Page MenuHomeVyOS Platform
Create Task
Maniphest T4059

VRRP sync-group transition script does not persist after reboot
Closed, ResolvedPublicBUG
Actions

Description

Issue
VRRP master script does not execute after reboot following initial VRRP configuration.

Steps to Re-Create

  1. Configure VRRP as below
  2. On the machine designated as MASTER - run restart vrrp
  3. On the machine now designated as MASTER - run show log vrrp to confirm script executed with "Running the command: <script name>"
  4. Repeat as many times to verify as needed
  5. Reboot current MASTER
  6. On the new MASTER run restart vrrp
  7. Go to the new MASTER (this was the machine just rebooted) - script does not execute, not shown in log file
  8. Delete VRRP configuration entirely on both machines OR remove the transition-script line, add again, save - then everything works again.
  9. Reboot -> script stops working again

Other

  1. Script has chmod +x permissions
  2. Script can be run manually from bash and works

Version
vyos-1.3-beta-202112060443-amd64.iso

Configurations
Only difference is priority

#Node A
high-availability {
   vrrp {
     group eth0 {
        interface eth0
        no-preempt
        priority 200
        rfc3768-compatibility
        virtual-address <floating IP>
        vrid 10
       }
   group eth1 {
      interface eth1
      no-preempt
      priority 200
      rfc3768-compatibility
      virtual-address <Internal VIP IP>
      vrid 11
     }
   sync-group MAIN {
    member eth0
    member eth1
    transition-script {
      master /config/scripts/<my script name>.sh
      }
    }
   }
}
#Node B
high-availability {
   vrrp {
     group eth0 {
        interface eth0
        no-preempt
        priority 100
        rfc3768-compatibility
        virtual-address <floating IP>
        vrid 10
       }
   group eth1 {
      interface eth1
      no-preempt
      priority 100
      rfc3768-compatibility
      virtual-address <Internal VIP IP>
      vrid 11
     }
   sync-group MAIN {
    member eth0
    member eth1
    transition-script {
      master /config/scripts/<my script name>.sh
      }
    }
   }
}

Master Script

#!/usr/bin/bash

RESERVED_IP_INSTANCE_ID='sanitized'
API_KEY='sanitized'
VM_INSTANCE_ID='sanitized'

#determine if the floating ip has been assigned
HAS_FLOATING_IP=`curl -s https://api.vultr.com/v2/reserved-ips/${RESERVED_IP_INSTANCE_ID} -X GET -H "Authorization: Bearer ${API_KEY}"`

#debug
logger -s ${HAS_FLOATING_IP}

#check to see if this instance has the floating ip
if [[ "${HAS_FLOATING_IP}" != *"${VM_INSTANCE_ID}"* ]]; then
  logger -s "This machine does not have a IP assigned to this machine already. Let's assign it."

#detach
`curl -s "https://api.vultr.com/v2/reserved-ips/${RESERVED_IP_INSTANCE_ID}/detach" \
-X POST \
-H "Authorization: Bearer ${API_KEY}"`

#attach
`curl -s "https://api.vultr.com/v2/reserved-ips/${RESERVED_IP_INSTANCE_ID}/attach" \
-X POST \
-H "Authorization: Bearer ${API_KEY}" \
-H "Content-Type: application/json" \
-d "{\"instance_id\" : \"${VM_INSTANCE_ID}\"}"`

fi

logger -s "Completed IP failover"
exit

Attaching a screenshot of the script working when keepalived does execute it

output.png (372×750 px, 28 KB)

Details

Version
vyos-1.3-beta-202112060443
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

nikeshhajari created this task.Dec 6 2021, 10:41 PM
Unknown Object (User) subscribed.Dec 7 2021, 5:26 AM

I confirm the bug. After rebooting script doesn't work on sync-groups. It's necessary to reload vrrp to start running the script (After rebooting).
More detail:
https://phabricator.vyos.net/T4041

pasik subscribed.Dec 7 2021, 7:37 AM
nikeshhajari added a comment.EditedDec 7 2021, 7:45 AM

For anyone looking for a work around until it is patched this is my workaround. I am just adding a line to restart the service right after bootup in the “/config/scripts/vyos-postconfig-bootup.script” (more info on this file in the command scripting section - Command Scripting — VyOS 1.4.x (sagitta) documentation)

workaround.png (134×733 px, 7 KB)

adestis subscribed.Dec 7 2021, 9:35 AM
Unknown Object (User) added a comment.Dec 7 2021, 12:49 PM

