-
-
Notifications
You must be signed in to change notification settings - Fork 730
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatic update process (production interruption) #1294
Comments
From what you have written, it appears that after the security update has been installed, the system wants to run the new package rather than the old one (which is quite reasonable for security updates). This means that the old process has to terminate and the new process start running (hence the restart rather than the reload). A restart means that keepalived stops, and is then started again. When keepalived stops, any instance that is master will send priority 0 adverts, which start a fast take-over by the highest priority backup (less than 1 advert interval). When keepalived starts up again, it waits three advert intervals (plus a bit more) to see if there is a higher priority master, and only if it sees no higher priority adverts will it take over as master (this is all in accordance with the VRRP RFCs). You ask two questions:
I don't think keepalived has any recommendations on this. Security updates are a distro feature, and so I think if there are any recommendations, they would have to come from the distro provider.
At the moment, the answer is no. The only way I can see of doing this is if keepalived is told to reload its processes. Keepalived would need to save the state of each keepalived instance and when the new process starts, restore those states immediately. This is doable but would take a bit of work. |
I understand. I'm asking this, because this comment seemed to recommend using snap to install keepalived on Ubuntu. With the information you just gave plus the fact, that autoupdates in snap can't be disabled, this will inevitably result in downtimes which can't be prevented. This would makes snap unfit for use in high-available environments. So, the only stable way of running recent versions of keepalived would be to compile it from source? Or am I missing another option here?
This sounds good, maybe that'd be a way to go to fix this in the long run. Apprechiate your work! |
Describe the bug
We've experienced some issues with the automatic (security) updates of keepalived. This happens when installing the keepalived package either via Ubuntu packages (having automatic security updates activated) or when installing the snap package (as recommended iirc), which has automatic updates that apparently cant' be disabled. When the update is triggered, it results in a restart of the keepalived daemon (not reload), which causes a failover (we currently do not use
nopreempt
).To Reproduce
Install keepalived and wait for an update
Expected behavior
The update process should never hard-restart the daemon, unless it can be done so without any interuption of services.
Keepalived version
Distro (please complete the following information):
Ubuntu 18.04 LTS (bionic beaver)
Did keepalived coredump?
No.
The text was updated successfully, but these errors were encountered: