diff options
| -rw-r--r-- | Makefile.am | 2 | ||||
| -rw-r--r-- | cfg-version/flow-accounting@1 | 0 | ||||
| -rw-r--r-- | cfg-version/ospf@1 | 0 | ||||
| -rw-r--r-- | debian/compat | 2 | ||||
| -rwxr-xr-x | scripts/install/install-functions | 58 | ||||
| -rwxr-xr-x | scripts/install/install-get-partition | 233 | ||||
| -rwxr-xr-x | scripts/install/install-postinst-new | 4 | ||||
| -rwxr-xr-x | scripts/vyatta-load-user-key.pl | 2 | ||||
| -rw-r--r-- | sysconf/filecaps | 5 |
9 files changed, 160 insertions, 146 deletions
diff --git a/Makefile.am b/Makefile.am index 67782526..9c9c8d3e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -70,12 +70,14 @@ curver_DATA += cfg-version/quagga@9 curver_DATA += cfg-version/vrf@3 curver_DATA += cfg-version/isis@1 curver_DATA += cfg-version/bgp@2 +curver_DATA += cfg-version/ospf@1 curver_DATA += cfg-version/policy@1 curver_DATA += cfg-version/conntrack@3 curver_DATA += cfg-version/conntrack-sync@2 curver_DATA += cfg-version/ipsec@8 curver_DATA += cfg-version/openconnect@1 curver_DATA += cfg-version/https@3 +curver_DATA += cfg-version/flow-accounting@1 curver_DATA += cfg-version/firewall@7 cpiop = find . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \ diff --git a/cfg-version/flow-accounting@1 b/cfg-version/flow-accounting@1 new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/cfg-version/flow-accounting@1 diff --git a/cfg-version/ospf@1 b/cfg-version/ospf@1 new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/cfg-version/ospf@1 diff --git a/debian/compat b/debian/compat index ec635144..f599e28b 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -9 +10 diff --git a/scripts/install/install-functions b/scripts/install/install-functions index e319b84d..458d2e63 100755 --- a/scripts/install/install-functions +++ b/scripts/install/install-functions @@ -177,7 +177,7 @@ select_drive () { drives=$(cat /proc/partitions | \ awk '{ if ($4!="name") { print $4 } }' | \ egrep "c[0-9]d[0-9]$|[hsv]d[a-z]$|nvme[0-9]n[0-9]|mmcblk[0-9]" | \ - egrep -v "^$") + egrep -v "^$" | sort) #this needs more testing to decide if better than above #drives=$(lsblk -dn -o name -I8) @@ -370,3 +370,59 @@ EOF return 1 } +# Find 2 drives of the same size. +get_size_raid () +{ + x=0 + declare -i x + for drive in "${driveName[@]}" + do + drivesize=${driveSize[$x]} + y=0 + declare -i y + for size in ${driveSize[@]} + do + if [ $drivesize -eq $size ] && [ $drive != ${driveName[$y]} ]; then + raiddrives="${driveName[$y]} $drive" + fi + y+=1 + done + x+=1 + done + if [ -n "$raiddrives" ]; then + echo $raiddrives + fi +} + +# Manually select 2 items for use in RAID-1 +get_manual_raid () +{ + PS3="Select the first drive: " + IFS=$'\n' s_driveNameSize=($(sort <<<"${driveNameSize[*]}")) + unset IFS + select drive1 in "${s_driveNameSize[@]}" + do + break + done + + driveNameSize=() + for drive in "${driveName[@]}" + do + if ! echo $drive1 | grep -q $drive; then + driveNameSize+=("$drive $(get_drive_size $drive) MB") + fi + done + + PS3="Select the second drive: " + IFS=$'\n' s_driveNameSize=($(sort <<<"${driveNameSize[*]}")) + unset IFS + select drive2 in "${s_driveNameSize[@]}" + do + break + done + + drive1=`echo $drive1 | awk '{ print $1 }'` + drive2=`echo $drive2 | awk '{ print $1 }'` + + echo $drive1 $drive2 +} diff --git a/scripts/install/install-get-partition b/scripts/install/install-get-partition index 1a96ac81..c5c7c268 100755 --- a/scripts/install/install-get-partition +++ b/scripts/install/install-get-partition @@ -49,7 +49,9 @@ warn_of_dire_consequences () { done } -check_for_old_raid () { +delete_old_raid () { + ldrive=$1 + # First, trigger construction of previously configured RAID groups echo -n "Looking for pre-existing RAID groups..." raid_config=`mdadm --examine --scan` @@ -60,138 +62,44 @@ check_for_old_raid () { echo "found some." echo "Trying to configure pre-existing RAID groups..." + mdadm --run /dev/md?