From 2e368aaca62ca05330d613500772fe8d6aa11032 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 13 May 2008 17:15:38 -0700 Subject: Move sysctl configuration to /etc/vyatta-sysctl.conf Change settings and move sysctl values to separate file /etc/vyatta-sysctl.conf. This allows for user/support to adjust configuration without changing the rl-system.init script. --- Makefile.am | 1 + scripts/rl-system.init | 17 ++--------------- sysconf/vyatta-sysctl.conf | 23 +++++++++++++++++++++++ 3 files changed, 26 insertions(+), 15 deletions(-) create mode 100644 sysconf/vyatta-sysctl.conf diff --git a/Makefile.am b/Makefile.am index 9e35f778..1af11a16 100644 --- a/Makefile.am +++ b/Makefile.am @@ -38,6 +38,7 @@ sysconf_DATA += sysconf/logrotate_messages sysconf_DATA += sysconf/motd.tail sysconf_DATA += sysconf/syslog.conf sysconf_DATA += sysconf/default_ssh +sysconf_DATA += sysconf/vyatta-sysctl.conf libudev_SCRIPTS = scripts/vyatta_net_name etcudev_DATA = sysconf/vyatta-net.rules diff --git a/scripts/rl-system.init b/scripts/rl-system.init index 5b81a4fd..a3a49aa3 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -78,21 +78,6 @@ add_new_serial_if () { fi } -proc_flags () -{ - # reset_promiscous_arp_response - echo 1 > /proc/sys/net/ipv4/conf/default/arp_filter - # set_ip_forwarding - echo 1 > /proc/sys/net/ipv4/ip_forward - - # if a primary address is removed from an interface promote and - # secondary available - echo 1 > /proc/sys/net/ipv4/conf/all/promote_secondaries - - # set maximum rmem_max to accomodate netlink buffers - echo 1048576 > /proc/sys/net/core/rmem_max -} - ## Update the version information update_version_info () { if [ -f ${vyatta_sysconfdir}/version.master ]; then @@ -157,6 +142,8 @@ start () { log_failure_msg "can\'t set reboot on panic" add_new_serial_if || \ log_failure_msg "can\'t add serial interfaces" + sysctl -q -p /etc/vyatta-sysctl.conf || + log_failure_msg "can\'t configure kernel settings" update_version_info clear_apt_config add_snmp_stats_module diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf new file mode 100644 index 00000000..73c4c8ff --- /dev/null +++ b/sysconf/vyatta-sysctl.conf @@ -0,0 +1,23 @@ +# +# Vyatta router specific sysctl settings. +# See sysctl.conf (5) for information. +# + +# Only answer ARP requests on same subnet +net.ipv4.conf.default.arp_filter=1 + +# Enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# if a primary address is removed from an interface promote the +# secondary address if available +net.ipv4.conf.all.promote_secondaries=1 + +# Ignore ICMP broadcasts sent to broadcast/multicast +net.ipv4.icmp_echo_ignore_broadcasts=1 + +# Ignore bogus ICMP errors +net.ipv4.icmp_ignore_bogus_error_responses=1 + +# Send ICMP responses with primary address of exiting interface +net.ipv4.icmp_errors_use_inbound_ifaddr=1 -- cgit v1.2.3 From a87810252798580946f75862474e9293ce26c3c7 Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Tue, 13 May 2008 18:02:01 -0700 Subject: fix typo in rl-system.init --- scripts/rl-system.init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/rl-system.init b/scripts/rl-system.init index a3a49aa3..23d67d12 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -142,7 +142,7 @@ start () { log_failure_msg "can\'t set reboot on panic" add_new_serial_if || \ log_failure_msg "can\'t add serial interfaces" - sysctl -q -p /etc/vyatta-sysctl.conf || + sysctl -q -p /opt/vyatta/etc/vyatta-sysctl.conf || log_failure_msg "can\'t configure kernel settings" update_version_info clear_apt_config -- cgit v1.2.3 From 2ba7a0d4a87279ebb5333b62e69b0eae654474a8 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Wed, 14 May 2008 18:23:34 -0700 Subject: Change dependancy from keepalived to vyatta-keepalived. --- debian/control | 2 +- debian/vyatta-cfg-system.postinst.