Thank you for sharing your information.

c-po added subscribers: jestabro, c-po.Dec 8 2021, 8:44 AM

The displayed error:

cpo@LR1.wue3:~$ cat /var/log/messages | grep keep
Dec  8 09:38:17 LR1 Keepalived[1834]: Command line: '/usr/sbin/keepalived' '--use-file' '/run/keepalived/keepalived.conf' '--pid'
Dec  8 09:38:17 LR1 Keepalived[1834]:               '/run/keepalived/keepalived.pid' '--dont-fork' '--snmp'
Dec  8 09:38:17 LR1 Keepalived[1834]: Opening file '/run/keepalived/keepalived.conf'.
Dec  8 09:38:17 LR1 Keepalived[1834]: NOTICE: setting config option max_auto_priority should result in better keepalived performance
Dec  8 09:38:17 LR1 Keepalived_vrrp[1847]: Opening file '/run/keepalived/keepalived.conf'.
Dec  8 09:38:18 LR1 keepalived-fifo.py: Starting FIFO pipe for Keepalived
Dec  8 09:38:18 LR1 keepalived-fifo.py: Unable to load configuration:
Dec  8 09:38:18 LR1 keepalived-fifo.py: PIPE already exist: /run/keepalived/keepalived_notify_fifo
Dec  8 09:38:18 LR1 keepalived-fifo.py: INSTANCE foo changed state to FAULT

Indicates that the code patch had an issue: https://github.com/vyos/vyos-1x/blob/7ac6b589e3827ea6ff8e796bb6617c021cf26bca/src/system/keepalived-fifo.py#L66-L76

My initial assumption is that conf = ConfigTreeQuery() does not work on bootup. @jestabro any idea?

c-po mentioned this in rVYOSONEXbcfe967f607a: vrrp: T4059: do "late" read of the CLI configuration as this fails in __init__.Dec 8 2021, 9:04 AM
c-po changed the task status from Open to Needs testing.Dec 8 2021, 9:05 AM
c-po claimed this task.
c-po triaged this task as Normal priority.
c-po edited a custom field.
c-po moved this task from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.

Logic has been changed in keepalived-fifo.py to read in the CLI data (and thus the scripts) the first time they are really needed by a transition.

c-po mentioned this in rVYOSONEXf168e409acb3: vrrp: T4059: do "late" read of the CLI configuration as this fails in __init__.Dec 8 2021, 9:06 AM
Unknown Object (User) added a comment.Dec 9 2021, 1:09 AM

I've checked this bug on "VyOS 1.3-beta-202112080938", everything is well.
After rebooting scripts(sync-groups) work as needed.

Unknown Object (User) closed this task as Resolved.Dec 9 2021, 4:29 AM

"VyOS 1.4-rolling-202112081536" : sync-group scripts work well after rebooting.

nikeshhajari added a comment.Dec 9 2021, 9:32 AM

Hey - Thanks for the fix works great. One more thing I noticed, I'm not sure if it's an edge case or considered a "bug".

After restart the script does execute now, except right after reboot if the router acquires the "MASTER" role, it does not execute the script. However, after running "restart vrrp" once everything functions normally.

The workaround would be just to execute a service restart post boot always, to make sure the script gets run if fails.

c-po mentioned this in rVYOSONEX977dbf6b9452: Revert "vrrp: T4059: do "late" read of the CLI configuration as this fails in….Dec 9 2021, 9:38 PM
c-po mentioned this in rVYOSONEXafa50e9d39d7: Revert "vrrp: T4059: do "late" read of the CLI configuration as this fails in….
Unknown Object (User) added a comment.Dec 10 2021, 12:29 AM

As I understand it, after the reboot, the following scenarios are running:

  1. VRRP SCRIPT - "master" - works only after "vrrp restart"
  1. VRRP SCRIPT - "fault" - works well
  1. VRRP SCRIPT - "backup" - works well

I need a litle time to check it.

Unknown Object (User) reopened this task as Needs testing.Dec 10 2021, 12:33 AM
Unknown Object (User) subscribed.Dec 10 2021, 1:16 AM

Looks like the issue is persistent.
Tested on VyOS 1.3-beta-202112080938
Reboot VyOS (first one, wait for it to load. Then the other one)
'transition-script master' script doesn't start

nikeshhajari added a comment.Dec 10 2021, 1:27 AM

@m.korobeinikov - I did not test the backup and fault, but what you said sums it up correctly. Let me know if you need anything on exact re-creation, etc..

