summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile.am4
-rw-r--r--debian/changelog71
-rw-r--r--debian/control1
-rw-r--r--debian/vyatta-cfg-system.postinst.in6
-rw-r--r--lib/Vyatta/Login/RadiusServer.pm4
-rwxr-xr-xlib/Vyatta/Login/User.pm72
-rwxr-xr-xscripts/install-image168
-rwxr-xr-xscripts/install/install-functions14
-rwxr-xr-xscripts/install/install-image24
-rwxr-xr-xscripts/install/install-image-existing11
-rw-r--r--scripts/keepalived/vyatta-clear-vrrp.pl44
-rwxr-xr-xscripts/keepalived/vyatta-keepalived.pl141
-rwxr-xr-xscripts/keepalived/vyatta-show-vrrp.pl54
-rwxr-xr-xscripts/keepalived/vyatta-vrrp-state.pl6
-rwxr-xr-xscripts/rl-system.init6
-rwxr-xr-xscripts/vyatta-grub-setup14
-rw-r--r--sysconf/level2
-rw-r--r--sysconf/pam-radius12
-rw-r--r--sysconf/pam_radius.cfg11
-rw-r--r--sysconf/protected-user2
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/node.def5
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.def8
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def6
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def3
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def9
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def7
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/description/node.def2
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/disable/node.def1
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def6
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def6
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def7
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/priority/node.def5
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def4
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def4
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def4
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def2
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def2
-rw-r--r--templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def22
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/node.def5
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.def8
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def6
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def3
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def9
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def7
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/description/node.def2
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/disable/node.def1
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def6
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def6
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def7
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/priority/node.def5
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def4
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def4
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def4
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def2
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def2
-rw-r--r--templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def22
-rw-r--r--templates/interfaces/ethernet/node.tag/bond-group/node.def2
-rw-r--r--templates/interfaces/ethernet/node.tag/bridge-group/node.def2
-rw-r--r--templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def2
59 files changed, 487 insertions, 392 deletions
diff --git a/Makefile.am b/Makefile.am
index 29619127..df8c34b5 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -70,7 +70,9 @@ sysconf_DATA += sysconf/securetty
sysconf_DATA += sysconf/vyatta-sysctl.conf
sysconf_DATA += sysconf/blacklist.DSA-1024
sysconf_DATA += sysconf/blacklist.RSA-2048
-sysconf_DATA += sysconf/pam-radius
+sysconf_DATA += sysconf/protected-user
+sysconf_DATA += sysconf/level
+sysconf_DATA += sysconf/pam_radius.cfg
libudev_SCRIPTS = scripts/vyatta_net_name
etcudev_DATA = sysconf/vyatta-net.rules
diff --git a/debian/changelog b/debian/changelog
index fba566b7..56e21623 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,74 @@
+vyatta-cfg-system (0.15.101) unstable; urgency=low
+
+ * Remove blank line
+ * Show dependency on pam version
+
+ -- Stephen Hemminger <stephen.hemminger@vyatta.com> Wed, 11 Nov 2009 17:09:29 -0800
+
+vyatta-cfg-system (0.15.100) unstable; urgency=low
+
+ * copy the whole config directory during install
+
+ -- An-Cheng Huang <ancheng@vyatta.com> Tue, 10 Nov 2009 14:08:59 -0800
+
+vyatta-cfg-system (0.15.99) unstable; urgency=low
+
+ [ An-Cheng Huang ]
+ * use new vyatta-union arg to reduce kernel cmdline length.
+
+ [ Robert Bays ]
+ * Fix library include
+
+ -- Robert Bays <rbays@roatan> Fri, 06 Nov 2009 05:53:10 -0800
+
+vyatta-cfg-system (0.15.98) unstable; urgency=low
+
+ [ Stephen Hemminger ]
+ * Remove blank line
+ * Fix pam-auth-update errors from radius
+ * Move user configuration information to files
+ * radius: only try first password if first module
+
+ [ An-Cheng Huang ]
+ * move custom script to custom repo
+
+ -- An-Cheng Huang <ancheng@vyatta.com> Thu, 05 Nov 2009 15:01:40 -0800
+
+vyatta-cfg-system (0.15.97) unstable; urgency=low
+
+ * Fix 5063: committing "set interfaces ethernet <> bridge-group bridge
+ <>" got "invalid variable reference (invalid format)"
+
+ -- Stig Thormodsrud <stig@vyatta.com> Mon, 02 Nov 2009 18:31:22 -0800
+
+vyatta-cfg-system (0.15.96) unstable; urgency=low
+
+ [ An-Cheng Huang ]
+ * use top-level pid for progress indicator
+
+ [ Stephen Hemminger ]
+ * Don't want/need --package option to pam-auth-update
+ * Reset PAM configuration on boot
+ * rename pam-radius to pam_radius.cfg
+
+ -- Stephen Hemminger <stephen.hemminger@vyatta.com> Mon, 02 Nov 2009 17:28:17 -0800
+
+vyatta-cfg-system (0.15.95) unstable; urgency=low
+
+ [ David S. Madole ]
+ * Add VRRP capability to bonding interfaces and vifs of bonding
+ interfaces.
+
+ [ Stig Thormodsrud ]
+ * Convert keepalived to use Interface infrastructure.
+ * Add priority for bonding vrrp nodes.
+ * Fix interface carrier status.
+ * Fix 'show vrrp summary' showing last vip 1st
+ * Using Interface.pm infrastructure to detect vif on eth|bond
+ interface.
