From 1ee415d4070b0c9b70de86805e27f5c12abadce5 Mon Sep 17 00:00:00 2001 From: UnicronNL Date: Fri, 24 Jul 2015 14:51:54 +0200 Subject: Remove fuse group, not needed in debian jessie --- scripts/vyatta-bridge.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/vyatta-bridge.pl b/scripts/vyatta-bridge.pl index 36d59212..7602c2ce 100755 --- a/scripts/vyatta-bridge.pl +++ b/scripts/vyatta-bridge.pl @@ -35,7 +35,7 @@ use lib "/opt/vyatta/share/perl5/"; use Vyatta::Interface; use Vyatta::Config; -my $BRCTL = 'sudo /usr/sbin/brctl'; +my $BRCTL = 'sudo /sbin/brctl'; die "Usage: $0 ACTION ethX\n" unless ($#ARGV == 1); -- cgit v1.2.3 From 13cf05ad949e8e622613b59084a39a776110fa99 Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Tue, 26 Jan 2016 09:09:06 -0500 Subject: Update 'is_live_cd_boot' and 'is_union_instal' functions to search on 'overlay' instead of 'overlayfs' --- scripts/install/install-functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'scripts') diff --git a/scripts/install/install-functions b/scripts/install/install-functions index 1551fbb0..8f30f8db 100755 --- a/scripts/install/install-functions +++ b/scripts/install/install-functions @@ -274,7 +274,7 @@ is_live_cd_boot () # Poor check, but whatever. The point is that on installed system # the image file normally is named after the current version, # while on livecd it's just "filesystem.squashfs" - if grep -q -e '^overlayfs.*/filesystem.squashfs' /proc/mounts; then + if grep -q -e '^overlay.*/filesystem.squashfs' /proc/mounts; then return 0 else return 1 @@ -287,8 +287,8 @@ is_union_install () if is_live_cd_boot; then return 1 fi - if grep -q ' /live/image [^ ]\+ rw' /proc/mounts \ - && egrep -q '(union|overlay)fs / (union|overlay)fs ' /proc/mounts; then + if grep -q 'upperdir=/live/overlay//rw' /proc/mounts \ + && egrep -q 'overlay / overlay ' /proc/mounts; then return 0 else return 1 -- cgit v1.2.3 From 79bffc87c0b0a4b6b35a190fa64adc34e5ff8005 Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Fri, 29 Jan 2016 05:56:40 -0500 Subject: Update the way the install scrips get the vyos version. --- scripts/install/install-functions | 4 ++-- scripts/install/install-image | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'scripts') diff --git a/scripts/install/install-functions b/scripts/install/install-functions index 8f30f8db..0a1f5d13 100755 --- a/scripts/install/install-functions +++ b/scripts/install/install-functions @@ -298,7 +298,7 @@ is_union_install () # outputs the version string of the current running version. get_cur_version () { - ver=`dpkg-query --showformat='${Version}' --show vyatta-version` + ver=`cat /opt/vyatta/etc/version` if [ -z "$ver" ]; then echo "UNKNOWN" else @@ -323,7 +323,7 @@ get_new_version () ver_file=${ver_path} if is_live_cd_boot && [ -f "$ver_file" ]; then # we are installing from a live CD boot - ver=`dpkg-query --showformat='${Version}' --show vyatta-version` + ver=`cat /opt/vyatta/etc/version` echo $ver return fi diff --git a/scripts/install/install-image b/scripts/install/install-image index c7323fbf..d093d80d 100755 --- a/scripts/install/install-image +++ b/scripts/install/install-image @@ -63,7 +63,7 @@ fetch_iso_by_url () fi # This is for statistics collection - vyos_version=`dpkg-query --showformat='${Version}' --show vyatta-version` + vyos_version=`cat /opt/vyatta/etc/version` filename="${TEMP_DIR}/${NEW_ISO##*/}" curl -L -H "User-Agent: VyOS/$vyos_version" $auth -f -o $filename $NEW_ISO -- cgit v1.2.3 From 42acee1d418bea6de4fd5f983852bec52e66c05e Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Fri, 29 Jan 2016 06:44:50 -0500 Subject: Update location of the squashfs image. --- scripts/install/install-image-new | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/install/install-image-new b/scripts/install/install-image-new index 7965b939..91cb27fa 100755 --- a/scripts/install/install-image-new +++ b/scripts/install/install-image-new @@ -73,7 +73,7 @@ boot_dir=${CD_SQUASH_ROOT}/boot boot_files=$(find $boot_dir -maxdepth 1 -type f -o -type l 2>/dev/null) if [ ! -f "$squash_img" ] || [ -z "$boot_files" ]; then # maybe installing from a live CD boot? - squash_img=/live/image/live/filesystem.squashfs + squash_img=/lib/live/mount/medium/live/filesystem.squashfs boot_dir=/boot boot_files=$(find $boot_dir -maxdepth 1 -type f -o -type l 2>/dev/null) if [ ! -f "$squash_img" ] || [ -z "$boot_files" ]; then -- cgit v1.2.3 From ecb3ae1ed2a66c0ddc5be25f6cba9fe6c0a0345a Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Fri, 29 Jan 2016 07:05:33 -0500 Subject: Refine getting the vyos version. --- scripts/install/install-functions | 4 ++-- scripts/install/install-image | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'scripts') diff --git a/scripts/install/install-functions b/scripts/install/install-functions index 0a1f5d13..720ac28a 100755 --- a/scripts/install/install-functions +++ b/scripts/install/install-functions @@ -298,7 +298,7 @@ is_union_install () # outputs the version string of the current running version. get_cur_version () { - ver=`cat /opt/vyatta/etc/version` + ver=`cat /opt/vyatta/etc/version | awk '{print $2}'` if [ -z "$ver" ]; then echo "UNKNOWN" else @@ -323,7 +323,7 @@ get_new_version () ver_file=${ver_path} if is_live_cd_boot && [ -f "$ver_file" ]; then # we are installing from a live CD boot - ver=`cat /opt/vyatta/etc/version` + ver=`cat /opt/vyatta/etc/version | awk '{print $2}'` echo $ver return fi diff --git a/scripts/install/install-image b/scripts/install/install-image index d093d80d..fd10d0c3 100755 --- a/scripts/install/install-image +++ b/scripts/install/install-image @@ -63,7 +63,7 @@ fetch_iso_by_url () fi # This is for statistics collection - vyos_version=`cat /opt/vyatta/etc/version` + vyos_version=`cat /opt/vyatta/etc/version | awk '{print $2}'` filename="${TEMP_DIR}/${NEW_ISO##*/}" curl -L -H "User-Agent: VyOS/$vyos_version" $auth -f -o $filename $NEW_ISO -- cgit v1.2.3 From 47e2c43533abe96eca65f3906528c8654d5839b4 Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Fri, 29 Jan 2016 07:41:43 -0500 Subject: Correct overlay mount function. --- scripts/install/install-functions | 7 ++++--- scripts/install/install-image-new | 4 +++- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'scripts') diff --git a/scripts/install/install-functions b/scripts/install/install-functions index 720ac28a..d6e38523 100755 --- a/scripts/install/install-functions +++ b/scripts/install/install-functions @@ -337,11 +337,12 @@ gen_mopts () local mnttype=$1 local upper=$2 local lower=$3 - local mntpoint=$4 + local work=$4 + local mntpoint=$5 case "$1" in - overlayfs) - echo "-t $mnttype -o noatime,upperdir=$upper,lowerdir=$lower $mnttype $mntpoint" + overlay) + echo "-t $mnttype -o noatime,upperdir=$upper,lowerdir=$lower,workdir=$work $mnttype $mntpoint" ;; *) echo "-t $mnttype -o noatime,dirs=$upper=rw:$lower=ro $mnttype $mntpoint" diff --git a/scripts/install/install-image-new b/scripts/install/install-image-new index 91cb27fa..81ac45e9 100755 --- a/scripts/install/install-image-new +++ b/scripts/install/install-image-new @@ -64,6 +64,8 @@ mkdir -p $WRITE_ROOT/boot/$image_name # make dir for backing store rw_dir=$WRITE_ROOT/boot/$image_name/live-rw mkdir -p $rw_dir +work_dir=$WRITE_ROOT/boot/$image_name/live-work +mkdir -p $work_dir echo Copying squashfs image... # these are the defaults if installing from a specified ISO image file. @@ -94,7 +96,7 @@ if ! try_mount "-o loop,ro -t squashfs $target_squash $READ_ROOT"; then echo 'Exiting...' exit 1 fi -margs=$(gen_mopts "overlayfs" $rw_dir $READ_ROOT $INST_ROOT) +margs=$(gen_mopts "overlay" $rw_dir $READ_ROOT $work_dir $INST_ROOT) if ! try_mount "$margs"; then echo 'Exiting...' exit 1 -- cgit v1.2.3 From f31619dc433d8e955cfe9c7abb6bcddb337e43cd Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Mon, 1 Feb 2016 06:46:10 -0500 Subject: Label disk on format and create persistence.conf file to get live-boot to set the correct persistence. --- scripts/install/install-get-partition | 2 +- scripts/install/install-image-new | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/install/install-get-partition b/scripts/install/install-get-partition index eee0dc73..b238f787 100755 --- a/scripts/install/install-get-partition +++ b/scripts/install/install-get-partition @@ -652,7 +652,7 @@ make_filesystem () { lecho "Creating filesystem on /dev/$ldrive..." progress_indicator start - output=$(mkfs -t $ROOT_FSTYPE /dev/$ldrive 2>&1) + output=$(mkfs -L persistence -t $ROOT_FSTYPE /dev/$ldrive 2>&1) status=$? if [ "$status" != 0 ]; then echo -e "Error: couldn't create the root filesystem.\nSee $INSTALL_LOG for further details.\nExiting..." diff --git a/scripts/install/install-image-new b/scripts/install/install-image-new index 81ac45e9..32c5f3e4 100755 --- a/scripts/install/install-image-new +++ b/scripts/install/install-image-new @@ -90,6 +90,9 @@ cp -p $squash_img $target_squash echo Copying kernel and initrd images... cp -dp $boot_files $WRITE_ROOT/boot/$image_name/ +# create persistence.conf file +echo "/ union" > $WRITE_ROOT/persistence.conf + # set up union root for postinst mkdir -p $INST_ROOT $READ_ROOT if ! try_mount "-o loop,ro -t squashfs $target_squash $READ_ROOT"; then -- cgit v1.2.3 From 9cd1c2f0b577836043b25dfab4d27f03cf587b83 Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Mon, 1 Feb 2016 11:56:44 -0500 Subject: Rename "live-rw" to only "rw". --- scripts/install/install-get-partition | 8 ++++---- scripts/install/install-image-existing | 2 +- scripts/install/install-image-new | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) (limited to 'scripts') diff --git a/scripts/install/install-get-partition b/scripts/install/install-get-partition index b238f787..b17aa563 100755 --- a/scripts/install/install-get-partition +++ b/scripts/install/install-get-partition @@ -480,7 +480,7 @@ save_image_config() { rm -fr /mnt/config mkdir /mnt/config - output=$(cp -pR /mnt/tmp/boot/$image_name/live-rw/config/* /mnt/config) + output=$(cp -pR /mnt/tmp/boot/$image_name/rw/config/* /mnt/config) if [ -n "$output" ]; then echo -e "Warning: error in copying the old config partition.\nSee $INSTALL_LOG for more details." @@ -492,7 +492,7 @@ save_image_config() { save_image_keys() { image_name=$1 - if [ ! -d /mnt/tmp/boot/$image_name/live-rw/etc/ssh ]; then + if [ ! -d /mnt/tmp/boot/$image_name/rw/etc/ssh ]; then echo "No SSH keys found on $image_name, so none can be saved." return; fi @@ -506,7 +506,7 @@ save_image_keys() { fi mkdir -p /mnt/ssh - output=$(cp -p /mnt/tmp/boot/$image_name/live-rw/etc/ssh/ssh_host_* /mnt/ssh) + output=$(cp -p /mnt/tmp/boot/$image_name/rw/etc/ssh/ssh_host_* /mnt/ssh) if [ -n "$output" ]; then echo -e "Warning: error in copying the old ssh keys." @@ -552,7 +552,7 @@ save_old_info() { image_dirs=/mnt/tmp/boot/* for dir in $image_dirs; do - if [ -f $dir/live-rw/config/.vyatta_config ]; then + if [ -f $dir/rw/config/.vyatta_config ]; then item=${dir##/mnt/tmp/boot/} images=($item ${images[@]}) diff --git a/scripts/install/install-image-existing b/scripts/install/install-image-existing index 7d58cd96..454ae749 100755 --- a/scripts/install/install-image-existing +++ b/scripts/install/install-image-existing @@ -155,7 +155,7 @@ echo "Installing \"$NEWNAME\" image." # create the new release directories REL_ROOT=$BOOT_DIR/$NEWNAME -RW_DIR="$REL_ROOT/live-rw" +RW_DIR="$REL_ROOT/rw" if ! mkdir -p "$RW_DIR"; then failure_exit 'Cannot create directory for new release.' fi diff --git a/scripts/install/install-image-new b/scripts/install/install-image-new index 32c5f3e4..d6427500 100755 --- a/scripts/install/install-image-new +++ b/scripts/install/install-image-new @@ -62,9 +62,9 @@ echo "OK. This image will be named: $image_name" # make the dir for the new version mkdir -p $WRITE_ROOT/boot/$image_name # make dir for backing store -rw_dir=$WRITE_ROOT/boot/$image_name/live-rw +rw_dir=$WRITE_ROOT/boot/$image_name/rw mkdir -p $rw_dir -work_dir=$WRITE_ROOT/boot/$image_name/live-work +work_dir=$WRITE_ROOT/boot/$image_name/work mkdir -p $work_dir echo Copying squashfs image... -- cgit v1.2.3 From fad98c513e39ac4ebf0e08d16e9da9dd06934364 Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Tue, 2 Feb 2016 02:59:32 -0500 Subject: Do not create fstab file for union install, this conficts with systemd. --- scripts/install/install-postinst-new | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) (limited to 'scripts') diff --git a/scripts/install/install-postinst-new b/scripts/install/install-postinst-new index 11cf788e..589a04a8 100755 --- a/scripts/install/install-postinst-new +++ b/scripts/install/install-postinst-new @@ -259,16 +259,7 @@ if [ -f "$MDADM_CONFIG_FILE" ]; then fi fi -if [ "$INSTALL_TYPE" == 'union' ]; then - # make /var/run tmpfs - pi_fstab=$INST_ROOT/etc/fstab - if ! grep -q 'tmpfs /var/run ' $pi_fstab >&/dev/null; then - # replace the fstab. the default one has header that will cause - # it to be wiped out on live boot. - echo 'tmpfs /var/run tmpfs nosuid,nodev 0 0' >$pi_fstab - fi -else - # not passing the write root to postinst (only needed for union) +if [ "$INSTALL_TYPE" != 'union' ]; then WRITE_ROOT='' fi -- cgit v1.2.3 From ac29f8f49a1ee620d07c3c6bdaec97afaeb1ad27 Mon Sep 17 00:00:00 2001 From: Thomas Jepp Date: Wed, 3 Feb 2016 16:49:35 +0000 Subject: Make add system image install the image to the right place. --- scripts/install/install-functions | 2 +- scripts/install/install-image-existing | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'scripts') diff --git a/scripts/install/install-functions b/scripts/install/install-functions index d6e38523..85235f75 100755 --- a/scripts/install/install-functions +++ b/scripts/install/install-functions @@ -287,7 +287,7 @@ is_union_install () if is_live_cd_boot; then return 1 fi - if grep -q 'upperdir=/live/overlay//rw' /proc/mounts \ + if grep -q 'upperdir=/live/persistence/' /proc/mounts \ && egrep -q 'overlay / overlay ' /proc/mounts; then return 0 else diff --git a/scripts/install/install-image-existing b/scripts/install/install-image-existing index 454ae749..1c90df83 100755 --- a/scripts/install/install-image-existing +++ b/scripts/install/install-image-existing @@ -113,7 +113,11 @@ echo "OK. This image will be named: $NEWNAME" BOOT_DIR=/live/image/boot if [ "$CUR_INSTALL" == 'old' ]; then BOOT_DIR=/boot -elif [ "$CUR_INSTALL" != 'union' ]; then +elif [ "$CUR_INSTALL" == 'union' ]; then + # I'm not proud of this... + BOOT_DEVICE=`grep -o 'upperdir=/live/persistence/[^/]*/boot' /proc/mounts | cut -d / -f 4` + BOOT_DIR="/lib/live/mount/persistence/$BOOT_DEVICE/boot" +else echo 'Invalid current install type. Exiting...' exit 1 fi @@ -160,6 +164,9 @@ if ! mkdir -p "$RW_DIR"; then failure_exit 'Cannot create directory for new release.' fi +WORK_DIR="$REL_ROOT/work" +mkdir -p "$WORK_DIR" + # copy the squashfs image and boot files echo "Copying new release files..." squash_img=${CD_ROOT}/live/filesystem.squashfs @@ -180,7 +187,7 @@ if ! try_mount "-o loop,ro $target_squash $READ_ROOT"; then fi # set up root for postinst -margs=$(gen_mopts "overlayfs" $RW_DIR $READ_ROOT $INST_ROOT) +margs=$(gen_mopts "overlay" $RW_DIR $READ_ROOT $WORK_DIR $INST_ROOT) if ! try_mount "$margs"; then rm -rf $REL_ROOT failure_exit 'Failed to set up root directory for postinst.' -- cgit v1.2.3 From f54bad96cef6ed52547151bc3a7ef64377f16c3e Mon Sep 17 00:00:00 2001 From: Thomas Jepp Date: Wed, 3 Feb 2016 20:08:16 +0000 Subject: Add vyos-persistpath and update install-image-existing and vyatta-update-grub.pl to use it. --- Makefile.am | 1 + scripts/install/install-image-existing | 6 ++---- scripts/vyatta-update-grub.pl | 2 +- scripts/vyos-persistpath | 19 +++++++++++++++++++ 4 files changed, 23 insertions(+), 5 deletions(-) create mode 100755 scripts/vyos-persistpath (limited to 'scripts') diff --git a/Makefile.am b/Makefile.am index 5445f9cd..169df296 100644 --- a/Makefile.am +++ b/Makefile.am @@ -87,6 +87,7 @@ sbin_SCRIPTS += scripts/vyatta-update-grub.pl sbin_SCRIPTS += scripts/vyos-intfwatchd sbin_SCRIPTS += scripts/ec2-check.pl sbin_SCRIPTS += scripts/is_port_available.pl +sbin_SCRIPTS += scripts/vyos-persistpath sbin_PROGRAMS = src/valid_address sbin_PROGRAMS += src/local_ip diff --git a/scripts/install/install-image-existing b/scripts/install/install-image-existing index 1c90df83..4c6b601b 100755 --- a/scripts/install/install-image-existing +++ b/scripts/install/install-image-existing @@ -110,13 +110,11 @@ fi echo "OK. This image will be named: $NEWNAME" # this is the default if current install is union -BOOT_DIR=/live/image/boot + if [ "$CUR_INSTALL" == 'old' ]; then BOOT_DIR=/boot elif [ "$CUR_INSTALL" == 'union' ]; then - # I'm not proud of this... - BOOT_DEVICE=`grep -o 'upperdir=/live/persistence/[^/]*/boot' /proc/mounts | cut -d / -f 4` - BOOT_DIR="/lib/live/mount/persistence/$BOOT_DEVICE/boot" + BOOT_DIR=`/opt/vyatta/sbin/vyos-persistpath`/boot else echo 'Invalid current install type. Exiting...' exit 1 diff --git a/scripts/vyatta-update-grub.pl b/scripts/vyatta-update-grub.pl index a9e646ed..e4110ee0 100755 --- a/scripts/vyatta-update-grub.pl +++ b/scripts/vyatta-update-grub.pl @@ -25,7 +25,7 @@ use warnings; use Getopt::Long; use File::Temp qw/ :mktemp /; -my $UNION_BOOT_DIR = '/live/image/boot'; +my $UNION_BOOT_DIR = `/opt/vyatta/sbin/vyos-persistpath` . '/boot'; my $UNION_GRUB_CFG_DIR = "$UNION_BOOT_DIR/grub"; my $DISK_BOOT_DIR = '/boot'; my $DISK_GRUB_CFG_DIR= '/boot/grub'; diff --git a/scripts/vyos-persistpath b/scripts/vyos-persistpath new file mode 100755 index 00000000..d7199b09 --- /dev/null +++ b/scripts/vyos-persistpath @@ -0,0 +1,19 @@ +#!/bin/bash + +if grep -q -e '^overlay.*/filesystem.squashfs' /proc/mounts; then + # Live CD boot + exit 2 + +elif grep -q 'upperdir=/live/persistence/' /proc/mounts && egrep -q 'overlay / overlay ' /proc/mounts; then + # union boot + + boot_device=`grep -o 'upperdir=/live/persistence/[^/]*/boot' /proc/mounts | cut -d / -f 4` + persist_path="/lib/live/mount/persistence/$boot_device" + + echo $persist_path + exit 0 +else + # old style boot + + exit 1 +fi \ No newline at end of file -- cgit v1.2.3 From 0d7e6ac3ff336bee96c2a235ae442cb1c8099735 Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Fri, 5 Feb 2016 11:36:41 -0500 Subject: Renamed vyatta-union to vyos-union. --- scripts/install/install-postinst-new | 2 +- scripts/vyatta-grub-setup | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/install/install-postinst-new b/scripts/install/install-postinst-new index 589a04a8..2a3bcde9 100755 --- a/scripts/install/install-postinst-new +++ b/scripts/install/install-postinst-new @@ -175,7 +175,7 @@ setup_xen_extras () { echo "" >> $grubfile echo "title vyatta-virt" >> $grubfile echo "root (hd0,0)" >> $grubfile - echo "kernel $xen_grub_boot_path/vmlinuz root=/dev/$rootdev boot=live vyatta-union=$xen_grub_boot_path console=hvc0" >> $grubfile + echo "kernel $xen_grub_boot_path/vmlinuz root=/dev/$rootdev boot=live vyos-union=$xen_grub_boot_path console=hvc0" >> $grubfile echo "initrd $xen_grub_boot_path/initrd.img" >> $grubfile # Add symlink pointing to default image diff --git a/scripts/vyatta-grub-setup b/scripts/vyatta-grub-setup index 11e73846..63e3d987 100755 --- a/scripts/vyatta-grub-setup +++ b/scripts/vyatta-grub-setup @@ -103,7 +103,7 @@ else fi if eval "$UNION"; then - GRUB_OPTIONS="boot=live quiet vyatta-union=/boot/$livedir" + GRUB_OPTIONS="boot=live quiet vyos-union=/boot/$livedir" union_xen_kernel_version=$(ls $ROOTFSDIR/boot/$livedir/vmlinuz*-xen* \ 2>/dev/null \ | awk -F/ '{ print $6 }' \ -- cgit v1.2.3 From 184ca4e9e11023f5c99fa8bb6b6063ce29f9fea3 Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Fri, 5 Feb 2016 12:19:18 -0500 Subject: Do not create persistent fstab, this will interfere with systemd. --- scripts/install/install-image-existing | 8 -------- 1 file changed, 8 deletions(-) (limited to 'scripts') diff --git a/scripts/install/install-image-existing b/scripts/install/install-image-existing index 4c6b601b..62e73882 100755 --- a/scripts/install/install-image-existing +++ b/scripts/install/install-image-existing @@ -191,14 +191,6 @@ if ! try_mount "$margs"; then failure_exit 'Failed to set up root directory for postinst.' fi -# set up /var/run fstab entry -PI_FSTAB=$INST_ROOT/etc/fstab -if ! grep -q 'tmpfs /var/run ' $PI_FSTAB >&/dev/null; then - # replace the fstab. the default one has header that will cause - # it to be wiped out on live boot. - echo 'tmpfs /var/run tmpfs nosuid,nodev 0 0' >$PI_FSTAB -fi - # # Check to make sure we have enough space to copy the config and data dirs... # -- cgit v1.2.3 From 9d0c8946c537a1d857df67be2ffc26255c24bdbb Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Tue, 9 Feb 2016 02:08:23 -0500 Subject: Use directory /var/lib/dhcp instead of /var/lib/dhcp3. Use directory /etc/dhcp instead of /etc/dhcp3. --- ChangeLog | 6055 +++++++++++++++++++- scripts/vyatta-address | 4 +- scripts/vyatta-dhcp-helper.pl | 2 +- scripts/vyatta-dhcpv6-client.pl | 6 +- scripts/vyatta-interfaces.pl | 8 +- scripts/vyatta-update-tunnel.pl | 2 +- .../bonding/node.tag/dhcpv6-options/node.def | 2 +- .../vif-s/node.tag/dhcpv6-options/node.def | 2 +- .../vif-c/node.tag/dhcpv6-options/node.def | 2 +- .../node.tag/vif/node.tag/dhcpv6-options/node.def | 2 +- .../bridge/node.tag/dhcpv6-options/node.def | 2 +- .../ethernet/node.tag/dhcpv6-options/node.def | 2 +- .../vif-s/node.tag/dhcpv6-options/node.def | 2 +- .../vif-c/node.tag/dhcpv6-options/node.def | 2 +- .../node.tag/vif/node.tag/dhcpv6-options/node.def | 2 +- .../node.tag/dhcpv6-options/node.def | 2 +- .../vif-s/node.tag/dhcpv6-options/node.def | 2 +- .../vif-c/node.tag/dhcpv6-options/node.def | 2 +- .../node.tag/vif/node.tag/dhcpv6-options/node.def | 2 +- .../tunnel/node.tag/dhcp-interface/node.def | 2 +- templates/service/dns/forwarding/dhcp/node.def | 2 +- 21 files changed, 6080 insertions(+), 27 deletions(-) mode change 120000 => 100644 ChangeLog (limited to 'scripts') diff --git a/ChangeLog b/ChangeLog deleted file mode 120000 index d526672c..00000000 --- a/ChangeLog +++ /dev/null @@ -1 +0,0 @@ -debian/changelog \ No newline at end of file diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 00000000..2d7dc77f --- /dev/null +++ b/ChangeLog @@ -0,0 +1,6054 @@ +vyatta-cfg-system (0.20.44+vyos2+current3) unstable; urgency=medium + + [ Kim Hagen ] + * Update 'is_live_cd_boot' and 'is_union_instal' functions to search on 'overlay' instead of 'overlayfs' + + [ Seamus Caveney ] + * vyatta-cfg-system: add support for 6rd tunnel interfaces + + [ Daniil Baturin ] + * Sanitize dependencies, use ISC DHCP client. + + -- Daniil Baturin Wed, 27 Jan 2016 08:24:32 -0500 + +vyatta-cfg-system (0.20.44+vyos2+current2) unstable; urgency=medium + + * Update dependencies + + -- Kim Hagen Mon, 25 Jan 2016 03:47:13 -0500 + +vyatta-cfg-system (0.20.44+vyos2+current1) unstable; urgency=medium + + [ UnicronNL ] + * Remove fuse group, not needed in debian jessie + + [ Thomas Jepp ] + * Dependency fixes for Jessie. Remove the dependency on vyatta-busybox, use the system busybox. + * Add missing runtime dependencies. + + [ Kim Hagen ] + + -- Kim Hagen Sun, 24 Jan 2016 15:04:10 -0500 + +vyatta-cfg-system (0.20.44+vyos2+lithium41) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: formatting changes for style consistency + * vyatta-cfg-system: add restart option to vyatta-dns-forwarding.pl + + -- Alex Harpin Thu, 19 Nov 2015 22:25:54 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium40) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: enable usb autosuspend to reduce cpu usage on kvm + + -- Alex Harpin Sun, 15 Nov 2015 10:20:47 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium39) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: add missing changelog entries + + -- Alex Harpin Fri, 13 Nov 2015 20:59:16 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium38) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: formatting changes for style consistency + * vyatta-cfg-system: rename ethernet offload option nodes + * vyatta-cfg-system: update get_offload_option function due to rename + * vyatta-cfg-system: add option to modify interface scatter-gather option + + -- Alex Harpin Sun, 08 Nov 2015 13:59:11 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium37) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: rename smp_affinity to smp-affinity + * vyatta-cfg-system: bump system version to 7 for smp-affinity rename + + -- Alex Harpin Thu, 05 Nov 2015 20:33:18 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium36) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: formatting changes for style consistency + * vyatta-cfg-system: ensure bridge slaves are deletable from bridges + * vyatta-cfg-system: allow bridge slaves to be moved from empty bridges + + -- Alex Harpin Mon, 19 Oct 2015 07:52:48 +0100 + +vyatta-cfg-system (0.20.44+vyos2+lithium35) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: remove ip address requirements from port checking + + -- Alex Harpin Sat, 17 Oct 2015 19:25:16 +0100 + +vyatta-cfg-system (0.20.44+vyos2+lithium34) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: add scripts/is_port_available.pl for port checking + * vyatta-cfg-system: add listen-address and port checks for telnet + + -- Alex Harpin Sat, 17 Oct 2015 18:23:34 +0100 + +vyatta-cfg-system (0.20.44+vyos2+lithium33) unstable; urgency=low + + [ Carl Byington ] + * allow dhcp interface for the local end of a tunnel + * dhcp bound/reboot must ignore old values + + [ Daniil Baturin ] + * Add templates and scripts for the popularity contest. + + -- Daniil Baturin Mon, 27 Jul 2015 04:10:37 +0200 + +vyatta-cfg-system (0.20.44+vyos2+lithium32) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: use sha-512 instead of md5 for installation password + + -- Alex Harpin Thu, 02 Jul 2015 00:14:27 +0100 + +vyatta-cfg-system (0.20.44+vyos2+lithium31) unstable; urgency=low + + [ Alex Harpin ] + * Revert "vyatta-cfg-system: prevent deletion of all user authentication" + + -- Alex Harpin Mon, 22 Jun 2015 21:20:41 +0100 + +vyatta-cfg-system (0.20.44+vyos2+lithium30) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: prevent deletion of system based post-hook symlinks + * vyatta-cfg-system: update dh_gencontrol with new development build flag + + [ Carl Byington ] + * allow dhcp interface for the local end of a tunnel + * dhcp bound/reboot must ignore old values + + -- Alex Harpin Tue, 16 Jun 2015 07:48:49 +0100 + +vyatta-cfg-system (0.20.44+vyos2+lithium29) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: 'delete system login user' doesn't remove the user + * vyatta-cfg-system: missing encrypted-password breaks user config node + * vyatta-cfg-system: prevent deletion of all authentication for user + + -- Alex Harpin Sat, 13 Jun 2015 15:31:56 +0100 + +vyatta-cfg-system (0.20.44+vyos2+lithium28) unstable; urgency=low + + * Bug #410: add an option for ARP cache timeout. + + -- Daniil Baturin Mon, 04 May 2015 00:20:52 +0200 + +vyatta-cfg-system (0.20.44+vyos2+lithium27) unstable; urgency=low + + * Bug #541: load l2tp_ip6 module so L2TPv3 over IPv6 can work. + + -- Daniil Baturin Sun, 03 May 2015 19:59:52 +0200 + +vyatta-cfg-system (0.20.44+vyos2+lithium26) unstable; urgency=low + + * Add parted to dependencies, the install scripts need it. + + -- Daniil Baturin Sat, 25 Apr 2015 15:39:47 +0200 + +vyatta-cfg-system (0.20.44+vyos2+lithium25) unstable; urgency=low + + * Further debian/control cleanup. + + -- Daniil Baturin Thu, 09 Apr 2015 03:19:33 +0200 + +vyatta-cfg-system (0.20.44+vyos2+lithium24) unstable; urgency=low + + * Force release + + -- Daniil Baturin Thu, 09 Apr 2015 00:20:26 +0200 + +vyatta-cfg-system (0.20.44+vyos2+lithium23) unstable; urgency=low + + * Remove hypervisor_vendor, obsoleted by hvinfo. + + -- Daniil Baturin Thu, 09 Apr 2015 00:19:54 +0200 + +vyatta-cfg-system (0.20.44+vyos2+lithium22) unstable; urgency=low + + [ kouak ] + * Set correct dhclient configuration filename (#508) + * Add dhcpv6 client-id option (#519) + + [ Daniil Baturin ] + * Fix package description and copyright information. + + -- Daniil Baturin Thu, 26 Mar 2015 01:23:40 +0100 + +vyatta-cfg-system (0.20.44+vyos2+lithium21) unstable; urgency=low + + [ Benjamin Beret ] + * Set default STP priority to 32768 (#512) + + [ Alex Harpin ] + * vyatta-cfg-system: set default stp priority to 32768 (additional) + + -- Alex Harpin Mon, 09 Mar 2015 09:18:45 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium20) unstable; urgency=low + + [ Benjamin Beret ] + * Fix broken commit + * Accept custom dyndns services (Bug #507) + + [ Alex Harpin ] + * vyatta-cfg-system: remove unnecessary service symlink + * vyatta-cfg-system: update protocol, remove server and node wording + * vyatta-cfg-system: formatting changes for style consistency + * vyatta-cfg-system: add additional services and check for protocols + * vyatta-cfg-system: update node text so that it fits on a console line + + -- Alex Harpin Sat, 07 Mar 2015 21:13:20 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium19) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: ensure grub is installed to the raid slave members + + -- Alex Harpin Sat, 28 Feb 2015 16:44:40 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium18) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: adjust mtu node priority to set mtu after parent + * vyatta-cfg-system: correct typo in node.def + * vyatta-cfg-system: redesign the layout and updating of ntp + * vyatta-cfg-system: rename variable in ntp_format subroutine + * vyatta-cfg-system: update new ntp updating routine to work with dhcp + * vyatta-cfg-system: skip over invalid ntp servers rather than exiting + * vyatta-cfg-system: add vyatta-dhcp3-client to dependencies list + + -- Alex Harpin Sat, 28 Feb 2015 12:43:32 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium17) unstable; urgency=low + + [ kouak ] + * Fix a bug in rfc2136 import + * Add ingress-qos-mapping/egress-qos-mapping to VLAN configuration + (#385) + + [ Daniil Baturin ] + * Bug #498: dirty hack to disallow remote command execution for + operator level users. + + -- Daniil Baturin Wed, 25 Feb 2015 17:17:53 +0100 + +vyatta-cfg-system (0.20.44+vyos2+lithium16) unstable; urgency=low + + [ Benjamin Beret ] + * Bug #389: Add RFC2136 configuration options for ddclient 3.8.2 + + [ Alex Harpin ] + * vyatta-cfg-system: add dnsutils to depends following rfc2136 options + + -- Alex Harpin Sun, 22 Feb 2015 15:04:28 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium15) unstable; urgency=low + + * Bug #490: use command line options for parameters-only and temporary + * Bug #490: remove priority inversion in dhcpv6-options. + * Bug #491: don't allow temporary and parameters-only + * Bug #492: fail commit in case of DHCPv6 configuration errors. + + -- Daniil Baturin Fri, 20 Feb 2015 15:54:29 +0100 + +vyatta-cfg-system (0.20.44+vyos2+lithium14) unstable; urgency=low + + * Bug #356: use VyOS SNMP OID instead of the old Vyatta one. + + -- Daniil Baturin Sun, 15 Feb 2015 05:21:20 +0100 + +vyatta-cfg-system (0.20.44+vyos2+lithium13) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: multiple servers for dns forwarding domain override + * vyatta-cfg-system: redesign the layout and updating of /etc/resolv.conf + * vyatta-cfg-system: remove blank domain search and expand comment type + + -- Alex Harpin Sat, 14 Feb 2015 14:37:03 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium12) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: invalid resolv.conf format causing extra DNS request + + -- Alex Harpin Mon, 09 Feb 2015 22:34:02 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium11) unstable; urgency=low + + [ Hiroyuki Sato ] + * Bug#382: fix radvd status check + + [ Kim Hagen ] + * Bug #467, tos inherit not turned on by default on tunnels (IPIP, GRE) + * Bug #352 - QinQ - changing the ethertype value of vif-s + * Can not change EtherType with vif-c interfaces configured + + [ Alex Harpin ] + * vyatta-cfg-system: allow dynamic dns updating from behind nat + + -- Alex Harpin Sun, 08 Feb 2015 20:19:41 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium10) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: formatting changes for style consistency + * vyatta-cfg-system: changes to update_inittab for xen console access + * vyatta-cfg-system: remove default speed value for console access + + -- Alex Harpin Sun, 25 Jan 2015 09:32:40 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium9) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: update the required version of ddclient + * vyatta-cfg-system: add dynamic dns support for no-ip.com/noip + + -- Alex Harpin Sun, 18 Jan 2015 16:01:51 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium8) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: formatting changes for style consistency + * vyatta-cfg-system: add dynamic dns support for afraid.org/freedns + * vyatta-cfg-system: set required version of ddclient for freedns support + + -- Alex Harpin Sat, 03 Jan 2015 18:20:32 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium7) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: really remove cpufrequtils from depends this time + + -- Alex Harpin Tue, 30 Dec 2014 21:48:13 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium6) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: remove acpid and cpufrequtils from depends + + -- Alex Harpin Tue, 30 Dec 2014 20:18:42 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium5) unstable; urgency=low + + * Force release + + -- Daniil Baturin Tue, 23 Dec 2014 01:55:46 +0100 + +vyatta-cfg-system (0.20.44+vyos2+lithium4) unstable; urgency=low + + [ Hiroshi Umehara ] + * vyatta-cfg-system: fix for unusable "link" option (Bug #381) + + [ Jared Baldridge ] + * Adding support for spaces in the key comment field (Bug #411) + + [ Ryo Nakamura ] + * support "remote" attribute of VXLAN tunnel (Bug #416) + + [ Alex Harpin ] + + -- Alex Harpin Sat, 20 Dec 2014 18:38:25 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium3) unstable; urgency=low + + [ Jared Baldridge ] + * Adding initial support for loading a config from AWS EC2 user-data + + [ Jason Hendry ] + * Expose rsyslog log level 'all' in CLI + * Initial import fo vyatta_update_sysctl.pl + * Creating template for net.ipv4.ipfrag_time sysctl + * Adding all + custom sysctl option nodes + * Removing sysctl all node, adding net.ipv4.igmp_max_memberships + * Adding offload setting management to vyatta-interfaces.pl + * Adding templates for tso options. fixing logic in vyatta-interfaces for tso options + * Making offload setting changes change on a single option + * Updating comments so they make a bit more sense + * Removing default settings offload values + * Cleaning up ethtool execution code + * Correcting udp offload option name form segmentation to fragmentation + * Removing unsed variable from declaration + + [ Paul Gear ] + * Omit "Vyatta" from sysDescr + + [ Hiroyuki Sato ] + * Fix Bug#382 Removing system ipv6 forwarding causes script error. + + [ Alex Harpin ] + + -- Alex Harpin Wed, 10 Dec 2014 07:53:50 +0000 + +vyatta-cfg-system (0.20.44+vyos2+lithium2) unstable; urgency=low + + * Force release + + -- Daniil Baturin Wed, 29 Oct 2014 22:45:42 +0100 + +vyatta-cfg-system (0.20.44+vyos2+lithium1) unstable; urgency=low + + * New branch + + -- Daniil Baturin Wed, 29 Oct 2014 22:44:52 +0100 + +vyatta-cfg-system (0.20.43+vyos1+helium24) unstable; urgency=low + + * vyatta-cfg-system: fix for 'user vyos doesn't exist' on password reset + * vyatta-cfg-system: add complete user config entry on password reset + * vyatta-cfg-system: set default vyos password hash to sha-512 when reset + * vyatta-cfg-system: allow password reset for users other than vyos + * vyatta-cfg-system: fix for deleting encrypted password breaks config + * vyatta-cfg-system: comment change in the plaintext-password node + + -- Alex Harpin Fri, 24 Oct 2014 16:57:23 +0100 + +vyatta-cfg-system (0.20.43+vyos1+helium23) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: allow dhcp and dhcpv6 addresses to be deleted + + [ Daniil Baturin ] + + -- Daniil Baturin Thu, 09 Oct 2014 23:18:31 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium22) unstable; urgency=low + + * Make EC2 key fetcher start on boot. + + -- Daniil Baturin Thu, 09 Oct 2014 21:18:44 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium21) unstable; urgency=low + + * Use returnEffectiveValues in intfwatchd so it works outside of + config session. + + -- Daniil Baturin Thu, 09 Oct 2014 00:10:29 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium20) unstable; urgency=low + + * Fix regular expression so it works with any (I hope!) interface + types. + * Even more specific regex. + + -- Daniil Baturin Wed, 08 Oct 2014 21:17:39 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium19) unstable; urgency=low + + * Add ex2-check script. + + -- Daniil Baturin Wed, 08 Oct 2014 15:50:02 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium18) unstable; urgency=low + + * If not running on AWS (system UUID and serial do not start with + EC2), don't do AWS-specific things. + * Bug #335, run the EC2 key fetching script as vyattacfg. + + -- Daniil Baturin Wed, 08 Oct 2014 12:13:29 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium17) unstable; urgency=low + + [ upa ] + * Add support for VXLAN + * fix create/del error handling + + [ Alex Harpin ] + * vyatta-cfg-system: formatting changes for style consistency + * vyatta-cfg-system: revert bb71cf5b7b3a48812e28dbefba8c535f9bbf9973 + * vyatta-cfg-system: add 'set system allow-dhcp-nameservers' option + + [ Kim Hagen ] + * Remove gre-multipoint encapsulation option, make the tunnel + multipoint if 'remote-ip' is nowt set. + + [ Alex Harpin ] + * vyatta-cfg-system: formatting changes for style consistency + * vyatta-cfg-system: expand 'set system allow-dhcp-nameservers' logic + + [ Kim Hagen ] + * Fix syntax error + + [ Alex Harpin ] + * vyatta-cfg-system: rename allow-dhcp-nameservers and change to + typeless + + [ Daniil Baturin ] + * Remove VXLAN templates that are supposed to be generated. + * Add VXLAN to generated templates. + * Remove ip/node.def, it's autogenerated too. + * Remove source-validation templates, those are also autogenerated. + + [ Kim Hagen ] + * Fix typo + + [ Daniil Baturin ] + * Rename "dev" to "link" under VXLAN for consistency with peth + * Fix a typo in help string. + + -- Daniil Baturin Tue, 07 Oct 2014 19:45:58 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium16) unstable; urgency=low + + [ UnicronNL ] + * Remove execution of vyatta-update-nhtp script + * Remove obsolete information + * Always allow gre-multipoint + + [ Kim Hagen ] + * Bug #285 - Cannot delete bond interface with vif + + [ Alex Harpin ] + * vyatta-cfg-system: remove quotes from SysContact and SysLocation + + [ Kim Hagen ] + * Do not delete tunnel if it is in use by NHRP config + + [ Alex Harpin ] + * vyatta-cfg-system: formatting changes for style consistency + * vyatta-cfg-system: allow interfaces with dhcp addresses to be + deleted + * vyatta-cfg-system: formatting changes for style consistency + * vyatta-cfg-system: prevent dhcp updating dns when statically + configured + + [ Daniil Baturin ] + * Bug #306: add option to enable private VLAN proxy ARP on an + interface. + + -- Daniil Baturin Tue, 09 Sep 2014 17:32:43 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium15) unstable; urgency=low + + * Bug #196: rename "smuxpeer" to "smux-peer" for consistency with + other commands. + * Bug #173: rename "disable" option to "ignore". + * Bug #237: improve ciphers option help and value validation. + + -- Daniil Baturin Sun, 03 Aug 2014 12:45:11 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium14) unstable; urgency=low + + * Bug #256: adjust mtu node priority. + + -- Daniil Baturin Sat, 02 Aug 2014 03:53:48 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium13) unstable; urgency=low + + * Bug #246: add multicast querier toggle to bridge. + + -- Daniil Baturin Sat, 02 Aug 2014 01:01:04 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium12) unstable; urgency=low + + [ ftoyama ] + * Change lower the priority of l2tpv3 than the priority of static + route. + + [ Daniil Baturin ] + * Rename dummy interfaces to dumX to avoid confusion with the default + + -- Daniil Baturin Thu, 31 Jul 2014 01:29:51 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium11) unstable; urgency=low + + * Replace login check with UID check in install-get-partition. + + -- Daniil Baturin Wed, 30 Jul 2014 00:29:58 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium10) unstable; urgency=low + + * Replace login name check with effective UID check. + * Replace login name check with effective UID check in install-image. + + -- Daniil Baturin Tue, 29 Jul 2014 23:41:07 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium9) unstable; urgency=low + + * Set vyos-intfwatchd to start at boot by default. + + -- Daniil Baturin Fri, 25 Jul 2014 20:28:44 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium8) unstable; urgency=low + + [ UnicronNL ] + * Add Freescale i.MX serial device + + [ Daniil Baturin ] + * Add vyod-intfwatchd for restoring IPv6 addresses after link flaps. + * Bug #259: do not try to remove addresses that don't exist. + + -- Daniil Baturin Fri, 25 Jul 2014 18:36:30 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium7) unstable; urgency=low + + [ Paul Gear ] + * Fix ignore-hosts-file operation + * Fix dnsmasq.conf generation for ignore-hosts-file + + [ tofoo ] + * Fix modprobe for l2tpv3 over ip + + [ Kim Hagen ] + * Skip finding hypervisor vendor if cpu is other than x86_64. + * Only depend on grub if archtecture is i386 or amd64 + + [ Daniil Baturin ] + * Fix is_live_boot check to account for the overlayfs change. + * Bug #269: missed return in is_ec2_ami. + + -- Daniil Baturin Fri, 25 Jul 2014 12:23:03 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium6) unstable; urgency=low + + [ Abdelouahed Haitoute ] + * Added feature to send log message to remote syslog server over UDP + or TCP. + * Added feature to add smuxpeer entries in file /etc/snmp/snmpd.conf. + + [ Kim Hagen ] + * Add QinQ vlan to ethernet interface config + * Fix variables. + * Change priority in node.def + * Add QinQ vlan to Bonding and pseudo-ethernet interfaces. + * Set help to Nested vlan. + * Bug #21 - Add the ability to adjust system ARP settings via the CLI + on a per interface basis + * Fix build errors due to interface prio in perl script. + * Remove file vyatta-cfg-system.install. + * Set separate virtual interface for QinQ. + + [ Daniil Baturin ] + * Bug #255: add an option to ignore hosts file in dnsmasq. + + -- Daniil Baturin Tue, 08 Jul 2014 17:07:35 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium5) unstable; urgency=low + + [ James Davidson ] + * Support and switch to overlayfs + + [ Kim Hagen ] + * Add fuse group for admin users so /dev/fuse is accessible and + + [ hydrajump ] + * Remove trailing whitespace + * Add support for installing a new image on the Amazon AMI + * Fix AWS EC2 AMI support + * Revert to state before add-aws-ami-support + * Fix to enable ec2-fetch-ssh-public-key init script + + [ neutralrockets ] + * Add support for ciphers and macs override in ssh + + [ Kim Hagen ] + * Bug #239 - Getting the version number by using dpkg will not work + when upgrading to newer version of debian. + + [ Daniil Baturin ] + + -- Daniil Baturin Mon, 16 Jun 2014 13:00:08 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium4) unstable; urgency=low + + [ hydrajump ] + * Add system option for ctrl-alt-del-action to configuration + * Use elif conditional instead of if + * Add syntax check to validate value + + [ Daniil Baturin ] + * Bug #170: Rename nodes for consistency with the rest of the system. + * Bug #170: Set default wait time to 0. + * Bug #170: Set link up at after creating tunnel. + * Bug #170: Add address, disable, and description options. + * Bug #170: Break iproute2 commands in multiple line for better + readability. + * Bug #170: Specify interface name in iproute2 command to override + default numering. + * Bug #170: Remove "wait" option. + * Bug #170: Improve help strings. + + -- Daniil Baturin Sat, 12 Apr 2014 22:24:22 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium3) unstable; urgency=low + + * Bug #159: add dummy type to network interface type list. + * Remove extra space before pppoe in interface types for nicer + formatting. + * Bug #170: add L2TPv3 to the interface type list. + + -- Daniil Baturin Sun, 06 Apr 2014 14:58:14 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium2) unstable; urgency=low + + [ hydrajump ] + * Fixed parted command for root partition alignment. + + [ higebu ] + * Add support for l2tpv3 + * Fix support for l2tpv3 over ip + + [ hydrajump ] + * Cleanup of unused parted root partitioning starting offset + + [ higebu ] + * Remove endpoint, and add mtu support + + [ tea2ka ] + * using a DNS server with an IPv6 address. + * collect dhcpv6-options + + [ hydrajump ] + * Delete SSH blacklists as they are no longer needed + + [ Daniil Baturin ] + * Bug #159: add conf mode templates for dummy interfaces. + * Bug #159: add delete action for dummy interfaces. + + -- Daniil Baturin Sun, 06 Apr 2014 11:52:08 +0200 + +vyatta-cfg-system (0.20.43+vyos1+helium1) unstable; urgency=low + + * New branch + + -- Daniil Baturin Sat, 15 Feb 2014 16:53:19 +0100 + +vyatta-cfg-system (0.20.43+hydrogen12) unstable; urgency=low + + * Merge changes to SNMPv3 templates and scripts from vRouter 5400 + trial ISO. + + -- Daniil Baturin Fri, 31 Jan 2014 03:55:52 +0100 + +vyatta-cfg-system (0.20.43+hydrogen11) unstable; urgency=low + + * Force release + + -- Daniil Baturin Sat, 18 Jan 2014 01:41:12 +0100 + +vyatta-cfg-system (0.20.43+hydrogen10) unstable; urgency=low + + * Bug #98: add an option for redirect support to curl call. + + -- Daniil Baturin Sat, 18 Jan 2014 01:40:28 +0100 + +vyatta-cfg-system (0.20.43+hydrogen9) unstable; urgency=low + + * Change image name for new installs to just numeric version. + + -- Daniil Baturin Sun, 22 Dec 2013 11:16:14 +0100 + +vyatta-cfg-system (0.20.43+hydrogen8) unstable; urgency=low + + * Bug #96: fix menu entry generation so image version is included. + * Fix curl command to fetch the signature file. + + -- Daniil Baturin Sun, 22 Dec 2013 09:28:12 +0100 + +vyatta-cfg-system (0.20.43+hydrogen7) unstable; urgency=low + + * Bug #92: change default timezone to UTC for the sake of scientific + * Bug #51: update /etc/timezone when timezone changes. + + -- Daniil Baturin Wed, 18 Dec 2013 04:23:05 +0100 + +vyatta-cfg-system (0.20.43+hydrogen6) unstable; urgency=low + + [ Stig Thormodsrud ] + * Fix bug 318 - Use SHA-512 hashing for user passwords instead of MD5 + + [ Daniil Baturin ] + + -- Daniil Baturin Tue, 17 Dec 2013 03:35:52 +0100 + +vyatta-cfg-system (0.20.43+hydrogen5) unstable; urgency=low + + * Remove init-floppy script + * Replace s/Vyatta/VyOS/ in parition handling installer functions + * Remove init-floppy from automake rules + * Bug #55: fix user name in password reset script. + + -- Daniil Baturin Sun, 03 Nov 2013 14:15:26 +0100 + +vyatta-cfg-system (0.20.43+hydrogen4) unstable; urgency=low + + * Fix some shell quoting weirdness (curl dumped the ISO on stdout) + + -- Daniil Baturin Sat, 02 Nov 2013 06:34:43 +0100 + +vyatta-cfg-system (0.20.43+hydrogen3) unstable; urgency=low + + * Fix image name, according to new numeric-only vyatta-version naming + * Replace missed vyatta names in installer + * Set User-Agent: to VyOS/$version for statistics collection. + + -- Daniil Baturin Sat, 02 Nov 2013 02:34:57 +0100 + +vyatta-cfg-system (0.20.43+hydrogen2) unstable; urgency=low + + * Test release + + -- Daniil Baturin Fri, 01 Nov 2013 23:55:00 +0100 + +vyatta-cfg-system (0.20.43+hydrogen1) unstable; urgency=low + + * Fix branch + + -- Daniil Baturin Fri, 01 Nov 2013 22:41:42 +0100 + +vyatta-cfg-system (0.20.42+daisy25) unstable; urgency=low + + * Replace s/Vyatta/VyOS/ in install-system script. + + -- Daniil Baturin Fri, 01 Nov 2013 21:41:42 +0100 + +vyatta-cfg-system (0.20.42+daisy24) unstable; urgency=low + + * Remote unused file test_bootfile + + -- Daniil Baturin Thu, 31 Oct 2013 13:34:48 +0100 + +vyatta-cfg-system (0.20.42+daisy23) unstable; urgency=low + + * Force release + + -- Daniil Baturin Thu, 31 Oct 2013 13:14:19 +0100 + +vyatta-cfg-system (0.20.42+daisy22) unstable; urgency=low + + * Dedicated alias for vyos maintainers as email. + * s/Vyatta/VyOS/ in default config. + * Update debian/control email too. + * ...and AUTHORS. + + -- Daniil Baturin Thu, 31 Oct 2013 13:12:19 +0100 + +vyatta-cfg-system (0.20.42+daisy21) unstable; urgency=low + + * Update names in grub config templates. + * Update default user in installer script. + * Update default hostname. + * Update maintainers addresses. + + -- Daniil Baturin Mon, 21 Oct 2013 21:49:05 -0700 + +vyatta-cfg-system (0.20.42+daisy20) unstable; urgency=low + + * SNMP: Group secLevel check. Fix 'delete priv on user' + + -- James Davidson Wed, 05 Jun 2013 09:19:58 -0700 + +vyatta-cfg-system (0.20.42+daisy19) unstable; urgency=low + + * SNMP sync up + + -- James Davidson Thu, 16 May 2013 10:20:53 -0700 + +vyatta-cfg-system (0.20.42+daisy18) unstable; urgency=low + + * Replace original config file handling behaviour + + -- James Davidson Mon, 15 Apr 2013 14:26:25 -0700 + +vyatta-cfg-system (0.20.42+daisy17) unstable; urgency=low + + * Bugfix 8711: Switch to Bash syntax for conditionals + + -- John Southworth Fri, 12 Apr 2013 14:16:11 -0700 + +vyatta-cfg-system (0.20.42+daisy16) unstable; urgency=low + + [ Stephen Hemminger ] + * ethernet: deleting device should put in admin down + + [ John Southworth ] + + -- John Southworth Fri, 12 Apr 2013 09:28:34 -0700 + +vyatta-cfg-system (0.20.42+daisy15) unstable; urgency=low + + * Bugfix 8526: don't use REQUIRED on remote-ip + + -- John Southworth Fri, 12 Apr 2013 09:26:47 -0700 + +vyatta-cfg-system (0.20.42+daisy14) unstable; urgency=low + + * Bugfix 8804 + + -- John Southworth Fri, 12 Apr 2013 09:13:36 -0700 + +vyatta-cfg-system (0.20.42+daisy13) unstable; urgency=low + + [ Stephen Hemminger ] + * snmpv3: enable strict warnings and fix perlcritic + * fix device naming on boot + + [ James Davidson ] + + -- James Davidson Tue, 02 Apr 2013 08:52:37 -0700 + +vyatta-cfg-system (0.20.42+daisy12) unstable; urgency=low + + * Fix typo in domain-name delete action + + -- James Davidson Mon, 01 Apr 2013 09:26:05 -0700 + +vyatta-cfg-system (0.20.42+daisy11) unstable; urgency=low + + * SNMP: Add multicast smux peers + + -- James Davidson Wed, 20 Mar 2013 09:07:37 -0700 + +vyatta-cfg-system (0.20.42+daisy10) unstable; urgency=low + + * Sync up SNMPv3 support + + -- James Davidson Wed, 06 Mar 2013 11:24:17 -0800 + +vyatta-cfg-system (0.20.42+daisy9) unstable; urgency=low + + * mGRE bug fixes local-ip address changes and v6 check. + + -- Saurabh Mohan Tue, 12 Feb 2013 16:11:05 -0800 + +vyatta-cfg-system (0.20.42+daisy8) unstable; urgency=low + + * Initial SNMPv3 support + + -- James Davidson Tue, 12 Feb 2013 13:39:56 -0800 + +vyatta-cfg-system (0.20.42+daisy7) unstable; urgency=low + + * Skip biosdevname if running in Xen + + -- James Davidson Wed, 06 Feb 2013 15:27:01 -0800 + +vyatta-cfg-system (0.20.42+daisy6) unstable; urgency=low + + * Add ability to restart services when hostname changes + + -- James Davidson Tue, 29 Jan 2013 09:58:49 -0800 + +vyatta-cfg-system (0.20.42+daisy5) unstable; urgency=low + + * Dmvpn merge with mirantis jan22-2013 + + -- Saurabh Mohan Tue, 22 Jan 2013 12:30:35 -0800 + +vyatta-cfg-system (0.20.42+daisy4) unstable; urgency=low + + * Bug 7856: Set default neighbour table size to 8192 + + -- James Davidson Tue, 08 Jan 2013 15:14:20 -0800 + +vyatta-cfg-system (0.20.42+daisy3) unstable; urgency=low + + * mgre support initial commit. + + -- Saurabh Mohan Wed, 26 Dec 2012 15:31:07 -0800 + +vyatta-cfg-system (0.20.42+daisy2) unstable; urgency=low + + * revert 918bd40d3e3f238a800b1486f70e2d5ee1d71a72 + + -- John Southworth Wed, 12 Dec 2012 14:40:34 -0800 + +vyatta-cfg-system (0.20.42+daisy1) unstable; urgency=low + + * create daisy branch + + -- John Southworth Sat, 13 Oct 2012 13:30:43 -0700 + +vyatta-cfg-system (0.20.42) unstable; urgency=low + + * new branch + + -- John Southworth Fri, 12 Oct 2012 19:46:58 -0700 + +vyatta-cfg-system (0.20.41) unstable; urgency=low + + * Bug 8423 move serial interfaces to vyatta-serial + + -- John Southworth Mon, 08 Oct 2012 22:32:02 -0700 + +vyatta-cfg-system (0.20.40) unstable; urgency=low + + * Bugfix 8423 add interface types to netdevice + + -- John Southworth Mon, 08 Oct 2012 21:27:40 -0700 + +vyatta-cfg-system (0.20.39) unstable; urgency=low + + * Bugfix 8410: give warning when config didn't load properly and + passwords have been changed + + -- John Southworth Fri, 05 Oct 2012 17:38:42 -0700 + +vyatta-cfg-system (0.20.38) unstable; urgency=low + + * Commit and save password changes only once + + -- James Davidson Tue, 02 Oct 2012 15:33:54 -0700 + +vyatta-cfg-system (0.20.37) unstable; urgency=low + + * Bugfix 8356: Fix ARP flux with VRRP addresses + + -- John Southworth Mon, 01 Oct 2012 23:12:07 -0700 + +vyatta-cfg-system (0.20.36) unstable; urgency=low + + * Bugfix 8290: Detect original unsalted password + + -- John Southworth Tue, 25 Sep 2012 10:17:09 -0700 + +vyatta-cfg-system (0.20.35) unstable; urgency=low + + * Do not check disabled accounts for default password + + -- James Davidson Fri, 21 Sep 2012 14:17:25 -0700 + +vyatta-cfg-system (0.20.34) unstable; urgency=low + + * Set hostname after updating hosts file + + -- James Davidson Wed, 19 Sep 2012 11:56:39 -0700 + +vyatta-cfg-system (0.20.33) unstable; urgency=low + + * fix for 8372 - Unclear which user ID the changed administrator + password applies to + + -- Deepti Kulkarni Tue, 18 Sep 2012 16:58:30 -0700 + +vyatta-cfg-system (0.20.32) unstable; urgency=low + + * Bugfix 8359: When deleteing vti interface use tunnel interface mode + ipip + + -- Saurabh Mohan Tue, 18 Sep 2012 12:36:43 -0700 + +vyatta-cfg-system (0.20.31) unstable; urgency=low + + * Update /etc/hosts when host name and domain name changes + + -- James Davidson Mon, 10 Sep 2012 09:16:18 -0700 + +vyatta-cfg-system (0.20.30) unstable; urgency=low + + * Set system password also when resetting admin password + + -- James Davidson Thu, 06 Sep 2012 11:09:56 -0700 + +vyatta-cfg-system (0.20.29) unstable; urgency=low + + * Bugfix 8326 + + -- John Southworth Wed, 05 Sep 2012 14:13:13 -0700 + +vyatta-cfg-system (0.20.28) unstable; urgency=low + + * Configure logrotate to maintain log file ownership + + -- James Davidson Tue, 04 Sep 2012 18:31:25 -0700 + +vyatta-cfg-system (0.20.27) unstable; urgency=low + + * Bugfix 6967: Test if an address is already applied to an interface + before attempting to apply it + * Bugfix 8290 + + -- John Southworth Tue, 04 Sep 2012 16:40:49 -0700 + +vyatta-cfg-system (0.20.26) unstable; urgency=low + + * Force Xen installs to use ext3 without write barriers + + -- John Southworth Wed, 29 Aug 2012 11:04:41 -0700 + +vyatta-cfg-system (0.20.25) unstable; urgency=low + + * Revert "Write barriers don't work on all devices, disable them" + + -- John Southworth Tue, 28 Aug 2012 15:46:25 -0700 + +vyatta-cfg-system (0.20.24) unstable; urgency=low + + * Write barriers don't work on all devices, disable them + + -- John Southworth Tue, 28 Aug 2012 13:37:05 -0700 + +vyatta-cfg-system (0.20.23) unstable; urgency=low + + * Allow deleting unknown user + + -- Stephen Hemminger Fri, 17 Aug 2012 13:11:58 -0700 + +vyatta-cfg-system (0.20.22) unstable; urgency=low + + * Allow any mtu for bonding vif + * Fix filecaps for xtables + + -- Stephen Hemminger Thu, 16 Aug 2012 09:28:28 -0700 + +vyatta-cfg-system (0.20.21) unstable; urgency=low + + * Remove support for ssh protocol version + * fix iptables file attributes + + -- Stephen Hemminger Wed, 15 Aug 2012 16:15:25 -0700 + +vyatta-cfg-system (0.20.20) unstable; urgency=low + + * Fix path to iptables + + -- Stephen Hemminger Tue, 14 Aug 2012 11:15:55 -0700 + +vyatta-cfg-system (0.20.19) unstable; urgency=low + + * Add support for network device prefix table + + -- Stephen Hemminger Tue, 14 Aug 2012 10:52:03 -0700 + +vyatta-cfg-system (0.20.18) unstable; urgency=low + + * Bugfix 8241: VTI Sync up the mtu range check with what the kernel + module accepts. + + -- Saurabh Mohan Thu, 09 Aug 2012 14:13:33 -0700 + +vyatta-cfg-system (0.20.17) unstable; urgency=low + + [ Stephen Hemminger ] + * Minor typo in bonding help + + [ James Davidson ] + * Restart rsyslog when system time-zone changes + + -- James Davidson Fri, 03 Aug 2012 09:22:35 -0700 + +vyatta-cfg-system (0.20.16) unstable; urgency=low + + * Use hash map of addresses to interfaces + + -- Stephen Hemminger Fri, 22 Jun 2012 15:51:45 -0700 + +vyatta-cfg-system (0.20.15) unstable; urgency=low + + * Bugfix 8115: reset miimon on arp-montior deletion + + -- John Southworth Tue, 19 Jun 2012 09:13:58 -0700 + +vyatta-cfg-system (0.20.14) unstable; urgency=low + + * Fix help on for USB serial console + + -- Stephen Hemminger Wed, 13 Jun 2012 15:35:50 -0700 + +vyatta-cfg-system (0.20.13) unstable; urgency=low + + * Allow USB console in Grub setup + + -- Stephen Hemminger Tue, 12 Jun 2012 15:06:20 -0700 + +vyatta-cfg-system (0.20.12) unstable; urgency=low + + * Allow USB serial console + + -- Stephen Hemminger Tue, 12 Jun 2012 15:00:05 -0700 + +vyatta-cfg-system (0.20.11) unstable; urgency=low + + * VTI delete check for reference under vpn. + + -- Saurabh Mohan Mon, 11 Jun 2012 17:49:22 -0700 + +vyatta-cfg-system (0.20.10) unstable; urgency=low + + * Vti tunnel config support. + + -- Saurabh Mohan Wed, 16 May 2012 16:09:45 -0700 + +vyatta-cfg-system (0.20.9) unstable; urgency=low + + * Change default to No when not enough space to save config + + -- James Davidson Wed, 16 May 2012 11:02:40 -0700 + +vyatta-cfg-system (0.20.8) unstable; urgency=low + + * Move VRRP to its own package + * Remove vrrp files from Makefile + + -- John Southworth Tue, 15 May 2012 20:48:00 -0700 + +vyatta-cfg-system (0.20.7) unstable; urgency=low + + * Remove vrrp operational scripts from vyatta-cfg-system + + -- John Southworth Tue, 15 May 2012 11:37:48 -0700 + +vyatta-cfg-system (0.20.6) unstable; urgency=low + + * Turn on vrrp snmp traps by default + + -- John Southworth Mon, 07 May 2012 18:06:57 -0700 + +vyatta-cfg-system (0.20.5) unstable; urgency=low + + * vif: remove check for flags when creating VIF + + -- Stephen Hemminger Tue, 24 Apr 2012 09:00:33 -0700 + +vyatta-cfg-system (0.20.4) unstable; urgency=low + + * Return success on stop if telnetd service is not running + * 0.20.3 + * Use rsyslog to trigger log rotation + + -- James Davidson Wed, 18 Apr 2012 11:06:01 -0700 + +vyatta-cfg-system (0.20.3) unstable; urgency=low + + * Return success on stop if telnetd service is not running + + -- James Davidson Wed, 18 Apr 2012 11:02:22 -0700 + +vyatta-cfg-system (0.20.2) unstable; urgency=low + + * Fix minor perlcritc warning in vrrp-state + * Replace intf->carrier() check with intf->running() + + -- Stephen Hemminger Tue, 10 Apr 2012 18:29:28 -0700 + +vyatta-cfg-system (0.20.1) unstable; urgency=low + + * Add dependency on dialog package + * Add network console support + + -- Stephen Hemminger Wed, 04 Apr 2012 15:41:45 -0700 + +vyatta-cfg-system (0.19.176) unstable; urgency=low + + [ Jon Andersson ] + * Bugfix 7976: Move the test to update: to allow addresses to be + configured + + [ John Southworth ] + + -- John Southworth Tue, 27 Mar 2012 08:18:19 -0700 + +vyatta-cfg-system (0.19.175) unstable; urgency=low + + * new branch + + -- Deepti Kulkarni Sat, 03 Mar 2012 02:25:38 -0800 + +vyatta-cfg-system (0.19.174) unstable; urgency=low + + * bug fix for 7489 - Added warning message on delete system console + + -- Deepti Kulkarni Thu, 01 Mar 2012 06:29:12 -0800 + +vyatta-cfg-system (0.19.173) unstable; urgency=low + + * Bugfix 7555: Allow users to import keys when using loadkey + * forgot to use io::prompt + + -- John Southworth Thu, 01 Mar 2012 00:52:22 +0000 + +vyatta-cfg-system (0.19.172) unstable; urgency=low + + * Bugfix 7555: allow users to import ssh keys when running add system + image + + -- John Southworth Wed, 29 Feb 2012 22:55:45 +0000 + +vyatta-cfg-system (0.19.171) unstable; urgency=low + + * Cleanup interface statistic clear files on reboot + + -- Stephen Hemminger Tue, 21 Feb 2012 21:22:56 -0800 + +vyatta-cfg-system (0.19.170) unstable; urgency=low + + * Fix server property option + + -- Stephen Hemminger Tue, 21 Feb 2012 13:20:52 -0800 + +vyatta-cfg-system (0.19.169) unstable; urgency=low + + * Disable reboot on ctrl-alt-del + + -- Stephen Hemminger Tue, 21 Feb 2012 12:23:28 -0800 + +vyatta-cfg-system (0.19.168) unstable; urgency=low + + * Remove reference to init-floppy + + -- Stephen Hemminger Tue, 21 Feb 2012 11:09:38 -0800 + +vyatta-cfg-system (0.19.167) unstable; urgency=low + + * Fix spelling errors in install image + + -- Stephen Hemminger Tue, 21 Feb 2012 10:56:55 -0800 + +vyatta-cfg-system (0.19.166) unstable; urgency=low + + * Bug #7787: Allow using custom command line arguments in transition + * Bug #7787: Modify VRRP templates to allow custom script arguments, + * Fix VRRP templates error string capitalization. + + -- Daniil Baturin Sat, 18 Feb 2012 04:48:42 +0700 + +vyatta-cfg-system (0.19.165) unstable; urgency=low + + * snmp: add missing newline to config file + + -- Stephen Hemminger Fri, 17 Feb 2012 11:48:53 -0800 + +vyatta-cfg-system (0.19.164) unstable; urgency=low + + * Fix typo in last SNMP change. + + -- Stephen Hemminger Fri, 10 Feb 2012 11:57:32 -0800 + +vyatta-cfg-system (0.19.163) unstable; urgency=low + + * snmp: enable agentx + * fix path to ethtool + + -- Stephen Hemminger Thu, 09 Feb 2012 11:15:43 -0800 + +vyatta-cfg-system (0.19.162) unstable; urgency=low + + * Fix missing space on postinst script + + -- John Southworth Fri, 03 Feb 2012 16:29:28 -0800 + +vyatta-cfg-system (0.19.161) unstable; urgency=low + + * Bugfix 7770 + + -- John Southworth Fri, 03 Feb 2012 14:00:03 -0800 + +vyatta-cfg-system (0.19.160) unstable; urgency=low + + * Allow operator users to run dmidecode so show version works for them + + -- John Southworth Mon, 30 Jan 2012 22:43:51 +0000 + +vyatta-cfg-system (0.19.159) unstable; urgency=low + + * Fix missing error (missing lecho) in install-system + + -- Stephen Hemminger Tue, 24 Jan 2012 16:51:45 -0800 + +vyatta-cfg-system (0.19.158) unstable; urgency=low + + * Make disk label if necessary + + -- Stephen Hemminger Fri, 20 Jan 2012 15:37:31 -0800 + +vyatta-cfg-system (0.19.157) unstable; urgency=low + + * Enforce length restriction on interface description + + -- Stephen Hemminger Thu, 19 Jan 2012 19:05:36 -0800 + +vyatta-cfg-system (0.19.156) unstable; urgency=low + + * Fix check for pseudo-ethernet overlap + + -- Stephen Hemminger Mon, 16 Jan 2012 10:26:21 -0800 + +vyatta-cfg-system (0.19.155) unstable; urgency=low + + * Check for conflict between pseudo-ethernet and bonding,bridging + * install: use sfdisk to get disk size + * install-system: use sfdisk to find drive size + * Check for existance of postconfig boot up script + + -- Stephen Hemminger Wed, 11 Jan 2012 16:00:06 -0800 + +vyatta-cfg-system (0.19.154) unstable; urgency=low + + [ Jon Andersson ] + * Update to local_ip + + [ Stephen Hemminger ] + + -- Stephen Hemminger Mon, 09 Jan 2012 14:24:50 -0800 + +vyatta-cfg-system (0.19.153) unstable; urgency=low + + * Bugfix 7689: change vrrp auth_type detection 'simple' to 'plaintext- + password' + + -- John Southworth Tue, 03 Jan 2012 16:46:02 -0800 + +vyatta-cfg-system (0.19.152) unstable; urgency=low + + * bonding: do not allow interface with VRRP to be enslaved + * bridge: check for VRRP + + -- Stephen Hemminger Fri, 30 Dec 2011 11:09:11 -0800 + +vyatta-cfg-system (0.19.151) unstable; urgency=low + + * Move vrrp input filter creation to keepalived for faster transitions + + -- John Southworth Wed, 28 Dec 2011 11:48:52 -0800 + +vyatta-cfg-system (0.19.150) unstable; urgency=low + + * Move vrrp vmac sysctls to interface initialization in keepalived + + -- John Southworth Tue, 27 Dec 2011 10:34:23 -0800 + +vyatta-cfg-system (0.19.149) unstable; urgency=low + + * interfaces: don't add config for missing devices + * install: fix warning message when package is updated + + -- Stephen Hemminger Wed, 21 Dec 2011 17:53:56 -0800 + +vyatta-cfg-system (0.19.148) unstable; urgency=low + + * Extra grat. arps are not needed for vmac interfaces + + -- John Southworth Tue, 20 Dec 2011 16:17:58 -0800 + +vyatta-cfg-system (0.19.147) unstable; urgency=low + + * Verify user defined mac addresses are not VRRP mac addresses + + -- John Southworth Wed, 14 Dec 2011 15:35:04 -0800 + +vyatta-cfg-system (0.19.146) unstable; urgency=low + + * Add filtering to transition scripts for vmac interfaces; Make + transition script able to detect if the interface is a vmac + interface before applying the vmac specific changes + + -- John Southworth Mon, 12 Dec 2011 16:32:34 -0800 + +vyatta-cfg-system (0.19.145) unstable; urgency=low + + * Bug 7672: Don't execute check-params-on-reboot.d if config file + + -- Daniil Baturin Tue, 13 Dec 2011 03:13:00 +0700 + +vyatta-cfg-system (0.19.144) unstable; urgency=low + + * sysctl: increase maximum allowed socket buffer + + -- Stephen Hemminger Fri, 09 Dec 2011 11:06:08 -0800 + +vyatta-cfg-system (0.19.143) unstable; urgency=low + + * md: don't start unless needed + + -- Stephen Hemminger Fri, 09 Dec 2011 09:16:25 -0800 + +vyatta-cfg-system (0.19.142) unstable; urgency=low + + * Fix sysctl application for vlan interfaes + + -- John Southworth Thu, 08 Dec 2011 11:22:36 -0800 + +vyatta-cfg-system (0.19.141) unstable; urgency=low + + * Bugfix 7497: Include auth credentials when fetching the signature + file + + -- Bob Gilligan Tue, 06 Dec 2011 16:16:02 -0800 + +vyatta-cfg-system (0.19.140) unstable; urgency=low + + * Fix up formating of Vyatta specific HTTP options. + + -- Bob Gilligan Tue, 06 Dec 2011 14:05:59 -0800 + +vyatta-cfg-system (0.19.139) unstable; urgency=low + + * Add parsing of vrrp interfaces so that 'show vrrp interfaces ' will do what the user intended. + + -- John Southworth Tue, 06 Dec 2011 11:50:17 -0800 + +vyatta-cfg-system (0.19.138) unstable; urgency=low + + * make vyatta-interfaces.pl aware of vrrp interfaces + * Adjust the output of 'show vrrp' and 'show vrrp summary' for vmac + and address owner + + -- John Southworth Tue, 06 Dec 2011 09:14:43 -0800 + +vyatta-cfg-system (0.19.137) unstable; urgency=low + + * Add HTTP headers to identify client and version. + + -- Bob Gilligan Mon, 05 Dec 2011 17:45:10 -0800 + +vyatta-cfg-system (0.19.136) unstable; urgency=low + + * Set accept_local on vrrp interfaces so that transition from 'current + master that is not address owner' to 'address owner that is + requesting master' can occur + * 0.19.135 + + -- John Southworth Fri, 02 Dec 2011 14:49:40 -0800 + +vyatta-cfg-system (0.19.135) unstable; urgency=low + + * Set accept_local on vrrp interfaces so that transition from 'current + master that is not address owner' to 'address owner that is + requesting master' can occur + + -- John Southworth Fri, 02 Dec 2011 14:49:22 -0800 + +vyatta-cfg-system (0.19.134) unstable; urgency=low + + * Add vrrp interface description for bonding vif + + -- John Southworth Fri, 02 Dec 2011 11:20:32 -0800 + +vyatta-cfg-system (0.19.133) unstable; urgency=low + + * Change arp_filter for all to 0 to allow vrrp interfaces to override + the default of 1 + * Adjust the sysctl values of vrrp interfaces on master/backup + transitions + * Add handling for address ownership (priority 255) in RFC complient + mode + * Add vrrp interface description + + -- John Southworth Thu, 01 Dec 2011 16:52:00 -0800 + +vyatta-cfg-system (0.19.132) unstable; urgency=low + + * Move vyatta changes to sudoers to separate file + * change mode of /etc/sudoers.d/vyatta + * sudoers: expand ${bindir} + + -- Stephen Hemminger Tue, 29 Nov 2011 13:57:50 -0800 + +vyatta-cfg-system (0.19.131) unstable; urgency=low + + * Display vmac interface name in "show vrrp interfaces ..." command + + -- Bob Gilligan Mon, 28 Nov 2011 18:06:04 -0800 + +vyatta-cfg-system (0.19.130) unstable; urgency=low + + * Support VRRP virtual MAC interfaces above bond and bond vif + interfaces + + -- Bob Gilligan Mon, 28 Nov 2011 15:41:39 -0800 + +vyatta-cfg-system (0.19.129) unstable; urgency=low + + [ Stephen Hemminger ] + * Remove unnecessary sudo on ethtool + * Fix perl deprecated warning with 5.14 + + [ Bob Gilligan ] + * Use new naming convention for VRRP virtual mac interfaces. + + -- Bob Gilligan Mon, 28 Nov 2011 15:15:13 -0800 + +vyatta-cfg-system (0.19.128) unstable; urgency=low + + * Fix dyndns failure caused by commit: + 5d27f2ef302dc600ea737e9af4151041aa11a2e0 + + -- John Southworth Mon, 21 Nov 2011 08:19:57 -0800 + +vyatta-cfg-system (0.19.127) unstable; urgency=low + + * Adding CLI option for domain overrides for DNS forwarding, bug id + 4086 + + -- Gaurav Sinha Wed, 09 Nov 2011 16:42:41 -0800 + +vyatta-cfg-system (0.19.126) unstable; urgency=low + + [ Stephen Hemminger ] + * Cleanup dynamic DNS script + + [ Bob Gilligan ] + * First pass implementation of support for virtual MAC address + + -- Bob Gilligan Tue, 08 Nov 2011 16:04:53 -0800 + +vyatta-cfg-system (0.19.125) unstable; urgency=low + + * pseudo-ethernet remove incorrect template + * pseudo-ethernet: add support for proxy arp + * pseudo-ethernet: add VIF support + * Add support for macvlan mode + * Fix priority of vif for pseudo-ethernet + * Remove unnecessary sudo on bonding vif link detect script + + -- Stephen Hemminger Thu, 03 Nov 2011 14:28:36 -0700 + +vyatta-cfg-system (0.19.124) unstable; urgency=low + + * Bugfix 7575 allow tshark to run as unprivileged user, tshark uses + dumpcap as the packet interface so dumpcap needs cap_net_raw and + cap_net_admin + + -- John Southworth Thu, 20 Oct 2011 16:35:18 -0500 + +vyatta-cfg-system (0.19.123) unstable; urgency=low + + * allow rmmod without being root (with capability) + + -- Stephen Hemminger Mon, 17 Oct 2011 10:36:57 -0700 + +vyatta-cfg-system (0.19.122) unstable; urgency=low + + * Bugfix 7551: Fix vlan address completion text + + -- John Southworth Mon, 10 Oct 2011 19:06:30 -0500 + +vyatta-cfg-system (0.19.121) unstable; urgency=low + + [ Stephen Hemminger ] + * snmp: remove unused enterprise-mib hook + + [ Jon Andersson ] + * Bugfix 7553: Move the logic for delete from and end tag to a delete + tag + + [ John Southworth ] + + -- John Southworth Mon, 10 Oct 2011 16:16:33 -0500 + +vyatta-cfg-system (0.19.120) unstable; urgency=low + + * Bugfix 7492: Reset mac address to hw-id when the mac is deleted + + -- John Southworth Tue, 27 Sep 2011 13:59:13 -0500 + +vyatta-cfg-system (0.19.119) unstable; urgency=low + + * Bugfix 7502: Get "add system image" to work on Xen + + -- Bob Gilligan Wed, 12 Oct 2011 17:20:38 -0700 + +vyatta-cfg-system (0.19.118) unstable; urgency=low + + * Bugfix 7488: Configure Xen PV console hvc0 in Vyatta config file. + + -- Bob Gilligan Thu, 01 Sep 2011 18:11:32 -0700 + +vyatta-cfg-system (0.19.117) unstable; urgency=low + + * Bugfix 7469: Add support for installing onto Xen + + -- Bob Gilligan Wed, 31 Aug 2011 15:07:44 -0700 + +vyatta-cfg-system (0.19.116) unstable; urgency=low + + * Fix ipv6 tunnel template error + + -- Stephen Hemminger Wed, 24 Aug 2011 10:17:49 -0700 + +vyatta-cfg-system (0.19.115) unstable; urgency=low + + [ Stephen Hemminger ] + * Cleanup vyatta-config-reboot-params + * Fix deprecated use of chown + + [ John Southworth ] + * Bugfix 7461: Fix syntax problem when setting a mac address + + -- John Southworth Tue, 23 Aug 2011 16:01:32 -0500 + +vyatta-cfg-system (0.19.114) unstable; urgency=low + + * Migration for bug 6900 + + -- John Southworth Mon, 15 Aug 2011 13:30:23 -0500 + +vyatta-cfg-system (0.19.113) unstable; urgency=low + + * Don't bring ethernet device up if it is disabled + + -- Stephen Hemminger Thu, 11 Aug 2011 15:00:44 -0700 + +vyatta-cfg-system (0.19.112) unstable; urgency=low + + * Add encapsulation to IPv6 parameters deletion so that ipip6 tunnels + will work properly after a deletion. + + -- John Southworth Thu, 11 Aug 2011 16:34:41 -0500 + +vyatta-cfg-system (0.19.111) unstable; urgency=low + + [ John Southworth ] + * Fix permission problems on /config during initial install + + [ Jon Andersson ] + * Initial checkin of ipv6 tunnel support + + [ John Southworth ] + + -- John Southworth Thu, 11 Aug 2011 12:51:51 -0500 + +vyatta-cfg-system (0.19.110) unstable; urgency=low + + * bridge: allow setting mac address + + -- Stephen Hemminger Mon, 08 Aug 2011 16:43:34 -0700 + +vyatta-cfg-system (0.19.109) unstable; urgency=low + + * 0.19.108 + * fix missing command in debian/control + + -- Stephen Hemminger Sun, 07 Aug 2011 20:46:26 -0700 + +vyatta-cfg-system (0.19.108) unstable; urgency=low + + * Force dependency on later vyatta-cfg package + + -- Stephen Hemminger Sun, 07 Aug 2011 20:45:23 -0700 + +vyatta-cfg-system (0.19.107) unstable; urgency=low + + * ethernet: avoid needlessly setting mac address + + -- Stephen Hemminger Fri, 05 Aug 2011 20:55:41 -0700 + +vyatta-cfg-system (0.19.106) unstable; urgency=low + + * Added to make "force" op-mode command accessible to user type + + -- Deepti Kulkarni Wed, 27 Jul 2011 08:00:09 -0700 + +vyatta-cfg-system (0.19.105) unstable; urgency=low + + * Bugfix 7350: Allow default config.boot to be selected as config + file. + + -- Bob Gilligan Wed, 17 Aug 2011 15:08:32 -0700 + +vyatta-cfg-system (0.19.104) unstable; urgency=low + + * Fix permission problems on /config during initial install + + -- John Southworth Fri, 15 Jul 2011 20:49:15 -0700 + +vyatta-cfg-system (0.19.103) unstable; urgency=low + + * Bugfix 7070: Need to provide full path for irq-affinity.pl in + system() + + -- Bob Gilligan Sun, 14 Aug 2011 16:37:47 -0700 + +vyatta-cfg-system (0.19.102) unstable; urgency=low + + * Add hook to call a config migration script when upgrading from VSE + Demo. + + -- Bob Gilligan Fri, 12 Aug 2011 17:30:00 -0700 + +vyatta-cfg-system (0.19.101) unstable; urgency=low + + [ Stephen Hemminger ] + * Fix duplicate detection of hypervisor + + [ John Southworth ] + * Bugfix 7326: add /config/support directory by default + + -- John Southworth Wed, 13 Jul 2011 15:56:08 -0500 + +vyatta-cfg-system (0.19.100) unstable; urgency=low + + * new branch + + -- Deepti Kulkarni Thu, 07 Jul 2011 20:55:59 -0700 + +vyatta-cfg-system (0.19.99) unstable; urgency=low + + * Add more hypervisor detection logic + + -- Stephen Hemminger Wed, 06 Jul 2011 10:20:24 -0700 + +vyatta-cfg-system (0.19.98) unstable; urgency=low + + * Move the is_uniq_address function to Interface.pm + + -- John Southworth Tue, 05 Jul 2011 16:21:46 -0500 + +vyatta-cfg-system (0.19.97) unstable; urgency=low + + * bugfix 6801: check to see if the same address is configured on + another interface in the working config before allowing an address + to be set on an interface, allows for swapping addresses in the same + commit + + -- John Southworth Fri, 01 Jul 2011 17:32:25 -0700 + +vyatta-cfg-system (0.19.96) unstable; urgency=low + + * Make add system image use the new config directory for copying files + + -- John Southworth Fri, 24 Jun 2011 17:56:26 -0500 + +vyatta-cfg-system (0.19.95) unstable; urgency=low + + * Add better hypervisor detect logic + + -- Stephen Hemminger Thu, 23 Jun 2011 16:26:27 -0700 + +vyatta-cfg-system (0.19.94) unstable; urgency=low + + * Revert "bonding: remove requirement of slaves existing before vif" + * Ignore new hypervisor_vendor binary + + -- Stephen Hemminger Thu, 16 Jun 2011 18:28:11 -0400 + +vyatta-cfg-system (0.19.93) unstable; urgency=low + + * bonding: remove requirement of slaves existing before vif + * Add utility to find hypervisor vendor + + -- Stephen Hemminger Thu, 16 Jun 2011 17:53:43 -0400 + +vyatta-cfg-system (0.19.92) unstable; urgency=low + + * Bugfix 5856: Add username and password options. + + -- Bob Gilligan Thu, 14 Jul 2011 09:51:17 -0700 + +vyatta-cfg-system (0.19.91) unstable; urgency=low + + * Move the mtu settings out of the main inteface priority subtree as a + failure boundry + + -- John Southworth Wed, 08 Jun 2011 17:26:52 -0500 + +vyatta-cfg-system (0.19.90) unstable; urgency=low + + * Always log authorization messages + + -- Stephen Hemminger Wed, 01 Jun 2011 13:46:49 +0900 + +vyatta-cfg-system (0.19.89) unstable; urgency=low + + * alternative fix for bug 6958 + + -- An-Cheng Huang Wed, 25 May 2011 13:44:44 -0700 + +vyatta-cfg-system (0.19.88) unstable; urgency=low + + * don't assume hw-id exists since it can be deleted + + -- An-Cheng Huang Mon, 23 May 2011 08:41:52 -0700 + +vyatta-cfg-system (0.19.87) unstable; urgency=low + + * irq-affinity: more fixup + + -- Stephen Hemminger Fri, 20 May 2011 11:14:21 -0700 + +vyatta-cfg-system (0.19.86) unstable; urgency=low + + * irq-affinity: use sysfs to read cpu topology + + -- Stephen Hemminger Fri, 20 May 2011 08:40:33 -0700 + +vyatta-cfg-system (0.19.85) unstable; urgency=low + + [ Stephen Hemminger ] + * 0.19.82 + + [ Stig Thormodsrud ] + * Partial fix for 6393: keepalived shutdown too late - can cause lost + traffic + * 0.19.83 + + [ Stephen Hemminger ] + * Use syslog perror for debug option + * irq-affinity: fix handling of UP system + + [ Stig Thormodsrud ] + * 0.19.84 + + [ Stephen Hemminger ] + * irq-affinity: initialize sockets to 1 + + -- Stephen Hemminger Fri, 20 May 2011 07:30:32 -0700 + +vyatta-cfg-system (0.19.84) unstable; urgency=low + + * Partial fix for 6393: keepalived shutdown too late - can cause lost + traffic + * 0.19.83 + + -- Stig Thormodsrud Thu, 19 May 2011 17:16:01 -0700 + +vyatta-cfg-system (0.19.83) unstable; urgency=low + + * Partial fix for 6393: keepalived shutdown too late - can cause lost + traffic + + -- Stig Thormodsrud Mon, 16 May 2011 23:52:05 -0700 + +vyatta-cfg-system (0.19.82) unstable; urgency=low + + * Use syslog perror for debug option + * irq-affinity: fix handling of UP system + + -- Stephen Hemminger Thu, 19 May 2011 08:10:13 -0700 + +vyatta-cfg-system (0.19.81) unstable; urgency=low + + * Fix calculation of number of cores on systems with more than one + socket. + * Bugfix: 6773 (again). Fix handling of single-queue NICs on MPs. + + -- Bob Gilligan Tue, 17 May 2011 12:10:55 -0700 + +vyatta-cfg-system (0.19.80) unstable; urgency=low + + * Support more than 10 CPUs. + + -- Bob Gilligan Tue, 17 May 2011 08:46:37 -0700 + +vyatta-cfg-system (0.19.79) unstable; urgency=low + + * Fix 5912: "show vrrp" doesn't list sync-group + + -- Stig Thormodsrud Wed, 18 May 2011 12:25:33 -0700 + +vyatta-cfg-system (0.19.78) unstable; urgency=low + + * irq-affinity: add workaround to avoid some cpu's + + -- Stephen Hemminger Tue, 17 May 2011 16:16:57 -0700 + +vyatta-cfg-system (0.19.77) unstable; urgency=low + + * Fix grub syntax error + + -- Stephen Hemminger Tue, 17 May 2011 08:51:43 -0700 + +vyatta-cfg-system (0.19.76) unstable; urgency=low + + * eliminate hard-coded commit hook directory + + -- An-Cheng Huang Mon, 16 May 2011 20:11:38 -0700 + +vyatta-cfg-system (0.19.75) unstable; urgency=low + + * smp-affinity: fix typo for assign_multiqueue + + -- Stephen Hemminger Mon, 16 May 2011 16:24:57 -0700 + +vyatta-cfg-system (0.19.74) unstable; urgency=low + + [ Stephen Hemminger ] + * Remove unused parts of rl-system.init + + [ John Southworth ] + * Bugfix 7076: make add system image copy to /config instead of + /opt/vyatta/etc/config + + -- John Southworth Fri, 13 May 2011 11:55:40 -0500 + +vyatta-cfg-system (0.19.73) unstable; urgency=low + + * Fix Bug 7012 make /config available with init-floppy + + -- Mohit Mehta Wed, 11 May 2011 11:33:15 -0700 + +vyatta-cfg-system (0.19.72) unstable; urgency=low + + * support interactive mode for rest api for install image op mode + commands. + + -- Michael Larson Tue, 10 May 2011 14:22:05 -0700 + +vyatta-cfg-system (0.19.71) unstable; urgency=low + + * changes for new commit + * more changes for new commit + + -- An-Cheng Huang Tue, 10 May 2011 09:33:55 +0800 + +vyatta-cfg-system (0.19.70) unstable; urgency=low + + * Support netxen NIC irq naming convention + * Convert mac octets from hex + + -- Stephen Hemminger Mon, 09 May 2011 09:40:24 -0700 + +vyatta-cfg-system (0.19.69) unstable; urgency=low + + * Update help for console speed + + -- Stephen Hemminger Fri, 06 May 2011 12:10:08 -0700 + +vyatta-cfg-system (0.19.68) unstable; urgency=low + + * Update grub config to new syntax + * Make ext4 the default file system type + * Using ext4 for filesystem depends on newer version of grub + + -- Stephen Hemminger Thu, 05 May 2011 08:26:20 -0700 + +vyatta-cfg-system (0.19.67) unstable; urgency=low + + * Align install-image partition correctly + + -- Stephen Hemminger Wed, 04 May 2011 17:26:37 -0700 + +vyatta-cfg-system (0.19.66) unstable; urgency=low + + * Adjust root partition offset based on disk size + + -- Stephen Hemminger Tue, 03 May 2011 19:54:12 -0700 + +vyatta-cfg-system (0.19.65) unstable; urgency=low + + * Make irq affinity handle any irq naming convention + + -- Stephen Hemminger Tue, 03 May 2011 16:38:40 -0700 + +vyatta-cfg-system (0.19.64) unstable; urgency=low + + * Fix irq-affinity mapping for multiqueue NIC's + + -- Stephen Hemminger Mon, 02 May 2011 16:45:04 -0700 + +vyatta-cfg-system (0.19.63) unstable; urgency=low + + * Yet another better alignment start + + -- Stephen Hemminger Sat, 30 Apr 2011 10:32:50 -0700 + +vyatta-cfg-system (0.19.62) unstable; urgency=low + + * Fix alignment of root partition + + -- Stephen Hemminger Sat, 30 Apr 2011 09:49:31 -0700 + +vyatta-cfg-system (0.19.61) unstable; urgency=low + + * Tell parted to align disk partition + + -- Stephen Hemminger Thu, 28 Apr 2011 17:00:08 -0700 + +vyatta-cfg-system (0.19.60) unstable; urgency=low + + * Remove unsuccessful attempt to blacklist PC speaker + + -- Stephen Hemminger Wed, 27 Apr 2011 14:37:10 -0700 + +vyatta-cfg-system (0.19.59) unstable; urgency=low + + * Fix Bug 6811 ENH: add a proper post-configuration boot script + + -- Mohit Mehta Wed, 20 Apr 2011 14:25:26 -0700 + +vyatta-cfg-system (0.19.58) unstable; urgency=low + + * * run start-up script vyatta-config-reboot-params very early in boot + process + + -- Mohit Mehta Mon, 18 Apr 2011 18:14:09 -0700 + +vyatta-cfg-system (0.19.57) unstable; urgency=low + + * * Add help and checks for VRRP transition-script nodes + + -- Mohit Mehta Wed, 13 Apr 2011 18:02:09 -0700 + +vyatta-cfg-system (0.19.56) unstable; urgency=low + + * fix typo in irq-affinity + + -- Stephen Hemminger Wed, 13 Apr 2011 11:41:52 -0700 + +vyatta-cfg-system (0.19.55) unstable; urgency=low + + * Bonding script typo + * Fix irq naming convention mapping code + + -- Stephen Hemminger Wed, 13 Apr 2011 09:09:46 -0700 + +vyatta-cfg-system (0.19.54) unstable; urgency=low + + * Fix wrong name in get_irq_affinity + + -- Stephen Hemminger Tue, 12 Apr 2011 09:30:15 -0700 + +vyatta-cfg-system (0.19.53) unstable; urgency=low + + * Reset irq affinity when adding interface to bond group + + -- Stephen Hemminger Wed, 30 Mar 2011 15:08:39 -0700 + +vyatta-cfg-system (0.19.52) unstable; urgency=low + + * Remove these priorities as they are not needed. They are from an + earlier community submitted patch see bug 5491 + * Bugfix 6958: only call cleanup script for tunnel modules on the last + sibling deletion + + -- John Southworth Mon, 28 Mar 2011 18:19:32 -0500 + +vyatta-cfg-system (0.19.51) unstable; urgency=low + + * Update copybreak module param list + * Fix use of uninitialized ospeed + + -- Stephen Hemminger Fri, 25 Mar 2011 15:40:06 -0700 + +vyatta-cfg-system (0.19.50) unstable; urgency=low + + [ Stephen Hemminger ] + * Remove rsyslog logrotate file + + [ Robert Bays ] + * fix for bug 6919: Console settings don't support hvc0 for xen + * updated fix for bug 6919: Console settings don't support hvc0 for + xen + * match console type only once. + + [ Stephen Hemminger ] + * Handle irq assignment on multiqueue NIC + + -- Stephen Hemminger Wed, 16 Mar 2011 12:22:23 -0700 + +vyatta-cfg-system (0.19.49) unstable; urgency=low + + * Don't set speed duplex twice + * Remove flag file at end of transaction + * Speed/duplex setup improvements + + -- Stephen Hemminger Fri, 11 Mar 2011 14:56:40 -0800 + +vyatta-cfg-system (0.19.48) unstable; urgency=low + + [ Stephen Hemminger ] + * Fix typo in domain name regex + + [ Michael Larson ] + * fix for bug 6081. Warning, but allow commit to proceed if duplicate + address is found. + + -- Michael Larson Thu, 10 Mar 2011 10:53:58 -0800 + +vyatta-cfg-system (0.19.47) unstable; urgency=low + + * Test for ipv6 blacklist when configuring SNMP + + -- Stephen Hemminger Tue, 08 Mar 2011 09:49:14 -0800 + +vyatta-cfg-system (0.19.46) unstable; urgency=low + + * Fix SNMP ifAlias for more than 10 devices + + -- Stephen Hemminger Mon, 07 Mar 2011 16:13:26 -0800 + +vyatta-cfg-system (0.19.45) unstable; urgency=low + + * Fix network name scan for wireless + + -- Stephen Hemminger Thu, 03 Mar 2011 15:33:17 -0800 + +vyatta-cfg-system (0.19.44) unstable; urgency=low + + [ Stephen Hemminger ] + * Fix script to handle more than 10 interfaces + + [ John Southworth ] + * Bugfix 5491: Allow tunnel parameters to be changed on a + preconfigured tunnel + + -- John Southworth Thu, 03 Mar 2011 11:38:19 -0600 + +vyatta-cfg-system (0.19.43) unstable; urgency=low + + * Warn if attempting to force mask on multiqueue NIC + + -- Stephen Hemminger Tue, 01 Mar 2011 11:25:55 -0800 + +vyatta-cfg-system (0.19.42) unstable; urgency=low + + * Workaround Xen NIC address + + -- Stephen Hemminger Fri, 25 Feb 2011 11:23:30 -0800 + +vyatta-cfg-system (0.19.41) unstable; urgency=low + + * Increase upper limit of IPV6 route table + * Handle Vmware mulitqueue naming convention + * Don't set irq affinity if device is disabled + * Validate domain and host name + * Change where ipv6 route table size is increased + + -- Stephen Hemminger Fri, 25 Feb 2011 10:38:17 -0800 + +vyatta-cfg-system (0.19.40) unstable; urgency=low + + * Use standard mechanism to start/stop snmp + * Handle case of device with no active IRQ + + -- Stephen Hemminger Tue, 22 Feb 2011 10:07:39 -0800 + +vyatta-cfg-system (0.19.39) unstable; urgency=low + + * Fix syslog not reloading properly after changing the log level + + -- John Southworth Mon, 07 Feb 2011 14:24:31 -0600 + +vyatta-cfg-system (0.19.38) unstable; urgency=low + + * Bugfix 6773: Spread load of single-queue NICs across all CPUs. + + -- Bob Gilligan Thu, 03 Feb 2011 00:30:03 -0800 + +vyatta-cfg-system (0.19.37) unstable; urgency=low + + [ Mohit Mehta ] + * Fix Bug 6696 Internal error for release/renew dhcp interface under + op mode + + [ Robert Bays ] + * Fix grammar error in help string. + + [ Bob Gilligan ] + * Bugfix 6156: Allow time for renaming to complete before running + biosdevname + + -- Bob Gilligan Tue, 01 Feb 2011 10:52:49 -0800 + +vyatta-cfg-system (0.19.36) unstable; urgency=low + + [ Robert Bays ] + * Fix grammar error in help string. + + [ Mohit Mehta ] + * use val_help to present valid info for node + + -- Mohit Mehta Mon, 31 Jan 2011 12:56:34 -0800 + +vyatta-cfg-system (0.19.35) unstable; urgency=low + + * Fix Bug 6696 Internal error for release/renew dhcp interface under + op mode + + -- Mohit Mehta Thu, 27 Jan 2011 13:54:04 -0800 + +vyatta-cfg-system (0.19.34) unstable; urgency=low + + [ Stephen Hemminger ] + * Pass interface name correctly when deleting dhcpv6 + + [ Stig Thormodsrud ] + * Fix 6501: "clear vrrp master interface group " + doesnt work with sync groups. + + [ Stephen Hemminger ] + * Rearrange priority for pseudo-ethernet + * Rearrange priority for pseudo-ethernet + + [ Stig Thormodsrud ] + * Fix vrrp duplicate generation of last sync-group entry. + + -- Stig Thormodsrud Wed, 26 Jan 2011 15:43:08 -0800 + +vyatta-cfg-system (0.19.33) unstable; urgency=low + + [ Stephen Hemminger ] + * Revert "Add debug logging." + * Add logging to coldplug + * Add more debug output + * Don't fail if config.boot does not exist + * Pass interface name correctly when deleting dhcpv6 + + [ Stig Thormodsrud ] + * Fix 6501: "clear vrrp master interface group " + doesnt work with sync groups. + + -- Stig Thormodsrud Tue, 25 Jan 2011 11:14:33 -0800 + +vyatta-cfg-system (0.19.32) unstable; urgency=low + + [ Stephen Hemminger ] + * Change for rsyslog reload + + [ Bob Gilligan ] + * Add debug logging. + + -- Bob Gilligan Thu, 20 Jan 2011 22:25:40 -0800 + +vyatta-cfg-system (0.19.31) unstable; urgency=low + + * Remove call to tshark during vrrp state transition. + + -- Stig Thormodsrud Thu, 20 Jan 2011 18:18:26 -0800 + +vyatta-cfg-system (0.19.30) unstable; urgency=low + + [ Bob Gilligan ] + * Bugfix 6684: Don't delete wanpipe config files. + * Bugfix 6156: Policy must be given on command line. + * Bugfix 6668: Check to see if log files need rotation hourly. + * Bugfix 6687: Need to explicitly specify the RAID metadata version + number. + * Bugfix 6684: Don't delete wanpipe config files. + + [ Stephen Hemminger ] + * Cleanup old net-rules on upgrade + + [ Bob Gilligan ] + + -- Bob Gilligan Wed, 19 Jan 2011 20:10:16 -0800 + +vyatta-cfg-system (0.19.29) unstable; urgency=low + + * Bugfix 6687: Need to explicitly specify the RAID metadata version + number. + + -- Bob Gilligan Mon, 17 Jan 2011 23:05:43 -0800 + +vyatta-cfg-system (0.19.28) unstable; urgency=low + + * Bugfix 6668: Check to see if log files need rotation hourly. + + -- Bob Gilligan Mon, 17 Jan 2011 19:47:35 -0800 + +vyatta-cfg-system (0.19.27) unstable; urgency=low + + [ Stephen Hemminger ] + * Change priority of bonding device address + + [ Bob Gilligan ] + * Bugfix 6156: Policy must be given on command line. + + -- Bob Gilligan Sun, 16 Jan 2011 23:06:37 -0800 + +vyatta-cfg-system (0.19.26) unstable; urgency=low + + [ Stephen Hemminger ] + * Fix check for broadcast address + + [ Mohit Mehta ] + * Fix Bug 6599 ha_logd starting up by default + * skip 'new branch' commit from mendocino when using merge-branch + + -- Mohit Mehta Tue, 04 Jan 2011 17:50:17 -0800 + +vyatta-cfg-system (0.19.25) unstable; urgency=low + + * new branch + + -- An-Cheng Huang Tue, 28 Dec 2010 13:47:51 -0800 + +vyatta-cfg-system (0.19.24) unstable; urgency=low + + * Add more error recovery and disk space checking. + + -- Bob Gilligan Wed, 22 Dec 2010 02:34:19 -0800 + +vyatta-cfg-system (0.19.23) unstable; urgency=low + + * Affinity script was failing to configure some queues of multi-queue + NICs. + + -- Bob Gilligan Wed, 22 Dec 2010 01:23:08 -0800 + +vyatta-cfg-system (0.19.22) unstable; urgency=low + + * Add path to SSH V1 host key to config + + -- Stephen Hemminger Fri, 17 Dec 2010 11:23:31 -0800 + +vyatta-cfg-system (0.19.21) unstable; urgency=low + + * Don't regenerate ssh v1 key + * Add checking of protocol-version value + * Fix help for name-server + + -- Stephen Hemminger Thu, 16 Dec 2010 13:20:55 -0800 + +vyatta-cfg-system (0.19.20) unstable; urgency=low + + * Fix 6554: clear vrrp master tab completion results in cli api error + + -- Stig Thormodsrud Fri, 10 Dec 2010 18:51:36 -0800 + +vyatta-cfg-system (0.19.19) unstable; urgency=low + + * Fix 6453: After configuring VRRP on interface, VRRP is not active + until VRRP is manually restared with "restart vrrp" command. + + -- Stig Thormodsrud Fri, 10 Dec 2010 17:27:03 -0800 + +vyatta-cfg-system (0.19.18) unstable; urgency=low + + * Fix update of serial speed on all grub lines + + -- Stephen Hemminger Fri, 10 Dec 2010 14:54:00 -0800 + +vyatta-cfg-system (0.19.17) unstable; urgency=low + + * Allow telnet and ssh to start before routing protocols + + -- Stephen Hemminger Mon, 06 Dec 2010 17:13:11 -0800 + +vyatta-cfg-system (0.19.16) unstable; urgency=low + + * Fix check for unspecified IPv6 address + * Move is_local_address to common code + * Allow Ipv6 addresses in resolv.conf + * Move touch() perl to Vyatta::File + + -- Stephen Hemminger Mon, 06 Dec 2010 16:39:57 -0800 + +vyatta-cfg-system (0.19.15) unstable; urgency=low + + * Set up commit-revisions if configured after init-floppy. + + -- Stig Thormodsrud Sat, 04 Dec 2010 13:39:09 -0800 + +vyatta-cfg-system (0.19.14) unstable; urgency=low + + * Allow configuring console speed etc + * Allow more serial console lines + * Block accidental use of virtual consoles + * Mark the Vyatta specific section of inittab + + -- Stephen Hemminger Thu, 02 Dec 2010 17:17:26 -0800 + +vyatta-cfg-system (0.19.13) unstable; urgency=low + + * Cleanup leftover ipv6_no_fwd files + * Set group ownership and permissions on /var/run/vyatta + * Fix delete of mac address on bonding interface + + -- Stephen Hemminger Thu, 02 Dec 2010 13:30:48 -0800 + +vyatta-cfg-system (0.19.12) unstable; urgency=low + + * Speed up install-system progress bar + + -- Stephen Hemminger Wed, 01 Dec 2010 15:26:53 -0800 + +vyatta-cfg-system (0.19.11) unstable; urgency=low + + * Fix dhcpv6 client script + + -- Stephen Hemminger Tue, 30 Nov 2010 14:21:39 -0800 + +vyatta-cfg-system (0.19.10) unstable; urgency=low + + * Add dhcpv6 options for all interfaces that support DHCP + * Add duplicate address check on commit + * Remove old code for address insertion/deletion/validation + + -- Stephen Hemminger Tue, 30 Nov 2010 14:09:42 -0800 + +vyatta-cfg-system (0.19.9) unstable; urgency=low + + * Fix interface scanning on boot - allow more mac addresses + * Automatically configure physical device for wireless interfaces + + -- Stephen Hemminger Mon, 29 Nov 2010 17:16:45 -0800 + +vyatta-cfg-system (0.19.8) unstable; urgency=low + + * Fix use of undefined in comparison + + -- Stephen Hemminger Mon, 29 Nov 2010 16:06:03 -0800 + +vyatta-cfg-system (0.19.7) unstable; urgency=low + + * Remove module rather than deleting link device + + -- Stephen Hemminger Mon, 29 Nov 2010 12:23:53 -0800 + +vyatta-cfg-system (0.19.6) unstable; urgency=low + + * Don't let biosdevname look at wireless devices + + -- Stephen Hemminger Wed, 24 Nov 2010 16:50:26 -0800 + +vyatta-cfg-system (0.19.5) unstable; urgency=low + + * Fix tunnel cleanup script + + -- Stephen Hemminger Wed, 24 Nov 2010 12:24:52 -0800 + +vyatta-cfg-system (0.19.4) unstable; urgency=low + + * Add cpufrequtils default config file + * Fix range checking on bridge port priority is limited to 0-63 + * Revert "Don't need to rename vlan devices" + + -- Stephen Hemminger Wed, 24 Nov 2010 09:38:45 -0800 + +vyatta-cfg-system (0.19.3) unstable; urgency=low + + [ Bob Gilligan ] + * Bugfix 6457: Don't ask the question if you're not going to like the + answer. + * 0.19.2 + + [ Stephen Hemminger ] + * Don't allow zero for VRRP priority or VRID + * Bonding should have same VRRP rules as Ethernet + * typo in tunnel cleanup + * Don't need to rename vlan devices + * Make scripts executable + * Improve performance of syntax checks for vrrp address + * Use sockets to check if IP address is local + * Use unlink rather than system() to remove files in keepalive script + * Remove check function from keepalived perl script + + -- Stephen Hemminger Tue, 23 Nov 2010 19:03:23 -0800 + +vyatta-cfg-system (0.19.2) unstable; urgency=low + + [ Bob Gilligan ] + * Bugfix 6457: Don't ask the question if you're not going to like the + answer. + + [ Stephen Hemminger ] + * Don't allow zero for VRRP priority or VRID + * Bonding should have same VRRP rules as Ethernet + * typo in tunnel cleanup + + [ Bob Gilligan ] + + -- Bob Gilligan Sun, 21 Nov 2010 08:00:56 -0800 + +vyatta-cfg-system (0.19.1) unstable; urgency=low + + * Cleanup tunnel slave device on last delete + * Add utilities checking addresses + * Replace perl address validation with utility + * Use script vyatta-address to set interface + * Optimize lookup of local ip on tunnels + + -- Stephen Hemminger Mon, 22 Nov 2010 12:57:15 -0800 + +vyatta-cfg-system (0.18.21) unstable; urgency=low + + * Bugfix 6101: Make a syslog record when a new image is added. + + -- Bob Gilligan Sun, 21 Nov 2010 03:08:06 -0800 + +vyatta-cfg-system (0.18.20) unstable; urgency=low + + * Bring tunnel down before deleting + * When removing tunnel, remove encapsulation device + + -- Stephen Hemminger Thu, 18 Nov 2010 16:45:22 -0800 + +vyatta-cfg-system (0.18.19) unstable; urgency=low + + * Add more checks for bridge/bond conflicts + * Add syntax check for bridge interface name + * Fix help for syslog + + -- Stephen Hemminger Thu, 18 Nov 2010 13:14:48 -0800 + +vyatta-cfg-system (0.18.18) unstable; urgency=low + + * Add check for adding bridge-group and bond-group when setting + address + * Add check for interface address before putting it in bonded device + * Cleanup bridge port management + * Cleanup bond-group syntax and commit checks + + -- Stephen Hemminger Wed, 17 Nov 2010 20:46:53 -0800 + +vyatta-cfg-system (0.18.17) unstable; urgency=low + + * Allow longer domain-name values + * Remove useless comment + * Add address checks to bonding + + -- Stephen Hemminger Wed, 17 Nov 2010 15:58:01 -0800 + +vyatta-cfg-system (0.18.16) unstable; urgency=low + + * Add option to disable host validation (DNS) for SSH + * Add ability to configure SSH listen address + * Add ability to configure telnet listen-addres + * Need to restart telnet if port or listen-address changes + + -- Stephen Hemminger Tue, 16 Nov 2010 16:25:44 -0800 + +vyatta-cfg-system (0.18.15) unstable; urgency=low + + * update call to error location api. + + -- Michael Larson Tue, 16 Nov 2010 09:34:32 -0800 + +vyatta-cfg-system (0.18.14) unstable; urgency=low + + * Restore IRQ affinity when device is renabled + + -- Stephen Hemminger Mon, 15 Nov 2010 13:56:33 -0800 + +vyatta-cfg-system (0.18.13) unstable; urgency=low + + * Add hw-id for existing interfaces to config + + -- Stephen Hemminger Mon, 15 Nov 2010 13:14:04 -0800 + +vyatta-cfg-system (0.18.12) unstable; urgency=low + + * Move cleanup of serial interface into rl-system.init + + -- Stephen Hemminger Mon, 15 Nov 2010 10:43:27 -0800 + +vyatta-cfg-system (0.18.11) unstable; urgency=low + + * Add more checks on VLAN + * Change mode on all executable scripts + * remove deprecated linda override + * New IRQ affinity script and RPS support + * Fix irq-affinity for special cases + * Fix is_supported_speed matching + + -- Stephen Hemminger Fri, 12 Nov 2010 14:51:08 -0800 + +vyatta-cfg-system (0.18.10) unstable; urgency=low + + * Fix path to ethtool + * Check speed and duplex settings on Ethernet interfaces + * Don't produce warnings for drivers that don't support ethtool + + -- Stephen Hemminger Mon, 08 Nov 2010 15:13:17 -0800 + +vyatta-cfg-system (0.18.9) unstable; urgency=low + + * Add special case for single-queue NICs using multi-queue naming + format. + + -- Bob Gilligan Thu, 04 Nov 2010 12:26:39 -0700 + +vyatta-cfg-system (0.18.8) unstable; urgency=low + + * Fix to show ifAlias of loopback + + -- Stephen Hemminger Wed, 03 Nov 2010 13:39:06 -0700 + +vyatta-cfg-system (0.18.7) unstable; urgency=low + + * Remove non-functional commit test on mtu of vif + + -- Stephen Hemminger Tue, 02 Nov 2010 13:06:34 -0700 + +vyatta-cfg-system (0.18.6) unstable; urgency=low + + * Allow setting MTU of VIF + * Priority change for bridging a bonded vif + * Priority change for bridging a bonded vif + + -- Stephen Hemminger Tue, 02 Nov 2010 08:41:59 -0700 + +vyatta-cfg-system (0.18.5) unstable; urgency=low + + * Fix goto in vyatta-net.rules + * Add net-snmp ifAlias hook + + -- Stephen Hemminger Fri, 29 Oct 2010 11:33:08 -0700 + +vyatta-cfg-system (0.18.4) unstable; urgency=low + + * fix for bug 6388 + + -- An-Cheng Huang Thu, 28 Oct 2010 18:14:26 -0700 + +vyatta-cfg-system (0.18.3) unstable; urgency=low + + * Don't rename vif and other non-driver interfaces + + -- Stephen Hemminger Wed, 27 Oct 2010 11:08:12 -0700 + +vyatta-cfg-system (0.18.2) unstable; urgency=low + + * Fix set on uniproc machine + + -- Stephen Hemminger Wed, 27 Oct 2010 10:53:42 -0700 + +vyatta-cfg-system (0.18.1) unstable; urgency=low + + * IRQ affinity update + * Update dependency on vyatta-cfg + * Add irqaffin to Makefile + * Fix overwrite of irq commands + + -- Stephen Hemminger Wed, 27 Oct 2010 10:47:46 -0700 + +vyatta-cfg-system (0.17.128) unstable; urgency=low + + * Use pgrep to check if ntp running + + -- Stephen Hemminger Tue, 26 Oct 2010 20:37:46 -0700 + +vyatta-cfg-system (0.17.127) unstable; urgency=low + + * Move config-mgmt to it's own package. + + -- Stig Thormodsrud Tue, 26 Oct 2010 14:48:23 -0700 + +vyatta-cfg-system (0.17.126) unstable; urgency=low + + * Change vyatta_net_name into a perl script + * Sort the interface names when adding + + -- Stephen Hemminger Tue, 26 Oct 2010 14:35:45 -0700 + +vyatta-cfg-system (0.17.125) unstable; urgency=low + + * Fix bond hash policy + * Fix typo in hash_policy + * Wait to bring up bond interface until end + * Add bonding ARP monitor parmeters + + -- Stephen Hemminger Mon, 25 Oct 2010 10:20:08 -0700 + +vyatta-cfg-system (0.17.124) unstable; urgency=low + + * Fix commit-uri bug. + + -- Stig Thormodsrud Sat, 23 Oct 2010 12:14:47 -0700 + +vyatta-cfg-system (0.17.123) unstable; urgency=low + + * Fist pass at adding archive to uri on commit. + + -- Stig Thormodsrud Fri, 22 Oct 2010 17:38:43 -0700 + +vyatta-cfg-system (0.17.122) unstable; urgency=low + + * Make empty config files readable + + -- Stephen Hemminger Wed, 20 Oct 2010 17:34:06 -0700 + +vyatta-cfg-system (0.17.121) unstable; urgency=low + + [ Stephen Hemminger ] + * keep serial console until configuration is working + + [ An-Cheng Huang ] + + -- An-Cheng Huang Tue, 19 Oct 2010 18:24:47 -0700 + +vyatta-cfg-system (0.17.120) unstable; urgency=low + + * Neuter the serial console config until it works + + -- Stephen Hemminger Mon, 18 Oct 2010 12:00:29 -0700 + +vyatta-cfg-system (0.17.119) unstable; urgency=low + + * Fix syntax error in vyatta_update_console.pl. + + -- Stig Thormodsrud Sat, 16 Oct 2010 10:04:44 -0700 + +vyatta-cfg-system (0.17.118) unstable; urgency=low + + * Add ability to set transmit hash policy + * Handle error cases on console update + * 0.17.117 + + -- Stephen Hemminger Fri, 15 Oct 2010 15:56:56 -0700 + +vyatta-cfg-system (0.17.117) unstable; urgency=low + + [ root ] + * change to accessor for outputerror + + [ Stephen Hemminger ] + + -- Stephen Hemminger Fri, 15 Oct 2010 15:55:50 -0700 + +vyatta-cfg-system (0.17.116) unstable; urgency=low + + * Add ability to run modem getty + + -- Stephen Hemminger Fri, 15 Oct 2010 10:35:46 -0700 + +vyatta-cfg-system (0.17.115) unstable; urgency=low + + * Change speed in grub config as well + + -- Stephen Hemminger Thu, 14 Oct 2010 17:23:31 -0700 + +vyatta-cfg-system (0.17.114) unstable; urgency=low + + * Add better control over console screen blanker + * Need sudo to change console settings + + -- Stephen Hemminger Thu, 14 Oct 2010 16:58:42 -0700 + +vyatta-cfg-system (0.17.113) unstable; urgency=low + + * Turn off screen blanking on console + * Need to be root to write /etc/inittab + * Restore old motd and login banner + * Remove serial console before config + + -- Stephen Hemminger Thu, 14 Oct 2010 16:18:35 -0700 + +vyatta-cfg-system (0.17.112) unstable; urgency=low + + * Add support for setting up serial console ports + * Fix email address in changelog + * Fix regexp used for disabling up serial with Xen + * Fix serial console setup functions + * Change syntax for console config + + -- Stephen Hemminger Thu, 14 Oct 2010 15:08:42 -0700 + +vyatta-cfg-system (0.17.111) unstable; urgency=low + + * Revise new ntp server config + + -- Stephen Hemminger Wed, 13 Oct 2010 18:12:44 -0700 + +vyatta-cfg-system (0.17.110) unstable; urgency=low + + * Migrate NTP server to services ntp + + -- Stephen Hemminger Wed, 13 Oct 2010 18:04:09 -0700 + +vyatta-cfg-system (0.17.109) unstable; urgency=low + + * Add default vyatta rsyslog config rules + + -- Stephen Hemminger Mon, 11 Oct 2010 12:22:30 -0700 + +vyatta-cfg-system (0.17.108) unstable; urgency=low + + * Add LSB support information to telnetd.init + * Add ubuntu changes to rsyslog + + -- Stephen Hemminger Sun, 10 Oct 2010 11:42:35 -0700 + +vyatta-cfg-system (0.17.107) unstable; urgency=low + + [ root ] + * modified reference error location. + + [ Stephen Hemminger ] + * Check if SNMP is running before starting + + -- Stephen Hemminger Sat, 09 Oct 2010 15:51:50 -0700 + +vyatta-cfg-system (0.17.106) unstable; urgency=low + + * use new error reference location method + + -- root Fri, 08 Oct 2010 12:13:11 -0700 + +vyatta-cfg-system (0.17.105) unstable; urgency=low + + * Convert from syslog to rsyslog + + -- Stephen Hemminger Fri, 08 Oct 2010 17:12:41 -0700 + +vyatta-cfg-system (0.17.104) unstable; urgency=low + + [ Stephen Hemminger ] + * Add dependency on Squeeze version of udev + * Change udev network naming to be more cooperative + * Put udev rules in /lib/udev + + [ Mohit Mehta ] + * moved code for zones to vyatta-zone package + + -- Mohit Mehta Thu, 07 Oct 2010 19:16:02 -0700 + +vyatta-cfg-system (0.17.103) unstable; urgency=low + + * Update hwclockfirst fixup for Squeeze + * Fix