Unknown Object (User) added a comment.EditedDec 10 2021, 6:23 AM

I've checked it and what we have:

  1. Reboot--->VRRP(master)script isn't well--->VRRP(backup)script isn't well--->VRRP(master)script is well

REBOOT
VRRP(master)

Dec 10 04:14:42 keepalived-fifo.py[1764]: Starting FIFO pipe for Keepalived
Dec 10 04:14:42 keepalived-fifo.py[1764]: PIPE already exist: /run/keepalived/keepalived_notify_fifo
Dec 10 04:14:42 keepalived-fifo.py[1764]: Message reading start
Dec 10 04:14:42 keepalived-fifo.py[1764]: Message processing start
Dec 10 04:14:42 keepalived-fifo.py[1764]: Unable to load configuration:
Dec 10 04:14:42 keepalived-fifo.py[1764]: Received message: GROUP "SYN" MASTER 0
Dec 10 04:14:42 keepalived-fifo.py[1764]: GROUP SYN changed state to MASTER
Dec 10 04:14:42 keepalived-fifo.py[1764]: Unable to load configuration:
VRRP(backup)
Dec 10 04:16:24 keepalived-fifo.py[1764]: Received message: GROUP "SYN" BACKUP 0
Dec 10 04:16:24 keepalived-fifo.py[1764]: GROUP SYN changed state to BACKUP
Dec 10 04:16:25 keepalived-fifo.py[1764]: Loaded configuration: **********************
VRRP(master)-OK
Dec 10 04:18:16 keepalived-fifo.py[1764]: Received message: GROUP "SYN" MASTER 0
Dec 10 04:18:16 keepalived-fifo.py[1764]: GROUP SYN changed state to MASTER
Dec 10 04:18:16 keepalived-fifo.py[1764]: Running the command: /config/scripts/ipsec-restart.sh
  1. Reboot--->VRRP(master)script isn't well--->VRRP(backup)script isn't well--->VRRP(fault)script is well

REBOOT
VRRP(master)

Dec 10 04:28:37 keepalived-fifo.py[1734]: Starting FIFO pipe for Keepalived
Dec 10 04:28:37 keepalived-fifo.py[1734]: PIPE already exist: /run/keepalived/keepalived_notify_fifo
Dec 10 04:28:37 keepalived-fifo.py[1734]: Message reading start
Dec 10 04:28:37 keepalived-fifo.py[1734]: Message processing start
Dec 10 04:28:37 keepalived-fifo.py[1734]: Received message: GROUP "SYN" MASTER 0
Dec 10 04:28:37 keepalived-fifo.py[1734]: GROUP SYN changed state to MASTER
Dec 10 04:28:37 keepalived-fifo.py[1734]: Unable to load configuration:
VRRP(backup)
Dec 10 04:29:51 keepalived-fifo.py[1734]: Received message: GROUP "SYN" BACKUP 0
Dec 10 04:29:51 keepalived-fifo.py[1734]: GROUP SYN changed state to BACKUP
Dec 10 04:29:52 keepalived-fifo.py[1734]: Loaded configuration: **********************
VRRP(fault)-OK
Dec 10 04:30:10 keepalived-fifo.py[1734]: Received message: GROUP "SYN" FAULT 0
Dec 10 04:30:10 keepalived-fifo.py[1734]: GROUP SYN changed state to FAULT
Dec 10 04:30:10 keepalived-fifo.py[1734]: Running the command: /config/scripts/ipsec-stop.sh
  1. Reboot--->VRRP(backup)script isn't well--->VRRP(fault)script isn't well--->VRRP(backup)script is well

