From dd8813677e1864d8fe45db79c9fa6392dfe3f245 Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Mon, 10 Dec 2007 17:58:23 -0800 Subject: fix for bug 2524: telnet settings can only be set via ssh or console. --- templates/service/telnet/node.def | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/templates/service/telnet/node.def b/templates/service/telnet/node.def index 5f4c1c7c..844aec98 100644 --- a/templates/service/telnet/node.def +++ b/templates/service/telnet/node.def @@ -1,4 +1,18 @@ help: "Enable/disable telnet protocol" -delete: "sudo /opt/vyatta/sbin/telnetd.init stop" -end: "if [ -z \"$(port/@)\" ]; then exit 0; fi; \ - sudo /opt/vyatta/sbin/telnetd.init restart $(port/@)" +delete: " \ + if ! env | grep -q SSH_TTY=; then \ + if [[ \"`tty`\" == /dev/pts/* ]]; then \ + echo \"Please configure telnet settings via ssh or console.\"; \ + exit 1; \ + fi; \ + fi; \ + sudo /opt/vyatta/sbin/telnetd.init stop" +end: " \ + if ! env | grep -q SSH_TTY=; then \ + if [[ \"`tty`\" == /dev/pts/* ]]; then \ + echo \"Please configure telnet settings via ssh or console.\"; \ + exit 1; \ + fi; \ + fi; \ + if [ -z \"$(port/@)\" ]; then exit 0; fi; \ + sudo /opt/vyatta/sbin/telnetd.init restart $(port/@)" -- cgit v1.2.3 From 41dce94fe7ce2518a2a83387d3c88384c42ed203 Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Mon, 10 Dec 2007 18:05:13 -0800 Subject: also check telnet session for "allow-root" --- templates/service/telnet/allow-root/node.def | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/templates/service/telnet/allow-root/node.def b/templates/service/telnet/allow-root/node.def index 654023af..9c3ff97d 100644 --- a/templates/service/telnet/allow-root/node.def +++ b/templates/service/telnet/allow-root/node.def @@ -1,10 +1,24 @@ type: bool default: false help: "Enable/disable root login" -update: "if [ \"$(@)\" == \"true\" ]; then \ - sudo mv -f /etc/securetty /etc/securetty.allow-root >&/dev/null; \ - else - sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null; \ - fi ; /bin/true" -delete: "sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null ; \ - /bin/true" +update: " \ + if ! env | grep -q SSH_TTY=; then \ + if [[ \"`tty`\" == /dev/pts/* ]]; then \ + echo \"Please configure telnet settings via ssh or console.\"; \ + exit 1; \ + fi; \ + fi; \ + if [ \"$(@)\" == \"true\" ]; then \ + sudo mv -f /etc/securetty /etc/securetty.allow-root >&/dev/null; \ + else + sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null; \ + fi ; /bin/true" +delete: " \ + if ! env | grep -q SSH_TTY=; then \ + if [[ \"`tty`\" == /dev/pts/* ]]; then \ + echo \"Please configure telnet settings via ssh or console.\"; \ + exit 1; \ + fi; \ + fi; \ + sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null ; \ + /bin/true" -- cgit v1.2.3 From 43f2852dd74d9dd60d955478d8d7035ebacef46b Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Mon, 10 Dec 2007 18:54:51 -0800 Subject: use "127.0.1.1" for configured hostname (leave "127.0.0.1" for localhost). --- templates/system/host-name/node.def | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/templates/system/host-name/node.def b/templates/system/host-name/node.def index aeed3986..97d9a36b 100644 --- a/templates/system/host-name/node.def +++ b/templates/system/host-name/node.def @@ -2,21 +2,17 @@ type: txt help: "Configure system host name" default: "vyatta" syntax: pattern $(@) "^[-a-zA-Z0-9.]+$" ; "invalid host name $(@)" -# do we need to add ntpd restart here? update: "sudo sh -c \"hostname '$(@)' && \ touch /etc/hosts && \ -sed -i '/localhost/d' /etc/hosts && \ -echo \\\"127.0.0.1\t localhost $(@)\t #vyatta entry\\\" >> /etc/hosts && \ +sed -i '/^127.0.1.1/d' /etc/hosts && \ +echo \\\"127.0.1.1\t $(@)\t #vyatta entry\\\" >> /etc/hosts && \ if [ x$(../domain-name/@) != x ]; then \ -echo \\\"127.0.0.1\t localhost $(@).$(../domain-name/@)\t #vyatta entry\\\" \ +echo \\\"127.0.1.1\t $(@).$(../domain-name/@)\t #vyatta entry\\\" \ >> /etc/hosts; fi\" " -# do we need to add ntpd restart here? delete: "sudo sh -c \"echo > /etc/hostname.conf && hostname 'vyatta' && \ touch /etc/hosts && \ -sed -i '/localhost.*#vyatta entry/d' /etc/hosts && \ -echo \\\"127.0.0.1\t localhost vyatta\t #vyatta entry\\\" >> /etc/hosts && \ +sed -i '/^127.0.1.1/d' /etc/hosts && \ +echo \\\"127.0.1.1\t vyatta\t #vyatta entry\\\" >> /etc/hosts && \ if [ x$(../domain-name/@) != x ]; then \ -echo \\\"127.0.0.1\t localhost vyatta.$(../domain-name/@)\t #vyatta entry\\\" \ ->> /etc/hosts; fi && \ -if [ -f /etc/ntp/ntp.conf ] && grep -q 'server' /etc/ntp/ntp.conf; then \ -/opt/vyatta/sbin/ntpd.init restart; fi\" " +echo \\\"127.0.1.1\t vyatta.$(../domain-name/@)\t #vyatta entry\\\" \ +>> /etc/hosts; fi\" " -- cgit v1.2.3 From c4551bb0a5e3ae1780831b5037a118e3971b5c95 Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Tue, 11 Dec 2007 18:59:23 -0800 Subject: fix sudo problem on installed system --- templates/system/host-name/node.def | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/system/host-name/node.def b/templates/system/host-name/node.def index 97d9a36b..e1370b70 100644 --- a/templates/system/host-name/node.def +++ b/templates/system/host-name/node.def @@ -3,13 +3,14 @@ help: "Configure system host name" default: "vyatta" syntax: pattern $(@) "^[-a-zA-Z0-9.]+$" ; "invalid host name $(@)" update: "sudo sh -c \"hostname '$(@)' && \ +echo '$(@)' > /etc/hostname && \ touch /etc/hosts && \ sed -i '/^127.0.1.1/d' /etc/hosts && \ echo \\\"127.0.1.1\t $(@)\t #vyatta entry\\\" >> /etc/hosts && \ if [ x$(../domain-name/@) != x ]; then \ echo \\\"127.0.1.1\t $(@).$(../domain-name/@)\t #vyatta entry\\\" \ >> /etc/hosts; fi\" " -delete: "sudo sh -c \"echo > /etc/hostname.conf && hostname 'vyatta' && \ +delete: "sudo sh -c \"echo 'vyatta' > /etc/hostname && hostname 'vyatta' && \ touch /etc/hosts && \ sed -i '/^127.0.1.1/d' /etc/hosts && \ echo \\\"127.0.1.1\t vyatta\t #vyatta entry\\\" >> /etc/hosts && \ -- cgit v1.2.3 From 7f5f7bedf4f47a42fcb7e32538ccf2d78c75234b Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Wed, 12 Dec 2007 15:24:22 -0800 Subject: fix static host mapping --- templates/system/static-host-mapping/host-name/node.def | 7 +++++++ .../static-host-mapping/host-name/node.tag/alias/node.def | 15 --------------- .../static-host-mapping/host-name/node.tag/inet/node.def | 14 -------------- 3 files changed, 7 insertions(+), 29 deletions(-) diff --git a/templates/system/static-host-mapping/host-name/node.def b/templates/system/static-host-mapping/host-name/node.def index ea0000af..275aa867 100644 --- a/templates/system/static-host-mapping/host-name/node.def +++ b/templates/system/static-host-mapping/host-name/node.def @@ -2,3 +2,10 @@ tag: type: txt help: "Map DNS names to system interfaces" syntax: pattern $(@) "^[-a-zA-Z0-9.]+$" ; "invalid host name $(@)" +commit: $(./inet) != ""; "IP address for the static mapping must be set" +end: "sudo sh -c \"\ + touch /etc/hosts; \ + sed -i '/ $(@) .*#vyatta entry/d' /etc/hosts; \ + if [ -z \"$(./inet/@)\" ]; then exit 0; fi; \ + declare -a aliases=( $(alias/@@) ); \ + echo \\\"$(inet/@)\t $(@) \\\\\${aliases[*]} \t #vyatta entry\\\" \ >> /etc/hosts\" " diff --git a/templates/system/static-host-mapping/host-name/node.tag/alias/node.def b/templates/system/static-host-mapping/host-name/node.tag/alias/node.def index c8f5cdef..e9f1de7c 100644 --- a/templates/system/static-host-mapping/host-name/node.tag/alias/node.def +++ b/templates/system/static-host-mapping/host-name/node.tag/alias/node.def @@ -1,18 +1,3 @@ multi: type: txt help: "Alias for this address" -update: "sudo sh -c \"touch /etc/hosts && \ -sed -i '/$(../@).*#vyatta entry/d;/127\\.0\\.0\\.1.*#vyatta entry/d' \ - /etc/hosts && \ -echo \\\"$(../inet/@)\t $(../@) $(@) \t #vyatta entry\\\" \ - >> /etc/hosts && \ -if [ x$(../../../domain-name/@) == x ]; then \ - echo \\\"127.0.0.1\t localhost $(../../../host-name/@)\t #vyatta entry\\\" \ - >> /etc/hosts; \ -else \ - echo \\\"127.0.0.1\t localhost \ -$(../../../host-name/@).$(../../../domain-name/@)\t #vyatta entry\\\" \ - >> /etc/hosts; \ -fi\" " -delete: "sudo sh -c \"touch /etc/hosts && \ -sed -i '/ $(../@) .*#vyatta entry/{/localhost/!d}' /etc/hosts\" " diff --git a/templates/system/static-host-mapping/host-name/node.tag/inet/node.def b/templates/system/static-host-mapping/host-name/node.tag/inet/node.def index 47a84733..4a069d9e 100644 --- a/templates/system/static-host-mapping/host-name/node.tag/inet/node.def +++ b/templates/system/static-host-mapping/host-name/node.tag/inet/node.def @@ -1,16 +1,2 @@ type: ipv4 help: "Internet address" -update: "sudo sh -c \"touch /etc/hosts && \ -sed -i '/$(../@).*#vyatta entry/d;/127\\.0\\.0\\.1.*#vyatta entry/d' \ - /etc/hosts && \ -echo \\\"$(@)\t $(../@) \t #vyatta entry\\\" >> /etc/hosts && \ -if [ x$(../../../domain-name/@) == x ]; then \ - echo \\\"127.0.0.1\t localhost $(../../../host-name/@)\t #vyatta entry\\\" \ - >> /etc/hosts; \ -else \ - echo \\\"127.0.0.1\t localhost \ -$(../../../host-name/@).$(../../../domain-name/@)\t #vyatta entry\\\" \ - >> /etc/hosts; \ -fi\" " -delete: "sudo sh -c \"touch /etc/hosts && \ -sed -i '/ $(../@) .