diff options
Diffstat (limited to 'doc/sync')
| -rw-r--r-- | doc/sync/alarm/script_backup.sh | 3 | ||||
| -rw-r--r-- | doc/sync/alarm/script_master.sh | 4 | ||||
| -rw-r--r-- | doc/sync/ftfw/keepalived.conf | 39 | ||||
| -rw-r--r-- | doc/sync/ftfw/script_backup.sh | 3 | ||||
| -rw-r--r-- | doc/sync/ftfw/script_master.sh | 5 | ||||
| -rw-r--r-- | doc/sync/keepalived.conf (renamed from doc/sync/alarm/keepalived.conf) | 9 | ||||
| -rw-r--r-- | doc/sync/notrack/keepalived.conf | 39 | ||||
| -rw-r--r-- | doc/sync/notrack/script_backup.sh | 3 | ||||
| -rw-r--r-- | doc/sync/notrack/script_master.sh | 5 | ||||
| -rwxr-xr-x | doc/sync/primary-backup.sh | 94 |
10 files changed, 100 insertions, 104 deletions
diff --git a/doc/sync/alarm/script_backup.sh b/doc/sync/alarm/script_backup.sh deleted file mode 100644 index 8ea2ad8..0000000 --- a/doc/sync/alarm/script_backup.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -/usr/sbin/conntrackd -B diff --git a/doc/sync/alarm/script_master.sh b/doc/sync/alarm/script_master.sh deleted file mode 100644 index 70c26c9..0000000 --- a/doc/sync/alarm/script_master.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -/usr/sbin/conntrackd -c -/usr/sbin/conntrackd -R diff --git a/doc/sync/ftfw/keepalived.conf b/doc/sync/ftfw/keepalived.conf deleted file mode 100644 index f937467..0000000 --- a/doc/sync/ftfw/keepalived.conf +++ /dev/null @@ -1,39 +0,0 @@ -vrrp_sync_group G1 { # must be before vrrp_instance declaration - group { - VI_1 - VI_2 - } - notify_master /etc/conntrackd/script_master.sh - notify_backup /etc/conntrackd/script_backup.sh -# notify_fault /etc/conntrackd/script_fault.sh -} - -vrrp_instance VI_1 { - interface eth1 - state SLAVE - virtual_router_id 61 - priority 80 - advert_int 3 - authentication { - auth_type PASS - auth_pass papas_con_tomate - } - virtual_ipaddress { - 192.168.0.100 # default CIDR mask is /32 - } -} - -vrrp_instance VI_2 { - interface eth0 - state SLAVE - virtual_router_id 62 - priority 80 - advert_int 3 - authentication { - auth_type PASS - auth_pass papas_con_tomate - } - virtual_ipaddress { - 192.168.1.100 - } -} diff --git a/doc/sync/ftfw/script_backup.sh b/doc/sync/ftfw/script_backup.sh deleted file mode 100644 index 813e375..0000000 --- a/doc/sync/ftfw/script_backup.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -/usr/sbin/conntrackd -n # request a resync from other nodes via multicast diff --git a/doc/sync/ftfw/script_master.sh b/doc/sync/ftfw/script_master.sh deleted file mode 100644 index ff1dbc0..0000000 --- a/doc/sync/ftfw/script_master.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -/usr/sbin/conntrackd -c # commit the cache -/usr/sbin/conntrackd -f # flush the caches -/usr/sbin/conntrackd -R # resync with kernel conntrack table diff --git a/doc/sync/alarm/keepalived.conf b/doc/sync/keepalived.conf index f937467..b7638a7 100644 --- a/doc/sync/alarm/keepalived.conf +++ b/doc/sync/keepalived.conf @@ -1,11 +1,14 @@ +# +# Simple script for primary-backup setups +# + vrrp_sync_group G1 { # must be before vrrp_instance declaration group { VI_1 VI_2 } - notify_master /etc/conntrackd/script_master.sh - notify_backup /etc/conntrackd/script_backup.sh -# notify_fault /etc/conntrackd/script_fault.sh + notify_master /etc/conntrackd/primary-backup.sh + notify_backup /etc/conntrackd/primary-backup.sh } vrrp_instance VI_1 { diff --git a/doc/sync/notrack/keepalived.conf b/doc/sync/notrack/keepalived.conf deleted file mode 100644 index f937467..0000000 --- a/doc/sync/notrack/keepalived.conf +++ /dev/null @@ -1,39 +0,0 @@ -vrrp_sync_group G1 { # must be before vrrp_instance declaration - group { - VI_1 - VI_2 - } - notify_master /etc/conntrackd/script_master.sh - notify_backup /etc/conntrackd/script_backup.sh -# notify_fault /etc/conntrackd/script_fault.sh -} - -vrrp_instance