forked from acassen/keepalived
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathChangeLog
8981 lines (8839 loc) · 495 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2020-06-13 Alexandre Cassen <[email protected]>
This file is now deprecated and wil no longer get updated.
To have detailed informations about new Keepalived release
please refers to :
https://www.keepalived.org/release-notes
2020-01-22 Alexandre Cassen <[email protected]>
* keepalived-2.0.20
* Add DBus interface and config files to snap
* Install DBus files from snap onto host system.
* Fix snap install hook script.
* Set instance_name in child processes after reload
Although the parent process was reinstating the instance_name after
a reload, the child processes were not.
* Remove libxtables-dynamic from keepalived.spec.in
Commit 72c4e54 - "Add support for using iptables to block VMAC IGMP/MLD
messages" removed libxtables-dynamic option, since it was only used to
load the ip_tables/ip6_tables kernel modules, and there was already other
code to load modules. The original commit, however, omitted to update
keepalived.spec.in.
* Include firewalld documentation.
* Improving logging of error if kernel doesn't support PROC_EVENTS
OpenWRT has kernels build with PROC_EEVNS enabled, and it was outputing
an unhelpful error message.
This commit will not log the PROC_EVENTS is not built into the kernel
unless the log detail (-D) option is specified, or the configuration uses
track_process.
* Resolve file descriptor errors on reload
If a read or write thread was on the thread reaady queue when a
reload was processed, the file descriptor was not removed from the
epoll instance.
This commit ensures that file descriptors relating to threads on
the thread ready queue are removed from the epoll instance during
a reload.
* Log correct address family when interface doesn't have required address.
* Stop track_process.h including itself.
* Update package requirements for Debian.
* Add more detailed track-process debugging.
* Fix track_process with PIDs > 32767
* Add more track_process debugging.
* Correct detection of success loading module xt_set.
The detection of success loading the module was reversed, so that
if it failed it thought it was successful, and vice versa. This
meant that if it was not successful loading the module, it would
attempt to use ipsets, and if it was successful loading the module
it would not. If the module was already loaded, then there was no
problem.
* Update info on using nft --debug.
* Add README icon for snaps.
* Fix intermittent "child lost" messages.
Issue #1364 identified that occassionaly a "child lost" message could
be logged. Although keepalived continued working as expected, the
"child lost" message indicated that something wasn't working properly.
If a vrrp track script had a timeout in the script that was the
same as the script timeout configured in keepalived, when the system
was heavily loaded it was possible for the timeout to occur, followed
by the termination before the timeout thread was run, in which case
the termination would be lost because the child thread was no longer
on the child_pid queue, but on the ready queue.
This commit leaves threads on the child_pid queue after a timeout, and
only removes it when the timeout thread is run. That means that if the
termination is received before the timeout thread is run, the thread
(now on the ready queue) can be updated to be a termination rather than
a timeout.
* Add configuration/state dumping for BFD with SIGUSR1.
The VRRP and checker processes dump their configuration/state, and
this commits and the same for the BFD process.
* Stop always going to fault state on reload if have bfd tracker.
On a reload, the state of a new bfd tracker should be set from the
state of the old matching tracker, rather than the other way around.
* Resolve some issues identified by LGTM.
* Clarify in man page when ip_family is required for virtual servers.
* Don't check _WITH_LVS_ defined in chack_data.h
If check_data.h is being included anywhere, then _WITH_LVS_ must
be defined.
* Stop checking that persistence_granularity is a solid netmask for IPv4
ipvsadm and the kernel do not require a solid netmask, so we shouldn't
either.
* Allow persistence_granularity to be 0.0.0.0.
ipvsadm allows the netmask to be 0.0.0.0 and the kernel supports
it, so we should allow it. It is inconsistent with IPv6 which
doesn't allow a mask length of 0.
* Fix ipaddresstos when it is passed a buffer to write string to
Although ipaddresstos() was not correct, since it was never passed
a buffer, the problem never manifested itself.
* Stop segfault at reload when removing a ip rule without from address
Issue #1436 identified that removing an ip rule was causing a segfault
when keepalived reloaded. This is caused by always logging the from
address even if there wasn't one.
* Make bfd0 initialisation structure static.
* Ensure bfd thread_time_to_wakeup() doesn't return "negative" value.
If thread_time_to_wakeup() was called with thread->sands in the
past compared to time_now, the function overflowed and returned an
extremely high value, resulting in the thread not being scheduled
for another 585,000 years or so (on 64 bit systems).
This commit makes thread_time_to_wakeup() return 1 (microsecond) if
thread->sands is earlier than time_now.
* Make bfd's sand_out, sands_exp and sands_rst unsigned.
* Make timer_add_long return TIMER_DISABLED if called with TIMER_NEVER.
* Fix generation of keepalived.spec when libipset disabled.
* Fix building with --enable-debug option, but add deliberate error
Issue #1444 identified that keepalived would not build with the
--enable-debug option. This commits resolves the compilation errors
but also adds a #error statement if --enable-debug is selected, so
that the source code has to be editted to be able to build with the
option.
Since --enable-debug is not expected to work properly and is only
for debugging purposes, the #error statement will stop it being used
accidentally or being enabled in a distro's build of keepalived, for
example as Gentoo had done. Only developers/maintainers who are
prepared to edit the source code will be able to use --enable-debug.
* Make json_writer.c include "assert_debug.h" rather than <assert.h>
This means that the assert() code will only be enabled if the
--enable-asserts configure option is specified.
* Correct description of notify_master_rx_lower_pri in keepalived.conf(5).
* Reorganise debug configuration
--enable-debug enabled several different sets of debugging functionality.
That is now split out into:
--enable-genhash-debug
--enable-checker-debug
--enable-smtp-connect-debug
--enable-mem-err-debug
--enable-one-process-debug
All options except --enable-one-process-debug also require enabling at
runtime. This means that a debug version of keepalived cam be build with
almost all debugging built in, but different debugging can be selectively
enabled at run time, to avoid being overwhelmed with unwanted debug output.
