Keepalived not discovered

mindph · December 14, 2021, 9:19pm

CMK version:
200p13
OS version:
Linux Bullseye

I have two servers running keepalived. They have checkMK agent 200p13 installed and discovered all services including mysql.
I created two service monitoring rules for each to monitor for keepalived. Check mk still does not discover the service.

If I create the rule for Enforced services, I get “UNKN VRRP Instance 192.168.10.90 Check plugin received no monitoring data” in the service configuration.

Edit: I see traffic to port 161 being blocked by IPtables. That’s SNMP. Do I need SNMP running for that check? I would like to have only Check MK running, no SNMP.

Heavy · December 14, 2021, 11:03pm

The buildin check plugin for keepalived does only work when you monitor the Linux host with SNMP.

An alternative approach to keepalived monitoring using a Local Check can be found here:

mindph · December 15, 2021, 10:04am

Ok I tried that, but I could not use it. I already have a notify script running for maxscale and thus I tried to adapt the approach in the link to that situation. Another issue is, that keepalived complains if the scripts are “insecure”, means ran by root and insecure scripts setting is off (which should).

I tried to call the notify script from the other notify script that already runs for maxscale

#!/bin/bash
TYPE=$1
NAME=$2
STATE=$3
OUTFILE=/tmp/maxscale_state.txt

/etc/keepalived/keepalive_status_notify.sh $2 $3

But since the script is running not as root, it can not write into /run/ so I changed the script to write into /tmp/ which it does.

-rw-------  1 keepalived_script keepalived_script    13 Dec 15 10:55 keepalived.VI_1.BACKUP.state
-rw-------  1 keepalived_script keepalived_script    13 Dec 15 10:55 keepalived.VI_1.MASTER.state
-rw-------  1 keepalived_script keepalived_script    11 Dec 15 10:55 keepalived.VI_1.STOP.state

Then tried to change the path in the perl script to read from /tmp/ instead of /var/run.

for my $file (</tmp/keepalived.*.*.state>) {
	open(IN, $file) || next;

But that does not work either, it (the perl script) is not returning anything and check_mk still does not discover. I tried that by running it manually.

Heavy · December 15, 2021, 12:39pm

In your script, a variable got lost. The invocation should look like

/etc/keepalived/keepalived_notify $1 $2 $3

The script contains, besides comments, only one line of code. You can easily insert that line to the beginning of your other notification script.

I would not put the state files into a world writable directory like /tmp, as this makes your system vulnerable to symlink attacks. If it runs under a different UID than root, you’d better create a separate directory like /var/local/keepalived where only the keepalived notify script user has write permissions.

mindph · December 15, 2021, 1:54pm

Ok I thought it only needs $2 and $3 because that’s what is in the filename. Understand it now. Yeah the /tmp/ was just for testing because everyone can write there.

system · December 15, 2022, 1:54pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.