Hello,
this quick email to announce new major keepalived release. We are planing with
Quentin to push a new release soon as 2.0.0 release. This one fix and extend
previous parts. It also came with a Security fix for those making extensive use
of scripts.
ChangeLog looks like :
2016-11-20 Alexandre Cassen <acas...@linux-vs.org>
* keepalived-1.3.0 released.
* Add DBus functionality to VRRP.
Add new pthread off VRRP to expose DBUs service org.keepalived.Vrrp1
through a GMainLoop.
Create a general /org/keepalived/Vrrp1/Vrrp DBus
object and a /org/keepalived/Vrrp1/Instance/#interface#/#group#
object for
each VRRP instance.
Interface org.keepalived.Vrrp1.Vrrp implements methods PrintData,
PrintStats and signal VrrpStopped.
Interface com.keepalived.Vrrp1.Instance implements method SendGarp
(sends a single Gratuitous ARP from the given Instance),
signal VrrpStatusChange, and properties Name and State (retrievable
through calls to org.freedesktop.DBus.Properties.Get)
Interface files are located at location /usr/share/dbus-1/interfaces/
A policy file, which determines who has access to the service, is
located at /etc/dbus-1/system.d/
* Resolve DBus working after a reload
thread_destroy_list() was closing file descriptors of read and write
threads, but we wanted the DBus pipes to remain open. It transpires
that
closing the fds in thread_destroy_list() is unnecessary, since they
are
closed elsewhere anyway, so stop closing the fds in
thread_destroy_list().
* Add stronger compiler warnings (-Wextra).
The following bugs were discovered:
check_smnp_realserver_weight()
comparison if unsigned value < 0
alloc_ipaddress()
comparison of unsigned == -1 and not checking
return status of find_rttables_scope() correctly
read_line()
accessing element buf[18446744073709551615]
ie. buf[2^64-1], which is the same as buf[-1].
The following improvements to the code were made:
Many unused function parameters
either removed or marked unused
Many signed vs. unsigned comparisons
In most cases variables change to be unsigned
Lengths being stored in signed variables
* Rationalise checking of libnl-3.
* Bring generation of rpmbuild keepalived.spec file up to date
The keepalived.spec file is now created to match the options passed
to configure. It also detects if the system init process is systemd,
upstart or the traditional SYSV init system.
* Add more BuildRequires to keepalived.spec.in.
* Further improvements to keepalived.spec.in for systemd systems
* Change some configure.ac variable names due to using
PKG_PROG_PKG_CONFIG
* Fix configure.ac to make RedHat hardened rpm builds work
CFLAGS, CPPFLAGS and LIBS variables were not being preserved by
configure.ac, and this caused needed CFLAGS to be lost when
configure was run, resulting in a build failure.
This commit ensures the flags are all preserved.
* Allow for automake macro AM_PROG_AR not existing.
* Add support for UDP socket to layer4 library.
* Add DNS checker.
* Update documentation for DNS health checker.
* Fix compile check for PE selection support.
* Add file missing from add-dns-checker commit.
* Update commits for correctly checking for IPVS_SVC_ATTR_PE_NAME.
The upadted configure and lib/config.h.in weren't included in the
commits,
and to be consistent the comment on what Linux version introduced the
feature
is in configure.ac if the test exists in configure.ac
* Fix conditional compilation test for FRA_OIFNAME.
* Fix compilation test for IFLA_INET6_ADDR_GEN_MODE.
* Fix compilation test for IPVS_DEST_ATTR_ADDR_FAMILY.
* Fix compilation test for IPVS_DEST_ATTR_STATS64 and
IPVS_SVC_ATTR_STATS64.
* Fix compilation test for RTA_VIA.
* Fix compilation test for CLONE_NEWNET for DBus.
* Fix issue of overwriting the original disposition of signals.
* Improve forced termination of script execution process and its
offspring.
* Improve propagate important signal for the script process groups.
* Use argument instead of static variable.
* Fix bug around the process group.
* Use SIGTERM instead of SIGHUP.
* Stop linking with -lipset.
libipset (if used) is dynamically linked at runtime, and so keepalived
shouldn't be linked with -lipset.
Linking with -lipset was erroneously added when converting the build
system to use automake.
* Report diagnostic message if dlopen() fails.
* Fix loading of ipset library when development library not installed.
* Don't use ipsets with namespaces on Linux < 3.13 by default.
On Linux prior to version 3.13, ipsets were not network namespace
aware, so by default the use if ipsets is disabled if keepalived
is running in a network namespace. Configuration keyword
'namespace_with_ipsets' enables ipset use with a network namespace
on these older kernels.
* Fix reporting of script exit status.
* Update documentation and fix compiler warning re ipset with Linux <
3.13
* Make report_child_status() check for vrrp and checker child processes
report_child_status() checks for exit status KEEPALIVED_EXIT_FATAL
and KEEPALIVED_EXIT_CONFIG, but these are only relevant for the vrrp
and checker child processes, and not for track scripts etc. This
commit
adds a check that the terminating process is the vrrp or checker
process
before checking those exit statuses.
