LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

[lvs-users] [ANNOUNCE] Keepalived v1.2.17

To: keepalived-devel <keepalived-devel@xxxxxxxxxxxxxxxxxxxxx>, keepalived-announce@xxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] [ANNOUNCE] Keepalived v1.2.17
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: Alexandre Cassen <acassen@xxxxxxxxx>
Date: Sun, 31 May 2015 17:08:20 +0200
Hi folks,

this quick email to announce new release, including a lot of extensions. 
Please, check github commits for credits.

ChangeLog for the release look like :

2015-05-31 Alexandre Cassen  <acassen@xxxxxxxxxxxx>
        * keepalived-1.2.17 released.
        * zalloc use xalloc for consistency.
        * memory: fix wrong size calculation in zfree.
        * Fix keepalived snmp configuration.
        * Change comments to match kernel style.
        * smtp: Fix wrong algorithm in RCPT-TO building.
        * vrrp: ICMPv6 : modify the way we copy the src address into the IPv6
          header, in order to not overwrite the header' and the 'hop limit' 
fields
        * vrrp: sync status flag (up/down) for _all_ VMAC interfaces.
          When using VMAC and running multiple instances on the same interface,
          only one of the VMAC interfaces will get its status flag synched.
          This commit will update the status flag for _all_ VMAC interfaces 
attached
          to a base interface.
        * ipvs: fix segfault crash when parsing SMTP_CHECK config
        * ipvs: SMTP_CHECK now respects configured RS port. Before that it 
always
          used the default port 25.
        * ipvs: config parser: handler for the end of block. new function
          install_sublevel_end_handler(handler).
        * ipvs: new log function vlog_message taking varg_list. log_message now
          uses format gcc attribute, not the macro wrapper.
        * ipvs: bug: check_smtp was logging "#30" instead of RS address do not 
do
          nested va_start/va_end calls in smtp_final.
        * ipvs: clarify snmp_check config syntax. Now host{} section is 
optional,
          and all the standard connection options are available in the 
SNMP_CHECK{}
          level, too. If one or many host section persist, those base-level 
options
          are used to specify default values that can be overriden in a host 
section.
        * vrrp: Use literal constants for bit flags Use literal constants for 
bit
          flags of the "debug" global variable Change from using numeric 
constants
          to literal constants for the bit flags of the "debug" global variable.
        * vrrp: Backup obtains VIP resulting in a duplicate IP. VRRP backup 
obtains
          VIP resulting in a duplicate IP situation. When a priority change to 
the
          configuration of a Master router drops its priority to below that of a
          backup router, the VIP is not released on the Master router leading to
          a duplicate IP situation.
        * vrrp: Make preempt_delay work more than once.
        * vrrp: Changes needed to support AH auth in VMAC mode. Note according 
to
          the RFC this is not a requirement, but we think that our customers 
will
          expect it to work. The RFC actually discourages its use because it 
adds
          little to no additional security.  We are still able to interoperate 
in
          RFC mode by not enabling authentication.
        * vrrp: Check VRRP header in the IP auth header is correct. In the 
middle
          of vrrp_in_chk, the existing VRRP packet parsing code does
          "return vrrp_in_chk_ipsecah(vrrp, buffer);" if the VRRP version is 
two,
          and the authentication type is IP sec authentication, to check whether
          or not the IP sec authentication header is valid.  However the 
"instant"
          returns means that is the IP sec authentication header is valid, then
          the remaining parts of the VRRP packet (VRRP version, VRRP checksum,
          VRID, number of VIPs, advertise-interval) are not parsed or validated.
        * vrrp: Add support for SNMP trap: vrrpTrapNewMaster.
        * vrrp: Add skeleton code for VRRP-MIB.
        * vrrp: Check existing VIF and recreate if VMACs are wrong. Although 
under
          normal circumstances we will cleanup VIF interfaces when shutdown, 
there
          are various scenarios were this is not the case. To make the code more
          robust, keepalived now performs a check for matching VIF interfaces at
          restart, and if the configuration of the VIF matches the current
          keepalived configuration it will reuse the VIF. However, should the
          configuration be different, keepalived will remove the existing
          interface, and then recreate a new VIF interface with the appropriate
          configuration. This fix resolves the continuous crash scenario that 
can
          occur when keepalived fails to configure the VIF because one already
          exists. It prevents keepalived from reusing a previous VIF interface
          which does not completely match it configuration criteria.`