+
+ -- Stig Thormodsrud <stig@vyatta.com> Sun, 01 Nov 2009 14:59:29 -0800
+
vyatta-cfg-system (0.15.94) unstable; urgency=low
[ An-Cheng Huang ]
diff --git a/debian/control b/debian/control
index 5d875e70..ba8d3655 100644
--- a/debian/control
+++ b/debian/control
@@ -15,6 +15,7 @@ Depends: acpid,
coreutils (>= 5.97-5.3),
libpam-radius-auth,
vyatta-cfg (>= 0.15.33),
+ libpam-runtime (>= 1.0.1-5),
vyatta-bash | bash (>= 3.1),
sysv-rc,
ntp,
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index 95fcd1ca..4809c4fe 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -118,6 +118,10 @@ EOF
fi
done
+ # Install pamradius config (should come with radius client eventually)
+ cp $sysconfdir/pam_radius.cfg /usr/share/pam-configs/radius
+
+ cp $sysconfdir/level $sysconfdir/protected-user /opt/vyatta/etc
fi
# update crontab for logrotate
@@ -148,8 +152,6 @@ update-rc.d -f ssh remove >/dev/null
# for password
sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login
-# Install pamradius config (should come with radius client eventually)
-cp $sysconfdir/pam-radius /usr/share/pam-configs/radius
[ grep "blacklist.*snd-pcsp" >&/dev/null ] || echo "blacklist snd-pcsp" >>/etc/modprobe.d/blacklist
diff --git a/lib/Vyatta/Login/RadiusServer.pm b/lib/Vyatta/Login/RadiusServer.pm
index 43f78f90..f8b67830 100644
--- a/lib/Vyatta/Login/RadiusServer.pm
+++ b/lib/Vyatta/Login/RadiusServer.pm
@@ -29,12 +29,12 @@ my $PAM_RAD_END = '# END Vyatta Radius servers';
sub remove_pam_radius {
return system("sudo DEBIAN_FRONTEND=noninteractive"
- . " pam-auth-update --package --remove radius") == 0;
+ . " pam-auth-update --remove radius") == 0;
}
sub add_pam_radius {
return system("sudo DEBIAN_FRONTEND=noninteractive"
- . " pam-auth-update --package --add radius") == 0;
+ . " pam-auth-update radius") == 0;
}
sub update {
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index f5e8337f..cca84636 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -19,6 +19,7 @@ use strict;
use warnings;
use lib "/opt/vyatta/share/perl5";
use Vyatta::Config;
+use Vyatta::Misc;
# Exit codes form useradd.8 man page
my %reasons = (
@@ -34,15 +35,6 @@ my %reasons = (
13 => 'canĀ“t create mail spool',
);
-# Map of level to additional groups
-my %level_map = (
- 'admin' => [ 'quaggavty', 'vyattacfg', 'sudo', 'adm', 'dip', 'disk' ],
- 'operator' => [ 'quaggavty', 'vyattaop', 'operator', 'adm', 'dip', ],
-);
-
-# Users who MUST not use vbash
-my @protected = ( 'root', 'www-data' );
-
# Construct a map from existing users to group membership
sub get_groups {
my %group_map;
@@ -60,28 +52,60 @@ sub get_groups {
return \%group_map;
}
+my $levelFile = "/opt/vyatta/etc/level";
+
+# Convert level to additional groups
+sub _level2groups {
+ my $level = shift;
+ my @groups;
+
+ open (my $f, '<', $levelFile)
+ or return;
+
+ while (<$f>) {
+ chomp;
+ next unless $_;
+
+ my ($l, $g) = split /:/;
+ if ($l eq $level) {
+ @groups = split(/,/, $g);
+ last;
+ }
+ }
+ close $f;
+ return @groups;
+}
+
# protected users override file
-my $protected_override = '/opt/vyatta/etc/protected-users';
+my $protected_users = '/opt/vyatta/etc/protected-user';
+
+# Users who MUST not use vbash
+sub _protected_users {
+ my @protected;
+
+ open my $pfd, '<', $protected_users
+ or return;
+
+ while (<$pfd>) {
+ chomp;
+ next unless $_;
+
+ push @protected, $_;
+ }
+ close($pfd);
+ return @protected;
+}
+
# make list of vyatta users (ie. users of vbash)
sub _vyatta_users {
my @vusers;
- my %protected_override = ();
- my $pfd;
- if (open($pfd, '<', "$protected_override")) {
- while (<$pfd>) {
- next if (!defined($_));
- chomp;
- $protected_override{$_} = 1;
- }
- close($pfd);
- }
+
setpwent();
# ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell,$expire)
# = getpw*
while ( my ($name, undef, undef, undef, undef, undef,
undef, undef, $shell) = getpwent() ) {
- next if (defined($protected_override{$name}));
push @vusers, $name if ($shell eq '/bin/vbash');
}
endpwent();
@@ -120,7 +144,7 @@ sub update {
}
# map level to group membership
- my @new_groups = @{ $level_map{$level} };
+ my @new_groups = _level2groups($level);
# add any additional groups from configuration
push( @new_groups, $uconfig->returnValues('group') );
@@ -169,12 +193,12 @@ sub update {
# Remove any vyatta users that do not exist in current configuration
# This can happen if user added but configuration not saved
- my %protected = map { $_ => 1 } @protected;
+ my %protected = map { $_ => 1 } _protected_users();
foreach my $user (_vyatta_users()) {
if ($protected{$user}) {
warn "User $user should not being using vbash - fixed\n";
system ("usermod -s /bin/bash $user") == 0
- or die "Attemp to modify user $user shell failed: $!";
+ or die "Attempt to modify user $user shell failed: $!";
} elsif (! defined $users{$user}) {
warn "User $user not listed in current configuration\n";
system ("userdel --remove $user") == 0
diff --git a/scripts/install-image b/scripts/install-image
deleted file mode 100755
index 201500e3..00000000
--- a/scripts/install-image
+++ /dev/null
@@ -1,168 +0,0 @@
-#!/bin/bash
-
-# this script installs a new release image into a running "union-installed"
-# system to the new release. the specified image is a release ISO image.
-# the script sets up a new union mount for the new release. a reboot is
-# then required to boot into the newly installed release.
-
-NEW_ISO=$1
-
-PI_ROOT=''
-SQUASH_MOUNT=''
-ISO_MOUNT=''
-TMP_DIR=''
-
-vyatta_sysconfdir=/opt/vyatta/etc
-
-failure_exit () {
- echo "$*"
- exit 1
-}
-
-clean_up () {
- if [ -n "$PI_ROOT" ] && [ -d "$PI_ROOT" ]; then
- umount $PI_ROOT >&/dev/null || true
- fi
- if [ -n "$SQUASH_MOUNT" ] && [ -d "$SQUASH_MOUNT" ]; then
- umount $SQUASH_MOUNT >&/dev/null || true
- fi
- if [ -n "$ISO_MOUNT" ] && [ -d "$ISO_MOUNT" ]; then
- umount $ISO_MOUNT >&/dev/null || true
- fi
- if [ -n "$TMP_DIR" ] && [ -d "$TMP_DIR" ]; then
- rm -rf $TMP_DIR
- fi
- PI_ROOT=''
- SQUASH_MOUNT=''
- ISO_MOUNT=''
- TMP_DIR=''
-}
-
-sig_handler () {
- echo "ERROR: Signal received. Exiting..."
- clean_up
- echo "Done"
- trap - EXIT
- exit 1
-}
-
-exit_handler () {
- echo "Exiting..."
- clean_up
- echo "Done"
-}
-
-trap sig_handler INT KILL
-trap exit_handler EXIT
-
-if [ `whoami` != 'root' ] ; then
- failure_exit 'This script must be run with root privileges.'
-fi
-
-# make sure it's a union-installed system
-CURVER=$(sed -n 's/^Version \+: \+\([^ ]\+\)$/\1/p' \
- ${vyatta_sysconfdir}/version 2>/dev/null)
-if [ -z "$CURVER" ]; then
- failure_exit 'Cannot find current version.'
-fi
-if [ ! -d "/live/image/boot/$CURVER" ] \
- || ! grep -q ' /live/image ' /proc/mounts \
- || grep -q ' /live/image iso9660 ' /proc/mounts \
- || ! grep -q " /$CURVER.squashfs " /proc/mounts; then
- failure_exit 'This script can only be used on a "union-installed" system.'
-fi
-
-# check the ISO
-if [ ! -f "$NEW_ISO" ] || ! (file $NEW_ISO | grep -q 9660); then
- failure_exit "\"$NEW_ISO\" is not a valid ISO image file."
-fi
-TMP_DIR=$(mktemp -d /tmp/install-image.XXXXXX) \
- || failure_exit 'Failed to create temporary directory.'
-ISO_MOUNT=$TMP_DIR/iso-mount
-if ! mkdir $ISO_MOUNT || ! mount -o loop,ro "$NEW_ISO" $ISO_MOUNT; then
- failure_exit 'Failed to mount ISO image.'
