Version information
This version is compatible with:
- Puppet Enterprise 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- , , , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'puppet-conntrackd', '3.0.0'Learn more about managing modules with a PuppetfileDocumentation
puppet-module-conntrackd
Puppet module to manage conntrackd.
Have a look at REFERENCE.md or the main module class
(init.pp) to see what this module does on a node plus
usage examples.
Compatibility
Supports both ipv4 and ipv6, all conntrackd options and all sync modes.
Tested with Debian, Ubuntu and RedHat-compatible distros.
See metadata.json for the full list of tested operating
systems and Puppet versions.
Requirements
This module has the following dependencies:
For a full (and up-to-date) list of dependencies, please see metadata.json.
Usage examples
Install and manage the conntrackd service
include 'conntrackd'
Multicast Sync over eth1 using the default FTFW sync mode:
class { 'conntrackd':
protocol => 'Multicast',
interface => 'eth1',
ipv4_address => $multicast_address,
ipv4_interface => $facts['networking']['interfaces']['eth1']['ip'],
}
UDP Sync over eth2 using the ALARM sync mode:
class { 'conntrackd':
sync_mode => 'ALARM',
protocol => 'UDP',
interface => 'eth2',
ipv4_address => $facts['networking']['interfaces']['eth2']['ip'],
udp_ipv4_dest => $other_remote_host,
}
Remove service, package and configuration of conntrackd:
class { 'conntrackd':
ensure => 'absent',
}
You can find more examples in the examples dir.
Links
- Official conntrackd website http://conntrack-tools.netfilter.org/conntrackd.html
- Official project page https://github.com/voxpupuli/puppet-conntrackd
License, Copyright
See COPYING and NOTICE file in the root directory of this module.
Author
- Written initially by Ian Bissett bisscuitt@gmail.com @bisscuitt
- This module is now maintained by VoxPupuli
Reference
Table of Contents
Classes
Public Classes
conntrackd: This class is able to install or remove conntrackd on a node. Itconntrackd::config: This class exists to coordinate all configuration for the conntrackd daemon
Private Classes
conntrackd::package: This class exists to coordinate all software package management relatedconntrackd::service: This class exists to coordinate all service management related actions,
Classes
conntrackd
conntrackd
manages the status and configuration of the service.
Examples
Installation, make sure service is running and will be started at boot time:
class { 'conntrackd': }
Removal/decommissioning:
class { 'conntrackd':
ensure => 'absent',
}
Install everything but disable service(s) afterwards
class { 'conntrackd':
status => 'disabled',
}
Parameters
The following parameters are available in the conntrackd class:
ensureautoupgradestatuspackageservice_nameservice_hasrestartservice_hasstatusservice_patternservice_statusconfig_dirconfig_filenamenicehashsizelogfilesysloglockfilesock_pathsock_backlogignore_ips_ipv4ignore_ips_ipv6tcp_flowsnetlinkbuffersizenetlinkbuffersizemaxgrowthnetlinkoverrunresyncnetlinkeventsreliablepollsecseventiterationlimitsync_moderesend_queue_sizeack_window_sizedisable_external_cachedisable_internal_cacherefresh_timecache_timeoutcommit_timeoutpurge_timeoutprotocolinterfaceipv4_addressipv4_interfacemcast_groupsndsocketbufferrcvsocketbufferchecksumudp_ipv6_addressudp_ipv4_destudp_ipv6_destudp_portfilter_accept_protocolstcp_window_trackingtrack_tcp_statesscheduler_typescheduler_prioritystats_logfilestats_netlink_reliablestats_sysloghashlimit
ensure
Data type: Enum['present', 'absent']
String. Controls if the managed resources shall be present or absent. If set to absent:
- The managed software packages are being uninstalled.
- Any traces of the packages will be purged as good as possible. This may
include existing configuration files. The exact behavior is provider
dependent. Q.v.:
- Puppet type reference: {package, "purgeable"}[http://j.mp/xbxmNP]
- {Puppet's package provider source code}[http://j.mp/wtVCaL]
- System modifications (if any) will be reverted as good as possible (e.g. removal of created users, services, changed log settings, ...).
- This is thus destructive and should be used with care. Defaults to present.
autoupgrade
Data type: Boolean
Boolean. If set to true, any managed package gets upgraded on each Puppet run when the package provider is able to find a newer version than the present one. The exact behavior is provider dependent. Q.v.:
- Puppet type reference: {package, "upgradeable"}[http://j.mp/xbxmNP]
- {Puppet's package provider source code}[http://j.mp/wtVCaL] Defaults to false.
status
Data type:
Enum[
'enabled',
'disabled',
'running',
'unmanaged'
]
String to define the status of the service. Possible values:
- enabled: Service is running and will be started at boot time.
- disabled: Service is stopped and will not be started at boot time.
- running: Service is running but will not be started at boot time. You can use this to start a service on the first Puppet run instead of the system startup.
- unmanaged: Service will not be started at boot time and Puppet does not care whether the service is running or not. For example, this may be useful if a cluster management software is used to decide when to start the service plus assuring it is running on the desired node. Defaults to enabled. The singular form ("service") is used for the sake of convenience. Of course, the defined status affects all services if more than one is managed (see service.pp to check if this is the case).
package
Data type: Array
The name(s) of the conntrack package(s)
service_name
Data type: String
The name of the conntrackd service
service_hasrestart
Data type: Boolean
The service hasrestart attribute
service_hasstatus
Data type: Boolean
The service hasstatus attribute
service_pattern
Data type: String
The service pattern attribute
service_status
Data type: String
The service status attribute
config_dir
Data type: String
Top-level directory for configuration
config_filename
Data type: String
Config file name
nice
Data type: Integer[-20,19]
integer: Nice value of the conntrackd process range: -19 to +19 Default: -1
hashsize
Data type: Integer
integer: Number of buckets in the cache hashtable. Default: 32768
logfile
Data type: String
string: fully qualified path to the logfile or 'Off' (directory must exist and be writable) values: on, off, Default: off
syslog
Data type: String
string: enable syslog logging values: on, off or Default: on
lockfile
Data type: String
string: fully qualified path to the lockfile Default: /var/lock/conntrack.lock
sock_path
Data type: String
string: fully qualified path to the UNIX socket used for configuration Default: /var/run/conntrackd.ctl
sock_backlog
Data type: Integer
integer: sets the blacklog ofr the UNIX socket Default: 20
ignore_ips_ipv4
Data type: Array
array: list of IPv4 addresses to ignore. should include this node's address Default: [ '127.0.0.1', '192.168.0.1', '10.1.1.1' ]
ignore_ips_ipv6
Data type: Array
array: list of IPv4 addresses to ignore. should include this node's address Default: [ '::1' ]
tcp_flows
Data type: Array
array: list of flows to monitor allowed: 'ESTABLISHED', 'CLOSED', 'TIME_WAIT', 'CLOSE_WAIT' Default: [ 'ESTABLISHED', 'CLOSED', 'TIME_WAIT', 'CLOSE_WAIT' ]
netlinkbuffersize
Data type: Integer
integer: Netlink event socket buffer size Default: 2097152
netlinkbuffersizemaxgrowth
Data type: Integer
integer: The daemon doubles the size of the netlink event socket buffer size if it detects netlink event message dropping . This clause sets the maximum buffer size growth that can be reached. Default: 8388608
netlinkoverrunresync
Data type: String
boolean: If the daemon detects that Netlink is dropping state-change events, it automatically schedules a resynchronization against the Kernel after 30 seconds (default value) Default: on
netlinkeventsreliable
Data type: String
boolean: If you want reliable event reporting over Netlink, set on this option. If you set on this clause, it is a good idea to set off NetlinkOverrunResync. Default: Off
pollsecs
