ctdb-eventscripts: New configuration variable CTDB_NATGW_STATIC_ROUTES

This can be used to create more specific NATGW routes than the usual
NATGW default route.

Signed-off-by: Martin Schwenke <martin@meltin.net>

3 files changed, 64 insertions, 5 deletions

diff --git a/ctdb/config/events.d/11.natgw b/ctdb/config/events.d/11.natgw
index b97eca5e30..45b4d212ae 100755
--- a/ctdb/config/events.d/11.natgw
+++ b/ctdb/config/events.d/11.natgw
@@ -24,6 +24,9 @@ natgw_check_config ()
 	die "Invalid configuration: CTDB_NATGW_PUBLIC_IFACE not set"
     [ -n "$CTDB_NATGW_PRIVATE_NETWORK" ] || \
 	die "Invalid configuration: CTDB_NATGW_PRIVATE_NETWORK not set"
+
+    # The default is to create a single default route
+    [ -n "$CTDB_NATGW_STATIC_ROUTES" ] || CTDB_NATGW_STATIC_ROUTES="0.0.0.0/0"
 }
 
 natgw_set_capability ()
@@ -43,7 +46,9 @@ natgw_clear ()
 
     delete_ip_from_iface \
 	$CTDB_NATGW_PUBLIC_IFACE $_ip $_maskbits >/dev/null 2>&1
-    ip route del 0.0.0.0/0 metric 10 >/dev/null 2>/dev/null
+    for _net in $CTDB_NATGW_STATIC_ROUTES ; do
+	ip route del "$_net" metric 10 >/dev/null 2>/dev/null
+    done
 
     # Delete the masquerading setup from a previous iteration where we
     # were the NAT-GW
@@ -70,7 +75,9 @@ natgw_set_master ()
 
     ip addr add $CTDB_NATGW_PUBLIC_IP dev $CTDB_NATGW_PUBLIC_IFACE
     if [ -n "$CTDB_NATGW_DEFAULT_GATEWAY" ] ; then
-	ip route add 0.0.0.0/0 metric 10 via $CTDB_NATGW_DEFAULT_GATEWAY
+	for _net in $CTDB_NATGW_STATIC_ROUTES ; do
+	    ip route add "$_net" metric 10 via $CTDB_NATGW_DEFAULT_GATEWAY
+	done
     fi
 }
 
@@ -78,7 +85,9 @@ natgw_set_slave ()
 {
     _natgwip="$1"
 
-    ip route add 0.0.0.0/0 via "$_natgwip" metric 10
+    for _net in $CTDB_NATGW_STATIC_ROUTES ; do
+	ip route add "$_net" via "$_natgwip" metric 10
+    done
 
     # Make sure winbindd does not stay bound to this address if we are
     # no longer NATGW master
diff --git a/ctdb/doc/ctdb.7.xml b/ctdb/doc/ctdb.7.xml
index d640300024..f48d5a6299 100644
--- a/ctdb/doc/ctdb.7.xml
+++ b/ctdb/doc/ctdb.7.xml
@@ -655,9 +655,17 @@ CTDB_NATGW_DEFAULT_GATEWAY=10.0.0.1
       </para>
 
       <para>
+	<varname>CTDB_NATGW_STATIC_ROUTES</varname> can be used to
+	have NATGW create more specific routes instead of just default
+	routes.
+      </para>
+
+      <para>
 	This is implemented in the <filename>11.natgw</filename>
-	eventscript. Please see the eventscript file for the finer
-	details.
+	eventscript.  Please see the eventscript file and the
+	<citetitle>NAT GATEWAY</citetitle> section in
+	<citerefentry><refentrytitle>ctdbd.conf</refentrytitle>
+	<manvolnum>5</manvolnum></citerefentry> for more details.
       </para>
 
     </refsect2>
diff --git a/ctdb/doc/ctdbd.conf.5.xml b/ctdb/doc/ctdbd.conf.5.xml
index 6d164f6cfc..ff064cfffd 100644
--- a/ctdb/doc/ctdbd.conf.5.xml
+++ b/ctdb/doc/ctdbd.conf.5.xml
@@ -545,6 +545,31 @@
 	  </listitem>
 	</varlistentry>
 
+	<varlistentry>
+	  <term>CTDB_NATGW_STATIC_ROUTES=<parameter>IPADDR/MASK</parameter> ...</term>
+	  <listitem>
+	    <para>
+	      Each IPADDR/MASK identifies a network or host to which
+	      NATGW should create a fallback route, instead of
+	      creating a single default route.  This can be used when
+	      there is already a default route, via an interface that
+	      can not reach required infrastructure, that overrides
+	      the NAT gateway default route.
+	    </para>
+	    <para>
+	      This should be used with care to avoid causing traffic
+	      to unnecessarily double-hop through the NAT gateway
+	      master, even when a node is hosting public IP addresses.
+	      Each specified network or host should probably have a
+	      corresponding automatically created link route or static
+	      route to avoid this.
+	    </para>
+	    <para>
+	      No default.
+	    </para>
+	  </listitem>
+	</varlistentry>
+
       </variablelist>
 
       <refsect3>
@@ -556,6 +581,23 @@ CTDB_NATGW_DEFAULT_GATEWAY=10.0.0.1
 CTDB_NATGW_PUBLIC_IP=10.0.0.227/24
 CTDB_NATGW_PUBLIC_IFACE=eth0
 	</screen>
+
+	<para>
+	  A variation that ensures that infrastructure (ADS, DNS, ...)
+	  directly attached to the public network (10.0.0.0/24) is
+	  always reachable would look like this:
+	</para>
+	<screen>
+CTDB_NATGW_NODES=/etc/ctdb/natgw_nodes
+CTDB_NATGW_PRIVATE_NETWORK=192.168.1.0/24
+CTDB_NATGW_PUBLIC_IP=10.0.0.227/24
+CTDB_NATGW_PUBLIC_IFACE=eth0
+CTDB_NATGW_STATIC_ROUTES=10.0.0.0/24
+	</screen>
+	<para>
+	  Note that <varname>CTDB_NATGW_DEFAULT_GATEWAY</varname> is
+	  not specified.
+	</para>
       </refsect3>
 
     </refsect2>