* >/dev/null 2>&1 mdadm --assemble --scan --auto=yes --symlink=no # Identify physical drives raid_drives=$(cat /proc/partitions | awk '{ if ($4!="name") { print $4 } }' \ | grep "md" | egrep -v "^$") if [ -z "$raid_drives" ]; then - echo "Unable to configure any RAID groups." return fi - numraids=`echo $raid_drives | wc -w` - if [ $numraids -eq 1 ]; then - echo "The following RAID group is now configured:" - else - echo "The following RAID groups are now configured:" - fi - for drive in $raid_drives; do - cat /proc/mdstat | grep --after-context 2 ^$drive | sed -e 's/^/\t/' + members=`ls /sys/block/$drive/slaves` + for member in $members; do + cdrive=`lsblk -dn -o pkname /dev/$member` + if [ "$ldrive" == "$cdrive" ]; then + mdadm --stop --scan + for member in $members; do + drive=${member:0:3} + part=${member:3:1} + echo "Re-setting partition ID for RAID group $raid_drive member /dev/${member}:" + if [ -d /sys/firmware/efi ]; then + sgdisk --part-type /dev/$drive $part 0x83 + else + sfdisk --part-type /dev/$drive $part 0x83 + fi + echo "Clearing RAID superblock from RAID group $raid_drive member /dev/${member}." + mdadm --zero-superblock /dev/$member + done + fi + done done - - if [ $numraids -eq 1 ]; then - echo -n "Would you like to use this one? (Yes/No) [Yes]:" - else - echo -n "Would you like to use one of these? (Yes/No) [Yes]:" - fi - - response=$(get_response "Yes" "Yes No Y N") - if [ "$response" == "no" ] || [ "$response" == "n" ]; then - echo - echo "Ok. Not using existing RAID groups." - echo - - # pick the first RAID group to be broken - raid_drive=$(echo $raid_drives | /usr/bin/awk '{ print $1 }') - - echo "Would you like to break RAID group $raid_drive so that its" - echo "members can be re-used for a new installation, understanding" - echo -n "that doing so will destroy all data on it? (Yes/No) [No]:" - destroy_raid=$(get_response "No" "Yes No Y N") - echo - - if [ "${destroy_raid:0:1}" = "y" ]; then - echo "OK. Breaking the RAID group $raid_drive." - - members=`ls /sys/block/$raid_drive/slaves` - - echo "First, stopping all existing RAID groups:" - mdadm --stop --scan - - for member in $members ; do - drive=${member:0:3} - part=${member:3:1} - echo "Re-setting partition ID for RAID group $raid_drive member /dev/${member}:" - sfdisk --change-id /dev/$drive $part 0x83 - echo "Clearing RAID superblock from RAID group $raid_drive member /dev/${member}." - mdadm --zero-superblock /dev/$member - done - else - echo "OK. Stopping, but not breaking, existing RAID groups:" - mdadm --stop --scan - fi - - echo - return - fi - - if [ $numraids -eq 1 ]; then - INSTALL_DRIVE=$raid_drives - else - # take the first drive as the default - INSTALL_DRIVE=$(echo $raid_drives | /usr/bin/awk '{ print $1 }') - echo -n "Which one would you like to use? ($raid_drives) [$INSTALL_DRIVE]: " - INSTALL_DRIVE=$(get_response "$INSTALL_DRIVE" "$drives") - fi - - echo "Using RAID partition $INSTALL_DRIVE" - - raid_degraded=`cat /sys/block/$INSTALL_DRIVE/md/degraded` - raid_sync_action=`cat /sys/block/$INSTALL_DRIVE/md/sync_action` - - if [ "$raid_degraded" = "1" ]; then - echo - if [ "$raid_sync_action" = "recover" ]; then - echo "Error: This RAID set is degraded and is in the process of" - echo "rebuilding. It is not safe to install onto it while the" - echo "rebuild is in progress. Please wait for the rebuild to" - echo "complete and then re-start the installation. You may" - echo "monitor the progress of the RAID rebuild with the" - echo "command:" - echo - echo " show raid $INSTALL_DRIVE" - echo - exit 1 - fi - echo "Warning: This RAID set is degraded, but is not in the" - echo "process of rebuilding. It is safe to perform the installation" - echo "onto a degraded RAID set that is not in the process of" - echo "rebuilding. You may stop the installation now and rebuild the" - echo "RAID set, or continue installing onto it. If you continue" - echo "installing, do not attempt to rebuild the RAID set until the" - echo "installation has completed and you have rebooted the system." - echo - fi - - warn_of_dire_consequences - - ROOT_PARTITION=$INSTALL_DRIVE - ROOT_PARTITION_TYPE=new - - # make sure we aren't working on a mounted part - unmount "$INSTALL_DRIVE" - - # check for an old config on the partition - mkdir -p /mnt/tmp - output=$(mount -r /dev/"$ROOT_PARTITION" /mnt/tmp 2>&1) - if [ $? != 0 ]; then - echo "Cannot mount $ROOT_PARTITION to check for old config file" - lecho "Cannot mount $ROOT_PARTITION"."