forked from acassen/keepalived
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathChangeLog
5759 lines (5647 loc) · 315 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2018-01-27 Alexandre Cassen <[email protected]>
* keepalived-1.4.1 released.
* Improve and fix use of getopt_long().
We musn't use a long option val of 1, since getopt_long() can return
that value.
getopt_long() also returns longindex == 0 when there is no matching
long option, and there needs to be careful checking if there is an
error to work out whether a long or short option was used, which is
needed for meaningful error messages.
* Write assert() messages to syslog.
assert()s are nasty things, but at least let's get the benefit of
them, and write the messages to syslog, rather than losing them down
stderr.
* Enable sorry server at startup if quorum down due to alpha mode
If alpha mode is configured on sufficient checkers so that a
virtual server doesn't have a quorum, we need to add the sorry
server at startup, otherwise it won't be added until a quorum has
been achieved and subsequently lost again. In the case where some
of the checkers remain in the down state at startup, this would have
meant that the sorry server never got added.
* For virtual servers, ensure quorum <= number of real servers
If the quorum were gigher than the number of real servers, the
quorum for the real server to come up could never be achieved, so
if the quorum is greater than the number of real servers, reduce it
to the number of real servers.
* Fix some SNMP keepalived checker integer types and default values.
Some virtual server and real server values were being sent to SNMP
with a signed type whereas the value is unsigned, so set the type
field correctly.
Some virtual server and real server values that apply to checkers
are set to nonsense default values in order to determine if a
value has been specified. Handle these values when reporting them
to SNMP replying with 0 rather than a nonsense value.
* Fix some MALLOC/FREE issues with notify FIFOs.
* Add instance_name/config_id to alert emails' subjects if configured.
If multiple instances of keepalived are running, either different
instance_names and/or config_ids, it is useful to know which
keepalived instance the email relates to.
* Ensure that email body string isn't unterminated.
Using strncpy() needs to ensure that there is a nul termination byte,
so this commits adds always writing a nul byte to the end of the buffer.
* Remove duplicate fault notification.
* Fix problem with scripts found via PATH with a '/' in parameters.
Recent discussions on issue #101 led to discovering that if an
executable without a fully qualified name was specified as a script
and there was a '/' character in the parameters, then the path
resolution would not work.
* Send SNMP traps when go from backup to fault due to sync group.
Commit 020a9ab added executing notify_fault for vrrp instances
transitioning from backup to fault state due to another instance
in the sync group going to fault state. This commit adds sending
SNMP traps in the same circumstance.
* Revert "Add instance_name/config_id to alert emails' subjects if
configured". This should be handled by setting router_id
* Add config option to send smtp-alerts to file rather than send emails
This is useful for debugging purposes.
* Add additional entry to Travis-CI build matrix.
* Fix segfault if no sorry server configured for a virtual server.
Issue #751 identified a segfault in vs_end_handler(), and it
transpires that the forwarding method of the sorry server was being
checked without first testing that a sorry server had been configured.
* Improve the log message when a master receives higher priority advert.
The log message reported in issue #754
"VRRP_Instance(VI_1) Received advert with higher priority 253, ours 253"
is somewhat misleading since 253 == 253.
This commit improves the log message in this case be reporting that
the sender's IP address is higher and the priority is equal. It also
states the it was a master receiving the advert.
* First stage of making --enable-debug work
Issue #582 identified that compiling with --enable-debug produced
an executable that didn't work.
This commit largely makes that option work, but there needs to be
more work to make signals work.
* Generalise handling of signals.
* Don't assume json header files are in /usr/include/json-c
Use pkg-config to find the location of the json header files
when testing for the presence of the header files in configure.
* Add file updated by configure.ac change.
* Log more helpful message when healthchecker activated or suspended
Include the realserver in the log message
* Fix building with musl libc.
* fix spelling mistakes about keyword promote_secondaries in man page.
2017-12-29 Alexandre Cassen <[email protected]>
* keepalived-1.4.0 released.
* Add Linux build and runtime versions to -v output.
* Log kernel version and build kernel version to log at startup.
* Fix compiling with --enable-debug.
* Don't sleep for 1 send when exiting vrrp process if no vrrp instances.
* Streamline and rationalise use of child_finder function.
The child_finder function is simplified, and also stop using the
parent process' child_finder function in the checker process.
* Don't request bug report if script terminates due to seg fault.
The report_child_status() function would log a message requesting a
bug report if a check_misc script or a vrrp_track script exited due
to a seg fault.
* Handle vrrp track and check_misc scripts being killed by signal.
* Rationalise reporting of child process exit status.
report_child_status() is now only called in the main keepalived
program. The reporting of the exit status of vrrp track scripts
and MISC_CHECK scripts is now handled in the specific code for
those scripts. This means that non 0 exit statuses aren't
repeatedly reported for vrrp track scripts.
* eally fix reporting of child process exit status.
* Log a helpful message i using mem-check and too many allocs.
keepalived simply being terminated by SIGABRT with no diagnostic
message was unhelpful.
* Rename child_finder() to child_finder_name() etc
The function only finds the name of the child process, and not
the thread for the child process, so rename the function accordingly.
* Add log to file and no syslog options.
With large configurations the syslog can get flooded and drop output.
This commit adds options to not log to syslog, and also to log all
output to files.
* Add option to only flush log files before forking.
* Don't poll netlink for all interfaces each time add a VMAC.
We can poll for the individual interface details which significantly
reduces what we have to process.
* Print interface details in keepalived.data output.
* Be consistent with type of size parameter for mlists.
* Fix sign conversion warnings.
* Add high performace child finder code.
The code to find the relevant thread to execute afer a child process
(either a vrrp track script or a misc_check healthchecker) was doing
a linear search for the matching pid, which if there are a large number
of child processes running could become time consuming.
The code now will enable high performance child finding, based on using
mlists hashed by the pid, if there are 32 or more vrrp track scripts or
misc check healthcheckers. The size of the mlist is based on the number
of scripts, with a limit of 256.
