Skip to content
Commits on Source (197)
Expand all Hide whitespace changes
Inline Side-by-side
VERSION
View file @ 218e3c0b
......@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=5
SAMBA_VERSION_RELEASE=8
SAMBA_VERSION_RELEASE=12
########################################################
# If a official release has a serious bug #
......
WHATSNEW.txt
View file @ 218e3c0b
==============================
Release Notes for Samba 4.5.12
July 12, 2017
==============================
This is a security release in order to address the following defect:
o CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass)
=======
Details
=======
o CVE-2017-11103 (Heimdal):
All versions of Samba from 4.0.0 onwards using embedded Heimdal
Kerberos are vulnerable to a man-in-the-middle attack impersonating
a trusted server, who may gain elevated access to the domain by
returning malicious replication or authorization data.
Samba binaries built against MIT Kerberos are not vulnerable.
Changes since 4.5.11:
---------------------
o Jeffrey Altman <jaltman@secure-endpoints.com>
* BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
Release notes for older releases follow:
----------------------------------------
==============================
Release Notes for Samba 4.5.11
July 6, 2017
==============================
This is the latest stable release of the Samba 4.5 release series.
Changes since 4.5.10:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 12793: s3: smbd: Fix open_files.idl to correctly ignore
share_mode_lease *lease in share_mode_entry.
* BUG 12804: s3: VFS: Catia: Ensure path name is also converted.
* BUG 12818: s3: smbd: When deleting an fsp pointer ensure we don't keep
any references to it around.
* BUG 12831: s3: libsmb: Correctly save and restore connection tcon
in 'smbclient', 'smbcacls' and 'smbtorture3'.
o Ralph Boehme <slow@samba.org>
* BUG 12798: s3/smbd: Fix exclusive lease optimisation.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12856: ctdb-scripts: Don't send empty argument string to logger.
* BUG 12857: ctdb-recovery: Do not run local ip verification when in
recovery.
o Daniel Kobras <d.kobras@science-computing.de>
* BUG 12860: s3: smbd: Fix regression with non-wide symlinks to directories
over SMB3.
o Stefan Metzmacher <metze@samba.org>
* BUG 12768: samba-tool: Fix log message of 'samba-tool user syncpasswords'.
* BUG 12772: s3:smbd: unimplement FSCTL_VALIDATE_NEGOTIATE_INFO with
"server max protocol = SMB2_02".
* BUG 12788: auth/spnego: Fix gensec_update_ev() argument order for
the SPNEGO_FALLBACK case.
* BUG 12832: s3:smb2_create: Avoid reusing the 'tevent_req' within
smbd_smb2_create_send().
* BUG 12844: Related requests with TreeConnect fail with
NETWORK_NAME_DELETED.
* BUG 12845: Related requests with SessionSetup fail with INTERNAL_ERROR.
* BUG 12859: ldb: protect Samba < 4.7 against incompatible ldb
versions and require ldb < 1.2.0.
* BUG 12862: auth/ntlmssp: Enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2
client case.
o Michael Saxl <mike@mwsys.mine.bz>
* BUG 10490: s3:gse_krb5: Fix a possible crash in
fill_mem_keytab_from_system_keytab().
o Andreas Schneider <asn@samba.org>
* BUG 12808: libcli:smb2: Gracefully handle not supported for
FSCTL_VALIDATE_NEGOTIATE_INFO.
o Martin Schwenke <martin@meltin.net>
* BUG 12802: 'ctdb nodestatus' incorrectly displays status for all nodes
with wrong exit code.
* BUG 12837: ctdb-scripts: NFS call-out failures should cause event failure.
o Richard Sharpe <richard.sharpe@primarydata.com>
* BUG 15852: There are valid paths where conn->lsa_pipe_tcp->transport
is NULL.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
----------------------------------------------------------------------
==============================
Release Notes for Samba 4.5.10
May 24, 2017
==============================
This is a security release in order to address the following defect:
o CVE-2017-7494 (Remote code execution from a writable share)
=======
Details
=======
o CVE-2017-7494:
All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.
Changes since 4.5.9:
--------------------
o Volker Lendecke <vl@samba.org>
* BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
share.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
----------------------------------------------------------------------
=============================
Release Notes for Samba 4.5.9
May 18, 2017
=============================
This is the latest stable release of the Samba 4.5 release series.
