From 1b8212fe55cc9d83601acc52b43d3e7116542eda Mon Sep 17 00:00:00 2001 From: "David S. Madole" Date: Sun, 27 Sep 2009 15:29:17 -0400 Subject: Add VRRP capability to bonding interfaces and vifs of bonding interfaces. --- scripts/keepalived/vyatta-clear-vrrp.pl | 75 +++---- scripts/keepalived/vyatta-keepalived.pl | 225 +++++++++++---------- scripts/keepalived/vyatta-show-vrrp.pl | 14 +- .../bonding/node.tag/vif/node.tag/vrrp/node.def | 3 + .../node.tag/vif/node.tag/vrrp/vrrp-group/node.def | 8 + .../node.tag/advertise-interval/node.def | 6 + .../vrrp-group/node.tag/authentication/node.def | 3 + .../node.tag/authentication/password/node.def | 9 + .../node.tag/authentication/type/node.def | 7 + .../vrrp/vrrp-group/node.tag/description/node.def | 2 + .../vrrp/vrrp-group/node.tag/disable/node.def | 1 + .../node.tag/hello-source-address/node.def | 6 + .../vrrp-group/node.tag/preempt-delay/node.def | 6 + .../vrrp/vrrp-group/node.tag/preempt/node.def | 7 + .../vrrp/vrrp-group/node.tag/priority/node.def | 5 + .../run-transition-scripts/backup/node.def | 4 + .../node.tag/run-transition-scripts/fault/node.def | 4 + .../run-transition-scripts/master/node.def | 4 + .../node.tag/run-transition-scripts/node.def | 2 + .../vrrp/vrrp-group/node.tag/sync-group/node.def | 2 + .../vrrp-group/node.tag/virtual-address/node.def | 22 ++ .../interfaces/bonding/node.tag/vrrp/node.def | 3 + .../bonding/node.tag/vrrp/vrrp-group/node.def | 8 + .../node.tag/advertise-interval/node.def | 6 + .../vrrp-group/node.tag/authentication/node.def | 3 + .../node.tag/authentication/password/node.def | 9 + .../node.tag/authentication/type/node.def | 7 + .../vrrp/vrrp-group/node.tag/description/node.def | 2 + .../vrrp/vrrp-group/node.tag/disable/node.def | 1 + .../node.tag/hello-source-address/node.def | 6 + .../vrrp-group/node.tag/preempt-delay/node.def | 6 + .../vrrp/vrrp-group/node.tag/preempt/node.def | 7 + .../vrrp/vrrp-group/node.tag/priority/node.def | 5 + .../run-transition-scripts/backup/node.def | 4 + .../node.tag/run-transition-scripts/fault/node.def | 4 + .../run-transition-scripts/master/node.def | 4 + .../node.tag/run-transition-scripts/node.def | 2 + .../vrrp/vrrp-group/node.tag/sync-group/node.def | 2 + .../vrrp-group/node.tag/virtual-address/node.def | 22 ++ 39 files changed, 370 insertions(+), 146 deletions(-) create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/description/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/disable/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/priority/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def create mode 100644 templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/description/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/disable/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/priority/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def create mode 100644 templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def diff --git a/scripts/keepalived/vyatta-clear-vrrp.pl b/scripts/keepalived/vyatta-clear-vrrp.pl index 17dedc59..ba5d569b 100644 --- a/scripts/keepalived/vyatta-clear-vrrp.pl +++ b/scripts/keepalived/vyatta-clear-vrrp.pl @@ -109,47 +109,50 @@ sub get_vrrp_intf_group { # return an array of hashes that contains all the intf/group pairs # - my $config = new Vyatta::Config; - $config->setLevel('interfaces ethernet'); - my @eths = $config->listOrigNodes(); - foreach my $eth (@eths) { - my $path = "interfaces ethernet $eth"; - $config->setLevel($path); - if ($config->existsOrig("vrrp")) { - $path = "$path vrrp vrrp-group"; + foreach my $type (("ethernet", "bonding")) { + + my $config = new Vyatta::Config; + $config->setLevel("interfaces $type"); + my @eths = $config->listOrigNodes(); + foreach my $eth (@eths) { + my $path = "interfaces $type $eth"; $config->setLevel($path); - my @groups = $config->listOrigNodes(); - foreach my $group (@groups) { - my %hash; - $hash{'intf'} = $eth; - $hash{'group'} = $group; - $hash{'path'} = "$path $group"; - push @array, {%hash}; + if ($config->existsOrig("vrrp")) { + $path = "$path vrrp vrrp-group"; + $config->setLevel($path); + my @groups = $config->listOrigNodes(); + foreach my $group (@groups) { + my %hash; + $hash{'intf'} = $eth; + $hash{'group'} = $group; + $hash{'path'} = "$path $group"; + push @array, {%hash}; + } } - } - $path = "interfaces ethernet $eth"; - $config->setLevel($path); - if ($config->existsOrig('vif')) { - my $path = "$path vif"; + $path = "interfaces $type $eth"; $config->setLevel($path); - my @vifs = $config->listOrigNodes(); - foreach my $vif (@vifs) { - my $vif_intf = $eth . '.' . $vif; - my $vif_path = "$path $vif"; - $config->setLevel($vif_path); - if ($config->existsOrig('vrrp')) { - $vif_path = "$vif_path vrrp vrrp-group"; + if ($config->existsOrig('vif')) { + my $path = "$path vif"; + $config->setLevel($path); + my @vifs = $config->listOrigNodes(); + foreach my $vif (@vifs) { + my $vif_intf = $eth . '.' . $vif; + my $vif_path = "$path $vif"; $config->setLevel($vif_path); - my @groups = $config->listOrigNodes(); - foreach my $group (@groups) { - my %hash; - $hash{'intf'} = $vif_intf; - $hash{'group'} = $group; - $hash{'path'} = "$path $group"; - push @array, {%hash}; - } - } + if ($config->existsOrig('vrrp')) { + $vif_path = "$vif_path vrrp vrrp-group"; + $config->setLevel($vif_path); + my @groups = $config->listOrigNodes(); + foreach my $group (@groups) { + my %hash; + $hash{'intf'} = $vif_intf; + $hash{'group'} = $group; + $hash{'path'} = "$path $group"; + push @array, {%hash}; + } + } + } } } } diff --git a/scripts/keepalived/vyatta-keepalived.pl b/scripts/keepalived/vyatta-keepalived.pl index f7d3a652..842f8bc3 100755 --- a/scripts/keepalived/vyatta-keepalived.pl +++ b/scripts/keepalived/vyatta-keepalived.pl @@ -235,61 +235,64 @@ sub vrrp_find_changes { my $config = new Vyatta::Config; my $vrrp_instances = 0; - $config->setLevel("interfaces ethernet"); - my @eths = $config->listNodes(); - foreach my $eth (@eths) { - my $path = "interfaces ethernet $eth"; - $config->setLevel($path); - if ($config->exists("vrrp")) { - my %vrrp_status_hash = $config->listNodeStatus("vrrp"); - my ($vrrp, $vrrp_status) = each(%vrrp_status_hash); - if ($vrrp_status ne "static") { - push @list, $eth; - vrrp_log("$vrrp_status found $eth"); - } - } - if ($config->exists("vif")) { - my $path = "interfaces ethernet $eth vif"; + foreach my $type (("ethernet", "bonding")) { + + $config->setLevel("interfaces $type"); + my @eths = $config->listNodes(); + foreach my $eth (@eths) { + my $path = "interfaces $type $eth"; $config->setLevel($path); - my @vifs = $config->listNodes(); - foreach my $vif (@vifs) { - my $vif_intf = $eth . "." . $vif; - my $vif_path = "$path $vif"; - $config->setLevel($vif_path); - if ($config->exists("vrrp")) { - my %vrrp_status_hash = $config->listNodeStatus("vrrp"); - my ($vrrp, $vrrp_status) = each(%vrrp_status_hash); - if ($vrrp_status ne "static") { - push @list, "$eth.$vif"; - vrrp_log("$vrrp_status found $eth.$vif"); + if ($config->exists("vrrp")) { + my %vrrp_status_hash = $config->listNodeStatus("vrrp"); + my ($vrrp, $vrrp_status) = each(%vrrp_status_hash); + if ($vrrp_status ne "static") { + push @list, $eth; + vrrp_log("$vrrp_status found $eth"); + } + } + if ($config->exists("vif")) { + my $path = "interfaces $type $eth vif"; + $config->setLevel($path); + my @vifs = $config->listNodes(); + foreach my $vif (@vifs) { + my $vif_intf = $eth . "." . $vif; + my $vif_path = "$path $vif"; + $config->setLevel($vif_path); + if ($config->exists("vrrp")) { + my %vrrp_status_hash = $config->listNodeStatus("vrrp"); + my ($vrrp, $vrrp_status) = each(%vrrp_status_hash); + if ($vrrp_status ne "static") { + push @list, "$eth.$vif"; + vrrp_log("$vrrp_status found $eth.$vif"); + } } } } } - } - # - # Now look for deleted from the origin tree - # - $config->setLevel("interfaces ethernet"); - @eths = $config->listOrigNodes(); - foreach my $eth (@eths) { - my $path = "interfaces ethernet $eth"; - $config->setLevel($path); - if ($config->isDeleted("vrrp")) { + # + # Now look for deleted from the origin tree + # + $config->setLevel("interfaces $type"); + @eths = $config->listOrigNodes(); + foreach my $eth (@eths) { + my $path = "interfaces $type $eth"; + $config->setLevel($path); + if ($config->isDeleted("vrrp")) { push @list, $eth; vrrp_log("Delete found $eth"); - } - $config->setLevel("$path vif"); - my @vifs = $config->listOrigNodes(); - foreach my $vif (@vifs) { - my $vif_intf = $eth . "." . $vif; - my $vif_path = "$path vif $vif"; - $config->setLevel($vif_path); - if ($config->isDeleted("vrrp")) { - push @list, "$eth.$vif"; - vrrp_log("Delete found $eth.$vif"); - } + } + $config->setLevel("$path vif"); + my @vifs = $config->listOrigNodes(); + foreach my $vif (@vifs) { + my $vif_intf = $eth . "." . $vif; + my $vif_path = "$path vif $vif"; + $config->setLevel($vif_path); + if ($config->isDeleted("vrrp")) { + push @list, "$eth.$vif"; + vrrp_log("Delete found $eth.$vif"); + } + } } } @@ -339,47 +342,51 @@ sub vrrp_update_config { my $output = "#\n# autogenerated by $0 on $date\n#\n\n"; my $config = new Vyatta::Config; - - $config->setLevel("interfaces ethernet"); - my @eths = $config->listNodes(); my $vrrp_instances = 0; - foreach my $eth (@eths) { - my $path = "interfaces ethernet $eth"; - $config->setLevel($path); - if ($config->exists("vrrp")) { - my ($inst_output, @inst_errs) = keepalived_get_values($eth, $path); - if (scalar(@inst_errs)) { - push @errs, @inst_errs; - } else { - $output .