diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 index b13c7d540..2cbf7ec79 100755 --- a/heartbeat/IPaddr2 +++ b/heartbeat/IPaddr2 @@ -1,938 +1,938 @@ #!/bin/sh # # $Id: IPaddr2.in,v 1.24 2006/08/09 13:01:54 lars Exp $ # # OCF Resource Agent compliant IPaddr2 script. # # Based on work by Tuomo Soini, ported to the OCF RA API by Lars # Marowsky-Brée. Implements Cluster Alias IP functionality too. # # Cluster Alias IP cleanup, fixes and testing by Michael Schwartzkopff # # # Copyright (c) 2003 Tuomo Soini # Copyright (c) 2004-2006 SUSE LINUX AG, Lars Marowsky-Brée # All Rights Reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of version 2 of the GNU General Public License as # published by the Free Software Foundation. # # This program is distributed in the hope that it would be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # # Further, this software is distributed without any warranty that it is # free of the rightful claim of any third person regarding infringement # or the like. Any license provided herein, whether implied or # otherwise, applies only to this software file. Patent licenses, if # any, provided herein do not apply to combinations of this program with # other software, or any other product whatsoever. # # You should have received a copy of the GNU General Public License # along with this program; if not, write the Free Software Foundation, # Inc., 59 Temple Place - Suite 330, Boston MA 02111-1307, USA. # # # TODO: # - There ought to be an ocf_run_cmd function which does all logging, # timeout handling etc for us # - Make this the standard IP address agent on Linux; the other # platforms simply should ignore the additional parameters OR can use # the legacy heartbeat resource script... # - Check LVS <-> clusterip incompatibilities. # # OCF parameters are as below # OCF_RESKEY_ip # OCF_RESKEY_broadcast # OCF_RESKEY_nic # OCF_RESKEY_cidr_netmask # OCF_RESKEY_iflabel # OCF_RESKEY_mac # OCF_RESKEY_clusterip_hash # OCF_RESKEY_arp_interval # OCF_RESKEY_arp_count # OCF_RESKEY_arp_bg # OCF_RESKEY_arp_mac # # OCF_RESKEY_CRM_meta_clone # OCF_RESKEY_CRM_meta_clone_max ####################################################################### # Initialization: : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs . ${OCF_FUNCTIONS_DIR}/findif.sh # Defaults OCF_RESKEY_lvs_support_default=false OCF_RESKEY_clusterip_hash_default="sourceip-sourceport" OCF_RESKEY_unique_clone_address_default=false OCF_RESKEY_arp_interval_default=200 OCF_RESKEY_arp_count_default=5 OCF_RESKEY_arp_bg_default=true OCF_RESKEY_arp_mac_default="ffffffffffff" : ${OCF_RESKEY_lvs_support=${OCF_RESKEY_lvs_support_default}} : ${OCF_RESKEY_clusterip_hash=${OCF_RESKEY_clusterip_hash_default}} : ${OCF_RESKEY_unique_clone_address=${OCF_RESKEY_unique_clone_address_default}} : ${OCF_RESKEY_arp_interval=${OCF_RESKEY_arp_interval_default}} : ${OCF_RESKEY_arp_count=${OCF_RESKEY_arp_count_default}} : ${OCF_RESKEY_arp_bg=${OCF_RESKEY_arp_bg_default}} : ${OCF_RESKEY_arp_mac=${OCF_RESKEY_arp_mac_default}} ####################################################################### SENDARP=$HA_BIN/send_arp SENDUA=$HA_BIN/send_ua FINDIF=findif VLDIR=$HA_RSCTMP SENDARPPIDDIR=$HA_RSCTMP CIP_lockfile=$HA_RSCTMP/IPaddr2-CIP-${OCF_RESKEY_ip} ####################################################################### meta_data() { cat < 1.0 This Linux-specific resource manages IP alias IP addresses. It can add an IP alias, or remove one. In addition, it can implement Cluster Alias IP functionality if invoked as a clone resource. If used as a clone, you should explicitly set clone-node-max >= 2, and/or clone-max < number of nodes. In case of node failure, clone instances need to be re-allocated on surviving nodes. Which would not be possible, if there is already an instance on those nodes, and clone-node-max=1 (which is the default). Manages virtual IPv4 addresses (Linux specific version) The IPv4 address to be configured in dotted quad notation, for example "192.168.1.1". IPv4 address The base network interface on which the IP address will be brought online. If left empty, the script will