diff options
Diffstat (limited to 'templates')
19 files changed, 83 insertions, 35 deletions
diff --git a/templates/interfaces/bonding/node.tag/address/node.def b/templates/interfaces/bonding/node.tag/address/node.def index d5237934..3bfd99bb 100644 --- a/templates/interfaces/bonding/node.tag/address/node.def +++ b/templates/interfaces/bonding/node.tag/address/node.def @@ -2,8 +2,10 @@ multi: type: txt help: Set an IP address for this interface syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr $VAR(@) --dev $VAR(../@)"; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../@)" -update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@)"; "Error setting address $VAR(@) on interface $VAR(../@)" -delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)"; "Error deleting address $VAR(@) on interface $VAR(../@)" +update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@) \ +--intf-cli-path \"interfaces bonding $VAR(../@)\""; "Error setting address $VAR(@) on interface $VAR(../@)" +delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@) \ +--intf-cli-path \"interfaces bonding $VAR(../@)\""; "Error deleting address $VAR(@) on interface $VAR(../@)" allowed: echo "dhcp <>" comp_help:Possible completions: <x.x.x.x/x> Set the IP address and prefix length diff --git a/templates/interfaces/bonding/node.tag/disable/node.def b/templates/interfaces/bonding/node.tag/disable/node.def index 54090cc4..90dd5825 100644 --- a/templates/interfaces/bonding/node.tag/disable/node.def +++ b/templates/interfaces/bonding/node.tag/disable/node.def @@ -1,3 +1,11 @@ help: Set interface disabled -update:expression: "sudo ip link set $VAR(../@) down"; "Error disabling dev $VAR(../@)" -delete:expression: "sudo ip link set $VAR(../@) up"; "Error enabling dev $VAR(../@)" +update: /etc/netplug/linkdown.d/dhclient $VAR(../@) + if ! sudo ip link set $VAR(../@) down 2>/dev/null; then + echo "Error disabling dev $VAR(../@)" + /etc/netplug/linkup.d/dhclient $VAR(../@) + exit 1 + fi +delete: if ! sudo ip link set $VAR(../@) up; then + echo "Error enabling dev $VAR(../@)" + exit 1 + fi diff --git a/templates/interfaces/bonding/node.tag/vif/node.def b/templates/interfaces/bonding/node.tag/vif/node.def index d37b045e..1aa35123 100644 --- a/templates/interfaces/bonding/node.tag/vif/node.def +++ b/templates/interfaces/bonding/node.tag/vif/node.def @@ -5,8 +5,7 @@ syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 4094; "VLAN ID must be between 0 a create: sudo modprobe 8021q sudo vconfig add "$VAR(../@)" "$VAR(@)" sudo ip link set "$VAR(../@).$VAR(@)" up - vyatta-vtysh -c "configure terminal" \ - -c "interface $VAR(../@).$VAR(@)" -c "link-detect" + vyatta-link-detect $VAR(../@).$VAR(@) on delete: sudo vconfig rem "$VAR(../@).$VAR(@)" comp_help: possible completions: <0-4094> Set VLAN ID diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/address/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/address/node.def index 625130af..33ba57d8 100644 --- a/templates/interfaces/bonding/node.tag/vif/node.tag/address/node.def +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/address/node.def @@ -2,8 +2,10 @@ multi: type: txt help: Set an IP address for this interface syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr $VAR(@) --dev $VAR(../../@).$VAR(../@) "; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../../@).$VAR(../@)" -create:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../../@).$VAR(../@) "; "Error setting address $VAR(@) on dev $VAR(../../@).$VAR(../@) " -delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../../@).$VAR(../@) "; "Error deleting address $VAR(@) on dev $VAR(../../@).$VAR(../@) " +create:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../../@).$VAR(../@) \ +--intf-cli-path \"interfaces bonding $VAR(../../@) vif $VAR(../@)\""; "Error setting address $VAR(@) on dev $VAR(../../@).$VAR(../@) " +delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../../@).$VAR(../@) \ +--intf-cli-path \"interfaces bonding $VAR(../../@) vif $VAR(../@)\""; "Error deleting address $VAR(@) on dev $VAR(../../@).