Page MenuHomeVyOS Platform
Create Task
Maniphest T5386

Execute VRRP transition script when `set high-availability disable` is commited
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

In T5060 I suggested to implement something like a "VRRP maintenance mode". Thank you again for implementing this feature!

Part of the VRRP configuration in one of our testing environments looks like this:

sync-group main {
    member com
    member mgmt
    member adm
    member apm
    member byod
    member dflt
    member gst
    member gyod
    member prn
    member rol
    member srv01
    member stdnt
    member stf
    member tchr
    member tr_scl
    member prs
    transition-script {
        backup /config/scripts/ha/vrrp-backup.sh
        fault /config/scripts/ha/vrrp-fault.sh
        master /config/scripts/ha/vrrp-master.sh
        stop /config/scripts/ha/vrrp-stop.sh
    }
}

Transition scripts work perfectly fine when transitioning from MASTER to BACKUP and vice-versa. However, no transition script is executed when disabling keepalived through set high-availability disable.

It would be nice if committing set high-availability disable would also execute the stop transition script.

Details

Version
-
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

dex created this task.Jul 21 2023, 9:41 AM
Viacheslav subscribed.Jul 21 2023, 2:35 PM

Maybe it is the wrong way. I think it shouldn't touch anything in the disable state.

dex added a comment.Jul 21 2023, 3:00 PM

Hmm, fair enough. Maybe just executing the stop script and then committing set high-availability disable is enough for maintenance periods.
One general question though out of curiosity: What are the circumstances in which the stop script is executed in the first place?

pasik subscribed.Jul 21 2023, 8:17 PM
dmbaturin triaged this task as Wishlist priority.Jan 11 2024, 11:51 AM
dmbaturin added a project: VyOS 1.5 Circinus.
Viacheslav changed the task status from Open to Needs reporter action.EditedApr 11 2024, 11:19 AM

@dex can you re-check?
It should execute the stop script if disable in config https://github.com/vyos/vyos-1x/blob/5d890037b177ce6971ac00f52e4cce2cac898f46/src/conf_mode/high-availability.py#L204-L206

dex added a comment.Apr 12 2024, 7:25 AM

Just to make sure: This change is part of the current nightly build, right?

Viacheslav added a comment.Apr 12 2024, 8:31 AM

It was implemented around a year ago https://github.com/vyos/vyos-1x/commit/e201454f073c9a92fb56b65f497eae55fc634521
Just need to check if it works as expected.

dex added a comment.Apr 17 2024, 2:15 PM

Just checked with the current rolling release 1.5-rolling-202404141045. After committing set high-availability disable, keepalived is successfully stopped and the logs show that the transition script seems to be executed:

Apr 17 15:48:57 keepalived-fifo.py[20707]: GROUP main changed state to STOP
Apr 17 15:48:57 keepalived-fifo.py[20707]: Running the command: /config/scripts/ha/vrrp-stop.sh
Apr 17 15:48:58 systemd[1]: opt-vyatta-config-tmp-new_config_27850.mount: Deactivated successfully.
Apr 17 15:48:58 keepalived-fifo.py[20707]: Terminating messages processing thread
Apr 17 15:48:58 keepalived-fifo.py[20707]: Ending processing: Received SIGTERM signal
Apr 17 15:48:58 Keepalived_vrrp[20705]: Stopped
Apr 17 15:48:58 Keepalived[20701]: Stopped Keepalived v2.2.8 (06/21,2023), git commit debian/1%2.2.8-1+
Apr 17 15:48:58 systemd[1]: keepalived.service: Deactivated successfully.
Apr 17 15:48:58 systemd[1]: Stopped keepalived.service - Keepalive Daemon (LVS and VRRP).
Apr 17 15:48:58 systemd[1]: keepalived.service: Consumed 8.509s CPU time.

However, something goes wrong as the execution of the script seems to have no effect. It is supposed to stop some containers, which works perfectly fine when transitioning to BACKUP (backup and stop script are the same). It looks like this:

#!/bin/vbash

if [ "$(id -g -n)" != 'vyattacfg' ] ; then
    exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@"
fi

source /opt/vyatta/etc/functions/script-template
configure
set container name zabbix-proxy disable
set container name haproxy disable
set service dhcp-relay disable
commit comment "VRRP backup transition"
exit
Viacheslav added a comment.EditedMay 3 2024, 1:05 PM

It is probably a commit in progress during this time of execution, so the file is locked by another commit.
@dex Can you send to syslog anu message or do any other commands not related to configure?

syncer edited projects, added VyOS 1.4 Sagitta (1.4.0-GA); removed VyOS 1.4 Sagitta.May 7 2024, 8:03 AM
dex added a comment.May 13 2024, 10:30 AM

I changed the stop script to this:

#!/bin/vbash

logger VRRP stop script executed!

After commiting set high-availability disable the message is logged successfully:

May 13 12:24:26 fw01-a.hbg.dev.kdk.network keepalived-fifo.py[31738]: Running the command: /config/scripts/ha/vrrp-stop.sh
May 13 12:24:26 fw01-a.hbg.dev.kdk.network root[228155]: VRRP stop script executed!

So it is as you said, there seems to be a commit in progress so the changes from the stop script cannot be committed. Do you see any way around this? It would be very helpful to be able to commit config changes at this point

Viacheslav closed this task as Resolved.EditedMay 13 2024, 10:37 AM
Viacheslav claimed this task.

The original feature/bug is solved
The stop script executed is executing.
The locks are a separate task/bug.