Hi folks,
this quick email to announce new release, including a lot of extensions. Please, check github commits for credits.
ChangeLog for the release look like :
2015-05-31 Alexandre Cassen <acassen@linux-vs.org>
* keepalived-1.2.17 released.
* zalloc use xalloc for consistency.
* memory: fix wrong size calculation in zfree.
* Fix keepalived snmp configuration.
* Change comments to match kernel style.
* smtp: Fix wrong algorithm in RCPT-TO building.
* vrrp: ICMPv6 : modify the way we copy the src address into the IPv6
header, in order to not overwrite the header' and the 'hop limit' fields
* vrrp: sync status flag (up/down) for _all_ VMAC interfaces.
When using VMAC and running multiple instances on the same interface,
only one of the VMAC interfaces will get its status flag synched.
This commit will update the status flag for _all_ VMAC interfaces attached
to a base interface.
* ipvs: fix segfault crash when parsing SMTP_CHECK config
* ipvs: SMTP_CHECK now respects configured RS port. Before that it always
used the default port 25.
* ipvs: config parser: handler for the end of block. new function
install_sublevel_end_handler(handler).
* ipvs: new log function vlog_message taking varg_list. log_message now
uses format gcc attribute, not the macro wrapper.
* ipvs: bug: check_smtp was logging "#30" instead of RS address do not do
nested va_start/va_end calls in smtp_final.
* ipvs: clarify snmp_check config syntax. Now host{} section is optional,
and all the standard connection options are available in the SNMP_CHECK{}
level, too. If one or many host section persist, those base-level options
are used to specify default values that can be overriden in a host section.
* vrrp: Use literal constants for bit flags Use literal constants for bit
flags of the "debug" global variable Change from using numeric constants
to literal constants for the bit flags of the "debug" global variable.
* vrrp: Backup obtains VIP resulting in a duplicate IP. VRRP backup obtains
VIP resulting in a duplicate IP situation. When a priority change to the
configuration of a Master router drops its priority to below that of a
backup router, the VIP is not released on the Master router leading to
a duplicate IP situation.
* vrrp: Make preempt_delay work more than once.
* vrrp: Changes needed to support AH auth in VMAC mode. Note according to
the RFC this is not a requirement, but we think that our customers will
expect it to work. The RFC actually discourages its use because it adds
little to no additional security. We are still able to interoperate in
RFC mode by not enabling authentication.
* vrrp: Check VRRP header in the IP auth header is correct. In the middle
of vrrp_in_chk, the existing VRRP packet parsing code does
"return vrrp_in_chk_ipsecah(vrrp, buffer);" if the VRRP version is two,
and the authentication type is IP sec authentication, to check whether
or not the IP sec authentication header is valid. However the "instant"
returns means that is the IP sec authentication header is valid, then
the remaining parts of the VRRP packet (VRRP version, VRRP checksum,
VRID, number of VIPs, advertise-interval) are not parsed or validated.
* vrrp: Add support for SNMP trap: vrrpTrapNewMaster.
* vrrp: Add skeleton code for VRRP-MIB.
* vrrp: Check existing VIF and recreate if VMACs are wrong. Although under
normal circumstances we will cleanup VIF interfaces when shutdown, there
are various scenarios were this is not the case. To make the code more
robust, keepalived now performs a check for matching VIF interfaces at
restart, and if the configuration of the VIF matches the current
keepalived configuration it will reuse the VIF. However, should the
configuration be different, keepalived will remove the existing
interface, and then recreate a new VIF interface with the appropriate
configuration. This fix resolves the continuous crash scenario that can
occur when keepalived fails to configure the VIF because one already
exists. It prevents keepalived from reusing a previous VIF interface
which does not completely match it configuration criteria.`
* vrrp: fix snmp code (cosmetic)
* vrrp: Fix the keepalived mib and agentx warnings. During Keepalived
startup, about twenty "duplicate registration" and a couple of "Failed
to connect to the agentx master agent" warning messages were issued.
Pairs of the "Failed to connect" warning messages were logged every two
minutes. The "duplicate registration" warnings happened because VRRP
called snmp_agent_init twice, once for the keepalived-vrrp MIB, and once
for the rfc2787-vrrp MIB, however each call to snmp_agent_init also
tried to register the keepalived-global MIB (which holds data like
Keepalived version number, SMTP server details, and a "from" email
address). It was the second attempt to register this keepalived-global
MIB that generated the "duplicate registration" warning. The registration
of the keepalived-global MIB is now only done once under the control of
a static variable. init_agent is also called just once under the control
of the same static variable to prevent it logging a warning message. The
"Failed to connect" warnings occur because Keepalived does not know how
to connect to the SNMP AgentX master server. By default the Agent X
master server is listening for MIB registrations on a local TCP socket
with a port number of 705.
* vrrp: Fix VRRP preemption taking too long. VRRP preemption may not work
correctly due to group expiry timers being incorrectly manipulated while
running down the MDT. Also, preemption can be disrupted if the VRRP group
receives an advertisement while running down it's timer.
* vrrp: Initial Implementation of VRRP statistics.
. Add VRRP counters, This is needed by the VRRP-MIB, and will provide
better insight into the operation of VRRP for users.
. Add SIGUSR1 and SIGUSR2 handlers
- SIGUSR1 allows users to dump current state of VRRP instacnes to
/tmp/keepalived.data
- SIGUSR2 allows users to dump VRRP counters to /tmp/keepalived.stats
* vrrp: Copy old VRRP stats on reload.
* vrrp: Seperate printing functions from vrrp_daemon.c. Seperate state
printing code from vrrp_daemon.c so that the code is better organized.
* vrrp: Track master router priority in VRRP.
* vrrp: Added 'Master priority' output to show vrrp detail.
* vrrp: Enhance keepalived vrrp to configure mltp-scripts. Currently,
keepalived vrrp only allows to configure single notification script.
This is a limitation ans should be extended so that keepalived vrrp can
notify multiple scripts about vrrp state changes.
* vrrp: Don't display ipsec ah password in log files. When authentication
type is selected as ipsec ah, password should not be displayed in the
log files.
* vrrp: Fix notify upon reload. When a notify script is configured after
Keepalived has been started, if other notify scripts are already
configured, these scripts get reinvoked even if the state has not
changed. This occurs when in backup state. When in master state, no
notifications are sent out at all if a new notify script is configured.
For the backup case, this problem occurs when the daemon is reloaded.
This causes vrrp to leave the state it's currently in, go to the init
state and from there, go back to backup. However, this transition
causes the notify scripts to be invoked, causing a redundant
notification to be sent. For the master case, there is no call to
notify_instance_exec(), hence why no notifications are seen at all.
The solution is to add a new field to the vrrp struct that stores the
notify scripts that were configured before reload. A new function has
been added to take advantage of this new field. Instead of calling
notify_instance_exec() when we are in the init state, we now call
notify_instance_exec_init(). This is a proxy function that modifies
the 'script' member of a vrrp structure to point to a new list
containing only scripts that have not previously been configured,
thereby preventing the sending of notifications that have already been
sent. This new list is created by utilising the new vrrp struct field.
Inside this new function, notify_instance_exec() is called using the
modified VRRP instance. When this call returns, the member is reset
back to its original value.
* vrrp: Keepalived extension to support VRRP version 3. Updated vrrp_header
and _vrrp_t struct to support version 3 params. Support to build vrrp_v3
packet.
* vrrp: Keepalived extension to support VRRP version 3 (2).
* vrrp: Keepalived extension to support VRRP version 3 (3). Timer changes
to support centi-sec.
* vrrp: Keepalived extension to support accept mode for v3.
* vrrp: Fix up limitations of keepalived VRRPv3. The current Keepalived is
supporting IPv6 but it is not fully functional and it is not as per
RFC5798. Following are the issues identified and changes done:
- IPv6 address population.
- Correction of Checksum in case of IPv6.
- Getting source address from received advertisements.
- Populating source address in sent VRRP advertisements.
* vrrp: Improve display output for VRRPv3.
- Changed data-type of mcast_saddr to sockaddr_storage to support IPv6
also.
- Added new parameters version, accept, weight updated advertisement
interval for operational command show output.
* vrrp: MIB enhancements for accept-mode.
* vrrp: Fix mismatched advertisement interval. In VRRP version 3, all
BACKUP routers must set their advertisement intervals to match the current
MASTER's. Although not explicitly stated in RCF5798, when the MASTER falls
over or forfeits its MASTER status, the new MASTER should not continue to
use the old MASTER's advertisement interval value and should instead use
its locally configured value. To achieve this, a new field has been added
to the VRRP structure that stores the most recent advertisement interval
of the current MASTER. We track changes to the current MASTER's interval
and update this new variable accordingly. The value is only updated when
we are in BACKUP state and reconfiguring the local advertisement interval
has no effect on it.
