Git Product home page Git Product logo

seesaw's Introduction

Seesaw v2

GoDoc

Note: This is not an official Google product.

About

Seesaw v2 is a Linux Virtual Server (LVS) based load balancing platform.

It is capable of providing basic load balancing for servers that are on the same network, through to advanced load balancing functionality such as anycast, Direct Server Return (DSR), support for multiple VLANs and centralised configuration.

Above all, it is designed to be reliable and easy to maintain.

Requirements

A Seesaw v2 load balancing cluster requires two Seesaw nodes - these can be physical machines or virtual instances. Each node must have two network interfaces - one for the host itself and the other for the cluster VIP. All four interfaces should be connected to the same layer 2 network.

Building

Seesaw v2 is developed in Go and depends on several Go packages:

Additionally, there is a compile and runtime dependency on libnl

On a Debian/Ubuntu style system, you should be able to prepare for building by running:

apt-get install golang
apt-get install libnl-3-dev libnl-genl-3-dev

If your distro has a go version before 1.18, you may need to fetch a newer release from https://golang.org/dl/.

If you are running before go version 1.11 or you want to set GO111MODULE=off, after setting GOPATH to an appropriate location (for example ~/go):

go get -u golang.org/x/crypto/ssh
go get -u github.com/dlintw/goconf
go get -u github.com/golang/glog
go get -u github.com/miekg/dns
go get -u github.com/kylelemons/godebug/pretty
go get -u github.com/golang/protobuf/proto

Ensure that ${GOPATH}/bin is in your ${PATH} and in the seesaw directory:

make test
make install

If you wish to regenerate the protobuf code, the protobuf compiler is needed:

apt-get install protobuf-compiler

The protobuf code can then be regenerated with:

make proto

Installing

After make install has run successfully, there should be a number of binaries in ${GOPATH}/bin with a seesaw_ prefix. Install these to the appropriate locations:

SEESAW_BIN="/usr/local/seesaw"
SEESAW_ETC="/etc/seesaw"
SEESAW_LOG="/var/log/seesaw"

INIT=`ps -p 1 -o comm=`

install -d "${SEESAW_BIN}" "${SEESAW_ETC}" "${SEESAW_LOG}"

install "${GOPATH}/bin/seesaw_cli" /usr/bin/seesaw

for component in {ecu,engine,ha,healthcheck,ncc,watchdog}; do
  install "${GOPATH}/bin/seesaw_${component}" "${SEESAW_BIN}"
done

if [ $INIT = "init" ]; then
  install "etc/init/seesaw_watchdog.conf" "/etc/init"
elif [ $INIT = "systemd" ]; then
  install "etc/systemd/system/seesaw_watchdog.service" "/etc/systemd/system"
  systemctl --system daemon-reload
fi
install "etc/seesaw/watchdog.cfg" "${SEESAW_ETC}"

# Enable CAP_NET_RAW for seesaw binaries that require raw sockets.
/sbin/setcap cap_net_raw+ep "${SEESAW_BIN}/seesaw_ha"
/sbin/setcap cap_net_raw+ep "${SEESAW_BIN}/seesaw_healthcheck"

The setcap binary can be found in the libcap2-bin package on Debian/Ubuntu.

Configuring

Each node needs a /etc/seesaw/seesaw.cfg configuration file, which provides information about the node and who its peer is. Additionally, each load balancing cluster needs a cluster configuration, which is in the form of a text-based protobuf - this is stored in /etc/seesaw/cluster.pb.

An example seesaw.cfg file can be found in etc/seesaw/seesaw.cfg.example - a minimal seesaw.cfg provides the following:

  • anycast_enabled - True if anycast should be enabled for this cluster.
  • name - The short name of this cluster.
  • node_ipv4 - The IPv4 address of this Seesaw node.
  • peer_ipv4 - The IPv4 address of our peer Seesaw node.
  • vip_ipv4 - The IPv4 address for this cluster VIP.

The VIP floats between the Seesaw nodes and is only active on the current master. This address needs to be allocated within the same netblock as both the node IP address and peer IP address.

An example cluster.pb file can be found in etc/seesaw/cluster.pb.example - a minimal cluster.pb contains a seesaw_vip entry and two node entries. For each service that you want to load balance, a separate vserver entry is needed, with one or more vserver_entry sections (one per port/proto pair), one or more backends and one or more healthchecks. Further information is available in the protobuf definition - see pb/config/config.proto.

On an upstart based system, running restart seesaw_watchdog will start (or restart) the watchdog process, which will in turn start the other components.

Anycast

Seesaw v2 provides full support for anycast VIPs - that is, it will advertise an anycast VIP when it becomes available and will withdraw the anycast VIP if it becomes unavailable. For this to work the Quagga BGP daemon needs to be installed and configured, with the BGP peers accepting host-specific routes that are advertised from the Seesaw nodes within the anycast range (currently hardcoded as 192.168.255.0/24).

Command Line

Once initial configuration has been performed and the Seesaw components are running, the state of the Seesaw can be viewed and controlled via the Seesaw command line interface. Running seesaw (assuming /usr/bin is in your path) will give you an interactive prompt - type ? for a list of top level commands. A quick summary:

  • config reload - reload the cluster.pb from the current config source.
  • failover - failover between the Seesaw nodes.
  • show vservers - list all vservers configured on this cluster.
  • show vserver <name> - show the current state for the named vserver.

Troubleshooting

A Seesaw should have five components that are running under the watchdog - the process table should show processes for:

  • seesaw_ecu
  • seesaw_engine
  • seesaw_ha
  • seesaw_healthcheck
  • seesaw_ncc
  • seesaw_watchdog

All Seesaw v2 components have their own logs, in addition to the logging provided by the watchdog. If any of the processes are not running, check the corresponding logs in /var/log/seesaw (e.g. seesaw_engine.{log,INFO}).

seesaw's People

Contributors

0x67cq avatar 4a6f656c avatar baptr avatar blair avatar brandt avatar brianredbeard avatar dependabot[bot] avatar dmolik avatar drjosh9000 avatar hazaelsan avatar kunitake avatar liuyuan10 avatar michaelharo avatar mmattioli avatar pbootly avatar thanks173 avatar unicell avatar zhangbo1882 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

baptr bluemutedwisdom sheltowt benfinke srikalyan mageru xdevelsistemas ksmaheshkumar kakky0312 linearregression lantran noxiouz agradical peeyush113 starrybeam cc13ny superseb xuzhaokui andrewpsp brett-shwom netvisao yunkai mp-aspnetcore-rc1-projects duobianxing moujian irr reecewebb uranium62 aosmith rtvt123 ruo91 claudiouzelac stevenliuit eftychis tomzhang mahak sysbot simplydata dream-seeker tmp2 w4ngyi edusegzy joliny huayl suxinde2009 sierrezinal r-fujiwara leeccong easyfmxu is00hcw noscripter ahlfors imdaqian biztrology-kd milliant handong890 wisre fnet123 yogeshupadhyay thurday rayleyva hegzh chenbk85 neuroradiology nishanthvasudevan hj3938 jorbrown georgieva777 tantaroth lexlooworks langelee screscent tuyendothanh peidong-wang kingpro aliveon duanshuaimin mazharul muhaozhang leoyao waibo toney-kissinger seacoastboy zhangf911 ranjithkumarshetty magicafe yangtairen hinike wudimahua dinglinan jinfei21 qkbd leonardo-dg richardchen3511 hopkings2008 zzragida bobbwu jimishio fatpa liuvictory99

seesaw's Issues

UDP Round Robin Only going to single server

Dear All,

I am trying to setup UDP round robin load balancing for a SIEM application.

I have seesaw installed and working, I can see packets (using tcpdump on both vm's) going from the vip of 172.16.4.165 to the second server dl-clust-02.

Expected Behaviour
Each udp packet send to the VServer vip (172.16.4.165) from my logging endpoint would be sent to each server in turn i.e dl-clust-01 then dl-clust-02 then back to dl-clust-01 and so on.

Actual Behaviour
UDP packets are only sent to the dl-clust-02.

seesaw.cfg

`[cluster]
anycast_enabled = false
name = defencelogic-lb
node_ipv4 = 172.16.4.163
peer_ipv4 = 172.16.4.164
vip_ipv4 = 172.16.4.160

[config_server]
primary = lb1.
secondary = lb2.

[interface]
node = ens192
lb = ens160`

cluster.pb
`seesaw_vip: <
fqdn: "logger.."
ipv4: "172.16.4.160/24"
status: PRODUCTION

node: <
fqdn: "lb1.."
ipv4: "172.16.4.163/24"
status: PRODUCTION

node: <
fqdn: "lb2.."
ipv4: "172.16.4.164/24"
status: PRODUCTION

vserver: <
name: "logsvr."
entry_address: <
fqdn: "logsvr.."
ipv4: "172.16.4.165/24"
status: PRODUCTION

rp: "ad1@"
vserver_entry: <
protocol: UDP
port: 12201
scheduler: RR
server_low_watermark: 0.3
healthcheck: <
type: ICMP_PING
interval: 5
timeout: 3
retries: 1
>

backend: <
host: <
fqdn: "dl-clust-01.."
ipv4: "172.16.4.61/24"
status: PRODUCTION
>
weight: 1

backend: <
host: <
fqdn: "dl-clust-02.."
ipv4: "172.16.4.62/24"
status: PRODUCTION
>
weight: 1

`

Any helps appreciated.

