summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Larson <slioch@slioch.vyatta.com>2010-06-21 11:09:51 -0700
committerMichael Larson <slioch@slioch.vyatta.com>2010-06-21 11:09:51 -0700
commitd801c05f63b0b16f485b176db64e3147ad7d3086 (patch)
tree9829f0bf340a55986aa6d11f1b1d8d5334306abd
parent6d59b5077ef1834379a950437b01d15d687c7a53 (diff)
parent7369bf61abd3eed1fdd17a56908cf2c0ffc9843f (diff)
downloadvyatta-cfg-system-d801c05f63b0b16f485b176db64e3147ad7d3086.tar.gz
vyatta-cfg-system-d801c05f63b0b16f485b176db64e3147ad7d3086.zip
Merge branch 'larkspur' of http://git.vyatta.com/vyatta-cfg-system into larkspur
-rw-r--r--Makefile.am3
-rw-r--r--debian/changelog137
-rw-r--r--debian/control1
-rw-r--r--debian/vyatta-cfg-system.postinst.in12
-rw-r--r--lib/Vyatta/Login/RadiusServer.pm29
-rwxr-xr-xlib/Vyatta/Login/User.pm2
-rwxr-xr-xscripts/install-system27
-rwxr-xr-xscripts/install/install-image33
-rwxr-xr-xscripts/install/install-image-existing51
-rwxr-xr-xscripts/install/install-image-new31
-rwxr-xr-xscripts/install/install-postinst-new6
-rwxr-xr-xscripts/keepalived/vyatta-keepalived.pl805
-rwxr-xr-xscripts/rl-system.init4
-rw-r--r--scripts/snmp/vyatta-snmp.pl117
-rwxr-xr-xscripts/system/vyatta_update_resolv.pl32
-rw-r--r--scripts/vyatta-dhcpv6-client.pl157
-rwxr-xr-xscripts/vyatta-interfaces.pl24
-rw-r--r--sysconf/capability.conf10
-rw-r--r--sysconf/filecaps26
-rw-r--r--templates/interfaces/bonding/node.def6
-rw-r--r--templates/interfaces/bonding/node.tag/bridge-group/node.def16
-rw-r--r--templates/interfaces/bonding/node.tag/disable/node.def4
-rw-r--r--templates/interfaces/bonding/node.tag/mtu/node.def4
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.def6
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/node.def16
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def4
-rw-r--r--templates/interfaces/bridge/node.def12
-rw-r--r--templates/interfaces/bridge/node.tag/aging/node.def4
-rw-r--r--templates/interfaces/bridge/node.tag/disable/node.def4
-rw-r--r--templates/interfaces/bridge/node.tag/forwarding-delay/node.def2
-rw-r--r--templates/interfaces/bridge/node.tag/hello-time/node.def4
-rw-r--r--templates/interfaces/bridge/node.tag/max-age/node.def4
-rw-r--r--templates/interfaces/bridge/node.tag/priority/node.def4
-rw-r--r--templates/interfaces/bridge/node.tag/stp/node.def12
-rw-r--r--templates/interfaces/ethernet/node.def8
-rw-r--r--templates/interfaces/ethernet/node.tag/address/node.def43
-rw-r--r--templates/interfaces/ethernet/node.tag/bridge-group/node.def16
-rw-r--r--templates/interfaces/ethernet/node.tag/dhcpv6-options/node.def49
-rw-r--r--templates/interfaces/ethernet/node.tag/dhcpv6-options/parameters-only/node.def3
-rw-r--r--templates/interfaces/ethernet/node.tag/dhcpv6-options/temporary/node.def3
-rw-r--r--templates/interfaces/ethernet/node.tag/disable/node.def4
-rw-r--r--templates/interfaces/ethernet/node.tag/mtu/node.def4
-rw-r--r--templates/interfaces/ethernet/node.tag/vif/node.def6
-rw-r--r--templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def16
-rw-r--r--templates/interfaces/ethernet/node.tag/vif/node.tag/disable/node.def4
-rw-r--r--templates/interfaces/ethernet/node.tag/vif/node.tag/ip/enable-proxy-arp/node.def3
-rw-r--r--templates/interfaces/input/node.def7
-rw-r--r--templates/interfaces/loopback/node.def5
-rw-r--r--templates/interfaces/pseudo-ethernet/node.def10
-rw-r--r--templates/interfaces/pseudo-ethernet/node.tag/disable/node.def4
-rw-r--r--templates/interfaces/tunnel/node.def41
-rw-r--r--templates/interfaces/tunnel/node.tag/bridge-group/bridge/node.def16
-rw-r--r--templates/interfaces/tunnel/node.tag/bridge-group/cost/node.def9
-rw-r--r--templates/interfaces/tunnel/node.tag/bridge-group/node.def1
-rw-r--r--templates/interfaces/tunnel/node.tag/bridge-group/priority/node.def8
-rw-r--r--templates/interfaces/tunnel/node.tag/disable/node.def6
-rw-r--r--templates/interfaces/tunnel/node.tag/encapsulation/node.def6
-rw-r--r--templates/interfaces/tunnel/node.tag/key/node.def2
-rw-r--r--templates/interfaces/tunnel/node.tag/mtu/node.def4
-rw-r--r--templates/interfaces/tunnel/node.tag/tos/node.def4
-rw-r--r--templates/interfaces/tunnel/node.tag/ttl/node.def8
-rw-r--r--templates/service/snmp/community/node.tag/client/node.def2
-rw-r--r--templates/service/snmp/community/node.tag/network/node.def2
-rw-r--r--templates/service/snmp/listen-address/node.def3
-rw-r--r--templates/service/snmp/listen-address/node.tag/port/node.def3
-rw-r--r--templates/service/snmp/node.def3
-rw-r--r--templates/service/snmp/trap-source/node.def2
-rw-r--r--templates/service/snmp/trap-target/node.def4
-rw-r--r--templates/system/domain-name/node.def4
69 files changed, 1317 insertions, 605 deletions
diff --git a/Makefile.am b/Makefile.am
index ac8374a3..3157173c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -56,6 +56,7 @@ sbin_SCRIPTS += scripts/install/install-image-existing
sbin_SCRIPTS += scripts/install/install-postinst-new
sbin_SCRIPTS += scripts/install/install-image
sbin_SCRIPTS += scripts/vyatta-bridgegroup-depedency.pl
+sbin_SCRIPTS += scripts/vyatta-dhcpv6-client.pl
share_perl5_DATA = lib/Vyatta/Login/User.pm
share_perl5_DATA += lib/Vyatta/Login/RadiusServer.pm
@@ -79,6 +80,8 @@ sysconf_DATA += sysconf/blacklist.DSA-1024
sysconf_DATA += sysconf/blacklist.RSA-2048
sysconf_DATA += sysconf/level
sysconf_DATA += sysconf/pam_radius.cfg
+sysconf_DATA += sysconf/filecaps
+sysconf_DATA += sysconf/capability.conf
libudev_SCRIPTS = scripts/vyatta_net_name
etcudev_DATA = sysconf/vyatta-net.rules
diff --git a/debian/changelog b/debian/changelog
index e64453c1..da82d0f9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,140 @@
+vyatta-cfg-system (0.17.55) unstable; urgency=low
+
+ * initial support for gre-bridge tunnels.
+
+ -- Robert Bays <rbays@roatan> Thu, 17 Jun 2010 23:33:45 -0700
+
+vyatta-cfg-system (0.17.54) unstable; urgency=low
+
+ * Remove sudo from ip command
+ * Remove unnecessary :expression: syntax
+ * Remove sudo from brctl
+ * Remove capability from ping
+ * Don't need audit write on vbash
+
+ -- Stephen Hemminger <stephen.hemminger@vyatta.com> Thu, 17 Jun 2010 14:46:35 -0700
+
+vyatta-cfg-system (0.17.53) unstable; urgency=low
+
+ * * make vrrp work with conntrack-sync
+ * * perltidy vyatta-keepalived.pl
+
+ -- Mohit Mehta <mohit.mehta@vyatta.com> Wed, 09 Jun 2010 15:01:47 -0700
+
+vyatta-cfg-system (0.17.52) unstable; urgency=low
+
+ * Add skip option to vyatta-interfaces
+
+ -- Stephen Hemminger <stephen.hemminger@vyatta.com> Mon, 07 Jun 2010 16:28:13 -0700
+
+vyatta-cfg-system (0.17.51) unstable; urgency=low
+
+ * Using "send dhcp6.oro" is no longer required in config file.
+
+ -- Bob Gilligan <gilligan@vyatta.com> Sun, 30 May 2010 07:14:32 -0700
+
+vyatta-cfg-system (0.17.50) unstable; urgency=low
+
+ * Fix use of bareword file handles
+ * Set file capability attributes
+ * Add pam_cap capability configuration
+
+ -- Stephen Hemminger <stephen.hemminger@vyatta.com> Fri, 04 Jun 2010 14:10:09 -0700
+
+vyatta-cfg-system (0.17.49) unstable; urgency=low
+
+ * move list functions to vrrp perl module so other scripts can use it
+ as well
+
+ -- Mohit Mehta <mohit.mehta@vyatta.com> Thu, 03 Jun 2010 16:32:05 -0700
+
+vyatta-cfg-system (0.17.48) unstable; urgency=low
+
+ * fix for bug 5656
+
+ -- An-Cheng Huang <ancheng@vyatta.com> Thu, 03 Jun 2010 14:55:46 -0700
+
+vyatta-cfg-system (0.17.47) unstable; urgency=low
+
+ * Fix 5521: Cannot Delete vif with vrrp configured.
+
+ -- Stig Thormodsrud <stig@vyatta.com> Tue, 01 Jun 2010 15:24:45 -0700
+
+vyatta-cfg-system (0.17.46) unstable; urgency=low
+
+ * Move DHCPv6 client configuration to this package and restructre
+ parameters.
+
+ -- Bob Gilligan <gilligan@vyatta.com> Wed, 26 May 2010 16:12:45 -0700
+
+vyatta-cfg-system (0.17.45) unstable; urgency=low
+
+ * Don't enable PAM Radius by default
+
+ -- Stephen Hemminger <stephen.hemminger@vyatta.com> Mon, 24 May 2010 10:46:08 -0700
+
+vyatta-cfg-system (0.17.44) unstable; urgency=low
+
+ * don't start conntrackd itself
+
+ -- Mohit Mehta <mohit.mehta@vyatta.com> Thu, 20 May 2010 19:29:10 -0700
+
+vyatta-cfg-system (0.17.43) unstable; urgency=low
+
+ * Add enable-proxy-arp to vif interface.
+
+ -- Stig Thormodsrud <stig@vyatta.com> Wed, 19 May 2010 20:16:12 -0700
+
+vyatta-cfg-system (0.17.42) unstable; urgency=low
+
+ * Change SNMP community handling
+ * Fix syntax of default listen address
+
+ -- Stephen Hemminger <stephen.hemminger@vyatta.com> Fri, 14 May 2010 11:01:48 -0700
+
+vyatta-cfg-system (0.17.41) unstable; urgency=low
+
+ * Revert "Snmp Ipv6 support"
+ * Better version of SNMP IPv6 support
+ * Allow configuring/restricting SNMP listen address
+
+ -- Stephen Hemminger <stephen.hemminger@vyatta.com> Wed, 12 May 2010 21:02:35 -0700
+
+vyatta-cfg-system (0.17.40) unstable; urgency=low
+
+ * Snmp Ipv6 support
+ * Show progress bar when copying filesystem
+
+ -- Stephen Hemminger <stephen.hemminger@vyatta.com> Wed, 12 May 2010 14:34:54 -0700
+
+vyatta-cfg-system (0.17.39) unstable; urgency=low
+
+ * Preserve file capablities and attributes during install-system
+ * Preserve file attributes of root files
+
+ -- Stephen Hemminger <stephen.hemminger@vyatta.com> Fri, 07 May 2010 15:25:22 -0700
+
+vyatta-cfg-system (0.17.38) unstable; urgency=low
+
+ * Add code to check digital signature of image files.
+
+ -- Bob Gilligan <gilligan@vyatta.com> Mon, 03 May 2010 17:21:10 -0700
+
+vyatta-cfg-system (0.17.37) unstable; urgency=low
+
+ * Allow user to name system images when installing them.
+
+ -- Bob Gilligan <gilligan@vyatta.com> Fri, 30 Apr 2010 15:48:57 -0700
+
+vyatta-cfg-system (0.17.36) unstable; urgency=low
+
+ * Ignore comments in level file
+ * Set capabilities on standard utilities
+ * Make interface help completion strings consistent
+ * Revert "Set capabilities on standard utilities"
+
+ -- Stephen Hemminger <stephen.hemminger@vyatta.com> Tue, 27 Apr 2010 15:27:49 -0700
+
vyatta-cfg-system (0.17.35) unstable; urgency=low
* Configure IFB devices earlier in boot
diff --git a/debian/control b/debian/control
index c1d19a95..6c169390 100644
--- a/debian/control
+++ b/debian/control
@@ -47,6 +47,7 @@ Depends: acpid,
vyatta-biosdevname,
ipvsadm (>= 1:1.24-2.1),
radvd (>= 1:1.1-3),
+ apt-transport-https,
hostapd (>= 1:0.6.9-3)
Pre-Depends: bash-completion
Suggests: util-linux (>= 2.13-5),
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index b2719bc5..dee13d4f 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -8,7 +8,7 @@ sbindir=@sbindir@
# remove init of daemons that are controlled by Vyatta configuration process
for init in ntp ssh snmpd openhpid \
- vyatta-keepalived ipvsadm dnsmasq ddclient radvd hostapd
+ vyatta-keepalived ipvsadm dnsmasq ddclient radvd hostapd conntrackd
do
update-rc.d -f ${init} remove >/dev/null
done
@@ -132,10 +132,14 @@ EOF
fi
done
- # Install pamradius config (should come with radius client eventually)
- cp $sysconfdir/pam_radius.cfg /usr/share/pam-configs/radius
-
cp $sysconfdir/vyatta-sysctl.conf /etc/sysctl.d/30-vyatta-router.conf
+
+ # Set file capabilities
+ sed -r -e '/^#/d' -e '/^[[:blank:]]*$/d' <$sysconfdir/filecaps \
+ | xargs -i sh -c "setcap {}"
+
+ # Install pam_cap config
+ cp $sysconfdir/capability.conf /etc/security/capability.conf
fi
# create needed directories
diff --git a/lib/Vyatta/Login/RadiusServer.pm b/lib/Vyatta/Login/RadiusServer.pm
index d60f2baa..0de9bd28 100644
--- a/lib/Vyatta/Login/RadiusServer.pm
+++ b/lib/Vyatta/Login/RadiusServer.pm
@@ -20,18 +20,30 @@ use warnings;
use lib "/opt/vyatta/share/perl5";
use Vyatta::Config;
use File::Compare;
+use File::Copy;
my $PAM_RAD_CFG = '/etc/pam_radius_auth.conf';
my $PAM_RAD_TMP = "/tmp/pam_radius_auth.$$";
+my $PAM_RAD_AUTH = "/usr/share/pam-configs/radius";
+my $PAM_RAD_SYSCONF = "/opt/vyatta/etc/pam_radius.cfg";
+
sub remove_pam_radius {
- return system("sudo DEBIAN_FRONTEND=noninteractive"
- . " pam-auth-update --remove radius") == 0;
+ system("DEBIAN_FRONTEND=noninteractive " .
+ " pam-auth-update --package --remove radius") == 0
+ or die "pam-auth-update remove failed";
+
+ unlink($PAM_RAD_AUTH)
+ or die "Can't remove $PAM_RAD_AUTH";
}
sub add_pam_radius {
- return system("sudo DEBIAN_FRONTEND=noninteractive"
- . " pam-auth-update radius") == 0;
+ copy($PAM_RAD_SYSCONF,$PAM_RAD_AUTH)
+ or die "Can't copy $PAM_RAD_SYSCONF to $PAM_RAD_AUTH";
+
+ system("DEBIAN_FRONTEND=noninteractive " .
