From dd8813677e1864d8fe45db79c9fa6392dfe3f245 Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Mon, 10 Dec 2007 17:58:23 -0800 Subject: fix for bug 2524: telnet settings can only be set via ssh or console. --- templates/service/telnet/node.def | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) (limited to 'templates') diff --git a/templates/service/telnet/node.def b/templates/service/telnet/node.def index 5f4c1c7c..844aec98 100644 --- a/templates/service/telnet/node.def +++ b/templates/service/telnet/node.def @@ -1,4 +1,18 @@ help: "Enable/disable telnet protocol" -delete: "sudo /opt/vyatta/sbin/telnetd.init stop" -end: "if [ -z \"$(port/@)\" ]; then exit 0; fi; \ - sudo /opt/vyatta/sbin/telnetd.init restart $(port/@)" +delete: " \ + if ! env | grep -q SSH_TTY=; then \ + if [[ \"`tty`\" == /dev/pts/* ]]; then \ + echo \"Please configure telnet settings via ssh or console.\"; \ + exit 1; \ + fi; \ + fi; \ + sudo /opt/vyatta/sbin/telnetd.init stop" +end: " \ + if ! env | grep -q SSH_TTY=; then \ + if [[ \"`tty`\" == /dev/pts/* ]]; then \ + echo \"Please configure telnet settings via ssh or console.\"; \ + exit 1; \ + fi; \ + fi; \ + if [ -z \"$(port/@)\" ]; then exit 0; fi; \ + sudo /opt/vyatta/sbin/telnetd.init restart $(port/@)" -- cgit v1.2.3 From 41dce94fe7ce2518a2a83387d3c88384c42ed203 Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Mon, 10 Dec 2007 18:05:13 -0800 Subject: also check telnet session for "allow-root" --- templates/service/telnet/allow-root/node.def | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) (limited to 'templates') diff --git a/templates/service/telnet/allow-root/node.def b/templates/service/telnet/allow-root/node.def index 654023af..9c3ff97d 100644 --- a/templates/service/telnet/allow-root/node.def +++ b/templates/service/telnet/allow-root/node.def @@ -1,10 +1,24 @@ type: bool default: false help: "Enable/disable root login" -update: "if [ \"$(@)\" == \"true\" ]; then \ - sudo mv -f /etc/securetty /etc/securetty.allow-root >&/dev/null; \ - else - sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null; \ - fi ; /bin/true" -delete: "sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null ; \ - /bin/true" +update: " \ + if ! env | grep -q SSH_TTY=; then \ + if [[ \"`tty`\" == /dev/pts/* ]]; then \ + echo \"Please configure telnet settings via ssh or console.\"; \ + exit 1; \ + fi; \ + fi; \ + if [ \"$(@)\" == \"true\" ]; then \ + sudo mv -f /etc/securetty /etc/securetty.allow-root >&/dev/null; \ + else + sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null; \ + fi ; /bin/true" +delete: " \ + if ! env | grep -q SSH_TTY=; then \ + if [[ \"`tty`\" == /dev/pts/* ]]; then \ + echo \"Please configure telnet settings via ssh or console.\"; \ + exit 1; \ + fi; \ + fi; \ + sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null ; \ + /bin/true" -- cgit v1.2.3 From 43f2852dd74d9dd60d955478d8d7035ebacef46b Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Mon, 10 Dec 2007 18:54:51 -0800 Subject: use "127.0.1.1" for configured hostname (leave "127.0.0.1" for localhost). --- templates/system/host-name/node.def | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) (limited to 'templates') diff --git a/templates/system/host-name/node.def b/templates/system/host-name/node.def index aeed3986..97d9a36b 100644 --- a/templates/system/host-name/node.def +++ b/templates/system/host-name/node.def @@ -2,21 +2,17 @@ type: txt help: "Configure system host name" default: "vyatta" syntax: pattern $(@) "^[-a-zA-Z0-9.]+$" ; "invalid host name $(@)" -# do we need to add ntpd restart here? update: "sudo sh -c \"hostname '$(@)' && \ touch /etc/hosts && \ -sed -i '/localhost/d' /etc/hosts && \ -echo \\\"127.0.0.1\t localhost $(@)\t #vyatta entry\\\" >> /etc/hosts && \ +sed -i '/^127.0.1.1/d' /etc/hosts && \ +echo \\\"127.0.1.1\t $(@)\t #vyatta entry\\\" >> /etc/hosts && \ if [ x$(../domain-name/@) != x ]; then \ -echo \\\"127.0.0.1\t localhost $(@).$(../domain-name/@)\t #vyatta entry\\\" \ +echo \\\"127.0.1.1\t $(@).$(../domain-name/@)\t #vyatta entry\\\" \ >> /etc/hosts; fi\" " -# do we need to add ntpd restart here? delete: "sudo sh -c \"echo > /etc/hostname.conf && hostname 'vyatta' && \ touch /etc/hosts && \ -sed -i '/localhost.