Question: no neighbor statement issued to quagga?

Hi,

Trying (and failing) to get seesaw to advertise through quagga I don't seem to find any neighbor statement being sent to quagga.

What I see by parsing the code is something like this being sent:

router bgp 64512
address-family ipv4 unicast
network a.b.c.d/32

Manually toying with quagga with our network guys, I can't only get it to work by adding a neighbor like:

router bgp 65500
address-family ipv4 unicast
network a.b.c.d/32
neighbor e.f.g.h remote-as 65500

I have the following in my cluster.pb:

bgp_remote_asn: 65500
bgp_local_asn: 65500
bgp_peer: <
  fqdn: "name.of.my.router."
  ipv4: "e.f.g.h/28"
>

but as I see it, this peer is not used in any of the vty.Command calls? Am I missing something?

Best regards,
Lasse

ncc.Dial() without ncc.Close()

seesaw/engine/core.go

Lines 311 to 344 in 34716af

// gratuitousARP sends gratuitous ARP messages at regular intervals, if this
// node is the HA master.
func (e *Engine) gratuitousARP() {
arpTicker := time.NewTicker(e.config.GratuitousARPInterval)
var announced bool
for {
select {
case <-arpTicker.C:
if e.haManager.state() != seesaw.HAMaster {
if announced {
log.Infof("Stopping gratuitous ARPs for %s", e.config.ClusterVIP.IPv4Addr)
announced = false
}
continue
}
if !announced {
log.Infof("Starting gratuitous ARPs for %s via %s every %s",
e.config.ClusterVIP.IPv4Addr, e.config.LBInterface, e.config.GratuitousARPInterval)
announced = true
}
if err := e.ncc.Dial(); err != nil {
log.Fatalf("Failed to connect to NCC: %v", err)
}
defer e.ncc.Close()
if err := e.ncc.ARPSendGratuitous(e.config.LBInterface, e.config.ClusterVIP.IPv4Addr); err != nil {
log.Fatalf("Failed to send gratuitous ARP: %v", err)
}
case <-e.shutdownARP:
e.shutdownARP <- true
return
}
}
}

this will simply explode because it keeps calling L331 without Close() which gets deferred and never gets executed.

The ncc.Dial() and ncc.Close() pattern is odd.

  • It leaves the burden of dial/close to client
  • It does refcounting to save a connection to which I think is fine to keep the connection open.

Unable to install seesaw on docker container CentOS Linux release 7.7.1908 (Core).

I'm running a docker container of CentOS Linux release 7.7.1908 (Core).

### Installing Go
I can't install libnl-3-dev or libnl-genl-3-dev. I get the results of "no package available"
I can install libnl successfully. Unsure if that gives me the prerequirements for this or not.

The other packages I'm able to install successfully: curl, git, gcc, make, libcap2-bin, protobuf-compiler, golang.

go env

GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOENV="/root/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/root/go"
GOPRIVATE=""
GOPROXY="direct"
GOROOT="/usr/lib/golang"
GOSUMDB="off"
GOTMPDIR=""
GOTOOLDIR="/usr/lib/golang/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/root/go/src/github.com/google/seesaw/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build090985420=/tmp/go-build -gno-record-gcc-switches"

I've setup Go successfully.
go get -u golang.org/x/crypto/ssh
go get -u github.com/dlintw/goconf
go get -u github.com/golang/glog
go get -u github.com/golang/protobuf/{proto,protoc-gen-go}
go get -u github.com/miekg/dns
go get -u github.com/kylelemons/godebug/pretty

I'm having issues when I try to install seesaw.

go get -u github.com/google/seesaw
package github.com/google/seesaw: no Go files in /root/go/src/github.com/google/seesaw
I get the results that it doesn't exist. Yet it does exist, when I immediately look at the folder contents of that directory.
ls /root/go/src/github.com/google/seesaw
CONTRIBUTING Makefile binaries common ecu etc go.sum healthcheck ncc pb test_tools
LICENSE README.md cli doc engine go.mod ha ipvs netlink quagga watchdog

I'm unable to successfully run "make test", fails on netlink/netlink.h

make test
go build ./...
go: downloading github.com/dlintw/goconf v0.0.0-20120228082610-dcc070983490
go: downloading github.com/golang/protobuf v1.3.2
go: downloading github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
go: downloading github.com/miekg/dns v1.1.15
go: downloading golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4
go: extracting github.com/dlintw/goconf v0.0.0-20120228082610-dcc070983490
go: extracting github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
go: extracting github.com/golang/protobuf v1.3.2
go: extracting github.com/miekg/dns v1.1.15
go: downloading golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3
go: downloading golang.org/x/sys v0.0.0-20190412213103-97732733099d
go: extracting golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4
go: extracting golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3
go: extracting golang.org/x/sys v0.0.0-20190412213103-97732733099d
go: finding github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
go: finding github.com/dlintw/goconf v0.0.0-20120228082610-dcc070983490
go: finding golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4
go: finding github.com/golang/protobuf v1.3.2
go: finding github.com/miekg/dns v1.1.15
go: finding golang.org/x/sys v0.0.0-20190412213103-97732733099d
go: finding golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3

github.com/google/seesaw/netlink

netlink/cfuncs.go:22:29: fatal error: netlink/netlink.h: No such file or directory
#include <netlink/netlink.h>
^
compilation terminated.
make: *** [all] Error 2

make install also fails for me, on the netlink/netlink.h again

make install
go build ./...

github.com/google/seesaw/netlink

netlink/cfuncs.go:22:29: fatal error: netlink/netlink.h: No such file or directory
#include <netlink/netlink.h>
^
compilation terminated.
make: *** [all] Error 2

When I run the default "seesaw_install.sh" script I get the following results.

install: cannot stat '/bin/seesaw_cli': No such file or directory
install: cannot stat '/bin/seesaw_ecu': No such file or directory
install: cannot stat '/bin/seesaw_engine': No such file or directory
install: cannot stat '/bin/seesaw_ha': No such file or directory
install: cannot stat '/bin/seesaw_healthcheck': No such file or directory
install: cannot stat '/bin/seesaw_ncc': No such file or directory
install: cannot stat '/bin/seesaw_watchdog': No such file or directory
Failed to set capabilities on file `/usr/local/seesaw/seesaw_ha' (No such file or directory)
usage: setcap [-q] [-v] (-r|-|) [ ... (-r|-|) ]

Note must be a regular (non-symlink) file.
Failed to set capabilities on file `/usr/local/seesaw/seesaw_healthcheck' (No such file or directory)
usage: setcap [-q] [-v] (-r|-|) [ ... (-r|-|) ]

Note must be a regular (non-symlink) file.

Health Check notification - Send failed

Consistently see healthcheck notification failed to send in some of the deployments

Client has the following errors in the log

E0301 16:41:25.941121  157041 core.go:616] Send failed 1 times: read unix @->/var/run/seesaw/engine/engine.sock?backlog=8192: i/o timeout
..........
E0301 16:45:41.944832  157041 core.go:616] Send failed 9 times: read unix @->/var/run/seesaw/engine/engine.sock?backlog=8192: i/o timeout
E0301 16:46:13.945305  157041 core.go:616] Send failed 10 times: read unix @->/var/run/seesaw/engine/engine.sock?backlog=8192: i/o timeout

Server has the /var/run/seesaw/engine/engine.sock connections are piling up

ss | grep engine.sock | wc -l
15905

Any pointers to why this error happening will be helpful

Compile issues on Ubuntu 16.04, golang 1.10.1

I ran into a couple of compile issues on Ubuntu 16.04, golang 1.10.1

Incorrect variable type in engine/vserver_test.go:972 - both values need to be %t instead of %s.
incorrect variable type in healthcheck/dns.go:143 - rc needs to be %d instead of %s.

Can't install seesaw

Hello,

I've tried quite a few things trying to install and setup seesaw load balancer, unfortunately when doing "Make test" I get few fails on "go test ./" task.

