62b57604f9
- IPaddr2: enable more control for IPv6 addresses Resolves: rhbz#2065125 Resolves: rhbz#2065138
313 lines
11 KiB
Diff
313 lines
11 KiB
Diff
From fd1d6426a2d05f521207c305d10b49fedd92c2df Mon Sep 17 00:00:00 2001
|
|
From: Petr Pavlu <petr.pavlu@suse.com>
|
|
Date: Mon, 28 Feb 2022 09:27:42 +0100
|
|
Subject: [PATCH 1/4] IPaddr2: Allow to disable Duplicate Address Detection for
|
|
IPv6
|
|
|
|
"Starting" an IPv6 address with IPaddr2 involves performing Duplicate
|
|
Address Detection which typically takes at least 1000 ms. Allow the user
|
|
to disable DAD if they can guarantee that the configured address is not
|
|
duplicate and they wish to start the resource faster.
|
|
---
|
|
heartbeat/IPaddr2 | 15 +++++++++++++++
|
|
1 file changed, 15 insertions(+)
|
|
|
|
diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2
|
|
index 735dd7779..650392b70 100755
|
|
--- a/heartbeat/IPaddr2
|
|
+++ b/heartbeat/IPaddr2
|
|
@@ -88,6 +88,7 @@ OCF_RESKEY_arp_sender_default=""
|
|
OCF_RESKEY_send_arp_opts_default=""
|
|
OCF_RESKEY_flush_routes_default="false"
|
|
OCF_RESKEY_run_arping_default=false
|
|
+OCF_RESKEY_nodad_default=false
|
|
OCF_RESKEY_noprefixroute_default="false"
|
|
OCF_RESKEY_preferred_lft_default="forever"
|
|
OCF_RESKEY_network_namespace_default=""
|
|
@@ -110,6 +111,7 @@ OCF_RESKEY_network_namespace_default=""
|
|
: ${OCF_RESKEY_send_arp_opts=${OCF_RESKEY_send_arp_opts_default}}
|
|
: ${OCF_RESKEY_flush_routes=${OCF_RESKEY_flush_routes_default}}
|
|
: ${OCF_RESKEY_run_arping=${OCF_RESKEY_run_arping_default}}
|
|
+: ${OCF_RESKEY_nodad=${OCF_RESKEY_nodad_default}}
|
|
: ${OCF_RESKEY_noprefixroute=${OCF_RESKEY_noprefixroute_default}}
|
|
: ${OCF_RESKEY_preferred_lft=${OCF_RESKEY_preferred_lft_default}}
|
|
: ${OCF_RESKEY_network_namespace=${OCF_RESKEY_network_namespace_default}}
|
|
@@ -391,6 +393,14 @@ Whether or not to run arping for IPv4 collision detection check.
|
|
<content type="string" default="${OCF_RESKEY_run_arping_default}"/>
|
|
</parameter>
|
|
|
|
+<parameter name="nodad">
|
|
+<longdesc lang="en">
|
|
+For IPv6, do not perform Duplicate Address Detection when adding the address.
|
|
+</longdesc>
|
|
+<shortdesc lang="en">Use nodad flag</shortdesc>
|
|
+<content type="string" default="${OCF_RESKEY_nodad_default}"/>
|
|
+</parameter>
|
|
+
|
|
<parameter name="noprefixroute">
|
|
<longdesc lang="en">
|
|
Use noprefixroute flag (see 'man ip-address').
|
|
@@ -662,6 +672,11 @@ add_interface () {
|
|
msg="Adding $FAMILY address $ipaddr/$netmask with broadcast address $broadcast to device $iface"
|
|
fi
|
|
|
|
+ if [ "$FAMILY" = "inet6" ] && ocf_is_true "${OCF_RESKEY_nodad}"; then
|
|
+ cmd="$cmd nodad"
|
|
+ msg="${msg} (with nodad)"
|
|
+ fi
|
|
+
|
|
if ocf_is_true "${OCF_RESKEY_noprefixroute}"; then
|
|
cmd="$cmd noprefixroute"
|
|
msg="${msg} (with noprefixroute)"
|
|
|
|
From f4a9e3281d48c5d37f5df593d014706c46ddb3a7 Mon Sep 17 00:00:00 2001
|
|
From: Petr Pavlu <petr.pavlu@suse.com>
|
|
Date: Mon, 7 Mar 2022 17:21:59 +0100
|
|
Subject: [PATCH 2/4] IPaddr2: Allow to send IPv6 Neighbor Advertisements in
|
|
background
|
|
|
|
"Starting" an IPv6 address with IPaddr2 involves sending Neighbor
|
|
Advertisement packets to inform neighboring machines about the new
|
|
IP+MAC translation. By default, 5x packets with 200 ms sleep after each
|
|
are sent which delays the start by 1000 ms. Allow the user to run this
|
|
operation in background, similarly as is possible with GARP for IPv4.
|
|
---
|
|
heartbeat/IPaddr2 | 33 +++++++++++++++++++++++++++++----
|
|
1 file changed, 29 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2
|
|
index 650392b70..e243a642d 100755
|
|
--- a/heartbeat/IPaddr2
|
|
+++ b/heartbeat/IPaddr2
|
|
@@ -83,7 +83,7 @@ OCF_RESKEY_unique_clone_address_default=false
|
|
OCF_RESKEY_arp_interval_default=200
|
|
OCF_RESKEY_arp_count_default=5
|
|
OCF_RESKEY_arp_count_refresh_default=0
|
|
-OCF_RESKEY_arp_bg_default=true
|
|
+OCF_RESKEY_arp_bg_default=""
|
|
OCF_RESKEY_arp_sender_default=""
|
|
OCF_RESKEY_send_arp_opts_default=""
|
|
OCF_RESKEY_flush_routes_default="false"
|
|
@@ -336,9 +336,10 @@ situations.
|
|
|
|
<parameter name="arp_bg">
|
|
<longdesc lang="en">
|
|
-Whether or not to send the ARP packets in the background.
|
|
+Whether or not to send the ARP (IPv4) or NA (IPv6) packets in the background.
|
|
+The default is true for IPv4 and false for IPv6.
|
|
</longdesc>
|
|
-<shortdesc lang="en">ARP from background</shortdesc>
|
|
+<shortdesc lang="en">ARP/NA from background</shortdesc>
|
|
<content type="string" default="${OCF_RESKEY_arp_bg_default}"/>
|
|
</parameter>
|
|
|
|
@@ -507,6 +508,9 @@ ip_init() {
|
|
ocf_exit_reason "IPv4 does not support lvs_ipv6_addrlabel"
|
|
exit $OCF_ERR_CONFIGURED
|
|
fi
|
|
+ if [ -z "$OCF_RESKEY_arp_bg" ]; then
|
|
+ OCF_RESKEY_arp_bg=true
|
|
+ fi
|
|
else
|
|
FAMILY=inet6
|
|
# address sanitization defined in RFC5952
|
|
@@ -527,6 +531,9 @@ ip_init() {
|
|
exit $OCF_ERR_CONFIGURED
|
|
fi
|
|
fi
|
|
+ if [ -z "$OCF_RESKEY_arp_bg" ]; then
|
|
+ OCF_RESKEY_arp_bg=false
|
|
+ fi
|
|
fi
|
|
|
|
# support nic:iflabel format in nic parameter
|
|
@@ -893,6 +900,20 @@ run_arp_sender() {
|
|
fi
|
|
}
|
|
|
|
+log_send_ua() {
|
|
+ local cmdline
|
|
+ local output
|
|
+ local rc
|
|
+
|
|
+ cmdline="$@"
|
|
+ output=$($cmdline 2>&1)
|
|
+ rc=$?
|
|
+ if [ $rc -ne 0 ] ; then
|
|
+ ocf_log err "Could not send ICMPv6 Unsolicited Neighbor Advertisements: rc=$rc"
|
|
+ fi
|
|
+ ocf_log info "$output"
|
|
+ return $rc
|
|
+}
|
|
|
|
#
|
|
# Run send_ua to note send ICMPv6 Unsolicited Neighbor Advertisements.
|
|
@@ -930,7 +951,11 @@ run_send_ua() {
|
|
|
|
ARGS="-i $OCF_RESKEY_arp_interval -c $OCF_RESKEY_arp_count $OCF_RESKEY_ip $NETMASK $NIC"
|
|
ocf_log info "$SENDUA $ARGS"
|
|
- $SENDUA $ARGS || ocf_log err "Could not send ICMPv6 Unsolicited Neighbor Advertisements."
