1 <?xml version="1.0" encoding="iso-8859-1"?>
3 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
4 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
6 <refentry id="ctdb-script.options.5">
9 <refentrytitle>ctdb-script.options</refentrytitle>
10 <manvolnum>5</manvolnum>
11 <refmiscinfo class="source">ctdb</refmiscinfo>
12 <refmiscinfo class="manual">CTDB - clustered TDB database</refmiscinfo>
16 <refname>ctdb-script.options</refname>
17 <refpurpose>CTDB scripts configuration files</refpurpose>
21 <title>DESCRIPTION</title>
24 Each CTDB script has 2 possible locations for its configuration options:
31 <filename>/usr/local/etc/ctdb/script.options</filename>
35 This is a catch-all global file for general purpose
36 scripts and for options that are used in multiple event
44 <parameter>SCRIPT</parameter>.options
49 <filename><parameter>SCRIPT</parameter></filename> are
50 placed in a file alongside the script, with a ".script"
51 suffix added. This style is usually recommended for event
56 Options in this script-specific file override those in
65 For short-term backward compatibility the CTDB configuration
67 <citerefentry><refentrytitle>ctdbd.conf</refentrytitle>
68 <manvolnum>5</manvolnum></citerefentry>) is also loaded.
72 These files should include simple shell-style variable
73 assignments and shell-style comments.
79 <title>NETWORK CONFIGURATION</title>
82 <title>10.interface</title>
85 This event script handles monitoring of interfaces using by
93 CTDB_PARTIALLY_ONLINE_INTERFACES=yes|no
97 Whether one or more offline interfaces should cause a
98 monitor event to fail if there are other interfaces that
99 are up. If this is "yes" and a node has some interfaces
100 that are down then <command>ctdb status</command> will
101 display the node as "PARTIALLYONLINE".
105 Note that CTDB_PARTIALLY_ONLINE_INTERFACES=yes is not
106 generally compatible with NAT gateway or LVS. NAT
107 gateway relies on the interface configured by
108 CTDB_NATGW_PUBLIC_IFACE to be up and LVS replies on
109 CTDB_LVS_PUBLIC_IFACE to be up. CTDB does not check if
110 these options are set in an incompatible way so care is
111 needed to understand the interaction.
124 <title>11.natgw</title>
127 Provides CTDB's NAT gateway functionality.
131 NAT gateway is used to configure fallback routing for nodes
132 when they do not host any public IP addresses. For example,
133 it allows unhealthy nodes to reliably communicate with
134 external infrastructure. One node in a NAT gateway group will
135 be designated as the NAT gateway master node and other (slave)
136 nodes will be configured with fallback routes via the NAT
137 gateway master node. For more information, see the
138 <citetitle>NAT GATEWAY</citetitle> section in
139 <citerefentry><refentrytitle>ctdb</refentrytitle>
140 <manvolnum>7</manvolnum></citerefentry>.
146 <term>CTDB_NATGW_DEFAULT_GATEWAY=<parameter>IPADDR</parameter></term>
149 IPADDR is an alternate network gateway to use on the NAT
150 gateway master node. If set, a fallback default route
151 is added via this network gateway.
154 No default. Setting this variable is optional - if not
155 set that no route is created on the NAT gateway master
162 <term>CTDB_NATGW_NODES=<parameter>FILENAME</parameter></term>
165 FILENAME contains the list of nodes that belong to the
166 same NAT gateway group.
171 <parameter>IPADDR</parameter> <optional>slave-only</optional>
175 IPADDR is the private IP address of each node in the NAT
179 If "slave-only" is specified then the corresponding node
180 can not be the NAT gateway master node. In this case
181 <varname>CTDB_NATGW_PUBLIC_IFACE</varname> and
182 <varname>CTDB_NATGW_PUBLIC_IP</varname> are optional and
187 <filename>/usr/local/etc/ctdb/natgw_nodes</filename> when enabled.
193 <term>CTDB_NATGW_PRIVATE_NETWORK=<parameter>IPADDR/MASK</parameter></term>
196 IPADDR/MASK is the private sub-network that is
197 internally routed via the NAT gateway master node. This
198 is usually the private network that is used for node
208 <term>CTDB_NATGW_PUBLIC_IFACE=<parameter>IFACE</parameter></term>
211 IFACE is the network interface on which the
212 CTDB_NATGW_PUBLIC_IP will be configured.
221 <term>CTDB_NATGW_PUBLIC_IP=<parameter>IPADDR/MASK</parameter></term>
224 IPADDR/MASK indicates the IP address that is used for
225 outgoing traffic (originating from
226 CTDB_NATGW_PRIVATE_NETWORK) on the NAT gateway master
227 node. This <emphasis>must not</emphasis> be a
228 configured public IP address.