Changes since 4.5.8:
--------------------
o Michael Adam <obnox@samba.org>
* BUG 12743: vfs_shadow_copy2 fails to list snapshots from shares with
GlusterFS backend.
o Jeremy Allison <jra@samba.org>
* BUG 12747: Wrong use of getgroups causes buffer overflow.
o Hanno Böck <hanno@hboeck.de>
* BUG 12746: lib: debug: Avoid negative array access.
* BUG 12748: cleanupdb: Fix a memory read error.
o Ralph Boehme <slow@samba.org>
* BUG 11961: idmap_autorid allocates ids for unknown SIDs from other backends.
* BUG 12562: vfs_acl_common should force "create mask = 0777".
* BUG 12565: vfs_fruit: resource fork open request with
flags=O_CREAT|O_RDONLY.
* BUG 12727: Lookup-domain for well-known SIDs on a DC.
* BUG 12728: winbindd: Fix error handling in rpc_lookup_sids().
* BUG 12729: winbindd: Trigger possible passdb_dsdb initialisation.
* BUG 12749: Can't case-rename files with vfs_fruit.
* BUG 12766: s3/smbd: Update exclusive oplock optimisation to the lease area.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12733: ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'.
o Shilpa Krishnareddy <skrishnareddy@panzura.com>
* BUG 12756: notify: Fix ordering of events in notifyd.
o Volker Lendecke <vl@samba.org>
* BUG 12276: lib: Fix CID 1373623 Dereference after null check.
* BUG 12558: smbd: Fix smb1 findfirst with DFS.
* BUG 12757: idmap_rfc2307: Fix lookup of more than two SIDs.
o Stefan Metzmacher <metze@samba.org>
* BUG 12767: samba-tool: Let 'samba-tool user syncpasswords' report deletions
immediately.
* BUG 12725: pam_winbind: no longer use wbcUserPasswordPolicyInfo when
authenticating.
o Doug Nazar <nazard@nazar.ca>
* BUG 12760: s3: smbd: inotify_map_mask_to_filter incorrectly indexes an
array.
o Christof Schmitt <cs@samba.org>
* BUG 12725: winbindd: Fix password policy for pam authentication.
o Andreas Schneider <asn@samba.org>
* BUG 12277: waf: Explicitly link libreplace against libnss_wins.so.
o Uri Simchoni <uri@samba.org>
* BUG 12737: vfs_acl_xattr - failure to get ACL on Linux if memory is
fragmented.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
----------------------------------------------------------------------
=============================
Release Notes for Samba 4.5.8
March 31, 2017
......@@ -36,8 +320,8 @@ database (https://bugzilla.samba.org/).
======================================================================
Release notes for older releases follow:
----------------------------------------
----------------------------------------------------------------------
=============================
Release Notes for Samba 4.5.7
......
auth/gensec/spnego.c
View file @ 218e3c0b
......@@ -366,7 +366,7 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
return nt_status;
}
nt_status = gensec_update_ev(spnego_state->sub_sec_security,
ev, out_mem_ctx, in, out);
out_mem_ctx, ev, in, out);
return nt_status;
}
DEBUG(1, ("Failed to parse SPNEGO request\n"));
......@@ -756,8 +756,8 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
switch (spnego_state->state_position) {
case SPNEGO_FALLBACK:
return gensec_update_ev(spnego_state->sub_sec_security, ev,
out_mem_ctx, in, out);
return gensec_update_ev(spnego_state->sub_sec_security,
out_mem_ctx, ev, in, out);
case SPNEGO_SERVER_START:
{
NTSTATUS nt_status;
......
auth/ntlmssp/ntlmssp_util.c
View file @ 218e3c0b
......@@ -75,6 +75,27 @@ NTSTATUS ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
{
uint32_t missing_flags = ntlmssp_state->required_flags;
if (ntlmssp_state->use_ntlmv2) {
/*
* Using NTLMv2 as a client implies
* using NTLMSSP_NEGOTIATE_NTLM2
* (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)
*
* Note that 'use_ntlmv2' is only set
* true in the client case.
*
* Even if the server has a bug and does not announce
* it, we need to assume it's present.
*
* Note that we also have the flag
* in ntlmssp_state->required_flags,
* see gensec_ntlmssp_client_start().
*
* See bug #12862.
*/
flags |= NTLMSSP_NEGOTIATE_NTLM2;
}
if (flags & NTLMSSP_NEGOTIATE_UNICODE) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;
......
buildtools/wafsamba/samba_bundled.py
View file @ 218e3c0b
......@@ -110,6 +110,7 @@ def LIB_MUST_BE_PRIVATE(conf, libname):
@conf
def CHECK_BUNDLED_SYSTEM_PKG(conf, libname, minversion='0.0.0',
maxversion=None, version_blacklist=[],
onlyif=None, implied_deps=None, pkg=None):
'''check if a library is available as a system library.
......@@ -117,12 +118,15 @@ def CHECK_BUNDLED_SYSTEM_PKG(conf, libname, minversion='0.0.0',
'''
return conf.CHECK_BUNDLED_SYSTEM(libname,
minversion=minversion,
maxversion=maxversion,
version_blacklist=version_blacklist,
onlyif=onlyif,
implied_deps=implied_deps,
pkg=pkg)
@conf
def CHECK_BUNDLED_SYSTEM(conf, libname, minversion='0.0.0',
maxversion=None, version_blacklist=[],
checkfunctions=None, headers=None, checkcode=None,
onlyif=None, implied_deps=None,
require_headers=True, pkg=None, set_target=True):
......@@ -181,16 +185,29 @@ def CHECK_BUNDLED_SYSTEM(conf, libname, minversion='0.0.0',
minversion = minimum_library_version(conf, libname, minversion)
msg = 'Checking for system %s' % libname
msg_ver = []
if minversion != '0.0.0':
msg += ' >= %s' % minversion
msg_ver.append('>=%s' % minversion)
if maxversion is not None:
msg_ver.append('<=%s' % maxversion)
for v in version_blacklist:
msg_ver.append('!=%s' % v)
if msg_ver != []:
msg += " (%s)" % (" ".join(msg_ver))
uselib_store=libname.upper()
if pkg is None:
pkg = libname
version_checks = '%s >= %s' % (pkg, minversion)
if maxversion is not None:
version_checks += ' %s <= %s' % (pkg, maxversion)
for v in version_blacklist:
version_checks += ' %s != %s' % (pkg, v)
# try pkgconfig first
if (conf.CHECK_CFG(package=pkg,
args='"%s >= %s" --cflags --libs' % (pkg, minversion),
args='"%s" --cflags --libs' % (version_checks),
msg=msg, uselib_store=uselib_store) and
check_functions_headers_code()):
if set_target:
......
ctdb/config/events.d/60.nfs
View file @ 218e3c0b
......@@ -258,20 +258,20 @@ ctdb_service_check_reconfigure
case "$1" in
startup)
nfs_callout "$@"
nfs_callout "$@" || exit $?
;;
shutdown)
nfs_callout "$@"
nfs_callout "$@" || exit $?
;;
takeip)
nfs_callout "$@"
nfs_callout "$@" || exit $?
ctdb_service_set_reconfigure
;;
releaseip)
nfs_callout "$@"
nfs_callout "$@" || exit $?
ctdb_service_set_reconfigure
;;
......
ctdb/config/functions
View file @ 218e3c0b
......@@ -150,7 +150,7 @@ script_log ()
*)
# Handle all syslog:* variants here too. There's no tool to do
# the lossy things, so just use logger.
logger -t "ctdbd: ${_tag}" "$*"
logger -t "ctdbd: ${_tag}" "$@"
;;
esac
}
......
ctdb/doc/ctdb-statistics.7
View file @ 218e3c0b
......@@ -2,12 +2,12 @@
.\" Title: ctdb-statistics
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 10/24/2016
.\" Date: 07/28/2016
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\-STATISTICS" "7" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB\-STATISTICS" "7" "07/28/2016" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
ctdb/doc/ctdb-statistics.7.html
View file @ 218e3c0b
This diff is collapsed.
ctdb/doc/ctdb-tunables.7
View file @ 218e3c0b
......@@ -2,12 +2,12 @@
.\" Title: ctdb-tunables
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 10/24/2016
.\" Date: 07/28/2016
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\-TUNABLES" "7" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB\-TUNABLES" "7" "07/28/2016" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
ctdb/doc/ctdb-tunables.7.html
View file @ 218e3c0b
This diff is collapsed.
ctdb/doc/ctdb.1
View file @ 218e3c0b
......@@ -2,12 +2,12 @@
.\" Title: ctdb
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 01/30/2017
.\" Date: 07/12/2017
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB" "1" "01/30/2017" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB" "1" "07/12/2017" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......@@ -64,9 +64,9 @@ A space separated list of at least one
.RE
.SH "OPTIONS"
.PP
\-n \fIPNN\-LIST\fR
\-n \fIPNN\fR
.RS 4
The nodes specified by PNN\-LIST should be queried for the requested information\&. Default is to query the daemon running on the local host\&.
The node specified by PNN should be queried for the requested information\&. Default is to query the daemon running on the local host\&.
.RE
.PP
\-Y
......
ctdb/doc/ctdb.1.html
View file @ 218e3c0b
This diff is collapsed.
ctdb/doc/ctdb.1.xml
View file @ 218e3c0b
......@@ -123,10 +123,10 @@
<title>OPTIONS</title>
<variablelist>
<varlistentry><term>-n <parameter>PNN-LIST</parameter></term>
<varlistentry><term>-n <parameter>PNN</parameter></term>
<listitem>
<para>
The nodes specified by PNN-LIST should be queried for the
The node specified by PNN should be queried for the
requested information. Default is to query the daemon
running on the local host.
</para>
......
ctdb/doc/ctdb.7
View file @ 218e3c0b
......@@ -2,12 +2,12 @@
.\" Title: ctdb
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 10/24/2016
.\" Date: 07/28/2016
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB" "7" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB" "7" "07/28/2016" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
ctdb/doc/ctdb.7.html
View file @ 218e3c0b
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdb</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdb.7"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdb &#8212; Clustered TDB</p></div><div class="refsect1"><a name="idp52307040"></a><h2>DESCRIPTION</h2><p>
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdb</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdb.7"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdb &#8212; Clustered TDB</p></div><div class="refsect1"><a name="idp51821952"></a><h2>DESCRIPTION</h2><p>
CTDB is a clustered database component in clustered Samba that
provides a high-availability load-sharing CIFS server cluster.
</p><p>
......@@ -16,7 +16,7 @@
Combined with a cluster filesystem CTDB provides a full
high-availablity (HA) environment for services such as clustered
Samba, NFS and other services.
</p></div><div class="refsect1"><a name="idp53832720"></a><h2>ANATOMY OF A CTDB CLUSTER</h2><p>
</p></div><div class="refsect1"><a name="idp50722832"></a><h2>ANATOMY OF A CTDB CLUSTER</h2><p>
A CTDB cluster is a collection of nodes with 2 or more network
interfaces. All nodes provide network (usually file/NAS) services
to clients. Data served by file services is stored on shared
......@@ -25,7 +25,7 @@
</p><p>
CTDB provides an "all active" cluster, where services are load
balanced across all nodes.
</p></div><div class="refsect1"><a name="idp52095024"></a><h2>Recovery Lock</h2><p>
</p></div><div class="refsect1"><a name="idp50157376"></a><h2>Recovery Lock</h2><p>
CTDB uses a <span class="emphasis"><em>recovery lock</em></span> to avoid a
<span class="emphasis"><em>split brain</em></span>, where a cluster becomes
partitioned and each partition attempts to operate
......@@ -72,7 +72,7 @@
</p><p>
CTDB can run without a recovery lock but this is not recommended
as there will be no protection from split brains.
</p></div><div class="refsect1"><a name="idp54092272"></a><h2>Private vs Public addresses</h2><p>
</p></div><div class="refsect1"><a name="idp53893632"></a><h2>Private vs Public addresses</h2><p>
Each node in a CTDB cluster has multiple IP addresses assigned
to it:
......@@ -83,7 +83,7 @@
One or more public IP addresses that are used to provide
NAS or other services.
