diff options
46 files changed, 699 insertions, 474 deletions
diff --git a/Makefile.am b/Makefile.am index c3aea76e..2d109577 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,8 @@ -cfgdir = $(datadir)/vyatta-cfg/templates -share_perl5dir = /opt/vyatta/share/perl5 +cfgdir = $(datadir)/vyatta-cfg/templates +share_perl5dir = $(datarootdir)/perl5 +libudevdir = /lib/udev +etcudevdir = /etc/udev +initddir = /etc/init.d bin_SCRIPTS = sbin_SCRIPTS = @@ -21,6 +24,10 @@ sbin_SCRIPTS += scripts/keepalived/vyatta-keepalived.pl sbin_SCRIPTS += scripts/keepalived/vyatta-vrrp-state.pl sbin_SCRIPTS += scripts/keepalived/vyatta-show-vrrp.pl sbin_SCRIPTS += scripts/telnetd.init +sbin_SCRIPTS += scripts/add_bootfile_eth_hwid +sbin_SCRIPTS += scripts/mod_bootfile_eth_hwid + +noinst_DATA = test_bootfile share_perl5_DATA = scripts/keepalived/VyattaKeepalived.pm @@ -30,6 +37,11 @@ sysconf_DATA += sysconf/syslog.conf sysconf_DATA += sysconf/default_ssh sysconf_DATA += sysconf/config.boot.default +libudev_SCRIPTS = scripts/vyatta_net_name +etcudev_DATA = sysconf/vyatta-net.rules + +initd_SCRIPTS = etc/init.d/vyatta-udev + cpiop = find . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \ cpio -0pd diff --git a/debian/control b/debian/control index 88938b4a..d950155d 100644 --- a/debian/control +++ b/debian/control @@ -12,8 +12,8 @@ Depends: bash (>= 3.1), perl (>= 5.8.8), procps (>= 1:3.2.7-3), coreutils (>= 5.97-5.3), - vyatta-cfg, sysv-rc, ifrename, ntp, sysklogd, busybox, ssh, whois, sudo, - snmpd, keepalived, vyatta-bash + vyatta-cfg, sysv-rc, ntp, sysklogd, busybox, ssh, whois, sudo, + snmpd, keepalived, vyatta-bash, bridge-utils Suggests: util-linux (>= 2.13-5), net-tools, ethtool, diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index eae046f7..b747b786 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -11,71 +11,46 @@ for init in ntp ssh snmpd keepalived ipvsadm; do update-rc.d -f ${init} remove >/dev/null done -# create symlinks -for bb in telnetd telnet tftp ftpget ftpput; do - ln -sf /bin/busybox ${sbindir}/${bb} -done -ln -sf ${bindir}/progress-indicator /usr/bin/progress-indicator +case `grep '^RULES_FILE=' /lib/udev/write_net_rules` in +*z25_persistent-net.rules* ) + vyatta_net_rules=z24_vyatta-net.rules;; +*70-persistent-net.rules* ) + vyatta_net_rules=69-vyatta-net.rules;; +* ) + vyatta_net_rules=21-vyatta-net.rules;; +esac -if [ "$sysconfdir" != "/etc" ]; then - # remove the config files and replace with blank ones - for conf in motd.tail ntp.conf syslog.conf logrotate.d/messages \ - default/ssh ssh/ssh_host_key quagga/daemons quagga/zebra.conf \ - quagga/bgpd.conf quagga/ospfd.conf quagga/ospf6d.conf \ - quagga/ripd.conf quagga/ripngd.conf quagga/isisd.conf \ - snmp/snmpd.conf snmp/snmptrapd.conf keepalived/keepalived.conf \ - ipvsadm.rules default/ipvsadm resolv.conf - do - [ -f /etc/$conf ] && mv -f /etc/$conf /etc/$conf.vyatta-save - touch /etc/$conf - done +ln -sf ../vyatta-net.rules /etc/udev/rules.d/$vyatta_net_rules - # use our config files - for conf in motd.tail syslog.conf; do - cp $sysconfdir/$conf /etc/$conf - done - cp $sysconfdir/logrotate_messages /etc/logrotate.d/messages - cp $sysconfdir/default_ssh /etc/default/ssh +update-rc.d vyatta-udev start 21 S . - # sudoers - [ -f /etc/sudoers ] && cp -pf /etc/sudoers /etc/sudoers.vyatta-save - - # for "admin" level (FIXME) - sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers - if ! grep -q '^%sudo ALL=NOPASSWD: ALL' /etc/sudoers; then - echo -e "\n%sudo ALL=NOPASSWD: ALL" >> /etc/sudoers - fi +if [ "$sysconfdir" != "/etc" ]; then + # for "admin" level (FIXME) + sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers + if ! grep -q '^%sudo ALL=NOPASSWD: ALL' /etc/sudoers; then + echo -e "\n%sudo ALL=NOPASSWD: ALL" >> /etc/sudoers + fi - # for "users" level - if ! grep -q "^%users ALL=NOPASSWD: ${bindir}/sudo-users/" /etc/sudoers; then - echo -e "\n%users ALL=NOPASSWD: ${bindir}/sudo-users/" >> /etc/sudoers - fi - - # keep env vars - echo "Defaults env_keep+=VYATTA_*" >> /etc/sudoers - - # ssh v1. remove the empty key file - rm /etc/ssh/ssh_host_key - - # remove unnecessary files - rm /etc/logrotate.d/*.vyatta-save >& /dev/null - - # quagga/daemons - sed 's/zebra=no/zebra=yes/' /etc/quagga/daemons.vyatta-save > /etc/quagga/daemons - sed -i 's/bgpd=no/bgpd=yes/' /etc/quagga/daemons - sed -i 's/ospfd=no/ospfd=yes/' /etc/quagga/daemons - sed -i 's/ripd=no/ripd=yes/' /etc/quagga/daemons - - echo "log syslog warnings" >> /etc/quagga/bgpd.conf - echo "log syslog warnings" >> /etc/quagga/isisd.conf - echo "log syslog warnings" >> /etc/quagga/ospf6d.conf - echo "log syslog warnings" >> /etc/quagga/ospf.conf - echo "log syslog warnings" >> /etc/quagga/ripd.conf - echo "log syslog warnings" >> /etc/quagga/ripngd.conf - echo "log syslog warnings" >> /etc/quagga/zebra.conf - - # add temporary version - echo "Version : eureka (beta)" > $sysconfdir/version + # for "users" level + if ! grep -q "^%users ALL=NOPASSWD: ${bindir}/sudo-users/" /etc/sudoers; then + echo -e "\n%users ALL=NOPASSWD: ${bindir}/sudo-users/" >> /etc/sudoers + fi + + # keep env vars + if ! grep -q 'env_keep+=VYATTA_*' /etc/sudoers ; then + echo "Defaults env_keep+=VYATTA_*" >> /etc/sudoers + fi + + # quagga/daemons + sed -i 's/zebra=no/zebra=yes/' /etc/quagga/daemons + sed -i 's/bgpd=no/bgpd=yes/' /etc/quagga/daemons + sed -i 's/ospfd=no/ospfd=yes/' /etc/quagga/daemons + sed -i 's/ripd=no/ripd=yes/' /etc/quagga/daemons + + echo "log syslog warnings" >> /etc/quagga/Quagga.conf + + # add temporary version + echo "Version : eureka (beta)" > $sysconfdir/version fi # update crontab for logrotate @@ -91,3 +66,7 @@ mkdir -p /var/log/{user,vrrpd} touch /etc/environment +# Local Variables: +# mode: shell-script +# sh-indentation: 4 +# End: diff --git a/debian/vyatta-cfg-system.postrm b/debian/vyatta-cfg-system.postrm new file mode 100644 index 00000000..d668f55d --- /dev/null +++ b/debian/vyatta-cfg-system.postrm @@ -0,0 +1,10 @@ +#!/bin/bash + +if [ "$1" = "purge" ]; then + rm -f /etc/udev/rules.d/*vyatta-net.rules +fi + +# Local Variables: +# mode: shell-script +# sh-indentation: 4 +# End: diff --git a/etc/init.d/vyatta-udev b/etc/init.d/vyatta-udev new file mode 100755 index 00000000..5c2c1d37 --- /dev/null +++ b/etc/init.d/vyatta-udev @@ -0,0 +1,58 @@ +#!/bin/bash +### BEGIN INIT INFO +# Provides: vyatta-udev +# Required-Start: udev module-init-tools +# Required-Stop: +# Default-Start: S +# Default-Stop: +# Short-Description: Trigger udev net subsystem to process interface renaming +### END INIT INFO +# **** License **** +# Version: VPL 1.0 +# +# The contents of this file are subject to the Vyatta Public License +# Version 1.0 ("License"); you may not use this file except in +# compliance with the License. You may obtain a copy of the License at +# http://www.vyatta.com/vpl +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +# the License for the specific language governing rights and limitations +# under the License. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Tom Grennan <tgrennan@vyatta.com> +# **** End License **** + +. /lib/lsb/init-functions + +: ${vyatta_env:=/etc/default/vyatta} +source $vyatta_env + +declare progname=${0##*/} +declare action=$1; shift + +start () +{ + log_action_begin_msg "Trigger rename of network interfaces" + udevtrigger --subsystem-match=net + udevsettle + log_action_end_msg $? +} + +case "$action" in + start) start ;; + stop|restart|force-reload) true ;; + *) log_failure_msg "usage: $progname [ start|stop|restart ]" ; + false ;; +esac + +exit $? + +# Local Variables: +# mode: shell-script +# sh-indentation: 4 +# End: diff --git a/scripts/add_bootfile_eth_hwid b/scripts/add_bootfile_eth_hwid new file mode 100755 index 00000000..2a9cc69c --- /dev/null +++ b/scripts/add_bootfile_eth_hwid @@ -0,0 +1,30 @@ +#!/bin/bash + +# add ethnet interface sub-block to configure file + +shopt -s extglob + +if [[ "$*" == *--help* ]] ; then + echo ${0##*/} [test_]FILE INTERFACE HWID + exit 0 +fi + +if [[ "$1" == test_* ]] ; then + origfile=$1 + bootfile=/tmp/${1##*/}_$$ + cp $origfile $bootfile + trap "diff -c $origfile $bootfile; rm -f $bootfile; exit 0" $? +else + origfile= + bootfile=$1 +fi +eth=$2 +hwid=$3 + +sed -i '/^interfaces {$/,/^}$/ { + /^}$/i\ + ethernet '"$eth"' {\ + hw-id: '"$hwid"'\ + link-detect\ + } + }' $bootfile diff --git a/scripts/init-floppy b/scripts/init-floppy index 6d67965b..0f12c0ba 100755 --- a/scripts/init-floppy +++ b/scripts/init-floppy @@ -32,10 +32,15 @@ else DRIVE="/dev/fd0" fi +failure () +{ + echo "$*" + exit 1 +} + # Look and see if we have a floopy drive if sed -n '/[0-9]\+ fd$/ { q 1 }' /proc/devices || [ ! -e $DRIVE ] ; then - echo "No floppy device" - exit 1 + failure "No floppy device" fi echo "This will erase all data on floppy $DRIVE." @@ -48,6 +53,8 @@ fi fd=/media/floppy +unbind_notice="\rUnbinding config from floppy...\c" +unbind__error="\rError: Couldn't unbind ${vyatta_sysconfdir}/config." umount_notice="\rAttempting to unmount floppy...\c" umount__error="\rError: Couldn't unmount $DRIVE." format_notice="\rFormatting floppy $DRIVE... \c" @@ -64,51 +71,40 @@ saved__notice="\rYour configuration was saved in: $fd/config/config.boot" mkdir -p $fd -if mount | grep -q $fd/config ; then - umount $fd/config +if grep -q "$DRIVE ${vyatta_sysconfdir}/config" /proc/mounts ; then + echo "$unbind_notice" + /bin/umount ${vyatta_sysconfdir}/config &>/dev/null || \ + failure $unbind__error fi if grep -q $DRIVE /proc/mounts ; then echo "$umount_notice" - if ! /bin/umount $fd >/dev/null 2>&1 ; then - echo "$umount__error" - exit - fi + /bin/umount $fd &>/dev/null || \ + failure "$umount__error" fi echo "$format_notice" -if ! /usr/bin/fdformat -n $DRIVE >/dev/null 2>&1 ; then - echo "$format__error" - exit -fi +/usr/bin/fdformat -n $DRIVE &>/dev/null || \ + failure "$format__error" echo "$create_notice" -if ! /sbin/mke2fs -q $DRIVE >/dev/null 2>&1 ; then - echo "$create__error" - exit -fi +/sbin/mke2fs -q $DRIVE &>/dev/null || \ + failure "$create__error" echo "$mount__notice" -if ! /bin/mount /dev/fd0 $fd -t ext2 -o sync >/dev/null 2>&1 ; then - echo "$mount___error" - exit -fi +/bin/mount /dev/fd0 $fd -t ext2 -o sync &>/dev/null || \ + failure "$mount___error" /bin/mkdir $fd/config /bin/chmod 777 $fd/config echo "$config_notice" -if ! ${vyatta_sbindir}/vyatta-save-config.pl $fd/config/config.boot >/dev/null -then - echo "$config__error" - exit -fi +${vyatta_sbindir}/vyatta-save-config.pl $fd/config/config.boot &>/dev/null || \ + failure "$config__error" echo "$bind___notice" -if ! /bin/mount -o bind $fd/config ${vyatta_sysconfdir}/config 2>&1 ; then - echo "$bind____error" - exit -fi +/bin/mount -o bind $fd/config ${vyatta_sysconfdir}/config &>/dev/null || \ + failure "$bind____error" echo "$saved__notice" diff --git a/scripts/install-system.in b/scripts/install-system.in index 4c31b2ad..c4e46217 100755 --- a/scripts/install-system.in +++ b/scripts/install-system.in @@ -843,7 +843,7 @@ unmount () { progress_indicator () { case "$1" in - "start") /usr/bin/progress-indicator $SPID & + "start") $bindir/progress-indicator $SPID & ;; "stop") rm -f /tmp/pi.$SPID sleep 1 diff --git a/scripts/keepalived/VyattaKeepalived.pm b/scripts/keepalived/VyattaKeepalived.pm index c2d446e4..e0e84af3 100755 --- a/scripts/keepalived/VyattaKeepalived.pm +++ b/scripts/keepalived/VyattaKeepalived.pm @@ -129,6 +129,17 @@ sub get_state_files { return @state_files; } +sub get_vips_per_intf { + my ($intf) = @_; + + my $config = new VyattaConfig; + my @groups = (); + + $config->setLevel("interfaces ethernet $intf vrrp vrrp-group"); + @groups = $config->listOrigNodes(); + return scalar(@groups); +} + sub vrrp_get_config { my ($intf, $group) = @_; @@ -144,8 +155,8 @@ sub vrrp_get_config { $primary_addr = $1; } - $config->setLevel("interfaces ethernet $intf vrrp"); - my $vip = $config->returnOrigValue("virtual-address"); + $config->setLevel("interfaces ethernet $intf vrrp vrrp-group $group"); + my @vips = $config->returnOrigValues("virtual-address"); my $priority = $config->returnOrigValue("priority"); if (!defined $priority) { $priority = 1; @@ -165,7 +176,7 @@ sub vrrp_get_config { } else { $auth_type = uc($auth_type); } - return ($primary_addr, $vip, $priority, $preempt, $advert_int, $auth_type); + return ($primary_addr, $priority, $preempt, $advert_int, $auth_type, @vips); } sub vrrp_state_parse { diff --git a/scripts/keepalived/vyatta-keepalived.pl b/scripts/keepalived/vyatta-keepalived.pl index 15346855..e9df03df 100755 --- a/scripts/keepalived/vyatta-keepalived.pl +++ b/scripts/keepalived/vyatta-keepalived.pl @@ -38,72 +38,75 @@ use warnings; sub keepalived_get_values { my ($intf) = @_; - my $output; + my $output = ''; my $config = new VyattaConfig; - $config->setLevel("interfaces ethernet $intf vrrp"); - my $group = $config->returnValue("vrrp-group"); - if (!defined $group) { - $group = 1; - } - my $vip = $config->returnValue("virtual-address"); - if (!defined $vip) { - print "must define a virtual-address for vrrp-group $group\n"; - exit 1; - } - my $priority = $config->returnValue("priority"); - if (!defined $priority) { - $priority = 1; - } - my $preempt = $config->returnValue("preempt"); - if (!defined $preempt) { - $preempt = "true"; - } - my $advert_int = $config->returnValue("advertise-interval"); - if (!defined $advert_int) { - $advert_int = 1; - } - $config->setLevel("interfaces ethernet $intf vrrp authentication"); - my $auth_type = $config->returnValue("type"); - my $auth_pass; - if (defined $auth_type) { - $auth_type = uc($auth_type); - $auth_pass = $config->returnValue("password"); - if (! defined $auth_pass) { - print "vrrp authentication password not set"; + my $state_transition_script = VyattaKeepalived::get_state_script(); + + $config->setLevel("interfaces ethernet $intf vrrp vrrp-group"); + my @groups = $config->listNodes(); + foreach my $group (@groups) { + $config->setLevel("interfaces ethernet $intf vrrp vrrp-group $group"); + my @vips = $config->returnValues("virtual-address"); + if (scalar(@vips) == 0) { + print "must define a virtual-address for vrrp-group $group\n"; exit 1; } - } - my $state_transition_script = VyattaKeepalived::get_state_script(); + my $priority = $config->returnValue("priority"); + if (!defined $priority) { + $priority = 1; + } + my $preempt = $config->returnValue("preempt"); + if (!defined $preempt) { + $preempt = "true"; + } + my $advert_int = $config->returnValue("advertise-interval"); + if (!defined $advert_int) { + $advert_int = 1; + } + $config->setLevel("interfaces ethernet $intf vrrp vrrp-group $group authentication"); + my $auth_type = $config->returnValue("type"); + my $auth_pass; + if (defined $auth_type) { + $auth_type = uc($auth_type); + $auth_pass = $config->returnValue("password"); + if (! defined $auth_pass) { + print "vrrp authentication password not set"; + exit 1; + } + } - $output = "vrrp_instance vyatta-$intf-$group \{\n"; - if ($preempt eq "false") { - $output .= "\tstate BACKUP\n"; - } else { - $output .= "\tstate MASTER\n"; + $output .= "vrrp_instance vyatta-$intf-$group \{\n"; + if ($preempt eq "false") { + $output .= "\tstate BACKUP\n"; + } else { + $output .= "\tstate MASTER\n"; } - $output .= "\tinterface $intf\n"; - $output .= "\tvirtual_router_id $group\n"; - $output .= "\tpriority $priority\n"; - if ($preempt eq "false") { - $output .= "\tnopreempt\n"; - } - $output .= "\tadvert_int $advert_int\n"; - if (defined $auth_type) { - $output .= "\tauthentication {\n"; - $output .= "\t\tauth_type $auth_type\n"; - $output .= "\t\tauth_pass $auth_pass\n\t}\n"; + $output .= "\tinterface $intf\n"; + $output .= "\tvirtual_router_id $group\n"; + $output .= "\tpriority $priority\n"; + if ($preempt eq "false") { + $output .= "\tnopreempt\n"; + } + $output .= "\tadvert_int $advert_int\n"; + if (defined $auth_type) { + $output .= "\tauthentication {\n"; + $output .= "\t\tauth_type $auth_type\n"; + $output .= "\t\tauth_pass $auth_pass\n\t}\n"; + } + $output .= "\tvirtual_ipaddress \{\n"; + foreach my $vip (@vips) { + $output .= "\t\t$vip\n"; + } + $output .= "\t\}\n"; + $output .= "\tnotify_master "; + $output .= "\"$state_transition_script master $intf $group @vips\" \n"; + $output .= "\tnotify_backup "; + $output .= "\"$state_transition_script backup $intf $group @vips\" \n"; + $output .= "\t notify_fault "; + $output .= "\"$state_transition_script fault $intf $group @vips\" \n"; + $output .= "\}\n"; } - $output .= "\tvirtual_ipaddress \{\n"; - $output .= "\t\t$vip\n"; - $output .= "\t\}\n"; - $output .= "\tnotify_master "; - $output .= "\"$state_transition_script master $intf $group $vip\" \n"; - $output .= "\tnotify_backup "; - $output .= "\"$state_transition_script backup $intf $group $vip\" \n"; - $output .= "\t notify_fault "; - $output .= "\"$state_transition_script fault $intf $group $vip\" \n"; - $output .= "\}\n"; return $output; } diff --git a/scripts/keepalived/vyatta-show-vrrp.pl b/scripts/keepalived/vyatta-show-vrrp.pl index 6540eaf5..934808f6 100755 --- a/scripts/keepalived/vyatta-show-vrrp.pl +++ b/scripts/keepalived/vyatta-show-vrrp.pl @@ -81,7 +81,7 @@ sub link_updown { } sub get_master_info { - my ($intf, $group, $vip) = @_; + my ($intf, $group) = @_; my $file = VyattaKeepalived::get_master_file($intf, $group); if ( -f $file) { @@ -113,18 +113,27 @@ sub vrrp_show { VyattaKeepalived::vrrp_state_parse($file); my $link = link_updown($intf); if ($state eq "master" || $state eq "backup" || $state eq "fault") { - my ($primary_addr, $vip, $priority, $preempt, $advert_int, $auth_type) = - VyattaKeepalived::vrrp_get_config($intf, $group); + my ($primary_addr, $priority, $preempt, $advert_int, $auth_type, + @vips) = VyattaKeepalived::vrrp_get_config($intf, $group); print "Physical interface: $intf, Address $primary_addr\n"; print " Interface state: $link, Group $group, State: $state\n"; print " Priority: $priority, Advertisement interval: $advert_int, "; print "Authentication type: $auth_type\n"; - print " Preempt: $preempt, VIP count: 1, VIP: $vip\n"; + my $vip_count = scalar(@vips); + my $string = " Preempt: $preempt, VIP count: $vip_count, VIP: "; + my $strlen = length($string); + print $string; + foreach my $vip (@vips) { + if ($vip_count != scalar(@vips)) { + print " " x $strlen; + } + print "$vip\n"; + $vip_count--; + } if ($state eq "master") { print " Master router: $primary_addr\n"; } elsif ($state eq "backup") { - my ($master_rtr, $master_prio) = get_master_info($intf, - $group, $vip); + my ($master_rtr, $master_prio) = get_master_info($intf, $group); print " Master router: $master_rtr, "; print "Master Priority: $master_prio\n"; } diff --git a/scripts/mod_bootfile_eth_hwid b/scripts/mod_bootfile_eth_hwid new file mode 100755 index 00000000..b913d121 --- /dev/null +++ b/scripts/mod_bootfile_eth_hwid @@ -0,0 +1,37 @@ +#!/bin/bash + +# modify interface sub-block + +shopt -s extglob + +if [[ "$*" == *--help* ]] ; then + echo ${0##*/} [test_]FILE INTERFACE HWID + exit 0 +fi + +if [[ "$1" == test_* ]] ; then + origfile=$1 + bootfile=/tmp/${1##*/}_$$ + cp $origfile $bootfile + trap "diff -c $origfile $bootfile; rm -f $bootfile; exit 0" $? +else + origfile= + bootfile=$1 +fi +eth=$2 +hwid=$3 + +sed -i '/^interfaces {$/,/^}$/ { + /^ ethernet '"$eth"' {$/ { + :join + /\n }$/ { + /hw-id: / s/\(hw-id:\) [0-9a-fA-F:]\+/\1 '"$hwid"'/ + /hw-id: /! s/}$/ hw-id: '"$hwid"'\n }/ + /link-detect/! s/}$/ link-detect\n }/ + b + } + N + b join + } +}' $bootfile + diff --git a/scripts/rl-system.init b/scripts/rl-system.init index 779a7610..96f648c1 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -24,248 +24,24 @@ ACTION=$1 -[[ $PATH == *${ofr_bindir}* ]] || PATH+=:${ofr_bindir} -[[ $PATH == *${ofr_sbindir}* ]] || PATH+=:${ofr_sbindir} +source /etc/default/vyatta + +: ${vyatta_prefix:=/opt/vyatta} +: ${vyatta_bindir:=${vyatta_prefix}/bin} +: ${vyatta_sbindir:=${vyatta_prefix}/sbin} +: ${vyatta_sysconfdir:=${vyatta_prefix}/etc} + +[[ $PATH == *${vyatta_bindir}* ]] || PATH+=:${vyatta_bindir} +[[ $PATH == *${vyatta_sbindir}* ]] || PATH+=:${vyatta_sbindir} export PATH . /lib/lsb/init-functions -IPROUTE2IP=ip -INIT_PID=$$ -IFTAB=/etc/iftab - ## BOOTFILE is provided by ofr.init : ${BOOTFILE:=$prefix/etc/config/config.boot} -declare -a cfg_eth_hwid -declare -a sys_eth_mac -declare -a sys_vmnets - -# load hwid array from config file as follows -# interface { -# ... -# ethernet eth# { -# ... -# hw-id: XX:XX:XX:XX:XX:XX -# ... -# } -# } -# -# cfg_eth_hwid[#]=xx:xx:xx:xx:xx:xx - -load_cfg_eth_hwid () -{ - eval $( sed -n ' - /^interfaces {/,/^}/ { - /^ *ethernet eth[0-9]* {/,/^ $/ { - /^ *ethernet/ { - s/.* eth\([0-9]\+\) {$/cfg_eth_hwid[\1]=/ -# hold interface name - h - } - /^.*hw-id:/ { -# translate field name - s/.*hw-id: *// -# tolower hex mac address - y/ABCDEF/abcdef/ -# exchange hold and pattern space - x -# concatenate hold and pattern - G - s/\n//p - } - } - }' $BOOTFILE ) -} - -# load system eth mac tabled from ip link - -load_sys_eth_mac () -{ - eval $( ip link show | sed -n ' - /^[0-9]*: eth[0-9]*: /,+1 { -# combine 2 line interface output... -# 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 -# link/ether 00:13:72:57:48:f9 brd ff:ff:ff:ff:ff:ff - h - n - x - G - s/\n// -# translate to: -# #=00:13:72:57:48:f9 - s/^.*eth\([0-9]\+\):.*link\/ether \([0-9A-Fa-f:]\+\) .*$/sys_eth_mac[\1]=\2/p - }' ) -} - -load_sys_vmnets () -{ - sys_vmnets=( $( ip link show | - sed -n 's/^[0-9]*: \(vmnet[0-9]*\).*$/\1/p' ) ) -} - - -have_cfg_eth_hwid () -{ - local mac=$1 - - for hwid in ${cfg_eth_hwid[@]} ; do - [ $hwid == $mac ] && return 0 - done - false -} - -have_sys_eth_mac () -{ - local hwid=$1 - - for mac in ${sys_eth_mac[@]} ; do - [ $hwid == $mac ] && return 0 - done - false -} - -# update cfg table with results from system mac detection -# first remove cfg itfs that are no longer in sys table -# if sys mac is already in cfg table, use cfg itf assignment; -# if sys mac isnot in cfg table but given index has hwid of -# another sys itf, add to cfg table in first available slot -# otherwise, [re-]assign cfg eth hwid with sys mac - -update_cfg_eth_hwid () -{ - local -i i - - for i in ${!cfg_eth_hwid[@]} ; do - if ! have_sys_eth_mac ${cfg_eth_hwid[$i]} ; then - unset cfg_eth_hwid[$i] - fi - done - for i in ${!sys_eth_mac[@]} ; do - if ! have_cfg_eth_hwid ${sys_eth_mac[$i]} ; then - if [ -n "${cfg_eth_hwid[$i]}" ] ; then - # cfg[#] has mac of another sys itf; - # so, add another cfg itf for this mac - # to the first available slot - for (( j=0 ; true ; j++ )) ; do - if [ -z "${cfg_eth_hwid[$j]}" ] ; then - cfg_eth_hwid[$j]=${sys_eth_mac[$i]} - break 1 - fi - done - else - cfg_eth_hwid[$i]=${sys_eth_mac[$i]} - fi - fi - done -} - -write_iftab () -{ - local -i i - - rm -f $IFTAB - for i in ${!cfg_eth_hwid[@]} ; do - echo "etha$i mac ${cfg_eth_hwid[$i]}" >> $IFTAB - done -} - -write_iftab_real () -{ - local -i i - - rm -f $IFTAB - for i in ${!cfg_eth_hwid[@]} ; do - echo "eth$i mac ${cfg_eth_hwid[$i]}" >> $IFTAB - done -} - -mod_bootfile_eth_hwid () -{ - local eth=$1 hwid=$2 - - sed -i '/^interfaces {$/,/^}/ { - /^ ethernet '"$eth"' {$/,/^ }$/ { - /^ *hw-id/c\ - hw-id: '"$hwid"' - }}' $BOOTFILE -} - -add_bootfile_eth_hwid () -{ - local eth=$1 hwid=$2 - - sed -i '/^interfaces {$/,/^}$/ { - /^}$/i\ - ethernet '"$eth"' {\ - hw-id: '"$hwid"'\ - } - }' $BOOTFILE -} - -add_bootfile_eth_linkdetect () -{ - local eth=$1 - - sed -i '/^interfaces {$/,/^}$/ { - /^}$/i\ - ethernet '"$eth"' {\ - link-detect\ - } - }' $BOOTFILE -} - -update_bootfile_eths () -{ - local -i i - - for i in ${!cfg_eth_hwid[@]} ; do - if grep -q "ethernet eth$i {" $BOOTFILE ; then - mod_bootfile_eth_hwid eth$i ${cfg_eth_hwid[$i]} - else - add_bootfile_eth_hwid eth$i ${cfg_eth_hwid[$i]} - add_bootfile_eth_linkdetect eth$i - fi - done -} - -add_bootfile_vmnet () -{ - local vmnet=$1 - - sed -i '/^interfaces {/,/^}$/ { - /^}$/i\ - ethernet '"$vmnet"' {\ - } - }' $BOOTFILE -} - -update_bootfile_vmnets () -{ - for vmnet in ${sys_vmnets[@]} ; do - if ! grep -q "ethernet $vmnet {" $BOOTFILE ; then - add_bootfile_vmnet $vmnet - fi - done -} - -itfmess () -{ - load_cfg_eth_hwid - load_sys_eth_mac - load_sys_vmnets - update_cfg_eth_hwid - write_iftab - update_bootfile_eths - update_bootfile_vmnets -} - -maybe_ifrename () { - if [ -e $IFTAB ] ; then - ifrename -d -p - fi -} +shopt -s extglob nullglob search_config_if_wan () { grep "\<serial\>.*\<$1\>" $BOOTFILE >/dev/null @@ -290,56 +66,72 @@ add_new_serial_if () { fi } -reset_promiscous_arp_response () { +proc_flags () +{ + # reset_promiscous_arp_response echo 1 > /proc/sys/net/ipv4/conf/default/arp_filter -} - -set_ip_forwarding () { + # set_ip_forwarding echo 1 > /proc/sys/net/ipv4/ip_forward -} -## if a primary address is removed from an interface promote and -## secondary available -set_promote_secondaries () { + # if a primary address is removed from an interface promote and + # secondary available echo 1 > /proc/sys/net/ipv4/conf/all/promote_secondaries } ## Update the version information update_version_info () { - if [ -f ${ofr_sysconfdir}/version.master ]; then - cp ${ofr_sysconfdir}/version.master ${ofr_sysconfdir}/version + if [ -f ${vyatta_sysconfdir}/version.master ]; then + cp ${vyatta_sysconfdir}/version.master ${vyatta_sysconfdir}/version fi } ## Clear out apt config file--it will be filled in by rtrmgr clear_apt_config() { - >/etc/apt/sources.list + cat /dev/null >/etc/apt/sources.list || true } ## snmp should be a separate package, ## but for now load the kernel module here add_snmp_stats_module() { - modprobe ipt_rlsnmpstats + modprobe ipt_rlsnmpstats || true } set_reboot_on_panic() { - echo 1 > /proc/sys/kernel/panic_on_oops - echo 60 > /proc/sys/kernel/panic + echo 1 > /proc/sys/kernel/panic_on_oops + echo 60 > /proc/sys/kernel/panic +} + +clear_or_override_config_files () +{ + for conf in motd.tail ntp.conf syslog.conf logrotate.d/messages \ + snmp/snmpd.conf snmp/snmptrapd.conf keepalived/keepalived.conf \ + ipvsadm.rules default/ipvsadm resolv.conf + do + if [ -f /etc/$conf ] ; then + cat /dev/null > /etc/$conf || true + fi + done + for conf in motd.tail syslog.conf; do + cp $vyatta_sysconfdir/$conf /etc/$conf + done + cp $vyatta_sysconfdir/logrotate_messages /etc/logrotate.d/messages + cp $vyatta_sysconfdir/default_ssh /etc/default/ssh + # ssh v1. remove the empty key file + rm -f /etc/ssh/ssh_host_key } start () { - set_reboot_on_panic - itfmess - maybe_ifrename - write_iftab_real - maybe_ifrename - add_new_serial_if - reset_promiscous_arp_response - set_ip_forwarding - set_promote_secondaries + clear_or_override_config_files || \ + log_failure_msg "can\'t reset config files" + set_reboot_on_panic || \ + log_failure_msg "can\'t set reboot on panic" + add_new_serial_if || \ + log_failure_msg "can\'t add serial interfaces" + proc_flags || \ + log_failure_msg "can\'t reset proc flags" update_version_info clear_apt_config add_snmp_stats_module @@ -354,7 +146,6 @@ esac exit $? - # Local Variables: # mode: shell-script # sh-indentation: 4 diff --git a/scripts/vyatta_net_name b/scripts/vyatta_net_name new file mode 100755 index 00000000..43c71c1d --- /dev/null +++ b/scripts/vyatta_net_name @@ -0,0 +1,153 @@ +#!/bin/bash +# **** License **** +# Version: VPL 1.0 +# +# The contents of this file are subject to the Vyatta Public License +# Version 1.0 ("License"); you may not use this file except in +# compliance with the License. You may obtain a copy of the License at +# http://www.vyatta.com/vpl +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +# the License for the specific language governing rights and limitations +# under the License. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Tom Grennan <tgrennan@vyatta.com> +# Description: search Vyatta config for interface name given address +# +# **** End License **** + +debug= +match= +attr_address=0:0:0:0:0:0 +declare -i ethn=0 last_ethn=0 + +test -r /etc/default/vyatta && source /etc/default/vyatta + +# process command line variable overrides + +for arg ; do + case "$arg" in + --debug ) + debug=echo + ;; + --*=* ) + arg=${arg#--} + eval ${arg%=*}=\"${arg#*=}\" + ;; + *=* ) + eval ${arg%=*}=\"${arg#*=}\" + ;; + *:*:*:*:*:* ) + attr_address=$arg + ;; + * ) + kname=$arg + ;; + esac +done + +: ${vyatta_prefix:=/opt/vyatta} +: ${vyatta_sbindir:=${vyatta_prefix}/sbin} +: ${vyatta_sysconfdir:=${vyatta_prefix}/etc} +: ${BOOTFILE:=${vyatta_sysconfdir:-/opt/vyatta/etc}/config/config.boot} +: ${DEFAULT_BOOTFILE:=${vyatta_sysconfdir:-/opt/vyatta/etc}/config.boot.default} + +if [ ! -f $BOOTFILE ] ; then + cp $DEFAULT_BOOTFILE $BOOTFILE + chgrp quaggavty $BOOTFILE + chmod 660 $BOOTFILE +fi + +shopt -s extglob nullglob + +# load cfg_eth_hwid array from config file as follows +# interface { +# ... +# ethernet eth# { +# ... +# hw-id: XX:XX:XX:XX:XX:XX +# ... +# } +# } +# +# cfg_eth_hwid=( "eth#=xx:xx:xx:xx:xx:xx" ... ) + +declare -a cfg_net_hwid=( $( sed -ne ' + /^interfaces {/,/^}/ { + /^ *ethernet eth[0-9]* {/,/^ $/ { + /^ *ethernet/ { + s/.* eth\([0-9]\+\) {$/ eth\1=/ +# hold interface name + h + } + /^.*hw-id:/ { +# translate field name + s/.*hw-id: *// +# tolower hex mac address + y/ABCDEF/abcdef/ +# exchange hold and pattern space + x +# concatenate hold and pattern + G + s/\n//p + } + } + }' $BOOTFILE )) + +for name_hwid in ${cfg_net_hwid[@]} ; do + name=${name_hwid%=*} + hwid=${name_hwid#*=} + ethn=${name/eth/} + [[ $ethn -gt $last_ethn ]] && \ + last_ethn=$ethn + if [ "$hwid" == "$attr_address" ] ; then + # we mod the config file interface sub-clock in case it is missing + # "link-detect" + [[ "$BOOTFILE" != *test_* ]] && \ + ${vyatta_sbindir}/mod_bootfile_eth_hwid $BOOTFILE $name $attr_address + echo $name + exit 0 + fi + [ "$name" == "$kname" ] && \ + match=$name_hwid +done + +[ -z "$kname" ] && \ + exit 1 + +# have not found matching hwid in config, see if we can use kernel name +if [ -z "$match" ] ; then + # the kernel interface name isnot in config + # so, we might as well use it + name=$kname + cmd=add +elif [ -z "${match#*=}" ] ; then + # the config has this interface but the sub-block is missing the hwid + # so again, we might as well use the kernel name + name=$kname + cmd=mod +else + # The device mac address is not in the config but the config + # has another hwid associated with the device name. This + # indicates that the device is either a replacement or new but + # detected earlier than the device configured with this name. + # Since this is non-deterministic, we make a new name. + (( ethn = last_ethn + 1 )) + name=eth$ethn + cmd=add +fi + +[[ "$BOOTFILE" != *test_* ]] && \ + ${vyatta_sbindir}/${cmd}_bootfile_eth_hwid $BOOTFILE $name $attr_address + +echo $name + +# Local Variables: +# mode: shell-script +# sh-indentation: 4 +# End: diff --git a/sysconf/vyatta-net.rules b/sysconf/vyatta-net.rules new file mode 100644 index 00000000..31901b42 --- /dev/null +++ b/sysconf/vyatta-net.rules @@ -0,0 +1,13 @@ +# These rules use vyatta_net_name to persistently name network interfaces +# per "hwid" association with the interface block of the vyatta config file. + +ACTION!="add", GOTO="vyatta_net_end" +SUBSYSTEM!="net", GOTO="vyatta_net_end" + +# ignore interfaces without a driver link like bridges and VLANs +KERNEL=="eth*|ath*|wlan*|ra*|sta*|ctc*|lcs*|hsi*", DRIVERS=="?*",\ + PROGRAM="vyatta_net_name %k $attr{address}", \ + NAME="%c" + +LABEL="vyatta_net_end" + diff --git a/templates/interfaces/bridge/node.def b/templates/interfaces/bridge/node.def new file mode 100644 index 00000000..d85c9afc --- /dev/null +++ b/templates/interfaces/bridge/node.def @@ -0,0 +1,7 @@ +tag: +type: txt +help: "Enter bridge interface name (br0 - br9)" +syntax: $(@) in "br0", "br1", "br2", "br3", "br4", "br5", "br6", "br7", "br8", "br9" ; "Must be (br0 - br9)" +create: "sudo brctl addbr $(@)" +delete: "sudo brctl delbr $(@)" + diff --git a/templates/interfaces/bridge/node.tag/aging/node.def b/templates/interfaces/bridge/node.tag/aging/node.def new file mode 100644 index 00000000..0b1dcd03 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/aging/node.def @@ -0,0 +1,5 @@ +type: u32 +help: "Set the number of seconds a MAC address will be kept in the forwarding database" +default: 300 +update: "sudo brctl setageing $(../@) $(@)" +delete: "sudo brctl setageing $(../@) $(@)" diff --git a/templates/interfaces/bridge/node.tag/description/node.def b/templates/interfaces/bridge/node.tag/description/node.def new file mode 100644 index 00000000..481dce47 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: "Add a human-readable description of an interface" diff --git a/templates/interfaces/bridge/node.tag/disable/node.def b/templates/interfaces/bridge/node.tag/disable/node.def new file mode 100644 index 00000000..f72b8af3 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/disable/node.def @@ -0,0 +1,8 @@ +type: bool +help: "Disable the bridge interface" +default: false +update: "if [ x$(@) == xtrue ]; then \ + sudo ip link set $(../@) down; \ + else \ + sudo ip link set $(../@) up; \ + fi; " diff --git a/templates/interfaces/bridge/node.tag/forwarding-delay/node.def b/templates/interfaces/bridge/node.tag/forwarding-delay/node.def new file mode 100644 index 00000000..6634a7cc --- /dev/null +++ b/templates/interfaces/bridge/node.tag/forwarding-delay/node.def @@ -0,0 +1,5 @@ +type: u32 +help: "Set the forwarding delay" +default: 15 +update: "sudo brctl setfd $(../@) $(@)" +delete: "sudo brctl setfd $(../@) $(@)" diff --git a/templates/interfaces/bridge/node.tag/hello-time/node.def b/templates/interfaces/bridge/node.tag/hello-time/node.def new file mode 100644 index 00000000..e7b59ab3 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/hello-time/node.def @@ -0,0 +1,5 @@ +type: u32 +help: "Set the hello packet advertisment interval" +default: 2 +update: "sudo brctl sethello $(../@) $(@)" +delete: "sudo brctl sethello $(../@) $(@)" diff --git a/templates/interfaces/bridge/node.tag/max-age/node.def b/templates/interfaces/bridge/node.tag/max-age/node.def new file mode 100644 index 00000000..7fa3ecbe --- /dev/null +++ b/templates/interfaces/bridge/node.tag/max-age/node.def @@ -0,0 +1,5 @@ +type: u32 +help: "Set the interval at which neighbor bridges are removed" +default: 20 +update: "sudo brctl setmaxage $(../@) $(@)" +delete: "sudo brctl setmaxage $(../@) $(@)" diff --git a/templates/interfaces/bridge/node.tag/node.def b/templates/interfaces/bridge/node.tag/node.def new file mode 100644 index 00000000..07e13e91 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/node.def @@ -0,0 +1 @@ +help: "Set bridge parameters" diff --git a/templates/interfaces/bridge/node.tag/priority/node.def b/templates/interfaces/bridge/node.tag/priority/node.def new file mode 100644 index 00000000..650958ef --- /dev/null +++ b/templates/interfaces/bridge/node.tag/priority/node.def @@ -0,0 +1,5 @@ +type: u32 +help: "Set the priority for this bridge" +default: 0 +update: "sudo brctl setbridgeprio $(../@) $(@)" +delete: "sudo brctl setbridgeprio $(../@) $(@)" diff --git a/templates/interfaces/bridge/node.tag/stp/node.def b/templates/interfaces/bridge/node.tag/stp/node.def new file mode 100644 index 00000000..eb87287b --- /dev/null +++ b/templates/interfaces/bridge/node.tag/stp/node.def @@ -0,0 +1,9 @@ +type: bool +help: "Enable spanning tree protocol" +default: false +update: "if [ x$(@) == xtrue ]; then \ + sudo brctl stp $(../@) on; \ + else \ + sudo brctl stp $(../@) off; \ + fi; " +delete: "sudo brctl stp $(../@) off" diff --git a/templates/interfaces/ethernet/node.tag/bridge-group/bridge/node.def b/templates/interfaces/ethernet/node.tag/bridge-group/bridge/node.def new file mode 100644 index 00000000..f6ca51e4 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/bridge-group/bridge/node.def @@ -0,0 +1,12 @@ +type: txt +help: "Add this interface to a bridge-group" +syntax: exec " \ + if [ -z \"`sudo brctl show | grep $(@) `\" ]; then \ + echo bridge interface $(@) doesn\\'t exist on this system ; \ + exit 1 ; \ + fi ; " +update: "sudo brctl addif $(@) $(../../@)" +delete: "sudo brctl delif $(@) $(../../@)" +#allowed: local -a array ; +# array=( /sys/class/net/br* ) ; +# echo -n ${array[@]##*/} diff --git a/templates/interfaces/ethernet/node.tag/bridge-group/cost/node.def b/templates/interfaces/ethernet/node.tag/bridge-group/cost/node.def new file mode 100644 index 00000000..1c2bbde1 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/bridge-group/cost/node.def @@ -0,0 +1,4 @@ +type: u32 +help: "Set the path cost for this port" +commit: $(../bridge/) != ""; "Must configure bridge interface" +update: "sudo brctl setpathcost $(../../@) $(@)" diff --git a/templates/interfaces/ethernet/node.tag/bridge-group/node.def b/templates/interfaces/ethernet/node.tag/bridge-group/node.def new file mode 100644 index 00000000..b76b5d71 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/bridge-group/node.def @@ -0,0 +1,2 @@ +help: "Add this interface to a bridge group" +commit: $(./bridge/) != ""; "Must set the bridge interface" diff --git a/templates/interfaces/ethernet/node.tag/bridge-group/priority/node.def b/templates/interfaces/ethernet/node.tag/bridge-group/priority/node.def new file mode 100644 index 00000000..d254b082 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/bridge-group/priority/node.def @@ -0,0 +1,4 @@ +type: u32 +help: "Set the path priority for this port" +commit: $(../bridge/) != ""; "Must configure bridge interface" +update: "sudo brctl setportprio $(../../@) $(@)" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/node.def b/templates/interfaces/ethernet/node.tag/vrrp/node.def index de3253a5..2c8cc58a 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/node.def @@ -1,5 +1,3 @@ help: "Configure VRRP" commit: $(../address/) != ""; "Must define a primary IP address on $(../@)" -commit: $(virtual-address/) != ""; "Must define the virtual-address for vrrp-group $(../vrrp-group/@)" end: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action update --intf $(../@) " - diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def index fe9690d8..dfb9c6a2 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.def @@ -1,4 +1,6 @@ +tag: type: u32 syntax: $(@) >= 0 && $(@) <= 255; "VRRP group must be between 1-255" +commit: $(virtual-address/) != ""; "Must define the virtual-address for vrrp-group $(@)" help: "Configure VRRP group number" delete: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action delete --intf $(../../@) --group $(@) " diff --git a/templates/interfaces/ethernet/node.tag/vrrp/advertise-interval/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def index edfbc3a4..edfbc3a4 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/advertise-interval/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def diff --git a/templates/interfaces/ethernet/node.tag/vrrp/authentication/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def index e3120d51..e3120d51 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/authentication/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def diff --git a/templates/interfaces/ethernet/node.tag/vrrp/authentication/password/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def index 87855962..87855962 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/authentication/password/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def diff --git a/templates/interfaces/ethernet/node.tag/vrrp/authentication/type/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def index 72e53f4b..72e53f4b 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/authentication/type/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/node.def new file mode 100644 index 00000000..a4f3c074 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/node.def @@ -0,0 +1 @@ +help: "VRRP configuration for this VRRP group" diff --git a/templates/interfaces/ethernet/node.tag/vrrp/preempt/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def index a9869373..a9869373 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/preempt/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def diff --git a/templates/interfaces/ethernet/node.tag/vrrp/priority/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/priority/node.def index 3f7aacbf..3f7aacbf 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/priority/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/priority/node.def diff --git a/templates/interfaces/ethernet/node.tag/vrrp/virtual-address/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def index badf657e..bcf9392f 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/virtual-address/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def @@ -1,2 +1,3 @@ +multi: type: ipv4 help: "Configure virtual address" diff --git a/templates/service/telnet/allow-root/node.def b/templates/service/telnet/allow-root/node.def index 654023af..9c3ff97d 100644 --- a/templates/service/telnet/allow-root/node.def +++ b/templates/service/telnet/allow-root/node.def @@ -1,10 +1,24 @@ type: bool default: false help: "Enable/disable root login" -update: "if [ \"$(@)\" == \"true\" ]; then \ - sudo mv -f /etc/securetty /etc/securetty.allow-root >&/dev/null; \ - else - sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null; \ - fi ; /bin/true" -delete: "sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null ; \ - /bin/true" +update: " \ + if ! env | grep -q SSH_TTY=; then \ + if [[ \"`tty`\" == /dev/pts/* ]]; then \ + echo \"Please configure telnet settings via ssh or console.\"; \ + exit 1; \ + fi; \ + fi; \ + if [ \"$(@)\" == \"true\" ]; then \ + sudo mv -f /etc/securetty /etc/securetty.allow-root >&/dev/null; \ + else + sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null; \ + fi ; /bin/true" +delete: " \ + if ! env | grep -q SSH_TTY=; then \ + if [[ \"`tty`\" == /dev/pts/* ]]; then \ + echo \"Please configure telnet settings via ssh or console.\"; \ + exit 1; \ + fi; \ + fi; \ + sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null ; \ + /bin/true" diff --git a/templates/service/telnet/node.def b/templates/service/telnet/node.def index 5f4c1c7c..844aec98 100644 --- a/templates/service/telnet/node.def +++ b/templates/service/telnet/node.def @@ -1,4 +1,18 @@ help: "Enable/disable telnet protocol" -delete: "sudo /opt/vyatta/sbin/telnetd.init stop" -end: "if [ -z \"$(port/@)\" ]; then exit 0; fi; \ - sudo /opt/vyatta/sbin/telnetd.init restart $(port/@)" +delete: " \ + if ! env | grep -q SSH_TTY=; then \ + if [[ \"`tty`\" == /dev/pts/* ]]; then \ + echo \"Please configure telnet settings via ssh or console.