-fi
-
-# check the squashfs image
-SQUASH_FILE=$ISO_MOUNT/live/filesystem.squashfs
-if [ ! -f "$SQUASH_FILE" ] || ! (file $SQUASH_FILE | grep -q Squashfs) \
- || ! grep -q '^ii vyatta-version ' $ISO_MOUNT/live/packages.txt; then
- failure_exit "\"$NEW_ISO\" is not a Vyatta ISO image file."
-fi
-SQUASH_MOUNT=$TMP_DIR/squash-mount
-if ! mkdir $SQUASH_MOUNT \
- || ! mount -o loop,ro "$SQUASH_FILE" $SQUASH_MOUNT; then
- failure_exit 'Failed to mount squashfs image.'
-fi
-
-# get version string
-NEWVER=$(grep '^Version ' ${SQUASH_MOUNT}${vyatta_sysconfdir}/version \
- | tr -s ' ' | cut -d ' ' -f 3)
-if [ -z "$NEWVER" ]; then
- failure_exit 'Cannot find new release version.'
-fi
-if [ "$CURVER" == "$NEWVER" ]; then
- failure_exit "Cannot install the same release version \"$NEWVER\"."
-fi
-
-# start the install
-echo "Installing \"$NEWVER\" release."
-
-# create the new release directories
-REL_ROOT="/live/image/boot/$NEWVER"
-RW_DIR="$REL_ROOT/live-rw"
-if ! mkdir -p "$RW_DIR"; then
- failure_exit 'Cannot create directory for new release.'
-fi
-
-# copy the squashfs image and boot files
-echo -n "Copying new release files..."
-cp -p $SQUASH_FILE $REL_ROOT/$NEWVER.squashfs >&/dev/null
-cp -p $SQUASH_MOUNT/boot/* $REL_ROOT/ >&/dev/null
-echo " Done"
-
-# mount copied squashfs
-umount $SQUASH_MOUNT
-SQUASH_FILE=$REL_ROOT/$NEWVER.squashfs
-if ! mount -o loop,ro "$SQUASH_FILE" $SQUASH_MOUNT; then
- failure_exit 'Failed to mount new squashfs image.'
-fi
-
-# set up root for postinst
-PI_ROOT=$TMP_DIR/pi_root
-if ! mkdir $PI_ROOT \
- || ! mount -t unionfs -o noatime,dirs=$RW_DIR=rw:$SQUASH_MOUNT=ro unionfs \
- $PI_ROOT; then
- failure_exit 'Failed to set up root directory for postinst.'
-fi
-
-# set up /var/run fstab entry
-PI_FSTAB=$PI_ROOT/etc/fstab
-if ! grep -q 'tmpfs /var/run ' $PI_FSTAB >&/dev/null; then
- # replace the fstab. the default one has header that will cause
- # it to be wiped out on live boot.
- echo 'tmpfs /var/run tmpfs nosuid,nodev 0 0' >$PI_FSTAB
-fi
-
-# postinst hook
-PI_SCRIPT=${PI_ROOT}${vyatta_sysconfdir}/install-image/postinst
-if [ -e "$PI_SCRIPT" ]; then
- echo "running post-install script"
- $PI_SCRIPT $PI_ROOT
-fi
-
-# set up grub entry (if provided)
-DEF_GRUB=${PI_ROOT}${vyatta_sysconfdir}/grub/default-union-grub-entry
-if [ -e "$DEF_GRUB" ]; then
- old_grub_cfg=/live/image/boot/grub/grub.cfg
- new_grub_cfg=$TMP_DIR/grub.cfg
- sed -n '/^menuentry/q;p' $old_grub_cfg >$new_grub_cfg
- cat $DEF_GRUB >>$new_grub_cfg
- sed -n '/^menuentry/,${p}' $old_grub_cfg >>$new_grub_cfg
- sed -i 's/^set default=[0-9]\+$/set default=0/' $new_grub_cfg
- mv $new_grub_cfg $old_grub_cfg
-fi
-
-# done
-exit 0
-
diff --git a/scripts/install/install-functions b/scripts/install/install-functions
index 3bdc1fde..29707dff 100755
--- a/scripts/install/install-functions
+++ b/scripts/install/install-functions
@@ -43,18 +43,20 @@ VYATTA_CFG_DIR=${vyatta_sysconfdir}/config
# the floppy config dir
FD_CFG_DIR=/media/floppy/config
-# Process ID for progress_indicator
-SPID=$$
-
+# PROGRESS_PID can be exported by top-level script
progress_indicator () {
+ local spid=$PROGRESS_PID
+ if [ -z "$spid" ]; then
+ spid=$$
+ fi
case "$1" in
start)
- $vyatta_bindir/progress-indicator $SPID &
+ $vyatta_bindir/progress-indicator $spid &
;;
*)
- if ! rm /tmp/pi.$SPID 2>/dev/null; then
+ if ! rm /tmp/pi.$spid 2>/dev/null; then
sleep 1
- rm /tmp/pi.$SPID 2>/dev/null
+ rm /tmp/pi.$spid 2>/dev/null
fi
sleep 1
echo -n -e "\b"
diff --git a/scripts/install/install-image b/scripts/install/install-image
index 0bf31a00..6ed0f732 100755
--- a/scripts/install/install-image
+++ b/scripts/install/install-image
@@ -5,6 +5,8 @@ source /opt/vyatta/sbin/install-functions
# export INSTALL_LOG for the scripts invoked
export INSTALL_LOG=/tmp/install-$$.log
+# export PROGRESS_PID for the scripts invoked
+export PROGRESS_PID=$$
# file for get-partition output
PART_FILE=''
@@ -114,12 +116,30 @@ fi
trap sig_handler INT KILL
trap exit_handler EXIT
+cat <<EOF
+Welcome to the Vyatta install program. This script
+will walk you through the process of installing the
+Vyatta image to a local hard drive.
+EOF
+
+response=''
+while [ -z $response ]
+do
+ echo -n "Would you like to continue? (Yes/No) [Yes]: "
+ response=$(get_response "Yes" "Yes No Y N")
+ if [ "$response" == "no" ] || [ "$response" == "n" ]; then
+ fail_exit 'Ok then.'
+ fi
+done
+
if is_live_cd_boot; then
if [ -n "$NEW_ISO" ]; then
- fail_exit 'Do not specify an image when installing from a live CD.'
+ echo 'You are trying to install from a live CD boot. The live CD image'
+ fail_exit 'will be used. Do not specify an ISO image file.'
fi
elif [ -z "$NEW_ISO" ]; then
- fail_exit 'Must specify an image to install.'