</p></li></ul></div><p>
</p><div class="refsect2"><a name="idp54095648"></a><h3>Private address</h3><p>
</p><div class="refsect2"><a name="idp53897008"></a><h3>Private address</h3><p>
Each node is configured with a unique, permanently assigned
private address. This address is configured by the operating
system. This address uniquely identifies a physical node in
......@@ -117,7 +117,7 @@
192.168.1.2
192.168.1.3
192.168.1.4
</pre></div><div class="refsect2"><a name="idp54103168"></a><h3>Public addresses</h3><p>
</pre></div><div class="refsect2"><a name="idp49115808"></a><h3>Public addresses</h3><p>
Public addresses are used to provide services to clients.
Public addresses are not configured at the operating system
level and are not permanently associated with a particular
......@@ -188,7 +188,7 @@ Node 3:/usr/local/etc/ctdb/public_addresses
</p><p>
The <span class="command"><strong>ctdb ip</strong></span> command can be used to view the
current assignment of public addresses to physical nodes.
</p></div></div><div class="refsect1"><a name="idp48934336"></a><h2>Node status</h2><p>
</p></div></div><div class="refsect1"><a name="idp49127968"></a><h2>Node status</h2><p>
The current status of each node in the cluster can be viewed by the
<span class="command"><strong>ctdb status</strong></span> command.
</p><p>
......@@ -233,7 +233,7 @@ Node 3:/usr/local/etc/ctdb/public_addresses
like a healthy (OK) node. Some interfaces to serve public
addresses are down, but at least one interface is up. See
also <span class="command"><strong>ctdb ifaces</strong></span>.
</p></dd></dl></div></div><div class="refsect1"><a name="idp48978496"></a><h2>CAPABILITIES</h2><p>
</p></dd></dl></div></div><div class="refsect1"><a name="idp49087984"></a><h2>CAPABILITIES</h2><p>
Cluster nodes can have several different capabilities enabled.
These are listed below.
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">RECMASTER</span></dt><dd><p>
......@@ -252,7 +252,7 @@ Node 3:/usr/local/etc/ctdb/public_addresses
The RECMASTER and LMASTER capabilities can be disabled when CTDB
is used to create a cluster spanning across WAN links. In this
case CTDB acts as a WAN accelerator.
</p></div><div class="refsect1"><a name="idp48985200"></a><h2>LVS</h2><p>
</p></div><div class="refsect1"><a name="idp49142256"></a><h2>LVS</h2><p>
LVS is a mode where CTDB presents one single IP address for the
entire cluster. This is an alternative to using public IP
addresses and round-robin DNS to loadbalance clients across the
......@@ -326,7 +326,7 @@ Node 3:/usr/local/etc/ctdb/public_addresses
reachable from a node <span class="emphasis"><em>before</em></span> you enable
LVS. Also ensure that outgoing traffic to these hosts is routed
out through the configured public interface.
</p><div class="refsect2"><a name="idp49004224"></a><h3>Configuration</h3><p>
</p><div class="refsect2"><a name="idp49156560"></a><h3>Configuration</h3><p>
To activate LVS on a CTDB node you must specify the
<code class="varname">CTDB_LVS_PUBLIC_IFACE</code>,
<code class="varname">CTDB_LVS_PUBLIC_IP</code> and
......@@ -360,7 +360,7 @@ CTDB_LVS_NODES=/usr/local/etc/ctdb/lvs_nodes
192.168.1.2
192.168.1.3
192.168.1.4 slave-only
</pre></div></div><div class="refsect1"><a name="idp49012560"></a><h2>TRACKING AND RESETTING TCP CONNECTIONS</h2><p>
</pre></div></div><div class="refsect1"><a name="idp55056864"></a><h2>TRACKING AND RESETTING TCP CONNECTIONS</h2><p>
CTDB tracks TCP connections from clients to public IP addresses,
on known ports. When an IP address moves from one node to
another, all existing TCP connections to that IP address are
......@@ -373,7 +373,7 @@ CTDB_LVS_NODES=/usr/local/etc/ctdb/lvs_nodes
a release and take of a public IP address on the same node.
Such connections can get out of sync with sequence and ACK
numbers, potentially causing a disruptive ACK storm.
</p></div><div class="refsect1"><a name="idp54958912"></a><h2>NAT GATEWAY</h2><p>
</p></div><div class="refsect1"><a name="idp55059632"></a><h2>NAT GATEWAY</h2><p>
NAT gateway (NATGW) is an optional feature that is used to
configure fallback routing for nodes. This allows cluster nodes
to connect to external services (e.g. DNS, AD, NIS and LDAP)
......@@ -390,7 +390,7 @@ CTDB_LVS_NODES=/usr/local/etc/ctdb/lvs_nodes
extra static IP address to a public interface on every node.