*#vyatta entry/d' /etc/hosts && \ -echo \\\"127.0.0.1\t localhost vyatta\t #vyatta entry\\\" >> /etc/hosts && \ +sed -i '/^127.0.1.1/d' /etc/hosts && \ +echo \\\"127.0.1.1\t vyatta\t #vyatta entry\\\" >> /etc/hosts && \ if [ x$(../domain-name/@) != x ]; then \ -echo \\\"127.0.0.1\t localhost vyatta.$(../domain-name/@)\t #vyatta entry\\\" \ ->> /etc/hosts; fi && \ -if [ -f /etc/ntp/ntp.conf ] && grep -q 'server' /etc/ntp/ntp.conf; then \ -/opt/vyatta/sbin/ntpd.init restart; fi\" " +echo \\\"127.0.1.1\t vyatta.$(../domain-name/@)\t #vyatta entry\\\" \ +>> /etc/hosts; fi\" " -- cgit v1.2.3 From c4551bb0a5e3ae1780831b5037a118e3971b5c95 Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Tue, 11 Dec 2007 18:59:23 -0800 Subject: fix sudo problem on installed system --- templates/system/host-name/node.def | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/system/host-name/node.def b/templates/system/host-name/node.def index 97d9a36b..e1370b70 100644 --- a/templates/system/host-name/node.def +++ b/templates/system/host-name/node.def @@ -3,13 +3,14 @@ help: "Configure system host name" default: "vyatta" syntax: pattern $(@) "^[-a-zA-Z0-9.]+$" ; "invalid host name $(@)" update: "sudo sh -c \"hostname '$(@)' && \ +echo '$(@)' > /etc/hostname && \ touch /etc/hosts && \ sed -i '/^127.0.1.1/d' /etc/hosts && \ echo \\\"127.0.1.1\t $(@)\t #vyatta entry\\\" >> /etc/hosts && \ if [ x$(../domain-name/@) != x ]; then \ echo \\\"127.0.1.1\t $(@).$(../domain-name/@)\t #vyatta entry\\\" \ >> /etc/hosts; fi\" " -delete: "sudo sh -c \"echo > /etc/hostname.conf && hostname 'vyatta' && \ +delete: "sudo sh -c \"echo 'vyatta' > /etc/hostname && hostname 'vyatta' && \ touch /etc/hosts && \ sed -i '/^127.0.1.1/d' /etc/hosts && \ echo \\\"127.0.1.1\t vyatta\t #vyatta entry\\\" >> /etc/hosts && \ -- cgit v1.2.3 From 7f5f7bedf4f47a42fcb7e32538ccf2d78c75234b Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Wed, 12 Dec 2007 15:24:22 -0800 Subject: fix static host mapping --- templates/system/static-host-mapping/host-name/node.def | 7 +++++++ .../static-host-mapping/host-name/node.tag/alias/node.def | 15 --------------- .../static-host-mapping/host-name/node.tag/inet/node.def | 14 -------------- 3 files changed, 7 insertions(+), 29 deletions(-) (limited to 'templates') diff --git a/templates/system/static-host-mapping/host-name/node.def b/templates/system/static-host-mapping/host-name/node.def index ea0000af..275aa867 100644 --- a/templates/system/static-host-mapping/host-name/node.def +++ b/templates/system/static-host-mapping/host-name/node.def @@ -2,3 +2,10 @@ tag: type: txt help: "Map DNS names to system interfaces" syntax: pattern $(@) "^[-a-zA-Z0-9.]+$" ; "invalid host name $(@)" +commit: $(./inet) != ""; "IP address for the static mapping must be set" +end: "sudo sh -c \"\ + touch /etc/hosts; \ + sed -i '/ $(@) .*#vyatta entry/d' /etc/hosts; \ + if [ -z \"$(./inet/@)\" ]; then exit 0; fi; \ + declare -a aliases=( $(alias/@@) ); \ + echo \\\"$(inet/@)\t $(@) \\\\\${aliases[*]} \t #vyatta entry\\\" \ >> /etc/hosts\" " diff --git a/templates/system/static-host-mapping/host-name/node.tag/alias/node.def b/templates/system/static-host-mapping/host-name/node.tag/alias/node.def index c8f5cdef..e9f1de7c 100644 --- a/templates/system/static-host-mapping/host-name/node.tag/alias/node.def +++ b/templates/system/static-host-mapping/host-name/node.tag/alias/node.def @@ -1,18 +1,3 @@ multi: type: txt help: "Alias for this address" -update: "sudo sh -c \"touch /etc/hosts && \ -sed -i '/$(../@).*#vyatta entry/d;/127\\.0\\.0\\.1.*#vyatta entry/d' \ - /etc/hosts && \ -echo \\\"$(../inet/@)\t $(../@) $(@) \t #vyatta entry\\\" \ - >> /etc/hosts && \ -if [ x$(../../../domain-name/@) == x ]; then \ - echo \\\"127.0.0.1\t localhost $(../../../host-name/@)\t #vyatta entry\\\" \ - >> /etc/hosts; \ -else \ - echo \\\"127.0.0.1\t localhost \ -$(../../../host-name/@).$(../../../domain-name/@)\t #vyatta entry\\\" \ - >> /etc/hosts; \ -fi\" " -delete: "sudo sh -c \"touch /etc/hosts && \ -sed -i '/ $(../@) .*#vyatta entry/{/localhost/!d}' /etc/hosts\" " diff --git a/templates/system/static-host-mapping/host-name/node.tag/inet/node.def b/templates/system/static-host-mapping/host-name/node.tag/inet/node.def index 47a84733..4a069d9e 100644 --- a/templates/system/static-host-mapping/host-name/node.tag/inet/node.def +++ b/templates/system/static-host-mapping/host-name/node.tag/inet/node.def @@ -1,16 +1,2 @@ type: ipv4 help: "Internet address" -update: "sudo sh -c \"touch /etc/hosts && \ -sed -i '/$(../@).