237 <term>CTDB_NATGW_STATIC_ROUTES=<parameter>IPADDR/MASK[@GATEWAY]</parameter> ...</term>
240 Each IPADDR/MASK identifies a network or host to which
241 NATGW should create a fallback route, instead of
242 creating a single default route. This can be used when
243 there is already a default route, via an interface that
244 can not reach required infrastructure, that overrides
245 the NAT gateway default route.
248 If GATEWAY is specified then the corresponding route on
249 the NATGW master node will be via GATEWAY. Such routes
251 <varname>CTDB_NATGW_DEFAULT_GATEWAY</varname> is not
252 specified. If GATEWAY is not specified for some
253 networks then routes are only created on the NATGW
254 master node for those networks if
255 <varname>CTDB_NATGW_DEFAULT_GATEWAY</varname> is
259 This should be used with care to avoid causing traffic
260 to unnecessarily double-hop through the NAT gateway
261 master, even when a node is hosting public IP addresses.
262 Each specified network or host should probably have a
263 corresponding automatically created link route or static
275 <title>Example</title>
277 CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes
278 CTDB_NATGW_PRIVATE_NETWORK=192.168.1.0/24
279 CTDB_NATGW_DEFAULT_GATEWAY=10.0.0.1
280 CTDB_NATGW_PUBLIC_IP=10.0.0.227/24
281 CTDB_NATGW_PUBLIC_IFACE=eth0
285 A variation that ensures that infrastructure (ADS, DNS, ...)
286 directly attached to the public network (10.0.0.0/24) is
287 always reachable would look like this:
290 CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes
291 CTDB_NATGW_PRIVATE_NETWORK=192.168.1.0/24
292 CTDB_NATGW_PUBLIC_IP=10.0.0.227/24
293 CTDB_NATGW_PUBLIC_IFACE=eth0
294 CTDB_NATGW_STATIC_ROUTES=10.0.0.0/24
297 Note that <varname>CTDB_NATGW_DEFAULT_GATEWAY</varname> is
305 <title>13.per_ip_routing</title>
308 Provides CTDB's policy routing functionality.
312 A node running CTDB may be a component of a complex network
313 topology. In particular, public addresses may be spread
314 across several different networks (or VLANs) and it may not be
315 possible to route packets from these public addresses via the
316 system's default route. Therefore, CTDB has support for
317 policy routing via the <filename>13.per_ip_routing</filename>
318 eventscript. This allows routing to be specified for packets
319 sourced from each public address. The routes are added and
320 removed as CTDB moves public addresses between nodes.
324 For more information, see the <citetitle>POLICY
325 ROUTING</citetitle> section in
326 <citerefentry><refentrytitle>ctdb</refentrytitle>
327 <manvolnum>7</manvolnum></citerefentry>.
332 <term>CTDB_PER_IP_ROUTING_CONF=<parameter>FILENAME</parameter></term>
335 FILENAME contains elements for constructing the desired
336 routes for each source address.
340 The special FILENAME value
341 <constant>__auto_link_local__</constant> indicates that no
342 configuration file is provided and that CTDB should
343 generate reasonable link-local routes for each public IP
350 <parameter>IPADDR</parameter> <parameter>DEST-IPADDR/MASK</parameter> <optional><parameter>GATEWAY-IPADDR</parameter></optional>
356 <filename>/usr/local/etc/ctdb/policy_routing</filename>
364 CTDB_PER_IP_ROUTING_RULE_PREF=<parameter>NUM</parameter>
368 NUM sets the priority (or preference) for the routing
369 rules that are added by CTDB.
373 This should be (strictly) greater than 0 and (strictly)
374 less than 32766. A priority of 100 is recommended, unless
375 this conflicts with a priority already in use on the
377 <citerefentry><refentrytitle>ip</refentrytitle>
378 <manvolnum>8</manvolnum></citerefentry>, for more details.
385 CTDB_PER_IP_ROUTING_TABLE_ID_LOW=<parameter>LOW-NUM</parameter>,
386 CTDB_PER_IP_ROUTING_TABLE_ID_HIGH=<parameter>HIGH-NUM</parameter>
390 CTDB determines a unique routing table number to use for
391 the routing related to each public address. LOW-NUM and
392 HIGH-NUM indicate the minimum and maximum routing table
393 numbers that are used.
