Page MenuHomeVyOS Platform

VRRP doesn't start with conntrack-sync
Closed, ResolvedPublicBUG

Description

Tested on KVM (Proxmox) with 1 NIC
New VM, fresh image install.

Config

set high-availability vrrp group HA address 172.20.100.2/24
set high-availability vrrp group HA interface 'eth0.1'
set high-availability vrrp group HA vrid '10'
set high-availability vrrp sync-group SYNC member 'HA'
set interfaces ethernet eth0 vif 1 address '172.20.100.24/24'
set service conntrack-sync failover-mechanism vrrp sync-group 'SYNC'
set service conntrack-sync interface eth0.1

After reboot VRRP is not running

[email protected]:~$ show vrrp
VRRP is not running
[email protected]:~$ restart vrrp
[email protected]:~$ show vrrp
Name    Interface      VRID  State      Priority  Last Transition
------  -----------  ------  -------  ----------  -----------------
HA      eth0.1           10  MASTER          100  7s
[email protected]:~$

Without conntrack-sync service VRRP is in working condition after reboots

Version info

[email protected]:~$ show version

Version:          VyOS 1.4-rolling-202204300743
Release train:    sagitta

Built by:         [email protected]
Built on:         Sat 30 Apr 2022 07:43 UTC
Build UUID:       08bb31cf-725e-4cc3-b5c0-b18d2b6a1ef1
Build commit ID:  8d31e8b0891959

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:
Hardware UUID:    085e8080-c8e4-459c-af21-a27c103b8700

