From f638ffbd5d4292c5fe1fbf4aef69f4f841b20b2809e606c8c49a0b519f735836 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Sun, 20 Jan 2019 09:14:28 +0000 Subject: [PATCH] Accepting request 667074 from home:darix:branches:network - fix build on 42.3/sle12 by disabling http regexp check support - add nftables to the BR - cleanup BR support for sle11, moved almost all BR to pkgconfig style - disable dbus instance creation support as it is marked as dangerous - update to 2.0.11 OBS-URL: https://build.opensuse.org/request/show/667074 OBS-URL: https://build.opensuse.org/package/show/network/keepalived?expand=0&rev=50 --- keepalived-2.0.10.tar.gz | 3 - keepalived-2.0.11.tar.gz | 3 + keepalived.changes | 179 +++++++++++++++++++++++++++++++++++++++ keepalived.spec | 51 +++++------ 4 files changed, 209 insertions(+), 27 deletions(-) delete mode 100644 keepalived-2.0.10.tar.gz create mode 100644 keepalived-2.0.11.tar.gz diff --git a/keepalived-2.0.10.tar.gz b/keepalived-2.0.10.tar.gz deleted file mode 100644 index f1468c7..0000000 --- a/keepalived-2.0.10.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:40e0e55afed9ca313d621a9c5878579696fafb5504dab521aadaf20ba6e7f597 -size 927631 diff --git a/keepalived-2.0.11.tar.gz b/keepalived-2.0.11.tar.gz new file mode 100644 index 0000000..ea70e53 --- /dev/null +++ b/keepalived-2.0.11.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a298b0c02a20959cfc365b62c14f45abd50d5e0595b2869f5bce10ec2392fa48 +size 961182 diff --git a/keepalived.changes b/keepalived.changes index a18b7d6..93ea3c8 100644 --- a/keepalived.changes +++ b/keepalived.changes @@ -1,3 +1,182 @@ +------------------------------------------------------------------- +Sat Jan 19 02:22:09 UTC 2019 - Marcus Rueckert + +- fix build on 42.3/sle12 by disabling http regexp check support +- add nftables to the BR +- cleanup BR support for sle11, moved almost all BR to pkgconfig + style +- disable dbus instance creation support as it is marked as + dangerous + +------------------------------------------------------------------- +Fri Jan 18 15:39:47 UTC 2019 - Marcus Rueckert + +- update to 2.0.11 + - Fix segfault while shutting down when SNMP activity occurs. + Issue #1061 identified that keepalived could segfault when it + shut down. It appears that this was caused by data being + received on the file descriptors that the snmp agent requests + keepalived to monitor with epoll(). Since the read threads + weren't being processed during a shutdown, the first time an + snmp fd was ready, keepalived discarded the read thread. The + second time that fd became ready there was no thread to handle + the fd, and, since the assert() statement was not compiled in, + non existant data was queued to the thread ready queue. This + commit changes the assert() calls to continue, so that non + existant data is no longer queued to the thread ready queue. + - While shutting down, continue to handle snmp agent fds. Since + we don't shutdown the snmp connection until the very end of the + shutdown process (we need to be able to send snmp traps), we + should continue to handle the snmp fds on behalf of the snmp + agent while shutting down. + - Ensure snmp agent is in correct state when initialising/closing + Make sure the snmp agent is not already initialised before + initialising it, and make sure it has been initialised before + closing it. + - Disable asserts in bfd code by default and add --enable-asserts + Asserts were enabled by default in the bfd code, which + shouldn't be the case. Add --enable-asserts configure option + so that the asserts tests can be enabled while debugging. + - Remove debugging log message accidently left in. + - Update receive buffers when interface is created. The receive + buffer size used by keepalived is based on the largest MTU of + any interface that keepalived uses. If dynamic interfaces are + being used and an interface is created after keepalived has + started, the MTU of the new interface may be larger than the + previous largest, so the receive buffer may need to be + increased in size. Further, if vrrp_rx_bufs_policy is MTU, + then the kernel receive buffers on the receive socket may need + to be increased. + - Handle MTU sizes being changed. Issue #1068 identified that + the MTU size wasn't being updated in keepalived if it changed. + This commit now updates the MTU size and adjusts receive buffer + sizes accordingly. + - Fix syntax error in configure.ac. + - Fix double free when global data smtp_helo_name copied from + local_name Issue #1071 identified a double free fault. It + occurred when smtp_helo_name was not set, in which case it was + set to point to the same malloc'd memory as local_name. At + termination keepalived freed both local_name and + smtp_helo_name. If keepalived needs to use local_name for + smtp_helo_name it now malloc's additional memory to copy the + string into. + - Rename TIMER_MAX to TIMER_MAXIMUM. ulibC defines TIMER_MAX, so + to avoid naming conflict rename it. This issue was reported by + Paul Gildea who also provided the patch. + - Fix segfault when smtp alerts configured. + - First working version of nftables. + - Restructed code around how iptables/nftables are called This + commit also allows building keepalived without iptables + support, thereby allowing only nftables support. Adding any + other mechanism to handle no_accept mode, i.e. blocking + receiving and sending to/from VIPs should be added to + vrrp_firewall.c, in a similar way to how nftables/iptables are + used. + - Update doc files re nftables. + - Make nftables handle dont_track_primary appropriately. + - Fix config reload with nftables. + - Set base chain priorities from configuration. + - Use iptables by default if neither iptables or nftables + configured. But if the build of keepalived does not include + iptables, then use nftables default. + - Stop dumping keywords - left turned on after debugging. + - Make umask configuration apply to created file. + - Add libmnl and libnftnl to travis file. + - Fix compilation failure when NFTNL_EXPR_LOOKUP_FLAGS not + defined. + - Fix compilation failure when build with nftables but without + iptables. + - Fix order of include files in configure COLLISION test. Since + Linux 4.4.11 (commit 1575c09) including linux/if.h after + net/if.h works, whereas until glibc fix their headers including + net/if.h after linux/if.h causes compiler redefinition errors. + Unfortunately the test for the collision was done the wrong way + round, as identified in issue #1079. The patch included in the + issue report corrects the order of inclusion of the header + files. What we should do is ensure that glibc header files are + included before Linux header files, so that at least if kernel + headers from 4.4.11 onwards are used, the conflict will not + occur. + - Set CLOEXEC on netlink sockets. + - Correct error message for invalid route metric. + - Add track_process for vrrp to monitor if another process is + running. Configurations frequently include a track_script to + check that a process is running, often haproxy or nginx. Using + any of pgrep, pkill, killall, pidof, etc, has an overhead of + reading all /proc/[1-9]*/status and/or /proc/[1-9]*/cmdline + files. In particular reading the cmdline files has a + significant overhead on a system that is swapping, since the + cmdline files provide access to part of the address space of + each process, which may need to be fetched from the swap space. + This commit reads the /proc/[1-9]*/stat and/or the + /proc/[1-9]*/cmdline files only when keepalived starts, and + after that uses the process events connector to track process + creation and termination. keepalived will ignore zombie + processes, whereas pgrep etc include them. A minimum number of + instances of a process can be specified, and also a delay so + that if a process is restarted, it won't cause monitoring vrrp + instances to immediately transition to fault state but to wait + the configured time and it the monitored process starts again + it won't transition to fault state. There are potential + difficulties with the process event connector if a large number + of process events occur very rapidly, since there can be a + receive buffer overrun on the netlink socket. This code will + detect that happening, increase the receive buffer size, and + reread the processes from /proc. + - Add missing #include to track_process.c. + - Fix number of elements of fd_set read for snmp select info. + - Remove thread_event_t when EPOLL_CTL_DEL fails. If snmpd + closes a file descriptor, when keepalived attempts to + unregister the fd from epoll an error is returned. However, we + still need to remove the thread_event_t from the io_events + rbtree. + - Fix connection to snmpd after it has to reconnect. Issue #1080 + identified that keepalived wasn't handling a connection failure + and reconnect to snmpd properly. The problem was created when + the change from select() to epoll() was made. This commit + makes keepalived unregister and reregister the snmp file + descriptors after snmpd reconnects. + - Fix retry count for SMTP_CHECK checker. The checker was doing + one too few retries. + - Make healthchecker failure reporting consistent Some + healthcheckers were reporting all failures, and others only + when the retries expired. This commit by default makes the + checkers only report failure when the retries expire, unless + the global keyword checker_log_all_failures or log_all_failures + on the specific checker is configured. + - After reload, reinitialise current track processes state. + - Remove unused variable in track_process.c. + - Add configure checks re --with-kernel-dir. + - Convert remaining select() to epoll_wait(). keepalived was + using select() for handling the termination of child processes, + but the main scheduling loop now uses epoll_wait(), so convert + the select() to epoll_wait() from consistency. + - Stop keepalived leaving zombie child processes. keepalived + wasn't reaping the termination of its child processes, so this + commit adds waitpid() calls once it knows the processes have + terminated. + - Fix make distclean and make distcheck. + - Also skip route not configured with down interface. Otherwise, + if keepalived has virtual_routes configured, we create a + virtual interface and bring it up and down, current code will + bring VRRP state to FAULT and never return. + - Stop vrrp process entering infinite loop when track script + times out Issue #1093 identified that the vrrp process was + entering an infinite loop after a track script timed out. This + was due to a child process thread having an RB tree for PIDs as + well as for the timeout, and if a child process timed out, the + thread wasn't being removed from the PID RB tree. This commit + now ensures it is removed. + - Fix the abbreviation of Shortest Expected Delay. + - Don't free unallocated memory if not tracking processes. + - vrrp: Rewrote JSON code Remove dependency to json-c extralib by + using a simple streaming JSON writter. Refactored code to make + it simple to maintain. + - vrrp: Fix JSON handling for v{route;rule}. + - autoconf: fix nftables selection We need to inhibit nftable + compilation if compiling system has kernel header file + nf_tables.h but not libnftnl nor libmnl. + ------------------------------------------------------------------- Wed Nov 28 12:27:13 UTC 2018 - Marcus Rueckert diff --git a/keepalived.spec b/keepalived.spec index 39c675d..a8eee6e 100644 --- a/keepalived.spec +++ b/keepalived.spec @@ -1,7 +1,7 @@ # # spec file for package keepalived # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,15 +26,24 @@ %else %bcond_with systemd %endif + %if 0%{?suse_version} > 1500 %bcond_without dbus +%bcond_without keepalived_nftables %else %bcond_with dbus +%bcond_with keepalived_nftables +%endif + +%if 0%{?suse_version} >= 1500 +%bcond_without keepalived_regex +%else +%bcond_with keepalived_regex %endif %bcond_without json Name: keepalived -Version: 2.0.10 +Version: 2.0.11 Release: 0 Summary: A keepalive facility for Linux License: GPL-2.0-or-later @@ -45,38 +54,27 @@ Source2: keepalive-rpmlintrc Patch1: keepalive-init.patch # PATCH-FIX-UPSTREAM: https://github.com/acassen/keepalived/commit/947248af144bcab6376ccddab8dc40f313b14281.patch Patch2: linux-4.15.patch -BuildRequires: libnfnetlink-devel -%if %{with json} -BuildRequires: libjson-c-devel -%endif BuildRequires: net-snmp-devel -BuildRequires: openssl-devel BuildRequires: pkgconfig BuildRequires: snmp-mibs -%if 0%{?suse_version} > 1110 BuildRequires: pkgconfig(dbus-1) BuildRequires: pkgconfig(gio-2.0) +BuildRequires: pkgconfig(openssl) +%if %{with json} BuildRequires: pkgconfig(json-c) +%endif BuildRequires: pkgconfig(libipset) BuildRequires: pkgconfig(libiptc) BuildRequires: pkgconfig(libnl-3.0) +%if %{with keepalived_regex} BuildRequires: pkgconfig(libpcre2-8) +%endif +BuildRequires: pkgconfig(libnfnetlink) +%if %{with keepalived_nftables} +BuildRequires: pkgconfig(libnftables) +%endif +BuildRequires: pkgconfig(popt) BuildRequires: pkgconfig(xtables) -%else -BuildRequires: dbus-1-devel -BuildRequires: glib2-devel -BuildRequires: ipset-devel -BuildRequires: libiptc-devel -BuildRequires: libnl-devel -BuildRequires: libxtables-devel -BuildRequires: pcre2-devel -%endif -BuildRequires: libnfnetlink-devel -# BuildRequires: netsnmp-devel -BuildRequires: popt-devel -%if 0%{?suse_version} && 0%{?suse_version} <= 1110 -BuildRequires: cyrus-sasl-devel -%endif Requires(pre): pwdutils Requires(pre): %fillup_prereq %if %{with systemd} @@ -108,6 +106,7 @@ chmod 644 doc/samples/* export STRIP=true export CPPFLAGS="$(pkg-config --cflags libnfnetlink libiptc libipset xtables)" export CFLAGS="%optflags -DOPENSSL_NO_SSL_INTERN" +# --enable-dbus-create-instance \ %configure \ --disable-silent-rules \ --enable-bfd \ @@ -122,10 +121,14 @@ export CFLAGS="%optflags -DOPENSSL_NO_SSL_INTERN" --enable-snmp-rfcv3 \ %if %{with dbus} --enable-dbus \ - --enable-dbus-create-instance \ %endif + %if %{with keepalived_regex} --enable-regex \ --enable-regex-timers \ + %endif + %if %{with keepalived_nftables} + --enable-nftables \ + %endif %if %{with systemd} --with-init=systemd \ --with-systemdsystemunitdir="%{_unitdir}" \