OpenBSD's ifstated - openbsd ifstated carp
Networks
13.06.2010
7946
Ifstated
Ifstated is a common component on a OpenBSD system that let you run specifics actions when the state of an interface change. Used mainly in firewall with carp devices enabled, ifstated allows the management of interfaces statuses (up, down and so on). When the statuses changes, you can execute a script or a system command to create for example a minimal logging system or any sort of implementation you think is useful.
/etc/ifstated.conf
The /etc/ifstated.conf is the main config file. In this file you have to write the rules of your ifstated configuration.
The file is divided in three main sections.
Global Configuration
Contains the global parameters of ifstated.
Only this directive is available:
init-state state
This force the state of the devices on startup. Only a directive init-state is accepted. The value "state" must be the name of a valid state definition present in the file.
Read the example at the end will clarify its use.
Macros
Macros are variables defined by the user. These can be used later in the code to simplify it.
The status of an interface in a macro can assume three values:
- up => interface is up, for carp is equal to master state
- down => interface is down, for carp is equal to backup
- unknown => the state of the given interface is unknown
Some macros examples are defined below:
carp_up = "carp0.link.up"
carp_init = "carp0.link.unknown"
carp_down = "carp0.link.down"
We can also use special operators such as "!", "&&", "||":
carp_up = "!carp0.link.up && !carp1.link.up"
It's possible to use macro for testing purposes. Tests must be used along the "every number_of_seconds" keyword.
host_test = '( "ping -q -c 1 -w 1 192.168.2.2 > /dev/null" every 10 &&
"ping -q -c 1 -w 1 192.168.2.4 > /dev/null" every 10)'
This will check with "ping" if the host is reachable.
Macros can be used in the code with the "$" character:
$carp_up
State definitions
State definitions are used mainly for two purposes:
- execute through the init function system commands defined by the user
- set a new state if the status of an interface change
A state definition must be declared first:
state is_master{
init {
here write your system commands with the "run" keyword
run "/bin/sh /data/script/send_mail.sh"
.........
}
if ($carp_down)
set-state is_down
}
Here the explanation of the above code:
- state is_master => define a new state called is_master
- init => the init function will run all the command between brackets every time the state is initializated
- if => if the macro $carp_down evaluate in true, the state is_down will be executed
The "set-state" keyword must be used to change state.
We can also use special operators for evaluate if conditions:
if !$host_test || $carp_down
set-state backup
Tests can be also evaluate:
test_host = '( "ping -q -c 1 -w 1 192.168.0.1 > /dev/null" every 10)'
if !$test_host
set-state net
Example
This is a ifstated.conf example:
init-state auto
carp_up = "carp0.link.up"
carp_init = "carp0.link.unknown"
carp_down = "carp0.link.down"
state auto {
if ($carp_init)
set-state is_init
if ($carp_up)
set-state is_master
if ($carp_down)
set-state run_sync
}
state is_init {
init {
run "echo `date` INIT >> /var/log/ifstated.state"
}
if ($carp_down)
set-state run_sync
if ($carp_up)
set-state is_master
}
state is_master {
init {
run "echo `date` MASTER >> /var/log/ifstated.state"
run "/bin/sh /root/scripts/checker.sh &"
}
if ($carp_init)
set-state is_init
if ($carp_down)
set-state run_sync
}
state run_sync {
init {
run "echo `date` BACKUP >> /var/log/ifstated.state"
run "/bin/sh /root/scripts/backup.sh"
}
if ($carp_up)
set-state is_master
if ($carp_init)
set-state is_init
}
Utility
- ifstated => run ifstated daemon. Useful option include -n for test the configuration and -d, don't daemonize ifstated and log to stdout
Previous