Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- --- /usr/sbin/ldirectord 2019-05-08 16:53:17.000000000 -0400
- +++ ldirectord 2019-09-11 13:00:24.857759067 -0400
- @@ -130,10 +130,10 @@
- If defined in a virtual server section then the global value is overridden.
- -If undefined then the value of checktimeout is used. checktimeout is
- +If undefined then the value of connecttimeout is used. connecttimeout is
- also a global value that may be overridden by a per-virtual setting.
- -If both negotiatetimeout and checktimeout are unset, the default is used.
- +If both negotiatetimeout and connecttimeout are unset, the default is used.
- Default: 30 seconds
- @@ -214,9 +214,6 @@
- real servers for a virtual service are down or when the first real server
- comes up again. In the first case, it is called with "start" as its first
- argument, in the latter with "stop".
- -Additional parameters are vserver with vport (vserver:vport) as second param
- -and protocol (tcp/udp) as third param to identify the virtual service
- -within the fallback script.
- If defined in a virtual server section then the global value is overridden.
- @@ -341,12 +338,6 @@
- Default: I<yes>
- -B<readdquiescent = >B<yes> | B<no>
- -
- -If I<yes>, then when real or failback servers are determined
- -to be down, they are readded to the kernel's LVS table with weight 0 if
- -they do not exist in the table. Setting the value to no, allows manually
- -removing the realserver to manually disable all persistent connections.
- B<cleanstop = >B<yes> | B<no>
- @@ -576,8 +567,6 @@
- For a DNS check this should be any one the A record's addresses or
- any one of the PTR record's names.
- -In case of dynamic DNS answers (different answers on the same question)
- -a regex to match multiple addresses or PTR record names could also defined.
- For a MySQL check, the receive setting is not used.
- @@ -602,7 +591,7 @@
- For FTP, IMAP, LDAP, MySQL, Oracle, POP and PostgreSQL, the username
- used to log in.
- -For Radius the username is used for the attribute User-Name.
- +For Radius the passwd is used for the attribute User-Name.
- For SIP, the username is used as both the to and from address for an
- OPTIONS query.
- @@ -705,13 +694,6 @@
- Default: no separate logging of service checks.
- -B<ops = >B<yes> | B<no>
- -
- -Specify that a virtual service uses one-packet scheduling. This option
- -can be used only for UDP services. If this option is specified, all connections
- -are created only to schedule one packet. Option is useful to schedule
- -UDP packets from same client port to different real servers.
- -
- =head1 IPv6
- Directives for IPv6 are virtual6, real6, fallback6.
- @@ -723,9 +705,7 @@
- B<checktype: >B<connect> | B<external> | B<external-perl> | B<negotiate> | B<off> | B<on> | B<checktimeout>I<N>
- -B<service: >B<dns> | B<http> | B<https> | B<nntp> | B<none> | B<simpletcp> | B<sip>
- -
- -Note: When using a service type with http or https, you need to install perl module perl-Net-INET6Glue.
- +B<service: >B<dns> | B<nntp> | B<none> | B<simpletcp> | B<sip>
- =head1 FILES
- @@ -753,6 +733,8 @@
- =cut
- +#Disable SSL Verification
- +$ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'} = 0;
- use strict;
- # Set defaults for configuration variables in the "set_defaults" function
- use vars qw(
- @@ -769,7 +751,6 @@
- $CHECKCOUNT
- $FAILURECOUNT
- $QUIESCENT
- - $READDQUIESCENT
- $FORKING
- $EMAILALERT
- $EMAILALERTFREQ
- @@ -849,12 +830,7 @@
- #use English;
- #use Time::HiRes qw( gettimeofday tv_interval );
- use Socket;
- -use Socket6 qw(NI_NUMERICHOST NI_NUMERICSERV NI_NAMEREQD getaddrinfo getnameinfo inet_pton inet_ntop);
- -# Workaround warnning messages : Three "_in6" symbols redefined.
- -eval "use Socket6 qw(pack_sockaddr_in6)" unless defined &pack_sockaddr_in6;
- -eval "use Socket6 qw(sockaddr_in6)" unless defined &sockaddr_in6;
- -eval "use Socket6 qw(unpack_sockaddr_in6)" unless defined &unpack_sockaddr_in6;
- -
- +use Socket6;
- use Sys::Hostname;
- use POSIX qw(setsid :sys_wait_h);
- use Sys::Syslog qw(:DEFAULT setlogsock);
- @@ -1281,7 +1257,6 @@
- $MAINTDIR = undef;
- $NEGOTIATETIMEOUT = -1;
- $QUIESCENT = "no";
- - $READDQUIESCENT = "no";
- $SUPERVISED = "no";
- $SMTP = undef;
- }
- @@ -1381,7 +1356,6 @@
- $vsrv{num_connects} = 0;
- $vsrv{httpmethod} = "GET";
- $vsrv{secret} = "";
- - $vsrv{ops} = "no";
- push(@VIRTUAL, \%vsrv);
- while(<CFGFILE>) {
- $line++;
- @@ -1515,12 +1489,6 @@
- } else {
- &config_error($line, "invalid protocol");
- }
- - } elsif ($rcmd =~ /^ops\s*=\s*(.*)/) {
- - if ($1 eq "yes" || $1 eq "no") {
- - $vsrv{ops} = $1;
- - } else {
- - &config_error($line, "ops must be 'yes' or 'no'");
- - }
- } elsif ($rcmd =~ /^service\s*=\s*(.*)/) {
- $1 =~ /(\w+)/ && ($1 eq "dns" ||
- $1 eq "ftp" ||
- @@ -1731,11 +1699,6 @@
- or &config_error($line,
- "quiescent must be 'yes' or 'no'");
- $QUIESCENT = $1;
- - } elsif ($linedata =~ /^readdquiescent\s*=\s*(.*)/) {
- - ($1 eq "yes" || $1 eq "no")
- - or &config_error($line,
- - "readdquiescent must be 'yes' or 'no'");
- - $READDQUIESCENT = $1;
- } elsif ($linedata =~ /^emailalert\s*=\s*(.*)/) {
- $EMAILALERT = read_emailalert($line, $1);
- } elsif ($linedata =~ /^emailalertfreq\s*=\s*(\d*)/) {
- @@ -2011,7 +1974,7 @@
- " (could not resolve host)");
- }
- if( defined($port) ){
- - $resolved_port=&ld_getservbyname($port,"");
- + $resolved_port=&ld_getservbyname($port);
- unless( defined($resolved_port) ){
- &config_error($line,
- "invalid port ($port) for real server" .
- @@ -2108,7 +2071,7 @@
- my $new_rsrv;
- my $rsrv;
- - $new_rsrv = {"server"=>$ip, "port"=>$port, "failcount"=>0};
- + $new_rsrv = {"server"=>$ip, "port"=>$port};
- $flags =~ /(\w+)(.*)/ && ($1 eq "gate" || $1 eq "masq" || $1 eq "ipip")
- or &config_error($line, "forward method must be gate, masq or ipip");
- @@ -2263,9 +2226,6 @@
- $$v{proto} = "-f";
- }
- $$v{flags} = "$$v{proto} " . &get_virtual_option($v) . " ";
- - if ($$v{protocol} eq "udp" && $$v{ops} eq "yes") {
- - $$v{flags} .= "-o ";
- - }
- $$v{flags} .= "-s $$v{scheduler} " if defined ($$v{scheduler});
- if (defined $$v{persistent}) {
- $$v{flags} .= "-p $$v{persistent} ";
- @@ -2500,7 +2460,7 @@
- my ($v) = (@_);
- if ($v->{"protocol"} eq "fwm") {
- - return &get_virtual($v) . " " . $v->{protocol} . (($v->{addressfamily} == AF_INET6) ? "6" : "");
- + return &get_virtual($v) . " " . $v->{protocol} . ($v->{addressfamily} == AF_INET6 ? "6" : "");
- }
- else {
- return &get_virtual($v) . " " . $v->{protocol};
- @@ -2572,12 +2532,7 @@
- }
- for my $k (keys (%$server_down)) {
- - my $v = $server_down->{$k};
- - if ($READDQUIESCENT eq "no") {
- - # Ensure that the server is initially added
- - service_set(@$v[0], @$v[1], "up", {force => 1});
- - }
- - # Remove Server
- + my $v = $server_down->{$k};
- service_set(@$v[0], @$v[1], "down", {force => 1});
- delete($server_down->{$k});
- #sleep 5;
- @@ -2855,22 +2810,16 @@
- }
- my ($v, $r) = @_;
- - my $host = $$r{server};
- + $$r{url} =~ /(http|https):\/\/([^:\/]+)(:([^\/]+))?(\/.*)/;
- + my $host = $2;
- + #my $port = $3;
- + my $uri = $4;
- my $virtualhost = (defined $$v{virtualhost} ? $$v{virtualhost} : $host);
- &ld_debug(2, "check_http: url=\"$$r{url}\" "
- . "virtualhost=\"$virtualhost\"");
- - if (inet_pton(AF_INET6,&ld_strip_brackets($host))) {
- - no warnings 'once';
- - require Net::INET6Glue::INET_is_INET6;
- - # Workaround for Net-HTTP IPv6 Address URLs Broken
- - @LWP::Protocol::http::EXTRA_SOCK_OPTS = (PeerAddr => $host,
- - PeerHost => &ld_strip_brackets($host),
- - Host => &ld_strip_brackets($host));
- - }
- -
- - my $ua = new LWP::UserAgent(ssl_opts => { verify_hostname => 0 });
- + my $ua = new LWP::UserAgent();
- my $h = undef;
- if ($$v{service} eq "http_proxy") {
- @@ -2911,16 +2860,14 @@
- }
- if ($$v{service} eq "https") {
- - &ld_debug(2, "SSL-Cipher: " .