= $inst_output; - $vrrp_instances++; - } - } - if ($config->exists("vif")) { - my $path = "interfaces ethernet $eth vif"; + + for my $type (("ethernet", "bonding")) { + + $config->setLevel("interfaces $type"); + my @eths = $config->listNodes(); + foreach my $eth (@eths) { + my $path = "interfaces $type $eth"; $config->setLevel($path); - my @vifs = $config->listNodes(); - foreach my $vif (@vifs) { - my $vif_path = "$path $vif"; - $config->setLevel($vif_path); - if ($config->exists("vrrp")) { - # - # keepalived gets real grumpy with interfaces that don't - # exist, so skip vlans that haven't been instantiated - # yet (typically occurs at boot up). - # - my $vif_intf = $eth . "." . $vif; - if (!(-d "/sys/class/net/$vif_intf")) { - push @errs, "vlan doesn't exist $vif_intf"; - next; - } - my ($inst_output, @inst_errs) = - keepalived_get_values($vif_intf, $vif_path); - if (scalar(@inst_errs)) { - push @errs, @inst_errs; - } else { - $output .= $inst_output; - $vrrp_instances++; + if ($config->exists("vrrp")) { + my ($inst_output, @inst_errs) = + keepalived_get_values($eth, $path); + if (scalar(@inst_errs)) { + push @errs, @inst_errs; + } else { + $output .= $inst_output; + $vrrp_instances++; + } + } + if ($config->exists("vif")) { + my $path = "interfaces $type $eth vif"; + $config->setLevel($path); + my @vifs = $config->listNodes(); + foreach my $vif (@vifs) { + my $vif_path = "$path $vif"; + $config->setLevel($vif_path); + if ($config->exists("vrrp")) { + # + # keepalived gets real grumpy with interfaces that + # don't exist, so skip vlans that haven't been + # instantiated yet (typically occurs at boot up). + # + my $vif_intf = $eth . "." . $vif; + if (!(-d "/sys/class/net/$vif_intf")) { + push @errs, "vlan doesn't exist $vif_intf"; + next; + } + my ($inst_output, @inst_errs) = + keepalived_get_values($vif_intf, $vif_path); + if (scalar(@inst_errs)) { + push @errs, @inst_errs; + } else { + $output .= $inst_output; + $vrrp_instances++; + } } } } @@ -408,21 +415,24 @@ sub list_vrrp_intf { my $config = new Vyatta::Config; my @intfs = (); - $config->setLevel("interfaces ethernet"); - my @eths = $config->listOrigNodes(); - foreach my $eth (@eths) { - my $path = "interfaces ethernet $eth"; - $config->setLevel($path); - push @intfs, $eth if $config->existsOrig("vrrp"); - if ($config->existsOrig("vif")) { - my $path = "interfaces ethernet $eth vif"; + foreach my $type (("ethernet", "bonding")) { + + $config->setLevel("interfaces $type"); + my @eths = $config->listOrigNodes(); + foreach my $eth (@eths) { + my $path = "interfaces $type $eth"; $config->setLevel($path); - my @vifs = $config->listOrigNodes(); - foreach my $vif (@vifs) { - my $vif_intf = $eth . "." . $vif; - my $vif_path = "$path $vif"; - $config->setLevel($vif_path); - push @intfs, $vif_intf if $config->existsOrig("vrrp"); + push @intfs, $eth if $config->existsOrig("vrrp"); + if ($config->existsOrig("vif")) { + my $path = "interfaces $type $eth vif"; + $config->setLevel($path); + my @vifs = $config->listOrigNodes(); + foreach my $vif (@vifs) { + my $vif_intf = $eth . "." . $vif; + my $vif_path = "$path $vif"; + $config->setLevel($vif_path); + push @intfs, $vif_intf if $config->existsOrig("vrrp"); + } } } } @@ -431,11 +441,18 @@ sub list_vrrp_intf { sub list_vrrp_group { my ($name) = @_; - my $config = new Vyatta::Config; - my $path = "interfaces ethernet $name"; - if ($name =~ /(eth\d+)\.(\d+)/) { - $path = "interfaces ethernet $1 vif $2"; + my $path; + if ($name =~ /bond/) { + $path = "interfaces bonding $name"; + if ($name =~ /(bond\d+)\.(\d+)/) { + $path = "interfaces bonding $1 vif $2"; + } + } else { + $path = "interfaces ethernet $name"; + if ($name =~ /(eth\d+)\.(\d+)/) { + $path = "interfaces ethernet $1 vif $2"; + } } $path .= " vrrp vrrp-group"; $config->setLevel($path); diff --git a/scripts/keepalived/vyatta-show-vrrp.pl b/scripts/keepalived/vyatta-show-vrrp.pl index 3015bc92..5ec2e8ad 100755 --- a/scripts/keepalived/vyatta-show-vrrp.pl +++ b/scripts/keepalived/vyatta-show-vrrp.pl @@ -129,7 +129,7 @@ sub get_master_info { my $source_ip = (vrrp_get_config($intf, $group))[0]; # arping doesn't seem to work for vlans - if ($intf =~ /(eth\d+).\d+/) { + if ($intf =~ /(eth\d+|bond\d+).\d+/) { $intf = $1; } system("/usr/bin/arping -c1 -f -I $intf -s $source_ip $vip > $arp_file"); @@ -251,7 +251,7 @@ sub vrrp_show { # # main # -my $intf = "eth"; +my @intfs = ("eth", "bond"); my $group = "all"; my $showsummary = 0; @@ -259,7 +259,7 @@ if ($#ARGV >= 0) { if ($ARGV[0] eq "summary") { $showsummary = 1; } else { - $intf = $ARGV[0]; + @intfs = ($ARGV[0]); } } @@ -284,9 +284,11 @@ if ($showsummary == 1) { $display_func = \&vrrp_show; } -my @state_files = Vyatta::Keepalived::get_state_files($intf, $group); -foreach my $state_file (@state_files) { - &$display_func($state_file); +foreach my $intf (@intfs) { + my @state_files = Vyatta::Keepalived::get_state_files($intf, $group); + foreach my $state_file (@state_files) { + &$display_func($state_file); + } } exit 0; diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/node.def new file mode 100644 index 00000000..f90c20db --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/node.def @@ -0,0 +1,3 @@ +help: Configure Virtual Router Redundancy Protocol (VRRP) parameters + +end:expression: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action update --intf $VAR(../../@).$VAR(../@) " diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.def new file mode 100644 index 00000000..d87ad6b7 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.def @@ -0,0 +1,8 @@ +tag: +type: u32 +syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 255; "VRRP group must be between 1-255" +commit:expression: $VAR(virtual-address/) != ""; "Must define the virtual-address for vrrp-group $VAR(@)" +help: Set VRRP group number +delete:expression: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action delete --intf $VAR(../../../@).$VAR(../../@) --group $VAR(@) " +comp_help: possible completions + <1-255> VRRP group number diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def new file mode 100644 index 00000000..59f2b451 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def @@ -0,0 +1,6 @@ +type: u32 +default: 1 +help: Set advertise interval +syntax:expression: $VAR(@) >= 1 && $VAR(@) <=255; "Advertise interval must be between 1-255" +comp_help: possible completions + <1-255> Set advertise interval (default 1) diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def new file mode 100644 index 00000000..adf78b3f --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def @@ -0,0 +1,3 @@ +help: Set authentication +commit:expression: $VAR(./type/@) != ""; "You must set a authentication type" +commit:expression: $VAR(./password/@) != ""; "You must set a authentication password" diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def new file mode 100644 index 00000000..9bd2e98d --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def @@ -0,0 +1,9 @@ +type: txt +help: Set password +syntax:expression: exec " \ + if [ `echo -n $VAR(@) | wc -c` -gt 8 ]; then \ + echo Password must be 8 characters or less ; \ + exit 1 ; \ + fi ; " +comp_help: possible completions: + Password (8 characters or less) diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def new file mode 100644 index 00000000..7155495d --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def @@ -0,0 +1,7 @@ +type: txt +help: Set authentication type +syntax:expression: $VAR(@) in "plaintext-password", "ah"; \ + "authentication must be plaintext-password or ah" +comp_help: possible completions: + plaintext-password Set plain text password mode + ah Set IP Authentication Header mode diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/description/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/description/node.def new file mode 100644 index 00000000..aeb40f0b --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: Set description for this interface diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/disable/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/disable/node.def new file mode 100644 index 00000000..916e313b --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/disable/node.def @@ -0,0 +1 @@ +help: Set VRRP group disabled diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def new file mode 100644 index 00000000..edb0d58a --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def @@ -0,0 +1,6 @@ +type: ipv4 + +help: Set hello-source-address + +comp_help: possible completions: + Set source address for vrrp hello packets (optional) diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def new file mode 100644 index 00000000..1638624e --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def @@ -0,0 +1,6 @@ +type: u32 +syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 1000; \ + "preempt-delay must be between 0-1000" +help: Set preempt-delay +comp_help: possible completions: + <0-1000> Set Preempt Delay in seconds diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def new file mode 100644 index 00000000..7b3b9cbd --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def @@ -0,0 +1,7 @@ +type: txt +help: Set preempt mode (default: true) +default: "true" +syntax:expression: $VAR(@) in "true", "false"; "preempt must be true or false" +comp_help: possible completions: + true (default) + false diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/priority/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/priority/node.def