[PATCHES] CTDB: improved IPv6 support

Martin Schwenke martin at meltin.net
Wed Dec 3 23:42:51 MST 2014

The attached patch series fixes most problems with IPv6 in CTDB.

The most notable things are:

* For machine-readable output from the "ctdb" CLI tool, effectively
  replace "ctdb -Y ..." with "ctdb -X ..." which uses '|' as the field
  delimiter.  For those that don't want '|', they can use
  "ctdb -x<char> ...".

  "ctdb -Y ..." is still supported but all documentation and scripts
  now use "ctdb -X".

  Mathieu, you're CC:ed because this includes a minor change to the
  nagios script, which I think is correct but it isn't yet tested. :-)

* When the CTDB daemon loads the nodes file it stores a string
  representation of each node's IP address.  This representation is now
  first converted to canonical form so that IPv6 addresses will
  compare more reliably.

* Some functionality has moved from the daemon to the 10.interfaces
  eventscript and it now works with IPv6 addresses.

  For the past couple of years the release IP code in the daemon has
  depended on being able to determine which interface an IP address is
  on, rather than trusting vnn->interface.  This was done to more
  reliably be able to remove rogue IP addresses (present due to
  either race conditions or addresses that have been moved by hand).
  This is not as easy for IPv6 addresses since the SIOCGIFCONF ioctl
  does not support IPv6.

  Therefore, this code has been removed and vnn->interface is now
  passed to the "releaseip" event, even when it is NULL (in which case
  "__none__" is passed).  In all cases the eventscript now uses some "ip
  addr show to ..." magic to determine the actual interface and netmask
  for an IP address being released.  If either of these differ from
  what was passed then a warning is logged, and the actual interface
  and netmask are used to delete the IP address.

  I don't think we lost any functionality.  The main part of this is in
  these patches:

    32c2eab ctdb-scripts: Make 10.interface IPv6-safe
    837f36a ctdb-daemon: Trust vnn->interface for an IP when releasing it

* Gratuitous ARP equivalent for IPv6 has been changed to use neighbor
  advertisements.  This seems to work reliably.

* Due to duplicate address detection in IPv6, the IP address addition
  code will try to wait until IPv6 addresses are no longer
  "tentative".  If this times out or "dadfail" occurs then the IP
  address is removed and the operation fails.  Note that this could
  cause an outage (all nodes unhealthy, one at a time) if a rogue node
  refuses to release IPs or if CTDB just dies.  It isn't possible to
  easily work around this, so it is a design limitation and may need to
  be looked at again in the future.

This has been tested on a virtual cluster with IPv6 addresses only, on
both public and private networks.

Please review and push if OK.

These patches are in my ctdb-ipv6 branch:


Still to do:

* Update policy routing to work with IPv6.  There's some code in there
  that only works for IPv4.

* Other features like LVS.

peace & happiness,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ctdb.patches
Type: application/octet-stream
Size: 99421 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20141204/bdc5661c/attachment.obj>

More information about the samba-technical mailing list