summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/sync/alarm/script_backup.sh3
-rw-r--r--doc/sync/alarm/script_master.sh4
-rw-r--r--doc/sync/ftfw/keepalived.conf39
-rw-r--r--doc/sync/ftfw/script_backup.sh3
-rw-r--r--doc/sync/ftfw/script_master.sh5
-rw-r--r--doc/sync/keepalived.conf (renamed from doc/sync/alarm/keepalived.conf)9
-rw-r--r--doc/sync/notrack/keepalived.conf39
-rw-r--r--doc/sync/notrack/script_backup.sh3
-rw-r--r--doc/sync/notrack/script_master.sh5
-rwxr-xr-xdoc/sync/primary-backup.sh94
10 files changed, 100 insertions, 104 deletions
diff --git a/doc/sync/alarm/script_backup.sh b/doc/sync/alarm/script_backup.sh
deleted file mode 100644
index 8ea2ad8..0000000
--- a/doc/sync/alarm/script_backup.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-/usr/sbin/conntrackd -B
diff --git a/doc/sync/alarm/script_master.sh b/doc/sync/alarm/script_master.sh
deleted file mode 100644
index 70c26c9..0000000
--- a/doc/sync/alarm/script_master.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-
-/usr/sbin/conntrackd -c
-/usr/sbin/conntrackd -R
diff --git a/doc/sync/ftfw/keepalived.conf b/doc/sync/ftfw/keepalived.conf
deleted file mode 100644
index f937467..0000000
--- a/doc/sync/ftfw/keepalived.conf
+++ /dev/null
@@ -1,39 +0,0 @@
-vrrp_sync_group G1 { # must be before vrrp_instance declaration
- group {
- VI_1
- VI_2
- }
- notify_master /etc/conntrackd/script_master.sh
- notify_backup /etc/conntrackd/script_backup.sh
-# notify_fault /etc/conntrackd/script_fault.sh
-}
-
-vrrp_instance VI_1 {
- interface eth1
- state SLAVE
- virtual_router_id 61
- priority 80
- advert_int 3
- authentication {
- auth_type PASS
- auth_pass papas_con_tomate
- }
- virtual_ipaddress {
- 192.168.0.100 # default CIDR mask is /32
- }
-}
-
-vrrp_instance VI_2 {
- interface eth0
- state SLAVE
- virtual_router_id 62
- priority 80
- advert_int 3
- authentication {
- auth_type PASS
- auth_pass papas_con_tomate
- }
- virtual_ipaddress {
- 192.168.1.100
- }
-}
diff --git a/doc/sync/ftfw/script_backup.sh b/doc/sync/ftfw/script_backup.sh
deleted file mode 100644
index 813e375..0000000
--- a/doc/sync/ftfw/script_backup.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-/usr/sbin/conntrackd -n # request a resync from other nodes via multicast
diff --git a/doc/sync/ftfw/script_master.sh b/doc/sync/ftfw/script_master.sh
deleted file mode 100644
index ff1dbc0..0000000
--- a/doc/sync/ftfw/script_master.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-
-/usr/sbin/conntrackd -c # commit the cache
-/usr/sbin/conntrackd -f # flush the caches
-/usr/sbin/conntrackd -R # resync with kernel conntrack table
diff --git a/doc/sync/alarm/keepalived.conf b/doc/sync/keepalived.conf
index f937467..b7638a7 100644
--- a/doc/sync/alarm/keepalived.conf
+++ b/doc/sync/keepalived.conf
@@ -1,11 +1,14 @@
+#
+# Simple script for primary-backup setups
+#
+
vrrp_sync_group G1 { # must be before vrrp_instance declaration
group {
VI_1
VI_2
}
- notify_master /etc/conntrackd/script_master.sh
- notify_backup /etc/conntrackd/script_backup.sh
-# notify_fault /etc/conntrackd/script_fault.sh
+ notify_master /etc/conntrackd/primary-backup.sh
+ notify_backup /etc/conntrackd/primary-backup.sh
}
vrrp_instance VI_1 {
diff --git a/doc/sync/notrack/keepalived.conf b/doc/sync/notrack/keepalived.conf
deleted file mode 100644
index f937467..0000000
--- a/doc/sync/notrack/keepalived.conf
+++ /dev/null
@@ -1,39 +0,0 @@
-vrrp_sync_group G1 { # must be before vrrp_instance declaration
- group {
- VI_1
- VI_2
- }
- notify_master /etc/conntrackd/script_master.sh
- notify_backup /etc/conntrackd/script_backup.sh
-# notify_fault /etc/conntrackd/script_fault.sh
-}
-
-vrrp_instance VI_1 {
- interface eth1
- state SLAVE
- virtual_router_id 61
- priority 80
- advert_int 3