new file mode 100644 index 00000000..54de02c7 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/priority/node.def @@ -0,0 +1,5 @@ +type: u32 +syntax:expression: $VAR(@) >= 0 &&$VAR(@) <= 255; "priority must be between 1-255" +help: Set priority +comp_help: possible completions: + <1-255> Set Priority diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def new file mode 100644 index 00000000..44be2a7f --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def @@ -0,0 +1,4 @@ +help: Set an executable script to run on VRRP state-transition to backup +type: txt +syntax:expression: exec "[ -x $VAR(@) ] || exit 1"; "Backup Script should be an existing executable" + diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def new file mode 100644 index 00000000..9f2557b3 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def @@ -0,0 +1,4 @@ +help: Set an executable script to run on VRRP state-transition to fault +type: txt +syntax:expression: exec "[ -x $VAR(@) ] || exit 1"; "Fault Script should be an existing executable" + diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def new file mode 100644 index 00000000..7f7d8895 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def @@ -0,0 +1,4 @@ +help: Set an executable script to run on VRRP state-transition to master +type: txt +syntax:expression: exec "[ -x $VAR(@) ] || exit 1"; "Master Script should be an existing executable" + diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def new file mode 100644 index 00000000..ed959156 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def @@ -0,0 +1,2 @@ +help: Set scripts to run on VRRP state-transitions + diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def new file mode 100644 index 00000000..9602a842 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def @@ -0,0 +1,2 @@ +type: txt +help: Set to add this vrrp group to a sync group diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def new file mode 100644 index 00000000..176287aa --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def @@ -0,0 +1,22 @@ +multi: +type: txt +help: Set virtual address + +syntax:expression: exec "/opt/vyatta/sbin/vyatta-keepalived.pl \ + --vrrp-action='check-vip' --vip='$VAR(@)' "\ + ; "Invalid virtual-address [$VAR(@)] for vrrp-group $VAR(../@)" + +syntax:expression: exec " + if echo '$VAR(@)' | grep -q '/' ; then + if /opt/vyatta/sbin/vyatta-interfaces.pl \ + --valid-addr $VAR(@) --dev $VAR(../../../@) ; then + exit 0 + else + echo Invalid vrrp virtual-address [$VAR(@)] for vrrp-group $VAR(../@) + exit 1 + fi + fi" + +comp_help: possible completions: + Virtual IP address (up to 20 per group) + Virtual IP address with prefix (up to 20 per group) diff --git a/templates/interfaces/bonding/node.tag/vrrp/node.def b/templates/interfaces/bonding/node.tag/vrrp/node.def new file mode 100644 index 00000000..fc9bd82e --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/node.def @@ -0,0 +1,3 @@ +help: Configure Virtual Router Redundancy Protocol (VRRP) + +end:expression: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action update --intf $VAR(../@) " diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.def new file mode 100644 index 00000000..a3ce1395 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.def @@ -0,0 +1,8 @@ +tag: +type: u32 +syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 255; "VRRP group must be between 1-255" +commit:expression: $VAR(virtual-address/) != ""; "Must define the virtual-address for vrrp-group $VAR(@)" +help: Set VRRP group number +delete:expression: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action delete --intf $VAR(../../@) --group $VAR(@) " +comp_help: possible completions + <1-255> VRRP group number diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def new file mode 100644 index 00000000..59f2b451 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def @@ -0,0 +1,6 @@ +type: u32 +default: 1 +help: Set advertise interval +syntax:expression: $VAR(@) >= 1 && $VAR(@) <=255; "Advertise interval must be between 1-255" +comp_help: possible completions + <1-255> Set advertise interval (default 1) diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def new file mode 100644 index 00000000..adf78b3f --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def @@ -0,0 +1,3 @@ +help: Set authentication +commit:expression: $VAR(./type/@) != ""; "You must set a authentication type" +commit:expression: $VAR(./password/@) != ""; "You must set a authentication password" diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def new file mode 100644 index 00000000..9bd2e98d --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def @@ -0,0 +1,9 @@ +type: txt +help: Set password +syntax:expression: exec " \ + if [ `echo -n $VAR(@) | wc -c` -gt 8 ]; then \ + echo Password must be 8 characters or less ; \ + exit 1 ; \ + fi ; " +comp_help: possible completions: + Password (8 characters or less) diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def new file mode 100644 index 00000000..687c6af6 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def @@ -0,0 +1,7 @@ +type: txt +help: Set authentication type +syntax:expression: $VAR(@) in "plaintext-password", "ah"; \ + "authentication must be plaintext-password or ah" +comp_help: possible completions: + plaintext-password Set plain text password mode + ah Set IP Authentication Header mode diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/description/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/description/node.def new file mode 100644 index 00000000..aeb40f0b --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: Set description for this interface diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/disable/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/disable/node.def new file mode 100644 index 00000000..916e313b --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/disable/node.def @@ -0,0 +1 @@ +help: Set VRRP group disabled diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def new file mode 100644 index 00000000..edb0d58a --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def @@ -0,0 +1,6 @@ +type: ipv4 + +help: Set hello-source-address + +comp_help: possible completions: + Set source address for vrrp hello packets (optional) diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def new file mode 100644 index 00000000..1638624e --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def @@ -0,0 +1,6 @@ +type: u32 +syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 1000; \ + "preempt-delay must be between 0-1000" +help: Set preempt-delay +comp_help: possible completions: + <0-1000> Set Preempt Delay in seconds diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def new file mode 100644 index 00000000..4ed282ed --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def @@ -0,0 +1,7 @@ +type: txt +help: Set preempt mode +default: "true" +syntax:expression: $VAR(@) in "true", "false"; "preempt must be true or false" +comp_help: possible completions: + true (default) + false diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/priority/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/priority/node.def new file mode 100644 index 00000000..54de02c7 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/priority/node.def @@ -0,0 +1,5 @@ +type: u32 +syntax:expression: $VAR(@) >= 0 &&$VAR(@) <= 255; "priority must be between 1-255" +help: Set priority +comp_help: possible completions: + <1-255> Set Priority diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def new file mode 100644 index 00000000..44be2a7f --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def @@ -0,0 +1,4 @@ +help: Set an executable script to run on VRRP state-transition to backup +type: txt +syntax:expression: exec "[ -x $VAR(@) ] || exit 1"; "Backup Script should be an existing executable" + diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def new file mode 100644 index 00000000..9f2557b3 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def @@ -0,0 +1,4 @@ +help: Set an executable script to run on VRRP state-transition to fault +type: txt +syntax:expression: exec "[ -x $VAR(@) ] || exit 1"; "Fault Script should be an existing executable" + diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def new file mode 100644 index 00000000..7f7d8895 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def @@ -0,0 +1,4 @@ +help: Set an executable script to run on VRRP state-transition to master +type: txt +syntax:expression: exec "[ -x $VAR(@) ] || exit 1"; "Master Script should be an existing executable" + diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def new file mode 100644 index 00000000..3abc1696 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def @@ -0,0 +1,2 @@ +help: Set scripts for VRRP state-transitions + diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def new file mode 100644 index 00000000..9602a842 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def @@ -0,0 +1,2 @@ +type: txt +help: Set to add this vrrp group to a sync group diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def new file mode 100644 index 00000000..176287aa --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def @@ -0,0 +1,22 @@ +multi: +type: txt +help: Set virtual address + +syntax:expression: exec "/opt/vyatta/sbin/vyatta-keepalived.pl \ + --vrrp-action='check-vip' --vip='$VAR(@)' "\ + ; "Invalid virtual-address [$VAR(@)] for