Open
Description
Describe the bug
man keepalived states that the exit codes should be the following:
0 if OK
1 if unable to malloc memory
2 if cannot initialise subsystems
3 if running with --config-test and configuration cannot be run
4 if running with --config-test and there are configuration errors
but keepalived will run after modifying the configuration
5 if running with --config-test and script security hasn't been
enabled but scripts are configured.
But I get return code 6 when running keepalived --config-test --use-file example.conf versus a config file with no script security enabled and scripts configured.
To Reproduce
Any steps necessary to reproduce the behaviour:
- Build docker image, run it with
--entrypoint /bin/ashandexecto container - Paste the configuration from the configuration file section to
example.conf keepalived --config-test --use-file example.confecho $?
Expected behavior
Keepalived --config-test exits with exit code 5
Keepalived version
Keepalived v2.3.1 (07/25,2024)
Copyright(C) 2001-2024 Alexandre Cassen, <acassen@gmail.com>
Built with kernel headers for Linux 6.6.0
Running on <omitted>
Distro: Alpine Linux v3.20
configure options: --disable-dynamic-linking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --localstatedir=/var --mandir=/usr/share/man --enable-bfd --enable-snmp --enable-snmp-rfc
Config options: LIBIPSET LVS VRRP VRRP_AUTH VRRP_VMAC BFD OLD_CHKSUM_COMPAT SNMP_V3_FOR_V2 SNMP_VRRP SNMP_CHECKER SNMP_RFCV2 SNMP_RFCV3 INIT=systemd
System options: VSYSLOG MEMFD_CREATE IPV6_MULTICAST_ALL IPV4_DEVCONF LIBNL3 RTA_ENCAP RTA_EXPIRES RTA_NEWDST RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_SUPPRESS_IFGROUP FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTEXT_FILTER_SKIP_STATS FRA_L3MDEV FRA_UID_RANGE RTAX_FASTOPEN_NO_COOKIE RTA_VIA FRA_PROTOCOL FRA_IP_PROTO FRA_SPORT_RANGE FRA_DPORT_RANGE RTA_TTL_PROPAGATE IFA_FLAGS LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA IPTABLES NET_LINUX_IF_H_COLLISION NETINET_LINUX_IF_ETHER_H_COLLISION LIBIPVS_NETLINK IPVS_DEST_ATTR_ADDR_FAMILY IPVS_SYNCD_ATTRIBUTES IPVS_64BIT_STATS IPVS_TUN_TYPE IPVS_TUN_CSUM IPVS_TUN_GRE VRRP_IPVLAN IFLA_LINK_NETNSID INET6_ADDR_GEN_MODE VRF SO_MARK
Distro (please complete the following information):
- Name: alpine
- Version: 3.20.2
- Architecture: x86_64
Details of any containerisation or hosted service (e.g. AWS)
Keepalived is run in alpine container built by make docker
Configuration file:
virtual_server_group test {
<ommited>
}
virtual_server group test {
lvs_sched mh
lvs_method TUN
protocol TCP
real_server <ommited> {
delay_loop 5
HTTP_GET {
http_protocol 1.1
url {
path /
status_code 200-400
}
}
MISC_CHECK {
misc_path /bin/ash
}
}
}
Notify and track scripts
None
System Log entries
SECURITY VIOLATION - check scripts are being executed but script_security not enabled.
// Not really system logs, but the output of keepalived --config-test
Did keepalived coredump?
No
Additional context
I believe this enum
enum chk_exit_code {
KEEPALIVED_CHK_EXIT_OK = EXIT_SUCCESS,
KEEPALIVED_CHK_EXIT_CONFIG = 4, /* Maintain backward compatibility */
KEEPALIVED_CHK_EXIT_CONFIG_TEST,
KEEPALIVED_CHK_EXIT_CONFIG_TEST_SECURITY,
} ;is the cause.
I suggest refining manpages and docs.
Metadata
Assignees
Labels
No labels