sysklog dependency + * List rsyslog package dependency + + -- Stephen Hemminger Thu, 07 Oct 2010 11:40:06 -0700 + +vyatta-cfg-system (0.17.102) unstable; urgency=low + + * * update count_iptables module usage + + -- Mohit Mehta Tue, 21 Sep 2010 21:15:28 -0700 + +vyatta-cfg-system (0.17.101) unstable; urgency=low + + * * use count_iptables_rule from MISC module + + -- Mohit Mehta Tue, 21 Sep 2010 17:37:14 -0700 + +vyatta-cfg-system (0.17.100) unstable; urgency=low + + * Bugfix 6210: Fix up case where login section is missing from config + file. + + -- Bob Gilligan Sat, 18 Sep 2010 01:56:15 -0700 + +vyatta-cfg-system (0.17.99) unstable; urgency=low + + * fix init-floppy for squeeze + + -- An-Cheng Huang Mon, 20 Sep 2010 15:23:36 -0700 + +vyatta-cfg-system (0.17.98) unstable; urgency=low + + * Bugfix 6210: Fix parsing of config file + + -- Bob Gilligan Fri, 17 Sep 2010 22:38:07 -0700 + +vyatta-cfg-system (0.17.97) unstable; urgency=low + + * partial fix for bug 6152 + * more fixes for bug 6152 + + -- An-Cheng Huang Mon, 13 Sep 2010 18:53:48 -0700 + +vyatta-cfg-system (0.17.96) unstable; urgency=low + + * rename pre-mendocino ipv6 modprobe files to add .conf suffix + + -- Mohit Mehta Mon, 13 Sep 2010 15:49:40 -0700 + +vyatta-cfg-system (0.17.95) unstable; urgency=low + + * Enforce username length restriction + * Fix quoting issues with conversion to lower case + * Fix quoting of shell -z + + -- Stephen Hemminger Wed, 08 Sep 2010 09:41:40 -0700 + +vyatta-cfg-system (0.17.94) unstable; urgency=low + + * Change modprobe.d files to .conf + * Update to current udev + * Update sound blacklist fix + + -- Stephen Hemminger Tue, 07 Sep 2010 09:55:34 -0700 + +vyatta-cfg-system (0.17.93) unstable; urgency=low + + [ Stephen Hemminger ] + * Remove ifDescr override + + [ An-Cheng Huang ] + * fix squeeze paths + + -- An-Cheng Huang Fri, 03 Sep 2010 14:44:40 -0700 + +vyatta-cfg-system (0.17.92) unstable; urgency=low + + * Bugfix 5499: Fix restrictions on IPv6 addresses. + + -- Bob Gilligan Tue, 31 Aug 2010 02:58:11 -0700 + +vyatta-cfg-system (0.17.91) unstable; urgency=low + + [ Stephen Hemminger ] + * Add dependency on libcap2-bin + + [ Bob Gilligan ] + * Bugfix 6085: Use "-x" flag instead of "-r" to kill the old dhclient + process + + -- Bob Gilligan Mon, 30 Aug 2010 02:33:54 -0700 + +vyatta-cfg-system (0.17.90) unstable; urgency=low + + * Add checking of port range + * Add check for port range on SNMP listen port value + * Generate interface description + + -- Stephen Hemminger Mon, 23 Aug 2010 15:03:23 -0700 + +vyatta-cfg-system (0.17.89) unstable; urgency=low + + * update help text to use val_help + + -- An-Cheng Huang Tue, 17 Aug 2010 15:31:11 -0700 + +vyatta-cfg-system (0.17.88) unstable; urgency=low + + * Don't delete existing root password + + -- Stephen Hemminger Tue, 17 Aug 2010 15:22:55 -0700 + +vyatta-cfg-system (0.17.87) unstable; urgency=low + + * Add vrrp parameters to transition script. + + -- Stig Thormodsrud Tue, 17 Aug 2010 11:59:45 -0700 + +vyatta-cfg-system (0.17.86) unstable; urgency=low + + * remove more low-level config dir usages + + -- An-Cheng Huang Mon, 16 Aug 2010 18:52:07 -0700 + +vyatta-cfg-system (0.17.85) unstable; urgency=low + + * remove low-level config dir usage + + -- An-Cheng Huang Mon, 16 Aug 2010 18:15:01 -0700 + +vyatta-cfg-system (0.17.84) unstable; urgency=low + + * remove low-level config dir usage + + -- An-Cheng Huang Mon, 16 Aug 2010 15:47:03 -0700 + +vyatta-cfg-system (0.17.83) unstable; urgency=low + + * remove "node.val" usages + + -- An-Cheng Huang Thu, 12 Aug 2010 14:13:07 -0700 + +vyatta-cfg-system (0.17.82) unstable; urgency=low + + * use listEffectiveNodes() from new API + + -- An-Cheng Huang Mon, 02 Aug 2010 17:17:30 -0700 + +vyatta-cfg-system (0.17.81) unstable; urgency=low + + * Bugfix 5964: Eliminate unnecessary version check. + + -- Bob Gilligan Mon, 02 Aug 2010 16:38:53 -0700 + +vyatta-cfg-system (0.17.80) unstable; urgency=low + + * new API change + + -- An-Cheng Huang Mon, 02 Aug 2010 15:45:23 -0700 + +vyatta-cfg-system (0.17.79) unstable; urgency=low + + * add comments and missing function + + -- An-Cheng Huang Fri, 30 Jul 2010 18:13:00 -0700 + +vyatta-cfg-system (0.17.78) unstable; urgency=low + + * Bugfix 5711: Don't allow special characters in image names. + + -- Bob Gilligan Wed, 28 Jul 2010 02:47:32 -0700 + +vyatta-cfg-system (0.17.77) unstable; urgency=low + + * new API changes + + -- An-Cheng Huang Fri, 30 Jul 2010 17:26:20 -0700 + +vyatta-cfg-system (0.17.76) unstable; urgency=low + + [ Stephen Hemminger ] + * Change ranges for bridge parameters + * Fix typo in last change + + [ Bob Gilligan ] + * Bugfix 5929: Preserve SSH host keys during image installation. + + -- Bob Gilligan Tue, 27 Jul 2010 19:47:45 -0700 + +vyatta-cfg-system (0.17.75) unstable; urgency=low + + * UNRELEASED + + -- An-Cheng Huang Thu, 22 Jul 2010 17:23:36 -0700 + +vyatta-cfg-system (0.17.74) unstable; urgency=low + + * More fixes to standalone password reset + + -- Stephen Hemminger Thu, 22 Jul 2010 15:09:01 -0700 + +vyatta-cfg-system (0.17.73) unstable; urgency=low + + [ Stephen Hemminger ] + * Make standalone password recovery more robust + + [ An-Cheng Huang ] + * remove unused options + + -- An-Cheng Huang Thu, 22 Jul 2010 12:13:05 -0700 + +vyatta-cfg-system (0.17.72) unstable; urgency=low + + * Move input interface over to Qos package + + -- Stephen Hemminger Wed, 21 Jul 2010 17:46:50 -0700 + +vyatta-cfg-system (0.17.71) unstable; urgency=low + + * Use pgrep to count number of matching processes + * Use val_help: for interface name help + * Use expression to validate VRRP password + * Add proxy-arp over bonding + * Fix help completion text + * Fix formatting of static-host mapping val help + * Add completion for text fields with limited values + * Fix completion on multi-type node + + -- Stephen Hemminger Wed, 21 Jul 2010 15:45:39 -0700 + +vyatta-cfg-system (0.17.70) unstable; urgency=low + + [ Stephen Hemminger ] + * Fix language in help text for loadkey + * Use val_help: for Ethernet interface parameters + * bonding vif val_help + * Loopback address node cleanup + * Convert tunnel parameters to new help format + * Convert public-keys help to new format + * Revise static-host-mapping + * Use val_help: features to format better + * Convert syslog commands to new CLI help style + + [ An-Cheng Huang ] + * fix typo, val_help, etc. + + [ Stephen Hemminger ] + * Convert VRRP preempt to bool + * Convert VRRP to new CLI help style + + [ Bob Gilligan ] + * Bugfix 5512: Have grub.cfg use the vmlinuz and initrd.img symlinks + if available + + -- Bob Gilligan Mon, 19 Jul 2010 17:45:16 -0700 + +vyatta-cfg-system (0.17.69) unstable; urgency=low + + [ Stephen Hemminger ] + * Remove verbs from all help messages + * Covert bonding mode to val_help + * Use val_help: for interface MTU nodes + * Bridge parameter node update + * Use val_help in zone-policy + * Fix old invalid email addresses in changelog + + [ An-Cheng Huang ] + * fix typo + + [ Stephen Hemminger ] + + -- Stephen Hemminger Mon, 19 Jul 2010 11:08:12 -0700 + +vyatta-cfg-system (0.17.68) unstable; urgency=low + + * Add syntax validation for bridge STP parameters + * Use val_help: for address nodes + + -- Stephen Hemminger Fri, 16 Jul 2010 17:30:20 -0700 + +vyatta-cfg-system (0.17.67) unstable; urgency=low + + * Bugfix 5557: Properly update initrd symlink. + + -- Bob Gilligan Wed, 14 Jul 2010 15:01:20 -0700 + +vyatta-cfg-system (0.17.66) unstable; urgency=low + + * Enable putting core files /var/core + + -- Stephen Hemminger Wed, 14 Jul 2010 16:25:22 -0700 + +vyatta-cfg-system (0.17.65) unstable; urgency=low + + * Bugfix 5845, 5557: Install vyatta-update-grub.pl in + /opt/vyatta/sbin. + + -- Bob Gilligan Wed, 14 Jul 2010 15:45:28 -0700 + +vyatta-cfg-system (0.17.64) unstable; urgency=low + + * Bugfix 5557: Add script to help update grub after full upgrade. + * Move vyatta-update-grub.pl to the vyatta-base package. + * Revert "Move vyatta-update-grub.pl to the vyatta-base package." + * Select kernel to boot based on current running kernel type. + + -- Bob Gilligan Wed, 14 Jul 2010 11:12:37 -0700 + +vyatta-cfg-system (0.17.63) unstable; urgency=low + + * Fix install-system if not saving old image config + + -- Stephen Hemminger Thu, 08 Jul 2010 09:44:16 -0700 + +vyatta-cfg-system (0.17.62) unstable; urgency=low + + * Don't need explict sync in init-floppy + * Change user name validation + * Allow incorrect user to be deleted + + -- Stephen Hemminger Tue, 06 Jul 2010 19:14:50 -0700 + +vyatta-cfg-system (0.17.61) unstable; urgency=low + + * Corrected the fix for bug 5408. + + -- Deepti Kulkarni Tue, 06 Jul 2010 16:40:24 +0000 + +vyatta-cfg-system (0.17.60) unstable; urgency=low + + * Update failover-mechanism sync-group CLI path and add + + -- Mohit Mehta Thu, 01 Jul 2010 17:40:10 -0700 + +vyatta-cfg-system (0.17.59) unstable; urgency=low + + * Fix 5675: clearing vrrp master for an interface group removes sync- + group config + + -- Stig Thormodsrud Thu, 01 Jul 2010 14:11:18 -0700 + +vyatta-cfg-system (0.17.58) unstable; urgency=low + + * Touch file before setting capability + + -- Stephen Hemminger Thu, 01 Jul 2010 13:37:07 -0700 + +vyatta-cfg-system (0.17.57) unstable; urgency=low + + [ root ] + * fix for bug 5408. + + [ Deepti Kulkarni ] + * Revert "fix for bug 5408." + * fix for bug 5408. + + -- Deepti Kulkarni Thu, 01 Jul 2010 16:53:34 +0000 + +vyatta-cfg-system (0.17.56) unstable; urgency=low + + [ Stephen Hemminger ] + * Remove sudo from tunnel command + * Fix path to ipset + + [ Michael Larson ] + * fix for bug 5663 + + -- Michael Larson Mon, 21 Jun 2010 11:09:56 -0700 + +vyatta-cfg-system (0.17.55) unstable; urgency=low + + * initial support for gre-bridge tunnels. + + -- Robert Bays Thu, 17 Jun 2010 23:33:45 -0700 + +vyatta-cfg-system (0.17.54) unstable; urgency=low + + * Remove sudo from ip command + * Remove unnecessary :expression: syntax + * Remove sudo from brctl + * Remove capability from ping + * Don't need audit write on vbash + + -- Stephen Hemminger Thu, 17 Jun 2010 14:46:35 -0700 + +vyatta-cfg-system (0.17.53) unstable; urgency=low + + * * make vrrp work with conntrack-sync + * * perltidy vyatta-keepalived.pl + + -- Mohit Mehta Wed, 09 Jun 2010 15:01:47 -0700 + +vyatta-cfg-system (0.17.52) unstable; urgency=low + + * Add skip option to vyatta-interfaces + + -- Stephen Hemminger Mon, 07 Jun 2010 16:28:13 -0700 + +vyatta-cfg-system (0.17.51) unstable; urgency=low + + * Using "send dhcp6.oro" is no longer required in config file. + + -- Bob Gilligan Sun, 30 May 2010 07:14:32 -0700 + +vyatta-cfg-system (0.17.50) unstable; urgency=low + + * Fix use of bareword file handles + * Set file capability attributes + * Add pam_cap capability configuration + + -- Stephen Hemminger Fri, 04 Jun 2010 14:10:09 -0700 + +vyatta-cfg-system (0.17.49) unstable; urgency=low + + * move list functions to vrrp perl module so other scripts can use it + as well + + -- Mohit Mehta Thu, 03 Jun 2010 16:32:05 -0700 + +vyatta-cfg-system (0.17.48) unstable; urgency=low + + * fix for bug 5656 + + -- An-Cheng Huang Thu, 03 Jun 2010 14:55:46 -0700 + +vyatta-cfg-system (0.17.47) unstable; urgency=low + + * Fix 5521: Cannot Delete vif with vrrp configured. + + -- Stig Thormodsrud Tue, 01 Jun 2010 15:24:45 -0700 + +vyatta-cfg-system (0.17.46) unstable; urgency=low + + * Move DHCPv6 client configuration to this package and restructre + parameters. + + -- Bob Gilligan Wed, 26 May 2010 16:12:45 -0700 + +vyatta-cfg-system (0.17.45) unstable; urgency=low + + * Don't enable PAM Radius by default + + -- Stephen Hemminger Mon, 24 May 2010 10:46:08 -0700 + +vyatta-cfg-system (0.17.44) unstable; urgency=low + + * don't start conntrackd itself + + -- Mohit Mehta Thu, 20 May 2010 19:29:10 -0700 + +vyatta-cfg-system (0.17.43) unstable; urgency=low + + * Add enable-proxy-arp to vif interface. + + -- Stig Thormodsrud Wed, 19 May 2010 20:16:12 -0700 + +vyatta-cfg-system (0.17.42) unstable; urgency=low + + * Change SNMP community handling + * Fix syntax of default listen address + + -- Stephen Hemminger Fri, 14 May 2010 11:01:48 -0700 + +vyatta-cfg-system (0.17.41) unstable; urgency=low + + * Revert "Snmp Ipv6 support" + * Better version of SNMP IPv6 support + * Allow configuring/restricting SNMP listen address + + -- Stephen Hemminger Wed, 12 May 2010 21:02:35 -0700 + +vyatta-cfg-system (0.17.40) unstable; urgency=low + + * Snmp Ipv6 support + * Show progress bar when copying filesystem + + -- Stephen Hemminger Wed, 12 May 2010 14:34:54 -0700 + +vyatta-cfg-system (0.17.39) unstable; urgency=low + + * Preserve file capablities and attributes during install-system + * Preserve file attributes of root files + + -- Stephen Hemminger Fri, 07 May 2010 15:25:22 -0700 + +vyatta-cfg-system (0.17.38) unstable; urgency=low + + * Add code to check digital signature of image files. + + -- Bob Gilligan Mon, 03 May 2010 17:21:10 -0700 + +vyatta-cfg-system (0.17.37) unstable; urgency=low + + * Allow user to name system images when installing them. + + -- Bob Gilligan Fri, 30 Apr 2010 15:48:57 -0700 + +vyatta-cfg-system (0.17.36) unstable; urgency=low + + * Ignore comments in level file + * Set capabilities on standard utilities + * Make interface help completion strings consistent + * Revert "Set capabilities on standard utilities" + + -- Stephen Hemminger Tue, 27 Apr 2010 15:27:49 -0700 + +vyatta-cfg-system (0.17.35) unstable; urgency=low + + * Configure IFB devices earlier in boot + + -- Stephen Hemminger Fri, 16 Apr 2010 11:35:23 -0700 + +vyatta-cfg-system (0.17.34) unstable; urgency=low + + * Rename in0 to ifb0 + + -- Stephen Hemminger Thu, 15 Apr 2010 13:16:38 -0700 + +vyatta-cfg-system (0.17.33) unstable; urgency=low + + * For Bug 5625 Not ready for DNSSEC implementation + + -- Mohit Mehta Wed, 14 Apr 2010 16:22:44 -0700 + +vyatta-cfg-system (0.17.32) unstable; urgency=low + + * increase xen hypervisor heap size + + -- An-Cheng Huang Fri, 09 Apr 2010 18:35:29 -0700 + +vyatta-cfg-system (0.17.31) unstable; urgency=low + + * Add input pseudo-interface configuration + + -- Stephen Hemminger Tue, 06 Apr 2010 09:27:17 -0700 + +vyatta-cfg-system (0.17.30) unstable; urgency=low + + * Use 3 arg open + * Use 3 arg open to create pipe + * Ignore errors from ethtool when setting speed/duplex + + -- Stephen Hemminger Mon, 05 Apr 2010 22:20:49 -0700 + +vyatta-cfg-system (0.17.29) unstable; urgency=low + + * Fail gracefully if path is unknown + + -- Stephen Hemminger Mon, 05 Apr 2010 16:17:35 -0700 + +vyatta-cfg-system (0.17.28) unstable; urgency=low + + * Improve wording of config info save dialog. + + -- Bob Gilligan Tue, 30 Mar 2010 12:02:35 -0700 + +vyatta-cfg-system (0.17.27) unstable; urgency=low + + * Ignore setting CPU affinity on UP systems + * Fix test for UP + + -- Stephen Hemminger Mon, 29 Mar 2010 16:34:57 -0700 + +vyatta-cfg-system (0.17.26) unstable; urgency=low + + * run snmpd as user snmp + + -- An-Cheng Huang Wed, 24 Mar 2010 19:08:22 -0700 + +vyatta-cfg-system (0.17.25) unstable; urgency=low + + * Fix Bug 5487 http redirect url address placed on the router gets + blocked by + + -- Mohit Mehta Wed, 24 Mar 2010 15:31:16 -0700 + +vyatta-cfg-system (0.17.24) unstable; urgency=low + + * Fix Bug 5386 L2TP will work only the first time Vyatta is booted + + -- Mohit Mehta Sat, 20 Mar 2010 22:43:27 -0700 + +vyatta-cfg-system (0.17.23) unstable; urgency=low + + [ Michael Larson ] + * fixes commit warning when run invoked via the api--getlogin() may + return an undefined value as the process is a child process + + [ Bob Gilligan ] + * Bugfix 5449: Maintain "console affinity" when adding a new image. + + -- Bob Gilligan Thu, 18 Mar 2010 18:03:55 -0700 + +vyatta-cfg-system (0.17.22) unstable; urgency=low + + * Remove Radius Server config file on reboot + * Handle devices that do not report ethtool + + -- Stephen Hemminger Wed, 17 Mar 2010 11:29:44 -0700 + +vyatta-cfg-system (0.17.21) unstable; urgency=low + + * Make /var/run/vyatta and /var/log/vyatta + * Use userdel -f to force removal of user + * Better version of forcing user logout + + -- Stephen Hemminger Mon, 15 Mar 2010 10:45:04 -0700 + +vyatta-cfg-system (0.17.20) unstable; urgency=low + + [ Stephen Hemminger ] + * Disable SELinux during password reset + * Fix case of VGA_LOGO option + + [ Mohit Mehta ] + * * Fix BZ 5334 services start automatically on boot up after upgrade + to kenwood + + [ Stephen Hemminger ] + * Run partition editor with script flag to avoid prompting user + * Force user process to die + + -- Stephen Hemminger Fri, 12 Mar 2010 10:01:06 -0800 + +vyatta-cfg-system (0.17.19) unstable; urgency=low + + * Bugfix 5021: Make smp_affinity configuration tolerant of failures. + + -- Bob Gilligan Tue, 09 Mar 2010 15:49:56 -0800 + +vyatta-cfg-system (0.17.18) unstable; urgency=low + + [ Stephen Hemminger ] + * Set primary interface after bond-group is initialized + + [ Bob Gilligan ] + * Bugfix 5424: Allow image with same version to be added to disk-based + install + + -- Bob Gilligan Tue, 09 Mar 2010 11:08:49 -0800 + +vyatta-cfg-system (0.17.17) unstable; urgency=low + + * Use more reliable method for determining system version. + + -- Bob Gilligan Mon, 08 Mar 2010 17:37:20 -0800 + +vyatta-cfg-system (0.17.16) unstable; urgency=low + + * Bugfix 5416: determine system version from version of vyatta-version + package + + -- Bob Gilligan Mon, 08 Mar 2010 16:19:08 -0800 + +vyatta-cfg-system (0.17.15) unstable; urgency=low + + * Bugfix 5360: Get name of image from correct source. + + -- Bob Gilligan Mon, 08 Mar 2010 14:51:58 -0800 + +vyatta-cfg-system (0.17.14) unstable; urgency=low + + [ Stephen Hemminger ] + * Fixup xl2tpd init during install + + [ Bob Gilligan ] + * Bugfix 5414: Use correct install root reference when copying back + SSH keys. + + -- Bob Gilligan Mon, 08 Mar 2010 14:17:56 -0800 + +vyatta-cfg-system (0.17.13) unstable; urgency=low + + * Bugfix 5413: Determine system version from vyatta-version package. + + -- Bob Gilligan Fri, 05 Mar 2010 13:07:33 -0800 + +vyatta-cfg-system (0.17.12) unstable; urgency=low + + * Bugfix 5404: Handle RAID re-sync on image-installed systems. + + -- Bob Gilligan Wed, 03 Mar 2010 18:09:55 -0800 + +vyatta-cfg-system (0.17.11) unstable; urgency=low + + * Bugfix 5377: strict-dad must be applied before interfaces are + configured + + -- Bob Gilligan Mon, 01 Mar 2010 14:19:23 -0800 + +vyatta-cfg-system (0.17.10) unstable; urgency=low + + * Bugfix 5217: Don't use the "-#" option to curl. It runs slow on + serial ports. + + -- Bob Gilligan Thu, 25 Feb 2010 11:50:19 -0800 + +vyatta-cfg-system (0.17.9) unstable; urgency=low + + * Bugfix 5377: Add parameter to control behavior when DAD fails. + + -- Bob Gilligan Tue, 23 Feb 2010 15:53:53 -0800 + +vyatta-cfg-system (0.17.8) unstable; urgency=low + + [ Stephen Hemminger ] + * Handle empty set of public keys + + [ Stig Thormodsrud ] + * Fix 5157: dhcpclient doesn't work when alternative mac address + specified on bootup + + -- Stig Thormodsrud Sun, 21 Feb 2010 20:21:32 -0800 + +vyatta-cfg-system (0.17.7) unstable; urgency=low + + * Fix Bug 5064 can't delete bridge group and membership in one commit + + -- Mohit Mehta Thu, 18 Feb 2010 17:28:54 -0800 + +vyatta-cfg-system (0.17.6) unstable; urgency=low + + * UNRELEASED + + -- An-Cheng Huang Wed, 17 Feb 2010 16:13:35 -0800 + +vyatta-cfg-system (0.17.5) unstable; urgency=low + + * Handle DSA keys + * Add support for options in keyfile + + -- Stephen Hemminger Wed, 17 Feb 2010 12:52:02 -0800 + +vyatta-cfg-system (0.17.4) unstable; urgency=low + + * Speed up VIF creation + * Check current status (not configured value) when enabling vlan + device + * Use template to do syntax checks on ethernet device name + + -- Stephen Hemminger Tue, 16 Feb 2010 17:37:10 -0800 + +vyatta-cfg-system (0.17.3) unstable; urgency=low + + * Don't allow format strings in snmp-community + * Add syntax check for vif name where non-vif expected + * Use die function for failures + + -- Stephen Hemminger Tue, 16 Feb 2010 13:58:55 -0800 + +vyatta-cfg-system (0.17.2) unstable; urgency=low + + * Bugfix 5327: Don't try to save config from images with none. + + -- Bob Gilligan Tue, 16 Feb 2010 11:57:24 -0800 + +vyatta-cfg-system (0.17.1) unstable; urgency=low + + * use more specific version before which modprobe files in vyatta-cfg + r2b replaced + + -- Mohit Mehta Fri, 12 Feb 2010 13:53:27 -0800 + +vyatta-cfg-system (0.16.43) unstable; urgency=low + + * fix bug 5334 services start automatically on boot up post upgrade to + kenwood + + -- Mohit Mehta Fri, 12 Feb 2010 11:29:49 -0800 + +vyatta-cfg-system (0.16.42) unstable; urgency=low + + * Bugfix 5117: Preserve config files from previous image + installation. + + -- Bob Gilligan Thu, 11 Feb 2010 16:06:16 -0800 + +vyatta-cfg-system (0.16.41) unstable; urgency=low + + * Fix bug 5325 vyatta-cfg-system fails to upgrade during full-upgrade + VC5 to VC6 + + -- Mohit Mehta Wed, 10 Feb 2010 12:21:52 -0800 + +vyatta-cfg-system (0.16.40) unstable; urgency=low + + * Remove vyatta-ofr on upgrade + * Remove IPv6 address_flush sysctl + + -- Stephen Hemminger Tue, 09 Feb 2010 15:17:46 -0800 + +vyatta-cfg-system (0.16.39) unstable; urgency=low + + * add dependency on vyatta-biosdevname + + -- An-Cheng Huang Mon, 08 Feb 2010 12:53:02 -0800 + +vyatta-cfg-system (0.16.38) unstable; urgency=low + + * Bugfix 5225: Include the OS version number in the grub menu entry. + + -- Bob Gilligan Mon, 08 Feb 2010 12:04:44 -0800 + +vyatta-cfg-system (0.16.37) unstable; urgency=low + + * Bugfix 5120: Use biosdevname to generate the canonical name for an + interface. + + -- Bob Gilligan Fri, 05 Feb 2010 16:49:36 -0800 + +vyatta-cfg-system (0.16.36) unstable; urgency=low + + * Force vyatta-cfg/vyatta-cfg-system version synchronization + + -- Stephen Hemminger Fri, 05 Feb 2010 12:31:10 -0800 + +vyatta-cfg-system (0.16.35) unstable; urgency=low + + * Set system host-name and time-zone first + + -- Stephen Hemminger Wed, 03 Feb 2010 14:39:44 -0800 + +vyatta-cfg-system (0.16.34) unstable; urgency=low + + * Change owner of created authorized key file + * Move modprobe.d/no-copybreak from vyatta-cfg + + -- Stephen Hemminger Wed, 03 Feb 2010 13:37:20 -0800 + +vyatta-cfg-system (0.16.33) unstable; urgency=low + + * Fix password-authentication setup in sshd + * Bug in handling local key file + * Run login update as root + + -- Stephen Hemminger Tue, 02 Feb 2010 15:12:07 -0800 + +vyatta-cfg-system (0.16.32) unstable; urgency=low + + * Add help for system ip arp + * Add help string for system ip neighbor + * Static host-name mapping changes + * Don't remove users home directory + + -- Stephen Hemminger Tue, 02 Feb 2010 10:52:39 -0800 + +vyatta-cfg-system (0.16.31) unstable; urgency=low + + * Allow local user (non vbash) accounts + * Make message clearer + + -- Stephen Hemminger Wed, 27 Jan 2010 18:21:04 -0800 + +vyatta-cfg-system (0.16.30) unstable; urgency=low + + * Don't delete non-user accounts + + -- Stephen Hemminger Wed, 27 Jan 2010 09:39:33 -0800 + +vyatta-cfg-system (0.16.29) unstable; urgency=low + + * Don't allow vyatta configured accounts to overlap internal accounts + * Reindent user account module + * Change function names in User.pm + * Refactor user update + * Add additional check that new user doesn't exist in NSS + * Get rid of protected-users file + + -- Stephen Hemminger Tue, 26 Jan 2010 18:30:04 -0800 + +vyatta-cfg-system (0.16.28) unstable; urgency=low + + * Bugfix 5229: Save old config info when installing on pre-existing + RAID group. + + -- Bob Gilligan Tue, 26 Jan 2010 16:25:04 -0800 + +vyatta-cfg-system (0.16.27) unstable; urgency=low + + * Bugfix 5220: Use correct path to config directory on installed + image. + + -- Bob Gilligan Tue, 26 Jan 2010 14:19:59 -0800 + +vyatta-cfg-system (0.16.26) unstable; urgency=low + + * Bugfix 5232: Correctly handle case where user doesn't want to save + SSH keys + + -- Bob Gilligan Tue, 26 Jan 2010 12:03:23 -0800 + +vyatta-cfg-system (0.16.25) unstable; urgency=low + + [ Stephen Hemminger ] + * Fix typo in PermitRoot setup. + + -- Stig Thormodsrud Mon, 25 Jan 2010 21:24:55 -0800 + +vyatta-cfg-system (0.16.24) unstable; urgency=low + + * Bugfix 5240: Prevent re-installation of same version on running + systems + + -- Bob Gilligan Mon, 25 Jan 2010 17:23:21 -0800 + +vyatta-cfg-system (0.16.23) unstable; urgency=low + + * Remove duplicate crontab and stop munging /etc/crontab. + + -- Stig Thormodsrud Mon, 25 Jan 2010 15:13:09 -0800 + +vyatta-cfg-system (0.16.22) unstable; urgency=low + + * Fix allow-root for telnet/ssh + + -- Stephen Hemminger Sun, 24 Jan 2010 22:27:33 -0800 + +vyatta-cfg-system (0.16.21) unstable; urgency=low + + * Set IPV6 parameters in rl-system.init + + -- Stephen Hemminger Thu, 21 Jan 2010 11:24:44 -0800 + +vyatta-cfg-system (0.16.20) unstable; urgency=low + + [ Stephen Hemminger ] + * Fix typo in install-image + + [ Bob Gilligan ] + * Bugfix 5162: Make disabling flow control work at boot time. + + -- Bob Gilligan Tue, 19 Jan 2010 17:37:10 -0800 + +vyatta-cfg-system (0.16.19) unstable; urgency=low + + [ Jon Andersson ] + * Restiction on filtering of udev rules + + -- Stig Thormodsrud Tue, 19 Jan 2010 17:01:50 -0800 + +vyatta-cfg-system (0.16.18) unstable; urgency=low + + [ Stephen Hemminger ] + * Restrict radius-server timeout value + + [ Robert Bays ] + * fix bug 5226: Hostname does not allow number as first char + + [ Stephen Hemminger ] + * Change how IPV4/IPV6 configuration values are done + + -- Stephen Hemminger Tue, 19 Jan 2010 17:00:39 -0800 + +vyatta-cfg-system (0.16.17) unstable; urgency=low + + * Fix snmp trap-source + + -- Stephen Hemminger Mon, 18 Jan 2010 19:01:44 -0800 + +vyatta-cfg-system (0.16.16) unstable; urgency=low + + * Fix typo in community for trap-target + + -- Stephen Hemminger Mon, 18 Jan 2010 18:35:59 -0800 + +vyatta-cfg-system (0.16.15) unstable; urgency=low + + * Bugfix 5220: Save config information from previous image-based + install. + + -- Bob Gilligan Mon, 18 Jan 2010 18:03:59 -0800 + +vyatta-cfg-system (0.16.14) unstable; urgency=low + + * Add sysctl to control IPV6 address flush + + -- Stephen Hemminger Thu, 14 Jan 2010 14:35:01 -0800 + +vyatta-cfg-system (0.16.13) unstable; urgency=low + + * Add support for trap community and port + * Add support trap source address + + -- Stephen Hemminger Wed, 13 Jan 2010 19:54:16 -0800 + +vyatta-cfg-system (0.16.12) unstable; urgency=low + + * Don't allow installation to proceed if MD5 checksum errors are + found. + + -- Bob Gilligan Wed, 13 Jan 2010 16:55:41 -0800 + +vyatta-cfg-system (0.16.11) unstable; urgency=low + + * Switch from wget to curl since the latter supports more URL methods. + + -- Bob Gilligan Fri, 08 Jan 2010 17:15:36 -0800 + +vyatta-cfg-system (0.16.10) unstable; urgency=low + + * Updates to SNMP link state trap + + -- Stephen Hemminger Wed, 06 Jan 2010 14:37:20 -0800 + +vyatta-cfg-system (0.16.9) unstable; urgency=low + + * Validate MD5 checksums on ISO file before proceeding with + installation. + + -- Bob Gilligan Wed, 06 Jan 2010 14:32:18 -0800 + +vyatta-cfg-system (0.16.8) unstable; urgency=low + + * Do loopback before other interfaces + * Remove snmpd.conf on deletion + * Cleanup SNMP config file generation + * SNMP: Merge common code for rand hex number + * Change 'protocols snmp' to 'service snmp' + * update version + * Need to be root to remove snmpd.conf + + -- Stephen Hemminger Tue, 05 Jan 2010 18:39:32 -0800 + +vyatta-cfg-system (0.16.7) unstable; urgency=low + + * Add support for fetching ISO file based on URL. + + -- Bob Gilligan Wed, 23 Dec 2009 16:17:40 -0800 + +vyatta-cfg-system (0.16.6) unstable; urgency=low + + * Set default to only ARP if IP address matches received interface + * Handle default of auto + + -- Stephen Hemminger Wed, 23 Dec 2009 10:49:38 -0800 + +vyatta-cfg-system (0.16.5) unstable; urgency=low + + * Update snmp template + * Remove old init code + * Read Vyatta version from file + + -- Stephen Hemminger Tue, 22 Dec 2009 20:59:10 -0800 + +vyatta-cfg-system (0.16.4) unstable; urgency=low + + * Bring device to up state when removed from bond + + -- Stephen Hemminger Tue, 22 Dec 2009 14:53:03 -0800 + +vyatta-cfg-system (0.16.3) unstable; urgency=low + + * Don't allow setting speed/duplex if hardware doesn't support it + * Fix return of dhcp start client. + * Mark banner script executable + * Ignore more debian build files + + -- Stephen Hemminger Tue, 22 Dec 2009 14:02:55 -0800 + +vyatta-cfg-system (0.16.2) unstable; urgency=low + + * allow vyatta-cfg-system to replace interface files in older versions + of + + -- Mohit Mehta Tue, 22 Dec 2009 11:45:39 -0800 + +vyatta-cfg-system (0.16.1) unstable; urgency=low + + * UNRELEASED + + -- Stephen Hemminger Mon, 21 Dec 2009 13:15:00 -0800 + +vyatta-cfg-system (0.16) unstable; urgency=low + + * Sync versions with vyatta-cfg + + -- Stephen Hemminger Mon, 21 Dec 2009 13:14:45 -0800 + +vyatta-cfg-system (0.15.127) unstable; urgency=low + + * Move interface support from vyatta-cfg to vyatta-cfg-system + * Fix command-with-path-in-maintainer-script postinst:158 + /usr/sbin/dpkg-reconfigure + * Add vyatta-interfaces.pl to build + + -- Stephen Hemminger Mon, 21 Dec 2009 12:38:05 -0800 + +vyatta-cfg-system (0.15.126) unstable; urgency=low + + * User deletion update + * Block passwd command for non-root user + + -- Stephen Hemminger Fri, 18 Dec 2009 14:56:43 -0800 + +vyatta-cfg-system (0.15.125) unstable; urgency=low + + * Re-enable frame-buffer on console + * Fix install-image to save config/keys + * Ignore errors from chmod/chown if ssh keys don't exist + + -- Stephen Hemminger Mon, 14 Dec 2009 16:57:26 -0800 + +vyatta-cfg-system (0.15.124) unstable; urgency=low + + * The protected-users file does not need to be made during install + * Redefine meaning of protected-user + + -- Stephen Hemminger Wed, 09 Dec 2009 14:53:06 -0800 + +vyatta-cfg-system (0.15.123) unstable; urgency=low + + * Keep udev from borking wireless device names + * Allow root account to not exist + * Force root account to have disabled password + + -- Stephen Hemminger Tue, 08 Dec 2009 15:03:25 -0800 + +vyatta-cfg-system (0.15.122) unstable; urgency=low + + * don't block passwd with pam + * Fix configure of user + + -- Stephen Hemminger Mon, 07 Dec 2009 11:41:33 -0800 + +vyatta-cfg-system (0.15.121) unstable; urgency=low + + * Fix load user key script + * Add back public-key templates + * Fix code that generates authorized keys + + -- Stephen Hemminger Fri, 04 Dec 2009 20:25:12 -0800 + +vyatta-cfg-system (0.15.120) unstable; urgency=low + + * Oops forgot to update installed version + * Rearrange the public-key configuration schema + * Block user from changing name or password + + -- Stephen Hemminger Fri, 04 Dec 2009 15:47:22 -0800 + +vyatta-cfg-system (0.15.119) unstable; urgency=low + + * Change telnet allow-root to existance (instead of boolean) + + -- Stephen Hemminger Fri, 04 Dec 2009 09:54:03 -0800 + +vyatta-cfg-system (0.15.118) unstable; urgency=low + + * Fix some file headers that cause build warnings + * Add dependency on adduser + + -- Stephen Hemminger Thu, 03 Dec 2009 16:29:30 -0800 + +vyatta-cfg-system (0.15.117) unstable; urgency=low + + * SSH enhancements + * Require key-type to be set. + * Update .ssh/authorized_keys as part of the login update + * Set modes of created authorization key (and directory) + * Add script for loading public key + * Add script for loading public key + * Preserve ssh host keys in install-image + + -- Stephen Hemminger Thu, 03 Dec 2009 16:20:51 -0800 + +vyatta-cfg-system (0.15.116) unstable; urgency=low + + * Use ext3 all the time + + -- Stephen Hemminger Wed, 02 Dec 2009 18:18:31 -0800 + +vyatta-cfg-system (0.15.115) unstable; urgency=low + + [ Stephen Hemminger ] + * Pass more info to login scripts + * Don't lose user customization to pam-auth + * Simply Radius server update + + [ Bob Gilligan ] + * Changes related to co-ordination between kernel parameters and + radvd. + + -- Bob Gilligan Wed, 02 Dec 2009 16:48:52 -0800 + +vyatta-cfg-system (0.15.114) unstable; urgency=low + + [ Stephen Hemminger ] + * Add ability to disable password authentication + + [ Bob Gilligan ] + * Co-ordinate global and per-interface IPv6 forwarding control. + + -- Bob Gilligan Wed, 02 Dec 2009 11:50:31 -0800 + +vyatta-cfg-system (0.15.113) unstable; urgency=low + + * Avoid updating files on boot + * Get rid of warning on package update + * Save SSH keys on re-install + + -- Stephen Hemminger Tue, 01 Dec 2009 14:14:00 -0800 + +vyatta-cfg-system (0.15.112) unstable; urgency=low + + * Add sync after config save + + -- Stephen Hemminger Tue, 01 Dec 2009 09:53:35 -0800 + +vyatta-cfg-system (0.15.111) unstable; urgency=low + + * added required keyword to help text. + + -- Michael Larson Mon, 30 Nov 2009 16:40:47 -0800 + +vyatta-cfg-system (0.15.110) unstable; urgency=low + + [ Stephen Hemminger ] + * Remove Radius server on reboot + + [ Michael Larson ] + * added required keyword to help text. + + -- Michael Larson Mon, 30 Nov 2009 16:33:59 -0800 + +vyatta-cfg-system (0.15.109) unstable; urgency=low + + * added required keyword to help text. + + -- Michael Larson Mon, 30 Nov 2009 15:55:21 -0800 + +vyatta-cfg-system (0.15.108) unstable; urgency=low + + * added required keyword to help text. + + -- Michael Larson Mon, 30 Nov 2009 15:36:33 -0800 + +vyatta-cfg-system (0.15.107) unstable; urgency=low + + * Add user tss for udev + + -- Stephen Hemminger Thu, 19 Nov 2009 16:41:35 -0800 + +vyatta-cfg-system (0.15.106) unstable; urgency=low + + * Mount floppy with dirsync + + -- Stephen Hemminger Wed, 18 Nov 2009 21:25:57 -0800 + +vyatta-cfg-system (0.15.105) unstable; urgency=low + + * Don't start hostapd at boot + + -- Stephen Hemminger Tue, 17 Nov 2009 16:26:26 -0800 + +vyatta-cfg-system (0.15.104) unstable; urgency=low + + * Add start_offset value to log message when partion attempt fails. + + -- Bob Gilligan Fri, 13 Nov 2009 17:46:42 -0800 + +vyatta-cfg-system (0.15.103) unstable; urgency=low + + * Add start_offset value to log message when partion attempt fails. + + -- Bob Gilligan Fri, 13 Nov 2009 16:39:04 -0800 + +vyatta-cfg-system (0.15.102) unstable; urgency=low + + * dependency update + + -- Michael Larson Fri, 13 Nov 2009 13:45:26 -0800 + +vyatta-cfg-system (0.15.101) unstable; urgency=low + + * Remove blank line + * Show dependency on pam version + + -- Stephen Hemminger Wed, 11 Nov 2009 17:09:29 -0800 + +vyatta-cfg-system (0.15.100) unstable; urgency=low + + * copy the whole config directory during install + + -- An-Cheng Huang Tue, 10 Nov 2009 14:08:59 -0800 + +vyatta-cfg-system (0.15.99) unstable; urgency=low + + [ An-Cheng Huang ] + * use new vyatta-union arg to reduce kernel cmdline length. + + [ Robert Bays ] + * Fix library include + + -- Robert Bays Fri, 06 Nov 2009 05:53:10 -0800 + +vyatta-cfg-system (0.15.98) unstable; urgency=low + + [ Stephen Hemminger ] + * Remove blank line + * Fix pam-auth-update errors from radius + * Move user configuration information to files + * radius: only try first password if first module + + [ An-Cheng Huang ] + * move custom script to custom repo + + -- An-Cheng Huang Thu, 05 Nov 2009 15:01:40 -0800 + +vyatta-cfg-system (0.15.97) unstable; urgency=low + + * Fix 5063: committing "set interfaces ethernet <> bridge-group bridge + <>" got "invalid variable reference (invalid format)" + + -- Stig Thormodsrud Mon, 02 Nov 2009 18:31:22 -0800 + +vyatta-cfg-system (0.15.96) unstable; urgency=low + + [ An-Cheng Huang ] + * use top-level pid for progress indicator + + [ Stephen Hemminger ] + * Don't want/need --package option to pam-auth-update + * Reset PAM configuration on boot + * rename pam-radius to pam_radius.cfg + + -- Stephen Hemminger Mon, 02 Nov 2009 17:28:17 -0800 + +vyatta-cfg-system (0.15.95) unstable; urgency=low + + [ David S. Madole ] + * Add VRRP capability to bonding interfaces and vifs of bonding + interfaces. + + [ Stig Thormodsrud ] + * Convert keepalived to use Interface infrastructure. + * Add priority for bonding vrrp nodes. + * Fix interface carrier status. + * Fix 'show vrrp summary' showing last vip 1st + * Using Interface.pm infrastructure to detect vif on eth|bond + interface. + + -- Stig Thormodsrud Sun, 01 Nov 2009 14:59:29 -0800 + +vyatta-cfg-system (0.15.94) unstable; urgency=low + + [ An-Cheng Huang ] + * add unified install-image + + [ slioch ] + * added missed vrrp priorities. + + -- slioch Sat, 31 Oct 2009 14:02:41 -0700 + +vyatta-cfg-system (0.15.93) unstable; urgency=low + + * radius client: try first password only if not first + * Shut up debconf when installing pam radius + * radius-server: shutup debconf dialog + * radius: add missing space + + -- Stephen Hemminger Fri, 30 Oct 2009 13:37:15 -0700 + +vyatta-cfg-system (0.15.92) unstable; urgency=low + + * Dont start radvd on boot + + -- Stephen Hemminger Thu, 29 Oct 2009 11:16:33 -0700 + +vyatta-cfg-system (0.15.91) unstable; urgency=low + + * Fix description of vif bonding + * Use pam-auth-update to configure radius + + -- Stephen Hemminger Tue, 27 Oct 2009 18:52:45 -0700 + +vyatta-cfg-system (0.15.90) unstable; urgency=low + + * move priority after tag nodes. + + -- slioch Wed, 21 Oct 2009 09:12:23 -0700 + +vyatta-cfg-system (0.15.89) unstable; urgency=low + + * move priority after multi tags + + -- slioch Tue, 20 Oct 2009 21:22:35 -0700 + +vyatta-cfg-system (0.15.88) unstable; urgency=low + + * partial fix for bug 4903. + + -- slioch Tue, 20 Oct 2009 16:11:07 -0700 + +vyatta-cfg-system (0.15.87) unstable; urgency=low + + * add .merge-branch-exclude + * update .merge-branch-exclude + + -- An-Cheng Huang Wed, 14 Oct 2009 13:16:18 -0700 + +vyatta-cfg-system (0.15.86) unstable; urgency=low + + [ Robert Bays ] + * limit xen dom0 memory to 512meg + + -- Stephen Hemminger Tue, 13 Oct 2009 16:42:00 -0700 + +vyatta-cfg-system (0.15.85) unstable; urgency=low + + * add override mechanism for protected users + + -- An-Cheng Huang Mon, 05 Oct 2009 19:20:44 -0700 + +vyatta-cfg-system (0.15.84) unstable; urgency=low + + * use pattern instead of exec + + -- Mohit Mehta Fri, 02 Oct 2009 18:31:15 -0700 + +vyatta-cfg-system (0.15.83) unstable; urgency=low + + * Mount floppy with safer options + + -- Stephen Hemminger Thu, 01 Oct 2009 12:05:29 -0700 + +vyatta-cfg-system (0.15.82) unstable; urgency=low + + [ Stephen Hemminger ] + * Cleanup all vbash users + + [ Bob Gilligan ] + * Bugfix 4951: Add configuration parameter to blacklist the IPv6 + module. + + -- Bob Gilligan Thu, 24 Sep 2009 16:05:25 -0700 + +vyatta-cfg-system (0.15.81) unstable; urgency=low + + * Bugfix 4892: Add a config parameter to disable IPv6 + + -- Bob Gilligan Wed, 23 Sep 2009 16:27:00 -0700 + +vyatta-cfg-system (0.15.80) unstable; urgency=low + + * Bugfix 4951: Don't fail if IPv6 kernel module is not loaded. + + -- Bob Gilligan Tue, 22 Sep 2009 15:56:58 -0700 + +vyatta-cfg-system (0.15.79) unstable; urgency=low + + * allow install on old compaq smart-array + + -- Robert Bays Mon, 14 Sep 2009 09:10:18 -0700 + +vyatta-cfg-system (0.15.78) unstable; urgency=low + + * Fix Bug 4919 "service dns" branch of configuration file missing ... + + -- Mohit Mehta Fri, 11 Sep 2009 18:11:30 -0700 + +vyatta-cfg-system (0.15.77) unstable; urgency=low + + * User group fixes + * Add operators to vyattaop group + * If configuration is wrong just skip user don't die + * Delete vyatta users not in configuration + + -- Stephen Hemminger Fri, 11 Sep 2009 16:31:43 -0700 + +vyatta-cfg-system (0.15.76) unstable; urgency=low + + * Invert test for livecd + + -- Stephen Hemminger Fri, 11 Sep 2009 08:31:19 -0700 + +vyatta-cfg-system (0.15.75) unstable; urgency=low + + * Move check for livecd install to before filesystem intialization + + -- Stephen Hemminger Thu, 10 Sep 2009 15:44:25 -0700 + +vyatta-cfg-system (0.15.74) unstable; urgency=low + + * Allow null description on device + + -- Stephen Hemminger Wed, 09 Sep 2009 14:39:39 -0700 + +vyatta-cfg-system (0.15.73) unstable; urgency=low + + [ Bob Gilligan ] + * Bugfix 4916, 4917: Exit correctly when vyatta user doesn't exist. + Add timeout. + + [ Stephen Hemminger ] + * Enforce syntax checking on password + + [ Bob Gilligan ] + + -- Bob Gilligan Fri, 04 Sep 2009 02:56:14 -0700 + +vyatta-cfg-system (0.15.72) unstable; urgency=low + + * Revert "Validate encrypted password field" + + -- Stephen Hemminger Fri, 04 Sep 2009 09:35:58 -0700 + +vyatta-cfg-system (0.15.71) unstable; urgency=low + + * Don't change name of non-ethernet devices + * Validate encrypted password field + + -- Stephen Hemminger Thu, 03 Sep 2009 11:18:24 -0700 + +vyatta-cfg-system (0.15.70) unstable; urgency=low + + * Bonding: load module with MII monitor enabled + * bonding: remove primary slave last + * BONDING: handle change of bond-group + * BONDING: handle change of bond-group + * BONDING: fix error messages + * Fix bonding group setup + * Remove slaves before changing mode + + -- Stephen Hemminger Tue, 04 Aug 2009 16:27:17 -0700 + +vyatta-cfg-system (0.15.69) unstable; urgency=low + + * Fix uninitialized variable. + * Fix 4766: can't set login banners "Can't locate + Vyatta/Login/Banner.pm" + + -- Stig Thormodsrud Thu, 30 Jul 2009 16:27:16 -0700 + +vyatta-cfg-system (0.15.68) unstable; urgency=low + + * Bugfix 4700: Move processing to "end" field so that param + modifications are handled. + + -- Bob Gilligan Thu, 30 Jul 2009 14:09:49 -0700 + +vyatta-cfg-system (0.15.67) unstable; urgency=low + + [ Stig Thormodsrud ] + * Fix 4748: Pre-login message files (/etc/issue,/etc/issue.net) are + + -- Bob Gilligan Thu, 30 Jul 2009 13:59:35 -0700 + +vyatta-cfg-system (0.15.66) unstable; urgency=low + + * fix undefined array ref + + -- An-Cheng Huang Mon, 27 Jul 2009 18:06:59 -0700 + +vyatta-cfg-system (0.15.65) unstable; urgency=low + + [ Stephen Hemminger ] + * Fix User Login configurator + * Make Radius server work + * Change API for login modules + * Handle deletion of radius (or other) server + * Avoid rewriting radius config unless needed + * Fix multi-nodes for address using update tag + * Fix some more update tag + * Fix generation of syslog host targets + * Change version of system config + + [ An-Cheng Huang ] + * Use sysfs for bonding device control + + [ Stephen Hemminger ] + * Fix help/completion for xor-hash + * Remove invalid buried templates + + [ An-Cheng Huang ] + * Revert earlier change -- keep debian net.agent + + [ Stephen Hemminger ] + * Remove ability to add vif to macvlan + * Convert bonding to use sysfs instead of ifenslave + * Add ifupdown package + * move acpid and ifupdown from Suggest to Depends + * Make telnet management smarter + + [ Bob Gilligan ] + * Bugfix 4592: Generate NTP config file from Vyatta configuration + parameters. + + [ Mark O'Brien ] + * Change interface state to down, add to bond group, change state to + up. + * Added link detect to ethernet bonded vlan interfaces. + * Fix 'sh: line 1:' error ing bug 4655. + * Allow user to select round-robin mode. + + [ Stephen Hemminger ] + * Block creating vif until after slaves present + * Allow disable of bonding interface with VIF + * Revert "Allow user to select round-robin mode." + * Allow round-robin to be selected + * Fix descriptions with meta-characters + + [ An-Cheng Huang ] + * initial implementation of image install + + -- An-Cheng Huang Fri, 17 Jul 2009 15:09:47 -0700 + +vyatta-cfg-system (0.15.64) unstable; urgency=low + + * Bugfix 4708: Re-structure to avoid using "update" in non-leaf + valueless nodes. + + -- Bob Gilligan Tue, 14 Jul 2009 17:19:12 -0700 + +vyatta-cfg-system (0.15.63) unstable; urgency=low + + * Bugfix 4708: Eliminate use of "update" in non-leaf valueless nodes. + + -- Bob Gilligan Tue, 14 Jul 2009 12:12:55 -0700 + +vyatta-cfg-system (0.15.62) unstable; urgency=low + + [ Mark O'Brien ] + * Fix 'sh:1 error' in bug 4655. + + [ Mohit Mehta ] + * Fix Bug 4554 check for existing firewall ruleset fails when applying + it to a zone during boot + + -- Mohit Mehta Thu, 02 Jul 2009 12:23:33 -0700 + +vyatta-cfg-system (0.15.61) unstable; urgency=low + + * Fix Bug 4593 zone-policy can't be deleted if zone interfaces are + bridges + + -- Mohit Mehta Tue, 30 Jun 2009 18:28:55 -0700 + +vyatta-cfg-system (0.15.60) unstable; urgency=low + + * make changes to work with dhcp 4.1.0 + + -- Mohit Mehta Mon, 29 Jun 2009 10:05:35 -0700 + +vyatta-cfg-system (0.15.59) unstable; urgency=low + + * Update hooks to setup config files for installing to a Xen VM. + + -- Bob Gilligan Thu, 25 Jun 2009 17:41:38 -0700 + +vyatta-cfg-system (0.15.58) unstable; urgency=low + + * Add optional hooks to setup config files for installing to a Xen VM. + + -- Bob Gilligan Wed, 24 Jun 2009 16:19:12 -0700 + +vyatta-cfg-system (0.15.57) unstable; urgency=low + + * temporarily undo check for firewall ruleset until bug 4554 is + resolved + + -- Mohit Mehta Wed, 17 Jun 2009 20:35:37 -0700 + +vyatta-cfg-system (0.15.56) unstable; urgency=low + + * Merged from Jenner. + + -- Bob Gilligan Wed, 17 Jun 2009 16:24:28 -0700 + +vyatta-cfg-system (0.15.55) unstable; urgency=low + + * Bugfix 4490: Wait for stability after marking partition bootable. + + -- Bob Gilligan Wed, 17 Jun 2009 16:22:47 -0700 + +vyatta-cfg-system (0.15.54) unstable; urgency=low + + * Bugfix 4490: Mark root partition as "bootable" in the master boot + record (MBR). + + -- Bob Gilligan Wed, 17 Jun 2009 10:49:56 -0700 + +vyatta-cfg-system (0.15.53) unstable; urgency=low + + * Fix 4579: There is no validation for vrrp virtual-address like the + one for interfaces address. + + -- Stig Thormodsrud Sun, 14 Jun 2009 14:30:17 -0700 + +vyatta-cfg-system (0.15.52) unstable; urgency=low + + * change default-policy to default-action for zones + + -- Mohit Mehta Wed, 03 Jun 2009 16:42:45 -0700 + +vyatta-cfg-system (0.15.51) unstable; urgency=low + + [ Stephen Hemminger ] + * Tacplus no longer part of jenner + + -- An-Cheng Huang Tue, 02 Jun 2009 11:25:45 -0700 + +vyatta-cfg-system (0.15.50) unstable; urgency=low + + [ Stephen Hemminger ] + * Print error message on failure to create group/user + + [ Mohit Mehta ] + * move server,protocol to the same line in config file + + [ Stig Thormodsrud ] + * Change tunnel multicast from on/off to enable/disable. + * Fix bug preventing 'vyatta' user login. + + [ Stephen Hemminger ] + * Fix deletion of pseudo-ethernet + * Ignore patch and editor temporary files + * Change how system login update works + + -- An-Cheng Huang Mon, 01 Jun 2009 17:43:59 -0700 + +vyatta-cfg-system (0.15.48) unstable; urgency=low + + * Restore default facility for 'syslog console' + * Revert "Restore default facility for 'syslog console'" + * NTP management version 3 + + -- Stephen Hemminger Wed, 27 May 2009 10:12:45 -0700 + +vyatta-cfg-system (0.15.47) unstable; urgency=low + + [ Jon Andersson ] + * Fix 4430: Not possible to create tunnel on fluctating interfaces + * Allow multicast to be enabled on tunnel interfaces. + + [ Stig Thormodsrud ] + + -- Stig Thormodsrud Mon, 25 May 2009 14:19:19 -0700 + +vyatta-cfg-system (0.15.46) unstable; urgency=low + + * Fix install rules + * Simplify ntp.conf + * Fix post install script to adjust ntp.conf and net.agent + + -- Stephen Hemminger Sun, 24 May 2009 10:15:03 -0700 + +vyatta-cfg-system (0.15.45) unstable; urgency=low + + * Put server at end of file + * add iburst + * Fix ntp.conf management + + -- Stephen Hemminger Fri, 22 May 2009 14:38:52 -0700 + +vyatta-cfg-system (0.15.44) unstable; urgency=low + + * UNRELEASED + + -- Stephen Hemminger Fri, 22 May 2009 14:36:24 -0700 + +vyatta-cfg-system (0.15.43) unstable; urgency=low + + * Run ntp during boot + * Don't run net.agent + + -- Stephen Hemminger Fri, 22 May 2009 10:22:30 -0700 + +vyatta-cfg-system (0.15.42) unstable; urgency=low + + * Change default NTP server + * Don't flush out ntp.conf on boot + * Revert "Change default NTP server" + * Add NTP configuration file + + -- Stephen Hemminger Fri, 22 May 2009 08:13:33 -0700 + +vyatta-cfg-system (0.15.41) unstable; urgency=low + + [ Stephen Hemminger ] + * Avoid restarting NTP server if not needed + + [ Mohit Mehta ] + * Fix Bug 4416 Add the ability to configure a specific server for + DynDNS + + -- Mohit Mehta Tue, 19 May 2009 21:24:59 -0700 + +vyatta-cfg-system (0.15.40) unstable; urgency=low + + * Don't advertise loopback interface as an allowed value for zone + interfaces + + -- Mohit Mehta Fri, 15 May 2009 12:20:42 -0700 + +vyatta-cfg-system (0.15.39) unstable; urgency=low + + * Fix Bug 4395 After local-zone is set, traffic from localhost is + dropped + + -- Mohit Mehta Fri, 15 May 2009 11:02:14 -0700 + +vyatta-cfg-system (0.15.38) unstable; urgency=low + + * Allow specifying 'protocols' for syslog facility + * Reindent syslog script + + -- Stephen Hemminger Wed, 06 May 2009 17:21:16 -0700 + +vyatta-cfg-system (0.15.37) unstable; urgency=low + + * * do silent validity check when creating zone chains and adding from + zone rules + + -- Mohit Mehta Wed, 06 May 2009 16:52:59 -0700 + +vyatta-cfg-system (0.15.36) unstable; urgency=low + + * Split up system login scripts + + -- Stephen Hemminger Tue, 05 May 2009 13:51:14 -0700 + +vyatta-cfg-system (0.15.35) unstable; urgency=low + + * * restrict zone name to 20 characters + + -- Mohit Mehta Tue, 05 May 2009 11:50:15 -0700 + +vyatta-cfg-system (0.15.34) unstable; urgency=low + + * Move virtual-ethernet to pseudo-ethernet + + -- Stephen Hemminger Wed, 29 Apr 2009 12:32:41 -0700 + +vyatta-cfg-system (0.15.33) unstable; urgency=low + + [ Stig Thormodsrud ] + * Replace md5 compare with a (hopefully) lighter-weight file compare. + + [ Stephen Hemminger ] + * ntp: fix message + + -- Stephen Hemminger Tue, 28 Apr 2009 14:09:30 -0700 + +vyatta-cfg-system (0.15.32) unstable; urgency=low + + * Using perl module for move() rather than system call. + * Avoid unnecessary writing of file if it's the same contents. + + -- Stig Thormodsrud Mon, 27 Apr 2009 14:42:17 -0700 + +vyatta-cfg-system (0.15.31) unstable; urgency=low + + * Add configurable login banners. + + -- Stig Thormodsrud Sun, 26 Apr 2009 18:53:02 -0700 + +vyatta-cfg-system (0.15.30) unstable; urgency=low + + * * add jump to local-zone-out chain in OUTPUT chain for both [ip and + ip6] tables + + -- Mohit Mehta Fri, 24 Apr 2009 18:31:57 -0700 + +vyatta-cfg-system (0.15.29) unstable; urgency=low + + * Add support for virtual-ethernet + * New tacacs+ configuration templates + + -- Stephen Hemminger Fri, 24 Apr 2009 13:01:24 -0700 + +vyatta-cfg-system (0.15.28) unstable; urgency=low + + [ Justin Fletcher ] + * Allow for enterprise MIB + + [ Mohit Mehta ] + * Fix Bug 4207 dns forwarding has hardcoded ethernet assumptions + + [ Stig Thormodsrud ] + + -- Stig Thormodsrud Thu, 23 Apr 2009 13:26:49 -0700 + +vyatta-cfg-system (0.15.27) unstable; urgency=low + + * Move disable-link-detect out of vyatta-cfg-quagga to interfaces + + -- Stephen Hemminger Mon, 20 Apr 2009 09:22:39 -0700 + +vyatta-cfg-system (0.15.26) unstable; urgency=low + + * add default-policy node for zones. can be set to drop or reject + * add default-policy node for zones. can be set to drop or reject + + -- Mohit Mehta Thu, 16 Apr 2009 17:46:19 -0700 + +vyatta-cfg-system (0.15.25) unstable; urgency=low + + * add read-write union install mechanism + * handle default xen kernel + * post-install changes + + -- An-Cheng Huang Tue, 14 Apr 2009 16:27:15 -0700 + +vyatta-cfg-system (0.15.24) unstable; urgency=low + + * add local-zone in|out firewall and clean-up code + + -- Mohit Mehta Fri, 10 Apr 2009 18:41:11 -0700 + +vyatta-cfg-system (0.15.23) unstable; urgency=low + + * Fix file syslog target + + -- Stephen Hemminger Fri, 10 Apr 2009 10:13:35 -0700 + +vyatta-cfg-system (0.15.22) unstable; urgency=low + + * fix xen kernel handling for union install + + -- An-Cheng Huang Thu, 09 Apr 2009 13:49:59 -0700 + +vyatta-cfg-system (0.15.21) unstable; urgency=low + + * Resolve problems with syslog.conf + + -- Stephen Hemminger Thu, 09 Apr 2009 13:25:42 -0700 + +vyatta-cfg-system (0.15.20) unstable; urgency=low + + * Rewrite syslog management + + -- Stephen Hemminger Wed, 08 Apr 2009 15:35:47 -0700 + +vyatta-cfg-system (0.15.19) unstable; urgency=low + + * change xen kernel detection + + -- An-Cheng Huang Mon, 06 Apr 2009 11:41:23 -0700 + +vyatta-cfg-system (0.15.18) unstable; urgency=low + + * Fix "clear vrrp process". Use new perl lib hierarchy. + + -- Stig Thormodsrud Sun, 05 Apr 2009 13:14:14 -0700 + +vyatta-cfg-system (0.15.17) unstable; urgency=low + + [ Stig Thormodsrud ] + * Change "syntax" check to "commit" check for virtual interfaces. + * 0.15.16 + + [ Stephen Hemminger ] + * Update template to handle change in default syslog.conf + + -- Stephen Hemminger Wed, 01 Apr 2009 16:52:02 -0700 + +vyatta-cfg-system (0.15.16) unstable; urgency=low + + * Change "syntax" check to "commit" check for virtual interfaces. + + -- Stig Thormodsrud Wed, 01 Apr 2009 16:27:35 -0700 + +vyatta-cfg-system (0.15.15) unstable; urgency=low + + * Don't double log quagga messages + * Help text spelling fix + * Update help text to show which facility is quagga + * Use interface check program + + -- Stephen Hemminger Wed, 01 Apr 2009 08:46:51 -0700 + +vyatta-cfg-system (0.15.14) unstable; urgency=low + + * Turn off forwarding delay if STP is off + * Set forwarding-delay when STP is enabled + + -- Stephen Hemminger Tue, 31 Mar 2009 14:12:24 -0700 + +vyatta-cfg-system (0.15.13) unstable; urgency=low + + * UNRELEASED + + -- Bob Gilligan Thu, 26 Mar 2009 14:53:20 -0700 + +vyatta-cfg-system (0.15.12) unstable; urgency=low + + * Bugfix 4139: Increase minimum root filesystem size to 1 GB. + + -- Bob Gilligan Thu, 26 Mar 2009 14:11:38 -0700 + +vyatta-cfg-system (0.15.11) unstable; urgency=low + + * Revert "Split login authentication configuration into three scripts" + + -- Stephen Hemminger Thu, 26 Mar 2009 10:17:39 -0700 + +vyatta-cfg-system (0.15.10) unstable; urgency=low + + * Add "interface ethernet <> bridge-group bridge" update tag in + addition to create tag. + + -- Stig Thormodsrud Wed, 25 Mar 2009 18:22:28 -0700 + +vyatta-cfg-system (0.15.9) unstable; urgency=low + + * Change bridge check from "syntax" to "create". + + -- Stig Thormodsrud Wed, 25 Mar 2009 17:45:33 -0700 + +vyatta-cfg-system (0.15.8) unstable; urgency=low + + * move keepalived.pm to vyatta-cfg + + -- Stephen Hemminger Wed, 25 Mar 2009 16:43:25 -0700 + +vyatta-cfg-system (0.15.7) unstable; urgency=low + + [ Stephen Hemminger ] + * Fix bare file handle warning + * Split login authentication configuration into three scripts + + [ Stig Thormodsrud ] + * Change "syntax" check to "commit" check for "bridge-group bridge". + + [ Stephen Hemminger ] + * Fix update of description + + -- Stephen Hemminger Wed, 25 Mar 2009 14:19:22 -0700 + +vyatta-cfg-system (0.15.6) unstable; urgency=low + + * Change "syntax" check to a "commit" check. + + -- Stig Thormodsrud Tue, 24 Mar 2009 17:53:17 -0700 + +vyatta-cfg-system (0.15.5) unstable; urgency=low + + * Save interface description in kernel + + -- Stephen Hemminger Mon, 23 Mar 2009 12:27:42 -0700 + +vyatta-cfg-system (0.15.4) unstable; urgency=low + + [ Stephen Hemminger ] + * Change update to create on multi-nodes + + [ Mohit Mehta ] + * will help debug bug 4181 if and when it happens + + [ An-Cheng Huang ] + * use renamed tacplus package + + -- An-Cheng Huang Mon, 23 Mar 2009 11:11:38 -0700 + +vyatta-cfg-system (0.15.3-14) unstable; urgency=low + + * Fix 4190: vrrp may fail to start daemon if previous commit of vrrp + partially failed + + -- Stig Thormodsrud Thu, 12 Mar 2009 10:58:43 -0700 + +vyatta-cfg-system (0.15.3-13) unstable; urgency=low + + [ Mohit Mehta ] + * use code from Vyatta::Misc where is_dhcp_enabled() is already + defined + + [ Stephen Hemminger ] + * Fix perlcritic warning about bare file handle + * Fix delete of bonding vif + * Don't allow vif on disabled bonding interface + + -- Stephen Hemminger Wed, 11 Mar 2009 21:36:16 -0700 + +vyatta-cfg-system (0.15.3-12) unstable; urgency=low + + [ Stig Thormodsrud ] + * Fix 4183: No auto completion for group number when running 'clear + vrrp + + [ Bob Gilligan ] + * Remove per-interface firewall templates. They are generated now. + + -- Bob Gilligan Mon, 09 Mar 2009 11:16:47 -0700 + +vyatta-cfg-system (0.15.3-11) unstable; urgency=low + + [ Stig Thormodsrud ] + * Remove prefix mask on vip if present since it can't be using in + arping. + + [ Stephen Hemminger ] + * Fix path to lsof + + -- An-Cheng Huang Sat, 07 Mar 2009 23:25:55 -0800 + +vyatta-cfg-system (0.15.3-10) unstable; urgency=low + + [ Stephen Hemminger ] + * Fix perlcritic warnings + * Change sudo ability of some operator related commands + * More checking for open() of log + + [ Stig Thormodsrud ] + * Move changes file to /var/run/vrrpd and make sure the directory + exists. + * Remove unused directory. + * Specify source address with arping since we no longer require an IP + + -- Stig Thormodsrud Fri, 06 Mar 2009 18:59:46 -0800 + +vyatta-cfg-system (0.15.3-9) unstable; urgency=low + + * Fix path on hwclock cleanout + * Run through tidy for indent + * Use vyatta-interfaces.pl to show available bonding devices + * Use vyatta-interfaces.pl to check bridge validity + * Fix slave device startup + + -- Stephen Hemminger Tue, 03 Mar 2009 10:56:22 -0800 + +vyatta-cfg-system (0.15.3-8) unstable; urgency=low + + * Convert to bonding vif to use netlink. + * Change install-system to handle CF better + * Remove out of date quick-install + + -- Stephen Hemminger Mon, 02 Mar 2009 16:11:10 -0800 + +vyatta-cfg-system (0.15.3-7) unstable; urgency=low + + [ Mohit Mehta ] + * let admin user set arp paramters + + [ Stig Thormodsrud ] + * Fix 3778: vrrp should allow prefix to be included with the virtual- + address + * Fix breakage from previous cleanup commit. + * Fix 4068: 'show vrrp' last transition times are not updated when a + transition occurs on boot. + * Fix 4152: Add support for VRRP operation on unnumbered interfaces + + -- Stig Thormodsrud Sun, 01 Mar 2009 12:15:45 -0800 + +vyatta-cfg-system (0.15.3-6) unstable; urgency=low + + [ An-Cheng Huang ] + * fix logic and shell syntax + * up the bridge interface when it's created + + [ Mohit Mehta ] + * Fix Bug 2463 Allow the neighbor table threshold values to be + + -- Mohit Mehta Fri, 27 Feb 2009 19:08:52 -0800 + +vyatta-cfg-system (0.15.3-5) unstable; urgency=low + + * set default values for ipv6 accept_redirects and accept_source_route + + -- Mohit Mehta Tue, 24 Feb 2009 18:56:48 -0800 + +vyatta-cfg-system (0.15.3-4) unstable; urgency=low + + * Allow installation on virtio disk + * Don't depend on /proc/ide + + -- Stephen Hemminger Tue, 24 Feb 2009 15:41:57 -0800 + +vyatta-cfg-system (0.15.3-3) unstable; urgency=low + + [ Stephen Hemminger ] + * Take out ipt_rlsnmpstats module + + [ Mohit Mehta ] + * Fix Bug 3951 default values for kernel tunable security parameters + under firewall + + -- Mohit Mehta Thu, 19 Feb 2009 19:12:45 -0800 + +vyatta-cfg-system (0.15.3-2) unstable; urgency=low + + * fix spelling mistake + + -- Mohit Mehta Tue, 10 Feb 2009 10:10:03 -0800 + +vyatta-cfg-system (0.15.3-1) unstable; urgency=low + + [ Stephen Hemminger ] + * bridge: handle non ethernet devices in bridge + + [ Mohit Mehta ] + * permit operator-level user to issue show and clear commands for + firewall + + -- Mohit Mehta Fri, 06 Feb 2009 17:45:06 -0800 + +vyatta-cfg-system (0.15.3) unstable; urgency=low + + * Fix delete of bonding interface + * Replace bare word file handle + + -- Stephen Hemminger Mon, 26 Jan 2009 16:25:33 -0800 + +vyatta-cfg-system (0.15.2) unstable; urgency=low + + * disable bridge node should be same as disable ethernet + * Bridge/bonding update to new syntax + + -- Stephen Hemminger Mon, 12 Jan 2009 16:51:36 -0800 + +vyatta-cfg-system (0.15.1) unstable; urgency=low + + [ Rick Balocca ] + * Fix for bug http://bugzilla.vyatta.com/show_bug.cgi?id=3731 + + [ Stephen Hemminger ] + * Fix password changer to deal with update config format + * Make standalone passwd reset change vyatta not root + * Leave root account disabled + * Standalone tool now changes vyatta not root password + + [ Rick Balocca ] + * Fix typo + + [ rbalocca ] + * Fix for bug http://bugzilla.vyatta.com/show_bug.cgi?id=2426 + + [ Stephen Hemminger ] + * Mount root filesystem with noatime + * Add completion for allowed values + * Don't force rebuild of ssh_host_key on each boot + * Remove OFR from grub lines + * fix grammar of previous patch + * Don't restart sshd if not needed + * Always restart ssh + + [ Robert Bays ] + * add basic tacacs+ support + + [ Stephen Hemminger ] + * Avoid sleep in ntp restart + * Speed up boot + * Remove extra call to set hwclock on startup + * typo in last commit + * Speed up addition of users to system + + [ Mohit Mehta ] + * dhcp action scripts for linkup/down + + [ Stephen Hemminger ] + * Fix sysctl key values + + [ An-Cheng Huang ] + * add support for development build + + [ Mohit Mehta ] + * Fix Bug 3917 dhcp brings interface up for lease acquire/renew even + though interface has been disabled in CLI + + [ Stephen Hemminger ] + * Rename VyattaKeepalived to Vyatta::Keepalived + * Convert to Vyatta::Config hierarchy + + [ Bob Gilligan ] + * Bugfix 3747: Allow user to break previously existing RAID group. + + [ Stephen Hemminger ] + * VyattaConfig -> Vyatta::Config + * Add correct help for bonding modes + + [ Rick Balocca ] + * Fix for bug http://bugzilla.vyatta.com/show_bug.cgi?id=3963 + + [ Stephen Hemminger ] + * use vyatta-link-detect + * Remove OFR from grub lines + * fix grammar of previous patch + * need full path to linkdetect + + [ An-Cheng Huang ] + * update maintainer information + * "files" file should be removed before package build + + [ Stephen Hemminger ] + * Add acpid + + [ slioch ] + * removed unprintable form-feed characters. This was causing xml + validation to fail within the webgui. + + [ Mohit Mehta ] + * Fix Bug 4022 dynamic dns config fails during system boot if + interface does not exist + + [ An-Cheng Huang ] + + -- An-Cheng Huang Thu, 08 Jan 2009 09:25:28 -0800 + +vyatta-cfg-system (0.15) unstable; urgency=low + + 3.2.0 + [ Mark O'Brien ] + + + [ Bob Gilligan ] + * Bugfix 3738: Improve safety in installing onto RAID sets. + * Bugfix 3932 + + [ Stig Thormodsrud ] + * Fix 3929: Operator level user now need sudo password to run "clear + arp + + [ Bob Gilligan ] + * Bugfix 3928: Need to install vyatta-raid-event script. + + [ Stig Thormodsrud ] + * Fix 3920: Operator level users require sudo permission for nat + * Fix 3918: Operator level users require sudo permission for ipv6 + clear + + [ Stephen Hemminger ] + * Make sure install-system only run with root privledges + + [ Mohit Mehta ] + * make 'show interfaces wirelessmodem stats' work from + operator mode + + [ Stephen Hemminger ] + * Handle older format config files in password reset + + [ An-Cheng Huang ] + * fix for bug 2313: add support for "Region/City" timezone + specification. + + [ Mohit Mehta ] + * rmeove ddclient script from ppp ip-up directory as we configure + + [ Stig Thormodsrud ] + * Add config to disable ip/ipv6 forwarding. + + [ Mohit Mehta ] + * change input parameter name from dhclient_script to outside_cli to + + [ Robert Bays ] + * bug 3791: set sysObjectID and sysDescr + * bug 1587: add error message when user tries native install from non- + union media + + [ Bob Gilligan ] + * Bugfix: 3841 + + [ Stephen Hemminger ] + * Fix standalone password reset + * Allow more ethtool commands + * Make stanalone passwd reset work + + [ Mohit Mehta ] + * Fix Bug 3840 System error reported on initial SNMP commit with trap + target + + [ Stephen Hemminger ] + * Handle config file format change in standalone reset + * Fix password changer to deal with update config format + + [ An-Cheng Huang ] + * add firewall configuration to bridge interface + + [ Stephen Hemminger ] + * Fix bad tab completion on interfaces/bonding + + [ Mohit Mehta ] + * Fix Bug 3567 Debug messages are not logged by default on upgraded + system + + [ Bob Gilligan ] + * Bugfix: 3687: Only start mdadm if we have a RAID group as root + filesystem. + * Bugfix: 3775: Allow RAID-1 to be configured on disks with different + sizes + + [ Stig Thormodsrud ] + * Change telnet allow-root type from txt to bool. + + [ Stephen Hemminger ] + * Need sudo when editing ssh config file + * Fix parsing of allow-root field + * Revert "Block remote access to rpc-bind port" + * Block remote access to rpc-bind port + + [ Bob Gilligan ] + * Bugfix: 3744 + + [ An-Cheng Huang ] + * remove unused files + * use epoch in package version number + * add ssh key blacklists + + [ Stephen Hemminger ] + * Allow non-livecd union install + * install-system can only run from livecd + + [ Bob Gilligan ] + * Bugfix: 3226 + + [ Robert Bays ] + * fix ssh keygen on startup + + [ Mohit Mehta ] + * - redo internal snmpv3 user creation for linkUpDownNotifications + * Fix Bug 3751 configuring multiple global syslog facilities + overwrites previous ones in /etc/syslog.conf + + [ Stephen Hemminger ] + * Go back to simpler syslog config + * Don't allow operator to reboot system + + [ Bob Gilligan ] + * Bugfix: 3226 + + [ Stephen Hemminger ] + * Revert "Set correct mode on configuration mode" + * Set correct mode on configuration mode + + [ An-Cheng Huang ] + * fix xen grub setup + + [ slioch ] + * Revert "Change allow-root nodes to boolean" + + [ Stephen Hemminger ] + * Change allow-root nodes to boolean + + [ Mohit Mehta ] + * don't poll resolv files for nameserver changes - it messes up + statistics + + [ rbalocca ] + * Fix for bug http://bugzilla.vyatta.com/show_bug.cgi?id=3735 + + [ Bob Gilligan ] + * Bugfix: 3743 + + [ Mohit Mehta ] + * Fix Bug 3609 - "show tech-support" does not display open file + information for operator level user + + [ Bob Gilligan ] + * Bugfix: 3727 + * Bugfix: 3572 + + [ Stephen Hemminger ] + * Standalone passwd reset prompt for password + * Workaround problems with mkpasswd + + [ rbalocca ] + * Add vyatta-grub-setup + * Fix for bug http://bugzilla.vyatta.com/show_bug.cgi?id=3712 + + [ Bob Gilligan ] + * Bugfix: 3492 + * Bugfix: 3515 + * Bugfix: 3703 + + [ Stephen Hemminger ] + * No longer need to turn off SACK + * Allow any number of bridge devices + * Allow any number of tunnel devices + + [ Rick Balocca ] + * Fix for bug http://bugzilla.vyatta.com/show_bug.cgi?id=3694 + + [ Mohit Mehta ] + * Fix Bug 3607 Error setting DNS forwarding to use DHCP + + [ Stephen Hemminger ] + * Don't need to list ifenslave twice + * Add support for bonding + + [ Robert Bays ] + * expose the union option in install-system + * fix bug 3863 + * Don't kill An-Cheng's commits. + * change to native install from a USB stick + * remove complex options from union install + * changed union install to support multiple directories + + [ An-Cheng Huang ] + * add postinst hook for install-system + + [ Mohit Mehta ] + * use script for setting/deleting system nameservers + * preserve system name-servers order in /etc/resolv.conf as configured + in CLI + * - change forced update wait time from 2 weeks to 4 weeks if no + change in IP as per the free service provided by dyndns + * - remove ddclient cache before restarting + + [ Robert Bays ] + * fixes to install-system and grub-setup for xen hypervisor and + device.map + + [ Mohit Mehta ] + * - use apt per interface ddclient files + + [ Bob Gilligan ] + * Account for size of diag partition when calculating disk size, which + is needed + + [ Mohit Mehta ] + * first attempt at implementing CLI support for Dynamic DNS + * better worded warning when no name-servers set under 'system name- + server' + * released interface should be flagged as a warning rather than a + commit failed + + [ Robert Bays ] + * add functioanlity for binary images to install system + + [ Mohit Mehta ] + * prompt warning for no nameservers if no nameservers set and no + interface set to use dhcp + + [ Stephen Hemminger ] + * Add support for aufs + + [ Mohit Mehta ] + * polish up DNS forwarding error messages + * show bridge interfaces in allowed values as well if configured to + use dhcp + * move from a 'ignore-interface' model to a 'listen-on' model for DNS + forwarding + * - get ddclient package for Dynamic DNS + + [ An-Cheng Huang ] + * remove 2nd timeout to avoid 64-bit boot problem + + [ Bob Gilligan ] + * Update install-system and grub-setup to handle RAID-1 configuration. + + [ Rick Balocca ] + * Merge from "hollywood" + + [ rbalocca ] + * Merge from "hollywood" + + [ Bob Gilligan ] + * Add mdadm package to support RAID-1 configurations. + + [ Mohit Mehta ] + * - servers being used for dns forwarding written to dnsmasq.conf with + more info in comments + * log dnsmasq output to /var/log/dnsmasq.log on start-up and whilst + running (i.e. when sent a signal to log) + * tighten the checks for checking the existence or removal or + nameservers + * tighten regex pattern to get dhclient resolv files + + [ Stig Thormodsrud ] + * Change udevtrigger to udevadm trigger. + + [ Mohit Mehta ] + * remove earlier added dnsmasq options + * update dns forwarding nameservers on dhcp lease updates + * any change in system name-servers should be communicated to dnsmasq + * configure dnsmasq to use dns-servers as specified in CLI + * use config rather than /etc/resolv.conf to get system set + nameservers + * code to specify DNS forwarding nameservers (system, dhcp, explicitly + specified) using CLI + * tighten syntax check + * change 'service dns forward' to 'service dns forwarding' + * this better detects the interfaces in /proc/net/dev + + [ Rick Balocca ] + * Script cleanup + + [ Mohit Mehta ] + * change DNS forwarding CLI from 'service dns-forwarding' to 'service + dns forward' + * add missing comma + + [ Mark O'Brien ] + * control: added ifenslave-2.6 to debian control file + + [ rbalocca ] + * Fix for http://bugzilla.vyatta.com/show_bug.cgi?id=3542 + + [ Mohit Mehta ] + * add command for user to enter interfaces on which not to listen for + DNS queries + * - add ability to set cache-size for DNS forwarding from CLI + + [ Rick Balocca ] + * Cleanup + * Additional fixes for http://bugzilla.vyatta.com/show_bug.cgi?id=3520 + + [ rbalocca ] + * Fixes for: http://bugzilla.vyatta.com/show_bug.cgi?id=3520 + http://bugzilla.vyatta.com/show_bug.cgi?id=3519 + http://bugzilla.vyatta.com/show_bug.cgi?d for: + http://bugzilla.vyatta.com/show_bug.cgi?id=3520 + http://bugzilla.vyatta.com/show_bug.cgi?id=3519 + http://bugzilla.vyatta.com/show_bug.cgi?id=3518 and perhaps others + + [ Mohit Mehta ] + * First parts of DNS forwarding stuff + + [ Stig Thormodsrud ] + * Add IPv6 address to comp_help for bridge/tunnel + * Enable IPv6 forwarding. + + [ Stephen Hemminger ] + * Get rid of debian build warning + + [ Rick Balocca ] + * Fix for http://bugzilla.vyatta.com/show_bug.cgi?id=3225 + * Partial fix for http://bugzilla.vyatta.com/show_bug.cgi?id=3225 + + [ Bob Gilligan ] + * Bugfix: 3519 + + [ rbalocca ] + * Since this packages changes the bash-completion conf file, it must + be installed after bash-completion + + [ Mohit Mehta ] + * add dnsmasq package to be included in the build + + [ rbalocca ] + * The postinst was printing a '?' + + [ An-Cheng Huang ] + * fix for bug 3459: make bash-completion use "builtin set". + + [ Mark O'Brien ] + + -- Mark O'Brien Tue, 25 Nov 2008 19:09:21 -0800 + +vyatta-cfg-system (0.14) unstable; urgency=low + + 3.1.4 + [ Mark O'Brien ] + + + [ Robert Bays ] + * fix ssh keygen on startup + + [ An-Cheng Huang ] + * remove unused files + * use epoch in package version number + * add ssh key blacklists + + [ Mark O'Brien ] + + -- Mark O'Brien Tue, 14 Oct 2008 17:30:18 -0700 + +vyatta-cfg-system (0.13) unstable; urgency=low + + 3.1.3 + [ Mark O'Brien ] + + + [ Bob Gilligan ] + * Bugfix: 1292 + * Bugfix: 1292 + + [ rbalocca ] + * More spaces (bugs http://bugzilla.vyatta.com/show_bug.cgi?id=3549 + and http://bugzilla.vyatta.com/show_bug.cgi?id=3552) + * Fixes for bugs: http://bugzilla.vyatta.com/show_bug.cgi?id=3549 and + http://bugzilla.vyatta.com/show_bug.cgi?id=3552 + + [ Rick Balocca ] + * Merge from islavista + * Fix for http://bugzilla.vyatta.com/show_bug.cgi?id=3520 + + [ Mark O'Brien ] + + -- Mark O'Brien Tue, 19 Aug 2008 17:48:26 -0700 + +vyatta-cfg-system (0.12) unstable; urgency=low + + 3.1.2 + [ Mark O'Brien ] + + + [ Mohit Mehta ] + * => Modified vyatta_update_resolv.pl to update (i.e. add and remove) + 'name-server' and 'domain-name-server' options + + [ root ] + * Fix 3359: changing telnet setting drops other telnet sessions. + + [ Stig Thormodsrud ] + * Fix 3460: vrrp authentication error msg is wrong + + [ Stephen Hemminger ] + * purge any old entries from sudoers + * Don't add ide=nodma twice + + [ rbalocca ] + * Remove debugging + * Fix for bug http://bugzilla.vyatta.com/show_bug.cgi?id=2807 + + [ Robert Bays ] + * fix for bug 3095 + + [ Stephen Hemminger ] + * Modify upgrade procedure for /etc/sudoers + + [ An-Cheng Huang ] + * fix for bug 3417: use UUID in grub config file + + [ Stephen Hemminger ] + * Fix problem if install-system run twice + + [ Bob Gilligan ] + * Bugfix: 1592 + + [ Stephen Hemminger ] + * Missing -e causes sudoers problem + * Can't use logger in standalone + * get rid of extra fi from last commit + * Change syslogging of authorization related commands + * Use logger to write system log + * Make standalone password reset work + * Handle multiple slashes in passwd + + [ Mark O'Brien ] + + -- Mark O'Brien Wed, 23 Jul 2008 21:35:54 -0700 + +vyatta-cfg-system (0.11) unstable; urgency=low + + 3.1.1 + [ Mark O'Brien ] + + + [ Stig Thormodsrud ] + * Fix 3379: tunnel interfaces are artificially limited to tun0-tun9 + * Add cli to enable proxy arp on a interface. + + [ Bob Gilligan ] + * Bugfix: 1292 + + [ Stephen Hemminger ] + * translate slash in password + * Spellin fixes + + [ Auto Build ] + * Remove dependency on grub-pc + + [ rbalocca ] + * Insist on vyatta-keepalived + * Additional dependencies + + [ Bob Gilligan ] + * Bugfix: 3259 + + [ Stig Thormodsrud ] + * Add module version for vrrp. + * Fix 2030: Enhancement: VRRP preemption hold down timer + + [ Stephen Hemminger ] + * Prompt for vyatta and root password + * Use tr command rather than awk + * Use UUID to find root filesystem + * Surpress messages by default + * Add passwd sync script + + [ Mark O'Brien ] + + -- Mark O'Brien Sat, 28 Jun 2008 11:22:12 -0700 + +vyatta-cfg-system (0.10) unstable; urgency=low + + 3.1.0 + [ Mark O'Brien ] + + + [ An-Cheng Huang ] + * fix for bug 3032: rename pre-glendale config files during install- + system. + + [ Robert Bays ] + * fix bug 3039 + + [ Stephen Hemminger ] + * Turn off framebuffer (by default) + + [ Stig Thormodsrud ] + * Fix 1818: Add disable option to vrrp. + + [ Stephen Hemminger ] + * Enable vga framebuffer on console + * Allow operator to run wanpipemon + + [ Bob Gilligan ] + * Bugfix: 3305 + + [ Stig Thormodsrud ] + * Fix 3328: operator can't issue "show vrrp". + + [ Stephen Hemminger ] + * wrong option to useradd + * Put vyatta users in the users group + + [ Stig Thormodsrud ] + * Fix 787: Add a command to force vrrp state transition to backup + + [ Stephen Hemminger ] + * Switch back to snmpd + * Remove shell template (not ready yet). + + [ Robert Bays ] + * fix for bugs 3294 and 3296 + + [ Stephen Hemminger ] + * Turn off TCP SACK + * Pull in vyatta version of snmpd + + [ Mohit Mehta ] + * Fix Bug 3094 SMUX port is open to outside connections + + [ Stephen Hemminger ] + * Allow any user to be in config file + * Rework how user accounts are managed + * re-indent login script + * Add GPL license + + [ Tom Grennan ] + * add libnetaddr-ip-perl dependency + + [ Stig Thormodsrud ] + * Fix 2705: Add "clear vrrp process" command. + * Fix vrrp snoop_for_master() to also work with AH authentication. + * Make vrrp pcap filter more specific. + * Fix 3273: "show vrrp summary" output doesn't line-up when using + vlans + * Fix 3155: setting the third vrrp member with the highest priority + doesn't change (update) the backup + + [ rbalocca ] + * Add vyatta-busybox to dependencies + * Ignore derived files + + [ rbays ] + * update install-system to work with xen setup + + [ Stig Thormodsrud ] + * Fix 3251: vrrp should also send a gratuitous arp reply on master + transition + * Fix 3144: VRRP backup obtains VIP resulting in a duplicate IP + situation. + * Change dependancy from keepalived to vyatta-keepalived. + + [ rbays ] + * fix install system to use the correct kernels in grub.cfg + + [ An-Cheng Huang ] + * fix typo in rl-system.init + + [ Stephen Hemminger ] + * Move sysctl configuration to /etc/vyatta-sysctl.conf + + [ Stig Thormodsrud ] + * Set initial vrrp state based on existing state if available. + + [ rbalocca ] + * Convert to our method of changelog creation + + [ Mohit Mehta ] + * Modifications to send link up/down traps to configured trap-target + * Modifications for enabling net-snmp's interaction with quagga for + bgp, ospf and rip mib traversals + + [ Stephen Hemminger ] + * watchlink is no longer used + + [ rbalocca ] + * Pretty print the grub.cfg file + * Partitions in grub-pc now start at 1 (instead of 0) + * Update install-system to use grub-pc + * Revert "remove deprecated install scripts" + * config.boot.default is not moved to the top level repo (build- + iso.git) + + [ Mohit Mehta ] + * Fix Bug 3172 set interfaces tunnel <> key <> allowed after tunnel + creation + + [ Stig Thormodsrud ] + * Fix 3148: can't delete bridge interface + + [ Mohit Mehta ] + * Fix Bug 3164 set interfaces tunnel tun0 remote-ip <> doesn't take + effect after committing + + [ rbalocca ] + * Merge from glendale + + [ Mohit Mehta ] + * Bug 3069 Help strings should be standardized + * Bug 3069 Help strings should be standardized + * Fix Bug 3069 Help strings should be standardized + * Fix Bug 1059 Feature Request: integrate 'tcpdump' and 'tethereal' + into Vyatta CLI + + [ An-Cheng Huang ] + * fix dependencies + + [ Stephen Hemminger ] + * Allow operator to run ntpdate + + [ Mohit Mehta ] + * Fix Bug 2778 VRRP: add ability to run scripts on state transition + + [ Tom Grennan ] + * consolidate proc/sys flag settings to livecd/install hook + * remove deprecated install scripts + + [ Mohit Mehta ] + * Fix Bug 802 VRRP - add "show vrrp summary" command (TC 3.2.5.7.2) + + [ Stig Thormodsrud ] + * Add tshark dependency on vyatta-cfg-system. + + [ Stephen Hemminger ] + * Fix format of date from rl-system.init + + [ Mark O'Brien ] + + -- Mark O'Brien Tue, 17 Jun 2008 09:26:27 -0700 + +vyatta-cfg-system (0.9) unstable; urgency=low + + 3.0.5 + + + -- Mark O'Brien Tue, 06 May 2008 12:43:15 -0700 + +vyatta-cfg-system (0.8) unstable; urgency=low + + 3.0.4 + [ Mark O'Brien ] + + + [ An-Cheng Huang ] + * fix for bug 3225: only insert sudoers if not present. + + [ Stig Thormodsrud ] + * Mimic the transaction mechanism to only restart the vrrp daemon + once/commit. + + [ rbalocca ] + * config.boot.default is not moved to the top level repo (build- + iso.git) + + [ Mark O'Brien ] + + -- Mark O'Brien Mon, 05 May 2008 16:40:35 -0700 + +vyatta-cfg-system (0.7) unstable; urgency=low + + 3.0.3 + [ Mark O'Brien ] + + + [ Stephen Hemminger ] + * watchlink is no longer used + + [ rbalocca ] + * Indicate the VC4.0.2 release candidate in the changelog + + [ Mark O'Brien ] + + -- Mark O'Brien Tue, 29 Apr 2008 16:42:17 -0700 + +vyatta-cfg-system (0.6) unstable; urgency=low + + VC4.0.2 + + + -- Mark O'Brien Sat, 19 Apr 2008 11:56:03 -0700 + +vyatta-cfg-system (0.5) unstable; urgency=low + + VC4.0.2 release candidate + [ Mark O'Brien ] + + + [ Stig Thormodsrud ] + * Fix 3148: can't delete bridge interface + + [ rbalocca ] + * Remove vestigal version file from vyatta-cfg-system + + [ Mark O'Brien ] + + -- Mark O'Brien Wed, 16 Apr 2008 09:50:05 -0700 + +vyatta-cfg-system (0.4) unstable; urgency=low + + 3.0.2 + [ Mark O'Brien ] + + + [ An-Cheng Huang ] + * fix for bug 3032: rename pre-glendale config files during install- + system. + * fix for bug 3087: add proper dependency to ensure install order. + + [ Bob Gilligan ] + * Bugfix: 3021 + + [ Mark O'Brien ] + * Update version file to 3.0.1 + * 3.0.1 + + [ Michael Larson ] + * up proc limit for rmem_max to support zebra netlink buffer size + increase. + + [ Mohit Mehta ] + * Fix Bug 3027 Unable to configure SNMP community client address + + [ Robert Bays ] + * fix bug 3039 + + [ Stephen Hemminger ] + * Allow operator to run ntpdate + + [ Stig Thormodsrud ] + * Add vrrp vip addresses to watchlink exclude file. + * Fix 3086: VRRP only allows up to 20 virtual IPs + + [ rbalocca ] + * Fix debian dependencies + * Line up the colons with the one from the copyright notice (in show + version) + * Set dependencies on either bash or vyatta-bash + * Move the copyright dates over (bug 3028) + + [ Mark O'Brien ] + + -- Mark O'Brien Fri, 04 Apr 2008 18:00:34 -0700 + +vyatta-cfg-system (0.3) unstable; urgency=low + + VC4.0.1 + [ Mark O'Brien ] + + + [ An-Cheng Huang ] + * fix for bug 2083: add radius authentication support. + + [ Mark O'Brien ] + * Update version file to VC4.0.1 + + [ Mohit Mehta ] + * Fix Bug 2707 Missing from Glendale + * CLI tab enhancement at "set interfaces ethernet <> address" + + [ Robert Bays ] + * fixes for bugs 2499, 2967 + + [ Stephen Hemminger ] + * add operator and admin to linux group adm + * add option to disable root login over ssh + * fix ssh allow-root template + * put operator in operator group + * add explicit list of commands in sudoers + * don't allow illegal hostnames + * allow numbers in hostname + * allow non-root to clear nat counters + * Replace VPL with GPLv2 + * Changes for license/copyright + * Update to GPLv2 + * Move init-floppy to /opt/vyatta/sbin + * Allow operator to set date. + + [ Stig Thormodsrud ] + * Fix 2877: Bridge group can not be assiged to vif sub interfaceZ + * Fix parse error in /etc/sudoers + * Fix 2880 SNMP configuration file issues + * Fix 2695 GRE tunnel doesn't work with "key" + + [ rbalocca ] + * Fix for bug #2934 + * Fix for bug #2542 ( http://bugzilla.vyatta.com/show_bug.cgi?id=2542 + ) + * Fix for bug #2921 ( http://bugzilla.vyatta.com/show_bug.cgi?id=2921 + ) + * Revert "Fix for bug #2921 ( + http://bugzilla.vyatta.com/show_bug.cgi?id=2921 )" + * Improve the package repository template + * Fix for bug #2969 ( http://bugzilla.vyatta.com/show_bug.cgi?id=2969 + ) + * Update copyright for "show version" + + [ Mark O'Brien ] + + -- Mark O'Brien Tue, 18 Mar 2008 19:03:58 -0700 + +vyatta-cfg-system (0.2) unstable; urgency=low + + vc4.0.0 + [ Mark O'Brien ] + + + [ An-Cheng Huang ] + * clean up temp file in delete fail case + * convert templates to new syntax + * add commit check for user password + * revise the password check + * fix for bug 2768: add "dynamic" keyword to server entry. + * template cleanup and fix for bug 2785: update /etc/mailname with + hostname. + * prevent ':' in full name (separator in passwd) + * allow empty full-name + * fix for bug 2547: don't require/output ':' after "hw-id". + * fix for bug 2855: change help text + * debian's latest update to "bash" (3.1dfsg-9) broke the completion + mechanism. + * fix for bug 2764: rename user level + * use vyattacfg for config files + + [ Mark O'Brien ] + * Updated syslog help with severity information. + * Update version file to vc4.0.0 + + [ Michael Larson ] + * bump up rmem_max limit to 223232 (in conjunction with fix for zebra) + + [ Stig Thormodsrud ] + * update tunnel help strings with defaults + * add a few missing help strings + * - Fix 2745: bridge-group cost - syntax error + * Fix 2819 Plain-text authentication should be identified as such. + * Fix syntax error in "interface bridge <> priority". + + [ Tom Grennan ] + * source /etc/default/vyatta instead of configuring install-system + * remove stale CONFIG_PARTITION comments + + [ rbalocca ] + * Add version file + * Update version file to 4.0.0 + * 4.0.0 + * vyatta-cfg-system postinst was clobbering version file + * These files will be changed by autobuild-git-eureak + * Missing version file in Makefile.am + + [ Mark O'Brien ] + + -- Mark O'Brien Mon, 25 Feb 2008 17:38:40 -0800 + +vyatta-cfg-system (0.1) unstable; urgency=low + + * Initial Release. + + -- An-Cheng Huang Thu, 18 Oct 2007 11:03:18 -0700 diff --git a/scripts/vyatta-address b/scripts/vyatta-address index afe60191..072f27e6 100755 --- a/scripts/vyatta-address +++ b/scripts/vyatta-address @@ -28,10 +28,10 @@ case $1 in delete) # Get current address from interface when using DHCP if [[ "$3" = "dhcp" ]]; then - lease_file=/var/lib/dhcp3/dhclient_"$2".leases; + lease_file=/var/lib/dhcp/dhclient_"$2".leases; ip_address=$(sed -n 's/^\s\sfixed-address\s\(.*\);/\1/p' $lease_file | sed -n '$p'); elif [[ "$3" = "dhcpv6" ]]; then - lease_file=/var/lib/dhcp3/dhclient_v6_"$2".leases; + lease_file=/var/lib/dhcp/dhclient_v6_"$2".leases; ip_address=$(sed -n 's/^\s\s\s\siaaddr\s\(.*\)\s{/\1/p' $lease_file | sed -n '$p'); else ip_address=$3; diff --git a/scripts/vyatta-dhcp-helper.pl b/scripts/vyatta-dhcp-helper.pl index 40291654..6febbaf9 100644 --- a/scripts/vyatta-dhcp-helper.pl +++ b/scripts/vyatta-dhcp-helper.pl @@ -18,7 +18,7 @@ sub get_dhcp_router { if (!Vyatta::Misc::is_dhcp_enabled($dhcp_iface,0)) { return "127.0.0.1"; } - my $lease = "/var/lib/dhcp3/dhclient_${dhcp_iface}_lease"; + my $lease = "/var/lib/dhcp/dhclient_${dhcp_iface}_lease"; my $router = `grep new_routers= $lease | cut -d"'" -f2`; my @r = split(/,/, $router); $router = $r[0]; diff --git a/scripts/vyatta-dhcpv6-client.pl b/scripts/vyatta-dhcpv6-client.pl index 384d4d62..74cc4db2 100755 --- a/scripts/vyatta-dhcpv6-client.pl +++ b/scripts/vyatta-dhcpv6-client.pl @@ -98,9 +98,9 @@ GetOptions("start" => \$start_flag, die "Error: Interface name must be specified with --ifname parameter.\n" unless $ifname; -my $pidfile = "/var/lib/dhcp3/dhclient_v6_$ifname.pid"; -my $leasefile = "/var/lib/dhcp3/dhclient_v6_$ifname.leases"; -my $conffile = "/var/lib/dhcp3/dhclient_v6_$ifname.conf"; +my $pidfile = "/var/lib/dhcp/dhclient_v6_$ifname.pid"; +my $leasefile = "/var/lib/dhcp/dhclient_v6_$ifname.leases"; +my $conffile = "/var/lib/dhcp/dhclient_v6_$ifname.conf"; my $cmdname = "/sbin/dhclient"; if ($release_flag) { diff --git a/scripts/vyatta-interfaces.pl b/scripts/vyatta-interfaces.pl index d04ad395..a91a66e8 100755 --- a/scripts/vyatta-interfaces.pl +++ b/scripts/vyatta-interfaces.pl @@ -363,15 +363,15 @@ sub dhcp { unlink($release_file); } elsif ($request eq "start") { print "Starting DHCP client on $intf ...\n"; - touch("/var/lib/dhcp3/$intf"); + touch("/var/lib/dhcp/$intf"); run_dhclient($intf); } elsif ($request eq "stop") { print "Stopping DHCP client on $intf ...\n"; stop_dhclient($intf); - unlink("/var/lib/dhcp3/dhclient_$intf\_lease"); - unlink("/var/lib/dhcp3/$intf"); + unlink("/var/lib/dhcp/dhclient_$intf\_lease"); + unlink("/var/lib/dhcp/$intf"); unlink("/var/run/vyatta/dhclient/dhclient_release_$intf"); - unlink("/var/lib/dhcp3/dhclient_$intf\.conf"); + unlink("/var/lib/dhcp/dhclient_$intf\.conf"); } else { die "Unknown DHCP request: $request\n"; } diff --git a/scripts/vyatta-update-tunnel.pl b/scripts/vyatta-update-tunnel.pl index d4c652d0..de5019ab 100644 --- a/scripts/vyatta-update-tunnel.pl +++ b/scripts/vyatta-update-tunnel.pl @@ -10,7 +10,7 @@ GetOptions("interface=s" => \$iface, "tunnel=s" => \$tunnel, "option=s" => \$option ); -my $FILE_DHCP_HOOK = "/etc/dhcp3/dhclient-exit-hooks.d/tunnel-$tunnel"; +my $FILE_DHCP_HOOK = "/etc/dhcp/dhclient-exit-hooks.d/tunnel-$tunnel"; my $dhcp_hook = ''; if ($option eq 'create') { $dhcp_hook =< Date: Sun, 20 Mar 2016 08:04:53 -0400 Subject: fix "Output Channel" config so logging will work --- scripts/system/vyatta_update_syslog.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/system/vyatta_update_syslog.pl b/scripts/system/vyatta_update_syslog.pl index dd834c92..37d017e3 100755 --- a/scripts/system/vyatta_update_syslog.pl +++ b/scripts/system/vyatta_update_syslog.pl @@ -93,7 +93,7 @@ sub print_outchannel { # Force outchannel size to be 1k more than logrotate config to guarantee rotation $size = ($size + 5) * 1024; print $fh "\$outchannel $channel,$target,$size,/usr/sbin/logrotate ${LOGROTATE_CFG_DIR}/$channel\n"; - print $fh join( ';', @{ $entries{$target}{selector} } ), " \$$channel\n"; + print $fh join( ';', @{ $entries{$target}{selector} } ), " :omfile:\$$channel\n"; } my $config = new Vyatta::Config; -- cgit v1.2.3 From b4be922411d61216aca52202ec3ee432551a4f89 Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Sun, 20 Mar 2016 12:25:58 -0400 Subject: set rights for agentx socket --- scripts/snmp/vyatta-snmp.pl | 1 + 1 file changed, 1 insertion(+) (limited to 'scripts') diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index c0bd5070..a5d0d836 100755 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -156,6 +156,7 @@ sub snmp_get_constants { print "sysServices 14\n"; print "master agentx\n"; # maybe needed by lldpd print "agentaddress ", join(',',@addr), "\n"; + print "agentXPerms 0755 0755 quagga quaggavty\n"; # add hook to read IF-MIB::ifAlias from sysfs print "pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias\n"; -- cgit v1.2.3 From 33239199bea51353a217254dd081ed04b1cf3e7a Mon Sep 17 00:00:00 2001 From: rtsp Date: Sun, 10 Apr 2016 01:11:26 +0700 Subject: Fix resolv-file config bug When using `service dns forwarding system` to make dnsmasq use system nameservers to resolve dns instead of specifying nameservers in /etc/dnsmasq.conf. `resolv-file` directive in /etc/dnsmasq.conf should point to /etc/resolv.conf, not /etc/dnsmasq.conf --- scripts/dns-forwarding/vyatta-dns-forwarding.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/dns-forwarding/vyatta-dns-forwarding.pl b/scripts/dns-forwarding/vyatta-dns-forwarding.pl index 46e038b5..b1d912e5 100755 --- a/scripts/dns-forwarding/vyatta-dns-forwarding.pl +++ b/scripts/dns-forwarding/vyatta-dns-forwarding.pl @@ -155,7 +155,7 @@ sub dnsforwarding_get_values { } if ($use_dnsmasq_conf == 1) { - $output .= "resolv-file=/etc/dnsmasq.conf\n"; + $output .= "resolv-file=/etc/resolv.conf\n"; } return $output; -- cgit v1.2.3 From b66cc78521db17628efa3dd27766527816c170cc Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Sat, 21 May 2016 11:48:25 -0400 Subject: T69 Remove floppy device settings --- scripts/install-system | 8 -------- scripts/install/install-functions | 3 --- scripts/install/install-postinst-new | 9 --------- 3 files changed, 20 deletions(-) (limited to 'scripts') diff --git a/scripts/install-system b/scripts/install-system index 71fe0de1..108153da 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -46,7 +46,6 @@ MANUF=`/usr/sbin/dmidecode -s system-manufacturer` : ${vyatta_sysconfdir:=${vyatta_prefix}/etc} ofrconfdir=${vyatta_sysconfdir}/config -fdconfdir=/media/floppy/config rootfsdir=/mnt/rootfs # By default this is not a union install @@ -1037,13 +1036,6 @@ copy_config () { if [ -f $ofrconfdir/config.boot ]; then config=$ofrconfdir/config.boot fi - if [ -f $fdconfdir/config.boot ]; then - if [ -z "$config" ]; then - config="$fdconfdir/config.boot" - else - config="$config $fdconfdir/config.boot" - fi - fi if [ -n "$config" ]; then echo "I found the following configuration files" diff --git a/scripts/install/install-functions b/scripts/install/install-functions index 85235f75..d241e040 100755 --- a/scripts/install/install-functions +++ b/scripts/install/install-functions @@ -43,9 +43,6 @@ CD_SQUASH_ROOT=/mnt/cdsquash VYATTA_CFG_DIR=${vyatta_sysconfdir}/config VYATTA_NEW_CFG_DIR=/config -# the floppy config dir -FD_CFG_DIR=/media/floppy/config - # PROGRESS_PID can be exported by top-level script progress_indicator () { local spid=$PROGRESS_PID diff --git a/scripts/install/install-postinst-new b/scripts/install/install-postinst-new index 2a3bcde9..f6c6e956 100755 --- a/scripts/install/install-postinst-new +++ b/scripts/install/install-postinst-new @@ -51,15 +51,6 @@ copy_config () { config=${VYATTA_NEW_CFG_DIR}/config.boot fi - # Second candidate: The config file on floppy, if one exists. - if [ -f "${FD_CFG_DIR}/config.boot" ]; then - if [ -z "$config" ]; then - config="${FD_CFG_DIR}/config.boot" - else - config="$config ${FD_CFG_DIR}/config.boot" - fi - fi - # Third candidate: The default config file DEF_CONF=$vyatta_sysconfdir/config.boot.default if [ -f $DEF_CONF ]; then -- cgit v1.2.3 From 38dac1e5bb30ce46d49cb8178f560d4126bd3b7e Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Fri, 5 Aug 2016 08:07:04 +0200 Subject: set systemd tasks verbose on installing grub --- scripts/vyatta-grub-setup | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'scripts') diff --git a/scripts/vyatta-grub-setup b/scripts/vyatta-grub-setup index 63e3d987..9ee42801 100755 --- a/scripts/vyatta-grub-setup +++ b/scripts/vyatta-grub-setup @@ -60,9 +60,9 @@ ROOTFSDIR="$3" # Grub options if [ "$GRUB_OPTIONS" ] then - GRUB_OPTIONS="$GRUB_OPTIONS quiet" + GRUB_OPTIONS="$GRUB_OPTIONS quiet systemd.show_status=1" else - GRUB_OPTIONS=quiet + GRUB_OPTIONS="quiet systemd.show_status=1" fi # Path to standalone root password reset script @@ -103,7 +103,7 @@ else fi if eval "$UNION"; then - GRUB_OPTIONS="boot=live quiet vyos-union=/boot/$livedir" + GRUB_OPTIONS="boot=live quiet systemd.show_status=1 vyos-union=/boot/$livedir" union_xen_kernel_version=$(ls $ROOTFSDIR/boot/$livedir/vmlinuz*-xen* \ 2>/dev/null \ | awk -F/ '{ print $6 }' \ -- cgit v1.2.3 From 4a03838ea877a3a867b283ba85956795e769d563 Mon Sep 17 00:00:00 2001 From: brennen Date: Mon, 21 Nov 2016 10:59:44 -0800 Subject: Add flag for DNSmasq to query all dns servers. This feature, when used properly, can massively increase DNS performance. See: http://ma.ttwagner.com/make-dns-fly-with-dnsmasq-all-servers/ --- scripts/dns-forwarding/vyatta-dns-forwarding.pl | 4 ++++ templates/service/dns/forwarding/query-all-servers/node.def | 1 + 2 files changed, 5 insertions(+) create mode 100644 templates/service/dns/forwarding/query-all-servers/node.def (limited to 'scripts') diff --git a/scripts/dns-forwarding/vyatta-dns-forwarding.pl b/scripts/dns-forwarding/vyatta-dns-forwarding.pl index 46e038b5..807afa28 100755 --- a/scripts/dns-forwarding/vyatta-dns-forwarding.pl +++ b/scripts/dns-forwarding/vyatta-dns-forwarding.pl @@ -95,6 +95,10 @@ sub dnsforwarding_get_values { $output .= "cache-size=$cache_size\n"; } + if (defined $query_all_servers) { + $output .= "all-servers\n"; + } + if (defined $ignore_hosts_file) { $output .= "no-hosts\n"; } diff --git a/templates/service/dns/forwarding/query-all-servers/node.def b/templates/service/dns/forwarding/query-all-servers/node.def new file mode 100644 index 00000000..90e8e7ec --- /dev/null +++ b/templates/service/dns/forwarding/query-all-servers/node.def @@ -0,0 +1 @@ +help: Query all DNS servers, respond and cache fastest result -- cgit v1.2.3 From ba8ec8de446e4b7ba7a5e399f88e698bc6ebf0cf Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Mon, 26 Dec 2016 15:27:44 +0000 Subject: remove verbose systemd status setting from grub --- scripts/vyatta-grub-setup | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'scripts') diff --git a/scripts/vyatta-grub-setup b/scripts/vyatta-grub-setup index 9ee42801..63e3d987 100755 --- a/scripts/vyatta-grub-setup +++ b/scripts/vyatta-grub-setup @@ -60,9 +60,9 @@ ROOTFSDIR="$3" # Grub options if [ "$GRUB_OPTIONS" ] then - GRUB_OPTIONS="$GRUB_OPTIONS quiet systemd.show_status=1" + GRUB_OPTIONS="$GRUB_OPTIONS quiet" else - GRUB_OPTIONS="quiet systemd.show_status=1" + GRUB_OPTIONS=quiet fi # Path to standalone root password reset script @@ -103,7 +103,7 @@ else fi if eval "$UNION"; then - GRUB_OPTIONS="boot=live quiet systemd.show_status=1 vyos-union=/boot/$livedir" + GRUB_OPTIONS="boot=live quiet vyos-union=/boot/$livedir" union_xen_kernel_version=$(ls $ROOTFSDIR/boot/$livedir/vmlinuz*-xen* \ 2>/dev/null \ | awk -F/ '{ print $6 }' \ -- cgit v1.2.3 From fb576450cc8d34ab447fa7c613daf10ed3140ab5 Mon Sep 17 00:00:00 2001 From: Kim Date: Thu, 16 Mar 2017 13:09:30 +0100 Subject: update grub raid boot --- scripts/vyatta-grub-setup | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/vyatta-grub-setup b/scripts/vyatta-grub-setup index 63e3d987..879912ff 100755 --- a/scripts/vyatta-grub-setup +++ b/scripts/vyatta-grub-setup @@ -176,8 +176,9 @@ fi if [ ${ROOT_PARTITION:0:2} = "md" ]; then echo "" - echo -e "insmod raid" - echo -e "root ($ROOT_PARTITION)" + echo -e "insmod mdraid09" + echo -e "insmod mdraid1x" + echo -e "root (md/$ROOT_PARTITION)" fi echo "" -- cgit v1.2.3 From 0aa4d99cfb96b8ca61c0524aefa3a77761a13e86 Mon Sep 17 00:00:00 2001 From: Kim Date: Thu, 16 Mar 2017 18:17:56 +0100 Subject: Update the root command for grub2 --- scripts/vyatta-grub-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/vyatta-grub-setup b/scripts/vyatta-grub-setup index 879912ff..f4c18f2c 100755 --- a/scripts/vyatta-grub-setup +++ b/scripts/vyatta-grub-setup @@ -178,7 +178,7 @@ fi echo "" echo -e "insmod mdraid09" echo -e "insmod mdraid1x" - echo -e "root (md/$ROOT_PARTITION)" + echo -e "set root=(md/$ROOT_PARTITION)" fi echo "" -- cgit v1.2.3 From abf4c8e221c5b6e9c1c849a151be275b1ee92d57 Mon Sep 17 00:00:00 2001 From: Lauris BH Date: Fri, 17 Mar 2017 23:56:20 +0200 Subject: Fix vyatta-dns-forwarding.pl after merged pull request #53 --- scripts/dns-forwarding/vyatta-dns-forwarding.pl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/dns-forwarding/vyatta-dns-forwarding.pl b/scripts/dns-forwarding/vyatta-dns-forwarding.pl index b6b829b3..fa9fae68 100755 --- a/scripts/dns-forwarding/vyatta-dns-forwarding.pl +++ b/scripts/dns-forwarding/vyatta-dns-forwarding.pl @@ -62,7 +62,7 @@ sub dnsforwarding_get_values { my $output = ''; my $config = new Vyatta::Config; my $use_dnsmasq_conf = 0; - my (@listen_interfaces, $cache_size, @use_nameservers, $use_system_nameservers, @use_dhcp_nameservers, @domains, $server, $ignore_hosts_file); + my (@listen_interfaces, $cache_size, @use_nameservers, $use_system_nameservers, @use_dhcp_nameservers, @domains, $server, $ignore_hosts_file, $query_all_servers); $config->setLevel("service dns forwarding"); @@ -74,6 +74,7 @@ sub dnsforwarding_get_values { @use_dhcp_nameservers = $config->returnOrigValues("dhcp"); @domains = $config->listOrigNodes("domain"); $ignore_hosts_file = $config->returnOrigValue("ignore-hosts-file"); + $query_all_servers = $config->returnOrigValue("query-all-servers"); } else { @listen_interfaces = $config->returnValues("listen-on"); @@ -83,6 +84,7 @@ sub dnsforwarding_get_values { @use_dhcp_nameservers = $config->returnValues("dhcp"); @domains = $config->listNodes("domain"); $ignore_hosts_file = $config->exists("ignore-hosts-file"); + $query_all_servers = $config->exists("query-all-servers"); } if (@listen_interfaces != 0) { -- cgit v1.2.3 From e121ff7ee674797223aa4bdfbeef674e5faab330 Mon Sep 17 00:00:00 2001 From: Kim Date: Mon, 20 Mar 2017 21:26:35 +0100 Subject: exclude install medium from raid disk count --- scripts/install/install-get-partition | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'scripts') diff --git a/scripts/install/install-get-partition b/scripts/install/install-get-partition index b17aa563..0ddbd443 100755 --- a/scripts/install/install-get-partition +++ b/scripts/install/install-get-partition @@ -195,6 +195,14 @@ check_for_new_raid () { drives=$(cat /proc/partitions | awk '{ if ($4!="name") { print $4 } }' \ | egrep -v "[0-9]$" | egrep -v "^$") + for instdrv in $drives + do + if mount | grep iso9660 | grep -q $instdrv + then + drives=${drives//"$instdrv"/} + fi + done + numdrives=`echo $drives | wc -w` # Need at least two drives for RAID-1. We don't yet have the code -- cgit v1.2.3 From d582bbaf3ad95566de9b90d1572d60e39936a1a7 Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Sun, 23 Apr 2017 18:48:45 +0200 Subject: update console settings for systemd --- scripts/system/vyatta_update_console.pl | 102 ++++++++++++++++++-------------- 1 file changed, 56 insertions(+), 46 deletions(-) (limited to 'scripts') diff --git a/scripts/system/vyatta_update_console.pl b/scripts/system/vyatta_update_console.pl index 7c36ec7f..93f6a232 100755 --- a/scripts/system/vyatta_update_console.pl +++ b/scripts/system/vyatta_update_console.pl @@ -26,6 +26,7 @@ use lib "/opt/vyatta/share/perl5"; use Vyatta::Config; use File::Compare; use File::Copy; +use experimental 'smartmatch'; die "$0 expects no arguments\n" if (@ARGV); @@ -44,59 +45,68 @@ sub update { } } -my $INITTAB = "/etc/inittab"; -my $TMPTAB = "/tmp/inittab.$$"; +sub update_getty{ + my $directory = "/etc/systemd/system"; + my $config = new Vyatta::Config; + $config->setLevel("system console device"); + my @ttys; + + foreach my $tty ($config->listNodes()) { + push(@ttys, "serial-getty\@$tty.service"); + } + + opendir DIR, $directory or die "Couldn't open dir '$directory': $!"; + while (my $file = readdir(DIR)) { + next unless ($file =~ /^serial-getty/); + if ( not $file ~~ @ttys ) { + system("systemctl stop $file"); + if (-e "$directory/getty.target.wants/$file") { + unlink "$directory/getty.target.wants/$file" + or die "Failed to remove file $file: $!\n"; + } + if (-e "$directory/$file") { + unlink "$directory/$file" + or die "Failed to remove file $file: $!\n"; + } + system("systemctl daemon-reload"); + } + } + closedir DIR; -sub update_inittab { - open(my $inittab, '<', $INITTAB) - or die "Can't open $INITTAB: $!"; + foreach my $tty ($config->listNodes()) { + my $SGETTY = "/lib/systemd/system/serial-getty\@.service"; + my $TMPGETTY = "/etc/systemd/system/serial-getty\@$tty.service"; + my $SYMGETTY = "/etc/systemd/system/getty.target.wants/serial-getty\@$tty.service"; - open(my $tmp, '>', $TMPTAB) - or die "Can't open $TMPTAB: $!"; + open(my $sgetty, '<', $SGETTY) + or die "Can't open $SGETTY: $!"; - # Clone original inittab but remove all references to serial lines - # and Xen consoles - print {$tmp} grep {!/^T|^# Vyatta|^h/} <$inittab>; - close $inittab; + open(my $tmp, '>', $TMPGETTY) + or die "Can't open $TMPGETTY: $!"; - my $config = new Vyatta::Config; - $config->setLevel("system console device"); + my $speed = $config->returnValue("$tty speed"); + if ($tty =~ /^hvc\d/) { + $speed = 38400 unless $speed; + } else { + $speed = 9600 unless $speed; + } - print {$tmp} "# Vyatta console configuration (do not modify)\n"; - - my $serial_id = 0; - my $xen_id = 0; - - foreach my $tty ($config->listNodes()) { - my $speed = $config->returnValue("$tty speed"); - if ($tty =~ /^hvc\d/) { - $speed = 38400 unless $speed; - printf {$tmp} "h%d:23:respawn:", $xen_id; - printf {$tmp} "/sbin/getty %d %s\n", $speed, $tty; - $xen_id++; - } else { - $speed = 9600 unless $speed; - printf {$tmp} "T%d:23:respawn:", $serial_id; - if ($config->exists("$tty modem")) { - printf {$tmp} "/sbin/mgetty -x0 -s %d %s\n", $speed, $tty; - } else { - printf {$tmp} "/sbin/getty -L %s %d vt100\n", $tty, $speed; - } - - # id field is limited to 4 characters - if (++$serial_id >= 1000) { - warn "Ignoring $tty only 1000 serial devices supported\n"; - last; - } - } + while (<$sgetty>) { + if (/^ExecStart=/) { + $_ =~ s/115200,38400,9600/$speed/g; + } + print {$tmp} $_; } + close $sgetty; close $tmp; - - if (update($INITTAB, $TMPTAB)) { - - # This is same as telinit q - it tells init to re-examine inittab - kill 1, 1; + symlink("$TMPGETTY","$SYMGETTY"); + system("systemctl daemon-reload"); + if ( system("systemctl status serial-getty\@$tty.service 2>&1 > /dev/null")) { + system("systemctl start serial-getty\@$tty.service"); + } else { + system("systemctl restart serial-getty\@$tty.service"); } + } } my $GRUBCFG = "/boot/grub/grub.cfg"; @@ -135,7 +145,7 @@ sub update_grub { update($GRUBCFG, $GRUBTMP); } -update_inittab; +update_getty; update_grub; exit 0; -- cgit v1.2.3 From 51a4261069157f825a9ba371478ce82868d3c72c Mon Sep 17 00:00:00 2001 From: Kim Date: Sun, 23 Apr 2017 22:59:06 +0200 Subject: add rights for lldp service --- scripts/snmp/vyatta-snmp.pl | 1 + 1 file changed, 1 insertion(+) (limited to 'scripts') diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index a5d0d836..b1d09e9f 100755 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -157,6 +157,7 @@ sub snmp_get_constants { print "master agentx\n"; # maybe needed by lldpd print "agentaddress ", join(',',@addr), "\n"; print "agentXPerms 0755 0755 quagga quaggavty\n"; + print "agentXPerms 0755 0755 _lldpd _lldpd\n"; # add hook to read IF-MIB::ifAlias from sysfs print "pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias\n"; -- cgit v1.2.3 From a280dd5645c88dee051a2d2f3f5da7df2fcf8481 Mon Sep 17 00:00:00 2001 From: Kim Date: Tue, 25 Apr 2017 21:48:11 +0200 Subject: remove user and group from agentXPerms so all cann connect --- scripts/snmp/vyatta-snmp.pl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index b1d09e9f..90f710e8 100755 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -156,8 +156,7 @@ sub snmp_get_constants { print "sysServices 14\n"; print "master agentx\n"; # maybe needed by lldpd print "agentaddress ", join(',',@addr), "\n"; - print "agentXPerms 0755 0755 quagga quaggavty\n"; - print "agentXPerms 0755 0755 _lldpd _lldpd\n"; + print "agentXPerms 0755 0755\n"; # add hook to read IF-MIB::ifAlias from sysfs print "pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias\n"; -- cgit v1.2.3 From 5ffc3d04434de0e463393c8e6d624072990c6a7e Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Thu, 27 Apr 2017 16:38:52 +0200 Subject: snmpd would not start when V3 was configured Updated all snmpd daemon commands to systemd type. --- scripts/snmp/vyatta-snmp-v3.pl | 19 ++++++++++--------- scripts/snmp/vyatta-snmp.pl | 11 ++++++----- templates/service/snmp/node.def | 2 +- 3 files changed, 17 insertions(+), 15 deletions(-) (limited to 'scripts') diff --git a/scripts/snmp/vyatta-snmp-v3.pl b/scripts/snmp/vyatta-snmp-v3.pl index 5cd1ab87..a2d738eb 100755 --- a/scripts/snmp/vyatta-snmp-v3.pl +++ b/scripts/snmp/vyatta-snmp-v3.pl @@ -27,7 +27,10 @@ use Socket; use Socket6; my $snmp_v3_level = 'service snmp v3'; -my $snmp_init = 'invoke-rc.d snmpd'; +my $snmp_restart = 'systemctl restart snmpd.service'; +my $snmp_stop = 'systemctl stop snmpd.service'; +my $snmp_start = 'systemctl start snmpd.service'; +my $snmp_reload = 'systemctl reload snmpd.service'; my $snmpd_conf = '/etc/snmp/snmpd.conf'; my $snmpd_usr_conf = '/usr/share/snmp/snmpd.conf'; my $snmpd_var_conf = '/var/lib/snmp/snmpd.conf'; @@ -35,7 +38,7 @@ my $snmpd_conf_tmp = "/tmp/snmpd.conf.