* Add no_accept mode for VRRPv2 and standardise VRRPv3 with it
RFC3768, for VRRPv2, specifies that packets addressed to the VIPs
should not be accepted, unless the router is the address owner.
This commit implements not accepting the packets when running VRRPv2,
but only if no_accept is specified, or running in strict mode. The
reason
for not making no_accept the default (which would confirm to the
RFCs) is
that if running IPVS, or any other service on top of the VIPs, we
need to
be able to accept the packets, and requiring everyone to specify
accept
in that case would not be reasonable.
Prior to this commit, VRRPv3 was blocking packets sent to VIPs (and
eVIPS),
unless the vrrp instance was the address owner, or accept mode was
set. This
commit changes the default behaviour for VRRPv3 to make it consistent
with
VRRPv2 (i.e. either strict mode or no_accept needs to be specified to
be
conformant with RFC5978).
* Tidy up logged messages if ipset initialisation fails.
* Streamline MII polling.
We only need to read 2 MII registers, and not 32 as was previously
being
done.
This commit also uses the <linux/mii.h> header file for field and
register definitions.
* Simplify bitops.h code.
* Resolve warnings generated with compiler option -Dconversion.
Most of the warnings were resolved by changing the data types of some
variables. Others required casting, particularly where kernel
interfaces
are involved.
There were a few instances discovered that were errors, for example
comparing
an unsigned int against -1, and assigning a 16 bit value to a uint8_t.
This commit also adds configure options --enable-conversion-checks and
--enable-force-conversion-checks, the former adds compiler option
-Dconversion
unless the compiler is an old version that throws up false warnings.
Option
--enable-force-conversion-checks adds -Dconversion even if the
compiler throws
up known false warnings.
* Fix some minor errors/typos in doc/keepalived.conf.SYNOPSIS.
* Fix keyword error in sample configuration.
* Fix typo in genhash error message.
* Fix address ranges for virtual server groups
The handling of address ranges was only written for IPv4 addresses,
and
only worked on little endian systems.
This commit enables IPv6 address ranges to work, and also should now
work on big endian systems (but I don't have access to a big endian
system
to test it). Validation is added to ensure that the end of the range
is after
the start of the range, and that the value of the range end does not
exceed
255 (for IPv4) of ffff (for IPv6).
There is also some optimisation of the code, so that netmask is not
set (since
it isn't used by the kernel), and the port is set once only, before
the loop
through the addresses.
* Add --enable-Werror configure option.
* Add promote_secondaries keyword for vrrp_instance block.
If two IPv4 VIP addresses are in the same CIDR, and the primary
address is removed, then by default any other address in the same
CIDR is
also removed. To stop this happening, the promote_secondaries flag
needs to be set on the interface.
Commit e5526cf added setting the promote_secondaries option on
VMAC interfaces, and stated that adding the option for non-VMAC
interfaces would be added later. This commit now adds a
promote_secondaries configuration option in order to set the flag
on the interface.
* Add reporting of promote_secondaries configuration setting.
* Add conditional configuration feature
It is usually the case that the configurations for keepalived for
systems operating together are virtually identical, and only differ
in vrrp instance priorities, router id, and unicast addresses if
those are being used.
It is a nuisance to have to edit one file for each server to make
identical changes, so this commit adds the facility for conditional
configuration entries.
Any line starting with the '@' character is a conditional line.
Immediately following the '@' character is a config id. The line is
only included in the configuration if the config id matches the
argument passed to keepalived with the -i option on the command line.
For example, consider the following configuration snippet:
global_defs
{
@main router_id main_router
@backup router_id backup_router
}
If keepalived is started with -i main, then the router id will be
main_router, if started with -i backup, then backup_router. If
keepalived is started without the -i option, or -i anything else,
then the above snippet will not configure any router id.
* Fix building with --disable-vrrp.
* Stop segfaulting when configuration keyword is missing its parameter
There are many places where during configuration parsing the code
assumes that if a keyword is specified that requires a parameter, then
the parameter exists. If the parameter doesn't exist, then the code
indexes past the end of the vector, and at best segfaults, and at
worst
may carry on, parsing random data.
This commit adds strvec_slot() which checks for the presence of the
parameter, and if configured will call a function that can handle the
error. Currently this logs that the parameter is missing, with as much
helpful information as it can provide, and then terminates.
* Use FMT_STR_VSLOT where appropriate.
* Use TIMER_HZ where appropriate.
* Fix comment and error message re http write timeout.
* More verbose logging on (effective) priorities pt. 2.
* Change configure option --enable-snmp-keepalived to --enable-snmp-vrrp
The option was enabling snmp for vrrp, not all of keepalived (the
--enable-snmp option does that), so this commit renames it to reflect
what it is actually doing.
The --enable-snmp-keepalived option is retained but marked as
obsolete.
* Use AS_HELP_STRING autoconf macro.
