keepalived: high-availability files and data sync

add new package keepalived-sync to synchronize files and data
between master and backup node. The master node uses SSH over rsync
to send and the backup node will use inotifywatch to watch received files.

The master node can track rsync.sh script to send configuration file on
a backup node based on the vrrp_script configuration of the same script.

The backup node will have a keepalived-inotify service, which would watch
for newly received files and it would call hotplug event. Each service
can keep its respective script under the keepalived hotplug directory and
executes commands to stop, start service or update any config in real-time.

Whenever a switchover will happen, the backup node would have the latest
config and data files from the master node.

Hotplug events can be used to apply config when files are received.

Signed-off-by: Jaymin Patel <jem.patel@gmail.com>

net/keepalived/files/usr/bin/keepalived-rsync-inotify

@@ -0,0 +1,54 @@
+#!/bin/sh
+
+# shellcheck shell=ash
+
+# shellcheck source=/dev/null
+. /lib/functions/keepalived/common.sh
+
+if [ $# -lt 3 ]; then
+	echo "$0 <vrrp_instance> <peer> <rsync_dir>"
+	exit 1
+fi
+
+VRRP_INSTANCE=$1
+PEER=$2
+RSYNC_DIR=$3
+
+INOTIFY_ACTIONS="create,delete,modify,move,moved_to,moved_from"
+INOTIFY_PID=""
+TMP_DIR=/tmp/keepalived
+FIFO_FILE="$TMP_DIR"/inotifywait-$PEER.fifo
+
+daemonize_inotifywait() {
+	/usr/bin/inotifywait -q -r --exclude '/\..+' -o "$FIFO_FILE" -m "$RSYNC_DIR" -e ${INOTIFY_ACTIONS} 2> /dev/null &
+	INOTIFY_PID="$!"
+}
+
+main() {
+	local inotify_action inotify_dir inotify_file
+	local source_file target_file
+
+	[ ! -d "$TMP_DIR" ] && mkdir "$TMP_DIR"
+	mkfifo "${FIFO_FILE}" || exit 1
+
+	daemonize_inotifywait
+
+	while read -r inotify_dir inotify_action inotify_file; do
+		source_file="${inotify_dir}${inotify_file}"
+		target_file=$(echo "${inotify_dir}" | sed -e "s:${RSYNC_DIR}::g")"${inotify_file}"
+
+		log_debug "received $target_file ($inotify_action) in $source_file"
+
+		ACTION=NOTIFY_SYNC TYPE=peer NAME=$PEER INSTANCE=$VRRP_INSTANCE \
+			RSYNC_SOURCE="${source_file}" RSYNC_TARGET="${target_file}" \
+			/sbin/hotplug-call keepalived
+	done < "$FIFO_FILE"
+}
+
+TRAP() {
+	[ -n "$INOTIFY_PID" ] && kill "$INOTIFY_PID"
+	[ -e "$FIFO_FILE" ] && rm -f "$FIFO_FILE"
+}
+
+trap TRAP TERM INT
+main "$@"

net/keepalived/files/usr/libexec/keepalived/rpc/sync.sh

@@ -0,0 +1,59 @@
+#!/bin/sh
+
+# shellcheck disable=SC2039
+
+# shellcheck source=/dev/null
+. /usr/share/libubox/jshn.sh
+# shellcheck source=/dev/null
+. /lib/functions.sh
+
+peer() {
+	local cfg=$1
+	local c_name=$2
+	local name last_sync_time last_sync_status
+
+	config_get name "$cfg" name
+	[ "$name" != "$c_name" ] && return
+
+	config_get last_sync_time "$cfg" last_sync_time 0
+	config_get last_sync_status "$cfg" last_sync_status NA
+
+	json_add_object unicast_peer
+	json_add_string name "$name"
+	json_add_int time "$last_sync_time"
+	json_add_string status "$last_sync_status"
+	json_close_array
+}
+
+unicast_peer() {
+	config_foreach peer peer "$1"
+}
+
+vrrp_instance() {
+	local cfg=$1
+	local name
+
+	config_get name "$cfg" name
+
+	json_add_object vrrp_instance
+	json_add_string name "$name"
+	json_add_array unicast_peer
+	config_list_foreach "$cfg" unicast_peer unicast_peer
+	json_close_array
+	json_close_object
+}
+
+rsync_status() {
+	config_load keepalived
+
+	json_init
+	json_add_array vrrp_instance
+	config_foreach vrrp_instance vrrp_instance
+	json_close_array
+	json_dump
+}
+
+sync_help() {
+	json_add_object rsync_status
+	json_close_object
+}

net/keepalived/files/usr/libexec/rpcd/keepalived

@@ -1,6 +1,10 @@
 #!/bin/sh
 
+# shellcheck disable=SC2039
+
+# shellcheck source=/dev/null
 . /lib/functions.sh
+# shellcheck source=/dev/null
 . /usr/share/libubox/jshn.sh
 