* vrrp: snmp: don't hardcode AgentX socket location. The default location
should be `/var/agentx/master` (as per RFC2741 and this is also the
default for NetSNMP, including on Debian-based distributions). This
default location is set at configure-time for NetSNMP and subagent will
use it automatically (it is also available through `net-snmp-config.h`).
A useful feature would be to have a flag to change that if the user
change this settings in the master agent. This commit just reverts this
change to let SNMP subsystem work as expected for most users.
* vrrp: snmp: restore use of net-snmp-config to build SNMP support. With
a lazy linker, `libnetsnmpmibs` may require some additional libraries
to be linked (like `libsensors`). Therefore, only rely on
`net-snmp-config` to get the appropriate flags.
Also add some additional tests:
- check that we can build a simple executable (NetSNMP can be quite
broken and in this case, the error during compilation is not crystal
clear, checking that in configure is more informative)
- check if we subagent support is compiled in (This is optional and
again, the error is not crystal clear during compilation).
- check that net-snmp/agent/util_funcs.h is present (Due to a flaw in
NetSNMP build process, this header was not installed for quite a long
time, notably on RHEL derivatives; code to handle its absence was
already present in Keepalived).
* vrrp: snmp: don't enable SNMP support automatically.
Most users won't use it and it would fail if NetSNMP is not installed,
unless a user add `--disable-snmp` to configure command line.
* build: move custom include directives (`-I`) first. Some libraries,
notably NetSNMP, may pollute CFLAGS by adding stuff like
`-I/usr/lib/x86_64-linux-gnu/perl/5.20/CORE` in CFLAGS. Instead of
trying to not use CFLAGS from NetSNMP at all (some of those bits are
important as they influence some NetSNMP headers), we ensure that the
bogus include flags are after our own include flags.
* global: Set global data default values after parsing config file.
This patch will defer setting the global data default values until
after the config file has been parsed. This will potentially avoid two
calls to getaddrinfo. For example, if the router_id and/or email_from
parameters are set in the config file, there is no need to call
getaddrinfo twice in order to set a default value. Instead, this patch
will check to see if they values are unset after parsing the config
file. Note that email_from and smtp_connection_to are only set to a
default value if they are unitialized and smtp_server is specified.
* doc: add -x/--snmp flag to keepalived manual page.
* snmp: add -A/--snmp-agent-socket to specify AgentX socket.
Cheers,
Alexandre
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
this quick email to announce new release, including a lot of extensions. Please, check github commits for credits.
ChangeLog for the release look like :
2015-05-31 Alexandre Cassen <acassen@linux-vs.org>
* keepalived-1.2.17 released.
* zalloc use xalloc for consistency.
* memory: fix wrong size calculation in zfree.
* Fix keepalived snmp configuration.
* Change comments to match kernel style.
* smtp: Fix wrong algorithm in RCPT-TO building.
* vrrp: ICMPv6 : modify the way we copy the src address into the IPv6
header, in order to not overwrite the header' and the 'hop limit' fields
* vrrp: sync status flag (up/down) for _all_ VMAC interfaces.
When using VMAC and running multiple instances on the same interface,
only one of the VMAC interfaces will get its status flag synched.
This commit will update the status flag for _all_ VMAC interfaces attached
to a base interface.
* ipvs: fix segfault crash when parsing SMTP_CHECK config
* ipvs: SMTP_CHECK now respects configured RS port. Before that it always
used the default port 25.
* ipvs: config parser: handler for the end of block. new function
install_sublevel_end_handler(handler).
* ipvs: new log function vlog_message taking varg_list. log_message now
uses format gcc attribute, not the macro wrapper.
* ipvs: bug: check_smtp was logging "#30" instead of RS address do not do
nested va_start/va_end calls in smtp_final.
* ipvs: clarify snmp_check config syntax. Now host{} section is optional,
and all the standard connection options are available in the SNMP_CHECK{}
level, too. If one or many host section persist, those base-level options
are used to specify default values that can be overriden in a host section.
* vrrp: Use literal constants for bit flags Use literal constants for bit
flags of the "debug" global variable Change from using numeric constants
to literal constants for the bit flags of the "debug" global variable.
* vrrp: Backup obtains VIP resulting in a duplicate IP. VRRP backup obtains
VIP resulting in a duplicate IP situation. When a priority change to the
configuration of a Master router drops its priority to below that of a
backup router, the VIP is not released on the Master router leading to
a duplicate IP situation.
* vrrp: Make preempt_delay work more than once.
* vrrp: Changes needed to support AH auth in VMAC mode. Note according to
the RFC this is not a requirement, but we think that our customers will
expect it to work. The RFC actually discourages its use because it adds
little to no additional security. We are still able to interoperate in
RFC mode by not enabling authentication.