For the background I tried in ubuntu 22.04 and ubuntu 20.04 servers, now I'm at ubuntu 22.04, go language is installed from apt packages instead of downloading it from github. All attempts ended with the same output. $Path is declared, seesaw directory is under go directory itself too, but I can't figure it out why I can't make this work, am I doing something wrong?

here's th eoutput of make test. Thank you for help, advice in advance.

root@testtest:/usr/lib/go-1.18/src/github.com/google/seesaw# make test
go build ./...
go test ./...

github.com/google/seesaw/common/conn

common/conn/ipc.go:97:9: github.com/google/seesaw/common/ipc.ConfigSource composite literal uses unkeyed fields
common/conn/rpc.go:107:9: github.com/google/seesaw/common/ipc.ConfigSource composite literal uses unkeyed fields

github.com/google/seesaw/cli

cli/show.go:190:12: github.com/google/seesaw/common/seesaw.NodesByIPv4 composite literal uses unkeyed fields
cli/state.go:50:40: github.com/google/seesaw/common/seesaw.VserverOverride composite literal uses unkeyed fields
? github.com/google/seesaw/binaries/seesaw_cli [no test files]
? github.com/google/seesaw/binaries/seesaw_ecu [no test files]
? github.com/google/seesaw/binaries/seesaw_engine [no test files]
? github.com/google/seesaw/binaries/seesaw_ha [no test files]
? github.com/google/seesaw/binaries/seesaw_healthcheck [no test files]
? github.com/google/seesaw/binaries/seesaw_ncc [no test files]
? github.com/google/seesaw/binaries/seesaw_watchdog [no test files]
ok github.com/google/seesaw/common/ipc (cached)
ok github.com/google/seesaw/common/seesaw (cached)
ok github.com/google/seesaw/engine 8.916s
ok github.com/google/seesaw/engine/config (cached)

github.com/google/seesaw/ha

ha/engine_client.go:77:49: github.com/google/seesaw/common/ipc.HAState composite literal uses unkeyed fields
ha/engine_client.go:96:50: github.com/google/seesaw/common/ipc.HAStatus composite literal uses unkeyed fields
FAIL github.com/google/seesaw/ha [build failed]
ok github.com/google/seesaw/healthcheck 10.678s
--- FAIL: TestDestinationNetlinkMarshal (0.00s)
ipvs_test.go:543: Got netlink bytes []byte{0x6c, 0x0, 0x0, 0x0, 0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x58, 0x0, 0x2, 0x80, 0x14, 0x0, 0x1, 0x0, 0x20, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xca, 0xfe, 0x6, 0x0, 0x2, 0x0, 0x0, 0x35, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0xf4, 0xf3, 0xf2, 0xf1, 0x8, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5, 0x0, 0xd0, 0x7, 0x0, 0x0, 0x8, 0x0, 0x6, 0x0, 0xe8, 0x3, 0x0, 0x0, 0x8, 0x0, 0x7, 0x0, 0x4e, 0x61, 0xbc, 0x0, 0x8, 0x0, 0x8, 0x0, 0xb1, 0x7f, 0x39, 0x5, 0x8, 0x0, 0x9, 0x0, 0xd2, 0x4, 0x0, 0x0}, want []byte{0x6c, 0x0, 0x0, 0x0, 0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x58, 0x0, 0x2, 0x0, 0x14, 0x0, 0x1, 0x0, 0x20, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xca, 0xfe, 0x6, 0x0, 0x2, 0x0, 0x0, 0x35, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0xf4, 0xf3, 0xf2, 0xf1, 0x8, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5, 0x0, 0xd0, 0x7, 0x0, 0x0, 0x8, 0x0, 0x6, 0x0, 0xe8, 0x3, 0x0, 0x0, 0x8, 0x0, 0x7, 0x0, 0x4e, 0x61, 0xbc, 0x0, 0x8, 0x0, 0x8, 0x0, 0xb1, 0x7f, 0x39, 0x5, 0x8, 0x0, 0x9, 0x0, 0xd2, 0x4, 0x0, 0x0}
--- FAIL: TestServiceNetlinkMarshal (0.00s)
ipvs_test.go:583: Got netlink bytes []byte{0x68, 0x0, 0x0, 0x0, 0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x54, 0x0, 0x1, 0x80, 0x6, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6, 0x0, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x14, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4, 0x0, 0x50, 0x0, 0x0, 0x0, 0x8, 0x0, 0x6, 0x0, 0x77, 0x6c, 0x63, 0x0, 0xc, 0x0, 0x7, 0x0, 0xf4, 0xf3, 0xf2, 0xf1, 0xff, 0xff, 0xff, 0xff, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x9, 0x0, 0xff, 0xff, 0xff, 0xff}, want []byte{0x68, 0x0, 0x0, 0x0, 0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x54, 0x0, 0x1, 0x0, 0x6, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6, 0x0, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x14, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4, 0x0, 0x50, 0x0, 0x0, 0x0, 0x8, 0x0, 0x6, 0x0, 0x77, 0x6c, 0x63, 0x0, 0xc, 0x0, 0x7, 0x0, 0xf4, 0xf3, 0xf2, 0xf1, 0xff, 0xff, 0xff, 0xff, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x9, 0x0, 0xff, 0xff, 0xff, 0xff}
FAIL
FAIL github.com/google/seesaw/ipvs 0.004s
--- FAIL: TestMessageMarshal (0.00s)
message_test.go:197: Got netlink bytes []byte{0x68, 0x0, 0x0, 0x0, 0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x54, 0x0, 0x1, 0x80, 0x6, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6, 0x0, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x14, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4, 0x0, 0x50, 0x0, 0x0, 0x0, 0x8, 0x0, 0x6, 0x0, 0x77, 0x6c, 0x63, 0x0, 0xc, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff, 0xff, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x9, 0x0, 0xff, 0xff, 0xff, 0xff}, want []byte{0x68, 0x0, 0x0, 0x0, 0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x54, 0x0, 0x1, 0x0, 0x6, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6, 0x0, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x14, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4, 0x0, 0x50, 0x0, 0x0, 0x0, 0x8, 0x0, 0x6, 0x0, 0x77, 0x6c, 0x63, 0x0, 0xc, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff, 0xff, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x9, 0x0, 0xff, 0xff, 0xff, 0xff}
FAIL
FAIL github.com/google/seesaw/netlink 0.004s
ok github.com/google/seesaw/quagga (cached)
make: *** [Makefile:25: test] Error 2

Seesaw.cfg Configuration Server functionality

Dear Sirs,

In the seeswaw.cfg you enable the following

[config_server]
primary = lb1.<domain fqdn>
secondary = lb2.<domain fqdn>

In the /var/log/seesaw/seesaw_engine.INFO log you get

W0728 15:14:34.870323    5083 fetcher.go:186] Fetch failed: fetch failed from https://lb1.<domain fqdn>l:10255/config/defencelogic-lb (172.16.4.163): dial tcp 172.16.4.163:10255: connect: connection refused
W0728 15:14:34.870672    5083 fetcher.go:186] Fetch failed: fetch failed from https://lb2.<domain fqdn>:10255/config/defencelogic-lb (172.16.4.164): dial tcp 172.16.4.164:10255: connect: connection refused
E0728 15:14:34.870683    5083 notifier.go:159] Failed to pull configuration: all config server requests failed

Is there a way to disable this functionality as it does not seem to affect seesaw's operation? Alternatively, can someone point in the direction of some documentation on how to set this feature up?

Any help appreciated.

error unble to install seesaw

strange unable to compile it. I've followed following steps accordingly,

downloaded the package into into /home/software/seesaw-master

apt-get install golang
apt-get install libnl-3-dev libnl-genl-3-dev
go get -u golang.org/x/crypto/ssh
go get -u github.com/dlintw/goconf
go get -u github.com/golang/glog
go get -u github.com/miekg/dns
go get -u github.com/kylelemons/godebug/pretty
apt-get install protobuf-compiler
go get -u github.com/golang/protobuf/{proto,protoc-gen-go}

go env output

GOARCH="amd64"
GOBIN="/usr/bin/go"
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/usr/share/go-1.6"
GORACE=""
GOROOT="/usr/lib/go-1.6"
GOTOOLDIR="/usr/lib/go-1.6/pkg/tool/linux_amd64"
GO15VENDOREXPERIMENT="1"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0"
CXX="g++"
CGO_ENABLED="1"

cd /home/software/seesaw-master

when running " make test " command it give following errors

go build ./...
binaries/seesaw_cli/main.go:31:2: cannot find package "github.com/google/seesaw/cli" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/cli (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/cli (from $GOPATH)
binaries/seesaw_cli/main.go:32:2: cannot find package "github.com/google/seesaw/common/conn" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/common/conn (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/common/conn (from $GOPATH)
binaries/seesaw_cli/main.go:33:2: cannot find package "github.com/google/seesaw/common/ipc" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/common/ipc (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/common/ipc (from $GOPATH)
binaries/seesaw_cli/main.go:34:2: cannot find package "github.com/google/seesaw/common/seesaw" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/common/seesaw (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/common/seesaw (from $GOPATH)
binaries/seesaw_ecu/main.go:24:2: cannot find package "github.com/google/seesaw/common/server" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/common/server (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/common/server (from $GOPATH)
binaries/seesaw_ecu/main.go:25:2: cannot find package "github.com/google/seesaw/ecu" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/ecu (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/ecu (from $GOPATH)
binaries/seesaw_engine/main.go:30:2: cannot find package "github.com/google/seesaw/engine" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/engine (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/engine (from $GOPATH)
binaries/seesaw_engine/main.go:29:2: cannot find package "github.com/google/seesaw/engine/config" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/engine/config (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/engine/config (from $GOPATH)
binaries/seesaw_ha/main.go:27:2: cannot find package "github.com/google/seesaw/ha" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/ha (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/ha (from $GOPATH)
binaries/seesaw_healthcheck/main.go:26:2: cannot find package "github.com/google/seesaw/healthcheck" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/healthcheck (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/healthcheck (from $GOPATH)
binaries/seesaw_ncc/main.go:33:2: cannot find package "github.com/google/seesaw/ncc" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/ncc (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/ncc (from $GOPATH)
binaries/seesaw_watchdog/main.go:27:2: cannot find package "github.com/google/seesaw/watchdog" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/watchdog (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/watchdog (from $GOPATH)
cli/show.go:29:2: cannot find package "github.com/google/seesaw/quagga" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/quagga (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/quagga (from $GOPATH)
common/seesaw/seesaw.go:27:2: cannot find package "github.com/google/seesaw/ipvs" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/ipvs (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/ipvs (from $GOPATH)
engine/core.go:36:2: cannot find package "github.com/google/seesaw/ncc/client" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/ncc/client (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/ncc/client (from $GOPATH)
engine/core.go:37:2: cannot find package "github.com/google/seesaw/ncc/types" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/ncc/types (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/ncc/types (from $GOPATH)
engine/config/config.go:32:2: cannot find package "github.com/google/seesaw/pb/config" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/pb/config (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/pb/config (from $GOPATH)
ipvs/ipvs.go:27:2: cannot find package "github.com/google/seesaw/netlink" in any of:
/usr/lib/go-1.6/src/github.com/google/seesaw/netlink (from $GOROOT)
/usr/share/go-1.6/src/github.com/google/seesaw/netlink (from $GOPATH)
Makefile:2: recipe for target 'all' failed
make: *** [all] Error 1

Any idear what's wrong looking forward for your kind response.