Copyright:        VyOS maintainers and contributors

Logs on reboot

May 05 17:57:57 vyos staticd[1021]: [VTVCM-Y2NW3] Configuration Read in Took: 00:00:00
May 05 17:57:57 vyos bfdd[1024]: [VTVCM-Y2NW3] Configuration Read in Took: 00:00:00
May 05 17:57:57 vyos vyos-configd[651]: Sending response 1
May 05 17:57:57 vyos sudo[1442]: pam_unix(sudo:session): session closed for user root
May 05 17:57:57 vyos sudo[1481]:     root : PWD=/ ; USER=root ; COMMAND=/usr/bin/sh -c /usr/sbin/vyshim /usr/libexec/vyos/conf_mode/high-availability.py
May 05 17:57:57 vyos sudo[1481]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=0)
May 05 17:57:57 vyos vyos-configd[651]: Received message: {"type": "node", "data": "/usr/libexec/vyos/conf_mode/high-availability.py"}
May 05 17:57:57 vyos systemd[1]: Started Keepalive Daemon (LVS and VRRP).
May 05 17:57:57 vyos vyos-configd[651]: Sending response 1
May 05 17:57:57 vyos sudo[1481]: pam_unix(sudo:session): session closed for user root
May 05 17:57:57 vyos sudo[1488]:     root : PWD=/ ; USER=root ; COMMAND=/usr/bin/sh -c /usr/sbin/vyshim /usr/libexec/vyos/conf_mode/conntrack_sync.py
May 05 17:57:57 vyos sudo[1488]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=0)
May 05 17:57:57 vyos vyos-configd[651]: Received message: {"type": "node", "data": "/usr/libexec/vyos/conf_mode/conntrack_sync.py"}
May 05 17:57:58 vyos Keepalived[1487]: Starting Keepalived v2.2.4 (12/22,2021), git commit v2.2.4-227-g8af889bc
May 05 17:57:58 vyos Keepalived[1487]: Running on Linux 5.10.113-amd64-vyos #1 SMP Thu Apr 28 14:13:18 UTC 2022 (built for Linux 5.10.84)
May 05 17:57:58 vyos Keepalived[1487]: Command line: '/usr/sbin/keepalived' '--use-file' '/run/keepalived/keepalived.conf' '--pid'
May 05 17:57:58 vyos Keepalived[1487]:               '/run/keepalived/keepalived.pid' '--dont-fork' '--snmp'
May 05 17:57:58 vyos Keepalived[1487]: Configuration file /run/keepalived/keepalived.conf
May 05 17:57:58 vyos Keepalived[1487]: NOTICE: setting config option max_auto_priority should result in better keepalived performance
May 05 17:57:58 vyos Keepalived[1487]: Starting VRRP child process, pid=1493
May 05 17:57:58 vyos Keepalived_vrrp[1493]: Starting SNMP subagent
May 05 17:57:58 vyos Keepalived_vrrp[1493]: Warning: Failed to connect to the agentx master agent ([NIL]):
May 05 17:57:58 vyos Keepalived_vrrp[1493]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.
May 05 17:57:58 vyos Keepalived_vrrp[1493]: Sync group SYNC has only 1 virtual router(s) - this probably isn't what you want
May 05 17:57:58 vyos kernel: NET: Registered protocol family 17
May 05 17:57:58 vyos Keepalived_vrrp[1493]: (HA) Entering BACKUP STATE (init)
May 05 17:57:58 vyos Keepalived[1487]: Startup complete
May 05 17:57:58 vyos conntrack-tools[1498]: vyatta-vrrp-conntracksync invoked at Thu 05 May 2022 05:57:58 PM UTC
May 05 17:57:58 vyos Keepalived[1487]: Stopping
May 05 17:57:58 vyos systemd[1]: Stopping Keepalive Daemon (LVS and VRRP)...
May 05 17:57:59 vyos Keepalived_vrrp[1493]: Stopped
May 05 17:57:59 vyos Keepalived[1487]: Stopped Keepalived v2.2.4 (12/22,2021), git commit v2.2.4-227-g8af889bc
May 05 17:57:59 vyos systemd[1]: keepalived.service: Succeeded.
May 05 17:57:59 vyos systemd[1]: Stopped Keepalive Daemon (LVS and VRRP).
May 05 17:57:59 vyos systemd[1]: Starting Conntrack Daemon...
May 05 17:57:59 vyos conntrackd[1505]: [Thu May  5 17:57:59 2022] (pid=1505) [notice] reliable ctnetlink event delivery is ENABLED.
May 05 17:57:59 vyos conntrackd[1505]: [Thu May  5 17:57:59 2022] (pid=1505) [notice] netlink event socket buffer size has been set to 2097152 bytes
May 05 17:57:59 vyos conntrack-tools[1505]: reliable ctnetlink event delivery is ENABLED.
May 05 17:57:59 vyos conntrack-tools[1505]: netlink event socket buffer size has been set to 2097152 bytes
May 05 17:57:59 vyos conntrackd[1505]: [Thu May  5 17:57:59 2022] (pid=1505) [notice] configuring helper `tns' with queuenum=5 and queuelen=0
May 05 17:57:59 vyos conntrackd[1505]: [Thu May  5 17:57:59 2022] (pid=1505) [notice] policy name=tns expect_timeout=300 expect_max=1
May 05 17:57:59 vyos conntrackd[1505]: [Thu May  5 17:57:59 2022] (pid=1505) [notice] helper `tns' configured successfully
May 05 17:57:59 vyos conntrackd[1505]: [Thu May  5 17:57:59 2022] (pid=1505) [notice] configuring helper `rpc' with queuenum=4 and queuelen=0
May 05 17:57:59 vyos conntrackd[1505]: [Thu May  5 17:57:59 2022] (pid=1505) [notice] policy name=rpc expect_timeout=300 expect_max=1
May 05 17:57:59 vyos conntrackd[1505]: [Thu May  5 17:57:59 2022] (pid=1505) [notice] helper `rpc' configured successfully
May 05 17:57:59 vyos conntrackd[1505]: [Thu May  5 17:57:59 2022] (pid=1505) [notice] configuring helper `rpc' with queuenum=3 and queuelen=0
May 05 17:57:59 vyos conntrackd[1505]: [Thu May  5 17:57:59 2022] (pid=1505) [notice] policy name=rpc expect_timeout=300 expect_max=1
May 05 17:57:59 vyos conntrackd[1505]: [Thu May  5 17:57:59 2022] (pid=1505) [notice] helper `rpc' configured successfully
May 05 17:57:59 vyos conntrackd[1505]: [Thu May  5 17:57:59 2022] (pid=1505) [notice] initialization completed
May 05 17:57:59 vyos conntrackd[1505]: [Thu May  5 17:57:59 2022] (pid=1505) [notice] -- starting in console mode --
May 05 17:57:59 vyos conntrack-tools[1505]: configuring helper `tns' with queuenum=5 and queuelen=0
May 05 17:57:59 vyos conntrack-tools[1505]: policy name=tns expect_timeout=300 expect_max=1
May 05 17:57:59 vyos conntrack-tools[1505]: helper `tns' configured successfully
May 05 17:57:59 vyos conntrack-tools[1505]: configuring helper `rpc' with queuenum=4 and queuelen=0
May 05 17:57:59 vyos conntrack-tools[1505]: policy name=rpc expect_timeout=300 expect_max=1
May 05 17:57:59 vyos conntrack-tools[1505]: helper `rpc' configured successfully
May 05 17:57:59 vyos conntrack-tools[1505]: configuring helper `rpc' with queuenum=3 and queuelen=0
May 05 17:57:59 vyos conntrack-tools[1505]: policy name=rpc expect_timeout=300 expect_max=1
May 05 17:57:59 vyos conntrack-tools[1505]: helper `rpc' configured successfully
May 05 17:57:59 vyos conntrack-tools[1505]: initialization completed
May 05 17:57:59 vyos conntrack-tools[1505]: -- starting in console mode --
May 05 17:57:59 vyos systemd[1]: Started Conntrack Daemon.
May 05 17:57:59 vyos sudo[1488]: pam_unix(sudo:session): session closed for user root
May 05 17:57:59 vyos vyos-configd[651]: Sending response 1
May 05 17:57:59 vyos sudo[1511]:     root : PWD=/ ; USER=root ; COMMAND=/usr/bin/sh -c /usr/sbin/vyshim /usr/libexec/vyos/conf_mode/ssh.py
May 05 17:57:59 vyos sudo[1511]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=0)
May 05 17:57:59 vyos vyos-configd[651]: Received message: {"type": "node", "data": "/usr/libexec/vyos/conf_mode/ssh.py"}
May 05 17:57:59 vyos systemd[1]: Reloading.

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rolling-202204300743
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change
Issue type
Bug (incorrect behavior)

Event Timeline

Try to delete sync-group, as you use only one group

Try to delete sync-group, as you use only one group

But conntrack-sync requires sync-group for failover-mechanism.

[email protected]# show service conntrack-sync
 failover-mechanism {
     vrrp {
-        sync-group SYNC
     }
 }
 interface eth0.1 {
 }
[edit]
[email protected]# commit

No VRRP sync-group defined!

[[service conntrack-sync]] failed
Commit failed
[edit]
[email protected]#
c-po changed the task status from Open to In progress.Mon, May 9, 5:05 PM
c-po claimed this task.