vrrp_script; Cannot find script docker in path - disabling

[1liminal1]

Describe the bug
Keepalived is not running the one-liner that checks to see if a container is running or not running.

To Reproduce
Running the following;

 vrrp_script check_container {
    script "docker ps -q -f name=haproxy| grep -q . && echo 1 || echo 0"
    interval 5
    weight -20
    fall 2
    rise 2
}

gives the following error;

```Cannot find script docker in path - disabling````

Also the following is quite confusing, is this related?

Script user 'keepalived_script' does not exist

Expected behavior
The script should run

Keepalived version

Keepalived v2.2.8 

Distro (please complete the following information):

• Name: AlmaLinux
• Version: 9.3
• Architecture: x86_64

Details of any containerisation or hosted service (e.g. AWS)
N/A

Configuration file:

vrrp_script check_container {
    script "docker ps -q -f name=haproxy | grep -q . && echo 1 || echo 0"
    interval 5
    weight -20
    fall 2
    rise 2
}

vrrp_instance VI_5 {
    state BACKUP
    interface eth0
    virtual_router_id 25
    priority 100
    advert_int 1
    virtual_ipaddress {
        xxx.xxx.xxx.xxx.xxx/24
    }
    track_script {
        check_container
    }
}

Notify and track scripts

Above

System Log entries

Script user 'keepalived_script' does not exist
Cannot find script docker in path - disabling
Disabling track script check_container since not found/accessible
Assigned address xxx.xxx.xxx.xxx.xxx for interface eth0
Registering gratuitous ARP shared channel
(VI_5) removing VIPs.
Startup complete
Started LVS and VRRP High Availability Monitor.
(VI_5) Entering BACKUP STATE (init)
 VRRP sockpool: [ifindex(  2), family(IPv4), proto(112), fd(14,15) multicast, address(xxx.xxx.xxx.xxx.xxx)]

Did keepalived coredump?

If so, can you please provide a stacktrace from the coredump, using gdb.

Additional context
Add any other context about the problem here.

[robotapertama]

This might help - https://opensource-db.com/working-with-keepalived-and-selinux-ensuring-ha-and-security/

[pqarmitage]

As it says, keepalived cannot find the executable docker in the search path; you need to specify the full path name to the docker executable.

Further, keepalived does not manage a pipeline of processes; you need a shell to do that, so you need to create an executable script:

#!/bin/bash

docker ps -q -f name=haproxy | grep -q . && echo 1 || echo 0

and suppose it is /etc/keepalived/ka_docker.sh, then change the line in the vrrp_script block to
script /etc/keepalived/ka_docker.sh

Also, keepalived does not read the stdout of a script that it executes, but retrieves the exit code, so you need to change the script to be:

#!/bin/bash

docker ps -q -f name=haproxy | grep -q . && exit 1 || exit 0

This will exit with 1 (failure) if there is a container with the name haproxy, and 0 (success) if there is no such container. This may be the opposite of what you want.

[1liminal1]

Thank you both, but its an issue with Keepalived and SElinux the solution is to use an external script and put it in the specified directory using this guide

https://opensource-db.com/working-with-keepalived-and-selinux-ensuring-ha-and-security/

/usr/libexec/keepalived/

I found setting permissions as chmod u=rwx,g=rx,o=rx /usr/libexec/keepalived/script-name.sh worked for me

This took us days to figure out, so hopefully this will help someone :)