        * vrrp: fix snmp code (cosmetic)
        * vrrp: Fix the keepalived mib and agentx warnings. During Keepalived
          startup, about twenty "duplicate registration" and a couple of "Failed
          to connect to the agentx master agent" warning messages were issued.
          Pairs of the "Failed to connect" warning messages were logged every 
two
          minutes. The "duplicate registration" warnings happened because VRRP
          called snmp_agent_init twice, once for the keepalived-vrrp MIB, and 
once
          for the rfc2787-vrrp MIB, however each call to snmp_agent_init also
          tried to register the keepalived-global MIB (which holds data like
          Keepalived version number, SMTP server details, and a "from" email
          address).  It was the second attempt to register this 
keepalived-global
          MIB that generated the "duplicate registration" warning. The 
registration
          of the keepalived-global MIB is now only done once under the control 
of
          a static variable.   init_agent is also called just once under the 
control
          of the same static variable to prevent it logging a warning message. 
The
          "Failed to connect" warnings occur because Keepalived does not know 
how
          to connect to the SNMP AgentX master server.  By default the Agent X
          master server is listening for MIB registrations on a local TCP socket
          with a port number of 705.
        * vrrp: Fix VRRP preemption taking too long. VRRP preemption may not 
work
          correctly due to group expiry timers being incorrectly manipulated 
while
          running down the MDT. Also, preemption can be disrupted if the VRRP 
group
          receives an advertisement while running down it's timer.
        * vrrp: Initial Implementation of VRRP statistics.
          . Add VRRP counters, This is needed by the VRRP-MIB, and will provide
            better insight into the operation of VRRP for users.
          . Add SIGUSR1 and SIGUSR2 handlers
            - SIGUSR1 allows users to dump current state of VRRP instacnes to
              /tmp/keepalived.data
            - SIGUSR2 allows users to dump VRRP counters to 
/tmp/keepalived.stats
        * vrrp: Copy old VRRP stats on reload.
        * vrrp: Seperate printing functions from vrrp_daemon.c. Seperate state
          printing code from vrrp_daemon.c so that the code is better organized.
        * vrrp: Track master router priority in VRRP.
        * vrrp: Added 'Master priority' output to show vrrp detail.
        * vrrp: Enhance keepalived vrrp to configure mltp-scripts. Currently,
          keepalived vrrp only allows to configure single notification script.
          This is a limitation ans should be extended so that keepalived vrrp 
can
          notify multiple scripts about vrrp state changes.
        * vrrp: Don't display ipsec ah password in log files. When 
authentication
          type is selected as ipsec ah, password should not be displayed in the
          log files.
        * vrrp: Fix notify upon reload. When a notify script is configured after
          Keepalived has been started, if other notify scripts are already
          configured, these scripts get reinvoked even if the state has not
          changed. This occurs when in backup state. When in master state, no
          notifications are sent out at all if a new notify script is 
configured.
          For the backup case, this problem occurs when the daemon is reloaded.
          This causes vrrp to leave the state it's currently in, go to the init
          state and from there, go back to backup. However, this transition
          causes the notify scripts to be invoked, causing a redundant
          notification to be sent. For the master case, there is no call to
          notify_instance_exec(), hence why no notifications are seen at all.
          The solution is to add a new field to the vrrp struct that stores the
          notify scripts that were configured before reload. A new function has
          been added to take advantage of this new field. Instead of calling
          notify_instance_exec() when we are in the init state, we now call
          notify_instance_exec_init(). This is a proxy function that modifies
          the 'script' member of a vrrp structure to point to a new list
          containing only scripts that have not previously been configured,
          thereby preventing the sending of notifications that have already been
          sent. This new list is created by utilising the new vrrp struct field.
          Inside this new function, notify_instance_exec() is called using the
          modified VRRP instance. When this call returns, the member is reset
          back to its original value.
        * vrrp: Keepalived extension to support VRRP version 3. Updated 
vrrp_header
          and _vrrp_t struct to support version 3 params. Support to build 
vrrp_v3
          packet.
        * vrrp: Keepalived extension to support VRRP version 3 (2).
        * vrrp: Keepalived extension to support VRRP version 3 (3). Timer 