try and determine this from the routing table. Do NOT specify an alias interface in the form eth0:1 or anything here; rather, specify the base interface only. If you want a label, see the iflabel parameter. Prerequisite: There must be at least one static IP address, which is not managed by the cluster, assigned to the network interface. If you can not assign any static IP address on the interface, modify this kernel parameter: sysctl -w net.ipv4.conf.all.promote_secondaries=1 # (or per device) Network interface The netmask for the interface in CIDR format (e.g., 24 and not 255.255.255.0) If unspecified, the script will also try to determine this from the routing table. CIDR netmask Broadcast address associated with the IP. If left empty, the script will determine this from the netmask. Broadcast address You can specify an additional label for your IP address here. This label is appended to your interface name. If a label is specified in nic name, this parameter has no effect. Interface label Enable support for LVS Direct Routing configurations. In case a IP address is stopped, only move it to the loopback device to allow the local node to continue to service requests, but no longer advertise it on the network. The IPv6 does not support lvs_support, And the IPv6 does not need lvs_support. Enable support for LVS DR Set the interface MAC address explicitly. Currently only used in case of the Cluster IP Alias. Leave empty to chose automatically. Cluster IP MAC address Specify the hashing algorithm used for the Cluster IP functionality. Cluster IP hashing function If true, add the clone ID to the supplied value of ip to create a unique address to manage Create a unique address for cloned instances Specify the interval between unsolicited ARP packets in milliseconds. ARP packet interval in ms Number of unsolicited ARP packets to send. ARP packet count Whether or not to send the arp packets in the background. ARP from background MAC address to send the ARP packets to. You really shouldn't be touching this. ARP MAC Flush the routing table on stop. This is for applications which use the cluster IP address and which run on the same physical host that the IP address lives on. The Linux kernel may force that application to take a shortcut to the local loopback interface, instead of the interface the address is really bound to. Under those circumstances, an application may, somewhat unexpectedly, continue to use connections for some time even after the IP address is deconfigured. Set this parameter in order to immediately disable said shortcut when the IP address goes away. Flush kernel routing table on stop END exit $OCF_SUCCESS } ip_init() { local rc if [ X`uname -s` != "XLinux" ]; then ocf_log err "IPaddr2 only supported Linux." exit $OCF_ERR_INSTALLED fi if [ X"$OCF_RESKEY_ip" = "X" ]; then ocf_log err "IP address (the ip parameter) is mandatory" exit $OCF_ERR_CONFIGURED fi if case $__OCF_ACTION in start|stop) ocf_is_root;; *) true;; esac then : YAY! else ocf_log err "You must be root for $__OCF_ACTION operation." exit $OCF_ERR_PERM fi BASEIP="$OCF_RESKEY_ip" BRDCAST="$OCF_RESKEY_broadcast" NIC="$OCF_RESKEY_nic" # Note: We had a version out there for a while which used # netmask instead of cidr_netmask. Don't remove this aliasing code! if [ ! -z "$OCF_RESKEY_netmask" -a -z "$OCF_RESKEY_cidr_netmask" ] then OCF_RESKEY_cidr_netmask=$OCF_RESKEY_netmask export OCF_RESKEY_cidr_netmask fi NETMASK="$OCF_RESKEY_cidr_netmask" IFLABEL="$OCF_RESKEY_iflabel" IF_MAC="$OCF_RESKEY_mac" IP_INC_GLOBAL=${OCF_RESKEY_CRM_meta_clone_max:-1} IP_INC_NO=`expr ${OCF_RESKEY_CRM_meta_clone:-0} + 1` if ocf_is_true ${OCF_RESKEY_lvs_support} && [ $IP_INC_GLOBAL -gt 1 ]; then ocf_log err "LVS and load sharing do not go together well" exit $OCF_ERR_CONFIGURED fi if ocf_is_decimal "$IP_INC_GLOBAL" && [ $IP_INC_GLOBAL -gt 0 ]; then : else ocf_log err "Invalid OCF_RESKEY_incarnations_max_global [$IP_INC_GLOBAL], should be positive integer" exit $OCF_ERR_CONFIGURED fi echo $OCF_RESKEY_ip | grep -qs ":" if [ $? -ne 0 ];then FAMILY=inet else FAMILY=inet6 if ocf_is_true $OCF_RESKEY_lvs_support ;then ocf_log err "The IPv6 does not support lvs_support" exit $OCF_ERR_CONFIGURED fi fi # $FINDIF takes its parameters from the environment # NICINFO=`$FINDIF` rc=$? if [ $rc -eq 0 ] then NICINFO=`echo "$NICINFO" | sed -e 's/netmask\ //;s/broadcast\ //'` NIC=`echo "$NICINFO" | cut -d" " -f1` NETMASK=`echo "$NICINFO" | cut -d" " -f2` BRDCAST=`echo "$NICINFO" | cut -d" " -f3` else # findif couldn't find the interface if ocf_is_probe; then ocf_log info "[$FINDIF] failed" exit $OCF_NOT_RUNNING elif [ "$__OCF_ACTION" = stop ]; then ocf_log warn "[$FINDIF] failed" exit $OCF_SUCCESS else ocf_log err "[$FINDIF] failed" exit $rc fi fi SENDARPPIDFILE="$SENDARPPIDDIR/send_arp-$OCF_RESKEY_ip" case $NIC in *:*) IFLABEL=$NIC NIC=`echo $NIC | sed 's/:.*//'` ;; *) if [ -n "$IFLABEL" ]; then IFLABEL=${NIC}:${IFLABEL} fi ;; esac if [ "$IP_INC_GLOBAL" -gt 1 ] && ! ocf_is_true "$OCF_RESKEY_unique_clone_address"; then IP_CIP="yes" IP_CIP_HASH="${OCF_RESKEY_clusterip_hash}" if [ -z "$IF_MAC" ]; then # Choose a MAC # 1. Concatenate some input together # 2. This doesn't need to be a cryptographically # secure hash. # 3. Drop everything after the first 6 octets (12 chars) # 4. Delimit the octets with ':' # 5. Make sure the first octet is odd, # so the result is a multicast MAC IF_MAC=`echo $OCF_RESKEY_ip $NETMASK $BRDCAST | \ md5sum | \ sed -e 's#\(............\).*#\1#' \ -e 's#..#&:#g; s#:$##' \ -e 's#^\(.\)[02468aAcCeE]#\11#'` fi IP_CIP_FILE="/proc/net/ipt_CLUSTERIP/$OCF_RESKEY_ip" fi } # # Find out which interfaces serve the given IP address and netmask. # The arguments are an IP address and a netmask. # Its output are interface names devided by spaces (e.g., "eth0 eth1"). # find_interface() { local ipaddr="$1" local netmask="$2" # # List interfaces but exclude FreeS/WAN ipsecN virtual interfaces # local iface="`$IP2UTIL -o -f $FAMILY addr show \ | grep "\ $ipaddr/$netmask" \ | cut -d ' ' -f2 \ | grep -v '^ipsec[0-9][0-9]*$'`" echo "$iface" return 0 } # # Delete an interface # delete_interface () { ipaddr="$1" iface="$2" netmask="$3" CMD="$IP2UTIL -f $FAMILY addr delete $ipaddr/$netmask dev $iface" ocf_run $CMD || return $OCF_ERR_GENERIC if ocf_is_true $OCF_RESKEY_flush_routes; then ocf_run $IP2UTIL route flush cache fi return $OCF_SUCCESS } # # Add an interface # add_interface () { local cmd msg ipaddr netmask broadcast iface label ipaddr="$1" netmask="$2" broadcast="$3" iface="$4" label="$5" cmd="$IP2UTIL -f $FAMILY addr add $ipaddr/$netmask dev $iface" msg="Adding $FAMILY address $ipaddr/$netmask to device $iface" if [ "$broadcast" != "none" ]; then - cmd="$IP2UTIL -f inet addr add $ipaddr/$netmask brd $broadcast dev $iface" + cmd="$IP2UTIL -f $FAMILY addr add $ipaddr/$netmask brd $broadcast dev $iface" msg="Adding $FAMILY address $ipaddr/$netmask with broadcast address $broadcast to device $iface" fi if [ ! -z "$label" ]; then cmd="$cmd label $label" msg="${msg} (with label $label)" fi ocf_log info "$msg" ocf_run $cmd || return $OCF_ERR_GENERIC msg="Bringing device $iface up" cmd="$IP2UTIL link set $iface up" ocf_log info "$msg" ocf_run $cmd || return $OCF_ERR_GENERIC return $OCF_SUCCESS } # # Delete a route # delete_route () { prefix="$1" iface="$2" CMD="$IP2UTIL route delete $prefix dev $iface" ocf_log info "$CMD" $CMD return $? } # On Linux systems the (hidden) loopback interface may # conflict with the requested IP address. If so, this # unoriginal code will remove the offending loopback address # and save it in VLDIR so it can be added back in later # when the IPaddr is released. # # TODO: This is very ugly and should be controlled by an additional # instance parameter. Or even: multi-state, with the IP only being # "active" on the master!? # remove_conflicting_loopback() { ipaddr="$1" netmask="$2" broadcast="$3" ifname="$4" ocf_log info "Removing conflicting loopback $ifname." if echo "$ipaddr $netmask $broadcast $ifname" > "$VLDIR/$ipaddr" then : Saved loopback information in $VLDIR/$ipaddr else ocf_log err "Could not save conflicting loopback $ifname." \ "it will not be restored." fi delete_interface "$ipaddr" "$ifname" "$netmask" # Forcibly remove the route (if it exists) to the loopback. delete_route "$ipaddr" "$ifname" } # # On Linux systems the (hidden) loopback interface may # need to be restored if it has been taken down previously # by remove_conflicting_loopback() # restore_loopback() { ipaddr="$1" if [ -s "$VLDIR/$ipaddr" ]; then ifinfo=`cat "$VLDIR/$ipaddr"` ocf_log info "Restoring loopback IP Address " \ "$ifinfo." add_interface $ifinfo rm -f "$VLDIR/$ipaddr" fi } is_infiniband() { $IP2UTIL link show $NIC | grep link/infiniband >/dev/null } # # Run send_arp to note peers about new mac address # run_send_arp() { ARGS="-i $OCF_RESKEY_arp_interval -r $OCF_RESKEY_arp_count -p $SENDARPPIDFILE $NIC $OCF_RESKEY_ip auto not_used not_used" if [ "x$IP_CIP" = "xyes" ] ; then if [ x = "x$IF_MAC" ] ; then MY_MAC=auto else MY_MAC=`echo ${IF_MAC} | sed -e 's/://g'` fi ARGS="-i $OCF_RESKEY_arp_interval -r $OCF_RESKEY_arp_count -p $SENDARPPIDFILE $NIC $OCF_RESKEY_ip $MY_MAC not_used not_used" fi ocf_log info "$SENDARP $ARGS" if ocf_is_true $OCF_RESKEY_arp_bg; then ($SENDARP $ARGS || ocf_log err "Could not send gratuitous arps" &) >&2 else $SENDARP $ARGS || ocf_log err "Could not send gratuitous arps" fi } # # Run send_ua to note send ICMPv6 Unsolicited Neighbor Advertisements. # run_send_ua() { ARGS="-i $OCF_RESKEY_arp_interval -c $OCF_RESKEY_arp_count $OCF_RESKEY_ip $NETMASK $NIC" ocf_log info "$SENDUA $ARGS" $SENDUA $ARGS || ocf_log err "Could not send ICMPv6 Unsolicited Neighbor Advertisements." } # # Run ipoibarping to note peers about new Infiniband address # run_send_ib_arp() { ARGS="-q -c $OCF_RESKEY_arp_count -U -I $NIC $OCF_RESKEY_ip" ocf_log info "ipoibarping $ARGS" if ocf_is_true $OCF_RESKEY_arp_bg; then (ipoibarping $ARGS || ocf_log err "Could not send gratuitous arps" &) >&2 else ipoibarping $ARGS || ocf_log err "Could not send gratuitous arps" fi } # Do we already serve this IP address on the given $NIC? # # returns: # ok = served (for CIP: + hash bucket) # partial = served and no hash bucket (CIP only) # partial2 = served and no CIP iptables rule # no = nothing # ip_served() { if [ -z "$NIC" ]; then # no nic found or specified echo "no" return 0 fi cur_nic="`find_interface $OCF_RESKEY_ip $NETMASK`" if [ -z "$cur_nic" ]; then echo "no" return 0 fi if [ -z "$IP_CIP" ]; then for i in $cur_nic; do # only mark as served when on the same interfaces as $NIC [ "$i" = "$NIC" ] || continue echo "ok" return 0 done # There used to be logic here to pretend "not served", # if ${OCF_RESKEY_lvs_support} was enabled, and the IP was # found active on "lo*" only. With lvs_support on, you should # have NIC != lo, so thats already filtered # by the continue above. echo "no" return 0 fi # Special handling for the CIP: if [ ! -e $IP_CIP_FILE ]; then echo "partial2" return 0 fi if egrep -q "(^|,)${IP_INC_NO}(,|$)" $IP_CIP_FILE ; then echo "ok" return 0 else echo "partial" return 0 fi exit $OCF_ERR_GENERIC } ####################################################################### ip_usage() { cat <$IP_CIP_FILE fi if [ "$ip_status" = "no" ]; then if ocf_is_true ${OCF_RESKEY_lvs_support}; then for i in `find_interface $OCF_RESKEY_ip $NETMASK`; do case $i in lo*) remove_conflicting_loopback $OCF_RESKEY_ip 32 255.255.255.255 lo ;; esac done fi add_interface $OCF_RESKEY_ip $NETMASK ${BRDCAST:-none} $NIC $IFLABEL if [ $? -ne 0 ]; then ocf_log err "$CMD failed." exit $OCF_ERR_GENERIC fi fi case $NIC in lo*) : no need to run send_arp on loopback ;; *) if is_infiniband; then run_send_ib_arp elif [ $FAMILY = "inet" ];then if [ -x $SENDARP ]; then run_send_arp fi else if [ -x $SENDUA ]; then run_send_ua fi fi ;; esac exit $OCF_SUCCESS } ip_stop() { local ip_del_if="yes" if [ -n "$IP_CIP" ]; then # Cluster IPs need special processing when the last bucket # is removed from the node... take a lock to make sure only one # process executes that code ocf_take_lock $CIP_lockfile ocf_release_lock_on_exit $CIP_lockfile fi if [ -f "$SENDARPPIDFILE" ] ; then kill `cat "$SENDARPPIDFILE"` if [ $? -ne 0 ]; then ocf_log warn "Could not kill previously running send_arp for $OCF_RESKEY_ip" else ocf_log info "killed previously running send_arp