*#vyatta entry/{/localhost/!d}' /etc/hosts\" " -- cgit v1.2.3 From e6ed55f7593a0f4bc2700bc7b90903bb012e27f6 Mon Sep 17 00:00:00 2001 From: Tom Grennan Date: Thu, 13 Dec 2007 18:35:20 -0800 Subject: process device persistence through udev rules rather than init script --- Makefile.am | 7 +- debian/vyatta-cfg-system.postinst.in | 101 +++++++----------- debian/vyatta-cfg-system.postrm | 10 ++ scripts/rl-system.init | 200 ++++++++++++----------------------- scripts/vyatta_net_name | 111 +++++++++++++++++++ sysconf/vyatta-net.rules | 13 +++ 6 files changed, 248 insertions(+), 194 deletions(-) create mode 100644 debian/vyatta-cfg-system.postrm create mode 100644 scripts/vyatta_net_name create mode 100644 sysconf/vyatta-net.rules diff --git a/Makefile.am b/Makefile.am index c3aea76e..b3db5d18 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,7 @@ cfgdir = $(datadir)/vyatta-cfg/templates -share_perl5dir = /opt/vyatta/share/perl5 +share_perl5dir = $(datarootdir)/perl5 +libudevdir = /lib/udev +etcudevdir = /etc/udev bin_SCRIPTS = sbin_SCRIPTS = @@ -30,6 +32,9 @@ sysconf_DATA += sysconf/syslog.conf sysconf_DATA += sysconf/default_ssh sysconf_DATA += sysconf/config.boot.default +libudev_SCRIPTS = scripts/vyatta_net_name +etcudev_DATA = sysconf/vyatta-net.rules + cpiop = find . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \ cpio -0pd diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index eae046f7..13ba6dc6 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -11,71 +11,44 @@ for init in ntp ssh snmpd keepalived ipvsadm; do update-rc.d -f ${init} remove >/dev/null done -# create symlinks -for bb in telnetd telnet tftp ftpget ftpput; do - ln -sf /bin/busybox ${sbindir}/${bb} -done -ln -sf ${bindir}/progress-indicator /usr/bin/progress-indicator - -if [ "$sysconfdir" != "/etc" ]; then - # remove the config files and replace with blank ones - for conf in motd.tail ntp.conf syslog.conf logrotate.d/messages \ - default/ssh ssh/ssh_host_key quagga/daemons quagga/zebra.conf \ - quagga/bgpd.conf quagga/ospfd.conf quagga/ospf6d.conf \ - quagga/ripd.conf quagga/ripngd.conf quagga/isisd.conf \ - snmp/snmpd.conf snmp/snmptrapd.conf keepalived/keepalived.conf \ - ipvsadm.rules default/ipvsadm resolv.conf - do - [ -f /etc/$conf ] && mv -f /etc/$conf /etc/$conf.vyatta-save - touch /etc/$conf - done +case `grep '^RULES_FILE=' /lib/udev/write_net_rules` in +*z25_persistent-net.rules* ) + vyatta_net_rules=z24_vyatta-net.rules;; +*70-persistent-net.rules* ) + vyatta_net_rules=69-vyatta-net.rules;; +* ) + vyatta_net_rules=21-vyatta-net.rules;; +esac - # use our config files - for conf in motd.tail syslog.conf; do - cp $sysconfdir/$conf /etc/$conf - done - cp $sysconfdir/logrotate_messages /etc/logrotate.d/messages - cp $sysconfdir/default_ssh /etc/default/ssh +ln -sf ../vyatta-net.rules /etc/udev/rules.d/$vyatta_net_rules - # sudoers - [ -f /etc/sudoers ] && cp -pf /etc/sudoers /etc/sudoers.vyatta-save - - # for "admin" level (FIXME) - sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers - if ! grep -q '^%sudo ALL=NOPASSWD: ALL' /etc/sudoers; then - echo -e "\n%sudo ALL=NOPASSWD: ALL" >> /etc/sudoers - fi +if [ "$sysconfdir" != "/etc" ]; then + # for "admin" level (FIXME) + sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers + if ! grep -q '^%sudo ALL=NOPASSWD: ALL' /etc/sudoers; then + echo -e "\n%sudo ALL=NOPASSWD: ALL" >> /etc/sudoers + fi - # for "users" level - if ! grep -q "^%users ALL=NOPASSWD: ${bindir}/sudo-users/" /etc/sudoers; then - echo -e "\n%users ALL=NOPASSWD: ${bindir}/sudo-users/" >> /etc/sudoers - fi - - # keep env vars - echo "Defaults env_keep+=VYATTA_*" >> /etc/sudoers - - # ssh v1. remove the empty key file - rm /etc/ssh/ssh_host_key - - # remove unnecessary files - rm /etc/logrotate.d/*.vyatta-save >& /dev/null - - # quagga/daemons - sed 's/zebra=no/zebra=yes/' /etc/quagga/daemons.vyatta-save > /etc/quagga/daemons - sed -i 's/bgpd=no/bgpd=yes/' /etc/quagga/daemons - sed -i 's/ospfd=no/ospfd=yes/' /etc/quagga/daemons - sed -i 's/ripd=no/ripd=yes/' /etc/quagga/daemons - - echo "log syslog warnings" >> /etc/quagga/bgpd.conf - echo "log syslog warnings" >> /etc/quagga/isisd.conf - echo "log syslog warnings" >> /etc/quagga/ospf6d.conf - echo "log syslog warnings" >> /etc/quagga/ospf.conf - echo "log syslog warnings" >> /etc/quagga/ripd.conf - echo "log syslog warnings" >> /etc/quagga/ripngd.conf - echo "log syslog warnings" >> /etc/quagga/zebra.conf - - # add temporary version - echo "Version : eureka (beta)" > $sysconfdir/version + # for "users" level + if ! grep -q "^%users ALL=NOPASSWD: ${bindir}/sudo-users/" /etc/sudoers; then + echo -e "\n%users ALL=NOPASSWD: ${bindir}/sudo-users/" >> /etc/sudoers + fi + + # keep env vars + if ! grep -q 'env_keep+=VYATTA_*' /etc/sudoers ; then + echo "Defaults env_keep+=VYATTA_*" >> /etc/sudoers + fi + + # quagga/daemons + sed -i 's/zebra=no/zebra=yes/' /etc/quagga/daemons + sed -i 's/bgpd=no/bgpd=yes/' /etc/quagga/daemons + sed -i 's/ospfd=no/ospfd=yes/' /etc/quagga/daemons + sed -i 's/ripd=no/ripd=yes/' /etc/quagga/daemons + + echo "log syslog warnings" >> /etc/quagga/Quagga.conf + + # add temporary version + echo "Version : eureka (beta)" > $sysconfdir/version fi # update crontab for logrotate @@ -91,3 +64,7 @@ mkdir -p /var/log/{user,vrrpd} touch /etc/environment +# Local Variables: +# mode: shell-script +# sh-indentation: 4 +# End: diff --git a/debian/vyatta-cfg-system.postrm b/debian/vyatta-cfg-system.postrm new file mode 100644 index 00000000..d668f55d --- /dev/null +++ b/debian/vyatta-cfg-system.postrm @@ -0,0 +1,10 @@ +#!/bin/bash + +if [ "$1" = "purge" ]; then + rm -f /etc/udev/rules.d/*vyatta-net.rules +fi + +# Local Variables: +# mode: shell-script +# sh-indentation: 4 +# End: diff --git a/scripts/rl-system.init b/scripts/rl-system.init index 779a7610..1039ac6a 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -24,8 +24,15 @@ ACTION=$1 -[[ $PATH == *${ofr_bindir}* ]] || PATH+=:${ofr_bindir} -[[ $PATH == *${ofr_sbindir}* ]] || PATH+=:${ofr_sbindir} +source /etc/default/vyatta + +: ${vyatta_prefix:=/opt/vyatta} +: ${vyatta_bindir:=${vyatta_prefix}/bin} +: ${vyatta_sbindir:=${vyatta_prefix}/sbin} +: ${vyatta_sysconfdir:=${vyatta_prefix}/etc} + +[[ $PATH == *${vyatta_bindir}* ]] || PATH+=:${vyatta_bindir} +[[ $PATH == *${vyatta_sbindir}* ]] || PATH+=:${vyatta_sbindir} export PATH @@ -33,14 +40,12 @@ export PATH IPROUTE2IP=ip INIT_PID=$$ -IFTAB=/etc/iftab ## BOOTFILE is provided by ofr.init : ${BOOTFILE:=$prefix/etc/config/config.boot} declare -a cfg_eth_hwid -declare -a sys_eth_mac -declare -a sys_vmnets +declare -a sys_eth_mac=( `cat /sys/class/net/eth*/address` ) # load hwid array from config file as follows # interface { @@ -79,33 +84,6 @@ load_cfg_eth_hwid () }' $BOOTFILE ) } -# load system eth mac tabled from ip link - -load_sys_eth_mac () -{ - eval $( ip link show | sed -n ' - /^[0-9]*: eth[0-9]*: /,+1 { -# combine 2 line interface output... -# 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 -# link/ether 00:13:72:57:48:f9 brd ff:ff:ff:ff:ff:ff - h - n - x - G - s/\n// -# translate to: -# #=00:13:72:57:48:f9 - s/^.*eth\([0-9]\+\):.*link\/ether \([0-9A-Fa-f:]\+\) .*$/sys_eth_mac[\1]=\2/p - }' ) -} - -load_sys_vmnets () -{ - sys_vmnets=( $( ip link show | - sed -n 's/^[0-9]*: \(vmnet[0-9]*\).*$/\1/p' ) ) -} - - have_cfg_eth_hwid () { local mac=$1 @@ -161,35 +139,23 @@ update_cfg_eth_hwid () done } -write_iftab () -{ - local -i i - - rm -f $IFTAB - for i in ${!cfg_eth_hwid[@]} ; do - echo "etha$i mac ${cfg_eth_hwid[$i]}" >> $IFTAB - done -} - -write_iftab_real () -{ - local -i i - - rm -f $IFTAB - for i in ${!cfg_eth_hwid[@]} ; do - echo "eth$i mac ${cfg_eth_hwid[$i]}" >> $IFTAB - done -} - mod_bootfile_eth_hwid () { local eth=$1 hwid=$2 - sed -i '/^interfaces {$/,/^}/ { - /^ ethernet '"$eth"' {$/,/^ }$/ { - /^ *hw-id/c\ - hw-id: '"$hwid"' - }}' $BOOTFILE + sed -i '/^interfaces {$/,/^}$/ { + /^ ethernet '"$eth"' {$/ { + :join + /\n }$/ { + /hw-id: / s/\(hw-id:\) [0-9a-fA-F:]\+/\1 '"$hwid"'/ + /hw-id: /! s/}$/ hw-id: '"$hwid"'\n }/ + /link-detect/! s/}$/ link-detect\n }/ + q 0 + } + N + b join + } + }' $BOOTFILE } add_bootfile_eth_hwid () @@ -200,20 +166,9 @@ add_bootfile_eth_hwid () /^}$/i\ ethernet '"$eth"' {\ hw-id: '"$hwid"'\ - } - }' $BOOTFILE -} - -add_bootfile_eth_linkdetect () -{ - local eth=$1 - - sed -i '/^interfaces {$/,/^}$/ { - /^}$/i\ - ethernet '"$eth"' {\ link-detect\ } - }' $BOOTFILE + }' $BOOTFILE } update_bootfile_eths () @@ -225,48 +180,10 @@ update_bootfile_eths () mod_bootfile_eth_hwid eth$i ${cfg_eth_hwid[$i]} else add_bootfile_eth_hwid eth$i ${cfg_eth_hwid[$i]} - add_bootfile_eth_linkdetect eth$i - fi - done -} - -add_bootfile_vmnet () -{ - local vmnet=$1 - - sed -i '/^interfaces {/,/^}$/ { - /^}$/i\ - ethernet '"$vmnet"' {\ - } - }' $BOOTFILE -} - -update_bootfile_vmnets () -{ - for vmnet in ${sys_vmnets[@]} ; do - if ! grep -q "ethernet $vmnet {" $BOOTFILE ; then - add_bootfile_vmnet $vmnet fi done } -itfmess () -{ - load_cfg_eth_hwid - load_sys_eth_mac - load_sys_vmnets - update_cfg_eth_hwid - write_iftab - update_bootfile_eths - update_bootfile_vmnets -} - -maybe_ifrename () { - if [ -e $IFTAB ] ; then - ifrename -d -p - fi -} - search_config_if_wan () { grep "\.