3 #################################
4 # interface event script for ctdb
5 # this adds/removes IPs from your
11 [ -z "$CTDB_PUBLIC_ADDRESSES" ] && {
12 CTDB_PUBLIC_ADDRESSES=$CTDB_BASE/public_addresses
15 [ ! -f "$CTDB_PUBLIC_ADDRESSES" ] && {
16 echo "No public addresses file found. Nothing to do for 10.interfaces"
22 local INTERFACES=`cat $CTDB_PUBLIC_ADDRESSES |
23 sed -e "s/^[^\t ]*[\t ]*//" -e "s/,/ /g" -e "s/[\t ]*$//"`
25 [ "$CTDB_PUBLIC_INTERFACE" ] && INTERFACES="$CTDB_PUBLIC_INTERFACE $INTERFACES"
26 [ "$CTDB_NATGW_PUBLIC_IFACE" ] && INTERFACES="$CTDB_NATGW_PUBLIC_IFACE $INTERFACES"
28 local IFACES=`ctdb ifaces -Y | grep -v '^:Name:LinkStatus:References:'`
34 IFACE=`echo -n "$I" | cut -d ':' -f2`
35 INTERFACES="$IFACE $INTERFACES"
38 INTERFACES=`for IFACE in $INTERFACES ; do echo $IFACE ; done | sort | uniq`
43 for IFACE in $INTERFACES ; do
45 local OLDLINK=`echo -n "$IFACES" | grep "^:$IFACE:" | cut -d ':' -f3 | xargs`
46 test -z "$OLDLINK" && {
50 # These interfaces are sometimes bond devices
51 # When we use VLANs for bond interfaces, there will only
52 # be an entry in /proc for the underlying real interface
53 local REALIFACE=`echo $IFACE |sed -e 's/\..*$//'`
54 [ -f /proc/net/bonding/$REALIFACE ] && {
55 grep -q 'Currently Active Slave: None' /proc/net/bonding/$REALIFACE && {
56 echo "ERROR: No active slaves for bond device $REALIFACE"
58 test -n "$OLDLINK" && {
59 ctdb setifacelink $IFACE down
63 grep -q '^MII Status: up' /proc/net/bonding/$REALIFACE || {
64 echo "ERROR: public network interface $REALIFACE is down"
66 test -n "$OLDLINK" && {
67 ctdb setifacelink $IFACE down
71 test -n "$OLDLINK" && {
72 ok=1 # we only set ok for interfaces known to ctdbd
73 ctdb setifacelink $IFACE up
80 # loopback is always working
81 test -n "$OLDLINK" && {
82 ok=1 # we only set ok for interfaces known to ctdbd
83 ctdb setifacelink $IFACE up
87 # we dont know how to test ib links
88 test -n "$OLDLINK" && {
89 ok=1 # we only set ok for interfaces known to ctdbd
90 ctdb setifacelink $IFACE up
95 [ "$(basename $(readlink /sys/class/net/$IFACE/device/driver))" = virtio_net ] ||
96 ethtool $IFACE | grep -q 'Link detected: yes' || {
97 # On some systems, this is not successful when a
98 # cable is plugged but the interface has not been
99 # brought up previously. Bring the interface up and
101 /sbin/ip link set $IFACE up
102 ethtool $IFACE | grep -q 'Link detected: yes' || {
103 echo "ERROR: No link on the public network interface $IFACE"
105 test -n "$OLDLINK" && {
106 ctdb setifacelink $IFACE down
111 test -n "$OLDLINK" && {
112 ok=1 # we only set ok for interfaces known to ctdbd
113 ctdb setifacelink $IFACE up
121 test x"$fail" = x"0" && {
125 test x"$force_fail" != x"0" && {
129 test x"$ok" = x"1" && {
137 #############################
138 # called when ctdbd starts up
140 # make sure that we only respond to ARP messages from the NIC where
141 # a particular ip address is associated.