REBOOT

VRRP(backup)
Dec 10 04:33:23 keepalived-fifo.py[1747]: Starting FIFO pipe for Keepalived
Dec 10 04:33:23 keepalived-fifo.py[1747]: PIPE already exist: /run/keepalived/keepalived_notify_fifo
Dec 10 04:33:23 keepalived-fifo.py[1747]: Message reading start
Dec 10 04:33:23 keepalived-fifo.py[1747]: Message processing start
Dec 10 04:33:23 keepalived-fifo.py[1747]: Unable to load configuration:
Dec 10 04:33:23 keepalived-fifo.py[1747]: Received message: GROUP "SYN" BACKUP 0
Dec 10 04:33:23 keepalived-fifo.py[1747]: GROUP SYN changed state to BACKUP
Dec 10 04:33:23 keepalived-fifo.py[1747]: Unable to load configuration:
VRRP(fault)
Dec 10 04:34:35 keepalived-fifo.py[1747]: Received message: GROUP "SYN" FAULT 0
Dec 10 04:34:35 keepalived-fifo.py[1747]: GROUP SYN changed state to FAULT
Dec 10 04:34:35 keepalived-fifo.py[1747]: Loaded configuration: **********************
VRRP(backup)-OK
Dec 10 04:36:33 keepalived-fifo.py[1747]: Received message: GROUP "SYN" BACKUP 0
Dec 10 04:36:33 keepalived-fifo.py[1747]: GROUP SYN changed state to BACKUP
Dec 10 04:36:33 keepalived-fifo.py[1747]: Running the command: /config/scripts/ipsec-stop.sh
  1. Reboot--->VRRP(backup)script isn't well--->VRRP(master)script isn't well--->VRRP(backup)script is well

REBOOT

VRRP(backup)
Dec 10 04:41:15 keepalived-fifo.py[1746]: Starting FIFO pipe for Keepalived
Dec 10 04:41:15 keepalived-fifo.py[1746]: PIPE already exist: /run/keepalived/keepalived_notify_fifo
Dec 10 04:41:15 keepalived-fifo.py[1767]: Message reading start
Dec 10 04:41:15 keepalived-fifo.py[1767]: Message processing start
Dec 10 04:41:15 keepalived-fifo.py[1746]: Unable to load configuration:
Dec 10 04:41:15 keepalived-fifo.py[1746]: Received message: GROUP "SYN" BACKUP 0
Dec 10 04:41:15 keepalived-fifo.py[1746]: GROUP SYN changed state to BACKUP
Dec 10 04:41:15 keepalived-fifo.py[1746]: Unable to load configuration:
VRRP(master)
Dec 10 04:41:51 keepalived-fifo.py[1746]: Received message: GROUP "SYN" MASTER 0
Dec 10 04:41:51 keepalived-fifo.py[1746]: GROUP SYN changed state to MASTER
Dec 10 04:41:51 keepalived-fifo.py[1746]: Loaded configuration: **********************
VRRP(backup)-OK
Dec 10 04:47:49 keepalived-fifo.py[1746]: Received message: GROUP "SYN" BACKUP 0
Dec 10 04:47:49 keepalived-fifo.py[1746]: GROUP SYN changed state to BACKUP
Dec 10 04:47:49 keepalived-fifo.py[1746]: Running the command: /config/scripts/ipsec-stop.sh
  1. Reboot--->VRRP(backup)script isn't well--->VRRP(master)script isn't well--->VRRP(backup)script is well

REBOOT

VRRP(backup)
Dec 10 06:02:00 keepalived-fifo.py[1812]: Starting FIFO pipe for Keepalived
Dec 10 06:02:00 keepalived-fifo.py[1812]: PIPE already exist: /run/keepalived/keepalived_notify_fifo
Dec 10 06:02:00 keepalived-fifo.py[1812]: Message reading start
Dec 10 06:02:00 keepalived-fifo.py[1812]: Message processing start
Dec 10 06:02:00 keepalived-fifo.py[1812]: Unable to load configuration:
Dec 10 06:02:00 keepalived-fifo.py[1812]: Received message: GROUP "SYN" BACKUP 0
Dec 10 06:02:00 keepalived-fifo.py[1812]: GROUP SYN changed state to BACKUP
Dec 10 06:02:00 keepalived-fifo.py[1812]: Unable to load configuration:
VRRP(master)
Dec 10 06:02:48 keepalived-fifo.py[1812]: Received message: GROUP "SYN" MASTER 0
Dec 10 06:02:48 keepalived-fifo.py[1812]: GROUP SYN changed state to MASTER
Dec 10 06:02:49 keepalived-fifo.py[1812]: Loaded configuration: **********************
VRRP(fault)-OK
Dec 10 06:03:01 keepalived-fifo.py[1812]: Received message: GROUP "SYN" FAULT 0
Dec 10 06:03:01 keepalived-fifo.py[1812]: GROUP SYN changed state to FAULT
Dec 10 06:03:01 keepalived-fifo.py[1812]: Running the command: /config/scripts/ipsec-stop.sh

