I am using keepalived from default yum v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2 on centos 7 (2009)
The vip is working properly but when I add notify script, it was opening the file but not running it (I guess). This is my config file of my backup. I used root because I read somewhere that keepalived need privilege similar to root (I can be wrong on this)
! Configuration File for keepalived
global_defs {
enable_script_security
script_user root
}
vrrp_instance VI_1 {
state BACKUP
interface enp0s3
virtual_router_id 51
priority 100 #used in election, 150 for master & 100 for backup
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.11.33/24 dev enp0s3
}
notify "/etc/keepalive/notify.sh"
notify_master "/etc/keepalive/notify_master.sh"
notify_backup "/etc/keepalive/notify_backup.sh"
}
this is my notify script (master and backup has the same things). I already tried to run it using /bin/bash notify.sh and it works. The permission of the scripts is 755
#!/bin/bash
echo "test" > /etc/keepalived/logs/log.log
when I start/stop the master service, the backup server get the vip but there is nothing in folder logs
this is the log from journalctl -u keepalived | tail -n 100
Jan 31 03:17:25 smtp.domain.com systemd[1]: Starting LVS and VRRP High Availability Monitor...
Jan 31 03:17:25 smtp.domain.com Keepalived[17729]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Jan 31 03:17:25 smtp.domain.com Keepalived[17729]: Opening file '/etc/keepalived/keepalived.conf'.
Jan 31 03:17:25 smtp.domain.com Keepalived[17730]: Starting Healthcheck child process, pid=17731
Jan 31 03:17:25 smtp.domain.com Keepalived[17730]: Starting VRRP child process, pid=17732
Jan 31 03:17:25 smtp.domain.com systemd[1]: Started LVS and VRRP High Availability Monitor.
Jan 31 03:17:25 smtp.domain.com Keepalived_vrrp[17732]: Registering Kernel netlink reflector
Jan 31 03:17:25 smtp.domain.com Keepalived_vrrp[17732]: Registering Kernel netlink command channel
Jan 31 03:17:25 smtp.domain.com Keepalived_vrrp[17732]: Registering gratuitous ARP shared channel
Jan 31 03:17:25 smtp.domain.com Keepalived_vrrp[17732]: Opening file '/etc/keepalived/keepalived.conf'.
Jan 31 03:17:25 smtp.domain.com Keepalived_healthcheckers[17731]: Initializing ipvs
Jan 31 03:17:25 smtp.domain.com Keepalived_healthcheckers[17731]: Opening file '/etc/keepalived/keepalived.conf'.
Jan 31 03:17:30 smtp.domain.com Keepalived_vrrp[17732]: VRRP_Instance(VI_1) removing protocol VIPs.
Jan 31 03:17:30 smtp.domain.com Keepalived_vrrp[17732]: Using LinkWatch kernel netlink reflector...
Jan 31 03:17:30 smtp.domain.com Keepalived_vrrp[17732]: VRRP_Instance(VI_1) Entering BACKUP STATE
Jan 31 03:17:30 smtp.domain.com Keepalived_vrrp[17732]: Opening script file /etc/keepalived/notify_backup.sh
Jan 31 03:17:30 smtp.domain.com Keepalived_vrrp[17732]: Opening script file /etc/keepalived/notify.sh
Jan 31 03:17:30 smtp.domain.com Keepalived_vrrp[17732]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Jan 31 03:17:34 smtp.domain.com Keepalived_vrrp[17732]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jan 31 03:17:35 smtp.domain.com Keepalived_vrrp[17732]: VRRP_Instance(VI_1) Entering MASTER STATE
Jan 31 03:17:35 smtp.domain.com Keepalived_vrrp[17732]: VRRP_Instance(VI_1) setting protocol VIPs.
Jan 31 03:17:35 smtp.domain.com Keepalived_vrrp[17732]: Sending gratuitous ARP on enp0s3 for 192.168.11.33
Jan 31 03:17:35 smtp.domain.com Keepalived_vrrp[17732]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on enp0s3 for 192.168.11.33
Jan 31 03:17:35 smtp.domain.com Keepalived_vrrp[17732]: Sending gratuitous ARP on enp0s3 for 192.168.11.33
Jan 31 03:17:35 smtp.domain.com Keepalived_vrrp[17732]: Sending gratuitous ARP on enp0s3 for 192.168.11.33
Jan 31 03:17:35 smtp.domain.com Keepalived_vrrp[17732]: Sending gratuitous ARP on enp0s3 for 192.168.11.33
Jan 31 03:17:35 smtp.domain.com Keepalived_vrrp[17732]: Sending gratuitous ARP on enp0s3 for 192.168.11.33
Jan 31 03:17:35 smtp.domain.com Keepalived_vrrp[17732]: Opening script file /etc/keepalived/notify_master.sh
Jan 31 03:17:35 smtp.domain.com Keepalived_vrrp[17732]: Opening script file /etc/keepalived/notify.sh
Jan 31 03:17:40 smtp.domain.com Keepalived_vrrp[17732]: Sending gratuitous ARP on enp0s3 for 192.168.11.33
Jan 31 03:17:40 smtp.domain.com Keepalived_vrrp[17732]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on enp0s3 for 192.168.11.33
Jan 31 03:17:40 smtp.domain.com Keepalived_vrrp[17732]: Sending gratuitous ARP on enp0s3 for 192.168.11.33
Jan 31 03:17:40 smtp.domain.com Keepalived_vrrp[17732]: Sending gratuitous ARP on enp0s3 for 192.168.11.33
Jan 31 03:17:40 smtp.domain.com Keepalived_vrrp[17732]: Sending gratuitous ARP on enp0s3 for 192.168.11.33
Jan 31 03:17:40 smtp.domain.com Keepalived_vrrp[17732]: Sending gratuitous ARP on enp0s3 for 192.168.11.33
For temporary answer that I used: put a cron to check the current status of server and run the script
current server status command line
journalctl -u keepalived | grep Entering | awk 'END{print $8}'
Update:
Finally I found the problem, when I run getenforce, it return enforcing. It seems the vrrp_script will not run unless I make a rule or setenforce 0
I edited /etc/selinux/config so it will not reset after I reboot
SELINUX=permissive