* Improve high performance child termination timeout code.
* Fix high performance child finder cleanup code.
* Preserve filename in script path name resolution.
Some executables change their behaviour depending on the name by
which they are invoked (e.g. /usr/sbin/pidof when it is a link to
/usr/sbin/killall5). Using realpath() changes the file name part
if it is a symbolic link. This commit resolves all symbolic links
to directories, but leaves the file name part unaltered. It then
checks the security of both the path to the link and the path to
the real file.
* Handle scripts names that are symbolic links properly.
* Use fstatat() rather than stat() for checking script security.
If we use fstatat() we can discover if a file is a symbolic
link and treat it accordingly.
* Fix building with kernels older than v4.4.
* Fix building with --disable-lipiptc and --enable-dynamic-linking.
* Fix building with --without-vrrp configure option.
* Resolve unused return value warning.
* Fix some RFC SNMP issues.
* Attempt to fix mock builds.
* Fix parsing of broadcast + and broadcast -
* check_http.c: http_get_check_compare crash fixed in case of absense
of digest.
* Add -pie linker option.
Since -fPIE is specified for the compiler, -pie should be specified
for the linker.
* check_http.c: http_get_check_compare crash fixed in case of absense o.
* Fix use S_PATH and fchdir().
S_PATH wasn't defined until Linux 2.6.39 and fchdir() doesn't work
with S_PATH until Linux 3.5 (according to open(2) man page).
* Fix building with Linux versions between 2.6.39 and 3.3
Linux 2.6.39 introduced ipsets, but the kernel had some omissions
from linux/netfilter/ipset/ip_set.h header file, so the libipset
provided version needed to be used.
Note: RedHat backported ipsets to at least 2.6.32, so the problem
applied to earlier versions of RedHat Linux and Centos.
* Fix segfault when parsing invalid real server.
If the first real server ip address doesn't match the address
family of the virtual server, then we need to skip parsing the
rest of the real_server block.
* Make when vs_end_handler is executed
Commit 1ba7180b ('ipvs: new service option "ip_family"') added a
sublevel_end_handler vs_end_handler, but this was being executed
at the end of each real_server rather than after the virtual_server.
This commit adds a new parser function install_root_end_handler(),
and vs_end_handler is now installed using that function so that it
is executed at the end of the virtual_server rather than after each
real_server.
* Allow tunnelled rs address family not to match vs family.
The address family of a tunnelled real server does not have to
match the address family of its virtual server, so we need to
delay any setting of the vs address family from an rs address
until the end of the real_server block, so that we know whether
the forwarding method is tunnelling or not. Likewise the check
of the sorry server has to be delayed until the end of the
virtual server configuration (the tunnelling method may be
specified after the address of the real/sorry server).
The address family of a virtual server is only not determined
by the virtual server configuration itself if the virtual server
is defined by a fwmark and all of the real/sorry servers are
tunnelled. In this case the address family cannot properly be
determined from the address family of any tunnelled real servers.
However, to maintain backward compatibility with configurations
used prior to this commit, the address family of the virtual
server will be taken from the address family of the (tunnelled)
real/sorry servers if they are all the same; if they are not all
the same it will default to IPv4 (this is not incompatible since
previously mixed IPv4 and IPv6 real/sorry servers were not allowed,
even if tunnelled).
* Remove bogus warning for fwmark virtual servers.
"Warning: Virtual server FWM 83: protocol specified for fwmark
- protocol will be ignored" should not be given if no protocol has
been specified.
* Fix removing left-over addresses if keepalived aborts.
* Fix use of init_state after a reload.
Issue #627 identified that vrrp->init_state was being incorrectly
used in vrrp_fault(), since it is modified at a reload.
Instead of using init_state, we now use the configured priority
of the vrrp instance, so if the vrrp instance is the address owner
(priority 255) it will transition to master after leaving to fault
state, otherwise it transitions to backup.
* Remove init_state from vrrp structure
init_state is no longer used, so remove it from the vrrp structure.
Since it has been included in keepalived SNMP, it is preserved
solely for reporting in SNMP requests.
* Change conditional compilation _WITH_SNMP_KEEPALIVED_ to
_WITH_SNMP_VRRP_
The functionality that the conditional compilation enabled was snmp
vrrp functionality, so make the name more relevant.
* Update error message in configure.ac.
* Add more configure options to Travis build matrix.
* Install additional libraries in Travis environment for new options.
* Fix some problem found by Travis-ci.
* Fix configure --disable-checksum-compat option.
* Remove DOS file formatting from .travis.yml.
* Add more configuration option to Travis builds and some build fixes.
* Tidy up some code alignment.
* Update openssl use to stop using deprecated functions
openssl from version 1.1 deprecated certain functions that keepalived
was using. This commit ceases using those functions if the version
of openssl is >= 1.1.
* Fix some issues identified by valgrind.
Some file descriptors weren't being closed at exit, and also one
or two mallocs weren't being freed.
* Set pointer to NULL after FREE_PTR() unless exiting.
* Allow sync groups with only 1 member, but issue a warning.
* Fix building with LibreSSL version of OpenSSL.
Unfortunately LibreSSL updates OPENSSL_VERSION_NUMBER, and its value
is higher that OpenSSL's latest version. When checking the version
number we need to check that we are not using LibreSSL (by checking
whether LIBRESSL_VERSION_NUMBER is defined).
LibreSSL also hasn't implemented the new functions that OpenSSL has
provided to replace functions that are deprecated or it is recommended
should not be used, and so if using LibreSSL the old functions need
to be used.
* Update genhash to stop using deprecated functions openssl functions.
* Remove last few Subversion source file version Id strings.
Some of the genhash source code still had Subversion Id strings,
and these are now removed.
* Add copyright update script.
* Copyright update.
* Remove outdated Version comment.
* Fix update copyright script.
* Include Makefile.in files in copyright update.
* Add replaceable parameters in configuration files.
* Fix some MALLOC/FREE issues with config parameters.
* Add multiline configuration definitions.
* Remove debugging messages left in lib/parser.c.
