Page MenuHomePhabricator

Enable SNMP for VRRP.
Closed, ResolvedPublic

Description

Keepalived is support SNMP.
To enable this feauture we need enable it in the daemon arguments (--snmp)

# cat /etc/default/keepalived 
# Options to pass to keepalived

# DAEMON_ARGS are appended to the keepalived command-line
DAEMON_ARGS="--snmp"

Check that snmp is working with vrrp.

root@1:/usr/share/snmp/mibs# snmpwalk -v2c -c public localhost .1.3.6.1.4.1.9586.100.5.1.1.0
SNMPv2-SMI::enterprises.9586.100.5.1.1.0 = STRING: "Keepalived v2.0.10 (11/12,2018)"

root@1:/usr/share/snmp/mibs# snmpwalk -v2c -c public localhost KEEPALIVED-MIB::version
KEEPALIVED-MIB::version.0 = STRING: Keepalived v2.0.10 (11/12,2018)
root@1:/usr/share/snmp/mibs# 

root@1:/usr/share/snmp/mibs# snmpwalk -v2c -c public localhost  KEEPALIVED-MIB::vrrpInstanceState
KEEPALIVED-MIB::vrrpInstanceState.1 = INTEGER: master(2)

root@1:/usr/share/snmp/mibs# snmpwalk -v2c -c public localhost  VRRP-MIB:vrrpOperState
VRRP-MIB::vrrpOperState.3.10 = INTEGER: master(3)

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.3-rolling-201912200217
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change

Event Timeline

Viacheslav created this object in space S1 VyOS Public.
Viacheslav updated the task description. (Show Details)Dec 24 2019, 7:07 PM
syncer assigned this task to c-po.Jan 1 2020, 12:00 PM
syncer triaged this task as Normal priority.
pasik added a subscriber: pasik.Jan 16 2020, 7:33 PM
c-po changed Is it a breaking change? from Perfectly compatible to Behavior change.Tue, Jan 21, 5:44 PM
c-po added a comment.Tue, Jan 21, 5:53 PM

If this is always enabled "hardcoded" and SNMPd is not running the following will happen:

Jan 21 07:47:06 vyos Keepalived[2457]: Starting Keepalived v2.0.10 (11/12,2018)
Jan 21 07:47:06 vyos Keepalived[2457]: Running on Linux 4.19.91-amd64-vyos #1 SMP Sat Dec 28 14:52:12 UTC 2019 (built for Linux 4.18.20)
Jan 21 07:47:06 vyos Keepalived[2457]: Command line: '/usr/sbin/keepalived' '--dont-fork' '--snmp'
Jan 21 07:47:06 vyos Keepalived[2457]: Opening file '/etc/keepalived/keepalived.conf'.
Jan 21 07:47:06 vyos Keepalived[2457]: Starting VRRP child process, pid=2464
Jan 21 07:47:06 vyos Keepalived_vrrp[2464]: Registering Kernel netlink reflector
Jan 21 07:47:06 vyos Keepalived_vrrp[2464]: Registering Kernel netlink command channel
Jan 21 07:47:06 vyos Keepalived_vrrp[2464]: Opening file '/etc/keepalived/keepalived.conf'.
Jan 21 07:47:06 vyos Keepalived_vrrp[2464]: Configuration specifies interface eth0.5 which doesn't currently exist - will use if created
Jan 21 07:47:06 vyos Keepalived_vrrp[2464]: Starting SNMP subagent
Jan 21 07:47:06 vyos Keepalived_vrrp[2464]: Warning: Failed to connect to the agentx master agent ([NIL]):
Jan 21 07:47:06 vyos Keepalived_vrrp[2464]: (VLAN5-IPv6) the first IPv6 VIP address must be link local
Jan 21 07:47:06 vyos Keepalived_vrrp[2464]: (VLAN5-IPv4) entering FAULT state
Jan 21 07:47:06 vyos Keepalived_vrrp[2464]: (VLAN5-IPv6) entering FAULT state
Jan 21 07:47:06 vyos Keepalived_vrrp[2464]: Registering gratuitous ARP shared channel
Jan 21 07:47:06 vyos Keepalived_vrrp[2464]: Registering gratuitous NDISC shared channel
Jan 21 07:47:21 vyos Keepalived_vrrp[2464]: Warning: Failed to connect to the agentx master agent ([NIL]):