Regards
Tehseen

centos7.9 Failed to initialise LB interface: Failed to get network interface: route ip+net: no such network interface

How to solve the problem after starting seesaw_watchdog.service on centos and reporting Failed to get network interface: route ip+net: no such network interface

Deployment steps:
yum install epel-release -y
yum -y erase git
yum -y install https://repo.ius.io/ius-release-el7.rpm
yum -y install git222 ipvsadm golang protobuf-compiler libnl3-devel
echo ip_vs > /etc/modules-load.d/ipvs.conf
echo ip_vs_wrr>/etc/modules-load.d/ipvs.conf
echo nf_conntrack_ipv4 > /etc/modules-load.d/nf_conntrack.conf
modprobe dummy numdummies=1
echo "options dummy numdummies=1" > /etc/modprobe.d/dummy.conf
systemctl restart systemd-modules-load.service
ip link add ip+net type dummy

cd /root && mkdir go && export GOPATH=/root/go
go get -u golang.org/x/crypto/ssh
go get -u github.com/dlintw/goconf
go get -u github.com/golang/glog
go get -u github.com/miekg/dns
go get -u github.com/kylelemons/godebug/pretty
go get -u github.com/golang/protobuf/proto
export PATH=$PATH:${GOPATH}/bin
go get -u github.com/google/seesaw

cd /root/go/src/github.com/google/seesaw/
make test
make install
cp -r /root/go/src/github.com/google/seesaw/etc /root/go/bin/

cd /root/go/bin && vi /root/go/bin/install.sh
SEESAW_BIN="/usr/local/seesaw"
SEESAW_ETC="/etc/seesaw"
SEESAW_LOG="/var/log/seesaw"

INIT=ps -p 1 -o comm=

install -d "${SEESAW_BIN}" "${SEESAW_ETC}" "${SEESAW_LOG}"

install "${GOPATH}/bin/seesaw_cli" /usr/bin/seesaw

for component in {ecu,engine,ha,healthcheck,ncc,watchdog}; do
install "${GOPATH}/bin/seesaw_${component}" "${SEESAW_BIN}"
done

if [ $INIT = "init" ]; then
install "etc/init/seesaw_watchdog.conf" "/etc/init"
elif [ $INIT = "systemd" ]; then
install "etc/systemd/system/seesaw_watchdog.service" "/etc/systemd/system"
systemctl --system daemon-reload
fi
install "etc/seesaw/watchdog.cfg" "${SEESAW_ETC}"

Enable CAP_NET_RAW for seesaw binaries that require raw sockets.

/sbin/setcap cap_net_raw+ep "${SEESAW_BIN}/seesaw_ha"
/sbin/setcap cap_net_raw+ep "${SEESAW_BIN}/seesaw_healthcheck"

chmod +x install.sh
./install.sh
systemctl status seesaw_watchdog
systemctl enable seesaw_watchdog
cd /root/go/bin/etc/seesaw
cp cluster.pb.example seesaw.cfg.example /etc/seesaw
cd /etc/seesaw
mv cluster.pb.example cluster.pb
mv seesaw.cfg.example seesaw.cfg
systemctl --system daemon-reload
systemctl --now enable seesaw_watchdog.service

Failed to add VIP

Unable to start seesaw_engine and checking /var/log/seesaw/seesaw_engine.INFO, I get the error F0102 23:51:23.323436 2584 vserver.go:1359] [email protected]: failed to add VIP 10.240.11.65: IP run "addr add 10.240.11.65/24 brd 10.240.11.255 dev ens4": exit status 2
seesaw.cfg is:

[cluster]
anycast_enabled = false
name = seesaw-br11
node_ipv4 = 10.240.11.42
peer_ipv4 = 10.240.11.41
vip_ipv4 = 10.240.11.65

[interface]
node = ens3
lb = ens4

ip addr show:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:0b:fd:27 brd ff:ff:ff:ff:ff:ff
    inet 10.240.11.42/24 brd 10.240.11.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe0b:fd27/64 scope link 
       valid_lft forever preferred_lft forever
3: ens4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:5e:00:01:3c brd ff:ff:ff:ff:ff:ff
    inet 10.240.11.65/24 brd 10.240.11.255 scope global ens4
       valid_lft forever preferred_lft forever
4: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether c6:28:2b:65:89:b0 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::c428:2bff:fe65:89b0/64 scope link 
       valid_lft forever preferred_lft forever

systemctl status seesaw_watchdog:

seesaw_watchdog.service - Seesaw v2 watchdog
   Loaded: loaded (/etc/systemd/system/seesaw_watchdog.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-01-02 23:51:15 EST; 8min ago
 Main PID: 2486 (seesaw_watchdog)
    Tasks: 44 (limit: 2362)
   CGroup: /system.slice/seesaw_watchdog.service
           โ”œโ”€2486 /usr/local/seesaw/seesaw_watchdog
           โ”œโ”€2503 seesaw_ncc -log_dir=/var/log/seesaw
           โ”œโ”€2510 seesaw_ecu -log_dir=/var/log/seesaw
           โ”œโ”€2518 seesaw_healthcheck -log_dir=/var/log/seesaw
           โ””โ”€2945 seesaw_ha -log_dir=/var/log/seesaw

Is there any guides with regards to interface configuration.

Unable to start SeeSaw

I have SeeSaw compiled and installed on Centos 7. The Watchdog service starts and kicks off the other 5 components but the Engine fails to start (see log below).

The log file doesn't really give me any clues as to what its not happy about. Any pointers on where I should be looking ?

[root@seesaw-1 bin]# ./seesaw_engine
F0306 19:55:43.201250 60397 core.go:250] Failed to connect to NCC: Failed to establish connection: dial unix /var/run/seesaw/nc c/ncc.sock: connect: no such file or directory
goroutine 1 [running]:
github.com/golang/glog.stacks(0xc420117500, 0xc4201d2000, 0xb0, 0x1c6)

[root@seesaw-1 seesaw]# more seesaw_engine.INFO
Log file created at: 2018/03/06 19:46:52
Running on machine: seesaw-1
Binary: Built with gc go1.9.2 for linux/amd64
Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg
I0306 19:46:52.217240 60124 core.go:121] Seesaw Engine starting for seesaw
F0306 19:46:53.724640 60124 core.go:250] Failed to connect to NCC: Failed to establish connection: dial unix /var/run/seesaw/ncc/ncc.sock: connect: no such file or directory
goroutine 1 [running]:
github.com/golang/glog.stacks(0xc42000e001, 0xc4202ce000, 0x3ba, 0x2710)

Virtual IPs in different networks supported?

Hi,

I'm trying to load balance traffic from different physical networks with a KVM virtualized seesaw.
Is there any seesaw configuration that would support such a scenario?
As far as I could see, there is only one interface supported for loadbalancing in seesaw.cfg

In case such a scenario is not possible via configuration, I would also appreciate suggestions on how an implementation/PR could look like.

Come up with a monitoring strategy

We should come up with at least a high level strategy for monitoring seesaw nodes. Some possibilities:

  • OpenTelemetry
  • Prometheus
  • ???

In any case, we should make it easy for alternative implementations to exist, should users need to plug in their own.

Unable to start seesaw

I have successfully installed seesaw with out any error and Im sharing it here hope it will help other beginners like me.