This is simpler but it uses an extra IP address per node, while
NAT gateway generally uses only one extra IP address.
</p><div class="refsect2"><a name="idp54961600"></a><h3>Operation</h3><p>
</p><div class="refsect2"><a name="idp55062320"></a><h3>Operation</h3><p>
One extra NATGW public address is assigned on the public
network to each NATGW group. Each NATGW group is a set of
nodes in the cluster that shares the same NATGW address to
......@@ -411,7 +411,7 @@ CTDB_LVS_NODES=/usr/local/etc/ctdb/lvs_nodes
public IP address and routes outgoing connections from
slave nodes via this IP address. It also establishes a
fallback default route.
</p></div><div class="refsect2"><a name="idp54964608"></a><h3>Configuration</h3><p>
</p></div><div class="refsect2"><a name="idp55065328"></a><h3>Configuration</h3><p>
NATGW is usually configured similar to the following example configuration:
</p><pre class="screen">
CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes
......@@ -430,7 +430,7 @@ CTDB_NATGW_DEFAULT_GATEWAY=10.0.0.1
See the <em class="citetitle">NAT GATEWAY</em> section in
<span class="citerefentry"><span class="refentrytitle">ctdbd.conf</span>(5)</span> for more details of
NATGW configuration.
</p></div><div class="refsect2"><a name="idp54969376"></a><h3>Implementation details</h3><p>
</p></div><div class="refsect2"><a name="idp55070096"></a><h3>Implementation details</h3><p>
When the NATGW functionality is used, one of the nodes is
selected to act as a NAT gateway for all the other nodes in
the group when they need to communicate with the external
......@@ -465,7 +465,7 @@ CTDB_NATGW_DEFAULT_GATEWAY=10.0.0.1
eventscript. Please see the eventscript file and the
<em class="citetitle">NAT GATEWAY</em> section in
<span class="citerefentry"><span class="refentrytitle">ctdbd.conf</span>(5)</span> for more details.
</p></div></div><div class="refsect1"><a name="idp54977200"></a><h2>POLICY ROUTING</h2><p>
</p></div></div><div class="refsect1"><a name="idp55077920"></a><h2>POLICY ROUTING</h2><p>
Policy routing is an optional CTDB feature to support complex
network topologies. Public addresses may be spread across
several different networks (or VLANs) and it may not be possible
......@@ -475,7 +475,7 @@ CTDB_NATGW_DEFAULT_GATEWAY=10.0.0.1
This allows routing to be specified for packets sourced from
each public address. The routes are added and removed as CTDB
moves public addresses between nodes.
</p><div class="refsect2"><a name="idp54979424"></a><h3>Configuration variables</h3><p>
</p><div class="refsect2"><a name="idp55080144"></a><h3>Configuration variables</h3><p>
There are 4 configuration variables related to policy routing:
<code class="varname">CTDB_PER_IP_ROUTING_CONF</code>,
<code class="varname">CTDB_PER_IP_ROUTING_RULE_PREF</code>,
......@@ -483,7 +483,7 @@ CTDB_NATGW_DEFAULT_GATEWAY=10.0.0.1
<code class="varname">CTDB_PER_IP_ROUTING_TABLE_ID_HIGH</code>. See the
<em class="citetitle">POLICY ROUTING</em> section in
<span class="citerefentry"><span class="refentrytitle">ctdbd.conf</span>(5)</span> for more details.
</p></div><div class="refsect2"><a name="idp54983472"></a><h3>Configuration</h3><p>
</p></div><div class="refsect2"><a name="idp55084112"></a><h3>Configuration</h3><p>
The format of each line of
<code class="varname">CTDB_PER_IP_ROUTING_CONF</code> is:
</p><pre class="screen">
......@@ -545,7 +545,7 @@ CTDB_NATGW_DEFAULT_GATEWAY=10.0.0.1
</p><pre class="screen">
192.168.1.0/24 dev eth2 scope link
default via 192.168.1.1 dev eth2
</pre></div><div class="refsect2"><a name="idp54998768"></a><h3>Sample configuration</h3><p>
</pre></div><div class="refsect2"><a name="idp55099328"></a><h3>Sample configuration</h3><p>
Here is a more complete example configuration.