The --enable-debug option now enables all debugging options except
--enable-genhash-debug
--enable-one-process-debug
This is essentially the debug options that can be controlled at run time. It
also sets --enable-log-file so that logging output can be written to log
files rather than syslog.
keepalived -h shows all the built-in debugging options and how to enable
them.
* Turn of checksum debugging unless enabled from command line.
* Clear previous parser errors at startup or when reloading
When keepalived starts, the parent process reads the config. If there
was an error such as a missing } or extra { the skip_block flags was
left set, so when the child processes read the configuration, they
just skipped everything. This also meant that the configuration was
not correctly parser when reloading.
All parser state variables are now reinitialised before the configuration
is read.
* Fix a checker process segfault when reloading with ha_suspend
If ha_suspend was enabled, when the checker process reloaded, it
left an old pointer to the read thread for the netlink monitoring
fd. When the process subsequently terminated, it tried cancelling
the thread using the old pointer, and would often segfault.
This also meant that after a reload, the checker process would no
longer be monitoring address changes, in other words ha_suspend
would not work.
Before a reload, both for the vrrp and the checker process, the
thread is cancelled and the pointer to the thread cleared. After
a reload the checker process now adds a new read thread, so ha_suspend
will continue working after the reload.
* Add signal to trigger thread dump when built with --enable-thread-dump.
* Update snapcraft.yaml to remove Ubuntu 14.04 and add 19.10 kernel.
* Fix building snaps for 5.3 kernel.
* snap: Fix checking for s390x.
* snap: Improving logging of kernel header version in snap build logs.
* snap: Add missing <NL> in snap logs.
* Update nopreempt documentation in keepalived.conf(5) man page
Issue #1457 suggested that the documentation for nopreempt was not
clear, so this update attempts to clarify the situation.
* Fix building with network-timestamp without checksum-debug
Commit 844e197 - "Reorganise debug configuration" had an incorrect
conditional compilation check, which this commit resolves.
* Fix VRRP priority after weighted track files leaving fault state
Issue #1460 identified that the VRRP priority was incorrect after a
weighted track file exited fault state. This commit resolves the issue.
* Correct typo in keepalived.conf(5).
* Fix DNS_CHECK when name ends with a '.'.
Issue #1462 identified that DNS_CHECK was not working with
name example.jp.
It transpired that if the name ended with a '.', the terminating
zero length was not being written to the query packet.
* Fix generation of keepalived.spec
An AM_CONDITIONAL was missing for DEBUG
* Fix vrrp dont_track_primary.
VIPs on the primary interface were causing the interface to be
tracked. keepalived now checks when adding an interface for tracking
VIPs or eVIPs that it is not the primary interface of the vrrp instance
if dont_track_primary is set.
* fix: unknown keyword 'mh-fallback' and 'mh-port'.
* Fix detecting of kill failure for MISC_CHECK scripts
github @lankstra pointed out that the check for kill failing for
misc check scripts was inverted, so this commit corrects that, and
the code now matches the similar code in vrrp_script_child_thread().
* Update Dockerfile
1. Update to use alpine:3.10 as the base container
2. Include libnftnl-dev in the build to support nftables
3. Install automake package for building keepalived
4. Run build_setup
The reason for installing automake and running build_setup is that
if the version of automake is different from what is installed in the
container, then the links set up by automake --add-missing on the host
will not work in the container used for the build.
* Actually update docker to use alpine:3.10.
* Resolve some warnings when building with ulibc.
* Handle a newer libnftnl with an older kernel
To use NFT_LOOKUP_F_INV we need to check that both it and
NFTNL_EXPR_LOOKUP_FLAGS are defined. Previously we only checked
the latter.
* Change order of IPVS commands on quorum change to allow a sorry server
to be the same as a real server.
* Further code to hanve sorry server being same as a real server
Commit 6f03bb2 - "Change order of IPVS commands on quorum change" allowed
a sorry server to be the same as a real server. This commit now adds some
additional code to ensure that it operates without errors being reported.
* Check, report and handle a duplicate real server on a virtual server.
* Change some log_message()s to report_config_error()s in IPVS code.
* Cosmetic alignment corrections in check_data.h.
* Tidy up a Linux version comment in configure.ac.
* Remove configure check for SCHED_RR.
It has existed since at least Linux 2.4.32.
* Add README.kernel_versions to document kernel dependant features.
* Add tools/timed_reload
This script makes keepalived reload its configuration at a specified time.
If there are several keepaliveds running on different systems, then can be
scheduled to all reload at the same time, by running the script on each system.
This is useful if the old and new configurations are not compatible with each
other.
* Add option to set preferred lifetime for static and virtual IPv6 addresses.
Generally virtual ip addresses will want to be deprecated, but static
IPv6 addresses may or may not want to be deprecated. Previously the code
deprecated IPv6 addresses only if that had a /128 mask.
This commit retains the old settings as default, but now allows the
preferred_lft to be specified for each address.
2019-10-19 Alexandre Cassen <[email protected]>
* keepalived-2.0.19
* Allow persistence, scheduler and flags of VS to be changed on reload
A virtual server is identified by its IP address, protocol and port,
or the firewall mark and address family, and not by the persistence
settings or scheduler and scheduler flags. When comparing virtual
servers on a reload, don't check persistence and scheduler settings
match, but update them if necessary.
* Ignore default RS settings when comparing VSs after reload
Various default settings for real servers belonging to a virtual
server can be configured against a virtual server. These settings
should be ignored when comparing virtual servers following a
reload. Any differences in real server settings will be handled
separately.
* Clarify what IPVS persistence engines are supported in man page
* Allow RS forwarding method to be changed on reload
A real server is identified by its IP address and port, and not by
the forwarding method. When comparing real servers on a reload, don't
check the forwarding method, but update it if necessary.
* Check address family when comparing fwmark VSs on reload
* Update test tcp server
* Allow more than one BFD instance with a neighbour
This commit now checks both the neighbour address and the source/local
address when finding a BFD instance. This means that more than one BFD
instance can be set up with the same neighbour, so long as a different
local address is used.
* Make PID files group and world readable
Issue #1378 identified that PID files were created without group
and work read in the file permission bits being set, due to the umask.
This was causing a problem, since a non-root user was needing to read
the PID file.
