3 #################################
4 # interface event script for ctdb
5 # this adds/removes IPs from your
11 [ -z "$CTDB_PUBLIC_ADDRESSES" ] && {
12 CTDB_PUBLIC_ADDRESSES=$CTDB_BASE/public_addresses
15 [ ! -f "$CTDB_PUBLIC_ADDRESSES" ] && {
21 local INTERFACES=`cat $CTDB_PUBLIC_ADDRESSES |
22 sed -e "s/^[^\t ]*[\t ]*//" -e "s/,/ /g" -e "s/[\t ]*$//"`
24 [ "$CTDB_PUBLIC_INTERFACE" ] && INTERFACES="$CTDB_PUBLIC_INTERFACE $INTERFACES"
25 [ "$CTDB_NATGW_PUBLIC_IFACE" ] && INTERFACES="$CTDB_NATGW_PUBLIC_IFACE $INTERFACES"
27 local IFACES=`ctdb ifaces -Y | grep -v '^:Name:LinkStatus:References:'`
33 IFACE=`echo -n "$I" | cut -d ':' -f2`
34 INTERFACES="$IFACE $INTERFACES"
37 INTERFACES=`for IFACE in $INTERFACES ; do echo $IFACE ; done | sort | uniq`
41 for IFACE in $INTERFACES ; do
43 ip addr show $IFACE 2>/dev/null >/dev/null || {
44 echo Interface $IFACE does not exist but it is used by public addresses.
48 # These interfaces are sometimes bond devices
49 # When we use VLANs for bond interfaces, there will only
50 # be an entry in /proc for the underlying real interface
51 local REALIFACE=`echo $IFACE |sed -e 's/\..*$//'`
52 [ -f /proc/net/bonding/$REALIFACE ] && {
53 grep -q 'Currently Active Slave: None' /proc/net/bonding/$REALIFACE && {
54 echo "ERROR: No active slaves for bond device $REALIFACE"
56 ctdb setifacelink $IFACE down >/dev/null 2>/dev/null
59 grep -q '^MII Status: up' /proc/net/bonding/$REALIFACE || {
60 echo "ERROR: public network interface $REALIFACE is down"
62 ctdb setifacelink $IFACE down >/dev/null 2>/dev/null
65 grep -q '^Bonding Mode: IEEE 802.3ad Dynamic link aggregation' /proc/net/bonding/$REALIFACE && {
66 grep 'MII Status:' /proc/net/bonding/$REALIFACE | tail -n +2 | grep -q '^MII Status: up' || {
67 echo No active slaves for 802.ad bond device $REALIFACE
68 ctdb setifacelink $IFACE down >/dev/null 2>/dev/null
73 ok=1 # we only set ok for interfaces known to ctdbd
74 ctdb setifacelink $IFACE up >/dev/null 2>/dev/null
80 # loopback is always working
81 ok=1 # we only set ok for interfaces known to ctdbd
82 ctdb setifacelink $IFACE up >/dev/null 2>/dev/null
85 # we dont know how to test ib links
86 ok=1 # we only set ok for interfaces known to ctdbd
87 ctdb setifacelink $IFACE up >/dev/null 2>/dev/null
91 [ "$(basename $(readlink /sys/class/net/$IFACE/device/driver) 2>/dev/null)" = virtio_net ] ||
92 ethtool $IFACE | grep -q 'Link detected: yes' || {
93 # On some systems, this is not successful when a
94 # cable is plugged but the interface has not been
95 # brought up previously. Bring the interface up and
97 /sbin/ip link set $IFACE up
98 ethtool $IFACE | grep -q 'Link detected: yes' || {
99 echo "ERROR: No link on the public network interface $IFACE"
101 ctdb setifacelink $IFACE down >/dev/null 2>/dev/null
105 ok=1 # we only set ok for interfaces known to ctdbd
106 ctdb setifacelink $IFACE up >/dev/null 2>/dev/null
113 test x"$fail" = x"0" && {
117 test x"$ok" = x"1" && {
125 #############################
126 # called when ctdbd starts up
128 # make sure that we only respond to ARP messages from the NIC where
129 # a particular ip address is associated.