$$"; my $snmpd_usr_conf_tmp = "/tmp/snmpd.usr.conf.$$"; my $snmpd_var_conf_tmp = "/tmp/snmpd.var.conf.$$"; my $versionfile = '/opt/vyatta/etc/version'; -my $local_agent = 'unix:/var/run/snmpd.socket'; +my $local_agent = 'unix:/run/snmpd.socket'; my $oldEngineID = ""; my $setserialno = ""; @@ -53,7 +56,7 @@ sub randhex { } sub snmpd_running { - open( my $pidf, '<', "/var/run/snmpd.pid" ) + open( my $pidf, '<', "/run/snmpd.pid" ) or return; my $pid = <$pidf>; close $pidf; @@ -77,9 +80,7 @@ sub check_snmp_exit_code { } sub snmpd_stop { - system( -"start-stop-daemon --stop --exec /usr/sbin/snmpd --oknodo -R 2 > /dev/null 2>&1" - ); + system("$snmp_stop > /dev/null 2>&1"); if ( check_snmp_exit_code($?) ) { print "ERROR: Can not stop snmpd!\n"; exit(1); @@ -87,7 +88,7 @@ sub snmpd_stop { } sub snmpd_start { - system("$snmp_init start > /dev/null 2>&1"); + system("$snmp_start > /dev/null 2>&1"); if ( check_snmp_exit_code($?) ) { print "ERROR: Can not start snmpd!\n"; exit(1); @@ -95,7 +96,7 @@ sub snmpd_start { } sub snmpd_update { - system("$snmp_init reload > /dev/null 2>&1"); + system("$snmp_reload > /dev/null 2>&1"); if ( check_snmp_exit_code($?) ) { print "ERROR: Can not reload snmpd!\n"; exit(1); @@ -103,7 +104,7 @@ sub snmpd_update { } sub snmpd_restart { - system("$snmp_init restart > /dev/null 2>&1"); + system("$snmp_restart > /dev/null 2>&1"); if ( check_snmp_exit_code($?) ) { print "ERROR: Can not restart snmpd!\n"; exit(1); diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index 90f710e8..d744f2ad 100755 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -36,20 +36,21 @@ use Socket; use Socket6; my $mibdir = '/opt/vyatta/share/snmp/mibs'; -my $snmp_init = 'invoke-rc.d snmpd'; +my $snmp_start = 'systemctl start snmpd.service'; +my $snmp_stop = 'systemctl stop snmpd.service'; my $snmp_conf = '/etc/snmp/snmpd.conf'; my $snmp_client = '/etc/snmp/snmp.conf'; my $snmp_tmp = "/tmp/snmpd.conf.$$"; my $snmp_snmpv3_user_conf = '/usr/share/snmp/snmpd.conf'; my $snmp_snmpv3_createuser_conf = '/var/lib/snmp/snmpd.conf'; my $versionfile = '/opt/vyatta/etc/version'; -my $local_agent = 'unix:/var/run/snmpd.socket'; +my $local_agent = 'unix:/run/snmpd.socket'; my $password_file = '/config/snmp/superuser_pass'; my $snmp_level = 'service snmp'; sub snmp_running { - open (my $pidf, '<', "/var/run/snmpd.pid") + open (my $pidf, '<', "/run/snmpd.pid") or return; my $pid = <$pidf>; close $pidf; @@ -61,12 +62,12 @@ sub snmp_running { } sub snmp_stop { - system("$snmp_init stop > /dev/null 2>&1"); + system("$snmp_stop > /dev/null 2>&1"); } sub snmp_start { # we must stop snmpd first for creating vyatta user - system("$snmp_init stop > /dev/null 2>&1"); + system("$snmp_stop > /dev/null 2>&1"); open (my $fh, '>', $snmp_tmp) or die "Couldn't open $snmp_tmp - $!"; diff --git a/templates/service/snmp/node.def b/templates/service/snmp/node.def index 9fb161dc..7c8c372b 100644 --- a/templates/service/snmp/node.def +++ b/templates/service/snmp/node.def @@ -22,6 +22,6 @@ end:if [ -f "/tmp/snmp.$PPID" ] then sudo /opt/vyatta/sbin/vyatta-snmp-v3.pl --update-snmp; else - sudo invoke-rc.d snmpd start > /dev/null 2>&1; + sudo systemctl start snmpd.service > /dev/null 2>&1; fi fi -- cgit v1.2.3 From 84a94fd063c27c60f1cdd8902b549d375c02ceb7 Mon Sep 17 00:00:00 2001 From: Kim Date: Thu, 27 Apr 2017 18:21:31 +0200 Subject: generate ssh_host_ed25519_key if it is missing --- scripts/rl-system.init | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'scripts') diff --git a/scripts/rl-system.init b/scripts/rl-system.init index 6a2b8d25..eaf4dbd5 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -116,6 +116,10 @@ create_ssh_host_keys () { syslog "Creating ssh v1 host key." ssh-keygen -q -N '' -t rsa1 -f /etc/ssh/ssh_host_key fi; + if [ ! -f "/etc/ssh/ssh_host_ed25519_key" ]; then + syslog "Creating ssh ed25519 host key." + ssh-keygen -q -N '' -t ed25519 -f /etc/ssh/ssh_host_ed25519_key + fi; } set_ipv6_params () -- cgit v1.2.3 From e805702c59e62a5ce3a9258f2e0db1cc161291fe Mon Sep 17 00:00:00 2001 From: Kim Date: Fri, 28 Apr 2017 13:10:31 +0200 Subject: add "VyOS" to sysDescr We do not use our distro name in the version numbering. --- scripts/snmp/vyatta-snmp.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index d744f2ad..5c4ff1d0 100755 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -152,7 +152,7 @@ sub snmp_get_constants { unshift @addr, $local_agent; print "# autogenerated by vyatta-snmp.pl on $now\n"; - print "sysDescr $version\n"; + print "sysDescr VyOS $version\n"; print "sysObjectID 1.3.6.1.4.1.44641\n"; print "sysServices 14\n"; print "master agentx\n"; # maybe needed by lldpd -- cgit v1.2.3 From 6e334db424636f7612dd6d1f700b3be4197f5ec4 Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Sat, 29 Apr 2017 15:47:18 +0200 Subject: update udev folder location and partially fix T290 --- scripts/rl-system.init | 4 ++-- scripts/system/vyatta_interface_rescan | 2 +- scripts/vyatta_net_name | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'scripts') diff --git a/scripts/rl-system.init b/scripts/rl-system.init index eaf4dbd5..62eac9e7 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -98,8 +98,8 @@ clear_or_override_config_files () } update_interface_config () { - if [ -d /dev/.udev/vyatta ]; then - $vyatta_sbindir/vyatta_interface_rescan /dev/.udev/vyatta $BOOTFILE + if [ -d /run/udev/vyatta ]; then + $vyatta_sbindir/vyatta_interface_rescan /run/udev/vyatta $BOOTFILE fi } diff --git a/scripts/system/vyatta_interface_rescan b/scripts/system/vyatta_interface_rescan index eb45da60..2e8ad8ca 100755 --- a/scripts/system/vyatta_interface_rescan +++ b/scripts/system/vyatta_interface_rescan @@ -98,7 +98,7 @@ sub get_phy { return $1; } -# vyatta_net_name leaves files in /dev/.udev/vyatta +# vyatta_net_name leaves files in /run/udev/vyatta # the filename is the interface and the contents are the hardware id sub interface_rescan { my ($VYATTAUDEV, $BOOTFILE) = @_; diff --git a/scripts/vyatta_net_name b/scripts/vyatta_net_name index 90dd8615..53ae9fba 100755 --- a/scripts/vyatta_net_name +++ b/scripts/vyatta_net_name @@ -23,7 +23,7 @@ use Fcntl qw(:flock); my $BOOTFILE = "/opt/vyatta/etc/config/config.boot"; my $VYATTACFG = "/opt/vyatta/config/active"; -my $UDEVDIR = "/dev/.udev/"; +my $UDEVDIR = "/run/udev/"; my $VYATTAUDEV = $UDEVDIR . "vyatta"; my $LOCKFILE = $UDEVDIR . ".vyatta-lock"; my $UDEVLOG = $UDEVDIR . "log/"; -- cgit v1.2.3 From d133ba0fcdda4bb1c4a7653e2b275a2a3ec4434b Mon Sep 17 00:00:00 2001 From: Kim Date: Mon, 5 Jun 2017 01:20:50 +0200 Subject: remove trailing space from version (if there is any) --- scripts/install/install-image-existing | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/install/install-image-existing b/scripts/install/install-image-existing index 62e73882..f38e3701 100755 --- a/scripts/install/install-image-existing +++ b/scripts/install/install-image-existing @@ -77,7 +77,7 @@ if [ -z "$CURVER" ]; then fi # get new version string. this is from the squashfs image. -NEWVER=`cat ${CD_SQUASH_ROOT}/opt/vyatta/etc/version | grep "Version:" | awk '{print $2,$3}' | sed 's/ /-/g'` +NEWVER=`cat ${CD_SQUASH_ROOT}/opt/vyatta/etc/version | grep "Version:" | awk '{print $2,$3}' | sed 's/[[:space:]]*$//' | sed 's/ /-/g'` NEWNAME=$NEWVER echo -n "What would you like to name this image? [$NEWNAME]: " -- cgit v1.2.3 From 87266d5b27778af56a814347fdd8926274b9c315 Mon Sep 17 00:00:00 2001 From: sayo Date: Sun, 11 Jun 2017 16:29:07 +0100 Subject: Fix to generate correct NTP config when specifying ipv6 servers. --- scripts/system/vyatta_update_ntp.pl | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) (limited to 'scripts') diff --git a/scripts/system/vyatta_update_ntp.pl b/scripts/system/vyatta_update_ntp.pl index 36a2807e..eaaae14a 100755 --- a/scripts/system/vyatta_update_ntp.pl +++ b/scripts/system/vyatta_update_ntp.pl @@ -35,19 +35,14 @@ sub ntp_format { if (defined($ip)) { my $address = $ip->addr(); my $mask = $ip->mask(); - - if ($ip->masklen() == 32) { - if ($ip->version() == 6) { - return "-6 $address"; - } else { - return "$address"; - } + + if ( + ($ip->version() == 6 && $ip->masklen() == 128) + || ($ip->version() == 4 && $ip->masklen() == 32) + ) { + return "$address"; } else { - if ($ip->version() == 6) { - return "-6 $address mask $mask"; - } else { - return "$address mask $mask"; - } + return "$address mask $mask"; } } else { return undef; -- cgit v1.2.3 From a309b03c3a650a5703cd571b3b62e9e2b71d3d69 Mon Sep 17 00:00:00 2001 From: Jose Irigon de Irigon Date: Tue, 4 Jul 2017 16:59:34 +0200 Subject: T331: root should be set to md/X instead of md/mdX --- scripts/vyatta-grub-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/vyatta-grub-setup b/scripts/vyatta-grub-setup index f4c18f2c..7a5d3891 100755 --- a/scripts/vyatta-grub-setup +++ b/scripts/vyatta-grub-setup @@ -178,7 +178,7 @@ fi echo "" echo -e "insmod mdraid09" echo -e "insmod mdraid1x" - echo -e "set root=(md/$ROOT_PARTITION)" + echo -e "set root=(md/${ROOT_PARTITION#md})" fi echo "" -- cgit v1.2.3 From 5d1cc381b7fe904d0fd21941607b742d4d071206 Mon Sep 17 00:00:00 2001 From: Marcel Gisselmann Date: Wed, 18 Oct 2017 13:10:56 +0200 Subject: Add ecc support to openssh --- scripts/vyatta-load-user-key.pl | 4 ++-- .../user/node.tag/authentication/public-keys/node.tag/type/node.def | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'scripts') diff --git a/scripts/vyatta-load-user-key.pl b/scripts/vyatta-load-user-key.pl index 5c34b6ab..651a08b1 100755 --- a/scripts/vyatta-load-user-key.pl +++ b/scripts/vyatta-load-user-key.pl @@ -103,7 +103,7 @@ sub geturl { sub validate_keytype { my ($keytype) = @_; - if ($keytype eq 'ssh-rsa' || $keytype eq 'ssh-dss') { + if ($keytype eq 'ssh-rsa' || $keytype eq 'ssh-dss' || $keytype eq 'ecdsa-sha2-nistp256' || $keytype eq 'ecdsa-sha2-nistp384' || $keytype eq 'ecdsa-sha2-nistp521' || $keytype eq 'ssh-ed25519') { return 1; } return 0; @@ -135,7 +135,7 @@ sub getkeys { my $comment; $comment = join(' ', @fields); - die "Unknown key type $keytype : must be ssh-rsa or ssh-dss\n" + die "Unknown key type $keytype : must be one of ssh-rsa, ssh-dss, ecdsa-sha2-nistp* or ssh-ed25519\n" unless validate_keytype $keytype; my $cmd diff --git a/templates/system/login/user/node.tag/authentication/public-keys/node.tag/type/node.def b/templates/system/login/user/node.tag/authentication/public-keys/node.tag/type/node.def index 5ad1c58b..bf789e06 100644 --- a/templates/system/login/user/node.tag/authentication/public-keys/node.tag/type/node.def +++ b/templates/system/login/user/node.tag/authentication/public-keys/node.tag/type/node.def @@ -1,4 +1,4 @@ type: txt help: Public key type -allowed: echo "ssh-dss ssh-rsa" -syntax:expression: $VAR(@) in "ssh-rsa", "ssh-dss" ; "Unknown key type" +allowed: echo "ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519" +syntax:expression: $VAR(@) in "ssh-rsa", "ssh-dss", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "ssh-ed25519"; "Unknown key type" -- cgit v1.2.3 From 67747479b2f6d4998687f5e7eec5c5923d913124 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 3 Nov 2017 08:54:29 +0100 Subject: vyatta_update_console.pl uses systemd, remove inittab reference --- scripts/system/vyatta_update_console.pl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/system/vyatta_update_console.pl b/scripts/system/vyatta_update_console.pl index 93f6a232..19937060 100755 --- a/scripts/system/vyatta_update_console.pl +++ b/scripts/system/vyatta_update_console.pl @@ -16,8 +16,7 @@ # # **** End License **** -# Update console configuration in /etc/inittab and grub -# based on Vyatta configuration +# Update console configuration in systemd and grub based on Vyatta configuration use strict; use warnings; -- cgit v1.2.3 From a64512fd102d7fb08928c6a52551459ff3446281 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 28 Aug 2017 17:19:01 +0200 Subject: Remove "install system" command Related to "T157: Remove "install system" command". --- Makefile.am | 1 - scripts/install-system | 1656 ---------------------------------- scripts/install/install-postinst-new | 8 - 3 files changed, 1665 deletions(-) delete mode 100755 scripts/install-system (limited to 'scripts') diff --git a/Makefile.am b/Makefile.am index 169df296..26991557 100644 --- a/Makefile.am +++ b/Makefile.am @@ -40,7 +40,6 @@ sbin_SCRIPTS += scripts/vyatta-dhcp-helper.pl sbin_SCRIPTS += scripts/check_file_in_config_dir sbin_SCRIPTS += scripts/rl-system.init -sbin_SCRIPTS += scripts/install-system sbin_SCRIPTS += scripts/vyatta-grub-setup sbin_SCRIPTS += scripts/standalone_root_pw_reset sbin_SCRIPTS += scripts/vyatta-passwd-sync diff --git a/scripts/install-system b/scripts/install-system deleted file mode 100755 index 108153da..00000000 --- a/scripts/install-system +++ /dev/null @@ -1,1656 +0,0 @@ -#!/bin/bash -# -# Module: install-system -# -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc. -# All Rights Reserved. -# -# Author: Robert Bays -# Date: 2006 -# Description: -# -# **** End License **** -# -# Vyatta system installer script. -# - -if [ `whoami` != 'root' ] ; then - echo "This script must be run with root privileges." - exit 1 -fi - -# If you set VYATTA_AUTO_INSTALL I will try to do an automated install for you - -if [ -e /etc/default/vyatta ] ; then - . /etc/default/vyatta -fi - -# get system manufactuer, Xen needs special treatment -MANUF=`/usr/sbin/dmidecode -s system-manufacturer` - -: ${vyatta_prefix:=/opt/vyatta} -: ${vyatta_exec_prefix:=$vyatta_prefix} -: ${vyatta_bindir:=${vyatta_exec_prefix}/bin} -: ${vyatta_sbindir:=${vyatta_exec_prefix}/sbin} -: ${vyatta_sysconfdir:=${vyatta_prefix}/etc} - -ofrconfdir=${vyatta_sysconfdir}/config -rootfsdir=/mnt/rootfs - -# By default this is not a union install -# UNION=false - -# install log file name -INSTALL_LOG=/tmp/install-$$.log -# Absolute minimum root partition size in MB. Below this, we won't let -# you install. -ROOT_MIN=1000 - -# the base install drive e.g. sda -if [ -n "$INSTALL_DRIVE" ]; then - INSTALL_DRIVE="" -fi -# the install partition e.g. sda1 -if [ -n "$ROOT_PARTITION" ]; then - ROOT_PARTITION="" -fi -# the config partition e.g. sda2 -if [ -n "$CONFIG_PARTITION" ]; then - CONFIG_PARTITION="" -fi -# the size of the root partition -if [ -n "$ROOT_PARTITION_SIZE" ]; then - ROOT_PARTITION_SIZE="" -fi -# global holding variable used in the select_partition sub -PARTITION='' - -# default file system type -if [ "$MANUF" = "Xen" ]; then - ROOT_FSTYPE="ext3" -else - ROOT_FSTYPE="ext4" -fi - -# start of root partition (64 sectors == 32K bytes) -ROOT_OFFSET="64S" - -# Process ID of this script for the lame marketing spinner -SPID=$$ - -# Grub options -GRUB_OPTIONS="quiet" - -# Enable Vesa framebuffer mode (comment out to disable) -VGA_LOGO="vga=0x314" # 800 x 600 (16bit colors) - -# trap signals so we can kill runaway progress indicators -trap 'progress_indicator stop; exit 1' 1 -trap 'progress_indicator stop; exit 1' 2 - -# turn off any mounted swap partitions -turnoffswap () { - if [ -f "/proc/swaps" ]; then - myresponse=$(cat /proc/swaps) - if [ -n "$myresponse" ]; then - echo "turning off swaps..." >> $INSTALL_LOG - swapoff -a - fi - fi -} - -tolower () { - echo "$*" | tr '[:upper:]' '[:lower:]' -} - -# Validates a user response. Returns the response if valid. -# Returns the default is the user just hits enter. -# Returns nothing if not valid. Default parameter is $1. -# Options are in $2. If options are defined return must be a member -# of the enum. -get_response () { - local ldefault=$(tolower "$1") - local loptions=$(tolower "$2") - - # get the response from the user - read myresponse - myresponse=$(tolower "$myresponse") - - # Check to see if the user accepts the default - if [ -z "$myresponse" ]; then - echo -n $ldefault - # if we are passing in options to check, make sure response is a valid option - elif [ -n "$loptions" ]; then - for token in $loptions - do - if [ "$token" == "$myresponse" ]; then - echo -n "$myresponse" - return 0 - fi - done - return 1 - else - echo -n "$myresponse" - fi - - return 0 -} - -# Return the size of the drive in MB -get_drive_size () { - local ldrive=$1 - - # Get size of disk in 1k blocks - local blocks=$(sfdisk -s /dev/$ldrive) - - # Translate to Megabytes (SI units) - local bytes=$(($blocks * 1024)) - local lsize=$(($bytes / 1000000)) - - echo $lsize -} - -# Probe hardrives not shown in /proc/partitions by default -probe_drives () { - # Find drives that may not be in /proc/partitions since not mounted - drive=$(ls /sys/block | grep '[hsv]d.') - - # now exclude all drives that are read-only - for drive in $drive - do - if [ $(cat /sys/block/$drive/ro) -ne 0 ] - then - output=$(mount | grep $drive) - if [ -z "$output" ]; then - output=$(parted -s /dev/$drive p) - fi - fi - done -} - - -warn_of_dire_consequences () { - # Give the user a requisite warning that we are about to nuke their drive - response='' - while [ -z "$response" ] - do - echo "This will destroy all data on /dev/$INSTALL_DRIVE." - echo -n "Continue? (Yes/No) [No]: " - response=$(get_response "No" "Yes No Y N") - - if [ "$response" == "no" ] || [ "$response" == "n" ]; then - echo "Ok then. Exiting..." - exit 1 - fi - done -} - - - -check_for_old_raid () { - # First, trigger construction of previously configured RAID groups - echo -n "Looking for pre-existing RAID groups..." - raid_config=`mdadm --examine --scan` - if [ -z "$raid_config" ]; then - echo "none found." - return - fi - - echo "found some." - echo "Trying to configure pre-existing RAID groups..." - mdadm --assemble --scan --auto=yes --symlink=no - - # Identify physical drives - raid_drives=$(cat /proc/partitions | awk '{ if ($4!="name") { print $4 } }' | grep "md" | egrep -v "^$") - - if [ -z "$raid_drives" ]; then - echo "Unable to configure any RAID groups." - return - fi - - numraids=`echo $raid_drives | wc -w` - - if [ $numraids -eq 1 ]; then - echo "The following RAID group is now configured:" - else - echo "The following RAID groups are now configured:" - fi - - for drive in $raid_drives - do - cat /proc/mdstat | grep --after-context 2 ^$drive | sed -e 's/^/\t/' - done - - if [ $numraids -eq 1 ]; then - echo -n "Would you like to use this one? (Yes/No) [Yes]:" - else - echo -n "Would you like to use one of these? (Yes/No) [Yes]:" - fi - - response=$(get_response "Yes" "Yes No Y N") - if [ "$response" == "no" ] || [ "$response" == "n" ]; then - echo - echo "Ok. Not using existing RAID groups." - echo - - # pick the first RAID group to be broken - raid_drive=$(echo $raid_drives | /usr/bin/awk '{ print $1 }') - - echo "Would you like to break RAID group $raid_drive so that its" - echo "members can be re-used for a new installation, understanding" - echo -n "that doing so will destroy all data on it? (Yes/No) [No]:" - destroy_raid=$(get_response "No" "Yes No Y N") - echo - - if [ "${destroy_raid:0:1}" = "y" ]; then - echo "OK. Breaking the RAID group $raid_drive." - - members=`ls /sys/block/$raid_drive/slaves` - - echo "First, stopping all existing RAID groups:" - mdadm --stop --scan - - for member in $members ; do - drive=${member:0:3} - part=${member:3:1} - echo "Re-setting partition ID for RAID group $raid_drive member /dev/${member}:" - sfdisk --change-id /dev/$drive $part 0x83 - echo "Clearing RAID superblock from RAID group $raid_drive member /dev/${member}." - mdadm --zero-superblock /dev/$member - done - else - echo "OK. Stopping, but not breaking, existing RAID groups:" - mdadm --stop --scan - fi - - echo - return - fi - - if [ $numraids -eq 1 ]; then - INSTALL_DRIVE=$raid_drives - else - # take the first drive as the default - INSTALL_DRIVE=$(echo $raid_drives | /usr/bin/awk '{ print $1 }') - echo -n "Which one would you like to use? ($raid_drives) [$INSTALL_DRIVE]: " - INSTALL_DRIVE=$(get_response "$INSTALL_DRIVE" "$drives") - fi - - echo "Using RAID partition $INSTALL_DRIVE" - - raid_degraded=`cat /sys/block/$INSTALL_DRIVE/md/degraded` - raid_sync_action=`cat /sys/block/$INSTALL_DRIVE/md/sync_action` - - if [ "$raid_degraded" = "1" ]; then - echo - if [ "$raid_sync_action" = "recover" ]; then - echo "Error: This RAID set is degraded and is in the process of" - echo "rebuilding. It is not safe to install onto it while the" - echo "rebuild is in progress. Please wait for the rebuild to" - echo "complete and then re-start the installation. You may" - echo "monitor the progress of the RAID rebuild with the" - echo "command:" - echo - echo " show raid $INSTALL_DRIVE" - echo - exit 1 - fi - echo "Warning: This RAID set is degraded, but is not in the" - echo "process of rebuilding. It is safe to perform the installation" - echo "onto a degraded RAID set that is not in the process of" - echo "rebuilding. You may stop the installation now and rebuild the" - echo "RAID set, or continue installing onto it. If you continue" - echo "installing, do not attempt to rebuild the RAID set until the" - echo "installation has completed and you have rebooted the system." - echo - fi - - warn_of_dire_consequences - - ROOT_PARTITION=$INSTALL_DRIVE - - # make sure we aren't working on a mounted part - unmount "$INSTALL_DRIVE" - - # check for an old config on the partition - check_config_partition "$ROOT_PARTITION" - - # create the filesystem on the part - make_filesystem "$ROOT_PARTITION" - - INSTALL_METHOD=RAID -} - -check_for_new_raid () { - # Identify physical drives - drives=$(cat /proc/partitions | awk '{ if ($4!="name") { print $4 } }' | egrep -v "[0-9]$" | egrep -v "^$") - - numdrives=`echo $drives | wc -w` - - # Need at least two drives for RAID-1. We don't yet have the code - # to handle selection of two from a set of 3 or more, so for now, we - # only support two drives. - # - if [ $numdrives -ne 2 ]; then - return - fi - - drive1=`echo $drives | awk '{ print $1 }'` - drive2=`echo $drives | awk '{ print $2 }'` - - drivesize1=$(get_drive_size $drive1) - drivesize2=$(get_drive_size $drive2) - - # Both drives must have enough space to hold our minimum root filesystem - # - if [ $drivesize1 -lt $ROOT_MIN -o $drivesize2 -lt $ROOT_MIN ]; then - return - fi - - - echo "You have two disk drives:" - echo -e "\t$drive1 \t$drivesize1 MB" - echo -e "\t$drive2 \t$drivesize2 MB" - - echo -n "Would you like to configure RAID-1 mirroring on them? (Yes/No) [Yes]:" - response=$(get_response "Yes" "Yes No Y N") - if [ "$response" == "no" ] || [ "$response" == "n" ]; then - echo "Ok. Not configuring RAID-1." - return - fi - - if [ $drivesize1 -ne $drivesize2 ]; then - echo "Since the disks are not the same size, we will use the smaller" - echo "of the two sizes in configuring the RAID-1 set. This will" - echo "waste some space on the larger drive." - echo "" - fi - - # Configure RAID-1 - echo "This process will erase all data on both drives." - echo -n "Are you sure you want to do this? (Yes/No) [No]: " - response=$(get_response "Yes" "Yes No Y N") - if [ "$response" == "no" ] || [ "$response" == "n" ]; then - echo "Ok. Not configuring RAID-1." - return - fi - - for drive in $drives - do - echo "Deleting old partitions on drive $drive" - # remove any existing partitions on that drive - delete_partitions "$drive" - done - - # Need to leave space on both disks between the MBR and the start - # of the first partition for grub. Grub needs to embed a large - # boot image there when booting off RAID devices. - # - # Partition creation variables are in units of megabytes. - part_start_offset=2 - part_diag_size=60 - - if [ $drivesize1 -lt $drivesize2 ]; then - root_size=$drivesize1 - else - root_size=$drivesize2 - fi - - let min_size_with_diag=${MIN_ROOT}+${part_diag_size} - if [ $root_size -ge $min_size_with_diag ]; then - echo "Would you like me to create a $part_diag_size MB partition for diagnostics?" - echo -n "(Yes/No) [No]: " - diag_response=$(get_response "No" "Yes No Y N") - if [ "$diag_response" == "yes" ] || [ "$diag_response" == "y" ]; then - for drive in $drives - do - echo "Creating diag partition on drive $drive" - create_partitions "$drive" $part_diag_size $part_start_offset "no" - sfdisk --change-id /dev/$drive 1 0x6 - done - data_dev=2 - let part_start_offset+=$part_diag_size - else - data_dev=1 - fi - fi - - let root_size-=$part_start_offset - - for drive in $drives - do - echo "Creating data partition: /dev/${drive}${data_dev}" - create_partitions "$drive" $root_size $part_start_offset "no" - sfdisk --change-id /dev/$drive $data_dev 0xfd - # mark data partition as bootable - echo "Marking /dev/$drive partition $data_dev bootable" >> $INSTALL_LOG - parted -s /dev/$drive set $data_dev boot on >> $INSTALL_LOG 2>&1 - done - - # Must give partition device time to settle - sleep 5 - echo - - for drive in $drives - do - echo "Erasing any previous RAID metadata that may exist on /dev/${drive}${data_dev}" - mdadm --zero-superblock /dev/${drive}${data_dev} - done - - echo "Creating RAID-1 group on partitions: /dev/${drive1}${data_dev} /dev/${drive2}${data_dev}" - - raid_dev=md0 - mdadm --create /dev/$raid_dev --level=1 --raid-disks=2 --metadata=0.90 /dev/${drive1}${data_dev} /dev/${drive2}${data_dev} - - if [ $? = 0 -a -e /dev/$raid_dev ]; then - echo "RAID-1 group created successfully:" - cat /proc/mdstat | grep --after-context 2 ^$raid_dev | sed -e 's/^/\t/' - else - echo "Unable to create RAID-1 group!" - return - fi - - INSTALL_DRIVE=$raid_dev - ROOT_PARTITION=$INSTALL_DRIVE - - # Give device time to settle... - sleep 5 - - # create the filesystem on the part - make_filesystem "$ROOT_PARTITION" - - INSTALL_METHOD=RAID -} - - -# Takes an argument to display text before choice -# Sets INSTALL_DRIVE. Note that select_drive should be wrapped -# in the verification loop, not the included get_response. -select_drive () { - # list the drives in /proc/partitions. Remove partitions and empty lines. - # the first grep pattern looks for devices named c0d0, hda, and sda. - drives=$(cat /proc/partitions | \ - awk '{ if ($4!="name") { print $4 } }' | \ - egrep "c[0-9]d[0-9]$|[hsv]d[a-z]$" | \ - egrep -v "^$") - - # take the first drive as the default - INSTALL_DRIVE=$(echo $drives | /usr/bin/awk '{ print $1 }') - - # Add the drive sizes to the display to help the user decide - display='' - for drive in $drives - do - size=$(get_drive_size $drive) - display="$display $drive\t$size"MB"\n" - done - - while true - do - # Display the drives and ask the user which one to install to - echo -e "$display" - echo - echo -n "$1 [$INSTALL_DRIVE]:" - response=$(get_response "$INSTALL_DRIVE" "$drives") && break - done - INSTALL_DRIVE="$response" - - echo -} - -# Allow the user to select a partition to work with -# sets the global PARTITION -# $1 is the text to display before prompt -select_partition () { - minsize=$1 - text=$2 - exclude=$3 - - echo -n "Looking for appropriate partitions: " - progress_indicator start - - # initialize out global var. using globals in this way is bad form. I know. - PARTITION='' - - # list only the partitions in /proc/partitions. - parts=$(cat /proc/partitions | awk '{ if ($4!="name") { print $4 " "} }' | egrep "[0-9]" | egrep -v "loop" | tr -d '\n') - - # remove any partitions we have already previously used - if [ -n "$exclude" ]; then - for part in $parts; - do - temp=$(echo $part | egrep -v $exclude) - parts_temp="$parts_temp $temp" - done - parts=$parts_temp - fi - - # Get the partition sizes for display - # only show linux partitions that have sizes, i.e. remove loops - display='' - myparts='' - for part in $parts - do - if [ ${part:0:2} = "md" ]; then - parttype="RAID" - else - rootdev=$(echo $part | sed 's/[0-9]//g') - parttype=$(fdisk -l /dev/$rootdev | grep $part | grep Linux) - fi - if [ -n "$parttype" ]; then - lsize=$(get_drive_size $part) - if [ "$lsize" -a $lsize -ge $minsize ]; then - display="$display $part\t\t$lsize"MB"\n" - myparts="$myparts $part" - fi - fi - done - - progress_indicator stop - echo "OK" - - if [ -n "$myparts" ]; then - lpartition='' - while [ -z "$lpartition" ] - do - # take the first partition as the default - lpartition=$(echo $myparts | /usr/bin/awk '{ print $1 }') - - echo "I found the following partitions suitable for the Vyatta image:" - echo -e "Partition\tSize" - echo -e "$display" - echo - echo -n "$text [$lpartition]: " - - lpartition=$(get_response "$lpartition" "$myparts") - echo - done - else - echo "No suitable partition sizes found. Exiting..." | tee $INSTALL_LOG - exit 1 - fi - PARTITION=$lpartition -} - -rename_old_config() { - files=$(find /mnt/config -mindepth 1 -type f | grep -v pre-glendale) - for f in $files; do - if grep -q '/\*XORP Configuration File, v1.0\*/' $f >&/dev/null; then - CURTIME=$(date +%F-%H%M%S) - mv $f $f.pre-glendale.$CURTIME - fi - done -} - -# copy old config file from /mnt/tmp -save_old_config() { - local response='' - while [ -z "$response" ] - do - echo "/dev/$lpart has an old configuration directory!" - echo -ne "Would you like me to save the data on it\nbefore I delete it? (Yes/No) [Yes]: " - response=$(get_response "Yes" "Yes No Y N") - done - - if [ "$response" == "yes" ] || [ "$response" == "y" ]; then - mkdir -p /mnt/config - if [ -d /mnt/tmp/opt/vyatta/etc/config ]; then - output=$(cp -pR /mnt/tmp/opt/vyatta/etc/config/* /mnt/config) - else - output=$(cp -pR /mnt/tmp/* /mnt/config) - fi - if [ -n "$output" ]; then - echo -e "Warning: error in copying the old config partition.\nSee $INSTALL_LOG for more details." - echo -e "Warning: error in copying the old config partition.\ncp -pR /mnt/tmp/* /mnt/config\n$output\n" >> $INSTALL_LOG - fi - rename_old_config - fi -} - -save_old_keys() { - local response='' - - while [ -z "$response" ] - do - echo "/dev/$lpart has SSH host keys" - echo -ne "Would you like me to keep SSH keys on new install? (Yes/No) [Yes]: " - response=$(get_response "Yes" "Yes No Y N") - done - - if [ "$response" == "yes" ] || [ "$response" == "y" ]; then - mkdir -p /mnt/ssh - output=$(cp -p /mnt/tmp/etc/ssh/ssh_host_* /mnt/ssh) - - if [ -n "$output" ]; then - echo -e "Warning: error in copying the old ssh keys." - echo -e "See $INSTALL_LOG for more details." - echo "Warning: error in copying the old ssh keys." >> $INSTALL_LOG - echo "cp -pR /mnt/tmp/etc/ssh/ssh_host_* /mnt/ssh" >> $INSTALL_LOG - echo "$output\n">> $INSTALL_LOG - fi - fi -} - -save_image_config() { - image_name=$1 - - # Cleanup from possible partial last run - rm -fr /mnt/config - mkdir /mnt/config - - output=$(cp -pR /mnt/tmp/boot/$image_name/live-rw/config/* /mnt/config) - - if [ -n "$output" ]; then - echo -e "Warning: error in copying the old config partition.\nSee $INSTALL_LOG for more details." - echo "Warning: error in copying the old config partition.\ncp -pR /mnt/tmp/* /mnt/config\n$output\n" - fi - rename_old_config -} - -save_image_keys() { - image_name=$1 - - if [ ! -d /mnt/tmp/boot/$image_name/live-rw/etc/ssh ]; then - echo "No SSH keys found on $image_name, so none can be saved." - return; - fi - - echo -n "Would you like to save SSH keys from $image_name too? (Yes/No) [Yes] " - - response=$(get_response "Yes" "Yes No Y N") - if [ "$response" != "yes" ] && [ "$response" != "y" ]; then - echo "OK. SSH keys not saved." - return - fi - - mkdir -p /mnt/ssh - output=$(cp -p /mnt/tmp/boot/$image_name/live-rw/etc/ssh/ssh_host_* /mnt/ssh) - - if [ -n "$output" ]; then - echo -e "Warning: error in copying the old ssh keys." - echo -e "See $INSTALL_LOG for more details." - echo "Warning: error in copying the old ssh keys." >> $INSTALL_LOG - echo "cp -pR /mnt/tmp/etc/ssh/ssh_host_* /mnt/ssh" >> $INSTALL_LOG - echo "$output\n">> $INSTALL_LOG - return - fi - - # reset modes on keys (should already be set) - chmod 600 /mnt/ssh/*_key 2>&1 - chmod 644 /mnt/ssh/*.pub 2>&1 - - echo "SSH keys have been saved." -} - - - -## check_config_partition -# look to see if this partition contains a config file -# and back it up -check_config_partition() { - lpart=$1 - copied=0 - - # Cleanup from possible partial last run - rm -fr /mnt/config - - # Look to see if this is a config partition - mkdir -p /mnt/tmp - output=$(mount -r /dev/$lpart /mnt/tmp 2>&1) - if [ $? != 0 ]; then - echo -e "Cannot mount /dev/$lpart"."\nmount /dev/$ldrive$part /mnt/tmp\nExiting..." >> $INSTALL_LOG - echo "$output" >> $INSTALL_LOG - return - fi - - # Look to see if there is a config partition there - if [ -f /mnt/tmp/opt/vyatta/etc/config/.vyatta_config ] || - [ -f /mnt/tmp/.vyatta_config ]; then - save_old_config - copied=1 - fi - - # Look to see if there are SSH host keys - if [ -d /mnt/tmp/etc/ssh ]; then - save_old_keys - copied=1 - fi - - if [ $copied -eq 0 ]; then - # Check for images - images=() - image_dirs=/mnt/tmp/boot/* - - for dir in $image_dirs; do - if [ -f $dir/live-rw/config/.vyatta_config ]; then - item=${dir##/mnt/tmp/boot/} - images=($item ${images[@]}) - fi - done - - num_images=${#images[@]} - - if [ $num_images -gt 0 ]; then - echo "I found the following installed system image(s) with config files on $part:" - for (( i = 0; i < $num_images; i++ )); do - echo " $((i + 1)): ${images[$i]}" - done - - if [ $num_images -eq 1 ]; then - echo -n "Would you like to save config information from it? (Yes/No) [Yes] " - else - echo -n "Would you like to save config information from one? (Yes/No) [Yes] " - fi - - response=$(get_response "Yes" "Yes No Y N") - if [ "$response" != "yes" ] && [ "$response" != "y" ]; then - echo "OK. Config information not saved." - umount /mnt/tmp - return - fi - - if [ $num_images -gt 1 ]; then - image_index=-1 - while [ $image_index -lt 0 -o $image_index -ge $num_images ]; do - echo -n "Which image would you like to use? (1 .. $num_images): " - read num - image_index=$((num - 1)) - done - else - image_index=0 - fi - - image_name=${images[$image_index]} - echo "Saving config information from image $image_name." - save_image_config $image_name - echo "Done." - save_image_keys $image_name - fi - fi - umount /mnt/tmp -} - -# Delete all existing partitions for an automated install -# $1 is the drive to delete partitions from -delete_partitions () { - ldrive=$1 - - # get the partitions on the drive - # in the first grep below we add the optional [p] in order to accomdate cciss drives - partitions=$(cat /proc/partitions | grep $ldrive[p]*[0-9] | awk '{ print $4 }' | sed 's/\(.*\)\([0-9]$\)/\2/g' | grep -v "^$") - - # now for each part, blow it away - for part in $partitions - do - # Look to see if this is a config partition - check_config_partition "$ldrive$part" - - echo "Removing partition $part on /dev/$ldrive" >> $INSTALL_LOG - output=$(parted -s /dev/$ldrive rm $part) - status=$? - if [ "$status" != 0 ]; then - echo -e "Warning: cannot delete partition $part on $ldrive.\nPlease see $INSTALL_LOG for more details." - echo -e "Warning: cannot delete partition $part on $ldrive.\nparted /dev/$ldrive rm $part\n$output" >> $INSTALL_LOG - fi - - # We add a bogus sleep here because the loop needs to wait for udev - sleep 5 - done -} - -# make a filesystem on the drive -# $1 is the drive to format -make_filesystem () { - ldrive=$1 - - echo -n "Creating filesystem on /dev/$ldrive: " - echo "Creating filesystem on /dev/$ldrive..." >> $INSTALL_LOG - - progress_indicator start - output=$(mkfs -t $ROOT_FSTYPE /dev/$ldrive 2>&1) - status=$? - if [ "$status" != 0 ]; then - echo -e "Error: couldn't create the root filesystem.\nSee $INSTALL_LOG for further details.\nExiting..." - echo -e "Error: couldn't create the root filesystem.\n/sbin/mke2fs -j /dev/$ldrive\n$output" - exit 1 - fi - progress_indicator stop - echo "OK" -} - -# create the root partition -# $1 is the install drive e.g. sda -# $2 is the partition size e.g. 512 -# This will set the global ROOT_PARTITION -create_partitions() { - ldrive=$1 - root_part_size=$2 - start_offset=$3 - initialize_fs=$4 - - # Make sure there is enough space on drive - size=$(get_drive_size "$ldrive") - if [ "$root_part_size" -gt "$size" ]; then - echo "Error: $ldrive is only $size"MB" large. Desired root is $root_part_size" - exit 1 - fi - - # Make sure you can print disk info using parted - parted --script /dev/$ldrive p >/dev/null 2>&1 - - # If unable to read disk, it's likely it needs a disklabel - if [ "$?" != "0" ]; then - echo "Creating a new disklabel on $ldrive" - echo "parted /dev/$ldrive mklabel msdos" - output=$(parted -s /dev/$ldrive mklabel msdos) - - parted --script /dev/$ldrive p >/dev/null 2>&1 - if [ "$?" != "0" ]; then - echo "Unable to read disk label. Exiting." - exit 1 - fi - fi - - echo "Creating root partition on /dev/$ldrive" >> $INSTALL_LOG - - # make the root partition - # align at optimal block boundary - output=$(parted -s /dev/$ldrive mkpart primary $start_offset $root_part_size) - status=$? - if [ "$status" != 0 ]; then - echo -e "Error creating primary partition on $ldrive.\nPlease see $INSTALL_LOG for more details.\nExiting..." - echo -e "Error creating primary partition on $ldrive.\nparted /dev/$ldrive mkpart primary $start_offset $root_part_size\n$output" >> $INSTALL_LOG - exit 1 - fi - - # set the partition number on the device. - if [ -n "$( echo $ldrive | grep -E "cciss|ida" )" ]; then - # if this is a cciss - ROOT_PARTITION=$ldrive"p1" - else - # else... the rest of the world - ROOT_PARTITION=$ldrive"1" - fi - # udev takes time to re-add the device file, so wait for it - while [ ! -b "/dev/$ROOT_PARTITION" ] - do - sleep 1 - done - - if [ "$initialize_fs" = "yes" ]; then - # make the root and config file systems. - make_filesystem "$ROOT_PARTITION" - fi -} - -# Copy directory with pretty progress bar -copy_filesystem() { - cp -r -v --preserve=all "$@" | awk '{ - ++files - if ((files % 100) == 0) { - percent = files / total_files * 100 - printf "%3d%% [", percent - for (i=0;i" - for (;i<100;i+=2) - printf " " - printf "]\r" - fflush() - } - }' total_files=$(find "$@" | wc -l) -} - -# Install the root filesystem -# $1 is the partition to install on -install_root_filesystem () { - ldrive=$1 - version=`dpkg-query --showformat='${Version}' --show vyatta-version` - - dpkg="/usr/bin/dpkg --force-all --root=$rootfsdir" - echo "Mounting /dev/$ldrive " - echo "Mounting /dev/$ldrive..." >> $INSTALL_LOG - - # make the mount point - output=$(/bin/mkdir -p $rootfsdir) - - # mount the partition - output=$(mount /dev/$ldrive $rootfsdir) - status=$? - - if [ "$status" != 0 ]; then - echo -e "Error trying to mount the new root partition.\nPlease see $INSTALL_LOG for details.\nExiting..." - echo -e "Error trying to mount the new root partition.\nmount /dev/$ldrive $rootfsdir\n$output" >> $INSTALL_LOG - exit 1 - fi - - if [ -z "$UNION" ]; then - echo "Copying system files to /dev/$ROOT_PARTITION: " - # Mount the squashfs for copying - output=$(mkdir -p /mnt/squashfs) - if [ -f /live/image/live/filesystem.squashfs ]; then - output=$(mount /live/image/live/filesystem.squashfs /mnt/squashfs -t squashfs -o loop) - status=$? - elif [ -f /live/image/boot/$version/$version.squashfs ]; then - output=$(mount /live/image/boot/$version/$version.squashfs /mnt/squashfs -t squashfs -o loop) - status=$? - else - echo -e "Error: Unable to find a squash image. To install natively\nthe install media must be a livecd or a union install.\nExiting...\n\n" - echo -e "Error: Unable to find a squash image. To install natively\nthe install media must be a livecd or a union install.\nExiting...\n\n" >> $INSTALL_LOG - exit 1 - fi - - if [ "$status" != 0 ]; then - echo -e "Error trying to mount the squashfs.\nPlease see install log for more details.\nExiting..." - echo -e "Error trying to mount the squashfs.\nmount /live/image/live/filesystem.squashfs /mnt/squashfs -t squashfs -o loop\n$output" >> $INSTALL_LOG - exit 1 - fi - - echo "Copying /mnt/squashfs/* to $rootfsddir" >>$INSTALL_LOG - copy_filesystem /mnt/squashfs/* $rootfsdir 2>>$INSTALL_LOG - status=$? - echo - - if [ "$status" != 0 ]; then - echo -e "Error trying to copy the rootfs.\nPlease see install log for more details.\nExiting..." - exit 1 - fi - - # unmount the squashfs. No big deal if it fails. - output=$(umount /mnt/squashfs) - - # create the fstab - local rootdev="/dev/$ROOT_PARTITION"; - uuid=$(dumpe2fs -h $rootdev 2>/dev/null | awk '/^Filesystem UUID/ {print $3}') - if [ -z "$uuid" ] - then - echo "Unable to read filesystem UUID. Exiting." - exit 1 - else - if [ "$MANUF" = "Xen" ]; then - #disable barriers explicitly (just incase) - echo -e "UUID=$uuid\t/\t$ROOT_FSTYPE\tnoatime,nobarrier\t0 1" >> $rootfsdir/etc/fstab - else - echo -e "UUID=$uuid\t/\t$ROOT_FSTYPE\tnoatime\t0 1" >> $rootfsdir/etc/fstab - fi - fi - - #setup the hostname file - cp /etc/hostname $rootfsdir/etc/ - cp /etc/hosts $rootfsdir/etc/ - - progress_indicator stop - echo "OK" - else - # UNION install - mkdir -p $rootfsdir/boot/$version - ## make dir for backing store - mkdir -p $rootfsdir/boot/$version/live-rw - if [ -f /live/image/live/filesystem.squashfs ]; then - echo Copying squashfs image... - cp /live/image/live/filesystem.squashfs $rootfsdir/boot/$version/$version.squashfs - echo Copying kernel and initrd images... - cp -a /boot/* $rootfsdir/boot/$version/ - else - echo Copying image files... - cp -ar /live/image/boot/$version $rootfsdir/boot/ - fi - fi -} - -# copy the configuration to the config partition -# $1 is the config partition device -copy_config () { - config_partition=$1 - lerror='' - config_default=$vyatta_sysconfdir/config.boot.default - tmp_config_default=/tmp/${vyatta_sysconfdir//\//__} - - # create the config directory on the union file system - mkdir -p $rootfsdir$ofrconfdir - - # create the proper perms on the new config partition - chgrp vyattacfg $rootfsdir$ofrconfdir - chmod 775 $rootfsdir$ofrconfdir - - # create our config partition marker - touch $rootfsdir$ofrconfdir/.vyatta_config - - if [ -d /mnt/config ]; then - echo "Copying old configurations to config partition." - cp -pR /mnt/config/* $rootfsdir$ofrconfdir - else - # Find the config files and give the user the option to copy config files - # TODO: this needs cleaned up - if [ -f $ofrconfdir/config.boot ]; then - config=$ofrconfdir/config.boot - fi - - if [ -n "$config" ]; then - echo "I found the following configuration files" - for file in $config - do - echo $file - done - - default=$(echo -e $config | awk '{ print $1 }') - - while [ -z "$configfile" ] - do - echo -n "Which one should I copy to $INSTALL_DRIVE? [$default]: " - configfile=$(get_response "$default" "$config") - done - - echo - output=$(cp $configfile $rootfsdir$ofrconfdir) - if [ -n "$output" ]; then - echo "Error copying file $configfile to config directory. Exiting..." >> $INSTALL_LOG - exit 1 - fi - fi - fi - - # set the permissions on the new config file - if [ -f $rootfsdir$ofrconfdir/config.boot ]; then - chgrp vyattacfg $rootfsdir$ofrconfdir/config.boot - chmod 775 $rootfsdir$ofrconfdir/config.boot - fi -} - -# copy the saved ssh host key to the new install -copy_sshkeys() { - if [ -d /mnt/ssh ]; then - echo "Copying SSH keys." - cp -p /mnt/ssh/* $rootfsdir/etc/ssh - fi -} - -set_encrypted_password() { - sed -i \ - -e "/ user $1 {/,/}/s/encrypted-password.*\$/encrypted-password \"$2\"/" $3 -} - -change_password() { - local user=$1 - local pwd1="1" - local pwd2="2" - - until [[ "$pwd1" == "$pwd2" ]] - do - read -p "Enter password for user '$user': " -r -s pwd1 <>/dev/tty 2>&0 - echo - if [[ "$pwd1" == "" ]]; then - echo "'' is not a valid password" - continue - fi - read -p "Retype password for user '$user':" -r -s pwd2 <>/dev/tty 2>&0 - echo - - if [ "$pwd1" != "$pwd2" ] - then - echo "Passwords do not match" - fi - done - - # escape any slashes in resulting password - local epwd=$(mkpasswd -H md5 "$pwd1" | sed 's:/:\\/:g') - set_encrypted_password $user $epwd $rootfsdir$ofrconfdir/config.boot -} - -# setup grub on the boot sector of a user queried drive -install_grub () { - # we now use INSTALL_DRIVE to reference the grub boot drive. - # that way I can re-use select_drive. I'm lazy that way. - - if [ ${INSTALL_DRIVE:0:2} != "md" ]; then - INSTALL_DRIVE='' - fi - - mkdir -p $rootfsdir/boot/grub - # Let the user choose the boot sector - - while [ -z "$INSTALL_DRIVE" ] - do - echo "I need to install the GRUB boot loader." - echo "I found the following drives on your system:" - select_drive "Which drive should GRUB modify the boot partition on?" - done - - echo -n "Setting up grub: " - echo "Setting up grub..." >> $INSTALL_LOG - - # Install grub in the boot sector of the primary drive - progress_indicator start - grub-install --no-floppy --recheck --root-directory=$rootfsdir /dev/$INSTALL_DRIVE >>$INSTALL_LOG 2>&1 - progress_indicator stop - - # Check if using aufs - if grep -q aufs /proc/filesystems - then - if [ -z "$grub_options" ] - then - grub_options="union=aufs" - else - grub_options="$grub_options union=aufs" - fi - fi - - version=`dpkg-query --showformat='${Version}' --show vyatta-version` - - # if union install tell vyatta-grub-setup - if [ -n "$UNION" ]; then - grub_args="-u $version" - else - grub_args="-v $version" - fi - - if /opt/vyatta/sbin/vyatta-grub-setup $grub_args "$ROOT_PARTITION" "$grub_options" /mnt/rootfs >>$INSTALL_LOG - then - echo "OK" - else - echo Grub failed to install! - exit 1 - fi -} - -# ask for user input on the parted and skip setup methods -# $1 is whether or not to run parted -# sets globals INSTALL_DRIVE, ROOT_PARTITION, CONFIG_PARTITION -setup_method_manual() { - parted=$1 - - echo "The VyOS install needs a minimum ${ROOT_MIN}MB root" - echo "with partiton type 83 (Linux)." - echo -e "\n\n" - - # if this is parted, let the user create the partitions - if [ "$INSTALL_METHOD" == "parted" ] || [ "$INSTALL_METHOD" == "p" ]; then - while [ -z "$INSTALL_DRIVE" ] - do - # TODO: right now we only run parted on a single drive - echo -e "\nI found the following drives on your system:" - select_drive "Which drive would you like to run parted on?" - - done - - # Unmount the install drive if it is mounted - unmount "$INSTALL_DRIVE" - - # Run parted and let the user configure - parted /dev/$INSTALL_DRIVE - fi - - # Ask for the root partition and make sure it's valid - while [ -z "$ROOT_PARTITION" ] - do - select_partition 500 "Which partition should I install the root on?" - # Note that PARTITION is defined in select partition - ROOT_PARTITION=$PARTITION - unmount "$ROOT_PARTITION" - vd=$(grep $ROOT_PARTITION /proc/partitions | awk '{ print $4 }') - - if [ -z "$vd" ]; then - echo - echo "$ROOT_PARTITION is an invalid partition. Please try again." - ROOT_PARTITION="" - fi - done - - # check for an old config on the partition - check_config_partition "$ROOT_PARTITION" - - # create the filesystem on the part - make_filesystem "$ROOT_PARTITION" - - # We need to set the INSTALL_DRIVE if it wasn't set when the user ran parted - # We assume that we will use the boot sector of the same drive that the - # partition is on. - # TODO: Allow different drives to function as the boot device - if [ -z "$INSTALL_DRIVE" ]; then - if [ ${ROOT_PARTITION:0:2} = "md" ]; then - INSTALL_DRIVE=$ROOT_PARTITION - else - INSTALL_DRIVE=$(echo $ROOT_PARTITION | sed 's/[0-9]//g') - fi - fi -} - -# Walk the user through the auto setup method -# sets globals INSTALL_DRIVE, ROOT_PARTITION, CONFIG_PARTITION -setup_method_auto() { - while [ -z "$INSTALL_DRIVE" ] - do - echo "I found the following drives on your system:" - select_drive "Install the image on?" - - # check to make sure the drive is large enough to hold the image - if [ -n "$INSTALL_DRIVE" ]; then - lsize=$(get_drive_size "$INSTALL_DRIVE") - total=$ROOT_MIN - if [ "$total" -gt "$lsize" ]; then - echo "Unfortunately, VyOS requires a total of at least $total"MB" to properly install." - echo "$INSTALL_DRIVE is below the minimum required capacity and therefore, cannot be used to" - echo -e "complete the installation.\n" - echo "If other drives are present" - echo -e "Please select another drive...\n" - - INSTALL_DRIVE='' - fi - fi - done - - warn_of_dire_consequences - - echo - - # make sure we aren't working on a mounted part - unmount "$INSTALL_DRIVE" - - # remove any existing partitions on that drive - delete_partitions "$INSTALL_DRIVE" - - # Enforce minimum partion size requirement. - ROOT_PARTITION_SIZE=0 - while [ $ROOT_MIN -gt $ROOT_PARTITION_SIZE ]; do - # Get the size of the drive - size=$(get_drive_size $INSTALL_DRIVE) - - # If drive is big, leave more space 512K bytes (1024 sectors) - # this is better for SSD - if (( $size > 10000 )); then - ROOT_OFFSET="1024S" - fi - - echo -n "How big of a root partition should I create? ($ROOT_MIN"MB" - $size"MB") [$size]MB: " - response=$(get_response "$size") - # TODO: need to have better error checking on this value - ROOT_PARTITION_SIZE=$(echo "$response" | sed 's/[^0-9]//g') - if [ $ROOT_PARTITION_SIZE -lt $ROOT_MIN ] || [ $ROOT_PARTITION_SIZE -gt $size ]; then - echo "Root partion must be between $ROOT_MIN"MB" and $size"MB"" - echo - ROOT_PARTITION_SIZE=0 - fi - done - - echo - - # now take the data and create the partitions - create_partitions "$INSTALL_DRIVE" "$ROOT_PARTITION_SIZE" "$ROOT_OFFSET" "yes" - # mark data partition as bootable - echo "Marking /dev/$INSTALL_DRIVE partition 1 as bootable" >> $INSTALL_LOG - parted -s /dev/$INSTALL_DRIVE set 1 boot on >> $INSTALL_LOG 2>&1 - # Must give partition device time to settle - sleep 5 -} - -# walk the user through a union setup -# sets globals INSTALL_DRIVE, ROOT_PARTITION, CONFIG_PARTITION -setup_method_union() { - UNION=1 - - echo "A union install requires an image partition of at least 250mbs." - echo "If you want to accomodate more than one image on the partition," - echo "it should be larger. Each image is roughly 200mbs. This " - echo "partition will be the bootable partition for this machine." - echo - - # Ask for the image partition and make sure it's valid - while [ -z "$ROOT_PARTITION" ] - do - select_partition 250 "Which partition should I install the images on?" - # Note that PARTITION is defined in select partition - ROOT_PARTITION=$PARTITION - unmount "$ROOT_PARTITION" - vd=$(grep $ROOT_PARTITION /proc/partitions | awk '{ print $4 }') - - if [ -z "$vd" ]; then - echo - echo "$ROOT_PARTITION is an invalid partition. Please try again." - ROOT_PARTITION="" - fi - done - - echo Creating filesystem on $ROOT_PARTITION - make_filesystem $ROOT_PARTITION - - echo - echo "An optional writable persistent root partition may also" - echo "be created. This partition will allow you to store " - echo "files between reboots and upgrade packages." - echo - echo -n "Would you like to create a persistent root partition? (Yes/No) [Yes]: " - response=$(get_response "Yes" "Yes No Y N") - if [ "$response" == "yes" ] || [ "$response" == "y" ]; then - echo "The persistent root partition should be a minimum of 50mbs" - echo "for log files. If you plan on adding any other software or" - echo "upgrading it, the root partition should be large enough to" - echo "accomodate those packages" - - # Ask for the union partition and make sure it's valid - while [ -z "$UNION_PARTITION" ] - do - select_partition 50 "Which partition should I install the binary images on?" "$ROOT_PARTITION" - # Note that PARTITION is defined in select partition - UNION_PARTITION=$PARTITION - unmount "$UNION_PARTITION" - vd=$(grep $UNION_PARTITION /proc/partitions | awk '{ print $4 }') - - if [ -z "$vd" ]; then - echo - echo "$UNION_PARTITION is an invalid partition. Please try again." - UNION_PARTITION="" - fi - done - - echo Creating filesystems on $ROOT_PARTITION - make_filesystem $UNION_PARTITION - - echo Labeling $UNION_PARTITION - e2label /dev/$UNION_PARTITION live-rw - fi -} - -unmount () { - # grab the list of mounted drives - # make sure to reverse sort so as to unmount up the tree - mounted=$(mount | grep "$1" | cut -f3 -d' ' | sort -r) - if [ -n "$mounted" ]; then - echo "I need to unmount: " - echo "$mounted" - - response='' - while [ -z "$response" ] - do - echo -n "Continue (Yes/No) [No]: " - response=$(get_response "No" "Yes No Y N") - if [ "$response" == "no" ] || [ "$response" == "n" ]; then - echo -e "Ok then. Need to unmount to continue.