diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-02-15 18:46:08 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-02-15 18:46:08 +0100 |
commit | ca6fa387c80e9fdccace3091317d32a59dab7400 (patch) | |
tree | 5e48db2acc4d51fcb64b4c90ec25a124acdc244e /doc | |
parent | 9541aef846b808a43b6e32b9ec3a41fa6d87d36f (diff) | |
download | conntrack-tools-ca6fa387c80e9fdccace3091317d32a59dab7400.tar.gz conntrack-tools-ca6fa387c80e9fdccace3091317d32a59dab7400.zip |
doc: add new primary-backup.sh script for >= 2.6.29
This patch adds a new primary-backup.sh script for Linux kernels
>= 2.6.29. This script takes advantage of the user-space event
reporting that ctnetlink does since this kernel version.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
-rwxr-xr-x | doc/sync/primary-backup-2.6.29-and-higher.sh | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/doc/sync/primary-backup-2.6.29-and-higher.sh b/doc/sync/primary-backup-2.6.29-and-higher.sh new file mode 100755 index 0000000..3236c24 --- /dev/null +++ b/doc/sync/primary-backup-2.6.29-and-higher.sh @@ -0,0 +1,109 @@ +#!/bin/sh +# +# (C) 2008-2009 by Pablo Neira Ayuso <pablo@netfilter.org> +# +# This software may be used and distributed according to the terms +# of the GNU General Public License, incorporated herein by reference. +# +# Description: +# +# Use this script is you use a Linux kernel >= 2.6.29. +# +# This is the script for primary-backup setups for keepalived +# (http://www.keepalived.org). You may adapt it to make it work with other +# high-availability managers. +# +# Do not forget to include the required modifications to your keepalived.conf +# file to invoke this script during keepalived's state transitions. +# +# Contributions to improve this script are welcome :). +# + +CONNTRACKD_BIN=/usr/sbin/conntrackd +CONNTRACKD_LOCK=/var/lock/conntrack.lock +CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf + +case "$1" in + primary) + # + # commit the external cache into the kernel table + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c + if [ $? -eq 1 ] + then + logger "ERROR: failed to invoke conntrackd -c" + fi + + # + # flush external cache + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -f external + if [ $? -eq 1 ] + then + logger "ERROR: failed to invoke conntrackd -f external" + fi + ;; + + backup) + # + # is conntrackd running? request some statistics to check it + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -s + if [ $? -eq 1 ] + then + # + # something's wrong, do we have a lock file? + # + if [ -f $CONNTRACKD_LOCK ] + then + logger "WARNING: conntrackd was not cleanly stopped." + logger "If you suspect that it has crashed:" + logger "1) Enable coredumps" + logger "2) Try to reproduce the problem" + logger "3) Post the coredump to netfilter-devel@vger.kernel.org" + rm -f $CONNTRACKD_LOCK + fi + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d + if [ $? -eq 1 ] + then + logger "ERROR: cannot launch conntrackd" + exit 1 + fi + fi + # + # shorten kernel conntrack timers to remove the zombie entries. + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t + if [ $? -eq 1 ] + then + logger "ERROR: failed to invoke conntrackd -t" + fi + + # + # request resynchronization with master firewall replica (if any) + # Note: this does nothing in the alarm approach. + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -n + if [ $? -eq 1 ] + then + logger "ERROR: failed to invoke conntrackd -n" + fi + ;; + fault) + # + # shorten kernel conntrack timers to remove the zombie entries. + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t + if [ $? -eq 1 ] + then + logger "ERROR: failed to invoke conntrackd -t" + fi + ;; + *) + logger "ERROR: unknown state transition" + echo "Usage: primary-backup.sh {primary|backup|fault}" + exit 1 + ;; +esac + +exit 0 |