[Bug 1820245] Re: Netplan and Keepalived not work

Wed, 20 Mar 2019 11:31:14 -0700 

here config of keepalive

```
# Global Configuration
global_defs {
  notification_email {
    m...@foo.bar
  }
  notification_email_from keepali...@foo.bar
  smtp_server smtp_server smtp.foo.bar
  smtp_connect_timeout 30
  router_id fqdn_of_host
}

# describe virtual service ip
vrrp_instance front-loadbalancer {
  state MASTER
  interface ens192
  virtual_router_id 164
  priority 100
  authentication {
    auth_type PASS
    auth_pass XXXXXXX
  }
  virtual_ipaddress {
    aa.bb.cc.dd
  }
  # Invoked to master transition
  notify_master "/etc/keepalived/bypass_ipvs.sh del aa.bb.cc.dd"
  # Invoked to slave transition
  notify_backup "/etc/keepalived/bypass_ipvs.sh add aa.bb.cc.dd"
  # Invoked to fault transition
  notify_fault "/etc/keepalived/bypass_ipvs.sh add aa.bb.cc.dd"
  # Invoked to stop transition
  notify_stop "/etc/keepalived/bypass_ipvs.sh add aa.bb.cc.dd"
}

# describe virtual mail server
virtual_server aa.bb.cc.dd 10514 {
  delay_loop 5
  lb_algo rr
  lb_kind DR
  protocol TCP

  real_server dd.cc.bb.aa1 10514 {
    MISC_CHECK {
      misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa1:9601";
      misc_timeout 10
    }

  }
  real_server dd.cc.bb.aa2 10514 {
    MISC_CHECK {
      misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa2:9601";
      misc_timeout 10
    }

  }
}

virtual_server aa.bb.cc.dd 10514 {
  delay_loop 5
  lb_algo rr
  lb_kind DR
  #persistence_timeout 50
  ops
  protocol UDP

  real_server dd.cc.bb.aa1 10514 {
    MISC_CHECK {
      misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa1:9601";
      misc_timeout 10
    }
  }
  real_server dd.cc.bb.aa2 10514 {
    MISC_CHECK {
      misc_path "/usr/bin/curl -XGET http://dd.cc.bb.aa2:9601";
      misc_timeout 10
    }
  }
}

```

and bypass script
```
#! /bin/bash
#set -x
# 
# Gael Charriere <gael.charri...@gmail.com>
# 10.11.2008
#
# Invoked by keepalived from master/slave
# to slave/master transition to add or remove
# a PREROUTING rule
#
# Essential for slave to redirect incoming 
# service packet to localhost. Otherwise a
# loop can appear between master and slave.
# 
# The routing table is consulted when a packet
# that creates a new connection is encountered.
# PREROUTING rule alters packets as soon as they come in.
# REDIRECT statement redirects the packet to the machine
# itself by changing the destination IP to the primary
# address of the incoming interface (locally-generated
# packets are mapped to the 127.0.0.1 address).

# Check number of command line args
EXPECTED_ARGS=2
if [ $# -ne $EXPECTED_ARGS ]; then
  echo "Usage: $0 {add|del} ipaddress"
  exit 1
fi

# Check if second arg is a valid ip address
VIP=$2
OLD_IFS=$IFS
IFS="."
VIP=( $VIP )
IFS=$OLD_IFS
# Check that ip has 4 parts
if [ ${#VIP[@]} -ne 4 ]; then
  echo "IP address must have 4 parts"
  echo "Usage: $0 {add|del} ipaddress"
  exit 1
fi

# Check that each parts is a number which
# varies between 0 and 255
for oct in ${VIP[@]} ; do
  echo $oct | egrep "^[0-9]+$" >/dev/null 2>&1
  if [ $? -ne 0 ]; then
    echo "$oct: Not numeric"
    echo "Usage: $0 {add|del} ipaddress"
    exit 1
  else
    if [ $oct -lt 0 -o $oct -gt 255 ]; then
      echo "$oct: Out of range"
      echo "Usage: $0 {add|del} ipaddress"
      exit 1
    fi
  fi
done

# If we are here, ip address is validated
VIP="${VIP[0]}.${VIP[1]}.${VIP[2]}.${VIP[3]}"

# Add or remove the prerouting rule
case "$1" in
  add)
    # check if the rule was already specified
    n=$(iptables -n -t nat -L| grep $VIP | wc -l)
    t=$(iptables -n -t nat -L| grep 'dpt:514' | wc -l)
    if [[ $t > 0 ]]; then
      #iptables -D PREROUTING -t nat -p tcp --dport 514 -j DNAT 
--to-destination $VIP:10514
      iptables -D PREROUTING -t nat -p tcp --dport 514 -j REDIRECT --to-port 
10514
      iptables -D PREROUTING -t nat -p udp --dport 514 -j REDIRECT --to-port 
10514
    fi
    if [[ $n == 0 ]]; then
      # the rule was not found, add it
      iptables -A PREROUTING -t nat -d $VIP -p tcp -j REDIRECT
      iptables -A PREROUTING -t nat -d $VIP -p udp -j REDIRECT
    fi
    ;;
  del)
    # check if the rule was already specified
    n=$(iptables -n -t nat -L| grep $VIP | wc -l)
    t=$(iptables -n -t nat -L| grep 'dpt:514' | wc -l)
    if [[ $t == 0 ]]; then
      #iptables -A PREROUTING -t nat -p tcp --dport 514 -j DNAT 
--to-destination $VIP:10514
      iptables -A PREROUTING -t nat -p tcp --dport 514 -j REDIRECT --to-port 
10514
      iptables -A PREROUTING -t nat -p udp --dport 514 -j REDIRECT --to-port 
10514
    fi
    while [[ $n > 0 ]]; do
      # remove the rule
      iptables -D PREROUTING -t nat -d $VIP -p tcp -j REDIRECT
      iptables -D PREROUTING -t nat -d $VIP -p udp -j REDIRECT
      n=$(($n-1))
    done
    ;;
  *)
    echo "Usage: $0 {add|del} ipaddress"
    exit 1
esac
exit 0

```

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1820245

Title:
  Netplan and Keepalived not work

To manage notifications about this bug go to:
https://bugs.launchpad.net/netplan/+bug/1820245/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to