Home / ubuntu / Questions / 769253
In Process
loewexy
Asked: 2016-05-09 01:02:41 +0800 CST

Running keepalived with vrrp in unprivileged lxc container

  • 772

I am trying to get a keepalived running in an unprivileged lxc container, but I get the following error in the syslog.

May  8 10:56:01 dnsmasq Keepalived_vrrp[11025]: Initializing ipvs 2.6
May  8 10:56:01 dnsmasq modprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-22-generic/modules.dep.bin'
May  8 10:56:01 dnsmasq Keepalived_vrrp[11025]: IPVS: Can't initialize ipvs: No space left on device

What am I missing. I tried loading ip_vs kernel module on the host but with no success.

networking

3 Answers

  1. Containers aren't allowed to load modules as they share kernel with the host machine. Once you load module on your hardware node, it will become available on all the containers. The same rule is for OpenVZ virtualization.

    • 2

  2. If you are running LXD you need to allow the Linux Kernel modules to be loaded by the LXC container.

    lxc config set CONTAINERNAME linux.kernel_modules ip_vs_wrr,ip_vs_wlc,ip_vs_sh,ip_vs_sed,ip_vs_rr,ip_vs_nq,ip_vs_lc,ip_vs_lblcr,ip_vs_lblc,ip_vs_ftp,nf_nat,ip_vs_dh,ip_vs,nf_conntrack,libcrc32c

    Inside the container you need to set the -P option to keepalived in order to use keepalived correctly.

    To do this on Ubuntu 16.04 you can edit /etc/defaults/keepalived and set the following line: DAEMON_ARGS="-P"

    If you use liblxc if you load the kernel module on the host container you should be able to load it inside of the LXC container.

    • 1

  3. I had a similar issue on lxc 4.0.9 on Centos 8 containers with keepalived 1.1.19 sharing this solution to perhaps save you a few hours of your life.

    NOTE: all commands run from root acc

    package: wget http://www.keepalived.org/software/keepalived-1.1.19.tar.gz

    By default keepalived in this version is expecting it's config to live in /etc/keepalived/keepalived.conf

    config:

    -----start of file on LB1 box ------
vrrp_instance lb1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 101
    advert_int 1
authentication {
    auth_type PASS
    auth_pass 1234
}
virtual_ipaddress {
    192.168.12.123/24 dev eth0
}
}


--- start of file on LB2 box -----

vrrp_instance lb1 {
    interface eth0
    state BACKUP
    virtual_router_id 51
    priority 100
    authentication {
        auth_type PASS
        auth_pass 1234
    }
    virtual_ipaddress {
            192.168.12.123/24 dev eth0
    }
}

    If you try to load the config via '/etc/init.d/keepalived start' or use 'systemctl start keepalived' it will throw an error 'keepalived.service: Failed to reset devices.list: Operation not permitted'

    instead register your own service.

    vi /etc/systemd/system/keepalived.service 

--- start of systemd service file ----
[Unit]
Description = running keepalived service
After = network.target

[Service]
User=root
ExecStart = /usr/local/sbin/keepalived
Restart=on-failure
RestartSec=5s

[Install]
WantedBy = multi-user.target

    then reload the systemd deamon systemctl daemon-reload

    and do the usual

    systemctl start keepalived
systemctl enable keepalived #if you want it running on reboot
systemctl status keepalived



keepalived.service - running keepalived service
Loaded: loaded (/etc/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Drop-In: /run/systemd/system/keepalived.service.d
         └─zzz-lxc-service.conf
Active: deactivating (stop-sigterm) since Tue 2022-06-07 21:21:18 UTC; 50s ago
Process: 2652 ExecStart=/usr/local/sbin/keepalived (code=exited, status=0/SUCCESS)
Main PID: 2652 (code=exited, status=0/SUCCESS)
Tasks: 1 (limit: 49660)
Memory: 668.0K

    Enjoy!

    • 0