This commit now forces the file permissions of PID files to be:
owner=rw, group=r, other=r.
* Fix erroneous error message when creating IPv4 ipvlan interfaces
The code was checking for a return value != -1 to identify an error,
whereas it should have been checking for return value != 1.
* Ignore reloading signals till signal_init call
* fix bug in vrrp_json_track_ifp_dump()
* Fix handling unknown user in MISC_CHECK
If the user was unknown, it wasn't dequeuing the new checker, resulting
in a subsequent coredump.
* Fix ~SEQ handling
Commit 47b2207 - "Add const attribute where appropriate in config parser
code" broke handling of ~SEQ, due to including one extra character at the
end of the sequence variable name.
This commit corrects the length of the variable set as part of the ~SEQ
processing.
* Revert "Fix route add/delete on reload if only change via address"
This reverts commit f54c2e8294c6f2080c3ae951ba25bf40d5b8d211.
The commit did the wrong thing: the via address is not part of the
key of the route.
The problem was that if it detected it already had a route with the
same key, it replaced the route, but with the old route and not the
new one. The next commit will rectify this.
* Correct handling of replacing routes on reload
Issue #1390 identified that a route with a changed source address
wasn't being changed on reload, and identified that the problem was
related to issue #1220.
It turns out that commit f54c2e8 which resolved issue #1220 was not
the correct fix. The problem was that when reloading, if a new route
matched an old route, the old route was replaced with the OLD route
(i.e. it did nothing), rather than replacing it with the NEW route.
This commit now replaces the old route with the new route.
* Add addresses/routes/rules in that order and delete in reverse order
Routes can requires addresses to exist in order to be able to add them,
and rules determine which routes are used.
* Fix not logging error on deletion of expired route
* Make netlink_route() return bool, and add some LIST_FOREACH
* Handle changing virtual route to use new VIP on reload
During a reload, routes replacing existing routes are replaced, as
opposed to deleted and added; this avoids the route disappearing for
a short while. However, if a new route uses a VIP that didn't exist
in the old configuration then the route replacement will fail.
The code is now changed so that it attempts to replace the route, but
if that fails, it deletes the old route and later adds the new route
after the new VIPS have been added.
* Don't log EPOLLERR or EPOLLHUP - they can occur with TCP_CHECK
* Fix tcp_server getopt() handling
* Properly handle MISC_CHECK script returning exit status 0
If a MISC_CHECK script returned an exit status >= 2, and then the
script returns 0, the weight of the real server was not updated
following the script returning 0, and the quorum also wasn't updated.
This commit makes keepalived update the weight of a real server and
the quorum following a MISC_CHECK returning a 0 exit status.
This is a change of behaviour for MISC_CHECKs whose scripts return
an exit status >= 2 subsequently followed by an exit status of 0.
However, the new behaviour is consistent with the documentation and
is also the behaviour that would be expected. Some users may need to
modify their MISC_CHECK scripts if the scripts return an exit code >= 2
and subsequently return an exit code of 0 expecting that to mean that
the status hasn't changed.
* Correct documentation re range of values for Virtual Router ID
The valid range of values for the VRID is 1 to 255, and does not
include 0.
* Handle script timeouts when child process has terminated
Issue #1364 identified that if a track script timed out and the kill
of the process failed to to its exit status already having been reaped,
keepalived would never run the track scripts again. It transpires that
the same problem existed with MISC_CHECK scripts.
The commit now ensures that after the timeout the script will be set
to idle state, so that it can be run again.
* Clear thread_master current_event when cleanup thread_master
The current_event was left pointing to an event that had been deleted,
with the consequence that if the next epoll event matched the outdated
current_event, that outdated event could be used.
This commit clears the current_event when the thread_master is cleaned up.
* Add errno numbers to some bfd error messages, rather than just text
Although the strerror() text is helpful, it is often useful just to
know the error number.
* Enable FIFOs to receive initial fault notifications at startup
Issue #1399 identified that if a track_file caused a VRRP instance
to start in fault state, there was no notification of the fault sent
to the notify FIFOs.
This commit implements the suggestion of chenwng in issue #1399 and
moves the opening of the notify FIFOs to earlier in the init process.
* Resolve incorectly identified Coverity error
* Define VRRP and BFD initialisms
* Add support for nftables blocking IGMP/MLD packets on VMAC interfaces
Issue #882 identified that VRRP instances using VMACs sent IGMP/MLD
packets using the MAC address of the VMAC interface even when the
vrrp instance was in backup state. This meant that switches would
update what interface the VRRP MAC address was on to the backup
instance, thereby meaning that until the master instance sent another
advert, packets destined to be forwarded by the master instance would
be delivered to the backup instance and lost.
This commit adds support to use nftables to stop the packets being
send from the VMAC interface (and thereby using the 00:00:5e:00:0x:xx
MAC address), and instead the packets are sent on the parent interface.
How this is acheived depends on whether the kernel supports the dup
statement; if it does the IGMP messages are simply moved from the VMAC
interface to the parent interface otherwise the join groups are done on
both the VMAC interface and the parent interface, and nftables drops
the join messages on the VMAC interface.
This functionality might be better implemented using eBPF, but older
systems don't support that, and I still need to work out how to use
eBPF.
* Add support for using iptables to block VMAC IGMP/MLD messages
Commit b10bbfc2a added support for using nftables to block
IGMP/MLD messages being sent VMAC interfaces. This commit adds
the equivalent functionality using iptables.
* Improve checking of incompatible configure options
* Fix Travis-CI build errors
* Don't attempt to remove IGMP blocking iptables rules for IPVLANs
We don't block IGMP/MLD for IPVLANs so there are no rules to remove.
* Turn off nftables mnl debug logging
* Don't log an error when deleting nonexistant nftable at startup
Since there is no native flush command to the kernel to delete all
the rules, sets, meters etc in a table, we just delete the table,
and if the table doesn't exist an error is returned.
This commits stops the error being logged, since it isn't an error
of interest.
* Minor tidying up of setting up nftables
* Fix error when setting up nftables with eVIPs from other family
The sequence number of nftables netlink messages was getting out
of order when a VRRP instance had both IPv4 and IPv6 entries.