* Fix a FREE error.
* Fix keepalived.conf(5) man page.
* Fix type in keepalived.conf(5) man page.
* Suppress error message when removing leftover addresses at startup.
2017-10-21 Alexandre Cassen <[email protected]>
* keepalived-1.3.9 released.
* Stop segfault if SSL context cannot be initialised.
* Don't leave point to SSL data after freeing it.
* Fix memory leak if duplicate SSL context values specified.
* Don't initialise an SSL context if it isn't being used.
* Checksum compatibility should refer to v1.3.6.
* Update keepalived.spec.in for differences between Fedora and CentOS.
* change hash to something more even and hash size accordingly.
* also update size of hash in free_list.
2017-10-15 Alexandre Cassen <[email protected]>
* keepalived-1.3.8 released.
* parser: do not exit when glob() doesn't match any files.
* Use nodename as default id for conditional configuration.
If the node name returned by uname() is host123.abc.de, then
lines in the configuration file matching @host123 will match the
conditional configuration test. This means that it is no longer
necessary to specify the -i command line option if the conditional
configuration string used in the configuration is the node name.
* Option --i/--config-id parameter is not optional.
Since the config-id defaults to the hostname, there is no point
in allowing --config-id to be used without a parameter, just to mean
use the hostname.
* Use NULL instead of 0 for pointers in get_longopts struct.
* Some minor tidying up of the new JSON output code.
1. Use SIGRTMIN+2 rather than (_SIGRTMIN + 4)
2. Don't include JSON code if not building with VRRP
3. Some code alignment fixes
4. Some conditional compilation additions
* Add --signum command line option to report signal numbers.
Since keepalived is starting to use real time signals, and those
signal numbers are not fixes, this commit introduces a way to
ask keepalived to report those signal numbers.
* Stop command line option -i segfaulting.
* Fix config include files when file has no directory par.
When an include file name has no directory part, there is no
directory to change to, so don't try to do so.
* Use getcwd() malloc functionality if available.
* Add support for csh brace globs in config file names.
* Update documentation for config file include directive.
* Use fchdir() when changing direcories while reading include files.
The getcwd(3) man page recommends using open()/fchdir() rather than
getcwd()/chdir() since fchdir() is guarantee to return to the previous
directory even if directories have been renamed in between the first
chdir and the second. It also suggests that it is faster, and saves
mallocs or allocation of arrays on the stack of size PATH_MAX.
* Use alloc_value_block() for vrrp_vip_handler().
* Fix whitespace error introduced in commit 9458c9b9.
* Reinforce that '@' conditional config character must be 1st on line.
The '@' conditional configuration character must be the very first
on a configuration, meaning that there cannot even by whitespace
before the '@' character.
* Check whether GLOB_BRACE is supported (it is not part of POSIX.2).
* When building a docker image, it appears that autoheader is required.
* Fix IPVS virtual server setup with persistence.
* Remove a merge conflict .rej file accidentally added to git.
This commit also updates the .gitconfig file to ensure that .rej
files will not be added in the future.
* config synopsis - cleanup line endings and comment alignment.
* conf examples - clean eol whitespace.
* conf examples - clean triple line breaks.
* add pair of config options used in misc_check.
* clean surprise tab character.
* many whitespace fixes; some missing docu added to synopsis.
* config docs - apply code review markups.
* Trivial updates to latest format cleaning patches.
* Allow conditional configuration to work with include statements.
* Allow '@' conditional configuration to be preceeded by whitespace.
2017-10-01 Alexandre Cassen <[email protected]>
* keepalived-1.3.7 released.
* Allow broadcast address to be specified as '-' or '+'
When configuring an ip address with a broadcast address, allow the
use of - and + (like ip(8)) to clear or set the host specfic bits of
the address, i.e.
10.6.23.254/16 broadcast + result in a broadcast address of 10.6.255.255
10.6.23.254/16 broadcast - results in a broadcast address of 10.6.0.0
* Change some code layout and macro/variable names
* Print unicast peer addresses in /tmp/keepalived.data
* Add negative conditional configuration.
A configuration line starting @main will only be included if
keepalived is started with option -i main.
This commit adds configuration option @^main, meaning that the
remainder of the configuration line will only be included if
-i main was NOT specified.
* Fix calculation of checksum for VRRPv3 IPv4 unicast peers.
Alternate unicast peers were being sent adverts with the checksum
set to 0. The reason for this was that the checksum field was not
being set to 0 before the checksum calculation, hence causing the
calculated checksum to be 0 for the second, fourth, sixth etc
unicast peer.
* Generate README from README.md.
* Only declare (and use) auth variables if compiling with authentication.
authtype_mismatch and auth_failure are only used if authentication is
enabled.
* The vrrp_t vmac flag should be a bool.
* Add include guard for vrrp_print.h.
* Log some additional vrrp variables.
* Make checksum change backwards compatible.
This commits adds the ability of keepalived to revert to using the old
checksum calculation if it sees an advert that has an old checksum. This
means that if an old and a new version of keepalived are working
together, once the new version has seen an advert from an old version,
it will drop back to using the old style checksum, and so the two
keepalived instances will work together.
There is a slight problem with this, though. If the old version starts
when a new version is master, if will report bad checksums. This should
be fine, since keepalived should discard the adverts, time out and send
an advert which would make the new keepalived revert to old checksums.
Unfortunately, keepalived does not completely ignore bad adverts, since
it resets its master down timer, even for bad adverts, and so it never
times out. However, in this scenario, there will still remain one master
and all the other keepalived instances will be in backup state, and so
VRRP functionality is preserved.
As identified in commit bcf2936 until commit 67275d2 keepalived did not
work with VRRPv3 and more than one other unicast peer, so for migration
we only need to consider two unicast peers. To upgrade, first upgrade
the keepalived instance that is in backup mode. This will see old
checksums when it starts, and so start using old checksums. The other
keepalived instance can then be upgraded and it will also see old
checksums when it starts up. In order to switch to using new checksums,
temporarily add the following line in the configuration of each vrrp
instance that is in master state:
old_unicast_checksum never
and then reload the keepalived instance by sending it SIGHUP. After the
master has restarted, restart the backup with a SIGHUP, and they will
then be using new checksums. The temporary old_unicast_checksum never
lines can now be removed from the configuration.