\nExiting..." - exit 1 - fi - done - - for parts in "$mounted" - do - echo "umount $parts" >> $INSTALL_LOG - output=$(umount $parts) - status=$? - if [ "$status" != 0 ]; then - echo -e "Exiting: error unmounting $parts.\nPlease see $INSTALL_LOG for more details." - echo -e "Exiting: error unmounting $parts.\numount $parts\n$output" >> $INSTALL_LOG - exit 1 - fi - done - fi -} - -setup_xen_partition_images () { - if [ -d "$rootfsdir/var/xen/" ]; then - echo Setting up Xen virtual machine images - compressed_images=$(ls $rootfsdir/var/xen/*.img.gz 2> /dev/null) - if [ -n "$compressed_images" ]; then - for cmp_img in $compressed_images; do - # uncompress the image - uncmp_img=$(echo $cmp_img | sed s'/.gz$//') - if [ ! -f "$uncmp_img" ]; then - echo decompressing $cmp_img - gzip -dc $cmp_img > $uncmp_img - fi - done - fi - echo - fi -} - -setup_xen_extras () { - echo "Setting up config files for Xen..." - # Set up /boot/grub/menu.lst for use by pygrub - grubfile=$rootfsdir/boot/grub/menu.lst - echo "timeout 5" >> $grubfile - echo "" >> $grubfile - echo "title vyos-virt" >> $grubfile - echo "root (hd0,0)" >> $grubfile - echo "kernel /boot/vmlinuz root=/dev/xvda1 ro console=hvc0" >> $grubfile - echo "initrd /boot/initrd.img" >> $grubfile - - # Add /proc/xen entry to fstab - echo "xenfs /proc/xen xenfs defaults 0 0" >> $rootfsdir/etc/fstab - - # Comment out serial port entry and add Xen console entry to inittab. - inittab=$rootfsdir/etc/inittab - sed -i -e 's/^T0/#T0/' $inittab - echo "" >> $inittab - echo "h0:12345:respawn:/sbin/getty 38400 hvc0" >> $inittab -} - -check_for_xen_extras () { - prod=`/usr/sbin/dmidecode -s system-product-name` - if [ "$MANUF" = "Xen" -a "$prod" = "HVM domU" ]; then - echo "You are installing to a $MANUF $prod virtual machine." - echo "Would you like to set up config files to prepare for the" - echo -n "conversion to PV domU? [No]: " - response=$(get_response "No" "Yes No Y N") - if [ "$response" == "yes" ] || [ "$response" == "y" ]; then - setup_xen_extras - fi - fi -} - -progress_indicator () { - case "$1" in - start) $vyatta_bindir/progress-indicator $SPID & - ;; - *) - if ! rm /tmp/pi.$SPID 2>/dev/null - then - sleep 1 - rm /tmp/pi.$SPID 2>/dev/null - fi - - sleep 1 - echo -n -e "\b" - ;; - esac -} - -##### Main -## -# turn off any mounted swap files -turnoffswap - -# Print welcome and instructions. -echo "Welcome to the VyOS install program. This script" -echo "will walk you through the process of installing the" -echo "VyOS image to a local hard drive." -echo - -response='' -while [ -z "$response" ] -do - echo -n "Would you like to continue? (Yes/No) [Yes]: " - response=$(get_response "Yes" "Yes No Y N") - if [ "$response" == "no" ] || [ "$response" == "n" ]; then - echo "Ok then. Exiting..." - exit 1 - fi -done - -# some drives don't show up in /proc/partitions so we need to bootstrap them -echo -n "Probing drives: " -progress_indicator start -probe_drives -progress_indicator stop -echo "OK" - -INSTALL_METHOD='' -check_for_old_raid -if [ -z "$INSTALL_METHOD" ]; then - check_for_new_raid -fi - -if [ -z "$INSTALL_METHOD" ]; then - echo "The VyOS image will require a minimum ${ROOT_MIN}MB root." - echo "Would you like me to try to partition a drive automatically" - echo "or would you rather partition it manually with parted? If" - echo "you have already setup your partitions, you may skip this step." - echo - - while [ -z "$INSTALL_METHOD" ] - do - echo -n "Partition (Auto/Union/Parted/Skip) [Auto]: " - INSTALL_METHOD=$(get_response "Auto" "Auto Parted Skip Union A P S U") - done - - echo -fi - -# Unless doing union install, must be from live cd -if [ $INSTALL_METHOD != "union" -a $INSTALL_METHOD != "u" ] && - [ -w /live/image -o ! -d /live/image ] -then - echo "install-system can only be run from livecd" - echo "(except if doing union install)" - exit 1 -fi - -# TODO: Note installs assume an LBA BIOS. So no boot partition currently. -# also note that we are not creating a swap partition right now. -if [ "$INSTALL_METHOD" == "parted" ] || [ "$INSTALL_METHOD" == "p" ]; then - setup_method_manual "parted" -elif [ "$INSTALL_METHOD" == "skip" ] || [ "$INSTALL_METHOD" == "s" ]; then - setup_method_manual "skip" -elif [ "$INSTALL_METHOD" == "auto" ] || [ "$INSTALL_METHOD" == "a" ]; then - setup_method_auto -elif [ "$INSTALL_METHOD" == "union" ] || [ "$INSTALL_METHOD" == "u" ]; then - echo "A union install requires an image partition of at least 250mbs." - echo "If you want to accomodate more than one image on the partition," - echo "it should be larger. Each image is roughly 200mbs. This " - echo "partition will be the bootable partition for this machine." - echo - - UNION=1 - setup_method_auto -elif [ "$INSTALL_METHOD" == "vyatta" ]; then - echo "Automated install..." - echo "unmounting $INSTALL_DRIVE" - unmount "$INSTALL_DRIVE" - echo "deleting partitions on $INSTALL_DRIVE" - delete_partitions "$INSTALL_DRIVE" - echo "creating config partition" - create_partitions "$INSTALL_DRIVE" "$ROOT_PARTITION_SIZE" "$ROOT_OFFSET" "yes" - # mark data partition as bootable - echo "Marking /dev/$INSTALL_DRIVE partition 1 as bootable" >> $INSTALL_LOG - parted -s /dev/$INSTALL_DRIVE set 1 boot on >> $INSTALL_LOG 2>&1 - # Must give partition device time to settle - sleep 5 -fi - -# Install the root filesystem -install_root_filesystem "$ROOT_PARTITION" - -# Copy the config files -copy_config "$CONFIG_PARTITION" - -# Modify config to match system -# Assume user wants to keep password from old config -if [ ! -d /mnt/config ]; then - # Disable root login - set_encrypted_password root "*" $rootfsdir$ofrconfdir/config.boot - - echo "Enter password for administrator account" - change_password vyos -fi - -# restore ssh host keys -copy_sshkeys - -# check for xen part images in /var/xen -setup_xen_partition_images - -# Install grub -install_grub - -check_for_xen_extras - -if [ -z "$UNION" ]; then - # Fix up PAM configuration for login so that invalid users are prompted - # for password - sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login -fi - -# -# Only start the mdadm daemon if we have the root filesystem running -# on a RAID set. Since this script is the only way that the root filesystem -# ever gets set up, we can do this configuration here. -# -MDADM_CONFIG_FILE=$rootfsdir/etc/default/mdadm -if [ -e $MDADM_CONFIG_FILE ]; then - if [ ${INSTALL_DRIVE:0:2} = "md" ]; then - sed -i -e 's/^START_DAEMON.*$/START_DAEMON=true/' \ - -e 's/^AUTOSTART=.*$/AUTOSTART=true/' $MDADM_CONFIG_FILE - else - sed -i -e 's/^START_DAEMON.*$/START_DAEMON=false/' \ - -e 's/^AUTOSTART=.*$/AUTOSTART=false/' $MDADM_CONFIG_FILE - fi -fi - -postinst_root=$rootfsdir -writable_root='' -if [ -n "$UNION" ]; then - # set up root for postinst - postinst_root=/mnt/postinst_root - writable_root=$rootfsdir - version=`dpkg-query --showformat='${Version}' --show vyatta-version` - rw_dir=$rootfsdir/boot/$version/live-rw - - mkdir -p $postinst_root /mnt/squashfs - mount -o loop,ro -t squashfs \ - $rootfsdir/boot/$version/$version.squashfs /mnt/squashfs - mount -t unionfs -o noatime,dirs=$rw_dir=rw:/mnt/squashfs=ro unionfs \ - $postinst_root - - # handle start-up config file - mkdir -p $postinst_root/$ofrconfdir - if [ -f $rootfsdir/$ofrconfdir/config.boot ]; then - cp -p $rootfsdir/$ofrconfdir/* $postinst_root/$ofrconfdir/ - fi - - # set up /var/run - pi_fstab=$postinst_root/etc/fstab - if ! grep -q 'tmpfs /var/run ' $pi_fstab >&/dev/null; then - # replace the fstab. the default one has header that will cause - # it to be wiped out on live boot. - echo 'tmpfs /var/run tmpfs nosuid,nodev 0 0' >$pi_fstab - fi -fi - -# postinst hook -if [ -e /opt/vyatta/etc/install-system/postinst ]; then - echo "running post-install script" - /opt/vyatta/etc/install-system/postinst $postinst_root $writable_root \ - >>$INSTALL_LOG -fi - -if [ -n "$UNION" ]; then - umount $postinst_root - umount /mnt/squashfs -fi - -cp $INSTALL_LOG $rootfsdir/install.log - -umount $rootfsdir - -echo "Done!" -echo "Done!" >> $INSTALL_LOG - -exit 0 diff --git a/scripts/install/install-postinst-new b/scripts/install/install-postinst-new index f6c6e956..2457cdd3 100755 --- a/scripts/install/install-postinst-new +++ b/scripts/install/install-postinst-new @@ -254,14 +254,6 @@ if [ "$INSTALL_TYPE" != 'union' ]; then WRITE_ROOT='' fi -# postinst hook -if [ -e /opt/vyatta/etc/install-system/postinst ]; then - echo "running post-install script" - output=$(/opt/vyatta/etc/install-system/postinst \ - "$INST_ROOT" "$WRITE_ROOT" 2>&1) - lecho "$output" -fi - becho "Done!" exit 0 -- cgit v1.2.3 From 48b49fe1d7776d3dbf30ad786f8a3fb7dafa07b1 Mon Sep 17 00:00:00 2001 From: Kim Date: Sat, 18 Nov 2017 01:33:32 +0100 Subject: removing first grub timeout --- scripts/vyatta-grub-setup | 7 ------- 1 file changed, 7 deletions(-) (limited to 'scripts') diff --git a/scripts/vyatta-grub-setup b/scripts/vyatta-grub-setup index 7a5d3891..cf30cbb3 100755 --- a/scripts/vyatta-grub-setup +++ b/scripts/vyatta-grub-setup @@ -181,13 +181,6 @@ fi echo -e "set root=(md/${ROOT_PARTITION#md})" fi - echo "" - echo "echo -n Press ESC to enter the Grub menu..." - echo "if sleep --verbose --interruptible 5 ; then" - echo -e "\tterminal_input console serial" - echo "fi" - echo "" - # create xen kernels if they exist XEN_OPTS='dom0_mem=512M xenheap_megabytes=128' if [ -n "$xen_kernel_version" ]; then -- cgit v1.2.3 From 7ddab704b12dc447a2d8e2acb9178a0d90f63b78 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 9 Dec 2017 15:28:24 +0100 Subject: T414: Remove 'telnet' service Telnet remote logins have been deprecated for decades. As Debian 'jessie' busybox no longer has a telnetd applet, this service is no longer available. --- Makefile.am | 1 - debian/changelog | 6 ++ scripts/system/vyatta_update_telnet | 84 ------------------------ templates/service/telnet/allow-root/node.def | 3 - templates/service/telnet/listen-address/node.def | 7 -- templates/service/telnet/node.def | 8 --- templates/service/telnet/port/node.def | 9 --- 7 files changed, 6 insertions(+), 112 deletions(-) delete mode 100755 scripts/system/vyatta_update_telnet delete mode 100644 templates/service/telnet/allow-root/node.def delete mode 100644 templates/service/telnet/listen-address/node.def delete mode 100644 templates/service/telnet/node.def delete mode 100644 templates/service/telnet/port/node.def (limited to 'scripts') diff --git a/Makefile.am b/Makefile.am index 169df296..9dfc957c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -56,7 +56,6 @@ sbin_SCRIPTS += scripts/system/vyatta_update_sysctl.pl sbin_SCRIPTS += scripts/system/vyatta_update_syslog.pl sbin_SCRIPTS += scripts/system/vyatta_update_console.pl sbin_SCRIPTS += scripts/system/vyatta_update_ntp.pl -sbin_SCRIPTS += scripts/system/vyatta_update_telnet sbin_SCRIPTS += scripts/system/irq-affinity.pl sbin_SCRIPTS += scripts/snmp/vyatta-snmp.pl sbin_SCRIPTS += scripts/snmp/vyatta-snmp-v3.pl diff --git a/debian/changelog b/debian/changelog index 2d7dc77f..8d4ebc05 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.20.44+vyos2+current4) unstable; urgency=medium + + * T414: Remove telnetd service + + -- Christian Poessinger Sat, 09 Dec 2017 15:29:45 +0100 + vyatta-cfg-system (0.20.44+vyos2+current3) unstable; urgency=medium [ Kim Hagen ] diff --git a/scripts/system/vyatta_update_telnet b/scripts/system/vyatta_update_telnet deleted file mode 100755 index f50eef79..00000000 --- a/scripts/system/vyatta_update_telnet +++ /dev/null @@ -1,84 +0,0 @@ -#! /bin/bash -# Script to control telnet daemon parameters -# and block changes when logged in over telnet - -# Block changes to telnet daemon when logged in over telnet -pid=$(who -um | awk -F " " '{print $7}') -if [ -n "$pid" ]; then - if ps --pid $(ps --pid $pid -o ppid=) -o cmd= | grep -q telnetd - then - echo "Please configure telnet settings via ssh or console." - exit 1 - fi -fi - -usage() { - echo "Usage: $0 enable " - echo " $0 disable" - echo " $0 allow-root {true|false}" - exit 1; -} - -allow-root() { - case "$1" in - true) ;; - false) ;; - *) echo "Expect true or false" - usage ;; - esac - - sudo sed -i -e '/^# Pseudo-terminal (telnet)/,$d' /etc/securetty - - if [ $1 = "false" ]; then - return - fi - - sudo sh -c "cat >>/etc/securetty" < 0 && $VAR(@) <= 65535 ; \ - "Port number must be in range 1 to 65535" -commit:expression: exec "sudo /opt/vyatta/sbin/is_port_available.pl $VAR(@)"; \ - "Port $VAR(@) is already in use!" -- cgit v1.2.3 From 9499b3e5f88ce72054046ac8a6c0da305f1b5fa4 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 26 Dec 2017 16:53:01 +0100 Subject: T488: GRUB can't boot from software RAID --- debian/changelog | 6 ++++++ scripts/vyatta-grub-setup | 37 +++++++++++++++++++++---------------- 2 files changed, 27 insertions(+), 16 deletions(-) (limited to 'scripts') diff --git a/debian/changelog b/debian/changelog index 8d4ebc05..e69f9e04 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.20.44+vyos2+current5) unstable; urgency=medium + + * T488: GRUB can't boot from software RAID + + -- Christian Poessinger Tue, 26 Dec 2017 14:40:54 +0100 + vyatta-cfg-system (0.20.44+vyos2+current4) unstable; urgency=medium * T414: Remove telnetd service diff --git a/scripts/vyatta-grub-setup b/scripts/vyatta-grub-setup index cf30cbb3..d263eff3 100755 --- a/scripts/vyatta-grub-setup +++ b/scripts/vyatta-grub-setup @@ -1,7 +1,7 @@ #!/bin/sh # # Module: grup-setup -# +# # **** License **** # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 as @@ -15,11 +15,11 @@ # This code was originally developed by Vyatta, Inc. # Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc. # All Rights Reserved. -# +# # Author: Robert Bays # Date: 2006 # Description: -# +# # **** End License **** # # Vyatta grub customization setup script. @@ -55,7 +55,7 @@ ROOT_PARTITION="$1" GRUB_OPTIONS="$2" ROOTFSDIR="$3" -[ "$ROOT_PARTITION" ] || exit 1 +[ "$ROOT_PARTITION" ] || exit 1 # Grub options if [ "$GRUB_OPTIONS" ] @@ -114,7 +114,7 @@ if eval "$UNION"; then 2> /dev/null | grep -v xen \ | awk -F/ '{ print $6 }' | sed 's/vmlinuz//g' \ | sort -r) -else +else # Read UUID off of filesystem and use it to tell GRUB where to mount drive # This allows device to move around and grub will still find it uuid=$(dumpe2fs -h /dev/${ROOT_PARTITION} 2>/dev/null | awk '/^Filesystem UUID/ {print $3}') @@ -133,7 +133,7 @@ if [ -n "$xen_kernel_version" ] || [ -n "$union_xen_kernel_version" ]; then default_console=0 fi -# Check for diagnostic partition residing in first partition of drive +# Check for diagnostic partition residing in first partition of drive # holding the root partition. diag_drive_number="" @@ -175,10 +175,15 @@ fi echo "terminal_output --append serial" if [ ${ROOT_PARTITION:0:2} = "md" ]; then + uuid_root_disk=`/sbin/tune2fs -l /dev/${root_disk}1 | grep UUID | awk '{print $3}'` + uuid_root_md=`/sbin/tune2fs -l /dev/md${ROOT_PARTITION#md} | grep UUID | awk '{print $3}'` echo "" - echo -e "insmod mdraid09" + echo -e "insmod part_msdos" + echo -e "insmod diskfilter" + echo -e "insmod ext2" echo -e "insmod mdraid1x" - echo -e "set root=(md/${ROOT_PARTITION#md})" + echo -e "set root='mduuid/${uuid_root_disk}'" + echo -e "search --no-floppy --fs-uuid --set=root ${uuid_root_md}" fi # create xen kernels if they exist @@ -226,7 +231,7 @@ fi echo -e "\tlinux /boot/$livedir/vmlinuz $GRUB_OPTIONS $usb_console" echo -e "\tinitrd /boot/$livedir/initrd.img" echo -e "}" - + elif [ -n "$union_kernel_versions" ]; then for kversion in $union_kernel_versions; do echo @@ -254,8 +259,8 @@ fi echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $VGA_LOGO $vty_console" echo -e "\tinitrd /boot/initrd.img" echo -e "}" - - # Set the second system boot option. + + # Set the second system boot option. # Make the serial port be the default console in this one. echo echo -e "menuentry \"VyOS $version (Serial console)\" {" @@ -288,19 +293,19 @@ fi fi fi - # Set options for root password reset. Offer + # Set options for root password reset. Offer # options for both serial and KVM console. reset_boot_path=/boot if eval "$UNION"; then reset_boot_path=/boot/$livedir fi - + echo echo -e "menuentry \"Lost password change $version (KVM console)\" {" echo -e "\tlinux $reset_boot_path/vmlinuz $GRUB_OPTIONS $NOSELINUX $vty_console init=$pass_reset" echo -e "\tinitrd $reset_boot_path/initrd.img" echo -e "}" - + echo echo -e "menuentry \"Lost password change $version (Serial console)\" {" echo -e "\tlinux $reset_boot_path/vmlinuz $GRUB_OPTIONS $NOSELINUX $serial_console init=$pass_reset" @@ -314,12 +319,12 @@ fi echo -e "}" if [ -n "$diag_drive_number" ]; then - echo + echo echo -e "menuentry \"Diagnostics\" {" echo -e "\tchainloader (hd$diag_drive_number,1)+1" echo -e "}" fi - + ) >"$ROOTFSDIR"/boot/grub/grub.cfg -- cgit v1.2.3 From 28ab553cfbe8d682314d61d0bac520deacfa14c7 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 27 Dec 2017 22:29:53 +0100 Subject: T496: remove diagnostic partition for RAID1 installs --- debian/changelog | 6 ++++++ scripts/install-system | 21 +-------------------- scripts/install/install-get-partition | 22 ++-------------------- scripts/vyatta-grub-setup | 27 --------------------------- 4 files changed, 9 insertions(+), 67 deletions(-) (limited to 'scripts') diff --git a/debian/changelog b/debian/changelog index e69f9e04..d1169cde 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.20.44+vyos2+current6) unstable; urgency=medium + + * T496: remove diagnostic partition for RAID1 installs + + -- Christian Poessinger Wed, 27 Dec 2017 23:32:44 +0100 + vyatta-cfg-system (0.20.44+vyos2+current5) unstable; urgency=medium * T488: GRUB can't boot from software RAID diff --git a/scripts/install-system b/scripts/install-system index 108153da..e8464951 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -399,7 +399,7 @@ check_for_new_raid () { # # Partition creation variables are in units of megabytes. part_start_offset=2 - part_diag_size=60 + data_dev=1 if [ $drivesize1 -lt $drivesize2 ]; then root_size=$drivesize1 @@ -407,25 +407,6 @@ check_for_new_raid () { root_size=$drivesize2 fi - let min_size_with_diag=${MIN_ROOT}+${part_diag_size} - if [ $root_size -ge $min_size_with_diag ]; then - echo "Would you like me to create a $part_diag_size MB partition for diagnostics?" - echo -n "(Yes/No) [No]: " - diag_response=$(get_response "No" "Yes No Y N") - if [ "$diag_response" == "yes" ] || [ "$diag_response" == "y" ]; then - for drive in $drives - do - echo "Creating diag partition on drive $drive" - create_partitions "$drive" $part_diag_size $part_start_offset "no" - sfdisk --change-id /dev/$drive 1 0x6 - done - data_dev=2 - let part_start_offset+=$part_diag_size - else - data_dev=1 - fi - fi - let root_size-=$part_start_offset for drive in $drives diff --git a/scripts/install/install-get-partition b/scripts/install/install-get-partition index 0ddbd443..f1b373ae 100755 --- a/scripts/install/install-get-partition +++ b/scripts/install/install-get-partition @@ -259,12 +259,12 @@ check_for_new_raid () { done # Need to leave space on both disks between the MBR and the start - # of the first partition for grub. Grub needs to embed a large + # of the first partition for grub. Grub needs to embed a large # boot image there when booting off RAID devices. # # Partition creation variables are in units of megabytes. part_start_offset=2 - part_diag_size=60 + data_dev=1 if [ $drivesize1 -lt $drivesize2 ]; then root_size=$drivesize1 @@ -272,24 +272,6 @@ check_for_new_raid () { root_size=$drivesize2 fi - let min_size_with_diag=${MIN_ROOT}+${part_diag_size} - if [ $root_size -ge $min_size_with_diag ]; then - echo "Would you like me to create a $part_diag_size MB partition for diagnostics?" - echo -n "(Yes/No) [No]: " - diag_response=$(get_response "No" "Yes No Y N") - if [ "$diag_response" == "yes" ] || [ "$diag_response" == "y" ]; then - for drive in $drives; do - echo "Creating diag partition on drive $drive" - create_partitions "$drive" $part_diag_size $part_start_offset "no" - sfdisk --change-id /dev/$drive 1 0x6 - done - data_dev=2 - let part_start_offset+=$part_diag_size - else - data_dev=1 - fi - fi - let root_size-=$part_start_offset for drive in $drives; do diff --git a/scripts/vyatta-grub-setup b/scripts/vyatta-grub-setup index d263eff3..ea4dc905 100755 --- a/scripts/vyatta-grub-setup +++ b/scripts/vyatta-grub-setup @@ -133,11 +133,6 @@ if [ -n "$xen_kernel_version" ] || [ -n "$union_xen_kernel_version" ]; then default_console=0 fi -# Check for diagnostic partition residing in first partition of drive -# holding the root partition. - -diag_drive_number="" - if [ ${ROOT_PARTITION:0:2} = "md" ]; then # Select the first disk in the RAID group to look for diag partition on root_disks=`echo /sys/block/$ROOT_PARTITION/slaves/*` @@ -149,20 +144,6 @@ else root_disk=${ROOT_PARTITION:0:${#ROOT_PARTITION}-1} fi -# If the root partition is not occupying the first partition, then we -# can look for a diag partition there. -if [ "$ROOT_PARTITION" != "${root_disk}1" ]; then - first_part_fstype=`fdisk -l /dev/$root_disk | grep ^/dev/${root_disk}1 | awk '{ print $6 }'` - - if [ "$first_part_fstype" = "FAT16" -o "$first_part_fstype" = "Dell" ]; then - # Translate the Linux drive letter (e.g. the "a" in "/dev/sda") into - # a drive number that grub uses. i.e. "a" = 0, "b" = 1, etc. - diag_drive_letter=${root_disk:2:1} - diag_drive_number=`echo $diag_drive_letter | od -t u1 -N 1 | awk '{ print $2 }'` - let diag_drive_number-=97 - fi -fi - ( # create the grub.cfg file for grub # The "default=" line selects which boot option will be used by default. @@ -318,14 +299,6 @@ fi echo -e "\tinitrd $reset_boot_path/initrd.img" echo -e "}" - if [ -n "$diag_drive_number" ]; then - echo - echo -e "menuentry \"Diagnostics\" {" - echo -e "\tchainloader (hd$diag_drive_number,1)+1" - echo -e "}" - fi - - ) >"$ROOTFSDIR"/boot/grub/grub.cfg ( [ -s /boot/grub/menu.lst ] && -- cgit v1.2.3 From 2abbf9fb822b7c16cbf6f60d9c0ba4c181e024e9 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 21 Jan 2018 17:14:38 +0100 Subject: T523: Use new location for dnsmasq config files --- scripts/dns-forwarding/vyatta-dns-forwarding.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/dns-forwarding/vyatta-dns-forwarding.pl b/scripts/dns-forwarding/vyatta-dns-forwarding.pl index fa9fae68..e2ee913c 100755 --- a/scripts/dns-forwarding/vyatta-dns-forwarding.pl +++ b/scripts/dns-forwarding/vyatta-dns-forwarding.pl @@ -32,7 +32,7 @@ use strict; use warnings; my $dnsforwarding_init = '/etc/init.d/dnsmasq'; -my $dnsforwarding_conf = '/etc/dnsmasq.conf'; +my $dnsforwarding_conf = '/etc/dnsmasq.d/vyos.conf'; sub dnsforwarding_restart { system("$dnsforwarding_init restart >&/dev/null"); -- cgit v1.2.3 From d663e63a2d60fa6c79328cd08a6fce76f3861372 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 21 Jan 2018 17:15:16 +0100 Subject: T523: Use systemctl to stop/restart dnsmasq --- scripts/dns-forwarding/vyatta-dns-forwarding.pl | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'scripts') diff --git a/scripts/dns-forwarding/vyatta-dns-forwarding.pl b/scripts/dns-forwarding/vyatta-dns-forwarding.pl index e2ee913c..bb091e9d 100755 --- a/scripts/dns-forwarding/vyatta-dns-forwarding.pl +++ b/scripts/dns-forwarding/vyatta-dns-forwarding.pl @@ -31,15 +31,14 @@ use Getopt::Long; use strict; use warnings; -my $dnsforwarding_init = '/etc/init.d/dnsmasq'; my $dnsforwarding_conf = '/etc/dnsmasq.d/vyos.conf'; sub dnsforwarding_restart { - system("$dnsforwarding_init restart >&/dev/null"); + system("systemctl restart dnsmasq"); } sub dnsforwarding_stop { - system("$dnsforwarding_init stop >&/dev/null"); + system("systemctl stop dnsmasq"); } sub dnsforwarding_get_constants { -- cgit v1.2.3 From a974b61d94af35df0cc7e9a3dca3cb758d85d91e Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 21 Jan 2018 17:15:51 +0100 Subject: T523: Only bind dnsmasq to configured interfaces --- debian/changelog | 8 ++++++++ scripts/dns-forwarding/vyatta-dns-forwarding.pl | 1 + 2 files changed, 9 insertions(+) (limited to 'scripts') diff --git a/debian/changelog b/debian/changelog index 0675e402..89c7b4ca 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +vyatta-cfg-system (0.20.44+vyos2+current8) unstable; urgency=medium + + * T523: Only bind dnsmasq to configured interfaces + * T523: Use systemctl to stop/restart dnsmasq + * T523: Use new location for dnsmasq config files + + -- Christian Poessinger Sun, 21 Jan 2018 17:16:04 +0100 + vyatta-cfg-system (0.20.44+vyos2+current7) unstable; urgency=medium * T297: Fix DNS Forwarding server does not allow IPv6 address in name-server diff --git a/scripts/dns-forwarding/vyatta-dns-forwarding.pl b/scripts/dns-forwarding/vyatta-dns-forwarding.pl index bb091e9d..00a64b3e 100755 --- a/scripts/dns-forwarding/vyatta-dns-forwarding.pl +++ b/scripts/dns-forwarding/vyatta-dns-forwarding.pl @@ -50,6 +50,7 @@ sub dnsforwarding_get_constants { $output .= "log-facility=/var/log/dnsmasq.log\n"; $output .= "no-poll\n"; $output .= "edns-packet-max=4096\n"; + $output .= "bind-interfaces\n"; system("rm -f /var/log/dnsmasq.log; touch /var/log/dnsmasq.log"); return $output; } -- cgit v1.2.3 From 3f248ff90ecb28ae15dcf8e8191e79ca7889f69d Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Tue, 20 Feb 2018 06:36:24 +0100 Subject: Rename the "client" NTP option to "allow-clients" to make it more clear what it does (fixes T553). --- scripts/system/vyatta_update_ntp.pl | 4 ++-- templates/system/ntp/allow-clients/address/node.def | 6 ++++++ templates/system/ntp/allow-clients/node.def | 1 + templates/system/ntp/client/address/node.def | 6 ------ templates/system/ntp/client/node.def | 1 - 5 files changed, 9 insertions(+), 9 deletions(-) create mode 100644 templates/system/ntp/allow-clients/address/node.def create mode 100644 templates/system/ntp/allow-clients/node.def delete mode 100644 templates/system/ntp/client/address/node.def delete mode 100644 templates/system/ntp/client/node.def (limited to 'scripts') diff --git a/scripts/system/vyatta_update_ntp.pl b/scripts/system/vyatta_update_ntp.pl index eaaae14a..78a617bc 100755 --- a/scripts/system/vyatta_update_ntp.pl +++ b/scripts/system/vyatta_update_ntp.pl @@ -78,10 +78,10 @@ my @clients; if ($dhclient_script == 1) { @servers = $cfg->listOrigNodes("server"); - @clients = $cfg->returnOrigValues("client address"); + @clients = $cfg->returnOrigValues("allow-clients address"); } else { @servers = $cfg->listNodes("server"); - @clients = $cfg->returnValues("client address"); + @clients = $cfg->returnValues("allow-clients address"); } if (scalar(@servers) > 0) { diff --git a/templates/system/ntp/allow-clients/address/node.def b/templates/system/ntp/allow-clients/address/node.def new file mode 100644 index 00000000..a48a2b5a --- /dev/null +++ b/templates/system/ntp/allow-clients/address/node.def @@ -0,0 +1,6 @@ +multi: +type: ipv4net,ipv6net +help: IP address + +val_help: ipv4net; IP address and prefix length +val_help: ipv6net; IPv6 address and prefix length diff --git a/templates/system/ntp/allow-clients/node.def b/templates/system/ntp/allow-clients/node.def new file mode 100644 index 00000000..8228130e --- /dev/null +++ b/templates/system/ntp/allow-clients/node.def @@ -0,0 +1 @@ +help: Network Time Protocol (NTP) server options diff --git a/templates/system/ntp/client/address/node.def b/templates/system/ntp/client/address/node.def deleted file mode 100644 index a48a2b5a..00000000 --- a/templates/system/ntp/client/address/node.def +++ /dev/null @@ -1,6 +0,0 @@ -multi: -type: ipv4net,ipv6net -help: IP address - -val_help: ipv4net; IP address and prefix length -val_help: ipv6net; IPv6 address and prefix length diff --git a/templates/system/ntp/client/node.def b/templates/system/ntp/client/node.def deleted file mode 100644 index dd849f8f..00000000 --- a/templates/system/ntp/client/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Network Time Protocol (NTP) client -- cgit v1.2.3 From 42b06c04970392d7f2df8fdbcfa9345cfab95f33 Mon Sep 17 00:00:00 2001 From: Kim Date: Thu, 22 Feb 2018 11:40:47 +0100 Subject: sometimes drives report they are not aligned And then on reboot it hangs where it should start grub --- scripts/install/install-get-partition | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/install/install-get-partition b/scripts/install/install-get-partition index f1b373ae..a8590031 100755 --- a/scripts/install/install-get-partition +++ b/scripts/install/install-get-partition @@ -688,7 +688,12 @@ create_partitions() { lecho "Creating root partition on /dev/$ldrive" # Make the root partition - output=$(parted --script --align optimal /dev/$ldrive mkpart primary 0% $root_part_size) + # if optimal_io_size is empty use default of 2048s + if [ $(cat /sys/block/$ldrive/queue/optimal_io_size) -gt 0 ]; then + output=$(parted --script --align optimal /dev/$ldrive mkpart primary 0% $root_part_size) + else + output=$(parted --script --align optimal /dev/$ldrive mkpart primary 2048s $root_part_size) + fi status=$? if [ "$status" != 0 ]; then echo -e "Error creating primary partition on $ldrive.\nPlease see $INSTALL_LOG for more details.\nExiting..." -- cgit v1.2.3 From 9505422dbae1429267930d2a189f2cfe3afca426 Mon Sep 17 00:00:00 2001 From: Kim Date: Thu, 5 Apr 2018 14:07:23 +0200 Subject: Do not restart tty, it will put you back at login screen. --- scripts/system/vyatta_update_console.pl | 2 -- 1 file changed, 2 deletions(-) (limited to 'scripts') diff --git a/scripts/system/vyatta_update_console.pl b/scripts/system/vyatta_update_console.pl index 19937060..ff7c2df1 100755 --- a/scripts/system/vyatta_update_console.pl +++ b/scripts/system/vyatta_update_console.pl @@ -102,8 +102,6 @@ sub update_getty{ system("systemctl daemon-reload"); if ( system("systemctl status serial-getty\@$tty.service 2>&1 > /dev/null")) { system("systemctl start serial-getty\@$tty.service"); - } else { - system("systemctl restart serial-getty\@$tty.service"); } } } -- cgit v1.2.3 From 38e2a80870cd2407377458dee2b4e08aef24b088 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 15 Apr 2018 18:18:43 +0200 Subject: T588: Remove DNS forwarder restart command in favour if XML interface definition --- Makefile.am | 1 - debian/changelog | 6 + debian/control | 1 - scripts/dns-forwarding/vyatta-dns-forwarding.pl | 274 ------------------------ 4 files changed, 6 insertions(+), 276 deletions(-) delete mode 100755 scripts/dns-forwarding/vyatta-dns-forwarding.pl (limited to 'scripts') diff --git a/Makefile.am b/Makefile.am index 23a716b5..77088eaa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -60,7 +60,6 @@ sbin_SCRIPTS += scripts/snmp/vyatta-snmp.pl sbin_SCRIPTS += scripts/snmp/vyatta-snmp-v3.pl sbin_SCRIPTS += scripts/snmp/if-mib-alias sbin_SCRIPTS += scripts/telnetd.init -sbin_SCRIPTS += scripts/dns-forwarding/vyatta-dns-forwarding.pl sbin_SCRIPTS += scripts/dynamic-dns/vyatta-dynamic-dns.pl sbin_SCRIPTS += scripts/vyatta-system-nameservers sbin_SCRIPTS += scripts/vyatta-interfaces.pl diff --git a/debian/changelog b/debian/changelog index 215f2a1e..a1ec904a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.20.44+vyos2+current11) unstable; urgency=medium + + * T588: Remove DNS forwarder restart command in favour if XML interface definition + + -- Christian Poessinger Wed, 11 Apr 2018 20:35:32 +0200 + vyatta-cfg-system (0.20.44+vyos2+current10) unstable; urgency=medium * T157: Remove "install system" command diff --git a/debian/control b/debian/control index 5edd8be0..1b6d08a6 100644 --- a/debian/control +++ b/debian/control @@ -42,7 +42,6 @@ Depends: adduser, tasksel, snmp, tcpdump, - dnsmasq, mdadm, ddclient (>= 3.8.2+vyos2+current1), dnsutils, diff --git a/scripts/dns-forwarding/vyatta-dns-forwarding.pl b/scripts/dns-forwarding/vyatta-dns-forwarding.pl deleted file mode 100755 index 00a64b3e..00000000 --- a/scripts/dns-forwarding/vyatta-dns-forwarding.pl +++ /dev/null @@ -1,274 +0,0 @@ -#!/usr/bin/perl -# -# Module: vyatta-dns-forwarding.pl -# -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2008 Vyatta, Inc. -# All Rights Reserved. -# -# Author: Mohit Mehta -# Date: August 2008 -# Description: Script to glue Vyatta CLI to dnsmasq daemon -# -# **** End License **** -# - -use lib "/opt/vyatta/share/perl5/"; -use Vyatta::Config; -use Vyatta::Misc; -use Getopt::Long; - -use strict; -use warnings; - -my $dnsforwarding_conf = '/etc/dnsmasq.d/vyos.conf'; - -sub dnsforwarding_restart { - system("systemctl restart dnsmasq"); -} - -sub dnsforwarding_stop { - system("systemctl stop dnsmasq"); -} - -sub dnsforwarding_get_constants { - my $output; - - my $date = `date`; - chomp $date; - $output = "#\n# autogenerated by vyatta-dns-forwarding.pl on $date\n#\n"; - $output .= "log-facility=/var/log/dnsmasq.log\n"; - $output .= "no-poll\n"; - $output .= "edns-packet-max=4096\n"; - $output .= "bind-interfaces\n"; - system("rm -f /var/log/dnsmasq.log; touch /var/log/dnsmasq.log"); - return $output; -} - -sub dnsforwarding_get_values { - - my $outside_cli = shift; - - my $output = ''; - my $config = new Vyatta::Config; - my $use_dnsmasq_conf = 0; - my (@listen_interfaces, $cache_size, @use_nameservers, $use_system_nameservers, @use_dhcp_nameservers, @domains, $server, $ignore_hosts_file, $query_all_servers); - - $config->setLevel("service dns forwarding"); - - if ($outside_cli == 1) { - @listen_interfaces = $config->returnOrigValues("listen-on"); - $cache_size = $config->returnOrigValue("cache-size"); - @use_nameservers = $config->returnOrigValues("name-server"); - $use_system_nameservers = $config->existsOrig("system"); - @use_dhcp_nameservers = $config->returnOrigValues("dhcp"); - @domains = $config->listOrigNodes("domain"); - $ignore_hosts_file = $config->returnOrigValue("ignore-hosts-file"); - $query_all_servers = $config->returnOrigValue("query-all-servers"); - - } else { - @listen_interfaces = $config->returnValues("listen-on"); - $cache_size = $config->returnValue("cache-size"); - @use_nameservers = $config->returnValues("name-server"); - $use_system_nameservers = $config->exists("system"); - @use_dhcp_nameservers = $config->returnValues("dhcp"); - @domains = $config->listNodes("domain"); - $ignore_hosts_file = $config->exists("ignore-hosts-file"); - $query_all_servers = $config->exists("query-all-servers"); - } - - if (@listen_interfaces != 0) { - foreach my $interface (@listen_interfaces) { - $output .= "interface=$interface\n"; - } - } - - if (defined $cache_size) { - $output .= "cache-size=$cache_size\n"; - } - - if (defined $query_all_servers) { - $output .= "all-servers\n"; - } - - if (defined $ignore_hosts_file) { - $output .= "no-hosts\n"; - } - - if (@use_nameservers != 0) { - $use_dnsmasq_conf = 1; - foreach my $cli_nameserver (@use_nameservers) { - $output .= "server=$cli_nameserver\t# statically configured\n"; - } - } - - if (defined($use_system_nameservers)) { - $use_dnsmasq_conf = 1; - my $sys_config = new Vyatta::Config; - $sys_config->setLevel("system"); - my @system_nameservers; - if ($outside_cli == 1) { - @system_nameservers = $sys_config->returnOrigValues("name-server"); - } else { - @system_nameservers = $sys_config->returnValues("name-server"); - } - if (@system_nameservers > 0) { - foreach my $system_nameserver (@system_nameservers) { - $output .= "server=$system_nameserver\t# system\n"; - } - } - } - if (@domains != 0) { - foreach my $domain (@domains) { - my @domain_servers; - if ($outside_cli == 1) { - @domain_servers = $config->returnValues("domain $domain server"); - } else { - @domain_servers = $config->returnValues("domain $domain server"); - } - if (@domain_servers > 0) { - foreach my $domain_server (@domain_servers) { - $output .= "server=/$domain/$domain_server\t# domain-override\n"; - } - } - } - } - - if (@use_dhcp_nameservers != 0) { - $use_dnsmasq_conf = 1; - foreach my $interface (@use_dhcp_nameservers) { - my $dhcp_nameserver_count=`grep nameserver /etc/resolv.conf.dhclient-new-$interface 2>/dev/null | wc -l`; - if ($dhcp_nameserver_count > 0) { - my @dhcp_nameservers = `grep nameserver /etc/resolv.conf.dhclient-new-$interface`; - for my $each_nameserver (@dhcp_nameservers) { - my @nameserver = split(/ /, $each_nameserver, 2); - my $ns = $nameserver[1]; - chomp $ns; - $output .= "server=$ns\t# dhcp $interface\n"; - } - } - } - } - - if ($use_dnsmasq_conf == 1) { - $output .= "resolv-file=/etc/resolv.conf\n"; - } - - return $output; -} - -sub dnsforwarding_write_file { - my ($config) = @_; - - open(my $fh, '>', $dnsforwarding_conf) || die "Couldn't open $dnsforwarding_conf - $!"; - print $fh $config; - close $fh; -} - -sub check_nameserver { - - my $cmd = `cat /etc/resolv.conf 2>/dev/null | awk {'print \$1'} | grep \^nameserver\$ | wc -l`; - return $cmd; -} - -sub check_system_nameserver { - - my $config = new Vyatta::Config; - $config->setLevel("system"); - my @system_nameservers = $config->returnValues("name-server"); - return(@system_nameservers); - -} - -sub check_dhcp_interface { - - my $interface = shift; - - die "DNS forwarding error: $interface is not using DHCP to get an IP address\n" - unless Vyatta::Misc::is_dhcp_enabled($interface); - - if (-e "/var/run/vyatta/dhclient/dhclient_release_$interface") { - - # dhcp released for the interface - print "DNS forwarding warning: DHCP lease for $interface has been released by user\n"; - } - - return 1; -} - -# -# main -# - -my ($update_dnsforwarding, $stop_dnsforwarding, $restart_dnsforwarding, $system_nameserver, $dhcp_interface, $outside_cli); - -GetOptions( - "update-dnsforwarding!" => \$update_dnsforwarding, - "stop-dnsforwarding!" => \$stop_dnsforwarding, - "restart-dnsforwarding!" => \$restart_dnsforwarding, - "system-nameserver!" => \$system_nameserver, - "outside-cli!" => \$outside_cli, - "dhcp-interface=s" => \$dhcp_interface -); - -if (defined $system_nameserver) { - my $system_nameserver_exists = check_system_nameserver(); - if ($system_nameserver_exists < 1){ - print "DNS forwarding warning: No name-servers set under 'system name-server'\n"; - } -} - -if (defined $dhcp_interface) { - if (!check_dhcp_interface($dhcp_interface)){ - exit 1; - } -} - -if (defined $update_dnsforwarding) { - my $config; - my $vyatta_config = new Vyatta::Config; - - $vyatta_config->setLevel("service dns forwarding"); - my $use_system_nameservers = $vyatta_config->exists("system"); - my @use_dhcp_nameservers = $vyatta_config->returnValues("dhcp"); - my @use_nameservers = $vyatta_config->returnValues("name-server"); - - if (!(defined $use_system_nameservers) && (@use_dhcp_nameservers == 0) && (@use_nameservers == 0)) { - my $nameserver_exists = check_nameserver(); - if ($nameserver_exists < 1){ - print "DNS forwarding warning: Currently, no name-servers to forward DNS queries\n"; - } - } - - my $called_from_outside_cli = 0; - if (defined $outside_cli){ - $called_from_outside_cli = 1; - } - $config = dnsforwarding_get_constants(); - $config .= dnsforwarding_get_values($called_from_outside_cli); - dnsforwarding_write_file($config); - dnsforwarding_restart(); -} - -if (defined $stop_dnsforwarding) { - dnsforwarding_stop(); -} - -if (defined $restart_dnsforwarding) { - dnsforwarding_restart(); -} - -exit 0; - -# end of file - -- cgit v1.2.3 From 9f5c33ea3fb6101c7ce49abe3762d4d497c37ce9 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 7 May 2018 22:41:31 +0200 Subject: T623: Rewrite NTP subsystem in new XML style interface definition --- Makefile.am | 1 - scripts/system/vyatta_update_ntp.pl | 115 --------------------- scripts/system/vyatta_update_resolv.pl | 15 --- scripts/vyatta-system-nameservers | 10 -- .../system/ntp/allow-clients/address/node.def | 6 -- templates/system/ntp/allow-clients/node.def | 1 - templates/system/ntp/node.def | 16 --- templates/system/ntp/server/node.def | 3 - .../system/ntp/server/node.tag/dynamic/node.def | 2 - .../system/ntp/server/node.tag/noselect/node.def | 1 - .../system/ntp/server/node.tag/preempt/node.def | 1 - .../system/ntp/server/node.tag/prefer/node.def | 1 - 12 files changed, 172 deletions(-) delete mode 100755 scripts/system/vyatta_update_ntp.pl delete mode 100644 templates/system/ntp/allow-clients/address/node.def delete mode 100644 templates/system/ntp/allow-clients/node.def delete mode 100644 templates/system/ntp/node.def delete mode 100644 templates/system/ntp/server/node.def delete mode 100644 templates/system/ntp/server/node.tag/dynamic/node.def delete mode 100644 templates/system/ntp/server/node.tag/noselect/node.def delete mode 100644 templates/system/ntp/server/node.tag/preempt/node.def delete mode 100644 templates/system/ntp/server/node.tag/prefer/node.def (limited to 'scripts') diff --git a/Makefile.am b/Makefile.am index 77088eaa..cfddd656 100644 --- a/Makefile.am +++ b/Makefile.am @@ -54,7 +54,6 @@ sbin_SCRIPTS += scripts/system/vyatta_update_resolv.pl sbin_SCRIPTS += scripts/system/vyatta_update_sysctl.pl sbin_SCRIPTS += scripts/system/vyatta_update_syslog.pl sbin_SCRIPTS += scripts/system/vyatta_update_console.pl -sbin_SCRIPTS += scripts/system/vyatta_update_ntp.pl sbin_SCRIPTS += scripts/system/irq-affinity.pl sbin_SCRIPTS += scripts/snmp/vyatta-snmp.pl sbin_SCRIPTS += scripts/snmp/vyatta-snmp-v3.pl diff --git a/scripts/system/vyatta_update_ntp.pl b/scripts/system/vyatta_update_ntp.pl deleted file mode 100755 index 78a617bc..00000000 --- a/scripts/system/vyatta_update_ntp.pl +++ /dev/null @@ -1,115 +0,0 @@ -#! /usr/bin/perl - -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. -# All Rights Reserved. -# -# **** End License **** - -# Filter ntp.conf - remove old servers and add current ones - -use strict; -use lib "/opt/vyatta/share/perl5"; -use Vyatta::Config; -use NetAddr::IP; -use Getopt::Long; - -my $dhclient_script = 0; - -GetOptions("dhclient-script=i" => \$dhclient_script, -); - -sub ntp_format { - my ($cidr_or_host) = @_; - my $ip = NetAddr::IP->new($cidr_or_host); - if (defined($ip)) { - my $address = $ip->addr(); - my $mask = $ip->mask(); - - if ( - ($ip->version() == 6 && $ip->masklen() == 128) - || ($ip->version() == 4 && $ip->masklen() == 32) - ) { - return "$address"; - } else { - return "$address mask $mask"; - } - } else { - return undef; - } -} - -my @ntp; -if (-e '/etc/ntp.conf') { - open (my $file, '<', '/etc/ntp.conf') - or die("$0: Error! Unable to open '/etc/ntp.conf' for input: $!\n"); - @ntp = <$file>; - close ($file); -} - -open (my $output, '>', '/etc/ntp.conf') - or die("$0: Error! Unable to open '/etc/ntp.conf' for output: $!\n"); - -my $cfg = new Vyatta::Config; -$cfg->setLevel("system ntp"); - -foreach my $line (@ntp) { - if ($line =~ /^# VyOS CLI configuration options/) { - print $output $line; - print $output "\n"; - last; - } else { - print $output $line; - } -} - -my @servers; -my @clients; - -if ($dhclient_script == 1) { - @servers = $cfg->listOrigNodes("server"); - @clients = $cfg->returnOrigValues("allow-clients address"); -} else { - @servers = $cfg->listNodes("server"); - @clients = $cfg->returnValues("allow-clients address"); -} - -if (scalar(@servers) > 0) { - print $output "# Servers\n\n"; - foreach my $server (@servers) { - my $server_addr = ntp_format($server); - if (defined($server_addr)) { - print $output "server $server_addr iburst"; - for my $property (qw(dynamic noselect preempt prefer)) { - if ($dhclient_script == 1) { - print $output " $property" if ($cfg->existsOrig("server $server $property")); - } else { - print $output " $property" if ($cfg->exists("server $server $property")); - } - } - print $output "\nrestrict $server_addr nomodify notrap nopeer noquery\n"; - } - } - print $output "\n"; -} - -if (scalar(@clients) > 0) { - print $output "# Clients\n\n"; - foreach my $client (@clients) { - my $address = ntp_format($client); - print $output "restrict $address nomodify notrap nopeer\n"; - } - print $output "\n"; -} - -exit 0; diff --git a/scripts/system/vyatta_update_resolv.pl b/scripts/system/vyatta_update_resolv.pl index 51617fce..de09a760 100755 --- a/scripts/system/vyatta_update_resolv.pl +++ b/scripts/system/vyatta_update_resolv.pl @@ -30,7 +30,6 @@ use Vyatta::Config; my $dhclient_script = 0; my $config_mode = 0; -my $ntp_config = 0; GetOptions("dhclient-script=i" => \$dhclient_script, "config-mode=i" => \$config_mode, @@ -45,7 +44,6 @@ my $disable_dhcp_nameservers = undef; if ($config_mode == 1) { $disable_dhcp_nameservers = $vc->exists('disable-dhcp-nameservers'); - $ntp_config = $vc->exists('ntp server'); } else { $disable_dhcp_nameservers = $vc->existsOrig('disable-dhcp-nameservers'); } @@ -53,7 +51,6 @@ if ($config_mode == 1) { if ($dhclient_script == 1) { @search_domains = $vc->returnOrigValues('domain-search domain'); $domain_name = $vc->returnOrigValue('domain-name'); - $ntp_config = $vc->existsOrig('ntp server'); } else { @search_domains = $vc->returnValues('domain-search domain'); $domain_name = $vc->returnValue('domain-name'); @@ -132,7 +129,6 @@ if ($domain_name && length($domain_name) > 0) { if (($dhclient_script == 1) || ($config_mode == 1)) { my @current_dhcp_nameservers; - my $restart_ntp = 0; # code below to add new name-servers received from dhcp client, but only if disable-dhcp-nameservers # hasn't been enabled. @@ -168,7 +164,6 @@ if (($dhclient_script == 1) || ($config_mode == 1)) { or die "$! error trying to overwrite"; print $rf "#nameserver written by vyatta_update_resolv.pl (dhcp)\nnameserver\t$ns\n"; close $rf; - $restart_ntp = 1; } } } @@ -206,7 +201,6 @@ if (($dhclient_script == 1) || ($config_mode == 1)) { $cmd = "sed -i -n '/nameserver\t$dhcpnameserver/".'{n;x;d;};x;1d;p;${x;p;}'."' /etc/resolv.conf"; } system($cmd); - $restart_ntp = 1; } } else { for my $dhcpnameserver (@dhcp_nameservers_in_resolvconf) { @@ -225,18 +219,9 @@ if (($dhclient_script == 1) || ($config_mode == 1)) { $cmd = "sed -i -n '/nameserver\t$dhcpnameserver/".'{n;x;d;};x;1d;p;${x;p;}'."' /etc/resolv.conf"; } system($cmd); - $restart_ntp = 1; } } } - if ($restart_ntp == 1) { - # this corresponds to what is done in name-server/node.def as a fix for bug 1300 - if ($ntp_config == 1) { - system("sudo /opt/vyatta/sbin/vyatta_update_ntp.pl --dhclient-script $dhclient_script"); - my $cmd_ntp_restart = "if [ -f /etc/ntp.conf ] && grep -q '^server' /etc/ntp.conf; then /usr/sbin/invoke-rc.d ntp restart >&/dev/null; fi &"; - system($cmd_ntp_restart); - } - } } # The following will re-write '/etc/resolv.conf' line by line, diff --git a/scripts/vyatta-system-nameservers b/scripts/vyatta-system-nameservers index 99019fd1..9c688e80 100755 --- a/scripts/vyatta-system-nameservers +++ b/scripts/vyatta-system-nameservers @@ -36,14 +36,6 @@ restart_dnsmasq () { fi } -restart_ntp () { - # restart ntp if ntp is configured - if [ -f /etc/ntp.conf ] && grep -q "^server" /etc/ntp.conf; then - sudo /opt/vyatta/sbin/vyatta_update_ntp.pl - /usr/sbin/invoke-rc.d ntp restart >&/dev/null - fi -} - update_system_nameservers () { nameserver=$1 touch /etc/resolv.conf @@ -70,7 +62,6 @@ update_system_nameservers () { mv -f /etc/resolv_tmp.conf /etc/resolv.conf fi restart_dnsmasq - restart_ntp } delete_system_nameserver () { @@ -79,7 +70,6 @@ delete_system_nameserver () { # remove specified nameserver sed -i "/$nameserver$/d" /etc/resolv.conf restart_dnsmasq - restart_ntp } # diff --git a/templates/system/ntp/allow-clients/address/node.def b/templates/system/ntp/allow-clients/address/node.def deleted file mode 100644 index a48a2b5a..00000000 --- a/templates/system/ntp/allow-clients/address/node.def +++ /dev/null @@ -1,6 +0,0 @@ -multi: -type: ipv4net,ipv6net -help: IP address - -val_help: ipv4net; IP address and prefix length -val_help: ipv6net; IPv6 address and prefix length diff --git a/templates/system/ntp/allow-clients/node.def b/templates/system/ntp/allow-clients/node.def deleted file mode 100644 index 8228130e..00000000 --- a/templates/system/ntp/allow-clients/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Network Time Protocol (NTP) server options diff --git a/templates/system/ntp/node.def b/templates/system/ntp/node.def deleted file mode 100644 index 38e67e05..00000000 --- a/templates/system/ntp/node.def +++ /dev/null @@ -1,16 +0,0 @@ -priority: 400 -help: Network Time Protocol (NTP) configuration - -end: - sudo /opt/vyatta/sbin/vyatta_update_ntp.pl - if grep -q '^server' /etc/ntp.conf - then - if pgrep -f -u ntp /usr/sbin/ntpd > /dev/null - then - sudo /usr/sbin/invoke-rc.d ntp force-reload - else - sudo /usr/sbin/invoke-rc.d ntp start - fi - else - sudo /usr/sbin/invoke-rc.d ntp stop - fi diff --git a/templates/system/ntp/server/node.def b/templates/system/ntp/server/node.def deleted file mode 100644 index 383bd992..00000000 --- a/templates/system/ntp/server/node.def +++ /dev/null @@ -1,3 +0,0 @@ -tag: -type: txt -help: Network Time Protocol (NTP) server diff --git a/templates/system/ntp/server/node.tag/dynamic/node.def b/templates/system/ntp/server/node.tag/dynamic/node.def deleted file mode 100644 index 2d68de16..00000000 --- a/templates/system/ntp/server/node.tag/dynamic/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Allow server to be configured even if not reachable - diff --git a/templates/system/ntp/server/node.tag/noselect/node.def b/templates/system/ntp/server/node.tag/noselect/node.def deleted file mode 100644 index e2e061b5..00000000 --- a/templates/system/ntp/server/node.tag/noselect/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Marks the server as unused diff --git a/templates/system/ntp/server/node.tag/preempt/node.def b/templates/system/ntp/server/node.tag/preempt/node.def deleted file mode 100644 index ca89efa1..00000000 --- a/templates/system/ntp/server/node.tag/preempt/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Specifies the association as preemptable rather than the default persistent diff --git a/templates/system/ntp/server/node.tag/prefer/node.def b/templates/system/ntp/server/node.tag/prefer/node.def deleted file mode 100644 index 4855fd41..00000000 --- a/templates/system/ntp/server/node.tag/prefer/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Marks the server as preferred -- cgit v1.2.3 From ea256dc7956a3fbe5947c0ad9da9e90dd2320327 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Wed, 16 May 2018 06:41:40 +0200 Subject: T574: remove the old system host-name/domain-name commands, moving to vyos-1x. --- scripts/system/vyatta_update_hosts.pl | 114 ---------------------------------- templates/system/domain-name/node.def | 12 ---- templates/system/host-name/node.def | 12 ---- 3 files changed, 138 deletions(-) delete mode 100755 scripts/system/vyatta_update_hosts.pl delete mode 100644 templates/system/domain-name/node.def delete mode 100644 templates/system/host-name/node.def (limited to 'scripts') diff --git a/scripts/system/vyatta_update_hosts.pl b/scripts/system/vyatta_update_hosts.pl deleted file mode 100755 index 22b141ab..00000000 --- a/scripts/system/vyatta_update_hosts.pl +++ /dev/null @@ -1,114 +0,0 @@ -#!/usr/bin/perl -w -# -# Module: vyatta_update_hosts.pl -# -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2012-2013 Vyatta, Inc. -# All Rights Reserved. -# -# Description: -# Script to update '/etc/hosts' on commit of 'system host-name' and -# 'system domain-name' config. -# -# **** End License **** -# - -use strict; -use English; -use lib "/opt/vyatta/share/perl5/"; - -use File::Temp qw(tempfile); -use Vyatta::File qw(touch); -use Vyatta::Config; -use Getopt::Long; - -my $HOSTS_CFG = '/etc/hosts'; -my $HOSTS_TMPL = "/tmp/hosts.XXXXXX"; -my $HOSTNAME_CFG = '/etc/hostname'; -my $MAILNAME_CFG = '/etc/mailname'; -my $restart_services = 1; - -sub set_hostname { - my ( $hostname ) = @_; - system("hostname $hostname"); - open (my $f, '>', $HOSTNAME_CFG) - or die("$0: Error! Unable to open $HOSTNAME_CFG for output: $!\n"); - print $f "$hostname\n"; - close ($f); -} - -sub set_mailname { - my ( $mailname ) = @_; - open (my $f, '>', $MAILNAME_CFG) - or die("$0: Error! Unable to open $MAILNAME_CFG for output: $!\n"); - print $f "$mailname\n"; - close ($f); -} - -if ($EUID != 0) { - printf("This program must be run by root.\n"); - exit 1; -} - -GetOptions("restart-services!" => \$restart_services); - -my $vc = new Vyatta::Config(); - -$vc->setLevel('system'); -my $host_name = $vc->returnValue('host-name'); -my $domain_name = $vc->returnValue('domain-name'); -my $mail_name; -my $hosts_line = "127.0.1.1\t "; - -if (! defined $host_name) { - $host_name = 'vyatta'; -} -$mail_name = $host_name; - -if (defined $domain_name) { - $mail_name .= '.' . $domain_name; - $hosts_line .= $host_name . '.' . $domain_name; -} -$hosts_line .= " $host_name\t #vyatta entry\n"; - -my ($out, $tempname) = tempfile($HOSTS_TMPL, UNLINK => 1) - or die "Can't create temp file: $!"; - -if (! -e $HOSTS_CFG) { - touch $HOSTS_CFG; -} -open (my $in, '<', $HOSTS_CFG) - or die("$0: Error! Unable to open '$HOSTS_CFG' for input: $!\n"); - -while (my $line = <$in>) { - if ($line =~ m:^127.0.1.1:) { - next; - } - print $out $line; -} -print $out $hosts_line; - -close ($in); -close ($out); - -system("cp $tempname $HOSTS_CFG") == 0 - or die "Can't copy $tempname to $HOSTS_CFG: $!"; - -set_hostname $host_name; -set_mailname $mail_name; - -# Restart services that use the system hostname; -# add more ase needed. -if ($restart_services) { - system("invoke-rc.d rsyslog restart"); -} diff --git a/templates/system/domain-name/node.def b/templates/system/domain-name/node.def deleted file mode 100644 index 4866ddf8..00000000 --- a/templates/system/domain-name/node.def +++ /dev/null @@ -1,12 +0,0 @@ -priority: 400 -type: txt -help: System domain name - -# Allow letter-number-hyphen in label (but can not start or end with hyphen) -syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_domainname.pl $VAR(../host-name).$VAR(@)" - -update: sudo /opt/vyatta/sbin/vyatta_update_resolv.pl - sudo /opt/vyatta/sbin/vyatta_update_hosts.pl --no-restart-services - -delete: sudo /opt/vyatta/sbin/vyatta_update_resolv.pl - sudo /opt/vyatta/sbin/vyatta_update_hosts.pl --no-restart-services diff --git a/templates/system/host-name/node.def b/templates/system/host-name/node.def deleted file mode 100644 index 00798bef..00000000 --- a/templates/system/host-name/node.def +++ /dev/null @@ -1,12 +0,0 @@ -priority: 100 -type: txt -help: System host name (default: vyos) -default: "vyos" -syntax:expression: pattern $VAR(@) "^[[:alnum:]][-.[:alnum:]]*[[:alnum:]]$" - ; "invalid host name $VAR(@)" - -syntax:expression: pattern $VAR(@) "^.{1,63}$" ; "invalid host-name length" - -update: sudo /opt/vyatta/sbin/vyatta_update_hosts.pl - -delete: sudo /opt/vyatta/sbin/vyatta_update_hosts.pl -- cgit v1.2.3 From 540269c58ea647a4695a78b79714f61a2d1b80db Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 17 May 2018 19:21:25 +0200 Subject: T648: fix custom sysctl setting because of output redirection --- scripts/system/vyatta_update_sysctl.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/system/vyatta_update_sysctl.pl b/scripts/system/vyatta_update_sysctl.pl index ddf10115..6e33c5d0 100644 --- a/scripts/system/vyatta_update_sysctl.pl +++ b/scripts/system/vyatta_update_sysctl.pl @@ -62,7 +62,7 @@ sub set_sysctl_value { my $ovalue = get_sysctl_value($sysctl_opt); if ($nvalue ne $ovalue) { - my $cmd = "$SYSCTL -w $sysctl_opt=$nvalue 2>&1 1>&-"; + my $cmd = "$SYSCTL -w $sysctl_opt=$nvalue 2>&1> /dev/null"; system($cmd); if ($? >> 8) { die "exec of $SYSCTL failed: '$cmd'"; -- cgit v1.2.3 From a628e955dc687c64192947c280bbe374c5b2502c Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Mon, 28 May 2018 11:16:48 +0200 Subject: Ignore nss mapuser when radius is enabled. --- lib/Vyatta/Login/User.pm | 2 +- scripts/system/vyatta_check_username.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm index e0305fbb..02fb96ee 100755 --- a/lib/Vyatta/Login/User.pm +++ b/lib/Vyatta/Login/User.pm @@ -167,7 +167,7 @@ sub _update_user { # not found in existing passwd, must be new my $cmd; - unless ( defined($uid) ) { + unless ( defined($uid) and $uid ne "1001" ) { # make new user using vyatta shell # and make home directory (-m) # and with default group of 100 (users) diff --git a/scripts/system/vyatta_check_username.pl b/scripts/system/vyatta_check_username.pl index 30917ecb..9ecc42db 100755 --- a/scripts/system/vyatta_check_username.pl +++ b/scripts/system/vyatta_check_username.pl @@ -68,7 +68,7 @@ foreach my $user (@ARGV) { # User does not exist in system, its okay my $uid = getpwnam($user); - next unless defined($uid); + next unless defined($uid) and $uid ne "1001"; # System accounts should not be listed in vyatta configuration # 1000 is SYS_UID_MIN -- cgit v1.2.3 From bf1313bd0fe4aad4d5c4f24e04f87eab69204bae Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Wed, 30 May 2018 04:24:22 +0200 Subject: T669: set IPv6 keep_addr_on_down sysctl options to 1 and get rid of intfwatchd. --- Makefile.am | 2 - etc/init.d/vyos-intfwatchd | 87 ------------------------ scripts/vyos-intfwatchd | 160 --------------------------------------------- sysconf/vyatta-sysctl.conf | 4 ++ 4 files changed, 4 insertions(+), 249 deletions(-) delete mode 100755 etc/init.d/vyos-intfwatchd delete mode 100644 scripts/vyos-intfwatchd (limited to 'scripts') diff --git a/Makefile.am b/Makefile.am index 593f83d0..3e70ca59 100644 --- a/Makefile.am +++ b/Makefile.am @@ -22,7 +22,6 @@ checkparamsonreboot_DATA += scripts/check-params-on-reboot.d/README initd_SCRIPTS += etc/init.d/ec2-vyos-init initd_SCRIPTS += etc/init.d/vyatta-config-reboot-params -initd_SCRIPTS += etc/init.d/vyos-intfwatchd checkparamsonreboot_SCRIPTS += scripts/check-params-on-reboot.d/ipv6_disable_blacklist @@ -79,7 +78,6 @@ sbin_SCRIPTS += scripts/vyatta-bridge.pl sbin_SCRIPTS += scripts/vyatta-bridgegroup-depedency.pl sbin_SCRIPTS += scripts/vyatta-dhcpv6-client.pl sbin_SCRIPTS += scripts/vyatta-update-grub.pl -sbin_SCRIPTS += scripts/vyos-intfwatchd sbin_SCRIPTS += scripts/ec2-check.pl sbin_SCRIPTS += scripts/is_port_available.pl sbin_SCRIPTS += scripts/vyos-persistpath diff --git a/etc/init.d/vyos-intfwatchd b/etc/init.d/vyos-intfwatchd deleted file mode 100755 index 6c5907a5..00000000 --- a/etc/init.d/vyos-intfwatchd +++ /dev/null @@ -1,87 +0,0 @@ -#! /bin/sh - -### BEGIN INIT INFO -# Provides: vyos-intfwatchd -# Required-Start: vyatta-router -# Required-Stop: -# Default-Start: 2 3 4 5 -# Default-Stop: -# Short-Description: Interface status monitoring daemon -### END INIT INFO - -set -e - -# /etc/init.d/vyos-intfwatchd: start and stop the event watching daemon - -test -x /opt/vyatta/sbin/vyos-intfwatchd || exit 0 - -umask 022 - -. /lib/lsb/init-functions - -if [ -n "$2" ]; then - EWD_OPTS="$EWD_OPTS $2" -fi - -# Are we running from init? -run_by_init() { - ([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ] -} - -check_dev_null() { - if [ ! -c /dev/null ]; then - if [ "$1" = log_end_msg ]; then - log_end_msg 1 || true - fi - if ! run_by_init; then - log_action_msg "/dev/null is not a character device!" - fi - exit 1 - fi -} - -export PATH="${PATH:+$PATH:}/usr/sbin:/sbin:/usr/bin:/opt/vyatta/sbin" - -case "$1" in - start) - check_dev_null - log_daemon_msg "Starting vyos-intfwatchd" "vyos-intfwatchd" - if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/vyos-intfwatchd.pid --exec /opt/vyatta/sbin/vyos-intfwatchd -- $EWD_OPTS; then - log_end_msg 0 - else - log_end_msg 1 - fi - ;; - stop) - log_daemon_msg "Stopping vyos-intfwatchd" "vyos-intfwatchd" - VI_PID=`cat /var/run/vyos-intfwatchd.pid` - for p in `pgrep -P $VI_PID`; do - kill $p - done - if start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/vyos-intfwatchd.pid; then - log_end_msg 0 - else - log_end_msg 1 - fi - ;; - restart) - log_daemon_msg "Restarting vyos-intfwatchd" "vyos-intfwatchd" - start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /var/run/vyos-intfwatchd.pid - check_for_no_start log_end_msg - check_dev_null log_end_msg - if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/vyos-intfwatchd.pid --exec /opt/vyatta/sbin/vyos-intfwatchd -- $EWD_OPTS; then - log_end_msg 0 - else - log_end_msg 1 - fi - ;; - status) - status_of_proc -p /var/run/vyos-intfwatchd.pid /opt/vyatta/sbin/vyos-intfwatchd vyos-intfwatchd && exit 0 || exit $? - ;; - - *) - log_action_msg "Usage: /etc/init.d/vyos-intfwatchd {start|stop|restart|status}" - exit 1 -esac - -exit 0 diff --git a/scripts/vyos-intfwatchd b/scripts/vyos-intfwatchd deleted file mode 100644 index b8bde3f3..00000000 --- a/scripts/vyos-intfwatchd +++ /dev/null @@ -1,160 +0,0 @@ -#!/usr/bin/perl -# -# Module: vyos-restore-static-ipv6.pl -# -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# Copyright (C) 2014 VyOS Development Group -# -# **** End License **** - -use lib "/opt/vyatta/share/perl5"; -use strict; -use warnings; -use POSIX; -use Fcntl; -use Sys::Syslog; -use Vyatta::Config; -use Vyatta::Interface; -use Data::Dumper; - -use constant -{ - # Program settings - PROGRAM_NAME => "vyos-intfwatchd", - PROGRAM_VERSION => "1.0", - PID_FILE => "/var/run/vyos-intfwatchd.pid", - - # Program exit codes - SUCCESS => 0, - ERROR => 1, - - # Subroutine error codes - SUB_ERROR => 0, - SUB_SUCCESS => 1, - - # Fcntl file lock/unlock constants - SET_EXCLUSIVE_LOCK => 2, - UNLOCK => 8 -}; - -my $debug = 0; - -sub daemonize -{ - syslog("info", "%s", "Starting in daemon mode"); - - my $pid = fork(); - if (!defined($pid)) - { - # Fork failed - die "Could not spawn child process: $!, exiting"; - } - elsif ($pid > 0) - { - # Child has been spawned succefully, - # parent should terminate now - exit(SUCCESS); - } - chdir("/"); - umask(0); - setsid(); - - # Close standard i/o stream descriptors - open STDIN, "/dev/null" or die "Can't read /dev/null: $!"; - open STDOUT, ">>/dev/null" or die "Can't write to /dev/null: $!"; - open STDERR, ">>/dev/null" or die "Can't write to /dev/null: $!"; -} - -sub writePid -{ - my ($pid, $fh) = @_; - - unless (flock($fh, SET_EXCLUSIVE_LOCK)) - { - syslog("err", "%s", "Could not lock PID file: $!"); - exit(ERROR); - } - - print($fh $pid); -} - -sub releasePid -{ - my $fh = shift; - flock($fh, UNLOCK); - close($fh); - unlink(PID_FILE); -} - - -daemonize(); -my $pidFile = PID_FILE; -unless (open PID_HANDLE, ">$pidFile") -{ - syslog("err", "%s", "Could not create PID file: $!"); - exit(1); -} -writePid($$, \*PID_HANDLE); - -my $config = new Vyatta::Config(); - -my $ip_monitor = "ip monitor link"; -unless (open(HANDLE, "$ip_monitor|")) -{ - syslog("err", "%s", qq{Could not start IP monitor: $!\n}); - exit(1); -} - -sub terminate -{ - my $error = shift; - syslog("notice", "%s", PROGRAM_NAME." is terminating"); - releasePid(\*PID_HANDLE); - exit(0); -} - -$SIG{'INT'} = \&terminate; -$SIG{'TERM'} = \&terminate; -$SIG{'KILL'} = sub { exit(0); }; - -# This solution should be bad enough to be fixed immediately -# when feasible. - -while() -{ - if( $_ =~ /^[0-9]+:\s+([^@]+)(@.*)*:\s+<.*UP,.*>/ ) - { - my $intf_name = $1; - my $intf = new Vyatta::Interface($intf_name); - my $intf_addr_path = $intf->path() . " address"; - - # Get IPv6 addresses - my @addresses = grep /:/, $config->returnEffectiveValues($intf_addr_path); - print Dumper(@addresses) if $debug; - - foreach my $address (@addresses) - { - system("ip address add $address dev $intf_name"); - if( $? != 0 ) - { - syslog("err", "%s", "Could not add address $address: $!"); - } - else - { - syslog("notice", "%s", "Restoring address $address on interface $intf_name"); - } - } - - $intf = undef; - } -} - diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf index 3fe560b6..3e5717f1 100644 --- a/sysconf/vyatta-sysctl.conf +++ b/sysconf/vyatta-sysctl.conf @@ -67,3 +67,7 @@ net.ipv4.conf.all.send_redirects=1 # Increase size of buffer for netlink net.core.rmem_max=2097152 + +# Do not forget IPv6 addresses when a link goes down +net.ipv6.conf.default.keep_addr_on_down=1 +net.ipv6.conf.all.keep_addr_on_down=1 -- cgit v1.2.3 From fba795a09ae9d088a2403b5eaf2bc13e72138a62 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Thu, 31 May 2018 01:49:30 +0200 Subject: T232: force FAT label creation before creating the root partition. --- scripts/install/install-get-partition | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) (limited to 'scripts') diff --git a/scripts/install/install-get-partition b/scripts/install/install-get-partition index a8590031..5ea4845e 100755 --- a/scripts/install/install-get-partition +++ b/scripts/install/install-get-partition @@ -669,20 +669,17 @@ create_partitions() { exit 1 fi + # Force FAT label creation + lecho "Creating a new disklabel on $ldrive" + parted -s /dev/$ldrive mklabel msdos + # Make sure you can print disk info using parted parted --script /dev/$ldrive p >/dev/null 2>&1 - # If unable to read disk, it's likely it needs a disklabel + # If we still can't, something has gone terribly wrong if [ "$?" != "0" ]; then - lecho "Creating a new disklabel on $ldrive" - lecho "parted /dev/$ldrive mklabel msdos" - output=$(parted -s /dev/$ldrive mklabel msdos) - - parted --script /dev/$ldrive p >/dev/null 2>&1 - if [ "$?" != "0" ]; then - echo "Unable to read disk label. Exiting." - exit 1 - fi + echo "Unable to read disk label. Exiting." + exit 1 fi lecho "Creating root partition on /dev/$ldrive" -- cgit v1.2.3 From 4524181410b68367d91e07552466ef577ac5b0e3 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 8 Jun 2018 10:52:32 +0200 Subject: T652: remove SNMP perl scripts --- Makefile.am | 3 - scripts/snmp/if-mib-alias | 129 ------ scripts/snmp/vyatta-snmp-v3.pl | 676 ------------------------------- scripts/snmp/vyatta-snmp.pl | 333 --------------- scripts/system/vyatta_check_snmp_name.pl | 31 -- 5 files changed, 1172 deletions(-) delete mode 100755 scripts/snmp/if-mib-alias delete mode 100755 scripts/snmp/vyatta-snmp-v3.pl delete mode 100755 scripts/snmp/vyatta-snmp.pl delete mode 100755 scripts/system/vyatta_check_snmp_name.pl (limited to 'scripts') diff --git a/Makefile.am b/Makefile.am index 3e70ca59..01ea0ce6 100644 --- a/Makefile.am +++ b/Makefile.am @@ -43,7 +43,6 @@ sbin_SCRIPTS += scripts/vyatta-grub-setup sbin_SCRIPTS += scripts/standalone_root_pw_reset sbin_SCRIPTS += scripts/vyatta-passwd-sync sbin_SCRIPTS += scripts/system/vyatta_check_username.pl -sbin_SCRIPTS += scripts/system/vyatta_check_snmp_name.pl sbin_SCRIPTS += scripts/system/vyatta_check_domainname.pl sbin_SCRIPTS += scripts/system/vyatta_interface_rescan sbin_SCRIPTS += scripts/system/vyatta_update_login.pl @@ -53,8 +52,6 @@ sbin_SCRIPTS += scripts/system/vyatta_update_sysctl.pl sbin_SCRIPTS += scripts/system/vyatta_update_syslog.pl sbin_SCRIPTS += scripts/system/vyatta_update_console.pl sbin_SCRIPTS += scripts/system/irq-affinity.pl -sbin_SCRIPTS += scripts/snmp/vyatta-snmp.pl -sbin_SCRIPTS += scripts/snmp/vyatta-snmp-v3.pl sbin_SCRIPTS += scripts/snmp/if-mib-alias sbin_SCRIPTS += scripts/telnetd.init sbin_SCRIPTS += scripts/dynamic-dns/vyatta-dynamic-dns.pl diff --git a/scripts/snmp/if-mib-alias b/scripts/snmp/if-mib-alias deleted file mode 100755 index d17644e9..00000000 --- a/scripts/snmp/if-mib-alias +++ /dev/null @@ -1,129 +0,0 @@ -#! /usr/bin/perl - -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. -# All Rights Reserved. -# -# Author: Stephen Hemminger -# Date: October 2010 -# Description: script is run as net-snmp extension to read interface alias -# -# **** End License **** - -use strict; -use warnings; -use feature "switch"; - -# Collect interface all alias values -sub get_alias { - my @interfaces; - - open (my $ip, '-|', 'ip li') - or die "Can't run ip command\n"; - my $index; - while(<$ip>) { - if (/^(\d+): ([^:]*): /) { - $index = $1; - $interfaces[$index] = $2; - } elsif (/^ +alias (.*)$/) { - $interfaces[$index] = $1; - } - } - close $ip; - return @interfaces; -} - -sub get_oid { - my $oid = shift; - die "Not a valid Object ID: $oid" - unless ($oid =~ /.(\d+)$/); - - my $ifindex = $1; - my @interfaces = get_alias(); - - my $ifalias = $interfaces[$ifindex]; - print "$oid\nstring\n$ifalias\n" if $ifalias; -} - -# OID of ifAlias [RFC2863] -my $BASE = '.1.3.6.1.2.1.31.1.1.1.18'; - -sub get_next { - my $oid = shift; - - return get_next("$BASE.0") - if ($oid eq $BASE); - - die "Not a valid Object ID: $oid" - unless ($oid =~ /^(\S*)\.(\d+)$/); - - my $base = $1; - my $ifindex = $2; - my @interfaces = get_alias(); - - while (++$ifindex <= $#interfaces) { - my $ifalias = $interfaces[$ifindex]; - if ($ifalias) { - print "$base.$ifindex\nstring\n$ifalias\n"; - last; - } - } -} - -sub ifindextoname { - my $ifindex = shift; - - open (my $ip, '-|', 'ip li') - or die "Can't run ip command\n"; - my $index; - while(<$ip>) { - next unless (/^(\d+): ([^:]*): /); - return $2 if ($1 == $ifindex); - } - return; -} - -sub set_oid { - my ($oid, $target, $value) = @_; - die "Not a valid Object ID: $oid" - unless ($oid =~ /\.(\d+)$/); - my $ifindex = $1; - unless ($target eq 'string') { - print "wrong-type\n"; - return; - } - - my $ifname = ifindextoname($ifindex); - if ($ifname) { - system("ip li set $ifname alias '$value' >/dev/null 2>&1"); - print "not-writeable\n" if ($? != 0); - } -} - -sub usage { - warn "Usage: $0 {-g|-n} OID\n"; - warn " $0 -s OID TARGET VALUE\n"; - exit 1; -} - -usage unless $#ARGV >= 1; - -given ($ARGV[0]) { - when ('-g') { get_oid ($ARGV[1]); } - when ('-n') { get_next ($ARGV[1]); } - when ('-s') { set_oid ($ARGV[1], $ARGV[2], $ARGV[3]); } - default { - warn "$ARGV[0] unknown flag\n"; - usage; - } -} diff --git a/scripts/snmp/vyatta-snmp-v3.pl b/scripts/snmp/vyatta-snmp-v3.pl deleted file mode 100755 index a2d738eb..00000000 --- a/scripts/snmp/vyatta-snmp-v3.pl +++ /dev/null @@ -1,676 +0,0 @@ -#!/usr/bin/perl -# -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2013 Vyatta, Inc. -# All Rights Reserved. -# -# **** End License **** - -use strict; -use warnings; - -use lib "/opt/vyatta/share/perl5/"; -use Vyatta::Config; -use File::Copy; -use Getopt::Long; -use Socket; -use Socket6; - -my $snmp_v3_level = 'service snmp v3'; -my $snmp_restart = 'systemctl restart snmpd.service'; -my $snmp_stop = 'systemctl stop snmpd.service'; -my $snmp_start = 'systemctl start snmpd.service'; -my $snmp_reload = 'systemctl reload snmpd.service'; -my $snmpd_conf = '/etc/snmp/snmpd.conf'; -my $snmpd_usr_conf = '/usr/share/snmp/snmpd.conf'; -my $snmpd_var_conf = '/var/lib/snmp/snmpd.conf'; -my $snmpd_conf_tmp = "/tmp/snmpd.conf.$$"; -my $snmpd_usr_conf_tmp = "/tmp/snmpd.usr.conf.$$"; -my $snmpd_var_conf_tmp = "/tmp/snmpd.var.conf.$$"; -my $versionfile = '/opt/vyatta/etc/version'; -my $local_agent = 'unix:/run/snmpd.socket'; - -my $oldEngineID = ""; -my $setserialno = ""; - -my %OIDs = ( - "md5", ".1.3.6.1.6.3.10.1.1.2", "sha", ".1.3.6.1.6.3.10.1.1.3", - "aes", ".1.3.6.1.6.3.10.1.2.4", "des", ".1.3.6.1.6.3.10.1.2.2", - "none", ".1.3.6.1.6.3.10.1.2.1" -); - -# generate a random character hex string -sub randhex { - my $length = shift; - return join "", map { unpack "H*", chr( rand(256) ) } 1 .. ( $length / 2 ); -} - -sub snmpd_running { - open( my $pidf, '<', "/run/snmpd.pid" ) - or return; - my $pid = <$pidf>; - close $pidf; - - chomp $pid; - my $exe = readlink "/proc/$pid/exe"; - - return ( defined($exe) && $exe eq "/usr/sbin/snmpd" ); -} - -sub check_snmp_exit_code { - my $code = shift; - - # snmpd can start/restart with exit code 256 if trap-target is unavailable - if ( $code != 0 && $code != 256 ) { - return 1; - } - else { - return 0; - } -} - -sub snmpd_stop { - system("$snmp_stop > /dev/null 2>&1"); - if ( check_snmp_exit_code($?) ) { - print "ERROR: Can not stop snmpd!\n"; - exit(1); - } -} - -sub snmpd_start { - system("$snmp_start > /dev/null 2>&1"); - if ( check_snmp_exit_code($?) ) { - print "ERROR: Can not start snmpd!\n"; - exit(1); - } -} - -sub snmpd_update { - system("$snmp_reload > /dev/null 2>&1"); - if ( check_snmp_exit_code($?) ) { - print "ERROR: Can not reload snmpd!\n"; - exit(1); - } -} - -sub snmpd_restart { - system("$snmp_restart > /dev/null 2>&1"); - if ( check_snmp_exit_code($?) ) { - print "ERROR: Can not restart snmpd!\n"; - exit(1); - } -} - -# get vyatta version -sub get_version { - my $version = "unknown-version"; - - if ( open( my $f, '<', $versionfile ) ) { - while (<$f>) { - chomp; - if (m/^Version\s*:\s*(.*)$/) { - $version = $1; - last; - } - } - close $f; - } - return $version; -} - -sub ipv6_disabled { - socket( my $s, PF_INET6, SOCK_DGRAM, 0 ) - or return 1; - close($s); - return; -} - -# write tsm config from current to snmpd_conf -sub set_tsm { - my $config = get_snmp_config(); - if ( $config->exists("tsm") ) { - my $port = $config->returnValue("tsm port"); - my $local_key = $config->returnValue("tsm local-key"); - system( -"sed -i 's/^agentaddress.*\$/&,tlstcp:$port,dtlsudp:$port/' $snmpd_conf_tmp" - ); - system("echo \"[snmp] localCert $local_key\" >> $snmpd_conf_tmp"); - } -} - -# delete all SNMP config files -# can be called directly -sub snmp_delete { - snmpd_stop(); - - my @files = ( $snmpd_conf, $snmpd_usr_conf, $snmpd_var_conf ); - foreach my $file (@files) { - if ( -e $file ) { - unlink($file); - } - } -} - -sub get_snmp_config { - my $config = new Vyatta::Config; - $config->setLevel($snmp_v3_level); - return $config; -} - -# write views from vyatta config to snmpd_conf -sub set_views { - print "# views \n"; - my $config = get_snmp_config(); - foreach my $view ( $config->listNodes("view") ) { - foreach my $oid ( $config->listNodes("view $view oid") ) { - my $mask = ''; - $mask = $config->returnValue("view $view oid $oid mask") - if $config->exists("view $view oid $oid mask"); - if ( $config->exists("view $view oid $oid exclude") ) { - print "view $view excluded .$oid $mask\n"; - } - else { - print "view $view included .$oid $mask\n"; - } - } - } - print "\n"; -} - -# write groups from vyatta config to snmpd_conf -sub set_groups { - print -"#access\n# context sec.model sec.level match read write notif\n"; - my $config = get_snmp_config(); - foreach my $group ( $config->listNodes("group") ) { - my $mode = $config->returnValue("group $group mode"); - my $view = $config->returnValue("group $group view"); - my $secLevel = $config->returnValue("group $group seclevel"); - if ( $mode eq "ro" ) { - print "access $group \"\" usm $secLevel exact $view none none\n"; - print "access $group \"\" tsm $secLevel exact $view none none\n"; - } - else { - print "access $group \"\" usm $secLevel exact $view $view none\n"; - print "access $group \"\" tsm $secLevel exact $view $view none\n"; - } - } - print "\n"; -} - -# write users from vyatta config to snmpd_conf -sub set_users_in_etc { - - print "#group\n"; - my $tsm_counter = 0; - my $config = get_snmp_config(); - foreach my $user ( $config->listNodes("user") ) { - $config->setLevel( $snmp_v3_level . " user $user" ); - if ( $config->exists("group") ) { - my $group = $config->returnValue("group"); - print "group $group usm $user\n"; - print "group $group tsm $user\n"; - } - if ( $config->exists("tsm-key") ) { - my $cert = $config->returnValue("tsm-key"); - $tsm_counter++; - print "certSecName $tsm_counter $cert --sn $user\n"; - } - } - - print "\n"; -} - -# write users from vyatta config to config files in /usr & /var -sub set_users_to_other { - open( my $usr_conf, '>>', $snmpd_usr_conf_tmp ) - or die "Couldn't open $snmpd_usr_conf_tmp - $!"; - open( my $var_conf, '>>', $snmpd_var_conf_tmp ) - or die "Couldn't open $snmpd_var_conf_tmp - $!"; - - print $var_conf "\n"; - - my $config = get_snmp_config(); - my $needTsm = 0; - if ( $config->exists("tsm") ) { - $needTsm = 1; - } - - my %trap_users = (); - - foreach my $trap ( $config->listNodes("trap-target") ) { - $trap_users{ $config->returnValue("trap-target $trap user") } = 1; - } - - foreach my $user ( $config->listNodes("user") ) { - delete $trap_users{$user}; - $config->setLevel( $snmp_v3_level . " user $user" ); - my $auth_type = $config->returnValue("auth type"); - my $priv_type = $config->returnValue("privacy type"); - if ( $config->exists("auth") ) { - if ( $config->exists("auth plaintext-key") ) { - my $auth_key = $config->returnValue("auth plaintext-key"); - my $priv_key = ''; - $priv_key = $config->returnValue("privacy plaintext-key") - if $config->exists("privacy plaintext-key"); - print $var_conf -"createUser $user \U$auth_type\E $auth_key \U$priv_type\E $priv_key\n"; - } - else { - my $name_print = get_printable_name($user); - my $EngineID = $config->returnValue("engineid"); - if ( $EngineID eq "" ) { - die "ERROR: engineid is null\n"; - } - my $auth_type_oid = $OIDs{$auth_type}; - my $auth_key_hex = $config->returnValue("auth encrypted-key"); - - my ( $priv_type_oid, $priv_key_hex ); - if ( $config->exists("privacy") ) { - $priv_type_oid = $OIDs{$priv_type}; - $priv_key_hex = - $config->returnValue("privacy encrypted-key"); - } - else { - $priv_type_oid = $OIDs{'none'}; - $priv_key_hex = '0x'; - } - print $var_conf -"usmUser 1 3 $EngineID $name_print $name_print NULL $auth_type_oid $auth_key_hex $priv_type_oid $priv_key_hex 0x\n"; - } - } - my $mode = $config->returnValue("mode"); - my $end = "auth"; - if ( $config->exists("privacy") ) { - $end = "priv"; - } - print $usr_conf $mode . "user $user $end\n"; - if ($needTsm) { - print $usr_conf $mode . "user -s tsm $user $end\n"; - } - } - -# add users for trap if they are not exists in vyatta config /services/snmp/v3/user - foreach my $user ( keys %trap_users ) { - my $name_print = get_printable_name($user); - print $var_conf "usmUser 1 3 0x" - . randhex(26) - . " $name_print $name_print NULL .1.3.6.1.6.3.10.1.1.2 0x" - . randhex(32) - . " .1.3.6.1.6.3.10.1.2.1 0x 0x\n"; - print $usr_conf "rouser $user auth\n"; - } - - print $var_conf "setserialno $setserialno\n" - if !($setserialno eq ""); - print $var_conf "oldEngineID $oldEngineID\n" - if !($oldEngineID eq ""); - - close $usr_conf; - close $var_conf; -} - -# if name contains '-' then it must be printed in hex format -sub get_printable_name { - my $name = shift; - if ( $name =~ /-/ ) { - my @array = unpack( 'C*', $name ); - my $stringHex = '0x'; - foreach my $c (@array) { - $stringHex .= sprintf( "%lx", $c ); - } - return $stringHex; - } - else { - return "\"$name\""; - } -} - - -# read encrypted keys from config file in /var to vyatta config -# read additional info from config file in /var to VConfig variable -# delete plaintext passwords in vyatta config -sub update_users_vyatta_conf { - open( my $var_conf, '<', $snmpd_var_conf ) - or die "Couldn't open $snmpd_usr_conf - $!"; - my $config = get_snmp_config(); - while ( my $line = <$var_conf> ) { - if ( $line =~ /^oldEngineID (.*)$/ ) { - my $value = $1; - if ($config->exists("engineid") && - $config->returnValue("engineid") eq ""){ - system( -"/opt/vyatta/sbin/my_set service snmp v3 engineid $value > /dev/null" - ); - } - } - if ( $line =~ /^usmUser / ) { - my @values = split( / /, $line ); - my $name = $values[4]; - if ( $name =~ /^"(.*)"$/ ) { - $name = $1; - } - else { - $name = pack( 'H*', $name ); - } - - # this file contain users for trap-target and vyatta... user - # these users recreating automatically on each commit - if ( $config->exists("user $name") ) { - system( -"/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" engineid $values[3] > /dev/null" - ); - system( -"/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" auth encrypted-key $values[8] > /dev/null" - ); - if ( $values[10] ne "\"\"" && $values[10] ne "0x" ) { - system( -"/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" privacy encrypted-key $values[10] > /dev/null" - ); - system( -"/opt/vyatta/sbin/my_delete service snmp v3 user \"$name\" privacy plaintext-key > /dev/null" - ); - } - system( -"/opt/vyatta/sbin/my_delete service snmp v3 user \"$name\" auth plaintext-key > /dev/null" - ); - } - } - } - close $var_conf; -} - -# write trap-target hosts from vyatta config to snmpd_conf -sub set_hosts { - print "#trap-target\n"; - my $config = get_snmp_config(); - foreach my $target ( $config->listNodes("trap-target") ) { - $config->setLevel( $snmp_v3_level . " trap-target $target" ); - my $auth_key = ''; - if ( $config->exists("auth plaintext-key") ) { - $auth_key = "-A " . $config->returnValue("auth plaintext-key"); - } - else { - $auth_key = "-3m " . $config->returnValue("auth encrypted-key"); - } - my $auth_type = $config->returnValue("auth type"); - my $user = $config->returnValue("user"); - my $port = $config->returnValue("port"); - my $protocol = $config->returnValue("protocol"); - my $type = $config->returnValue("type"); - my $inform_flag = '-Ci'; - $inform_flag = '-Ci' if ( $type eq 'inform' ); - - if ( $type eq 'trap' ) { - $inform_flag = '-e ' . $config->returnValue("engineid"); - } - my $privacy = ''; - my $secLevel = 'authNoPriv'; - if ( $config->exists("privacy") ) { - my $priv_key = ''; - if ( $config->exists("privacy plaintext-key") ) { - $priv_key = - "-X " . $config->returnValue("privacy plaintext-key"); - } - else { - $priv_key = - "-3M " . $config->returnValue("privacy encrypted-key"); - } - my $priv_type = $config->returnValue("privacy type"); - $privacy = "-x $priv_type $priv_key"; - $secLevel = 'authPriv'; - } - - # TODO understand difference between master and local - # Uses: - # set -3m / -3M for auth / priv for master - # or -3k / -3K for local - # Current use only master - my $target_print = $target; - if ( $target =~ /:/ ) { - $target_print = "[$target]"; - $protocol = $protocol . "6"; - } - print -"trapsess -v 3 $inform_flag -u $user -l $secLevel -a $auth_type $auth_key $privacy $protocol:$target_print:$port\n"; - } - print "\n"; -} - -# check changes in auth and privacy nodes -# deny set encrypted-key in case engineid wasn't set -sub check_user_auth_changes { - my $config = get_snmp_config(); - my $v3engineid = ""; - - if($config->exists("engineid")){ - $v3engineid=$config->returnValue("engineid"); - } - - if ( $config->isChanged("user") || $config->isChanged("engineid")) { - my $haveError = 0; - foreach my $user ( $config->listNodes("user") ) { - $config->setLevel( $snmp_v3_level . " user $user" ); - if ( $config->exists("engineid") && - !($v3engineid eq "" ) && - !($config->returnValue("engineid") eq "" ) && - !($config->returnValue("engineid") eq $v3engineid)){ - print -"Warning: Encrypted key(s) for snmp v3 user \"$user\" was(were) generated for another SNMP engineid. It won't work. Please recreate this user.\n"; - } - if ( $config->exists("auth") ) { - if ( - !( - $config->exists("engineid") && - ( - $config->exists("auth encrypted-key") || - $config->exists("privacy encrypted-key") - ) - ) - ) - { - $haveError = 1; - print -"Discard encrypted-key on user \"$user\". It's necessary to setup engineid the encrypted-key was generated with.\n"; - } - my $isAuthKeyChanged = $config->isChanged("auth plaintext-key"); - my $isAuthEKeyChanged = $config->isChanged("auth encrypted-key"); - if ( $config->exists("privacy") ) { - my $isPrivKeyChanged = - $config->isChanged("privacy plaintext-key"); - my $isPrivEKeyChanged = - $config->isChanged("privacy encrypted-key"); - if ( ($isPrivEKeyChanged && !$isAuthEKeyChanged) - || ($isPrivKeyChanged && !$isAuthKeyChanged) ) { - $haveError = 1; - print - "Please, set correct auth and privacy for user \"$user\"\n"; - print - "Set plaintext-key for auth and privacy or set encrypted-key for both\n"; - } - } - } - else { - if ( $config->exists("privacy") ) { - $haveError = 1; - print "Please, delete privacy for user \"$user\"\n"; - } - } - } - if ($haveError) { - exit(1); - } - } -} - -# check relation between user & group & view -sub check_relation { - my $config = get_snmp_config(); - my $haveError = 0; - foreach my $user ( $config->listNodes("user") ) { - if ( $config->exists("user $user group") ) { - my $group = $config->returnValue("user $user group"); - if ( !$config->exists("group $group") ) { - $haveError = 1; - print -"Please, create group \"$group\". It's need for user \"$user\"\n"; - } - } - } - foreach my $group ( $config->listNodes("group") ) { - my $view = $config->returnValue("group $group view"); - if ( !$config->exists("view $view") ) { - $haveError = 1; - print - "Please, create view \"$view\". It's need for group \"$group\"\n"; - } - } - if ($haveError) { - exit(1); - } -} - -# check is new tsm port free on system -sub check_tsm_port { - my $config = get_snmp_config(); - if ( $config->isChanged("tsm port") ) { - my $port = $config->returnValue("tsm port"); - my $reg = ":$port\$"; - my $output = `netstat -anltup | awk '{print \$4}'`; - foreach my $line ( split( /\n/, $output ) ) { - if ( $line =~ /$reg/ ) { - print - "Actually port $port is using. It can not be used for tsm.\n"; - exit(1); - } - } - } -} - -# check group seclevel and user auth/privacy -sub check_seclevel { - my $config = get_snmp_config(); - my $haveError = 0; - if ( $config->isChanged("user") || $config->isChanged("group") ) { - foreach my $user ( $config->listNodes("user") ) { - if ( $config->exists("user $user group") ) { - my $group = $config->returnValue("user $user group"); - if ( $config->isChanged("user $user") - || $config->isChanged("group $group") ) - { - my $group_seclevel = - $config->returnValue("group $group seclevel"); - if ( $config->exists("user $user privacy") ) { - if ( $group_seclevel eq "auth" ) { - print -"User \"$user\" have privacy, but group \"$group\" have \"auth\" as seclevel. So auth and priv work both.\n"; - } - } - else { - if ( $group_seclevel eq "priv" ) { - print -"User \"$user\" will not work, because he haven't privacy, but group \"$group\" have \"priv\" as seclevel.\n"; - $haveError = 1; - } - } - } - } - } - } - if ($haveError) { - exit(1); - } -} - -sub copy_conf_to_tmp { - - # these files already contain SNMPv2 configuration - copy( $snmpd_conf, $snmpd_conf_tmp ) - or die "Couldn't copy $snmpd_conf to $snmpd_conf_tmp - $!"; - copy( $snmpd_usr_conf, $snmpd_usr_conf_tmp ) - or die "Couldn't copy $snmpd_usr_conf to $snmpd_usr_conf_tmp - $!"; - copy( $snmpd_var_conf, $snmpd_var_conf_tmp ) - or die "Couldn't copy $snmpd_var_conf to $snmpd_var_conf_tmp - $!"; -} - -# update all vyatta config -# can be called directly -sub snmp_update { - - copy_conf_to_tmp(); - - set_tsm(); - - open( my $fh, '>>', $snmpd_conf_tmp ) - or die "Couldn't open $snmpd_conf_tmp - $!"; - - select $fh; - - set_views(); - set_groups(); - set_hosts(); - set_users_in_etc(); - - close $fh; - select STDOUT; - - move( $snmpd_conf_tmp, $snmpd_conf ) - or die "Couldn't move $snmpd_conf_tmp to $snmpd_conf - $!"; - - my $config = get_snmp_config(); - if ($config->exists("engineid")) { - $oldEngineID = $config->returnValue("engineid"); - } - - snmpd_stop(); - - #add newly added users to var config to get encrypted values - set_users_to_other(); - - move( $snmpd_usr_conf_tmp, $snmpd_usr_conf ) - or die "Couldn't move $snmpd_usr_conf_tmp to $snmpd_usr_conf - $!"; - move( $snmpd_var_conf_tmp, $snmpd_var_conf ) - or die "Couldn't move $snmpd_var_conf_tmp to $snmpd_var_conf - $!"; - - snmpd_start(); - snmpd_stop(); - - # now we have encrypted user config - start and read it after - snmpd_start(); - update_users_vyatta_conf(); -} - -# validate vyatta config before write it into files -# can be called directly -sub snmp_check { - check_user_auth_changes(); - check_relation(); - check_tsm_port(); - check_seclevel(); -} - -my $check_config; -my $update_snmp; -my $delete_snmp; - -GetOptions( - "check-config!" => \$check_config, - "update-snmp!" => \$update_snmp, - "delete-snmp!" => \$delete_snmp, - "oldEngineID=s" => \$oldEngineID, - "setserialno=s" => \$setserialno -); - -snmp_check() if ($check_config); -snmp_update() if ($update_snmp); -snmp_delete() if ($delete_snmp); diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl deleted file mode 100755 index 5c4ff1d0..00000000 --- a/scripts/snmp/vyatta-snmp.pl +++ /dev/null @@ -1,333 +0,0 @@ -#!/usr/bin/perl -# -# Module: vyatta-snmp.pl -# -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. -# All Rights Reserved. -# -# Author: Stig Thormodsrud -# Date: October 2007 -# Description: Script to glue vyatta cli to snmp daemon -# -# **** End License **** -# - -use strict; -use warnings; - -use lib "/opt/vyatta/share/perl5/"; -use Vyatta::Config; -use Vyatta::Misc; -use NetAddr::IP; -use Getopt::Long; -use File::Copy; -use Socket; -use Socket6; - -my $mibdir = '/opt/vyatta/share/snmp/mibs'; -my $snmp_start = 'systemctl start snmpd.service'; -my $snmp_stop = 'systemctl stop snmpd.service'; -my $snmp_conf = '/etc/snmp/snmpd.conf'; -my $snmp_client = '/etc/snmp/snmp.conf'; -my $snmp_tmp = "/tmp/snmpd.conf.$$"; -my $snmp_snmpv3_user_conf = '/usr/share/snmp/snmpd.conf'; -my $snmp_snmpv3_createuser_conf = '/var/lib/snmp/snmpd.conf'; -my $versionfile = '/opt/vyatta/etc/version'; -my $local_agent = 'unix:/run/snmpd.socket'; -my $password_file = '/config/snmp/superuser_pass'; - -my $snmp_level = 'service snmp'; - -sub snmp_running { - open (my $pidf, '<', "/run/snmpd.pid") - or return; - my $pid = <$pidf>; - close $pidf; - - chomp $pid; - my $exe = readlink "/proc/$pid/exe"; - - return (defined($exe) && $exe eq "/usr/sbin/snmpd"); -} - -sub snmp_stop { - system("$snmp_stop > /dev/null 2>&1"); -} - -sub snmp_start { - # we must stop snmpd first for creating vyatta user - system("$snmp_stop > /dev/null 2>&1"); - open (my $fh, '>', $snmp_tmp) - or die "Couldn't open $snmp_tmp - $!"; - - select $fh; - snmp_get_constants(); - snmp_get_values(); - snmp_get_traps(); - close $fh; - select STDOUT; - - snmp_client_config(); - - move($snmp_tmp, $snmp_conf) - or die "Couldn't move $snmp_tmp to $snmp_conf - $!"; -} - -sub get_version { - my $version = "unknown-version"; - - if (open (my $f, '<', $versionfile)) { - while (<$f>) { - chomp; - if (m/^Version\s*:\s*(.*)$/) { - $version = $1; - last; - } - } - close $f; - } - return $version; -} - -# convert address to snmpd transport syntax -sub transport_syntax { - my ($addr, $port) = @_; - my $ip = new NetAddr::IP $addr; - die "$addr: not a valid IP address" unless $ip; - - my $version = $ip->version(); - return "udp:$addr:$port" if ($version == 4); - return "udp6:[$addr]:$port" if ($version == 6); - die "$addr: unknown IP version $version"; -} - -# Test if IPv6 is possible by opening a socket -sub ipv6_disabled { - socket ( my $s, PF_INET6, SOCK_DGRAM, 0) - or return 1; - close($s); - return; -} - -# Find SNMP agent listening addresses -sub get_listen_address { - my $config = new Vyatta::Config; - my @listen; - - $config->setLevel('service snmp listen-address'); - my @address = $config->listNodes(); - - if(@address) { - foreach my $addr (@address) { - my $port = $config->returnValue("$addr port"); - push @listen, transport_syntax($addr, $port); - } - } else { - # default if no address specified - @listen = ( 'udp:161' ); - push @listen, 'udp6:161' unless ipv6_disabled(); - return @listen; - } - - return @listen; -} - -sub snmp_get_constants { - my $version = get_version(); - my $now = localtime; - my @addr = get_listen_address(); - - # add local unix domain target for use by operational commands - unshift @addr, $local_agent; - - print "# autogenerated by vyatta-snmp.pl on $now\n"; - print "sysDescr VyOS $version\n"; - print "sysObjectID 1.3.6.1.4.1.44641\n"; - print "sysServices 14\n"; - print "master agentx\n"; # maybe needed by lldpd - print "agentaddress ", join(',',@addr), "\n"; - print "agentXPerms 0755 0755\n"; - - # add hook to read IF-MIB::ifAlias from sysfs - print "pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias\n"; - - print "smuxpeer .1.3.6.1.4.1.3317.1.2.2\n"; # ospfd - print "smuxpeer .1.3.6.1.4.1.3317.1.2.5\n"; # bgpd - print "smuxpeer .1.3.6.1.4.1.3317.1.2.3\n"; # ripd - print "smuxpeer .1.3.6.1.4.1.3317.1.2.9\n"; # mribd - print "smuxpeer .1.3.6.1.2.1.83\n"; # mribd - print "smuxpeer .1.3.6.1.4.1.3317.1.2.8\n"; # pimd - print "smuxpeer .1.3.6.1.2.1.157\n"; # pimd - print "smuxsocket localhost\n"; -} - -# generate a random character hex string -sub randhex { - my $length = shift; - return join "", map { unpack "H*", chr(rand(256)) } 1..($length/2); -} - -# output snmpd.conf file syntax for community -sub print_community { - my ($config, $community) = @_; - my $ro = $config->returnValue('authorization'); - $ro = 'ro' unless $ro; - - my @clients = $config->returnValues('client'); - my @networks = $config->returnValues('network'); - - my @restriction = (@clients, @networks); - if (!@restriction) { - print $ro . "community $community\n"; - print $ro . "community6 $community\n" unless ipv6_disabled(); - return; - } - - foreach my $addr (@restriction) { - my $ip = new NetAddr::IP $addr; - die "$addr: Not a valid IP address" unless $ip; - - if ($ip->version() == 4) { - print $ro . "community $community $addr\n"; - } elsif ($ip->version() == 6) { - print $ro . "community6 $community $addr\n"; - } else { - die "$addr: bad IP version ", $ip->version(); - } - } -} - -sub snmp_get_values { - my $config = new Vyatta::Config; - - my @communities = $config->listNodes("service snmp community"); - foreach my $community (@communities) { - $config->setLevel("service snmp community $community"); - print_community($config, $community); - } - - $config->setLevel("service snmp smux-peer"); - my @smuxpeers = $config->returnValues(); - foreach my $smuxpeer (@smuxpeers) { - print "smuxpeer $smuxpeer \n"; - } - - $config->setLevel($snmp_level); - my $contact = $config->returnValue("contact"); - if (defined $contact) { - print "SysContact $contact \n"; - } - - my $description = $config->returnValue("description"); - if (defined $description) { - print "SysDescr $description \n"; - } - - my $location = $config->returnValue("location"); - if (defined $location) { - print "SysLocation $location \n"; - } -} - -sub snmp_get_traps { - my $config = new Vyatta::Config; - $config->setLevel($snmp_level); - - # linkUp/Down configure the Event MIB tables to monitor - # the ifTable for network interfaces being taken up or down - # for making internal queries to retrieve any necessary information - - # create an internal snmpv3 user of the form 'vyattaxxxxxxxxxxxxxxxx' - my $vyatta_user = "vyatta" . randhex(16); - snmp_create_snmpv3_user($vyatta_user); - snmp_write_snmpv3_user($vyatta_user); - print "iquerySecName $vyatta_user\n"; - - # Modified from the default linkUpDownNotification - # to include more OIDs and poll more frequently - print <listNodes("trap-target"); - return unless @trap_targets; - - foreach my $trap_target (@trap_targets) { - my $port = $config->returnValue("trap-target $trap_target port"); - my $community - = $config->returnValue("trap-target $trap_target community"); - - print "trap2sink $trap_target"; - print ":$port" if $port; - print " $community" if $community; - print "\n"; - } -} - -# Configure SNMP client parameters -sub snmp_client_config { - my $config = new Vyatta::Config; - $config->setLevel($snmp_level); - - open (my $cf, '>', $snmp_client) - or die "Couldn't open $snmp_client - $!"; - - my $version = get_version(); - my $now = localtime; - print {$cf} "# autogenerated by vyatta-snmp.pl on $now\n"; - - my $trap_source = $config->returnValue('trap-source'); - print {$cf} "clientaddr $trap_source\n" if ($trap_source); - close $cf; -} - -sub snmp_create_snmpv3_user { - - my $vyatta_user = shift; - my $passphrase = randhex(32); - - my $createuser = "createUser $vyatta_user MD5 \"$passphrase\" DES"; - open(my $fh, '>', $snmp_snmpv3_createuser_conf) || die "Couldn't open $snmp_snmpv3_createuser_conf - $!"; - print $fh $createuser; - close $fh; - - open(my $pass_file, '>', $password_file) || die "Couldn't open $password_file - $!"; - print $pass_file $passphrase; - close $pass_file; -} - -sub snmp_write_snmpv3_user { - - my $vyatta_user = shift; - my $user = "rwuser $vyatta_user\n"; - open(my $fh, '>', $snmp_snmpv3_user_conf) || die "Couldn't open $snmp_snmpv3_user_conf - $!"; - print $fh $user; - close $fh; -} - - -# -# main -# -my $update_snmp; -my $stop_snmp; - -GetOptions("update-snmp!" => \$update_snmp, - "stop-snmp!" => \$stop_snmp); - -snmp_start() if ($update_snmp); -snmp_stop() if ($stop_snmp); diff --git a/scripts/system/vyatta_check_snmp_name.pl b/scripts/system/vyatta_check_snmp_name.pl deleted file mode 100755 index 599fe398..00000000 --- a/scripts/system/vyatta_check_snmp_name.pl +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/perl - -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc. -# All Rights Reserved. -# -# **** End License **** - -use strict; -use warnings; - -foreach my $name (@ARGV) { - die "$name : illegal characters in name\n" - if (!($name =~ /^[a-zA-Z0-9]*$/)); - - # Usernames may only be up to 32 characters long. - die "$name: name may only be up to 32 characters long\n" - if (length($name) > 32); -} - -exit 0; -- cgit v1.2.3 From 3b7b936cc53dd06e27d10ad2995286762cb7fa84 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 8 Jun 2018 11:16:58 +0200 Subject: Revert "T652: remove SNMP perl scripts" This reverts commit 4524181410b68367d91e07552466ef577ac5b0e3. --- Makefile.am | 3 + scripts/snmp/if-mib-alias | 129 ++++++ scripts/snmp/vyatta-snmp-v3.pl | 676 +++++++++++++++++++++++++++++++ scripts/snmp/vyatta-snmp.pl | 333 +++++++++++++++ scripts/system/vyatta_check_snmp_name.pl | 31 ++ 5 files changed, 1172 insertions(+) create mode 100755 scripts/snmp/if-mib-alias create mode 100755 scripts/snmp/vyatta-snmp-v3.pl create mode 100755 scripts/snmp/vyatta-snmp.pl create mode 100755 scripts/system/vyatta_check_snmp_name.pl (limited to 'scripts') diff --git a/Makefile.am b/Makefile.am index 01ea0ce6..3e70ca59 100644 --- a/Makefile.am +++ b/Makefile.am @@ -43,6 +43,7 @@ sbin_SCRIPTS += scripts/vyatta-grub-setup sbin_SCRIPTS += scripts/standalone_root_pw_reset sbin_SCRIPTS += scripts/vyatta-passwd-sync sbin_SCRIPTS += scripts/system/vyatta_check_username.pl +sbin_SCRIPTS += scripts/system/vyatta_check_snmp_name.pl sbin_SCRIPTS += scripts/system/vyatta_check_domainname.pl sbin_SCRIPTS += scripts/system/vyatta_interface_rescan sbin_SCRIPTS += scripts/system/vyatta_update_login.pl @@ -52,6 +53,8 @@ sbin_SCRIPTS += scripts/system/vyatta_update_sysctl.pl sbin_SCRIPTS += scripts/system/vyatta_update_syslog.pl sbin_SCRIPTS += scripts/system/vyatta_update_console.pl sbin_SCRIPTS += scripts/system/irq-affinity.pl +sbin_SCRIPTS += scripts/snmp/vyatta-snmp.pl +sbin_SCRIPTS += scripts/snmp/vyatta-snmp-v3.pl sbin_SCRIPTS += scripts/snmp/if-mib-alias sbin_SCRIPTS += scripts/telnetd.init sbin_SCRIPTS += scripts/dynamic-dns/vyatta-dynamic-dns.pl diff --git a/scripts/snmp/if-mib-alias b/scripts/snmp/if-mib-alias new file mode 100755 index 00000000..d17644e9 --- /dev/null +++ b/scripts/snmp/if-mib-alias @@ -0,0 +1,129 @@ +#! /usr/bin/perl + +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Stephen Hemminger +# Date: October 2010 +# Description: script is run as net-snmp extension to read interface alias +# +# **** End License **** + +use strict; +use warnings; +use feature "switch"; + +# Collect interface all alias values +sub get_alias { + my @interfaces; + + open (my $ip, '-|', 'ip li') + or die "Can't run ip command\n"; + my $index; + while(<$ip>) { + if (/^(\d+): ([^:]*): /) { + $index = $1; + $interfaces[$index] = $2; + } elsif (/^ +alias (.*)$/) { + $interfaces[$index] = $1; + } + } + close $ip; + return @interfaces; +} + +sub get_oid { + my $oid = shift; + die "Not a valid Object ID: $oid" + unless ($oid =~ /.(\d+)$/); + + my $ifindex = $1; + my @interfaces = get_alias(); + + my $ifalias = $interfaces[$ifindex]; + print "$oid\nstring\n$ifalias\n" if $ifalias; +} + +# OID of ifAlias [RFC2863] +my $BASE = '.1.3.6.1.2.1.31.1.1.1.18'; + +sub get_next { + my $oid = shift; + + return get_next("$BASE.0") + if ($oid eq $BASE); + + die "Not a valid Object ID: $oid" + unless ($oid =~ /^(\S*)\.(\d+)$/); + + my $base = $1; + my $ifindex = $2; + my @interfaces = get_alias(); + + while (++$ifindex <= $#interfaces) { + my $ifalias = $interfaces[$ifindex]; + if ($ifalias) { + print "$base.$ifindex\nstring\n$ifalias\n"; + last; + } + } +} + +sub ifindextoname { + my $ifindex = shift; + + open (my $ip, '-|', 'ip li') + or die "Can't run ip command\n"; + my $index; + while(<$ip>) { + next unless (/^(\d+): ([^:]*): /); + return $2 if ($1 == $ifindex); + } + return; +} + +sub set_oid { + my ($oid, $target, $value) = @_; + die "Not a valid Object ID: $oid" + unless ($oid =~ /\.(\d+)$/); + my $ifindex = $1; + unless ($target eq 'string') { + print "wrong-type\n"; + return; + } + + my $ifname = ifindextoname($ifindex); + if ($ifname) { + system("ip li set $ifname alias '$value' >/dev/null 2>&1"); + print "not-writeable\n" if ($? != 0); + } +} + +sub usage { + warn "Usage: $0 {-g|-n} OID\n"; + warn " $0 -s OID TARGET VALUE\n"; + exit 1; +} + +usage unless $#ARGV >= 1; + +given ($ARGV[0]) { + when ('-g') { get_oid ($ARGV[1]); } + when ('-n') { get_next ($ARGV[1]); } + when ('-s') { set_oid ($ARGV[1], $ARGV[2], $ARGV[3]); } + default { + warn "$ARGV[0] unknown flag\n"; + usage; + } +} diff --git a/scripts/snmp/vyatta-snmp-v3.pl b/scripts/snmp/vyatta-snmp-v3.pl new file mode 100755 index 00000000..a2d738eb --- /dev/null +++ b/scripts/snmp/vyatta-snmp-v3.pl @@ -0,0 +1,676 @@ +#!/usr/bin/perl +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2013 Vyatta, Inc. +# All Rights Reserved. +# +# **** End License **** + +use strict; +use warnings; + +use lib "/opt/vyatta/share/perl5/"; +use Vyatta::Config; +use File::Copy; +use Getopt::Long; +use Socket; +use Socket6; + +my $snmp_v3_level = 'service snmp v3'; +my $snmp_restart = 'systemctl restart snmpd.service'; +my $snmp_stop = 'systemctl stop snmpd.service'; +my $snmp_start = 'systemctl start snmpd.service'; +my $snmp_reload = 'systemctl reload snmpd.service'; +my $snmpd_conf = '/etc/snmp/snmpd.conf'; +my $snmpd_usr_conf = '/usr/share/snmp/snmpd.conf'; +my $snmpd_var_conf = '/var/lib/snmp/snmpd.conf'; +my $snmpd_conf_tmp = "/tmp/snmpd.conf.$$"; +my $snmpd_usr_conf_tmp = "/tmp/snmpd.usr.conf.$$"; +my $snmpd_var_conf_tmp = "/tmp/snmpd.var.conf.$$"; +my $versionfile = '/opt/vyatta/etc/version'; +my $local_agent = 'unix:/run/snmpd.socket'; + +my $oldEngineID = ""; +my $setserialno = ""; + +my %OIDs = ( + "md5", ".1.3.6.1.6.3.10.1.1.2", "sha", ".1.3.6.1.6.3.10.1.1.3", + "aes", ".1.3.6.1.6.3.10.1.2.4", "des", ".1.3.6.1.6.3.10.1.2.2", + "none", ".1.3.6.1.6.3.10.1.2.1" +); + +# generate a random character hex string +sub randhex { + my $length = shift; + return join "", map { unpack "H*", chr( rand(256) ) } 1 .. ( $length / 2 ); +} + +sub snmpd_running { + open( my $pidf, '<', "/run/snmpd.pid" ) + or return; + my $pid = <$pidf>; + close $pidf; + + chomp $pid; + my $exe = readlink "/proc/$pid/exe"; + + return ( defined($exe) && $exe eq "/usr/sbin/snmpd" ); +} + +sub check_snmp_exit_code { + my $code = shift; + + # snmpd can start/restart with exit code 256 if trap-target is unavailable + if ( $code != 0 && $code != 256 ) { + return 1; + } + else { + return 0; + } +} + +sub snmpd_stop { + system("$snmp_stop > /dev/null 2>&1"); + if ( check_snmp_exit_code($?) ) { + print "ERROR: Can not stop snmpd!\n"; + exit(1); + } +} + +sub snmpd_start { + system("$snmp_start > /dev/null 2>&1"); + if ( check_snmp_exit_code($?) ) { + print "ERROR: Can not start snmpd!\n"; + exit(1); + } +} + +sub snmpd_update { + system("$snmp_reload > /dev/null 2>&1"); + if ( check_snmp_exit_code($?) ) { + print "ERROR: Can not reload snmpd!\n"; + exit(1); + } +} + +sub snmpd_restart { + system("$snmp_restart > /dev/null 2>&1"); + if ( check_snmp_exit_code($?) ) { + print "ERROR: Can not restart snmpd!\n"; + exit(1); + } +} + +# get vyatta version +sub get_version { + my $version = "unknown-version"; + + if ( open( my $f, '<', $versionfile ) ) { + while (<$f>) { + chomp; + if (m/^Version\s*:\s*(.*)$/) { + $version = $1; + last; + } + } + close $f; + } + return $version; +} + +sub ipv6_disabled { + socket( my $s, PF_INET6, SOCK_DGRAM, 0 ) + or return 1; + close($s); + return; +} + +# write tsm config from current to snmpd_conf +sub set_tsm { + my $config = get_snmp_config(); + if ( $config->exists("tsm") ) { + my $port = $config->returnValue("tsm port"); + my $local_key = $config->returnValue("tsm local-key"); + system( +"sed -i 's/^agentaddress.