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index ff40285f..615b5050 100644 --- a/debian/control +++ b/debian/control @@ -22,7 +22,7 @@ Depends: sed (>= 4.1.5), whois, sudo, snmpd, - keepalived, + vyatta-keepalived | keepalived, bridge-utils, ssh, ed, diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index a627c4af..aa6f6310 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -7,7 +7,7 @@ bindir=@bindir@ sbindir=@sbindir@ # remove init of daemons that we start/stop -for init in ntp ssh snmpd keepalived ipvsadm; do +for init in ntp ssh snmpd openhpid vyatta-keepalived ipvsadm; do update-rc.d -f ${init} remove >/dev/null done -- cgit v1.2.3 From 0bdc207f65ebdd10f49b6d05f03e866a52955c71 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Thu, 15 May 2008 15:48:46 -0700 Subject: Fix 3144: VRRP backup obtains VIP resulting in a duplicate IP situation. --- scripts/keepalived/VyattaKeepalived.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/keepalived/VyattaKeepalived.pm b/scripts/keepalived/VyattaKeepalived.pm index 2e68c3b7..c5abdc97 100755 --- a/scripts/keepalived/VyattaKeepalived.pm +++ b/scripts/keepalived/VyattaKeepalived.pm @@ -62,7 +62,7 @@ sub start_daemon { my ($conf) = @_; my $cmd = "$daemon --vrrp --log-facility 7 --log-detail --dump-conf"; - $cmd .= " --use-file $conf"; + $cmd .= " --use-file $conf --vyatta-workaround"; system($cmd); vrrp_log("start_daemon"); } -- cgit v1.2.3 From 5b160a324927a457c8ddbd90afada3523b189a43 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Mon, 19 May 2008 11:20:36 -0700 Subject: Fix 3251: vrrp should also send a gratuitous arp reply on master transition --- debian/control | 3 ++- scripts/keepalived/vyatta-vrrp-state.pl | 20 ++++++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/debian/control b/debian/control index 615b5050..1f63a6ce 100644 --- a/debian/control +++ b/debian/control @@ -26,7 +26,8 @@ Depends: sed (>= 4.1.5), bridge-utils, ssh, ed, - tshark + tshark, + iputils-arping Suggests: util-linux (>= 2.13-5), net-tools, ethtool, diff --git a/scripts/keepalived/vyatta-vrrp-state.pl b/scripts/keepalived/vyatta-vrrp-state.pl index 9e11b649..2f3554d9 100755 --- a/scripts/keepalived/vyatta-vrrp-state.pl +++ b/scripts/keepalived/vyatta-vrrp-state.pl @@ -56,7 +56,10 @@ my $vrrp_state = $ARGV[0]; my $vrrp_intf = $ARGV[1]; my $vrrp_group = $ARGV[2]; my $vrrp_transitionscript = $ARGV[3]; -my $vrrp_vip = $ARGV[4]; +my @vrrp_vips; +foreach my $arg (4 .. $#ARGV) { + push @vrrp_vips, $ARGV[$arg]; +} my $sfile = VyattaKeepalived::get_state_file($vrrp_intf, $vrrp_group); my ($old_time, $old_intf, $old_group, $old_state, $old_ltime) = @@ -73,8 +76,21 @@ VyattaKeepalived::vrrp_log("$vrrp_intf $vrrp_group transition to $vrrp_state"); vrrp_state_log($vrrp_state, $vrrp_intf, $vrrp_group); my $mfile = VyattaKeepalived::get_master_file($vrrp_intf, $vrrp_group); if ($vrrp_state eq "backup") { - snoop_for_master($vrrp_intf, $vrrp_group, $vrrp_vip, $mfile); + snoop_for_master($vrrp_intf, $vrrp_group, $vrrp_vips[0], $mfile); } elsif ($vrrp_state eq "master") { + # + # keepalived will send gratuitous arp requests on master transition + # but some hosts do not update their arp cache for gratuitous arp + # requests. Some of those host do respond to gratuitous arp replies + # so here we will send 5 gratuitous arp replies also. + # + foreach my $vip (@vrrp_vips) { + system("/usr/bin/arping -A -c5 -I $vrrp_intf $vip"); + } + + # + # remove the old master file since we are now master + # system("rm -f $mfile"); } -- cgit v1.2.3