1#!/bin/sh 2# 3# (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> 4# 5# This program is free software; you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation; either version 2 of the License, or 8# (at your option) any later version. 9# 10# Description: 11# 12# This is the script for primary-backup setups for keepalived 13# (http://www.keepalived.org). You may adapt it to make it work with other 14# high-availability managers. 15# 16# Do not forget to include the required modifications to your keepalived.conf 17# file to invoke this script during keepalived's state transitions. 18# 19# Contributions to improve this script are welcome :). 20# 21 22CONNTRACKD_BIN=/usr/sbin/conntrackd 23CONNTRACKD_LOCK=/var/lock/conntrack.lock 24CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf 25 26case "$1" in 27 primary) 28 # 29 # commit the external cache into the kernel table 30 # 31 $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c 32 if [ $? -eq 1 ] 33 then 34 logger "ERROR: failed to invoke conntrackd -c" 35 fi 36 37 # 38 # flush the internal and the external caches 39 # 40 $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -f 41 if [ $? -eq 1 ] 42 then 43 logger "ERROR: failed to invoke conntrackd -f" 44 fi 45 46 # 47 # resynchronize my internal cache to the kernel table 48 # 49 $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -R 50 if [ $? -eq 1 ] 51 then 52 logger "ERROR: failed to invoke conntrackd -R" 53 fi 54 55 # 56 # send a bulk update to backups 57 # 58 $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -B 59 if [ $? -eq 1 ] 60 then 61 logger "ERROR: failed to invoke conntrackd -B" 62 fi 63 ;; 64 backup) 65 # 66 # is conntrackd running? request some statistics to check it 67 # 68 $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -s 69 if [ $? -eq 1 ] 70 then 71 # 72 # something's wrong, do we have a lock file? 73 # 74 if [ -f $CONNTRACKD_LOCK ] 75 then 76 logger "WARNING: conntrackd was not cleanly stopped." 77 logger "If you suspect that it has crashed:" 78 logger "1) Enable coredumps" 79 logger "2) Try to reproduce the problem" 80 logger "3) Post the coredump to netfilter-devel@vger.kernel.org" 81 rm -f $CONNTRACKD_LOCK 82 fi 83 $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d 84 if [ $? -eq 1 ] 85 then 86 logger "ERROR: cannot launch conntrackd" 87 exit 1 88 fi 89 fi 90 # 91 # shorten kernel conntrack timers to remove the zombie entries. 92 # 93 $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t 94 if [ $? -eq 1 ] 95 then 96 logger "ERROR: failed to invoke conntrackd -t" 97 fi 98 99 # 100 # request resynchronization with master firewall replica (if any) 101 # Note: this does nothing in the alarm approach. 102 # 103 $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -n 104 if [ $? -eq 1 ] 105 then 106 logger "ERROR: failed to invoke conntrackd -n" 107 fi 108 ;; 109 fault) 110 # 111 # shorten kernel conntrack timers to remove the zombie entries. 112 # 113 $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t 114 if [ $? -eq 1 ] 115 then 116 logger "ERROR: failed to invoke conntrackd -t" 117 fi 118 ;; 119 *) 120 logger "ERROR: unknown state transition" 121 echo "Usage: primary-backup.sh {primary|backup|fault}" 122 exit 1 123 ;; 124esac 125 126exit 0 127