* Add checker bind_if keyword.
If a checker binds to a link local IPv6 address, the interface has
to be specified.
* Make DBus service name configurable.
* Make --config-id option default to hostname.
This is the equivalent of specifying --config-id `hostname -s`, and
makes it more straightforward to deploy the same configuration to
multiple hosts.
* Issue warning if more than 1 dynamic misc_checker per real server.
If different scripts return different exit statuses, the priority
of the real server will keep changing. The solution is to combine
the functionality into 1 script.
* Improve DBus error handling.
. Always clear errors to avoid leaks
. Check for errors when emitting signals
. Check for errors when registering objects
* Stop test tcp_server leaving zombie processes.
* Fix persistence_granularity handling
1. vs->addr.ss_family should never be used to check address family of
vs since there may not be an address is using fwmark.
2. If using fwmark, the address family may not be known when parsing
persistence_granularity
3. Set address family from format of persistence_granularity if not
already set
4. Ensure entire string is a number and is between 1 and 128 for IPv6
5. Ensure netmask specified for IPv4 is solid
* Ensure always check return from inet_stosockaddr when parsing config.
* Add lthreshold and uthreshold to keepalived.SYNOPSIS.
* Merge virtual server group addresses and ranges into one list.
A single address can be treated as a range with only 1 address, so
this reduces the number of lists that need to be processed when
handling a virtual server group.
A number of corrections were also made re hton/ntoh(s|l).
* Remove redundant setting of real server weight.
* Don't use vs->addr.ss_family for address family of virtual server.
A virtual server won't use vs->addr if it is defined by a fwmark or
it is uses a firtual server group. vs->af is the correct field to use.
* Make ipvs_update_stats() little/big endian aware.
* Simplify ipvs_update_stats().
Don't run a state machine to collect all the stats, simple iterate
through the entries.
* Move fetching ipvs stats into ipvs_update_vs_stats().
* Remove some #defines in ipvs_update_stats().
* Streamline setup for changing ipvs configuration.
* Fix updating resolved notify script path names with parameters.
* Add silent option to test/tcp_server.
* Document default checker connect ip/port.
* Remove duplicate setting up of file name.
* Validate HTTP_GET and SSL_GET checkers.
Unsure that urls have a path specified, and that the checkers have
at least one url specified.
* Fix memory leak if SMTP_CHECK helo_name specified.
* Fix dumping of SMTP_CHECK host list.
* Don't allocate and copy default SMTP_CHECK helo name unless needed.
* Tidy up dumping SMTP checkers.
* Remove smtp_host_t typedef.
If is passed to functions that take a conn_opts_t parameter, so
we need to explicitly use the correct type.
* Simplify handling of host{} block in SMTP_CHECK.
This also allows specifying connect_ip, connect_port as well as
unsing host blocks.
* Add DNS_CHECK RRSIG and DNSKEY query types.
* Fix documentation re MISC_CHECK.
* Detect if no misc_path specified for MISC_CHECK.
If no path was specified, keepalived was segfaulting.
* Add some more error messages to socket_bind_connect().
* Checker connections aren't always TCP.
* Report if checker bind_if is missing
If a link local IPv6 address is specified for a checker to
connect to, then a bind interface must also be specified,
otherwise the connect() call fails.
* If a real server has inhibit_on_failure, configure it at start up
If a real server had inhibit_on_failure set, but it also had an
alpha mode checker, then the real server should be installed at
startup with weight 0 to be consistent with what would happen if
the checker had been successful but then failed.
* Improve handling of virtual server groups.
If multiple virtual servers use the same virtual server group, and
the virtual servers have different protocols, or the virtual server
groups are defined using only fwmarks and the virtual servers have
different address families, then multiple versions of the entries
in the virtual server groups will need to be created as IPVS
virtual servers.
This patch handles the creation and removal of the necessary different
virtual servers for the virtual server groups.
* Add virtual server protocol types SCTP and none for SNMP.
* Handle virtual server with no protocol specified
This is valid if fwmarks are being used.
* Warn if a protocol is set on a virtual server using firewall marks.
* Don't check !LIST_ISEMPTY(vs->rs) after config is validated
In validate_check_config() any virtual server without any real
servers is removed, so there is no need to check subsequently.
* Don't allow virtual server groups without any addresses for fwmarks.
* Fix and optimise handling of promote_secondaries.
The promote_secondaries flag was being cleared by the first vrrp
instance that stopped using an interface, rather than by the last
instance.
* Fix the setting of mcast address for checksum compatibility
It was using INADDR_VRRP_GROUP rather than vrrp_mcast_group4.
2017-09-15 Alexandre Cassen <[email protected]>
* keepalived-1.3.6 released.
* Ensure locations of pid files is consistent
Issue #563 identified that the generated keepalived.service has the
wrong location for the pid file. On investigating this it was discovered
that keepalived isn't following the GNU coding standards for location of
pid files; however, we can't now move the default location of pid files.
This commit ensures that the keepalived.service file's location for pid
files is consistent with where keepalived is placing them, but also adds
a configure option --enable-gnu-std-paths, which means that keepalived
will use ${localstatedir} for the location of pid files, while the default
remains /var/run
* Stop logging that preferred_lft has been set to 0.
Some users are interpreting the message as a warning, and hence are
unnecessarily avoiding using a /128 netmask for IPv6 addresses. The
message doesn't really tell us anything useful, so remove it.
* Handle not being able to load ip_tables or ip6_tables modules.
When running in a docker container it isn't possible to load kernel
modules, so we need to cleanly handle a failure to load the modules.
* Don't segfault if unable to load ip_vs module.
