A patch was introduced [0] "..which sets the backup gateway device link down by default. When the VRRP sets the master state in one host, the L3 agent state change procedure will do link up action for the gateway device.".
This change causes an issue when using keepalived 2.X (focal+) which is fixed by patch [1] which adds a new 'no_track' option to all VIPs and routes in keepalived's config file. Patch [1] which fixed keepalived 2.X broke keepalived 1.X (<focal). So patch [2] was added which adds a keepalived_use_no_track config option which is set to True to control whether the 'no_track' option is added to the keepalived config. Finally, patchset [3] introduces automatic detection of the keepalived version by adding a call to `keepalived --version` but this is denied by the packages apparmor rules. [0] https://review.opendev.org/c/openstack/neutron/+/707406 [1] https://review.opendev.org/c/openstack/neutron/+/721799 [2] https://review.opendev.org/c/openstack/neutron/+/745641 [3] https://review.opendev.org/c/openstack/neutron/+/757620 ** Also affects: neutron (Ubuntu) Importance: Undecided Status: New ** Changed in: neutron (Ubuntu) Status: New => Confirmed ** Changed in: charm-neutron-gateway Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1944424 Title: AppArmor causing HA routers to be in backup state on wallaby-focal To manage notifications about this bug go to: https://bugs.launchpad.net/charm-neutron-gateway/+bug/1944424/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