Data type: Optional[Integer]
integer: By default, the daemon receives state updates following an event-driven model. You can modify this behaviour by switching to polling mode with the PollSecs clause. Default: Off
eventiterationlimit
Data type: Integer
integer: The daemon prioritizes the handling of state-change events coming from the core. With this clause, you can set the maximum number of state-change events (coming from kernel-space) that the daemon will handle after which it will handle other events coming from the network or userspace Default: 100
sync_mode
Data type: Enum['FTFW', 'NOTRACK', 'ALARM']
string: The syncronisation mode to use values: one of: FTFW, NOTRACK or ALARM Default: FTFW
resend_queue_size
Data type: Integer
integer: Size of the resend queue (in objects) Default: 131072
ack_window_size
Data type: Integer
integer: acknowledgement window size. If you decrease this value, the number of acknowlegdments increases Default: 300
disable_external_cache
Data type: String
boolean: This clause allows you to disable the external cache. Thus, the state entries are directly injected into the kernel conntrack table. Default: Off
disable_internal_cache
Data type: String
boolean: This clause allows you to disable the internal cache. Default: Off
refresh_time
Data type: Integer
integer: ALARM Mode: If a conntrack entry is not modified in <= 15 seconds, then a message is broadcasted. Default: 15
cache_timeout
Data type: Integer
integer: If we don't receive a notification about the state of an entry in the external cache after N seconds, then remove it. Default: 180
commit_timeout
Data type: Integer
integer: This parameter allows you to set an initial fixed timeout for the committed entries when this node goes from backup to primary. Default: 180
purge_timeout
Data type: Integer
integer: If the firewall replica goes from primary to backup, the conntrackd -t command is invoked in the script. This command schedules a flush of the table in N seconds. Default: 60
protocol
Data type: Enum['Multicast', 'UDP']
string: The protocol to use for syncing. values: Multicast or UDP Default: Multicast
interface
Data type: String
string: Dedicated physical interface for communicating with the other host. value: Default: undef
ipv4_address
Data type: String
string: Multicast mode only: The multicast address to commuincate over value: Must be set for Multicast mode: Default: 255.0.0.50
ipv4_interface
Data type: String
string: The ip address to bind to for multicast and UDP connections. value: Must be set for Multicast or UDP mode: Default: undef
mcast_group
Data type: String
integer: The multicast group to use for Multicast mode Default: 3780
sndsocketbuffer
Data type: Integer
integer: The multicast sender uses a buffer to enqueue the packets that are going to be transmitted. Default: 1249280
rcvsocketbuffer
Data type: Integer
integer: The multicast receiver uses a buffer to enqueue the packets that the socket is pending to handle. Default: 1249280
checksum
Data type: String
integer: Enable/Disable message checksumming. Default: on
udp_ipv6_address
Data type: Optional[String]
string: The IPv6 interface address to bind to in UDP mode Default: undef
udp_ipv4_dest
Data type: Optional[String]
string: The IPv4 interface of the other node when UDP is enabled Default: undef
udp_ipv6_dest
Data type: Optional[String]
string: The IPv6 interface of the other node when UDP is enabled Default: undef
udp_port
Data type: Integer
integer: The UDP port to communicate over (should be the same on both nodes) Default: 3780
filter_accept_protocols
Data type: Array
array: Accept only certain protocols values: TCP, SCTP, DCCP, UDP, ICMP, IPv6-ICMP Default: [ 'TCP', 'SCTP', 'DCCP' ]
tcp_window_tracking
Data type: String
boolean: TCP state-entries have window tracking disabled by default, you can enable it with this option. Default: Off
track_tcp_states
Data type: Array
