1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
#!/usr/bin/perl
#
# Module: vyatta-vrrp-state.pl
#
# **** License ****
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# This code was originally developed by Vyatta, Inc.
# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc.
# All Rights Reserved.
#
# Author: Stig Thormodsrud
# Date: October 2007
# Description: Script called on vrrp master state transition
#
# **** End License ****
#
use lib "/opt/vyatta/share/perl5/";
use Vyatta::Keepalived;
use POSIX;
use strict;
use warnings;
sub vrrp_state_log {
my ($state, $intf, $group) = @_;
my $timestamp = strftime("%Y%m%d-%H:%M.%S", localtime);
my $file = Vyatta::Keepalived::get_state_file($intf, $group);
my $time = time();
my $line = "$time $intf $group $state $timestamp";
open my $fh, ">", $file;
print $fh $line;
close $fh;
}
my $vrrp_state = $ARGV[0];
my $vrrp_intf = $ARGV[1];
my $vrrp_group = $ARGV[2];
# transition interface will contain the vmac interface
# when one is present and the vrrp interface when one is not
my $transition_intf = $ARGV[3];
my $vrrp_transitionscript = $ARGV[4];
my @vrrp_vips;
foreach my $arg (5 .. $#ARGV) {
push @vrrp_vips, $ARGV[$arg];
}
my $sfile = Vyatta::Keepalived::get_state_file($vrrp_intf, $vrrp_group);
my ($old_time, $old_intf, $old_group, $old_state, $old_ltime) =
Vyatta::Keepalived::vrrp_state_parse($sfile);
if (defined $old_state and $vrrp_state eq $old_state) {
#
# restarts call the transition script even if it really hasn't
# changed.
#
Vyatta::Keepalived::vrrp_log("$vrrp_intf $vrrp_group same - $vrrp_state");
exit 0;
}
Vyatta::Keepalived::vrrp_log("$vrrp_intf $vrrp_group transition to $vrrp_state");
vrrp_state_log($vrrp_state, $vrrp_intf, $vrrp_group);
if ($vrrp_state eq 'backup') {
# comment out for now, too expensive with lots of vrrp's at boot
# Vyatta::Keepalived::snoop_for_master($vrrp_intf, $vrrp_group,
# $vrrp_vips[0], 60);
# Filter traffic incoming to the vmac interface when in backup state
# Delete the rule then add it to insure that we don't get duplicates
if ($transition_intf =~ m/\w+v\d+/){
system("iptables -t raw -D VYATTA_VRRP_FILTER -i ".$transition_intf." ! -p 112 -j DROP");
system("iptables -t raw -I VYATTA_VRRP_FILTER -i ".$transition_intf." ! -p 112 -j DROP");
my $sysctl_intf = $transition_intf;
$sysctl_intf =~ s/\./\//g;
system("sysctl -w net.ipv4.conf.".$sysctl_intf.".arp_filter=1");
system("sysctl -w net.ipv4.conf.".$sysctl_intf.".accept_local=1");
}
} elsif ($vrrp_state eq 'master') {
#
# keepalived will send gratuitous arp requests on master transition
# but some hosts do not update their arp cache for gratuitous arp
# requests. Some of those host do respond to gratuitous arp replies
# so here we will send 5 gratuitous arp replies also.
#
if ($transition_intf =~ m/\w+v\d+/){
system("iptables -t raw -D VYATTA_VRRP_FILTER -i ".$transition_intf." ! -p 112 -j DROP");
my $sysctl_intf = $transition_intf;
$sysctl_intf =~ s/\./\//g;
system("sysctl -w net.ipv4.conf.".$sysctl_intf.".arp_filter=0");
system("sysctl -w net.ipv4.conf.".$sysctl_intf.".accept_local=1");
}
foreach my $vip (@vrrp_vips) {
system("/usr/bin/arping -A -c5 -I $vrrp_intf $vip");
}
#
# remove the old master file since we are now master
#
my $mfile = Vyatta::Keepalived::get_master_file($vrrp_intf, $vrrp_group);
system("rm -f $mfile");
}
if (!($vrrp_transitionscript eq 'null')){
exec("$vrrp_transitionscript $vrrp_state $vrrp_intf $vrrp_group");
}
exit 0;
# end of file
|
