summaryrefslogtreecommitdiff
path: root/doc/sync
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2009-02-15 18:46:08 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2009-02-15 18:46:08 +0100
commitca6fa387c80e9fdccace3091317d32a59dab7400 (patch)
tree5e48db2acc4d51fcb64b4c90ec25a124acdc244e /doc/sync
parent9541aef846b808a43b6e32b9ec3a41fa6d87d36f (diff)
downloadconntrack-tools-ca6fa387c80e9fdccace3091317d32a59dab7400.tar.gz
conntrack-tools-ca6fa387c80e9fdccace3091317d32a59dab7400.zip
doc: add new primary-backup.sh script for >= 2.6.29
This patch adds a new primary-backup.sh script for Linux kernels >= 2.6.29. This script takes advantage of the user-space event reporting that ctnetlink does since this kernel version. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/sync')
-rwxr-xr-xdoc/sync/primary-backup-2.6.29-and-higher.sh109
1 files changed, 109 insertions, 0 deletions
diff --git a/doc/sync/primary-backup-2.6.29-and-higher.sh b/doc/sync/primary-backup-2.6.29-and-higher.sh
new file mode 100755
index 0000000..3236c24
--- /dev/null
+++ b/doc/sync/primary-backup-2.6.29-and-higher.sh
@@ -0,0 +1,109 @@
+#!/bin/sh
+#
+# (C) 2008-2009 by Pablo Neira Ayuso <pablo@netfilter.org>
+#
+# This software may be used and distributed according to the terms
+# of the GNU General Public License, incorporated herein by reference.
+#
+# Description:
+#
+# Use this script is you use a Linux kernel >= 2.6.29.
+#
+# This is the script for primary-backup setups for keepalived
+# (http://www.keepalived.org). You may adapt it to make it work with other
+# high-availability managers.
+#
+# Do not forget to include the required modifications to your keepalived.conf
+# file to invoke this script during keepalived's state transitions.
+#
+# Contributions to improve this script are welcome :).
+#
+
+CONNTRACKD_BIN=/usr/sbin/conntrackd
+CONNTRACKD_LOCK=/var/lock/conntrack.lock
+CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf
+
+case "$1" in
+ primary)
+ #
+ # commit the external cache into the kernel table
+ #
+ $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c
+ if [ $? -eq 1 ]
+ then
+ logger "ERROR: failed to invoke conntrackd -c"
+ fi
+
+ #
+ # flush external cache
+ #
+ $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -f external
+ if [ $? -eq 1 ]
+ then
+ logger "ERROR: failed to invoke conntrackd -f external"
+ fi
+ ;;
+
+ backup)
+ #
+ # is conntrackd running? request some statistics to check it
+ #
+ $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -s
+ if [ $? -eq 1 ]
+ then
+ #
+ # something's wrong, do we have a lock file?
+ #
+ if [ -f $CONNTRACKD_LOCK ]
+ then
+ logger "WARNING: conntrackd was not cleanly stopped."
+ logger "If you suspect that it has crashed:"
+ logger "1) Enable coredumps"
+ logger "2) Try to reproduce the problem"
+ logger "3) Post the coredump to netfilter-devel@vger.kernel.org"
+ rm -f $CONNTRACKD_LOCK
+ fi
+ $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d
+ if [ $? -eq 1 ]
+ then
+ logger "ERROR: cannot launch conntrackd"
+ exit 1
+ fi
+ fi
+ #
+ # shorten kernel conntrack timers to remove the zombie entries.
+ #
+ $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
+ if [ $? -eq 1 ]
+ then
+ logger "ERROR: failed to invoke conntrackd -t"
+ fi
+
+ #
+ # request resynchronization with master firewall replica (if any)
+ # Note: this does nothing in the alarm approach.
+ #
+ $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -n
+ if [ $? -eq 1 ]
+ then
+ logger "ERROR: failed to invoke conntrackd -n"
+ fi
+ ;;
+ fault)
+ #
+ # shorten kernel conntrack timers to remove the zombie entries.
+ #
+ $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
+ if [ $? -eq 1 ]
+ then
+ logger "ERROR: failed to invoke conntrackd -t"
+ fi
+ ;;
+ *)
+ logger "ERROR: unknown state transition"
+ echo "Usage: primary-backup.sh {primary|backup|fault}"
+ exit 1
+ ;;
+esac
+
+exit 0