</p><pre class="screen">
/usr/local/etc/ctdb/public_addresses:
......@@ -565,7 +565,7 @@ CTDB_NATGW_DEFAULT_GATEWAY=10.0.0.1
The routes local packets as expected, the default route is as
previously discussed, but packets to 192.168.200.0/24 are
routed via the alternate gateway 192.168.1.254.
</p></div></div><div class="refsect1"><a name="idp55001632"></a><h2>NOTIFICATION SCRIPT</h2><p>
</p></div></div><div class="refsect1"><a name="idp55102192"></a><h2>NOTIFICATION SCRIPT</h2><p>
When certain state changes occur in CTDB, it can be configured
to perform arbitrary actions via a notification script. For
example, sending SNMP traps or emails when a node becomes
......@@ -581,9 +581,9 @@ CTDB_NATGW_DEFAULT_GATEWAY=10.0.0.1
</p><p>
CTDB currently generates notifications after CTDB changes to
these states:
</p><table border="0" summary="Simple list" class="simplelist"><tr><td>init</td></tr><tr><td>setup</td></tr><tr><td>startup</td></tr><tr><td>healthy</td></tr><tr><td>unhealthy</td></tr></table></div><div class="refsect1"><a name="idp55008656"></a><h2>DEBUG LEVELS</h2><p>
</p><table border="0" summary="Simple list" class="simplelist"><tr><td>init</td></tr><tr><td>setup</td></tr><tr><td>startup</td></tr><tr><td>healthy</td></tr><tr><td>unhealthy</td></tr></table></div><div class="refsect1"><a name="idp55109136"></a><h2>DEBUG LEVELS</h2><p>
Valid values for DEBUGLEVEL are:
</p><table border="0" summary="Simple list" class="simplelist"><tr><td>ERR (0)</td></tr><tr><td>WARNING (1)</td></tr><tr><td>NOTICE (2)</td></tr><tr><td>INFO (3)</td></tr><tr><td>DEBUG (4)</td></tr></table></div><div class="refsect1"><a name="idp55012352"></a><h2>REMOTE CLUSTER NODES</h2><p>
</p><table border="0" summary="Simple list" class="simplelist"><tr><td>ERR (0)</td></tr><tr><td>WARNING (1)</td></tr><tr><td>NOTICE (2)</td></tr><tr><td>INFO (3)</td></tr><tr><td>DEBUG (4)</td></tr></table></div><div class="refsect1"><a name="idp55112832"></a><h2>REMOTE CLUSTER NODES</h2><p>
It is possible to have a CTDB cluster that spans across a WAN link.
For example where you have a CTDB cluster in your datacentre but you also
want to have one additional CTDB node located at a remote branch site.
......@@ -612,7 +612,7 @@ CTDB_CAPABILITY_RECMASTER=no
</p><p>
Verify with the command "ctdb getcapabilities" that that node no longer
has the recmaster or the lmaster capabilities.
</p></div><div class="refsect1"><a name="idp55017680"></a><h2>SEE ALSO</h2><p>
</p></div><div class="refsect1"><a name="idp55118080"></a><h2>SEE ALSO</h2><p>
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">ctdbd</span>(1)</span>,
......
ctdb/doc/ctdb_diagnostics.1
View file @ 218e3c0b
......@@ -2,12 +2,12 @@
.\" Title: ctdb_diagnostics
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 10/24/2016
.\" Date: 07/28/2016
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB_DIAGNOSTICS" "1" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB_DIAGNOSTICS" "1" "07/28/2016" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
ctdb/doc/ctdb_diagnostics.1.html
View file @ 218e3c0b
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdb_diagnostics</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdb_diagnostics.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdb_diagnostics &#8212; dump diagnostic information about CTDB/Samba installation</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ctdb_diagnostics</code> [OPTIONS] ... </p></div></div><div class="refsect1"><a name="idp51553344"></a><h2>DESCRIPTION</h2><p>
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdb_diagnostics</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdb_diagnostics.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdb_diagnostics &#8212; dump diagnostic information about CTDB/Samba installation</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ctdb_diagnostics</code> [OPTIONS] ... </p></div></div><div class="refsect1"><a name="idp53382064"></a><h2>DESCRIPTION</h2><p>
ctdb_diagnostics is used to dump diagnostic information about a
clustered Samba installation. This includes configuration
files, output of relevant commands and logs. This information
can be used to check the correctness of the configuration and to
diagnose problems.