397 <citerefentry><refentrytitle>ip</refentrytitle>
398 <manvolnum>8</manvolnum></citerefentry> uses some
399 reserved routing table numbers below 255. Therefore,
400 CTDB_PER_IP_ROUTING_TABLE_ID_LOW should be (strictly)
405 CTDB uses the standard file
406 <filename>/etc/iproute2/rt_tables</filename> to maintain
407 a mapping between the routing table numbers and labels.
408 The label for a public address
409 <replaceable>ADDR</replaceable> will look like
410 ctdb.<replaceable>addr</replaceable>. This means that
411 the associated rules and routes are easy to read (and
416 No default, usually 1000 and 9000.
423 <title>Example</title>
425 CTDB_PER_IP_ROUTING_CONF=/usr/local/etc/ctdb/policy_routing
426 CTDB_PER_IP_ROUTING_RULE_PREF=100
427 CTDB_PER_IP_ROUTING_TABLE_ID_LOW=1000
428 CTDB_PER_IP_ROUTING_TABLE_ID_HIGH=9000
435 <title>91.lvs</title>
438 Provides CTDB's LVS functionality.
442 For a general description see the <citetitle>LVS</citetitle>
443 section in <citerefentry><refentrytitle>ctdb</refentrytitle>
444 <manvolnum>7</manvolnum></citerefentry>.
451 CTDB_LVS_NODES=<parameter>FILENAME</parameter>
455 FILENAME contains the list of nodes that belong to the
461 <parameter>IPADDR</parameter> <optional>slave-only</optional>
465 IPADDR is the private IP address of each node in the LVS
469 If "slave-only" is specified then the corresponding node
470 can not be the LVS master node. In this case
471 <varname>CTDB_LVS_PUBLIC_IFACE</varname> and
472 <varname>CTDB_LVS_PUBLIC_IP</varname> are optional and
477 <filename>/usr/local/etc/ctdb/lvs_nodes</filename> when enabled.
484 CTDB_LVS_PUBLIC_IFACE=<parameter>INTERFACE</parameter>
488 INTERFACE is the network interface that clients will use
489 to connection to <varname>CTDB_LVS_PUBLIC_IP</varname>.
490 This is optional for slave-only nodes.
498 CTDB_LVS_PUBLIC_IP=<parameter>IPADDR</parameter>
502 CTDB_LVS_PUBLIC_IP is the LVS public address. No
514 <title>SERVICE CONFIGURATION</title>
517 CTDB can be configured to manage and/or monitor various NAS (and
518 other) services via its eventscripts.
522 In the simplest case CTDB will manage a service. This means the
523 service will be started and stopped along with CTDB, CTDB will
524 monitor the service and CTDB will do any required
525 reconfiguration of the service when public IP addresses are
530 <title>20.multipathd</title>
533 Provides CTDB's Linux multipathd service management.
537 It can monitor multipath devices to ensure that active paths
544 CTDB_MONITOR_MPDEVICES=<parameter>MP-DEVICE-LIST</parameter>
548 MP-DEVICE-LIST is a list of multipath devices for CTDB to monitor?
559 <title>31.clamd</title>
562 This event script provide CTDB's ClamAV anti-virus service
567 This eventscript is not enabled by default. Use <command>ctdb
568 enablescript</command> to enable it.
575 CTDB_MANAGES_CLAMD=yes|no
579 Should CTDB manage ClamAV?
589 CTDB_CLAMD_SOCKET=<parameter>FILENAME</parameter>
593 FILENAME is the socket to monitor ClamAV.
606 <title>40.vsftpd</title>
609 Provides CTDB's vsftpd FTP service management.
614 <term>CTDB_MANAGES_VSFTPD=yes|no</term>
617 Should CTDB manage the vsftpd FTP server?
628 <title>41.httpd</title>
631 Provides CTDB's Apache web service management.
637 CTDB_MANAGES_HTTPD=yes|no
641 Should CTDB manage the Apache web server?
652 <title>49.winbind</title>
655 Provides CTDB's Samba winbind service management.
662 CTDB_MANAGES_WINBIND=yes|no
666 Should CTDB manage Winbind?
676 CTDB_SERVICE_WINBIND=<parameter>SERVICE</parameter>
680 Distribution specific SERVICE for managing winbindd.
683 Default is "winbind".
693 <title>50.samba</title>
696 Provides the core of CTDB's Samba file service management.
703 CTDB_MANAGES_SAMBA=yes|no
707 Should CTDB manage Samba?
717 CTDB_SAMBA_CHECK_PORTS=<parameter>PORT-LIST</parameter>
721 When monitoring Samba, check TCP ports in
722 space-separated PORT-LIST.