|
|
+ if ocf_is_true $OCF_RESKEY_arp_bg; then
|
|
+ log_send_ua $SENDUA $ARGS &
|
|
+ else
|
|
+ log_send_ua $SENDUA $ARGS
|
|
+ fi
|
|
}
|
|
|
|
# Do we already serve this IP address on the given $NIC?
|
|
|
|
From c8afb43012c264f3ee24013a92b2a2f3566db2fd Mon Sep 17 00:00:00 2001
|
|
From: Petr Pavlu <petr.pavlu@suse.com>
|
|
Date: Tue, 8 Mar 2022 12:35:56 +0100
|
|
Subject: [PATCH 3/4] IPaddr2: Log 'ip addr add' options together
|
|
|
|
Change the log message in add_interface() from
|
|
"Adding ... (with <opt1>) (with <opt2>)"
|
|
to
|
|
"Adding ... (with <opt1> <opt2>)".
|
|
---
|
|
heartbeat/IPaddr2 | 19 ++++++++++---------
|
|
1 file changed, 10 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2
|
|
index e243a642d..dca1b6f5b 100755
|
|
--- a/heartbeat/IPaddr2
|
|
+++ b/heartbeat/IPaddr2
|
|
@@ -651,7 +651,7 @@ delete_interface () {
|
|
# Add an interface
|
|
#
|
|
add_interface () {
|
|
- local cmd msg ipaddr netmask broadcast iface label
|
|
+ local cmd msg extra_opts ipaddr netmask broadcast iface label
|
|
|
|
ipaddr="$1"
|
|
netmask="$2"
|
|
@@ -679,23 +679,24 @@ add_interface () {
|
|
msg="Adding $FAMILY address $ipaddr/$netmask with broadcast address $broadcast to device $iface"
|
|
fi
|
|
|
|
+ extra_opts=""
|
|
if [ "$FAMILY" = "inet6" ] && ocf_is_true "${OCF_RESKEY_nodad}"; then
|
|
- cmd="$cmd nodad"
|
|
- msg="${msg} (with nodad)"
|
|
+ extra_opts="$extra_opts nodad"
|
|
fi
|
|
|
|
if ocf_is_true "${OCF_RESKEY_noprefixroute}"; then
|
|
- cmd="$cmd noprefixroute"
|
|
- msg="${msg} (with noprefixroute)"
|
|
+ extra_opts="$extra_opts noprefixroute"
|
|
fi
|
|
|
|
if [ ! -z "$label" ]; then
|
|
- cmd="$cmd label $label"
|
|
- msg="${msg} (with label $label)"
|
|
+ extra_opts="$extra_opts label $label"
|
|
fi
|
|
if [ "$FAMILY" = "inet6" ] ;then
|
|
- cmd="$cmd preferred_lft $OCF_RESKEY_preferred_lft"
|
|
- msg="${msg} (with preferred_lft $OCF_RESKEY_preferred_lft)"
|
|
+ extra_opts="$extra_opts preferred_lft $OCF_RESKEY_preferred_lft"
|
|
+ fi
|
|
+ if [ -n "$extra_opts" ]; then
|
|
+ cmd="$cmd$extra_opts"
|
|
+ msg="$msg (with$extra_opts)"
|
|
fi
|
|
|
|
ocf_log info "$msg"
|
|
|
|
From cb4d52ead694718282a40eab24e04b6d85bcc802 Mon Sep 17 00:00:00 2001
|
|
From: Petr Pavlu <petr.pavlu@suse.com>
|
|
Date: Mon, 7 Mar 2022 17:25:02 +0100
|
|
Subject: [PATCH 4/4] IPaddr2: Clarify behavior of 'arp_*' parameters for IPv4
|
|
and IPv6
|
|
|
|
* Mention that 'arp_*' parameters are shared by the IPv4 and IPv6 code.
|
|
* Clarify description of these parameters and mark which of them apply
|
|
only to IPv4.
|
|
---
|
|
heartbeat/IPaddr2 | 26 +++++++++++++++++---------
|
|
1 file changed, 17 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2
|
|
index dca1b6f5b..97a7431a2 100755
|
|
--- a/heartbeat/IPaddr2
|
|
+++ b/heartbeat/IPaddr2
|
|
@@ -157,6 +157,12 @@ and/or clone-max < number of nodes. In case of node failure,
|
|
clone instances need to be re-allocated on surviving nodes.