130 [ -f /proc/sys/net/ipv4/conf/all/arp_filter ] && {
131 echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
135 #############################
136 # called after ctdbd has done its initial recovery
137 # and we start the services to become healthy
139 # Assume all links are good initially
140 INTERFACES=`for IFACE in $INTERFACES ; do echo $IFACE ; done | sort | uniq`
142 for IFACE in $INTERFACES ; do
143 ctdb setifacelink $IFACE down >/dev/null 2>/dev/null
151 ################################################
152 # called when ctdbd wants to claim an IP address
155 echo "must supply interface, IP and maskbits"
162 add_ip_to_iface $iface $ip $maskbits || {
166 # cope with the script being killed while we have the interface blocked
167 iptables -D INPUT -i $iface -d $ip -j DROP 2> /dev/null
169 # flush our route cache
170 echo 1 > /proc/sys/net/ipv4/route/flush
174 ##################################################
175 # called when ctdbd wants to release an IP address
178 echo "must supply interface, IP and maskbits"
182 # releasing an IP is a bit more complex than it seems. Once the IP
183 # is released, any open tcp connections to that IP on this host will end
184 # up being stuck. Some of them (such as NFS connections) will be unkillable
185 # so we need to use the killtcp ctdb function to kill them off. We also
186 # need to make sure that no new connections get established while we are
187 # doing this! So what we do is this:
188 # 1) firewall this IP, so no new external packets arrive for it
189 # 2) use netstat -tn to find existing connections, and kill them
190 # 3) remove the IP from the interface
191 # 4) remove the firewall rule
197 # we do an extra delete to cope with the script being killed
198 iptables -D INPUT -i $iface -d $ip -j DROP 2> /dev/null
199 iptables -I INPUT -i $iface -d $ip -j DROP
200 kill_tcp_connections $ip
202 delete_ip_from_iface $iface $ip $maskbits || {
203 iptables -D INPUT -i $iface -d $ip -j DROP 2> /dev/null
207 iptables -D INPUT -i $iface -d $ip -j DROP 2> /dev/null
209 # flush our route cache
210 echo 1 > /proc/sys/net/ipv4/route/flush
213 ##################################################
214 # called when ctdbd wants to update an IP address
217 echo "must supply old interface, new interface, IP and maskbits"
221 # moving an IP is a bit more complex than it seems.
222 # First we drop all traffic on the old interface.
223 # Then we try to add the ip to the new interface and before
224 # we finally remove it from the old interface.
226 # 1) firewall this IP, so no new external packets arrive for it
227 # 2) add the IP to the new interface
228 # 3) remove the IP from the old interface
229 # 4) remove the firewall rule
230 # 5) use ctdb gratiousarp to propagate the new mac address
231 # 6) use netstat -tn to find existing connections, and tickle them
238 # we do an extra delete to cope with the script being killed
239 iptables -D INPUT -i $oiface -d $ip -j DROP 2> /dev/null
240 iptables -I INPUT -i $oiface -d $ip -j DROP
242 delete_ip_from_iface $oiface $ip $maskbits 2>/dev/null
243 delete_ip_from_iface $niface $ip $maskbits 2>/dev/null
245 add_ip_to_iface $niface $ip $maskbits || {
246 iptables -D INPUT -i $oiface -d $ip -j DROP 2> /dev/null
250 # cope with the script being killed while we have the interface blocked
251 iptables -D INPUT -i $oiface -d $ip -j DROP 2> /dev/null
253 # flush our route cache
254 echo 1 > /proc/sys/net/ipv4/route/flush
256 # propagate the new mac address
257 ctdb gratiousarp $ip $niface
259 # tickle all existing connections, so that dropped packets
260 # are retransmited and the tcp streams work
262 tickle_tcp_connections $ip
267 ###########################################
268 # called when ctdbd has finished a recovery
272 ####################################
273 # called when ctdbd is shutting down
281 test x"$ret" = x"2" && {
282 test x"$CTDB_PARTIALLY_ONLINE_INTERFACES" != x"yes" && {
285 # as long as we have one interface available don't become
290 test x"$ret" != x"0" && {
295 ctdb_standard_event_handler "$@"