- - ($res->header('Client-SSL-Cipher') || '<not set>'));
- - &ld_debug(2, "SSL-Cert-Subject: " .
- - ($res->header('Client-SSL-Cert-Subject') || '<not set>'));
- - &ld_debug(2, "SSL-Cert-Issuer: " .
- - ($res->header('Client-SSL-Cert-Issuer') || '<not set>'));
- + &ld_debug(2, "SSL-Cipher: " .
- + $res->header('Client-SSL-Cipher'));
- + &ld_debug(2, "SSL-Cert-Subject: " .
- + $res->header('Client-SSL-Cert-Subject'));
- + &ld_debug(2, "SSL-Cert-Issuer: " .
- + $res->header('Client-SSL-Cert-Issuer'));
- }
- - &ld_debug(2, "Return status: " . $res->status_line);
- -
- my $recstr = $$r{receive};
- if ($res->is_success && (!($recstr =~ /.+/) ||
- $res->content =~ /$recstr/)) {
- @@ -3060,55 +3007,36 @@
- require Net::LDAP;
- my $port = ld_checkport($v, $r);
- - my $result;
- - my $recstr = $$r{receive};
- -
- &ld_debug(2, "Checking ldap server=$$r{server} port=$port");
- - eval {
- - local $SIG{'__DIE__'} = "DEFAULT";
- - local $SIG{'ALRM'} = sub { die "Timeout Alarm" };
- - &ld_debug(4, "Timeout is $$v{checktimeout}");
- - &ld_debug(2, "Starting Check");
- - alarm $$v{checktimeout};
- - my $ldap = Net::LDAP->new("$$r{server}", port => $port,
- + my $recstr = $$r{receive};
- + my $ldap = Net::LDAP->new("$$r{server}", port => $port,
- timeout => $$v{negotiatetimeout});
- - if(!$ldap) {
- - service_set($v, $r, "down", {do_log => 1}, "Connection failed");
- - &ld_debug(4, "Connection failed");
- - alarm 0; # Cancel the alarm
- - return $SERVICE_DOWN;
- - }
- -
- - my $mesg;
- - if ($$v{login} && $$v{passwd}) {
- - $mesg = $ldap->bind($$v{login}, password=>$$v{passwd}) ;
- - }
- - else {
- - $mesg = $ldap->bind ;
- - }
- - if ($mesg->is_error) {
- - service_set($v, $r, "down", {do_log => 1}, "Bind failed");
- - &ld_debug(4, "Bind failed");
- - alarm 0; # Cancel the alarm
- - return $SERVICE_DOWN;
- - }
- -
- - &ld_debug(4, "Base : " . substr($$r{request},1));
- - $result = $ldap->search (
- - base => substr($$r{request},1) . "",
- - scope => "base",
- - filter => "(objectClass=*)"
- - );
- + if(!$ldap) {
- + service_set($v, $r, "down", {do_log => 1}, "Connection failed");
- + &ld_debug(4, "Connection failed");
- + return $SERVICE_DOWN;
- + }
- - alarm 0; # Cancel the alarm
- - };
- + my $mesg;
- + if ($$v{login} && $$v{passwd}) {
- + $mesg = $ldap->bind($$v{login}, password=>$$v{passwd}) ;
- + }
- + else {
- + $mesg = $ldap->bind ;
- + }
- + if ($mesg->is_error) {
- + service_set($v, $r, "down", {do_log => 1}, "Bind failed");
- + &ld_debug(4, "Bind failed");
- + return $SERVICE_DOWN;
- + }
- - if (!defined($result)) {
- - service_set($v, $r, "down", {do_log => 1}, "No answer received");
- - &ld_debug(2, "check timeout alarm");
- - return $SERVICE_DOWN;
- - }
- + &ld_debug(4, "Base : " . substr($$r{request},1));
- + my $result = $ldap->search (
- + base => substr($$r{request},1) . "",
- + scope => "base",
- + filter => "(objectClass=*)"
- + );
- if($result->count != 1) {
- service_set($v, $r, "down", {do_log => 1}, "No answer received");
- @@ -3637,7 +3565,6 @@
- my $request;
- my $server;
- my ($v,$r) = @_;
- - my $port = ld_checkport($v, $r);
- {
- # Net::DNS makes unguarded calls to eval