|
|
This would not be possible if there is already an instance
|
|
on those nodes, and clone-node-max=1 (which is the default).
|
|
+
|
|
+When the specified IP address gets assigned to a respective interface, the
|
|
+resource agent sends unsolicited ARP (Address Resolution Protocol, IPv4) or NA
|
|
+(Neighbor Advertisement, IPv6) packets to inform neighboring machines about the
|
|
+change. This functionality is controlled for both IPv4 and IPv6 by shared
|
|
+'arp_*' parameters.
|
|
</longdesc>
|
|
|
|
<shortdesc lang="en">Manages virtual IPv4 and IPv6 addresses (Linux specific version)</shortdesc>
|
|
@@ -306,28 +312,30 @@ a unique address to manage
|
|
|
|
<parameter name="arp_interval">
|
|
<longdesc lang="en">
|
|
-Specify the interval between unsolicited ARP packets in milliseconds.
|
|
+Specify the interval between unsolicited ARP (IPv4) or NA (IPv6) packets in
|
|
+milliseconds.
|
|
|
|
This parameter is deprecated and used for the backward compatibility only.
|
|
It is effective only for the send_arp binary which is built with libnet,
|
|
and send_ua for IPv6. It has no effect for other arp_sender.
|
|
</longdesc>
|
|
-<shortdesc lang="en">ARP packet interval in ms (deprecated)</shortdesc>
|
|
+<shortdesc lang="en">ARP/NA packet interval in ms (deprecated)</shortdesc>
|
|
<content type="integer" default="${OCF_RESKEY_arp_interval_default}"/>
|
|
</parameter>
|
|
|
|
<parameter name="arp_count">
|
|
<longdesc lang="en">
|
|
-Number of unsolicited ARP packets to send at resource initialization.
|
|
+Number of unsolicited ARP (IPv4) or NA (IPv6) packets to send at resource
|
|
+initialization.
|
|
</longdesc>
|
|
-<shortdesc lang="en">ARP packet count sent during initialization</shortdesc>
|
|
+<shortdesc lang="en">ARP/NA packet count sent during initialization</shortdesc>
|
|
<content type="integer" default="${OCF_RESKEY_arp_count_default}"/>
|
|
</parameter>
|
|
|
|
<parameter name="arp_count_refresh">
|
|
<longdesc lang="en">
|
|
-Number of unsolicited ARP packets to send during resource monitoring. Doing
|
|
-so helps mitigate issues of stuck ARP caches resulting from split-brain
|
|
+For IPv4, number of unsolicited ARP packets to send during resource monitoring.
|
|
+Doing so helps mitigate issues of stuck ARP caches resulting from split-brain
|
|
situations.
|
|
</longdesc>
|
|
<shortdesc lang="en">ARP packet count sent during monitoring</shortdesc>
|
|
@@ -345,7 +353,7 @@ The default is true for IPv4 and false for IPv6.
|
|
|
|
<parameter name="arp_sender">
|
|
<longdesc lang="en">
|
|
-The program to send ARP packets with on start. Available options are:
|
|
+For IPv4, the program to send ARP packets with on start. Available options are:
|
|
- send_arp: default
|
|
- ipoibarping: default for infiniband interfaces if ipoibarping is available
|
|
- iputils_arping: use arping in iputils package
|
|
@@ -357,7 +365,7 @@ The program to send ARP packets with on start. Available options are:
|
|
|
|
<parameter name="send_arp_opts">
|
|
<longdesc lang="en">
|
|
-Extra options to pass to the arp_sender program.
|
|
+For IPv4, extra options to pass to the arp_sender program.
|
|
Available options are vary depending on which arp_sender is used.
|
|
|
|
A typical use case is specifying '-A' for iputils_arping to use
|
|
@@ -388,7 +396,7 @@ IP address goes away.
|
|
|
|
<parameter name="run_arping">
|
|
<longdesc lang="en">
|
|
-Whether or not to run arping for IPv4 collision detection check.
|
|
+For IPv4, whether or not to run arping for collision detection check.
|
|
</longdesc>
|
|
<shortdesc lang="en">Run arping for IPv4 collision detection check</shortdesc>
|
|
<content type="string" default="${OCF_RESKEY_run_arping_default}"/>
|