diff options
68 files changed, 2053 insertions, 265 deletions
diff --git a/Makefile.am b/Makefile.am index 7f148153..a018961f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -15,7 +15,7 @@ bin_SCRIPTS += scripts/vyatta-functions sbin_SCRIPTS += scripts/init-floppy sbin_SCRIPTS += scripts/rl-system.init sbin_SCRIPTS += scripts/install-system -sbin_SCRIPTS += scripts/grub-setup +sbin_SCRIPTS += scripts/vyatta-grub-setup sbin_SCRIPTS += scripts/quick-install sbin_SCRIPTS += scripts/standalone_root_pw_reset sbin_SCRIPTS += scripts/vyatta-passwd-sync @@ -30,6 +30,10 @@ sbin_SCRIPTS += scripts/keepalived/vyatta-vrrp-state.pl sbin_SCRIPTS += scripts/telnetd.init sbin_SCRIPTS += scripts/add_bootfile_eth_hwid sbin_SCRIPTS += scripts/mod_bootfile_eth_hwid +sbin_SCRIPTS += scripts/dns-forwarding/vyatta-dns-forwarding.pl +sbin_SCRIPTS += scripts/dynamic-dns/vyatta-dynamic-dns.pl +sbin_SCRIPTS += scripts/vyatta-system-nameservers +sbin_SCRIPTS += scripts/vyatta-bonding.pl noinst_DATA = test_bootfile diff --git a/debian/control b/debian/control index 2888d0e3..b8128287 100644 --- a/debian/control +++ b/debian/control @@ -28,13 +28,19 @@ Depends: sed (>= 4.1.5), openssh-server (>= 1:5.1p1-3), ed, tshark, - iputils-arping + ifenslave-2.6, + iputils-arping, installation-report, laptop-detect, usbutils, tasksel, snmp, - tcpdump + tcpdump, + dnsmasq, + mdadm, + ddclient, + libio-socket-ssl-perl +Pre-Depends: bash-completion Suggests: util-linux (>= 2.13-5), net-tools, ethtool, diff --git a/debian/copyright b/debian/copyright index f12deb1f..5eb46c84 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,7 +1,8 @@ This package was debianized by An-Cheng Huang <ancheng@vyatta.com> on Thu, 18 Oct 2007 11:03:18 -0700. -It's original content from the GIT repository <http://vyatt.com/git/vyatta-cfg-system> +It's original content from the GIT repository + <http://vyatt.com/git/vyatta-cfg-system> Upstream Author: diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index b484c2a1..21d7ff32 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -7,7 +7,7 @@ bindir=@bindir@ sbindir=@sbindir@ # remove init of daemons that we start/stop -for init in ntp ssh snmpd openhpid vyatta-keepalived ipvsadm; do +for init in ntp ssh snmpd openhpid vyatta-keepalived ipvsadm dnsmasq ddclient; do update-rc.d -f ${init} remove >/dev/null done @@ -59,8 +59,8 @@ Cmnd_Alias ETHTOOLP = /usr/sbin/ethtool -p * Cmnd_Alias DATE = /bin/date, /usr/sbin/ntpdate Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump -%operator ALL=NOPASSWD: /sbin/reboot, DATE, IPTABLES, ETHTOOLP, IPFLUSH, \ - PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon +%operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOLP, IPFLUSH, \ + PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, /usr/bin/lsof EOF cat <<EOF >>/etc/sudoers %users ALL=NOPASSWD: ${bindir}/sudo-users/ @@ -105,6 +105,19 @@ sed -i 's/^set /builtin set /' /etc/bash_completion rm -f /etc/ssh/*.broken update-rc.d -f ssh remove >/dev/null +# Fix up PAM configuration for login so that invalid users are prompted +# for password +sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login + +[ grep "blacklist.*snd-pcsp" >&/dev/null ] || echo "blacklist snd-pcsp" >>/etc/modprobe.d/blacklist + +# +# Ask mdadm to call our own event handling daemon +# +if [ -e /etc/default/mdadm ]; then + sed -i 's+^DAEMON_OPTIONS=.*$+DAEMON_OPTIONS="--syslog --program /opt/vyatta/sbin/vyatta-raid-event"+' /etc/default/mdadm +fi + # Local Variables: # mode: shell-script # sh-indentation: 4 diff --git a/scripts/dns-forwarding/vyatta-dns-forwarding.pl b/scripts/dns-forwarding/vyatta-dns-forwarding.pl new file mode 100644 index 00000000..6cdcfaa0 --- /dev/null +++ b/scripts/dns-forwarding/vyatta-dns-forwarding.pl @@ -0,0 +1,313 @@ +#!/usr/bin/perl +# +# Module: vyatta-dns-forwarding.pl +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2008 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Mohit Mehta +# Date: August 2008 +# Description: Script to glue Vyatta CLI to dnsmasq daemon +# +# **** End License **** +# + +use lib "/opt/vyatta/share/perl5/"; +use VyattaConfig; +use VyattaMisc; +use Getopt::Long; + +use strict; +use warnings; + +my $dnsforwarding_init = '/etc/init.d/dnsmasq'; +my $dnsforwarding_conf = '/etc/dnsmasq.conf'; + + +sub dnsforwarding_restart { + system("$dnsforwarding_init restart >&/dev/null"); +} + +sub dnsforwarding_stop { + system("$dnsforwarding_init stop >&/dev/null"); +} + +sub dnsforwarding_get_constants { + my $output; + + my $date = `date`; + chomp $date; + $output = "#\n# autogenerated by vyatta-dns-forwarding.pl on $date\n#\n"; + $output .= "log-facility=/var/log/dnsmasq.log\n"; + $output .= "no-poll\n"; + system("rm -f /var/log/dnsmasq.log; touch /var/log/dnsmasq.log"); + return $output; +} + +sub dnsforwarding_get_values { + + my $dhclient_script = shift; + + my $output = ''; + my $config = new VyattaConfig; + my $use_dnsmasq_conf = 0; + my (@listen_interfaces, $cache_size, @use_nameservers, $use_system_nameservers, @use_dhcp_nameservers); + + $config->setLevel("service dns forwarding"); + + if ($dhclient_script == 1){ + $config->{_active_dir_base} = "/opt/vyatta/config/active/"; + @listen_interfaces = $config->returnOrigValues("listen-on"); + $cache_size = $config->returnOrigValue("cache-size"); + @use_nameservers = $config->returnOrigValues("name-server"); + $use_system_nameservers = $config->existsOrig("system"); + @use_dhcp_nameservers = $config->returnOrigValues("dhcp"); + + } else { + @listen_interfaces = $config->returnValues("listen-on"); + $cache_size = $config->returnValue("cache-size"); + @use_nameservers = $config->returnValues("name-server"); + $use_system_nameservers = $config->exists("system"); + @use_dhcp_nameservers = $config->returnValues("dhcp"); + } + + if (@listen_interfaces != 0) { + foreach my $interface (@listen_interfaces) { + $output .= "interface=$interface\n"; + } + } + + if (defined $cache_size) { + $output .= "cache-size=$cache_size\n"; + } + + if (@use_nameservers != 0){ + $use_dnsmasq_conf = 1; + foreach my $cli_nameserver (@use_nameservers) { + $output .= "server=$cli_nameserver\t# statically configured\n"; + } + } + + if (defined($use_system_nameservers)) { + $use_dnsmasq_conf = 1; + my $sys_config = new VyattaConfig; + $sys_config->setLevel("system"); + my @system_nameservers; + if ($dhclient_script == 1){ + $sys_config->{_active_dir_base} = "/opt/vyatta/config/active/"; + @system_nameservers = $sys_config->returnOrigValues("name-server"); + } else { + @system_nameservers = $sys_config->returnValues("name-server"); + } + if (@system_nameservers > 0) { + foreach my $system_nameserver (@system_nameservers) { + $output .= "server=$system_nameserver\t# system\n"; + } + } + } + + if (@use_dhcp_nameservers != 0) { + $use_dnsmasq_conf = 1; + foreach my $interface (@use_dhcp_nameservers) { + my $dhcp_nameserver_count=`grep nameserver /etc/resolv.conf.dhclient-new-$interface 2>/dev/null | wc -l`; + if ($dhcp_nameserver_count > 0) { + my @dhcp_nameservers = `grep nameserver /etc/resolv.conf.dhclient-new-$interface`; + for my $each_nameserver (@dhcp_nameservers) { + my @nameserver = split(/ /, $each_nameserver, 2); + my $ns = $nameserver[1]; + chomp $ns; + $output .= "server=$ns\t# dhcp $interface\n"; + } + } + } + } + + if ($use_dnsmasq_conf == 1) { + $output .= "resolv-file=/etc/dnsmasq.conf\n"; + } + + return $output; +} + +sub dnsforwarding_write_file { + my ($config) = @_; + + open(my $fh, '>', $dnsforwarding_conf) || die "Couldn't open $dnsforwarding_conf - $!"; + print $fh $config; + close $fh; +} + +sub check_nameserver { + + my $cmd = `grep nameserver /etc/resolv.conf 2>/dev/null | wc -l`; + return $cmd; +} + +sub check_system_nameserver { + + my $config = new VyattaConfig; + $config->setLevel("system"); + my @system_nameservers = $config->returnValues("name-server"); + return(@system_nameservers); + +} + +sub check_dhcp_any_interface { + + my $config = new VyattaConfig; + $config->setLevel("interfaces ethernet"); + my @eths = $config->listNodes("."); + foreach my $eth (@eths) { + $config->setLevel("interfaces ethernet $eth"); + my @addrs = $config->returnOrigValues("address"); + foreach my $addr (@addrs) { + if (defined $addr && $addr eq "dhcp") { + return 1; + } + } + my @vifs = $config->listNodes("vif"); + foreach my $vif (@vifs) { + $config->setLevel("interfaces ethernet $eth vif $vif"); + my @addrs = $config->returnOrigValues("address"); + foreach my $addr (@addrs) { + if (defined $addr && $addr eq "dhcp") { + return 1; + } + } + } + } + + $config->setLevel("interfaces bridge"); + my @bridges = $config->listNodes("."); + foreach my $bridge (@bridges) { + $config->setLevel("interfaces bridge $bridge"); + my @addrs = $config->returnOrigValues("address"); + foreach my $addr (@addrs) { + if (defined $addr && $addr eq "dhcp") { + return 1; + } + } + } + + return 0; + +} + +sub is_dhcp_enabled { + my $intf = shift; + + my $config = new VyattaConfig; + + if ($intf =~ m/^eth/) { + if ($intf =~ m/(\w+)\.(\d+)/) { + $config->setLevel("interfaces ethernet $1 vif $2"); + } else { + $config->setLevel("interfaces ethernet $intf"); + } + } elsif ($intf =~ m/^br/) { + $config->setLevel("interfaces bridge $intf"); + } else { + # + # currently we only support dhcp on ethernet + # and bridge interfaces. + # + return 0; + } + my @addrs = $config->returnOrigValues("address"); + foreach my $addr (@addrs) { + if (defined $addr && $addr eq "dhcp") { + return 1; + } + } + return 0; +} + +sub check_dhcp_interface { + + my $interface = shift; + + if (!is_dhcp_enabled($interface)) { + print "DNS forwarding error: $interface is not using DHCP to get an IP address\n"; + return 0; + } + + if (-e "/var/run/vyatta/dhclient/dhclient_release_$interface") { + # dhcp released for the interface + print "DNS forwarding warning: DHCP lease for $interface has been released by user\n"; + } + + return 1; +} + + +# +# main +# + +my ($update_dnsforwarding, $stop_dnsforwarding, $system_nameserver, $dhcp_interface, $dhclient_script); + +GetOptions("update-dnsforwarding!" => \$update_dnsforwarding, + "stop-dnsforwarding!" => \$stop_dnsforwarding, + "system-nameserver!" => \$system_nameserver, + "dhclient-script!" => \$dhclient_script, + "dhcp-interface=s" => \$dhcp_interface); + +if (defined $system_nameserver) { + my $system_nameserver_exists = check_system_nameserver(); + if ($system_nameserver_exists < 1){ + print "DNS forwarding warning: No name-servers set under 'system name-server'\n"; + } +} + +if (defined $dhcp_interface) { + if (!check_dhcp_interface($dhcp_interface)){ + exit 1; + } +} + +if (defined $update_dnsforwarding) { + my $config; + my $vyatta_config = new VyattaConfig; + + $vyatta_config->setLevel("service dns forwarding"); + my $use_system_nameservers = $vyatta_config->exists("system"); + my @use_dhcp_nameservers = $vyatta_config->returnValues("dhcp"); + my @use_nameservers = $vyatta_config->returnValues("name-server"); + + if (!(defined $use_system_nameservers) && (@use_dhcp_nameservers == 0) && (@use_nameservers == 0)) { + my $nameserver_exists = check_nameserver(); + my $dhcp_enabled_any_interface = check_dhcp_any_interface(); + if ($nameserver_exists < 1 && $dhcp_enabled_any_interface == 0){ + print "DNS forwarding warning: No name-servers to forward DNS queries\n"; + } + } + + my $called_from_dhclient_script = 0; + if (defined $dhclient_script){ + $called_from_dhclient_script = 1; + } + $config = dnsforwarding_get_constants(); + $config .= dnsforwarding_get_values($called_from_dhclient_script); + dnsforwarding_write_file($config); + dnsforwarding_restart(); +} + +if (defined $stop_dnsforwarding) { + dnsforwarding_stop(); +} + +exit 0; + +# end of file + diff --git a/scripts/dynamic-dns/vyatta-dynamic-dns.pl b/scripts/dynamic-dns/vyatta-dynamic-dns.pl new file mode 100644 index 00000000..06bd1ee5 --- /dev/null +++ b/scripts/dynamic-dns/vyatta-dynamic-dns.pl @@ -0,0 +1,151 @@ +#!/usr/bin/perl +# +# Module: vyatta-dynamic-dns.pl +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2008 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Mohit Mehta +# Date: September 2008 +# Description: Script to run ddclient per interface as set in Vyatta CLI +# +# **** End License **** +# + +use lib "/opt/vyatta/share/perl5/"; +use VyattaConfig; +use VyattaMisc; +use Getopt::Long; + +use strict; +use warnings; +use Switch; + +my $ddclient_run_dir = '/var/run/ddclient'; +my $ddclient_cache_dir = '/var/cache/ddclient'; +my $ddclient_config_dir = '/etc/ddclient'; + +# +# main +# + +my ($update_dynamicdns, $op_mode_update_dynamicdns, $stop_dynamicdns, $interface); + +GetOptions("update-dynamicdns!" => \$update_dynamicdns, + "stop-dynamicdns!" => \$stop_dynamicdns, + "op-mode-update-dynamicdns!" => \$op_mode_update_dynamicdns, + "interface=s" => \$interface); + +if (defined $update_dynamicdns) { + my $config; + $config = dynamicdns_get_constants(); + $config .= dynamicdns_get_values(); + dynamicdns_write_file($config); + dynamicdns_restart(); +} + +if (defined $op_mode_update_dynamicdns) { + dynamicdns_restart(); +} + +if (defined $stop_dynamicdns) { + dynamicdns_stop(); +} + +exit 0; + +# +# subroutines +# + +sub dynamicdns_restart { + dynamicdns_stop(); + dynamicdns_start(); +} + +sub dynamicdns_start { + + if(! -d $ddclient_run_dir ){ + system ("mkdir $ddclient_run_dir\;"); + } + if(! -d $ddclient_cache_dir ){ + system ("mkdir $ddclient_cache_dir\;"); + } + + system("/usr/sbin/ddclient -file $ddclient_config_dir/ddclient_$interface.conf >&/dev/null"); + +} + +sub dynamicdns_stop { + system("kill -9 `cat $ddclient_run_dir/ddclient_$interface.pid 2>/dev/null` >&/dev/null"); + system("rm -f $ddclient_cache_dir/ddclient_$interface.cache >&/dev/null"); +} + +sub dynamicdns_get_constants { + my $output; + + my $date = `date`; + chomp $date; + $output = "#\n# autogenerated by vyatta-dynamic-dns.pl on $date\n#\n"; + $output .= "daemon=1m\n"; + $output .= "syslog=yes\n"; + $output .= "ssl=yes\n"; + $output .= "pid=$ddclient_run_dir/ddclient_$interface.pid\n"; + $output .= "cache=$ddclient_cache_dir/ddclient_$interface.cache\n"; + $output .= "use=if, if=$interface\n\n\n"; + return $output; +} + +sub dynamicdns_get_values { + + my $output = ''; + my $config = new VyattaConfig; + $config->setLevel("service dns dynamic interface $interface"); + + my @services = $config->listNodes("service"); + foreach my $service (@services) { + $config->setLevel("service dns dynamic interface $interface service $service"); + switch ($service) { + case "dslreports" {$service="dslreports1";} + case "dyndns" {$service="dyndns2";} + case "zoneedit" {$service="zoneedit1";} + } + my $login = $config->returnValue("login"); + my $password = $config->returnValue("password"); + my @hostnames = $config->returnValues("host-name"); + foreach my $hostname (@hostnames) { + $output .= "protocol=$service\n"; + $output .= "max-interval=28d\n"; + $output .= "login=$login\n"; + $output .= "password='$password'\n"; + $output .= "$hostname\n\n"; + } + } + + return $output; +} + +sub dynamicdns_write_file { + my ($config) = @_; + + if(! -d $ddclient_config_dir ){ + system ("mkdir $ddclient_config_dir\;"); + } + open(my $fh, '>', "$ddclient_config_dir/ddclient_$interface.conf") || die "Couldn't open \"$ddclient_config_dir/ddclient_$interface.conf\" - $!"; + print $fh $config; + close $fh; +} + + +# end of file diff --git a/scripts/install-system b/scripts/install-system index a704d4a7..9980e210 100755..100644 --- a/scripts/install-system +++ b/scripts/install-system @@ -30,6 +30,7 @@ if [ -e /etc/default/vyatta ] ; then . /etc/default/vyatta fi + : ${vyatta_prefix:=/opt/vyatta} : ${vyatta_exec_prefix:=$vyatta_prefix} : ${vyatta_bindir:=${vyatta_exec_prefix}/bin} @@ -40,6 +41,9 @@ ofrconfdir=${vyatta_sysconfdir}/config fdconfdir=/media/floppy/config rootfsdir=/mnt/rootfs +# By default this is not a union install +# UNION=false + # install log file name INSTALL_LOG="install.log" # root partition minimum size in MB @@ -201,12 +205,227 @@ probe_drives () { done } + +warn_of_dire_consequences () { + # Give the user a requisite warning that we are about to nuke their drive + response='' + while [ -z $response ] + do + echo "This will destroy all data on /dev/$INSTALL_DRIVE." + echo -n "Continue? (Yes/No) [No]: " + response=$(get_response "No" "Yes No Y N") + + if [ "$response" == "no" ] || [ "$response" == "n" ]; then + echo "Ok then. Exiting..." + exit 1 + fi + done +} + + + +check_for_old_raid () { + # First, trigger construction of previously configured RAID groups + echo -n "Looking for pre-existing RAID groups..." + raid_config=`mdadm --examine --scan` + if [ -z "$raid_config" ]; then + echo "none found." + return + fi + + echo "found some." + echo "Trying to configure pre-existing RAID groups..." + mdadm --assemble --scan --auto=yes --symlink=no + + # Identify physical drives + raid_drives=$(cat /proc/partitions | awk '{ if ($4!="name") { print $4 } }' | grep "md" | egrep -v "^$") + + if [ -z "$raid_drives" ]; then + echo "Unable to configure any RAID groups." + return + fi + + numraids=`echo $raid_drives | wc -w` + + if [ $numraids -eq 1 ]; then + echo "The following RAID group is now configured:" + else + echo "The following RAID groups are now configured:" + fi + + for drive in $raid_drives + do + cat /proc/mdstat | grep --after-context 2 ^$drive | sed -e 's/^/\t/' + done + + if [ $numraids -eq 1 ]; then + echo -n "Would you like to use this one? (Yes/No) [Yes]:" + else + echo -n "Would you like to use one of these? (Yes/No) [Yes]:" + fi + + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "no" ] || [ "$response" == "n" ]; then + echo "Ok. Not using existing RAID groups." + echo "Stopping existing RAID groups:" + mdadm --stop --scan + return + fi + + if [ $numraids -eq 1 ]; then + INSTALL_DRIVE=$raid_drives + else + # take the first drive as the default + INSTALL_DRIVE=$(echo $raid_drives | /usr/bin/awk '{ print $1 }') + echo -n "Which one would you like to use? ($raid_drives) [$INSTALL_DRIVE]: " + INSTALL_DRIVE=$(get_response "$INSTALL_DRIVE" "$drives") + fi + + echo "Using RAID partition $INSTALL_DRIVE" + + warn_of_dire_consequences + + ROOT_PARTITION=$INSTALL_DRIVE + + # make sure we aren't working on a mounted part + unmount "$INSTALL_DRIVE" + + # check for an old config on the partition + check_config_partition "$ROOT_PARTITION" + + # create the ext3 fs on the part + make_filesystem "$ROOT_PARTITION" + + INSTALL_METHOD=RAID +} + +check_for_new_raid () { + # Identify physical drives + drives=$(cat /proc/partitions | awk '{ if ($4!="name") { print $4 } }' | egrep -v "[0-9]$" | egrep -v "^$") + + numdrives=`echo $drives | wc -w` + + if [ $numdrives -ne 2 ]; then + # debug + echo "check_for_new_raid: don't have 2 drives" + return + fi + + drive1=`echo $drives | awk '{ print $1 }'` + drive2=`echo $drives | awk '{ print $2 }'` + + drivesize1=$(get_drive_size $drive1) + drivesize2=$(get_drive_size $drive2) + + if [ $drivesize1 -ne $drivesize2 ]; then + # debug + echo "check_for_new_raid: have 2 drives, but different sizes" + return + fi + + echo "You have two identical disk drives:" + echo -e "\t$drive1 \t$drivesize1 MB" + echo -e "\t$drive2 \t$drivesize2 MB" + + echo -n "Would you like to configure RAID-1 mirroring on them? (Yes/No) [Yes]:" + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "no" ] || [ "$response" == "n" ]; then + echo "Ok. Not configuring RAID-1." + return + fi + + # Configure RAID-1 + echo "This process will erase all data on both drives." + echo -n "Are you sure you want to do this? (Yes/No) [No]: " + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "no" ] || [ "$response" == "n" ]; then + echo "Ok. Not configuring RAID-1." + return + fi + + for drive in $drives + do + echo "Deleting old partitions on drive $drive" + # remove any existing partitions on that drive + delete_partitions "$drive" + done + + # Need to leave space on both disks between the MBR and the start + # of the first partition for grub. Grub needs to embed a large + # boot image there when booting off RAID devices. + # + # Partition creation variables are in units of megabytes. + part_start_offset=2 + part_diag_size=60 + + echo "Would you like me to create a $part_diag_size MB partition for diagnostics?" + echo -n "(Yes/No) [No]: " + diag_response=$(get_response "No" "Yes No Y N") + if [ "$diag_response" == "yes" ] || [ "$diag_response" == "y" ]; then + for drive in $drives + do + echo "Creating diag partition on drive $drive" + create_partitions "$drive" $part_diag_size $part_start_offset "no" + sfdisk --change-id /dev/$drive 1 0x6 + done + data_dev=2 + let part_start_offset+=$part_diag_size + else + data_dev=1 + fi + + for drive in $drives + do + echo "Creating data partition: /dev/${drive}${data_dev}" + size=$(get_drive_size $drive) + let size-=$part_start_offset + create_partitions "$drive" $size $part_start_offset "no" + sfdisk --change-id /dev/$drive $data_dev 0xfd + done + + # Must give partition device time to settle + sleep 5 + echo + + for drive in $drives + do + echo "Erasing any previous RAID metadata that may exist on /dev/${drive}${data_dev}" + mdadm --zero-superblock /dev/${drive}${data_dev} + done + + echo "Creating RAID-1 group on partitions: /dev/${drive1}${data_dev} /dev/${drive2}${data_dev}" + + raid_dev=md0 + mdadm --create /dev/$raid_dev --level=1 --raid-disks=2 /dev/${drive1}${data_dev} /dev/${drive2}${data_dev} + + if [ $? = 0 -a -e /dev/$raid_dev ]; then + echo "RAID-1 group created successfully:" + cat /proc/mdstat | grep --after-context 2 ^$raid_dev | sed -e 's/^/\t/' + else + echo "Unable to create RAID-1 group!" + return + fi + + INSTALL_DRIVE=$raid_dev + ROOT_PARTITION=$INSTALL_DRIVE + + # Give device time to settle... + sleep 5 + + # create the ext3 fs on the part + make_filesystem "$ROOT_PARTITION" + + INSTALL_METHOD=RAID +} + + # Takes an argument to display text before choice # Sets INSTALL_DRIVE. Note that select_drive should be wrapped # in the verification loop, not the included get_response. select_drive () { # list the drives in /proc/partitions. Remove partitions and empty lines. - drives=$(cat /proc/partitions | awk '{ if ($4!="name") { print $4 } }' | egrep -v "[0-9]$" | egrep -v "^$") + # the first grep pattern looks for devices named c0d0, hda, and sda. + drives=$(cat /proc/partitions | awk '{ if ($4!="name") { print $4 } }' | egrep "c[0-9]d[0-9]$|[hs]d[a-z]$" | egrep -v "^$") # take the first drive as the default INSTALL_DRIVE=$(echo $drives | /usr/bin/awk '{ print $1 }') @@ -219,12 +438,16 @@ select_drive () { display="$display $drive\t$size"MB"\n" done - # Display the drives and ask the user which one to install to - echo -e "$display" - echo - echo -n "$1 [$INSTALL_DRIVE]:" + while true + do + # Display the drives and ask the user which one to install to + echo -e "$display" + echo + echo -n "$1 [$INSTALL_DRIVE]:" + response=$(get_response "$INSTALL_DRIVE" "$drives") && break + done + INSTALL_DRIVE="$response" - INSTALL_DRIVE=$(get_response "$INSTALL_DRIVE" "$drives") echo # Assume no dma if the disk is smaller than 10G (such as a CF drive) @@ -241,6 +464,7 @@ select_drive () { select_partition () { minsize=$1 text=$2 + exclude=$3 echo -n "Looking for appropriate partitions: " progress_indicator start @@ -251,13 +475,28 @@ select_partition () { # list only the partitions in /proc/partitions. parts=$(cat /proc/partitions | awk '{ if ($4!="name") { print $4 " "} }' | egrep "[0-9]" | egrep -v "loop" | tr -d '\n') + # remove any partitions we have already previously used + if [ -n "$exclude" ]; then + for part in $parts; + do + temp=$(echo $part | egrep -v $exclude) + parts_temp="$parts_temp $temp" + done + parts=$parts_temp + fi + # Get the partition sizes for display # only show linux partitions that have sizes, i.e. remove loops display='' + myparts='' for part in $parts do - rootdev=$(echo $part | sed 's/[0-9]//g') - parttype=$(fdisk -l /dev/$rootdev | grep $part | grep Linux) + if [ ${part:0:2} = "md" ]; then + parttype="RAID" + else + rootdev=$(echo $part | sed 's/[0-9]//g') + parttype=$(fdisk -l /dev/$rootdev | grep $part | grep Linux) + fi if [ -n "$parttype" ]; then lsize=$(get_drive_size $part) if [ "$lsize" -a $lsize -ge $minsize ]; then @@ -352,7 +591,8 @@ delete_partitions () { ldrive=$1 # get the partitions on the drive - partitions=$(cat /proc/partitions | grep $ldrive[0-9] | awk '{ print $4 }' | sed 's/[a-z]//g') + # in the first grep below we add the optional [p] in order to accomdate cciss drives + partitions=$(cat /proc/partitions | grep $ldrive[p]*[0-9] | awk '{ print $4 }' | sed 's/\(.*\)\([0-9]$\)/\2/g' | grep -v "^$") # now for each part, blow it away for part in $partitions @@ -386,7 +626,7 @@ make_filesystem () { status=$? if [ "$status" != 0 ]; then echo -e "Error: couldn't create the root filesystem.\nSee $INSTALL_LOG for further details.\nExiting..." - echo -e "Error: couldn't create the root filesystem.\n/sbin/mke2fs -j /dev/$lDRIVE\n$output" + echo -e "Error: couldn't create the root filesystem.\n/sbin/mke2fs -j /dev/$ldrive\n$output" exit 1 fi progress_indicator stop @@ -400,6 +640,8 @@ make_filesystem () { create_partitions() { ldrive=$1 root_part_size=$2 + start_offset=$3 + initialize_fs=$4 # Make sure there is enough space on drive size=$(get_drive_size "$ldrive") @@ -411,7 +653,7 @@ create_partitions() { echo "Creating root partition on /dev/$ldrive" >> $INSTALL_LOG # make the root partition - output=$(parted /dev/$ldrive mkpart primary 0 $root_part_size) + output=$(parted /dev/$ldrive mkpart primary $start_offset $root_part_size) status=$? if [ "$status" != 0 ]; then echo -e "Error creating primary partition on $ldrive.\nPlease see $INSTALL_LOG for more details.\nExiting..." @@ -419,21 +661,31 @@ create_partitions() { exit 1 fi - ROOT_PARTITION=$ldrive"1" + # set the partition number on the device. + if [ -n "$( echo $ldrive | grep cciss )" ]; then + # if this is a cciss + ROOT_PARTITION=$ldrive"p1" + else + # else... the rest of the world + ROOT_PARTITION=$ldrive"1" + fi # udev takes time to re-add the device file, so wait for it while [ ! -b "/dev/$ROOT_PARTITION" ] do sleep 1 done - # make the root and config ext3 file systems. - make_filesystem "$ROOT_PARTITION" + if [ "$initialize_fs" = "yes" ]; then + # make the root and config ext3 file systems. + make_filesystem "$ROOT_PARTITION" + fi } # Install the root filesystem # $1 is the partition to install on install_root_filesystem () { ldrive=$1 + version=$(egrep -i version /opt/vyatta/etc/version | awk '{ print $3 }') dpkg="/usr/bin/dpkg --force-all --root=$rootfsdir" echo "Mounting /dev/$ldrive " @@ -452,49 +704,69 @@ install_root_filesystem () { exit 1 fi - echo -n "Copying system image files to /dev/$ROOT_PARTITION: " - progress_indicator start - # Mount the squashfs for copying - output=$(mkdir -p /mnt/squashfs) - output=$(mount /live/image/live/filesystem.squashfs /mnt/squashfs -t squashfs -o loop) - status=$? + if [ -z $UNION ]; then + echo -n "Copying system image files to /dev/$ROOT_PARTITION: " + progress_indicator start + # Mount the squashfs for copying + output=$(mkdir -p /mnt/squashfs) + if [ -f /live/image/live/filesystem.squashfs ]; then + output=$(mount /live/image/live/filesystem.squashfs /mnt/squashfs -t squashfs -o loop) + status=$? + elif [ -f /live/image/boot/$version/$version.squashfs ]; then + output=$(mount /live/image/boot/$version/$version.squashfs /mnt/squashfs -t squashfs -o loop) + status=$? + else + echo -e "Error: Unable to find a squash image. \nExiting..." + fi - if [ "$status" != 0 ]; then - echo -e "Error trying to mount the squashfs.\nPlease see install log for more details.\nExiting..." - echo -e "Error trying to mount the squashfs.\nmount /live/image/live/filesystem.squashfs /mnt/squashfs -t squashfs -o loop\n$output" >> $INSTALL_LOG - exit 1 - fi + if [ "$status" != 0 ]; then + echo -e "Error trying to mount the squashfs.\nPlease see install log for more details.\nExiting..." + echo -e "Error trying to mount the squashfs.\nmount /live/image/live/filesystem.squashfs /mnt/squashfs -t squashfs -o loop\n$output" >> $INSTALL_LOG + exit 1 + fi - output=$(cp -pR /mnt/squashfs/* $rootfsdir/) - status=$? + output=$(cp -pR /mnt/squashfs/* $rootfsdir/) + status=$? - if [ "$status" != 0 ]; then - echo -e "Error trying to copy the rootfs.\nPlease see install log for more details.\nExiting. -.." - echo -e "Error trying to copy the rootfs.\ncp -pR /mnt/squashfs/* $rootfsdir/\n$output" >> $INSTALL_LOG - exit 1 - fi + if [ "$status" != 0 ]; then + echo -e "Error trying to copy the rootfs.\nPlease see install log for more details.\nExiting..." + echo -e "Error trying to copy the rootfs.\ncp -pR /mnt/squashfs/* $rootfsdir/\n$output" >> $INSTALL_LOG + exit 1 + fi - # unmount the squashfs. No big deal if it fails. - output=$(umount /mnt/squashfs) + # unmount the squashfs. No big deal if it fails. + output=$(umount /mnt/squashfs) - # create the fstab - local rootdev="/dev/$ROOT_PARTITION"; - uuid=$(dumpe2fs -h $rootdev 2>/dev/null | awk '/^Filesystem UUID/ {print $3}') - if [ -z "$uuid" ] - then - echo "Unable to read filesystem UUID. Exiting." - exit 1 - else - echo -e "UUID=$uuid\t/\text3\tdefaults\t0 1" >> $rootfsdir/etc/fstab - fi + # create the fstab + local rootdev="/dev/$ROOT_PARTITION"; + uuid=$(dumpe2fs -h $rootdev 2>/dev/null | awk '/^Filesystem UUID/ {print $3}') + if [ -z "$uuid" ] + then + echo "Unable to read filesystem UUID. Exiting." + exit 1 + else + echo -e "UUID=$uuid\t/\text3\tdefaults\t0 1" >> $rootfsdir/etc/fstab + fi - #setup the hostname file - cp /etc/hostname $rootfsdir/etc/ - cp /etc/hosts $rootfsdir/etc/ + #setup the hostname file + cp /etc/hostname $rootfsdir/etc/ + cp /etc/hosts $rootfsdir/etc/ - progress_indicator stop - echo "OK" + progress_indicator stop + echo "OK" + else + mkdir -p $rootfsdir/boot/$version + if [ -f /live/image/live/filesystem.squashfs ]; then + echo Copying squashfs image... + cp /live/image/live/filesystem.squashfs $rootfsdir/boot/$version/$version.squashfs + echo Copying kernel and initrd images... + cp -ar /boot/initrd.img-* $rootfsdir/boot/$version/ + cp -ar /boot/vmlinuz-* $rootfsdir/boot/$version/ + else + echo Copying image files... + cp -ar /live/image/boot/$version $rootfsdir/boot/ + fi + fi } # copy the configuration to the config partition @@ -565,9 +837,23 @@ copy_config () { change_password() { local user=$1 - local pwd - read pwd - local epwd=$(mkpasswd -H md5 $pwd | sed 's:/:\\/:g') + local pwd1="1" + local pwd2="2" + + until [ "$pwd1" == "$pwd2" ] + do + read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 1>&0 + echo + read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 1>&0 + echo + + if [ "$pwd1" != "$pwd2" ] + then echo "Passwords do not match" + fi + done + + # escape any slashes in resulting password + local epwd=$(mkpasswd -H md5 "$pwd1" | sed 's:/:\\/:g') sed -i \ -e "/ user $user {/,/}/s/encrypted-password:.*\$/encrypted-password: \"$epwd\"/" \ @@ -579,9 +865,7 @@ system_setup () { local response=$(get_response "Yes" "Yes No Y N") if [ "$response" == "yes" ] || [ "$response" == "y" ]; then - echo -n 'System administrator (root) password: ' change_password root - echo -n 'Router administrator (vyatta) password: ' change_password vyatta fi } @@ -589,10 +873,12 @@ system_setup () { # setup grub on the boot sector of a user queried drive install_grub () { - orig_install_drive="$INSTALL_DRIVE" # we now use INSTALL_DRIVE to reference the grub boot drive. # that way I can re-use select_drive. I'm lazy that way. - INSTALL_DRIVE='' + + if [ ${INSTALL_DRIVE:0:2} != "md" ]; then + INSTALL_DRIVE='' + fi mkdir -p $rootfsdir/boot/grub # Let the user choose the boot sector @@ -609,7 +895,7 @@ install_grub () { # Install grub in the boot sector of the primary drive progress_indicator start - grub-install --no-floppy --root-directory=$rootfsdir /dev/$INSTALL_DRIVE >>$INSTALL_LOG 2>&1 + grub-install --no-floppy --recheck --root-directory=$rootfsdir /dev/$INSTALL_DRIVE >>$INSTALL_LOG 2>&1 progress_indicator stop # Assume no dma if the disk is smaller than 10G (such as a CF drive) @@ -619,7 +905,23 @@ install_grub () { grub_options="ide=nodma" fi - if /opt/vyatta/sbin/grub-setup "$ROOT_PARTITION" "$grub_options" /mnt/rootfs >>$INSTALL_LOG + # Check if using aufs + if grep -q aufs /proc/filesystems + then + if [ -z "$grub_options" ] + then + grub_options="union=aufs" + else + grub_options="$grub_options union=aufs" + fi + fi + + # if union install tell vyatta-grub-setup + if [ ! -z $UNION ]; then + version=$(egrep -i version /opt/vyatta/etc/version | awk '{ print $3 }') + grub_args="-u $version" + fi + if /opt/vyatta/sbin/vyatta-grub-setup $grub_args "$ROOT_PARTITION" "$grub_options" /mnt/rootfs >>$INSTALL_LOG then echo "OK" else @@ -639,7 +941,7 @@ setup_method_manual() { echo -e "\n\n" # if this is parted, let the user create the partitions - if [ "$method" == "parted" ] || [ "$method" == "p" ]; then + if [ "$INSTALL_METHOD" == "parted" ] || [ "$INSTALL_METHOD" == "p" ]; then while [ -z "$INSTALL_DRIVE" ] do # TODO: right now we only run parted on a single drive @@ -678,10 +980,15 @@ setup_method_manual() { make_filesystem "$ROOT_PARTITION" # We need to set the INSTALL_DRIVE if it wasn't set when the user ran parted - # We assume that we will use the boot sector of the same drive that the partition is on + # We assume that we will use the boot sector of the same drive that the + # partition is on. # TODO: Allow different drives to function as the boot device if [ -z "$INSTALL_DRIVE" ]; then - INSTALL_DRIVE=$(echo $ROOT_PARTITION | sed 's/[0-9]//g') + if [ ${ROOT_PARTITION:0:2} = "md" ]; then + INSTALL_DRIVE=$ROOT_PARTITION + else + INSTALL_DRIVE=$(echo $ROOT_PARTITION | sed 's/[0-9]//g') + fi fi } @@ -709,19 +1016,7 @@ setup_method_auto() { fi done - # Give the user a requisite warning that we are about to nuke their drive - response='' - while [ -z $response ] - do - echo "This will destroy all data on /dev/$INSTALL_DRIVE." - echo -n "Continue? (Yes/No) [No]: " - response=$(get_response "No" "Yes No Y N") - - if [ "$response" == "no" ] || [ "$response" == "n" ]; then - echo "Ok then. Exiting..." - exit 1 - fi - done + warn_of_dire_consequences echo @@ -750,7 +1045,74 @@ setup_method_auto() { echo # now take the data and create the partitions - create_partitions "$INSTALL_DRIVE" "$ROOT_PARTITION_SIZE" + create_partitions "$INSTALL_DRIVE" "$ROOT_PARTITION_SIZE" 0 "yes" +} + +# walk the user through a union setup +# sets globals INSTALL_DRIVE, ROOT_PARTITION, CONFIG_PARTITION +setup_method_union() { + UNION=1 + + echo "A union install requires an image partition of at least 250mbs." + echo "If you want to accomodate more than one image on the partition," + echo "it should be larger. Each image is roughly 200mbs. This " + echo "partition will be the bootable partition for this machine." + echo + + # Ask for the image partition and make sure it's valid + while [ -z "$ROOT_PARTITION" ] + do + select_partition 250 "Which partition should I install the images on?" + # Note that PARTITION is defined in select partition + ROOT_PARTITION=$PARTITION + unmount "$ROOT_PARTITION" + vd=$(grep $ROOT_PARTITION /proc/partitions | awk '{ print $4 }') + + if [ -z "$vd" ]; then + echo + echo "$ROOT_PARTITION is an invalid partition. Please try again." + ROOT_PARTITION="" + fi + done + + echo Creating filesystem on $ROOT_PARTITION + make_filesystem $ROOT_PARTITION + + echo + echo "An optional writable persistent root partition may also" + echo "be created. This partition will allow you to store " + echo "files between reboots and upgrade packages." + echo + echo -n "Would you like to create a persistent root partition? (Yes/No) [Yes]: " + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "yes" ] || [ "$response" == "y" ]; then + echo "The persistent root partition should be a minimum of 50mbs" + echo "for log files. If you plan on adding any other software or" + echo "upgrading it, the root partition should be large enough to" + echo "accomodate those packages" + + # Ask for the union partition and make sure it's valid + while [ -z "$UNION_PARTITION" ] + do + select_partition 50 "Which partition should I install the binary images on?" "$ROOT_PARTITION" + # Note that PARTITION is defined in select partition + UNION_PARTITION=$PARTITION + unmount "$UNION_PARTITION" + vd=$(grep $UNION_PARTITION /proc/partitions | awk '{ print $4 }') + + if [ -z "$vd" ]; then + echo + echo "$UNION_PARTITION is an invalid partition. Please try again." + UNION_PARTITION="" + fi + done + + echo Creating filesystems on $ROOT_PARTITION + make_filesystem $UNION_PARTITION + + echo Labeling $UNION_PARTITION + e2label /dev/$UNION_PARTITION live-rw + fi } unmount () { @@ -859,37 +1221,60 @@ probe_drives progress_indicator stop echo "OK" -echo "The Vyatta image will require a minimum ${ROOT_MIN}MB root." -echo "Would you like me to try to partition a drive automatically" -echo "or would you rather partition it manually with parted? If" -echo "you have already setup your partitions, you may skip this step." -echo +INSTALL_METHOD='' +check_for_old_raid +if [ -z "$INSTALL_METHOD" ]; then + check_for_new_raid +fi -method='' -while [ -z $method ] -do - echo -n "Partition (Auto/Parted/Skip) [Auto]: " - method=$(get_response "Auto" "Auto Parted Skip A P S") -done +if [ -z "$INSTALL_METHOD" ]; then + echo "The Vyatta image will require a minimum ${ROOT_MIN}MB root." + echo "Would you like me to try to partition a drive automatically" + echo "or would you rather partition it manually with parted? If" + echo "you have already setup your partitions, you may skip this step." + echo -echo + while [ -z $INSTALL_METHOD ] + do + echo -n "Partition (Auto/Union/Parted/Skip) [Auto]: " + INSTALL_METHOD=$(get_response "Auto" "Auto Parted Skip Union A P S U") + done + + echo +fi # TODO: Note installs assume an LBA BIOS. So no boot partition currently. # also note that we are not creating a swap partition right now. -if [ "$method" == "parted" ] || [ "$method" == "p" ]; then +if [ "$INSTALL_METHOD" == "parted" ] || [ "$INSTALL_METHOD" == "p" ]; then setup_method_manual "parted" -elif [ "$method" == "skip" ] || [ "$method" == "s" ]; then +elif [ "$INSTALL_METHOD" == "skip" ] || [ "$INSTALL_METHOD" == "s" ]; then setup_method_manual "skip" -elif [ "$method" == "auto" ] || [ "$method" == "a" ]; then +elif [ "$INSTALL_METHOD" == "auto" ] || [ "$INSTALL_METHOD" == "a" ]; then + setup_method_auto +elif [ "$INSTALL_METHOD" == "union" ] || [ "$INSTALL_METHOD" == "u" ]; then + echo "A union install requires an image partition of at least 250mbs." + echo "If you want to accomodate more than one image on the partition," + echo "it should be larger. Each image is roughly 200mbs. This " + echo "partition will be the bootable partition for this machine." + echo + + UNION=1 setup_method_auto -elif [ "$method" == "vyatta" ]; then +elif [ "$INSTALL_METHOD" == "vyatta" ]; then echo "Automated install..." echo "unmounting $INSTALL_DRIVE" unmount "$INSTALL_DRIVE" echo "deleting partitions on $INSTALL_DRIVE" delete_partitions "$INSTALL_DRIVE" echo "creating config partition" - create_partitions "$INSTALL_DRIVE" "$ROOT_PARTITION_SIZE" + create_partitions "$INSTALL_DRIVE" "$ROOT_PARTITION_SIZE" 0 "yes" +fi + +if [ ! -d /live/image -o -w /live/image ]; then + if [ -z $UNION ]; then + echo "install-system can only be run from livecd" + exit 1 + fi fi # Install the root filesystem @@ -910,9 +1295,18 @@ setup_xen_partition_images # Install grub install_grub -# Fix up PAM configuration for login so that invalid users are prompted -# for password -sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login +if [ -z $UNION ]; then + # Fix up PAM configuration for login so that invalid users are prompted + # for password + sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login +fi + +# postinst hook +if [ -e /opt/vyatta/etc/install-system/postinst ]; then + echo "running post-install script" + /opt/vyatta/etc/install-system/postinst $rootfsdir >>$INSTALL_LOG +fi + cp $INSTALL_LOG $rootfsdir/install.log diff --git a/scripts/rl-system.init b/scripts/rl-system.init index 36a4f64f..5391d409 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -121,7 +121,7 @@ clear_or_override_config_files () udev_rescan () { rm -f /tmp/vyatta_net_name_* - udevtrigger --subsystem-match=net && udevsettle + udevadm trigger --subsystem-match=net && udevsettle for ff in /tmp/vyatta_net_name_* ; do f=${ff##*/} cmd_name_hwid=${f/vyatta_net_name_/} diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index b43485b3..6de63fb0 100644 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -49,11 +49,11 @@ sub snmp_init { } sub snmp_restart { - system("$snmp_init restart"); + system("$snmp_init restart > /dev/null 2>&1 &"); } sub snmp_stop { - system("$snmp_init stop"); + system("$snmp_init stop > /dev/null 2>&1"); } sub snmp_get_constants { @@ -127,10 +127,18 @@ sub snmp_get_values { my @trap_targets = $config->returnValues("trap-target"); if ($#trap_targets >= 0) { - # code for creating a snmpv3 user, setting access-level for it and use user to do internal snmpv3 requests - snmp_create_snmpv3_user(); - snmp_write_snmpv3_user(); - $output .= "iquerySecName vyatta\n"; + + # linkUpDownNotifications configure the Event MIB tables to monitor the ifTable for network interfaces being taken up or down + # for making internal queries to retrieve any necessary information a snmpv3 user needs to be created + # we write appropriate values to /var/lib/snmp/snmpd.conf and /usr/share/snmp/snmpd.conf to do so + # any external snmpv3 queries (from localhost or any other ip) using this username will not be responded to + + my $generate_vyatta_user_append_string = join "", map { unpack "H*", chr(rand(256)) } 1..8; #generate a random 16 character hex string + #create an internal snmpv3 user of the form 'vyattaxxxxxxxxxxxxxxxx' + my $vyatta_user = "vyatta" . "$generate_vyatta_user_append_string"; + snmp_create_snmpv3_user($vyatta_user); + snmp_write_snmpv3_user($vyatta_user); + $output .= "iquerySecName $vyatta_user\n"; # code to activate link up down traps $output .= "linkUpDownNotifications yes\n"; } @@ -143,7 +151,9 @@ sub snmp_get_values { sub snmp_create_snmpv3_user { - my $createuser = "createUser vyatta MD5 \"vyatta\" DES"; + my $vyatta_user = shift; + my $passphrase = join "", map { unpack "H*", chr(rand(256)) } 1..16; #generate a random 32 character hex string + my $createuser = "createUser $vyatta_user MD5 \"$passphrase\" DES"; open(my $fh, '>>', $snmp_snmpv3_createuser_conf) || die "Couldn't open $snmp_snmpv3_createuser_conf - $!"; print $fh $createuser; close $fh; @@ -151,8 +161,10 @@ sub snmp_create_snmpv3_user { sub snmp_write_snmpv3_user { - my $user = "rwuser vyatta"; - open(my $fh, '>', $snmp_snmpv3_user_conf) || die "Couldn't open $snmp_snmpv3_user_conf - $!"; + my $vyatta_user = shift; + my $user = "rouser $vyatta_user\n"; + system ("sed -i '/user[[:space:]]*vyatta[[:alnum:]]*/d' $snmp_snmpv3_user_conf;"); + open(my $fh, '>>', $snmp_snmpv3_user_conf) || die "Couldn't open $snmp_snmpv3_user_conf - $!"; print $fh $user; close $fh; } diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset index 336d534d..f08bf7d6 100755 --- a/scripts/standalone_root_pw_reset +++ b/scripts/standalone_root_pw_reset @@ -14,7 +14,7 @@ # All Rights Reserved. # # Author: Bob Gilligan <gilligan@vyatta.com> -# Description: Standalone script to reset the root passwd to factory default +# Description: Standalone script to set the root passwd to new value # value. Note: This script can ONLY be run as a standalone # init program by grub. # @@ -23,6 +23,31 @@ # The Vyatta config file: CF=/opt/vyatta/etc/config/config.boot +change_password() { + local user=$1 + local pwd1="1" + local pwd2="2" + + until [ "$pwd1" == "$pwd2" ] + do + read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 1>&0 + echo + read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 1>&0 + echo + + if [ "$pwd1" != "$pwd2" ] + then echo "Passwords do not match" + fi + done + + # escape any slashes in resulting password + local epwd=$(mkpasswd -H md5 "$pwd1" | sed 's:/:\\/:g') + + sed -i \ + -e "/ user $user {/,/}/s/encrypted-password:.*\$/encrypted-password: \"$epwd\"/" \ + $CF +} + echo "Standalone root password recovery tool." echo # @@ -67,19 +92,9 @@ fi echo "Saving backup copy of config.boot..." cp $CF ${CF}.before_pwrecovery -echo "Reseting the root password..." - -# change system first -newpwd=`mkpasswd -H md5 vyatta` -usermod --password "$newpwd" root - -# escape / in encrypted passwd -pw=$(echo $newpwd | sed 's:/:\\/:g') -sed -i \ - -e "/^.* user root {/,/}/s/encrypted-password .*\$/encrypted-password \"$pw\"/" \ - $CF +echo "Setting the root password..." -echo $(date "+%b%e %T") $(hostname) "Root password reset to factory value" \ +echo $(date "+%b%e %T") $(hostname) "Root password changed" \ | tee -a /var/log/auth.log >>/var/log/messages sync diff --git a/scripts/system/vyatta_update_login.pl b/scripts/system/vyatta_update_login.pl index bd103c57..dbe4e338 100755 --- a/scripts/system/vyatta_update_login.pl +++ b/scripts/system/vyatta_update_login.pl @@ -53,8 +53,8 @@ my %reasons = ( # Map of level to additional groups my %level_map = ( - 'admin' => [ 'quaggavty', 'vyattacfg', 'sudo', 'adm', ], - 'operator' => [ 'quaggavty', 'operator', 'adm', ], + 'admin' => [ 'quaggavty', 'vyattacfg', 'sudo', 'adm', 'dip', ], + 'operator' => [ 'quaggavty', 'operator', 'adm', 'dip', ], ); # we have some users diff --git a/scripts/system/vyatta_update_resolv.pl b/scripts/system/vyatta_update_resolv.pl index b35cae4a..8f0e9ead 100755 --- a/scripts/system/vyatta_update_resolv.pl +++ b/scripts/system/vyatta_update_resolv.pl @@ -74,14 +74,14 @@ foreach my $domain (@domains) { # add domain names received from dhcp client to domain search in /etc/resolv.conf if domain-name not set in CLI if (!defined($domain_name)) { - my @dhcp_interfaces_resolv_files = `ls /etc/ | grep dhclient.new`; + my @dhcp_interfaces_resolv_files = `ls /etc/ | grep resolv.conf.dhclient-new`; if ($#dhcp_interfaces_resolv_files >= 0) { for my $each_file (@dhcp_interfaces_resolv_files) { chomp $each_file; - my $find_search = `grep search /etc/$each_file 2> /dev/null | wc -l`; + my $find_search = `grep "^search" /etc/$each_file 2> /dev/null | wc -l`; if ($find_search == 1) { - my $search_string = `grep search /etc/$each_file`; - my @dhcp_domains = split(/ /, $search_string, 2); + my $search_string = `grep "^search" /etc/$each_file`; + my @dhcp_domains = split(/\s+/, $search_string, 2); my $dhcp_domain = $dhcp_domains[1]; chomp $dhcp_domain; $doms .= ' ' . $dhcp_domain; @@ -107,7 +107,7 @@ if ($dhclient_script == 1) { # code below to add new name-servers received from dhcp client - my @dhcp_interfaces_resolv_files = `ls /etc/ | grep dhclient.new`; + my @dhcp_interfaces_resolv_files = `ls /etc/ | grep resolv.conf.dhclient-new`; if ($#dhcp_interfaces_resolv_files >= 0) { my $ns_count = 0; for my $each_file (@dhcp_interfaces_resolv_files) { @@ -121,8 +121,19 @@ if ($dhclient_script == 1) { chomp $ns; $current_dhcp_nameservers[$ns_count] = $ns; $ns_count++; - my $search_ns_in_resolvconf = `grep $ns /etc/resolv.conf 2> /dev/null | wc -l`; - if ($search_ns_in_resolvconf == 0) { + my @search_ns_in_resolvconf = `grep $ns /etc/resolv.conf`; + my $ns_in_resolvconf = 0; + if (@search_ns_in_resolvconf > 0) { + foreach my $ns_resolvconf (@search_ns_in_resolvconf) { + my @resolv_ns = split(/\s+/, $ns_resolvconf); + my $final_ns = $resolv_ns[1]; + chomp $final_ns; + if ($final_ns eq $ns) { + $ns_in_resolvconf = 1; + } + } + } + if ($ns_in_resolvconf == 0) { open (APPEND, ">>/etc/resolv.conf") or die "$! error trying to overwrite"; print APPEND "nameserver\t$ns\t\t#nameserver written by $0\n"; close (APPEND); @@ -145,7 +156,7 @@ if ($dhclient_script == 1) { } if ($#current_dhcp_nameservers < 0) { for my $dhcpnameserver (@dhcp_nameservers_in_resolvconf) { - my $cmd = "sed -i '/$dhcpnameserver/d' /etc/resolv.conf"; + my $cmd = "sed -i '/$dhcpnameserver\t/d' /etc/resolv.conf"; system($cmd); $restart_ntp = 1; } @@ -158,7 +169,7 @@ if ($dhclient_script == 1) { } } if ($found == 0) { - my $cmd = "sed -i '/$dhcpnameserver/d' /etc/resolv.conf"; + my $cmd = "sed -i '/$dhcpnameserver\t/d' /etc/resolv.conf"; system($cmd); $restart_ntp = 1; } diff --git a/scripts/system/vyatta_update_syslog.pl b/scripts/system/vyatta_update_syslog.pl index a55fe615..e6a381f7 100755 --- a/scripts/system/vyatta_update_syslog.pl +++ b/scripts/system/vyatta_update_syslog.pl @@ -42,10 +42,4 @@ if ($update_line ne "") { } close OUT; -sleep 1; -if (system("/usr/sbin/invoke-rc.d sysklogd restart")) { - exit 5; -} - exit 0; - diff --git a/scripts/vyatta-bonding.pl b/scripts/vyatta-bonding.pl new file mode 100755 index 00000000..4e44d67b --- /dev/null +++ b/scripts/vyatta-bonding.pl @@ -0,0 +1,106 @@ +#!/usr/bin/perl +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# A copy of the GNU General Public License is available as +# `/usr/share/common-licenses/GPL' in the Debian GNU/Linux distribution +# or on the World Wide Web at `http://www.gnu.org/copyleft/gpl.html'. +# You can also obtain it by writing to the Free Software Foundation, +# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Stephen Hemminger +# Date: September 2008 +# Description: Script to setup bonding interfaces +# +# **** End License **** +# + +use lib "/opt/vyatta/share/perl5/"; +use VyattaConfig; + +use Getopt::Long; +use strict; +use warnings; + +my %modes = ( + "round-robin" => 0, + "active-backup" => 1, + "xor-hash" => 2, + "broadcast" => 3, + "802.3ad" => 4, + "transmit-load-balance" => 5, + "adaptive-load-balance" => 6, +); + +sub create_bond { + my $bond = shift; + my $config = new VyattaConfig; + + $config->setLevel("interfaces bonding $bond"); + my $mode = $modes{$config->returnValue("mode")}; + defined $mode or die "bonding mode not defined"; + + system("sudo modprobe -o \"$bond\" bonding mode=$mode") == 0 + or die "modprobe of bonding failed: $!\n"; + + system("sudo ip link set \"$bond\" up") == 0 + or die "enabling $bond failed: $!\n"; + + $config->setLevel("interfaces ethernet"); + for my $intf ( $config->listNodes() ) { + my $group = $config->returnValue("bond-group"); + if (defined $group && $group eq $bond ) { + system("sudo ifenslave $bond $intf") == 0 + or die "Adding $intf to $bond failed\n"; + } + } +} + +sub delete_bond { + my $bond = shift; + system("sudo rmmod \"$bond\"") == 0 + or die "removal of bonding module failed: $!\n"; +} + +# See if bonding device exists and the mode has changed +sub change_bond { + my $bond = shift; + my $config = new VyattaConfig; + + $config->setLevel("interfaces bonding"); + if ( !( $config->isAdded($bond) || $config->isDeleted($bond) ) + && $config->isChanged("$bond mode") ) + { + delete_bond($bond); + create_bond($bond); + } + exit 0; +} + +sub usage { + print "Usage: $0 --create bondX\n"; + print " --delete bondX\n"; + print " --mode-change bondX\n"; + exit 1; +} + +GetOptions( + 'create=s' => sub { create_bond( $_[1] ); }, + 'delete=s' => sub { delete_bond( $_[1] ); }, + 'mode-change=s' => sub { change_bond( $_[1] ); }, +) or usage(); + + diff --git a/scripts/grub-setup b/scripts/vyatta-grub-setup index a681a955..c37bf7a8 100755 --- a/scripts/grub-setup +++ b/scripts/vyatta-grub-setup @@ -26,6 +26,16 @@ # # +UNION="false" +while getopts u: c +do + case $c in + u) UNION=true; + livedir=$OPTARG;; + esac +done +shift `expr $OPTIND - 1` + ROOT_PARTITION="$1" GRUB_OPTIONS="$2" ROOTFSDIR="$3" @@ -61,38 +71,68 @@ serial_console="console=tty0 console=ttyS0,9600" # vga_logo="vga=785" - # get list of kernels, except Xen - kernel_versions=$(ls /boot/vmlinuz-* 2> /dev/null | grep -v xen | sed 's:/boot/vmlinuz::g' | sort -r) +# get list of kernels, except Xen +kernel_versions=$(ls $ROOTFSDIR/boot/vmlinuz-* 2> /dev/null | grep -v xen | awk -F/ '{ print $5 }' | sed 's/vmlinuz//g' | sort -r) - # get xen kernel info - xen_kernel_version=$(ls /boot/vmlinuz*xen 2> /dev/null | sed 's:/boot/vmlinuz::g' | sort -r) - xen_version=$(ls /boot/ | grep xen- | sort -r) +# get xen kernel info +xen_kernel_version=$(ls $ROOTFSDIR/boot/vmlinuz*xen 2> /dev/null | awk -F/ '{ print $5 }' | sed 's/vmlinuz//g' | sort -r) +xen_version=$(ls $ROOTFSDIR/boot/xen-*.gz 2> /dev/null | head -1 | awk -F/ '{ print $5 }' | sort -r) - # Figure out whether we are running on the serial or KVM console: - if [ "`tty`" == "/dev/ttyS0" ]; then +# Figure out whether we are running on the serial or KVM console: +if [ "`tty`" == "/dev/ttyS0" ]; then # Since user is running on serial console, make that the default. default_console=1 - else +else # Since user is running on KVM console, make that the default default_console=0 - fi +fi - # Read UUID off of filesystem and use it to tell GRUB where to mount drive - # This allows device to move around and grub will still find it - uuid=$(dumpe2fs -h /dev/${ROOT_PARTITION} 2>/dev/null | awk '/^Filesystem UUID/ {print $3}') - if [ -z "$uuid" ] - then +if eval "$UNION"; then + GRUB_OPTIONS="boot=live live-media-path=/boot/$livedir module=$livedir quiet persistent noautologin nonetworking nouser hostname=vyatta" + union_kernel_versions=$(ls $ROOTFSDIR/boot/$livedir/vmlinuz-* 2> /dev/null | grep -v xen | awk -F/ '{ print $6 }' | sed 's/vmlinuz//g' | sort -r) +else + # Read UUID off of filesystem and use it to tell GRUB where to mount drive + # This allows device to move around and grub will still find it + uuid=$(dumpe2fs -h /dev/${ROOT_PARTITION} 2>/dev/null | awk '/^Filesystem UUID/ {print $3}') + if [ -z "$uuid" ] + then # TODO: use /proc/mount if dumpe2fs fails - echo "Unable to read filesystem UUID. Exiting." - exit 1 - else - if [ "$GRUB_OPTIONS" ] - then + echo "Unable to read filesystem UUID. Exiting." + exit 1 + else GRUB_OPTIONS="$GRUB_OPTIONS root=UUID=$uuid ro" - else - GRUB_OPTIONS="root=UUID=$uuid ro" - fi - fi + fi +fi + +# Check for diagnostic partition residing in first partition of drive +# holding the root partition. + +diag_drive_number="" + +if [ ${ROOT_PARTITION:0:2} = "md" ]; then + # Select the first disk in the RAID group to look for diag partition on + root_disks=`echo /sys/block/$ROOT_PARTITION/slaves/*` + root_disk=`echo ${root_disks} | awk '{ print $1 }'` + root_disk=${root_disk##*/} + root_disk=${root_disk:0:${#root_disk}-1} +else + # Shave off the partition number to get the disk name + root_disk=${ROOT_PARTITION:0:${#ROOT_PARTITION}-1} +fi + +# If the root partition is not occupying the first partition, then we +# can look for a diag partition there. +if [ "$ROOT_PARTITION" != "${root_disk}1" ]; then + first_part_fstype=`fdisk -l /dev/$root_disk | grep ^/dev/${root_disk}1 | awk '{ print $6 }'` + + if [ "$first_part_fstype" = "FAT16" -o "$first_part_fstype" = "Dell" ]; then + # Translate the Linux drive letter (e.g. the "a" in "/dev/sda") into + # a drive number that grub uses. i.e. "a" = 0, "b" = 1, etc. + diag_drive_letter=${root_disk:2:1} + diag_drive_number=`echo $diag_drive_letter | od -t u1 -N 1 | awk '{ print $2 }'` + let diag_drive_number-=97 + fi +fi ( # create the grub.cfg file for grub @@ -104,6 +144,12 @@ vga_logo="vga=785" echo -e "serial --unit=0 --speed=9600" echo "terminal serial" + if [ ${ROOT_PARTITION:0:2} = "md" ]; then + echo "" + echo -e "insmod raid" + echo -e "root ($ROOT_PARTITION)" + fi + echo "" echo "echo -n Press ESC to enter the Grub menu..." echo "if sleep --verbose --interruptible 5 ; then" @@ -111,15 +157,29 @@ vga_logo="vga=785" echo -e "\techo -n Press the ESC key to enter the Grub menu..." echo -e "\tif sleep --verbose --interruptible 5 ; then" echo -e "\t\tterminal serial" - echo -e "\t\tset timeout=0" + ## don't set timeout here. causes boot problem on 64-bit + # echo -e "\t\tset timeout=0" echo -e "\tfi" echo "fi" echo "" - if [ -f "/boot/vmlinuz" ]; then + # create xen kernels if they exist + if [ -n "$xen_kernel_version" ]; then + for xversion in $xen_kernel_version; do + echo + echo + echo -e "menuentry \"Vyatta Xen linux$xversion dom0\" {" + echo -e "\tmultiboot /boot/$xen_version " + echo -e "\tmodule /boot/vmlinuz$xversion $GRUB_OPTIONS $vga_logo $vty_console" + echo -e "\tmodule /boot/initrd.img$xversion" + echo -e "}" + done + fi + + if [ -f "$ROOTFSDIR/boot/vmlinuz" ] && ! eval $UNION ; then # Set first system boot option. Make KVM the default console in this one. echo -e "menuentry \"Vyatta OFR (KVM console)\" {" - echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $vty_console" + echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $vga_logo $vty_console" echo -e "\tinitrd /boot/initrd.img" echo -e "}" @@ -132,15 +192,18 @@ vga_logo="vga=785" echo -e "}" fi - # create xen kernels if they exist - if [ -n "$xen_kernel_version" ]; then - for xversion in $xen_kernel_version; do + # create union kernels if they exist + if [ -n "$union_kernel_versions" ]; then + for kversion in $union_kernel_versions; do echo - echo - echo -e "menuentry \"Vyatta Xen linux$xversion dom0\" {" - echo -e "\tmultiboot /boot/$xen_version " - echo -e "\tmodule /boot/vmlinuz$xversion $GRUB_OPTIONS $vty_console" - echo -e "\tmodule /boot/initrd.img$xversion" + echo -e "menuentry \"Vyatta OFR linux$kversion (KVM console)\" {" + echo -e "\tlinux /boot/$livedir/vmlinuz$kversion $GRUB_OPTIONS $vga_logo $vty_console" + echo -e "\tinitrd /boot/$livedir/initrd.img$kversion" + echo -e "}" + echo + echo -e "menuentry \"Vyatta OFR linux$kversion (Serial console)\" {" + echo -e "\tlinux /boot/$livedir/vmlinuz$kversion $GRUB_OPTIONS $serial_console" + echo -e "\tinitrd /boot/$livedir/initrd.img$kversion" echo -e "}" done fi @@ -150,7 +213,7 @@ vga_logo="vga=785" for kversion in $kernel_versions; do echo echo -e "menuentry \"Vyatta OFR linux$kversion (KVM console)\" {" - echo -e "\tlinux /boot/vmlinuz$kversion $GRUB_OPTIONS $vty_console" + echo -e "\tlinux /boot/vmlinuz$kversion $GRUB_OPTIONS $vga_logo $vty_console" echo -e "\tinitrd /boot/initrd.img$kversion" echo -e "}" echo @@ -166,7 +229,7 @@ vga_logo="vga=785" echo echo -e "menuentry \"Root password reset to factory (KVM console)\" {" - echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $vty_console init=$pass_reset" + echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $vga_logo $vty_console init=$pass_reset" echo -e "\tinitrd /boot/initrd.img" echo -e "}" @@ -175,6 +238,15 @@ vga_logo="vga=785" echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $serial_console init=$pass_reset" echo -e "\tinitrd /boot/initrd.img" echo -e "}" + + if [ -n "$diag_drive_number" ]; then + echo + echo -e "menuentry \"Diagnostics\" {" + echo -e "\tchainloader (hd$diag_drive_number,1)+1" + echo -e "}" + fi + + ) >"$ROOTFSDIR"/boot/grub/grub.cfg ( [ -s /boot/grub/menu.lst ] && diff --git a/scripts/vyatta-raid-event b/scripts/vyatta-raid-event new file mode 100644 index 00000000..f279a57d --- /dev/null +++ b/scripts/vyatta-raid-event @@ -0,0 +1,104 @@ +#!/bin/bash +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Bob Gilligan <gilligan@vyatta.com> +# Date: 2008 +# Description: A script to handle events from the Linux Software RAID +# subsystem. +# +# **** End License **** +# +# This script is called by the "mdadm" daemon running in "monitor" mode +# whenever an event occurs in in the RAID subsytem. The script is called +# with two or three arguments: The first argument is always the name of +# the event, e.g. "RebuildFinished". The second argument is the name of +# the RAID set device that the event pertains to, e.g. "/dev/md0". The +# third argument is provided for some events, and gives the name of the +# RAID set member that the event pertains to, e.g. "/dev/sda2". +# +# See the mdadm(8) man page for more details on the events that it provides. +# + +# Script will be called with 2 or 3 arguments, depending on the event +if [ $# -lt 2 ]; then + logger -t "RAID" -p local0.warning "vyatta-raid-event: Error: Not enough args: $*" + # We can't do anything if we don't know event and RAID device it + # pertains to. + exit 1 +fi +if [ $# -gt 3 ]; then + logger -t "RAID" -p local0.warning "vyatta-raid-event: Warning: too many args: $*" + # Be Robust: Try to complete task with args we know about +fi + +event=$1 +raid_set=$2 + +case $event in + + RebuildFinished) + logger -t "RAID" -p local0.warning "event ${event} ${raid_set}" + + # We need to update grub at the time that a resync completes + # on the root filesystem so that the new member disk will be + # bootable. + mounted_on=`mount | grep "^${raid_set}" | awk '{ print $3 }'` + if [ "$mounted_on" = "/" ]; then + raid_set_dev=${raid_set##*/} + if [ -e /sys/block/${raid_set_dev}/md/degraded ]; then + degraded=`cat /sys/block/${raid_set_dev}/md/degraded` + else + degraded=0 + fi + if [ $degraded -eq 0 ]; then + drive=${member_to_add%%[0-9]*} + logger -t "RAID" -p local0.warning \ + "RAID set ${raid_set} holds root filesystem. Updating grub." + touch /tmp/raid-grub-install-log + grub-install --no-floppy --recheck --root-directory=/ ${raid_set} \ + >> /tmp/raid-grub-install-log 2>&1 + if [ $? -ne 0 ]; then + logger -t "RAID" -p local0.warning \ + "grub-installed failed for $raid_set" + fi + else + logger -t "RAID" -p local0.warning \ + "RAID set ${raid_set} is still degraded. No action taken." + fi + else + logger -t "RAID" -p local0.warning \ + "RAID set ${raid_set} does not hold root filesystem. No action taken" + fi + ;; + + DeviceDisappeared | RebuildStarted | Rebuild?? | NewArray | \ + DegradedArray | MoveSpare | SparesMissing | TestMessage) + logger -t "RAID" -p local0.warning \ + "event ${event} ${raid_set}: No action taken" + ;; + + Fail | FailSpare | SpareActive) + member=$3 + logger -t "RAID" -p local0.warning \ + "event ${event} ${raid_set} ${member}: No action taken" + ;; + + *) + logger -t "RAID" -p local0.warning \ + "event ${event} unknown. No action taken" + ;; + + esac diff --git a/scripts/vyatta-system-nameservers b/scripts/vyatta-system-nameservers new file mode 100644 index 00000000..8756bbb6 --- /dev/null +++ b/scripts/vyatta-system-nameservers @@ -0,0 +1,120 @@ +#!/bin/bash +# +# Module: vyatta-system-nameservers +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2008 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Mohit Mehta +# Date: September 2008 +# Description: CLI back-end script for setting/deleting system nameservers +# +# **** End License **** +# + +print_usage() +{ + echo "Usage:" + echo -e "\t$0 update <ip of name-server>" + echo -e "\t$0 delete <ip of name-server>" +} + +restart_dnsmasq () +{ + # restart dnsmasq if dns-forwarding is configured + if [ -d /opt/vyatta/config/active/service/dns/forwarding ]; then + /opt/vyatta/sbin/vyatta-dns-forwarding.pl --update-dnsforwarding >&/dev/null + fi +} + +restart_ntp () +{ + # restart ntp if ntp is configured + if [ -f /etc/ntp.conf ] && grep -q "^server" /etc/ntp.conf; then + /usr/sbin/invoke-rc.d ntp restart >&/dev/null + fi +} + + +update_system_nameservers () +{ + nameserver=$1 + touch /etc/resolv.conf + # if name-server already in /etc/resolv.conf then exit + if grep -q "$nameserver\($\|[[:space:]]\)" /etc/resolv.conf; then + exit 0 + else + # find last instance of cli inserted nameserver + # insert currently received nameserver immediately after that + # this is done to keep system set nameservers priority over dhcp received nameservers + cli_ns_array=($(awk '{if (!$3) print $2}' /etc/resolv.conf)) + cli_ns_array_len=${#cli_ns_array[*]} + line_num=0 + if [ $cli_ns_array_len -gt 0 ]; then + grepped_ns_line=`grep "${cli_ns_array[$cli_ns_array_len-1]}$" -n /etc/resolv.conf` + echo ${grepped_ns_line%%:*} > /etc/resolv_tmp.conf + line_num=`cat /etc/resolv_tmp.conf` + fi + head -$line_num /etc/resolv.conf > /etc/resolv_tmp.conf + echo "nameserver $nameserver" >> /etc/resolv_tmp.conf + total_lines=`cat /etc/resolv.conf | wc -l` + rest_lines=`expr $total_lines - $line_num` + tail -$rest_lines /etc/resolv.conf >> /etc/resolv_tmp.conf + mv -f /etc/resolv_tmp.conf /etc/resolv.conf + fi + restart_dnsmasq + restart_ntp +} + +delete_system_nameserver () +{ + nameserver=$1 + touch /etc/resolv.conf + # remove specified nameserver + sed -i "/$nameserver$/d" /etc/resolv.conf + restart_dnsmasq + restart_ntp +} + + +# +# main +# + +case "$1" in + update) + if [ $# -ne 2 ]; then + print_usage + exit 1 + fi + update_system_nameservers $2 + exit 0 + ;; + + delete) + if [ $# -ne 2 ]; then + print_usage + exit 1 + fi + delete_system_nameserver $2 + exit 0 + ;; + + + *) + print_usage + exit 1 + ;; + +esac diff --git a/scripts/vyatta_net_name b/scripts/vyatta_net_name index 0a96ebb8..ff8b9bf5 100755 --- a/scripts/vyatta_net_name +++ b/scripts/vyatta_net_name @@ -13,7 +13,8 @@ # Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. # All Rights Reserved. # -# Author: Tom Grennan <tgrennan@vyatta.com> +# Authors: Tom Grennan <tgrennan@vyatta.com> +# Bob Gilligan <gilligan@vyatta.com> # Description: search Vyatta config for interface name given address # # **** End License **** @@ -22,7 +23,11 @@ progname=${0##*/} debug= match= attr_address=0:0:0:0:0:0 -declare -i ethn=0 last_ethn=0 +declare -i ethn=0 +udev_persistent_net_rules_file="/etc/udev/rules.d/70-persistent-net.rules" + +# Set log_file to "/dev/null" to turn off debugging +log_file="/tmp/vnn_log" test -r /etc/default/vyatta && source /etc/default/vyatta @@ -55,12 +60,6 @@ done : ${BOOTFILE:=${vyatta_sysconfdir:-/opt/vyatta/etc}/config/config.boot} : ${DEFAULT_BOOTFILE:=${vyatta_sysconfdir:-/opt/vyatta/etc}/config.boot.default} -if [ ! -f $BOOTFILE ] ; then - cp $DEFAULT_BOOTFILE $BOOTFILE - chgrp vyattacfg $BOOTFILE - chmod 660 $BOOTFILE -fi - shopt -s extglob nullglob # load cfg_eth_hwid array from config file as follows @@ -101,47 +100,230 @@ finish () { local cmd=$1 name=$2 address=$3 + # The output from this program tells udev what name to give this device echo $name + + # This file tells rl_system startup script how to update the Vyatta + # config file. touch /tmp/${progname}_${cmd}_${name}_${address} &> /dev/null + + # Remove entry for this MAC addr from the standard udev generated + # config file, if it exists, so it doesn't rename the interface + # out from under us. Remove the subject line plus the comment + # line above it + if [ -e $udev_persistent_net_rules_file ]; then + sed -i -e "/^#/N;/${address}/d" $udev_persistent_net_rules_file + fi + exit $? } +# Determine whether variable "ethn" conflicts with an ethernet unit +# number that was assigned in previous runs of this script +ethn_conflicts() +{ + # Return value 1 (failure) means no conflicts found. + # Return value 0 (success) means conflicts were found. + conflicts=1 + + echo "`date`: ethn_conflicts is checking if $ethn has conflicts" >> $log_file + # Generate list of ethernet unit numbers assigned previously by this script + used_ethn="" + for filename in /tmp/vyatta_net_name* ; do + if [ -e $filename ]; then + # strip off everything before the unit number + unit=${filename##*vyatta_net_name_*_eth} + # strip off everything after the unit number + unit=${unit%%_*} + # add unit number from this file to the list + used_ethn="$used_ethn $unit" + fi + done + + echo "`date`: ethn_conflicts: about to run check" >> $log_file + + for this_ethn in $used_ethn ; do + if [ $ethn -eq $this_ethn ]; then + echo "`date`: ethn $ethn conflicts with previously configured $this_ethn" >> $log_file + conflicts=0 + break + fi + done + + echo "`date`: ethn_conflicts for ethn $ethn returns $conflicts" >> $log_file + # return value (exit status) is true, i.e. 0, if there is a conflict + return $conflicts +} + + +# +# Find an ethernet unit number that is neither listed in the config +# file nor assigned by this script in earlier runs. +get_free_ethn() +{ + # list of ethernet unit numbers assigned previously by this script + used_ethn="" + for filename in /tmp/vyatta_net_name* ; do + if [ -e $filename ]; then + # strip off everything before the unit number + unit=${filename##*vyatta_net_name_*_eth} + # strip off everything after the unit number + unit=${unit%%_*} + # add unit number from this file to the list + used_ethn="$used_ethn $unit" + fi + done + + # Counting up from 0, try to find a free ethernet unit number + found=0 + for ((ethn_to_use=0 ; ; ethn_to_use+=1)) ; do + found=1 + # Check to see if this one is in the config file + + echo "`date`: get_free_ethn: cfg_net_hwid is ${cfg_net_hwid[@]}" >> $log_file + + for name_hwid in ${cfg_net_hwid[@]} ; do + name=${name_hwid%=*} + this_ethn=${name/eth/} + echo "`date`: get_free_ethn 1 comparing $ethn_to_use vs $this_ethn" >> $log_file + if [ $ethn_to_use -eq $this_ethn ]; then + found=0 + break + fi + done + + if [ $found -eq 0 ]; then + continue + fi + + echo "`date`: get_free_ethn: used_ethn is $used_ethn" >> $log_file + + # Check to see if this script has assigned this unit number already + for this_ethn in $used_ethn ; do + echo "`date`: get_free_ethn 2 comparing $ethn_to_use vs $this_ethn" >> $log_file + if [ $ethn_to_use -eq $this_ethn ]; then + found=0 + break + fi + done + + if [ $found -eq 1 ]; then + break + fi + done + + # The return value + ethn=$ethn_to_use + + echo "`date`: get_free_ethn found $ethn_to_use" >> $log_file +} + +# Run with lock held to protect atomicity of access to assigned ethn file +( flock 200 + +touch $log_file + +echo "`date`: vyatta_net_name $kname $attr_address" >> $log_file + +if [ ! -f $BOOTFILE ] ; then + cp $DEFAULT_BOOTFILE $BOOTFILE + chgrp vyattacfg $BOOTFILE + chmod 660 $BOOTFILE +fi + for name_hwid in ${cfg_net_hwid[@]} ; do name=${name_hwid%=*} hwid=${name_hwid#*=} ethn=${name/eth/} - [[ $ethn -gt $last_ethn ]] && \ - last_ethn=$ethn + echo "`date`: Checking $name_hwid against $kname $attr_address" >> $log_file + if [ "$hwid" == "$attr_address" ] ; then - # we mod the config file interface sub-clock in case it is missing + # The MAC addr of this interface matches an entry in the config + # file. We mod the config file interface sub-block in case it + # is missing. + + echo "`date`: finish 1: mod $name $attr_address" >> $log_file + finish mod $name $attr_address fi - [ "$name" == "$kname" ] && \ + + if [ "$name" = "$kname" ]; then + # The kernel name matches an entry in the config file. Save the + # config file entry for later examination. + match=$name_hwid + fi done -[ -z "$kname" ] && \ +if [ -z "$kname" ]; then exit 1 +fi + +# We have not found a matching hwid in the config file. See if we can use +# the kernel name. -# have not found matching hwid in config, see if we can use kernel name if [ -z "$match" ] ; then - # the kernel interface name isnot in config - # so, we might as well use it - finish add $kname $attr_address + # The kernel interface name is not listed in the config file. + # If the kernel's name is in the standard "ethN" format, and doesn't + # conflict with any other name we've used, then + # we can just go ahead and use the kernel's name. If not, then + # we will generate a name in the standard format that does not + # conflict with any names in the config file, or any other names + # that we have seen. + + non_std_kname=${kname##eth+([0-9])} + if [ -z "$non_std_kname" ]; then + # kname is in standard format, so we get the unit number from it. + ethn=${kname/eth/} + + # We can use this unit number unless it happens to conflict + # with one we have already assigned. + if ethn_conflicts ; then + echo "`date`: kname $kname conflicts with already assigned unit" >> $log_file + get_free_ethn + fi + else + # kname is not in standard format, so we have to generate + # a unit number + echo "`date`: kname $kname is non-standard format" >> $log_file + get_free_ethn + fi + + echo "`date`: finish 2: add eth$ethn $attr_address" >> $log_file + + finish add eth$ethn $attr_address + elif [ -z "${match#*=}" ] ; then - # the config has this interface but the sub-block is missing the hwid - # so again, we might as well use the kernel name + # The config file has this interface but the sub-block is missing the hwid + # field, so we use the kernel name. In this case, we know that the + # kernel name is in the standard format because it matched an entry + # in the config file, and all entries in the config file are in standard + # format. This will cause the hwid for this NIC to be added to the + # entry in the config file. + + echo "`date`: finish 3: mod $kname $attr_address" >> $log_file + finish mod $kname $attr_address + else - # The device mac address is not in the config but the config - # has another hwid associated with the device name. This - # indicates that the device is either a replacement or new but - # detected earlier than the device configured with this name. - # Since this is non-deterministic, we make a new name. - (( ethn = last_ethn + 1 )) + # The config file has this interface name, but the mac address + # that of this NIC. This indicates that the device is either a + # replacement or new NIC that is being detected earlier than the device + # configured with this name. Since we don't know which case it is, + # we must generate a new unit number. + get_free_ethn + + echo "`date`: finish 4: add eth$ethn $attr_address" >> $log_file + finish add eth$ethn $attr_address fi +# Should never get here. If this shows up in the log file, something +# is wrong! +echo "`date`: no finish: kname = $kname, attr_attr = $attr_address, match = $match" >> $log_file + +) 200> /tmp/vnn_lock + # Local Variables: # mode: shell-script # sh-indentation: 4 diff --git a/sysconf/syslog.conf b/sysconf/syslog.conf index f732affc..a8b92923 100644 --- a/sysconf/syslog.conf +++ b/sysconf/syslog.conf @@ -1,14 +1,20 @@ -# Standard logfiles by facility -auth.*;,authpriv.notice /var/log/auth.log +# /etc/syslog.conf Configuration file for syslogd. +# +# For more information see syslog.conf(5) +# manpage. +# +# WARNING +# Note: configuration via the Vyatta FusionCLI does not understand +# full syslog configuration file format, so as administrator either +# use Linux tools (ie edit this file) or use the CLI, not both. -# Some other (unused) standard entries -#cron.* /var/log/cron.log -#kern.* -/var/log/kern.log -#lpr.* -/var/log/lpr.log -#mail.* -/var/log/mail.log -#user.* -/var/log/user.log +# Standard logfiles by facility +# +#auth,authpriv.* /var/log/auth.log +#daemon.* -/var/log/daemon.log +#kern.* -/var/log/kern.log +#user.* -/var/log/user.log -# Catch-all log file used by CLI -*.warning;local7.*;\ - auth,authpriv.none;\ - cron,daemon.none; -/var/log/messages +# Catch-all log file +*.notice -/var/log/messages +local7.* -/var/log/messages diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf index cb03a614..a021c42a 100644 --- a/sysconf/vyatta-sysctl.conf +++ b/sysconf/vyatta-sysctl.conf @@ -22,5 +22,5 @@ net.ipv4.icmp_ignore_bogus_error_responses=1 # Send ICMP responses with primary address of exiting interface net.ipv4.icmp_errors_use_inbound_ifaddr=1 -# Turn off SACK since it causes problems with MD5 due to lack of options space -net.ipv4.tcp_sack=0 +# Enable packet forwarding for IPv6 +net.ipv6.conf.all.forwarding=1 diff --git a/templates/interfaces/bonding/node.def b/templates/interfaces/bonding/node.def new file mode 100644 index 00000000..a0a56a8d --- /dev/null +++ b/templates/interfaces/bonding/node.def @@ -0,0 +1,9 @@ +tag: +type: txt +help: Set bonding interface +syntax:expression: pattern $VAR(@) "^bond[0-9]+$" \ + ; "bonding must be (bond0-bond99)" +create: ${vyatta_sbindir}/vyatta-bonding.pl --create $VAR(@) +delete: ${vyatta_sbindir}/vyatta-bonding.pl --delete $VAR(@) +end: ${vyatta_sbindir}/vyatta-bonding.pl --mode-change $VAR(@) +comp_help: Enter bond interface name (bond0 - bond99) diff --git a/templates/interfaces/bonding/node.tag/address/node.def b/templates/interfaces/bonding/node.tag/address/node.def new file mode 100644 index 00000000..d5237934 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/address/node.def @@ -0,0 +1,12 @@ +multi: +type: txt +help: Set an IP address for this interface +syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr $VAR(@) --dev $VAR(../@)"; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../@)" +update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@)"; "Error setting address $VAR(@) on interface $VAR(../@)" +delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)"; "Error deleting address $VAR(@) on interface $VAR(../@)" +allowed: echo "dhcp <>" +comp_help:Possible completions: + <x.x.x.x/x> Set the IP address and prefix length + <h:h:h:h:h:h:h:h/x> Set the IPv6 address and prefix length + dhcp Set the IP address and prefix length via DHCP + diff --git a/templates/interfaces/bonding/node.tag/bridge-group/bridge/node.def b/templates/interfaces/bonding/node.tag/bridge-group/bridge/node.def new file mode 100644 index 00000000..79609a86 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/bridge-group/bridge/node.def @@ -0,0 +1,11 @@ +type: txt +help: Set this interface to a bridge-group +syntax:expression: exec " \ + if [ -z \"`sudo brctl show | grep $VAR(@) `\" ]; then \ + echo bridge interface $VAR(@) doesn\\'t exist on this system ; \ + exit 1 ; \ + fi ; " +delete: echo $VAR(@) > /tmp/bridge-no.$PPID +allowed: local -a array ; + array=( /sys/class/net/br* ) ; + echo -n ${array[@]##*/} diff --git a/templates/interfaces/bonding/node.tag/bridge-group/cost/node.def b/templates/interfaces/bonding/node.tag/bridge-group/cost/node.def new file mode 100644 index 00000000..ef2d9940 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/bridge-group/cost/node.def @@ -0,0 +1,4 @@ +type: u32 +help: Set the path cost for this port +comp_help: possible completions: + <0-2147483647> Set port cost diff --git a/templates/interfaces/bonding/node.tag/bridge-group/node.def b/templates/interfaces/bonding/node.tag/bridge-group/node.def new file mode 100644 index 00000000..fc3af5f5 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/bridge-group/node.def @@ -0,0 +1,23 @@ +help: Add this interface to a bridge group + +create: sudo brctl addif $VAR(./bridge/@) $VAR(../@); + +delete: touch /tmp/bond-$VAR(../@)-bridge.$PPID; + +end: if [ -f "/tmp/bond-$VAR(../@)-bridge.$PPID" ]; then + rm -f /tmp/bond-$VAR(../@)-bridge.$PPID; + brno=$(cat /tmp/bridge-no.$PPID); + sudo brctl delif $brno $VAR(../@); + rm -f /tmp/bridge-no.$PPID; + else + if [ -z "$VAR(./bridge/@)" ]; then + echo "Must set the bridge interface"; + exit 1; + fi; + if [ -n "$VAR(./cost/@)" ]; then + sudo brctl setpathcost $VAR(./bridge/@) $VAR(../@) $VAR(./cost/@); + fi; + if [ -n "$VAR(./priority/@)" ]; then + sudo brctl setportprio $VAR(./bridge/@) $VAR(../@) $VAR(./priority/@); + fi; + fi; diff --git a/templates/interfaces/bonding/node.tag/bridge-group/priority/node.def b/templates/interfaces/bonding/node.tag/bridge-group/priority/node.def new file mode 100644 index 00000000..8688c394 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/bridge-group/priority/node.def @@ -0,0 +1,4 @@ +type: u32 +help: Set the path priority for this port +comp_help: possible completions: + <0-255> Set port priority diff --git a/templates/interfaces/bonding/node.tag/description/node.def b/templates/interfaces/bonding/node.tag/description/node.def new file mode 100644 index 00000000..aeb40f0b --- /dev/null +++ b/templates/interfaces/bonding/node.tag/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: Set description for this interface diff --git a/templates/interfaces/bonding/node.tag/disable/node.def b/templates/interfaces/bonding/node.tag/disable/node.def new file mode 100644 index 00000000..54090cc4 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/disable/node.def @@ -0,0 +1,3 @@ +help: Set interface disabled +update:expression: "sudo ip link set $VAR(../@) down"; "Error disabling dev $VAR(../@)" +delete:expression: "sudo ip link set $VAR(../@) up"; "Error enabling dev $VAR(../@)" diff --git a/templates/interfaces/bonding/node.tag/mac/node.def b/templates/interfaces/bonding/node.tag/mac/node.def new file mode 100644 index 00000000..abafa7ab --- /dev/null +++ b/templates/interfaces/bonding/node.tag/mac/node.def @@ -0,0 +1,7 @@ +type: macaddr +help: Set the Media Access Control (MAC) address of this interface +syntax:expression: exec "\ + /opt/vyatta/sbin/vyatta-interfaces.pl --dev $VAR(../@) --valid-mac $VAR(@)" +update: /opt/vyatta/sbin/vyatta-interfaces.pl --dev $VAR(../@) --set-mac $VAR(@) +delete: /opt/vyatta/sbin/vyatta-interfaces.pl --dev $VAR(../@) --set-mac $VAR(../hw-id/@) + diff --git a/templates/interfaces/bonding/node.tag/mode/node.def b/templates/interfaces/bonding/node.tag/mode/node.def new file mode 100644 index 00000000..a059f615 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/mode/node.def @@ -0,0 +1,14 @@ +type: txt +default: "802.3ad" +syntax:expression: $VAR(@) in \ + "round-robin", "active-backup", "xor-hash","broadcast","802.3ad", \ + "transmit-load-balance", "adaptive-load-balance" +help: Sets the bonding mode +comp_help: Possible bonding mode +802.3ad IEEE 802.3ad Dynamic link aggregation (Default) +active-backup Active-backup policy: Only one slave in the bond is active +balance-alb Adaptive load balancing based on transmit and receive +balance-rr Round-robin policy: Transmit packets in sequential order +balance-tlb Adaptive transmit load balancing based on transmit speed +balance-xor XOR policy: Transmit based on the selected transmit hash policy +broadcast Broadcast policy: transmits everything on all slave interfaces diff --git a/templates/interfaces/bonding/node.tag/mtu/node.def b/templates/interfaces/bonding/node.tag/mtu/node.def new file mode 100644 index 00000000..07c102ac --- /dev/null +++ b/templates/interfaces/bonding/node.tag/mtu/node.def @@ -0,0 +1,5 @@ +type: u32 +help: Set the Maximum Transmission Unit (MTU) for this interface +syntax:expression: $VAR(@) >= 68 && $VAR(@) <= 9000; "MTU must be between 68 and 9000" +update:expression: "sudo ip link set $VAR(../@) mtu $VAR(@)"; "Error setting MTU on dev $VAR(../@)" +delete:expression: "sudo ip link set $VAR(../@) mtu 1500"; "Error deleting MTU on dev $VAR(../@)" diff --git a/templates/interfaces/bonding/node.tag/primary/node.def b/templates/interfaces/bonding/node.tag/primary/node.def new file mode 100644 index 00000000..171c8daf --- /dev/null +++ b/templates/interfaces/bonding/node.tag/primary/node.def @@ -0,0 +1,12 @@ +type: txt +syntax:expression: exec \ + "grep -s $VAR(@) /sys/class/net/$VAR(../@)/bonding/slaves" \ + ; "Ethernet interface must be part of the bonding group" +allowed: cat /sys/class/net/$VAR(../@)/bonding/slaves +update: sudo sh -c "echo $VAR(@) >/sys/class/net/$VAR(../@)/bonding/primary" +help: Specify the primary device + + + + + diff --git a/templates/interfaces/bonding/node.tag/vif/node.def b/templates/interfaces/bonding/node.tag/vif/node.def new file mode 100644 index 00000000..d37b045e --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.def @@ -0,0 +1,12 @@ +tag: +type: u32 +help: Set Virtual Local Area Network (VLAN) ID +syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 4094; "VLAN ID must be between 0 and 4094" +create: sudo modprobe 8021q + sudo vconfig add "$VAR(../@)" "$VAR(@)" + sudo ip link set "$VAR(../@).$VAR(@)" up + vyatta-vtysh -c "configure terminal" \ + -c "interface $VAR(../@).$VAR(@)" -c "link-detect" +delete: sudo vconfig rem "$VAR(../@).$VAR(@)" +comp_help: possible completions: + <0-4094> Set VLAN ID diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/address/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/address/node.def new file mode 100644 index 00000000..625130af --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/address/node.def @@ -0,0 +1,11 @@ +multi: +type: txt +help: Set an IP address for this interface +syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr $VAR(@) --dev $VAR(../../@).$VAR(../@) "; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../../@).$VAR(../@)" +create:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../../@).$VAR(../@) "; "Error setting address $VAR(@) on dev $VAR(../../@).$VAR(../@) " +delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../../@).$VAR(../@) "; "Error deleting address $VAR(@) on dev $VAR(../../@).$VAR(../@) " +allowed: echo "dhcp <>" +comp_help:Possible completions: + <x.x.x.x/x> Set the IP address and prefix length + <h:h:h:h:h:h:h:h/x> Set the IPv6 address and prefix length + dhcp Set the IP address and prefix length via DHCP diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/bridge/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/bridge/node.def new file mode 100644 index 00000000..e3674bcd --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/bridge/node.def @@ -0,0 +1,11 @@ +type: txt +help: Set this interface to a bridge-group +syntax:expression: exec " \ + if [ -z \"`sudo brctl show | grep $VAR(@) `\" ]; then \ + echo bridge interface $VAR(@) doesn\\'t exist on this system ; \ + exit 1 ; \ + fi ; " +delete:expression: "sudo brctl delif $VAR(@) $VAR(../../../@).$VAR(../../@)" +allowed: local -a array ; + array=( /sys/class/net/br* ) ; + echo -n ${array[@]##*/} diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/cost/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/cost/node.def new file mode 100644 index 00000000..ef2d9940 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/cost/node.def @@ -0,0 +1,4 @@ +type: u32 +help: Set the path cost for this port +comp_help: possible completions: + <0-2147483647> Set port cost diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/node.def new file mode 100644 index 00000000..3e93d112 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/node.def @@ -0,0 +1,14 @@ +help: Set this interface to a bridge group +commit:expression: $VAR(./bridge/) != ""; "Must set the bridge interface" +create:sudo brctl addif $VAR(./bridge/@) $VAR(../../@).$VAR(../@) +delete:touch /tmp/bond-$VAR(../@)-bridge.$PPID +end: if [ -f "/tmp/bond-$VAR(../@)-bridge.$PPID" ]; then + rm -f "/tmp/bond-$VAR(../@)-bridge.$PPID" + else + if [ -n "$VAR(./cost/@)" ]; then + sudo brctl setpathcost $VAR(./bridge/@) "$VAR(../../@).$VAR(../@)" "$VAR(./cost/@)" + fi + if [ -n "$VAR(./priority/@)" ]; then + sudo brctl setportprio $VAR(./bridge/@) "$VAR(../../@).$VAR(../@)" "$VAR(./priority/@)" + fi + fi diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/priority/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/priority/node.def new file mode 100644 index 00000000..8688c394 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/bridge-group/priority/node.def @@ -0,0 +1,4 @@ +type: u32 +help: Set the path priority for this port +comp_help: possible completions: + <0-255> Set port priority diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/description/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/description/node.def new file mode 100644 index 00000000..aeb40f0b --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: Set description for this interface diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def new file mode 100644 index 00000000..66efddcc --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def @@ -0,0 +1,3 @@ +help: Set interface disabled +update:sudo ip link set $VAR(../../@).$VAR(../@) down +delete:sudo ip link set $VAR(../../@).$VAR(../@) up diff --git a/templates/interfaces/bridge/node.def b/templates/interfaces/bridge/node.def index 0dc3670c..641d369d 100644 --- a/templates/interfaces/bridge/node.def +++ b/templates/interfaces/bridge/node.def @@ -2,7 +2,7 @@ tag: type: txt help: Set bridge interface -syntax:expression: $VAR(@) in "br0", "br1", "br2", "br3", "br4", "br5", "br6", "br7", "br8", "br9" ; "Must be (br0 - br9)" +syntax:expression: pattern $VAR(@) "^br[0-9]+$" ; "Must be (br0 - br999)" create: sudo brctl addbr $VAR(@) @@ -13,4 +13,4 @@ delete: if [ -n "`/usr/sbin/brctl show | grep $VAR(@) | grep eth`" ]; then sudo ip link set $VAR(@) down; sudo brctl delbr $VAR(@); -comp_help: "Enter bridge interface name (br0 - br9)" +comp_help: "Enter bridge interface name (br0 - br999)" diff --git a/templates/interfaces/bridge/node.tag/address/node.def b/templates/interfaces/bridge/node.tag/address/node.def index 52188386..3f04ec06 100644 --- a/templates/interfaces/bridge/node.tag/address/node.def +++ b/templates/interfaces/bridge/node.tag/address/node.def @@ -7,5 +7,6 @@ delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete allowed: echo "dhcp <>" comp_help:Possible completions: <x.x.x.x/x> Set the IP address and prefix length - dhcp\t\t\t\tSet the IP address and prefix length via DHCP + <h:h:h:h:h:h:h:h/x> Set the IPv6 address and prefix length + dhcp Set the IP address and prefix length via DHCP diff --git a/templates/interfaces/ethernet/node.tag/bond-group/node.def b/templates/interfaces/ethernet/node.tag/bond-group/node.def new file mode 100644 index 00000000..e62e37ab --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/bond-group/node.def @@ -0,0 +1,9 @@ +type: txt +help: Add this interface to a bonding group +create: sudo ifenslave $VAR(@) $VAR(../@) +delete: sudo ifenslave -d $VAR(@) $VAR(../@) +allowed: for dev in /sys/class/net/* + do if [[ -d $dev/bonding ]] + then echo -n ${dev##*/} " " + fi + done diff --git a/templates/interfaces/tunnel/node.def b/templates/interfaces/tunnel/node.def index d152dbe5..89ee200c 100644 --- a/templates/interfaces/tunnel/node.def +++ b/templates/interfaces/tunnel/node.def @@ -2,7 +2,8 @@ tag: type: txt help: Set tunnel interface -syntax:expression: exec "echo $VAR(@) | grep \"tun[0-9][0-9]\\{0,2\\}\$\" > /dev/null "; "tunnel must be (tun0-tun999)" +syntax:expression: pattern $VAR(@) "^tun[0-9]+$" \ + ; "tunnel must be (tun0-tun999)" commit:expression: $VAR(./local-ip/) != "" ; \ "Must configure the tunnel local-ip for $VAR(@)" diff --git a/templates/interfaces/tunnel/node.tag/address/node.def b/templates/interfaces/tunnel/node.tag/address/node.def index 07ea4a0e..3310ee00 100644 --- a/templates/interfaces/tunnel/node.tag/address/node.def +++ b/templates/interfaces/tunnel/node.tag/address/node.def @@ -9,4 +9,5 @@ update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)"; "Error deleting address $VAR(@) on interface $VAR(../@)" comp_help:Possible completions: - <x.x.x.x/x> Set the IP address and prefix length + <x.x.x.x/x> Set the IP address and prefix length + <h:h:h:h:h:h:h:h/x> Set the IPv6 address and prefix length diff --git a/templates/service/dns/dynamic/interface/node.def b/templates/service/dns/dynamic/interface/node.def new file mode 100644 index 00000000..bbf0c310 --- /dev/null +++ b/templates/service/dns/dynamic/interface/node.def @@ -0,0 +1,31 @@ +tag: +help: Set interface to send DDNS updates for +type: txt +syntax:expression: exec " + intf_array=($(awk '$1 ~ /:/ { print $1 }' /proc/net/dev)) + intf_array_len=${#intf_array[*]} + i=0 + while [ $i -lt $intf_array_len ]; do + temp=${intf_array[$i]%:*} + if [ \"$temp\" == \"$VAR(@)\" ] ; then + exit 0 + fi + let i++ + done + echo Invalid interface [$VAR(@)] + exit 1 " + +allowed: local -a array ; + array=($(awk '$1 ~ /:/ { print $1 }' /proc/net/dev)); + echo -n ${array[@]%:*} + +commit:expression: $VAR(./@/service/@@) != ""; "Atleast one service must be set to send DDNS updates for $VAR(@)" + +delete:expression: "touch /tmp/ddclient_$VAR(@).$PPID" + +end:expression: "if [ -f \"/tmp/ddclient_$VAR(@).$PPID\" ]; then \ + sudo /opt/vyatta/sbin/vyatta-dynamic-dns.pl --stop-dynamicdns --interface $VAR(@) \ + rm /tmp/ddclient_$VAR(@).