*#vyatta entry/d;/127\\.0\\.0\\.1.*#vyatta entry/d' \ - /etc/hosts && \ -echo \\\"$(@)\t $(../@) \t #vyatta entry\\\" >> /etc/hosts && \ -if [ x$(../../../domain-name/@) == x ]; then \ - echo \\\"127.0.0.1\t localhost $(../../../host-name/@)\t #vyatta entry\\\" \ - >> /etc/hosts; \ -else \ - echo \\\"127.0.0.1\t localhost \ -$(../../../host-name/@).$(../../../domain-name/@)\t #vyatta entry\\\" \ - >> /etc/hosts; \ -fi\" " -delete: "sudo sh -c \"touch /etc/hosts && \ -sed -i '/ $(../@) .*#vyatta entry/{/localhost/!d}' /etc/hosts\" " -- cgit v1.2.3 From 36af5914de982f2770fba137c4beea9077cc6adb Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Sun, 16 Dec 2007 14:58:48 -0800 Subject: Add ethernet bridging. --- debian/control | 2 +- templates/interfaces/bridge/node.def | 7 +++++++ templates/interfaces/bridge/node.tag/aging/node.def | 5 +++++ templates/interfaces/bridge/node.tag/description/node.def | 2 ++ templates/interfaces/bridge/node.tag/disable/node.def | 8 ++++++++ .../interfaces/bridge/node.tag/forwarding-delay/node.def | 5 +++++ templates/interfaces/bridge/node.tag/hello-time/node.def | 5 +++++ templates/interfaces/bridge/node.tag/max-age/node.def | 5 +++++ templates/interfaces/bridge/node.tag/node.def | 1 + templates/interfaces/bridge/node.tag/priority/node.def | 5 +++++ templates/interfaces/bridge/node.tag/stp/node.def | 9 +++++++++ .../ethernet/node.tag/bridge-group/bridge/node.def | 12 ++++++++++++ .../interfaces/ethernet/node.tag/bridge-group/cost/node.def | 4 ++++ templates/interfaces/ethernet/node.tag/bridge-group/node.def | 2 ++ .../ethernet/node.tag/bridge-group/priority/node.def | 4 ++++ 15 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 templates/interfaces/bridge/node.def create mode 100644 templates/interfaces/bridge/node.tag/aging/node.def create mode 100644 templates/interfaces/bridge/node.tag/description/node.def create mode 100644 templates/interfaces/bridge/node.tag/disable/node.def create mode 100644 templates/interfaces/bridge/node.tag/forwarding-delay/node.def create mode 100644 templates/interfaces/bridge/node.tag/hello-time/node.def create mode 100644 templates/interfaces/bridge/node.tag/max-age/node.def create mode 100644 templates/interfaces/bridge/node.tag/node.def create mode 100644 templates/interfaces/bridge/node.tag/priority/node.def create mode 100644 templates/interfaces/bridge/node.tag/stp/node.def create mode 100644 templates/interfaces/ethernet/node.tag/bridge-group/bridge/node.def create mode 100644 templates/interfaces/ethernet/node.tag/bridge-group/cost/node.def create mode 100644 templates/interfaces/ethernet/node.tag/bridge-group/node.def create mode 100644 templates/interfaces/ethernet/node.tag/bridge-group/priority/node.def (limited to 'templates') diff --git a/debian/control b/debian/control index 88938b4a..19f15004 100644 --- a/debian/control +++ b/debian/control @@ -13,7 +13,7 @@ Depends: bash (>= 3.1), procps (>= 1:3.2.7-3), coreutils (>= 5.97-5.3), vyatta-cfg, sysv-rc, ifrename, ntp, sysklogd, busybox, ssh, whois, sudo, - snmpd, keepalived, vyatta-bash + snmpd, keepalived, vyatta-bash, bridge-utils Suggests: util-linux (>= 2.13-5), net-tools, ethtool, diff --git a/templates/interfaces/bridge/node.def b/templates/interfaces/bridge/node.def new file mode 100644 index 00000000..d85c9afc --- /dev/null +++ b/templates/interfaces/bridge/node.def @@ -0,0 +1,7 @@ +tag: +type: txt +help: "Enter bridge interface name (br0 - br9)" +syntax: $(@) in "br0", "br1", "br2", "br3", "br4", "br5", "br6", "br7", "br8", "br9" ; "Must be (br0 - br9)" +create: "sudo brctl addbr $(@)" +delete: "sudo brctl delbr $(@)" + diff --git a/templates/interfaces/bridge/node.tag/aging/node.def b/templates/interfaces/bridge/node.tag/aging/node.def new file mode 100644 index 00000000..0b1dcd03 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/aging/node.def @@ -0,0 +1,5 @@ +type: u32 +help: "Set the number of seconds a MAC address will be kept in the forwarding database" +default: 300 +update: "sudo brctl setageing $(../@) $(@)" +delete: "sudo brctl setageing $(../@) $(@)" diff --git a/templates/interfaces/bridge/node.tag/description/node.def b/templates/interfaces/bridge/node.tag/description/node.def new file mode 100644 index 00000000..481dce47 