array: The specific TCP states to sync Default: [ 'ESTABLISHED', 'CLOSED', 'TIME_WAIT', 'CLOSE_WAIT' ]
scheduler_type
Data type: String
string: Select a different scheduler for the daemon. See man sched_setscheduler(2) for more information. Using a RT scheduler reduces the chances to overrun the Netlink buffer. values: RR, FIFO Default: FIFO
scheduler_priority
Data type: String
integer: scheduler process priority range: 0 - 99 Default: 99
stats_logfile
Data type: Optional[String]
string: enable logging of stastics to a file values: fully qualified path to the statis logfile or 'Off' Default: undef
stats_netlink_reliable
Data type: String
boolean: If you want reliable event reporting over Netlink, set on this option. If you set on this clause, it is a good idea to set off NetlinkOverrunResync. Default: Off
stats_syslog
Data type: Optional[String]
string: enable syslog logging of statistics values: on, off or
hashlimit
Data type: Optional[Integer]
integer: Maximum number of conntracks in table Default: 2x the value of /proc/sys/net/netfilter/nf_conntrack_max
Default value: undef
conntrackd::config
conntrackd::config
Parameters
The following parameters are available in the conntrackd::config class:
ensurenicehashsizehashlimitlogfilesysloglockfilesock_pathsock_backlogignore_ips_ipv4ignore_ips_ipv6tcp_flowsnetlinkbuffersizenetlinkbuffersizemaxgrowthnetlinkoverrunresyncnetlinkeventsreliablepollsecseventiterationlimitsync_moderesend_queue_sizeack_window_sizedisable_external_cachedisable_internal_cacherefresh_timecache_timeoutcommit_timeoutpurge_timeoutprotocolinterfaceipv4_addressipv4_interfacemcast_groupsndsocketbufferrcvsocketbufferchecksumudp_ipv6_addressudp_ipv4_destudp_ipv6_destudp_portfilter_accept_protocolstcp_window_trackingtrack_tcp_statesscheduler_typescheduler_prioritystats_logfilestats_netlink_reliablestats_syslog
ensure
Data type: Enum['present', 'absent']
String. Controls if the managed resources shall be present or absent. Default: present.
Default value: $conntrackd::ensure
nice
Data type: Integer[-20,19]
integer: Nice value of the conntrackd process range: -19 to +19 Default: -1
Default value: $conntrackd::nice
hashsize
Data type: Integer
integer: Number of buckets in the cache hashtable. Default: 32768
Default value: $conntrackd::hashsize
hashlimit
Data type: Integer
integer: Maximum number of conntracks in table Default: 2x the value of /proc/sys/net/netfilter/nf_conntrack_max
Default value: $conntrackd::_hashlimit
logfile
Data type: String
string: fully qualified path to the logfile or 'Off' (directory must exist and be writable) values: on, off, Default: off
Default value: $conntrackd::logfile
syslog
Data type: String
string: enable syslog logging values: on, off or Default: on
Default value: $conntrackd::syslog
lockfile
Data type: String
string: fully qualified path to the lockfile Default: /var/lock/conntrack.lock
Default value: $conntrackd::lockfile
sock_path
Data type: String
string: fully qualified path to the UNIX socket used for configuration Default: /var/run/conntrackd.ctl
Default value: $conntrackd::sock_path
sock_backlog
Data type: Integer
integer: sets the blacklog ofr the UNIX socket Default: 20
Default value: $conntrackd::sock_backlog
ignore_ips_ipv4
Data type: Array
array: list of IPv4 addresses to ignore. should include this node's address Default: [ '127.0.0.1', '192.168.0.1', '10.1.1.1' ]
Default value: $conntrackd::ignore_ips_ipv4
ignore_ips_ipv6
Data type: Array
array: list of IPv4 addresses to ignore. should include this node's address Default: [ '::1' ]
Default value: $conntrackd::ignore_ips_ipv6
tcp_flows
Data type: Array
array: list of flows to monitor allowed: 'ESTABLISHED', 'CLOSED', 'TIME_WAIT', 'CLOSE_WAIT' Default: [ 'ESTABLISHED', 'CLOSED', 'TIME_WAIT', 'CLOSE_WAIT' ]
Default value: $conntrackd::tcp_flows
netlinkbuffersize
Data type: Integer
integer: Netlink event socket buffer size Default: 2097152
Default value: $conntrackd::netlinkbuffersize
netlinkbuffersizemaxgrowth
Data type: Integer
integer: The daemon doubles the size of the netlink event socket buffer size if it detects netlink event message dropping . This clause sets the maximum buffer size growth that can be reached. Default: 8388608
Default value: $conntrackd::netlinkbuffersizemaxgrowth
netlinkoverrunresync
Data type: String
boolean: If the daemon detects that Netlink is dropping state-change events, it automatically schedules a resynchronization against the Kernel after 30 seconds (default value) Default: on
Default value: $conntrackd::netlinkoverrunresync
netlinkeventsreliable
Data type: String
boolean: If you want reliable event reporting over Netlink, set on this option. If you set on this clause, it is a good idea to set off NetlinkOverrunResync. Default: Off
Default value: $conntrackd::netlinkeventsreliable
pollsecs
Data type: Optional[Integer]
integer: By default, the daemon receives state updates following an event-driven model. You can modify this behaviour by switching to polling mode with the PollSecs clause. Default: Off
Default value: $conntrackd::pollsecs
eventiterationlimit
Data type: Integer
integer: The daemon prioritizes the handling of state-change events coming from the core. With this clause, you can set the maximum number of state-change events (coming from kernel-space) that the daemon will handle after which it will handle other events coming from the network or userspace Default: 100
Default value: $conntrackd::eventiterationlimit
sync_mode
Data type: Enum['FTFW', 'NOTRACK', 'ALARM']
string: The syncronisation mode to use values: one of: FTFW, NOTRACK or ALARM Default: FTFW
Default value: $conntrackd::sync_mode
resend_queue_size
Data type: Integer
integer: Size of the resend queue (in objects) Default: 131072
Default value: $conntrackd::resend_queue_size
ack_window_size
Data type: Integer
integer: acknowledgement window size. If you decrease this value, the number of acknowlegdments increases Default: 300
Default value: $conntrackd::ack_window_size
disable_external_cache
Data type: String
boolean: This clause allows you to disable the external cache. Thus, the state entries are directly injected into the kernel conntrack table. Default: Off
Default value: $conntrackd::disable_external_cache
disable_internal_cache
Data type: String
boolean: This clause allows you to disable the internal cache. Default: Off
Default value: $conntrackd::disable_internal_cache
refresh_time
Data type: Integer
integer: ALARM Mode: If a conntrack entry is not modified in <= 15 seconds, then a message is broadcasted. Default: 15
Default value: $conntrackd::refresh_time
cache_timeout
Data type: Integer
integer: If we don't receive a notification about the state of an entry in the external cache after N seconds, then remove it. Default: 180
Default value: $conntrackd::cache_timeout
commit_timeout
Data type: Integer
integer: This parameter allows you to set an initial fixed timeout for the committed entries when this node goes from backup to primary. Default: 180
Default value: $conntrackd::commit_timeout
purge_timeout
Data type: Integer
integer: If the firewall replica goes from primary to backup, the conntrackd -t command is invoked in the script. This command schedules a flush of the table in N seconds. Default: 60
Default value: $conntrackd::purge_timeout
protocol
Data type: Enum['Multicast', 'UDP']
string: The protocol to use for syncing. values: Multicast or UDP Default: Multicast
Default value: $conntrackd::protocol
interface
Data type: String
string: Dedicated physical interface for communicating with the other host. value: Default: undef
Default value: $conntrackd::interface
ipv4_address
Data type: String
string: Multicast mode only: The multicast address to commuincate over value: Must be set for Multicast mode: Default: 255.0.0.50
Default value: $conntrackd::ipv4_address
ipv4_interface
Data type: String