\n" - lecho "mount $ROOT_PARTITION /mnt/tmp\n" - lecho "$output" - else - save_old_info "$ROOT_PARTITION" - umount /mnt/tmp - fi - - # create the filesystem on the part - make_filesystem "$ROOT_PARTITION" } check_for_new_raid () { # Identify physical drives + driveName=() + driveSize=() + driveNameSize=() drives=$(cat /proc/partitions | awk '{ if ($4!="name") { print $4 } }' \ | egrep -v "[0-9]$" | egrep -v "^$") @@ -200,17 +108,63 @@ check_for_new_raid () { if mount | grep iso9660 | grep -q $instdrv then drives=${drives//"$instdrv"/} + else + driveName+=("$instdrv") + driveSize+=($(get_drive_size $instdrv)) + driveNameSize+=("$instdrv $(get_drive_size $instdrv) MB") fi done numdrives=`echo $drives | wc -w` - # Need at least two drives for RAID-1. We don't yet have the code - # to handle selection of two from a set of 3 or more, so for now, we - # only support two drives. - # - if [ $numdrives -ne 2 ]; then + # Need at least two drives for RAID-1. If there are more than two + # drives found we have the option to check for two drives of the same size + # or configure manually. + + if [ $numdrives -lt 2 ]; then return + elif [ $numdrives -gt 2 ]; then + echo "Found ${numdrives} drives." + echo -n "Would you like to configure RAID-1 mirroring? (Yes/No) [Yes]:" + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "no" ] || [ "$response" == "n" ]; then + echo "Ok. Not configuring RAID-1." + return + else + echo -n "Would you like find and use 2 drives of the same size? (Yes/No) [Yes]:" + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "yes" ] || [ "$response" == "y" ]; then + raiddrives=$(get_size_raid) + if [ -n "$raiddrives" ]; then + drives=$raiddrives + else + echo "No drives with the same size found." + echo -n "Would you like to manually select the drives? (Yes/No) [Yes]:" + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "yes" ] || [ "$response" == "y" ]; then + raiddrives=$(get_manual_raid) + if [ -n "$raiddrives" ]; then + drives=$raiddrives + fi + else + echo "Ok. Not configuring RAID-1." + return + fi + fi + else + echo -n "Would you like to manually select the drives? (Yes/No) [Yes]:" + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "yes" ] || [ "$response" == "y" ]; then + raiddrives=$(get_manual_raid) + if [ -n "$raiddrives" ]; then + drives=$raiddrives + fi + else + echo "Ok. Not configuring RAID-1." + return + fi + fi + fi fi drive1=`echo $drives | awk '{ print $1 }'` @@ -252,10 +206,12 @@ check_for_new_raid () { return fi + config_saved='no' for drive in $drives; do echo "Deleting old partitions on drive $drive" # remove any existing partitions on that drive - delete_partitions "$drive" + delete_partitions "$drive" "$config_saved" + config_saved='yes' done # Need to leave space on both disks between the MBR and the start @@ -282,7 +238,7 @@ check_for_new_raid () { echo "Create data partition: /dev/${drive}${data_dev}" else echo "Creating data partition: /dev/${drive}${data_dev}" - sfdisk --change-id /dev/$drive $data_dev 0xfd + sfdisk --part-type /dev/$drive $data_dev 0xfd >/dev/null 2>&1 # mark data partition as bootable lecho "Marking /dev/$drive partition $data_dev bootable" output=$(parted -s /dev/$drive set $data_dev boot on 2>&1) @@ -308,9 +264,11 @@ check_for_new_raid () { if [ $? = 0 -a -e /dev/$raid_dev ]; then echo "RAID-1 group created successfully:" cat /proc/mdstat | grep --after-context 2 ^$raid_dev | sed -e 's/^/\t/' - if [ -e /usr/sbin/update-initramfs.orig.initramfs-tools ]; then + cp /usr/share/initramfs-tools/scripts/local-block/mdadm /etc/initramfs-tools/scripts/local-top/ + sed -i 's/\$((COUNT + 1))/20/g' /etc/initramfs-tools/scripts/local-top/mdadm + if [ -e /usr/sbin/update-initramfs ]; then echo "Updating initramfs to include the raid config:" - /usr/sbin/update-initramfs.orig.initramfs-tools -u + /usr/sbin/update-initramfs -u fi else echo "Unable to create RAID-1 group!" @@ -416,7 +374,7 @@ save_old_config() { local part=$1 local response='' - # Look to see if there is a config partition there + # Look to see if there is a config partition there while [ -z "$response" ]; do echo "$part has an old configuration directory!" echo -ne "Would you like me to save the data on it\nbefore I delete it? (Yes/No) [Yes]: " @@ -603,8 +561,12 @@ save_old_info() { # Delete all existing partitions for an automated install # $1 is the drive to delete partitions from +# $2 is to save the config from only the first drive delete_partitions () { ldrive=$1 + config_saved=$2 + + delete_old_raid $ldrive # get the partitions on the drive # in the first grep below we add the optional [p] in order to @@ -624,7 +586,9 @@ delete_partitions () { lecho "mount $dev_name /mnt/tmp\n" lecho "$output" else - save_old_info $ldrive$lpart + if [ "$config_saved" == "no" ]; then + save_old_info $ldrive$lpart + fi umount /mnt/tmp fi @@ -855,7 +819,8 @@ setup_method_auto () { unmount "$INSTALL_DRIVE" # remove any existing partitions on that drive - delete_partitions "$INSTALL_DRIVE" + config_saved='no' + delete_partitions "$INSTALL_DRIVE" "$config_saved" # Enforce minimum partition size requirement. local root_part_size=0 @@ -950,13 +915,6 @@ while true; do progress_indicator stop echo "OK" - # try old raid - check_for_old_raid - if [ -n "$ROOT_PARTITION" ]; then - # got partition. done. - break - fi - # try new raid check_for_new_raid if [ -n "$ROOT_PARTITION" ]; then @@ -1005,4 +963,3 @@ fi echo "$ROOT_PARTITION_TYPE $ROOT_PARTITION $INSTALL_DRIVE" >$OUTFILE becho 'Done!' exit 0 - diff --git a/scripts/install/install-postinst-new b/scripts/install/install-postinst-new index 3a20cac3..0078287f 100755 --- a/scripts/install/install-postinst-new +++ b/scripts/install/install-postinst-new @@ -124,10 +124,6 @@ install_grub () { progress_indicator start if [ -f "/tmp/efiparts.tmp" ]; then - # Remove grub-pc packages - dpkg -r grub-pc grub2 >&/dev/null - # Install grub-efi packages - dpkg -i /usr/share/vyos/packages/grub-efi*.deb >&/dev/null mkdir -p $grub_root/boot/efi readarray parts < /tmp/efiparts.tmp part_length=${#parts[@]} diff --git a/scripts/vyatta-load-user-key.pl b/scripts/vyatta-load-user-key.pl index 6e62335f..e78ebc35 100755 --- a/scripts/vyatta-load-user-key.pl +++ b/scripts/vyatta-load-user-key.pl @@ -159,7 +159,7 @@ sub getkeys { print "Warning: `loadkey' command has been deprecated and will be removed in a future version.\n"; print "Instead, use the op-mode command `generate public-key-command' to generate commands for manual addition:\n"; -print "$ generate public-key-command name <username> path <path-or-url>\n\n"; +print "\$ generate public-key-command name <username> path <path-or-url>\n\n"; die "Incorrect number of arguments, expect\n", " loadkey user filename|url\n" diff --git a/sysconf/filecaps b/sysconf/filecaps index d24061e1..ea536eff 100644 --- a/sysconf/filecaps +++ b/sysconf/filecaps @@ -4,12 +4,15 @@ cap_net_admin=pe /sbin/ethtool cap_net_admin=pe /sbin/tc cap_net_admin=pe /bin/ip +# handles /sbin/iptables and /sbin/ip6tables symlink target +cap_net_admin=pe /sbin/xtables-legacy-multi +cap_net_admin=pe /sbin/xtables-nft-multi cap_net_admin=pe /usr/sbin/ipset cap_net_admin=pe /usr/sbin/conntrack cap_net_admin=pe /usr/sbin/arp # Raw sockets -cap_net_raw=pe /usr/bin/tcpdump +cap_net_raw=pe /usr/bin/tcpdump # Allow changes to system settings cap_net_admin,cap_sys_admin=pe /sbin/sysctl |