\"; \ + exit 1; \ + fi; \ + fi; \ + sudo /opt/vyatta/sbin/telnetd.init stop" +end: " \ + if ! env | grep -q SSH_TTY=; then \ + if [[ \"`tty`\" == /dev/pts/* ]]; then \ + echo \"Please configure telnet settings via ssh or console.\"; \ + exit 1; \ + fi; \ + fi; \ + if [ -z \"$(port/@)\" ]; then exit 0; fi; \ + sudo /opt/vyatta/sbin/telnetd.init restart $(port/@)" diff --git a/templates/system/host-name/node.def b/templates/system/host-name/node.def index aeed3986..e1370b70 100644 --- a/templates/system/host-name/node.def +++ b/templates/system/host-name/node.def @@ -2,21 +2,18 @@ type: txt help: "Configure system host name" default: "vyatta" syntax: pattern $(@) "^[-a-zA-Z0-9.]+$" ; "invalid host name $(@)" -# do we need to add ntpd restart here? update: "sudo sh -c \"hostname '$(@)' && \ +echo '$(@)' > /etc/hostname && \ touch /etc/hosts && \ -sed -i '/localhost/d' /etc/hosts && \ -echo \\\"127.0.0.1\t localhost $(@)\t #vyatta entry\\\" >> /etc/hosts && \ +sed -i '/^127.0.1.1/d' /etc/hosts && \ +echo \\\"127.0.1.1\t $(@)\t #vyatta entry\\\" >> /etc/hosts && \ if [ x$(../domain-name/@) != x ]; then \ -echo \\\"127.0.0.1\t localhost $(@).$(../domain-name/@)\t #vyatta entry\\\" \ +echo \\\"127.0.1.1\t $(@).$(../domain-name/@)\t #vyatta entry\\\" \ >> /etc/hosts; fi\" " -# do we need to add ntpd restart here? -delete: "sudo sh -c \"echo > /etc/hostname.conf && hostname 'vyatta' && \ +delete: "sudo sh -c \"echo 'vyatta' > /etc/hostname && hostname 'vyatta' && \ touch /etc/hosts && \ -sed -i '/localhost.*#vyatta entry/d' /etc/hosts && \ -echo \\\"127.0.0.1\t localhost vyatta\t #vyatta entry\\\" >> /etc/hosts && \ +sed -i '/^127.0.1.1/d' /etc/hosts && \ +echo \\\"127.0.1.1\t vyatta\t #vyatta entry\\\" >> /etc/hosts && \ if [ x$(../domain-name/@) != x ]; then \ -echo \\\"127.0.0.1\t localhost vyatta.$(../domain-name/@)\t #vyatta entry\\\" \ ->> /etc/hosts; fi && \ -if [ -f /etc/ntp/ntp.conf ] && grep -q 'server' /etc/ntp/ntp.conf; then \ -/opt/vyatta/sbin/ntpd.init restart; fi\" " +echo \\\"127.0.1.1\t vyatta.$(../domain-name/@)\t #vyatta entry\\\" \ +>> /etc/hosts; fi\" " diff --git a/templates/system/static-host-mapping/host-name/node.def b/templates/system/static-host-mapping/host-name/node.def index ea0000af..275aa867 100644 --- a/templates/system/static-host-mapping/host-name/node.def +++ b/templates/system/static-host-mapping/host-name/node.def @@ -2,3 +2,10 @@ tag: type: txt help: "Map DNS names to system interfaces" syntax: pattern $(@) "^[-a-zA-Z0-9.]+$" ; "invalid host name $(@)" +commit: $(./inet) != ""; "IP address for the static mapping must be set" +end: "sudo sh -c \"\ + touch /etc/hosts; \ + sed -i '/ $(@) .*#vyatta entry/d' /etc/hosts; \ + if [ -z \"$(./inet/@)\" ]; then exit 0; fi; \ + declare -a aliases=( $(alias/@@) ); \ + echo \\\"$(inet/@)\t $(@) \\\\\${aliases[*]} \t #vyatta entry\\\" \ >> /etc/hosts\" " diff --git a/templates/system/static-host-mapping/host-name/node.tag/alias/node.def b/templates/system/static-host-mapping/host-name/node.tag/alias/node.def index c8f5cdef..e9f1de7c 100644 --- a/templates/system/static-host-mapping/host-name/node.tag/alias/node.def +++ b/templates/system/static-host-mapping/host-name/node.tag/alias/node.def @@ -1,18 +1,3 @@ multi: type: txt help: "Alias for this address" -update: "sudo sh -c \"touch /etc/hosts && \ -sed -i '/$(../@).*#vyatta entry/d;/127\\.0\\.0\\.1.*#vyatta entry/d' \ - /etc/hosts && \ -echo \\\"$(../inet/@)\t $(../@) $(@) \t #vyatta entry\\\" \ - >> /etc/hosts && \ -if [ x$(../../../domain-name/@) == x ]; then \ - echo \\\"127.0.0.1\t localhost $(../../../host-name/@)\t #vyatta entry\\\" \ - >> /etc/hosts; \ -else \ - echo \\\"127.0.0.1\t localhost \ -$(../../../host-name/@).$(../../../domain-name/@)\t #vyatta entry\\\" \ - >> /etc/hosts; \ -fi\" " -delete: "sudo sh -c \"touch /etc/hosts && \ -sed -i '/ $(../@) .*#vyatta entry/{/localhost/!d}' /etc/hosts\" " diff --git a/templates/system/static-host-mapping/host-name/node.tag/inet/node.def b/templates/system/static-host-mapping/host-name/node.tag/inet/node.def index 47a84733..4a069d9e 100644 --- a/templates/system/static-host-mapping/host-name/node.tag/inet/node.def +++ b/templates/system/static-host-mapping/host-name/node.tag/inet/node.def @@ -1,16 +1,2 @@ type: ipv4 help: "Internet address" -update: "sudo sh -c \"touch /etc/hosts && \ -sed -i '/$(../@).*#vyatta entry/d;/127\\.0\\.0\\.1.*#vyatta entry/d' \ - /etc/hosts && \ -echo \\\"$(@)\t $(../@) \t #vyatta entry\\\" >> /etc/hosts && \ -if [ x$(../../../domain-name/@) == x ]; then \ - echo \\\"127.0.0.1\t localhost $(../../../host-name/@)\t #vyatta entry\\\" \ - >> /etc/hosts; \ -else \ - echo \\\"127.0.0.1\t localhost \ -$(../../../host-name/@).$(../../../domain-name/@)\t #vyatta entry\\\" \ - >> /etc/hosts; \ -fi\" " -delete: "sudo sh -c \"touch /etc/hosts && \ -sed -i '/ $(../@) .*#vyatta entry/{/localhost/!d}' /etc/hosts\" " diff --git a/test_bootfile b/test_bootfile new file mode 100644 index 00000000..df024b69 --- /dev/null +++ b/test_bootfile @@ -0,0 +1,44 @@ +system { + ntp-server "69.59.150.135" + login { + user root { + authentication { + encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." + } + } + user vyatta { + authentication { + encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." + } + } + } + package { + repository community { + component: "main" + url: "http://archive.vyatta.com/vyatta" + } + } +} + +interfaces { + loopback lo { + } + ethernet eth0 { + hw-id: 52:54:00:12:34:56 + link-detect + } + ethernet eth1 { + link-detect + } + ethernet eth2 { + hw-id: 52:54:00:12:34:54 + } + ethernet eth3 { + address: 192.168.1.1 + } + ethernet eth4 { + } +} + +/* Warning: Do not remove the following line. */ +/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@1:firewall@1:nat@2:serial@1:webgui@1" === */ |