for $OCF_RESKEY_ip" rm -f "$SENDARPPIDFILE" fi fi local ip_status=`ip_served` ocf_log info "IP status = $ip_status, IP_CIP=$IP_CIP" if [ $ip_status = "no" ]; then : Requested interface not in use exit $OCF_SUCCESS fi if [ -n "$IP_CIP" ] && [ $ip_status != "partial2" ]; then if [ $ip_status = "partial" ]; then exit $OCF_SUCCESS fi echo "-$IP_INC_NO" >$IP_CIP_FILE if [ "x$(cat $IP_CIP_FILE)" = "x" ]; then ocf_log info $OCF_RESKEY_ip, $IP_CIP_HASH i=1 while [ $i -le $IP_INC_GLOBAL ]; do ocf_log info $i $IPTABLES -D INPUT -d $OCF_RESKEY_ip -i $NIC -j CLUSTERIP \ --new \ --clustermac $IF_MAC \ --total-nodes $IP_INC_GLOBAL \ --local-node $i \ --hashmode $IP_CIP_HASH i=`expr $i + 1` done else ip_del_if="no" fi fi if [ "$ip_del_if" = "yes" ]; then delete_interface $OCF_RESKEY_ip $NIC $NETMASK if [ $? -ne 0 ]; then exit $OCF_ERR_GENERIC fi if ocf_is_true ${OCF_RESKEY_lvs_support}; then restore_loopback "$OCF_RESKEY_ip" fi fi exit $OCF_SUCCESS } ip_monitor() { # TODO: Implement more elaborate monitoring like checking for # interface health maybe via a daemon like FailSafe etc... local ip_status=`ip_served` case $ip_status in ok) return $OCF_SUCCESS ;; partial|no|partial2) exit $OCF_NOT_RUNNING ;; *) # Errors on this interface? return $OCF_ERR_GENERIC ;; esac } ip_validate() { check_binary $IP2UTIL IP_CIP= ip_init is_infiniband && check_binary ipoibarping if [ -n "$IP_CIP" ]; then check_binary $IPTABLES check_binary $MODPROBE fi # $BASEIP, $NETMASK, $NIC , $IP_INC_GLOBAL, and $BRDCAST have been checked within ip_init, # do not bother here. if ocf_is_true "$OCF_RESKEY_unique_clone_address" && ! ocf_is_true "$OCF_RESKEY_CRM_meta_globally_unique"; then ocf_log err "unique_clone_address makes sense only with meta globally_unique set" exit $OCF_ERR_CONFIGURED fi if ocf_is_decimal "$OCF_RESKEY_arp_interval" && [ $OCF_RESKEY_arp_interval -gt 0 ]; then : else ocf_log err "Invalid OCF_RESKEY_arp_interval [$OCF_RESKEY_arp_interval]" exit $OCF_ERR_CONFIGURED fi if ocf_is_decimal "$OCF_RESKEY_arp_count" && [ $OCF_RESKEY_arp_count -gt 0 ]; then : else ocf_log err "Invalid OCF_RESKEY_arp_count [$OCF_RESKEY_arp_count]" exit $OCF_ERR_CONFIGURED fi if [ -n "$IP_CIP" ]; then local valid=1 case $IP_CIP_HASH in sourceip|sourceip-sourceport|sourceip-sourceport-destport) ;; *) ocf_log err "Invalid OCF_RESKEY_clusterip_hash [$IP_CIP_HASH]" exit $OCF_ERR_CONFIGURED ;; esac if ocf_is_true ${OCF_RESKEY_lvs_support}; then ecf_log err "LVS and load sharing not advised to try" exit $OCF_ERR_CONFIGURED fi case $IF_MAC in [0-9a-zA-Z][13579bBdDfF][!0-9a-zA-Z][0-9a-zA-Z][0-9a-zA-Z][!0-9a-zA-Z][0-9a-zA-Z][0-9a-zA-Z][!0-9a-zA-Z][0-9a-zA-Z][0-9a-zA-Z][!0-9a-zA-Z][0-9a-zA-Z][0-9a-zA-Z][!0-9a-zA-Z][0-9a-zA-Z][0-9a-zA-Z]) ;; *) valid=0 ;; esac if [ $valid -eq 0 ]; then ocf_log err "Invalid IF_MAC [$IF_MAC]" exit $OCF_ERR_CONFIGURED fi fi } if ocf_is_true "$OCF_RESKEY_unique_clone_address"; then prefix=`echo $OCF_RESKEY_ip | awk -F. '{print $1"."$2"."$3}'` suffix=`echo $OCF_RESKEY_ip | awk -F. '{print $4}'` suffix=`expr ${OCF_RESKEY_CRM_meta_clone:-0} + $suffix` OCF_RESKEY_ip="$prefix.$suffix" fi case $__OCF_ACTION in meta-data) meta_data ;; usage|help) ip_usage exit $OCF_SUCCESS ;; esac ip_validate case $__OCF_ACTION in start) ip_start ;; stop) ip_stop ;; status) ip_status=`ip_served` if [ $ip_status = "ok" ]; then echo "running" exit $OCF_SUCCESS else echo "stopped" exit $OCF_NOT_RUNNING fi ;; monitor) ip_monitor ;; validate-all) ;; *) ip_usage exit $OCF_ERR_UNIMPLEMENTED ;; esac diff --git a/heartbeat/findif.sh b/heartbeat/findif.sh index fec2ff349..98649bf2c 100644 --- a/heartbeat/findif.sh +++ b/heartbeat/findif.sh @@ -1,163 +1,196 @@ #!/bin/sh ipcheck_ipv4() { - local ip=$1 - echo "$ip" | grep -qs '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' - if [ $? -ne 0 ] ; then - return 1 - fi - echo "$ip" | awk -F. '{if(NF!=4)exit(1);for(i=1;i<=4;i++)if(!($i>=0&&$i<=255))exit(1)}' + local r1_to_255="([1-9][0-9]?|1[0-9][0-9]|2[0-4][0-9]|25[0-5])" + local r0_to_255="([0-9][0-9]?|1[0-9][0-9]|2[0-4][0-9]|25[0-5])" + local r_ipv4="^$r1_to_255\.$r0_to_255\.$r0_to_255\.