vrrp-group $VAR(../@)" + +syntax:expression: exec " + if echo '$VAR(@)' | grep -q '/' ; then + if /opt/vyatta/sbin/vyatta-interfaces.pl \ + --valid-addr $VAR(@) --dev $VAR(../../../@) ; then + exit 0 + else + echo Invalid vrrp virtual-address [$VAR(@)] for vrrp-group $VAR(../@) + exit 1 + fi + fi" + +comp_help: possible completions: + Virtual IP address (up to 20 per group) + Virtual IP address with prefix (up to 20 per group) -- cgit v1.2.3 From f197d4eebd25f3bcbd0f6b5589ce9370a2f501da Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Sun, 1 Nov 2009 10:02:49 -0800 Subject: Convert keepalived to use Interface infrastructure. --- scripts/keepalived/vyatta-clear-vrrp.pl | 65 ++++-------- scripts/keepalived/vyatta-keepalived.pl | 176 +++++++++----------------------- scripts/keepalived/vyatta-show-vrrp.pl | 24 ++--- scripts/keepalived/vyatta-vrrp-state.pl | 6 +- 4 files changed, 84 insertions(+), 187 deletions(-) diff --git a/scripts/keepalived/vyatta-clear-vrrp.pl b/scripts/keepalived/vyatta-clear-vrrp.pl index ba5d569b..3a9733ed 100644 --- a/scripts/keepalived/vyatta-clear-vrrp.pl +++ b/scripts/keepalived/vyatta-clear-vrrp.pl @@ -25,6 +25,9 @@ use lib '/opt/vyatta/share/perl5/'; use Vyatta::Keepalived; +use Vyatta::Interface; +use Vyatta::Misc; + use Getopt::Long; use Sys::Syslog qw(:standard :macros); @@ -108,51 +111,23 @@ sub get_vrrp_intf_group { # # return an array of hashes that contains all the intf/group pairs # - - foreach my $type (("ethernet", "bonding")) { - - my $config = new Vyatta::Config; - $config->setLevel("interfaces $type"); - my @eths = $config->listOrigNodes(); - foreach my $eth (@eths) { - my $path = "interfaces $type $eth"; - $config->setLevel($path); - if ($config->existsOrig("vrrp")) { - $path = "$path vrrp vrrp-group"; - $config->setLevel($path); - my @groups = $config->listOrigNodes(); - foreach my $group (@groups) { - my %hash; - $hash{'intf'} = $eth; - $hash{'group'} = $group; - $hash{'path'} = "$path $group"; - push @array, {%hash}; - } - } - - $path = "interfaces $type $eth"; + my $config = new Vyatta::Config; + + foreach my $name ( getInterfaces() ) { + my $intf = new Vyatta::Interface($name); + next unless $intf; + my $path = $intf->path(); + $config->setLevel($path); + if ($config->existsOrig('vrrp')) { + $path = "$path vrrp vrrp-group"; $config->setLevel($path); - if ($config->existsOrig('vif')) { - my $path = "$path vif"; - $config->setLevel($path); - my @vifs = $config->listOrigNodes(); - foreach my $vif (@vifs) { - my $vif_intf = $eth . '.' . $vif; - my $vif_path = "$path $vif"; - $config->setLevel($vif_path); - if ($config->existsOrig('vrrp')) { - $vif_path = "$vif_path vrrp vrrp-group"; - $config->setLevel($vif_path); - my @groups = $config->listOrigNodes(); - foreach my $group (@groups) { - my %hash; - $hash{'intf'} = $vif_intf; - $hash{'group'} = $group; - $hash{'path'} = "$path $group"; - push @array, {%hash}; - } - } - } + my @groups = $config->listOrigNodes(); + foreach my $group (@groups) { + my %hash; + $hash{'intf'} = $name; + $hash{'group'} = $group; + $hash{'path'} = "$path $group"; + push @array, {%hash}; } } } @@ -207,7 +182,7 @@ my $login = getlogin(); # # clear_process # -if ($action eq "clear_process") { +if ($action eq 'clear_process') { syslog('warning', "clear vrrp process requested by $login"); if (Vyatta::Keepalived::is_running()) { print "Restarting VRRP...\n"; diff --git a/scripts/keepalived/vyatta-keepalived.pl b/scripts/keepalived/vyatta-keepalived.pl index 842f8bc3..e87c9f64 100755 --- a/scripts/keepalived/vyatta-keepalived.pl +++ b/scripts/keepalived/vyatta-keepalived.pl @@ -235,65 +235,30 @@ sub vrrp_find_changes { my $config = new Vyatta::Config; my $vrrp_instances = 0; - foreach my $type (("ethernet", "bonding")) { - - $config->setLevel("interfaces $type"); - my @eths = $config->listNodes(); - foreach my $eth (@eths) { - my $path = "interfaces $type $eth"; - $config->setLevel($path); - if ($config->exists("vrrp")) { - my %vrrp_status_hash = $config->listNodeStatus("vrrp"); - my ($vrrp, $vrrp_status) = each(%vrrp_status_hash); - if ($vrrp_status ne "static") { - push @list, $eth; - vrrp_log("$vrrp_status found $eth"); - } - } - if ($config->exists("vif")) { - my $path = "interfaces $type $eth vif"; - $config->setLevel($path); - my @vifs = $config->listNodes(); - foreach my $vif (@vifs) { - my $vif_intf = $eth . "." . $vif; - my $vif_path = "$path $vif"; - $config->setLevel($vif_path); - if ($config->exists("vrrp")) { - my %vrrp_status_hash = $config->listNodeStatus("vrrp"); - my ($vrrp, $vrrp_status) = each(%vrrp_status_hash); - if ($vrrp_status ne "static") { - push @list, "$eth.$vif"; - vrrp_log("$vrrp_status found $eth.$vif"); - } - } - } + foreach my $name ( getInterfaces() ) { + my $intf = new Vyatta::Interface($name); + next unless $intf; + my $path = $intf->path(); + $config->setLevel($path); + if ($config->exists("vrrp")) { + my %vrrp_status_hash = $config->listNodeStatus("vrrp"); + my ($vrrp, $vrrp_status) = each(%vrrp_status_hash); + if ($vrrp_status ne "static") { + push @list, $name; + vrrp_log("$vrrp_status found $name"); } } # # Now look for deleted from the origin tree # - $config->setLevel("interfaces $type"); - @eths = $config->listOrigNodes(); - foreach my $eth (@eths) { - my $path = "interfaces $type $eth"; - $config->setLevel($path); - if ($config->isDeleted("vrrp")) { - push @list, $eth; - vrrp_log("Delete found $eth"); - } - $config->setLevel("$path vif"); - my @vifs = $config->listOrigNodes(); - foreach my $vif (@vifs) { - my $vif_intf = $eth . "." . $vif; - my $vif_path = "$path vif $vif"; - $config->setLevel($vif_path); - if ($config->isDeleted("vrrp")) { - push @list, "$eth.$vif"; - vrrp_log("Delete found $eth.$vif"); - } - } + $config->setLevel($path); + if ($config->isDeleted("vrrp")) { + push @list, $name; + vrrp_log("Delete found $name"); } + + } my $num = scalar(@list); @@ -344,51 +309,28 @@ sub vrrp_update_config { my $config = new Vyatta::Config; my $vrrp_instances = 0; - for my $type (("ethernet", "bonding")) { - - $config->setLevel("interfaces $type"); - my @eths = $config->listNodes(); - foreach my $eth (@eths) { - my $path = "interfaces $type $eth"; - $config->setLevel($path); - if ($config->exists("vrrp")) { - my ($inst_output, @inst_errs) = - keepalived_get_values($eth, $path); - if (scalar(@inst_errs)) { - push @errs, @inst_errs; - } else { - $output .= $inst_output; - $vrrp_instances++; - } + foreach my $name ( getInterfaces() ) { + my $intf = new Vyatta::Interface($name); + next unless $intf; + my $path = $intf->path(); + $config->setLevel($path); + if ($config->exists("vrrp")) { + # + # keepalived gets real grumpy with interfaces that + # don't exist, so skip vlans that haven't been + # instantiated yet (typically occurs at boot up). + # + if (!(-d "/sys/class/net/$name")) { + push @errs, "$name doesn't exist"; + next; } - if ($config->exists("vif")) { - my $path = "interfaces $type $eth vif"; - $config->setLevel($path); - my @vifs = $config->listNodes(); - foreach my $vif (@vifs) { - my $vif_path = "$path $vif"; - $config->setLevel($vif_path); - if ($config->exists("vrrp")) { - # - # keepalived gets real grumpy with interfaces that - # don't exist, so skip vlans that haven't been - # instantiated yet (typically occurs at boot up). - # - my $vif_intf = $eth . "." . $vif; - if (!(-d "/sys/class/net/$vif_intf")) { - push @errs, "vlan doesn't exist $vif_intf"; - next; - } - my ($inst_output, @inst_errs) = - keepalived_get_values($vif_intf, $vif_path); - if (scalar(@inst_errs)) { - push @errs, @inst_errs; - } else { - $output .= $inst_output; - $vrrp_instances++; - } - } - } + my ($inst_output, @inst_errs) = + keepalived_get_values($name, $path); + if (scalar(@inst_errs)) { + push @errs, @inst_errs; + } else { + $output .= $inst_output; + $vrrp_instances++; } } } @@ -415,27 +357,14 @@ sub list_vrrp_intf { my $config = new Vyatta::Config; my @intfs = (); - foreach my $type (("ethernet", "bonding")) { - - $config->setLevel("interfaces $type"); - my @eths = $config->listOrigNodes(); - foreach my $eth (@eths) { - my $path = "interfaces $type $eth"; - $config->setLevel($path); - push @intfs, $eth if $config->existsOrig("vrrp"); - if ($config->existsOrig("vif")) { - my $path = "interfaces $type $eth vif"; - $config->setLevel($path); - my @vifs = $config->listOrigNodes(); - foreach my $vif (@vifs) { - my $vif_intf = $eth . "." . $vif; - my $vif_path = "$path $vif"; - $config->setLevel($vif_path); - push @intfs, $vif_intf if $config->existsOrig("vrrp"); - } - } - } + foreach my $name ( getInterfaces() ) { + my $intf = new Vyatta::Interface($name); + next unless $intf; + my $path = $intf->path(); + $config->setLevel($path); + push @intfs, $name if $config->existsOrig("vrrp"); } + return @intfs; } @@ -443,17 +372,10 @@ sub list_vrrp_group { my ($name) = @_; my $config = new Vyatta::Config; my $path; - if ($name =~ /bond/) { - $path = "interfaces bonding $name"; - if ($name =~ /(bond\d+)\.(\d+)/) { - $path = "interfaces bonding $1 vif $2"; - } - } else { - $path = "interfaces ethernet $name"; - if ($name =~ /(eth\d+)\.(\d+)/) { - $path = "interfaces ethernet $1 vif $2"; - } - } + + my $intf = new Vyatta::Interface($name); + next unless $intf; + $path = $intf->path(); $path .