From c634b7d41c241a9b033e16ff32ba26a6d99bc227 Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Fri, 30 Apr 2010 15:45:44 -0700 Subject: Allow user to name system images when installing them. Now we ask the user what they would like to name an image when they are installing. The default answer is the same string used previously: The Vyatta version string. --- scripts/install/install-image-existing | 49 +++++++++++++++++++++++++--------- scripts/install/install-image-new | 31 +++++++++++++++++---- scripts/install/install-postinst-new | 6 ++++- 3 files changed, 67 insertions(+), 19 deletions(-) (limited to 'scripts') diff --git a/scripts/install/install-image-existing b/scripts/install/install-image-existing index ce0e502d..bad2be58 100755 --- a/scripts/install/install-image-existing +++ b/scripts/install/install-image-existing @@ -54,16 +54,27 @@ fi # get new version string. this is from the squashfs image. NEWVER=`dpkg -l --root=${CD_SQUASH_ROOT} | grep "^.. vyatta-version " | awk '{print $3}'` +NEWNAME=$NEWVER -if [ -z "$NEWVER" ]; then - failure_exit 'Cannot find new release version.' +echo -n "What would you like to name this image? [$NEWNAME]: " +read response +if [ -n "$response" ]; then + NEWNAME=$response fi -if [ "$CURVER" == "$NEWVER" ]; then - echo "Image version $NEWVER is the same as the running system." - echo "Cannot install the same release version as the running system." - exit 1 + +# Validate image name +if [ "$NEWNAME" = "grub" -o "${NEWNAME:0:7}" = "vmlinuz" -o \ + "${NEWNAME:0:6}" = "initrd" -o "${NEWNAME:0:10}" = "System.map" -o \ + "$NEWNAME" = "Old-non-image-installation" ]; then + echo "Can't use $NEWNAME. It is a reserved image name." + exit 1; +fi + +if [ -z "$NEWNAME" ]; then + failure_exit 'Invalid image name.' fi +echo "OK. This image will be named: $NEWNAME" # this is the default if current install is union BOOT_DIR=/live/image/boot @@ -74,24 +85,30 @@ elif [ "$CUR_INSTALL" != 'union' ]; then exit 1 fi -if [ -d $BOOT_DIR/$NEWVER ]; then - echo "Version $NEWVER is already installed on this system." +if [ -d $BOOT_DIR/$NEWNAME ]; then + if [ "$CURVER" = "$NEWNAME" ]; then + echo "$NEWNAME is the image you are currently running. Can't" + echo "Re-install over the running image." + exit 1 + fi + + echo "An image named $NEWNAME is already installed on this system." echo "Proceeding with this installation will delete this copy of" - echo "$NEWVER and replace it with a new copy." + echo "$NEWNAME and replace it with a new copy." echo -n "Do you want to replace it? (Yes/No) [No]: " resp=$(get_response "No" "Yes No Y N") if [ "$resp" != 'yes' ] && [ "$resp" != 'y' ]; then - echo "OK. Will not replace $NEWVER" + echo "OK. Will not replace $NEWNAME" echo "Exiting..." exit 1 fi fi # start the install -echo "Installing \"$NEWVER\" release." +echo "Installing \"$NEWNAME\" image." # create the new release directories -REL_ROOT=$BOOT_DIR/$NEWVER +REL_ROOT=$BOOT_DIR/$NEWNAME RW_DIR="$REL_ROOT/live-rw" if ! mkdir -p "$RW_DIR"; then failure_exit 'Cannot create directory for new release.' @@ -163,10 +180,16 @@ if [ -e "$DEF_GRUB" ]; then echo "Setting up grub configuration..." new_index=$(get_grub_index) + def_grub_vers=/tmp/def_grub.$$ + cp $DEF_GRUB $def_grub_vers + sed -i "s/menuentry \"Vyatta.*(/menuentry \"Vyatta image $NEWNAME (/" $def_grub_vers + sed -i "s/menuentry \"Lost password change.*(/menuentry \"Lost password change $NEWNAME (/" $def_grub_vers + sed -i "sX/boot/[A-Za-z0-9\.]*X/boot/${NEWNAME}Xg" $def_grub_vers + old_grub_cfg=$BOOT_DIR/grub/grub.cfg new_grub_cfg=/tmp/grub.cfg.