In a docker container it isn't possible to load a kernel module. The
check code was detecting that it couldn't load the module, but the
checker process, when cleaning up prior to exiting, was assuming that
certain pointers had been initialised which hadn't been when an error
was detected so early in the initialisation.
This commit adds testing for uninitialised pointers during the exit
sequence.
* Fix releasing malloc'd memory for saved core pattern.
* Fix memory leak when adding iptables entries.
* Handle missing virtual server configuration.
keepalived was segfaulting if a virtual server had no real servers
configured. There were also issues of checkers running even if there
was missing essential configuration from a virtual server which meant
it could be set up. The problems were a virtual server group specified
but it didn't exist, a virtual server group with no configuration, and
a virtual server address family not match the address family of a virtual
server group.
* Don't attempt to remove ipsets if ipset handling not initialised.
* Delay initialising IPVS until affter processing configuration.
If IPVS isn't configured, there is not point in loading the ip_vs
module.
* Fix conditional compilation tests for _HAVE_LIBNL3_
* Make dynamic flag bool.
* Don't report exit status of misc_check scripts.
The result of a change in status from a misc_check script is reported
by the code anyway, so to log any non-zero exit code is superfluous and
annoying.
* Work around conflict between kernel and libipset header files.
ipset copies linux/netfilter/ipset/ip_set.h (and other) header
files, producing local copies that are installed as
libipset/linux_ip_set.h etc as part of the libipset development
package. Unfortunately although the kernel changes the include
guards when processing its source code, ipset does not, and so
the duplicated header files have different include guards.
This patch detects if the include guards don't match, and if so
if linux/netfilter/ipset/ip_set.h is included, it defines the
include guard used by libipset/linux_ip_set.h before the latter is
indirectly included.
* add Dockerfile.
* Fix detecting default script uid/gid.
* Stop segfault when keepalived can't load ip_vs module.
* Add some additional docker support files and add make target docker.
The configuration file installed by make install isn't ideal to run
keepalived with, so add a simple keepalived.conf that will be
installed into the container.
Add make target docker, to build the docker image.
Add docker/README to give some information about building and using
containers (this is mainly so that I don't forget how to the details).
* Remove a line of debugging code.
* Don't complain about keepalived_script user if not needed.
keepalived logged a warning every time if the keepalived_script user
didn't exist. We only need that warning if there is a script that uses
the default user, and an alternative defult user isn't specified.
* Fix relative script path names with embedded spaces.
The space wasn't being restored after resolving the path name.
* Fix memory leak if notify scripts specified multiple times.
* Remove some residual debugging messages.
* Fix memory leak if quorum up/down scripts specified multiple times.
* Use realpath() to canonicalize script names.
* Fix missing PARAMETER_UNSET, which caused the global value of
vrrp_higher_prio_send_advert not to be used for each VRRP instance.
* Remove unused variable introduced in commit 1c5bfa29.
* Fix using virtual server groups following commit 5ca36cb.
* Set address port to be sequence number for virtual server group.
The format_vs() function uses the virtual server address port as
the sequence number of the virtual server instance using the virtual
server group, so we need to set it up.
* Warn if real server has no checkers when alpha mode.
If a virtual server is configured with alpha mode, and a real server
has no checkers, the real server will never be able to be activated,
so generate an appropriate warning.
* Only delete virtual server once if using a virtual server group.
If multiple virtual servers are using a virtual server group, the
virtual servers are defined by the virtual server group, and so they
should only be deleted for the first virtual server using the group.
There is still an issue that the configuration of all virtual servers
using the virtual server group needs to be consistent.
* Add further checks for LVS configuration.
* Document additional scheduling algorithms for IPVS.
* Change virtual_server_t loadbalancing_kind to forwarding_method.
The variable name loadbalancing_kind didn't represent the meaning of
the parameter, so change it to forwarding_method.
* Add fo and ovf scheduling types to SNMP.
* Only check one packet scheduling if supported.
* Add lvs_method per real server.
The lvs_method should be settable for each real server within a
virtual server. This commit maintains existing default behaviour
by using the lvs_method set against the virtual server as the default
for the real servers, but adds the option to configure the lvs_method
individually for each real server.
* Fix type in printing config of scripts.
* Convert some spaces to tabs.
* logger: output timestamps to console logs.
* Optimise handling of config_id in parser.
* Fix some typos.
* prog_type variable doesn't make sense when building a DEBUG version.
The DEBUG version runs everything in a single process, and to the
prog_type variable is meaningless in this case. This commit excludes
the prog_type variable by conditional compilation when building a
DEBUG version.
* Add home, -nodad, mngtmpaddr, noprefixroute, and autojoin address flags.
* Update documentation for commit cc67476.
* Add notify FIFO.
pull requests #568 and #587 and issue #584 have all identified that if
notify scripts are run in close succession, then order if processing of
those scripts is indeterminate, and this is causing systems that are
monitoring the state of vrrp instances to have the wrong state.
There have been various suggestions about how this should be resolved,
principally along the lines that the notify scripts should be run
synchronously, i.e. a notify script should not be run until the previous
notify script completed. While this would work, it adds some overhead to
keepalived, which currently does not monitor the exit status of notify
scripts.
There is a further issue with notify scripts that if a large number of
events occur in rapid succession (e.g. due to an interface flapping), this
can cause a large number of child processes to be created very rapidly.
This commit adds an alternative method for external processes receiving
notification of events. Instead of forking a script for each event, keepalived
will write to a named pipe. An external process can then read the pipe to
receive notification of events, and process them appropriately. This is
guaranteed to deliver events in the correct order. It also has the benefit
that there isn't the overhead of forking a child process for each event.
* If can't get local host name, set default router_id to "[unknown]".
Issue #588 reported that keepalived was segfaulting when generating
an SNMP trap in strlen(global_data->router_id), which presumable is
due to global_data->router_id being NULL. As a precaution set
router_id to "[unknown]" if get_local_name() fails".
* Implement SNMP reporting smtpServerPort.
Commit 128cd24 added functionality for specifying smtp server port
and commit bcb09b8a added smtpServerPort to the keepalived MIB, but
no code was added to report the port. This commit adds that functionality.