*\<$1\>" $BOOTFILE >/dev/null } @@ -290,56 +207,78 @@ add_new_serial_if () { fi } -reset_promiscous_arp_response () { +proc_flags () +{ + # reset_promiscous_arp_response echo 1 > /proc/sys/net/ipv4/conf/default/arp_filter -} - -set_ip_forwarding () { + # set_ip_forwarding echo 1 > /proc/sys/net/ipv4/ip_forward -} -## if a primary address is removed from an interface promote and -## secondary available -set_promote_secondaries () { + # if a primary address is removed from an interface promote and + # secondary available echo 1 > /proc/sys/net/ipv4/conf/all/promote_secondaries } ## Update the version information update_version_info () { - if [ -f ${ofr_sysconfdir}/version.master ]; then - cp ${ofr_sysconfdir}/version.master ${ofr_sysconfdir}/version + if [ -f ${vyatta_sysconfdir}/version.master ]; then + cp ${vyatta_sysconfdir}/version.master ${vyatta_sysconfdir}/version fi } ## Clear out apt config file--it will be filled in by rtrmgr clear_apt_config() { - >/etc/apt/sources.list + cat /dev/null >/etc/apt/sources.list || true } ## snmp should be a separate package, ## but for now load the kernel module here add_snmp_stats_module() { - modprobe ipt_rlsnmpstats + modprobe ipt_rlsnmpstats || true } set_reboot_on_panic() { - echo 1 > /proc/sys/kernel/panic_on_oops - echo 60 > /proc/sys/kernel/panic + echo 1 > /proc/sys/kernel/panic_on_oops + echo 60 > /proc/sys/kernel/panic +} + +clear_or_override_config_files () +{ + for conf in motd.tail ntp.conf syslog.conf logrotate.d/messages \ + snmp/snmpd.conf snmp/snmptrapd.conf keepalived/keepalived.conf \ + ipvsadm.rules default/ipvsadm resolv.conf + do + if [ -f /etc/$conf ] ; then + cat /dev/null > /etc/$conf || true + fi + done + for conf in motd.tail syslog.conf; do + cp $vyatta_sysconfdir/$conf /etc/$conf + done + cp $vyatta_sysconfdir/logrotate_messages /etc/logrotate.d/messages + cp $vyatta_sysconfdir/default_ssh /etc/default/ssh + # ssh v1. remove the empty key file + rm -f /etc/ssh/ssh_host_key } start () { - set_reboot_on_panic - itfmess - maybe_ifrename - write_iftab_real - maybe_ifrename - add_new_serial_if - reset_promiscous_arp_response - set_ip_forwarding - set_promote_secondaries + clear_or_override_config_files || \ + log_failure_msg "can\'t reset config files" + set_reboot_on_panic || \ + log_failure_msg "can\'t set reboot on panic" + load_cfg_eth_hwid || \ + log_failure_msg "can\'t load interface hwids" + update_cfg_eth_hwid || \ + log_failure_msg "can\'t resolve interface hwids" + update_bootfile_eths || \ + log_failure_msg "can\'t update config interfaces" + add_new_serial_if || \ + log_failure_msg "can\'t add serial interfaces" + proc_flags || \ + log_failure_msg "can\'t reset proc flags" update_version_info clear_apt_config add_snmp_stats_module @@ -354,7 +293,6 @@ esac exit $? - # Local Variables: # mode: shell-script # sh-indentation: 4 diff --git a/scripts/vyatta_net_name b/scripts/vyatta_net_name new file mode 100644 index 00000000..d93dd288 --- /dev/null +++ b/scripts/vyatta_net_name @@ -0,0 +1,111 @@ +#!/bin/bash +# **** License **** +# Version: VPL 1.0 +# +# The contents of this file are subject to the Vyatta Public License +# Version 1.0 ("License"); you may not use this file except in +# compliance with the License. You may obtain a copy of the License at +# http://www.vyatta.com/vpl +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +# the License for the specific language governing rights and limitations +# under the License. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Tom Grennan +# Description: search Vyatta config for interface name given address +# +# **** End License **** + +debug='' +attr_address=0:0:0:0:0:0 + +test -r /etc/default/vyatta && source /etc/default/vyatta + +# process command line variable overrides + +for arg ; do + case "$arg" in + --debug ) + debug=echo + ;; + --*=* ) + arg=${arg#--} + eval ${arg%=*}=\"${arg#*=}\" + ;; + *=* ) + eval ${arg%=*}=\"${arg#*=}\" + ;; + *:*:*:*:*:* ) + attr_address=$arg + ;; + * ) + kname=$arg + ;; + esac +done + +: ${vyatta_prefix:=/opt/vyatta} +: ${vyatta_sysconfdir:=${vyatta_prefix}/etc} +: ${BOOTFILE:=${vyatta_sysconfdir:-/opt/vyatta/etc}/config/config.boot} + +shopt -s extglob nullglob + +# load cfg_eth_hwid array from config file as follows +# interface { +# ... +# ethernet eth# { +# ... +# hw-id: XX:XX:XX:XX:XX:XX +# ... +# } +# } +# +# cfg_eth_hwid=( "eth#=xx:xx:xx:xx:xx:xx" ... ) + +declare -a cfg_net_hwid=( $( sed -ne ' + /^interfaces {/,/^}/ { + /^ *ethernet eth[0-9]* {/,/^ $/ { + /^ *ethernet/ { + s/.* eth\([0-9]\+\) {$/ eth\1=/ +# hold interface name + h + } + /^.*hw-id:/ { +# translate field name + s/.*hw-id: *// +# tolower hex mac address + y/ABCDEF/abcdef/ +# exchange hold and pattern space + x +# concatenate hold and pattern + G + s/\n//p + } + } + }' $BOOTFILE )) + +for name_hwid in ${cfg_net_hwid[@]} ; do + name=${name_hwid%=*} + hwid=${name_hwid#*=} + if [ "$hwid" == "$attr_address" ] ; then + echo $name + exit 0 + fi +done + +if [ -n "$kname" ] ; then + echo $kname + exit 0 +fi + +exit 1 + +# Local Variables: +# mode: shell-script +# sh-indentation: 4 +# End: diff --git a/sysconf/vyatta-net.rules b/sysconf/vyatta-net.rules new file mode 100644 index 00000000..31901b42 --- /dev/null +++ b/sysconf/vyatta-net.rules @@ -0,0 +1,13 @@ +# These rules use vyatta_net_name to persistently name network interfaces +# per "hwid" association with the interface block of the vyatta config file. + +ACTION!="add", GOTO="vyatta_net_end" +SUBSYSTEM!="net", GOTO="vyatta_net_end" + +# ignore interfaces without a driver link like bridges and VLANs +KERNEL=="eth*|ath*|wlan*|ra*|sta*|ctc*|lcs*|hsi*", DRIVERS=="?*",\ + PROGRAM="vyatta_net_name %k $attr{address}", \ + NAME="%c" + +LABEL="vyatta_net_end" + -- cgit v1.2.3 From 5705741d4b523d0869d694ed320a333d3b87937d Mon Sep 17 00:00:00 2001 From: Tom Grennan Date: Fri, 14 Dec 2007 13:08:55 -0800 Subject: fix modification of config file interface sub-block --- Makefile.am | 4 ++ scripts/add_bootfile_eth_hwid | 30 +++++++++++ scripts/mod_bootfile_eth_hwid | 37 +++++++++++++ scripts/rl-system.init | 123 +++++++++--------------------------------- test_bootfile | 44 +++++++++++++++ 5 files changed, 141 insertions(+), 97 deletions(-) create mode 100755 scripts/add_bootfile_eth_hwid create mode 100755 scripts/mod_bootfile_eth_hwid create mode 100644 test_bootfile diff --git a/Makefile.am b/Makefile.am index b3db5d18..f893bf13 100644 --- a/Makefile.am +++ b/Makefile.am @@ -23,6 +23,10 @@ sbin_SCRIPTS += scripts/keepalived/vyatta-keepalived.pl sbin_SCRIPTS += scripts/keepalived/vyatta-vrrp-state.pl sbin_SCRIPTS += scripts/keepalived/vyatta-show-vrrp.pl sbin_SCRIPTS += scripts/telnetd.init +sbin_SCRIPTS += scripts/add_bootfile_eth_hwid +sbin_SCRIPTS += scripts/mod_bootfile_eth_hwid + +noinst_DATA = test_bootfile share_perl5_DATA = scripts/keepalived/VyattaKeepalived.pm diff --git a/scripts/add_bootfile_eth_hwid b/scripts/add_bootfile_eth_hwid new file mode 100755 index 00000000..2a9cc69c --- /dev/null +++ b/scripts/add_bootfile_eth_hwid @@ -0,0 +1,30 @@ +#!/bin/bash + +# add ethnet interface sub-block to configure file + +shopt -s extglob + +if [[ "$*" == *--help* ]] ; then + echo ${0##*/} [test_]FILE INTERFACE HWID + exit 0 +fi + +if [[ "$1" == test_* ]] ; then + origfile=$1 + bootfile=/tmp/${1##*/}_$$ + cp $origfile $bootfile + trap "diff -c $origfile $bootfile; rm -f $bootfile; exit 0" $? +else + origfile= + bootfile=$1 +fi +eth=$2 +hwid=$3 + +sed -i '/^interfaces {$/,/^}$/ { + /^}$/i\ + ethernet '"$eth"' {\ + hw-id: '"$hwid"'\ + link-detect\ + } + }' $bootfile diff --git a/scripts/mod_bootfile_eth_hwid b/scripts/mod_bootfile_eth_hwid new file mode 100755 index 00000000..b913d121 --- /dev/null +++ b/scripts/mod_bootfile_eth_hwid @@ -0,0 +1,37 @@ +#!/bin/bash + +# modify interface sub-block + +shopt -s extglob + +if [[ "$*" == *--help* ]] ; then + echo ${0##*/} [test_]FILE INTERFACE HWID + exit 0 +fi + +if [[ "$1" == test_* ]] ; then + origfile=$1 + bootfile=/tmp/${1##*/}_$$ + cp $origfile $bootfile + trap "diff -c $origfile $bootfile; rm -f $bootfile; exit 0" $? +else + origfile= + bootfile=$1 +fi +eth=$2 +hwid=$3 + +sed -i '/^interfaces {$/,/^}$/ { + /^ ethernet '"$eth"' {$/ { + :join + /\n }$/ { + /hw-id: / s/\(hw-id:\) [0-9a-fA-F:]\+/\1 '"$hwid"'/ + /hw-id: /! s/}$/ hw-id: '"$hwid"'\n }/ + /link-detect/! s/}$/ link-detect\n }/ + b + } + N + b join + } +}' $bootfile + diff --git a/scripts/rl-system.init b/scripts/rl-system.init index 1039ac6a..dbcc1526 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -44,10 +44,9 @@ INIT_PID=$$ ## BOOTFILE is provided by ofr.init : ${BOOTFILE:=$prefix/etc/config/config.boot} -declare -a cfg_eth_hwid -declare -a sys_eth_mac=( `cat /sys/class/net/eth*/address` ) +shopt -s extglob nullglob -# load hwid array from config file as follows +# load cfg_eth_hwid array from config file as follows # interface { # ... # ethernet eth# { @@ -57,15 +56,13 @@ declare -a sys_eth_mac=( `cat /sys/class/net/eth*/address` ) # } # } # -# cfg_eth_hwid[#]=xx:xx:xx:xx:xx:xx +# cfg_eth_hwid=( "eth#=xx:xx:xx:xx:xx:xx" ... ) -load_cfg_eth_hwid () -{ - eval $( sed -n ' +declare -a cfg_net_hwid=( $( sed -ne ' /^interfaces {/,/^}/ { /^ *ethernet eth[0-9]* {/,/^ $/ { /^ *ethernet/ { - s/.