+ echo 'You are trying to install from an already installed system. An ISO'
+ fail_exit 'image file to install must be specified.'
else
# installing on an installed system. set up the new image.
set_up_new_iso
diff --git a/scripts/install/install-image-existing b/scripts/install/install-image-existing
index 0b5cba62..214fd2c8 100755
--- a/scripts/install/install-image-existing
+++ b/scripts/install/install-image-existing
@@ -87,19 +87,20 @@ if ! grep -q 'tmpfs /var/run ' $PI_FSTAB >&/dev/null; then
echo 'tmpfs /var/run tmpfs nosuid,nodev 0 0' >$PI_FSTAB
fi
-# save current config if needed
-def_cfg="$VYATTA_CFG_DIR/config.boot"
-if [ -f "$def_cfg" ]; then
+# save current config dir if needed
+if [ -f "$VYATTA_CFG_DIR/config.boot" ]; then
resp=''
while [ -z "$resp" ]; do
- echo 'Would you like to use the current configuration'
+ echo 'Would you like to save the current configuration '
+ echo 'directory and use the current start-up configuration '
echo -n 'for the new version? (Yes/No) [Yes]: '
resp=$(get_response "Yes" "Yes No Y N")
if [ "$resp" == 'yes' ] || [ "$resp" == 'y' ]; then
echo 'Copying current configuration...'
ndir=${INST_ROOT}${VYATTA_CFG_DIR}
mkdir -p $ndir
- cp -p $def_cfg $ndir/
+ find $VYATTA_CFG_DIR -maxdepth 1 -mindepth 1 \
+ -exec cp '-a' '{}' "$ndir/" ';'
chgrp -R vyattacfg $ndir
chmod -R 775 $ndir
fi
diff --git a/scripts/keepalived/vyatta-clear-vrrp.pl b/scripts/keepalived/vyatta-clear-vrrp.pl
index 17dedc59..3a9733ed 100644
--- a/scripts/keepalived/vyatta-clear-vrrp.pl
+++ b/scripts/keepalived/vyatta-clear-vrrp.pl
@@ -25,6 +25,9 @@
use lib '/opt/vyatta/share/perl5/';
use Vyatta::Keepalived;
+use Vyatta::Interface;
+use Vyatta::Misc;
+
use Getopt::Long;
use Sys::Syslog qw(:standard :macros);
@@ -108,50 +111,25 @@ sub get_vrrp_intf_group {
#
# return an array of hashes that contains all the intf/group pairs
#
-
my $config = new Vyatta::Config;
- $config->setLevel('interfaces ethernet');
- my @eths = $config->listOrigNodes();
- foreach my $eth (@eths) {
- my $path = "interfaces ethernet $eth";
+
+ foreach my $name ( getInterfaces() ) {
+ my $intf = new Vyatta::Interface($name);
+ next unless $intf;
+ my $path = $intf->path();
$config->setLevel($path);
- if ($config->existsOrig("vrrp")) {
+ if ($config->existsOrig('vrrp')) {
$path = "$path vrrp vrrp-group";
$config->setLevel($path);
my @groups = $config->listOrigNodes();
foreach my $group (@groups) {
my %hash;
- $hash{'intf'} = $eth;
+ $hash{'intf'} = $name;
$hash{'group'} = $group;
$hash{'path'} = "$path $group";
push @array, {%hash};
}
}
-
- $path = "interfaces ethernet $eth";
- $config->setLevel($path);
- if ($config->existsOrig('vif')) {
- my $path = "$path vif";
- $config->setLevel($path);
- my @vifs = $config->listOrigNodes();
- foreach my $vif (@vifs) {
- my $vif_intf = $eth . '.' . $vif;
- my $vif_path = "$path $vif";
- $config->setLevel($vif_path);
- if ($config->existsOrig('vrrp')) {
- $vif_path = "$vif_path vrrp vrrp-group";
- $config->setLevel($vif_path);
- my @groups = $config->listOrigNodes();
- foreach my $group (@groups) {
- my %hash;
- $hash{'intf'} = $vif_intf;
- $hash{'group'} = $group;
- $hash{'path'} = "$path $group";
- push @array, {%hash};
- }
- }
- }
- }
}
return @array;
@@ -204,7 +182,7 @@ my $login = getlogin();
#
# clear_process
#
-if ($action eq "clear_process") {
+if ($action eq 'clear_process') {
syslog('warning', "clear vrrp process requested by $login");
if (Vyatta::Keepalived::is_running()) {
print "Restarting VRRP...\n";
diff --git a/scripts/keepalived/vyatta-keepalived.pl b/scripts/keepalived/vyatta-keepalived.pl
index f7d3a652..e87c9f64 100755
--- a/scripts/keepalived/vyatta-keepalived.pl
+++ b/scripts/keepalived/vyatta-keepalived.pl
@@ -235,62 +235,30 @@ sub vrrp_find_changes {
my $config = new Vyatta::Config;
my $vrrp_instances = 0;
- $config->setLevel("interfaces ethernet");
- my @eths = $config->listNodes();
- foreach my $eth (@eths) {
- my $path = "interfaces ethernet $eth";
+ foreach my $name ( getInterfaces() ) {
+ my $intf = new Vyatta::Interface($name);
+ next unless $intf;
+ my $path = $intf->path();
$config->setLevel($path);
if ($config->exists("vrrp")) {
my %vrrp_status_hash = $config->listNodeStatus("vrrp");
my ($vrrp, $vrrp_status) = each(%vrrp_status_hash);
if ($vrrp_status ne "static") {
- push @list, $eth;
- vrrp_log("$vrrp_status found $eth");
+ push @list, $name;
+ vrrp_log("$vrrp_status found $name");
}
}
- if ($config->exists("vif")) {
- my $path = "interfaces ethernet $eth vif";
- $config->setLevel($path);
- my @vifs = $config->listNodes();
- foreach my $vif (@vifs) {
- my $vif_intf = $eth . "." . $vif;
- my $vif_path = "$path $vif";
- $config->setLevel($vif_path);
- if ($config->exists("vrrp")) {
- my %vrrp_status_hash = $config->listNodeStatus("vrrp");
- my ($vrrp, $vrrp_status) = each(%vrrp_status_hash);
- if ($vrrp_status ne "static") {
- push @list, "$eth.$vif";
- vrrp_log("$vrrp_status found $eth.$vif");
- }
- }
- }
- }
- }
- #
- # Now look for deleted from the origin tree
- #
- $config->setLevel("interfaces ethernet");
- @eths = $config->listOrigNodes();
- foreach my $eth (@eths) {
- my $path = "interfaces ethernet $eth";
+ #
+ # Now look for deleted from the origin tree
+ #
$config->setLevel($path);
if ($config->isDeleted("vrrp")) {
- push @list, $eth;
- vrrp_log("Delete found $eth");
- }
- $config->setLevel("$path vif");
- my @vifs = $config->listOrigNodes();
- foreach my $vif (@vifs) {
- my $vif_intf = $eth . "." . $vif;
- my $vif_path = "$path vif $vif";
- $config->setLevel($vif_path);
- if ($config->isDeleted("vrrp")) {
- push @list, "$eth.$vif";
- vrrp_log("Delete found $eth.$vif");
- }
+ push @list, $name;
+ vrrp_log("Delete found $name");
}
+
+
}
my $num = scalar(@list);
@@ -339,15 +307,25 @@ sub vrrp_update_config {
my $output = "#\n# autogenerated by $0 on $date\n#\n\n";
my $config = new Vyatta::Config;
-
- $config->setLevel("interfaces ethernet");
- my @eths = $config->listNodes();
my $vrrp_instances = 0;
- foreach my $eth (@eths) {
- my $path = "interfaces ethernet $eth";
+
+ foreach my $name ( getInterfaces() ) {
+ my $intf = new Vyatta::Interface($name);
+ next unless $intf;
+ my $path = $intf->path();
$config->setLevel($path);
if ($config->exists("vrrp")) {
- my ($inst_output, @inst_errs) = keepalived_get_values($eth, $path);
+ #
+ # keepalived gets real grumpy with interfaces that
+ # don't exist, so skip vlans that haven't been
+ # instantiated yet (typically occurs at boot up).