Reboot--->VRRP(fault)script isn't well--->VRRP(master)script is well
(in this case between state "fault" and "master" vrrp was "backup" short time)
REBOOT

VRRP(fault)
Dec 10 06:09:22 keepalived-fifo.py[1739]: Starting FIFO pipe for Keepalived
Dec 10 06:09:22 keepalived-fifo.py[1739]: PIPE already exist: /run/keepalived/keepalived_notify_fifo
Dec 10 06:09:22 keepalived-fifo.py[1739]: Message reading start
Dec 10 06:09:22 keepalived-fifo.py[1739]: Message processing start
Dec 10 06:09:22 keepalived-fifo.py[1739]: Unable to load configuration:
Dec 10 06:09:22 keepalived-fifo.py[1739]: Received message: GROUP "SYN" FAULT 0
Dec 10 06:09:22 keepalived-fifo.py[1739]: GROUP SYN changed state to FAULT
Dec 10 06:09:23 keepalived-fifo.py[1739]: Unable to load configuration:
VRRP(backup)
Dec 10 06:09:54 keepalived-fifo.py[1739]: Received message: GROUP "SYN" BACKUP 0
Dec 10 06:09:54 keepalived-fifo.py[1739]: GROUP SYN changed state to BACKUP
Dec 10 06:09:55 keepalived-fifo.py[1739]: Loaded configuration: **********************
VRRP(master)-OK
Dec 10 06:09:58 keepalived-fifo.py[1739]: Received message: GROUP "SYN" MASTER 0
Dec 10 06:09:58 keepalived-fifo.py[1739]: GROUP SYN changed state to MASTER
Dec 10 06:09:58 keepalived-fifo.py[1739]: Running the command: /config/scripts/ipsec-restart.sh

Reboot--->VRRP(fault)script isn't well--->VRRP(backup)script isn't well--->VRRP (any state) script is well
REBOOT

VRRP(fault)
Dec 10 06:18:03 keepalived-fifo.py[1741]: Starting FIFO pipe for Keepalived
Dec 10 06:18:03 keepalived-fifo.py[1741]: PIPE already exist: /run/keepalived/keepalived_notify_fifo
Dec 10 06:18:03 keepalived-fifo.py[1741]: Message reading start
Dec 10 06:18:03 keepalived-fifo.py[1741]: Message processing start
Dec 10 06:18:03 keepalived-fifo.py[1741]: Unable to load configuration:
Dec 10 06:18:03 keepalived-fifo.py[1741]: Received message: GROUP "SYN" FAULT 0
Dec 10 06:18:03 keepalived-fifo.py[1741]: GROUP SYN changed state to FAULT
Dec 10 06:18:03 keepalived-fifo.py[1741]: Unable to load configuration:
VRRP(backup)
Dec 10 06:18:35 keepalived-fifo.py[1741]: Received message: GROUP "SYN" BACKUP 0
Dec 10 06:18:35 keepalived-fifo.py[1741]: GROUP SYN changed state to BACKUP
Dec 10 06:18:36 keepalived-fifo.py[1741]: Loaded configuration: **********************
VRRP(fault)-OK
Dec 10 06:19:01 keepalived-fifo.py[1741]: Received message: GROUP "SYN" FAULT 0
Dec 10 06:19:01 keepalived-fifo.py[1741]: GROUP SYN changed state to FAULT
Dec 10 06:19:01 keepalived-fifo.py[1741]: Running the command: /config/scripts/ipsec-stop.sh

As I can see, the scripts start working well only when VRRP changes status the second time.
Before this event scripts, don't execute.

After rebooting, sync-groups scripts start working well when second changing the status VRRP.
Something wrong with "keepalived-fifo.py"

Unknown Object (User) changed the task status from Needs testing to In progress.Dec 10 2021, 6:23 AM
c-po added a comment.Dec 10 2021, 8:19 PM

@m.korobeinikov please close if the current solution works for you!

Unknown Object (User) closed this task as Resolved.EditedDec 13 2021, 12:07 AM

@c-po Everything works well, thanks. I've checked on this version (VyOS 1.3-beta-202112120443).
I m going to check it on 1.4

Unknown Object (User) reopened this task as Needs testing.Dec 13 2021, 12:47 AM
c-po closed this task as Resolved.Dec 17 2021, 7:04 PM
tjh subscribed.Sep 1 2022, 3:26 AM

I hate to drag up an old ticket, but I've just encountered this issue.
A freshly built VyOS 1.3-rolling-202209010158

A reboot of the backup VRRP instance was done. I then rebooted the master, expecting VRRP to run the transition script.
But they weren't run. There was no mention of "Running the command" in the logs.

