Merge pull request #1735 from sever-sever/T4904

T4904: keepalived virtual-server allow multiple ports with fwmark
author: Viacheslav Hletenko <v.gletenko@vyos.io> 2023-01-04 10:51:51 +0200
committer: GitHub <noreply@github.com> 2023-01-04 10:51:51 +0200
commit: f5af95be4f66380d213771b975c63361e27616ef (patch)
tree: 49c9eb0eb50aa33fda890a7b770a60e35a761f33
parent: 6c78e460861419aa7a05a47ee779aaddd37cd14a (diff)
parent: 49234912119c224bf4c28df5573937668d03e651 (diff)
download: vyos-1x-f5af95be4f66380d213771b975c63361e27616ef.tar.gz
vyos-1x-f5af95be4f66380d213771b975c63361e27616ef.zip
5 files changed, 63 insertions, 6 deletions
diff --git a/data/templates/high-availability/keepalived.conf.j2 b/data/templates/high-availability/keepalived.conf.j2
index 706e1c5ae..ebff52e1f 100644
--- a/data/templates/high-availability/keepalived.conf.j2
+++ b/data/templates/high-availability/keepalived.conf.j2
@@ -126,7 +126,12 @@ vrrp_sync_group {{ name }} {
 {% if virtual_server is vyos_defined %}
 # Virtual-server configuration
 {%     for vserver, vserver_config in virtual_server.items() %}
+# Vserver {{ vserver }}
+{%         if vserver_config.port is vyos_defined %}
 virtual_server {{ vserver }} {{ vserver_config.port }} {
+{%         else %}
+virtual_server fwmark {{ vserver_config.fwmark }} {
+{%         endif %}
     delay_loop {{ vserver_config.delay_loop }}
 {%         if vserver_config.algorithm is vyos_defined('round-robin') %}
     lb_algo rr
@@ -156,9 +161,14 @@ virtual_server {{ vserver }} {{ vserver_config.port }} {
 {%             for rserver, rserver_config in vserver_config.real_server.items() %}
     real_server {{ rserver }} {{ rserver_config.port }} {
         weight 1
+{%                 if rserver_config.health_check.script is vyos_defined %}
+        MISC_CHECK {
+            misc_path {{ rserver_config.health_check.script }}
+{%                 else %}
         {{ vserver_config.protocol | upper }}_CHECK {
-{%                 if rserver_config.connection_timeout is vyos_defined %}
+{%                     if rserver_config.connection_timeout is vyos_defined %}
             connect_timeout {{ rserver_config.connection_timeout }}
+{%                     endif %}
 {%                 endif %}
         }
     }
diff --git a/interface-definitions/high-availability.xml.in b/interface-definitions/high-availability.xml.in
index 784e51151..d67a142d1 100644
--- a/interface-definitions/high-availability.xml.in
+++ b/interface-definitions/high-availability.xml.in
@@ -365,7 +365,8 @@
             </properties>
             <defaultValue>nat</defaultValue>
           </leafNode>
-          #include <include/port-number.xml.i>
+          #include <include/firewall/fwmark.xml.i>
+          #include <include/port-number-start-zero.xml.i>
           <leafNode name="persistence-timeout">
             <properties>
               <help>Timeout for persistent connections</help>
@@ -404,7 +405,7 @@
               <help>Real server address</help>
             </properties>
             <children>
-              #include <include/port-number.xml.i>
+              #include <include/port-number-start-zero.xml.i>
               <leafNode name="connection-timeout">
                 <properties>
                   <help>Server connection timeout</help>
@@ -417,6 +418,21 @@
                   </constraint>
                 </properties>
               </leafNode>
+              <node name="health-check">
+                <properties>
+                  <help>Health check script</help>
+                </properties>
+                <children>
+                  <leafNode name="script">
+                    <properties>
+                      <help>Health check script file</help>
+                      <constraint>
+                        <validator name="script"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
             </children>
           </tagNode>
         </children>
diff --git a/interface-definitions/include/firewall/fwmark.xml.i b/interface-definitions/include/firewall/fwmark.xml.i
new file mode 100644
index 000000000..4607ef58f
--- /dev/null
+++ b/interface-definitions/include/firewall/fwmark.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from firewall/fwmark.xml.i -->
+<leafNode name="fwmark">
+  <properties>
+    <help>Match fwmark value</help>
+    <valueHelp>
+      <format>u32:1-2147483647</format>
+      <description>Match firewall mark value</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-2147483647"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/port-number-start-zero.xml.i b/interface-definitions/include/port-number-start-zero.xml.i
new file mode 100644
index 000000000..04a144216
--- /dev/null
+++ b/interface-definitions/include/port-number-start-zero.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from port-number-start-zero.xml.i -->
+<leafNode name="port">
+  <properties>
+    <help>Port number used by connection</help>
+    <valueHelp>
+      <format>u32:0-65535</format>
+      <description>Numeric IP port</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 0-65535"/>
+    </constraint>
+    <constraintErrorMessage>Port number must be in range 0 to 65535</constraintErrorMessage>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/src/conf_mode/high-availability.py b/src/conf_mode/high-availability.py
index 8a959dc79..4ed16d0d7 100755
--- a/src/conf_mode/high-availability.py
+++ b/src/conf_mode/high-availability.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018-2022 VyOS maintainers and contributors
+# Copyright (C) 2018-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -144,8 +144,10 @@ def verify(ha):
     # Virtual-server
     if 'virtual_server' in ha:
         for vs, vs_config in ha['virtual_server'].items():
-            if 'port' not in vs_config:
-                raise ConfigError(f'Port is required but not set for virtual-server "{vs}"')
+            if 'port' not in vs_config and 'fwmark' not in vs_config:
+                raise ConfigError(f'Port or fwmark is required but not set for virtual-server "{vs}"')
+            if 'port' in vs_config and 'fwmark' in vs_config:
+                raise ConfigError(f'Cannot set both port and fwmark for virtual-server "{vs}"')
             if 'real_server' not in vs_config:
                 raise ConfigError(f'Real-server ip is required but not set for virtual-server "{vs}"')
         # Real-server
author	Viacheslav Hletenko <v.gletenko@vyos.io>	2023-01-04 10:51:51 +0200
committer	GitHub <noreply@github.com>	2023-01-04 10:51:51 +0200
commit	f5af95be4f66380d213771b975c63361e27616ef (patch)
tree	49c9eb0eb50aa33fda890a7b770a60e35a761f33
parent	6c78e460861419aa7a05a47ee779aaddd37cd14a (diff)
parent	49234912119c224bf4c28df5573937668d03e651 (diff)
download	vyos-1x-f5af95be4f66380d213771b975c63361e27616ef.tar.gz vyos-1x-f5af95be4f66380d213771b975c63361e27616ef.zip