+ #
+ if (!(-d "/sys/class/net/$name")) {
+ push @errs, "$name doesn't exist";
+ next;
+ }
+ my ($inst_output, @inst_errs) =
+ keepalived_get_values($name, $path);
if (scalar(@inst_errs)) {
push @errs, @inst_errs;
} else {
@@ -355,35 +333,6 @@ sub vrrp_update_config {
$vrrp_instances++;
}
}
- if ($config->exists("vif")) {
- my $path = "interfaces ethernet $eth vif";
- $config->setLevel($path);
- my @vifs = $config->listNodes();
- foreach my $vif (@vifs) {
- my $vif_path = "$path $vif";
- $config->setLevel($vif_path);
- if ($config->exists("vrrp")) {
- #
- # keepalived gets real grumpy with interfaces that don't
- # exist, so skip vlans that haven't been instantiated
- # yet (typically occurs at boot up).
- #
- my $vif_intf = $eth . "." . $vif;
- if (!(-d "/sys/class/net/$vif_intf")) {
- push @errs, "vlan doesn't exist $vif_intf";
- next;
- }
- my ($inst_output, @inst_errs) =
- keepalived_get_values($vif_intf, $vif_path);
- if (scalar(@inst_errs)) {
- push @errs, @inst_errs;
- } else {
- $output .= $inst_output;
- $vrrp_instances++;
- }
- }
- }
- }
}
if ($vrrp_instances > 0) {
@@ -408,35 +357,25 @@ sub list_vrrp_intf {
my $config = new Vyatta::Config;
my @intfs = ();
- $config->setLevel("interfaces ethernet");
- my @eths = $config->listOrigNodes();
- foreach my $eth (@eths) {
- my $path = "interfaces ethernet $eth";
+ foreach my $name ( getInterfaces() ) {
+ my $intf = new Vyatta::Interface($name);
+ next unless $intf;
+ my $path = $intf->path();
$config->setLevel($path);
- push @intfs, $eth if $config->existsOrig("vrrp");
- if ($config->existsOrig("vif")) {
- my $path = "interfaces ethernet $eth vif";
- $config->setLevel($path);
- my @vifs = $config->listOrigNodes();
- foreach my $vif (@vifs) {
- my $vif_intf = $eth . "." . $vif;
- my $vif_path = "$path $vif";
- $config->setLevel($vif_path);
- push @intfs, $vif_intf if $config->existsOrig("vrrp");
- }
- }
+ push @intfs, $name if $config->existsOrig("vrrp");
}
+
return @intfs;
}
sub list_vrrp_group {
my ($name) = @_;
-
my $config = new Vyatta::Config;
- my $path = "interfaces ethernet $name";
- if ($name =~ /(eth\d+)\.(\d+)/) {
- $path = "interfaces ethernet $1 vif $2";
- }
+ my $path;
+
+ my $intf = new Vyatta::Interface($name);
+ next unless $intf;
+ $path = $intf->path();
$path .= " vrrp vrrp-group";
$config->setLevel($path);
my @groups = $config->listOrigNodes();
diff --git a/scripts/keepalived/vyatta-show-vrrp.pl b/scripts/keepalived/vyatta-show-vrrp.pl
index 3015bc92..bcc6ca29 100755
--- a/scripts/keepalived/vyatta-show-vrrp.pl
+++ b/scripts/keepalived/vyatta-show-vrrp.pl
@@ -24,6 +24,7 @@
#
use lib "/opt/vyatta/share/perl5/";
use Vyatta::Keepalived;
+use Vyatta::Interface;
use strict;
use warnings;
@@ -65,23 +66,22 @@ sub elapse_time {
}
sub get_state_link {
- my $intf = shift;
+ my $intf_name = shift;
- my $IFF_UP = 0x1;
+ my $intf = new Vyatta::Interface($intf_name);
+ die "Unknown interface [$intf_name]" unless $intf;
+
my ($state, $link);
- my $flags = `cat /sys/class/net/$intf/flags 2> /dev/null`;
- my $carrier = `cat /sys/class/net/$intf/carrier 2> /dev/null`;
- chomp $flags; chomp $carrier;
- my $hex_flags = hex($flags);
- if ($hex_flags & $IFF_UP) {
- $state = "up";
+ if ($intf->up()) {
+ $state = 'up';
} else {
- $state = "admin down";
+ $state = 'admin down';
}
- if ($carrier eq "1") {
- $link = "up";
+
+ if ($intf->carrier() == 1) {
+ $link = 'up';
} else {
- $link = "down";
+ $link = 'down';
}
return ($state, $link);
}
@@ -96,7 +96,7 @@ sub parse_arping {
my @lines = <$FD>;
close $FD;
- my $mac = '';
+ my $mac = undef;
foreach my $line (@lines) {
# regex for xx:xx:xx:xx:xx:xx
if ($line =~ /(([0-9A-Fa-f]{1,2}:){5}[0-9A-Fa-f]{1,2})/) {
@@ -128,11 +128,13 @@ sub get_master_info {
my $arp_file = "$master_file.arp";
my $source_ip = (vrrp_get_config($intf, $group))[0];
- # arping doesn't seem to work for vlans
- if ($intf =~ /(eth\d+).\d+/) {
- $intf = $1;
+ my $interface = new Vyatta::Interface($intf);
+ my $arp_intf = $intf;
+ if ($interface->vif()) {
+ $arp_intf = $interface->physicalDevice();
}
- system("/usr/bin/arping -c1 -f -I $intf -s $source_ip $vip > $arp_file");
+ my $cmd = "/usr/bin/arping -c1 -f -I $arp_intf -s $source_ip $vip";
+ system("$cmd > $arp_file");
my $arp_mac = parse_arping($arp_file);
if ( ! -f $master_file) {
@@ -149,7 +151,7 @@ sub get_master_info {
$master_mac =~ /show=\"(([0-9A-Fa-f]{1,2}:){5}[0-9A-Fa-f]{1,2})/)
{
$master_mac = uc($1);
- if ($arp_mac ne $master_mac) {
+ if (defined($arp_mac) and ($arp_mac ne $master_mac)) {
Vyatta::Keepalived::snoop_for_master($intf, $group, $vip, 2);
$master_ip = `grep ip.src $master_file 2> /dev/null`;
}
@@ -172,7 +174,7 @@ sub get_master_info {
$priority = "unknown";
}
- return ($master_ip, $priority, $arp_mac);
+ return ($master_ip, $priority, $master_mac);
} else {
return ('unknown', 'unknown', '');
}
@@ -188,7 +190,7 @@ sub vrrp_showsummary {
my ($primary_addr, $priority, $preempt, $advert_int, $auth_type,
@vips) = Vyatta::Keepalived::vrrp_get_config($intf, $group);
my $format = "\n%-16s%-8s%-8s%-16s%-16s%-16s";
- my $vip = pop @vips;
+ my $vip = shift @vips;
printf($format, $intf, $group, 'vip', $vip, $link, $state);
foreach my $vip (@vips){
printf("\n%-24s%-8s%-16s", ' ', 'vip', $vip);
@@ -251,7 +253,7 @@ sub vrrp_show {
#
# main
#
-my $intf = "eth";
+my @intfs = ("eth", "bond");
my $group = "all";
my $showsummary = 0;
@@ -259,7 +261,7 @@ if ($#ARGV >= 0) {
if ($ARGV[0] eq "summary") {
$showsummary = 1;
} else {
- $intf = $ARGV[0];
+ @intfs = ($ARGV[0]);
}
}
@@ -284,9 +286,11 @@ if ($showsummary == 1) {
$display_func = \&vrrp_show;
}
-my @state_files = Vyatta::Keepalived::get_state_files($intf, $group);
-foreach my $state_file (@state_files) {
- &$display_func($state_file);
+foreach my $intf (@intfs) {
+ my @state_files = Vyatta::Keepalived::get_state_files($intf, $group);
+ foreach my $state_file (@state_files) {
+ &$display_func($state_file);
+ }
}
exit 0;
diff --git a/scripts/keepalived/vyatta-vrrp-state.pl b/scripts/keepalived/vyatta-vrrp-state.pl
index 930c7cd0..9bb54a0c 100755
--- a/scripts/keepalived/vyatta-vrrp-state.pl
+++ b/scripts/keepalived/vyatta-vrrp-state.pl
@@ -66,10 +66,10 @@ if (defined $old_state and $vrrp_state eq $old_state) {
Vyatta::Keepalived::vrrp_log("$vrrp_intf $vrrp_group transition to $vrrp_state");
vrrp_state_log($vrrp_state, $vrrp_intf, $vrrp_group);
-if ($vrrp_state eq "backup") {
+if ($vrrp_state eq 'backup') {
Vyatta::Keepalived::snoop_for_master($vrrp_intf, $vrrp_group, $vrrp_vips[0],
60);
-} elsif ($vrrp_state eq "master") {
+} elsif ($vrrp_state eq 'master') {
#
# keepalived will send gratuitous arp requests on master transition
# but some hosts do not update their arp cache for gratuitous arp
@@ -87,7 +87,7 @@ if ($vrrp_state eq "backup") {
system("rm -f $mfile");
