flyingcircusio · ctheune · Sep 19, 2024 · Sep 4, 2024 · Sep 4, 2024 · Sep 4, 2024
diff --git a/nixos/roles/router/keepalived/default.nix b/nixos/roles/router/keepalived/default.nix
@@ -26,6 +26,14 @@ let
     '';
   };
 
+  checkZebraLiveness= fclib.writeShellApplication {
+    name = "check-zebra-liveness";
+    runtimeInputs = with pkgs; [ systemd ];
+    text = ''
+      systemctl -q is-active zebra
+    '';
+  };
+
   keepalivedConf = pkgs.writeText "keepalived.conf" ''
     global_defs {
       enable_script_security
@@ -54,6 +62,7 @@ lib.mkIf role.enable {
 
   environment.etc."keepalived/check-default-route-v4".source = "${checkDefaultRoute4}/bin/check-default-route-v4";
   environment.etc."keepalived/check-default-route-v6".source = "${checkDefaultRoute6}/bin/check-default-route-v6";
+  environment.etc."keepalived/check-zebra-liveness".source = "${checkZebraLiveness}/bin/check-zebra-liveness";
   environment.etc."keepalived/fc-keepalived".source = "${pkgs.fc.agent}/bin/fc-keepalived";
   environment.etc."keepalived/keepalived.conf".source = keepalivedConf;
 

diff --git a/nixos/roles/router/keepalived/dev.conf b/nixos/roles/router/keepalived/dev.conf
@@ -12,6 +12,13 @@ vrrp_script check_default_route_v6 {
       rise 2
 }
 
+vrrp_script check_zebra_liveness {
+      script "/etc/keepalived/check-zebra-liveness"
+      interval 1
+      fall 2
+      rise 2
+}
+
 track_file check_stop_file {
   # Allow admins to locally send keepalive into FAIL state by adding
   # a non "0" entry
@@ -39,6 +46,7 @@ vrrp_sync_group router {
     track_script {
         check_default_route_v4 weight 10
         check_default_route_v6 weight 5
+        check_zebra_liveness
     }
 
     track_file {

diff --git a/nixos/roles/router/keepalived/rzob.conf b/nixos/roles/router/keepalived/rzob.conf
@@ -12,6 +12,13 @@ vrrp_script check_default_route_v6 {
       rise 2
 }
 
+vrrp_script check_zebra_liveness {
+      script "/etc/keepalived/check-zebra-liveness"
+      interval 1
+      fall 2
+      rise 2
+}
+
 track_file check_stop_file {
   # Allow admins to locally send keepalive into FAIL state by adding
   # a non "0" entry
@@ -39,6 +46,7 @@ vrrp_sync_group router {
     track_script {
         check_default_route_v4 weight 10
         check_default_route_v6 weight 5
+        check_zebra_liveness
     }
 
     track_file {

diff --git a/nixos/roles/router/keepalived/rzrl1.conf b/nixos/roles/router/keepalived/rzrl1.conf
diff --git a/nixos/roles/router/keepalived/whq.conf b/nixos/roles/router/keepalived/whq.conf
@@ -12,6 +12,13 @@ vrrp_script check_dev_route_v6 {
       rise 2
 }
 
+vrrp_script check_zebra_liveness {
+      script "/etc/keepalived/check-zebra-liveness"
+      interval 1
+      fall 2
+      rise 2
+}
+
 track_file check_stop_file {
   # Allow admins to locally send keepalive into FAIL state by adding
   # a non "0" entry
@@ -39,6 +46,7 @@ vrrp_sync_group router {
     track_script {
         check_dev_route_v4 weight 10
         check_dev_route_v6 weight 5
+        check_zebra_liveness
     }
 
     track_file {

diff --git a/nixos/services/frr.nix b/nixos/services/frr.nix
@@ -197,8 +197,19 @@ in
               description = if service == "zebra" then "FRR Zebra routing manager"
                 else "FRR ${toUpper service} routing daemon";
 
-              unitConfig.Documentation = if service == "zebra" then "man:zebra(8)"
-                else "man:${daemon}(8) man:zebra(8)";
+              unitConfig = {
+                Documentation = if service == "zebra" then "man:zebra(8)"
+                                else "man:${daemon}(8) man:zebra(8)";
+              } // optionalAttrs (service == "zebra") {
+                # More generous restart limits for zebra to better recover from
+                # crash situations. We set the restart interval below to 10
+                # seconds. Give zebra up to 5m20s of grace time, and accommodate
+                # up to 20 restarts. 20 restarts in 5m20s gives up to 16 seconds
+                # per start attempt. If zebra restarts in a tight loop, the
+                # start limit will be triggered after 3m20s.
+                StartLimitInterval = 320;
+                StartLimitBurst = 20;
+              };
 
               # We want to refactor this into reloadTriggers when upgrading to
               # 24.05
@@ -218,6 +229,8 @@ in
                   + " " + (concatStringsSep " " scfg.extraOptions);
                 ExecReload = "${pkgs.python3.interpreter} ${pkgs.frr}/libexec/frr/frr-reload.py --reload --daemon ${daemonName service} --bindir ${pkgs.frr}/bin --rundir /run/frr /etc/frr/${service}.conf";
                 Restart = "always";
+              } // optionalAttrs (service == "zebra") {
+                RestartSec = 10;
               };
             });
        in