This is now resolved by checking for the existance of residual
tables of both families when keepalived first checks for residual
tables.
* Remove some duplicate nftables code
* Remove inhibit_on_failure from keepalived.conf(5) man page
The inhibit_on_failure keyword does not apply to checkers, and is
not implemented for them.
* Remove vi swap file erroneously included in previous commit
* Add additional logging of reasons for vrrp instances going to fault
Pull request #1353 suggested adding additional logging for reasons
for vrrp instances going to fault state at startup, and for track
file status changes.
This commit merges those changes, fixes one error, and only logs
track file status changes if the -D option (log detail) is set.
* Make skip_check_adv_addr work properly
Keepalived was checking the received advert packet length against
the expected length based on the number of VIPs configured on the
vrrp instance. This commit changes the check so that the received
packet length is checked against the number of VIPs in the VRRP
packet header, thereby ensuring that the advert packet is self
consistent.
The check for the number of addresses is now only done if
skip_check_adr_addr is not set (which matches what the RFC says).
Note: skip_check_adv_addr only skips the check of VIPs in a received
packet if the advert is received from the same master as the previous
advert.
With this commit, if skip_check_adv_addr is set, it is possible to
reload a master instance with a different number of VIPs, and then
subsequently reload the backup instance, without the backup instance
becoming master due to the mismatch of the number of VIPs.
2019-07-26 Alexandre Cassen <[email protected]>
* keepalived-2.0.18
* Set NA_ROUTER flag in gratuitous NA messages appropriately.
Previously keepalived checked the IPv6 forwarding state of the interface/
parent interface of a VRRP instance, and used that for all GNA messages.
However, if addresses are configured on different interfaces, it should
be the setting for the address's interface that is used.
* Fix memory leak with dbus_instance_name.
* Make set_value() add entry for memcheck identifying where called.
* Add configure option --enable-checksum-debug.
Issue #1175 identified that intermittently they were getting VRRPv3
checksum errors. The maintainers of keepalived were unable to reproduce
the problem despite extensive testing, and so a special patch was produced
to check and log any checksum changes from previous adverts sent or received.
Almost two months later there has been no feedback. The patch has now been
forward ported from v2.0.12 to v2.0.17 and is included here, enabled by
--enable-checksum-debug option, so that if there are ever any checksum problems
in the future this code can be used to ascertain what is happening.
* Fix configuring LVS sync daemon in backup state.
Commit eb929f8 - "Stop LVS sync daemon on shutdown" moved shutting
down the LVS sync daemon to the wrong place, so that it was called
whenever a VRRP instance transitioned out of master state. This
commit moves the shutting down of the sync daemon to shutdown phase 1,
and it is shutdown before the VRRP instances are shut down.
* Increase open file limit for checker process if no of checkers need it.
TCP, HTTP/SSL, DNS and SMTP checkers all use a socket. If there is a
sufficiently large number of checkers, the default open file limit may
be exceeded. This commits counts the number of such checkers, and also
thr number of smtp_alerts, and if necessary increases the open file limit
to allow them all to run at once.
* Ensure MISC_CHECK processes don't get increase open file limit.
* When checking number of open files for vrrp process, allow for smtp
alerts.
* Combine checker set_max_file_limit() and set_vrrp_max_fds() common
code.
* DNS_CHECK: correct error info in dns_type_handler func.
Sometimes, users set two type values by mistake in keepalived.conf,
and the first is right and the second one is not in DNS_TYPE[].
Then the dns_check->type is set successfully when parsing first type value
, which may be different from the default SOA. As for the second one,
the dns_type_handler func will print error info "Defaulting to SOA",
actually, currently the dns_check->type may be not equal to SOA.
Here, we will print the dns_type_name(dns_check->type) instead of "SOA".
* Simplify restoring RLIMIT_NOFILE for child processes.
* Simplify handling incorrect dns_check type.
* Add missing track_process documentation to keepalived.conf(5) man
page.
* Add weight "reverse" feature to track_bfd.
The reverse feature allows reducing the priority when the tracker is up
and reducing the priority when the tracker is down.
* Add weight "reverse" feature to track_interface.
The reverse feature allows reducing the priority when the tracker is up
and reducing the priority when the tracker is down.
* Add weight "reverse" feature to track_script.
The reverse feature allows reducing the priority when the tracker is up
and reducing the priority when the tracker is down.
* Update alloc_track_file() and alloc_group_track_file() to be
consistent.
* Allow reverse tracking with weight 0.
This allows a vrrp instance to go to fault state if an interfaces is UP,
or a track script or bfd instance is up, or a track process has achieved
quorum, and down otherwise.
* Fix reverse on track_script when configured on sync group and instance
If a track script was configured on both a vrrp instance and the sync
group that the instance was configured in, then the reverse setting
wasn't being properly carried forward.
* Add weight "reverse" feature to track_file.
The reverse feature allows reducing the priority when the tracker is up
and increasing the priority when the tracker is down.
* Make track_bfd reverse handling consistent with other trackers.
* Add track weight reverse to SNMP output.
* Add vrrp track_bfd details to SNMP output.
* Add vrrp track_process details to SNMP output.
* Disallow --enable-track-process-debug with --disable-track-process.
* Add conditional compilation around track_bfd/process SNMP code.
* Remove duplicate code for parsing vrrp and sync group trackers.
The code for parsing trackers for vrrp instances and sync groups
was to all intents and purposes identical, so this commit now uses
common code for both of them.
* sll_protocol should be set to 0x806.
Some times , send the gratuitous ARP message should set sll_protocol,
let some drivers can evaluate which protocol we use.
* Neighbor discovery set sll_protocol.
* Fix SNMP VRRPv3 IP address OIDs returned.
The OIDs returned for SNMPv3 addresses were incorrectly formatted,
including one extra subid that was the length of the IP address.
* Don't use numeric values of address lengths for VRRP SNMP v3.
* Stop returning not-accessible fields for v2 SNMP.
* Stop return not-accessible fields for v3 SNMP.
* Use common code for VRRP tracker SNMP output.
Many functions were using the same, fairly large, code block to do
the same thing. These are now standardised to use the new function
snmp_find_element().