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: "Add a human-readable description of an interface" diff --git a/templates/interfaces/bridge/node.tag/disable/node.def b/templates/interfaces/bridge/node.tag/disable/node.def new file mode 100644 index 00000000..f72b8af3 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/disable/node.def @@ -0,0 +1,8 @@ +type: bool +help: "Disable the bridge interface" +default: false +update: "if [ x$(@) == xtrue ]; then \ + sudo ip link set $(../@) down; \ + else \ + sudo ip link set $(../@) up; \ + fi; " diff --git a/templates/interfaces/bridge/node.tag/forwarding-delay/node.def b/templates/interfaces/bridge/node.tag/forwarding-delay/node.def new file mode 100644 index 00000000..6634a7cc --- /dev/null +++ b/templates/interfaces/bridge/node.tag/forwarding-delay/node.def @@ -0,0 +1,5 @@ +type: u32 +help: "Set the forwarding delay" +default: 15 +update: "sudo brctl setfd $(../@) $(@)" +delete: "sudo brctl setfd $(../@) $(@)" diff --git a/templates/interfaces/bridge/node.tag/hello-time/node.def b/templates/interfaces/bridge/node.tag/hello-time/node.def new file mode 100644 index 00000000..e7b59ab3 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/hello-time/node.def @@ -0,0 +1,5 @@ +type: u32 +help: "Set the hello packet advertisment interval" +default: 2 +update: "sudo brctl sethello $(../@) $(@)" +delete: "sudo brctl sethello $(../@) $(@)" diff --git a/templates/interfaces/bridge/node.tag/max-age/node.def b/templates/interfaces/bridge/node.tag/max-age/node.def new file mode 100644 index 00000000..7fa3ecbe --- /dev/null +++ b/templates/interfaces/bridge/node.tag/max-age/node.def @@ -0,0 +1,5 @@ +type: u32 +help: "Set the interval at which neighbor bridges are removed" +default: 20 +update: "sudo brctl setmaxage $(../@) $(@)" +delete: "sudo brctl setmaxage $(../@) $(@)" diff --git a/templates/interfaces/bridge/node.tag/node.def b/templates/interfaces/bridge/node.tag/node.def new file mode 100644 index 00000000..07e13e91 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/node.def @@ -0,0 +1 @@ +help: "Set bridge parameters" diff --git a/templates/interfaces/bridge/node.tag/priority/node.def b/templates/interfaces/bridge/node.tag/priority/node.def new file mode 100644 index 00000000..650958ef --- /dev/null +++ b/templates/interfaces/bridge/node.tag/priority/node.def @@ -0,0 +1,5 @@ +type: u32 +help: "Set the priority for this bridge" +default: 0 +update: "sudo brctl setbridgeprio $(../@) $(@)" +delete: "sudo brctl setbridgeprio $(../@) $(@)" diff --git a/templates/interfaces/bridge/node.tag/stp/node.def b/templates/interfaces/bridge/node.tag/stp/node.def new file mode 100644 index 00000000..eb87287b --- /dev/null +++ b/templates/interfaces/bridge/node.tag/stp/node.def @@ -0,0 +1,9 @@ +type: bool +help: "Enable spanning tree protocol" +default: false +update: "if [ x$(@) == xtrue ]; then \ + sudo brctl stp $(../@) on; \ + else \ + sudo brctl stp $(../@) off; \ + fi; " +delete: "sudo brctl stp $(../@) off" diff --git a/templates/interfaces/ethernet/node.tag/bridge-group/bridge/node.def b/templates/interfaces/ethernet/node.tag/bridge-group/bridge/node.def new file mode 100644 index 00000000..f6ca51e4 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/bridge-group/bridge/node.def @@ -0,0 +1,12 @@ +type: txt +help: "Add this interface to a bridge-group" +syntax: exec " \ + if [ -z \"`sudo brctl show | grep $(@) `\" ]; then \ + echo bridge interface $(@) doesn\\'t exist on this system ; \ + exit 1 ; \ + fi ; " +update: "sudo brctl addif $(@) $(../../@)" +delete: "sudo brctl delif $(@) $(../../@)" +#allowed: local -a array ; +# array=( /sys/class/net/br* ) ; +# echo -n ${array[@]##*/} diff --git a/templates/interfaces/ethernet/node.tag/bridge-group/cost/node.def b/templates/interfaces/ethernet/node.tag/bridge-group/cost/node.def new file mode 100644 index 00000000..1c2bbde1 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/bridge-group/cost/node.def @@ -0,0 +1,4 @@ +type: u32 +help: "Set the path cost for this port" +commit: $(../bridge/) != ""; "Must configure bridge interface" +update: "sudo brctl setpathcost $(../../@) $(@)" diff --git a/templates/interfaces/ethernet/node.tag/bridge-group/node.def b/templates/interfaces/ethernet/node.tag/bridge-group/node.def new file mode 100644 index 00000000..b76b5d71 