Provided by: ctdb_4.22.2+dfsg-1ubuntu1_amd64 
NAME
ctdb-script.options - CTDB scripts configuration files
DESCRIPTION
Location
Each CTDB script has 2 possible locations for its configuration options:
/etc/ctdb/script.options
This is a catch-all global file for general purpose scripts and for options that are used in multiple
event scripts.
SCRIPT.options
That is, options for SCRIPT are placed in a file alongside the script, with a ".script" suffix added.
This style is usually recommended for event scripts.
Options in this script-specific file override those in the global file.
Contents
These files should include simple shell-style variable assignments and shell-style comments.
Monitoring Thresholds
Event scripts can monitor resources or services. When a problem is detected, it may be better to warn
about a problem rather than to immediately fail monitoring and mark a node as unhealthy. CTDB provides
support for event scripts to do threshold-based monitoring.
A threshold setting looks like WARNING_THRESHOLD[:ERROR_THRESHOLD]. If the number of problems is ≥
WARNING_THRESHOLD then the script will log a warning and continue. If the number problems is ≥
ERROR_THRESHOLD then the script will log an error and exit with failure, causing monitoring to fail. Note
that ERROR_THRESHOLD is optional, and follows the optional colon (:) separator.
NETWORK CONFIGURATION
10.interface
This event script handles public IP address release and takeover, as well as monitoring interfaces used
by public IP addresses.
CTDB_KILLTCP_USE_SS_KILL=yes|try|no
Whether to use ss -K/--kill to reset incoming TCP connections to public IP addresses during
releaseip.
CTDB's standard method of resetting incoming TCP connections during releaseip is via its custom
ctdb_killtcp command. This uses network trickery to reset each connection: send a "tickle ACK",
capture the reply to extract the TCP sequence number, send a reset (containing the correct sequence
number).
ss -K has been supported in ss since iproute 4.5 in March 2016 and in the Linux kernel since 4.4 in
December 2015. However, the required kernel configuration item CONFIG_INET_DIAG_DESTROY is disabled
by default. Although enabled in Debian kernels since ~2017 and in Ubuntu since at least 18.04, this
has only recently been enabled in distributions such as RHEL. There seems to be no way, including
running ss -K, to determine if this is supported, so use of this feature needs to be configurable.
When available, it should be the fastest, most reliable way of killing connections.
Supported values are:
yes
Use ss -K and make no other attempt to kill any remaining connections. This is sane on modern
Linux distributions that are guaranteed to have CONFIG_INET_DIAG_DESTROY enabled.
try
Attempt to use ss -K and fall back to ctdb_killtcp for any remaining connections. This may be a
good value when ss supports the -K option but it is uncertain whether CONFIG_INET_DIAG_DESTROY is
enabled.
no
Never attempt to use ss -K. Rely only on ctdb_killtcp.
Default is "no".
CTDB_PARTIALLY_ONLINE_INTERFACES=yes|no
Whether one or more offline interfaces should cause a monitor event to fail if there are other
interfaces that are up. If this is "yes" and a node has some interfaces that are down then ctdb
status will display the node as "PARTIALLYONLINE".
Note that CTDB_PARTIALLY_ONLINE_INTERFACES=yes is not generally compatible with NAT gateway or LVS.
NAT gateway relies on the interface configured by CTDB_NATGW_PUBLIC_IFACE to be up and LVS replies on
CTDB_LVS_PUBLIC_IFACE to be up. CTDB does not check if these options are set in an incompatible way
so care is needed to understand the interaction.
Default is "no".
11.natgw
Provides CTDB's NAT gateway functionality.
NAT gateway is used to configure fallback routing for nodes when they do not host any public IP
addresses. For example, it allows unhealthy nodes to reliably communicate with external infrastructure.
One node in a NAT gateway group will be designated as the NAT gateway leader node and other (follower)
nodes will be configured with fallback routes via the NAT gateway leader node. For more information, see
the NAT GATEWAY section in ctdb(7).
CTDB_NATGW_DEFAULT_GATEWAY=IPADDR
IPADDR is an alternate network gateway to use on the NAT gateway leader node. If set, a fallback
default route is added via this network gateway.
No default. Setting this variable is optional - if not set that no route is created on the NAT
gateway leader node.
CTDB_NATGW_NODES=FILENAME
FILENAME contains the list of nodes that belong to the same NAT gateway group.
File format:
IPADDR [follower-only]
IPADDR is the private IP address of each node in the NAT gateway group.
