From 496526b572ca83308a858b2ec4771d2f05f4970c Mon Sep 17 00:00:00 2001 From: John Southworth Date: Wed, 30 Nov 2011 16:43:08 -0800 Subject: Change arp_filter for all to 0 to allow vrrp interfaces to override the default of 1 --- sysconf/vyatta-sysctl.conf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf index 5121488d..4517799a 100644 --- a/sysconf/vyatta-sysctl.conf +++ b/sysconf/vyatta-sysctl.conf @@ -16,7 +16,9 @@ kernel.core_pattern=/var/core/core-%e-%p-%t # arp_filter - allow multiple network interfaces on same subnet # arp_announce - avoid local addresses no on target's subnet # arp_ignore - reply only if target IP is local_address on the interface -net.ipv4.conf.all.arp_filter=1 + +# arp_filter defaults to 1 so set all to 0 so vrrp interfaces can override it. +net.ipv4.conf.all.arp_filter=0 net.ipv4.conf.all.arp_ignore=1 net.ipv4.conf.all.arp_announce=1 -- cgit v1.2.3 From c822ae10d02835479d31f3955b378816aa91bb0d Mon Sep 17 00:00:00 2001 From: John Southworth Date: Thu, 1 Dec 2011 13:12:35 -0800 Subject: Adjust the sysctl values of vrrp interfaces on master/backup transitions --- scripts/keepalived/vyatta-vrrp-state.pl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/keepalived/vyatta-vrrp-state.pl b/scripts/keepalived/vyatta-vrrp-state.pl index e4da85eb..eab717bf 100755 --- a/scripts/keepalived/vyatta-vrrp-state.pl +++ b/scripts/keepalived/vyatta-vrrp-state.pl @@ -70,6 +70,7 @@ if ($vrrp_state eq 'backup') { # comment out for now, too expensive with lots of vrrp's at boot # Vyatta::Keepalived::snoop_for_master($vrrp_intf, $vrrp_group, # $vrrp_vips[0], 60); + system("sysctl -w net.ipv4.conf.".$vrrp_intf."v".$vrrp_group.".arp_filter=1"); } elsif ($vrrp_state eq 'master') { # # keepalived will send gratuitous arp requests on master transition @@ -77,6 +78,7 @@ if ($vrrp_state eq 'backup') { # requests. Some of those host do respond to gratuitous arp replies # so here we will send 5 gratuitous arp replies also. # + system("sysctl -w net.ipv4.conf.".$vrrp_intf."v".$vrrp_group.".arp_filter=0"); foreach my $vip (@vrrp_vips) { system("/usr/bin/arping -A -c5 -I $vrrp_intf $vip"); } -- cgit v1.2.3 From f27e23f90810bb0c23d0d4e0f7d093b110477a14 Mon Sep 17 00:00:00 2001 From: John Southworth Date: Thu, 1 Dec 2011 13:13:30 -0800 Subject: Add handling for address ownership (priority 255) in RFC complient mode --- scripts/keepalived/vyatta-keepalived.pl | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/scripts/keepalived/vyatta-keepalived.pl b/scripts/keepalived/vyatta-keepalived.pl index f419ac41..f7b6bfe7 100755 --- a/scripts/keepalived/vyatta-keepalived.pl +++ b/scripts/keepalived/vyatta-keepalived.pl @@ -152,9 +152,23 @@ sub keepalived_get_values { my $priority = $config->returnValue("priority"); if ( !defined $priority ) { - $priority = 1; + $priority = 100; # Default backup priority is 100 from RFC. } + my $address_owner = 0; + $address_owner = 1 if ($priority == 255 && $use_vmac == 1); my $preempt = $config->returnValue("preempt"); + if (defined $preempt && $address_owner == 1){ + if ($preempt ne "true") { # the handling of default in configuration is odd so we need to allow it to be set to true... + $err = "cannot define preempt if this is the address owner"; + if ( defined $err ) { + next if $noerr; + @loc = split(/ /, "$path vrrp vrrp-group $group"); + Vyatta::Config::outputError(\@loc, $err); + push @errs, $err; + next; + } + } + } if ( !defined $preempt ) { $preempt = "true"; } @@ -171,7 +185,7 @@ sub keepalived_get_values { push @{ $HoA_sync_groups{$sync_group} }, $vrrp_instance; } my $hello_source_addr = $config->returnValue("hello-source-address"); - $err = validate_source_addr( $intf, $hello_source_addr ); + $err = validate_source_addr( $intf, $hello_source_addr ) if (!