* vrrp: Check VRRP header in the IP auth header is correct. In the middle
of vrrp_in_chk, the existing VRRP packet parsing code does
"return vrrp_in_chk_ipsecah(vrrp, buffer);" if the VRRP version is two,
and the authentication type is IP sec authentication, to check whether
or not the IP sec authentication header is valid. However the "instant"
returns means that is the IP sec authentication header is valid, then
the remaining parts of the VRRP packet (VRRP version, VRRP checksum,
VRID, number of VIPs, advertise-interval) are not parsed or validated.
* vrrp: Add support for SNMP trap: vrrpTrapNewMaster.
* vrrp: Add skeleton code for VRRP-MIB.
* vrrp: Check existing VIF and recreate if VMACs are wrong. Although under
normal circumstances we will cleanup VIF interfaces when shutdown, there
are various scenarios were this is not the case. To make the code more
robust, keepalived now performs a check for matching VIF interfaces at
restart, and if the configuration of the VIF matches the current
keepalived configuration it will reuse the VIF. However, should the
configuration be different, keepalived will remove the existing
interface, and then recreate a new VIF interface with the appropriate
configuration. This fix resolves the continuous crash scenario that can
occur when keepalived fails to configure the VIF because one already
exists. It prevents keepalived from reusing a previous VIF interface
which does not completely match it configuration criteria.`
* vrrp: fix snmp code (cosmetic)
* vrrp: Fix the keepalived mib and agentx warnings. During Keepalived
startup, about twenty "duplicate registration" and a couple of "Failed
to connect to the agentx master agent" warning messages were issued.
Pairs of the "Failed to connect" warning messages were logged every two
minutes. The "duplicate registration" warnings happened because VRRP
called snmp_agent_init twice, once for the keepalived-vrrp MIB, and once
for the rfc2787-vrrp MIB, however each call to snmp_agent_init also
tried to register the keepalived-global MIB (which holds data like
Keepalived version number, SMTP server details, and a "from" email
address). It was the second attempt to register this keepalived-global
MIB that generated the "duplicate registration" warning. The registration
of the keepalived-global MIB is now only done once under the control of
a static variable. init_agent is also called just once under the control
of the same static variable to prevent it logging a warning message. The
"Failed to connect" warnings occur because Keepalived does not know how
to connect to the SNMP AgentX master server. By default the Agent X
master server is listening for MIB registrations on a local TCP socket
with a port number of 705.
* vrrp: Fix VRRP preemption taking too long. VRRP preemption may not work
correctly due to group expiry timers being incorrectly manipulated while
running down the MDT. Also, preemption can be disrupted if the VRRP group
receives an advertisement while running down it's timer.
* vrrp: Initial Implementation of VRRP statistics.
. Add VRRP counters, This is needed by the VRRP-MIB, and will provide
better insight into the operation of VRRP for users.
. Add SIGUSR1 and SIGUSR2 handlers
- SIGUSR1 allows users to dump current state of VRRP instacnes to
/tmp/keepalived.data
- SIGUSR2 allows users to dump VRRP counters to /tmp/keepalived.stats
* vrrp: Copy old VRRP stats on reload.
* vrrp: Seperate printing functions from vrrp_daemon.c. Seperate state
printing code from vrrp_daemon.c so that the code is better organized.
* vrrp: Track master router priority in VRRP.
* vrrp: Added 'Master priority' output to show vrrp detail.
* vrrp: Enhance keepalived vrrp to configure mltp-scripts. Currently,
keepalived vrrp only allows to configure single notification script.
This is a limitation ans should be extended so that keepalived vrrp can
notify multiple scripts about vrrp state changes.
* vrrp: Don't display ipsec ah password in log files. When authentication
type is selected as ipsec ah, password should not be displayed in the
log files.
* vrrp: Fix notify upon reload. When a notify script is configured after
Keepalived has been started, if other notify scripts are already
configured, these scripts get reinvoked even if the state has not
changed. This occurs when in backup state. When in master state, no
notifications are sent out at all if a new notify script is configured.
For the backup case, this problem occurs when the daemon is reloaded.
This causes vrrp to leave the state it's currently in, go to the init
state and from there, go back to backup. However, this transition
causes the notify scripts to be invoked, causing a redundant
notification to be sent. For the master case, there is no call to
notify_instance_exec(), hence why no notifications are seen at all.