I then did a "restart vrrp" and straight away in the logs it appeared:

tim@ferrari-backup:~$ show log | egrep "keepalive|vrrp"
Sep 01 15:04:35 sudo[3502]:     root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/sh -c /usr/sbin/vyshim /usr/libexec/vyos/conf_mode/vrrp.py
Sep 01 15:04:35 vyos-configd[519]: Received message: {"type": "node", "data": "/usr/libexec/vyos/conf_mode/vrrp.py"}
Sep 01 15:04:36 Keepalived[3508]: Command line: '/usr/sbin/keepalived' '--use-file' '/run/keepalived/keepalived.conf' '--pid'
Sep 01 15:04:36 Keepalived[3508]:               '/run/keepalived/keepalived.pid' '--dont-fork' '--snmp'
Sep 01 15:04:36 Keepalived[3508]: Configuration file /run/keepalived/keepalived.conf
Sep 01 15:04:36 Keepalived[3508]: NOTICE: setting config option max_auto_priority should result in better keepalived performance
Sep 01 15:04:36 Keepalived_vrrp[3529]: Starting SNMP subagent
Sep 01 15:04:36 Keepalived_vrrp[3529]: Warning: Failed to connect to the agentx master agent ([NIL]):
Sep 01 15:04:36 Keepalived_vrrp[3529]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.
Sep 01 15:04:36 Keepalived_vrrp[3529]: Sync group failover-group has only 1 virtual router(s) - this probably isn't what you want
Sep 01 15:04:36 Keepalived_vrrp[3529]: (MuppetLAN) Entering BACKUP STATE (init)
Sep 01 15:04:36 conntrack-tools[3535]: vyatta-vrrp-conntracksync invoked at Thu 01 Sep 2022 03:04:36 PM NZST
Sep 01 15:04:36 keepalived-fifo.py[3530]: Starting FIFO pipe for Keepalived
Sep 01 15:04:36 Keepalived_vrrp[3529]: vrrp notify fifo script terminated
Sep 01 15:04:50 Keepalived_vrrp[3529]: NET-SNMP version 5.7.3 AgentX subagent connected
Sep 01 15:05:01 Keepalived[3508]: Configuration file /run/keepalived/keepalived.conf
Sep 01 15:05:01 Keepalived_vrrp[3529]: Reloading
Sep 01 15:05:01 Keepalived_vrrp[3529]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.
Sep 01 15:05:01 Keepalived_vrrp[3529]: Sync group failover-group has only 1 virtual router(s) - this probably isn't what you want
Sep 01 15:05:02 keepalived-fifo.py[4343]: Starting FIFO pipe for Keepalived
Sep 01 15:05:02 Keepalived_vrrp[3529]: vrrp notify fifo script terminated
Sep 01 15:05:50 Keepalived_vrrp[3529]: (MuppetLAN) Entering MASTER STATE <------------------ BECOMES MASTER BUT DOESN'T EXECUTE TRANSITION SCRIPT
Sep 01 15:05:50 Keepalived_vrrp[3529]: VRRP_Group(failover-group) Syncing instances to MASTER state
Sep 01 15:05:50 conntrack-tools[4878]: vyatta-vrrp-conntracksync invoked at Thu 01 Sep 2022 03:05:50 PM NZST
Sep 01 15:06:45 Keepalived_vrrp[3529]: (MuppetLAN) Master received advert from 192.168.0.250 with higher priority 200, ours 50
Sep 01 15:06:45 Keepalived_vrrp[3529]: (MuppetLAN) Entering BACKUP STATE <------------------ BECOMES BACKUP BUT DOESN'T EXECUTE TRANSITION SCRIPT
Sep 01 15:06:45 Keepalived_vrrp[3529]: VRRP_Group(failover-group) Syncing instances to BACKUP state
Sep 01 15:06:45 conntrack-tools[4892]: vyatta-vrrp-conntracksync invoked at Thu 01 Sep 2022 03:06:45 PM NZST
Sep 01 15:12:04 sudo[5302]:      tim : TTY=pts/1 ; PWD=/home/tim ; USER=root ; COMMAND=/usr/libexec/vyos/op_mode/vrrp.py --data
Sep 01 15:12:04 Keepalived_vrrp[3529]: Printing VRRP data for process(3529) on signal