* make some vrrp snmp function parameters const.
* Make virtual_server_t vsgname const.
* Fix SNMP reporting of virtual server group fwmark and address
ranges.
* More SNMP fixes for virtual server group fwmark and address ranges.
* If virtual server is fwmark and rs's tunnelled, default to IPv4.
If a virtual server uses a fwmark, and all the real servers are
tunnelled, the address family could be IPv4 or IPv6. If the family
is not specified, default to IPv4 (to match behavious of ipvsadm).
* Make LIST_SIZE safe to use if list is not assigned.
* Optimisations to snmp_header_list_table().
* Optimisations to snmp_find_element().
* Further optimisation to snmp_find_element().
* Add support for IPVS GUE tunnel type
This functionality was introduced in Linux 5.2.
To view the IPVS setup with ipvsadm requires ipvsadm v1.30 plus
commits 2347b504e3ce and c3c2c3c6ae12e3.
* Add support for IPVS GUE tunnel checksum option.
The kernel functionality is scheduled for Linux 5.3.
* Add support for IPVS GRE tunnels.
The kernel functionality is scheduled for Linux 5.3.
In addition to the ipvsadm patch requirements identified for GUE
tunnels, the patch at
* Add pure attribute to http_get_check_compare().
GCC was suggesting adding the pure attribute to http_get_check_compare()
so let's do so.
* Resolve warnings from gcc 9.1.1.
* Resolve all outstanding coverity issues.
* Fix use of getrandom() in BFD rand_intv().
* When resetting priority of child process, don't change parent's priority
Issue 1358 identified that it was the priority of the parent process,
rather than the child process, that was being reset. This commit corrects
that and resets the priority of the child process.
* Add missing bfd_instance vrrp and checker keyword documentation.
* Don't send bfd events to vrrp or checker process if no
configuration.
If there is no vrrp configuration, or no checker configuration, there
is no point sending bfd_event notifications to the relevant processes.
Actually, since the processes may not be running, sending such
notifications can cause the pipes to become full, so it is necessary,
as well as desirable, not to write events to the pipes in those
circumstances.
* Revert use of getrandom() for bfd jitter.
This can be called up to 1000 times a second per bfd instance, and
so risks emptying the entropy pool.
* Use random() rather than rand() in bfd rand_intv().
The rest of keepalived uses random(), so this changes creates more
consistency.
* Allow bfd discriminator to be an odd number.
rand_intv(1, UINT32_MAX) was always returning an even number, since
RAND_MAX == UINT32_MAX / 2. This commit sets the lsb of the discriminator
to the lsb of the current time in seconds.
* Ensure BFD source port in range 49152..65535.
RFC5881 requires the source port for BFD packets to be in the above
range, but keepalived was allowing the port to be randomly generated
by the kernel, and hence could be outside the range.
This commit sets the permitted port range to the intersection of
[49152, 65535] and the values in /proc/sys/net/ipv4/ip_local_port_range,
unless the intersection is too small, in which case it just uses the BFD
specified values.
keepalived generates a random port number in the required range, and then
loops through the range starting from the random port number until it
finds one it can bind to.
* Resolve coverity resource leak issue 218872.
* Resolve coverity Resource leak issue 218875.
* Resolve coverity Resource leak issue 218876.
* Resolve coverity Unexpected control flow issue 218873.
* Change code to avoid coverity String length miscalculation issue 218874
The code was correct, but as coverity points out, strlen(str + 1) is more
likely to be an error for strlen(str) + 1, so avoid the use of the former
construct.
2019-06-25 Alexandre Cassen <[email protected]>
* keepalived-2.0.17
* Add support to define CPU affinity for vrrp, checker & bfd processes
Created 3 new configurations keywords to set CPU affinity of Keepalived
processes : vrrp_cpu_affinity, checker_cpu_affinity & bfd_cpu_affinity
This option can be used to force vrrp, checker and bfd processes to run
on a restricted CPU set. You can either bind processes to a single CPU
or define a set of cpu. In that last case Linux kernel will be restricted
to that cpu set during scheduling. Forcing process binding to single CPU
can increase performances on heavy loaded box. for example:
"vrrp_cpu_affinity 2" will force vrrp process to run on cpu_id 2
"vrrp_cpu_affinity 2 3" will retrict kernel scheduling decision over
cpu_id 2 & 3.
* correct syntax error when _HAVE_VRRP_VMAC_ && no HAVE_IFLA_LINK_NETNSID.
* Stage libmnl and libnftnl4.
* Add dynamic download of kernels using scriplets Also added
Linux 5.0.0 build.
* Example build using EOL kernel from old-releases.
* Modify snapcraft.yaml to dynamically source correct kernel versions.
* dump processes CPU Affinity while dumping global conf.
Add support to dump CPU Affinity for each Keepalived processes where
CPU Affinity has been changed by configuration.
* Don't enclose /dev/tcp/127.0.0.1/22 in ' chars when running as script
RedHat identified a problem with scripts like:
vrrp_script {
script "</dev/tcp/127.0.0.1/22"
}
where returning an exit code of 127 (script not found).
This was identified to be due to the "script" being enclosed in '
characters, so the resulting system call was
system("'</dev/tcp/127.0.0.1/22'"), which failed. Not adding the leading
and trailing ' characters when the first character of the script is '<'
or '>' resolves the problem.
* Add support for use_ipvlan (use an ipvlan i/f similar to use_vmac)
Issue #1170 identified that use_vmac didn't work with systemd-networkd
since systemd-networkd was removing IP addresses created by keepalived
(and any other application). It was discovered that systemd-networkd
did not remove IP addresses from ipvlans.
This commit adds support for ipvlans, but to work around the problem,
and because it might have other uses.
Systemd commit - https://github.com/systemd/systemd/pull/12511 has added
configuration options to stop systemd-networkd removing IP addresses
added by other applications, but it is not merged yet, and it will be a
while before all the distros merge it.
* Fix building with ipvlans before IFLA_IPVLAN_FLAGS was defined.
* Default IPVLANs to bridge mode
We shouldn't change the behaviour if a kernel is upgraded, so
default to the original mode supported.