$address_owner == 1); if ( defined $err ) { next if $noerr; @loc = split(/ /, "$path vrrp vrrp-group $group"); @@ -179,6 +193,19 @@ sub keepalived_get_values { push @errs, $err; next; } + if (defined $hello_source_addr && $address_owner == 1){ + $err = "cannot define hello-source-address if this is the address owner"; + if ( defined $err ) { + next if $noerr; + @loc = split(/ /, "$path vrrp vrrp-group $group"); + Vyatta::Config::outputError(\@loc, $err); + push @errs, $err; + next; + } + } elsif ($address_owner == 1) { + $hello_source_addr = $vips[0]; + $hello_source_addr =~ s/(.*?)\/.*/$1/; + } $config->setLevel("$path vrrp vrrp-group $group"); my ($auth_type, $auth_pass) = (undef, undef); -- cgit v1.2.3 From 8a52926b5a3c78248c158776f2455b58e0f4b87a Mon Sep 17 00:00:00 2001 From: John Southworth Date: Thu, 1 Dec 2011 16:47:01 -0800 Subject: Add vrrp interface description --- .../vrrp/vrrp-group/node.tag/interface/description/node.def | 5 +++++ .../vrrp/vrrp-group/node.tag/interface/description/node.def | 6 ++++++ .../vrrp/vrrp-group/node.tag/interface/description/node.def | 5 +++++ 3 files changed, 16 insertions(+) create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/interface/description/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/interface/description/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/interface/description/node.def diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/interface/description/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/interface/description/node.def new file mode 100644 index 00000000..75400c58 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/interface/description/node.def @@ -0,0 +1,5 @@ +priority: 820 # after vrrp +type: txt +help: Description for this interface +update: sudo sh -c "echo \"$VAR(@)\" >/sys/class/net/$VAR(../../../../@)v$VAR(../../@)/ifalias" +delete: sudo sh -c "echo '' >/sys/class/net/$VAR(../../../../@)v$VAR(../../@)/ifalias" diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/interface/description/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/interface/description/node.def new file mode 100644 index 00000000..7d3ab379 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/interface/description/node.def @@ -0,0 +1,6 @@ +priority: 820 # after vrrp +type: txt +help: Description for this interface +update: sudo sh -c "echo \"$VAR(@)\" >/sys/class/net/$VAR(../../../../../@).$VAR(../../../../@)v$VAR(../../@)/ifalias" +delete: sudo sh -c "echo '' >/sys/class/net/$VAR(../../../../../@).$VAR(../../../../@)v$VAR(../../@)/ifalias" + diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/interface/description/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/interface/description/node.def new file mode 100644 index 00000000..75400c58 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/interface/description/node.def @@ -0,0 +1,5 @@ +priority: 820 # after vrrp +type: txt +help: Description for this interface +update: sudo sh -c "echo \"$VAR(@)\" >/sys/class/net/$VAR(../../../../@)v$VAR(../../@)/ifalias" +delete: sudo sh -c "echo '' >/sys/class/net/$VAR(../../../../@)v$VAR(../../@)/ifalias" -- cgit v1.2.3 From 960a3d656db525f1da2c94bf3c09ff6c2fa7d32a Mon Sep 17 00:00:00 2001 From: John Southworth Date: Thu, 1 Dec 2011 16:52:00 -0800 Subject: 0.19.133 --- debian/changelog | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/debian/changelog b/debian/changelog index 20f0f40b..350b9535 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +vyatta-cfg-system (0.19.133) unstable; urgency=low + + * Change arp_filter for all to 0 to allow vrrp interfaces to override + the default of 1 + * Adjust the sysctl values of vrrp interfaces on master/backup + transitions + * Add handling for address ownership (priority 255) in RFC complient + mode + * Add vrrp interface description + + -- John Southworth Thu, 01 Dec 2011 16:52:00 -0800 + vyatta-cfg-system (0.19.132) unstable; urgency=low * Move vyatta changes to sudoers to separate file -- cgit v1.2.3