+ "pam-auth-update --package radius") == 0
+ or die "pam-auth-update add failed"
}
sub update {
@@ -58,16 +70,15 @@ sub update {
close($cfg);
if ( compare( $PAM_RAD_CFG, $PAM_RAD_TMP ) != 0 ) {
- system("sudo cp $PAM_RAD_TMP $PAM_RAD_CFG") == 0
+ copy ($PAM_RAD_TMP, $PAM_RAD_CFG)
or die "Copy of $PAM_RAD_TMP to $PAM_RAD_CFG failed";
}
unlink($PAM_RAD_TMP);
if ( $count > 0 ) {
- exit 1 unless add_pam_radius();
- }
- else {
- exit 1 unless remove_pam_radius();
+ add_pam_radius();
+ } else {
+ remove_pam_radius();
}
}
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index 419a882d..fa0cca7d 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -47,7 +47,9 @@ sub _level_groups {
while (<$f>) {
chomp;
+ # Ignore blank lines and comments
next unless $_;
+ next if /^#/;
my ( $l, $g ) = split /:/;
if ( $l eq $level ) {
diff --git a/scripts/install-system b/scripts/install-system
index d17f0c2e..4f92ca37 100755
--- a/scripts/install-system
+++ b/scripts/install-system
@@ -890,6 +890,23 @@ create_partitions() {
fi
}
+# Copy directory with pretty progress bar
+copy_filesystem() {
+ cp -r -v --preserve=all "$@" | awk '{
+ ++files
+ if ((files % 10) == 0) {
+ percent = files / total_files * 100
+ printf "%3d%% [", percent
+ for (i=0;i<percent; i+=2)
+ printf "="
+ printf ">"
+ for (;i<100;i+=2)
+ printf " "
+ printf "]\r"
+ }
+ }' total_files=$(find "$@" | wc -l)
+}
+
# Install the root filesystem
# $1 is the partition to install on
install_root_filesystem () {
@@ -914,8 +931,7 @@ install_root_filesystem () {
fi
if [ -z $UNION ]; then
- echo -n "Copying system image files to /dev/$ROOT_PARTITION: "
- progress_indicator start
+ echo "Copying system files to /dev/$ROOT_PARTITION: "
# Mount the squashfs for copying
output=$(mkdir -p /mnt/squashfs)
if [ -f /live/image/live/filesystem.squashfs ]; then
@@ -936,12 +952,13 @@ install_root_filesystem () {
exit 1
fi
- output=$(cp -pR /mnt/squashfs/* $rootfsdir/)
+ echo "Copying /mnt/squashfs/* to $rootfsddir" >>$INSTALL_LOG
+ copy_filesystem /mnt/squashfs/* $rootfsdir 2>>$INSTALL_LOG
status=$?
-
+ echo
+
if [ "$status" != 0 ]; then
echo -e "Error trying to copy the rootfs.\nPlease see install log for more details.\nExiting..."
- echo -e "Error trying to copy the rootfs.\ncp -pR /mnt/squashfs/* $rootfsdir/\n$output" >> $INSTALL_LOG
exit 1
fi
diff --git a/scripts/install/install-image b/scripts/install/install-image
index 607dcc98..c4bf3800 100755
--- a/scripts/install/install-image
+++ b/scripts/install/install-image
@@ -69,6 +69,39 @@ fetch_iso_by_url ()
fi
echo "ISO download suceeded."
+
+ echo "Checking for digital signature file..."
+ curl -f -o ${filename}.asc ${NEW_ISO}.asc
+ if [ $? -ne 0 ]; then
+ echo "Unable to fetch digital signature file."
+ echo -n "Do you want to continue without signature check? (yes/no) [yes] "
+
+ response=$(get_response "Yes" "Yes No Y N")
+ if [ "$response" == "no" ] || [ "$response" == "n" ]; then
+ fail_exit 'OK. Installation will not be performed.'
+ fi
+
+ # In case signature file was partially downloaded...
+ rm -f ${filename}.asc
+ fi
+
+ if [ -e ${filename}.asc ]; then
+ echo "Found it. Checking digital signature..."
+ gpg --keyring /etc/apt/trusted.gpg --verify ${filename}.asc
+ if [ $? -ne 0 ]; then
+ echo "Signature check FAILED."
+ echo -n "Do you want to continue anyway? (yes/no) [no] "
+ response=$(get_response "Yes" "Yes No Y N")
+ if [ "$response" == "no" ] || [ "$response" == "n" ]; then
+ fail_exit 'OK. Installation will not be performed.'
+ fi
+
+ echo "OK. Proceding with installation anyway."
+ else
+ echo "Digital signature is valid."
+ fi
+ fi
+
NEW_ISO=$filename
}
diff --git a/scripts/install/install-image-existing b/scripts/install/install-image-existing
index ce0e502d..e8f723a0 100755
--- a/scripts/install/install-image-existing
+++ b/scripts/install/install-image-existing
@@ -54,16 +54,27 @@ fi
# get new version string. this is from the squashfs image.
NEWVER=`dpkg -l --root=${CD_SQUASH_ROOT} | grep "^.. vyatta-version " | awk '{print $3}'`
+NEWNAME=$NEWVER
-if [ -z "$NEWVER" ]; then
- failure_exit 'Cannot find new release version.'
+echo -n "What would you like to name this image? [$NEWNAME]: "
+read response
+if [ -n "$response" ]; then
+ NEWNAME=$response
fi
-if [ "$CURVER" == "$NEWVER" ]; then
- echo "Image version $NEWVER is the same as the running system."
- echo "Cannot install the same release version as the running system."
- exit 1
+
+# Validate image name
+if [ "$NEWNAME" = "grub" -o "${NEWNAME:0:7}" = "vmlinuz" -o \
+ "${NEWNAME:0:6}" = "initrd" -o "${NEWNAME:0:10}" = "System.map" -o \
+ "$NEWNAME" = "Old-non-image-installation" ]; then
+ echo "Can't use $NEWNAME. It is a reserved image name."
+ exit 1;
+fi
+
+if [ -z "$NEWNAME" ]; then
+ failure_exit 'Invalid image name.'
fi
+echo "OK. This image will be named: $NEWNAME"
# this is the default if current install is union
BOOT_DIR=/live/image/boot
@@ -74,24 +85,30 @@ elif [ "$CUR_INSTALL" != 'union' ]; then
exit 1
fi
-if [ -d $BOOT_DIR/$NEWVER ]; then
- echo "Version $NEWVER is already installed on this system."
+if [ -d $BOOT_DIR/$NEWNAME ]; then
+ if [ "$CURVER" = "$NEWNAME" ]; then
+ echo "$NEWNAME is the image you are currently running. Can't"
+ echo "Re-install over the running image."
+ exit 1
+ fi
+
+ echo "An image named $NEWNAME is already installed on this system."
echo "Proceeding with this installation will delete this copy of"
- echo "$NEWVER and replace it with a new copy."
+ echo "$NEWNAME and replace it with a new copy."
echo -n "Do you want to replace it? (Yes/No) [No]: "
resp=$(get_response "No" "Yes No Y N")
if [ "$resp" != 'yes' ] && [ "$resp" != 'y' ]; then
- echo "OK. Will not replace $NEWVER"
+ echo "OK. Will not replace $NEWNAME"
echo "Exiting..."
exit 1
fi
fi
# start the install
-echo "Installing \"$NEWVER\" release."
+echo "Installing \"$NEWNAME\" image."
# create the new release directories
-REL_ROOT=$BOOT_DIR/$NEWVER
+REL_ROOT=$BOOT_DIR/$NEWNAME
RW_DIR="$REL_ROOT/live-rw"
if ! mkdir -p "$RW_DIR"; then
failure_exit 'Cannot create directory for new release.'
@@ -108,7 +125,7 @@ if [ ! -f "$squash_img" ] || [ -z "$boot_files" ]; then
fi
target_squash=$REL_ROOT/$NEWVER.squashfs
cp -p $squash_img $target_squash >&/dev/null
-cp -dp $boot_files $REL_ROOT/ >&/dev/null
+cp --no-dereference --preserve=all $boot_files $REL_ROOT/ >&/dev/null
# mount copied squashfs
if ! try_mount "-o loop,ro $target_squash $READ_ROOT"; then
@@ -163,10 +180,16 @@ if [ -e "$DEF_GRUB" ]; then
echo "Setting up grub configuration..."
new_index=$(get_grub_index)
+ def_grub_vers=/tmp/def_grub.$$
+ cp $DEF_GRUB $def_grub_vers
+ sed -i "s/menuentry \"Vyatta.*(/menuentry \"Vyatta image $NEWNAME (/" $def_grub_vers
+ sed -i "s/menuentry \"Lost password change.*(/menuentry \"Lost password change $NEWNAME (/" $def_grub_vers
+ sed -i "sX/boot/[A-Za-z0-9\.\-]*X/boot/${NEWNAME}Xg" $def_grub_vers
+
old_grub_cfg=$BOOT_DIR/grub/grub.cfg
new_grub_cfg=/tmp/grub.cfg.$$
sed -n '/^menuentry/q;p' $old_grub_cfg >$new_grub_cfg
- cat $DEF_GRUB >>$new_grub_cfg
+ cat $def_grub_vers >> $new_grub_cfg
sed -n '/^menuentry/,${p}' $old_grub_cfg >>$new_grub_cfg
sed -i "s/^set default=[0-9]\+$/set default=$new_index/" $new_grub_cfg
mv $new_grub_cfg $old_grub_cfg
diff --git a/scripts/install/install-image-new b/scripts/install/install-image-new
index 7294fc35..5726fa03 100755
--- a/scripts/install/install-image-new
+++ b/scripts/install/install-image-new
@@ -24,15 +24,36 @@ if ! try_mount "/dev/$ROOT_PARTITION $WRITE_ROOT"; then
fi
version=$(get_new_version)
-if [ -z "$version" ]; then
+image_name=$version
+if [ -z "$image_name" ]; then
echo 'Cannot find new version. Exiting...'
exit 1
fi
+echo -n "What would you like to name this image? [$image_name]: "
+read response
+if [ -n "$response" ]; then
+ image_name=$response
+fi
+
+# Validate image name
+if [ "$image_name" = "grub" -o "${image_name:0:7}" = "vmlinuz" -o \
+ "${image_name:0:6}" = "initrd" -o "${image_name:0:10}" = "System.map" -o \
+ "$image_name" = "Old-non-image-installation" ]; then
+ echo "Can't use $image_name. It is a reserved image name."
+ exit 1;
+fi
+
+if [ -z "$image_name" ]; then
+ failure_exit 'Invalid image name.'
+fi
+
+echo "OK. This image will be named: $image_name"
+
# make the dir for the new version
-mkdir -p $WRITE_ROOT/boot/$version
+mkdir -p $WRITE_ROOT/boot/$image_name
# make dir for backing store
-rw_dir=$WRITE_ROOT/boot/$version/live-rw
+rw_dir=$WRITE_ROOT/boot/$image_name/live-rw
mkdir -p $rw_dir
echo Copying squashfs image...
@@ -53,10 +74,10 @@ if [ ! -f "$squash_img" ] || [ -z "$boot_files" ]; then
fi
fi
-target_squash=$WRITE_ROOT/boot/$version/$version.squashfs
+target_squash=$WRITE_ROOT/boot/$image_name/$version.squashfs
cp -p $squash_img $target_squash
echo Copying kernel and initrd images...
-cp -dp $boot_files $WRITE_ROOT/boot/$version/
+cp -dp $boot_files $WRITE_ROOT/boot/$image_name/
# set up union root for postinst
mkdir -p $INST_ROOT $READ_ROOT
diff --git a/scripts/install/install-postinst-new b/scripts/install/install-postinst-new
index 65c6cd7f..c96f5657 100755
--- a/scripts/install/install-postinst-new
+++ b/scripts/install/install-postinst-new
@@ -133,9 +133,13 @@ if [ -z "$version" ]; then
exit 1
fi
+array=( $WRITE_ROOT/boot/* )
+image_name=${array[0]}
+image_name=${image_name#$WRITE_ROOT/boot/}
+
# these are the defaults for "union"
grub_root=$WRITE_ROOT
-grub_setup_args="-u $version"
+grub_setup_args="-u $image_name"
if [ "$INSTALL_TYPE" == 'old' ]; then
grub_root=$INST_ROOT
grub_setup_args="-v $version"
diff --git a/scripts/keepalived/vyatta-keepalived.pl b/scripts/keepalived/vyatta-keepalived.pl
index e87c9f64..d06b9e36 100755
--- a/scripts/keepalived/vyatta-keepalived.pl
+++ b/scripts/keepalived/vyatta-keepalived.pl
@@ -1,12 +1,12 @@
#!/usr/bin/perl
#
# Module: vyatta-keepalived.pl
-#
+#
# **** License ****
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
-#
+#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
@@ -15,11 +15,11 @@
# This code was originally developed by Vyatta, Inc.
# Portions created by Vyatta are Copyright (C) 2007-2009 Vyatta, Inc.
# All Rights Reserved.
-#
+#
# Author: Stig Thormodsrud
# Date: October 2007
# Description: Script to glue vyatta cli to keepalived daemon
-#
+#
# **** End License ****
#
@@ -28,445 +28,506 @@ use Vyatta::Config;
use Vyatta::Keepalived;
use Vyatta::TypeChecker;
use Vyatta::Interface;
+use Vyatta::ConntrackSync;
use Vyatta::Misc;
use Getopt::Long;
use strict;
use warnings;
-my ($action, $vrrp_intf, $vrrp_group, $vrrp_vip);
-my ($conf_file, $changes_file);
+my ( $action, $vrrp_intf, $vrrp_group, $vrrp_vip, $ctsync );
+my ( $conf_file, $changes_file );
my %HoA_sync_groups;
+my $ctsync_script = "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh";
sub validate_source_addr {
- my ($ifname, $source_addr) = @_;
-
- my @ipaddrs;
- if (defined $source_addr) {
- my %config_ipaddrs;
- my @ipaddrs = Vyatta::Misc::getInterfacesIPadresses('all');
- foreach my $ip (@ipaddrs) {
- if ($ip =~ /^([\d.]+)\/([\d.]+)$/) { # strip /mask
- $config_ipaddrs{$1} = 1;
- }
- }
- if (!defined $config_ipaddrs{$source_addr}) {
- vrrp_log("no hello-source");
- return "hello-source-address [$source_addr] must be " .
- "configured on the interface\n";
- }
- return;
+ my ( $ifname, $source_addr ) = @_;
+
+ my @ipaddrs;
+ if ( defined $source_addr ) {
+ my %config_ipaddrs;
+ my @ipaddrs = Vyatta::Misc::getInterfacesIPadresses('all');
+ foreach my $ip (@ipaddrs) {
+ if ( $ip =~ /^([\d.]+)\/([\d.]+)$/ ) { # strip /mask
+ $config_ipaddrs{$1} = 1;
+ }
}
- # if the hello-source-address wasn't configured, check that the
- # interface has an IPv4 address configured on it.
- my $intf = new Vyatta::Interface($ifname);
- @ipaddrs = $intf->address(4);
- if (scalar(@ipaddrs) < 1) {
- vrrp_log("no primary or hello-source");
- return "must configure either a primary address on [$ifname] or" .
- " a hello-source-address\n";
+ if ( !defined $config_ipaddrs{$source_addr} ) {
+ vrrp_log("no hello-source");
+ return "hello-source-address [$source_addr] must be "
+ . "configured on the interface\n";
}
return;
+ }
+
+ # if the hello-source-address wasn't configured, check that the
+ # interface has an IPv4 address configured on it.
+ my $intf = new Vyatta::Interface($ifname);
+ @ipaddrs = $intf->address(4);
+ if ( scalar(@ipaddrs) < 1 ) {
+ vrrp_log("no primary or hello-source");
+ return "must configure either a primary address on [$ifname] or"
+ . " a hello-source-address\n";
+ }
+ return;
+}
+
+sub get_ctsync_syncgrp {
+ my ($origfunc) = @_;
+ my $failover_sync_grp = undef;
+
+ my $listnodesfunc = "listNodes";
+ my $returnvalfunc = "returnValue";
+ if ( defined $origfunc ) {
+ $listnodesfunc = "listOrigNodes";
+ $returnvalfunc = "returnOrigValue";
+ }
+
+ my @failover_mechanism =
+ Vyatta::ConntrackSync::get_conntracksync_val( $listnodesfunc,
+ "failover-mechanism" );
+
+ if ( defined $failover_mechanism[0] && $failover_mechanism[0] eq 'vrrp' ) {
+ $failover_sync_grp =
+ Vyatta::ConntrackSync::get_conntracksync_val( $returnvalfunc,
+ "failover-mechanism $failover_mechanism[0] vrrp-sync-group" );
+ }
+ return $failover_sync_grp;
}
sub keepalived_get_values {
- my ($intf, $path) = @_;
-
- my @errs = ();
- my $output = '';
- my $config = new Vyatta::Config;
-
- my $state_transition_script = get_state_script();
-
- vrrp_log("keepalived_get_values [$intf][$path]");
- $config->setLevel("$path vrrp vrrp-group");
- my @groups = $config->listNodes();
- foreach my $group (@groups) {
- my $vrrp_instance = "vyatta-$intf-$group";
- $config->setLevel("$path vrrp vrrp-group $group");
- if ($config->exists("disable")) {
- vrrp_log("$vrrp_instance disabled - skipping");
- my $state_file = get_state_file($intf, $group);
- system("rm -f $state_file");
- next;
- }
- my @vips = $config->returnValues("virtual-address");
- my $num_vips = scalar(@vips);
- if ($num_vips == 0) {
- push @errs, "must define a virtual-address for vrrp-group $group\n";
- next;
- }
- if ($num_vips > 20) {
- push @errs, "can not set more than 20 VIPs per group\n";
- next
- }
- my $priority = $config->returnValue("priority");
- if (!defined $priority) {
- $priority = 1;
- }
- my $preempt = $config->returnValue("preempt");
- if (!defined $preempt) {
- $preempt = "true";
- }
- my $preempt_delay = $config->returnValue("preempt-delay");
- if (defined $preempt_delay and $preempt eq "false") {
- print "Warning: preempt delay is ignored when preempt=false\n";
- }
- my $advert_int = $config->returnValue("advertise-interval");
- if (!defined $advert_int) {
- $advert_int = 1;
- }
- my $sync_group = $config->returnValue("sync-group");
- if (defined $sync_group && $sync_group ne "") {
- push @{ $HoA_sync_groups{$sync_group} }, $vrrp_instance;
- }
- my $hello_source_addr = $config->returnValue("hello-source-address");
- my $err = validate_source_addr($intf, $hello_source_addr);
- if (defined $err) {
- push @errs, $err;
- next;
- }
-
- $config->setLevel("$path vrrp vrrp-group $group authentication");
- my $auth_type = $config->returnValue("type");
- my $auth_pass;
- if (defined $auth_type) {
- $auth_type = "PASS" if $auth_type eq "simple";
- $auth_type = uc($auth_type);
- $auth_pass = $config->returnValue("password");
- if (! defined $auth_pass) {
- push @errs, "vrrp authentication password not set\n";
- next;
- }
- }
-
- $config->setLevel("$path vrrp vrrp-group $group run-transition-scripts");
- my $run_backup_script = $config->returnValue("backup");
- if(!defined $run_backup_script){
- $run_backup_script = "null";
- }
- my $run_fault_script = $config->returnValue("fault");
- if(!defined $run_fault_script){
- $run_fault_script = "null";
- }
- my $run_master_script = $config->returnValue("master");
- if(!defined $run_master_script){
- $run_master_script = "null";
- }
+ my ( $intf, $path ) = @_;
+
+ my @errs = ();
+ my $output = '';
+ my $config = new Vyatta::Config;
+
+ my $state_transition_script = get_state_script();
+
+ vrrp_log("keepalived_get_values [$intf][$path]");
+ $config->setLevel("$path vrrp vrrp-group");
+ my @groups = $config->listNodes();
+ foreach my $group (@groups) {
+ my $vrrp_instance = "vyatta-$intf-$group";
+ $config->setLevel("$path vrrp vrrp-group $group");
+ if ( $config->exists("disable") ) {
+ vrrp_log("$vrrp_instance disabled - skipping");
+ my $state_file = get_state_file( $intf, $group );
+ system("rm -f $state_file");
+ next;
+ }
+ my @vips = $config->returnValues("virtual-address");
+ my $num_vips = scalar(@vips);
+ if ( $num_vips == 0 ) {
+ push @errs, "must define a virtual-address for vrrp-group $group\n";
+ next;
+ }
+ if ( $num_vips > 20 ) {
+ push @errs, "can not set more than 20 VIPs per group\n";
+ next;
+ }
+ my $priority = $config->returnValue("priority");
+ if ( !defined $priority ) {
+ $priority = 1;
+ }
+ my $preempt = $config->returnValue("preempt");
+ if ( !defined $preempt ) {
+ $preempt = "true";
+ }
+ my $preempt_delay = $config->returnValue("preempt-delay");
+ if ( defined $preempt_delay and $preempt eq "false" ) {
+ print "Warning: preempt delay is ignored when preempt=false\n";
+ }
+ my $advert_int = $config->returnValue("advertise-interval");
+ if ( !defined $advert_int ) {
+ $advert_int = 1;
+ }
+ my $sync_group = $config->returnValue("sync-group");
+ if ( defined $sync_group && $sync_group ne "" ) {
+ push @{ $HoA_sync_groups{$sync_group} }, $vrrp_instance;
+ }
+ my $hello_source_addr = $config->returnValue("hello-source-address");
+ my $err = validate_source_addr( $intf, $hello_source_addr );
+ if ( defined $err ) {
+ push @errs, $err;
+ next;
+ }
+
+ $config->setLevel("$path vrrp vrrp-group $group authentication");
+ my $auth_type = $config->returnValue("type");
+ my $auth_pass;
+ if ( defined $auth_type ) {
+ $auth_type = "PASS" if $auth_type eq "simple";
+ $auth_type = uc($auth_type);
+ $auth_pass = $config->returnValue("password");
+ if ( !defined $auth_pass ) {
+ push @errs, "vrrp authentication password not set\n";
+ next;
+ }
+ }
- # We now have the values and have validated them, so
- # generate the config.
-
- $output .= "vrrp_instance $vrrp_instance \{\n";
- my $init_state;
- $init_state = vrrp_get_init_state($intf, $group, $vips[0], $preempt);
- $output .= "\tstate $init_state\n";
- $output .= "\tinterface $intf\n";
- $output .= "\tvirtual_router_id $group\n";
- $output .= "\tpriority $priority\n";
- if ($preempt eq "false") {
- $output .= "\tnopreempt\n";
- }
- if (defined $preempt_delay) {
- $output .= "\tpreempt_delay $preempt_delay\n";
- }
- $output .= "\tadvert_int $advert_int\n";
- if (defined $auth_type) {
- $output .= "\tauthentication {\n";
- $output .= "\t\tauth_type $auth_type\n";
- $output .= "\t\tauth_pass $auth_pass\n\t}\n";
- }
- if (defined $hello_source_addr) {
- $output .= "\tmcast_src_ip $hello_source_addr\n";
- }
- $output .= "\tvirtual_ipaddress \{\n";
- foreach my $vip (@vips) {
- $output .= "\t\t$vip\n";
- }
- $output .= "\t\}\n";
- $output .= "\tnotify_master \"$state_transition_script master ";
- $output .= "$intf $group $run_master_script @vips\" \n";
- $output .= "\tnotify_backup \"$state_transition_script backup ";
- $output .= "$intf $group $run_backup_script @vips\" \n";
- $output .= "\tnotify_fault \"$state_transition_script fault ";
- $output .= "$intf $group $run_fault_script @vips\" \n";
- $output .= "\}\n\n";
+ $config->setLevel("$path vrrp vrrp-group $group run-transition-scripts");
+ my $run_backup_script = $config->returnValue("backup");
+ if ( !defined $run_backup_script ) {
+ $run_backup_script = "null";
+ }
+ my $run_fault_script = $config->returnValue("fault");
+ if ( !defined $run_fault_script ) {
+ $run_fault_script = "null";
+ }
+ my $run_master_script = $config->returnValue("master");
+ if ( !defined $run_master_script ) {
+ $run_master_script = "null";
}
- return ($output, @errs);
+ # We now have the values and have validated them, so
+ # generate the config.
+
+ $output .= "vrrp_instance $vrrp_instance \{\n";
+ my $init_state;
+ if ( defined $ctsync ) {
+
+ # check if this group is part of conntrack-sync vrrp-sync-group
+ my $ctsync_syncgrp = get_ctsync_syncgrp();
+ my $vrrpsyncgrp =
+ list_vrrp_sync_group( $intf, $group, 'returnOrigPlusComValue' );
+ if ( defined $ctsync_syncgrp
+ && defined $vrrpsyncgrp
+ && ( $ctsync_syncgrp eq $vrrpsyncgrp ) )
+ {
+ $init_state = 'BACKUP';
+ } else {
+ $init_state = vrrp_get_init_state( $intf, $group, $vips[0], $preempt );
+ }
+ } else {
+ $init_state = vrrp_get_init_state( $intf, $group, $vips[0], $preempt );
+ }
+ $output .= "\tstate $init_state\n";
+ $output .= "\tinterface $intf\n";
+ $output .= "\tvirtual_router_id $group\n";
+ $output .= "\tpriority $priority\n";
+ if ( $preempt eq "false" ) {
+ $output .= "\tnopreempt\n";
+ }
+ if ( defined $preempt_delay ) {
+ $output .= "\tpreempt_delay $preempt_delay\n";
+ }
+ $output .= "\tadvert_int $advert_int\n";
+ if ( defined $auth_type ) {
+ $output .= "\tauthentication {\n";
+ $output .= "\t\tauth_type $auth_type\n";
+ $output .= "\t\tauth_pass $auth_pass\n\t}\n";
+ }
+ if ( defined $hello_source_addr ) {
+ $output .= "\tmcast_src_ip $hello_source_addr\n";
+ }
+ $output .= "\tvirtual_ipaddress \{\n";
+ foreach my $vip (@vips) {
+ $output .= "\t\t$vip\n";
+ }
+ $output .= "\t\}\n";
+ $output .= "\tnotify_master \"$state_transition_script master ";
+ $output .= "$intf $group $run_master_script @vips\" \n";
+ $output .= "\tnotify_backup \"$state_transition_script backup ";
+ $output .= "$intf $group $run_backup_script @vips\" \n";
+ $output .= "\tnotify_fault \"$state_transition_script fault ";
+ $output .= "$intf $group $run_fault_script @vips\" \n";
+ $output .= "\}\n\n";
+ }
+
+ return ( $output, @errs );
}
sub vrrp_get_sync_groups {
-
- my $output = "";
-
- foreach my $sync_group ( keys %HoA_sync_groups) {
- $output .= "vrrp_sync_group $sync_group \{\n\tgroup \{\n";
- foreach my $vrrp_instance ( 0 .. $#{ $HoA_sync_groups{$sync_group} } ) {
- $output .= "\t\t$HoA_sync_groups{$sync_group}[$vrrp_instance]\n";
- }
- $output .= "\t\}\n\}\n";
+
+ my $output = "";
+
+ foreach my $sync_group ( keys %HoA_sync_groups ) {
+ $output .= "vrrp_sync_group $sync_group \{\n\tgroup \{\n";
+ foreach my $vrrp_instance ( 0 .. $#{ $HoA_sync_groups{$sync_group} } ) {
+ $output .= "\t\t$HoA_sync_groups{$sync_group}[$vrrp_instance]\n";
+ }
+ $output .= "\t\}\n";
+
+ ## add conntrack-sync part here if configured ##
+ my $origfunc = undef;
+ $origfunc = 'true' if !defined $ctsync;
+ my $failover_sync_grp = get_ctsync_syncgrp($origfunc);
+ if ( defined $failover_sync_grp && $failover_sync_grp eq $sync_group ) {
+ $output .= "\tnotify_master \"$ctsync_script master $sync_group\"\n";
+ $output .= "\tnotify_backup \"$ctsync_script backup $sync_group\"\n";
+ $output .= "\tnotify_fault \"$ctsync_script fault $sync_group\"\n";
}
- return $output;
+ $output .= "\}\n";
+ }
+ return $output;
}
sub vrrp_read_changes {
- my @lines = ();
- open(my $FILE, "<", $changes_file) or die "Error: read $!";
- @lines = <$FILE>;
- close($FILE);
- chomp @lines;
- return @lines;
+ my @lines = ();
+ return @lines if !-e $changes_file;
+ open( my $FILE, "<", $changes_file ) or die "Error: read $!";
+ @lines = <$FILE>;
+ close($FILE);
+ chomp @lines;
+ return @lines;
}
sub vrrp_save_changes {
- my @list = @_;
+ my @list = @_;
- my $num_changes = scalar(@list);
- vrrp_log("saving changes file $num_changes");
- open(my $FILE, ">", $changes_file) or die "Error: write $!";
- print $FILE join("\n", @list), "\n";
- close($FILE);
+ my $num_changes = scalar(@list);
+ vrrp_log("saving changes file $num_changes");
+ open( my $FILE, ">", $changes_file ) or die "Error: write $!";
+ print $FILE join( "\n", @list ), "\n";
+ close($FILE);
}
sub vrrp_find_changes {
- my @list = ();
- my $config = new Vyatta::Config;
- my $vrrp_instances = 0;
-
- foreach my $name ( getInterfaces() ) {
- my $intf = new Vyatta::Interface($name);
- next unless $intf;
- my $path = $intf->path();
- $config->setLevel($path);
- if ($config->exists("vrrp")) {
- my %vrrp_status_hash = $config->listNodeStatus("vrrp");
- my ($vrrp, $vrrp_status) = each(%vrrp_status_hash);
- if ($vrrp_status ne "static") {
- push @list, $name;
- vrrp_log("$vrrp_status found $name");
- }
- }
-
- #
- # Now look for deleted from the origin tree
- #
- $config->setLevel($path);
- if ($config->isDeleted("vrrp")) {
- push @list, $name;
- vrrp_log("Delete found $name");
- }
-
+ my @list = ();
+ my $config = new Vyatta::Config;
+ my $vrrp_instances = 0;
+ foreach my $name ( getInterfaces() ) {
+ my $intf = new Vyatta::Interface($name);
+ next unless $intf;
+ my $path = $intf->path();
+ $config->setLevel($path);
+ if ( $config->exists("vrrp") ) {
+ my %vrrp_status_hash = $config->listNodeStatus("vrrp");
+ my ( $vrrp, $vrrp_status ) = each(%vrrp_status_hash);
+ if ( $vrrp_status ne "static" ) {
+ push @list, $name;
+ vrrp_log("$vrrp_status found $name");
+ }
}
- my $num = scalar(@list);
- vrrp_log("Start transation: $num changes");
- if ($num) {
- vrrp_save_changes(@list);
+ #
+ # Now look for deleted from the origin tree
+ #
+ $config->setLevel($path);
+ if ( $config->isDeleted("vrrp") ) {
+ push @list, $name;
+ vrrp_log("Delete found $name");
}
- return $num;
+
+ }
+
+ my $num = scalar(@list);
+ vrrp_log("Start transation: $num changes");
+ if ($num) {
+ vrrp_save_changes(@list);
+ }
+ return $num;
}
sub remove_from_changes {
- my $intf = shift;
-
- my @lines = vrrp_read_changes();
- if (scalar(@lines) < 1) {
- #
- # we shouldn't get to this point, but try to handle it if we do
- #
- vrrp_log("unexpected remove_from_changes()");
- system("rm -f $changes_file");
- return 0;
- }
- my @new_lines = ();
- foreach my $line (@lines) {
- if ($line =~ /$intf$/) {
- vrrp_log("remove_from_changes [$line]");
- } else {
- push @new_lines, $line;
- }
- }
-
- my $num_changes = scalar(@new_lines);
- if ($num_changes > 0) {
- vrrp_save_changes(@new_lines);
+ my $intf = shift;
+
+ my @lines = vrrp_read_changes();
+ if ( scalar(@lines) < 1 ) {
+
+ #
+ # we shouldn't get to this point, but try to handle it if we do
+ #
+ vrrp_log("unexpected remove_from_changes()");
+ system("rm -f $changes_file");
+ return 0;
+ }
+ my @new_lines = ();
+ foreach my $line (@lines) {
+ if ( $line =~ /$intf$/ ) {
+ vrrp_log("remove_from_changes [$line]");
} else {
- system("rm -f $changes_file");
+ push @new_lines, $line;
}
- return $num_changes;
+ }
+
+ my $num_changes = scalar(@new_lines);
+ if ( $num_changes > 0 ) {
+ vrrp_save_changes(@new_lines);
+ } else {
+ system("rm -f $changes_file");
+ }
+ return $num_changes;
}
sub vrrp_update_config {
- my ($intf) = @_;
-
- my @errs = ();
- my $date = localtime();
- my $output = "#\n# autogenerated by $0 on $date\n#\n\n";
-
- my $config = new Vyatta::Config;
- my $vrrp_instances = 0;
-
- foreach my $name ( getInterfaces() ) {
- my $intf = new Vyatta::Interface($name);
- next unless $intf;
- my $path = $intf->path();
- $config->setLevel($path);
- if ($config->exists("vrrp")) {
- #
- # keepalived gets real grumpy with interfaces that
- # don't exist, so skip vlans that haven't been
- # instantiated yet (typically occurs at boot up).
- #
- if (!(-d "/sys/class/net/$name")) {
- push @errs, "$name doesn't exist";
- next;
- }
- my ($inst_output, @inst_errs) =
- keepalived_get_values($name, $path);
- if (scalar(@inst_errs)) {
- push @errs, @inst_errs;
- } else {
- $output .= $inst_output;
- $vrrp_instances++;
- }
- }
- }
-
- if ($vrrp_instances > 0) {
- my $sync_groups = vrrp_get_sync_groups();
- if (defined $sync_groups && $sync_groups ne "") {
- $output = $sync_groups . $output;
- }
- keepalived_write_file($conf_file, $output);
- }
- return ($vrrp_instances, @errs);
-}
-sub keepalived_write_file {
- my ($file, $data) = @_;
+ my @errs = ();
+ my $date = localtime();
+ my $output = "#\n# autogenerated by $0 on $date\n#\n\n";
- open(my $fh, '>', $file) || die "Couldn't open $file - $!";
- print $fh $data;
- close $fh;
-}
+ my $config = new Vyatta::Config;
+ my $vrrp_instances = 0;
-sub list_vrrp_intf {
- my $config = new Vyatta::Config;
- my @intfs = ();
-
- foreach my $name ( getInterfaces() ) {
- my $intf = new Vyatta::Interface($name);
- next unless $intf;
- my $path = $intf->path();
- $config->setLevel($path);
- push @intfs, $name if $config->existsOrig("vrrp");
+ foreach my $name ( getInterfaces() ) {
+ my $intf = new Vyatta::Interface($name);
+ next unless $intf;
+ my $path = $intf->path();
+ $config->setLevel($path);
+ if ( $config->exists("vrrp") ) {
+
+ #
+ # keepalived gets real grumpy with interfaces that
+ # don't exist, so skip vlans that haven't been
+ # instantiated yet (typically occurs at boot up).
+ #
+ if ( !( -d "/sys/class/net/$name" ) ) {
+ push @errs, "$name doesn't exist";
+ next;
+ }
+ my ( $inst_output, @inst_errs ) = keepalived_get_values( $name, $path );
+ if ( scalar(@inst_errs) ) {
+ push @errs, @inst_errs;
+ } else {
+ $output .= $inst_output;
+ $vrrp_instances++;
+ }
}
+ }
- return @intfs;
+ if ( $vrrp_instances > 0 ) {
+ my $sync_groups = vrrp_get_sync_groups();
+ if ( defined $sync_groups && $sync_groups ne "" ) {
+ $output = $sync_groups . $output;
+ }
+ keepalived_write_file( $conf_file, $output );
+ }
+ return ( $vrrp_instances, @errs );
}
-sub list_vrrp_group {
- my ($name) = @_;
- my $config = new Vyatta::Config;
- my $path;
+sub keepalived_write_file {
+ my ( $file, $data ) = @_;
- my $intf = new Vyatta::Interface($name);
- next unless $intf;
- $path = $intf->path();
- $path .= " vrrp vrrp-group";
- $config->setLevel($path);
- my @groups = $config->listOrigNodes();
- return @groups;
+ open( my $fh, '>', $file ) || die "Couldn't open $file - $!";
+ print $fh $data;
+ close $fh;
}
-
#
# main
#
-GetOptions("vrrp-action=s" => \$action,
- "intf=s" => \$vrrp_intf,
- "group=s" => \$vrrp_group,
- "vip=s" => \$vrrp_vip);
-
-if (! defined $action) {
- print "no action\n";
- exit 1;
+GetOptions(
+ "vrrp-action=s" => \$action,
+ "intf=s" => \$vrrp_intf,
+ "group=s" => \$vrrp_group,
+ "vip=s" => \$vrrp_vip,
+ "ctsync=s" => \$ctsync,
+);
+
+if ( !defined $action ) {
+ print "no action\n";
+ exit 1;
}
-if ($action eq "update") {
- $changes_file = get_changes_file();
- $conf_file = get_conf_file();
- vrrp_log("vrrp update $vrrp_intf");
- if ( ! -e $changes_file) {
- my $num_changes = vrrp_find_changes();
- if ($num_changes == 0) {
- #
- # Shouldn't happen, but ...
- #
- vrrp_log("unexpected 0 changes");
- }
- }
- my ($vrrp_instances, @errs) = vrrp_update_config($vrrp_intf);
- my $more_changes = remove_from_changes($vrrp_intf);
- vrrp_log(" instances $vrrp_instances, $more_changes");
- if ($vrrp_instances > 0 and $more_changes == 0) {
- restart_daemon($conf_file);
- }
- if ($vrrp_instances == 0) {
- stop_daemon();
- system("rm -f $conf_file");
+if ( !defined $ctsync ) {
+
+ # make sure sync-group used by ctsync has not been deleted
+
+ my $failover_sync_grp = get_ctsync_syncgrp();
+ if ( defined $failover_sync_grp ) {
+
+ # make sure vrrp-sync-group exists
+ my $sync_grp_exists = 'false';
+ my @vrrp_intfs = list_vrrp_intf('exists');
+ foreach my $vrrp_intf (@vrrp_intfs) {
+ my @vrrp_groups = list_vrrp_group( $vrrp_intf, 'listNodes' );
+ foreach my $vrrp_group (@vrrp_groups) {
+ my $sync_grp =
+ list_vrrp_sync_group( $vrrp_intf, $vrrp_group, 'returnValue' );
+ if ( defined $sync_grp && $sync_grp eq "$failover_sync_grp" ) {
+ $sync_grp_exists = 'true';
+ last;
+ }
+ }
+ last if $sync_grp_exists eq 'true';
}
- if (scalar(@errs)) {
- print join("\n", @errs);
- vrrp_log(join("\n", @errs));
- exit 1
+
+ if ( $sync_grp_exists eq 'false' ) {
+ print "sync-group $failover_sync_grp used for conntrack-sync"
+ . " is either deleted or undefined\n";
+ exit 1;
}
- exit 0;
+ }
+
}
-if ($action eq "delete") {
- if (! defined $vrrp_intf || ! defined $vrrp_group) {
- print "must include interface & group";
- exit 1;
+if ( $action eq "update" ) {
+ $changes_file = get_changes_file();
+ $conf_file = get_conf_file();
+ vrrp_log("vrrp update $vrrp_intf") if defined $vrrp_intf;
+ vrrp_log("vrrp update conntrack-sync") if defined $ctsync;
+ if ( !-e $changes_file ) {
+ my $num_changes = vrrp_find_changes();
+ if ( $num_changes == 0 ) {
+
+ #
+ # Shouldn't happen, but ...
+ #
+ vrrp_log("unexpected 0 changes");
}
- vrrp_log("vrrp delete $vrrp_intf $vrrp_group");
- my $state_file = get_state_file($vrrp_intf, $vrrp_group);
- system("rm -f $state_file");
- exit 0;
+ }
+ my ( $vrrp_instances, @errs ) = vrrp_update_config();
+ my $more_changes = 0;
+ $more_changes = remove_from_changes($vrrp_intf) if !defined $ctsync;
+ vrrp_log(" instances $vrrp_instances, $more_changes");
+ if ( $vrrp_instances > 0 and $more_changes == 0 ) {
+ restart_daemon($conf_file);
+ }
+ if ( $vrrp_instances == 0 ) {
+ stop_daemon();
+ system("rm -f $conf_file");
+ }
+ if ( scalar(@errs) ) {
+ print join( "\n", @errs );
+ vrrp_log( join( "\n", @errs ) );
+ exit 1;
+ }
+ exit 0;
}
-if ($action eq "check-vip") {
- if (! defined $vrrp_vip) {
- print "must include the virtual-address to check";
- exit 1;
- }
- my $rc = 1;
- if ($vrrp_vip =~ /\//) {
- $rc = Vyatta::TypeChecker::validateType('ipv4net', $vrrp_vip, 1);
- } else {
- $rc = Vyatta::TypeChecker::validateType('ipv4', $vrrp_vip, 1);
- }
- exit 1 if ! $rc;
- exit 0;
+if ( $action eq "delete" ) {
+ if ( !defined $vrrp_intf || !defined $vrrp_group ) {
+ print "must include interface & group";
+ exit 1;
+ }
+ vrrp_log("vrrp delete $vrrp_intf $vrrp_group");
+ my $state_file = get_state_file( $vrrp_intf, $vrrp_group );
+ system("rm -f $state_file");
+ exit 0;
}
-if ($action eq "list-vrrp-intf") {
- my @intfs = list_vrrp_intf();
- print join(' ', @intfs);
- exit 0;
+if ( $action eq "check-vip" ) {
+ if ( !defined $vrrp_vip ) {
+ print "must include the virtual-address to check";
+ exit 1;
+ }
+ my $rc = 1;
+ if ( $vrrp_vip =~ /\// ) {
+ $rc = Vyatta::TypeChecker::validateType( 'ipv4net', $vrrp_vip, 1 );
+ } else {
+ $rc = Vyatta::TypeChecker::validateType( 'ipv4', $vrrp_vip, 1 );
+ }
+ exit 1 if !$rc;
+ exit 0;
}
-if ($action eq "list-vrrp-group") {
- if (! defined $vrrp_intf) {
- print "must include interface\n";
- exit 1;
- }
- my @groups = list_vrrp_group($vrrp_intf);
- print join(' ', @groups);
- exit 0;
+if ( $action eq "list-vrrp-intf" ) {
+ my @intfs = list_vrrp_intf();
+ print join( ' ', @intfs );
+ exit 0;
+}
+
+if ( $action eq "list-vrrp-group" ) {
+ if ( !defined $vrrp_intf ) {
+ print "must include interface\n";
+ exit 1;
+ }
+ my @groups = list_vrrp_group($vrrp_intf);
+ print join( ' ', @groups );
+ exit 0;
}
exit 0;
diff --git a/scripts/rl-system.init b/scripts/rl-system.init
index d95fcafa..fd5b9eea 100755
--- a/scripts/rl-system.init
+++ b/scripts/rl-system.init
@@ -173,7 +173,9 @@ security_reset () {
# restore PAM back to virgin state (no radius other services)
rm -f /etc/pam_radius_auth.conf
if grep -q radius /etc/pam.d/common-auth
- then pam-auth-update --remove radius
+ then
+ pam-auth-update --package --remove radius
+ rm /usr/share/pam-configs/radius
fi
# Disable root login with ssh
diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl
index 3adb37b7..a3be64ad 100644
--- a/scripts/snmp/vyatta-snmp.pl
+++ b/scripts/snmp/vyatta-snmp.pl
@@ -26,6 +26,7 @@
use lib "/opt/vyatta/share/perl5/";
use Vyatta::Config;
use Vyatta::Misc;
+use NetAddr::IP;
use Getopt::Long;
use File::Copy;
@@ -40,6 +41,7 @@ my $snmp_tmp = "/tmp/snmpd.conf.$$";
my $snmp_snmpv3_user_conf = '/usr/share/snmp/snmpd.conf';
my $snmp_snmpv3_createuser_conf = '/var/lib/snmp/snmpd.conf';
my $versionfile = '/opt/vyatta/etc/version';
+my $local_agent = 'unix:/var/run/snmpd.socket';
my $snmp_level = 'service snmp';
@@ -60,7 +62,7 @@ sub snmp_start {
snmp_get_values();
close $fh;
select STDOUT;
-
+
snmp_client_config();
move($snmp_tmp, $snmp_conf)
@@ -85,14 +87,60 @@ sub get_version {
return $version;
}
+# convert address to snmpd transport syntax
+sub transport_syntax {
+ my ($addr, $port) = @_;
+ my $ip = new NetAddr::IP $addr;
+ die "$addr: not a valid IP address" unless $ip;
+
+ my $version = $ip->version();
+ return "udp:$addr:$port" if ($version == 4);
+ return "udp6:[$addr]:$port" if ($version == 6);
+ die "$addr: unknown IP version $version";
+}
+
+sub ipv6_disabled {
+ my $config = new Vyatta::Config;
+ return $config->exists("system ipv6 disable");
+}
+
+# Find SNMP agent listening addresses
+sub get_listen_address {
+ my $config = new Vyatta::Config;
+ my @listen;
+
+ $config->setLevel('service snmp listen-address');
+ my @address = $config->listNodes();
+
+ if(@address) {
+ foreach my $addr (@address) {
+ my $port = $config->returnValue("$addr port");
+ push @listen, transport_syntax($addr, $port);
+ }
+ } else {
+ # default if no address specified
+ @listen = ( 'udp:161' );
+ push @listen, 'udp6:161' unless ipv6_disabled();
+ return @listen;
+ }
+
+ return @listen;
+}
+
sub snmp_get_constants {
my $version = get_version();
my $now = localtime;
+ my @addr = get_listen_address();
+
+ # add local unix domain target for use by operational commands
+ unshift @addr, $local_agent;
print "# autogenerated by vyatta-snmp.pl on $now\n";
print "sysDescr Vyatta $version\n";
print "sysObjectID 1.3.6.1.4.1.30803\n";
print "sysServices 14\n";
+ print "agentaddress ", join(',',@addr), "\n";
+
print "smuxpeer .1.3.6.1.4.1.3317.1.2.2\n"; # ospfd
print "smuxpeer .1.3.6.1.4.1.3317.1.2.5\n"; # bgpd
print "smuxpeer .1.3.6.1.4.1.3317.1.2.3\n"; # ripd
@@ -106,44 +154,43 @@ sub randhex {
return join "", map { unpack "H*", chr(rand(256)) } 1..($length/2);
}
+# output snmpd.conf file syntax for community
+sub print_community {
+ my ($config, $community) = @_;
+ my $ro = $config->returnValue('authorization');
+ $ro = 'ro' unless $ro;
+
+ my @clients = $config->returnValues('client');
+ my @networks = $config->returnValues('network');
+
+ my @restriction = (@clients, @networks);
+ if (!@restriction) {
+ print $ro . "community $community\n";
+ print $ro . "community6 $community\n" unless ipv6_disabled();
+ return;
+ }
+
+ foreach my $addr (@restriction) {
+ my $ip = new NetAddr::IP $addr;
+ die "$addr: Not a valid IP address" unless $ip;
+
+ if ($ip->version() == 4) {
+ print $ro . "community $community $addr\n";
+ } elsif ($ip->version() == 6) {
+ print $ro . "community6 $community $addr\n";
+ } else {
+ die "$addr: bad IP version ", $ip->version();
+ }
+ }
+}
+
sub snmp_get_values {
my $config = new Vyatta::Config;
- $config->setLevel("service snmp community");
- my @communities = $config->listNodes();
-
+ my @communities = $config->listNodes("service snmp community");
foreach my $community (@communities) {
- my $authorization = $config->returnValue("$community authorization");
- my @clients = $config->returnValues("$community client");
- my @networks = $config->returnValues("$community network");
-
- if (scalar(@clients) == 0 and scalar(@networks) == 0){
- if (defined $authorization and $authorization eq "rw") {
- print "rwcommunity $community\n";
- } else {
- print "rocommunity $community\n";
- }
- } else {
- if (scalar(@clients) != 0) {
- foreach my $client (@clients){
- if (defined $authorization and $authorization eq "rw") {
- print "rwcommunity $community $client\n";
- } else {
- print "rocommunity $community $client\n";
- }
- }
- }
- if (scalar(@networks) != 0){
- foreach my $network (@networks){
- if (defined $authorization and $authorization eq "rw") {
- print "rwcommunity $community $network\n";
- } else {
- print "rocommunity $community $network\n";
- }
-
- }
- }
- }
+ $config->setLevel("service snmp community $community");
+ print_community($config, $community);
}
$config->setLevel($snmp_level);
diff --git a/scripts/system/vyatta_update_resolv.pl b/scripts/system/vyatta_update_resolv.pl
index 7f2b84b2..a4e2b9ba 100755
--- a/scripts/system/vyatta_update_resolv.pl
+++ b/scripts/system/vyatta_update_resolv.pl
@@ -134,10 +134,11 @@ if ($dhclient_script == 1) {
}
}
if ($ns_in_resolvconf == 0) {
- open (APPEND, ">>/etc/resolv.conf") or die "$! error trying to overwrite";
- print APPEND "nameserver\t$ns\t\t#nameserver written by $0\n";
- close (APPEND);
- $restart_ntp = 1;
+ open (my $rf, '>>', '/etc/resolv.conf')
+ or die "$! error trying to overwrite";
+ print $rf "nameserver\t$ns\t\t#nameserver written by $0\n";
+ close $rf;
+ $restart_ntp = 1;
}
}
}
@@ -190,37 +191,40 @@ if ($dhclient_script == 1) {
my @resolv;
if (-e '/etc/resolv.conf') {
- open (RESOLV, '</etc/resolv.conf') or die("$0: Error! Unable to open '/etc/resolv.conf' for input: $!\n");
- @resolv = <RESOLV>;
- close (RESOLV);
+ open (my $f, '<', '/etc/resolv.conf')
+ or die("$0: Error! Unable to open '/etc/resolv.conf' for input: $!\n");
+ @resolv = <$f>;
+ close ($f);
}
my $foundSearch = 0;
my $foundDomain = 0;
-open (RESOLV, '>/etc/resolv.conf') or die("$0: Error! Unable to open '/etc/resolv.conf' for output: $!\n");
+open (my $r, '>', '/etc/resolv.conf')
+ or die("$0: Error! Unable to open '/etc/resolv.conf' for output: $!\n");
+
foreach my $line (@resolv) {
if ($line =~ /^search\s/) {
$foundSearch = 1;
if (length($search) > 0) {
- print RESOLV $search;
+ print $r $search;
}
} elsif ($line =~ /^domain\s/) {
$foundDomain = 1;
if (length($domain) > 0) {
- print RESOLV $domain;
+ print $r $domain;
}
} else {
- print RESOLV $line;
+ print $r $line;
}
}
if ($foundSearch == 0 && length($search) > 0) {
- print RESOLV $search;
+ print $r $search;
}
if ($foundDomain == 0 && length($domain) > 0) {
- print RESOLV $domain;
+ print $r $domain;
}
-close (RESOLV);
+close ($r);
diff --git a/scripts/vyatta-dhcpv6-client.pl b/scripts/vyatta-dhcpv6-client.pl
new file mode 100644
index 00000000..b23d1700
--- /dev/null
+++ b/scripts/vyatta-dhcpv6-client.pl
@@ -0,0 +1,157 @@
+#!/usr/bin/perl
+#
+# Module: vyatta-dhcpv6-client.pl
+#
+# **** License ****
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2005-2009 Vyatta, Inc.
+# All Rights Reserved.
+#
+# Author: Bob Gilligan <gilligan@vyatta.com>
+# Date: April 2010
+# Description: Start and stop DHCPv6 client daemon for an interface.
+#
+# **** End License ****
+#
+#
+
+use strict;
+use lib "/opt/vyatta/share/perl5/";
+use FileHandle;
+use Vyatta::Config;
+use Getopt::Long;
+
+my $start_flag; # Start the daemon
+my $stop_flag; # Stop the daemon and delete all config files
+my $release_flag; # Stop the daemon, but leave config file
+my $renew_flag; # Re-start the daemon. Functionally same as start_flag
+my $temp_flag;
+my $params_only_flag;
+my $ifname;
+
+
+sub gen_conf_file {
+ my ($conffile, $ifname) = @_;
+
+ my $FD_WR = new FileHandle;
+
+ if (!open($FD_WR, ">$conffile")) {
+ printf("Can't write config file: $conffile\n");
+ exit 1;
+ }
+ my $date = `date`;
+ my $user = `id -un`;
+ my $hostname = `hostname`;
+ chomp($date);
+ chomp($user);
+ chomp($hostname);
+
+ print $FD_WR "# This file was auto-generated by the Vyatta\n";
+ print $FD_WR "# configuration sub-system. Do not edit it.\n";
+ print $FD_WR "\n";
+ print $FD_WR "# Generated on $date by $user\n";
+ print $FD_WR "#\n";
+ print $FD_WR "interface \"$ifname\" {\n";
+# print $FD_WR " send host-name \"$hostname\";\n";
+# print $FD_WR " send dhcp6.oro 1, 2, 7, 12, 13, 23, 24, 39;\n";
+ print $FD_WR "}\n";
+}
+
+
+#
+# Main Section
+#
+
+GetOptions("start" => \$start_flag,
+ "stop" => \$stop_flag,
+ "release" => \$release_flag,
+ "renew" => \$renew_flag,
+ "temporary" => \$temp_flag,
+ "parameters-only" => \$params_only_flag,
+ "ifname=s" => \$ifname,
+ );
+
+if ((defined $temp_flag) && (defined $params_only_flag)) {
+ printf("Error: --temporary and --parameters-only flags are mutually exclusive.\n");
+ exit 1;
+}
+
+if (!defined $ifname) {
+ printf("Error: Interface name must be specified with --ifname parameter.\n");
+ exit 1;
+}
+
+my $pidfile = "/var/lib/dhcp3/dhclient_v6_$ifname.pid";
+my $leasefile = "/var/lib/dhcp3/dhclient_v6_$ifname.leases";
+my $conffile = "/var/lib/dhcp3/dhclient_v6_$ifname.conf";
+my $cmdname = "/sbin/dhclient";
+
+if (defined $release_flag) {
+ if (! -e $conffile) {
+ printf("DHCPv6 client is not configured on interface $ifname.\n");
+ exit 1;
+ }
+
+ if (! -e $pidfile) {
+ printf("DHCPv6 client is already released on interface $ifname.\n");
+ exit 1;
+ }
+}
+
+if (defined $renew_flag) {
+ if (! -e $conffile) {
+ printf("DHCPv6 client is not configured on interface $ifname.\n");
+ exit 1;
+ }
+}
+
+if (defined $stop_flag || defined $release_flag) {
+ # Stop dhclient -6 on $ifname
+
+ printf("Stopping daemon...\n");
+ my $output=`$cmdname -6 -nw -cf $conffile -pf $pidfile -lf $leasefile -r $ifname`;
+ printf($output);
+
+ # Delete files it leaves behind...
+ printf("Deleting related files...\n");
+ unlink($pidfile);
+ if (defined $stop_flag) {
+ # If just releasing, leave the config file around as a flag that
+ # DHCPv6 remains configured on this interface.
+ unlink($conffile);
+ }
+}
+
+if (defined $start_flag || defined $renew_flag) {
+ # Generate the DHCP client config file...
+ gen_conf_file($conffile, $ifname);
+
+ # First, kill any previous instance of dhclient running on this interface
+ #
+ printf("Stopping old daemon...\n");
+ my $output = `$cmdname -6 -pf $pidfile -x $ifname`;
+ printf($output);
+
+ # start "dhclient -6" on $ifname
+
+ my $args = "";
+ if (defined $temp_flag) {
+ $args .= " -T";
+ }
+ if (defined $params_only_flag) {
+ $args .= " -S";
+ }
+
+ printf("Starting new daemon...\n");
+ my $output=`$cmdname -6 -nw -cf $conffile -pf $pidfile -lf $leasefile $args $ifname`;
+ printf($output);
+}
diff --git a/scripts/vyatta-interfaces.pl b/scripts/vyatta-interfaces.pl
index 90d8dfc7..a303c82c 100755
--- a/scripts/vyatta-interfaces.pl
+++ b/scripts/vyatta-interfaces.pl
@@ -47,10 +47,11 @@ use warnings;
my $dhcp_daemon = '/sbin/dhclient';
-my ($eth_update, $eth_delete, $addr_set, @addr_commit, $dev, $mac, $mac_update);
+my ($eth_update, $eth_delete, $addr_set, $dev, $mac, $mac_update);
+my %skip_interface;
my ($check_name, $show_names, $intf_cli_path, $vif_name, $warn_name);
my ($check_up, $show_path, $dhcp_command);
-my @speed_duplex;
+my (@speed_duplex, @addr_commit);
sub usage {
print <<EOF;
@@ -80,6 +81,7 @@ GetOptions("eth-addr-update=s" => \$eth_update,
"dhcp=s" => \$dhcp_command,
"check=s" => \$check_name,
"show=s" => \$show_names,
+ "skip=s" => sub { $skip_interface{$_[1]} = 1 },
"vif=s" => \$vif_name,
"warn" => \$warn_name,
"path" => \$show_path,
@@ -312,14 +314,14 @@ sub update_mac {
if (POSIX::strtoul($flags) & 1) {
# NB: Perl 5 system return value is bass-ackwards
- system "sudo ip link set $intf down"
+ system "ip link set $intf down"
and die "Could not set $intf down ($!)\n";
- system "sudo ip link set $intf address $mac"
+ system "ip link set $intf address $mac"
and die "Could not set $intf address ($!)\n";
- system "sudo ip link set $intf up"
+ system "ip link set $intf up"
and die "Could not set $intf up ($!)\n";
} else {
- system "sudo ip link set $intf address $mac"
+ system "ip link set $intf address $mac"
and die "Could not set $intf address ($!)\n";
}
exit 0;
@@ -356,6 +358,13 @@ sub is_valid_addr_set {
exit 0;
}
+ if ($addr_net eq "dhcpv6") {
+ die "Error: can't use dhcpv6 client on loopback interface\n"
+ if ($intf eq "lo");
+
+ exit 0;
+ }
+
my ($addr, $net);
if ($addr_net =~ m/^([0-9a-fA-F\.\:]+)\/(\d+)$/) {
$addr = $1;
@@ -423,7 +432,7 @@ sub is_valid_addr_commit {
$dhcp = 1;
} else {
my $version = is_ip_v4_or_v6($addr);
- if ($version == 4) {
+ if (defined($version) && $version == 4) {
$static_v4 = 1;
}
}
@@ -516,6 +525,7 @@ sub show_interfaces {
foreach my $name (@interfaces) {
my $intf = new Vyatta::Interface($name);
next unless $intf; # skip unknown types
+ next if $skip_interface{$name};
next unless ($type eq 'all' || $type eq $intf->type());
if ($vif_name) {
diff --git a/sysconf/capability.conf b/sysconf/capability.conf
new file mode 100644
index 00000000..0a7235f1
--- /dev/null
+++ b/sysconf/capability.conf
@@ -0,0 +1,10 @@
+# this is a capability file (used in conjunction with the pam_cap.so module)
+
+# Special capability for Vyatta admin
+all %vyattacfg
+
+# Vyatta Operator
+cap_net_admin,cap_sys_boot,cap_audit_write %vyattaop
+
+## 'everyone else' gets no inheritable capabilities
+none *
diff --git a/sysconf/filecaps b/sysconf/filecaps
new file mode 100644
index 00000000..1e06c0e8
--- /dev/null
+++ b/sysconf/filecaps
@@ -0,0 +1,26 @@
+# List of files that get special attribute labeling
+
+# Network related utilities
+cap_net_admin=pe /usr/sbin/ethtool
+cap_net_admin=pe /sbin/tc
+cap_net_admin=pe /bin/ip
+cap_net_admin=pe /sbin/iptables
+cap_net_admin=pe /sbin/ip6tables
+cap_net_admin=pe/ /usr/sbin/ipset
+cap_net_admin=pe /usr/sbin/conntrack
+cap_net_admin=pe /usr/sbin/arp
+cap_net_admin=pe /usr/sbin/brctl
+
+# Raw sockets
+cap_net_raw=pe /usr/bin/tshark
+cap_net_raw=pe /usr/sbin/tcpdump
+
+# Allow changes to system settings
+cap_sys_admin=pe /sbin/sysctl
+
+# Module install
+cap_sys_module=pe /sbin/modprobe
+
+# Set time
+cap_sys_time=pe /bin/date
+cap_sys_time=pe /usr/sbin/ntpdate
diff --git a/templates/interfaces/bonding/node.def b/templates/interfaces/bonding/node.def
index bb1b9ae3..4a944970 100644
--- a/templates/interfaces/bonding/node.def
+++ b/templates/interfaces/bonding/node.def
@@ -1,14 +1,15 @@
tag:
priority: 315
type: txt
-help: Set bonding interface
+help: Set bonding interface name
+comp_help: Enter bonding interface name (bond0 - bond99)
syntax:expression: pattern $VAR(@) "^bond[0-9]+$" \
; "bonding must be (bond0-bond99)"
begin: if [ ! -f /sys/class/net/bonding_masters ]; then
sudo modprobe bonding max_bonds=0 miimon=250
fi
create: sudo sh -c "echo +$VAR(@) > /sys/class/net/bonding_masters" || exit 1
- sudo ip link set "$VAR(@)" up
+ ip link set "$VAR(@)" up
/opt/vyatta/sbin/vyatta-link-detect $VAR(@) on
delete: SLAVES=`cat /sys/class/net/$VAR(@)/bonding/slaves`;
if [ -z "$SLAVES" ]
@@ -18,4 +19,3 @@ delete: SLAVES=`cat /sys/class/net/$VAR(@)/bonding/slaves`;
echo "bonded interface $VAR(@) still has slaves: $SLAVES"
exit 1;
fi
-comp_help: Enter bond interface name (bond0 - bond99)
diff --git a/templates/interfaces/bonding/node.tag/bridge-group/node.def b/templates/interfaces/bonding/node.tag/bridge-group/node.def
index 940295fa..9ce97b1b 100644
--- a/templates/interfaces/bonding/node.tag/bridge-group/node.def
+++ b/templates/interfaces/bonding/node.tag/bridge-group/node.def
@@ -12,13 +12,13 @@ end:
exit 1
else
echo "Adding interface $bondif to bridge $newbridge."
- sudo brctl addif $newbridge $bondif;
+ /usr/sbin/brctl addif $newbridge $bondif;
if [ -n "$VAR(./cost/@)" ]; then
- sudo brctl setpathcost $newbridge $bondif $VAR(./cost/@);
+ /usr/sbin/brctl setpathcost $newbridge $bondif $VAR(./cost/@);
fi;
if [ -n "$VAR(./priority/@)" ]; then
- sudo brctl setportprio $newbridge $bondif $VAR(./priority/@);
+ /usr/sbin/brctl setportprio $newbridge $bondif $VAR(./priority/@);
fi
fi
elif [ ${COMMIT_ACTION} = 'DELETE' ]; then
@@ -32,7 +32,7 @@ end:
# it gets deleted before the removal of bridge-groups under interfaces
exit 0
else
- sudo brctl delif $oldbridge $bondif
+ /usr/sbin/brctl delif $oldbridge $bondif
fi
else
if [ -z "$newbridge" ]; then
@@ -46,15 +46,15 @@ end:
if ! /opt/vyatta/sbin/vyatta-bridgegroup-depedency.pl \
--bridge-notin-proposedcfg \
--bridge-interface="$oldbridge"; then \
- sudo brctl delif $oldbridge $bondif
+ /usr/sbin/brctl delif $oldbridge $bondif
fi
- sudo brctl addif $newbridge $bondif
+ /usr/sbin/brctl addif $newbridge $bondif
fi
if [ -n "$VAR(./cost/@)" ]; then
- sudo brctl setpathcost $newbridge $bondif $VAR(./cost/@)
+ /usr/sbin/brctl setpathcost $newbridge $bondif $VAR(./cost/@)
fi
if [ -n "$VAR(./priority/@)" ]; then
- sudo brctl setportprio $newbridge $bondif $VAR(./priority/@)
+ /usr/sbin/brctl setportprio $newbridge $bondif $VAR(./priority/@)
fi
fi
fi
diff --git a/templates/interfaces/bonding/node.tag/disable/node.def b/templates/interfaces/bonding/node.tag/disable/node.def
index ad033365..96325d72 100644
--- a/templates/interfaces/bonding/node.tag/disable/node.def
+++ b/templates/interfaces/bonding/node.tag/disable/node.def
@@ -1,11 +1,11 @@
help: Set interface disabled
create: /etc/netplug/linkdown.d/dhclient $VAR(../@)
- if ! sudo ip link set $VAR(../@) down 2>/dev/null; then
+ if ! ip link set $VAR(../@) down 2>/dev/null; then
echo "Error disabling dev $VAR(../@)"
/etc/netplug/linkup.d/dhclient $VAR(../@)
exit 1
fi
-delete: if ! sudo ip link set $VAR(../@) up; then
+delete: if ! ip link set $VAR(../@) up; then
echo "Error enabling dev $VAR(../@)"
exit 1
fi
diff --git a/templates/interfaces/bonding/node.tag/mtu/node.def b/templates/interfaces/bonding/node.tag/mtu/node.def
index 07c102ac..cd244402 100644
--- a/templates/interfaces/bonding/node.tag/mtu/node.def
+++ b/templates/interfaces/bonding/node.tag/mtu/node.def
@@ -1,5 +1,5 @@
type: u32
help: Set the Maximum Transmission Unit (MTU) for this interface
syntax:expression: $VAR(@) >= 68 && $VAR(@) <= 9000; "MTU must be between 68 and 9000"
-update:expression: "sudo ip link set $VAR(../@) mtu $VAR(@)"; "Error setting MTU on dev $VAR(../@)"
-delete:expression: "sudo ip link set $VAR(../@) mtu 1500"; "Error deleting MTU on dev $VAR(../@)"
+update: ip link set $VAR(../@) mtu $VAR(@)
+delete: ip link set $VAR(../@) mtu 1500
diff --git a/templates/interfaces/bonding/node.tag/vif/node.def b/templates/interfaces/bonding/node.tag/vif/node.def
index 2e718f41..62e7ab95 100644
--- a/templates/interfaces/bonding/node.tag/vif/node.def
+++ b/templates/interfaces/bonding/node.tag/vif/node.def
@@ -8,9 +8,9 @@ create: read -a SLAVES </sys/class/net/$VAR(../@)/bonding/slaves
echo "Must configure slave devices for bond interface $VAR(../@) before adding vif"
exit 1
fi
- sudo ip link add link $VAR(../@) name "$VAR(../@).$VAR(@)" type vlan id $VAR(@) || exit 1
- sudo ip link set "$VAR(../@).$VAR(@)" up
+ ip link add link $VAR(../@) name "$VAR(../@).$VAR(@)" type vlan id $VAR(@) || exit 1
+ ip link set "$VAR(../@).$VAR(@)" up
sudo sh -c "/opt/vyatta/sbin/vyatta-link-detect $VAR(../@).$VAR(@) on"
-delete: sudo ip link delete dev "$VAR(../@).$VAR(@)" type vlan id $VAR(@)
+delete: ip link delete dev "$VAR(../@).$VAR(@)" type vlan id $VAR(@)
comp_help: possible completions:
<0-4094> Set VLAN ID
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/node.def
index 04dc957b..42234106 100644
--- a/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/node.def
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/node.def
@@ -13,13 +13,13 @@ end:
exit 1
else
echo "Adding interface $bondif to bridge $newbridge."
- sudo brctl addif $newbridge $bondif;
+ /usr/sbin/brctl addif $newbridge $bondif;
if [ -n "$VAR(./cost/@)" ]; then
- sudo brctl setpathcost $newbridge $bondif $VAR(./cost/@);
+ /usr/sbin/brctl setpathcost $newbridge $bondif $VAR(./cost/@);
fi;
if [ -n "$VAR(./priority/@)" ]; then
- sudo brctl setportprio $newbridge $bondif $VAR(./priority/@);
+ /usr/sbin/brctl setportprio $newbridge $bondif $VAR(./priority/@);
fi
fi
elif [ ${COMMIT_ACTION} = 'DELETE' ]; then
@@ -33,7 +33,7 @@ end:
# it gets deleted before the removal of bridge-groups under interfaces
exit 0
else
- sudo brctl delif $oldbridge $bondif
+ /usr/sbin/brctl delif $oldbridge $bondif
fi
else
if [ -z "$newbridge" ]; then
@@ -47,15 +47,15 @@ end:
if ! /opt/vyatta/sbin/vyatta-bridgegroup-depedency.pl \
--bridge-notin-proposedcfg \
--bridge-interface="$oldbridge"; then \
- sudo brctl delif $oldbridge $bondif
+ /usr/sbin/brctl delif $oldbridge $bondif
fi
- sudo brctl addif $newbridge $bondif
+ /usr/sbin/brctl addif $newbridge $bondif
fi
if [ -n "$VAR(./cost/@)" ]; then
- sudo brctl setpathcost $newbridge $bondif $VAR(./cost/@)
+ /usr/sbin/brctl setpathcost $newbridge $bondif $VAR(./cost/@)
fi
if [ -n "$VAR(./priority/@)" ]; then
- sudo brctl setportprio $newbridge $bondif $VAR(./priority/@)
+ /usr/sbin/brctl setportprio $newbridge $bondif $VAR(./priority/@)
fi
fi
fi
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def
index 78b24870..b2119c9c 100644
--- a/templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def
@@ -1,11 +1,11 @@
help: Set interface disabled
update: /etc/netplug/linkdown.d/dhclient $VAR(../../@).$VAR(../@)
- if ! sudo ip link set $VAR(../../@).$VAR(../@) down 2>/dev/null; then
+ if ! ip link set $VAR(../../@).$VAR(../@) down 2>/dev/null; then
echo "Error disabling dev $VAR(../../@).$VAR(../@)"
/etc/netplug/linkup.d/dhclient $VAR(../../@).$VAR(../@)
exit 1
fi
-delete: if ! sudo ip link set $VAR(../../@).$VAR(../@) up; then
+delete: if ! ip link set $VAR(../../@).$VAR(../@) up; then
echo "Error enabling dev $VAR(../../@).$VAR(../@)"
exit 1
fi
diff --git a/templates/interfaces/bridge/node.def b/templates/interfaces/bridge/node.def
index 55c961ba..60af4bc0 100644
--- a/templates/interfaces/bridge/node.def
+++ b/templates/interfaces/bridge/node.def
@@ -1,19 +1,19 @@
tag:
priority: 310
type: txt
-help: Set bridge interface
+help: Set bridge interface name
+comp_help: "Enter bridge interface name (br0 - br999)"
syntax:expression: pattern $VAR(@) "^br[0-9]+$" ; "Must be (br0 - br999)"
-create: sudo brctl addbr $VAR(@)
- sudo ip link set $VAR(@) up
+create: /usr/sbin/brctl addbr $VAR(@)
+ ip link set $VAR(@) up
delete: if ! /opt/vyatta/sbin/vyatta-bridgegroup-depedency.pl \
--no-interfaces-assigned \
--bridge-interface="$VAR(@)"; then \
exit 1
fi
- sudo ip link set $VAR(@) down;
- sudo brctl delbr $VAR(@);
+ ip link set $VAR(@) down;
+ /usr/sbin/brctl delbr $VAR(@);
-comp_help: "Enter bridge interface name (br0 - br999)"
diff --git a/templates/interfaces/bridge/node.tag/aging/node.def b/templates/interfaces/bridge/node.tag/aging/node.def
index 533a8ed5..cd2e5d1a 100644
--- a/templates/interfaces/bridge/node.tag/aging/node.def
+++ b/templates/interfaces/bridge/node.tag/aging/node.def
@@ -1,7 +1,7 @@
type: u32
help: Set the number of seconds a MAC address will be kept in the forwarding database
default: 300
-update:expression: "sudo brctl setageing $VAR(../@) $VAR(@)"
-delete:expression: "sudo brctl setageing $VAR(../@) 300"
+update: /usr/sbin/brctl setageing $VAR(../@) $VAR(@)
+delete: /usr/sbin/brctl setageing $VAR(../@) 300
comp_help: possible completions:
<number> Set the number of seconds for ageing (default 300)
diff --git a/templates/interfaces/bridge/node.tag/disable/node.def b/templates/interfaces/bridge/node.tag/disable/node.def
index 3f37a6d6..2e20be3b 100644
--- a/templates/interfaces/bridge/node.tag/disable/node.def
+++ b/templates/interfaces/bridge/node.tag/disable/node.def
@@ -1,11 +1,11 @@
help: Disable the bridge interface
update: /etc/netplug/linkdown.d/dhclient $VAR(../@)
- if ! sudo ip link set $VAR(../@) down 2>/dev/null; then
+ if ! ip link set $VAR(../@) down 2>/dev/null; then
echo "Error disabling dev $VAR(../@)"
/etc/netplug/linkup.d/dhclient $VAR(../@)
exit 1
fi
-delete: if ! sudo ip link set $VAR(../@) up; then
+delete: if ! ip link set $VAR(../@) up; then
echo "Error enabling dev $VAR(../@)"
exit 1
fi
diff --git a/templates/interfaces/bridge/node.tag/forwarding-delay/node.def b/templates/interfaces/bridge/node.tag/forwarding-delay/node.def
index 458eb320..c273c648 100644
--- a/templates/interfaces/bridge/node.tag/forwarding-delay/node.def
+++ b/templates/interfaces/bridge/node.tag/forwarding-delay/node.def
@@ -1,5 +1,5 @@
type: u32
help: Set the forwarding delay
-update: sudo brctl setfd $VAR(../@) $VAR(@)
+update: /usr/sbin/brctl setfd $VAR(../@) $VAR(@)
comp_help: possible completions:
<number> Set the folwarding delay (default 15)
diff --git a/templates/interfaces/bridge/node.tag/hello-time/node.def b/templates/interfaces/bridge/node.tag/hello-time/node.def
index 19324a65..8c6ad277 100644
--- a/templates/interfaces/bridge/node.tag/hello-time/node.def
+++ b/templates/interfaces/bridge/node.tag/hello-time/node.def
@@ -1,8 +1,8 @@
type: u32
help: Set the hello packet advertisment interval
default: 2
-update:expression: "sudo brctl sethello $VAR(../@) $VAR(@)"
-delete:expression: "sudo brctl sethello $VAR(../@) 2"
+update: /usr/sbin/brctl sethello $VAR(../@) $VAR(@)
+delete: /usr/sbin/brctl sethello $VAR(../@) 2
comp_help: possible completions:
<number> Set the hello packet advertisment interval (default 2)
diff --git a/templates/interfaces/bridge/node.tag/max-age/node.def b/templates/interfaces/bridge/node.tag/max-age/node.def
index ddfdf129..43a9ad04 100644
--- a/templates/interfaces/bridge/node.tag/max-age/node.def
+++ b/templates/interfaces/bridge/node.tag/max-age/node.def
@@ -1,8 +1,8 @@
type: u32
help: Set the interval at which neighbor bridges are removed
default: 20
-update:expression: "sudo brctl setmaxage $VAR(../@) $VAR(@)"
-delete:expression: "sudo brctl setmaxage $VAR(../@) 20"
+update: /usr/sbin/brctl setmaxage $VAR(../@) $VAR(@)
+delete: /usr/sbin/brctl setmaxage $VAR(../@) 20
comp_help: possible completions:
<number> Set the max age (default 20)
diff --git a/templates/interfaces/bridge/node.tag/priority/node.def b/templates/interfaces/bridge/node.tag/priority/node.def
index 1084dbf3..63548d1e 100644
--- a/templates/interfaces/bridge/node.tag/priority/node.def
+++ b/templates/interfaces/bridge/node.tag/priority/node.def
@@ -1,7 +1,7 @@
type: u32
help: Set the priority for this bridge
default: 0
-update:expression: "sudo brctl setbridgeprio $VAR(../@) $VAR(@)"
-delete:expression: "sudo brctl setbridgeprio $VAR(../@) 0"
+update: /usr/sbin/brctl setbridgeprio $VAR(../@) $VAR(@)
+delete: /usr/sbin/brctl setbridgeprio $VAR(../@) 0
comp_help: possible completions:
<number> Set bridge priority (default 0)
diff --git a/templates/interfaces/bridge/node.tag/stp/node.def b/templates/interfaces/bridge/node.tag/stp/node.def
index 6f25f0cc..f3095b26 100644
--- a/templates/interfaces/bridge/node.tag/stp/node.def
+++ b/templates/interfaces/bridge/node.tag/stp/node.def
@@ -3,16 +3,16 @@ help: Enable spanning tree protocol
default: false
update: if [ "$VAR(@)" == "true" ]; then
if [ -z "$VAR(../../forwarding-delay)" ]; then
- sudo brctl setfd $VAR(../@) 15
+ /usr/sbin/brctl setfd $VAR(../@) 15
else
- sudo brctl setfd $VAR(../@) $VAR(../../forwarding-delay)
+ /usr/sbin/brctl setfd $VAR(../@) $VAR(../../forwarding-delay)
fi
- sudo brctl stp $VAR(../@) on
+ /usr/sbin/brctl stp $VAR(../@) on
else
- sudo brctl stp $VAR(../@) off
- sudo brctl setfd $VAR(../@) 0
+ /usr/sbin/brctl stp $VAR(../@) off
+ /usr/sbin/brctl setfd $VAR(../@) 0
fi
-delete:sudo brctl stp $VAR(../@) off
+delete:/usr/sbin/brctl stp $VAR(../@) off
comp_help: possible completions:
true Enable Spanning Tree Protocol
false Disable Spanning Tree Protocol (default false)
diff --git a/templates/interfaces/ethernet/node.def b/templates/interfaces/ethernet/node.def
index 081cabb5..05b2e03c 100644
--- a/templates/interfaces/ethernet/node.def
+++ b/templates/interfaces/ethernet/node.def
@@ -1,7 +1,9 @@
tag:
priority: 318
type: txt
-help: Set ethernet interface
+help: Set Ethernet interface name
+comp_help: Enter Ethernet interface name (eth0 - eth999)
+
allowed: /opt/vyatta/sbin/vyatta-interfaces.pl --show=ethernet
syntax:expression: pattern $VAR(@) "^eth[0-9]+$" \
; "interface ethernet $VAR(@): not a valid name"
@@ -10,7 +12,7 @@ syntax:expression: exec \
echo \"interface ethernet $VAR(@): does not exist\";
exit 1; \
fi"
-create: sudo ip link set "$VAR(@)" up
+create: ip link set "$VAR(@)" up
/opt/vyatta/sbin/vyatta-link-detect $VAR(@) on
delete: [ -d /sys/class/net/$VAR(../@) ] || exit 0
- sudo ip link set $VAR(@) down
+ ip link set $VAR(@) down
diff --git a/templates/interfaces/ethernet/node.tag/address/node.def b/templates/interfaces/ethernet/node.tag/address/node.def
index db87ff05..7ed12bba 100644
--- a/templates/interfaces/ethernet/node.tag/address/node.def
+++ b/templates/interfaces/ethernet/node.tag/address/node.def
@@ -15,14 +15,41 @@ syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr-set
#
commit:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr-commit $VAR(@@) --dev $VAR(../@)"
-create:sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@)
-
-delete:sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)
-
-allowed: echo "dhcp <>"
+create:
+ ifname=$VAR(../@)
+ param=$VAR(@)
+ if [ "$param" = "dhcpv6" ]; then
+ if [ -n "$VAR(../dhcpv6-options/parameters-only)" ]; then
+ echo "parameters-only is set"
+ arg1="--parameters-only"
+ fi
+ if [ -n "$VAR(../dhcpv6-options/temporary)" ]; then
+ echo "temporary is set"
+ arg2="--temporary"
+ fi
+
+ echo "Starting DHCPv6 client on ${ifname}..."
+ sudo /opt/vyatta/sbin/vyatta-dhcpv6-client.pl --start \
+ --ifname $ifname $arg1 $arg2
+ else
+ sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@)
+ fi
+
+delete:
+ ifname=$VAR(../@)
+ param=$VAR(@)
+ if [ "$param" = "dhcpv6" ]; then
+ echo "Stopping DHCPv6 client on ${ifname}..."
+ sudo /opt/vyatta/sbin/vyatta-dhcpv6-client.pl --stop --ifname \
+ $ifname
+ else
+ sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)
+ fi
+
+allowed: echo "dhcp dhcpv6 <>"
comp_help:Possible completions:
- <x.x.x.x/x> Set the IP address and prefix length
+ <x.x.x.x/x> Set the IPv4 address and prefix length
<h:h:h:h:h:h:h:h/x> Set the IPv6 address and prefix length
- dhcp Set the IP address and prefix length via DHCP
-
+ dhcp Set the IPv4 address and prefix length via DHCP
+ dhcpv6 Set the IPv6 address and prefix length via DHCPv6
diff --git a/templates/interfaces/ethernet/node.tag/bridge-group/node.def b/templates/interfaces/ethernet/node.tag/bridge-group/node.def
index 7590dc96..c56c31cc 100644
--- a/templates/interfaces/ethernet/node.tag/bridge-group/node.def
+++ b/templates/interfaces/ethernet/node.tag/bridge-group/node.def
@@ -11,13 +11,13 @@ end:
exit 1
else
echo "Adding interface $ethif to bridge $newbridge."
- sudo brctl addif $newbridge $ethif;
+ /usr/sbin/brctl addif $newbridge $ethif;
if [ -n "$VAR(./cost/@)" ]; then
- sudo brctl setpathcost $newbridge $ethif $VAR(./cost/@);
+ /usr/sbin/brctl setpathcost $newbridge $ethif $VAR(./cost/@);
fi;
if [ -n "$VAR(./priority/@)" ]; then
- sudo brctl setportprio $newbridge $ethif $VAR(./priority/@);
+ /usr/sbin/brctl setportprio $newbridge $ethif $VAR(./priority/@);
fi
fi
elif [ ${COMMIT_ACTION} = 'DELETE' ]; then
@@ -31,7 +31,7 @@ end:
# it gets deleted before the removal of bridge-groups under interfaces
exit 0
else
- sudo brctl delif $oldbridge $ethif
+ /usr/sbin/brctl delif $oldbridge $ethif
fi
else
if [ -z "$newbridge" ]; then
@@ -45,15 +45,15 @@ end:
if ! /opt/vyatta/sbin/vyatta-bridgegroup-depedency.pl \
--bridge-notin-proposedcfg \
--bridge-interface="$oldbridge"; then \
- sudo brctl delif $oldbridge $ethif
+ /usr/sbin/brctl delif $oldbridge $ethif
fi
- sudo brctl addif $newbridge $ethif
+ /usr/sbin/brctl addif $newbridge $ethif
fi
if [ -n "$VAR(./cost/@)" ]; then
- sudo brctl setpathcost $newbridge $ethif $VAR(./cost/@)
+ /usr/sbin/brctl setpathcost $newbridge $ethif $VAR(./cost/@)
fi
if [ -n "$VAR(./priority/@)" ]; then
- sudo brctl setportprio $newbridge $ethif $VAR(./priority/@)
+ /usr/sbin/brctl setportprio $newbridge $ethif $VAR(./priority/@)
fi
fi
fi
diff --git a/templates/interfaces/ethernet/node.tag/dhcpv6-options/node.def b/templates/interfaces/ethernet/node.tag/dhcpv6-options/node.def
new file mode 100644
index 00000000..aaeca067
--- /dev/null
+++ b/templates/interfaces/ethernet/node.tag/dhcpv6-options/node.def
@@ -0,0 +1,49 @@
+# This node is run before the rest of the interface is configured.
+# We first check to see if DHCPv6 is still configured on the interface by
+# looking over at the interface address parameters. Then we check to see
+# if the DHCPv6 client program is still running on this interface. If both
+# of those are true, then any change to this tree means that the user
+# has changed this tree ONLY, and that we are going to have to re-start
+# the DHCPv6 client using the new parameters.
+
+
+priority: 317 # Run before interface has been configured
+
+help: Set options for DHCPv6
+
+end:
+ ifname="$VAR(../@)"
+ echo "dhcpv6-options: ifname is $ifname"
+
+ dhcpv6_set=0
+ for param in $VAR(../address/@@); do
+ if [ "$param" = "dhcpv6" ]; then
+ dhcpv6_set=1
+ fi
+ done
+
+ if [ $dhcpv6_set -eq 0 ]; then
+ echo "DHCPv6 is not configured on this interface"
+ exit 0
+ fi
+
+ conffile=/var/lib/dhcp3/dhclient_v6_$VAR(../@).conf
+ if [ ! -e $conffile ]; then
+ echo "Conf file $conffile doesn't exist"
+ exit 0
+ fi
+
+ if [ -n "$VAR(./parameters-only)" ]; then
+ arg1="--parameters-only"
+ fi
+
+ if [ -n "$VAR(./temporary)" ]; then
+ arg2="--temporary"
+ fi
+
+ echo "Re-starting DHCPv6 client on ${ifname}..."
+ sudo /opt/vyatta/sbin/vyatta-dhcpv6-client.pl --stop --start \
+ --ifname $ifname $arg1 $arg2
+
+ echo "Done."
+ exit 0 \ No newline at end of file
diff --git a/templates/interfaces/ethernet/node.tag/dhcpv6-options/parameters-only/node.def b/templates/interfaces/ethernet/node.tag/dhcpv6-options/parameters-only/node.def
new file mode 100644
index 00000000..0178c469
--- /dev/null
+++ b/templates/interfaces/ethernet/node.tag/dhcpv6-options/parameters-only/node.def
@@ -0,0 +1,3 @@
+
+help: Acquire only config parameters, not address, via DHCPv6
+
diff --git a/templates/interfaces/ethernet/node.tag/dhcpv6-options/temporary/node.def b/templates/interfaces/ethernet/node.tag/dhcpv6-options/temporary/node.def
new file mode 100644
index 00000000..afb9de9c
--- /dev/null
+++ b/templates/interfaces/ethernet/node.tag/dhcpv6-options/temporary/node.def
@@ -0,0 +1,3 @@
+
+help: Acquire a "temporary" IPv6 address
+
diff --git a/templates/interfaces/ethernet/node.tag/disable/node.def b/templates/interfaces/ethernet/node.tag/disable/node.def
index fbfb155a..5fe2b748 100644
--- a/templates/interfaces/ethernet/node.tag/disable/node.def
+++ b/templates/interfaces/ethernet/node.tag/disable/node.def
@@ -1,12 +1,12 @@
help: Set interface disabled
create: /etc/netplug/linkdown.d/dhclient $VAR(../@)
- if ! sudo ip link set $VAR(../@) down 2>/dev/null; then
+ if ! ip link set $VAR(../@) down 2>/dev/null; then
echo "Error disabling dev $VAR(../@)"
/etc/netplug/linkup.d/dhclient $VAR(../@)
exit 1
fi
delete: [ -d /sys/class/net/$VAR(../@) ] || exit 0
- if ! sudo ip link set $VAR(../@) up; then
+ if ! ip link set $VAR(../@) up; then
echo "Error enabling dev $VAR(../@)"
exit 1
fi
diff --git a/templates/interfaces/ethernet/node.tag/mtu/node.def b/templates/interfaces/ethernet/node.tag/mtu/node.def
index dc03ae16..f33158f8 100644
--- a/templates/interfaces/ethernet/node.tag/mtu/node.def
+++ b/templates/interfaces/ethernet/node.tag/mtu/node.def
@@ -1,8 +1,8 @@
type: u32
help: Set the Maximum Transmission Unit (MTU) for this interface
syntax:expression: $VAR(@) >= 68 && $VAR(@) <= 9000; "MTU must be between 68 and 9000"
-update: if ! sudo ip link set $VAR(../@) mtu $VAR(@)
+update: if ! ip link set $VAR(../@) mtu $VAR(@)
then echo "Error setting MTU on dev $VAR(../@)"; exit 1
fi
delete: [ -d /sys/class/net/$VAR(../@) ] || exit 0
- sudo ip link set $VAR(../@) mtu 1500
+ ip link set $VAR(../@) mtu 1500
diff --git a/templates/interfaces/ethernet/node.tag/vif/node.def b/templates/interfaces/ethernet/node.tag/vif/node.def
index b6b8abc7..c14ed002 100644
--- a/templates/interfaces/ethernet/node.tag/vif/node.def
+++ b/templates/interfaces/ethernet/node.tag/vif/node.def
@@ -5,17 +5,17 @@ help: Set Virtual Local Area Network (VLAN) ID
syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 4094; "VLAN ID must be between 0 and 4094"
-create: if ! sudo ip link add link $VAR(../@) name "$VAR(../@).$VAR(@)" type vlan id $VAR(@)
+create: if ! ip link add link $VAR(../@) name "$VAR(../@).$VAR(@)" type vlan id $VAR(@)
then echo "Error creating VLAN device $VAR(../@).$VAR(@)"
exit 1
fi
# if parent is up, then bring VLAN up
if [ $(( $(cat /sys/class/net/$VAR(../@)/flags) & 1 )) -eq 1 ]; then
- sudo ip link set "$VAR(../@).$VAR(@)" up
+ ip link set "$VAR(../@).$VAR(@)" up
fi
/opt/vyatta/sbin/vyatta-link-detect "$VAR(../@).$VAR(@)" on
delete: [ -d /sys/class/net/$VAR(../@) ] || exit 0
- sudo ip link delete dev "$VAR(../@).$VAR(@)" type vlan id $VAR(@)
+ ip link delete dev "$VAR(../@).$VAR(@)" type vlan id $VAR(@)
comp_help: possible completions:
<0-4094> Set VLAN ID
diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def
index dd3863a0..84fa14f1 100644
--- a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def
+++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def
@@ -14,13 +14,13 @@ end:
exit 1
else
echo "Adding interface $ethif to bridge $newbridge."
- sudo brctl addif $newbridge $ethif;
+ /usr/sbin/brctl addif $newbridge $ethif;
if [ -n "$VAR(./cost/@)" ]; then
- sudo brctl setpathcost $newbridge $ethif $VAR(./cost/@);
+ /usr/sbin/brctl setpathcost $newbridge $ethif $VAR(./cost/@);
fi;
if [ -n "$VAR(./priority/@)" ]; then
- sudo brctl setportprio $newbridge $ethif $VAR(./priority/@);
+ /usr/sbin/brctl setportprio $newbridge $ethif $VAR(./priority/@);
fi
fi
elif [ ${COMMIT_ACTION} = 'DELETE' ]; then
@@ -34,7 +34,7 @@ end:
# it gets deleted before the removal of bridge-groups under interfaces
exit 0
else
- sudo brctl delif $oldbridge $ethif
+ /usr/sbin/brctl delif $oldbridge $ethif
fi
else
if [ -z "$newbridge" ]; then
@@ -48,15 +48,15 @@ end:
if ! /opt/vyatta/sbin/vyatta-bridgegroup-depedency.pl \
--bridge-notin-proposedcfg \
--bridge-interface="$oldbridge"; then \
- sudo brctl delif $oldbridge $ethif
+ /usr/sbin/brctl delif $oldbridge $ethif
fi
- sudo brctl addif $newbridge $ethif
+ /usr/sbin/brctl addif $newbridge $ethif
fi
if [ -n "$VAR(./cost/@)" ]; then
- sudo brctl setpathcost $newbridge $ethif $VAR(./cost/@)
+ /usr/sbin/brctl setpathcost $newbridge $ethif $VAR(./cost/@)
fi
if [ -n "$VAR(./priority/@)" ]; then
- sudo brctl setportprio $newbridge $ethif $VAR(./priority/@)
+ /usr/sbin/brctl setportprio $newbridge $ethif $VAR(./priority/@)
fi
fi
fi
diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/disable/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/disable/node.def
index 78b24870..b2119c9c 100644
--- a/templates/interfaces/ethernet/node.tag/vif/node.tag/disable/node.def
+++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/disable/node.def
@@ -1,11 +1,11 @@
help: Set interface disabled
update: /etc/netplug/linkdown.d/dhclient $VAR(../../@).$VAR(../@)
- if ! sudo ip link set $VAR(../../@).$VAR(../@) down 2>/dev/null; then
+ if ! ip link set $VAR(../../@).$VAR(../@) down 2>/dev/null; then
echo "Error disabling dev $VAR(../../@).$VAR(../@)"
/etc/netplug/linkup.d/dhclient $VAR(../../@).$VAR(../@)
exit 1
fi
-delete: if ! sudo ip link set $VAR(../../@).$VAR(../@) up; then
+delete: if ! ip link set $VAR(../../@).$VAR(../@) up; then
echo "Error enabling dev $VAR(../../@).$VAR(../@)"
exit 1
fi
diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/ip/enable-proxy-arp/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/ip/enable-proxy-arp/node.def
new file mode 100644
index 00000000..a45d4129
--- /dev/null
+++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/ip/enable-proxy-arp/node.def
@@ -0,0 +1,3 @@
+help: Set to enable proxy-arp on this interface
+create:expression: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/$VAR(../../../@).$VAR(../../@)/proxy_arp\" "
+delete:expression: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/$VAR(../../../@).$VAR(../../@)/proxy_arp\" "
diff --git a/templates/interfaces/input/node.def b/templates/interfaces/input/node.def
index 2695b8a6..1873190c 100644
--- a/templates/interfaces/input/node.def
+++ b/templates/interfaces/input/node.def
@@ -2,9 +2,10 @@ tag:
priority: 310 # before real devices that redirect
type: txt
help: Set input functional block (IFB) interface
+comp_help: Enter input functional block interface name (ifb0 - ifb999)
+
syntax:expression: pattern $VAR(@) "^ifb[0-9]+$" ; "name must be (ifb0-ifb999)"
begin: [ -d /sys/module/ifb ] || sudo modprobe ifb numifbs=0
-create: sudo ip link add $VAR(@) type ifb && sudo ip link set $VAR(@) up
-delete: sudo ip link delete dev $VAR(@)
-comp_help: Enter input functional block interface name (ifb0 - ifb999)
+create: ip link add $VAR(@) type ifb && ip link set $VAR(@) up
+delete: ip link delete dev $VAR(@)
diff --git a/templates/interfaces/loopback/node.def b/templates/interfaces/loopback/node.def
index 8312aafe..b78cf10b 100644
--- a/templates/interfaces/loopback/node.def
+++ b/templates/interfaces/loopback/node.def
@@ -1,8 +1,9 @@
tag:
priority: 300
type: txt
-help: Set loopback interface
+help: Set loopback interface name
+comp_help: Enter looback interface name (lo)
syntax:expression: exec \
"/opt/vyatta/sbin/vyatta-interfaces.pl --dev=$VAR(@) --check=loopback"
allowed: /opt/vyatta/sbin/vyatta-interfaces.pl --show=loopback
-create: sudo ip link set $VAR(@) up
+create: ip link set $VAR(@) up
diff --git a/templates/interfaces/pseudo-ethernet/node.def b/templates/interfaces/pseudo-ethernet/node.def
index cdbff5c8..bf88b047 100644
--- a/templates/interfaces/pseudo-ethernet/node.def
+++ b/templates/interfaces/pseudo-ethernet/node.def
@@ -1,13 +1,13 @@
tag:
priority: 390
type: txt
-help: Set Virtual Ethernet device
+help: Set Pseudo Ethernet device name
+comp_help: Enter Pseudo Ethernet interface name (peth0 - peth999)
syntax:expression: pattern $VAR(@) "^peth[0-9]+$" \
; "name must be (peth0-peth999)"
commit:expression: $VAR(link) != ""
; "link device must be set for virtual ethernet $VAR(@)"
-create: sudo ip link add $VAR(@) link $VAR(link/@) type macvlan || exit 1
- sudo ip link set $VAR(@) up
+create: ip link add $VAR(@) link $VAR(link/@) type macvlan || exit 1
+ ip link set $VAR(@) up
/opt/vyatta/sbin/vyatta-link-detect $VAR(@) on
-delete: sudo ip link delete dev $VAR(@) type macvlan
-comp_help: Enter virtual ethernet interface name (peth0 - peth999)
+delete: ip link delete dev $VAR(@) type macvlan
diff --git a/templates/interfaces/pseudo-ethernet/node.tag/disable/node.def b/templates/interfaces/pseudo-ethernet/node.tag/disable/node.def
index 3d3ffef9..9dafeacf 100644
--- a/templates/interfaces/pseudo-ethernet/node.tag/disable/node.def
+++ b/templates/interfaces/pseudo-ethernet/node.tag/disable/node.def
@@ -5,12 +5,12 @@ create: vif=`/opt/vyatta/sbin/vyatta-interfaces.pl --vif=$VAR(../@) --show=all`
exit 1
fi
/etc/netplug/linkdown.d/dhclient $VAR(../@)
- if ! sudo ip link set $VAR(../@) down 2>/dev/null; then
+ if ! ip link set $VAR(../@) down 2>/dev/null; then
echo "Error disabling dev $VAR(../@)"
/etc/netplug/linkup.d/dhclient $VAR(../@)
exit 1
fi
-delete: if ! sudo ip link set $VAR(../@) up; then
+delete: if ! ip link set $VAR(../@) up; then
echo "Error enabling dev $VAR(../@)"
exit 1
fi
diff --git a/templates/interfaces/tunnel/node.def b/templates/interfaces/tunnel/node.def
index ba3fa49a..a90c01f9 100644
--- a/templates/interfaces/tunnel/node.def
+++ b/templates/interfaces/tunnel/node.def
@@ -2,7 +2,7 @@ tag:
priority: 380
type: txt
help: Set tunnel interface
-
+comp_help: Enter tunnel interface name (tun0 - tun999)
syntax:expression: pattern $VAR(@) "^tun[0-9]+$" \
; "tunnel must be (tun0-tun999)"
@@ -13,19 +13,28 @@ commit:expression: $VAR(./remote-ip/) != "" ; \
commit:expression: $VAR(./encapsulation/) != "" ; \
"Must configure the tunnel encapsulation for $VAR(@)"
-create:expression: "\
- if [ -n \"$VAR(./key/@)\" ]; then \
- KEY=\"key $VAR(./key/@)\"; \
- fi; \
- if [ x$VAR(./multicast/@) == xenable ]; then \
- MC=\"multicast on allmulticast on\"; \
- fi; \
- sudo ip tunnel add $VAR(@) \
- local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) \
- mode $VAR(./encapsulation/@) $KEY; \
- sudo ip link set $VAR(@) $MC up;" ; \
- "Error creating $VAR(@)"
+create:if [ -n "$VAR(./key/@)" ]; then
+ KEY="key $VAR(./key/@)";
+ fi
+ if [ x$VAR(./multicast/@) == xenable ]; then
+ MC="multicast on allmulticast on";
+ fi
+ if [ -n "$VAR(./bridge-group/)" ] && [ "$VAR(./encapsulation/@)" != "gre-bridge" ]; then
+ echo "interfaces tunnel $VAR(@): Tunnel encapsulation type must be gre-bridge if a bridge group is defined";
+ exit 1;
+ fi
+ if [ "$VAR(./encapsulation/@)" == "gre-bridge" ]; then
+ ip link add $VAR(@) type gretap local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) ||
+ echo "interfaces tunnel $VAR(@): error creating tunnel interface"
+ else
+ ip tunnel add $VAR(@) local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) mode $VAR(./encapsulation/@) $KEY ||
+ echo "interfaces tunnel $VAR(@): error creating tunnel interface"
+ fi
+ ip link set $VAR(@) $MC up ||
+ echo "interfaces tunnel $VAR(@): error setting tunnel interface active"
-delete:expression: "sudo ip tunnel del $VAR(@)" ; "Error deleting $VAR(@)"
-
-comp_help: Enter tunnel interface name (tun0 - tun999)
+delete:if [ "$VAR(./encapsulation/@)" == "gre-bridge" ]; then
+ ip link delete $VAR(@)
+ else
+ ip tunnel del $VAR(@)
+ fi
diff --git a/templates/interfaces/tunnel/node.tag/bridge-group/bridge/node.def b/templates/interfaces/tunnel/node.tag/bridge-group/bridge/node.def
new file mode 100644
index 00000000..9c28ed63
--- /dev/null
+++ b/templates/interfaces/tunnel/node.tag/bridge-group/bridge/node.def
@@ -0,0 +1,16 @@
+type: txt
+help: Set this interface to a bridge-group
+allowed: /opt/vyatta/sbin/vyatta-interfaces.pl --show=bridge
+commit:expression: exec \
+ "/opt/vyatta/sbin/vyatta-interfaces.pl --dev=$VAR(@) --check=bridge"
+commit:expression: $VAR(../../encapsulation/@) == "gre-bridge"; "tunnel encapsulation type must be gre-bridge"
+create:
+ # TODO: need to add logic for update as we need to remove the interface first.
+ if [ "$(ip link show $VAR(../../@) | grep ether)" ]; then
+ sudo brctl addif $VAR(@) $VAR(../../@) ||
+ echo interfaces tunnel $VAR(../../@) bridge-group bridge $VAR(@): error adding interface to bridge
+ else
+ echo interfaces tunnel $VAR(../../@) bridge-group bridge $VAR(@): tunnel encapsulation type must be gre-bridge
+ exit 1
+ fi
+delete: sudo brctl delif $VAR(@) $VAR(../../@)
diff --git a/templates/interfaces/tunnel/node.tag/bridge-group/cost/node.def b/templates/interfaces/tunnel/node.tag/bridge-group/cost/node.def
new file mode 100644
index 00000000..ed3bee26
--- /dev/null
+++ b/templates/interfaces/tunnel/node.tag/bridge-group/cost/node.def
@@ -0,0 +1,9 @@
+type: u32
+help: Set the path cost for this port
+comp_help: possible completions:
+ <0-2147483647> Set port cost
+commit:expression: $VAR(../bridge/@) != ""; "interface must first be assigned to a bridge"
+create: sudo brctl setpathcost $VAR(../bridge/@) $VAR(../../@) $VAR(@) ||
+ echo interfaces tunnel $VAR(../../@) bridge-group cost: error setting bridge cost
+delete: if [ -n "$( sudo brctl show | egrep $VAR(../../@) )" ]; then sudo brctl setpathcost $VAR(../bridge/@) $VAR(../../@) 0; fi;
+
diff --git a/templates/interfaces/tunnel/node.tag/bridge-group/node.def b/templates/interfaces/tunnel/node.tag/bridge-group/node.def
new file mode 100644
index 00000000..663979dd
--- /dev/null
+++ b/templates/interfaces/tunnel/node.tag/bridge-group/node.def
@@ -0,0 +1 @@
+help: Add this interface to a bridge group
diff --git a/templates/interfaces/tunnel/node.tag/bridge-group/priority/node.def b/templates/interfaces/tunnel/node.tag/bridge-group/priority/node.def
new file mode 100644
index 00000000..fe174f1f
--- /dev/null
+++ b/templates/interfaces/tunnel/node.tag/bridge-group/priority/node.def
@@ -0,0 +1,8 @@
+type: u32
+help: Set the path priority for this port
+comp_help: possible completions:
+ <0-255> Set port priority
+commit:expression: $VAR(../bridge/@) != ""; "interface must first be assigned to a bridge"
+create: sudo brctl setportprio $VAR(../bridge/@) $VAR(../../@) $VAR(@) ||
+ echo interfaces tunnel $VAR(../../@) bridge-group priority: error setting bridge priority
+delete: if [ -n "$( sudo brctl show | egrep "$VAR(../../@)" )" ]; then sudo brctl setportprio $VAR(../bridge/@) $VAR(../../@) 0; fi;
diff --git a/templates/interfaces/tunnel/node.tag/disable/node.def b/templates/interfaces/tunnel/node.tag/disable/node.def
index cd3c019a..26199646 100644
--- a/templates/interfaces/tunnel/node.tag/disable/node.def
+++ b/templates/interfaces/tunnel/node.tag/disable/node.def
@@ -1,6 +1,4 @@
help: Disable interface
-update:expression: "sudo ip link set $VAR(../@) down"; \
- "Error disabling dev $VAR(../@)"
+update: ip link set $VAR(../@) down
-delete:expression: "sudo ip link set $VAR(../@) up"; \
- "Error enabling dev $VAR(../@)"
+delete: ip link set $VAR(../@) up
diff --git a/templates/interfaces/tunnel/node.tag/encapsulation/node.def b/templates/interfaces/tunnel/node.tag/encapsulation/node.def
index 6b97b190..5374568c 100644
--- a/templates/interfaces/tunnel/node.tag/encapsulation/node.def
+++ b/templates/interfaces/tunnel/node.tag/encapsulation/node.def
@@ -1,13 +1,15 @@
type: txt
help: Set the encapsulation of this tunnel interface [REQUIRED]
-syntax:expression: $VAR(@) in "ipip", "gre", "sit"; "Must be (ipip, gre, sit)"
+syntax:expression: $VAR(@) in "ipip", "gre", "sit", "gre-bridge"; "Must be (ipip, gre, gre-bridge, sit)"
create:expression: "true"
update:expression: "false" ; \
"Encapsulation can only be set at tunnel creation for $VAR(../@)"
-comp_help: "possible completions:
+comp_help: possible completions:
gre Set Generic Routing Encapsulation
+ gre-bridge Set Generic Routing Encapsulation bridge interface
ipip Set IP in IP encapsulation
sit Set Simple Internet Transition encapsulation
+
diff --git a/templates/interfaces/tunnel/node.tag/key/node.def b/templates/interfaces/tunnel/node.tag/key/node.def
index 1ece7642..c137107c 100644
--- a/templates/interfaces/tunnel/node.tag/key/node.def
+++ b/templates/interfaces/tunnel/node.tag/key/node.def
@@ -3,7 +3,7 @@ help: Set the tunnel key
syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 999999; \
"Must be between 0-999999 for $VAR(../@)"
syntax:expression: exec " \
- if [ -n \"`sudo ip tunnel show $VAR(../@) | grep $VAR(../@) `\" ]; then \
+ if [ -n \"`ip tunnel show $VAR(../@) | grep $VAR(../@) `\" ]; then \
echo Key can only be set at tunnel creation for $VAR(../@); \
exit 1 ; \
fi ; "
diff --git a/templates/interfaces/tunnel/node.tag/mtu/node.def b/templates/interfaces/tunnel/node.tag/mtu/node.def
index f1fdf39b..400533f9 100644
--- a/templates/interfaces/tunnel/node.tag/mtu/node.def
+++ b/templates/interfaces/tunnel/node.tag/mtu/node.def
@@ -1,7 +1,7 @@
type: u32
help: Set the tunnel Maximum Transmission Unit (MTU)
syntax:expression: $VAR(@) >= 64 && $VAR(@) <= 8024; "Must be between 64-8024"
-update:expression: "sudo ip link set $VAR(../@) mtu $VAR(@)"
-delete:expression: "sudo ip link set $VAR(../@) mtu 1476"
+update: ip link set $VAR(../@) mtu $VAR(@)
+delete: ip link set $VAR(../@) mtu 1476
comp_help: possible completions:
<64-8024> Set MTU
diff --git a/templates/interfaces/tunnel/node.tag/tos/node.def b/templates/interfaces/tunnel/node.tag/tos/node.def
index 1f739966..58a4cee0 100644
--- a/templates/interfaces/tunnel/node.tag/tos/node.def
+++ b/templates/interfaces/tunnel/node.tag/tos/node.def
@@ -1,7 +1,7 @@
type: u32
help: Set the tunnel Type of Service (TOS)
syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 99; "Must be between 0-99"
-update:expression: "sudo ip tunnel change $VAR(../@) tos $VAR(@)"
-delete:expression: "sudo ip tunnel change $VAR(../@) tos inherit"
+update: ip tunnel change $VAR(../@) tos $VAR(@)
+delete: ip tunnel change $VAR(../@) tos inherit
comp_help: possible completions
<0-99> Set type of service
diff --git a/templates/interfaces/tunnel/node.tag/ttl/node.def b/templates/interfaces/tunnel/node.tag/ttl/node.def
index 298c4d61..cfab7264 100644
--- a/templates/interfaces/tunnel/node.tag/ttl/node.def
+++ b/templates/interfaces/tunnel/node.tag/ttl/node.def
@@ -1,8 +1,8 @@
type: u32
-help: Set the tunnel time to live field
default: 255
-syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 255; "Must be between 0-255"
-update:expression: "sudo ip tunnel change $VAR(../@) ttl $VAR(@)"
-delete:expression: "sudo ip tunnel change $VAR(../@) ttl inherit"
+help: Set the tunnel time to live field
comp_help: possible completions:
<0-255> Set time to live (default 255)
+syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 255; "Must be between 0-255"
+update:if [ "$VAR(../encapsulation/@)" != "gre-bridge" ]; then sudo ip tunnel change $VAR(../@) ttl $VAR(@); fi;
+delete:if [ "$VAR(../encapsulation/@)" != "gre-bridge" ]; then sudo ip tunnel change $VAR(../@) ttl inherit; fi;
diff --git a/templates/service/snmp/community/node.tag/client/node.def b/templates/service/snmp/community/node.tag/client/node.def
index 828faa97..427a9939 100644
--- a/templates/service/snmp/community/node.tag/client/node.def
+++ b/templates/service/snmp/community/node.tag/client/node.def
@@ -1,3 +1,3 @@
multi:
-type: ipv4
+type: ipv4,ipv6
help: Set IP address of SNMP client allowed to contact system
diff --git a/templates/service/snmp/community/node.tag/network/node.def b/templates/service/snmp/community/node.tag/network/node.def
index 00a77d4b..4b80a51b 100644
--- a/templates/service/snmp/community/node.tag/network/node.def
+++ b/templates/service/snmp/community/node.tag/network/node.def
@@ -1,4 +1,4 @@
multi:
-type: ipv4net
+type: ipv4net,ipv6net
help: Set subnet of SNMP client(s) allowed to contact system
syntax:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --check-prefix-boundry $VAR(@)"
diff --git a/templates/service/snmp/listen-address/node.def b/templates/service/snmp/listen-address/node.def
new file mode 100644
index 00000000..f234edc8
--- /dev/null
+++ b/templates/service/snmp/listen-address/node.def
@@ -0,0 +1,3 @@
+tag:
+type: ipv4,ipv6
+help: Set IP address to listen for incoming SNMP requests
diff --git a/templates/service/snmp/listen-address/node.tag/port/node.def b/templates/service/snmp/listen-address/node.tag/port/node.def
new file mode 100644
index 00000000..5a21b1d8
--- /dev/null
+++ b/templates/service/snmp/listen-address/node.tag/port/node.def
@@ -0,0 +1,3 @@
+type: u32
+default: 161
+help: Set port for SNMP service
diff --git a/templates/service/snmp/node.def b/templates/service/snmp/node.def
index 13b39fa7..2952eb34 100644
--- a/templates/service/snmp/node.def
+++ b/templates/service/snmp/node.def
@@ -1,6 +1,7 @@
priority: 980
help: Configure Simple Network Management Protocol (SNMP)
-commit:expression: $VAR(community/) != ""; "must configure a community"
+commit:expression: $VAR(community/) != "" || $VAR(community6/) != "" \
+ ; "must configure a community or community6"
delete: touch /tmp/snmp.$PPID
end:if [ -f "/tmp/snmp.$PPID" ]
diff --git a/templates/service/snmp/trap-source/node.def b/templates/service/snmp/trap-source/node.def
index d8add72c..61a8cd6a 100644
--- a/templates/service/snmp/trap-source/node.def
+++ b/templates/service/snmp/trap-source/node.def
@@ -1,2 +1,2 @@
-type: ipv4
+type: ipv4,ipv6
help: Set SNMP trap source address
diff --git a/templates/service/snmp/trap-target/node.def b/templates/service/snmp/trap-target/node.def
index 493484b7..561bc1ac 100644
--- a/templates/service/snmp/trap-target/node.def
+++ b/templates/service/snmp/trap-target/node.def
@@ -1,3 +1,3 @@
tag:
-type: ipv4
-help: Set IP address of trap target
+type: ipv4,ipv6
+help: Set address of trap target
diff --git a/templates/system/domain-name/node.def b/templates/system/domain-name/node.def
index 96ccc7ae..fa8527d9 100644
--- a/templates/system/domain-name/node.def
+++ b/templates/system/domain-name/node.def
@@ -4,7 +4,7 @@ help: Set system domain name
syntax:expression: pattern $VAR(@) "^[-a-zA-Z0-9.]{0,63}$" ; "invalid domain name $VAR(@)"
# also add localhost line into /etc/hosts (see host-name template)?
-update:expression: "sudo /opt/vyatta/sbin/vyatta_update_resolv.pl"
+update: sudo /opt/vyatta/sbin/vyatta_update_resolv.pl
# also update localhost line in /etc/hosts (see host-name template)?
-delete:expression: "sudo /opt/vyatta/sbin/vyatta_update_resolv.pl"
+delete: sudo /opt/vyatta/sbin/vyatta_update_resolv.pl