725 Default is to monitor ports that Samba is configured to listen on.
732 CTDB_SAMBA_SKIP_SHARE_CHECK=yes|no
736 As part of monitoring, should CTDB skip the check for
737 the existence of each directory configured as share in
738 Samba. This may be desirable if there is a large number
749 CTDB_SERVICE_NMB=<parameter>SERVICE</parameter>
753 Distribution specific SERVICE for managing nmbd.
756 Default is distribution-dependant.
762 CTDB_SERVICE_SMB=<parameter>SERVICE</parameter>
766 Distribution specific SERVICE for managing smbd.
769 Default is distribution-dependant.
779 <title>60.nfs</title>
782 This event script (along with 06.nfs) provides CTDB's NFS
787 This includes parameters for the kernel NFS server.
788 Alternative NFS subsystems (such as <ulink
789 url="https://github.com/nfs-ganesha/nfs-ganesha/wiki">NFS-Ganesha</ulink>)
790 can be integrated using <varname>CTDB_NFS_CALLOUT</varname>.
797 CTDB_MANAGES_NFS=yes|no
801 Should CTDB manage NFS?
811 CTDB_NFS_CALLOUT=<parameter>COMMAND</parameter>
815 COMMAND specifies the path to a callout to handle
816 interactions with the configured NFS system, including
817 startup, shutdown, monitoring.
820 Default is the included
821 <command>nfs-linux-kernel-callout</command>.
828 CTDB_NFS_CHECKS_DIR=<parameter>DIRECTORY</parameter>
832 Specifies the path to a DIRECTORY containing files that
833 describe how to monitor the responsiveness of NFS RPC
834 services. See the README file for this directory for an
835 explanation of the contents of these "check" files.
838 CTDB_NFS_CHECKS_DIR can be used to point to different
839 sets of checks for different NFS servers.
842 One way of using this is to have it point to, say,
843 <filename>/usr/local/etc/ctdb/nfs-checks-enabled.d</filename>
844 and populate it with symbolic links to the desired check
845 files. This avoids duplication and is upgrade-safe.
849 <filename>/usr/local/etc/ctdb/nfs-checks.d</filename>,
850 which contains NFS RPC checks suitable for Linux kernel
858 CTDB_NFS_SKIP_SHARE_CHECK=yes|no
862 As part of monitoring, should CTDB skip the check for
863 the existence of each directory exported via NFS. This
864 may be desirable if there is a large number of exports.
874 CTDB_RPCINFO_LOCALHOST=<parameter>IPADDR</parameter>|<parameter>HOSTNAME</parameter>
878 IPADDR or HOSTNAME indicates the address that
879 <command>rpcinfo</command> should connect to when doing
880 <command>rpcinfo</command> check on IPv4 RPC service during
881 monitoring. Optimally this would be "localhost".
882 However, this can add some performance overheads.
885 Default is "127.0.0.1".
892 CTDB_RPCINFO_LOCALHOST6=<parameter>IPADDR</parameter>|<parameter>HOSTNAME</parameter>
896 IPADDR or HOSTNAME indicates the address that
897 <command>rpcinfo</command> should connect to when doing
898 <command>rpcinfo</command> check on IPv6 RPC service
899 during monitoring. Optimally this would be "localhost6"
900 (or similar). However, this can add some performance
911 CTDB_NFS_STATE_FS_TYPE=<parameter>TYPE</parameter>
915 The type of filesystem used for a clustered NFS' shared
923 CTDB_NFS_STATE_MNT=<parameter>DIR</parameter>
927 The directory where a clustered NFS' shared state will be
938 <title>70.iscsi</title>
941 Provides CTDB's Linux iSCSI tgtd service management.
948 CTDB_MANAGES_ISCSI=yes|no
952 Should CTDB manage iSCSI tgtd?
962 CTDB_START_ISCSI_SCRIPTS=<parameter>DIRECTORY</parameter>
966 DIRECTORY on shared storage containing scripts to start
967 tgtd for each public IP address.
985 CTDB checks the consistency of databases during startup.
989 <title>00.ctdb</title>
994 <term>CTDB_MAX_CORRUPT_DB_BACKUPS=<parameter>NUM</parameter></term>
997 NUM is the maximum number of volatile TDB database
998 backups to be kept (for each database) when a corrupt
999 database is found during startup. Volatile TDBs are
1000 zeroed during startup so backups are needed to debug
1001 any corruption that occurs before a restart.