Installing Go

apt-get update
apt-get install libnl-3-dev libnl-genl-3-dev
apt-get install curl git gcc make
apt-get install libcap2-bin
apt-get install protobuf-compiler
apt-get install golang

After Installing golan run following command

go env

Follwong output:

GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH=""
GORACE=""
GOROOT="/usr/lib/go-1.6"
GOTOOLDIR="/usr/lib/go-1.6/pkg/tool/linux_amd64"
GO15VENDOREXPERIMENT="1"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0"
CXX="g++"
CGO_ENABLED="1"

Fixing Path issue:

This path GOPATH="" should not be empty to fix this use following

export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

For permanant path fix:

vi /root/.bashrc

Paste the following line at the end of file:

export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

Now, It has to install Go packages in your GOPATH and in my case path is: /root/go

Settingup-Go

go get -u golang.org/x/crypto/ssh
go get -u github.com/dlintw/goconf
go get -u github.com/golang/glog
go get -u github.com/golang/protobuf/{proto,protoc-gen-go}
go get -u github.com/miekg/dns
go get -u github.com/kylelemons/godebug/pretty
go get -u github.com/google/seesaw

Compiling Seesaw Code:

cd /root/go/src/github.com/google/seesaw/
make test
make install

Copy Installation-Script

copy seesaw_install.sh script and paste it into following path

cd /root/go/bin
chmod +x seesaw_install.sh
./seesaw_install.sh

Modified the Install Script:

SEESAW_BIN="/usr/local/seesaw"
SEESAW_ETC="/etc/seesaw"
SEESAW_LOG="/var/log/seesaw"

INIT=`ps -p 1 -o comm=`

install -d "${SEESAW_BIN}" "${SEESAW_ETC}" "${SEESAW_LOG}"

install "${GOPATH}/bin/seesaw_cli" /usr/bin/seesaw

for component in {ecu,engine,ha,healthcheck,ncc,watchdog}; do
install "${GOPATH}/bin/seesaw_${component}" "${SEESAW_BIN}"
done

if [ $INIT = "init" ]; then
#install "etc/init/seesaw_watchdog.conf" "/etc/init"
install "/root/go/src/github.com/google/seesaw/etc/init/seesaw_watchdog.conf" "/etc/init"
#elif [ $INIT = "systemd" ]; then
#install "etc/systemd/system/seesaw_watchdog.service" "/etc/systemd/system"
#systemctl --system daemon-reload
fi
#install "etc/seesaw/watchdog.cfg" "${SEESAW_ETC}"
install "/root/go/src/github.com/google/seesaw/etc/seesaw/watchdog.cfg" "${SEESAW_ETC}"
install "/root/go/src/github.com/google/seesaw/pb/config/config.proto" "${SEESAW_ETC}" 
install "/root/go/src/github.com/google/seesaw/etc/seesaw/seesaw.cfg.example" "${SEESAW_ETC}"
install "/root/go/src/github.com/google/seesaw/etc/seesaw/cluster.pb.example" "${SEESAW_ETC}"
/bin/mv /etc/seesaw/seesaw.cfg.example /etc/seesaw/seesaw.cfg
/bin/mv /etc/seesaw/cluster.pb.example /etc/seesaw/cluster.pb
#Enable CAP_NET_RAW for seesaw binaries that require raw sockets.
/sbin/setcap cap_net_raw+ep "${SEESAW_BIN}/seesaw_ha"
/sbin/setcap cap_net_raw+ep "${SEESAW_BIN}/seesaw_healthcheck"

Now I'm stuck where to get start with , Ive made following changes in seesaw.cfg and cluster.pb file.

Seesaw_cfg_file:

[cluster]
anycast_enabled = false
name = au-syd
node_ipv4 = 192.168.27.251
peer_ipv4 = 192.168.27.252
vip_ipv4 = 192.168.254.2

[config_server]
primary = seesaw-host1.com
secondary = seesaw-host2.com
#tertiary = seesaw-config3.example.com

[interface]
node = ens33  #Ethernet-1 on seesaw server
lb = ens34   #Ehetrnet-2 on seesaw server

Cluster_pb_file:

seesaw_vip: <
  fqdn: "seesaw-vip1.hostlb.com." #seesaw-server name
  ipv4: "192.168.254.2/24" #ip on seesaw-server  eth2
  status: PRODUCTION
>
node: <
  fqdn: "seesaw-host1.com." #vm-machine-1
  ipv4: "192.168.27.251" #ip on vm-machine eth1
  status: PRODUCTION
>
node: <
  fqdn: "seesaw-host2.com." #vm-machine-2
  ipv4: "192.168.27.252" #ip on vm-machine eth1
  status: PRODUCTION
>
healthcheck: <
    type: HTTP
    interval: 4
    timeout: 1
    port: 11000
    send: "/healthz"
    tls_verify: false
  >

Can any one guide me hwo to set itup furhter and run this? I'm lost

Regards
Tehseen

netlink lib may have problem of memory leak.

Hello:
i use ipvs lib to get lvs info and when the code running long time, memory growed.

i use cmd: valgrind --leak-check=full --track-origins=yes ./lvs-metrics -c cfg.json -log_dir var/

get result as:

==24132== HEAP SUMMARY:
==24132== in use at exit: 9,888 bytes in 39 blocks
==24132== total heap usage: 21,043 allocs, 21,004 frees, 21,918,842 bytes allocated
==24132==
==24132== 224 bytes in 1 blocks are definitely lost in loss record 1 of 27
==24132== at 0x4A057BB: calloc (vg_replace_malloc.c:593)
==24132== by 0x4C2E52E: nl_cb_alloc (in /usr/lib64/libnl-3.so.200.16.1)
==24132== by 0x4C3261E: nl_socket_alloc (in /usr/lib64/libnl-3.so.200.16.1)
==24132== by 0x7588E3: _cgo_3a5013fcd522_Cfunc_nl_socket_alloc (netlink.go:144)
==24132== by 0x46012F: runtime.asmcgocall (/home/work/go/src/runtime/asm_amd64.s:582)
==24132== by 0x7: ???
==24132== by 0xC82003CC07: ???
==24132== by 0x403FE9: runtime.cgocall (/home/work/go/src/runtime/cgocall.go:110)
==24132== by 0x43359F: runtime.startTheWorldWithSema (/home/work/go/src/runtime/proc.go:983)
==24132== by 0xC82001F4FF: ???
==24132== by 0x1101: ???
==24132== by 0xC8200745FF: ???
==24132==
==24132== 224 bytes in 1 blocks are definitely lost in loss record 2 of 27
==24132== at 0x4A057BB: calloc (vg_replace_malloc.c:593)
==24132== by 0x4C2E52E: nl_cb_alloc (in /usr/lib64/libnl-3.so.200.16.1)
==24132== by 0x4C3261E: nl_socket_alloc (in /usr/lib64/libnl-3.so.200.16.1)
==24132== by 0x7588E3: _cgo_3a5013fcd522_Cfunc_nl_socket_alloc (netlink.go:144)
==24132== by 0x46012F: runtime.asmcgocall (/home/work/go/src/runtime/asm_amd64.s:582)
==24132== by 0x7: ???
==24132== by 0xC82014FBD7: ???
==24132== by 0x403FE9: runtime.cgocall (/home/work/go/src/runtime/cgocall.go:110)
==24132== by 0x43359F: runtime.startTheWorldWithSema (/home/work/go/src/runtime/proc.go:983)
==24132== by 0xC82046B3BF: ???
==24132== by 0x1101: ???
==24132== by 0xC82046B37F: ???

my code in https://github.com/mesos-utility/lvs-metrics cron/lvs.go cron/collector.go

i call the code of ipvs.Init() in cron/collector.go, i need call some code for release resource?

Using go based netlink instead of libnl

Hi All,

Is there a plan to use a go based netlink library instead of libnl in the future? Or Has it been considered already? This is a go based netlink implementation but im not sure if it already supports VS based messages yet.

We are planning to use seesaw for a larger project like kubernetes to support IPVS and it would be great to know its roadmap.

CC: @baptr

Thanks in Advance,
Dhilip

Setting up Google Seesaw

Hello Gents and possibly ladies.

I have been trying to get the Seesaw up and running with little success. I have been following the github guide and ran into some issues. I hope someone can help me out with them.

First issue. When I download the seesaw files from github and run make test I get this error:

? github.com/google/seesaw/common/server [no test files]
? github.com/google/seesaw/ecu [no test files]

github.com/google/seesaw/healthcheck

healthcheck/dns.go:143: Sprintf format %s has arg rc of wrong type int

github.com/google/seesaw/engine

engine/vserver_test.go:972: Errorf format %s has arg got of wrong type bool
FAIL github.com/google/seesaw/engine [build failed]
ok github.com/google/seesaw/engine/config 0.006s
ok github.com/google/seesaw/ha (cached)
FAIL github.com/google/seesaw/healthcheck [build failed]
ok github.com/google/seesaw/ipvs (cached)
? github.com/google/seesaw/ncc [no test files]

Judging from the output there is something wrong with argument types. Because of this I get 2 FAILs on the Engine and Healthcheck. Is this serious or can it be ignored? And how could I fix this if necessary.

If I run the make install it compiles the seesaw_ files without any issues.

Another issue I ran into was actually installing the compiled executables.

The install script provided in the github didn't work for me, so I had to do it manually. When I do the install of the sessaw_ files and go to the destination folder I just see a copy of those files. (e.g. seesaw_engine etc.). I would expect to see a bunch of seesaw files instead, like when I install something on windows. These are some of the commands I used to install:
sudo install seesaw_ha /usr/local/seesaw
sudo install seesaw_healthcheck /usr/local/seesaw
sudo install seesaw_ncc /usr/local/seesaw

What am I doing wrong?

The last question is how do I get the seesaw started? I have seen some mention of seesaw_watchdog, but when I try to run it as a service or run restart seesaw_watchdog as suggested, I get unknown job/service.

Any help would be greatly appreciated.

Question: multiple interfaces

Is required the use of multiple interfaces? Or it can be the just one or an alias?
Context of this question: I want to provide multiple backends in keepalived-vip behind a flag so it's possible to choose between keepalived or seesaw

Thanks

Support for clients on realservers

Maybe I'm missing something, but out-of-the-box seesaw doesn't seem to support having the backend servers initiate TCP connections to outside servers (say, Gmail mail servers) for LVS-DR.