= " vrrp vrrp-group"; $config->setLevel($path); my @groups = $config->listOrigNodes(); diff --git a/scripts/keepalived/vyatta-show-vrrp.pl b/scripts/keepalived/vyatta-show-vrrp.pl index 5ec2e8ad..521abc7f 100755 --- a/scripts/keepalived/vyatta-show-vrrp.pl +++ b/scripts/keepalived/vyatta-show-vrrp.pl @@ -24,6 +24,7 @@ # use lib "/opt/vyatta/share/perl5/"; use Vyatta::Keepalived; +use Vyatta::Interface; use strict; use warnings; @@ -65,23 +66,22 @@ sub elapse_time { } sub get_state_link { - my $intf = shift; + my $intf_name = shift; - my $IFF_UP = 0x1; + my $intf = new Vyatta::Interface($intf_name); + die "Unknown interface [$intf_name]" unless $intf; + my ($state, $link); - my $flags = `cat /sys/class/net/$intf/flags 2> /dev/null`; - my $carrier = `cat /sys/class/net/$intf/carrier 2> /dev/null`; - chomp $flags; chomp $carrier; - my $hex_flags = hex($flags); - if ($hex_flags & $IFF_UP) { - $state = "up"; + if ($intf->up()) { + $state = 'up'; } else { - $state = "admin down"; + $state = 'admin down'; } - if ($carrier eq "1") { - $link = "up"; + + if ($intf->carrier()) { + $link = 'up'; } else { - $link = "down"; + $link = 'down'; } return ($state, $link); } diff --git a/scripts/keepalived/vyatta-vrrp-state.pl b/scripts/keepalived/vyatta-vrrp-state.pl index 930c7cd0..9bb54a0c 100755 --- a/scripts/keepalived/vyatta-vrrp-state.pl +++ b/scripts/keepalived/vyatta-vrrp-state.pl @@ -66,10 +66,10 @@ if (defined $old_state and $vrrp_state eq $old_state) { Vyatta::Keepalived::vrrp_log("$vrrp_intf $vrrp_group transition to $vrrp_state"); vrrp_state_log($vrrp_state, $vrrp_intf, $vrrp_group); -if ($vrrp_state eq "backup") { +if ($vrrp_state eq 'backup') { Vyatta::Keepalived::snoop_for_master($vrrp_intf, $vrrp_group, $vrrp_vips[0], 60); -} elsif ($vrrp_state eq "master") { +} elsif ($vrrp_state eq 'master') { # # keepalived will send gratuitous arp requests on master transition # but some hosts do not update their arp cache for gratuitous arp @@ -87,7 +87,7 @@ if ($vrrp_state eq "backup") { system("rm -f $mfile"); } -if (!($vrrp_transitionscript eq "null")){ +if (!($vrrp_transitionscript eq 'null')){ exec("$vrrp_transitionscript"); } -- cgit v1.2.3 From efc366d3baf0161ab736a44cfabf00dd38905d9e Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Sun, 1 Nov 2009 10:05:21 -0800 Subject: Add priority for bonding vrrp nodes. --- templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/node.def | 2 ++ templates/interfaces/bonding/node.tag/vrrp/node.def | 2 ++ 2 files changed, 4 insertions(+) diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/node.def index f90c20db..47aceb53 100644 --- a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/node.def +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/node.def @@ -1,3 +1,5 @@ help: Configure Virtual Router Redundancy Protocol (VRRP) parameters +priority: 800 + end:expression: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action update --intf $VAR(../../@).$VAR(../@) " diff --git a/templates/interfaces/bonding/node.tag/vrrp/node.def b/templates/interfaces/bonding/node.tag/vrrp/node.def index fc9bd82e..adeb0564 100644 --- a/templates/interfaces/bonding/node.tag/vrrp/node.def +++ b/templates/interfaces/bonding/node.tag/vrrp/node.def @@ -1,3 +1,5 @@ help: Configure Virtual Router Redundancy Protocol (VRRP) +priority: 800 + end:expression: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action update --intf $VAR(../@) " -- cgit v1.2.3 From 2fe988d11ef39bab3351fed3e9df341c94c5773d Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Sun, 1 Nov 2009 11:27:52 -0800 Subject: Fix interface carrier status. --- scripts/keepalived/vyatta-show-vrrp.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/keepalived/vyatta-show-vrrp.pl b/scripts/keepalived/vyatta-show-vrrp.pl index 521abc7f..545e0e5c 100755 --- a/scripts/keepalived/vyatta-show-vrrp.pl +++ b/scripts/keepalived/vyatta-show-vrrp.pl @@ -78,7 +78,7 @@ sub get_state_link { $state = 'admin down'; } - if ($intf->carrier()) { + if ($intf->carrier() == 1) { $link = 'up'; } else { $link = 'down'; -- cgit v1.2.3 From 68b78c10964589e1d8bff35403e6d9b8e2d7378d Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Sun, 1 Nov 2009 12:43:24 -0800 Subject: Fix 'show vrrp summary' showing last vip 1st --- scripts/keepalived/vyatta-show-vrrp.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/keepalived/vyatta-show-vrrp.pl b/scripts/keepalived/vyatta-show-vrrp.pl index 545e0e5c..d23d0472 100755 --- a/scripts/keepalived/vyatta-show-vrrp.pl +++ b/scripts/keepalived/vyatta-show-vrrp.pl @@ -188,7 +188,7 @@ sub vrrp_showsummary { my ($primary_addr, $priority, $preempt, $advert_int, $auth_type, @vips) = Vyatta::Keepalived::vrrp_get_config($intf, $group); my $format = "\n%-16s%-8s%-8s%-16s%-16s%-16s"; - my $vip = pop @vips; + my $vip = shift @vips; printf($format, $intf, $group, 'vip', $vip, $link, $state); foreach my $vip (@vips){ printf("\n%-24s%-8s%-16s", ' ', 'vip', $vip); -- cgit v1.2.3 From 8856e639e86ff6da29d7d8e7b4003dd8c585afaf Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Sun, 1 Nov 2009 14:19:45 -0800 Subject: Using Interface.pm infrastructure to detect vif on eth|bond interface. --- scripts/keepalived/vyatta-show-vrrp.pl | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/scripts/keepalived/vyatta-show-vrrp.pl b/scripts/keepalived/vyatta-show-vrrp.pl index d23d0472..bcc6ca29 100755 --- a/scripts/keepalived/vyatta-show-vrrp.pl +++ b/scripts/keepalived/vyatta-show-vrrp.pl @@ -96,7 +96,7 @@ sub parse_arping { my @lines = <$FD>; close $FD; - my $mac = ''; + my $mac = undef; foreach my $line (@lines) { # regex for xx:xx:xx:xx:xx:xx if ($line =~ /(([0-9A-Fa-f]{1,2}:){5}[0-9A-Fa-f]{1,2})/) { @@ -128,11 +128,13 @@ sub get_master_info { my $arp_file = "$master_file.arp"; my $source_ip = (vrrp_get_config($intf, $group))[0]; - # arping doesn't seem to work for vlans - if ($intf =~ /(eth\d+|bond\d+).\d+/) { - $intf = $1; + my $interface = new Vyatta::Interface($intf); + my $arp_intf = $intf; + if ($interface->vif()) { + $arp_intf = $interface->physicalDevice(); } - system("/usr/bin/arping -c1 -f -I $intf -s $source_ip $vip > $arp_file"); + my $cmd = "/usr/bin/arping -c1 -f -I $arp_intf -s $source_ip $vip"; + system("$cmd > $arp_file"); my $arp_mac = parse_arping($arp_file); if ( ! -f $master_file) { @@ -149,7 +151,7 @@ sub get_master_info { $master_mac =~ /show=\"(([0-9A-Fa-f]{1,2}:){5}[0-9A-Fa-f]{1,2})/) { $master_mac = uc($1); - if ($arp_mac ne $master_mac) { + if (defined($arp_mac) and ($arp_mac ne $master_mac)) { Vyatta::Keepalived::snoop_for_master($intf, $group, $vip, 2); $master_ip = `grep ip.src $master_file 2> /dev/null`; } @@ -172,7 +174,7 @@ sub get_master_info { $priority = "unknown"; } - return ($master_ip, $priority, $arp_mac); + return ($master_ip, $priority, $master_mac); } else { return ('unknown', 'unknown', ''); } -- cgit v1.2.3 From 56339a193bb7e94667e12e97f98937e4544e4158 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Sun, 1 Nov 2009 14:59:30 -0800 Subject: 0.15.95 --- debian/changelog | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/debian/changelog b/debian/changelog index fba566b7..c4c1a0aa 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,19 @@ +vyatta-cfg-system (0.15.95) unstable; urgency=low + + [ David S. Madole ] + * Add VRRP capability to bonding interfaces and vifs of bonding + interfaces. + + [ Stig Thormodsrud ] + * Convert keepalived to use Interface infrastructure. + * Add priority for bonding vrrp nodes. + * Fix interface carrier status. + * Fix 'show vrrp summary' showing last vip 1st + * Using Interface.pm infrastructure to detect vif on eth|bond + interface. + + -- Stig Thormodsrud Sun, 01 Nov 2009 14:59:29 -0800 + vyatta-cfg-system (0.15.94) unstable; urgency=low [ An-Cheng Huang ] -- cgit v1.2.3 From d07ddbc5b98f739bebc8fd7ecdf2a6a6fe5d8375 Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Mon, 2 Nov 2009 15:46:37 -0800 Subject: use top-level pid for progress indicator --- scripts/install/install-functions | 14 ++++++++------ scripts/install/install-image | 24 ++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 8 deletions(-) diff --git a/scripts/install/install-functions b/scripts/install/install-functions index 3bdc1fde..29707dff 100755 --- a/scripts/install/install-functions +++ b/scripts/install/install-functions @@ -43,18 +43,20 @@ VYATTA_CFG_DIR=${vyatta_sysconfdir}/config # the floppy config dir FD_CFG_DIR=/media/floppy/config -# Process ID for progress_indicator -SPID=$$ - +# PROGRESS_PID can be exported by top-level script progress_indicator () { + local spid=$PROGRESS_PID + if [ -z "$spid" ]; then + spid=$$ + fi case "$1" in start) - $vyatta_bindir/progress-indicator $SPID & + $vyatta_bindir/progress-indicator $spid & ;; *) - if ! rm /tmp/pi.$SPID 2>/dev/null; then + if ! rm /tmp/pi.$spid 2>/dev/null; then sleep 1 - rm /tmp/pi.$SPID 2>/dev/null + rm /tmp/pi.$spid 2>/dev/null fi sleep 1 echo -n -e "\b" diff --git a/scripts/install/install-image b/scripts/install/install-image index 0bf31a00..6ed0f732 100755 --- a/scripts/install/install-image +++ b/scripts/install/install-image @@ -5,6 +5,8 @@ source /opt/vyatta/sbin/install-functions # export INSTALL_LOG for the scripts invoked export INSTALL_LOG=/tmp/install-$$.log +# export PROGRESS_PID for the scripts invoked +export PROGRESS_PID=$$ # file for get-partition output PART_FILE='' @@ -114,12 +116,30 @@ fi trap sig_handler INT KILL trap exit_handler EXIT +cat < Date: Mon, 2 Nov 2009 17:11:15 -0800 Subject: Don't want/need --package option to pam-auth-update --- lib/Vyatta/Login/RadiusServer.