* Ensure that -lm linker library flag is always set
configure was testing whether it was necessary to add the -lm option,
but for some reason gcc adds it itself if -Os is not specified, but
does not add it if -Os is specified. Consequently if configure was
run without -Os, and make was run with -Os the link failed.
The commit ensures that -lm is always used.
* Handle checking for -Wl,-z,relro and -Wl,-z,now properly.
* Honour CFLAGS, CPPFLAGS, LDLIBS and LDFLAGS settings when configure runs.
* Propogate CFLAGS, CPPFLAGS, LDFLAGS and LDLIBS from configure to make files
Make sure any settings in CFLAGS etc at the time configure is run are added
to the Makefiles, to ensure that the make is run in the same environement
that configure is run in.
* Use CFLAGS, CPPFLAGS, LDFLAGS and LDLIBS correctly
Use the correct variable for the relevant option type, e.g. -llib
should be in LDLIBS, not LDFLAGS, and -Ddefn should be in CPPFLAGS
not CFLAGS.
* Fix non-ipvlan interfaces broken by adding ipvlans.
* Check bfd instance name length before copying.
* Add lib/container.h to avoid duplicate definition of container_of.
* Revisited code to use const declaration where appropriate.
* Add STRDUP/STRNDUP functions.
* Add FREE_CONST, FREE_CONST_ONLY and REALLOC_CONST.
* Change thread_t * to thread_ref_t except in thread handler code
Treat the thread reference as a handle, so that the only code that
manipulates thread structures is in the scheduler.
* Add STRDUPs in check_data.
* Add STRDUP in bfp parser code.
* -U flags should be included in CPPFLAGS
* Update track_process documentation.
Issue #1265 requested further clarify regarding the track_process
process specification and use of quote marks.
* Fix building on Linux 3.13 (required for building snaps)
* Ensure 4 extra parameters are set for notify scripts with no shebang.
* Streamline functions returning string matching a define.
* Make addattr8/16/32/64 and rta_addrattr8/16/32/64 inline functions
Since these functions simply call addattr_l/rta_addattr_l, making the
functions inline removes the overhead of one function call.
* Add genhash option -P to select HTTP 1.1 or 1.0 with Connection: close
Max Kellerman ([email protected]) submitted pull request #1260
to add "Connection: close" to the HTTP header sent by genhash. In order
to maintain backwards compatibility, this has been implemented as an
option '-P 1.0C'. In addition, '-P 1.1' requests that a version 1.1
header is sent (which includes 'Connection: close').
* Add http_protocol option for HTTP_GET and SSL_GET checkers.
To be consistent with commit 2ff56f5 - "Add genhash option -P
to select HTTP 1.1 or 1.0 with Connection: close", this commit
adds the http_protocol keyword for HTTP_GET and SSL_GET checkers.
'http_protocol 1.0C' adds 'Connection: close' to a 1.0 header, and
'http_protocol 1.1' sends an HTTP/1.1 header, which includes the
'Connection: close' option.
* Tidy up the recieve message processing code loops in genhash.
* Add genhash -t timeout option.
* Simplify thread process in genhash after send HTTP request.
* support http status_code group
The origin status_code only support one specific code, now we can
support http status_code of the same class. That's to say, we can
use 1xx to represent 100-199, 2xx means 200-299 ans so on.
eg: The configure as follows:
url {
path /index.html
status_code 2xx 3xx
}
which means we consider all status_code range in [200,399] is ok.
Of course the following configure is either 200 or [300,399] is ok.
url {
path /index.html
status_code 2xx 3xx
}
* Fix compiler warnings introduced in commit c7c23a2
Commit c7c23a2 - "support http status_code group" introduced
two compiler warnings, due to isdigit() being undeclared, and
a shadows declaration. These warnings are now resolved.
* Use standard bit testing and setting functions
Commit c7c23a2 - "support http status_code group" added additional
bit testing and setting functions, rather than using the already
defined ones in bitops.h.
This commit also resolves the assumption that longs are 64 bits, and
will allow the code to work with longs of any length.
The original commit would cause all status codes 100 to 599 to be
written when the configuration was dumped, regardless of whether
the specific codes were set. This commit now writes the status codes
in ranges.
Finally, if no status code is configured, it sets the bits for the
default status codes (200-299).
* Change how http status codes are configured
Commit c7c23a2 - "support http status_code group" allowed status codes to
be specified as 2xx, meaning 200-299. This commit changes the configuration
so that 2xx etc is no longer used, but status code ranges can be specified,
e.g. status_code 150 180-189 200-299 503 510-520
* Update documentation for commit c7c23a2.
* Fix a memory leak and duplicate free in HTTP_GET checker.
* Fix sending SMTP alerts
Issue #1275 identified that SMTP alerts were not working. The SMTP alerts
were broken by commit 5860cf2 - "Make checker fail if ENETUNREACH returned
by connect()", since the SMTP state machine was not updated to handle the
addition value in enum connect_result.
This commit adds code to handle the additional enum, but also makes the
code less sensitive to such changes, and more likely to produce compiler
warnings/errors if appropriate updates are not done in the future.
* Fix various compilation warnings with certain configure options.
* Update location of PID file to match Filesystem Hierarchy Standard v3.0
Issue #1277 identified that PID files should be created in /run rather
than /var/run, and that systemd logged a warning if the service file
specified PIDFile under /var/run.
This commit now makes keepalived use the appropriate directory for PID
files as determined by configued (rather than doing its own thing), and
configure now uses /run in preference to /var/run.
* Stop LVS sync daemon on shutdown
The shutdown of the sync daemon was delayed to phase 2 of the shutdown
which meant that the controlling VRRP instance could never be in the
master state. We now stop the sync daemon in phase 1, when the VRRP
instance is transitioned out of master state.
* Use -isystem rather than -I for path to kernel headers
Using -isystem rather than -I allows the dispensation for some warnings
to system headers to apply to the kernel header tree we are specifying.
This stops some warnings that would not occur with kernel headers under
/usr/include but that were being generated when -I was used (it
nevertheless has helped identify two bugs).