Here is a longer form explanation of an example setup with one outside client, one outside server, seesaw load balancer with a VIPand three backend real servers:

CIP = Client IP address (outside)
SIP = Server IP address (outside)
VIP = Virtual IP address of the seesaw service / vserver
RIP1 = Real (backend) server IP address number 1
RIP2 = Real (backend) server IP address number 2
RIP3 = Real (backend) server IP address number 3

Typically for LVS-DR, a client from outside will initiate TCP (say, port 25) connection with [source IP=CIP, source port=34567, destination IP=VIP, destination port=25] to the load balancer. Load balancer (if it has a matching vserver configured for port 25) then forwards via MAC address re-write to one of the backend servers, say server with RIP3. TCP Server living on that server sees a TCP SYN packet with [source IP=CIP, source port=34567, destination IP=VIP, destination port=25], the VIP being configured on one of its dummy interfaces. The TCP server on port 25 on the backend server with RIP3 will then respond with a SYN,ACK TCP packet with [source IP=VIP, source port=25, destination IP=CIP, destination port=34567] directly to the router and the packets end up on the client with IP address=CIP that originally initiated the TCP connection.

I am just describing this for clarity. This is what normal LVS-DR looks like and what seesaw typically does. This is when TCP connections are initiated from an outside client towards seesaw/VIP.

What about the reverse? Say I have a TCP client on one of the real (backend) servers. I want this client to initiate TCP connection with [source IP=VIP, source port=34568, destination IP=SIP, destination IP=25]. For the initial SYN package, this works fine, as it is send directly via the router, not through the seesaw director node. The outside server listening on SIP then responds with SYN,ACK packet with [source IP=SIP, source port=25, destination IP=VIP, destination port=34568]. Then the problem occurs: The seesaw node sees the packet coming in and, since its sent towards a port that isn't configured as a vserver (ephemeral port 34568), drops the packet and the connection isn't established.

Now, if I add the following configuration to the seesaw node by hand, it does work:

# iptables -I INPUT -p tcp -m tcp -d $VIP --sport 25 -j MARK --set-mark 0x1
# ipvsadm -A -f 1 -s rr
# ipvsadm -a -f 1 -r $RIP3 -g  # Just using RIP3 as an example here

Is there any other way to do this? As it looks now, I would have to fork seesaw to add this functionality into the code so it works with seesaw node switchover etc.

What does this error mean? Manager failed to determine haConfig

When starting seesaw, I saw following error in the seesaw_engine.ERROR file

E1016 17:16:02.756551 6427 core.go:366] Manager failed to determine haConfig: node 10.145.207.151 not configured

What does this mean? I do have seesaw.cfg and cluster.pb files and all the seesaw processes (watchdog, ncc, engine, ha, ecu, healthcheck) seem to be running.

10.145.207.151 is the current node, the peer is 10.145.207.153.
vip is configured on the lb NIC on both seesaw nodes. dummy0 is present too.

John

make test failure

Running make test results in a failure Makefile:23: recipe for target 'test' failed However make install seems to build the artifacts in $GOPATH/bin, is it okay to proceed.

CentOS 7 and could not determine kind of name for C.nl_socket_<alloc||free>

Trying to compile and install seesaw on a fully up2date CentOS 7.2 system:

[seesaw]# make test
go build ./...

github.com/google/seesaw/netlink

could not determine kind of name for C.nl_socket_alloc
could not determine kind of name for C.nl_socket_free
make: *** [all] Error 2

Anyone have any thoughts as to what I maybe doing wrong here ? Thanks.

Retry doesn't really happen when RPC health state update failed

This is not so obvious from healthcheck logs, but each time healthcheck component failed to update state back to the engine through RPC call, it always fails 11 times in a row and eventually bails out.

I1107 23:16:05.285266    2552 core.go:503] Getting healthchecks from engine...
I1107 23:16:05.286748    2552 core.go:509] Engine returned 2 healthchecks
E1107 23:16:06.294586    2552 core.go:590] Send failed: read unix @->/var/run/seesaw/engine/engine.sock: i/o timeout
E1107 23:16:08.294828    2552 core.go:590] Send failed: read unix @->/var/run/seesaw/engine/engine.sock: i/o timeout
E1107 23:16:10.295082    2552 core.go:590] Send failed: read unix @->/var/run/seesaw/engine/engine.sock: i/o timeout
I1107 23:16:12.243872    2552 core.go:317] ID 0x7000000000001: (TCP 10.5.52.160:80 DSR (via 10.220.22.33 mark 65536)) FAILURE: Timed out
I1107 23:16:12.293796    2552 core.go:317] ID 0x7000000000000: (TCP 10.5.52.31:443 DSR (via 10.220.22.33 mark 65536)) FAILURE: Timed out
E1107 23:16:12.295279    2552 core.go:590] Send failed: read unix @->/var/run/seesaw/engine/engine.sock: i/o timeout
E1107 23:16:14.295485    2552 core.go:590] Send failed: read unix @->/var/run/seesaw/engine/engine.sock: i/o timeout
E1107 23:16:16.295747    2552 core.go:590] Send failed: read unix @->/var/run/seesaw/engine/engine.sock: i/o timeout
E1107 23:16:18.295980    2552 core.go:590] Send failed: read unix @->/var/run/seesaw/engine/engine.sock: i/o timeout
I1107 23:16:20.287014    2552 core.go:503] Getting healthchecks from engine...
I1107 23:16:20.288315    2552 core.go:509] Engine returned 2 healthchecks
E1107 23:16:20.296185    2552 core.go:590] Send failed: read unix @->/var/run/seesaw/engine/engine.sock: i/o timeout
F1107 23:16:20.296236    2552 core.go:580] send: 11 errors, giving up

Compilation of seesaw/netlink failing

Hi,
trying to compile seesaw and the following errors came up:

cd $GOPATH/src/github.com/google/seesaw
make test

go build ./...

github.com/google/seesaw/netlink

netlink/netlink.go:520:9: could not determine kind of name for C.nl_socket_alloc
netlink/netlink.go:528:2: could not determine kind of name for C.nl_socket_free**
make: *** [all] Error 2

Environment is as follows:

]# go env
GO111MODULE=""
GOARCH="amd64"
GOBIN="/root/go_projects/bin"
GOCACHE="/root/.cache/go-build"
GOENV="/root/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/root/go_projects"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/lib/golang"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/lib/golang/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/root/go_projects/src/github.com/google/seesaw/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build106279875=/tmp/go-build -gno-record-gcc-switches"

libnl packages are:

libnl3-3.2.28-4.el7.x86_64
libnl-devel-1.1.4-3.el7.x86_64
libnl-1.1.4-3.el7.x86_64
libnl3-cli-3.2.28-4.el7.x86_64

go software is:

golang-1.13.4-0.el7.x86_64
golang-bin-1.13.4-0.el7.x86_64
golang-src-1.13.4-0.el7.noarch

Any ideas?

Question on seesaw

Hello,
I was reading code and documentation on seesaw and have few questions.
#1. In README.md, it said --- "Direct Server Return (DSR)" is used. To my knowledge, DSR means the backend server send response to the original server who sent request to VIP. But, I saw the code in "ncc/iptables.go" ---
// Rewrite source address for NAT'd packets so backend reply traffic comes
// back to the load balancer.
natPostrouting := "POSTROUTING -t nat -m ipvs -p {{.Proto}}{{with .Port}} --vport {{.}}{{end}} " +
"--vaddr {{.ServiceVIP}} -j SNAT --to-source {{.ClusterVIP}} --random"
Can someone clarify if seesaw backend server response to original server or to load balancer node?

#2 In README.rd, it said -- "Seesaw v2 is a Linux Virtual Server (LVS) based load balancing platform."
How LVS is used by seesaw? I noticed that ip_vs module is needed. But, seesaw is not using ipvsadm CLI.

Thanks for the help.
John

Question: problem with traffic not flowing through to the backend

Hi,

I'm trying to setup op a simple seesaw cluster, with one virtual ip, one vserver and two backends to loadbalacnce port 80 http traffic.

My problem is that everything seems like it is running as it should, but the loadbalancer doesn't seem to relay anything to the backends.