* eth\([0-9]\+\) {$/cfg_eth_hwid[\1]=/ + s/.* eth\([0-9]\+\) {$/ eth\1=/ # hold interface name h } @@ -81,86 +78,11 @@ load_cfg_eth_hwid () s/\n//p } } - }' $BOOTFILE ) -} - -have_cfg_eth_hwid () -{ - local mac=$1 - - for hwid in ${cfg_eth_hwid[@]} ; do - [ $hwid == $mac ] && return 0 - done - false -} - -have_sys_eth_mac () -{ - local hwid=$1 - - for mac in ${sys_eth_mac[@]} ; do - [ $hwid == $mac ] && return 0 - done - false -} - -# update cfg table with results from system mac detection -# first remove cfg itfs that are no longer in sys table -# if sys mac is already in cfg table, use cfg itf assignment; -# if sys mac isnot in cfg table but given index has hwid of -# another sys itf, add to cfg table in first available slot -# otherwise, [re-]assign cfg eth hwid with sys mac - -update_cfg_eth_hwid () -{ - local -i i - - for i in ${!cfg_eth_hwid[@]} ; do - if ! have_sys_eth_mac ${cfg_eth_hwid[$i]} ; then - unset cfg_eth_hwid[$i] - fi - done - for i in ${!sys_eth_mac[@]} ; do - if ! have_cfg_eth_hwid ${sys_eth_mac[$i]} ; then - if [ -n "${cfg_eth_hwid[$i]}" ] ; then - # cfg[#] has mac of another sys itf; - # so, add another cfg itf for this mac - # to the first available slot - for (( j=0 ; true ; j++ )) ; do - if [ -z "${cfg_eth_hwid[$j]}" ] ; then - cfg_eth_hwid[$j]=${sys_eth_mac[$i]} - break 1 - fi - done - else - cfg_eth_hwid[$i]=${sys_eth_mac[$i]} - fi - fi - done -} - -mod_bootfile_eth_hwid () -{ - local eth=$1 hwid=$2 - - sed -i '/^interfaces {$/,/^}$/ { - /^ ethernet '"$eth"' {$/ { - :join - /\n }$/ { - /hw-id: / s/\(hw-id:\) [0-9a-fA-F:]\+/\1 '"$hwid"'/ - /hw-id: /! s/}$/ hw-id: '"$hwid"'\n }/ - /link-detect/! s/}$/ link-detect\n }/ - q 0 - } - N - b join - } - }' $BOOTFILE -} + }' $BOOTFILE )) add_bootfile_eth_hwid () { - local eth=$1 hwid=$2 + local bootfile=$1 eth=$2 hwid=$3 sed -i '/^interfaces {$/,/^}$/ { /^}$/i\ @@ -168,18 +90,29 @@ add_bootfile_eth_hwid () hw-id: '"$hwid"'\ link-detect\ } - }' $BOOTFILE + }' $bootfile } update_bootfile_eths () { - local -i i - - for i in ${!cfg_eth_hwid[@]} ; do - if grep -q "ethernet eth$i {" $BOOTFILE ; then - mod_bootfile_eth_hwid eth$i ${cfg_eth_hwid[$i]} - else - add_bootfile_eth_hwid eth$i ${cfg_eth_hwid[$i]} + for address_file in /sys/class/net/eth*/address ; do + eth_path=${address_file%/address} + eth=${eth_path##*/} + address=`cat $address_file` + match= + for name_hwid in ${cfg_net_hwid[@]} ; do + name=${name_hwid%=*} + hwid=${name_hwid#*=} + if [ $eth == "$name" ] ; then + ${vyatta_sbindir}/mod_bootfile_eth_hwid $BOOTFILE $eth $address + match=$name_hwid + elif [ "$address" == "$hwid" ] ; then + log_failure_msg "kernel $eth != config $name for $hwid" + return 1 + fi + done + if [ -z "$match" ] ; then + ${vyatta_sbindir}/add_bootfile_eth_hwid $BOOTFILE $eth $address fi done } @@ -269,10 +202,6 @@ start () { log_failure_msg "can\'t reset config files" set_reboot_on_panic || \ log_failure_msg "can\'t set reboot on panic" - load_cfg_eth_hwid || \ - log_failure_msg "can\'t load interface hwids" - update_cfg_eth_hwid || \ - log_failure_msg "can\'t resolve interface hwids" update_bootfile_eths || \ log_failure_msg "can\'t update config interfaces" add_new_serial_if || \ diff --git a/test_bootfile b/test_bootfile new file mode 100644 index 00000000..df024b69 --- /dev/null +++ b/test_bootfile @@ -0,0 +1,44 @@ +system { + ntp-server "69.59.150.135" + login { + user root { + authentication { + encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." + } + } + user vyatta { + authentication { + encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." + } + } + } + package { + repository community { + component: "main" + url: "http://archive.vyatta.com/vyatta" + } + } +} + +interfaces { + loopback lo { + } + ethernet eth0 { + hw-id: 52:54:00:12:34:56 + link-detect + } + ethernet eth1 { + link-detect + } + ethernet eth2 { + hw-id: 52:54:00:12:34:54 + } + ethernet eth3 { + address: 192.168.1.1 + } + ethernet eth4 { + } +} + +/* Warning: Do not remove the following line. */ +/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@1:firewall@1:nat@2:serial@1:webgui@1" === */ -- cgit v1.2.3 From b484ad3193f65a790e6f534902252c98b7217884 Mon Sep 17 00:00:00 2001 From: Tom Grennan Date: Fri, 14 Dec 2007 13:10:21 -0800 Subject: test for config file missing interface or interface hwid --- scripts/vyatta_net_name | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/scripts/vyatta_net_name b/scripts/vyatta_net_name index d93dd288..56d90f14 100644 --- a/scripts/vyatta_net_name +++ b/scripts/vyatta_net_name @@ -21,7 +21,8 @@ # # **** End License **** -debug='' +debug= +match= attr_address=0:0:0:0:0:0 test -r /etc/default/vyatta && source /etc/default/vyatta @@ -96,11 +97,25 @@ for name_hwid in ${cfg_net_hwid[@]} ; do echo $name exit 0 fi + [ "$name" == "$kname" ] && match=$name_hwid done +# have not found matching hwid in config, see if we can use kernel name if [ -n "$kname" ] ; then - echo $kname - exit 0 + # if interface missing entirely from config + # or it does not yet have a recorded hwid + # it is safe to use kernel name + if [[ -z "$match" || -z "${match#*=}" ]] ; then + echo $kname + exit 0 + fi + # FIXME! need to figure out what to do here... + + # The device mac address isn't yet in the config but the config + # has another hwid associated with the kernel name. This + # indicates that the device may have been replaced or a new device + # installed. Udev may not have scanned all devices yet so we + # donot know which case. fi exit 1 -- cgit v1.2.3 From 8f9c81cd448ece7199aa6f97fc27338839cabfd1 Mon Sep 17 00:00:00 2001 From: Tom Grennan Date: Fri, 14 Dec 2007 18:15:03 -0800 Subject: move config file interface mods to udev handler --- scripts/rl-system.init | 76 ------------------------------------------------- scripts/vyatta_net_name | 58 ++++++++++++++++++++++++++----------- 2 files changed, 41 insertions(+), 93 deletions(-) diff --git a/scripts/rl-system.init b/scripts/rl-system.init index dbcc1526..96f648c1 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -38,85 +38,11 @@ export PATH . /lib/lsb/init-functions -IPROUTE2IP=ip -INIT_PID=$$ - ## BOOTFILE is provided by ofr.init : ${BOOTFILE:=$prefix/etc/config/config.boot} shopt -s extglob nullglob -# load cfg_eth_hwid array from config file as follows -# interface { -# ... -# ethernet eth# { -# ... -# hw-id: XX:XX:XX:XX:XX:XX -# ... -# } -# } -# -# cfg_eth_hwid=( "eth#=xx:xx:xx:xx:xx:xx" ... ) - -declare -a cfg_net_hwid=( $( sed -ne ' - /^interfaces {/,/^}/ { - /^ *ethernet eth[0-9]* {/,/^ $/ { - /^ *ethernet/ { - s/.* eth\([0-9]\+\) {$/ eth\1=/ -# hold interface name - h - } - /^.*hw-id:/ { -# translate field name - s/.*hw-id: *// -# tolower hex mac address - y/ABCDEF/abcdef/ -# exchange hold and pattern space - x -# concatenate hold and pattern - G - s/\n//p - } - } - }' $BOOTFILE )) - -add_bootfile_eth_hwid () -{ - local bootfile=$1 eth=$2 hwid=$3 - - sed -i '/^interfaces {$/,/^}$/ { - /^}$/i\ - ethernet '"$eth"' {\ - hw-id: '"$hwid"'\ - link-detect\ - } - }' $bootfile -} - -update_bootfile_eths () -{ - for address_file in /sys/class/net/eth*/address ; do - eth_path=${address_file%/address} - eth=${eth_path##*/} - address=`cat $address_file` - match= - for name_hwid in ${cfg_net_hwid[@]} ; do - name=${name_hwid%=*} - hwid=${name_hwid#*=} - if [ $eth == "$name" ] ; then - ${vyatta_sbindir}/mod_bootfile_eth_hwid $BOOTFILE $eth $address - match=$name_hwid - elif [ "$address" == "$hwid" ] ; then - log_failure_msg "kernel $eth != config $name for $hwid" - return 1 - fi - done - if [ -z "$match" ] ; then - ${vyatta_sbindir}/add_bootfile_eth_hwid $BOOTFILE $eth $address - fi - done -} - search_config_if_wan () { grep "\.