The solution is to add a new field to the vrrp struct that stores the
notify scripts that were configured before reload. A new function has
been added to take advantage of this new field. Instead of calling
notify_instance_exec() when we are in the init state, we now call
notify_instance_exec_init(). This is a proxy function that modifies
the 'script' member of a vrrp structure to point to a new list
containing only scripts that have not previously been configured,
thereby preventing the sending of notifications that have already been
sent. This new list is created by utilising the new vrrp struct field.
Inside this new function, notify_instance_exec() is called using the
modified VRRP instance. When this call returns, the member is reset
back to its original value.
* vrrp: Keepalived extension to support VRRP version 3. Updated vrrp_header
and _vrrp_t struct to support version 3 params. Support to build vrrp_v3
packet.
* vrrp: Keepalived extension to support VRRP version 3 (2).
* vrrp: Keepalived extension to support VRRP version 3 (3). Timer changes
to support centi-sec.
* vrrp: Keepalived extension to support accept mode for v3.
* vrrp: Fix up limitations of keepalived VRRPv3. The current Keepalived is
supporting IPv6 but it is not fully functional and it is not as per
RFC5798. Following are the issues identified and changes done:
- IPv6 address population.
- Correction of Checksum in case of IPv6.
- Getting source address from received advertisements.
- Populating source address in sent VRRP advertisements.
* vrrp: Improve display output for VRRPv3.
- Changed data-type of mcast_saddr to sockaddr_storage to support IPv6
also.
- Added new parameters version, accept, weight updated advertisement
interval for operational command show output.
* vrrp: MIB enhancements for accept-mode.
* vrrp: Fix mismatched advertisement interval. In VRRP version 3, all
BACKUP routers must set their advertisement intervals to match the current
MASTER's. Although not explicitly stated in RCF5798, when the MASTER falls
over or forfeits its MASTER status, the new MASTER should not continue to
use the old MASTER's advertisement interval value and should instead use
its locally configured value. To achieve this, a new field has been added
to the VRRP structure that stores the most recent advertisement interval
of the current MASTER. We track changes to the current MASTER's interval
and update this new variable accordingly. The value is only updated when
we are in BACKUP state and reconfiguring the local advertisement interval
has no effect on it.
* vrrp: snmp: don't hardcode AgentX socket location. The default location
should be `/var/agentx/master` (as per RFC2741 and this is also the
default for NetSNMP, including on Debian-based distributions). This
default location is set at configure-time for NetSNMP and subagent will
use it automatically (it is also available through `net-snmp-config.h`).
A useful feature would be to have a flag to change that if the user
change this settings in the master agent. This commit just reverts this
change to let SNMP subsystem work as expected for most users.
* vrrp: snmp: restore use of net-snmp-config to build SNMP support. With
a lazy linker, `libnetsnmpmibs` may require some additional libraries
to be linked (like `libsensors`). Therefore, only rely on
`net-snmp-config` to get the appropriate flags.
Also add some additional tests:
- check that we can build a simple executable (NetSNMP can be quite
broken and in this case, the error during compilation is not crystal
clear, checking that in configure is more informative)
- check if we subagent support is compiled in (This is optional and
again, the error is not crystal clear during compilation).
- check that net-snmp/agent/util_funcs.h is present (Due to a flaw in
NetSNMP build process, this header was not installed for quite a long
time, notably on RHEL derivatives; code to handle its absence was
already present in Keepalived).
* vrrp: snmp: don't enable SNMP support automatically.
Most users won't use it and it would fail if NetSNMP is not installed,
unless a user add `--disable-snmp` to configure command line.
* build: move custom include directives (`-I`) first. Some libraries,
notably NetSNMP, may pollute CFLAGS by adding stuff like
`-I/usr/lib/x86_64-linux-gnu/perl/5.20/CORE` in CFLAGS. Instead of
trying to not use CFLAGS from NetSNMP at all (some of those bits are
important as they influence some NetSNMP headers), we ensure that the
bogus include flags are after our own include flags.
* global: Set global data default values after parsing config file.
This patch will defer setting the global data default values until
after the config file has been parsed. This will potentially avoid two
calls to getaddrinfo. For example, if the router_id and/or email_from
parameters are set in the config file, there is no need to call
getaddrinfo twice in order to set a default value. Instead, this patch
will check to see if they values are unset after parsing the config
file. Note that email_from and smtp_connection_to are only set to a
default value if they are unitialized and smtp_server is specified.
* doc: add -x/--snmp flag to keepalived manual page.
* snmp: add -A/--snmp-agent-socket to specify AgentX socket.
Cheers,
Alexandre
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users