I have two servers with two NICs.

lb1.mydomain.com and lb2.mydomain.com

this is the seesaw.cfg from both servers:

lb1: cat /etc/seesaw/seesaw.cfg

[cluster]
anycast_enabled = false
name = lb1
node_ipv4 = 10.38.8.33
peer_ipv4 = 10.38.8.39
vip_ipv4 = 10.38.8.50

[interface]
node = eth0
lb = eth1

lb2: cat /etc/seesaw/seesaw.cfg

[cluster]
anycast_enabled = false
name = lb2
node_ipv4 = 10.38.8.39
peer_ipv4 = 10.38.8.33
vip_ipv4 = 10.38.8.50

[interface]
node = eth0
lb = eth1

This the cluster.pb:

seesaw_vip: <
  fqdn: "seesaw-vip.localdomain."
  ipv4: "10.38.8.50/24"
  status: PRODUCTION
>
node: <
  fqdn: "lb1.mydomain.com"
  ipv4: "10.38.8.33/24"
  status: PRODUCTION
>
node: <
  fqdn: "lb2.mydomain.com"
  ipv4: "10.38.8.39/24"
  status: PRODUCTION
>
vserver: <
  name: "test-vserver"
  entry_address: <
    fqdn: "lb-test.localdomain."
    ipv4: "10.38.8.70/24"
    status: PRODUCTION
  >
  rp: "admin@localdomain"
  vserver_entry: <
    protocol: TCP
    port: 80
    scheduler: RR
    healthcheck: <
      type: TCP
      port: 80
      tls_verify: false
    >
  >
  backend: <
    host: <
      fqdn: "mailrelay1.mydomain.com."
      ipv4: "10.38.8.32/24"
      status: PRODUCTION
    >
    weight: 1
  >
  backend: <
    host: <
      fqdn: "mailrelay2.mydomain.com."
      ipv4: "10.38.8.37/24"
      status: PRODUCTION
    >
    weight: 1
  >
>

seesaw reports this:

seesaw -c "show vservers"
Vserver
  Name:                test-vserver
  Hostname:            lb-test.localdomain.
  Status:              enabled (override state default; config state enabled)
  IPv4 Address:        10.38.8.70/24
  IPv6 Address:        <not configured>

  Services:

    IPv4 TCP/80    (DSR, rr scheduler)
        State:       enabled, healthy, active
        Watermarks:  Low 0.00, High 0.00, Currently 1.00

seesaw -c "show backends"
Backends
[   1] mailrelay1.mydomain.one.com.
[   2] mailrelay2.mydomain.one.com.

seesaw -c "show destinations"
Destinations
[   1] test-vserver/10.38.8.32:80/TCP (enabled, healthy, active)
[   2] test-vserver/10.38.8.37:80/TCP (enabled, healthy, active)

seesaw -c "show ha"
HA Status
  State:               Master
  Duration:            1m57s (since Aug 8 11:04:25 UTC)
  Transitions:         2
  Advertisements Sent: 230
  Advertisements Rcvd: 0
  Last Update:         Aug 8 11:06:20 UTC

seesaw -c "show nodes"
Nodes
[1] lb1.mydomain.one.com enabled
[2] lb2.mydomain.one.com enabled

Other info from lb1:

ip route
default via 10.38.8.1 dev eth0 
10.38.8.0/24 dev eth0  proto kernel  scope link  src 10.38.8.33 
10.38.8.0/24 dev eth1  proto kernel  scope link  src 10.38.8.50 

ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether ca:66:a4:02:dc:98 brd ff:ff:ff:ff:ff:ff
3: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
    link/ether de:15:b8:15:94:3f brd ff:ff:ff:ff:ff:ff
    inet6 fe80::dc15:b8ff:fe15:943f/64 scope link 
       valid_lft forever preferred_lft forever
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 54:9f:35:fe:42:2e brd ff:ff:ff:ff:ff:ff
    inet 10.38.8.33/24 brd 10.38.8.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::569f:35ff:fefe:422e/64 scope link 
       valid_lft forever preferred_lft forever
5: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:00:5e:00:01:3c brd ff:ff:ff:ff:ff:ff
    inet 10.38.8.50/24 brd 10.38.8.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet 10.38.8.70/24 brd 10.38.8.255 scope global secondary eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::200:5eff:fe00:13c/64 scope link 
       valid_lft forever preferred_lft forever

ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.38.8.70:80 rr
  -> 10.38.8.32:80                Route   1      0          0         
  -> 10.38.8.37:80                Route   1      0          0

But when I from lb1 (or other hosts on the same network) tries a nc -zv 10.38.8.70 80 it just hangs forevever (or until it times out). I can ping 10.38.8.70 just fine, but tcp traffic to port 80 doesn't even seem to hit the iptables INPUT chain created by seesaw.

Any ideas would be very much appreciated

lib ipvs get services failed. 

package main

import (
    "fmt"
    "github.com/google/seesaw/ipvs"
)

func main() {
    fmt.Printf("start.............\n")
    fmt.Printf("%v\n", ipvs.Version())
    srvs, err := ipvs.GetServices()
    if err != nil {
        fmt.Printf("%s\n", err.Error())
    }

    for _, srv := range srvs {
        fmt.Printf("%s\n", srv)
    }
    fmt.Printf("end.............\n")
}

Hello, i use above code to get ipvs services, but failed, get none.
the stdout is:

start.............
0.0.0
end.............

i can use ipvsadm get some services:

$ ipvsadm -ln

TCP  10.10.19.18:80 rr
  -> 10.10.35.48:80              Route   100    0          0         
  -> 10.10.35.49:80              Route   100    0          0         
TCP  10.10.19.19:80 rr
  -> 10.10.26.20:80             Route   100    0          0         
  -> 10.10.26.21:80             Route   100    0          1         
  -> 10.10.26.22:80             Route   100    0          0         
  -> 10.10.26.23:80             Route   100    1          0

API

I was wondering, is there an API available or is configuration only available through the cluster.pb file? Also is there an ability to reload the configuration on the fly or only through the cli?

Enabling one_packet : true

Hi ,

I am trying to enable the one_packet : true configuration in my vserver_entry as per #99

I have the following snippet.

vserver_entry: 
    protocol: UDP
    port: 12210
    scheduler: RR
    one_packet: true
    mode: NAT
    healthcheck: <
      type: TCP
      port: 32999
      tls_verify: false
      interval: 10
      timeout: 5
      retries: 3
    >

When I try to start seesaw, I get the following error message:
Failed to load cluster config from disk: line 54: unknown field name "vserver" in config.Vserver

If I remove the one_packet : true directive Seesaw starts properly.

Did I place the one_packet:true directive in the wrong place?

Cheers

Cyberkryption

config_server is limited to use with google.com domain

Hi,

I think config_server is limited to use with google.com domain.

  • engine/config/config.go
configServerRE = regexp.MustCompile(`^[\w-\.]+\.google\.com\.?$`)
  • engine/config/fetcher.go
                if !configServerRE.MatchString(server) {
                        log.Errorf("Invalid config server name: %q", server)
                        continue
                }

Does config_server feature is not supported yet?

Best regards,

engine.sock no such file or directory

I installed seesaw on linux but when i start seesaw_cli i get error:
Dial failed: dial unix /var/run/seesaw/engine/engine.sock: connect: no such file or directory.

Also when i start seesaw_engine i get error:
Dial failed: dial unix /var/run/seesaw/ncc/ncc.sock: connect: no such file or directory.

What are this .sock files?

Backend servers accepts connections on port that doesn't match VEntry port

Hello,

Is there is any plan to add an option to select backend port? Example can be the following - multiple docker https services running on an unconventional ports (8443, 8444, etc), while from outside there are multiple VIPs with each docker service mapped to 443 port. it would allow multiple services on the same node.

vip1:443 - > docker_node:8443
vip2:443 - > docker_node:8444
vip3:443 - > docker_node:8445

Failed to bring LB interface up

Sometimes, seesaw fails to failover the cluster node.

 F0516 16:23:08.105863    3276 core.go:607] Failed to bring LB interface up: Failed to configure routing: IP run "route add 0/0 via 192.0.2.254 dev eth1 table 2": exit status 2

Also this error message appears when seesaw startup.

I tried it manually after I got this message.

[root@f1 log]# ip link show |grep eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000

This interface status is still up.

[root@f1 log]# ip route show dev eth1 table 2
192.0.2.0/24  scope link
[root@f1 log]# ip route add 0/0 via 192.0.2.254 dev eth1 table 2
RTNETLINK answers: Network is unreachable

Strangely, it works well when I restart seesaw_watchdog many times and I have no error.

Seesaw node has three I/F.

eth0 and eth1 are connected same link.
eth3 is connected other link for management.

[root@f1 ~]# ip route show dev eth0
default via 192.0.2.254  proto static  metric 100
192.0.2.0/24  proto kernel  scope link  src 192.0.2.2  metric 100
  • seesaw.cfg
[cluster]
anycast_enabled = false
name = testcluster
node_ipv4 = 192.0.2.2
peer_ipv4 = 192.0.2.3
vip_ipv4 = 192.0.2.1

[config_server]
primary = config.example.com

[interface]
node = eth0
lb = eth1

I really appreciated it if you could give me a some advice.

Best regards,

Error while setting up

I tried to build a docker image but while performing test i.e "make test". I got the following errors:
--- FAIL: TestHTTPChecker (0.01s)
healthcheck_test.go:144: Failed to get TCP listener: listen tcp6 [::1]:0: bind: cannot assign requested address
--- FAIL: TestHTTPCheckerSecure (0.03s)
healthcheck_test.go:144: Failed to get TCP listener: listen tcp6 [::1]:0: bind: cannot assign requested address
--- FAIL: TestTCPChecker (3.10s)
healthcheck_test.go:249: Failed to get TCP listener: listen tcp6 [::1]:0: bind: cannot assign requested address
--- FAIL: TestUDPChecker (0.00s)
healthcheck_test.go:315: Failed to get UDPConn: listen udp6 [::1]:0: bind: cannot assign requested address

Dockerfile:
FROM ubuntu:xenial
LABEL maintainer="[email protected]"
RUN apt-get update && apt-get -y upgrade
libnl-3-dev libnl-genl-3-dev build-essential git wget
net-tools
iproute
inetutils-ping
curl
python
python-yaml
RUN wget https://dl.google.com/go/go1.12.7.linux-amd64.tar.gz
RUN tar -xvf go1.12.7.linux-amd64.tar.gz
RUN mv go /usr/local/
ENV GOROOT=/usr/local/go
ENV GOPATH=$HOME/Projects/Proj1
ENV GOBIN=$GOPATH/bin
ENV PATH=$GOPATH/bin:$GOROOT/bin:$PATH

#seesaw setup
RUN go get -u golang.org/x/crypto/ssh
RUN go get -u github.com/dlintw/goconf
RUN go get -u github.com/golang/glog
RUN go get -u github.com/miekg/dns
RUN go get -u github.com/kylelemons/godebug/pretty
RUN go get -u github.com/golang/protobuf/proto

RUN mkdir -p ${GOPATH}/src/github.com/google
RUN cd ${GOPATH}/src/github.com/google && git clone https://github.com/google/seesaw
RUN cd ${GOPATH}/src/github.com/google/seesaw && make test

Any help would be greatly appreciated.

