) Entering BACKUP STATE (init)
Dec 02 09:33:43 Keepalived_vrrp[7329]: (outside) Entering BACKUP STATE (init)
Dec 02 09:33:43 Keepalived_vrrp[7329]: (inside) received lower priority (90) advert from 10.55.0.3 - discarding
Dec 02 09:33:43 Keepalived_vrrp[7329]: (outside) received lower priority (90) advert from 108.175.223.236 - discarding
Dec 02 09:33:43 keepalived-fifo.py[7330]: Starting FIFO pipe for Keepalived
Dec 02 09:33:43 keepalived-fifo.py[7330]: Loaded configuration: {'vrrp_groups': {'SYN': {'STOP': None, 'FAULT': '/config/scripts/ipsec-stop.sh', 'BACKUP': '/config/scripts/ipsec-stop.sh', 'MASTER': '/config/scripts/ipsec-restart.sh'}}, 'sync_groups': {}}
Dec 02 09:33:43 keepalived-fifo.py[7330]: PIPE already exist: /run/keepalived/keepalived_notify_fifo
Dec 02 09:33:43 keepalived-fifo.py[7330]: Message reading start
Dec 02 09:33:43 keepalived-fifo.py[7330]: Message processing start
Dec 02 09:33:44 keepalived-fifo.py[7330]: Received message: GROUP "SYN" BACKUP 0
Dec 02 09:33:44 keepalived-fifo.py[7330]: GROUP SYN changed state to BACKUP
Dec 02 09:33:44 keepalived-fifo.py[7330]: Received message: INSTANCE "inside" BACKUP 95
Dec 02 09:33:44 keepalived-fifo.py[7330]: INSTANCE inside changed state to BACKUP
Dec 02 09:33:44 keepalived-fifo.py[7330]: Received message: INSTANCE "outside" BACKUP 95
Dec 02 09:33:44 keepalived-fifo.py[7330]: INSTANCE outside changed state to BACKUP
vyos@vyos:~$ cat /run/keepalived/keepalived.conf
- Autogenerated by VyOS
- Do not edit this file, all your changes will be lost
- on next commit or reboot
global_defs {
dynamic_interfaces script_user root # Don't run scripts configured to be run as root if any part of the path # is writable by a non-root user. enable_script_security notify_fifo /run/keepalived/keepalived_notify_fifo notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py
}
vrrp_instance inside {
state BACKUP interface eth8.712 virtual_router_id 3 priority 95 advert_int 1 preempt_delay 0 virtual_ipaddress { 10.55.0.1/29 }
}
vrrp_script healthcheck_outside {
script "/config/scripts/vrrp-check.sh" interval 1 fall 1 rise 1
}
vrrp_instance outside {
state BACKUP interface eth10.711 virtual_router_id 2 priority 95 advert_int 1 preempt_delay 0 virtual_ipaddress { *.175.223.238/29 } track_script { healthcheck_outside }
}
vrrp_sync_group SYN {
group { outside inside }
}
but works fine on "vrrp group"
set high-availability vrrp group outside transition-script fault /config/scripts/*
set high-availability vrrp group outside transition-script backup /config/scripts/*
set high-availability vrrp group outside transition-script master /config/scripts/***
LOG VRRP when scripn on "vrrp group"
Dec 02 09:18:02 systemd[1]: Started Keepalive Daemon (LVS and VRRP).
Dec 02 09:18:02 Keepalived[4113]: Starting Keepalived v2.1.5 (07/13,2020)
Dec 02 09:18:02 Keepalived[4113]: Running on Linux 5.4.156-amd64-vyos #1 SMP Thu Oct 28 18:19:14 UTC 2021 (built for Linux 4.19.160)
Dec 02 09:18:02 Keepalived[4113]: Command line: '/usr/sbin/keepalived' '--use-file' '/run/keepalived/keepalived.conf' '--pid'
Dec 02 09:18:02 Keepalived[4113]: '/run/keepalived/keepalived.pid' '--dont-fork' '--snmp'
Dec 02 09:18:02 Keepalived[4113]: Opening file '/run/keepalived/keepalived.conf'.