* Don't use PATH when executing FIFO script.
The path has already been resolved as part of checking the script
security, so there is no need to search the path.
* Log error if unable to execute FIFO notify script.
* Pass FIFO name to notify_fifo_script as parameter.
* Add FIFO notify for LVS notifies.
To match the FIFO notifies for VRRP, this commit adds FIFO notifies
for LVS. There are now three FIFOs available, a global one that
will send output for VRRP and LVS, one for VRRP only and one for
LVS only.
* Fix conditional compilation for --enable-debug
Commit 7947247 attempted to sort out making keepalived work with
--enable-debug, but unfortunately it used the wrong conditional
compilation variable (DEBUG instead of _DEBUG_). This commit
corrects the conditional compilation tests.
* Include protocol in virtual and real server output.
* Stop segfaulting if no script given for a vrrp_script.
* Fix a _DEBUG_ conditional compilation test.
* Fix incorrect expression in clear_services().
* Fix use htons() instead of ntohs().
* Fix bad file descriptor error at reload with no virtual servers.
* Delete disabled inhibit servers at reload.
* Add logging to remove sorry server at reload.
* Fix bad file descriptor error at reload with no virtual servers.
* Delete disabled inhibit servers at reload.
* Fix thread_cancel() for timed out threads.
* build: add basic .travis.yml file
* README.md: rename from README.
* build: add build status tag in readme file
All that's needed now, is for user `acassen` to
go to `https://travis-ci.org/` login with the Github
account, import repos from Github, and enable build
for keepalived [a checkbox/button].
* Set sorry_server's fowarding_method.
* Further fix for thread_cancel() for child timeout threads.
Commit ade3d699 fixed removing read and write timeout threads
from the ready queue when they are cancelled. This commits adds
removing child timeout threads from the ready queue too.
* Fix warnings from ignoring seteuid/setegid return results.
* Fix dynamic linking with early versions of libnl3 without nla_get_s32.
* Updated autoconf files due to autoconf upgrade.
* Fix compiling with namespace collisions in net/if.h and linux.if.h.
* Update travis configuration.
This commit includes the installation of development library
packages, updated kernel header files, using trusty for the builds,
and adding more build options.
* Reinstate distributing (renamed) README.md file.
* More updates for updated automake/autoconf.
* Fix new warnings produced by gcc 7.
* Migrate failed checkers at reload (provisional implementation).
* Implement comparison of checkers.
genhash: libraries to link with should be put in LDADD, not LDFLAGS.
* configure.ac: fixed build on older systems, namely CentOS 6.
Provide AS_VAR_COPY if missing and downgrade autoconf dep to 2.63.
* Fix worng migrate of checker-id.
* Set active if new failed_checkers is empty.
* Fix typo in interface details printing.
* Enable vmacs to work when sysctl net.ipv4.conf.all.rp_filter > 0.
A number of distros now set net.ipv4.conf.all.rp_filter = 1 by default.
This means that when a vrrp instance is in the master state, it cannot
receive adverts sent by a higher priority master, and hence we end up
with 2 masters.
I tried an alternative of receiving on the base interface, but no packets
that have the same source MAC address as an interface on the system
(i.e. the vmac interface) get delivered to the socket.
For distros such as Fedora, RHEL, CentOS, ArchLinux, all.rp_filter = 1
due to systemd commit
https://github.com/systemd/systemd/commit/1836bf9e1d70240c8079e4db4312309f4f1f91fd
The reason given for the commit is to work around a boot-time race condition
where interfaces created before default.rp_filter is set do not get the
updated default.rp_filter setting, and so the all.rp_filter setting is used
to override the individual interface settings. This doesn't seem the right
solution to the problem, since it prevents any interface running with
rp_filter = 0, and that is what we need for vmacs. I have filed an issue
report for systemd at https://github.com/systemd/systemd/issues/6282, but
in the mean time we need to work around the issue. Ubuntu sets all.rp_filter=1
in /etc/sysctl.d/10-network-security.conf provided by the procps package.
Debian doesn't set all.rp_filter.
The only solution I have found, and I am not entirely happy with this since
it has effects beyond keepalived and affects the system as a whole, is to set
all.rp_filter = 0. In order to seek not to change the operation of the system,
if default.rp_filter < all.rp_filter, default.rp_filter is set to all.rp_filter,
thereby ensuring that any new interfaces created will take the original value
of all.rp_filter. It then iterates through all existing interfaces, and
{interface}.rp_filter is set to the value of all.rp_filter if
{interface}.rp_filter < all.rp_filter. all.rp_filter is then set to 0.
This means that all interfaces should behave in the same way as before, since
the behaviour of rp_filter is defined by the maximum of
{interface,all}.rp_filter, but we are not able to operate the vmac interfaces
with rp_filter = 0. When keepalived exists, it restores the original settings
of rp_filter if they are the same as what we set them to.
* Only restore rp_filter on interfaces if same as we set them to.
If rp_filter has been altered since we set it, then do not restore
it to the original value.
* Update files for build fix commits.
Commits 2cccc97 and a932cf2 provided fixes for building on CentOS6.
This commit updates genhash/Makefile.in in line with
genhash/Makefile.am and adds a comment to autoconf.ac regarding
when autoconf introduced support of AS_VAR_COPY.
* Fix build error at when _HAVE_IPV4_DEVCONF_ was undefined.
* Remove unnecessary parameter compare.
* Resolve compiler warning introduced by commit 8361b11.
* Remove debugging log messages added in commits 99fe626 and 6ec26e0.
* Fix compiler warning and remove unwanted log messages.
* Make a couple of checker variables non global.
* Correct comparison for checker compare in migrate_failed_checkers.
Commit 2ff6b3f changed the sense of the comparisons of checkers,
but didn't make the corresponding change to checking the result.
* Fix keepalived.doc(5) man page.
* Add virtualhost config for real servers.
Different real servers may want different virtualhost config
settings. The real server virtualhost setting overrides the
virtual server virtualhost setting.