}
-if (!($vrrp_transitionscript eq "null")){
+if (!($vrrp_transitionscript eq 'null')){
exec("$vrrp_transitionscript");
}
diff --git a/scripts/rl-system.init b/scripts/rl-system.init
index 3ca02ed2..2cca5d98 100755
--- a/scripts/rl-system.init
+++ b/scripts/rl-system.init
@@ -169,6 +169,11 @@ setup_ntp_config_file () {
log_failure_msg "NTP template config file doesn\'t exist"
fi
}
+
+# restore PAM back to virgin state (no radius other services)
+pam_reset () {
+ DEBIAN_FRONTEND=noninteractive pam-auth-update unix
+}
start () {
udev_rescan
@@ -182,6 +187,7 @@ start () {
sysctl -q -e -p /opt/vyatta/etc/vyatta-sysctl.conf ||
log_failure_msg "can\'t configure kernel settings"
set_ipv6_params
+ pam_reset
update_version_info
## Clear out apt config file--it will be filled in by rtrmgr
diff --git a/scripts/vyatta-grub-setup b/scripts/vyatta-grub-setup
index 817223b3..487356c4 100755
--- a/scripts/vyatta-grub-setup
+++ b/scripts/vyatta-grub-setup
@@ -88,7 +88,7 @@ else
fi
if eval "$UNION"; then
- GRUB_OPTIONS="boot=live live-media-path=/boot/$livedir persistent-path=/boot/$livedir quiet persistent noautologin nonetworking nouser hostname=vyatta"
+ GRUB_OPTIONS="boot=live quiet vyatta-union=/boot/$livedir"
union_xen_kernel_version=$(ls $ROOTFSDIR/boot/$livedir/vmlinuz*-xen* \
2>/dev/null \
| awk -F/ '{ print $6 }' \
@@ -253,17 +253,21 @@ fi
# Set options for root password reset. Offer
# options for both serial and KVM console.
+ reset_boot_path=/boot
+ if eval "$UNION"; then
+ reset_boot_path=/boot/$livedir
+ fi
echo
echo -e "menuentry \"Lost password change (KVM console)\" {"
- echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $vga_logo $vty_console init=$pass_reset"
- echo -e "\tinitrd /boot/initrd.img"
+ echo -e "\tlinux $reset_boot_path/vmlinuz $GRUB_OPTIONS $vga_logo $vty_console init=$pass_reset"
+ echo -e "\tinitrd $reset_boot_path/initrd.img"
echo -e "}"
echo
echo -e "menuentry \"Lost password change (Serial console)\" {"
- echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $serial_console init=$pass_reset"
- echo -e "\tinitrd /boot/initrd.img"
+ echo -e "\tlinux $reset_boot_path/vmlinuz $GRUB_OPTIONS $serial_console init=$pass_reset"
+ echo -e "\tinitrd $reset_boot_path/initrd.img"
echo -e "}"
if [ -n "$diag_drive_number" ]; then
diff --git a/sysconf/level b/sysconf/level
new file mode 100644
index 00000000..9da13bf5
--- /dev/null
+++ b/sysconf/level
@@ -0,0 +1,2 @@
+admin:quaggavty,vyattacfg,sudo,adm,dip,disk
+operator:quaggavty,vyattaop,operator,adm,dip
diff --git a/sysconf/pam-radius b/sysconf/pam-radius
deleted file mode 100644
index 0409dd44..00000000
--- a/sysconf/pam-radius
+++ /dev/null
@@ -1,12 +0,0 @@
-Name: Radius authentication
-Default: no
-Priority: 512
-Auth-Type: Primary
-Auth:
- [success=end default=ignore] pam_radius_auth.so try_first_pass
-Auth-Initial:
- [success=end default=ignore] pam_radius_auth.so
-Account-Type: Primary
-Account:
- [success=end new_authtok_reqd=done default=ignore] pam_radius_auth.so try_first_pass
-
diff --git a/sysconf/pam_radius.cfg b/sysconf/pam_radius.cfg
new file mode 100644
index 00000000..02ffc1c8
--- /dev/null
+++ b/sysconf/pam_radius.cfg
@@ -0,0 +1,11 @@
+Name: Radius client
+Default: yes
+Priority: 512
+Auth-Type: Primary
+Auth:
+ sufficient pam_radius_auth.so try_first_pass
+Auth-Initial:
+ sufficient pam_radius_auth.so
+Account-Type: Primary
+Account:
+ sufficient pam_radius_auth.so
diff --git a/sysconf/protected-user b/sysconf/protected-user
new file mode 100644
index 00000000..04a60974
--- /dev/null
+++ b/sysconf/protected-user
@@ -0,0 +1,2 @@
+root
+www-data
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/node.def
new file mode 100644
index 00000000..47aceb53
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/node.def
@@ -0,0 +1,5 @@
+help: Configure Virtual Router Redundancy Protocol (VRRP) parameters
+
+priority: 800
+
+end:expression: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action update --intf $VAR(../../@).$VAR(../@) "
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.def
new file mode 100644
index 00000000..d87ad6b7
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.def
@@ -0,0 +1,8 @@
+tag:
+type: u32
+syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 255; "VRRP group must be between 1-255"
+commit:expression: $VAR(virtual-address/) != ""; "Must define the virtual-address for vrrp-group $VAR(@)"
+help: Set VRRP group number
+delete:expression: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action delete --intf $VAR(../../../@).$VAR(../../@) --group $VAR(@) "
+comp_help: possible completions
+ <1-255> VRRP group number
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def
new file mode 100644
index 00000000..59f2b451
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def
@@ -0,0 +1,6 @@
+type: u32
+default: 1
+help: Set advertise interval
+syntax:expression: $VAR(@) >= 1 && $VAR(@) <=255; "Advertise interval must be between 1-255"
+comp_help: possible completions
+ <1-255> Set advertise interval (default 1)
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def
new file mode 100644
index 00000000..adf78b3f
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def
@@ -0,0 +1,3 @@
+help: Set authentication
+commit:expression: $VAR(./type/@) != ""; "You must set a authentication type"
+commit:expression: $VAR(./password/@) != ""; "You must set a authentication password"
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def
new file mode 100644
index 00000000..9bd2e98d
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def
@@ -0,0 +1,9 @@
+type: txt
+help: Set password
+syntax:expression: exec " \
+ if [ `echo -n $VAR(@) | wc -c` -gt 8 ]; then \
+ echo Password must be 8 characters or less ; \
+ exit 1 ; \
+ fi ; "
+comp_help: possible completions:
+ <text> Password (8 characters or less)
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def
new file mode 100644
index 00000000..7155495d
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def
@@ -0,0 +1,7 @@
+type: txt
+help: Set authentication type
+syntax:expression: $VAR(@) in "plaintext-password", "ah"; \
+ "authentication must be plaintext-password or ah"
+comp_help: possible completions:
+ plaintext-password Set plain text password mode
+ ah Set IP Authentication Header mode
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/description/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/description/node.def
new file mode 100644
index 00000000..aeb40f0b
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/description/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: Set description for this interface
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/disable/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/disable/node.def
new file mode 100644