If "follower-only" is specified then the corresponding node can not be the NAT gateway leader node.
In this case CTDB_NATGW_PUBLIC_IFACE and CTDB_NATGW_PUBLIC_IP are optional and unused.
No default, usually /etc/ctdb/natgw_nodes when enabled.
CTDB_NATGW_PRIVATE_NETWORK=IPADDR/MASK
IPADDR/MASK is the private sub-network that is internally routed via the NAT gateway leader node.
This is usually the private network that is used for node addresses.
No default.
CTDB_NATGW_PUBLIC_IFACE=IFACE
IFACE is the network interface on which the CTDB_NATGW_PUBLIC_IP will be configured.
No default.
CTDB_NATGW_PUBLIC_IP=IPADDR/MASK
IPADDR/MASK indicates the IP address that is used for outgoing traffic (originating from
CTDB_NATGW_PRIVATE_NETWORK) on the NAT gateway leader node. This must not be a configured public IP
address.
No default.
CTDB_NATGW_STATIC_ROUTES=IPADDR/MASK[@GATEWAY] ...
Each IPADDR/MASK identifies a network or host to which NATGW should create a fallback route, instead
of creating a single default route. This can be used when there is already a default route, via an
interface that can not reach required infrastructure, that overrides the NAT gateway default route.
If GATEWAY is specified then the corresponding route on the NATGW leader node will be via GATEWAY.
Such routes are created even if CTDB_NATGW_DEFAULT_GATEWAY is not specified. If GATEWAY is not
specified for some networks then routes are only created on the NATGW leader node for those networks
if CTDB_NATGW_DEFAULT_GATEWAY is specified.
This should be used with care to avoid causing traffic to unnecessarily double-hop through the NAT
gateway leader, even when a node is hosting public IP addresses. Each specified network or host
should probably have a corresponding automatically created link route or static route to avoid this.
No default.
Example
CTDB_NATGW_NODES=/etc/ctdb/natgw_nodes
CTDB_NATGW_PRIVATE_NETWORK=192.168.1.0/24
CTDB_NATGW_DEFAULT_GATEWAY=10.0.0.1
CTDB_NATGW_PUBLIC_IP=10.0.0.227/24
CTDB_NATGW_PUBLIC_IFACE=eth0
A variation that ensures that infrastructure (ADS, DNS, ...) directly attached to the public network
(10.0.0.0/24) is always reachable would look like this:
CTDB_NATGW_NODES=/etc/ctdb/natgw_nodes
CTDB_NATGW_PRIVATE_NETWORK=192.168.1.0/24
CTDB_NATGW_PUBLIC_IP=10.0.0.227/24
CTDB_NATGW_PUBLIC_IFACE=eth0
CTDB_NATGW_STATIC_ROUTES=10.0.0.0/24
Note that CTDB_NATGW_DEFAULT_GATEWAY is not specified.
13.per_ip_routing
Provides CTDB's policy routing functionality.
A node running CTDB may be a component of a complex network topology. In particular, public addresses may
be spread across several different networks (or VLANs) and it may not be possible to route packets from
these public addresses via the system's default route. Therefore, CTDB has support for policy routing via
the 13.per_ip_routing eventscript. This allows routing to be specified for packets sourced from each
public address. The routes are added and removed as CTDB moves public addresses between nodes.
For more information, see the POLICY ROUTING section in ctdb(7).
CTDB_PER_IP_ROUTING_CONF=FILENAME
FILENAME contains elements for constructing the desired routes for each source address.
The special FILENAME value __auto_link_local__ indicates that no configuration file is provided and
that CTDB should generate reasonable link-local routes for each public IP address.
File format:
IPADDR DEST-IPADDR/MASK [GATEWAY-IPADDR]
No default, usually /etc/ctdb/policy_routing when enabled.
CTDB_PER_IP_ROUTING_RULE_PREF=NUM
NUM sets the priority (or preference) for the routing rules that are added by CTDB.
This should be (strictly) greater than 0 and (strictly) less than 32766. A priority of 100 is
recommended, unless this conflicts with a priority already in use on the system. See ip(8), for more
details.
CTDB_PER_IP_ROUTING_TABLE_ID_LOW=LOW-NUM, CTDB_PER_IP_ROUTING_TABLE_ID_HIGH=HIGH-NUM
CTDB determines a unique routing table number to use for the routing related to each public address.