 RPC_SCRIPTS=/usr/libexec/keepalived/rpc
@@ -16,21 +20,22 @@ foreach_extra() {
 
 	[ ! -d $RPC_SCRIPTS ] && return
 
-	for file in $RPC_SCRIPTS/*; do
+	for file in "$RPC_SCRIPTS"/*; do
 		obj="${file##*/}"
 		$1 "${obj%%.*}"
 	done
 }
 
 keepalived_dump() {
-	local stats_file="/tmp/keepalived.json"
-	local pids
+	local stats_file pids
+
+	stats_file="/tmp/keepalived.json"
 
 	[ -f "$stats_file" ] && rm -f "$stats_file"
 
 	pids=$(pidof /usr/sbin/keepalived)
 	if [ -n "$pids" ]; then
-		kill -37 $pids > /dev/null 2>&1
+		kill -37 "$pids" > /dev/null 2>&1
 		json_load "{ \"status\" :  $(cat $stats_file) }"
 	else
 		json_init
@@ -50,21 +55,28 @@ call_extra() {
 }
 
 call_method() {
-	case "$1" in
+	local cmd=$1
+
+	case "$cmd" in
 		dump)
 			keepalived_dump
 			;;
 		*)
-			call_extra $1
+			call_extra "$cmd"
 			;;
 	esac
 }
 
 list_extra() {
-	if __function__ "${1}_help"; then
-		${1}_help
+	local arg func
+
+	arg=$1
+	func="${arg}_help"
+
+	if __function__ "$func"; then
+		$func
 	else
-		json_add_object "$1"
+		json_add_object "$arg"
 		json_close_object
 	fi
 }
@@ -77,18 +89,21 @@ list_methods() {
 	json_add_object dump
 	json_close_object
 
-	foreach_extra list_extra ${1}
+	foreach_extra list_extra "${1}"
 
 	json_dump
 }
 
-main () {
-	case "$1" in
+main() {
+	local cmd=$1
+	shift
+
+	case "$cmd" in
 		list)
-			list_methods
+			list_methods "$@"
 			;;
 		call)
-			call_method $2
+			call_method "$@"
 			;;
 	esac
 }