changes
          to support centi-sec.
        * vrrp: Keepalived extension to support accept mode for v3.
        * vrrp: Fix up limitations of keepalived VRRPv3. The current Keepalived 
is
          supporting IPv6 but it is not fully functional and it is not as per
          RFC5798.  Following are the issues identified and changes done:
            - IPv6 address population.
            - Correction of Checksum in case of IPv6.
            - Getting source address from received advertisements.
            - Populating source address in sent VRRP advertisements.
        * vrrp: Improve display output for VRRPv3.
            - Changed data-type of mcast_saddr to sockaddr_storage to support 
IPv6
              also.
            - Added new parameters version, accept, weight updated advertisement
              interval for operational command show output.
        * vrrp: MIB enhancements for accept-mode.
        * vrrp: Fix mismatched advertisement interval. In VRRP version 3, all
          BACKUP routers must set their advertisement intervals to match the 
current
          MASTER's. Although not explicitly stated in RCF5798, when the MASTER 
falls
          over or forfeits its MASTER status, the new MASTER should not 
continue to
          use the old MASTER's advertisement interval value and should instead 
use
          its locally configured value. To achieve this, a new field has been 
added
          to the VRRP structure that stores the most recent advertisement 
interval
          of the current MASTER. We track changes to the current MASTER's 
interval
          and update this new variable accordingly. The value is only updated 
when
          we are in BACKUP state and reconfiguring the local advertisement 
interval
          has no effect on it.
        * vrrp: snmp: don't hardcode AgentX socket location. The default 
location
          should be `/var/agentx/master` (as per RFC2741 and this is also the
          default for NetSNMP, including on Debian-based distributions). This
          default location is set at configure-time for NetSNMP and subagent 
will
          use it automatically (it is also available through 
`net-snmp-config.h`).
          A useful feature would be to have a flag to change that if the user
          change this settings in the master agent. This commit just reverts 
this
          change to let SNMP subsystem work as expected for most users.
        * vrrp: snmp: restore use of net-snmp-config to build SNMP support. With
          a lazy linker, `libnetsnmpmibs` may require some additional libraries
          to be linked (like `libsensors`). Therefore, only rely on
          `net-snmp-config` to get the appropriate flags.
          Also add some additional tests:
            - check that we can build a simple executable (NetSNMP can be quite
              broken and in this case, the error during compilation is not 
crystal
              clear, checking that in configure is more informative)
            - check if we subagent support is compiled in (This is optional and
              again, the error is not crystal clear during compilation).
            - check that net-snmp/agent/util_funcs.h is present (Due to a flaw 
in
              NetSNMP build process, this header was not installed for quite a 
long
              time, notably on RHEL derivatives; code to handle its absence was
              already present in Keepalived).
        * vrrp: snmp: don't enable SNMP support automatically.
          Most users won't use it and it would fail if NetSNMP is not installed,
          unless a user add `--disable-snmp` to configure command line.
        * build: move custom include directives (`-I`) first. Some libraries,
          notably NetSNMP, may pollute CFLAGS by adding stuff like
          `-I/usr/lib/x86_64-linux-gnu/perl/5.20/CORE` in CFLAGS. Instead of
          trying to not use CFLAGS from NetSNMP at all (some of those bits are
          important as they influence some NetSNMP headers), we ensure that the
          bogus include flags are after our own include flags.
        * global: Set global data default values after parsing config file.
          This patch will defer setting the global data default values until
          after the config file has been parsed. This will potentially avoid two
          calls to getaddrinfo. For example, if the router_id and/or email_from
          parameters are set in the config file, there is no need to call
          getaddrinfo twice in order to set a default value. Instead, this patch
          will check to see if they values are unset after parsing the config
          file. Note that email_from and smtp_connection_to are only set to a
          default value if they are unitialized and smtp_server is specified.
        * doc: add -x/--snmp flag to keepalived manual page.
        * snmp: add -A/--snmp-agent-socket to specify AgentX socket.


Cheers,
Alexandre
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>
  • [lvs-users] [ANNOUNCE] Keepalived v1.2.17, Alexandre Cassen <=