LOW-NUM and HIGH-NUM indicate the minimum and maximum routing table numbers that are used.
ip(8) uses some reserved routing table numbers below 255. Therefore, CTDB_PER_IP_ROUTING_TABLE_ID_LOW
should be (strictly) greater than 255.
CTDB uses the standard file /etc/iproute2/rt_tables to maintain a mapping between the routing table
numbers and labels. The label for a public address ADDR will look like ctdb.addr. This means that the
associated rules and routes are easy to read (and manipulate).
No default, usually 1000 and 9000.
Example
CTDB_PER_IP_ROUTING_CONF=/etc/ctdb/policy_routing
CTDB_PER_IP_ROUTING_RULE_PREF=100
CTDB_PER_IP_ROUTING_TABLE_ID_LOW=1000
CTDB_PER_IP_ROUTING_TABLE_ID_HIGH=9000
91.lvs
Provides CTDB's LVS functionality.
For a general description see the LVS section in ctdb(7).
CTDB_LVS_NODES=FILENAME
FILENAME contains the list of nodes that belong to the same LVS group.
File format:
IPADDR [follower-only]
IPADDR is the private IP address of each node in the LVS group.
If "follower-only" is specified then the corresponding node can not be the LVS leader node. In this
case CTDB_LVS_PUBLIC_IFACE and CTDB_LVS_PUBLIC_IP are optional and unused.
No default, usually /etc/ctdb/lvs_nodes when enabled.
CTDB_LVS_PUBLIC_IFACE=INTERFACE
INTERFACE is the network interface that clients will use to connection to CTDB_LVS_PUBLIC_IP. This is
optional for follower-only nodes. No default.
CTDB_LVS_PUBLIC_IP=IPADDR
CTDB_LVS_PUBLIC_IP is the LVS public address. No default.
SERVICE CONFIGURATION
CTDB can be configured to manage and/or monitor various NAS (and other) services via its eventscripts.
In the simplest case CTDB will manage a service. This means the service will be started and stopped along
with CTDB, CTDB will monitor the service and CTDB will do any required reconfiguration of the service
when public IP addresses are failed over.
20.multipathd
Provides CTDB's Linux multipathd service management.
It can monitor multipath devices to ensure that active paths are available.
CTDB_MONITOR_MPDEVICES=MP-DEVICE-LIST
MP-DEVICE-LIST is a list of multipath devices for CTDB to monitor?
No default.
31.clamd
This event script provide CTDB's ClamAV anti-virus service management.
This eventscript is not enabled by default. Use ctdb enablescript to enable it.
CTDB_CLAMD_SOCKET=FILENAME
FILENAME is the socket to monitor ClamAV.
No default.
40.vsftpd
Provides CTDB's vsftpd service management.
CTDB_VSFTPD_MONITOR_THRESHOLDS=THRESHOLDS
THRESHOLDS indicates how many consecutive monitoring attempts need to report that vsftpd is not
listening on TCP port 21 before a warning is logged and before monitoring fails. See the Monitoring
Thresholds for a description of how monitoring thresholds work.
Default is 1:2.
48.netbios
Provides CTDB's NetBIOS service management.
CTDB_SERVICE_NMB=SERVICE
Distribution specific SERVICE for managing nmbd.
Default is distribution-dependant.
49.winbind
Provides CTDB's Samba winbind service management.
CTDB_SERVICE_WINBIND=SERVICE
Distribution specific SERVICE for managing winbindd.
Default is "winbind".
CTDB_SAMBA_INTERFACES_FILE=FILENAME
Generates FILENAME, containing an smb.conf snippet with an interfaces setting that includes
interfaces for configured CTDB public IP addresses. This file then needs to be explicitly included in
smb.conf.
For example, if public IP addresses are defined on interfaces eth0 and eth1, and this is set to
/etc/samba/interfaces.conf, then that file will contain the following before smbd is started:
bind interfaces only = yes
interfaces = lo eth0 eth1
This can be useful for limiting the interfaces used by SMB multichannel.
Default is to not generate a file.
CTDB_SAMBA_INTERFACES_EXTRA=INTERFACE-LIST
A space separated list to provide additional interfaces to bind.
Default is empty - no extra interfaces are added.
50.samba
Provides the core of CTDB's Samba file service management.
CTDB_SAMBA_CHECK_PORTS=PORT-LIST
When monitoring Samba, check TCP ports in space-separated PORT-LIST.
Default is to monitor ports that Samba is configured to listen on.
CTDB_SAMBA_SKIP_SHARE_CHECK=yes|no
As part of monitoring, should CTDB skip the check for the existence of each directory configured as
share in Samba. This may be desirable if there is a large number of shares.