VI_1 { - interface eth1 - state SLAVE - virtual_router_id 61 - priority 80 - advert_int 3 - authentication { - auth_type PASS - auth_pass papas_con_tomate - } - virtual_ipaddress { - 192.168.0.100 # default CIDR mask is /32 - } -} - -vrrp_instance VI_2 { - interface eth0 - state SLAVE - virtual_router_id 62 - priority 80 - advert_int 3 - authentication { - auth_type PASS - auth_pass papas_con_tomate - } - virtual_ipaddress { - 192.168.1.100 - } -} diff --git a/doc/sync/notrack/script_backup.sh b/doc/sync/notrack/script_backup.sh deleted file mode 100644 index 813e375..0000000 --- a/doc/sync/notrack/script_backup.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -/usr/sbin/conntrackd -n # request a resync from other nodes via multicast diff --git a/doc/sync/notrack/script_master.sh b/doc/sync/notrack/script_master.sh deleted file mode 100644 index ff1dbc0..0000000 --- a/doc/sync/notrack/script_master.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -/usr/sbin/conntrackd -c # commit the cache -/usr/sbin/conntrackd -f # flush the caches -/usr/sbin/conntrackd -R # resync with kernel conntrack table diff --git a/doc/sync/primary-backup.sh b/doc/sync/primary-backup.sh new file mode 100755 index 0000000..fddff3b --- /dev/null +++ b/doc/sync/primary-backup.sh @@ -0,0 +1,94 @@ +#!/bin/sh +# +# (C) 2008 by Pablo Neira Ayuso <pablo@netfilter.org> +# +# This software may be used and distributed according to the terms +# of the GNU General Public License, incorporated herein by reference. +# +# Description: +# +# This is the script for primary-backup setups for keepalived +# (http://www.keepalived.org). You may adapt it to make it work with other +# high-availability managers. +# +# Do not forget to include the required modifications to your keepalived.conf +# file to invoke this script during keepalived's state transitions. +# +# Contributions to improve this script are welcome :). +# + +CONNTRACKD_BIN=/usr/sbin/conntrackd +CONNTRACKD_LOCK=/var/lock/conntrack.lock +CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf + +case "$1" in + master) + # + # commit the external cache into the kernel table + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c + if [ $? -eq 1 ] + logger "ERROR: failed to invoke conntrackd -c" + + # + # flush the internal and the external caches + # + $CONNTRACKD_BIN -C $CONNTRACK_CONFIG -f + if [ $? -eq 1 ] + logger "ERROR: failed to invoke conntrackd -f" + + # + # resynchronize my internal cache to the kernel table + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -R + if [ $? -eq 1 ] + logger "ERROR: failed to invoke conntrackd -R" + ;; + backup) + # + # is conntrackd running? request some statistics to check it + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -s + if [ $? -eq 1 ] + then + # + # something's wrong, do we have a lock file? + # + if [ -f $CONNTRACKD_LOCK ] + then + logger "WARNING: conntrackd was not cleanly stopped." + logger "If you suspect that it has crashed:" + logger "1) Enable coredumps" + logger "2) Try to reproduce the problem" + logger "3) Post the coredump to netfilter-devel@vger.kernel.org" + rm -f $CONNTRACKD_LOCK + fi + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d + if [ $? -eq 1 ] + then + logger "ERROR: cannot launch conntrackd" + exit 1 + fi + fi + # + # shorten kernel conntrack timers to remove the zombie entries. + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t + if [ $? -eq 1 ] + logger "ERROR: failed to invoke conntrackd -t" + + # + # request resynchronization with master firewall replica (if any) + # Note: this does nothing in the alarm approach. + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -n + if [ $? -eq 1 ] + logger "ERROR: failed to invoke conntrackd -n" + ;; + *) + echo "Usage: primary-backup.sh {primary|backup}" + exit 1 + ;; +esac + +exit 0 |