$PPID; \ + else \ + sudo /opt/vyatta/sbin/vyatta-dynamic-dns.pl --update-dynamicdns --interface $VAR(@); \ + fi; " diff --git a/templates/service/dns/dynamic/interface/node.tag/service/node.def b/templates/service/dns/dynamic/interface/node.tag/service/node.def new file mode 100644 index 00000000..a515351e --- /dev/null +++ b/templates/service/dns/dynamic/interface/node.tag/service/node.def @@ -0,0 +1,23 @@ +tag: +help: Set service being used for Dynamic DNS +type: txt +syntax:expression: exec " + service_array=(dnspark dslreports dyndns easydns namecheap sitelutions zoneedit) + service_array_len=${#service_array[*]} + i=0 + while [ $i -lt $service_array_len ]; do + if [ \"${service_array[$i]}\" == \"$VAR(@)\" ] ; then + exit 0 + fi + let i++ + done + echo Invalid service [$VAR(@)] + exit 1 " + +allowed: local -a array ; + array=(dnspark dslreports dyndns easydns namecheap sitelutions zoneedit); + echo -n ${array[@]} + +commit:expression: $VAR(./@/login) != ""; "Set login for service $VAR(./@) to send DDNS updates for interface $VAR(../@)" +commit:expression: $VAR(./@/password) != ""; "Set password for service $VAR(./@) to send DDNS updates for interface $VAR(../@)" +commit:expression: $VAR(./@/host-name) != ""; "Set atleast one host-name registered with service $VAR(./@) to send DDNS updates for interface $VAR(../@)" diff --git a/templates/service/dns/dynamic/interface/node.tag/service/node.tag/host-name/node.def b/templates/service/dns/dynamic/interface/node.tag/service/node.tag/host-name/node.def new file mode 100644 index 00000000..e104ae8f --- /dev/null +++ b/templates/service/dns/dynamic/interface/node.tag/service/node.tag/host-name/node.def @@ -0,0 +1,3 @@ +multi: +help: Set host-name registered with DDNS service +type: txt diff --git a/templates/service/dns/dynamic/interface/node.tag/service/node.tag/login/node.def b/templates/service/dns/dynamic/interface/node.tag/service/node.tag/login/node.def new file mode 100644 index 00000000..4a6ca920 --- /dev/null +++ b/templates/service/dns/dynamic/interface/node.tag/service/node.tag/login/node.def @@ -0,0 +1,2 @@ +help: Set login for DDNS service +type: txt diff --git a/templates/service/dns/dynamic/interface/node.tag/service/node.tag/password/node.def b/templates/service/dns/dynamic/interface/node.tag/service/node.tag/password/node.def new file mode 100644 index 00000000..9dceae00 --- /dev/null +++ b/templates/service/dns/dynamic/interface/node.tag/service/node.tag/password/node.def @@ -0,0 +1,2 @@ +help: Set password for DDNS service +type: txt diff --git a/templates/service/dns/dynamic/node.def b/templates/service/dns/dynamic/node.def new file mode 100644 index 00000000..d713fc1c --- /dev/null +++ b/templates/service/dns/dynamic/node.def @@ -0,0 +1,2 @@ +help: Configure Dynamic DNS +commit:expression: $VAR(./interface/@@) != ""; "Atleast one interface must be set to send DDNS updates for" diff --git a/templates/service/dns/forwarding/cache-size/node.def b/templates/service/dns/forwarding/cache-size/node.def new file mode 100644 index 00000000..3a73f308 --- /dev/null +++ b/templates/service/dns/forwarding/cache-size/node.def @@ -0,0 +1,4 @@ +type: u32 +default:150 +help: Set DNS forwarding cache size +syntax:expression: ($VAR(@) >=0 && $VAR(@) < 10001) ; "Cache size must be between 0 and 10000" diff --git a/templates/service/dns/forwarding/dhcp/node.def b/templates/service/dns/forwarding/dhcp/node.def new file mode 100644 index 00000000..8ce8c83f --- /dev/null +++ b/templates/service/dns/forwarding/dhcp/node.def @@ -0,0 +1,8 @@ +multi: +type: txt +help: Set to use nameservers received from DHCP server for specified interface +commit:expression: exec "/opt/vyatta/sbin/vyatta-dns-forwarding.pl --dhcp-interface $VAR(@)" +allowed: + local -a array ; + array=( /var/lib/dhcp3/eth* /var/lib/dhcp3/br* ) ; + echo -n ${array[@]##*/} diff --git a/templates/service/dns/forwarding/listen-on/node.def b/templates/service/dns/forwarding/listen-on/node.def new file mode 100644 index 00000000..9510cebe --- /dev/null +++ b/templates/service/dns/forwarding/listen-on/node.def @@ -0,0 +1,20 @@ +multi: +type: txt +help: Set interface to listen for DNS queries +syntax:expression: exec " + intf_array=($(awk '$1 ~ /:/ { print $1 }' /proc/net/dev)) + intf_array_len=${#intf_array[*]} + i=0 + while [ $i -lt $intf_array_len ]; do + temp=${intf_array[$i]%:*} + if [ \"$temp\" == \"$VAR(@)\" ] ; then + exit 0 + fi + let i++ + done + echo Invalid interface [$VAR(@)] + exit 1 " + +allowed: local -a array ; + array=($(awk '$1 ~ /:/ { print $1 }' /proc/net/dev)); + echo -n ${array[@]%:*} diff --git a/templates/service/dns/forwarding/name-server/node.def b/templates/service/dns/forwarding/name-server/node.def new file mode 100644 index 00000000..ad67c6de --- /dev/null +++ b/templates/service/dns/forwarding/name-server/node.def @@ -0,0 +1,3 @@ +multi: +type: ipv4 +help: Set DNS server to forward queries diff --git a/templates/service/dns/forwarding/node.def b/templates/service/dns/forwarding/node.def new file mode 100644 index 00000000..d3c32bb1 --- /dev/null +++ b/templates/service/dns/forwarding/node.def @@ -0,0 +1,9 @@ +help: Configure DNS forwarding +commit:expression: $VAR(./listen-on) != ""; "Atleast one interface must be configured for DNS forwarding parameter 'listen-on'" +delete:expression: "touch /tmp/dnsmasq.$PPID" +end:expression: "if [ -f \"/tmp/dnsmasq.$PPID\" ]; then \ + sudo /opt/vyatta/sbin/vyatta-dns-forwarding.pl --stop-dnsforwarding \ + rm /tmp/dnsmasq.$PPID; \ + else \ + sudo /opt/vyatta/sbin/vyatta-dns-forwarding.pl --update-dnsforwarding; \ + fi; " diff --git a/templates/service/dns/forwarding/system/node.def b/templates/service/dns/forwarding/system/node.def new file mode 100644 index 00000000..e92a7ad6 --- /dev/null +++ b/templates/service/dns/forwarding/system/node.def @@ -0,0 +1,2 @@ +help: Set DNS forwarding to system nameservers +commit:expression: exec "/opt/vyatta/sbin/vyatta-dns-forwarding.pl --system-nameserver" diff --git a/templates/service/dns/node.def b/templates/service/dns/node.def new file mode 100644 index 00000000..d7040d0d --- /dev/null +++ b/templates/service/dns/node.def @@ -0,0 +1 @@ +help: Configure Domain Name Server (DNS) parameters diff --git a/templates/service/ssh/allow-root/node.def b/templates/service/ssh/allow-root/node.def index 9aa98826..87ff1ded 100644 --- a/templates/service/ssh/allow-root/node.def +++ b/templates/service/ssh/allow-root/node.def @@ -1,16 +1,8 @@ -type: txt +type: bool default: false help: Enable/disable root login over ssh -syntax:expression: $VAR(@) in "true", "false" ; "must be true or false" -update: if [ \"$VAR(@)\" == \"true\" ]; then - sudo ed - /etc/ssh/sshd_config <<-"EOF" - /^PermitRootLogin/s/no/yes/ - wq - EOF - else - sudo ed - /etc/ssh/sshd_config <<-"EOF" - /^PermitRootLogin/s/yes/no/ - wq - EOF +update: if [ "$VAR(@)" == "true" ]; + then regex='/^PermitRootLogin/s/no/yes/' + else regex='/^PermitRootLogin/s/yes/no/' fi - /bin/true + sudo sed -i -e "$regex" /etc/ssh/sshd_config diff --git a/templates/system/name-server/node.def b/templates/system/name-server/node.def index 3866e82c..f762a8a1 100644 --- a/templates/system/name-server/node.def +++ b/templates/system/name-server/node.def @@ -1,19 +1,5 @@ multi: type: ipv4 help: Set Domain Name Server (DNS) -update:expression: "sudo sh -c \"touch /etc/resolv.conf && \ -if grep -q '$VAR(@)' /etc/resolv.conf; then \ - exit 0; \ -else \ - mv -f /etc/resolv.conf /etc/old_resolv.conf && \ - echo \\\"nameserver\t $VAR(@)\\\" >> /etc/resolv.conf && \ - cat /etc/old_resolv.conf >> /etc/resolv.conf; \ -fi && \ -if [ -f /etc/ntp.conf ] && grep -q 'server' /etc/ntp.conf; then \ - /usr/sbin/invoke-rc.d ntp restart >&/dev/null; \ -fi\" " -delete:expression: "sudo sh -c \"touch /etc/resolv.conf && \ -sed -i '/$VAR(@)/d' /etc/resolv.conf && \ -if [ -f /etc/ntp.conf ] && grep -q 'server' /etc/ntp.conf; then \ - /usr/sbin/invoke-rc.d ntp restart >&/dev/null; \ -fi\" " +update: sudo /opt/vyatta/sbin/vyatta-system-nameservers update $VAR(@) +delete: sudo /opt/vyatta/sbin/vyatta-system-nameservers delete $VAR(@) diff --git a/templates/system/static-host-mapping/host-name/node.def b/templates/system/static-host-mapping/host-name/node.def index 189025e3..bd9cfab1 100644 --- a/templates/system/static-host-mapping/host-name/node.def +++ b/templates/system/static-host-mapping/host-name/node.def @@ -3,9 +3,14 @@ type: txt help: Set to map DNS names to system interfaces syntax:expression: pattern $VAR(@) "^[-a-zA-Z0-9.]+$" ; "invalid host name $VAR(@)" commit:expression: $VAR(./inet) != ""; "IP address for the static mapping must be set" -end:expression: "sudo sh -c \"\ - touch /etc/hosts; \ - sed -i '/ $VAR(@) .*#vyatta entry/d' /etc/hosts; \ - if [ -z \"$VAR(./inet/@)\" ]; then exit 0; fi; \ - declare -a aliases=( $VAR(alias/@@) ); \ - echo \\\"$VAR(inet/@)\t $VAR(@) \\${aliases[*]} \t #vyatta entry\\\" \ >> /etc/hosts\" " +end: sudo sh -c " + touch /etc/hosts + sed -i '/ $VAR(@) .*#vyatta entry/d' /etc/hosts + if [ -z \"$VAR(./inet/@)\" ]; then + if [ -d /opt/vyatta/config/active/service/dns/forwarding ]; then /etc/init.d/dnsmasq restart >&/dev/null; fi + exit 0 + fi + declare -a aliases=( $VAR(alias/@@) ) + echo -e \"$VAR(inet/@)\\t $VAR(@) \${aliases[*]} \\t #vyatta entry\" >> /etc/hosts + if [ -d /opt/vyatta/config/active/service/dns/forwarding ]; then /etc/init.d/dnsmasq restart >&/dev/null; fi" + diff --git a/templates/system/syslog/console/node.def b/templates/system/syslog/console/node.def index ec620885..7252ad79 100644 --- a/templates/system/syslog/console/node.def +++ b/templates/system/syslog/console/node.def @@ -1 +1,2 @@ help: Set console logging +commit:expression: $VAR(./facility/@@) != ""; "Atleast one facility must be configured to log messages to $VAR(.)" diff --git a/templates/system/syslog/file/node.def b/templates/system/syslog/file/node.def index e2c7759f..a1ac1c4d 100644 --- a/templates/system/syslog/file/node.def +++ b/templates/system/syslog/file/node.def @@ -2,4 +2,4 @@ tag: type: txt help: Set the name of syslog file to save log messages to syntax:expression: pattern $VAR(@) "^[-a-zA-Z0-9_.]+$" ; "invalid file name $VAR(@)" -commit:expression: $VAR(./facility/) != "" || $VAR(./archive/) != ""; "Must specify either facility or archive for syslog file" +commit:expression: $VAR(./@/facility/@@) != ""; "Atleast one facility must be configured to log messages to file $VAR(./@)" diff --git a/templates/system/syslog/global/facility/node.def b/templates/system/syslog/global/facility/node.def index cff98650..8133aebf 100644 --- a/templates/system/syslog/global/facility/node.def +++ b/templates/system/syslog/global/facility/node.def @@ -4,12 +4,12 @@ help: Set facility for system logging syntax:expression: $VAR(@) in "auth", "authpriv", "cron", "daemon", "kern", "lpr", "mail", "mark", "news", "security", "syslog", "user", "uucp", "local0", "local1", "local2", "local3", "local4", "local5", "local6", "local7", "all"; "\"$VAR(@)\" is not a valid logging facility" update:expression: "sudo sh -c \"LVL=`echo -n $VAR(level/@) | tr '[a-z]' '[A-Z]'` && \ FAC='$VAR(@)' ; if [ x\\$FAC == xall ]; then FAC='*'; fi && \ -/opt/vyatta/sbin/vyatta_update_syslog.pl '' '\\/var\\/log\\/messages' \ - \\\"\\$FAC.\\$LVL\t/var/log/messages \n\\\"\" " +/opt/vyatta/sbin/vyatta_update_syslog.pl \\\"\\$FAC\\.\\\" '\\/var\\/log\\/messages' \ + \\\"\\$FAC.\\$LVL\t-/var/log/messages \n\\\"\" " delete:expression: "sudo sh -c \"FAC='$VAR(@)' ; \ if [ x\\$FAC == xall ]; then FAC='*'; fi && \ /opt/vyatta/sbin/vyatta_update_syslog.pl \ - '' '\\/var\\/log\\/messages' '*.warning\t/var/log/messages \n'\" " + \\\"\\$FAC\\.\\\" '\\/var\\/log\\/messages' ''\" " comp_help:Available logging facilities: all All facilities excluding "mark" auth Authentication and authorization diff --git a/templates/system/syslog/global/node.def b/templates/system/syslog/global/node.def index 175d85e1..e5c441a8 100644 --- a/templates/system/syslog/global/node.def +++ b/templates/system/syslog/global/node.def @@ -1 +1,2 @@ help: Set system logging +commit:expression: $VAR(./facility/) != "" || $VAR(./archive/) != ""; "Must specify either facility or archive for syslog file" diff --git a/templates/system/syslog/host/node.def b/templates/system/syslog/host/node.def index 0e757cbc..255fc37b 100644 --- a/templates/system/syslog/host/node.def +++ b/templates/system/syslog/host/node.def @@ -1,3 +1,4 @@ tag: type: txt help: Set IP address or hostname of remote syslog server +commit:expression: $VAR(./@/facility/@@) != ""; "Atleast one facility must be configured to log messages to host $VAR(./@)" diff --git a/templates/system/syslog/node.def b/templates/system/syslog/node.def index 72a82d78..7fd911f7 100644 --- a/templates/system/syslog/node.def +++ b/templates/system/syslog/node.def @@ -1,3 +1,11 @@ -help: Set syslog daemon -delete:expression: "sudo sh -c \"/opt/vyatta/sbin/vyatta_update_syslog.pl \ -'' '\\/var\\/log\\/messages' '*.warning\t/var/log/messages \n'\" " +help: Configure syslog daemon +end: if [ -n "$VAR(./global/facility/@@)" ]; then + # remove the default config for global messages + sudo sh -c "sed -i '/\*\.notice[[:space:]]*-\/var\/log\/messages/d' /etc/syslog.conf" + else + # if not already there then write the default config for global messages + if ! grep -q "\*\.notice[[:space:]]*-/var/log/messages" /etc/syslog.conf; then + sudo sh -c "echo \"*.notice -/var/log/messages\" >> /etc/syslog.conf" + fi + fi + sudo /usr/sbin/invoke-rc.d sysklogd restart diff --git a/templates/system/syslog/user/node.def b/templates/system/syslog/user/node.def index a432f326..eabd7f8f 100644 --- a/templates/system/syslog/user/node.def +++ b/templates/system/syslog/user/node.def @@ -1,5 +1,6 @@ tag: type: txt help: Set logging to specific user's terminal +commit:expression: $VAR(./@/facility/@@) != ""; "Atleast one facility must be configured to log messages to user $VAR(./@)" comp_help: Possible completions: <username> Send log messages to this user's terminal |