Dec 02 09:18:02 Keepalived[4113]: NOTICE: setting config option max_auto_priority should result in better keepalived performance
Dec 02 09:18:02 Keepalived[4113]: Starting VRRP child process, pid=4114
Dec 02 09:18:02 Keepalived_vrrp[4114]: Registering Kernel netlink reflector
Dec 02 09:18:02 Keepalived_vrrp[4114]: Registering Kernel netlink command channel
Dec 02 09:18:02 Keepalived_vrrp[4114]: Opening file '/run/keepalived/keepalived.conf'.
Dec 02 09:18:02 Keepalived_vrrp[4114]: Starting SNMP subagent
Dec 02 09:18:02 Keepalived_vrrp[4114]: Warning: Failed to connect to the agentx master agent ([NIL]):
Dec 02 09:18:02 Keepalived_vrrp[4114]: Unsafe permissions found for script '/config/scripts/vrrp-check.sh' - disabling.
Dec 02 09:18:02 Keepalived_vrrp[4114]: Disabling track script healthcheck_outside due to insecure
Dec 02 09:18:02 Keepalived_vrrp[4114]: Registering gratuitous ARP shared channel
Dec 02 09:18:02 Keepalived_vrrp[4114]: (inside) Entering BACKUP STATE (init)
Dec 02 09:18:02 Keepalived_vrrp[4114]: (outside) Entering BACKUP STATE (init)
Dec 02 09:18:03 keepalived-fifo.py[4115]: Starting FIFO pipe for Keepalived
Dec 02 09:18:03 keepalived-fifo.py[4115]: Loaded configuration: {'vrrp_groups': {'inside': {'STOP': None, 'FAULT': None, 'BACKUP': None, 'MASTER': None}, 'outside': {'STOP': None, 'FAULT': '/config/scripts/ipsec-stop.sh', 'BACKUP': '/config/scripts/ipsec-stop.sh', 'MASTER': '/config/scripts/ipsec-restart.sh'}, 'SYN': {'STOP': None, 'FAULT': None, 'BACKUP': None, 'MASTER': None}}, 'sync_groups': {}}
Dec 02 09:18:03 keepalived-fifo.py[4115]: PIPE already exist: /run/keepalived/keepalived_notify_fifo
Dec 02 09:18:03 keepalived-fifo.py[4115]: Message reading start
Dec 02 09:18:03 keepalived-fifo.py[4115]: Message processing start
Dec 02 09:18:03 keepalived-fifo.py[4115]: Received message: GROUP "SYN" BACKUP 0
Dec 02 09:18:03 keepalived-fifo.py[4115]: GROUP SYN changed state to BACKUP
Dec 02 09:18:03 keepalived-fifo.py[4115]: Received message: INSTANCE "inside" BACKUP 90
Dec 02 09:18:03 keepalived-fifo.py[4115]: INSTANCE inside changed state to BACKUP
Dec 02 09:18:03 keepalived-fifo.py[4115]: Received message: INSTANCE "outside" BACKUP 90
Dec 02 09:18:03 keepalived-fifo.py[4115]: INSTANCE outside changed state to BACKUP
Dec 02 09:18:03 keepalived-fifo.py[4115]: Running the command: /config/scripts/ipsec-stop.sh
vyos@vyos:~$ cat /run/keepalived/keepalived.conf
- Autogenerated by VyOS
- Do not edit this file, all your changes will be lost
- on next commit or reboot
global_defs {
dynamic_interfaces script_user root # Don't run scripts configured to be run as root if any part of the path # is writable by a non-root user. enable_script_security notify_fifo /run/keepalived/keepalived_notify_fifo notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py
}
vrrp_instance inside {
state BACKUP interface eth1.712 virtual_router_id 3 priority 90 advert_int 1 preempt_delay 0 virtual_ipaddress { 10.55.0.1/29 }
}
vrrp_script healthcheck_outside {
script "/config/scripts/vrrp-check.sh" interval 30 fall 3 rise 1
}
vrrp_instance outside {
state BACKUP interface eth0.711 virtual_router_id 2 priority 90 advert_int 1 preempt_delay 0 virtual_ipaddress { *.175.223.238/29 } track_script { healthcheck_outside }
}
vrrp_sync_group SYN {
group { outside inside }
}