Sep 01 15:20:48 sudo[5742]:      tim : TTY=pts/1 ; PWD=/home/tim ; USER=root ; COMMAND=/usr/bin/systemctl restart keepalived.service
Sep 01 15:20:49 Keepalived_vrrp[3529]: Stopped                           <------------------ SERVICE RESTARTED
Sep 01 15:20:49 systemd[1]: keepalived.service: Succeeded.
Sep 01 15:20:49 Keepalived[5745]: Command line: '/usr/sbin/keepalived' '--use-file' '/run/keepalived/keepalived.conf' '--pid'
Sep 01 15:20:49 Keepalived[5745]:               '/run/keepalived/keepalived.pid' '--dont-fork' '--snmp'
Sep 01 15:20:49 Keepalived[5745]: Configuration file /run/keepalived/keepalived.conf
Sep 01 15:20:49 Keepalived[5745]: NOTICE: setting config option max_auto_priority should result in better keepalived performance
Sep 01 15:20:49 Keepalived_vrrp[5746]: Starting SNMP subagent
Sep 01 15:20:49 Keepalived_vrrp[5746]: NET-SNMP version 5.7.3 AgentX subagent connected
Sep 01 15:20:49 Keepalived_vrrp[5746]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.
Sep 01 15:20:49 Keepalived_vrrp[5746]: Sync group failover-group has only 1 virtual router(s) - this probably isn't what you want
Sep 01 15:20:49 Keepalived_vrrp[5746]: (MuppetLAN) Entering BACKUP STATE (init)
Sep 01 15:20:49 conntrack-tools[5750]: vyatta-vrrp-conntracksync invoked at Thu 01 Sep 2022 03:20:49 PM NZST
Sep 01 15:20:49 keepalived-fifo.py[5747]: Starting FIFO pipe for Keepalived
Sep 01 15:20:49 keepalived-fifo.py[5747]: Loaded configuration: {'group': {'MuppetLAN': {'authentication': {'password': 'Biscuit', 'type': 'ah'}, 'description': 'VRRP For MuppetLAN', 'hello_source_address': '192.168.0.251', 'interface': 'eth1', 'peer_address': '192.168.0.250', 'priority': '50', 'virtual_address': {'192.168.0.1/24': {}}, 'vrid': '1'}}, 'sync_group': {'failover-group': {'member': ['MuppetLAN'], 'transition_script': {'backup': '/config/scripts/disable-pppoe0.script', 'master': '/config/scripts/activate-pppoe0.script'}}}}
Sep 01 15:20:49 keepalived-fifo.py[5747]: PIPE already exist: /run/keepalived/keepalived_notify_fifo
Sep 01 15:20:49 keepalived-fifo.py[5747]: Message reading start
Sep 01 15:20:49 keepalived-fifo.py[5747]: Message processing start
Sep 01 15:20:49 keepalived-fifo.py[5747]: Received message: GROUP "failover-group" BACKUP 0
Sep 01 15:20:49 keepalived-fifo.py[5747]: GROUP failover-group changed state to BACKUP
Sep 01 15:20:49 keepalived-fifo.py[5747]: Running the command: /config/scripts/disable-pppoe0.script <------------------ EXECUTED BACKUP SCRIPT
Sep 01 15:20:50 keepalived-fifo.py[5747]: Received message: INSTANCE "MuppetLAN" BACKUP 50
Sep 01 15:20:50 keepalived-fifo.py[5747]: INSTANCE MuppetLAN changed state to BACKUP
tjh added a comment.Sep 1 2022, 4:14 AM

I also notice looking at the backup after another reboot:

Backup state transition script = '/usr/libexec/vyos/vyos-vrrp-conntracksync.sh' 'backup' 'failover-group', uid:gid 0:0
Master state transition script = '/usr/libexec/vyos/vyos-vrrp-conntracksync.sh' 'master' 'failover-group', uid:gid 0:0
Fault state transition script = '/usr/libexec/vyos/vyos-vrrp-conntracksync.sh' 'fault' 'failover-group', uid:gid 0:0

Should those be executed as root? That'll break my script which does a commit because it'l be execute as root, not the Vyos user?