$r0_to_255$" + echo "$1" | grep -q -Ee "$r_ipv4" } ipcheck_ipv6() { - local ipaddr=$1 - echo "$ipaddr" | grep -qs "[^0-9:a-fA-F]" - if [ $? = 1 ] ; then - return 0 - else - return 1 - fi + ! echo "$1" | grep -qs "[^0-9:a-fA-F]" } ifcheck_ipv4() { local ifcheck=$1 - local ifstr - local counter=0 local procfile="/proc/net/dev" - while read LINE - do - if [ $counter -ge 2 ] ; then - ifstr=`echo $LINE | cut -d ':' -f 1` - if [ "$ifstr" = "$ifcheck" ] ; then - return 0 - fi - fi - counter=`expr $counter + 1` + local ifstr rest + + while read ifstr rest ; do + # Interface name may be concatenated to Receive field with ':' + case "$ifstr" in + "$ifcheck:"*) return 0;; + esac done < $procfile return 1 } ifcheck_ipv6() { local ifcheck="$1" - local ifstr local procfile="/proc/net/if_inet6" - while read LINE - do - ifstr=`echo $LINE | awk -F ' ' '{print $6}'` - if [ "$ifstr" = "$ifcheck" ] ; then - return 0 - fi + local tmp ifstr + + while read tmp tmp tmp tmp tmp ifstr ; do + [ "$ifstr" = "$ifcheck" ] && return 0 done < $procfile return 1 } prefixcheck() { local prefix=$1 local prefix_length=${#prefix} local prefix_check=$2 if [ $prefix_length -gt 3 -o $prefix_length -eq 0 ] ; then return 1 fi - echo "$prefix" | grep "[^0-9]" + echo "$prefix" | grep -qs "[^0-9]" if [ $? = 0 ] ; then return 1 fi if [ $prefix -lt 1 -o $prefix -gt $prefix_check ] ; then return 1 fi return 0 } getnetworkinfo() { - ip -o -f inet route list match $OCF_RESKEY_ip table local scope host | (while read LINE; + local line netinfo + ip -o -f inet route list match $OCF_RESKEY_ip table local scope host | (while read line; do - IP=`echo $LINE | awk '{print $2}'` - case $IP in + netinfo=`echo $line | awk '{print $2}'` + case $netinfo in */*) - set -- $LINE + set -- $line break ;; esac done - echo $LINE) + echo $line) } -findif() +findif_check_params() { + local family="$1" local match="$OCF_RESKEY_ip" - local family="inet" - local scope - local NIC="$OCF_RESKEY_nic" - local NETMASK="$OCF_RESKEY_cidr_netmask" - local BRDCAST="$OCF_RESKEY_broadcast" - echo $match | grep -qs ":" - if [ $? = 0 ] ; then - `ipcheck_ipv6 $match` - [ $? = 1 ] && return 6 - if [ -n "$NIC" ] ; then - `ifcheck_ipv6 $NIC` - [ $? = 1 ] && return 6 + local nic="$OCF_RESKEY_nic" + local netmask="$OCF_RESKEY_cidr_netmask" + local brdcast="$OCF_RESKEY_broadcast" + + if [ "$family" = "inet6" ] ; then + ipcheck_ipv6 $match + if [ $? = 1 ] ; then + ocf_log err "IP address [$match] not valid." + return $OCF_ERR_CONFIGURED + fi + if [ -n "$nic" ] ; then + ifcheck_ipv6 $nic + if [ $? = 1 ] ; then + ocf_log err "Unknown interface [$nic] No such device." + return $OCF_ERR_CONFIGURED + fi else echo $match | grep -qis '^fe80::' if [ $? = 0 ] ; then - return 1 + ocf_log err "'nic' parameter is mandatory for a link local address [$match]." + return $OCF_ERR_CONFIGURED fi fi - if [ -n "$NETMASK" ] ; then - `prefixcheck $NETMASK 128` - [ $? = 1 ] && return 6 - match=$match/$NETMASK + if [ -n "$netmask" ] ; then + prefixcheck $netmask 128 + if [ $? = 1 ] ; then + ocf_log err "Invalid netmask specification [$netmask]." + return $OCF_ERR_CONFIGURED + fi fi - family="inet6" else - `ipcheck_ipv4 $match` - [ $? = 1 ] && return 6 - if [ -n "$NIC" ] ; then - `ifcheck_ipv4 $NIC` - [ $? = 1 ] && return 6 + # family = inet + ipcheck_ipv4 $match + if [ $? = 1 ] ; then + ocf_log err "IP address [$match] not valid." + return $OCF_ERR_CONFIGURED + fi + if [ -n "$nic" ] ; then + ifcheck_ipv4 $nic + if [ $? = 1 ] ; then + ocf_log err "Unknown interface [$nic] No such device." + return $OCF_ERR_CONFIGURED + fi fi - if [ -n "$NETMASK" ] ; then - `prefixcheck $NETMASK 32` - [ $? = 1 ] && return 6 - match=$match/$NETMASK + if [ -n "$netmask" ] ; then + prefixcheck $netmask 32 + if [ $? = 1 ] ; then + ocf_log err "Invalid netmask specification [$netmask]." + return $OCF_ERR_CONFIGURED + fi fi - if [ -n "$BRDCAST" ] ; then - `ipcheck_ipv4 $BRDCAST` - [ $? = 1 ] && return 6 + if [ -n "$brdcast" ] ; then + ipcheck_ipv4 $brdcast + if [ $? = 1 ] ; then + ocf_log err "Invalid broadcast address [$brdcast]." + return $OCF_ERR_CONFIGURED + fi fi + fi + return $OCF_SUCCESS +} + +findif() +{ + local