If SNMPd is then started later on or enabled additionally we see:

Jan 21 07:49:36 vyos Keepalived_vrrp[2464]: NET-SNMP version 5.7.3 AgentX subagent connected

Disabling SNMPd aagain will throw

Jan 21 07:50:39 vyos Keepalived_vrrp[2464]: Warning: Failed to connect to the agentx master agent ([NIL]):

Thus it should be save to always enable this

c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Tue, Jan 21, 5:54 PM
c-po added a comment.Wed, Jan 22, 6:48 PM

Please test and feedback in latest rolling.

Viacheslav added a comment.EditedFri, Jan 24, 11:30 AM

SNMP with VRRP work

# snmpwalk -v2c -c public 10.0.0.1  VRRP-MIB:vrrpOperations
VRRP-MIB::vrrpNodeVersion.0 = INTEGER: 2
VRRP-MIB::vrrpNotificationCntl.0 = INTEGER: disabled(2)
VRRP-MIB::vrrpOperVrId.3.10 = INTEGER: 10
VRRP-MIB::vrrpOperVirtualMacAddr.3.10 = STRING: 52:54:0:1d:4:4e
VRRP-MIB::vrrpOperState.3.10 = INTEGER: backup(2)
VRRP-MIB::vrrpOperAdminState.3.10 = INTEGER: up(1)
VRRP-MIB::vrrpOperPriority.3.10 = INTEGER: 50
VRRP-MIB::vrrpOperIpAddrCount.3.10 = INTEGER: 1
VRRP-MIB::vrrpOperMasterIpAddr.3.10 = IpAddress: 10.0.0.2
VRRP-MIB::vrrpOperPrimaryIpAddr.3.10 = IpAddress: 10.0.0.1
VRRP-MIB::vrrpOperAuthType.3.10 = INTEGER: noAuthentication(1)
VRRP-MIB::vrrpOperAdvertisementInterval.3.10 = INTEGER: 1 seconds
VRRP-MIB::vrrpOperPreemptMode.3.10 = INTEGER: true(1)
VRRP-MIB::vrrpOperVirtualRouterUpTime.3.10 = Timeticks: (2) 0:00:00.02
VRRP-MIB::vrrpOperProtocol.3.10 = INTEGER: ip(1)
VRRP-MIB::vrrpOperRowStatus.3.10 = INTEGER: active(1)
VRRP-MIB::vrrpAssoIpAddr.3.10.10.0.0.254 = IpAddress: 10.0.0.254
VRRP-MIB::vrrpAssoIpAddrRowStatus.3.10.10.0.0.254 = INTEGER: active(1)

Config

set service snmp community public authorization 'ro'

set high-availability vrrp group VRRP hello-source-address '10.0.0.1'
set high-availability vrrp group VRRP interface 'eth1'
set high-availability vrrp group VRRP peer-address '10.0.0.2'
set high-availability vrrp group VRRP priority '50'
set high-availability vrrp group VRRP virtual-address '10.0.0.254/24'
set high-availability vrrp group VRRP vrid '10'

But I see 2 keepalived process. It normal?

sever@vyos01:~$ ps ax | grep keepa
 6064 ?        Ss     0:00 /usr/sbin/keepalived --dont-fork --snmp
 6065 ?        S      0:00 /usr/sbin/keepalived --dont-fork --snmp
c-po added a comment.Fri, Jan 24, 12:58 PM

One seems t be the mastering parent process, try ps faux

c-po changed the task status from Open to Backport candidate.Fri, Jan 24, 1:06 PM
c-po moved this task from Finished to Backport Candidates on the VyOS 1.3 Equuleus board.
c-po added a project: Ready for Crux (1.2.x).
c-po closed this task as Resolved.Sat, Jan 25, 8:52 AM
c-po moved this task from Backlog to Finished on the VyOS 1.2 Crux (VyOS 1.2.5) board.
c-po removed a project: Ready for Crux (1.2.x).
c-po moved this task from Backport Candidates to Finished on the VyOS 1.3 Equuleus board.