string: The ip address to bind to for multicast and UDP connections. value: Must be set for Multicast or UDP mode: Default: undef
Default value: $conntrackd::ipv4_interface
mcast_group
Data type: String
integer: The multicast group to use for Multicast mode Default: 3780
Default value: $conntrackd::mcast_group
sndsocketbuffer
Data type: Integer
integer: The multicast sender uses a buffer to enqueue the packets that are going to be transmitted. Default: 1249280
Default value: $conntrackd::sndsocketbuffer
rcvsocketbuffer
Data type: Integer
integer: The multicast receiver uses a buffer to enqueue the packets that the socket is pending to handle. Default: 1249280
Default value: $conntrackd::rcvsocketbuffer
checksum
Data type: String
integer: Enable/Disable message checksumming. Default: on
Default value: $conntrackd::checksum
udp_ipv6_address
Data type: Optional[String]
string: The IPv6 interface address to bind to in UDP mode Default: undef
Default value: $conntrackd::udp_ipv6_address
udp_ipv4_dest
Data type: Optional[String]
string: The IPv4 interface of the other node when UDP is enabled Default: undef
Default value: $conntrackd::udp_ipv4_dest
udp_ipv6_dest
Data type: Optional[String]
string: The IPv6 interface of the other node when UDP is enabled Default: undef
Default value: $conntrackd::udp_ipv6_dest
udp_port
Data type: Integer
integer: The UDP port to communicate over (should be the same on both nodes) Default: 3780
Default value: $conntrackd::udp_port
filter_accept_protocols
Data type: Array
array: Accept only certain protocols values: TCP, SCTP, DCCP, UDP, ICMP, IPv6-ICMP Default: [ 'TCP', 'SCTP', 'DCCP' ]
Default value: $conntrackd::filter_accept_protocols
tcp_window_tracking
Data type: String
boolean: TCP state-entries have window tracking disabled by default, you can enable it with this option. Default: Off
Default value: $conntrackd::tcp_window_tracking
track_tcp_states
Data type: Array
array: The specific TCP states to sync Default: [ 'ESTABLISHED', 'CLOSED', 'TIME_WAIT', 'CLOSE_WAIT' ]
Default value: $conntrackd::track_tcp_states
scheduler_type
Data type: String
string: Select a different scheduler for the daemon. See man sched_setscheduler(2) for more information. Using a RT scheduler reduces the chances to overrun the Netlink buffer. values: RR, FIFO Default: FIFO
Default value: $conntrackd::scheduler_type
scheduler_priority
Data type: String
integer: scheduler process priority range: 0 - 99 Default: 99
Default value: $conntrackd::scheduler_priority
stats_logfile
Data type: Optional[String]
string: enable logging of stastics to a file values: fully qualified path to the statis logfile or 'Off' Default: undef
Default value: $conntrackd::stats_logfile
stats_netlink_reliable
Data type: String
boolean: If you want reliable event reporting over Netlink, set on this option. If you set on this clause, it is a good idea to set off NetlinkOverrunResync. Default: Off
Default value: $conntrackd::stats_netlink_reliable
stats_syslog
Data type: Optional[String]
string: enable syslog logging of statistics values: on, off or
Default value: $conntrackd::stats_syslog
Changelog
All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.
v3.0.0 (2024-01-18)
Breaking changes:
- Add support for EL9, Debian 11/12, Ubuntu 20.04/22.04. Drop support for EL6, Debian 9, Ubuntu 19.04. #19 (silug)
- Add stdlib 9 support, drop support for stdlib \< 7 #18 (silug)
- Make
nf_conntrack_maxfact an integer and improve rspec test coverage #17 (silug) - Drop Puppet 6 support #9 (bastelfreak)
Implemented enhancements:
- Add Puppet 8 support #11 (bastelfreak)
Merged pull requests:
- Documentation updates #21 (silug)
- delete bogus license file #7 (bastelfreak)
v2.0.0 (2022-08-30)
Breaking changes:
- Drop EoL Puppet 4/5 support; require 6.1 or newer #3 (bastelfreak)
Merged pull requests:
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs-stdlib (>= 7.0.0 < 10.0.0)
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.