match="$OCF_RESKEY_ip" + local family + local scope + local nic="$OCF_RESKEY_nic" + local netmask="$OCF_RESKEY_cidr_netmask" + local brdcast="$OCF_RESKEY_broadcast" + + echo $match | grep -qs ":" + if [ $? = 0 ] ; then + family="inet6" + else + family="inet" scope="scope link" fi - if [ -n "$NIC" ] ; then + findif_check_params $family || return $? + + if [ -n "$netmask" ] ; then + match=$match/$netmask + fi + if [ -n "$nic" ] ; then # NIC supports more than two. - set -- `ip -o -f $family route list match $match $scope | grep "dev $NIC"` + set -- `ip -o -f $family route list match $match $scope | grep "dev $nic"` else set -- `ip -o -f $family route list match $match $scope` fi if [ $# = 0 ] ; then case $OCF_RESKEY_ip in 127.*) set -- `getnetworkinfo` shift;; esac fi - if [ -z "$NIC" -o -z "$NETMASK" ] ; then - [ $# = 0 ] && return 1 + if [ -z "$nic" -o -z "$netmask" ] ; then + if [ $# = 0 ] ; then + ocf_log err "Unable to find nic or netmask." + return $OCF_ERR_GENERIC + fi case $1 in */*) : OK ;; *) - return 1 ;; + ocf_log err "Unable to find cidr_netmask." + return $OCF_ERR_GENERIC ;; esac fi - [ -z "$NIC" ] && NIC=$3 - [ -z "$NETMASK" ] && NETMASK=${1#*/} + [ -z "$nic" ] && nic=$3 + [ -z "$netmask" ] && netmask=${1#*/} if [ $family = "inet" ] ; then - if [ -z "$BRDCAST" ] ; then + if [ -z "$brdcast" ] ; then if [ -n "$7" ] ; then set -- `ip -o -f $family addr show | grep $7` - [ "$5" = brd ] && BRDCAST=$6 + [ "$5" = brd ] && brdcast=$6 fi fi else - if [ -z "$OCF_RESKEY_nic" -a "$NETMASK" -ne "${1#*/}" ] ; then - return 1 + if [ -z "$OCF_RESKEY_nic" -a "$netmask" != "${1#*/}" ] ; then + ocf_log err "Unable to find nic, or netmask mismatch." + return $OCF_ERR_GENERIC fi fi - echo "$NIC netmask $NETMASK broadcast $BRDCAST" - return 0 + echo "$nic netmask $netmask broadcast $brdcast" + return $OCF_SUCCESS } diff --git a/tools/ocft/IPaddr2v6 b/tools/ocft/IPaddr2v6 index 0685dea0c..d24d89072 100644 --- a/tools/ocft/IPaddr2v6 +++ b/tools/ocft/IPaddr2v6 @@ -1,250 +1,250 @@ # IPaddr2v6 # Note: This test case uses two NICs(eth0, eth1) and # a IPv6 address prefix (2001:db8::/32, RFC3849). # Adjust them according to your environment at VARIABLE section if needed. CONFIG Agent IPaddr2 AgentRoot /usr/lib/ocf/resource.d/heartbeat HangTimeout 20 VARIABLE OCFT_target_ip=2001:db8:1234::2 OCFT_target_nic=eth0 OCFT_target_prefix=64 OCFT_target_netaddr=2001:db8:1234::1/$OCFT_target_prefix OCFT_target_linklocal=fe80::2 OCFT_wrong_ip=2001:db8:5678::2 OCFT_force_nic=eth1 OCFT_force_prefix=80 OCFT_force_prefix2=48 SETUP-AGENT ip addr add $OCFT_target_netaddr dev $OCFT_target_nic CLEANUP-AGENT ip addr del $OCFT_target_netaddr dev $OCFT_target_nic CASE-BLOCK required_args Env OCF_RESKEY_ip=$OCFT_target_ip Env OCFT_check_ip=$OCFT_target_ip Env OCFT_check_prefix=$OCFT_target_prefix Env OCFT_check_nic=$OCFT_target_nic CASE-BLOCK check_ip_assigned Bash ip -6 -o addr show $OCFT_check_nic | grep -w $OCFT_check_ip/$OCFT_check_prefix >/dev/null # checking if the IPv6 address was assigned correctly CASE-BLOCK check_ip_removed Bash ! ip -6 -o addr show $OCFT_check_nic | grep -w $OCFT_check_ip/$OCFT_check_prefix >/dev/null # checking if the IPv6 address was removed correctly CASE-BLOCK base_ip_assigned Bash ip addr add $OCFT_target_netaddr dev $OCFT_target_nic CASE-BLOCK base_ip_removed Bash ip addr del $OCFT_target_netaddr dev $OCFT_target_nic CASE-BLOCK default_status AgentRun stop CASE-BLOCK prepare Include required_args Include default_status # CASE No.0 # CASE "normal start" Include prepare AgentRun start OCF_SUCCESS Include check_ip_assigned # CASE No.1 # CASE "normal stop" Include prepare AgentRun start OCF_SUCCESS AgentRun stop OCF_SUCCESS Include check_ip_removed # CASE No.2 # CASE "double start" Include prepare AgentRun start AgentRun start OCF_SUCCESS # CASE No.3 # CASE "double stop" Include prepare AgentRun stop OCF_SUCCESS # CASE No.4 # CASE "monitor with running" Include prepare AgentRun start AgentRun monitor OCF_SUCCESS # CASE No.5 # CASE "monitor with not running" Include prepare AgentRun monitor OCF_NOT_RUNNING # CASE No.6 # CASE "error params with wrong ip" Include