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/bridge-group/node.def @@ -0,0 +1,2 @@ +help: "Add this interface to a bridge group" +commit: $(./bridge/) != ""; "Must set the bridge interface" diff --git a/templates/interfaces/ethernet/node.tag/bridge-group/priority/node.def b/templates/interfaces/ethernet/node.tag/bridge-group/priority/node.def new file mode 100644 index 00000000..d254b082 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/bridge-group/priority/node.def @@ -0,0 +1,4 @@ +type: u32 +help: "Set the path priority for this port" +commit: $(../bridge/) != ""; "Must configure bridge interface" +update: "sudo brctl setportprio $(../../@) $(@)" -- cgit v1.2.3 From 1802eb010fb9b382dde4d3e1574fd578027c7dc0 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Tue, 18 Dec 2007 09:53:24 -0800 Subject: - Add support for multiple vrrp groups per interface. - Add support for multiple VIPs per vrrp group. --- scripts/keepalived/VyattaKeepalived.pm | 17 ++- scripts/keepalived/vyatta-keepalived.pl | 121 +++++++++++---------- scripts/keepalived/vyatta-show-vrrp.pl | 21 +++- .../node.tag/vrrp/advertise-interval/node.def | 4 - .../ethernet/node.tag/vrrp/authentication/node.def | 3 - .../node.tag/vrrp/authentication/password/node.def | 2 - .../node.tag/vrrp/authentication/type/node.def | 3 - .../interfaces/ethernet/node.tag/vrrp/node.def | 2 - .../ethernet/node.tag/vrrp/preempt/node.def | 4 - .../ethernet/node.tag/vrrp/priority/node.def | 3 - .../node.tag/vrrp/virtual-address/node.def | 2 - .../ethernet/node.tag/vrrp/vrrp-group/node.def | 4 +- .../node.tag/advertise-interval/node.def | 4 + .../vrrp-group/node.tag/authentication/node.def | 3 + .../node.tag/authentication/password/node.def | 2 + .../node.tag/authentication/type/node.def | 3 + .../node.tag/vrrp/vrrp-group/node.tag/node.def | 1 + .../vrrp/vrrp-group/node.tag/preempt/node.def | 4 + .../vrrp/vrrp-group/node.tag/priority/node.def | 3 + .../vrrp-group/node.tag/virtual-address/node.def | 3 + 20 files changed, 117 insertions(+), 92 deletions(-) delete mode 100644 templates/interfaces/ethernet/node.tag/vrrp/advertise-interval/node.def delete mode 100644 templates/interfaces/ethernet/node.tag/vrrp/authentication/node.def delete mode 100644 templates/interfaces/ethernet/node.tag/vrrp/authentication/password/node.def delete mode 100644 templates/interfaces/ethernet/node.tag/vrrp/authentication/type/node.def delete mode 100644 templates/interfaces/ethernet/node.tag/vrrp/preempt/node.def delete mode 100644 templates/interfaces/ethernet/node.tag/vrrp/priority/node.def delete mode 100644 templates/interfaces/ethernet/node.tag/vrrp/virtual-address/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/priority/node.def create mode 100644 templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def (limited to 'templates') diff --git a/scripts/keepalived/VyattaKeepalived.pm b/scripts/keepalived/VyattaKeepalived.pm index c2d446e4..e0e84af3 100755 --- a/scripts/keepalived/VyattaKeepalived.pm +++ b/scripts/keepalived/VyattaKeepalived.pm @@ -129,6 +129,17 @@ sub get_state_files { return @state_files; } +sub get_vips_per_intf { + my ($intf) = @_; + + my $config = new VyattaConfig; + my @groups = (); + + $config->setLevel("interfaces ethernet $intf vrrp vrrp-group"); + @groups = $config->listOrigNodes(); + return scalar(@groups); +} + sub vrrp_get_config { my ($intf, $group) = @_; @@ -144,8 +155,8 @@ sub vrrp_get_config { $primary_addr = $1; } - $config->setLevel("interfaces ethernet $intf vrrp"); - my $vip = $config->returnOrigValue("virtual-address"); + $config->setLevel("interfaces ethernet $intf vrrp vrrp-group $group"); + my @vips = $config->returnOrigValues("virtual-address"); my $priority = $config->returnOrigValue("priority"); if (!defined $priority) { $priority = 1; @@ -165,7 +176,7 @@ sub vrrp_get_config { } else { $auth_type = uc($auth_type); } - return ($primary_addr, $vip, $priority, $preempt, $advert_int, $auth_type); + return ($primary_addr, $priority, $preempt, $advert_int, $auth_type, @vips); } sub vrrp_state_parse { diff --git a/scripts/keepalived/vyatta-keepalived.pl b/scripts/keepalived/vyatta-keepalived.pl index 15346855..e9df03df 100755 --- a/scripts/keepalived/vyatta-keepalived.pl +++ b/scripts/keepalived/vyatta-keepalived.pl @@ -38,72 +38,75 @@ use warnings; sub keepalived_get_values { my ($intf) = @_; - my $output; + my $output = ''; my $config = new VyattaConfig; - $config->setLevel("interfaces ethernet $intf vrrp"); - my $group = $config->returnValue("vrrp-group"); - if (!defined $group) { - $group = 1; - } - my $vip = $config->returnValue("virtual-address"); - if (!defined $vip) { - print "must define a virtual-address for vrrp-group $group\n"; - exit 1; - } - my $priority = $config->returnValue("priority"); - if (!defined $priority) { - $priority = 1; - } - my $preempt = $config->returnValue("preempt"); - if (!defined $preempt) { - $preempt = "true"; - } - my $advert_int = $config->returnValue("advertise-interval"); - if (!defined $advert_int) { - $advert_int = 1; - } - $config->setLevel("interfaces ethernet $intf vrrp authentication"); - my $auth_type = $config->returnValue("type"); - my $auth_pass; - if (defined $auth_type) { - $auth_type = uc($auth_type); - $auth_pass = $config->returnValue("password"); - if (! defined $auth_pass) { - print "vrrp authentication password not set"; + my $state_transition_script = VyattaKeepalived::get_state_script(); + + $config->setLevel("interfaces ethernet $intf vrrp vrrp-group"); + my @groups = $config->listNodes(); + foreach my $group (@groups) { + $config->setLevel("interfaces ethernet $intf vrrp vrrp-group $group"); + my @vips = $config->returnValues("virtual-address"); + if (scalar(@vips) == 0) { + print "must define a virtual-address for vrrp-group $group\n"; exit 1; } - } - my $state_transition_script = VyattaKeepalived::get_state_script(); + my $priority = $config->returnValue("priority"); + if (!defined $priority) { + $priority = 1; + } + my $preempt = $config->returnValue("preempt"); + if (!defined $preempt) { + $preempt = "true"; + } + my $advert_int = $config->returnValue("advertise-interval"); + if (!defined $advert_int) { + $advert_int = 1; + } + $config->setLevel("interfaces ethernet $intf vrrp vrrp-group $group authentication"); + my $auth_type = $config->returnValue("type"); + my $auth_pass; + if (defined $auth_type) { + $auth_type = uc($auth_type); + $auth_pass = $config->returnValue("password"); + if (! defined $auth_pass) { + print "vrrp authentication password not set"; + exit 1; + } + } - $output = "vrrp_instance vyatta-$intf-$group \{\n"; - if ($preempt eq "false") { - $output .= "\tstate BACKUP\n"; - } else { - $output .= "\tstate MASTER\n"; + $output .= "vrrp_instance vyatta-$intf-$group \{\n"; + if ($preempt eq "false") { + $output .= "\tstate BACKUP\n"; + } else { + $output .= "\tstate MASTER\n"; } - $output .= "\tinterface $intf\n"; - $output .= "\tvirtual_router_id $group\n"; - $output .= "\tpriority $priority\n"; - if ($preempt eq "false") { - $output .= "\tnopreempt\n"; - } - $output .= "\tadvert_int $advert_int\n"; - if (defined $auth_type) { - $output .= "\tauthentication {\n"; - $output .= "\t\tauth_type $auth_type\n"; - $output .= "\t\tauth_pass $auth_pass\n\t}\n"; + $output .= "\tinterface $intf\n"; + $output .= "\tvirtual_router_id $group\n"; + $output .= "\tpriority $priority\n"; + if ($preempt eq "false") { + $output .= "\tnopreempt\n"; + } + $output .= "\tadvert_int $advert_int\n"; + if (defined $auth_type) { + $output .= "\tauthentication {\n"; + $output .= "\t\tauth_type $auth_type\n"; + $output .= "\t\tauth_pass $auth_pass\n\t}\n"; + } + $output .= "\tvirtual_ipaddress \{\n"; + foreach my $vip (@vips) { + $output .= "\t\t$vip\n"; + } + $output .= "\t\}\n"; + $output .= "\tnotify_master "; + $output .= "\"$state_transition_script master $intf $group @vips\" \n"; + $output .= "\tnotify_backup "; + $output .= "\"$state_transition_script backup $intf $group @vips\" \n"; + $output .= "\t notify_fault "; + $output .= "\"$state_transition_script fault $intf $group @vips\" \n"; + $output .= "\}\n"; } - $output .= "\tvirtual_ipaddress \{\n"; - $output .= "\t\t$vip\n"; - $output .= "\t\}\n"; - $output .= "\tnotify_master "; - $output .= "\"$state_transition_script master $intf $group $vip\" \n"; - $output .= "\tnotify_backup "; - $output .= "\"$state_transition_script backup $intf $group $vip\" \n"; - $output .= "\t notify_fault "; - $output .= "\"$state_transition_script fault $intf $group $vip\" \n"; - $output .= "\}\n"; return $output; } diff --git a/scripts/keepalived/vyatta-show-vrrp.pl b/scripts/keepalived/vyatta-show-vrrp.pl index 6540eaf5..934808f6 100755 --- a/scripts/keepalived/vyatta-show-vrrp.pl +++ b/scripts/keepalived/vyatta-show-vrrp.pl @@ -81,7 +81,7 @@ sub link_updown { } sub get_master_info { - my ($intf, $group, $vip) = @_; + my ($intf, $group) = @_; my $file = VyattaKeepalived::get_master_file($intf, $group); if ( -f $file) { @@ -113,18 +113,27 @@ sub vrrp_show { VyattaKeepalived::vrrp_state_parse($file); my $link = link_updown($intf); if ($state eq "master" || $state eq "backup" || $state eq "fault") { - my ($primary_addr, $vip, $priority, $preempt, $advert_int, $auth_type) = - VyattaKeepalived::vrrp_get_config($intf, $group); + my ($primary_addr, $priority, $preempt, $advert_int, $auth_type, + @vips) = VyattaKeepalived::vrrp_get_config($intf, $group); print "Physical interface: $intf, Address $primary_addr\n"; print " Interface state: $link, Group $group, State: $state\n"; print " Priority: $priority, Advertisement interval: $advert_int, "; print "Authentication type: $auth_type\n"; - print " Preempt: $preempt, VIP count: 1, VIP: $vip\n"; + my $vip_count = scalar(@vips); + my $string = " Preempt: $preempt, VIP count: $vip_count, VIP: "; + my $strlen = length($string); + print $string; + foreach my $vip (@vips) { + if ($vip_count != scalar(@vips)) { + print " " x $strlen; + } + print "$vip\n"; + $vip_count--; + } if ($state eq "master") { print " Master router: $primary_addr\n"; } elsif ($state eq "backup") { - my ($master_rtr, $master_prio) = get_master_info($intf, - $group, $vip); + my ($master_rtr, $master_prio) = get_master_info($intf, $group); print " Master router: $master_rtr, "; print "Master Priority: $master_prio\n"; } diff --git a/templates/interfaces/ethernet/node.tag/vrrp/advertise-interval/node.def b/templates/interfaces/ethernet/node.tag/vrrp/advertise-interval/node.def deleted file mode 100644 index edfbc3a4..00000000 --- a/templates/interfaces/ethernet/node.tag/vrrp/advertise-interval/node.def +++ /dev/null @@ -1,4 +0,0 @@ -type: u32 -default: 1 -help: "Configure advertise interval" -syntax: $(@) > 0 && $(@) <=255; "Advertise interval must be between 1-255" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/authentication/node.def b/templates/interfaces/ethernet/node.tag/vrrp/authentication/node.def deleted file mode 100644 index e3120d51..00000000 --- a/templates/interfaces/ethernet/node.tag/vrrp/authentication/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: "Configure authentication" -commit: $(./type/@) != ""; "You must set a authentication type" -commit: $(./password/@) != ""; "You must set a authentication password" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/authentication/password/node.def b/templates/interfaces/ethernet/node.tag/vrrp/authentication/password/node.def deleted file mode 100644 index 87855962..00000000 --- a/templates/interfaces/ethernet/node.tag/vrrp/authentication/password/node.def +++ /dev/null @@ -1,2 +0,0 @@ -type: txt -help: "Password text" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/authentication/type/node.def b/templates/interfaces/ethernet/node.tag/vrrp/authentication/type/node.def deleted file mode 100644 index 72e53f4b..00000000 --- a/templates/interfaces/ethernet/node.tag/vrrp/authentication/type/node.def +++ /dev/null @@ -1,3 +0,0 @@ -type: txt -help: "Authentication type PASS|AH" -syntax: $(@) in "PASS", "pass", "AH", "ah"; "authentication must be PASS or AH" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/node.def b/templates/interfaces/ethernet/node.tag/vrrp/node.def index de3253a5..2c8cc58a 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/node.def @@ -1,5 +1,3 @@ help: "Configure VRRP" commit: $(../address/) != ""; "Must define a primary IP address on $(../@)" -commit: $(virtual-address/) != ""; "Must define the virtual-address for vrrp-group $(../vrrp-group/@)" end: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action update --intf $(../@) " - diff --git a/templates/interfaces/ethernet/node.tag/vrrp/preempt/node.def b/templates/interfaces/ethernet/node.tag/vrrp/preempt/node.def deleted file mode 100644 index a9869373..00000000 --- a/templates/interfaces/ethernet/node.tag/vrrp/preempt/node.def +++ /dev/null @@ -1,4 +0,0 @@ -type: txt -help: "Preempt (true or false)" -default: "true" -syntax: $(@) in "true", "false"; "preempt must be true or false" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/priority/node.def b/templates/interfaces/ethernet/node.tag/vrrp/priority/node.def deleted file mode 100644 index 3f7aacbf..00000000 --- a/templates/interfaces/ethernet/node.tag/vrrp/priority/node.def +++ /dev/null @@ -1,3 +0,0 @@ -type: u32 -syntax: $(@) >= 0 &&$(@) <= 255; "priority must be between 1-255" -help: "Priority" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/virtual-address/node.def b/templates/interfaces/ethernet/node.tag/vrrp/virtual-address/node.def deleted file mode 100644 index badf657e..00000000 --- a/templates/interfaces/ethernet/node.tag/vrrp/virtual-address/node.def +++ /dev/null @@ -1,2 +0,0 @@ -type: ipv4 -help: "Configure virtual address" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def index fe9690d8..d2f231e7 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def @@ -1,4 +1,6 @@ +tag: type: u32 syntax: $(@) >= 0 && $(@) <= 255; "VRRP group must be between 1-255" +commit: $(virtual-address/) != ""; "Must define the virtual-address for vrrp-group $(@)" help: "Configure VRRP group number" -delete: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action delete --intf $(../../@) --group $(@) " +delete: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action delete --intf $(../../../@) --group $(@) " diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def new file mode 100644 index 00000000..edfbc3a4 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def @@ -0,0 +1,4 @@ +type: u32 +default: 1 +help: "Configure advertise interval" +syntax: $(@) > 0 && $(@) <=255; "Advertise interval must be between 1-255" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def new file mode 100644 index 00000000..e3120d51 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def @@ -0,0 +1,3 @@ +help: "Configure authentication" +commit: $(./type/@) != ""; "You must set a authentication type" +commit: $(./password/@) != ""; "You must set a authentication password" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def new file mode 100644 index 00000000..87855962 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def @@ -0,0 +1,2 @@ +type: txt +help: "Password text" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def new file mode 100644 index 00000000..72e53f4b --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def @@ -0,0 +1,3 @@ +type: txt +help: "Authentication type PASS|AH" +syntax: $(@) in "PASS", "pass", "AH", "ah"; "authentication must be PASS or AH" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/node.def new file mode 100644 index 00000000..a4f3c074 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/node.def @@ -0,0 +1 @@ +help: "VRRP configuration for this VRRP group" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def new file mode 100644 index 00000000..a9869373 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def @@ -0,0 +1,4 @@ +type: txt +help: "Preempt (true or false)" +default: "true" +syntax: $(@) in "true", "false"; "preempt must be true or false" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/priority/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/priority/node.def new file mode 100644 index 00000000..3f7aacbf --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/priority/node.def @@ -0,0 +1,3 @@ +type: u32 +syntax: $(@) >= 0 &&$(@) <= 255; "priority must be between 1-255" +help: "Priority" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def new file mode 100644 index 00000000..bcf9392f --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def @@ -0,0 +1,3 @@ +multi: +type: ipv4 +help: "Configure virtual address" -- cgit v1.2.3 From c30fc4752c878c12255101aa928c64f7a3511020 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Tue, 18 Dec 2007 10:50:21 -0800 Subject: Fix delete vrrp node (we really need symbolic names rather than relative path). --- templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def index d2f231e7..dfb9c6a2 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def @@ -3,4 +3,4 @@ type: u32 syntax: $(@) >= 0 && $(@) <= 255; "VRRP group must be between 1-255" commit: $(virtual-address/) != ""; "Must define the virtual-address for vrrp-group $(@)" help: "Configure VRRP group number" -delete: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action delete --intf $(../../../@) --group $(@) " +delete: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action delete --intf $(../../@) --group $(@) " -- cgit v1.2.3