*\<$1\>" $BOOTFILE >/dev/null } @@ -202,8 +128,6 @@ start () { log_failure_msg "can\'t reset config files" set_reboot_on_panic || \ log_failure_msg "can\'t set reboot on panic" - update_bootfile_eths || \ - log_failure_msg "can\'t update config interfaces" add_new_serial_if || \ log_failure_msg "can\'t add serial interfaces" proc_flags || \ diff --git a/scripts/vyatta_net_name b/scripts/vyatta_net_name index 56d90f14..5cc1f4c5 100644 --- a/scripts/vyatta_net_name +++ b/scripts/vyatta_net_name @@ -24,6 +24,7 @@ debug= match= attr_address=0:0:0:0:0:0 +declare -i ethn=0 last_ethn=0 test -r /etc/default/vyatta && source /etc/default/vyatta @@ -51,8 +52,16 @@ for arg ; do done : ${vyatta_prefix:=/opt/vyatta} +: ${vyatta_sbindir:=${vyatta_prefix}/sbin} : ${vyatta_sysconfdir:=${vyatta_prefix}/etc} : ${BOOTFILE:=${vyatta_sysconfdir:-/opt/vyatta/etc}/config/config.boot} +: ${DEFAULT_BOOTFILE:=${vyatta_sysconfdir:-/opt/vyatta/etc}/config.boot.default} + +if [ ! -f $BOOTFILE ] ; then + cp $DEFAULT_BOOTFILE $BOOTFILE + chgrp quaggavty $BOOTFILE + chmod 660 $BOOTFILE +fi shopt -s extglob nullglob @@ -93,32 +102,47 @@ declare -a cfg_net_hwid=( $( sed -ne ' for name_hwid in ${cfg_net_hwid[@]} ; do name=${name_hwid%=*} hwid=${name_hwid#*=} + ethn=${name/eth/} + [[ $ethn -gt $last_ethn ]] && \ + last_ethn=$ethn if [ "$hwid" == "$attr_address" ] ; then + # we mod the config file interface sub-clock in case it is missing + # "link-detect" + ${vyatta_sbindir}/mod_bootfile_eth_hwid $BOOTFILE $name $attr_address echo $name exit 0 fi - [ "$name" == "$kname" ] && match=$name_hwid + [ "$name" == "$kname" ] && \ + match=$name_hwid done -# have not found matching hwid in config, see if we can use kernel name -if [ -n "$kname" ] ; then - # if interface missing entirely from config - # or it does not yet have a recorded hwid - # it is safe to use kernel name - if [[ -z "$match" || -z "${match#*=}" ]] ; then - echo $kname - exit 0 - fi - # FIXME! need to figure out what to do here... +[ -z "$kname" ] && \ + exit 1 + - # The device mac address isn't yet in the config but the config - # has another hwid associated with the kernel name. This - # indicates that the device may have been replaced or a new device - # installed. Udev may not have scanned all devices yet so we - # donot know which case. +# have not found matching hwid in config, see if we can use kernel name +if [ -z "$match" ] ; then + # the kernel interface name isnot in config + # so, we might as well use it + name=$kname + ${vyatta_sbindir}/add_bootfile_eth_hwid $BOOTFILE $name $attr_address +elif [ -z "${match#*=}" ] ; then + # the config has this interface but the sub-block is missing the hwid + # so again, we might as well use the kernel name + name=$kname + ${vyatta_sbindir}/mod_bootfile_eth_hwid $BOOTFILE $name $attr_address +else + # The device mac address is not in the config but the config + # has another hwid associated with the device name. This + # indicates that the device is either a replacement or new but + # detected earlier than the device configured with this name. + # Since this is non-deterministic, we make a new name. + (( ethn = last_ethn + 1 )) + name=eth$ethn + ${vyatta_sbindir}/add_bootfile_eth_hwid $BOOTFILE $name $attr_address fi -exit 1 +echo $name # Local Variables: # mode: shell-script -- cgit v1.2.3 From 8be2a717500cbbfecf285bdb6fc3c148bfa74381 Mon Sep 17 00:00:00 2001 From: Tom Grennan Date: Fri, 14 Dec 2007 19:27:01 -0800 Subject: handle repeated init-floppy --- scripts/init-floppy | 54 +++++++++++++++++++++++++---------------------------- 1 file changed, 25 insertions(+), 29 deletions(-) diff --git a/scripts/init-floppy b/scripts/init-floppy index 6d67965b..0f12c0ba 100755 --- a/scripts/init-floppy +++ b/scripts/init-floppy @@ -32,10 +32,15 @@ else DRIVE="/dev/fd0" fi +failure () +{ + echo "$*" + exit 1 +} + # Look and see if we have a floopy drive if sed -n '/[0-9]\+ fd$/ { q 1 }' /proc/devices || [ ! -e $DRIVE ] ; then - echo "No floppy device" - exit 1 + failure "No floppy device" fi echo "This will erase all data on floppy $DRIVE." @@ -48,6 +53,8 @@ fi fd=/media/floppy +unbind_notice="\rUnbinding config from floppy...\c" +unbind__error="\rError: Couldn't unbind ${vyatta_sysconfdir}/config." umount_notice="\rAttempting to unmount floppy...\c" umount__error="\rError: Couldn't unmount $DRIVE." format_notice="\rFormatting floppy $DRIVE... \c" @@ -64,51 +71,40 @@ saved__notice="\rYour configuration was saved in: $fd/config/config.boot" mkdir -p $fd -if mount | grep -q $fd/config ; then - umount $fd/config +if grep -q "$DRIVE ${vyatta_sysconfdir}/config" /proc/mounts ; then + echo "$unbind_notice" + /bin/umount ${vyatta_sysconfdir}/config &>/dev/null || \ + failure $unbind__error fi if grep -q $DRIVE /proc/mounts ; then echo "$umount_notice" - if ! /bin/umount $fd >/dev/null 2>&1 ; then - echo "$umount__error" - exit - fi + /bin/umount $fd &>/dev/null || \ + failure "$umount__error" fi echo "$format_notice" -if ! /usr/bin/fdformat -n $DRIVE >/dev/null 2>&1 ; then - echo "$format__error" - exit -fi +/usr/bin/fdformat -n $DRIVE &>/dev/null || \ + failure "$format__error" echo "$create_notice" -if ! /sbin/mke2fs -q $DRIVE >/dev/null 2>&1 ; then - echo "$create__error" - exit -fi +/sbin/mke2fs -q $DRIVE &>/dev/null || \ + failure "$create__error" echo "$mount__notice" -if ! /bin/mount /dev/fd0 $fd -t ext2 -o sync >/dev/null 2>&1 ; then - echo "$mount___error" - exit -fi +/bin/mount /dev/fd0 $fd -t ext2 -o sync &>/dev/null || \ + failure "$mount___error" /bin/mkdir $fd/config /bin/chmod 777 $fd/config echo "$config_notice" -if ! ${vyatta_sbindir}/vyatta-save-config.pl $fd/config/config.boot >/dev/null -then - echo "$config__error" - exit -fi +${vyatta_sbindir}/vyatta-save-config.pl $fd/config/config.boot &>/dev/null || \ + failure "$config__error" echo "$bind___notice" -if ! /bin/mount -o bind $fd/config ${vyatta_sysconfdir}/config 2>&1 ; then - echo "$bind____error" - exit -fi +/bin/mount -o bind $fd/config ${vyatta_sysconfdir}/config &>/dev/null || \ + failure "$bind____error" echo "$saved__notice" -- cgit v1.2.3 From 731a80bf6e92611cff0acbd6e9b7bf3b2b18a174 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Sat, 15 Dec 2007 12:39:14 -0800 Subject: Fix broken path for progresss-indicator. --- scripts/install-system.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install-system.in b/scripts/install-system.in index 49634a03..5f7ccd74 100755 --- a/scripts/install-system.in +++ b/scripts/install-system.in @@ -818,7 +818,7 @@ unmount () { progress_indicator () { case "$1" in - "start") /usr/bin/progress-indicator $SPID & + "start") $bindir/progress-indicator $SPID & ;; "stop") rm -f /tmp/pi.$SPID sleep 1 -- cgit v1.2.3 From 36af5914de982f2770fba137c4beea9077cc6adb Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Sun, 16 Dec 2007 14:58:48 -0800 Subject: Add ethernet bridging. --- debian/control | 2 +- templates/interfaces/bridge/node.def | 7 +++++++ templates/interfaces/bridge/node.tag/aging/node.def | 5 +++++ templates/interfaces/bridge/node.tag/description/node.def | 2 ++ templates/interfaces/bridge/node.tag/disable/node.def | 8 ++++++++ .../interfaces/bridge/node.tag/forwarding-delay/node.def | 5 +++++ templates/interfaces/bridge/node.tag/hello-time/node.def | 5 +++++ templates/interfaces/bridge/node.tag/max-age/node.def | 5 +++++ templates/interfaces/bridge/node.tag/node.def | 1 + templates/interfaces/bridge/node.tag/priority/node.def | 5 +++++ templates/interfaces/bridge/node.tag/stp/node.def | 9 +++++++++ .../ethernet/node.tag/bridge-group/bridge/node.def | 12 ++++++++++++ .../interfaces/ethernet/node.tag/bridge-group/cost/node.def | 4 ++++ templates/interfaces/ethernet/node.tag/bridge-group/node.def | 2 ++ .../ethernet/node.tag/bridge-group/priority/node.def | 4 ++++ 15 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 templates/interfaces/bridge/node.def create mode 100644 templates/interfaces/bridge/node.tag/aging/node.def create mode 100644 templates/interfaces/bridge/node.tag/description/node.def create mode 100644 templates/interfaces/bridge/node.tag/disable/node.def create mode 100644 templates/interfaces/bridge/node.tag/forwarding-delay/node.def create mode 100644 templates/interfaces/bridge/node.tag/hello-time/node.def create mode 100644 templates/interfaces/bridge/node.tag/max-age/node.def create mode 100644 templates/interfaces/bridge/node.tag/node.def create mode 100644 templates/interfaces/bridge/node.tag/priority/node.def create mode 100644 templates/interfaces/bridge/node.tag/stp/node.def create mode 100644 templates/interfaces/ethernet/node.tag/bridge-group/bridge/node.def create mode 100644 templates/interfaces/ethernet/node.tag/bridge-group/cost/node.def create mode 100644 templates/interfaces/ethernet/node.tag/bridge-group/node.def create mode 100644 templates/interfaces/ethernet/node.tag/bridge-group/priority/node.def diff --git a/debian/control b/debian/control index 88938b4a..19f15004 100644 --- a/debian/control +++ b/debian/control @@ -13,7 +13,7 @@ Depends: bash (>= 3.1), procps (>= 1:3.2.7-3), coreutils (>= 5.97-5.3), vyatta-cfg, sysv-rc, ifrename, ntp, sysklogd, busybox, ssh, whois, sudo, - snmpd, keepalived, vyatta-bash + snmpd, keepalived, vyatta-bash, bridge-utils Suggests: util-linux (>= 2.13-5), net-tools, ethtool, diff --git a/templates/interfaces/bridge/node.def b/templates/interfaces/bridge/node.def new file mode 100644 index 00000000..d85c9afc --- /dev/null +++ b/templates/interfaces/bridge/node.def @@ -0,0 +1,7 @@ +tag: +type: txt +help: "Enter bridge interface name (br0 - br9)" +syntax: $(@) in "br0", "br1", "br2", "br3", "br4", "br5", "br6", "br7", "br8", "br9" ; "Must be (br0 - br9)" +create: "sudo brctl addbr $(@)" +delete: "sudo brctl delbr $(@)" + diff --git a/templates/interfaces/bridge/node.tag/aging/node.def b/templates/interfaces/bridge/node.tag/aging/node.def new file mode 100644 index 00000000..0b1dcd03 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/aging/node.def @@ -0,0 +1,5 @@ +type: u32 +help: "Set the number of seconds a MAC address will be kept in the forwarding database" +default: 300 +update: "sudo brctl setageing $(../@) $(@)" +delete: "sudo brctl setageing $(../@) $(@)" diff --git a/templates/interfaces/bridge/node.tag/description/node.def