Default is no.
CTDB_SERVICE_SMB=SERVICE
Distribution specific SERVICE for managing smbd.
Default is distribution-dependant.
60.nfs
This event script provides CTDB's NFS service management.
This includes parameters for the kernel NFS server. Alternative NFS subsystems (such as NFS-Ganesha[1])
can be integrated using CTDB_NFS_CALLOUT.
CTDB_NFS_CALLOUT=COMMAND
COMMAND specifies the path to a callout to handle interactions with the configured NFS system,
including startup, shutdown, monitoring.
Default is the included nfs-linux-kernel-callout.
CTDB_NFS_CHECKS_DIR=DIRECTORY
Specifies the path to a DIRECTORY containing files that describe how to monitor the responsiveness of
NFS RPC services. See the README file for this directory for an explanation of the contents of these
"check" files.
CTDB_NFS_CHECKS_DIR can be used to point to different sets of checks for different NFS servers.
One way of using this is to have it point to, say, /etc/ctdb/nfs-checks-enabled.d and populate it
with symbolic links to the desired check files. This avoids duplication and is upgrade-safe.
Default is /etc/ctdb/nfs-checks.d, which contains NFS RPC checks suitable for Linux kernel NFS.
CTDB_NFS_EXPORTS_FILE=FILE
Set FILE as the path of the file containing NFS exports, for use by the NFS callout (see
CTDB_NFS_CALLOUT, above). This is used for share checks when CTDB_NFS_SKIP_SHARE_CHECK is not set to
"yes". This is most useful with NFS-Ganesha, since it supports configuration include files and
exports may be stored in a separate file.
Default is /var/lib/nfs/etab for nfs-linux-kernel-callout, /etc/ganesha/ganesha.conf for
nfs-ganesha-callout.
CTDB_NFS_SHARED_STATE_DIR=DIRECTORY
DIRECTORY where clustered NFS shared state will be located. DIRECTORY should be in a cluster
filesystem that is shared between the nodes. No default.
CTDB_NFS_SKIP_SHARE_CHECK=yes|no
As part of monitoring, should CTDB skip the check for the existence of each directory exported via
NFS. This may be desirable if there is a large number of exports.
Default is no.
CTDB_RPCINFO_LOCALHOST=IPADDR|HOSTNAME
IPADDR or HOSTNAME indicates the address that rpcinfo should connect to when doing rpcinfo check on
IPv4 RPC service during monitoring. Optimally this would be "localhost". However, this can add some
performance overheads.
Default is "127.0.0.1".
CTDB_RPCINFO_LOCALHOST6=IPADDR|HOSTNAME
IPADDR or HOSTNAME indicates the address that rpcinfo should connect to when doing rpcinfo check on
IPv6 RPC service during monitoring. Optimally this would be "localhost6" (or similar). However, this
can add some performance overheads.
Default is "::1".
CTDB_STATD_CALLOUT_SHARED_STORAGE=LOCATION
LOCATION where NFSv3 statd state will be stored. Valid values are:
persistent_db[:TDB]
Data is queued to local storage and then dequeued to TDB during monitor events. This means there
is a window where locking state may be lost. However, this works around performance limitations
in CTDB's persistent database handling.
If :TDB is omitted then TDB defaults to ctdb_statd_callout.tdb.
shared_dir[:DIRECTORY]
DIRECTORY is a directory in a cluster filesystem that is shared between the nodes. If DIRECTORY
is relative (i.e. does not start with '/') then it is appended to CTDB_NFS_SHARED_STATE_DIR. If
:DIRECTORY is omitted then DIRECTORY defaults to statd.
Using a shared directory may result in performance and/or stability problems. rpc.statd is
single-threaded and its HA callout is called synchronously, causing any latency introduced by the
callout to be cumulative. Stability issues are most likely if thousands of clients reclaim locks
after failover and use of the cluster filesystem introduces too much additional latency. Too much
latency in in the HA callout may cause rpc.statd to fail health monitoring.
none
No cluster-aware handling of NFSv3 statd state is done. NFSv3 lock reclaim will not occur and
applications that use locking over NFSv3 are likely to lose or corrupt data.
This should be used with care and only in the case where no applications are using POSIX locks in
NFSv3 mounts. It should probably be considered an option to test the latency of statd_callout,
without including any storage costs.
70.iscsi
Provides CTDB's Linux iSCSI tgtd service management.