- authentication {
- auth_type PASS
- auth_pass papas_con_tomate
- }
- virtual_ipaddress {
- 192.168.0.100 # default CIDR mask is /32
- }
-}
-
-vrrp_instance VI_2 {
- interface eth0
- state SLAVE
- virtual_router_id 62
- priority 80
- advert_int 3
- authentication {
- auth_type PASS
- auth_pass papas_con_tomate
- }
- virtual_ipaddress {
- 192.168.1.100
- }
-}
diff --git a/doc/sync/notrack/script_backup.sh b/doc/sync/notrack/script_backup.sh
deleted file mode 100644
index 813e375..0000000
--- a/doc/sync/notrack/script_backup.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-/usr/sbin/conntrackd -n # request a resync from other nodes via multicast
diff --git a/doc/sync/notrack/script_master.sh b/doc/sync/notrack/script_master.sh
deleted file mode 100644
index ff1dbc0..0000000
--- a/doc/sync/notrack/script_master.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-
-/usr/sbin/conntrackd -c # commit the cache
-/usr/sbin/conntrackd -f # flush the caches
-/usr/sbin/conntrackd -R # resync with kernel conntrack table
diff --git a/doc/sync/primary-backup.sh b/doc/sync/primary-backup.sh
new file mode 100755
index 0000000..fddff3b
--- /dev/null
+++ b/doc/sync/primary-backup.sh
@@ -0,0 +1,94 @@
+#!/bin/sh
+#
+# (C) 2008 by Pablo Neira Ayuso <pablo@netfilter.org>
+#
+# This software may be used and distributed according to the terms
+# of the GNU General Public License, incorporated herein by reference.
+#
+# Description:
+#
+# This is the script for primary-backup setups for keepalived
+# (http://www.keepalived.org). You may adapt it to make it work with other
+# high-availability managers.
+#
+# Do not forget to include the required modifications to your keepalived.conf
+# file to invoke this script during keepalived's state transitions.
+#
+# Contributions to improve this script are welcome :).
+#
+
+CONNTRACKD_BIN=/usr/sbin/conntrackd
+CONNTRACKD_LOCK=/var/lock/conntrack.lock
+CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf
+
+case "$1" in
+ master)
+ #
+ # commit the external cache into the kernel table
+ #
+ $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c
+ if [ $? -eq 1 ]
+ logger "ERROR: failed to invoke conntrackd -c"
+
+ #
+ # flush the internal and the external caches
+ #
+ $CONNTRACKD_BIN -C $CONNTRACK_CONFIG -f
+ if [ $? -eq 1 ]
+ logger "ERROR: failed to invoke conntrackd -f"
+
+ #
+ # resynchronize my internal cache to the kernel table
+ #
+ $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -R
+ if [ $? -eq 1 ]
+ logger "ERROR: failed to invoke conntrackd -R"
+ ;;
+ backup)
+ #
+ # is conntrackd running? request some statistics to check it
+ #
+ $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -s
+ if [ $? -eq 1 ]
+ then
+ #
+ # something's wrong, do we have a lock file?
+ #
+ if [ -f $CONNTRACKD_LOCK ]
+ then
+ logger "WARNING: conntrackd was not cleanly stopped."
+ logger "If you suspect that it has crashed:"
+ logger "1) Enable coredumps"
+ logger "2) Try to reproduce the problem"
+ logger "3) Post the coredump to netfilter-devel@vger.kernel.org"
+ rm -f $CONNTRACKD_LOCK
+ fi
+ $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d
+ if [ $? -eq 1 ]
+ then
+ logger "ERROR: cannot launch conntrackd"
+ exit 1
+ fi
+ fi
+ #
+ # shorten kernel conntrack timers to remove the zombie entries.
+ #
+ $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
+ if [ $? -eq 1 ]
+ logger "ERROR: failed to invoke conntrackd -t"
+
+ #
+ # request resynchronization with master firewall replica (if any)
+ # Note: this does nothing in the alarm approach.
+ #
+ $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -n
+ if [ $? -eq 1 ]
+ logger "ERROR: failed to invoke conntrackd -n"
+ ;;
+ *)
+ echo "Usage: primary-backup.sh {primary|backup}"
+ exit 1
+ ;;
+esac
+
+exit 0