b/templates/interfaces/bridge/node.tag/description/node.def new file mode 100644 index 00000000..481dce47 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: "Add a human-readable description of an interface" diff --git a/templates/interfaces/bridge/node.tag/disable/node.def b/templates/interfaces/bridge/node.tag/disable/node.def new file mode 100644 index 00000000..f72b8af3 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/disable/node.def @@ -0,0 +1,8 @@ +type: bool +help: "Disable the bridge interface" +default: false +update: "if [ x$(@) == xtrue ]; then \ + sudo ip link set $(../@) down; \ + else \ + sudo ip link set $(../@) up; \ + fi; " diff --git a/templates/interfaces/bridge/node.tag/forwarding-delay/node.def b/templates/interfaces/bridge/node.tag/forwarding-delay/node.def new file mode 100644 index 00000000..6634a7cc --- /dev/null +++ b/templates/interfaces/bridge/node.tag/forwarding-delay/node.def @@ -0,0 +1,5 @@ +type: u32 +help: "Set the forwarding delay" +default: 15 +update: "sudo brctl setfd $(../@) $(@)" +delete: "sudo brctl setfd $(../@) $(@)" diff --git a/templates/interfaces/bridge/node.tag/hello-time/node.def b/templates/interfaces/bridge/node.tag/hello-time/node.def new file mode 100644 index 00000000..e7b59ab3 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/hello-time/node.def @@ -0,0 +1,5 @@ +type: u32 +help: "Set the hello packet advertisment interval" +default: 2 +update: "sudo brctl sethello $(../@) $(@)" +delete: "sudo brctl sethello $(../@) $(@)" diff --git a/templates/interfaces/bridge/node.tag/max-age/node.def b/templates/interfaces/bridge/node.tag/max-age/node.def new file mode 100644 index 00000000..7fa3ecbe --- /dev/null +++ b/templates/interfaces/bridge/node.tag/max-age/node.def @@ -0,0 +1,5 @@ +type: u32 +help: "Set the interval at which neighbor bridges are removed" +default: 20 +update: "sudo brctl setmaxage $(../@) $(@)" +delete: "sudo brctl setmaxage $(../@) $(@)" diff --git a/templates/interfaces/bridge/node.tag/node.def b/templates/interfaces/bridge/node.tag/node.def new file mode 100644 index 00000000..07e13e91 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/node.def @@ -0,0 +1 @@ +help: "Set bridge parameters" diff --git a/templates/interfaces/bridge/node.tag/priority/node.def b/templates/interfaces/bridge/node.tag/priority/node.def new file mode 100644 index 00000000..650958ef --- /dev/null +++ b/templates/interfaces/bridge/node.tag/priority/node.def @@ -0,0 +1,5 @@ +type: u32 +help: "Set the priority for this bridge" +default: 0 +update: "sudo brctl setbridgeprio $(../@) $(@)" +delete: "sudo brctl setbridgeprio $(../@) $(@)" diff --git a/templates/interfaces/bridge/node.tag/stp/node.def b/templates/interfaces/bridge/node.tag/stp/node.def new file mode 100644 index 00000000..eb87287b --- /dev/null +++ b/templates/interfaces/bridge/node.tag/stp/node.def @@ -0,0 +1,9 @@ +type: bool +help: "Enable spanning tree protocol" +default: false +update: "if [ x$(@) == xtrue ]; then \ + sudo brctl stp $(../@) on; \ + else \ + sudo brctl stp $(../@) off; \ + fi; " +delete: "sudo brctl stp $(../@) off" diff --git a/templates/interfaces/ethernet/node.tag/bridge-group/bridge/node.def b/templates/interfaces/ethernet/node.tag/bridge-group/bridge/node.def new file mode 100644 index 00000000..f6ca51e4 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/bridge-group/bridge/node.def @@ -0,0 +1,12 @@ +type: txt +help: "Add this interface to a bridge-group" +syntax: exec " \ + if [ -z \"`sudo brctl show | grep $(@) `\" ]; then \ + echo bridge interface $(@) doesn\\'t exist on this system ; \ + exit 1 ; \ + fi ; " +update: "sudo brctl addif $(@) $(../../@)" +delete: "sudo brctl delif $(@) $(../../@)" +#allowed: local -a array ; +# array=( /sys/class/net/br* ) ; +# echo -n ${array[@]##*/} diff --git a/templates/interfaces/ethernet/node.tag/bridge-group/cost/node.def b/templates/interfaces/ethernet/node.tag/bridge-group/cost/node.def new file mode 100644 index 00000000..1c2bbde1 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/bridge-group/cost/node.def @@ -0,0 +1,4 @@ +type: u32 +help: "Set the path cost for this port" +commit: $(../bridge/) != ""; "Must configure bridge interface" +update: "sudo brctl setpathcost $(../../@) $(@)" diff --git a/templates/interfaces/ethernet/node.tag/bridge-group/node.def b/templates/interfaces/ethernet/node.tag/bridge-group/node.def new file mode 100644 index 00000000..b76b5d71 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/bridge-group/node.def @@ -0,0 +1,2 @@ +help: "Add this interface to a bridge group" +commit: $(./bridge/) != ""; "Must set the bridge interface" diff --git a/templates/interfaces/ethernet/node.tag/bridge-group/priority/node.def b/templates/interfaces/ethernet/node.tag/bridge-group/priority/node.def new file mode 100644 index 00000000..d254b082 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/bridge-group/priority/node.def @@ -0,0 +1,4 @@ +type: u32 +help: "Set the path priority for this port" +commit: $(../bridge/) != ""; "Must configure bridge interface" +update: "sudo brctl setportprio $(../../@) $(@)" -- cgit v1.2.3 From e21cc4704648b85f8eae737b1ca6194413231f72 Mon Sep 17 00:00:00 2001 From: Tom Grennan Date: Mon, 17 Dec 2007 17:14:11 -0800 Subject: support stand-alone validation --- scripts/vyatta_net_name | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) mode change 100644 => 100755 scripts/vyatta_net_name diff --git a/scripts/vyatta_net_name b/scripts/vyatta_net_name old mode 100644 new mode 100755 index 5cc1f4c5..43c71c1d --- a/scripts/vyatta_net_name +++ b/scripts/vyatta_net_name @@ -108,7 +108,8 @@ for name_hwid in ${cfg_net_hwid[@]} ; do if [ "$hwid" == "$attr_address" ] ; then # we mod the config file interface sub-clock in case it is missing # "link-detect" - ${vyatta_sbindir}/mod_bootfile_eth_hwid $BOOTFILE $name $attr_address + [[ "$BOOTFILE" != *test_* ]] && \ + ${vyatta_sbindir}/mod_bootfile_eth_hwid $BOOTFILE $name $attr_address echo $name exit 0 fi @@ -119,18 +120,17 @@ done [ -z "$kname" ] && \ exit 1 - # have not found matching hwid in config, see if we can use kernel name if [ -z "$match" ] ; then # the kernel interface name isnot in config # so, we might as well use it name=$kname - ${vyatta_sbindir}/add_bootfile_eth_hwid $BOOTFILE $name $attr_address + cmd=add elif [ -z "${match#*=}" ] ; then # the config has this interface but the sub-block is missing the hwid # so again, we might as well use the kernel name name=$kname - ${vyatta_sbindir}/mod_bootfile_eth_hwid $BOOTFILE $name $attr_address + cmd=mod else # The device mac address is not in the config but the config # has another hwid associated with the device name. This @@ -139,9 +139,12 @@ else # Since this is non-deterministic, we make a new name. (( ethn = last_ethn + 1 )) name=eth$ethn - ${vyatta_sbindir}/add_bootfile_eth_hwid $BOOTFILE $name $attr_address + cmd=add fi +[[ "$BOOTFILE" != *test_* ]] && \ + ${vyatta_sbindir}/${cmd}_bootfile_eth_hwid $BOOTFILE $name $attr_address + echo $name # Local Variables: -- cgit v1.2.3 From 35a2193ed8baa7af1c4c01f239b0363a9d5a5d19 Mon Sep 17 00:00:00 2001 From: Tom Grennan Date: Mon, 17 Dec 2007 17:15:14 -0800 Subject: remove ifrename dependency --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 88938b4a..ec7b49bd 100644 --- a/debian/control +++ b/debian/control @@ -12,7 +12,7 @@ Depends: bash (>= 3.1), perl (>= 5.8.8), procps (>= 1:3.2.7-3), coreutils (>= 5.97-5.3), - vyatta-cfg, sysv-rc, ifrename, ntp, sysklogd, busybox, ssh, whois, sudo, + vyatta-cfg, sysv-rc, ntp, sysklogd, busybox, ssh, whois, sudo, snmpd, keepalived, vyatta-bash Suggests: util-linux (>= 2.13-5), net-tools, -- cgit v1.2.3 From a9cd192305b779cb62aecd858ad9a4e5a1fbcad4 Mon Sep 17 00:00:00 2001 From: Tom Grennan Date: Mon, 17 Dec 2007 17:16:48 -0800 Subject: add init script to force udev settle before itf configured --- Makefile.am | 11 ++++--- debian/vyatta-cfg-system.postinst.in | 2 ++ etc/init.d/vyatta-udev | 58 ++++++++++++++++++++++++++++++++++++ 3 files changed, 67 insertions(+), 4 deletions(-) create mode 100755 etc/init.d/vyatta-udev diff --git a/Makefile.am b/Makefile.am index f893bf13..2d109577 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,8 @@ -cfgdir = $(datadir)/vyatta-cfg/templates -share_perl5dir = $(datarootdir)/perl5 -libudevdir = /lib/udev -etcudevdir = /etc/udev +cfgdir = $(datadir)/vyatta-cfg/templates +share_perl5dir = $(datarootdir)/perl5 +libudevdir = /lib/udev +etcudevdir = /etc/udev +initddir = /etc/init.d bin_SCRIPTS = sbin_SCRIPTS = @@ -39,6 +40,8 @@ sysconf_DATA += sysconf/config.boot.default libudev_SCRIPTS = scripts/vyatta_net_name etcudev_DATA = sysconf/vyatta-net.rules +initd_SCRIPTS = etc/init.d/vyatta-udev + cpiop = find . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \ cpio -0pd diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 13ba6dc6..b747b786 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -22,6 +22,8 @@ esac ln -sf ../vyatta-net.rules /etc/udev/rules.d/$vyatta_net_rules +update-rc.d vyatta-udev start 21 S . + if [ "$sysconfdir" != "/etc" ]; then # for "admin" level (FIXME) sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers diff --git a/etc/init.d/vyatta-udev b/etc/init.d/vyatta-udev new file mode 100755 index 00000000..5c2c1d37 --- /dev/null +++ b/etc/init.d/vyatta-udev @@ -0,0 +1,58 @@ +#!