CTDB_START_ISCSI_SCRIPTS=DIRECTORY
DIRECTORY on shared storage containing scripts to start tgtd for each public IP address.
No default.
DATABASE HANDLING
CTDB checks the consistency of databases during startup and provides a facility to backup persistent
databases.
95.database
CTDB_MAX_CORRUPT_DB_BACKUPS=NUM
NUM is the maximum number of volatile TDB database backups to be kept (for each database) when a
corrupt database is found during startup. Volatile TDBs are zeroed during startup so backups are
needed to debug any corruption that occurs before a restart.
Default is 10.
CTDB_PERSISTENT_DB_BACKUP_DIR=DIRECTORY
Create a daily backup tarball for all persistent TDBs in DIRECTORY. Note that DIRECTORY must exist or
no backups will be created.
Given that persistent databases are fully replicated, duplication is avoid by only creating backups
on the current leader node. To maintain a complete, single set of backups, it makes sense for
DIRECTORY to be in a cluster filesystem.
This creates the backup from the monitor event, which should be fine because backing up persistent
databases is a local operation. Users who do not wish do create backups during the monitor event can
choose not to use this option and instead run /etc/ctdb/ctdb-backup-persistent-tdbs.sh -l DIRECTORY
on all nodes using a cron(8) job, which will also need to manually manage backup pruning.
No default. No daily backups are created.
CTDB_PERSISTENT_DB_BACKUP_LIMIT=COUNT
Keep at most COUNT backups in CTDB_PERSISTENT_DB_BACKUP_DIR. Note that if additional manual backups
are created in this directory then these will count towards the limit.
Default is 14.
SYSTEM RESOURCE MONITORING
05.system
Provides CTDB's filesystem and memory usage monitoring.
CTDB can experience seemingly random (performance and other) issues if system resources become too
constrained. Options in this section can be enabled to allow certain system resources to be checked. They
allows warnings to be logged and nodes to be marked unhealthy when system resource usage reaches the
configured thresholds.
Some checks are enabled by default. It is recommended that these checks remain enabled or are augmented
by extra checks. There is no supported way of completely disabling the checks.
CTDB_MONITOR_FILESYSTEM_USAGE=FS-LIMIT-LIST
FS-LIMIT-LIST is a space-separated list of FILESYSTEM:WARN_LIMIT[:UNHEALTHY_LIMIT] triples indicating
that warnings should be logged if the space used on FILESYSTEM reaches WARN_LIMIT%. If usage reaches
UNHEALTHY_LIMIT then the node should be flagged unhealthy. Either WARN_LIMIT or UNHEALTHY_LIMIT may
be left blank, meaning that check will be omitted.
Default is to warn for each filesystem containing a database directory (volatile database directory,
persistent database directory, state database directory) with a threshold of 90%.
CTDB_MONITOR_MEMORY_USAGE=MEM-LIMITS
MEM-LIMITS takes the form WARN_LIMIT[:UNHEALTHY_LIMIT] indicating that warnings should be logged if
memory usage reaches WARN_LIMIT%. If usage reaches UNHEALTHY_LIMIT then the node should be flagged
unhealthy. Either WARN_LIMIT or UNHEALTHY_LIMIT may be left blank, meaning that check will be
omitted.
Default is 80, so warnings will be logged when memory usage reaches 80%.
EVENT SCRIPT DEBUGGING
debug-hung-script.sh
CTDB_DEBUG_HUNG_SCRIPT_STACKPAT=REGEXP
REGEXP specifies interesting processes for which stack traces should be logged when debugging hung
eventscripts and those processes are matched in pstree output. REGEXP is an extended regexp so
choices are separated by pipes ('|'). However, REGEXP should not contain parentheses. See also the
ctdb.conf(5) [event] "debug script" option.
Default is "exportfs|rpcinfo".
FILES
/etc/ctdb/script.options
SEE ALSO
ctdbd(1), ctdb(7), http://ctdb.samba.org/
AUTHOR
This documentation was written by Amitay Isaacs, Martin Schwenke
COPYRIGHT
Copyright © 2007 Andrew Tridgell, Ronnie Sahlberg
This program is free software; you can redistribute it and/or modify it under the terms of the GNU
General Public License as published by the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, see
http://www.gnu.org/licenses.
NOTES
1. NFS-Ganesha
https://github.com/nfs-ganesha/nfs-ganesha/wiki
ctdb 06/18/2025 CTDB-SCRIPT.OPTIO(5)