net/keepalived/files/usr/share/keepalived/scripts/rsync.sh

@@ -0,0 +1,162 @@
+#!/bin/sh
+
+# shellcheck disable=SC2039
+
+# shellcheck source=/dev/null
+. /lib/functions.sh
+# shellcheck source=/dev/null
+. /lib/functions/keepalived/common.sh
+
+RSYNC_USER=$(get_rsync_user)
+RSYNC_HOME=$(get_rsync_user_home)
+
+utc_timestamp() {
+	date -u +%s
+}
+
+update_last_sync_time() {
+	uci_revert_state keepalived "$1" last_sync_time
+	uci_set_state keepalived "$1" last_sync_time "$(utc_timestamp)"
+}
+
+update_last_sync_status() {
+	local cfg="$1"
+	shift
+	local status="$*"
+
+	uci_revert_state keepalived "$cfg" last_sync_status
+	uci_set_state keepalived "$cfg" last_sync_status "$status"
+}
+
+ha_sync_send() {
+	local cfg=$1
+	local address ssh_key ssh_port sync_list sync_dir sync_file count
+	local ssh_options ssh_remote dirs_list files_list
+	local changelog="/tmp/changelog"
+
+	config_get address "$cfg" address
+	[ -z "$address" ] && return 0
+
+	config_get ssh_port "$cfg" ssh_port 22
+	config_get sync_dir "$cfg" sync_dir "$RSYNC_HOME"
+	[ -z "$sync_dir" ] && return 0
+	config_get ssh_key "$cfg" ssh_key "$sync_dir"/.ssh/id_rsa
+	config_get sync_list "$cfg" sync_list
+
+	for sync_file in $sync_list $(sysupgrade -l); do
+		[ -f "$sync_file" ] && {
+			dir="${sync_file%/*}"
+			list_contains files_list "${sync_file}" || append files_list "${sync_file}"
+		}
+		[ -d "$sync_file" ] && dir="${sync_file}"
+		list_contains dirs_list "${sync_dir}${dir}" || append dirs_list "${sync_dir}${dir}"
+	done
+
+	ssh_options="-y -y -i $ssh_key -p $ssh_port"
+	ssh_remote="$RSYNC_USER@$address"
+
+	# shellcheck disable=SC2086
+	timeout 10 ssh $ssh_options $ssh_remote mkdir -m 755 -p "$dirs_list /tmp" || {
+		log_err "can not connect to $address. check key or connection"
+		update_last_sync_time "$cfg"
+		update_last_sync_status "$cfg" "SSH Connection Failed"
+		return 0
+	}
+
+	# shellcheck disable=SC2086
+	if rsync --out-format='%n' --dry-run -a --relative ${files_list} -e "ssh $ssh_options" --rsync-path="sudo rsync" "$ssh_remote":"$sync_dir" > "$changelog"; then
+		count=$(wc -l "$changelog")
+		if [ "${count%% *}" = "0" ]; then
+			log_debug "all files are up to date"
+			update_last_sync_time "$cfg"
+			update_last_sync_status "$cfg" "Up to Date"
+			return 0
+		fi
+	else
+		log_err "rsync dry run failed for $address"
+		update_last_sync_time "$cfg"
+		update_last_sync_status "$cfg" "Rsync Detection Failed"
+		return 0
+	fi
+
+	# shellcheck disable=SC2086
+	rsync -a --relative ${files_list} ${changelog} -e "ssh $ssh_options" --rsync-path="sudo rsync" "$ssh_remote":"$sync_dir" || {
+		log_err "rsync transfer failed for $address"
+		update_last_sync_time "$cfg"
+		update_last_sync_status "$cfg" "Rsync Transfer Failed"
+	}
+
+	log_info "keepalived sync is compeleted for $address"
+	update_last_sync_time "$cfg"
+	update_last_sync_status "$cfg" "Successful"
+}
+
+ha_sync_receive() {
+	local cfg=$1
+	local ssh_pubkey
+	local name auth_file home_dir
+
+	config_get name "$cfg" name
+	config_get sync_dir "$cfg" sync_dir "$RSYNC_HOME"
+	[ -z "$sync_dir" ] && return 0
+	config_get ssh_pubkey "$cfg" ssh_pubkey
+	[ -z "$ssh_pubkey" ] && return 0
+
+	home_dir=$sync_dir
+	auth_file="$home_dir/.ssh/authorized_keys"
+
+	if ! grep -q "^$ssh_pubkey$" "$auth_file" 2> /dev/null; then
+		log_notice "public key not found. Updating"
+		echo "$ssh_pubkey" > "$auth_file"
+		chown "$RSYNC_USER":"$RSYNC_USER" "$auth_file"
+	fi
+
+	/etc/init.d/keepalived-inotify enabled || /etc/init.d/keepalived-inotify enable
+	/etc/init.d/keepalived-inotify running "$name" || /etc/init.d/keepalived-inotify start "$name"
+}
+
+ha_sync_each_peer() {
+	local cfg="$1"
+	local c_name="$2"
+	local name sync sync_mode
+
+	config_get name "$cfg" name
+	[ "$name" != "$c_name" ] && return 0
+
+	config_get sync "$cfg" sync 0
+	[ "$sync" = "0" ] && return 0
+
+	config_get sync_mode "$cfg" sync_mode
+	[ -z "$sync_mode" ] && return 0
+
+	case "$sync_mode" in
+		send) ha_sync_send "$cfg" ;;
+		receive) ha_sync_receive "$cfg" ;;
+	esac
+}
+
+ha_sync_peers() {
+	config_foreach ha_sync_each_peer peer "$1"
+}
+
+ha_sync() {
+	config_list_foreach "$1" unicast_peer ha_sync_peers
+}
+
+main() {
+	local lockfile="/var/lock/keepalived-rsync.lock"
+
+	if ! lock -n "$lockfile" > /dev/null 2>&1; then
+		log_info "another process is already running"
+		return 1
+	fi
+
+	config_load keepalived
+	config_foreach ha_sync vrrp_instance
+
+	lock -u "$lockfile"
+
+	return 0
+}
+
+main "$@"