*\$/&,tlstcp:$port,dtlsudp:$port/' $snmpd_conf_tmp" + ); + system("echo \"[snmp] localCert $local_key\" >> $snmpd_conf_tmp"); + } +} + +# delete all SNMP config files +# can be called directly +sub snmp_delete { + snmpd_stop(); + + my @files = ( $snmpd_conf, $snmpd_usr_conf, $snmpd_var_conf ); + foreach my $file (@files) { + if ( -e $file ) { + unlink($file); + } + } +} + +sub get_snmp_config { + my $config = new Vyatta::Config; + $config->setLevel($snmp_v3_level); + return $config; +} + +# write views from vyatta config to snmpd_conf +sub set_views { + print "# views \n"; + my $config = get_snmp_config(); + foreach my $view ( $config->listNodes("view") ) { + foreach my $oid ( $config->listNodes("view $view oid") ) { + my $mask = ''; + $mask = $config->returnValue("view $view oid $oid mask") + if $config->exists("view $view oid $oid mask"); + if ( $config->exists("view $view oid $oid exclude") ) { + print "view $view excluded .$oid $mask\n"; + } + else { + print "view $view included .$oid $mask\n"; + } + } + } + print "\n"; +} + +# write groups from vyatta config to snmpd_conf +sub set_groups { + print +"#access\n# context sec.model sec.level match read write notif\n"; + my $config = get_snmp_config(); + foreach my $group ( $config->listNodes("group") ) { + my $mode = $config->returnValue("group $group mode"); + my $view = $config->returnValue("group $group view"); + my $secLevel = $config->returnValue("group $group seclevel"); + if ( $mode eq "ro" ) { + print "access $group \"\" usm $secLevel exact $view none none\n"; + print "access $group \"\" tsm $secLevel exact $view none none\n"; + } + else { + print "access $group \"\" usm $secLevel exact $view $view none\n"; + print "access $group \"\" tsm $secLevel exact $view $view none\n"; + } + } + print "\n"; +} + +# write users from vyatta config to snmpd_conf +sub set_users_in_etc { + + print "#group\n"; + my $tsm_counter = 0; + my $config = get_snmp_config(); + foreach my $user ( $config->listNodes("user") ) { + $config->setLevel( $snmp_v3_level . " user $user" ); + if ( $config->exists("group") ) { + my $group = $config->returnValue("group"); + print "group $group usm $user\n"; + print "group $group tsm $user\n"; + } + if ( $config->exists("tsm-key") ) { + my $cert = $config->returnValue("tsm-key"); + $tsm_counter++; + print "certSecName $tsm_counter $cert --sn $user\n"; + } + } + + print "\n"; +} + +# write users from vyatta config to config files in /usr & /var +sub set_users_to_other { + open( my $usr_conf, '>>', $snmpd_usr_conf_tmp ) + or die "Couldn't open $snmpd_usr_conf_tmp - $!"; + open( my $var_conf, '>>', $snmpd_var_conf_tmp ) + or die "Couldn't open $snmpd_var_conf_tmp - $!"; + + print $var_conf "\n"; + + my $config = get_snmp_config(); + my $needTsm = 0; + if ( $config->exists("tsm") ) { + $needTsm = 1; + } + + my %trap_users = (); + + foreach my $trap ( $config->listNodes("trap-target") ) { + $trap_users{ $config->returnValue("trap-target $trap user") } = 1; + } + + foreach my $user ( $config->listNodes("user") ) { + delete $trap_users{$user}; + $config->setLevel( $snmp_v3_level . " user $user" ); + my $auth_type = $config->returnValue("auth type"); + my $priv_type = $config->returnValue("privacy type"); + if ( $config->exists("auth") ) { + if ( $config->exists("auth plaintext-key") ) { + my $auth_key = $config->returnValue("auth plaintext-key"); + my $priv_key = ''; + $priv_key = $config->returnValue("privacy plaintext-key") + if $config->exists("privacy plaintext-key"); + print $var_conf +"createUser $user \U$auth_type\E $auth_key \U$priv_type\E $priv_key\n"; + } + else { + my $name_print = get_printable_name($user); + my $EngineID = $config->returnValue("engineid"); + if ( $EngineID eq "" ) { + die "ERROR: engineid is null\n"; + } + my $auth_type_oid = $OIDs{$auth_type}; + my $auth_key_hex = $config->returnValue("auth encrypted-key"); + + my ( $priv_type_oid, $priv_key_hex ); + if ( $config->exists("privacy") ) { + $priv_type_oid = $OIDs{$priv_type}; + $priv_key_hex = + $config->returnValue("privacy encrypted-key"); + } + else { + $priv_type_oid = $OIDs{'none'}; + $priv_key_hex = '0x'; + } + print $var_conf +"usmUser 1 3 $EngineID $name_print $name_print NULL $auth_type_oid $auth_key_hex $priv_type_oid $priv_key_hex 0x\n"; + } + } + my $mode = $config->returnValue("mode"); + my $end = "auth"; + if ( $config->exists("privacy") ) { + $end = "priv"; + } + print $usr_conf $mode . "user $user $end\n"; + if ($needTsm) { + print $usr_conf $mode . "user -s tsm $user $end\n"; + } + } + +# add users for trap if they are not exists in vyatta config /services/snmp/v3/user + foreach my $user ( keys %trap_users ) { + my $name_print = get_printable_name($user); + print $var_conf "usmUser 1 3 0x" + . randhex(26) + . " $name_print $name_print NULL .1.3.6.1.6.3.10.1.1.2 0x" + . randhex(32) + . " .1.3.6.1.6.3.10.1.2.1 0x 0x\n"; + print $usr_conf "rouser $user auth\n"; + } + + print $var_conf "setserialno $setserialno\n" + if !($setserialno eq ""); + print $var_conf "oldEngineID $oldEngineID\n" + if !($oldEngineID eq ""); + + close $usr_conf; + close $var_conf; +} + +# if name contains '-' then it must be printed in hex format +sub get_printable_name { + my $name = shift; + if ( $name =~ /-/ ) { + my @array = unpack( 'C*', $name ); + my $stringHex = '0x'; + foreach my $c (@array) { + $stringHex .= sprintf( "%lx", $c ); + } + return $stringHex; + } + else { + return "\"$name\""; + } +} + + +# read encrypted keys from config file in /var to vyatta config +# read additional info from config file in /var to VConfig variable +# delete plaintext passwords in vyatta config +sub update_users_vyatta_conf { + open( my $var_conf, '<', $snmpd_var_conf ) + or die "Couldn't open $snmpd_usr_conf - $!"; + my $config = get_snmp_config(); + while ( my $line = <$var_conf> ) { + if ( $line =~ /^oldEngineID (.*)$/ ) { + my $value = $1; + if ($config->exists("engineid") && + $config->returnValue("engineid") eq ""){ + system( +"/opt/vyatta/sbin/my_set service snmp v3 engineid $value > /dev/null" + ); + } + } + if ( $line =~ /^usmUser / ) { + my @values = split( / /, $line ); + my $name = $values[4]; + if ( $name =~ /^"(.*)"$/ ) { + $name = $1; + } + else { + $name = pack( 'H*', $name ); + } + + # this file contain users for trap-target and vyatta... user + # these users recreating automatically on each commit + if ( $config->exists("user $name") ) { + system( +"/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" engineid $values[3] > /dev/null" + ); + system( +"/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" auth encrypted-key $values[8] > /dev/null" + ); + if ( $values[10] ne "\"\"" && $values[10] ne "0x" ) { + system( +"/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" privacy encrypted-key $values[10] > /dev/null" + ); + system( +"/opt/vyatta/sbin/my_delete service snmp v3 user \"$name\" privacy plaintext-key > /dev/null" + ); + } + system( +"/opt/vyatta/sbin/my_delete service snmp v3 user \"$name\" auth plaintext-key > /dev/null" + ); + } + } + } + close $var_conf; +} + +# write trap-target hosts from vyatta config to snmpd_conf +sub set_hosts { + print "#trap-target\n"; + my $config = get_snmp_config(); + foreach my $target ( $config->listNodes("trap-target") ) { + $config->setLevel( $snmp_v3_level . " trap-target $target" ); + my $auth_key = ''; + if ( $config->exists("auth plaintext-key") ) { + $auth_key = "-A " . $config->returnValue("auth plaintext-key"); + } + else { + $auth_key = "-3m " . $config->returnValue("auth encrypted-key"); + } + my $auth_type = $config->returnValue("auth type"); + my $user = $config->returnValue("user"); + my $port = $config->returnValue("port"); + my $protocol = $config->returnValue("protocol"); + my $type = $config->returnValue("type"); + my $inform_flag = '-Ci'; + $inform_flag = '-Ci' if ( $type eq 'inform' ); + + if ( $type eq 'trap' ) { + $inform_flag = '-e ' . $config->returnValue("engineid"); + } + my $privacy = ''; + my $secLevel = 'authNoPriv'; + if ( $config->exists("privacy") ) { + my $priv_key = ''; + if ( $config->exists("privacy plaintext-key") ) { + $priv_key = + "-X " . $config->returnValue("privacy plaintext-key"); + } + else { + $priv_key = + "-3M " . $config->returnValue("privacy encrypted-key"); + } + my $priv_type = $config->returnValue("privacy type"); + $privacy = "-x $priv_type $priv_key"; + $secLevel = 'authPriv'; + } + + # TODO understand difference between master and local + # Uses: + # set -3m / -3M for auth / priv for master + # or -3k / -3K for local + # Current use only master + my $target_print = $target; + if ( $target =~ /:/ ) { + $target_print = "[$target]"; + $protocol = $protocol . "6"; + } + print +"trapsess -v 3 $inform_flag -u $user -l $secLevel -a $auth_type $auth_key $privacy $protocol:$target_print:$port\n"; + } + print "\n"; +} + +# check changes in auth and privacy nodes +# deny set encrypted-key in case engineid wasn't set +sub check_user_auth_changes { + my $config = get_snmp_config(); + my $v3engineid = ""; + + if($config->exists("engineid")){ + $v3engineid=$config->returnValue("engineid"); + } + + if ( $config->isChanged("user") || $config->isChanged("engineid")) { + my $haveError = 0; + foreach my $user ( $config->listNodes("user") ) { + $config->setLevel( $snmp_v3_level . " user $user" ); + if ( $config->exists("engineid") && + !($v3engineid eq "" ) && + !($config->returnValue("engineid") eq "" ) && + !($config->returnValue("engineid") eq $v3engineid)){ + print +"Warning: Encrypted key(s) for snmp v3 user \"$user\" was(were) generated for another SNMP engineid. It won't work. Please recreate this user.\n"; + } + if ( $config->exists("auth") ) { + if ( + !( + $config->exists("engineid") && + ( + $config->exists("auth encrypted-key") || + $config->exists("privacy encrypted-key") + ) + ) + ) + { + $haveError = 1; + print +"Discard encrypted-key on user \"$user\". It's necessary to setup engineid the encrypted-key was generated with.\n"; + } + my $isAuthKeyChanged = $config->isChanged("auth plaintext-key"); + my $isAuthEKeyChanged = $config->isChanged("auth encrypted-key"); + if ( $config->exists("privacy") ) { + my $isPrivKeyChanged = + $config->isChanged("privacy plaintext-key"); + my $isPrivEKeyChanged = + $config->isChanged("privacy encrypted-key"); + if ( ($isPrivEKeyChanged && !$isAuthEKeyChanged) + || ($isPrivKeyChanged && !$isAuthKeyChanged) ) { + $haveError = 1; + print + "Please, set correct auth and privacy for user \"$user\"\n"; + print + "Set plaintext-key for auth and privacy or set encrypted-key for both\n"; + } + } + } + else { + if ( $config->exists("privacy") ) { + $haveError = 1; + print "Please, delete privacy for user \"$user\"\n"; + } + } + } + if ($haveError) { + exit(1); + } + } +} + +# check relation between user & group & view +sub check_relation { + my $config = get_snmp_config(); + my $haveError = 0; + foreach my $user ( $config->listNodes("user") ) { + if ( $config->exists("user $user group") ) { + my $group = $config->returnValue("user $user group"); + if ( !$config->exists("group $group") ) { + $haveError = 1; + print +"Please, create group \"$group\". It's need for user \"$user\"\n"; + } + } + } + foreach my $group ( $config->listNodes("group") ) { + my $view = $config->returnValue("group $group view"); + if ( !$config->exists("view $view") ) { + $haveError = 1; + print + "Please, create view \"$view\". It's need for group \"$group\"\n"; + } + } + if ($haveError) { + exit(1); + } +} + +# check is new tsm port free on system +sub check_tsm_port { + my $config = get_snmp_config(); + if ( $config->isChanged("tsm port") ) { + my $port = $config->returnValue("tsm port"); + my $reg = ":$port\$"; + my $output = `netstat -anltup | awk '{print \$4}'`; + foreach my $line ( split( /\n/, $output ) ) { + if ( $line =~ /$reg/ ) { + print + "Actually port $port is using. It can not be used for tsm.\n"; + exit(1); + } + } + } +} + +# check group seclevel and user auth/privacy +sub check_seclevel { + my $config = get_snmp_config(); + my $haveError = 0; + if ( $config->isChanged("user") || $config->isChanged("group") ) { + foreach my $user ( $config->listNodes("user") ) { + if ( $config->exists("user $user group") ) { + my $group = $config->returnValue("user $user group"); + if ( $config->isChanged("user $user") + || $config->isChanged("group $group") ) + { + my $group_seclevel = + $config->returnValue("group $group seclevel"); + if ( $config->exists("user $user privacy") ) { + if ( $group_seclevel eq "auth" ) { + print +"User \"$user\" have privacy, but group \"$group\" have \"auth\" as seclevel. So auth and priv work both.\n"; + } + } + else { + if ( $group_seclevel eq "priv" ) { + print +"User \"$user\" will not work, because he haven't privacy, but group \"$group\" have \"priv\" as seclevel.\n"; + $haveError = 1; + } + } + } + } + } + } + if ($haveError) { + exit(1); + } +} + +sub copy_conf_to_tmp { + + # these files already contain SNMPv2 configuration + copy( $snmpd_conf, $snmpd_conf_tmp ) + or die "Couldn't copy $snmpd_conf to $snmpd_conf_tmp - $!"; + copy( $snmpd_usr_conf, $snmpd_usr_conf_tmp ) + or die "Couldn't copy $snmpd_usr_conf to $snmpd_usr_conf_tmp - $!"; + copy( $snmpd_var_conf, $snmpd_var_conf_tmp ) + or die "Couldn't copy $snmpd_var_conf to $snmpd_var_conf_tmp - $!"; +} + +# update all vyatta config +# can be called directly +sub snmp_update { + + copy_conf_to_tmp(); + + set_tsm(); + + open( my $fh, '>>', $snmpd_conf_tmp ) + or die "Couldn't open $snmpd_conf_tmp - $!"; + + select $fh; + + set_views(); + set_groups(); + set_hosts(); + set_users_in_etc(); + + close $fh; + select STDOUT; + + move( $snmpd_conf_tmp, $snmpd_conf ) + or die "Couldn't move $snmpd_conf_tmp to $snmpd_conf - $!"; + + my $config = get_snmp_config(); + if ($config->exists("engineid")) { + $oldEngineID = $config->returnValue("engineid"); + } + + snmpd_stop(); + + #add newly added users to var config to get encrypted values + set_users_to_other(); + + move( $snmpd_usr_conf_tmp, $snmpd_usr_conf ) + or die "Couldn't move $snmpd_usr_conf_tmp to $snmpd_usr_conf - $!"; + move( $snmpd_var_conf_tmp, $snmpd_var_conf ) + or die "Couldn't move $snmpd_var_conf_tmp to $snmpd_var_conf - $!"; + + snmpd_start(); + snmpd_stop(); + + # now we have encrypted user config - start and read it after + snmpd_start(); + update_users_vyatta_conf(); +} + +# validate vyatta config before write it into files +# can be called directly +sub snmp_check { + check_user_auth_changes(); + check_relation(); + check_tsm_port(); + check_seclevel(); +} + +my $check_config; +my $update_snmp; +my $delete_snmp; + +GetOptions( + "check-config!" => \$check_config, + "update-snmp!" => \$update_snmp, + "delete-snmp!" => \$delete_snmp, + "oldEngineID=s" => \$oldEngineID, + "setserialno=s" => \$setserialno +); + +snmp_check() if ($check_config); +snmp_update() if ($update_snmp); +snmp_delete() if ($delete_snmp); diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl new file mode 100755 index 00000000..5c4ff1d0 --- /dev/null +++ b/scripts/snmp/vyatta-snmp.pl @@ -0,0 +1,333 @@ +#!/usr/bin/perl +# +# Module: vyatta-snmp.pl +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Stig Thormodsrud +# Date: October 2007 +# Description: Script to glue vyatta cli to snmp daemon +# +# **** End License **** +# + +use strict; +use warnings; + +use lib "/opt/vyatta/share/perl5/"; +use Vyatta::Config; +use Vyatta::Misc; +use NetAddr::IP; +use Getopt::Long; +use File::Copy; +use Socket; +use Socket6; + +my $mibdir = '/opt/vyatta/share/snmp/mibs'; +my $snmp_start = 'systemctl start snmpd.service'; +my $snmp_stop = 'systemctl stop snmpd.service'; +my $snmp_conf = '/etc/snmp/snmpd.conf'; +my $snmp_client = '/etc/snmp/snmp.conf'; +my $snmp_tmp = "/tmp/snmpd.conf.$$"; +my $snmp_snmpv3_user_conf = '/usr/share/snmp/snmpd.conf'; +my $snmp_snmpv3_createuser_conf = '/var/lib/snmp/snmpd.conf'; +my $versionfile = '/opt/vyatta/etc/version'; +my $local_agent = 'unix:/run/snmpd.socket'; +my $password_file = '/config/snmp/superuser_pass'; + +my $snmp_level = 'service snmp'; + +sub snmp_running { + open (my $pidf, '<', "/run/snmpd.pid") + or return; + my $pid = <$pidf>; + close $pidf; + + chomp $pid; + my $exe = readlink "/proc/$pid/exe"; + + return (defined($exe) && $exe eq "/usr/sbin/snmpd"); +} + +sub snmp_stop { + system("$snmp_stop > /dev/null 2>&1"); +} + +sub snmp_start { + # we must stop snmpd first for creating vyatta user + system("$snmp_stop > /dev/null 2>&1"); + open (my $fh, '>', $snmp_tmp) + or die "Couldn't open $snmp_tmp - $!"; + + select $fh; + snmp_get_constants(); + snmp_get_values(); + snmp_get_traps(); + close $fh; + select STDOUT; + + snmp_client_config(); + + move($snmp_tmp, $snmp_conf) + or die "Couldn't move $snmp_tmp to $snmp_conf - $!"; +} + +sub get_version { + my $version = "unknown-version"; + + if (open (my $f, '<', $versionfile)) { + while (<$f>) { + chomp; + if (m/^Version\s*:\s*(.*)$/) { + $version = $1; + last; + } + } + close $f; + } + return $version; +} + +# convert address to snmpd transport syntax +sub transport_syntax { + my ($addr, $port) = @_; + my $ip = new NetAddr::IP $addr; + die "$addr: not a valid IP address" unless $ip; + + my $version = $ip->version(); + return "udp:$addr:$port" if ($version == 4); + return "udp6:[$addr]:$port" if ($version == 6); + die "$addr: unknown IP version $version"; +} + +# Test if IPv6 is possible by opening a socket +sub ipv6_disabled { + socket ( my $s, PF_INET6, SOCK_DGRAM, 0) + or return 1; + close($s); + return; +} + +# Find SNMP agent listening addresses +sub get_listen_address { + my $config = new Vyatta::Config; + my @listen; + + $config->setLevel('service snmp listen-address'); + my @address = $config->listNodes(); + + if(@address) { + foreach my $addr (@address) { + my $port = $config->returnValue("$addr port"); + push @listen, transport_syntax($addr, $port); + } + } else { + # default if no address specified + @listen = ( 'udp:161' ); + push @listen, 'udp6:161' unless ipv6_disabled(); + return @listen; + } + + return @listen; +} + +sub snmp_get_constants { + my $version = get_version(); + my $now = localtime; + my @addr = get_listen_address(); + + # add local unix domain target for use by operational commands + unshift @addr, $local_agent; + + print "# autogenerated by vyatta-snmp.pl on $now\n"; + print "sysDescr VyOS $version\n"; + print "sysObjectID 1.3.6.1.4.1.44641\n"; + print "sysServices 14\n"; + print "master agentx\n"; # maybe needed by lldpd + print "agentaddress ", join(',',@addr), "\n"; + print "agentXPerms 0755 0755\n"; + + # add hook to read IF-MIB::ifAlias from sysfs + print "pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias\n"; + + print "smuxpeer .1.3.6.1.4.1.3317.1.2.2\n"; # ospfd + print "smuxpeer .1.3.6.1.4.1.3317.1.2.5\n"; # bgpd + print "smuxpeer .1.3.6.1.4.1.3317.1.2.3\n"; # ripd + print "smuxpeer .1.3.6.1.4.1.3317.1.2.9\n"; # mribd + print "smuxpeer .1.3.6.1.2.1.83\n"; # mribd + print "smuxpeer .1.3.6.1.4.1.3317.1.2.8\n"; # pimd + print "smuxpeer .1.3.6.1.2.1.157\n"; # pimd + print "smuxsocket localhost\n"; +} + +# generate a random character hex string +sub randhex { + my $length = shift; + return join "", map { unpack "H*", chr(rand(256)) } 1..($length/2); +} + +# output snmpd.conf file syntax for community +sub print_community { + my ($config, $community) = @_; + my $ro = $config->returnValue('authorization'); + $ro = 'ro' unless $ro; + + my @clients = $config->returnValues('client'); + my @networks = $config->returnValues('network'); + + my @restriction = (@clients, @networks); + if (!@restriction) { + print $ro . "community $community\n"; + print $ro . "community6 $community\n" unless ipv6_disabled(); + return; + } + + foreach my $addr (@restriction) { + my $ip = new NetAddr::IP $addr; + die "$addr: Not a valid IP address" unless $ip; + + if ($ip->version() == 4) { + print $ro . "community $community $addr\n"; + } elsif ($ip->version() == 6) { + print $ro . "community6 $community $addr\n"; + } else { + die "$addr: bad IP version ", $ip->version(); + } + } +} + +sub snmp_get_values { + my $config = new Vyatta::Config; + + my @communities = $config->listNodes("service snmp community"); + foreach my $community (@communities) { + $config->setLevel("service snmp community $community"); + print_community($config, $community); + } + + $config->setLevel("service snmp smux-peer"); + my @smuxpeers = $config->returnValues(); + foreach my $smuxpeer (@smuxpeers) { + print "smuxpeer $smuxpeer \n"; + } + + $config->setLevel($snmp_level); + my $contact = $config->returnValue("contact"); + if (defined $contact) { + print "SysContact $contact \n"; + } + + my $description = $config->returnValue("description"); + if (defined $description) { + print "SysDescr $description \n"; + } + + my $location = $config->returnValue("location"); + if (defined $location) { + print "SysLocation $location \n"; + } +} + +sub snmp_get_traps { + my $config = new Vyatta::Config; + $config->setLevel($snmp_level); + + # linkUp/Down configure the Event MIB tables to monitor + # the ifTable for network interfaces being taken up or down + # for making internal queries to retrieve any necessary information + + # create an internal snmpv3 user of the form 'vyattaxxxxxxxxxxxxxxxx' + my $vyatta_user = "vyatta" . randhex(16); + snmp_create_snmpv3_user($vyatta_user); + snmp_write_snmpv3_user($vyatta_user); + print "iquerySecName $vyatta_user\n"; + + # Modified from the default linkUpDownNotification + # to include more OIDs and poll more frequently + print <listNodes("trap-target"); + return unless @trap_targets; + + foreach my $trap_target (@trap_targets) { + my $port = $config->returnValue("trap-target $trap_target port"); + my $community + = $config->returnValue("trap-target $trap_target community"); + + print "trap2sink $trap_target"; + print ":$port" if $port; + print " $community" if $community; + print "\n"; + } +} + +# Configure SNMP client parameters +sub snmp_client_config { + my $config = new Vyatta::Config; + $config->setLevel($snmp_level); + + open (my $cf, '>', $snmp_client) + or die "Couldn't open $snmp_client - $!"; + + my $version = get_version(); + my $now = localtime; + print {$cf} "# autogenerated by vyatta-snmp.pl on $now\n"; + + my $trap_source = $config->returnValue('trap-source'); + print {$cf} "clientaddr $trap_source\n" if ($trap_source); + close $cf; +} + +sub snmp_create_snmpv3_user { + + my $vyatta_user = shift; + my $passphrase = randhex(32); + + my $createuser = "createUser $vyatta_user MD5 \"$passphrase\" DES"; + open(my $fh, '>', $snmp_snmpv3_createuser_conf) || die "Couldn't open $snmp_snmpv3_createuser_conf - $!"; + print $fh $createuser; + close $fh; + + open(my $pass_file, '>', $password_file) || die "Couldn't open $password_file - $!"; + print $pass_file $passphrase; + close $pass_file; +} + +sub snmp_write_snmpv3_user { + + my $vyatta_user = shift; + my $user = "rwuser $vyatta_user\n"; + open(my $fh, '>', $snmp_snmpv3_user_conf) || die "Couldn't open $snmp_snmpv3_user_conf - $!"; + print $fh $user; + close $fh; +} + + +# +# main +# +my $update_snmp; +my $stop_snmp; + +GetOptions("update-snmp!" => \$update_snmp, + "stop-snmp!" => \$stop_snmp); + +snmp_start() if ($update_snmp); +snmp_stop() if ($stop_snmp); diff --git a/scripts/system/vyatta_check_snmp_name.pl b/scripts/system/vyatta_check_snmp_name.pl new file mode 100755 index 00000000..599fe398 --- /dev/null +++ b/scripts/system/vyatta_check_snmp_name.pl @@ -0,0 +1,31 @@ +#!/usr/bin/perl + +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc. +# All Rights Reserved. +# +# **** End License **** + +use strict; +use warnings; + +foreach my $name (@ARGV) { + die "$name : illegal characters in name\n" + if (!($name =~ /^[a-zA-Z0-9]*$/)); + + # Usernames may only be up to 32 characters long. + die "$name: name may only be up to 32 characters long\n" + if (length($name) > 32); +} + +exit 0; -- cgit v1.2.3 From 838eff5caa58330b4c922f786fe3d5ef4867fd6f Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 8 Jun 2018 11:18:50 +0200 Subject: T652: remove PERL scripts required for SNMP service --- Makefile.am | 3 - scripts/snmp/vyatta-snmp-v3.pl | 676 ------------------------------- scripts/snmp/vyatta-snmp.pl | 333 --------------- scripts/system/vyatta_check_snmp_name.pl | 31 -- 4 files changed, 1043 deletions(-) delete mode 100755 scripts/snmp/vyatta-snmp-v3.pl delete mode 100755 scripts/snmp/vyatta-snmp.pl delete mode 100755 scripts/system/vyatta_check_snmp_name.pl (limited to 'scripts') diff --git a/Makefile.am b/Makefile.am index 3e70ca59..01ea0ce6 100644 --- a/Makefile.am +++ b/Makefile.am @@ -43,7 +43,6 @@ sbin_SCRIPTS += scripts/vyatta-grub-setup sbin_SCRIPTS += scripts/standalone_root_pw_reset sbin_SCRIPTS += scripts/vyatta-passwd-sync sbin_SCRIPTS += scripts/system/vyatta_check_username.pl -sbin_SCRIPTS += scripts/system/vyatta_check_snmp_name.pl sbin_SCRIPTS += scripts/system/vyatta_check_domainname.pl sbin_SCRIPTS += scripts/system/vyatta_interface_rescan sbin_SCRIPTS += scripts/system/vyatta_update_login.pl @@ -53,8 +52,6 @@ sbin_SCRIPTS += scripts/system/vyatta_update_sysctl.pl sbin_SCRIPTS += scripts/system/vyatta_update_syslog.pl sbin_SCRIPTS += scripts/system/vyatta_update_console.pl sbin_SCRIPTS += scripts/system/irq-affinity.pl -sbin_SCRIPTS += scripts/snmp/vyatta-snmp.pl -sbin_SCRIPTS += scripts/snmp/vyatta-snmp-v3.pl sbin_SCRIPTS += scripts/snmp/if-mib-alias sbin_SCRIPTS += scripts/telnetd.init sbin_SCRIPTS += scripts/dynamic-dns/vyatta-dynamic-dns.pl diff --git a/scripts/snmp/vyatta-snmp-v3.pl b/scripts/snmp/vyatta-snmp-v3.pl deleted file mode 100755 index a2d738eb..00000000 --- a/scripts/snmp/vyatta-snmp-v3.pl +++ /dev/null @@ -1,676 +0,0 @@ -#!/usr/bin/perl -# -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2013 Vyatta, Inc. -# All Rights Reserved. -# -# **** End License **** - -use strict; -use warnings; - -use lib "/opt/vyatta/share/perl5/"; -use Vyatta::Config; -use File::Copy; -use Getopt::Long; -use Socket; -use Socket6; - -my $snmp_v3_level = 'service snmp v3'; -my $snmp_restart = 'systemctl restart snmpd.service'; -my $snmp_stop = 'systemctl stop snmpd.service'; -my $snmp_start = 'systemctl start snmpd.service'; -my $snmp_reload = 'systemctl reload snmpd.service'; -my $snmpd_conf = '/etc/snmp/snmpd.conf'; -my $snmpd_usr_conf = '/usr/share/snmp/snmpd.conf'; -my $snmpd_var_conf = '/var/lib/snmp/snmpd.conf'; -my $snmpd_conf_tmp = "/tmp/snmpd.conf.$$"; -my $snmpd_usr_conf_tmp = "/tmp/snmpd.usr.conf.$$"; -my $snmpd_var_conf_tmp = "/tmp/snmpd.var.conf.$$"; -my $versionfile = '/opt/vyatta/etc/version'; -my $local_agent = 'unix:/run/snmpd.socket'; - -my $oldEngineID = ""; -my $setserialno = ""; - -my %OIDs = ( - "md5", ".1.3.6.1.6.3.10.1.1.2", "sha", ".1.3.6.1.6.3.10.1.1.3", - "aes", ".1.3.6.1.6.3.10.1.2.4", "des", ".1.3.6.1.6.3.10.1.2.2", - "none", ".1.3.6.1.6.3.10.1.2.1" -); - -# generate a random character hex string -sub randhex { - my $length = shift; - return join "", map { unpack "H*", chr( rand(256) ) } 1 .. ( $length / 2 ); -} - -sub snmpd_running { - open( my $pidf, '<', "/run/snmpd.pid" ) - or return; - my $pid = <$pidf>; - close $pidf; - - chomp $pid; - my $exe = readlink "/proc/$pid/exe"; - - return ( defined($exe) && $exe eq "/usr/sbin/snmpd" ); -} - -sub check_snmp_exit_code { - my $code = shift; - - # snmpd can start/restart with exit code 256 if trap-target is unavailable - if ( $code != 0 && $code != 256 ) { - return 1; - } - else { - return 0; - } -} - -sub snmpd_stop { - system("$snmp_stop > /dev/null 2>&1"); - if ( check_snmp_exit_code($?) ) { - print "ERROR: Can not stop snmpd!\n"; - exit(1); - } -} - -sub snmpd_start { - system("$snmp_start > /dev/null 2>&1"); - if ( check_snmp_exit_code($?) ) { - print "ERROR: Can not start snmpd!\n"; - exit(1); - } -} - -sub snmpd_update { - system("$snmp_reload > /dev/null 2>&1"); - if ( check_snmp_exit_code($?) ) { - print "ERROR: Can not reload snmpd!\n"; - exit(1); - } -} - -sub snmpd_restart { - system("$snmp_restart > /dev/null 2>&1"); - if ( check_snmp_exit_code($?) ) { - print "ERROR: Can not restart snmpd!\n"; - exit(1); - } -} - -# get vyatta version -sub get_version { - my $version = "unknown-version"; - - if ( open( my $f, '<', $versionfile ) ) { - while (<$f>) { - chomp; - if (m/^Version\s*:\s*(.*)$/) { - $version = $1; - last; - } - } - close $f; - } - return $version; -} - -sub ipv6_disabled { - socket( my $s, PF_INET6, SOCK_DGRAM, 0 ) - or return 1; - close($s); - return; -} - -# write tsm config from current to snmpd_conf -sub set_tsm { - my $config = get_snmp_config(); - if ( $config->exists("tsm") ) { - my $port = $config->returnValue("tsm port"); - my $local_key = $config->returnValue("tsm local-key"); - system( -"sed -i 's/^agentaddress.*\$/&,tlstcp:$port,dtlsudp:$port/' $snmpd_conf_tmp" - ); - system("echo \"[snmp] localCert $local_key\" >> $snmpd_conf_tmp"); - } -} - -# delete all SNMP config files -# can be called directly -sub snmp_delete { - snmpd_stop(); - - my @files = ( $snmpd_conf, $snmpd_usr_conf, $snmpd_var_conf ); - foreach my $file (@files) { - if ( -e $file ) { - unlink($file); - } - } -} - -sub get_snmp_config { - my $config = new Vyatta::Config; - $config->setLevel($snmp_v3_level); - return $config; -} - -# write views from vyatta config to snmpd_conf -sub set_views { - print "# views \n"; - my $config = get_snmp_config(); - foreach my $view ( $config->listNodes("view") ) { - foreach my $oid ( $config->listNodes("view $view oid") ) { - my $mask = ''; - $mask = $config->returnValue("view $view oid $oid mask") - if $config->exists("view $view oid $oid mask"); - if ( $config->exists("view $view oid $oid exclude") ) { - print "view $view excluded .$oid $mask\n"; - } - else { - print "view $view included .$oid $mask\n"; - } - } - } - print "\n"; -} - -# write groups from vyatta config to snmpd_conf -sub set_groups { - print -"#access\n# context sec.model sec.level match read write notif\n"; - my $config = get_snmp_config(); - foreach my $group ( $config->listNodes("group") ) { - my $mode = $config->returnValue("group $group mode"); - my $view = $config->returnValue("group $group view"); - my $secLevel = $config->returnValue("group $group seclevel"); - if ( $mode eq "ro" ) { - print "access $group \"\" usm $secLevel exact $view none none\n"; - print "access $group \"\" tsm $secLevel exact $view none none\n"; - } - else { - print "access $group \"\" usm $secLevel exact $view $view none\n"; - print "access $group \"\" tsm $secLevel exact $view $view none\n"; - } - } - print "\n"; -} - -# write users from vyatta config to snmpd_conf -sub set_users_in_etc { - - print "#group\n"; - my $tsm_counter = 0; - my $config = get_snmp_config(); - foreach my $user ( $config->listNodes("user") ) { - $config->setLevel( $snmp_v3_level . " user $user" ); - if ( $config->exists("group") ) { - my $group = $config->returnValue("group"); - print "group $group usm $user\n"; - print "group $group tsm $user\n"; - } - if ( $config->exists("tsm-key") ) { - my $cert = $config->returnValue("tsm-key"); - $tsm_counter++; - print "certSecName $tsm_counter $cert --sn $user\n"; - } - } - - print "\n"; -} - -# write users from vyatta config to config files in /usr & /var -sub set_users_to_other { - open( my $usr_conf, '>>', $snmpd_usr_conf_tmp ) - or die "Couldn't open $snmpd_usr_conf_tmp - $!"; - open( my $var_conf, '>>', $snmpd_var_conf_tmp ) - or die "Couldn't open $snmpd_var_conf_tmp - $!"; - - print $var_conf "\n"; - - my $config = get_snmp_config(); - my $needTsm = 0; - if ( $config->exists("tsm") ) { - $needTsm = 1; - } - - my %trap_users = (); - - foreach my $trap ( $config->listNodes("trap-target") ) { - $trap_users{ $config->returnValue("trap-target $trap user") } = 1; - } - - foreach my $user ( $config->listNodes("user") ) { - delete $trap_users{$user}; - $config->setLevel( $snmp_v3_level . " user $user" ); - my $auth_type = $config->returnValue("auth type"); - my $priv_type = $config->returnValue("privacy type"); - if ( $config->exists("auth") ) { - if ( $config->exists("auth plaintext-key") ) { - my $auth_key = $config->returnValue("auth plaintext-key"); - my $priv_key = ''; - $priv_key = $config->returnValue("privacy plaintext-key") - if $config->exists("privacy plaintext-key"); - print $var_conf -"createUser $user \U$auth_type\E $auth_key \U$priv_type\E $priv_key\n"; - } - else { - my $name_print = get_printable_name($user); - my $EngineID = $config->returnValue("engineid"); - if ( $EngineID eq "" ) { - die "ERROR: engineid is null\n"; - } - my $auth_type_oid = $OIDs{$auth_type}; - my $auth_key_hex = $config->returnValue("auth encrypted-key"); - - my ( $priv_type_oid, $priv_key_hex ); - if ( $config->exists("privacy") ) { - $priv_type_oid = $OIDs{$priv_type}; - $priv_key_hex = - $config->returnValue("privacy encrypted-key"); - } - else { - $priv_type_oid = $OIDs{'none'}; - $priv_key_hex = '0x'; - } - print $var_conf -"usmUser 1 3 $EngineID $name_print $name_print NULL $auth_type_oid $auth_key_hex $priv_type_oid $priv_key_hex 0x\n"; - } - } - my $mode = $config->returnValue("mode"); - my $end = "auth"; - if ( $config->exists("privacy") ) { - $end = "priv"; - } - print $usr_conf $mode . "user $user $end\n"; - if ($needTsm) { - print $usr_conf $mode . "user -s tsm $user $end\n"; - } - } - -# add users for trap if they are not exists in vyatta config /services/snmp/v3/user - foreach my $user ( keys %trap_users ) { - my $name_print = get_printable_name($user); - print $var_conf "usmUser 1 3 0x" - . randhex(26) - . " $name_print $name_print NULL .1.3.6.1.6.3.10.1.1.2 0x" - . randhex(32) - . " .1.3.6.1.6.3.10.1.2.1 0x 0x\n"; - print $usr_conf "rouser $user auth\n"; - } - - print $var_conf "setserialno $setserialno\n" - if !($setserialno eq ""); - print $var_conf "oldEngineID $oldEngineID\n" - if !($oldEngineID eq ""); - - close $usr_conf; - close $var_conf; -} - -# if name contains '-' then it must be printed in hex format -sub get_printable_name { - my $name = shift; - if ( $name =~ /-/ ) { - my @array = unpack( 'C*', $name ); - my $stringHex = '0x'; - foreach my $c (@array) { - $stringHex .= sprintf( "%lx", $c ); - } - return $stringHex; - } - else { - return "\"$name\""; - } -} - - -# read encrypted keys from config file in /var to vyatta config -# read additional info from config file in /var to VConfig variable -# delete plaintext passwords in vyatta config -sub update_users_vyatta_conf { - open( my $var_conf, '<', $snmpd_var_conf ) - or die "Couldn't open $snmpd_usr_conf - $!"; - my $config = get_snmp_config(); - while ( my $line = <$var_conf> ) { - if ( $line =~ /^oldEngineID (.*)$/ ) { - my $value = $1; - if ($config->exists("engineid") && - $config->returnValue("engineid") eq ""){ - system( -"/opt/vyatta/sbin/my_set service snmp v3 engineid $value > /dev/null" - ); - } - } - if ( $line =~ /^usmUser / ) { - my @values = split( / /, $line ); - my $name = $values[4]; - if ( $name =~ /^"(.*)"$/ ) { - $name = $1; - } - else { - $name = pack( 'H*', $name ); - } - - # this file contain users for trap-target and vyatta... user - # these users recreating automatically on each commit - if ( $config->exists("user $name") ) { - system( -"/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" engineid $values[3] > /dev/null" - ); - system( -"/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" auth encrypted-key $values[8] > /dev/null" - ); - if ( $values[10] ne "\"\"" && $values[10] ne "0x" ) { - system( -"/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" privacy encrypted-key $values[10] > /dev/null" - ); - system( -"/opt/vyatta/sbin/my_delete service snmp v3 user \"$name\" privacy plaintext-key > /dev/null" - ); - } - system( -"/opt/vyatta/sbin/my_delete service snmp v3 user \"$name\" auth plaintext-key > /dev/null" - ); - } - } - } - close $var_conf; -} - -# write trap-target hosts from vyatta config to snmpd_conf -sub set_hosts { - print "#trap-target\n"; - my $config = get_snmp_config(); - foreach my $target ( $config->listNodes("trap-target") ) { - $config->setLevel( $snmp_v3_level . " trap-target $target" ); - my $auth_key = ''; - if ( $config->exists("auth plaintext-key") ) { - $auth_key = "-A " . $config->returnValue("auth plaintext-key"); - } - else { - $auth_key = "-3m " . $config->returnValue("auth encrypted-key"); - } - my $auth_type = $config->returnValue("auth type"); - my $user = $config->returnValue("user"); - my $port = $config->returnValue("port"); - my $protocol = $config->returnValue("protocol"); - my $type = $config->returnValue("type"); - my $inform_flag = '-Ci'; - $inform_flag = '-Ci' if ( $type eq 'inform' ); - - if ( $type eq 'trap' ) { - $inform_flag = '-e ' . $config->returnValue("engineid"); - } - my $privacy = ''; - my $secLevel = 'authNoPriv'; - if ( $config->exists("privacy") ) { - my $priv_key = ''; - if ( $config->exists("privacy plaintext-key") ) { - $priv_key = - "-X " . $config->returnValue("privacy plaintext-key"); - } - else { - $priv_key = - "-3M " . $config->returnValue("privacy encrypted-key"); - } - my $priv_type = $config->returnValue("privacy type"); - $privacy = "-x $priv_type $priv_key"; - $secLevel = 'authPriv'; - } - - # TODO understand difference between master and local - # Uses: - # set -3m / -3M for auth / priv for master - # or -3k / -3K for local - # Current use only master - my $target_print = $target; - if ( $target =~ /:/ ) { - $target_print = "[$target]"; - $protocol = $protocol . "6"; - } - print -"trapsess -v 3 $inform_flag -u $user -l $secLevel -a $auth_type $auth_key $privacy $protocol:$target_print:$port\n"; - } - print "\n"; -} - -# check changes in auth and privacy nodes -# deny set encrypted-key in case engineid wasn't set -sub check_user_auth_changes { - my $config = get_snmp_config(); - my $v3engineid = ""; - - if($config->exists("engineid")){ - $v3engineid=$config->returnValue("engineid"); - } - - if ( $config->isChanged("user") || $config->isChanged("engineid")) { - my $haveError = 0; - foreach my $user ( $config->listNodes("user") ) { - $config->setLevel( $snmp_v3_level . " user $user" ); - if ( $config->exists("engineid") && - !($v3engineid eq "" ) && - !($config->returnValue("engineid") eq "" ) && - !($config->returnValue("engineid") eq $v3engineid)){ - print -"Warning: Encrypted key(s) for snmp v3 user \"$user\" was(were) generated for another SNMP engineid. It won't work. Please recreate this user.\n"; - } - if ( $config->exists("auth") ) { - if ( - !( - $config->exists("engineid") && - ( - $config->exists("auth encrypted-key") || - $config->exists("privacy encrypted-key") - ) - ) - ) - { - $haveError = 1; - print -"Discard encrypted-key on user \"$user\". It's necessary to setup engineid the encrypted-key was generated with.\n"; - } - my $isAuthKeyChanged = $config->isChanged("auth plaintext-key"); - my $isAuthEKeyChanged = $config->isChanged("auth encrypted-key"); - if ( $config->exists("privacy") ) { - my $isPrivKeyChanged = - $config->isChanged("privacy plaintext-key"); - my $isPrivEKeyChanged = - $config->isChanged("privacy encrypted-key"); - if ( ($isPrivEKeyChanged && !$isAuthEKeyChanged) - || ($isPrivKeyChanged && !$isAuthKeyChanged) ) { - $haveError = 1; - print - "Please, set correct auth and privacy for user \"$user\"\n"; - print - "Set plaintext-key for auth and privacy or set encrypted-key for both\n"; - } - } - } - else { - if ( $config->exists("privacy") ) { - $haveError = 1; - print "Please, delete privacy for user \"$user\"\n"; - } - } - } - if ($haveError) { - exit(1); - } - } -} - -# check relation between user & group & view -sub check_relation { - my $config = get_snmp_config(); - my $haveError = 0; - foreach my $user ( $config->listNodes("user") ) { - if ( $config->exists("user $user group") ) { - my $group = $config->returnValue("user $user group"); - if ( !$config->exists("group $group") ) { - $haveError = 1; - print -"Please, create group \"$group\". It's need for user \"$user\"\n"; - } - } - } - foreach my $group ( $config->listNodes("group") ) { - my $view = $config->returnValue("group $group view"); - if ( !$config->exists("view $view") ) { - $haveError = 1; - print - "Please, create view \"$view\". It's need for group \"$group\"\n"; - } - } - if ($haveError) { - exit(1); - } -} - -# check is new tsm port free on system -sub check_tsm_port { - my $config = get_snmp_config(); - if ( $config->isChanged("tsm port") ) { - my $port = $config->returnValue("tsm port"); - my $reg = ":$port\$"; - my $output = `netstat -anltup | awk '{print \$4}'`; - foreach my $line ( split( /\n/, $output ) ) { - if ( $line =~ /$reg/ ) { - print - "Actually port $port is using. It can not be used for tsm.\n"; - exit(1); - } - } - } -} - -# check group seclevel and user auth/privacy -sub check_seclevel { - my $config = get_snmp_config(); - my $haveError = 0; - if ( $config->isChanged("user") || $config->isChanged("group") ) { - foreach my $user ( $config->listNodes("user") ) { - if ( $config->exists("user $user group") ) { - my $group = $config->returnValue("user $user group"); - if ( $config->isChanged("user $user") - || $config->isChanged("group $group") ) - { - my $group_seclevel = - $config->returnValue("group $group seclevel"); - if ( $config->exists("user $user privacy") ) { - if ( $group_seclevel eq "auth" ) { - print -"User \"$user\" have privacy, but group \"$group\" have \"auth\" as seclevel. So auth and priv work both.\n"; - } - } - else { - if ( $group_seclevel eq "priv" ) { - print -"User \"$user\" will not work, because he haven't privacy, but group \"$group\" have \"priv\" as seclevel.\n"; - $haveError = 1; - } - } - } - } - } - } - if ($haveError) { - exit(1); - } -} - -sub copy_conf_to_tmp { - - # these files already contain SNMPv2 configuration - copy( $snmpd_conf, $snmpd_conf_tmp ) - or die "Couldn't copy $snmpd_conf to $snmpd_conf_tmp - $!"; - copy( $snmpd_usr_conf, $snmpd_usr_conf_tmp ) - or die "Couldn't copy $snmpd_usr_conf to $snmpd_usr_conf_tmp - $!"; - copy( $snmpd_var_conf, $snmpd_var_conf_tmp ) - or die "Couldn't copy $snmpd_var_conf to $snmpd_var_conf_tmp - $!"; -} - -# update all vyatta config -# can be called directly -sub snmp_update { - - copy_conf_to_tmp(); - - set_tsm(); - - open( my $fh, '>>', $snmpd_conf_tmp ) - or die "Couldn't open $snmpd_conf_tmp - $!"; - - select $fh; - - set_views(); - set_groups(); - set_hosts(); - set_users_in_etc(); - - close $fh; - select STDOUT; - - move( $snmpd_conf_tmp, $snmpd_conf ) - or die "Couldn't move $snmpd_conf_tmp to $snmpd_conf - $!"; - - my $config = get_snmp_config(); - if ($config->exists("engineid")) { - $oldEngineID = $config->returnValue("engineid"); - } - - snmpd_stop(); - - #add newly added users to var config to get encrypted values - set_users_to_other(); - - move( $snmpd_usr_conf_tmp, $snmpd_usr_conf ) - or die "Couldn't move $snmpd_usr_conf_tmp to $snmpd_usr_conf - $!"; - move( $snmpd_var_conf_tmp, $snmpd_var_conf ) - or die "Couldn't move $snmpd_var_conf_tmp to $snmpd_var_conf - $!"; - - snmpd_start(); - snmpd_stop(); - - # now we have encrypted user config - start and read it after - snmpd_start(); - update_users_vyatta_conf(); -} - -# validate vyatta config before write it into files -# can be called directly -sub snmp_check { - check_user_auth_changes(); - check_relation(); - check_tsm_port(); - check_seclevel(); -} - -my $check_config; -my $update_snmp; -my $delete_snmp; - -GetOptions( - "check-config!" => \$check_config, - "update-snmp!" => \$update_snmp, - "delete-snmp!" => \$delete_snmp, - "oldEngineID=s" => \$oldEngineID, - "setserialno=s" => \$setserialno -); - -snmp_check() if ($check_config); -snmp_update() if ($update_snmp); -snmp_delete() if ($delete_snmp); diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl deleted file mode 100755 index 5c4ff1d0..00000000 --- a/scripts/snmp/vyatta-snmp.pl +++ /dev/null @@ -1,333 +0,0 @@ -#!/usr/bin/perl -# -# Module: vyatta-snmp.pl -# -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. -# All Rights Reserved. -# -# Author: Stig Thormodsrud -# Date: October 2007 -# Description: Script to glue vyatta cli to snmp daemon -# -# **** End License **** -# - -use strict; -use warnings; - -use lib "/opt/vyatta/share/perl5/"; -use Vyatta::Config; -use Vyatta::Misc; -use NetAddr::IP; -use Getopt::Long; -use File::Copy; -use Socket; -use Socket6; - -my $mibdir = '/opt/vyatta/share/snmp/mibs'; -my $snmp_start = 'systemctl start snmpd.service'; -my $snmp_stop = 'systemctl stop snmpd.service'; -my $snmp_conf = '/etc/snmp/snmpd.conf'; -my $snmp_client = '/etc/snmp/snmp.conf'; -my $snmp_tmp = "/tmp/snmpd.conf.$$"; -my $snmp_snmpv3_user_conf = '/usr/share/snmp/snmpd.conf'; -my $snmp_snmpv3_createuser_conf = '/var/lib/snmp/snmpd.conf'; -my $versionfile = '/opt/vyatta/etc/version'; -my $local_agent = 'unix:/run/snmpd.socket'; -my $password_file = '/config/snmp/superuser_pass'; - -my $snmp_level = 'service snmp'; - -sub snmp_running { - open (my $pidf, '<', "/run/snmpd.pid") - or return; - my $pid = <$pidf>; - close $pidf; - - chomp $pid; - my $exe = readlink "/proc/$pid/exe"; - - return (defined($exe) && $exe eq "/usr/sbin/snmpd"); -} - -sub snmp_stop { - system("$snmp_stop > /dev/null 2>&1"); -} - -sub snmp_start { - # we must stop snmpd first for creating vyatta user - system("$snmp_stop > /dev/null 2>&1"); - open (my $fh, '>', $snmp_tmp) - or die "Couldn't open $snmp_tmp - $!"; - - select $fh; - snmp_get_constants(); - snmp_get_values(); - snmp_get_traps(); - close $fh; - select STDOUT; - - snmp_client_config(); - - move($snmp_tmp, $snmp_conf) - or die "Couldn't move $snmp_tmp to $snmp_conf - $!"; -} - -sub get_version { - my $version = "unknown-version"; - - if (open (my $f, '<', $versionfile)) { - while (<$f>) { - chomp; - if (m/^Version\s*:\s*(.*)$/) { - $version = $1; - last; - } - } - close $f; - } - return $version; -} - -# convert address to snmpd transport syntax -sub transport_syntax { - my ($addr, $port) = @_; - my $ip = new NetAddr::IP $addr; - die "$addr: not a valid IP address" unless $ip; - - my $version = $ip->version(); - return "udp:$addr:$port" if ($version == 4); - return "udp6:[$addr]:$port" if ($version == 6); - die "$addr: unknown IP version $version"; -} - -# Test if IPv6 is possible by opening a socket -sub ipv6_disabled { - socket ( my $s, PF_INET6, SOCK_DGRAM, 0) - or return 1; - close($s); - return; -} - -# Find SNMP agent listening addresses -sub get_listen_address { - my $config = new Vyatta::Config; - my @listen; - - $config->setLevel('service snmp listen-address'); - my @address = $config->listNodes(); - - if(@address) { - foreach my $addr (@address) { - my $port = $config->returnValue("$addr port"); - push @listen, transport_syntax($addr, $port); - } - } else { - # default if no address specified - @listen = ( 'udp:161' ); - push @listen, 'udp6:161' unless ipv6_disabled(); - return @listen; - } - - return @listen; -} - -sub snmp_get_constants { - my $version = get_version(); - my $now = localtime; - my @addr = get_listen_address(); - - # add local unix domain target for use by operational commands - unshift @addr, $local_agent; - - print "# autogenerated by vyatta-snmp.pl on $now\n"; - print "sysDescr VyOS $version\n"; - print "sysObjectID 1.3.6.1.4.1.44641\n"; - print "sysServices 14\n"; - print "master agentx\n"; # maybe needed by lldpd - print "agentaddress ", join(',',@addr), "\n"; - print "agentXPerms 0755 0755\n"; - - # add hook to read IF-MIB::ifAlias from sysfs - print "pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias\n"; - - print "smuxpeer .1.3.6.1.4.1.3317.1.2.2\n"; # ospfd - print "smuxpeer .1.3.6.1.4.1.3317.1.2.5\n"; # bgpd - print "smuxpeer .1.3.6.1.4.1.3317.1.2.3\n"; # ripd - print "smuxpeer .1.3.6.1.4.1.3317.1.2.9\n"; # mribd - print "smuxpeer .1.3.6.1.2.1.83\n"; # mribd - print "smuxpeer .1.3.6.1.4.1.3317.1.2.8\n"; # pimd - print "smuxpeer .1.3.6.1.2.1.157\n"; # pimd - print "smuxsocket localhost\n"; -} - -# generate a random character hex string -sub randhex { - my $length = shift; - return join "", map { unpack "H*", chr(rand(256)) } 1..($length/2); -} - -# output snmpd.conf file syntax for community -sub print_community { - my ($config, $community) = @_; - my $ro = $config->returnValue('authorization'); - $ro = 'ro' unless $ro; - - my @clients = $config->returnValues('client'); - my @networks = $config->returnValues('network'); - - my @restriction = (@clients, @networks); - if (!@restriction) { - print $ro . "community $community\n"; - print $ro . "community6 $community\n" unless ipv6_disabled(); - return; - } - - foreach my $addr (@restriction) { - my $ip = new NetAddr::IP $addr; - die "$addr: Not a valid IP address" unless $ip; - - if ($ip->version() == 4) { - print $ro . "community $community $addr\n"; - } elsif ($ip->version() == 6) { - print $ro . "community6 $community $addr\n"; - } else { - die "$addr: bad IP version ", $ip->version(); - } - } -} - -sub snmp_get_values { - my $config = new Vyatta::Config; - - my @communities = $config->listNodes("service snmp community"); - foreach my $community (@communities) { - $config->setLevel("service snmp community $community"); - print_community($config, $community); - } - - $config->setLevel("service snmp smux-peer"); - my @smuxpeers = $config->returnValues(); - foreach my $smuxpeer (@smuxpeers) { - print "smuxpeer $smuxpeer \n"; - } - - $config->setLevel($snmp_level); - my $contact = $config->returnValue("contact"); - if (defined $contact) { - print "SysContact $contact \n"; - } - - my $description = $config->returnValue("description"); - if (defined $description) { - print "SysDescr $description \n"; - } - - my $location = $config->returnValue("location"); - if (defined $location) { - print "SysLocation $location \n"; - } -} - -sub snmp_get_traps { - my $config = new Vyatta::Config; - $config->setLevel($snmp_level); - - # linkUp/Down configure the Event MIB tables to monitor - # the ifTable for network interfaces being taken up or down - # for making internal queries to retrieve any necessary information - - # create an internal snmpv3 user of the form 'vyattaxxxxxxxxxxxxxxxx' - my $vyatta_user = "vyatta" . randhex(16); - snmp_create_snmpv3_user($vyatta_user); - snmp_write_snmpv3_user($vyatta_user); - print "iquerySecName $vyatta_user\n"; - - # Modified from the default linkUpDownNotification - # to include more OIDs and poll more frequently - print <listNodes("trap-target"); - return unless @trap_targets; - - foreach my $trap_target (@trap_targets) { - my $port = $config->returnValue("trap-target $trap_target port"); - my $community - = $config->returnValue("trap-target $trap_target community"); - - print "trap2sink $trap_target"; - print ":$port" if $port; - print " $community" if $community; - print "\n"; - } -} - -# Configure SNMP client parameters -sub snmp_client_config { - my $config = new Vyatta::Config; - $config->setLevel($snmp_level); - - open (my $cf, '>', $snmp_client) - or die "Couldn't open $snmp_client - $!"; - - my $version = get_version(); - my $now = localtime; - print {$cf} "# autogenerated by vyatta-snmp.pl on $now\n"; - - my $trap_source = $config->returnValue('trap-source'); - print {$cf} "clientaddr $trap_source\n" if ($trap_source); - close $cf; -} - -sub snmp_create_snmpv3_user { - - my $vyatta_user = shift; - my $passphrase = randhex(32); - - my $createuser = "createUser $vyatta_user MD5 \"$passphrase\" DES"; - open(my $fh, '>', $snmp_snmpv3_createuser_conf) || die "Couldn't open $snmp_snmpv3_createuser_conf - $!"; - print $fh $createuser; - close $fh; - - open(my $pass_file, '>', $password_file) || die "Couldn't open $password_file - $!"; - print $pass_file $passphrase; - close $pass_file; -} - -sub snmp_write_snmpv3_user { - - my $vyatta_user = shift; - my $user = "rwuser $vyatta_user\n"; - open(my $fh, '>', $snmp_snmpv3_user_conf) || die "Couldn't open $snmp_snmpv3_user_conf - $!"; - print $fh $user; - close $fh; -} - - -# -# main -# -my $update_snmp; -my $stop_snmp; - -GetOptions("update-snmp!" => \$update_snmp, - "stop-snmp!" => \$stop_snmp); - -snmp_start() if ($update_snmp); -snmp_stop() if ($stop_snmp); diff --git a/scripts/system/vyatta_check_snmp_name.pl b/scripts/system/vyatta_check_snmp_name.pl deleted file mode 100755 index 599fe398..00000000 --- a/scripts/system/vyatta_check_snmp_name.pl +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/perl - -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc. -# All Rights Reserved. -# -# **** End License **** - -use strict; -use warnings; - -foreach my $name (@ARGV) { - die "$name : illegal characters in name\n" - if (!($name =~ /^[a-zA-Z0-9]*$/)); - - # Usernames may only be up to 32 characters long. - die "$name: name may only be up to 32 characters long\n" - if (length($name) > 32); -} - -exit 0; -- cgit v1.2.3