142 [ -f /proc/sys/net/ipv4/conf/all/arp_filter ] && {
143 echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
145 cat "$CTDB_PUBLIC_ADDRESSES" | cut -d/ -f1 | while read _IP; do
146 _IP_HELD=`/sbin/ip addr show | grep "inet $_IP/"`
147 [ -z "$_IP_HELD" ] || {
148 _IFACE=`echo $_IP_HELD | sed -e "s/.*\s//"`
149 _NM=`echo $_IP_HELD | sed -e "s/.*$_IP\///" -e "s/\s.*//"`
150 echo "Removing public address $_IP/$_NM from device $_IFACE"
151 delete_ip_from_iface $_IFACE $_IP $_NM
156 #############################
157 # called after ctdbd has done its initial recovery
158 # and we start the services to become healthy
165 ################################################
166 # called when ctdbd wants to claim an IP address
169 echo "must supply interface, IP and maskbits"
176 add_ip_to_iface $iface $ip $maskbits || {
180 # cope with the script being killed while we have the interface blocked
181 iptables -D INPUT -i $iface -d $ip -j DROP 2> /dev/null
183 # flush our route cache
184 echo 1 > /proc/sys/net/ipv4/route/flush
188 ##################################################
189 # called when ctdbd wants to release an IP address
192 echo "must supply interface, IP and maskbits"
196 # releasing an IP is a bit more complex than it seems. Once the IP
197 # is released, any open tcp connections to that IP on this host will end
198 # up being stuck. Some of them (such as NFS connections) will be unkillable
199 # so we need to use the killtcp ctdb function to kill them off. We also
200 # need to make sure that no new connections get established while we are
201 # doing this! So what we do is this:
202 # 1) firewall this IP, so no new external packets arrive for it
203 # 2) use netstat -tn to find existing connections, and kill them
204 # 3) remove the IP from the interface
205 # 4) remove the firewall rule
211 # we do an extra delete to cope with the script being killed
212 iptables -D INPUT -i $iface -d $ip -j DROP 2> /dev/null
213 iptables -I INPUT -i $iface -d $ip -j DROP
214 kill_tcp_connections $ip
216 delete_ip_from_iface $iface $ip $maskbits || {
217 iptables -D INPUT -i $iface -d $ip -j DROP 2> /dev/null
221 iptables -D INPUT -i $iface -d $ip -j DROP 2> /dev/null
223 # flush our route cache
224 echo 1 > /proc/sys/net/ipv4/route/flush
227 ##################################################
228 # called when ctdbd wants to update an IP address
231 echo "must supply old interface, new interface, IP and maskbits"
235 # moving an IP is a bit more complex than it seems.
236 # First we drop all traffic on the old interface.
237 # Then we try to add the ip to the new interface and before
238 # we finally remove it from the old interface.
240 # 1) firewall this IP, so no new external packets arrive for it
241 # 2) add the IP to the new interface
242 # 3) remove the IP from the old interface
243 # 4) remove the firewall rule
244 # 5) use ctdb gratiousarp to propagate the new mac address
245 # 6) use netstat -tn to find existing connections, and tickle them
252 # we do an extra delete to cope with the script being killed
253 iptables -D INPUT -i $oiface -d $ip -j DROP 2> /dev/null
254 iptables -I INPUT -i $oiface -d $ip -j DROP
256 # we make sure the interface is up first
257 add_ip_to_iface $niface $ip $maskbits || {
258 iptables -D INPUT -i $oiface -d $ip -j DROP 2> /dev/null
262 delete_ip_from_iface $oiface $ip $maskbits || {
263 delete_ip_from_iface $niface $ip $maskbits
264 iptables -D INPUT -i $oiface -d $ip -j DROP 2> /dev/null
268 # cope with the script being killed while we have the interface blocked
269 iptables -D INPUT -i $oiface -d $ip -j DROP 2> /dev/null
271 # flush our route cache
272 echo 1 > /proc/sys/net/ipv4/route/flush
274 # propagate the new mac address
275 ctdb gratiousarp $ip $niface
277 # tickle all existing connections, so that dropped packets
278 # are retransmited and the tcp streams work
280 tickle_tcp_connections $ip
285 ###########################################
286 # called when ctdbd has finished a recovery
290 ####################################
291 # called when ctdbd is shutting down
299 test x"$ret" = x"2" && {
300 test x"$CTDB_PARTIALLY_ONLINE_INTERFACES" != x"yes" && {
303 # as long as we have one interface available don't become
308 test x"$ret" != x"0" && {
313 ctdb_standard_event_handler "$@"