* Fix process increase
* Add forcing termination of children of scripts if script times out
Commits fe9638b..cebfbf5 resolved problems around forced termination
of scripts if they didn't terminate within the proscribed time. During
the development of the patches, it was identified that after a script
had been terminated by SIGTERM, any child processes created by the
script also need to be kill.
This commit adds the forced termination of any such children.
* Correctly handle existing VMACs on reload.
Anthony Dempsey in issue #449 identified that
keepalived attempts to recreate existing VMAC interfaces on a reload,
and that the subsequent failure causes keepalived not to use the VMAC.
This then identified further issues such as the check for an existing
VMAC in netlink_link_add_vmac() didn't also check the interface a
VMAC was on, and that the checks for conflicts of VMAC interface names
with existing interfaces weren't sufficient.
This patch builds on the patch provided by Anthony Dempsey to also
resolve the additional issues identified.
* Fix check of matching VRRP instances on reload.
On a reload, clear_diff_vrrp() removes vrrp instances that are no
longer in the configuration. The check, however, was based on vrrp
instance name, which might have changed. The check is now based on
VRID, address family and interface, since it is this triplet that
uniquely defines a vrrp instance.
* Fix clearing addresses no longer used after a reload.
The address comparison was including ifa_index, but that wasn't being
set up until after clear_diff_vrrp() was called.
* Don't zero the mem_allocated count during reload.
We want to know if there is a leak during reload, so don't zero the
counter.
* Ensure iptables/sets entries and ip routes/rules not lost on reload.
There were several places in the code that were causing existing
iptables/ipsets entries to be lost on reload, and also new entries
for additional ip addresses were deleted after being added. In
addition, ip rules/routes for existing entries were being removed.
* Ensure GARPs/GNAs are sent after reload if VIP/eVIP addresses added.
Although there have been versions of keepalived when GARPs/GNAs were
sent after a reload, this was due to a bug in determining if the VRRP
instance had existed before. Resolving that bug (commit aaea8a4),
caused keepalived to stop sending GARPs after a reload. This commit
now specifically adds code to send GARPs on a VRRP instance for all
addresses on that instance. It would be better if GARPs were sent only
for the added addresses, and that may be resolved in a future commit.
* Use correct interface for iptables/ipset entries when not accept mode
If an interface was specified for a VIP/eVIP, the iptables/ipset block
if not in accept mode for link local IPV6 addresses was specifying the
interface the vrrp instance was on rather than the interface the
address
was added to.
This commit now makes the iptables/ipset entry specify the interface
that
the address has been added to.
* Resolve "Netlink: error: message truncated" messages.
On systems with a page size larger than 4096 keepalived may report:
"Netlink: error: message truncated" messages
This error was reported on a ppc64le in an OpenStack/Nutron
environment.
Ppc64le is using a 64k pages size. I found that keepalived's netlink
recvmsg
buffer was too small causing messages to be truncated. The size of
the read
buffer for the netlink socket should be based on page size however,
it should
not exceed 8192. See the comment in the patch.
I tested the fix by creating 100 veth interfaces and verifying the
errors
did not return.
* Use ipsets with namespaces on Linux < 3.13 if ipset names configured.
The problem with using ipsets with namespaces on Linux < 3.13 is that
ipsets were not namespace aware, and so all ipset entries added are
global to the system, including all network namespaces. This causes
problems if the default ipset names are used, but if set names have
been specified, it is reasonable that they have been set to be
different for each namespace, and hence there will be no clashes.
The documentation is also updated for vrrp_ipsets keyword.
* Don't write MEM_CHECK data to log when forked script child terminates.
The mem check log file was being filled with extraneous termination
information every time a forked child terminated. When a child is
forked
it now sets a flag to stop the termination dump.
* Fix illegal syntax in configure script
Indirect expansion (`${!foo}`) is a bashism, it's not POSIX-sh
compatible and is not supported by common shells except Bash and ZSH!
Configure script should be portable, hence strictly POSIX compliant.
Moreover it has shebang /bin/sh.
* Make running scripts more secure
Previously, keepalived ran all scripts as root. This is potentially
dangerous if a non-root user can modify the script, or has write
access to any part of the path to the script.
This commit does the following:
1) Adds configuration options to specify the user/group under which to
run each script
2) Adds an option to set the default script user/group. If this is not
set it will default to user keepalived_script if that user exists,
otherwise it will default to root, as before.
3) If a script is to be executed with root privilege, report if it is
writeable in any way by a non-root user.
4) Add an option enable_script_security so that any scripts failing
3) above won't be executed.
5) Report if any scripts are not executable by the relevant user.
* Fix some lead tab/space issues.
* Fix segfault when terminating with no notify script configured.
* Fix compiler warning generated with --enable-conversion-checks.
* Don't segfault if modules ip_tables or ip6_tables not loaded
If either of the modules is not loaded, then don't use ip(6)tables for
that address family. We could load the module, but there would be no
entries pointing to the chains that we use, and so there is no point
adding entries to chains that won't be traversed.
* Resolve some type mismatch warnings on 32 bit systems.
* Fix checking security of misc_check scripts.
Cheers,
Alexandre
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-requ...@linuxvirtualserver.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