- # which throw a fatal exception if they fail
- @@ -3665,7 +3592,6 @@
- local $SIG{'ALRM'} = sub { die "timeout\n"; };
- alarm($$v{negotiatetimeout});
- $res->nameservers($server);
- - $res->port($port);
- if ($$v{"protocol"} eq "tcp") {
- $res->usevc(1);
- }
- @@ -3678,10 +3604,9 @@
- return $SERVICE_DOWN;
- }
- - my $recstr = $$r{receive};
- foreach $rr ($query->answer) {
- - if (($rr->type eq "A" and length($recstr) and $rr->address =~ /$recstr/) or
- - ($rr->type eq "PTR" and length($recstr) and $rr->ptrdname =~ /$recstr/)) {
- + if (($rr->type eq "A" and $rr->address eq $$r{"receive"}) or
- + ($rr->type eq "PTR" and $rr->ptrdname eq $$r{"receive"})) {
- service_set($v, $r, "up", {do_log => 1}, "Success");
- return $SERVICE_UP;
- }
- @@ -3916,23 +3841,20 @@
- if (defined($or)) {
- &system_wrapper("$IPVSADM -e "
- . "$ipvsadm_args $rforw -w 0");
- - &ld_log("Quiescent $log_args (Weight set to 0)");
- - &ld_emailalert_send("Quiescent $log_args (Weight set to 0)",
- - $v, $rservice, $currenttime);
- }
- - elsif ($READDQUIESCENT eq "yes") {
- + else {
- &system_wrapper("$IPVSADM -a "
- . "$ipvsadm_args $rforw -w 0");
- - &ld_log("Readd Quiescent $log_args (Weight set to 0)");
- - &ld_emailalert_send("Quiescent $log_args (Weight set to 0)",
- - $v, $rservice, $currenttime);
- }
- + &ld_log("Quiescent $log_args (Weight set to 0)");
- + &ld_emailalert_send("Quiescent $log_args (Weight set to 0)",
- + $v, $rservice, $currenttime);
- }
- else {
- &system_wrapper("$IPVSADM -d $ipvsadm_args");
- &ld_log("Deleted $log_args");
- &ld_emailalert_send("Deleted $log_args", $v,
- - $rservice, $tag eq "fallback" ? 0 : $currenttime);
- + $rservice, $currenttime);
- }
- }
- @@ -4246,9 +4168,9 @@
- $v->{fallbackcommand_status} = $status;
- if (defined($v->{fallbackcommand})) {
- - &system_wrapper($v->{fallbackcommand} . " " . $status . " " . $v->{server} . ":" . $v->{port} . " " . $v->{protocol});
- + &system_wrapper($v->{fallbackcommand} . " " . $status);
- } elsif (defined($FALLBACKCOMMAND)) {
- - &system_wrapper($FALLBACKCOMMAND . " " . $status . " " . $v->{server} . ":" . $v->{port} . " " . $v->{protocol});
- + &system_wrapper($FALLBACKCOMMAND . " " . $status);
- }
- }
- @@ -4477,14 +4399,13 @@
- my $smtp = Net::SMTP->new($smtp_server);
- if ($smtp) {
- - my $myusername = getpwuid( $< );
- - $smtp->mail("$myusername\@$hostname");
- + $smtp->mail("$ENV{USER}\@$hostname");
- $smtp->to($to_addr);
- $smtp->data();
- if($EMAILALERTFROM) {
- $smtp->datasend("From: $EMAILALERTFROM\n");
- } else {
- - $smtp->datasend("From: $myusername\@$hostname\n");
- + $smtp->datasend("From: $ENV{USER}\@$hostname\n");
- }
- $smtp->datasend("To: $to_addr\n");
- $smtp->datasend("Subject: $subject\n\n");
- @@ -4906,7 +4827,7 @@
- my ($v) = (@_);
- if ($v->{"protocol"} eq "fwm") {
- - return $v->{"protocol"} . (($v->{addressfamily} == AF_INET6)?"6":"") . ":" . &get_virtual($v);
- + return $v->{"protocol"} . ($v->{addressfamily} == AF_INET6?"6":"") . ":" . &get_virtual($v);
- }
- else {
- return $v->{"protocol"} . ":" . &get_virtual($v);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement