* run start-up script vyatta-config-reboot-params very early in boot process

  This script executes scripts lying in the following directory:
  /opt/vyatta/bin/sudo-users/check-params-on-reboot.d
  Scripts in check-params-on-reboot.d are intended for parameters
  that require a reboot to take effect after they are set/changed.
  Because of the reboot requirement, underlying value and related
  config paramter value can become out-of-sync in couple of cases:
  1. change parameter value, don't save config, reboot. Underlying
     value is different than the value in config file.
  2. install new image; when new image boots, underlying value is
     the default Vyatta shipped value not the value in config file.
     More info: http://bugzilla.vyatta.com/show_bug.cgi?id=6915#c1

 This check-in also adds ipv6_disable_blacklist script in
 check-params-on-reboot.d to fix the above mentioned problem
 for 'system ipv6 disable' and 'system ipv6 blacklist'

5 files changed, 81 insertions, 0 deletions

diff --git a/Makefile.am b/Makefile.am
index 74784522..0fabe989 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2,6 +2,8 @@ cfgdir = $(datadir)/vyatta-cfg/templates
 share_perl5dir = $(datarootdir)/perl5/Vyatta/Login
 bin_sudo_usersdir = $(bindir)/sudo-users
 curverdir = $(sysconfdir)/config-migrate/current
+checkparamsonrebootdir = $(bindir)/sudo-users/check-params-on-reboot.d
+initddir = /etc/init.d
 netplugupdir = /etc/netplug/linkup.d
 netplugdowndir = /etc/netplug/linkdown.d
 modprobedir = /etc/modprobe.d
@@ -10,6 +12,11 @@ modprobe_DATA = etc/modprobe.d/no-copybreak.conf
 bin_SCRIPTS =
 sbin_SCRIPTS =
 sysconf_DATA =
+initd_SCRIPTS =
+checkparamsonreboot_SCRIPTS =
+
+initd_SCRIPTS += etc/init.d/vyatta-config-reboot-params
+checkparamsonreboot_SCRIPTS += scripts/check-params-on-reboot.d/ipv6_disable_blacklist
 
 netplugup_SCRIPTS = scripts/netplug/linkup/dhclient
 netplugdown_SCRIPTS = scripts/netplug/linkdown/dhclient
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index 7daa3134..a443b891 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -232,6 +232,9 @@ do
   fi
 done
 
+# add vyatta-config-reboot-params to start at boot up
+update-rc.d vyatta-config-reboot-params defaults
+
 # Local Variables:
 # mode: shell-script
 # sh-indentation: 4
diff --git a/debian/vyatta-cfg-system.postrm b/debian/vyatta-cfg-system.postrm
index 89d919ce..413780b5 100644
--- a/debian/vyatta-cfg-system.postrm
+++ b/debian/vyatta-cfg-system.postrm
@@ -3,6 +3,7 @@
 if [ "$1" = "purge" ]; then
     sed -i -e '/### BEGIN VYATTA/,/### END VYATTA/d' /etc/sudoers
     sed -i -e 'g/^password/d' /etc/pam.d/password
+    update-rc.d vyatta-config-reboot-params remove
 fi
 
 # Local Variables:
diff --git a/etc/init.d/vyatta-config-reboot-params b/etc/init.d/vyatta-config-reboot-params
new file mode 100755
index 00000000..ad724b75
--- /dev/null
+++ b/etc/init.d/vyatta-config-reboot-params
@@ -0,0 +1,46 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          vyatta-config-reboot-params
+# Required-Start:    $local_fs
+# X-Start-Before:    module-init-tools
+# Required-Stop:
+# Default-Start:     S
+# Default-Stop:
+# Short-Description: Rectify underlying values for parameters requiring reboot.
+# Description:       This script runs very early in the boot process so that
+#		     parameters requiring a reboot get set to the same value as
+#		     in the config file. To show how the underlying value can
+#                    be different than the parameter in config file, let's take
+#                    the case of 'firewall conntrack-hash-size' which requires
+#                    a reboot after it is changed to a different value:
+#		     user sets conntrack-hash-size but doesn't save config; then
+#                    on reboot conntrack module loads with a different value of
+#                    conntrack-hash-size than parameter in config file. When
+#                    config file loads at a later stage, underlying value for
+#                    conntrack-hash-size gets set to parameter in config file
+#                    but for that to take affect another reboot is required.
+#                    More information about this is available at:
+#                    http://bugzilla.vyatta.com/show_bug.cgi?id=6915#c1
+#                    When run, this script executes scripts placed in
+#                    /opt/vyatta/bin/sudo-users/check-params-on-reboot.d where
+#                    scripts for different parameters requiring a reboot should
+#                    be placed. Scripts placed in check-params-on-reboot.d are
+#                    responsible for making sure that the value in the config
+#                    file matches the underlying value of the parameter. All
+#                    scripts placed in check-params-on-reboot.d are passed
+#                    the configuration boot file as an argument.
+### END INIT INFO
+#
+
+: ${vyatta_env:=/etc/default/vyatta}
+source $vyatta_env
+
+declare -x BOOTFILE=$vyatta_sysconfdir/config/config.boot
+
+case "$1" in
+  start) ;;
+  stop|restart|force-reload|status) exit 0 ;;
+  *) echo "Usage: $0 {start|stop|restart|force-reload}" >&2; exit 1 ;;
+esac
+
+run-parts -a $BOOTFILE /opt/vyatta/bin/sudo-users/check-params-on-reboot.d
diff --git a/scripts/check-params-on-reboot.d/ipv6_disable_blacklist b/scripts/check-params-on-reboot.d/ipv6_disable_blacklist
new file mode 100755
index 00000000..2fcb762a
--- /dev/null
+++ b/scripts/check-params-on-reboot.d/ipv6_disable_blacklist
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# fix IPv6 disable/blacklist on reboot
+#
+
+BOOTFILE=$1
+
+cli-shell-api cfExists $BOOTFILE system ipv6 disable
+ipv6_disable_cfg=`echo $?`
+if [ "$ipv6_disable_cfg" == "0" ]; then
+        sudo sh -c "echo options ipv6 disable_ipv6=1 > \
+                /etc/modprobe.d/vyatta_disable_ipv6.conf"
+else
+        sudo sh -c "rm -f /etc/modprobe.d/vyatta_disable_ipv6.conf"
+fi
+
+cli-shell-api cfExists $BOOTFILE system ipv6 blacklist
+ipv6_blacklist_cfg=`echo $?`
+if [ "$ipv6_blacklist_cfg" == "0" ]; then
+        sudo sh -c "echo blacklist ipv6 > \
+                /etc/modprobe.d/vyatta_blacklist_ipv6.conf"
+else
+        sudo sh -c "rm -f /etc/modprobe.d/vyatta_blacklist_ipv6.conf"
+fi