diff options
-rw-r--r-- | Makefile.am | 1 | ||||
-rw-r--r-- | debian/control | 5 | ||||
-rw-r--r-- | debian/vyatta-cfg-system.postinst.in | 2 | ||||
-rwxr-xr-x | scripts/keepalived/VyattaKeepalived.pm | 2 | ||||
-rwxr-xr-x | scripts/keepalived/vyatta-vrrp-state.pl | 20 | ||||
-rwxr-xr-x | scripts/rl-system.init | 17 | ||||
-rw-r--r-- | sysconf/vyatta-sysctl.conf | 23 |
7 files changed, 49 insertions, 21 deletions
diff --git a/Makefile.am b/Makefile.am index 9e35f778..1af11a16 100644 --- a/Makefile.am +++ b/Makefile.am @@ -38,6 +38,7 @@ sysconf_DATA += sysconf/logrotate_messages sysconf_DATA += sysconf/motd.tail sysconf_DATA += sysconf/syslog.conf sysconf_DATA += sysconf/default_ssh +sysconf_DATA += sysconf/vyatta-sysctl.conf libudev_SCRIPTS = scripts/vyatta_net_name etcudev_DATA = sysconf/vyatta-net.rules diff --git a/debian/control b/debian/control index ff40285f..1f63a6ce 100644 --- a/debian/control +++ b/debian/control @@ -22,11 +22,12 @@ Depends: sed (>= 4.1.5), whois, sudo, snmpd, - keepalived, + vyatta-keepalived | keepalived, bridge-utils, ssh, ed, - tshark + tshark, + iputils-arping Suggests: util-linux (>= 2.13-5), net-tools, ethtool, diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index a627c4af..aa6f6310 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -7,7 +7,7 @@ bindir=@bindir@ sbindir=@sbindir@ # remove init of daemons that we start/stop -for init in ntp ssh snmpd keepalived ipvsadm; do +for init in ntp ssh snmpd openhpid vyatta-keepalived ipvsadm; do update-rc.d -f ${init} remove >/dev/null done diff --git a/scripts/keepalived/VyattaKeepalived.pm b/scripts/keepalived/VyattaKeepalived.pm index 2e68c3b7..c5abdc97 100755 --- a/scripts/keepalived/VyattaKeepalived.pm +++ b/scripts/keepalived/VyattaKeepalived.pm @@ -62,7 +62,7 @@ sub start_daemon { my ($conf) = @_; my $cmd = "$daemon --vrrp --log-facility 7 --log-detail --dump-conf"; - $cmd .= " --use-file $conf"; + $cmd .= " --use-file $conf --vyatta-workaround"; system($cmd); vrrp_log("start_daemon"); } diff --git a/scripts/keepalived/vyatta-vrrp-state.pl b/scripts/keepalived/vyatta-vrrp-state.pl index 9e11b649..2f3554d9 100755 --- a/scripts/keepalived/vyatta-vrrp-state.pl +++ b/scripts/keepalived/vyatta-vrrp-state.pl @@ -56,7 +56,10 @@ my $vrrp_state = $ARGV[0]; my $vrrp_intf = $ARGV[1]; my $vrrp_group = $ARGV[2]; my $vrrp_transitionscript = $ARGV[3]; -my $vrrp_vip = $ARGV[4]; +my @vrrp_vips; +foreach my $arg (4 .. $#ARGV) { + push @vrrp_vips, $ARGV[$arg]; +} my $sfile = VyattaKeepalived::get_state_file($vrrp_intf, $vrrp_group); my ($old_time, $old_intf, $old_group, $old_state, $old_ltime) = @@ -73,8 +76,21 @@ VyattaKeepalived::vrrp_log("$vrrp_intf $vrrp_group transition to $vrrp_state"); vrrp_state_log($vrrp_state, $vrrp_intf, $vrrp_group); my $mfile = VyattaKeepalived::get_master_file($vrrp_intf, $vrrp_group); if ($vrrp_state eq "backup") { - snoop_for_master($vrrp_intf, $vrrp_group, $vrrp_vip, $mfile); + snoop_for_master($vrrp_intf, $vrrp_group, $vrrp_vips[0], $mfile); } elsif ($vrrp_state eq "master") { + # + # keepalived will send gratuitous arp requests on master transition + # but some hosts do not update their arp cache for gratuitous arp + # requests. Some of those host do respond to gratuitous arp replies + # so here we will send 5 gratuitous arp replies also. + # + foreach my $vip (@vrrp_vips) { + system("/usr/bin/arping -A -c5 -I $vrrp_intf $vip"); + } + + # + # remove the old master file since we are now master + # system("rm -f $mfile"); } diff --git a/scripts/rl-system.init b/scripts/rl-system.init index 5b81a4fd..23d67d12 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -78,21 +78,6 @@ add_new_serial_if () { fi } -proc_flags () -{ - # reset_promiscous_arp_response - echo 1 > /proc/sys/net/ipv4/conf/default/arp_filter - # set_ip_forwarding - echo 1 > /proc/sys/net/ipv4/ip_forward - - # if a primary address is removed from an interface promote and - # secondary available - echo 1 > /proc/sys/net/ipv4/conf/all/promote_secondaries - - # set maximum rmem_max to accomodate netlink buffers - echo 1048576 > /proc/sys/net/core/rmem_max -} - ## Update the version information update_version_info () { if [ -f ${vyatta_sysconfdir}/version.master ]; then @@ -157,6 +142,8 @@ start () { log_failure_msg "can\'t set reboot on panic" add_new_serial_if || \ log_failure_msg "can\'t add serial interfaces" + sysctl -q -p /opt/vyatta/etc/vyatta-sysctl.conf || + log_failure_msg "can\'t configure kernel settings" update_version_info clear_apt_config add_snmp_stats_module diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf new file mode 100644 index 00000000..73c4c8ff --- /dev/null +++ b/sysconf/vyatta-sysctl.conf @@ -0,0 +1,23 @@ +# +# Vyatta router specific sysctl settings. +# See sysctl.conf (5) for information. +# + +# Only answer ARP requests on same subnet +net.ipv4.conf.default.arp_filter=1 + +# Enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# if a primary address is removed from an interface promote the +# secondary address if available +net.ipv4.conf.all.promote_secondaries=1 + +# Ignore ICMP broadcasts sent to broadcast/multicast +net.ipv4.icmp_echo_ignore_broadcasts=1 + +# Ignore bogus ICMP errors +net.ipv4.icmp_ignore_bogus_error_responses=1 + +# Send ICMP responses with primary address of exiting interface +net.ipv4.icmp_errors_use_inbound_ifaddr=1 |