Question: Why is TestAnycastHost (192.168.255.254) being advertised?

Hi,

By looking into seesaw I found that regardsless how simple your cluster.pb is, TestAnycastHost defined in:

https://github.com/google/seesaw/blob/master/common/seesaw/util.go#L31

used in:

https://github.com/google/seesaw/blob/master/engine/config/engine.go#L48

gets BGP advertised as long as you have anycast_enabled = true in seesaw.cfg.

Is this intentional, and if so ,why is it needed?

#/var/log/seesaw$ grep Anycast *
seesaw_engine.INFO:I0816 13:58:41.262759    3038 core.go:304] Advertising BGP route for 192.168.255.254 (Anycast)
seesaw_engine.lb1.root.log.INFO.20160816-123109.39631:I0816 12:31:10.014840   39631 core.go:304] Advertising BGP route for 192.168.255.254 (Anycast)
seesaw_engine.lb1.root.log.INFO.20160816-135841.3038:I0816 13:58:41.262759    3038 core.go:304] Advertising BGP route for 192.168.255.254 (Anycast)

Adding dependency manager

Hello!

Currently there isn't a vendor folder and any dependency management. what do you think about adding dep ?

If you are ok with the idea I can try to submit a PR.
Thanks

read: connection reset by peer

Hi, i am trying to put my docker private regsitry service behind VIP so i can pull docker images from it.
It looks like seesaw -> haproxy in a contaienr -> registry conatiner

10.162.11.103 is the VIP.
It works for normal curl for web page or pulling small images. However, if i pull big image, i will see errors from time to time.

logs for docker clicent pulling image.

14 11:42:47 xxxxxx dockerd[605]: time="2021-06-14T11:42:47.197009668+08:00" level=error msg="Download failed, retrying: read tcp 10.160.8.47:51772->10.162.11.103:443: read: connection reset by peer"

I used ss to monitor the ports, so my client tries to use 51772 port to pull from my vip.

root@qingyu-prober:~# ss -tiepm | grep docker
ESTAB  3995947    0               10.160.8.47:51772       10.162.11.103:https    users:(("dockerd",pid=605,fd=24)) timer:(keepalive,2.128ms,0) ino:23494 sk:25 <->
ESTAB  3257168    0               10.160.8.47:51770       10.162.11.103:https    users:(("dockerd",pid=605,fd=22)) timer:(keepalive,29sec,0) ino:23493 sk:26 <->

However, on my seesaw nodes, i do not see the ports from my client ip for that port. ( i made ipvsadm timeout 2 hour so i expect all connections should be there. but i do not see the port 51772 )

root@seesaw-01:/usr/local/seesaw# ipvsadm -lcn  | grep '.47:'
TCP 110:32 FIN_WAIT    10.160.8.47:51624  10.162.11.103:443  10.162.11.113:443
TCP 110:41 FIN_WAIT    10.160.8.47:51644  10.162.11.103:443  10.162.11.113:443
TCP 110:46 FIN_WAIT    10.160.8.47:51658  10.162.11.103:443  10.162.11.113:443
TCP 110:31 FIN_WAIT    10.160.8.47:51614  10.162.11.103:443  10.162.11.113:443
TCP 110:41 FIN_WAIT    10.160.8.47:51636  10.162.11.103:443  10.162.11.113:443
TCP 110:41 FIN_WAIT    10.160.8.47:51648  10.162.11.103:443  10.162.11.113:443
TCP 114:43 ESTABLISHED 10.160.8.47:51660  10.162.11.103:443  10.162.11.113:443
TCP 110:32 FIN_WAIT    10.160.8.47:51618  10.162.11.103:443  10.162.11.113:443
TCP 110:46 FIN_WAIT    10.160.8.47:51656  10.162.11.103:443  10.162.11.113:443
TCP 110:32 FIN_WAIT    10.160.8.47:51632  10.162.11.103:443  10.162.11.113:443
TCP 110:48 FIN_WAIT    10.160.8.47:51650  10.162.11.103:443  10.162.11.113:443
TCP 109:43 FIN_WAIT    10.160.8.47:51612  10.162.11.103:443  10.162.11.113:443
TCP 110:41 FIN_WAIT    10.160.8.47:51646  10.162.11.103:443  10.162.11.113:443
TCP 110:32 FIN_WAIT    10.160.8.47:51634  10.162.11.103:443  10.162.11.113:443
TCP 110:57 FIN_WAIT    10.160.8.47:51652  10.162.11.103:443  10.162.11.113:443
TCP 114:43 ESTABLISHED 10.160.8.47:51662  10.162.11.103:443  10.162.11.113:443
TCP 110:32 FIN_WAIT    10.160.8.47:51626  10.162.11.103:443  10.162.11.113:443
TCP 110:57 FIN_WAIT    10.160.8.47:51664  10.162.11.103:443  10.162.11.113:443
TCP 110:23 FIN_WAIT    10.160.8.47:51610  10.162.11.103:443  10.162.11.113:443
TCP 110:45 FIN_WAIT    10.160.8.47:51638  10.162.11.103:443  10.162.11.113:443
TCP 110:32 FIN_WAIT    10.160.8.47:51628  10.162.11.103:443  10.162.11.113:443
TCP 110:42 FIN_WAIT    10.160.8.47:51640  10.162.11.103:443  10.162.11.113:443
TCP 110:45 FIN_WAIT    10.160.8.47:51654  10.162.11.103:443  10.162.11.113:443
TCP 110:31 FIN_WAIT    10.160.8.47:51616  10.162.11.103:443  10.162.11.113:443
TCP 110:32 FIN_WAIT    10.160.8.47:51630  10.162.11.103:443  10.162.11.113:443
TCP 110:32 FIN_WAIT    10.160.8.47:51620  10.162.11.103:443  10.162.11.113:443
TCP 110:33 FIN_WAIT    10.160.8.47:51622  10.162.11.103:443  10.162.11.113:443
TCP 110:41 FIN_WAIT    10.160.8.47:51642  10.162.11.103:443  10.162.11.113:443

My seesaw is running on ubuntu18, uname 4.19.57. I use DR, but i tried other schedulers like NAT/TUN. All of them have this issue.

I tried these settings on seesaw, but not helpful

sysctl -qw net.ipv4.vs.sloppy_tcp=1
sysctl -qw net.ipv4.vs.expire_nodest_conn=0
sysctl -qw net.ipv4.vs.expire_quiescent_template=0
sysctl -qw net.ipv4.vs.pmtu_disc=0
ipvsadm --set 7200 7000 300
echo "0" >/proc/sys/net/ipv4/ip_forward

other info on the seesaw node

root@seesaw-01:/usr/local/seesaw# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 72:d4:e7:1f:cc:58 brd ff:ff:ff:ff:ff:ff
    inet 10.162.11.90/23 brd 10.162.11.255 scope global dynamic ens18
       valid_lft 477900sec preferred_lft 477900sec
    inet6 fe80::70d4:e7ff:fe1f:cc58/64 scope link
       valid_lft forever preferred_lft forever
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:00:xx:00:??:80 brd ff:ff:ff:ff:ff:ff
    inet 10.162.11.101/23 brd 10.162.11.255 scope global ens19
       valid_lft forever preferred_lft forever
    inet 10.162.11.103/23 brd 10.162.11.255 scope global secondary ens19
       valid_lft forever preferred_lft forever
    inet6 fe80::200:5eff:fe00:180/64 scope link
       valid_lft forever preferred_lft forever
4: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 5a:9b:78:8b:bc:2a brd ff:ff:ff:ff:ff:ff
    inet6 fe80::589b:78ff:fe8b:bc2a/64 scope link
       valid_lft forever preferred_lft forever
5: ip+net: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether da:2a:8c:e5:d9:96 brd ff:ff:ff:ff:ff:ff
root@seesaw-01:/usr/local/seesaw# lsmod | grep nf_con
nf_conntrack          143360  5 nf_nat,nf_nat_ipv4,xt_nat,xt_CT,ip_vs
nf_defrag_ipv6         20480  2 nf_conntrack,ip_vs
nf_defrag_ipv4         16384  1 nf_conntrack
libcrc32c              16384  3 nf_conntrack,nf_nat,ip_vs
root@seesaw-01:/usr/local/seesaw#

Really appreciate your help ๐Ÿ™

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.