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/Vyatta/Login/RadiusServer.pm b/lib/Vyatta/Login/RadiusServer.pm index 43f78f90..f8b67830 100644 --- a/lib/Vyatta/Login/RadiusServer.pm +++ b/lib/Vyatta/Login/RadiusServer.pm @@ -29,12 +29,12 @@ my $PAM_RAD_END = '# END Vyatta Radius servers'; sub remove_pam_radius { return system("sudo DEBIAN_FRONTEND=noninteractive" - . " pam-auth-update --package --remove radius") == 0; + . " pam-auth-update --remove radius") == 0; } sub add_pam_radius { return system("sudo DEBIAN_FRONTEND=noninteractive" - . " pam-auth-update --package --add radius") == 0; + . " pam-auth-update radius") == 0; } sub update { -- cgit v1.2.3 From 6ddbdaeb4557c04e6ad5c86f7ced922685634851 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 2 Nov 2009 17:13:37 -0800 Subject: Reset PAM configuration on boot Bug 5084 Need to remove radius (and any other) PAM customizations on reboot. --- scripts/rl-system.init | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/rl-system.init b/scripts/rl-system.init index 3ca02ed2..2cca5d98 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -169,6 +169,11 @@ setup_ntp_config_file () { log_failure_msg "NTP template config file doesn\'t exist" fi } + +# restore PAM back to virgin state (no radius other services) +pam_reset () { + DEBIAN_FRONTEND=noninteractive pam-auth-update unix +} start () { udev_rescan @@ -182,6 +187,7 @@ start () { sysctl -q -e -p /opt/vyatta/etc/vyatta-sysctl.conf || log_failure_msg "can\'t configure kernel settings" set_ipv6_params + pam_reset update_version_info ## Clear out apt config file--it will be filled in by rtrmgr -- cgit v1.2.3 From 403bb750a20b84800fbbd4d18156b11840b65ee4 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 2 Nov 2009 17:18:27 -0800 Subject: rename pam-radius to pam_radius.cfg Use a reasonable suffix for file type --- Makefile.am | 2 +- debian/vyatta-cfg-system.postinst.in | 2 +- sysconf/pam-radius | 12 ------------ sysconf/pam_radius.cfg | 12 ++++++++++++ 4 files changed, 14 insertions(+), 14 deletions(-) delete mode 100644 sysconf/pam-radius create mode 100644 sysconf/pam_radius.cfg diff --git a/Makefile.am b/Makefile.am index 29619127..99142777 100644 --- a/Makefile.am +++ b/Makefile.am @@ -70,7 +70,7 @@ sysconf_DATA += sysconf/securetty sysconf_DATA += sysconf/vyatta-sysctl.conf sysconf_DATA += sysconf/blacklist.DSA-1024 sysconf_DATA += sysconf/blacklist.RSA-2048 -sysconf_DATA += sysconf/pam-radius +sysconf_DATA += sysconf/pam_radius.cfg libudev_SCRIPTS = scripts/vyatta_net_name etcudev_DATA = sysconf/vyatta-net.rules diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 95fcd1ca..3a914f7f 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -149,7 +149,7 @@ update-rc.d -f ssh remove >/dev/null sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login # Install pamradius config (should come with radius client eventually) -cp $sysconfdir/pam-radius /usr/share/pam-configs/radius +cp $sysconfdir/pam_radius.cfg /usr/share/pam-configs/radius [ grep "blacklist.*snd-pcsp" >&/dev/null ] || echo "blacklist snd-pcsp" >>/etc/modprobe.d/blacklist diff --git a/sysconf/pam-radius b/sysconf/pam-radius deleted file mode 100644 index 0409dd44..00000000 --- a/sysconf/pam-radius +++ /dev/null @@ -1,12 +0,0 @@ -Name: Radius authentication -Default: no -Priority: 512 -Auth-Type: Primary -Auth: - [success=end default=ignore] pam_radius_auth.so try_first_pass -Auth-Initial: - [success=end default=ignore] pam_radius_auth.so -Account-Type: Primary -Account: - [success=end new_authtok_reqd=done default=ignore] pam_radius_auth.so try_first_pass - diff --git a/sysconf/pam_radius.cfg b/sysconf/pam_radius.cfg new file mode 100644 index 00000000..3b9d92fc --- /dev/null +++ b/sysconf/pam_radius.cfg @@ -0,0 +1,12 @@ +Name: Radius client +Default: yes +Priority: 512 +Auth-Type: Primary +Auth: + [success=end default=ignore] pam_radius_auth.so try_first_pass +Auth-Initial: + [success=end default=ignore] pam_radius_auth.so +Account-Type: Primary +Account: + [success=end new_authtok_reqd=done default=ignore] pam_radius_auth.so try_first_pass + -- cgit v1.2.3 From 4b6feb5e30012862b6a91578914ef2194d242f31 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 2 Nov 2009 17:28:17 -0800 Subject: 0.15.96 --- debian/changelog | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/debian/changelog b/debian/changelog index c4c1a0aa..4d6c8583 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +vyatta-cfg-system (0.15.96) unstable; urgency=low + + [ An-Cheng Huang ] + * use top-level pid for progress indicator + + [ Stephen Hemminger ] + * Don't want/need --package option to pam-auth-update + * Reset PAM configuration on boot + * rename pam-radius to pam_radius.cfg + + -- Stephen Hemminger Mon, 02 Nov 2009 17:28:17 -0800 + vyatta-cfg-system (0.15.95) unstable; urgency=low [ David S. Madole ] -- cgit v1.2.3 From a6ead18568860f4a574325198ecfe188c69eda28 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Mon, 2 Nov 2009 18:29:47 -0800 Subject: Fix 5063: committing "set interfaces ethernet <> bridge-group bridge <>" got "invalid variable reference (invalid format)" - need extra escape magic to call vyatta-cli-expand-var.pl. --- templates/interfaces/ethernet/node.tag/bond-group/node.def | 2 +- templates/interfaces/ethernet/node.tag/bridge-group/node.def | 2 +- .../interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/interfaces/ethernet/node.tag/bond-group/node.def b/templates/interfaces/ethernet/node.tag/bond-group/node.def index 7b6df036..c173ae3f 100644 --- a/templates/interfaces/ethernet/node.tag/bond-group/node.def +++ b/templates/interfaces/ethernet/node.tag/bond-group/node.def @@ -6,7 +6,7 @@ commit:expression: exec \ allowed: ${vyatta_sbindir}/vyatta-interfaces.pl --show=bonding -update: OLDG=`${vyatta_sbindir}/vyatta-cli-expand-var.pl \$\(/interfaces/ethernet/$VAR(../@)/bond-group/@\)` +update: OLDG=`${vyatta_sbindir}/vyatta-cli-expand-var.pl \\$VAR\(/interfaces/ethernet/$VAR(../@)/bond-group/@\)` if [ -n "$OLDG" ]; then sudo ${vyatta_sbindir}/vyatta-bonding.pl --dev=$OLDG --remove=$VAR(../@) fi diff --git a/templates/interfaces/ethernet/node.tag/bridge-group/node.def b/templates/interfaces/ethernet/node.tag/bridge-group/node.def index 5ea9da19..b30a9e10 100644 --- a/templates/interfaces/ethernet/node.tag/bridge-group/node.def +++ b/templates/interfaces/ethernet/node.tag/bridge-group/node.def @@ -2,7 +2,7 @@ help: Add this interface to a bridge group end: ethif=$VAR(../@) - oldbridge=`/opt/vyatta/sbin/vyatta-cli-expand-var.pl \$\(/interfaces/ethernet/$ethif/bridge-group/bridge/@\)` + oldbridge=`/opt/vyatta/sbin/vyatta-cli-expand-var.pl \\$VAR\(/interfaces/ethernet/$ethif/bridge-group/bridge/@\)` newbridge="$VAR(./bridge/@)" if [ ${COMMIT_ACTION} = 'SET' ]; then diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def index 0bade03a..e3645b1c 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def @@ -5,7 +5,7 @@ end: eth=$VAR(../../@) vif=$VAR(../@) ethif=$eth.$vif - oldbridge=`/opt/vyatta/sbin/vyatta-cli-expand-var.pl \$\(/interfaces/ethernet/$eth/vif/$vif/bridge-group/bridge/@\)` + oldbridge=`/opt/vyatta/sbin/vyatta-cli-expand-var.pl \\$VAR\(/interfaces/ethernet/$eth/vif/$vif/bridge-group/bridge/@\)` newbridge="$VAR(./bridge/@)" if [ ${COMMIT_ACTION} = 'SET' ]; then -- cgit v1.2.3 From 49b102957a187edbe813cb4d6f1131c45c7f2bf8 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Mon, 2 Nov 2009 18:31:22 -0800 Subject: 0.15.97 --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 4d6c8583..679ed013 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +vyatta-cfg-system (0.15.97) unstable; urgency=low + + * Fix 5063: committing "set interfaces ethernet <> bridge-group bridge + <>" got "invalid variable reference (invalid format)" + + -- Stig Thormodsrud Mon, 02 Nov 2009 18:31:22 -0800 + vyatta-cfg-system (0.15.96) unstable; urgency=low [ An-Cheng Huang ] -- cgit v1.2.3 From 3eb684b9cdbc92b700c8e69e33ddc299dc9cb810 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 3 Nov 2009 14:06:13 -0800 Subject: Remove blank line Causes pam-auth-update to barf Use of uninitialized value $3 in split at /usr/sbin/pam-auth-update line 620, line 19. Use of uninitialized value $curmod in quotemeta at /usr/sbin/pam-auth-update line 628, line 19. Use of uninitialized value $curmod in hash element at /usr/sbin/pam-auth-update line 650, line 19. Use of uninitialized value $curmod in hash element at /usr/sbin/pam-auth-update line 650, line 19. Use of uninitialized value $curmod in hash element at /usr/sbin/pam-auth-update line 650, line 19. Use of uninitialized value $curmod in hash element at /usr/sbin/pam-auth-update line 650, line 19. --- sysconf/pam_radius.cfg | 1 - 1 file changed, 1 deletion(-) diff --git a/sysconf/pam_radius.cfg b/sysconf/pam_radius.cfg index 3b9d92fc..edad3275 100644 --- a/sysconf/pam_radius.cfg +++ b/sysconf/pam_radius.cfg @@ -9,4 +9,3 @@ Auth-Initial: Account-Type: Primary Account: [success=end new_authtok_reqd=done default=ignore] pam_radius_auth.so try_first_pass - -- cgit v1.2.3 From a7ced175a0a86c58fd972528a765294a5dfae29f Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 3 Nov 2009 14:42:37 -0800 Subject: Fix pam-auth-update errors from radius --- sysconf/pam_radius.cfg | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/sysconf/pam_radius.cfg b/sysconf/pam_radius.cfg index edad3275..d6be04c3 100644 --- a/sysconf/pam_radius.cfg +++ b/sysconf/pam_radius.cfg @@ -3,9 +3,7 @@ Default: yes Priority: 512 Auth-Type: Primary Auth: - [success=end default=ignore] pam_radius_auth.so try_first_pass -Auth-Initial: - [success=end