1015 <title>SYSTEM RESOURCE MONITORING</title>
1023 Provides CTDB's filesystem and memory usage monitoring.
1027 CTDB can experience seemingly random (performance and other)
1028 issues if system resources become too constrained. Options in
1029 this section can be enabled to allow certain system resources
1030 to be checked. They allows warnings to be logged and nodes to
1031 be marked unhealthy when system resource usage reaches the
1032 configured thresholds.
1036 Some checks are enabled by default. It is recommended that
1037 these checks remain enabled or are augmented by extra checks.
1038 There is no supported way of completely disabling the checks.
1045 CTDB_MONITOR_FILESYSTEM_USAGE=<parameter>FS-LIMIT-LIST</parameter>
1049 FS-LIMIT-LIST is a space-separated list of
1050 <parameter>FILESYSTEM</parameter>:<parameter>WARN_LIMIT</parameter><optional>:<parameter>UNHEALTHY_LIMIT</parameter></optional>
1051 triples indicating that warnings should be logged if the
1052 space used on FILESYSTEM reaches WARN_LIMIT%. If usage
1053 reaches UNHEALTHY_LIMIT then the node should be flagged
1054 unhealthy. Either WARN_LIMIT or UNHEALTHY_LIMIT may be
1055 left blank, meaning that check will be omitted.
1059 Default is to warn for each filesystem containing a
1061 (<literal>volatile database directory</literal>,
1062 <literal>persistent database directory</literal>,
1063 <literal>state database directory</literal>)
1064 with a threshold of 90%.
1071 CTDB_MONITOR_MEMORY_USAGE=<parameter>MEM-LIMITS</parameter>
1075 MEM-LIMITS takes the form
1076 <parameter>WARN_LIMIT</parameter><optional>:<parameter>UNHEALTHY_LIMIT</parameter></optional>
1077 indicating that warnings should be logged if memory
1078 usage reaches WARN_LIMIT%. If usage reaches
1079 UNHEALTHY_LIMIT then the node should be flagged
1080 unhealthy. Either WARN_LIMIT or UNHEALTHY_LIMIT may be
1081 left blank, meaning that check will be omitted.
1084 Default is 80, so warnings will be logged when memory
1092 CTDB_MONITOR_SWAP_USAGE=<parameter>SWAP-LIMITS</parameter>
1096 SWAP-LIMITS takes the form
1097 <parameter>WARN_LIMIT</parameter><optional>:<parameter>UNHEALTHY_LIMIT</parameter></optional>
1098 indicating that warnings should be logged if
1099 swap usage reaches WARN_LIMIT%. If usage reaches
1100 UNHEALTHY_LIMIT then the node should be flagged
1101 unhealthy. Either WARN_LIMIT or UNHEALTHY_LIMIT may be
1102 left blank, meaning that check will be omitted.
1105 Default is 25, so warnings will be logged when swap
1118 <title>EVENT SCRIPT DEBUGGING</title>
1122 debug-hung-script.sh
1128 <term>CTDB_DEBUG_HUNG_SCRIPT_STACKPAT=<parameter>REGEXP</parameter></term>
1131 REGEXP specifies interesting processes for which stack
1132 traces should be logged when debugging hung eventscripts
1133 and those processes are matched in pstree output.
1134 REGEXP is an extended regexp so choices are separated by
1135 pipes ('|'). However, REGEXP should not contain
1136 parentheses. See also
1137 <citetitle>CTDB_DEBUG_HUNG_SCRIPT</citetitle>.
1140 Default is "exportfs|rpcinfo".
1151 <title>FILES</title>
1154 <member><filename>/usr/local/etc/ctdb/script.options</filename></member>
1159 <title>SEE ALSO</title>
1161 <citerefentry><refentrytitle>ctdbd</refentrytitle>
1162 <manvolnum>1</manvolnum></citerefentry>,
1164 <citerefentry><refentrytitle>ctdb</refentrytitle>
1165 <manvolnum>7</manvolnum></citerefentry>,
1167 <ulink url="http://ctdb.samba.org/"/>
1174 This documentation was written by
1182 <holder>Andrew Tridgell</holder>
1183 <holder>Ronnie Sahlberg</holder>
1187 This program is free software; you can redistribute it and/or
1188 modify it under the terms of the GNU General Public License as
1189 published by the Free Software Foundation; either version 3 of
1190 the License, or (at your option) any later version.
1193 This program is distributed in the hope that it will be
1194 useful, but WITHOUT ANY WARRANTY; without even the implied
1195 warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
1196 PURPOSE. See the GNU General Public License for more details.
1199 You should have received a copy of the GNU General Public
1200 License along with this program; if not, see
1201 <ulink url="http://www.gnu.org/licenses"/>.
git.samba.org / metze / samba / wip.git / blob