index 00000000..916e313b
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/disable/node.def
@@ -0,0 +1 @@
+help: Set VRRP group disabled
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def
new file mode 100644
index 00000000..edb0d58a
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def
@@ -0,0 +1,6 @@
+type: ipv4
+
+help: Set hello-source-address
+
+comp_help: possible completions:
+ <x.x.x.x> Set source address for vrrp hello packets (optional)
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def
new file mode 100644
index 00000000..1638624e
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def
@@ -0,0 +1,6 @@
+type: u32
+syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 1000; \
+ "preempt-delay must be between 0-1000"
+help: Set preempt-delay
+comp_help: possible completions:
+ <0-1000> Set Preempt Delay in seconds
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def
new file mode 100644
index 00000000..7b3b9cbd
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def
@@ -0,0 +1,7 @@
+type: txt
+help: Set preempt mode (default: true)
+default: "true"
+syntax:expression: $VAR(@) in "true", "false"; "preempt must be true or false"
+comp_help: possible completions:
+ true (default)
+ false
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/priority/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/priority/node.def
new file mode 100644
index 00000000..54de02c7
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/priority/node.def
@@ -0,0 +1,5 @@
+type: u32
+syntax:expression: $VAR(@) >= 0 &&$VAR(@) <= 255; "priority must be between 1-255"
+help: Set priority
+comp_help: possible completions:
+ <1-255> Set Priority
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def
new file mode 100644
index 00000000..44be2a7f
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def
@@ -0,0 +1,4 @@
+help: Set an executable script to run on VRRP state-transition to backup
+type: txt
+syntax:expression: exec "[ -x $VAR(@) ] || exit 1"; "Backup Script should be an existing executable"
+
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def
new file mode 100644
index 00000000..9f2557b3
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def
@@ -0,0 +1,4 @@
+help: Set an executable script to run on VRRP state-transition to fault
+type: txt
+syntax:expression: exec "[ -x $VAR(@) ] || exit 1"; "Fault Script should be an existing executable"
+
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def
new file mode 100644
index 00000000..7f7d8895
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def
@@ -0,0 +1,4 @@
+help: Set an executable script to run on VRRP state-transition to master
+type: txt
+syntax:expression: exec "[ -x $VAR(@) ] || exit 1"; "Master Script should be an existing executable"
+
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def
new file mode 100644
index 00000000..ed959156
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def
@@ -0,0 +1,2 @@
+help: Set scripts to run on VRRP state-transitions
+
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def
new file mode 100644
index 00000000..9602a842
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: Set to add this vrrp group to a sync group
diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def
new file mode 100644
index 00000000..176287aa
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def
@@ -0,0 +1,22 @@
+multi:
+type: txt
+help: Set virtual address
+
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-keepalived.pl \
+ --vrrp-action='check-vip' --vip='$VAR(@)' "\
+ ; "Invalid virtual-address [$VAR(@)] for vrrp-group $VAR(../@)"
+
+syntax:expression: exec "
+ if echo '$VAR(@)' | grep -q '/' ; then
+ if /opt/vyatta/sbin/vyatta-interfaces.pl \
+ --valid-addr $VAR(@) --dev $VAR(../../../@) ; then
+ exit 0
+ else
+ echo Invalid vrrp virtual-address [$VAR(@)] for vrrp-group $VAR(../@)
+ exit 1
+ fi
+ fi"
+
+comp_help: possible completions:
+ <x.x.x.x> Virtual IP address (up to 20 per group)
+ <x.x.x.x/x> Virtual IP address with prefix (up to 20 per group)
diff --git a/templates/interfaces/bonding/node.tag/vrrp/node.def b/templates/interfaces/bonding/node.tag/vrrp/node.def
new file mode 100644
index 00000000..adeb0564
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/node.def
@@ -0,0 +1,5 @@
+help: Configure Virtual Router Redundancy Protocol (VRRP)
+
+priority: 800
+
+end:expression: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action update --intf $VAR(../@) "
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.def
new file mode 100644
index 00000000..a3ce1395
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.def
@@ -0,0 +1,8 @@
+tag:
+type: u32
+syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 255; "VRRP group must be between 1-255"
+commit:expression: $VAR(virtual-address/) != ""; "Must define the virtual-address for vrrp-group $VAR(@)"
+help: Set VRRP group number
+delete:expression: "sudo /opt/vyatta/sbin/vyatta-keepalived.pl --vrrp-action delete --intf $VAR(../../@) --group $VAR(@) "
+comp_help: possible completions
+ <1-255> VRRP group number
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def
new file mode 100644
index 00000000..59f2b451
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/advertise-interval/node.def
@@ -0,0 +1,6 @@
+type: u32
+default: 1
+help: Set advertise interval
+syntax:expression: $VAR(@) >= 1 && $VAR(@) <=255; "Advertise interval must be between 1-255"
+comp_help: possible completions
+ <1-255> Set advertise interval (default 1)
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def
new file mode 100644
index 00000000..adf78b3f
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/node.def
@@ -0,0 +1,3 @@
+help: Set authentication
+commit:expression: $VAR(./type/@) != ""; "You must set a authentication type"
+commit:expression: $VAR(./password/@) != ""; "You must set a authentication password"
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def
new file mode 100644
index 00000000..9bd2e98d
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/password/node.def
@@ -0,0 +1,9 @@
+type: txt
+help: Set password
+syntax:expression: exec " \
+ if [ `echo -n $VAR(@) | wc -c` -gt 8 ]; then \
+ echo Password must be 8 characters or less ; \
+ exit 1 ; \
+ fi ; "
+comp_help: possible completions:
+ <text> Password (8 characters or less)
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def
new file mode 100644
index 00000000..687c6af6
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def
@@ -0,0 +1,7 @@
+type: txt
+help: Set authentication type
+syntax:expression: $VAR(@) in "plaintext-password", "ah"; \
+ "authentication must be plaintext-password or ah"
+comp_help: possible completions:
+ plaintext-password Set plain text password mode