prepare Env OCF_RESKEY_ip=$OCFT_wrong_ip AgentRun start OCF_ERR_GENERIC # CASE No.7 # -CASE "start for a link-local IPv6 address when no nic" +CASE "error params with no nic for a link-local IPv6 address" Include prepare Env OCF_RESKEY_ip=$OCFT_target_linklocal Env OCFT_check_ip=$OCFT_target_linklocal # nic is mandatory for a link-local address - AgentRun start OCF_ERR_GENERIC + AgentRun start OCF_ERR_CONFIGURED # CASE No.8 # CASE "params with nic, no cidr_netmask" Include prepare Env OCF_RESKEY_nic=$OCFT_target_nic AgentRun start OCF_SUCCESS Include check_ip_assigned AgentRun monitor OCF_SUCCESS AgentRun stop OCF_SUCCESS Include check_ip_removed # CASE No.9 # CASE "normal usage for a link-local IPv6 address, params with nic" Include prepare Env OCF_RESKEY_ip=$OCFT_target_linklocal Env OCFT_check_ip=$OCFT_target_linklocal # nic is mandatory for a link-local address Env OCF_RESKEY_nic=$OCFT_target_nic Env OCFT_check_nic=$OCFT_target_nic AgentRun start OCF_SUCCESS Include check_ip_assigned AgentRun stop OCF_SUCCESS Include check_ip_removed # CASE No.10 # CASE "error params with wrong ip and nic (not exist base_ip)" Include prepare Include base_ip_removed Env OCF_RESKEY_nic=$OCFT_target_nic Env OCFT_check_nic=$OCFT_target_nic AgentRun start OCF_ERR_GENERIC Include check_ip_removed Include base_ip_assigned # CASE No.11 # CASE "params with force nic" Include prepare Env OCF_RESKEY_nic=$OCFT_force_nic Env OCFT_check_nic=$OCFT_force_nic AgentRun start OCF_ERR_GENERIC Include check_ip_removed Unenv OCF_RESKEY_nic # CASE No.12 # CASE "params with force cidr_netmask" Include prepare Env OCF_RESKEY_cidr_netmask=$OCFT_target_prefix Env OCFT_check_prefix=$OCFT_target_prefix AgentRun start OCF_SUCCESS Include check_ip_assigned AgentRun stop OCF_SUCCESS Include check_ip_removed # CASE No.13 # CASE "params with force cidr_netmask (base netmask < assigned netmask)" Include prepare Env OCF_RESKEY_cidr_netmask=$OCFT_force_prefix Env OCFT_check_prefix=$OCFT_force_prefix AgentRun start OCF_ERR_GENERIC Include check_ip_removed # CASE No.14 # CASE "params with force cidr_netmask (base netmask > assigned netmask)" Include prepare Env OCF_RESKEY_cidr_netmask=$OCFT_force_prefix2 Env OCFT_check_prefix=$OCFT_force_prefix2 AgentRun start OCF_ERR_GENERIC Include check_ip_removed # CASE No.15 # CASE "params with cidr_netmask" Include prepare Include base_ip_removed Env OCF_RESKEY_cidr_netmask=$OCFT_target_prefix Env OCFT_check_prefix=$OCFT_target_prefix AgentRun start OCF_ERR_GENERIC Include base_ip_assigned # CASE No.16 # CASE "params with nic, cidr_netmask" Include prepare Env OCF_RESKEY_nic=$OCFT_target_nic Env OCF_RESKEY_cidr_netmask=$OCFT_target_prefix Env OCFT_check_nic=$OCFT_target_nic Env OCFT_check_prefix=$OCFT_target_prefix AgentRun start OCF_SUCCESS Include check_ip_assigned AgentRun stop OCF_SUCCESS Include check_ip_removed # CASE No.17 # CASE "force to use the specified nic and cidr_netmask (base netmask < assigned netmask)" Include prepare Env OCF_RESKEY_nic=$OCFT_force_nic Env OCF_RESKEY_cidr_netmask=$OCFT_force_prefix Env OCFT_check_nic=$OCFT_force_nic Env OCFT_check_prefix=$OCFT_force_prefix AgentRun start OCF_SUCCESS Include check_ip_assigned AgentRun stop OCF_SUCCESS Include check_ip_removed # CASE No.18 # This use case is now valid. It was not allowed until v3.9.2. # CASE "force to use the specified nic and cidr_netmask (base netmask > assigned netmask)" Include prepare Env OCF_RESKEY_nic=$OCFT_force_nic Env OCF_RESKEY_cidr_netmask=$OCFT_force_prefix2 Env OCFT_check_nic=$OCFT_force_nic Env OCFT_check_prefix=$OCFT_force_prefix2 AgentRun start OCF_SUCCESS Include check_ip_assigned AgentRun stop OCF_SUCCESS Include check_ip_removed # CASE No.19 # CASE "force to use the specified nic and cidr_netmask (base netmask > assigned netmask)" Include prepare Include base_ip_removed Env OCF_RESKEY_nic=$OCFT_force_nic Env OCF_RESKEY_cidr_netmask=$OCFT_force_prefix2 Env OCFT_check_nic=$OCFT_force_nic Env OCFT_check_prefix=$OCFT_force_prefix2 AgentRun start OCF_SUCCESS Include check_ip_assigned AgentRun stop OCF_SUCCESS Include check_ip_removed Include base_ip_assigned