default=ignore] pam_radius_auth.so + sufficient pam_radius_auth.so use_first_pass Account-Type: Primary Account: - [success=end new_authtok_reqd=done default=ignore] pam_radius_auth.so try_first_pass + sufficient pam_radius_auth.so -- cgit v1.2.3 From 0a804e6ecd5138055f59668e7821c55f4a9cd1e1 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 5 Nov 2009 09:15:06 -0800 Subject: Move user configuration information to files 1. Complete migration of protected-users from hardcoded in User.pm to /opt/vyatta/etc/protected-user 2. Put mapping from level to group in file. --- Makefile.am | 2 + debian/vyatta-cfg-system.postinst.in | 6 ++- lib/Vyatta/Login/User.pm | 72 ++++++++++++++++++++++++------------ sysconf/level | 3 ++ sysconf/protected-user | 2 + 5 files changed, 59 insertions(+), 26 deletions(-) create mode 100644 sysconf/level create mode 100644 sysconf/protected-user diff --git a/Makefile.am b/Makefile.am index 99142777..df8c34b5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -70,6 +70,8 @@ sysconf_DATA += sysconf/securetty sysconf_DATA += sysconf/vyatta-sysctl.conf sysconf_DATA += sysconf/blacklist.DSA-1024 sysconf_DATA += sysconf/blacklist.RSA-2048 +sysconf_DATA += sysconf/protected-user +sysconf_DATA += sysconf/level sysconf_DATA += sysconf/pam_radius.cfg libudev_SCRIPTS = scripts/vyatta_net_name diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 3a914f7f..4809c4fe 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -118,6 +118,10 @@ EOF fi done + # Install pamradius config (should come with radius client eventually) + cp $sysconfdir/pam_radius.cfg /usr/share/pam-configs/radius + + cp $sysconfdir/level $sysconfdir/protected-user /opt/vyatta/etc fi # update crontab for logrotate @@ -148,8 +152,6 @@ update-rc.d -f ssh remove >/dev/null # for password sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login -# Install pamradius config (should come with radius client eventually) -cp $sysconfdir/pam_radius.cfg /usr/share/pam-configs/radius [ grep "blacklist.*snd-pcsp" >&/dev/null ] || echo "blacklist snd-pcsp" >>/etc/modprobe.d/blacklist diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm index f5e8337f..8c459850 100755 --- a/lib/Vyatta/Login/User.pm +++ b/lib/Vyatta/Login/User.pm @@ -19,6 +19,7 @@ use strict; use warnings; use lib "/opt/vyatta/share/perl5"; use Vyatta::Config; +use Vyatta::Login::Misc; # Exit codes form useradd.8 man page my %reasons = ( @@ -34,15 +35,6 @@ my %reasons = ( 13 => 'canĀ“t create mail spool', ); -# Map of level to additional groups -my %level_map = ( - 'admin' => [ 'quaggavty', 'vyattacfg', 'sudo', 'adm', 'dip', 'disk' ], - 'operator' => [ 'quaggavty', 'vyattaop', 'operator', 'adm', 'dip', ], -); - -# Users who MUST not use vbash -my @protected = ( 'root', 'www-data' ); - # Construct a map from existing users to group membership sub get_groups { my %group_map; @@ -60,28 +52,60 @@ sub get_groups { return \%group_map; } +my $levelFile = "/opt/vyatta/etc/level"; + +# Convert level to additional groups +sub _level2groups { + my $level = shift; + my @groups; + + open (my $f, '<', $levelFile) + or return; + + while (<$f>) { + chomp; + next unless $_; + + my ($l, $g) = split /:/; + if ($l eq $level) { + @groups = split(/,/, $g); + last; + } + } + close $f; + return @groups; +} + # protected users override file -my $protected_override = '/opt/vyatta/etc/protected-users'; +my $protected_users = '/opt/vyatta/etc/protected-user'; + +# Users who MUST not use vbash +sub _protected_users { + my @protected; + + open my $pfd, '<', $protected_users + or return; + + while (<$pfd>) { + chomp; + next unless $_; + + push @protected, $_; + } + close($pfd); + return @protected; +} + # make list of vyatta users (ie. users of vbash) sub _vyatta_users { my @vusers; - my %protected_override = (); - my $pfd; - if (open($pfd, '<', "$protected_override")) { - while (<$pfd>) { - next if (!defined($_)); - chomp; - $protected_override{$_} = 1; - } - close($pfd); - } + setpwent(); # ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell,$expire) # = getpw* while ( my ($name, undef, undef, undef, undef, undef, undef, undef, $shell) = getpwent() ) { - next if (defined($protected_override{$name})); push @vusers, $name if ($shell eq '/bin/vbash'); } endpwent(); @@ -120,7 +144,7 @@ sub update { } # map level to group membership - my @new_groups = @{ $level_map{$level} }; + my @new_groups = _level2groups($level); # add any additional groups from configuration push( @new_groups, $uconfig->returnValues('group') ); @@ -169,12 +193,12 @@ sub update { # Remove any vyatta users that do not exist in current configuration # This can happen if user added but configuration not saved - my %protected = map { $_ => 1 } @protected; + my %protected = map { $_ => 1 } _protected_users(); foreach my $user (_vyatta_users()) { if ($protected{$user}) { warn "User $user should not being using vbash - fixed\n"; system ("usermod -s /bin/bash $user") == 0 - or die "Attemp to modify user $user shell failed: $!"; + or die "Attempt to modify user $user shell failed: $!"; } elsif (! defined $users{$user}) { warn "User $user not listed in current configuration\n"; system ("userdel --remove $user") == 0 diff --git a/sysconf/level b/sysconf/level new file mode 100644 index 00000000..2acfa491 --- /dev/null +++ b/sysconf/level @@ -0,0 +1,3 @@ +admin:quaggavty,vyattacfg,sudo,adm,dip,disk +operator:quaggavty,vyattaop,operator,adm,dip + diff --git a/sysconf/protected-user b/sysconf/protected-user new file mode 100644 index 00000000..04a60974 --- /dev/null +++ b/sysconf/protected-user @@ -0,0 +1,2 @@ +root +www-data -- cgit v1.2.3 From 3b9d9d6c3f1ab9f5c5e69cbc7f37f498753072ba Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 5 Nov 2009 09:52:40 -0800 Subject: radius: only try first password if first module --- sysconf/pam_radius.cfg | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sysconf/pam_radius.cfg b/sysconf/pam_radius.cfg index d6be04c3..02ffc1c8 100644 --- a/sysconf/pam_radius.cfg +++ b/sysconf/pam_radius.cfg @@ -3,7 +3,9 @@ Default: yes Priority: 512 Auth-Type: Primary Auth: - sufficient pam_radius_auth.so use_first_pass + sufficient pam_radius_auth.so try_first_pass +Auth-Initial: + sufficient pam_radius_auth.so Account-Type: Primary Account: sufficient pam_radius_auth.so -- cgit v1.2.3 From 60fe4fbe1cd36ee60ae1882b3b6dad936572fcdc Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Thu, 5 Nov 2009 15:01:12 -0800 Subject: move custom script to custom repo --- scripts/install-image | 168 -------------------------------------------------- 1 file changed, 168 deletions(-) delete mode 100755 scripts/install-image diff --git a/scripts/install-image b/scripts/install-image deleted file mode 100755 index 201500e3..00000000 --- a/scripts/install-image +++ /dev/null @@ -1,168 +0,0 @@ -#!/bin/bash - -# this script installs a new release image into a running "union-installed" -# system to the new release. the specified image is a release ISO image. -# the script sets up a new union mount for the new release. a reboot is -# then required to boot into the newly installed release. - -NEW_ISO=$1 - -PI_ROOT='' -SQUASH_MOUNT='' -ISO_MOUNT='' -TMP_DIR='' - -vyatta_sysconfdir=/opt/vyatta/etc - -failure_exit () { - echo "$*" - exit 1 -} - -clean_up () { - if [ -n "$PI_ROOT" ] && [ -d "$PI_ROOT" ]; then - umount $PI_ROOT >&/dev/null || true - fi - if [ -n "$SQUASH_MOUNT" ] && [ -d "$SQUASH_MOUNT" ]; then - umount $SQUASH_MOUNT >&/dev/null || true - fi - if [ -n "$ISO_MOUNT" ] && [ -d "$ISO_MOUNT" ]; then - umount $ISO_MOUNT >&/dev/null || true - fi - if [ -n "$TMP_DIR" ] && [ -d "$TMP_DIR" ]; then - rm -rf $TMP_DIR - fi - PI_ROOT='' - SQUASH_MOUNT='' - ISO_MOUNT='' - TMP_DIR='' -} - -sig_handler () { - echo "ERROR: Signal received. Exiting..." - clean_up - echo "Done" - trap - EXIT - exit 1 -} - -exit_handler () { - echo "Exiting..." - clean_up - echo "Done" -} - -trap sig_handler INT KILL -trap exit_handler EXIT - -if [ `whoami` != 'root' ] ; then - failure_exit 'This script must be run with root privileges.' -fi - -# make sure it's a union-installed system -CURVER=$(sed -n 's/^Version \+: \+\([^ ]\+\)$/\1/p' \ - ${vyatta_sysconfdir}/version 2>/dev/null) -if [ -z "$CURVER" ]; then - failure_exit 'Cannot find current version.' -fi -if [ ! -d "/live/image/boot/$CURVER" ] \ - || ! grep -q ' /live/image ' /proc/mounts \ - || grep -q ' /live/image iso9660 ' /proc/mounts \ - || ! grep -q " /$CURVER.squashfs " /proc/mounts; then - failure_exit 'This script can only be used on a "union-installed" system.' -fi - -# check the ISO -if [ ! -f "$NEW_ISO" ] || ! (file $NEW_ISO | grep -q 9660); then - failure_exit "\"$NEW_ISO\" is not a valid ISO image file." -fi -TMP_DIR=$(mktemp -d /tmp/install-image.XXXXXX) \ - || failure_exit 'Failed to create temporary directory.' -ISO_MOUNT=$TMP_DIR/iso-mount -if ! mkdir $ISO_MOUNT || ! mount -o loop,ro "$NEW_ISO" $ISO_MOUNT; then - failure_exit 'Failed to mount ISO image.' -fi - -# check the squashfs image -SQUASH_FILE=$ISO_MOUNT/live/filesystem.squashfs -if [ ! -f "$SQUASH_FILE" ] || ! (file $SQUASH_FILE | grep -q Squashfs) \ - || ! grep -q '^ii vyatta-version ' $ISO_MOUNT/live/packages.txt; then - failure_exit "\"$NEW_ISO\" is not a Vyatta ISO image file." -fi -SQUASH_MOUNT=$TMP_DIR/squash-mount -if ! mkdir $SQUASH_MOUNT \ - || ! mount -o loop,ro "$SQUASH_FILE" $SQUASH_MOUNT; then - failure_exit 'Failed to mount squashfs image.' -fi - -# get version string -NEWVER=$(grep '^Version ' ${SQUASH_MOUNT}${vyatta_sysconfdir}/version \ - | tr -s ' ' | cut -d ' ' -f 3) -if [ -z "$NEWVER" ]; then - failure_exit 'Cannot find new release version.' -fi -if [ "$CURVER" == "$NEWVER" ]; then - failure_exit "Cannot install the same release version \"$NEWVER\"." -fi - -# start the install -echo "Installing \"$NEWVER\" release." - -# create the new release directories -REL_ROOT="/live/image/boot/$NEWVER" -RW_DIR="$REL_ROOT/live-rw" -if ! mkdir -p "$RW_DIR"; then - failure_exit 'Cannot create directory for new release.' -fi - -# copy the squashfs image and boot files -echo -n "Copying new release files..." -cp -p $SQUASH_FILE $REL_ROOT/$NEWVER.squashfs >&/dev/null -cp -p $SQUASH_MOUNT/boot/* $REL_ROOT/ >&/dev/null -echo " Done" - -# mount copied squashfs -umount $SQUASH_MOUNT -SQUASH_FILE=$REL_ROOT/$NEWVER.squashfs -if ! mount -o loop,ro "$SQUASH_FILE" $SQUASH_MOUNT; then - failure_exit 'Failed to mount new squashfs image.' -fi - -# set up root for postinst -PI_ROOT=$TMP_DIR/pi_root -if ! mkdir $PI_ROOT \ - || ! mount -t unionfs -o noatime,dirs=$RW_DIR=rw:$SQUASH_MOUNT=ro unionfs \ - $PI_ROOT; then - failure_exit 'Failed to set up root directory for postinst.' -fi - -# set up /var/run fstab entry -PI_FSTAB=$PI_ROOT/etc/fstab -if ! grep -q 'tmpfs /var/run ' $PI_FSTAB >&/dev/null; then - # replace the fstab. the default one has header that will cause - # it to be wiped out on live boot. - echo 'tmpfs /var/run tmpfs nosuid,nodev 0 0' >$PI_FSTAB -fi - -# postinst hook -PI_SCRIPT=${PI_ROOT}${vyatta_sysconfdir}/install-image/postinst -if [ -e "$PI_SCRIPT" ]; then - echo "running post-install script" - $PI_SCRIPT $PI_ROOT -fi - -# set up grub entry (if provided) -DEF_GRUB=${PI_ROOT}${vyatta_sysconfdir}/grub/default-union-grub-entry -if [ -e "$DEF_GRUB" ]; then - old_grub_cfg=/live/image/boot/grub/grub.cfg - new_grub_cfg=$TMP_DIR/grub.cfg - sed -n '/^menuentry/q;p' $old_grub_cfg >$new_grub_cfg - cat $DEF_GRUB >>$new_grub_cfg - sed -n '/^menuentry/,${p}' $old_grub_cfg >>$new_grub_cfg - sed -i 's/^set default=[0-9]\+$/set default=0/' $new_grub_cfg - mv $new_grub_cfg $old_grub_cfg -fi - -# done -exit 0 - -- cgit v1.2.3 From bfb9a5b9f8cae8dad0be32ad9e10c71dd4f7d932 Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Thu, 5 Nov 2009 15:01:41 -0800 Subject: 0.15.98 --- debian/changelog | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/debian/changelog b/debian/changelog index 679ed013..7a18608c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +vyatta-cfg-system (0.15.98) unstable; urgency=low + + [ Stephen Hemminger ] + * Remove blank line + * Fix pam-auth-update errors from radius + * Move user configuration information to files + * radius: only try first password if first module + + [ An-Cheng Huang ] + * move custom script to custom repo + + -- An-Cheng Huang Thu, 05 Nov 2009 15:01:40 -0800 + vyatta-cfg-system (0.15.97) unstable; urgency=low * Fix 5063: committing "set interfaces ethernet <> bridge-group bridge -- cgit v1.2.3 From a8045ac8ed24356e6d6431010811043f87a1b37f Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Thu, 5 Nov 2009 19:03:09 -0800 Subject: use new vyatta-union arg to reduce kernel cmdline length. --- scripts/vyatta-grub-setup | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/scripts/vyatta-grub-setup b/scripts/vyatta-grub-setup index 817223b3..487356c4 100755 --- a/scripts/vyatta-grub-setup +++ b/scripts/vyatta-grub-setup @@ -88,7 +88,7 @@ else fi if eval "$UNION"; then - GRUB_OPTIONS="boot=live live-media-path=/boot/$livedir persistent-path=/boot/$livedir quiet persistent noautologin nonetworking nouser hostname=vyatta" + GRUB_OPTIONS="boot=live quiet vyatta-union=/boot/$livedir" union_xen_kernel_version=$(ls $ROOTFSDIR/boot/$livedir/vmlinuz*-xen* \ 2>/dev/null \ | awk -F/ '{ print $6 }' \ @@ -253,17 +253,21 @@ fi # Set options for root password reset. Offer # options for both serial and KVM console. + reset_boot_path=/boot + if eval "$UNION"; then + reset_boot_path=/boot/$livedir + fi echo echo -e "menuentry \"Lost password change (KVM console)\" {" - echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $vga_logo $vty_console init=$pass_reset" - echo -e "\tinitrd /boot/initrd.img" + echo -e "\tlinux $reset_boot_path/vmlinuz $GRUB_OPTIONS $vga_logo $vty_console init=$pass_reset" + echo -e "\tinitrd $reset_boot_path/initrd.img" echo -e "}" echo echo -e "menuentry \"Lost password change (Serial console)\" {" - echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $serial_console init=$pass_reset" - echo -e "\tinitrd /boot/initrd.img" + echo -e "\tlinux $reset_boot_path/vmlinuz $GRUB_OPTIONS $serial_console init=$pass_reset" + echo -e "\tinitrd $reset_boot_path/initrd.img" echo -e "}" if [ -n "$diag_drive_number" ]; then -- cgit v1.2.3 From 92834105d2a01ca61a91a15672c8492e2b8371b2 Mon Sep 17 00:00:00 2001 From: Robert Bays Date: Fri, 6 Nov 2009 05:52:14 -0800 Subject: Fix library include --- lib/Vyatta/Login/User.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm index 8c459850..cca84636 100755 --- a/lib/Vyatta/Login/User.pm +++ b/lib/Vyatta/Login/User.pm @@ -19,7 +19,7 @@ use strict; use warnings; use lib "/opt/vyatta/share/perl5"; use Vyatta::Config; -use Vyatta::Login::Misc; +use Vyatta::Misc; # Exit codes form useradd.8 man page my %reasons = ( -- cgit v1.2.3 From dee8da10476d2d6e7269809ffd56ccaa42d7474d Mon Sep 17 00:00:00 2001 From: Robert Bays Date: Fri, 6 Nov 2009 05:53:11 -0800 Subject: 0.15.99 --- debian/changelog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/debian/changelog b/debian/changelog index 7a18608c..d73fbc37 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +vyatta-cfg-system (0.15.99) unstable; urgency=low + + [ An-Cheng Huang ] + * use new vyatta-union arg to reduce kernel cmdline length. + + [ Robert Bays ] + * Fix library include + + -- Robert Bays Fri, 06 Nov 2009 05:53:10 -0800 + vyatta-cfg-system (0.15.98) unstable; urgency=low [ Stephen Hemminger ] -- cgit v1.2.3 From 11d97665f9fecff30862d284907968ebece703e2 Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Fri, 6 Nov 2009 17:50:21 -0800 Subject: copy the whole config directory during install --- scripts/install/install-image-existing | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/scripts/install/install-image-existing b/scripts/install/install-image-existing index 0b5cba62..214fd2c8 100755 --- a/scripts/install/install-image-existing +++ b/scripts/install/install-image-existing @@ -87,19 +87,20 @@ if ! grep -q 'tmpfs /var/run ' $PI_FSTAB >&/dev/null; then echo 'tmpfs /var/run tmpfs nosuid,nodev 0 0' >$PI_FSTAB fi -# save current config if needed -def_cfg="$VYATTA_CFG_DIR/config.boot" -if [ -f "$def_cfg" ]; then +# save current config dir if needed +if [ -f "$VYATTA_CFG_DIR/config.boot" ]; then resp='' while [ -z "$resp" ]; do - echo 'Would you like to use the current configuration' + echo 'Would you like to save the current configuration ' + echo 'directory and use the current start-up configuration ' echo -n 'for the new version? (Yes/No) [Yes]: ' resp=$(get_response "Yes" "Yes No Y N") if [ "$resp" == 'yes' ] || [ "$resp" == 'y' ]; then echo 'Copying current configuration...' ndir=${INST_ROOT}${VYATTA_CFG_DIR} mkdir -p $ndir - cp -p $def_cfg $ndir/ + find $VYATTA_CFG_DIR -maxdepth 1 -mindepth 1 \ + -exec cp '-a' '{}' "$ndir/" ';' chgrp -R vyattacfg $ndir chmod -R 775 $ndir fi -- cgit v1.2.3 From 5c21e9f6d804fe47e71564d0119684dfe02513de Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Tue, 10 Nov 2009 14:09:11 -0800 Subject: 0.15.100 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index d73fbc37..66f06daf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.15.100) unstable; urgency=low + + * copy the whole config directory during install + + -- An-Cheng Huang Tue, 10 Nov 2009 14:08:59 -0800 + vyatta-cfg-system (0.15.99) unstable; urgency=low [ An-Cheng Huang ] -- cgit v1.2.3 From b40d5ead178e32595b27b352d8da6d3e3d311259 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 11 Nov 2009 15:53:49 -0800 Subject: Remove blank line --- sysconf/level | 1 - 1 file changed, 1 deletion(-) diff --git a/sysconf/level b/sysconf/level index 2acfa491..9da13bf5 100644 --- a/sysconf/level +++ b/sysconf/level @@ -1,3 +1,2 @@ admin:quaggavty,vyattacfg,sudo,adm,dip,disk operator:quaggavty,vyattaop,operator,adm,dip - -- cgit v1.2.3 From e9a1ab06c20b024eaeabd01643e565ebf1ef6143 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 11 Nov 2009 16:37:21 -0800 Subject: Show dependency on pam version This version needs pam-auth-update which is only in later pam versions. --- debian/control | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/control b/debian/control index c37dcba3..05ca058d 100644 --- a/debian/control +++ b/debian/control @@ -14,6 +14,7 @@ Depends: acpid, procps (>= 1:3.2.7-3), coreutils (>= 5.97-5.3), libpam-radius-auth, + libpam-runtime (>= 1.0.1-5), vyatta-cfg, vyatta-bash | bash (>= 3.1), sysv-rc, -- cgit v1.2.3 From 3b5ccd729ad0236cfc0350035c294a4b0d395f51 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 11 Nov 2009 17:09:29 -0800 Subject: 0.15.101 --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 66f06daf..56e21623 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +vyatta-cfg-system (0.15.101) unstable; urgency=low + + * Remove blank line + * Show dependency on pam version + + -- Stephen Hemminger Wed, 11 Nov 2009 17:09:29 -0800 + vyatta-cfg-system (0.15.100) unstable; urgency=low * copy the whole config directory during install -- cgit v1.2.3