+ ah Set IP Authentication Header mode
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/description/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/description/node.def
new file mode 100644
index 00000000..aeb40f0b
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/description/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: Set description for this interface
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/disable/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/disable/node.def
new file mode 100644
index 00000000..916e313b
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/disable/node.def
@@ -0,0 +1 @@
+help: Set VRRP group disabled
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def
new file mode 100644
index 00000000..edb0d58a
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/hello-source-address/node.def
@@ -0,0 +1,6 @@
+type: ipv4
+
+help: Set hello-source-address
+
+comp_help: possible completions:
+ <x.x.x.x> Set source address for vrrp hello packets (optional)
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def
new file mode 100644
index 00000000..1638624e
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt-delay/node.def
@@ -0,0 +1,6 @@
+type: u32
+syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 1000; \
+ "preempt-delay must be between 0-1000"
+help: Set preempt-delay
+comp_help: possible completions:
+ <0-1000> Set Preempt Delay in seconds
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def
new file mode 100644
index 00000000..4ed282ed
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/preempt/node.def
@@ -0,0 +1,7 @@
+type: txt
+help: Set preempt mode
+default: "true"
+syntax:expression: $VAR(@) in "true", "false"; "preempt must be true or false"
+comp_help: possible completions:
+ true (default)
+ false
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/priority/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/priority/node.def
new file mode 100644
index 00000000..54de02c7
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/priority/node.def
@@ -0,0 +1,5 @@
+type: u32
+syntax:expression: $VAR(@) >= 0 &&$VAR(@) <= 255; "priority must be between 1-255"
+help: Set priority
+comp_help: possible completions:
+ <1-255> Set Priority
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def
new file mode 100644
index 00000000..44be2a7f
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/backup/node.def
@@ -0,0 +1,4 @@
+help: Set an executable script to run on VRRP state-transition to backup
+type: txt
+syntax:expression: exec "[ -x $VAR(@) ] || exit 1"; "Backup Script should be an existing executable"
+
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def
new file mode 100644
index 00000000..9f2557b3
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/fault/node.def
@@ -0,0 +1,4 @@
+help: Set an executable script to run on VRRP state-transition to fault
+type: txt
+syntax:expression: exec "[ -x $VAR(@) ] || exit 1"; "Fault Script should be an existing executable"
+
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def
new file mode 100644
index 00000000..7f7d8895
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/master/node.def
@@ -0,0 +1,4 @@
+help: Set an executable script to run on VRRP state-transition to master
+type: txt
+syntax:expression: exec "[ -x $VAR(@) ] || exit 1"; "Master Script should be an existing executable"
+
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def
new file mode 100644
index 00000000..3abc1696
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/run-transition-scripts/node.def
@@ -0,0 +1,2 @@
+help: Set scripts for VRRP state-transitions
+
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def
new file mode 100644
index 00000000..9602a842
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/sync-group/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: Set to add this vrrp group to a sync group
diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def
new file mode 100644
index 00000000..176287aa
--- /dev/null
+++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def
@@ -0,0 +1,22 @@
+multi:
+type: txt
+help: Set virtual address
+
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-keepalived.pl \
+ --vrrp-action='check-vip' --vip='$VAR(@)' "\
+ ; "Invalid virtual-address [$VAR(@)] for vrrp-group $VAR(../@)"
+
+syntax:expression: exec "
+ if echo '$VAR(@)' | grep -q '/' ; then
+ if /opt/vyatta/sbin/vyatta-interfaces.pl \
+ --valid-addr $VAR(@) --dev $VAR(../../../@) ; then
+ exit 0
+ else
+ echo Invalid vrrp virtual-address [$VAR(@)] for vrrp-group $VAR(../@)
+ exit 1
+ fi
+ fi"
+
+comp_help: possible completions:
+ <x.x.x.x> Virtual IP address (up to 20 per group)
+ <x.x.x.x/x> Virtual IP address with prefix (up to 20 per group)
diff --git a/templates/interfaces/ethernet/node.tag/bond-group/node.def b/templates/interfaces/ethernet/node.tag/bond-group/node.def
index 7b6df036..c173ae3f 100644
--- a/templates/interfaces/ethernet/node.tag/bond-group/node.def
+++ b/templates/interfaces/ethernet/node.tag/bond-group/node.def
@@ -6,7 +6,7 @@ commit:expression: exec \
allowed: ${vyatta_sbindir}/vyatta-interfaces.pl --show=bonding
-update: OLDG=`${vyatta_sbindir}/vyatta-cli-expand-var.pl \$\(/interfaces/ethernet/$VAR(../@)/bond-group/@\)`
+update: OLDG=`${vyatta_sbindir}/vyatta-cli-expand-var.pl \\$VAR\(/interfaces/ethernet/$VAR(../@)/bond-group/@\)`
if [ -n "$OLDG" ]; then
sudo ${vyatta_sbindir}/vyatta-bonding.pl --dev=$OLDG --remove=$VAR(../@)
fi
diff --git a/templates/interfaces/ethernet/node.tag/bridge-group/node.def b/templates/interfaces/ethernet/node.tag/bridge-group/node.def
index 5ea9da19..b30a9e10 100644
--- a/templates/interfaces/ethernet/node.tag/bridge-group/node.def
+++ b/templates/interfaces/ethernet/node.tag/bridge-group/node.def
@@ -2,7 +2,7 @@ help: Add this interface to a bridge group
end:
ethif=$VAR(../@)
- oldbridge=`/opt/vyatta/sbin/vyatta-cli-expand-var.pl \$\(/interfaces/ethernet/$ethif/bridge-group/bridge/@\)`
+ oldbridge=`/opt/vyatta/sbin/vyatta-cli-expand-var.pl \\$VAR\(/interfaces/ethernet/$ethif/bridge-group/bridge/@\)`
newbridge="$VAR(./bridge/@)"
if [ ${COMMIT_ACTION} = 'SET' ]; then
diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def
index 0bade03a..e3645b1c 100644
--- a/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def
+++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/bridge-group/node.def
@@ -5,7 +5,7 @@ end:
eth=$VAR(../../@)
vif=$VAR(../@)
ethif=$eth.$vif
- oldbridge=`/opt/vyatta/sbin/vyatta-cli-expand-var.pl \$\(/interfaces/ethernet/$eth/vif/$vif/bridge-group/bridge/@\)`
+ oldbridge=`/opt/vyatta/sbin/vyatta-cli-expand-var.pl \\$VAR\(/interfaces/ethernet/$eth/vif/$vif/bridge-group/bridge/@\)`
newbridge="$VAR(./bridge/@)"
if [ ${COMMIT_ACTION} = 'SET' ]; then