* Allow virtualhost to be specified per checker and per url.
* Fix compiling with SNMP enabled.
* Fix compiler warnings when use configure --enable-conversion-checks.
* Fix an unintentional case fall-through.
gcc 7 identified two case statement fall-throughs. One was intentional,
but the other was a bug. The latter is now fixed, a comment is added
for the former so the warning isn't generated.
* Fix commit cc67476 to allow flags for static and virtual ip addresses.
* Fix handling of more recent ip address flags.
Recent ip address flags have exceeded 8 bits, and so the IFA_FLAGS
attribute needs to be used, rather than the ifa_flags field.
* Fix typo in help.
2017-03-19 Alexandre Cassen <[email protected]>
* keepalived-1.3.5 released.
* Ensure nopreempt is not set if address owner.
* Remove hardcoded paths from init files.
* Add configure option to override system init type.
* Fix some configure tests for init type.
* Add support for ip rules uidrange option.
This option was added in Linux 4.10.
* Resolve compiler warning on 32 bit systems.
There were two warnings in lib/timer.c for signed vs. unsigned
comparisons on 32 bit systems.
* Add missing documentation for ip rule uidrange.
* Include snapcraft.yaml tar file.
* Remove extraneous EXTRA_DIST directory.
* Add library requirements for ArchLinux.
* Allow tracking and misc_check scripts time to terminate after
timeout. If a script exceeds the timeout, it is sent a SIGTERM,
and then if it still doesn't terminate, it is sent a SIGKILL.
The problem was that the script was only allowed 2 microseconds
to terminate, whereas it should have been 2 seconds.
* Fix script paths when converted to absolute path names.
If a tracking or misc_check script is not specified by a fully
qualified path name, but rather it is resolved via PATH, the updated
patch name wasn't being saved for tracking or misc_check scripts.
* Remove yet more hardcoded paths.
* Make git ignore keepalived.service file.
* Streamline signal handling initialisation.
* Report track script name if it times out.
keepalived was simply reporting that pid nnnn had timed out, which
didn't give any indication of what script it was that had timed out.
This patch now means that the script name will be logged rather than
the pid.
* Fix conditional configuration for config read via alloc_value_block().
The code for handling conditional configuration was in the wrong function.
This commit move it to read_line() so all configuration is read in the
context of @system_id conditional lines.
* Fix compiling with --disable-vrrp.
When building without vrrp, the checker process still needs to
know about IP address creationg and deletion in order to allow the
ha_suspend configuration option to work.
* The checker process never needs to monitor interfaces.
* Move vrrp_ipvs_needed() to vrrp_daemon.c.
* Remove some unnecessary includes of check_data.h.
* Make ha_suspend work when building without vrrp.
Support of ha_suspend was only enabled when keepalived was built
with vrrp support. There may be other processes that are adding and
deleting ip addresses, so support of ha_suspend should be enabled when
building without vrrp support.
Also, the vrrp process doesn't need to call the update_checker_activity()
function when addresses are added or deleted.
* Don't use netlink address monitoring if not using ha_suspend.
* Make --release-vips (-X) option work.
'X' was not included in the optstring for getopt_long(), and so
--release-vips option was not recognised.
Further, only enable VRRP and checker specific options if compiled
with that functionality.
* Only report added/deleted addresses if relevant to keepalived.
Logs could get full of messages reporting address addition/deletion
that were of no relevance to keepalived. By default, keepalived will
now only report address additions/deletions with the -D option if
the address is relevant to keepalived.
The -a option is added to log all address additions/deletions.
* Remove all #ifdef _WITH_LVS_ from checker code.
If building the checker code, _WITH_LVS_ is always defined (_WITH_LVS_
means build the checker code), so there is no point testing if it is
defined in any of the checker code.
* Only include vrrp header files when building with vrrp and also for
check. Make sure vrrp header files are only included if building with
vrrp (i.e. without --disable-vrrp), and likewise only include check
header files if compiling with LVS support (i.e. without --disable-lvs).
* Add test/tcp_server.c for testing TCP_CHECK.
* Make -a option work without ha_suspend.
* Fix integer types. The correct, standard integer types are uint8_t and
uint16_t, not u_int8_t nor u_int16_t (the latter being kernel types).
glibc and uClibc may define the kernel-compatible types, but musl (which
is standards-compliant) does not.
* Fix warning when compiling without libnl.
* Add including <stdint.h> where those types are used.
* Add option to not use dlopen() for libipset, but link at link time.
* Remove superfluous (duplicated) block of code.
* Add option for dynamic (run-time) linking to libip[46]tc.
* Fix dynamic linking of libiptc without ipsets.
* Check iptables/ip6tables commands available before using them.
* Fix some conversion check compiler warnings.
* Make configure option --disable-routes do something.
* Don't link to libdl if not needed.
* Fix compilation with --disable-vrrp.
* Don't link to libraries not required by configuration.
* Remove all authentication code if --disable-vrrp-auth specified.
* Remove FALLBACK_LIBNL1 and use existing _HAVE_LIBNL1_ instead.
There was no point in a separate FALLBACK_LIBNL1 since it and
_HAVE_LIBNL1_ always had the same value.
* Add udp functionality to tcp_server test program.
* Fix check_conditional_tests script.
* Add option for dynamic (run-time) linking to libxtables.
* First stage of run-time linking to libnl-3.
* Dynamic/static linking options of libnl/libnl-3, libip[46]tc and
libipset. libnl/libnl-3, libip[46]tc and libipset can all be dynamically
linked at run-time, and if they are not available, keepalvied will use
the alternative code which is used when the libraries cannot be linked
a build time.
This means that a single executable keepalived can be created that will
use the libraries if they are installed on the target system, but will
fall back to the alternatives if the libraries are not available.
This is useful for build environments such as Buildroot which will not
force optional dependencies (see pull request #540), since now keepalived
can be built so as not to force the optional dependencies, but to make
use of them if they are installed.
* Fix building without libnl/libnl-3.