</p></div><div class="refsect1"><a name="idp53511312"></a><h2>OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-n &lt;nodes&gt;</span></dt><dd><p>
</p></div><div class="refsect1"><a name="idp53996944"></a><h2>OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-n &lt;nodes&gt;</span></dt><dd><p>
Comma separated list of nodes to operate on
</p></dd><dt><span class="term">-c</span></dt><dd><p>
Ignore comment lines (starting with '#') in file comparisons
......@@ -12,7 +12,7 @@
Ignore whitespace in file comparisons
</p></dd><dt><span class="term">--no-ads</span></dt><dd><p>
Do not use commands that assume an Active Directory Server
</p></dd></dl></div></div><div class="refsect1"><a name="idp51176224"></a><h2>SEE ALSO</h2><p>
</p></dd></dl></div></div><div class="refsect1"><a name="idp53724064"></a><h2>SEE ALSO</h2><p>
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(7)</span>,
<a class="ulink" href="https://ctdb.samba.org/" target="_top">https://ctdb.samba.org/</a>
......
ctdb/doc/ctdbd.1
View file @ 218e3c0b
......@@ -2,12 +2,12 @@
.\" Title: ctdbd
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 10/24/2016
.\" Date: 07/28/2016
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDBD" "1" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDBD" "1" "07/28/2016" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
ctdb/doc/ctdbd.1.html
View file @ 218e3c0b
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdbd</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdbd.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdbd &#8212; The CTDB cluster daemon</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ctdbd</code> [<em class="replaceable"><code>OPTION</code></em>...]</p></div></div><div class="refsect1"><a name="idp53514240"></a><h2>DESCRIPTION</h2><p>
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdbd</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdbd.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdbd &#8212; The CTDB cluster daemon</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ctdbd</code> [<em class="replaceable"><code>OPTION</code></em>...]</p></div></div><div class="refsect1"><a name="idp54334608"></a><h2>DESCRIPTION</h2><p>
ctdbd is the main CTDB daemon.
</p><p>
Note that ctdbd is not usually invoked directly. It is invoked
via <span class="citerefentry"><span class="refentrytitle">ctdbd_wrapper</span>(1)</span> or via the initscript.
</p><p>
See <span class="citerefentry"><span class="refentrytitle">ctdb</span>(7)</span> for an overview of CTDB.
</p></div><div class="refsect1"><a name="idp53540288"></a><h2>GENERAL OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-d, --debug=<em class="parameter"><code>DEBUGLEVEL</code></em></span></dt><dd><p>
</p></div><div class="refsect1"><a name="idp50549952"></a><h2>GENERAL OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-d, --debug=<em class="parameter"><code>DEBUGLEVEL</code></em></span></dt><dd><p>
This option sets the debug level to DEBUGLEVEL, which
controls what will be written by the logging
subsystem. The default is 2.
......@@ -193,7 +193,7 @@
The "infiniband" support is not regularly tested.
</p></dd><dt><span class="term">-?, --help</span></dt><dd><p>
Display a summary of options.
</p></dd></dl></div></div><div class="refsect1"><a name="idp55091856"></a><h2>DEBUGGING OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-i, --interactive</span></dt><dd><p>
</p></dd></dl></div></div><div class="refsect1"><a name="idp55831584"></a><h2>DEBUGGING OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-i, --interactive</span></dt><dd><p>
Enable interactive mode. This will make ctdbd run in the
foreground and not detach from the terminal. By default
ctdbd will detach itself and run in the background as a
......@@ -250,7 +250,7 @@
This is a debugging option. This option is only used when
debugging ctdbd. This enables additional debugging
capabilities and implies --nosetsched.
</p></dd></dl></div></div><div class="refsect1"><a name="idp55113344"></a><h2>SEE ALSO</h2><p>
</p></dd></dl></div></div><div class="refsect1"><a name="idp55853072"></a><h2>SEE ALSO</h2><p>
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">ctdbd_wrapper</span>(1)</span>,
......