/bin/bash +### BEGIN INIT INFO +# Provides: vyatta-udev +# Required-Start: udev module-init-tools +# Required-Stop: +# Default-Start: S +# Default-Stop: +# Short-Description: Trigger udev net subsystem to process interface renaming +### END INIT INFO +# **** License **** +# Version: VPL 1.0 +# +# The contents of this file are subject to the Vyatta Public License +# Version 1.0 ("License"); you may not use this file except in +# compliance with the License. You may obtain a copy of the License at +# http://www.vyatta.com/vpl +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +# the License for the specific language governing rights and limitations +# under the License. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Tom Grennan +# **** End License **** + +. /lib/lsb/init-functions + +: ${vyatta_env:=/etc/default/vyatta} +source $vyatta_env + +declare progname=${0##*/} +declare action=$1; shift + +start () +{ + log_action_begin_msg "Trigger rename of network interfaces" + udevtrigger --subsystem-match=net + udevsettle + log_action_end_msg $? +} + +case "$action" in + start) start ;; + stop|restart|force-reload) true ;; + *) log_failure_msg "usage: $progname [ start|stop|restart ]" ; + false ;; +esac + +exit $? + +# Local Variables: +# mode: shell-script +# sh-indentation: 4 +# End: -- cgit v1.2.3 From 1802eb010fb9b382dde4d3e1574fd578027c7dc0 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Tue, 18 Dec 2007 09:53:24 -0800 Subject: - Add support for multiple vrrp groups per interface. - Add support for multiple VIPs per vrrp group. --- scripts/keepalived/VyattaKeepalived.pm | 17 ++- scripts/keepalived/vyatta-keepalived.pl | 121 +++++++++++---------- scripts/keepalived/vyatta-show-vrrp.pl | 21 +++- .../node.tag/vrrp/advertise-interval/node.def | 4 - .../ethernet/node.tag/vrrp/authentication/node.def | 3 - .../node.tag/vrrp/authentication/password/node.def | 2 - .../node.tag/vrrp/authentication/type/node.def | 3 - .../interfaces/ethernet/node.tag/vrrp/node.def | 2 - .../ethernet/node.tag/vrrp/preempt/node.def | 4 - .../ethernet/node.tag/vrrp/priority/node.def | 3 - .../node.tag/vrrp/virtual-address/node.def | 2 - .../ethernet/node.tag/vrrp/vrrp-group/node.def | 4 +- .../node.tag/advertise-interval/node.def | 4 + .../vrrp-group/node.tag/authentication/node.def | 3 + .../node.tag/authentication/password/node.def | 2 + .../node.tag/authentication/type/node.def | 3 + .../node.tag/vrrp/vrrp-group/node.tag/node.def | 1 + .../vrrp/vrrp-group/node.tag/preempt/node.def | 4 + .../vrrp/vrrp-group/node.tag/priority/node.def | 3 + .../vrrp-group/node.tag/virtual-address/node.def | 3 + 20 files changed, 117 insertions(+), 92 deletions(-) delete mode 100644 templates/interfaces/ethernet/node.tag/vrrp/advertise-interval/node.def delete mode 100644 templates/interfaces/ethernet/node.tag/vrrp/authentication/node.def delete mode 100644 templates/interfaces/ethernet/node.tag/vrrp/authentication/password/node.def delete mode 100644 templates/interfaces/ethernet/node.tag/vrrp/authentication/type/node.def delete mode 100644 templates/interfaces/ethernet/node.tag/vrrp/preempt/node.def delete mode 100644 templates/interfaces/ethernet/node.tag/vrrp/priority/node.def delete mode 100644 templates/interfaces/ethernet/node.tag/vrrp/virtual-address/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/priority/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def diff --git a/scripts/keepalived/VyattaKeepalived.pm b/scripts/keepalived/VyattaKeepalived.pm index c2d446e4..e0e84af3 100755 --- a/scripts/keepalived/VyattaKeepalived.pm +++ b/scripts/keepalived/VyattaKeepalived.pm @@ -129,6 +129,17 @@ sub get_state_files { return @state_files; } +sub get_vips_per_intf { + my ($intf) = @_; + + my $config = new VyattaConfig; + my @groups = (); + + $config->setLevel("interfaces ethernet $intf vrrp vrrp-group"); + @groups = $config->listOrigNodes(); + return scalar(@groups); +} + sub vrrp_get_config { my ($intf, $group) = @_; @@ -144,8 +155,8 @@ sub vrrp_get_config { $primary_addr = $1; } - $config->setLevel("interfaces ethernet $intf vrrp"); - my $vip = $config->returnOrigValue("virtual-address"); + $config->setLevel("interfaces ethernet $intf vrrp vrrp-group $group"); + my @vips = $config->returnOrigValues("virtual-address"); my $priority = $config->returnOrigValue("priority"); if (!defined $priority) { $priority = 1; @@ -165,7 +176,7 @@ sub vrrp_get_config { } else { $auth_type = uc($auth_type); } - return ($primary_addr, $vip, $priority, $preempt, $advert_int, $auth_type); + return ($primary_addr, $priority, $preempt, $advert_int, $auth_type, @vips); } sub vrrp_state_parse { diff --git a/scripts/keepalived/vyatta-keepalived.pl b/scripts/keepalived/vyatta-keepalived.pl index 15346855..e9df03df 100755 --- a/scripts/keepalived/vyatta-keepalived.pl +++ b/scripts/keepalived/vyatta-keepalived.pl @@ -38,72 +38,75 @@ use warnings; sub keepalived_get_values { my ($intf) = @_; - my $output; + my $output = ''; my $config = new VyattaConfig; - $config->setLevel("interfaces ethernet $intf vrrp"); - my $group = $config->returnValue("vrrp-group"); - if (!defined $group) { - $group = 1; - } - my $vip = $config->returnValue("virtual-address"); - if (!defined $vip) { - print "must define a virtual-address for vrrp-group $group\n"; - exit 1; - } - my $priority = $config->returnValue("priority"); - if (!defined $priority) { - $priority = 1; - } - my $preempt = $config->returnValue("preempt"); - if (!defined $preempt) { - $preempt = "true"; - } - my $advert_int = $config->returnValue("advertise-interval"); - if (!defined $advert_int) { - $advert_int = 1; - } - $config->setLevel("interfaces ethernet $intf vrrp authentication"); - my $auth_type = $config->returnValue("type"); - my $auth_pass; - if (defined $auth_type) { - $auth_type = uc($auth_type); - $auth_pass = $config->returnValue("password"); - if (! defined $auth_pass) { - print "vrrp authentication password not set"; + my $state_transition_script = VyattaKeepalived::get_state_script(); + + $config->setLevel("interfaces ethernet $intf vrrp vrrp-group"); + my @groups = $config->listNodes(); + foreach my $group (@groups) { + $config->setLevel("interfaces ethernet $intf vrrp vrrp-group $group"); + my @vips = $config->returnValues("virtual-address"); + if (scalar(@vips) == 0) { + print "must define a virtual-address for vrrp-group $group\n"; exit 1; } - } - my $state_transition_script = VyattaKeepalived::get_state_script(); + my $priority = $config->returnValue("priority"); + if (!defined $priority) { + $priority = 1; + } + my $preempt = $config->returnValue("preempt"); + if (!defined $preempt) { + $preempt = "true"; + } + my $advert_int = $config->returnValue("advertise-interval"); + if (!defined $advert_int) { + $advert_int = 1; + } + $config->setLevel("interfaces ethernet $intf vrrp vrrp-group $group authentication"); + my $auth_type = $config->returnValue("type"); + my $auth_pass; + if (defined $auth_type) { + $auth_type = uc($auth_type); + $auth_pass = $config->returnValue("password"); + if (! defined $auth_pass) { + print "vrrp authentication password not set"; + exit 1; + } + } - $output = "vrrp_instance vyatta-$intf-$group \{\n"; - if ($preempt eq "false") { - $output .= "\tstate BACKUP\n"; - } else { - $output .= "\tstate MASTER\n"; + $output .= "vrrp_instance vyatta-$intf-$group \{\n"; + if ($preempt eq "false") { + $output .= "\tstate BACKUP\n"; + } else { + $output .= "\tstate MASTER\n"; } - $output .= "\tinterface $intf\n"; - $output .= "\tvirtual_router_id $group\n"; - $output .= "\tpriority $priority\n"; - if ($preempt eq "false") { - $output .= "\tnopreempt\n"; - } - $output .= "\tadvert_int $advert_int\n"; - if (defined $auth_type) { - $output .= "\tauthentication {\n"; - $output .= "\t\tauth_type $auth_type\n"; - $output .= "\t\tauth_pass $auth_pass\n\t}\n"; + $output .= "\tinterface $intf\n"; + $output .= "\tvirtual_router_id $group\n"; + $output .= "\tpriority $priority\n"; + if ($preempt eq "false") { + $output .= "\tnopreempt\n"; + } + $output .= "\tadvert_int $advert_int\n"; + if (defined $auth_type) { + $output .= "\tauthentication {\n"; + $output .= "\t\tauth_type $auth_type\n"; + $output .= "\t\tauth_pass $auth_pass\n\t}\n"; + } + $output .= "\tvirtual_ipaddress \{\n"; + foreach my $vip (@vips) { + $output .= "\t\t$vip\n"; + } + $output .= "\t\}\n"; + $output .= "\tnotify_master "; + $output .= "\"$state_transition_script master $intf $group @vips\" \n"; + $output .= "\tnotify_backup "; + $output .= "\"$state_transition_script backup $intf $group @vips\" \n"; + $output .= "\t notify_fault "; + $output .= "\"$state_transition_script fault $intf $group @vips\" \n"; + $output .= "\}\n"; } - $output .= "\tvirtual_ipaddress \{\n"; - $output .= "\t\t$vip\n"; - $output .= "\t\}\n"; - $output .= "\tnotify_master "; - $output .= "\"$state_transition_script master $intf $group $vip\" \n"; - $output .