$VAR(../@) " allowed: echo "dhcp <>" comp_help:Possible completions: <x.x.x.x/x> Set the IP address and prefix length diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def index 66efddcc..78b24870 100644 --- a/templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def @@ -1,3 +1,11 @@ help: Set interface disabled -update:sudo ip link set $VAR(../../@).$VAR(../@) down -delete:sudo ip link set $VAR(../../@).$VAR(../@) up +update: /etc/netplug/linkdown.d/dhclient $VAR(../../@).$VAR(../@) + if ! sudo ip link set $VAR(../../@).$VAR(../@) down 2>/dev/null; then + echo "Error disabling dev $VAR(../../@).$VAR(../@)" + /etc/netplug/linkup.d/dhclient $VAR(../../@).$VAR(../@) + exit 1 + fi +delete: if ! sudo ip link set $VAR(../../@).$VAR(../@) up; then + echo "Error enabling dev $VAR(../../@).$VAR(../@)" + exit 1 + fi diff --git a/templates/interfaces/bridge/node.tag/address/node.def b/templates/interfaces/bridge/node.tag/address/node.def index 3f04ec06..6e07ea7f 100644 --- a/templates/interfaces/bridge/node.tag/address/node.def +++ b/templates/interfaces/bridge/node.tag/address/node.def @@ -2,8 +2,10 @@ multi: type: txt help: Set an IP address for this interface syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr $VAR(@) --dev $VAR(../@)"; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../@)" -update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@)"; "Error setting address $VAR(@) on interface $VAR(../@)" -delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)"; "Error deleting address $VAR(@) on interface $VAR(../@)" +update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@) \ +--intf-cli-path \"interfaces bridge $VAR(../@)\""; "Error setting address $VAR(@) on interface $VAR(../@)" +delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@) \ +--intf-cli-path \"interfaces bridge $VAR(../@)\""; "Error deleting address $VAR(@) on interface $VAR(../@)" allowed: echo "dhcp <>" comp_help:Possible completions: <x.x.x.x/x> Set the IP address and prefix length diff --git a/templates/interfaces/bridge/node.tag/disable/node.def b/templates/interfaces/bridge/node.tag/disable/node.def index 3aa26012..f4495164 100644 --- a/templates/interfaces/bridge/node.tag/disable/node.def +++ b/templates/interfaces/bridge/node.tag/disable/node.def @@ -1,11 +1,19 @@ type: bool help: Disable the bridge interface default: false -update:expression: "if [ x$VAR(@) == xtrue ]; then \ - sudo ip link set $VAR(../@) down; \ - else \ - sudo ip link set $VAR(../@) up; \ - fi; " +update: if [ x$VAR(@) == xtrue ]; then + /etc/netplug/linkdown.d/dhclient $VAR(../@) + if ! sudo ip link set $VAR(../@) down 2>/dev/null; then + echo "Error disabling dev $VAR(../@)" + /etc/netplug/linkup.d/dhclient $VAR(../@) + exit 1 + fi + else + if ! sudo ip link set $VAR(../@) up; then + echo "Error enabling dev $VAR(../@)" + exit 1 + fi + fi comp_help: possible completions: true Disable the bridge interface false Enable the bridge interface (default) diff --git a/templates/service/ssh/node.def b/templates/service/ssh/node.def index fbb29687..dbe32a6f 100644 --- a/templates/service/ssh/node.def +++ b/templates/service/ssh/node.def @@ -1,17 +1,16 @@ help: Enable/disable Secure SHell (SSH) protocol -delete:expression: "sudo /usr/sbin/invoke-rc.d ssh stop && \ - sudo sh -c \"echo 'SSHD_OPTS=' > /etc/default/ssh\" " -end:expression: "if [ -z \"$VAR(port/@)\" ]; then exit 0; fi; \ - sudo sh -c \ - \"[ -f /etc/ssh/ssh_host_key ] \ - || sudo ssh-keygen -t rsa1 -N '' -f /etc/ssh/ssh_host_key\"; \ - case \"$VAR(protocol-version/@)\" in \ - v2) VER=2;; \ - v1) VER=1;; \ - all) VER=\"1,2\";; \ - *) VER=2;; \ - esac; \ - STR=\"SSHD_OPTS=\\\"-p $VAR(port/@) -o HostKey=/etc/ssh/ssh_host_key \ --o Protocol=${VER}\\\"\"; \ - sudo sh -c \"echo '$STR' > /etc/default/ssh\"; \ - sudo /usr/sbin/invoke-rc.d ssh restart" +delete:sudo /usr/sbin/invoke-rc.d ssh stop + sudo sh -c "echo 'SSHD_OPTS=' > /etc/default/ssh" +end: if [ -z "$VAR(port/@)" ]; then exit 0; fi; + if [ ! -f /etc/ssh/ssh_host_key ]; then + sudo ssh-keygen -q -t rsa1 -N '' -f /etc/ssh/ssh_host_key + fi + case $VAR(protocol-version/@) in + v2) VER=2;; + v1) VER=1;; + all) VER="1,2";; + *) VER=2;; + esac; + STR="SSHD_OPTS=\"-p $VAR(port/@) -o Hostkey=/etc/ssh/ssh_host_key -o Protocol=${VER}\"" + sudo sh -c "echo '$STR' > /etc/default/ssh" + sudo /usr/sbin/invoke-rc.d ssh restart diff --git a/templates/service/ssh/protocol-version/node.def b/templates/service/ssh/protocol-version/node.def index 051ea062..d025015b 100644 --- a/templates/service/ssh/protocol-version/node.def +++ b/templates/service/ssh/protocol-version/node.def @@ -1,3 +1,4 @@ type: txt +allowed: echo "v1 v2 all" default: "v2" help: Set SSH version (default: v2) diff --git a/templates/system/login/tacacs-plus/acct-all/node.def b/templates/system/login/tacacs-plus/acct-all/node.def new file mode 100644 index 00000000..22522f17 --- /dev/null +++ b/templates/system/login/tacacs-plus/acct-all/node.def @@ -0,0 +1 @@ +help: Send TACACS+ accounting requests to all servers diff --git a/templates/system/login/tacacs-plus/debug/node.def b/templates/system/login/tacacs-plus/debug/node.def new file mode 100644 index 00000000..10aa10b1 --- /dev/null +++ b/templates/system/login/tacacs-plus/debug/node.def @@ -0,0 +1 @@ +help: Enable TACACS+ debugging diff --git a/templates/system/login/tacacs-plus/first-hit/node.def b/templates/system/login/tacacs-plus/first-hit/node.def new file mode 100644 index 00000000..18f2fdf6 --- /dev/null +++ b/templates/system/login/tacacs-plus/first-hit/node.def @@ -0,0 +1 @@ +help: Set TACACS+ to try multiple servers if a negative auth is returned diff --git a/templates/system/login/tacacs-plus/no-encrypt/node.def b/templates/system/login/tacacs-plus/no-encrypt/node.def new file mode 100644 index 00000000..7aa90dfb --- /dev/null +++ b/templates/system/login/tacacs-plus/no-encrypt/node.def @@ -0,0 +1 @@ +help: Set TACACS+ to not encrypt communications diff --git a/templates/system/login/tacacs-plus/node.def b/templates/system/login/tacacs-plus/node.def new file mode 100644 index 00000000..d8eab559 --- /dev/null +++ b/templates/system/login/tacacs-plus/node.def @@ -0,0 +1,3 @@ +help: Set TACACS+ server authentication +commit:expression: $VAR(server) != "" && $VAR(secret) != "" + ; "One server and a secret must be specified for TACACS+" diff --git a/templates/system/login/tacacs-plus/protocol/node.def b/templates/system/login/tacacs-plus/protocol/node.def new file mode 100644 index 00000000..6a5c739d --- /dev/null +++ b/templates/system/login/tacacs-plus/protocol/node.def @@ -0,0 +1,2 @@ +type: txt +help: Set TACACS+ protocol for authentication and accounting diff --git a/templates/system/login/tacacs-plus/secret/node.def b/templates/system/login/tacacs-plus/secret/node.def new file mode 100644 index 00000000..0f673ae2 --- /dev/null +++ b/templates/system/login/tacacs-plus/secret/node.def @@ -0,0 +1,2 @@ +type: txt +help: Set TACACS+ secret diff --git a/templates/system/login/tacacs-plus/server/node.def b/templates/system/login/tacacs-plus/server/node.def new file mode 100644 index 00000000..dc1b1e94 --- /dev/null +++ b/templates/system/login/tacacs-plus/server/node.def @@ -0,0 +1,3 @@ +multi: +type: ipv4 +help: Set TACACS+ server IP addresses diff --git a/templates/system/login/tacacs-plus/service/node.def b/templates/system/login/tacacs-plus/service/node.def new file mode 100644 index 00000000..10d1729b --- /dev/null +++ b/templates/system/login/tacacs-plus/service/node.def @@ -0,0 +1,2 @@ +type: txt +help: Set TACACS+ service for authentication and accounting diff --git a/templates/system/ntp-server/node.def b/templates/system/ntp-server/node.def index 485cf774..a063431f 100644 --- a/templates/system/ntp-server/node.def +++ b/templates/system/ntp-server/node.def @@ -2,9 +2,12 @@ multi: type: txt help: Set name or IP address of Network Time Protocol (NTP) server update:sudo sh -c \ - "touch /etc/ntp.conf - if ! grep -q 'server.*$VAR(@)' /etc/ntp.conf; then + "if ! grep -q 'server.*$VAR(@)' /etc/ntp.conf; then echo \"server $VAR(@) iburst dynamic\" >> /etc/ntp.conf + fi + if [ $(pgrep -c ntpd) -eq 0 ]; then + /usr/sbin/invoke-rc.d ntp start + else /usr/sbin/invoke-rc.d ntp restart fi" delete:sudo sh -c \ |