* Ensure check system headers for definition of NFT_TABLE_MAXNAMELEN
Prior to Linux 4.1 NFT_TABLE_MAXNAMELEN was not defined, but we must
include linux/netfilter/nf_tables.h before checking whether it is
defined or not!
* Improved configure testing for <linux/netfilter/nf_tables.h>
* Add warning -Wwrite-strings and resolve new warnings.
* Add -Wdouble-promotion and resolve new warnings.
* Add -Wformat-signedness and resolve new warnings.
* Fix building on Ubuntu 16.04 with --disable-vrrp
The addition of including <inttypes.h> was needed on Ubuntu 16.04,
whereas it wasn't necessary on Fedora or Debian.
* Explicitly include <inttypes.h> where print format names are used.
* Add more -Wformat-* options and resolve new warnings.
* Add -Wframe-larger-than=5120
The largest frame is just under 4200 bytes (which may be more than we
want anyway), but adding this warning will at least tell us if a stupidly
large frame is created in the future.
* Fix spelling of -Wmissing-field-initializers.
* Fix definition of PRI_rlim_t generated by configure on 32 bit systems.
* Rseolve warning re >=0 comparison for unsigned value.
* add min max judge
Although even if min > max, the code works well. We better to print
the error config to let the user know this.
* Ensure correct definition of MAX_ADDR_LEN is used
<net/if_arp.h> defines MAX_ADDR_LEN as 7, and <linux/netdevice.h>
defines MAX_ADDR_LEN as 32. We need to ensure we have the longer one.
* update doc samples of keepalived.conf.status_code.
* Fix compiling on Alpine Linux 3.7.
* Update list of packages to install on Alpine Linux.
* Send GARP/NA message when leaving fault state if using unicast
If the master's ARP entry for a backup route has expired and we are
using a short advert interval (< 0.5 seconds), then the backup router
could timeout receiving adverts before the master sends its next
ARP/NDISC message; until it has had a reply to that it cannot send any
adverts to the backup router in question.
This commit makes a VRRP instance that is using unicast send a GARP/NA
when it transitions out of fault state, to ensure that the master (or
local router) can send adverts to us immediately.
* track_process: handle different threads having different names
prctl(PR_SET_NAME) is a per thread property, not a per process
property, so when a PROC_EVENT_COMM event is received, we need to
check that the tid == pid, so ensure that only the main (initial)
thread that COMM changes are considered for.
* Fix some log_message for specifiers in track_process.c.
* Fix for JSON characters escaping.
* Don't attempt to create a macvlan when using an ipvlan
netlink_link_add_vmac() detected an interface had been created, and
so didn't attempt to create a macvlan, but netlink_link_add_vmac()
shouldn't be called in this circumstance.
* On reload, report addresses being removed as removed, not thos remaining.
* Don't add further iptables entries on reload when using ipsets.
* Stop deleting VMAC/IPVLAN interfaces on reload when still needed.
* Fix formatting of email To: line.
* Improve efficiency of setting up SMTP headers.
* Fix segfault when we do not config vsg.
* Fix issues reported by coverty (unchecked return value, buffer overrun,
Logically dead code, uinitialized var, explicit null dereferenced, ...)
* Resolve compiler warning in list_sort().
* genhash: make printssl a static function.
* Change strncpy() to strcpy_safe() in smtp_final().
* Convert some snmp list loops to use LIST_FOREACH.
* Make inet_stosockaddr() return bool rather than int.
* Fix checking for VMAC/IPVLAN no longer used after reload
Pull request 1310 identified that there was a problem building
keepalived with VLANs but without ipvlans. The code that needed
changing was also incorrect so this commit resolves both issues.
* Fix false-positive send_instance_notifies calls
Issue #1311 identified that duplicate notifies were being sent on
a reload, and pull request #1312 provided a fix. Unfortunately other
intervening commits stopped the original patch applying, so this
updates the original patch.
The patch also stops duplicate logging of vrrp instance states on
reload when there has been no change.
* Set thread parameter value explicitly to 0 when add timer thread
It is possible for a function to be called either from a timer thread
or an event thread. When an event thread is added, a vlue can be passed
which will be passed to the function, but currently there is no way to
set the value for a timer thread (a function thread_add_timer_val() can
be added when needed), but in order to allow the value to be used with
an event thread, it needs to be explicitly set to something when called
via a timer thread, so just set it to 0.
* Remove VRRP_DISPATCHER definition - it was not used.
* Some minor tweaks for the format of keepalived.data.
* Make track_process, parser and dump_keywords --debug options.
* Change default to not check for EINTR if use signalfd.
* Don't send prio 0 adverts for deleted VRRP instance that wasn't master
When a VRRP instance ceases to exist following a config reload, we must
only send priority 0 adverts if the deleted instance was in master state
prior to the reload.
* Send notifies when vrrp instance deleted on reload
This commit makes notifies be send saying that the instance is in
fault state, since that is the closest we have to the instance being
deleted (the instance can't run since it is deleted which is quiet
similar to being in fault state).
* Streamline some HTTP_GET code.
* Simplify HTTP_GET epilog parameters
Parameters t and c weren't needed, since they can be determined from
the method parameter if we add REGISTER_CHECKER_FAILED.
* Set checker->has_run for HTTP_GET after failure
The behaviour we want after a failure of checking a URL at startup
is the same as if all checks had completed, so if there is a failure,
just set checker->has_run.
* Make http_get url_it point to list element rather than a counter
This makes fetching the next URL more efficient.
* When we run the initial HTTP_GET check, we don't want any retries
It isn't only the first URL that shouldn't have retries, but all of
them. This commit implements that.
* When an HTTP_GET url check fails, keep checking that URL until success
When a URL check has failed, there is no point checking other URLs until
we know the one that has failed is working again. The approach now is
that the failed URL is checked until it is Ok again, and then all the URLs
are checked before the checker is successful. This will reduce the recovery
time once the failed URL recovers.
* When starting up, don't delay between checking all the URLs
When we start up, particularly in alpha mode, we want to check the
URLs as quickly as possible, so don't delay by delay_loop between
checking each URL, but check them immediately one after the other.
* After HTTP_GET URL failure, delay max of delay_loop and delay_before_retry.