= "\tnotify_backup "; - $output .= "\"$state_transition_script backup $intf $group $vip\" \n"; - $output .= "\t notify_fault "; - $output .= "\"$state_transition_script fault $intf $group $vip\" \n"; - $output .= "\}\n"; return $output; } diff --git a/scripts/keepalived/vyatta-show-vrrp.pl b/scripts/keepalived/vyatta-show-vrrp.pl index 6540eaf5..934808f6 100755 --- a/scripts/keepalived/vyatta-show-vrrp.pl +++ b/scripts/keepalived/vyatta-show-vrrp.pl @@ -81,7 +81,7 @@ sub link_updown { } sub get_master_info { - my ($intf, $group, $vip) = @_; + my ($intf, $group) = @_; my $file = VyattaKeepalived::get_master_file($intf, $group); if ( -f $file) { @@ -113,18 +113,27 @@ sub vrrp_show { VyattaKeepalived::vrrp_state_parse($file); my $link = link_updown($intf); if ($state eq "master" || $state eq "backup" || $state eq "fault") { - my ($primary_addr, $vip, $priority, $preempt, $advert_int, $auth_type) = - VyattaKeepalived::vrrp_get_config($intf, $group); + my ($primary_addr, $priority, $preempt, $advert_int, $auth_type, + @vips) = VyattaKeepalived::vrrp_get_config($intf, $group); print "Physical interface: $intf, Address $primary_addr\n"; print " Interface state: $link, Group $group, State: $state\n"; print " Priority: $priority, Advertisement interval: $advert_int, "; print "Authentication type: $auth_type\n"; - print " Preempt: $preempt, VIP count: 1, VIP: $vip\n"; + my $vip_count = scalar(@vips); + my $string = " Preempt: $preempt, VIP count: $vip_count, VIP: "; + my $strlen = length($string); + print $string; + foreach my $vip (@vips) { + if ($vip_count != scalar(@vips)) { + print " " x $strlen; + } + print "$vip\n"; + $vip_count--; + } if ($state eq "master") { print " Master router: $primary_addr\n"; } elsif ($state eq "backup") { - my ($master_rtr, $master_prio) = get_master_info($intf, - $group, $vip); + my ($master_rtr, $master_prio) = get_master_info($intf, $group); print " Master router: $master_rtr, "; print "Master Priority: $master_prio\n"; } diff --git a/templates/interfaces/ethernet/node.tag/vrrp/advertise-interval/node.def b/templates/interfaces/ethernet/node.tag/vrrp/advertise-interval/node.def deleted file mode 100644 index edfbc3a4..00000000 --- a/templates/interfaces/ethernet/node.tag/vrrp/advertise-interval/node.def +++ /dev/null @@ -1,4 +0,0 @@ -type: u32 -default: 1 -help: "Configure advertise interval" -syntax: $(@) > 0 && $(@) <=255; "Advertise interval must be between 1-255" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/authentication/node.def b/templates/interfaces/ethernet/node.tag/vrrp/authentication/node.def deleted file mode 100644 index e3120d51..00000000 --- a/templates/interfaces/ethernet/node.tag/vrrp/authentication/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: "Configure authentication" -commit: $(./type/@) != ""; "You must set a authentication type" -commit: $(./password/@) != ""; "You must set a authentication password" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/authentication/password/node.def b/templates/interfaces/ethernet/node.tag/vrrp/authentication/password/node.def deleted file mode 100644 index 87855962..00000000 --- a/templates/interfaces/ethernet/node.tag/vrrp/authentication/password/node.def +++ /dev/null @@ -1,2 +0,0 @@ -type: txt -help: "Password text" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/authentication/type/node.def b/templates/interfaces/ethernet/node.tag/vrrp/authentication/type/node.def deleted file mode 100644 index 72e53f4b..00000000 --- a/templates/interfaces/ethernet/node.tag/vrrp/authentication/type/node.def +++ /dev/null @@ -1,3 +0,0 @@ -type: txt -help: "Authentication type PASS|AH" -syntax: $(@) in "PASS", "pass", "AH", "ah"; "authentication must be PASS or AH" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/node.def b/templates/interfaces/ethernet/node.tag/vrrp/node.def index de3253a5..2c8cc58a 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/node.def @@ -1,5 +1,3 @@ help: "Configure VRRP" commit: $(../address/) != ""; "Must define a primary IP address on $(../@)" -commit: $(virtual-address/) != ""; "Must define the virtual-address for vrrp-group $(../vrrp-group/@)" end: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action update --intf $(../@) " - diff --git a/templates/interfaces/ethernet/node.tag/vrrp/preempt/node.def b/templates/interfaces/ethernet/node.tag/vrrp/preempt/node.def deleted file mode 100644 index a9869373..00000000 --- a/templates/interfaces/ethernet/node.tag/vrrp/preempt/node.def +++ /dev/null @@ -1,4 +0,0 @@ -type: txt -help: "Preempt (true or false)" -default: "true" -syntax: $(@) in "true", "false"; "preempt must be true or false" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/priority/node.def b/templates/interfaces/ethernet/node.tag/vrrp/priority/node.def deleted file mode 100644 index 3f7aacbf..00000000 --- a/templates/interfaces/ethernet/node.tag/vrrp/priority/node.def +++ /dev/null @@ -1,3 +0,0 @@ -type: u32 -syntax: $(@) >= 0 &&$(@) <= 255; "priority must be between 1-255" -help: "Priority" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/virtual-address/node.def b/templates/interfaces/ethernet/node.tag/vrrp/virtual-address/node.def deleted file mode 100644 index badf657e..00000000 --- a/templates/interfaces/ethernet/node.tag/vrrp/virtual-address/node.def +++ /dev/null @@ -1,2 +0,0 @@ -type: ipv4 -help: "Configure virtual address" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def index fe9690d8..d2f231e7 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def @@ -1,4 +1,6 @@ +tag: type: u32 syntax: $(@) >= 0 && $(@) <= 255; "VRRP group must be between 1-255" +commit: $(virtual-address/) != ""; "Must define the virtual-address for vrrp-group $(@)" help: "Configure VRRP group number" -delete: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action delete --intf $(../../@) --group $(@) " +delete: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action delete --intf $(../../../@) --group $(@) " diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def new file mode 100644 index 00000000..edfbc3a4 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def @@ -0,0 +1,4 @@ +type: u32 +default: 1 +help: "Configure advertise interval" +syntax: $(@) > 0 && $(@) <=255; "Advertise interval must be between 1-255" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def new file mode 100644 index 00000000..e3120d51 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def @@ -0,0 +1,3 @@ +help: "Configure authentication" +commit: $(./type/@) != ""; "You must set a authentication type" +commit: $(./password/@) != ""; "You must set a authentication password" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def new file mode 100644 index 00000000..87855962 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def @@ -0,0 +1,2 @@ +type: txt +help: "Password text" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def new file mode 100644 index 00000000..72e53f4b --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def @@ -0,0 +1,3 @@ +type: txt +help: "Authentication type PASS|AH" +syntax: $(@) in "PASS", "pass", "AH", "ah"; "authentication must be PASS or AH" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/node.def new file mode 100644 index 00000000..a4f3c074 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/node.def @@ -0,0 +1 @@ +help: "VRRP configuration for this VRRP group" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def new file mode 100644 index 00000000..a9869373 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def @@ -0,0 +1,4 @@ +type: txt +help: "Preempt (true or false)" +default: "true" +syntax: $(@) in "true", "false"; "preempt must be true or false" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/priority/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/priority/node.def new file mode 100644 index 00000000..3f7aacbf --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/priority/node.def @@ -0,0 +1,3 @@ +type: u32 +syntax: $(@) >= 0 &&$(@) <= 255; "priority must be between 1-255" +help: "Priority" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def new file mode 100644 index 00000000..bcf9392f --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def @@ -0,0 +1,3 @@ +multi: +type: ipv4 +help: "Configure virtual address" -- cgit v1.2.3 From c30fc4752c878c12255101aa928c64f7a3511020 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Tue, 18 Dec 2007 10:50:21 -0800 Subject: Fix delete vrrp node (we really need symbolic names rather than relative path). --- templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def index d2f231e7..dfb9c6a2 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def @@ -3,4 +3,4 @@ type: u32 syntax: $(@) >= 0 && $(@) <= 255; "VRRP group must be between 1-255" commit: $(virtual-address/) != ""; "Must define the virtual-address for vrrp-group $(@)" help: "Configure VRRP group number" -delete: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action delete --intf $(../../../@) --group $(@) " +delete: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action delete --intf $(../../@) --group $(@) " -- cgit v1.2.3