* Don't allow adver_int to be rounded down to 0.
* Fix creation of iptables entries on more recent kernels.
On a 4.9.13 kernel iptables entries were being created with
return-nomatch ! update-counters ! update-subcounters, as shown by
the iptables command.
Although it is not understood why these options are being added, it
transpires that the problem occurs when using version one of the
xt_info_set_match, but doesn't occur when using version 4 of the
structure.
This patch ensures that the latest version of the structure that is
supported by the kernel is always used.
* Fix updating /proc/sys/kernel/core_pattern.
Reset file offset to beginning of file between reading the file and
writing new contents.
* Fix printing of smtp_server port.
* Handle failure if fail dynamically to get address of a libipset function.
* Be defensive in case fail to get addres of a libipset function dynamically.
* Fix evaluation of library names for run-time linking.
* Show failed ipset dl function.
* Provide explicit DL error messages and fix autobuilt snap version.
* Fix formatting of email message for CHECK_SMTP failures.
The format string passed to smtp_final() can contain format specifiers
so a further pass through printf is required.
* Add printf format attribute to vlog_message().
* Add higher_prio_send_advert vrrp config option.
There is a problem if two vrrp instances, due to becoming isolated,
both become master, since they will both have sent GARP messages.
Setting higher_prio_send_advert and garp_lower_priority_repeat means
that if a master receives a higher priority advert, it will send its
own lower priority advert before it transitions to backup. The higher
priority master, on receiving a lower priority advert, will then send
GARP messages, and so the ARP caches will then be correctly updated.
Using the higher_prio_send_advert option may be considered not to
conform to the VRRP protocol (725) to (765) in state description of
RFC5798, however, since which of the two masters advertises first
after they can both see each other again is random, there is a 50%
chance that the lower priority instance will send an advert before the
higher priority instance, so to all external observers it will appear
that this is the case, or at least that the adverts overlapped.
* Fix higher_prio_send_advert in lower priority master.
* Load the ip_tables module if using iptables.
We cannot guarantee that the ip_tables modules has been loaded, so
we load it ourself if using libiptc.
* Fix (cosmetic) conditional compilation test.
* Fix building with --enable-libxtables-dynamic --disable-libiptc.
* Enable compilation with namespaces if SYS_setns is not defined.
* Fix compiling with struct xt_set_info_match_v0.
* Check to libnfnetlink.h and netlink.h with libnl v1 too.
* Workaround missing libraries from pkg-config --libs libiptc.
Old version of libiptc don't report requirements on libip4tc and
libip6tc, so check if the output from pkg-config is only -L.* -liptc
and if so add -lip4tc -lip6tc.
2017-02-18 Alexandre Cassen <[email protected]>
* keepalived-1.3.4 released.
* Fix generation of lib/git-commit.h when building a tagged commit.
* Define GIT_DATE and GIT_YEAR when generating default git-commit.h
This issue was caused by commit 5287f03 which didn't define GIT_DATE
and GIT_YEAR in all circumstances.
2017-02-14 Alexandre Cassen <[email protected]>
* keepalived-1.3.3 released.
* Fix unitialised use of misck_checker in script timeout.
* Fix detection of no netlink being installed.
* Fix conditional compilation for LIBIPVS without netlink.
* Terminate child processes if parent dies.
If the parent keepalived process is killed, the child processes will
be orphaned and can cause problem when attempting to restart
keepalived. This patch makes use of prctl with PR_SET_PDEATHSIG such
that all child processes will receive SIGTERM if the parent process
dies.
* Ensure syslog and mem_check_log open before using them.
A segfault was occuring when --enable-mem-check-log option was
selected, due to attempting to write to the log file before it had
been opened. It was also evident that there could be attempts to
write to syslog before that had been opened too.
* Fix building on Centos 7/RHEL 7 re lightweight tunnel encapsulation.
RedHat have partially backported lightweight tunnel encapsulation
into their kernel, but not included MPLS or ILA. We need to have
conditional compilation for LWTUNNEL_ENCAP_MPLS and LWTUNNEL_ENCAP_ILA
rather than just checking for RTA_ENCAP.
* Update documentation for tracking scripts weight 0.
weight default is 0, which means tat a failure implies a FAULT state.
* Reinstate code checking module ip_vs loaded.
Commit d900df2 removed a bit to much code that looked as though it
wasn't doing anything, with the result that the check of whether the
ip_vs module was loaded didn't occur.
This commit reinstates the code for checking, and if necessary loading,
the ip_vs module, but also sanitises the code slightly.
* Fix some more compiler warnings.
* Fix a typo in a help message in configure.ac.
* sorry_server: keep sorry_server on reload.
* sorry_server: set it up on start or reload if quorum is down.
on start: in alpha mode.
on reload: if changed, or no previous sorry_server.
* Added doc for priority 4th parameter to notify script.
* ipwrapper.c: make functions void if return value not used or constant.
Several functions in check/ipwrapper.c were always returnung the same
value, and the code calling the functions then checked and returned an
error if the return value was not the value always returned. Also, for
some functions returning a value the return value was never checked in
the calling function.
Making the functions void, and removing the if (...) makes the code easier
to read, and potentially slightly more efficient.
* Add snapcraft.yaml for CI build publication.
* Fix missing documentation for 4th parameter of notify action.
* Make builds reproducable, and copyright date reflect latest commit.
Pull request #503 provided an update to facilitate reproducable builds,
and also ensure that the copyright date doesn't postdate the last source
code modification. Unfortunately the commits required manual updates to
change the copyright year, thereby creating maintainability issues. The
commit also allowed fake build dates to be specified.
This commit takes an alternative approach, and takes the dates used for
the copyright message and the version date from the date of the last git
commit.
If the code is build from within a git tree, this is straightforward. On
the other hand, the code may be build from tarball, so we ensure that
the lib/git-commit.h file is updated when the tarball is built, and
included in the tarball.
* Add option to force building without libnl/libnl-3.
This option is really only for test purposes to build keepalived
without libnl even though libnl is installed.