* After an HTTP_GET failure, check the URLs without any delay
This means that recovery will occur as quickly as possible.
* Some cosmetic changes to check_ssl.c.
* Add option fast_recovery for HTTP_GET.
Commits 3027e0c - "When starting up, don't delay between checking all the
URLs" and 86e02dd - "After an HTTP_GET failure, check the URLs without
any delay" removed the delay between URL checks both at startup and after
a URL check failure. This commit makes that options, and it will only do
the fast checking if fast_recovery is configured against the checker.
* Make set_value() check for missing parameter
Pull request #1308 identifed that if set_value() was called when
there wasn't a parameter on the command line, keepalived could
segfault since NULL was returned (examples were HTTP_GET with an
empty path specified, and DNS_CHECK with empty name).
This commit modifies set_value() so that keepalived will exit if
it is called with no keyword parameter is missing. Uses of
set_value() where no parameter did not cause a problem (e.g. where
the whole option was optional, such as virtual_host) now check if
the parameter is mising and report a configuration error.
* Handle vrrp tracked interfaces being down on reload
If the base interface of a vmac interface was down on reload, the
vrrt instance would not come back up after the base interface came
back up.
* Don't log error when sending priority 0 advert after interface goes down.
* Cosmetic change to address_exist().
* Add information regarding SElinux and keepalived.
* Fix overflow status code
Under normal circumstances, status_code returns 100-599,
but if it is a constructed abnormal reply message,
it may be out of the range, resulting in the status_code
array out of bounds, and then keepalived segfault.
* Ensure HTTP status code is preceeded by a space character.
* Fix setting existing macvlan etc base interfaces at startup.
* Add further SELinux references.
* Resolve implicit declaration of function ‘strdup’ warning.
* Allow location of /run dir to be specified to configure
The commit adds configure option --with-run-dir=PATH
* Fix reloading when interfaces deleted and recreated
If have macvlans on a real interface, with vmacs configured on the
macvlans and the macvlans are deleted, the vmacs from them are removed
from the configuration, the configuration is reloaded, and this is done
for more than one macvlan, and then the configuration is reinstated
one by one with the configuration being reloaded, keepalived was
incorrectly setting some of the vrrp instances to fault state. This commit
resolves the issues.
2019-05-03 Alexandre Cassen <[email protected]>
* keepalived-2.0.16
* Add log_unknown_vrids keyword.
Commit 21e6f5f added logging when a VRRP packet was received on an
interface and the VRID in the advert was not configured on that
interface.
Due to valid uses of keepalived having a VRRP instance on an
interface, but there being other, independent, VRRP instances with
different VRIDs on the same interface, this patch only enables logging
of unknown VRIDs if it is specifically configured.
* Stop segfault when reload and using -x option.
* Fix compilation error found by Travis-CI.
* Fix a couple of typos.
* Ensure check command line when needed for track process.
* Check if comm really changed when get PROC_EVENT_COMM_CHANGE.
* Fix debounce delay handling for track_process.
* Optimise add_process().
* Remove processes no longer being monitored.
* Optimise check_process().
* Ignore process threads for track_process.
* Allow matching of process parameters in track_process
This additional functionality was requested in issue #1190.
* Allow separate delay timers for fork and process exit in
track_process.
* Add quorum_max for track_process.
This allows track_process to go to fault state if more than a
specified number of instances of a process are running. In particular
it can go to fault state if more than one instance is running, and
also if any instance of a process is running.
* Add configuring process name.
With up to 4 processes running all named keepalived, it can be
difficult to know which is which. The commit adds the option to
allow process name to be set independantly for each process.
* Handle macvlans/macvtaps being moved into different namespace from parent
If a macvlan or macvtap interface is moved into a different namespace from
its parent, and the interface is in the namespace in which keepalived is
running, keepalived is unable to get information about, or configure, the
parent interface. In this case, treat the macvlan/macvtap interface as though
it doesn't have a parent interface.
There are a couple of consequences of this in this situation:
1) If a vrrp instance is configured with use_vmac and its configured interface
is such a macvlan/macvtap interface, keepalived cannot ensure that the
arp_ignore and arp_filter settings are correct on the parent
2) keepalived cannot check that there a not duplicate VRIDs being used on the
interface.
* Typo writing word error fix.
* Add vrrp instance priority change notifications on FIFOs only.
Issue #1213 requested notification of vrrp instance priority changes,
and this commit implements that with new FIFO messages:
INSTANCE "VI_0" MASTER_PRIORITY 220
INSTANCE "VI_0" BACKUP_PRIORITY 254
This has been implemented via notify FIFOs only, since the order of
processing of scripts is indeterminate if events happen quickly in
succession, potentially causing the last processed priority by a
script not to be the lastest priority, and using SMTP notification
would be ridiculous.
* Allow user and group ownership of FIFOs to be configured.
* Remove extraneous debugging message from process_name commit
Commit 4ad6d11 - "Add configuring process name" accidentally left
a debugging log message in the code. This commit removes it.
* Fix FREE error if tracked process has no parameters.
* Fix track processes when reloading.
* Fix route add/delete on reload if only change via address
If a virtual_iproute
src 100.100.100.100 2.2.2.2/32 via 100.100.100.2 dev eth0
is changed to
src 100.100.100.100 2.2.2.2/32 via 100.100.100.1 dev eth0
on a reload the route didn't get updated. The reason is that the
via address wasn't used in the comparison of routes, so keepalived
didn't detect that it had changed.
* Define TASK_COMM_LEN rather than use numbers in code.
* Fix promote_secondaries.
* Add snmpd.service to keepalived.service if SNMP enabled.
* Add issue templates for github.
* Make utils.c function parameters const where appropriate.
* Add missing info to check process dump file.
* Make ipvs_talk() error message more meaningful
The error message used to just output the IPVS command number, now
the name of the command is reported too.
* Make more use of LIST_FOREACH in ipwrapper.c.
* Change VS_ISEQ etc to be functions and correct them.
* Resolve removing virtual servers in virtual server groups after
reloading.
* Update NOTE_vrrp_vmac.txt re sysctl settings.
* Ignore base interfaces of macvlans if in a different namespace.