$$ sed -n '/^menuentry/q;p' $old_grub_cfg >$new_grub_cfg - cat $DEF_GRUB >>$new_grub_cfg + cat $def_grub_vers >> $new_grub_cfg sed -n '/^menuentry/,${p}' $old_grub_cfg >>$new_grub_cfg sed -i "s/^set default=[0-9]\+$/set default=$new_index/" $new_grub_cfg mv $new_grub_cfg $old_grub_cfg diff --git a/scripts/install/install-image-new b/scripts/install/install-image-new index 7294fc35..5726fa03 100755 --- a/scripts/install/install-image-new +++ b/scripts/install/install-image-new @@ -24,15 +24,36 @@ if ! try_mount "/dev/$ROOT_PARTITION $WRITE_ROOT"; then fi version=$(get_new_version) -if [ -z "$version" ]; then +image_name=$version +if [ -z "$image_name" ]; then echo 'Cannot find new version. Exiting...' exit 1 fi +echo -n "What would you like to name this image? [$image_name]: " +read response +if [ -n "$response" ]; then + image_name=$response +fi + +# Validate image name +if [ "$image_name" = "grub" -o "${image_name:0:7}" = "vmlinuz" -o \ + "${image_name:0:6}" = "initrd" -o "${image_name:0:10}" = "System.map" -o \ + "$image_name" = "Old-non-image-installation" ]; then + echo "Can't use $image_name. It is a reserved image name." + exit 1; +fi + +if [ -z "$image_name" ]; then + failure_exit 'Invalid image name.' +fi + +echo "OK. This image will be named: $image_name" + # make the dir for the new version -mkdir -p $WRITE_ROOT/boot/$version +mkdir -p $WRITE_ROOT/boot/$image_name # make dir for backing store -rw_dir=$WRITE_ROOT/boot/$version/live-rw +rw_dir=$WRITE_ROOT/boot/$image_name/live-rw mkdir -p $rw_dir echo Copying squashfs image... @@ -53,10 +74,10 @@ if [ ! -f "$squash_img" ] || [ -z "$boot_files" ]; then fi fi -target_squash=$WRITE_ROOT/boot/$version/$version.squashfs +target_squash=$WRITE_ROOT/boot/$image_name/$version.squashfs cp -p $squash_img $target_squash echo Copying kernel and initrd images... -cp -dp $boot_files $WRITE_ROOT/boot/$version/ +cp -dp $boot_files $WRITE_ROOT/boot/$image_name/ # set up union root for postinst mkdir -p $INST_ROOT $READ_ROOT diff --git a/scripts/install/install-postinst-new b/scripts/install/install-postinst-new index 65c6cd7f..c96f5657 100755 --- a/scripts/install/install-postinst-new +++ b/scripts/install/install-postinst-new @@ -133,9 +133,13 @@ if [ -z "$version" ]; then exit 1 fi +array=( $WRITE_ROOT/boot/* ) +image_name=${array[0]} +image_name=${image_name#$WRITE_ROOT/boot/} + # these are the defaults for "union" grub_root=$WRITE_ROOT -grub_setup_args="-u $version" +grub_setup_args="-u $image_name" if [ "$INSTALL_TYPE" == 'old' ]; then grub_root=$INST_ROOT grub_setup_args="-v $version" -- cgit v1.2.3 From 83cca7053bba3181b451609fee641271b3b7adf3 Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Mon, 3 May 2010 17:19:15 -0700 Subject: Add code to check digital signature of image files. In URL mode, we now check for a digital signature file. If one exists, we'll try to download it and check the signature. --- scripts/install/install-image | 33 +++++++++++++++++++++++++++++++++ scripts/install/install-image-existing | 2 +- 2 files changed, 34 insertions(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/install/install-image b/scripts/install/install-image index 607dcc98..c4bf3800 100755 --- a/scripts/install/install-image +++ b/scripts/install/install-image @@ -69,6 +69,39 @@ fetch_iso_by_url () fi echo "ISO download suceeded." + + echo "Checking for digital signature file..." + curl -f -o ${filename}.asc ${NEW_ISO}.asc + if [ $? -ne 0 ]; then + echo "Unable to fetch digital signature file." + echo -n "Do you want to continue without signature check? (yes/no) [yes] " + + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "no" ] || [ "$response" == "n" ]; then + fail_exit 'OK. Installation will not be performed.' + fi + + # In case signature file was partially downloaded... + rm -f ${filename}.asc + fi + + if [ -e ${filename}.asc ]; then + echo "Found it. Checking digital signature..." + gpg --keyring /etc/apt/trusted.gpg --verify ${filename}.asc + if [ $? -ne 0 ]; then + echo "Signature check FAILED." + echo -n "Do you want to continue anyway? (yes/no) [no] " + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "no" ] || [ "$response" == "n" ]; then + fail_exit 'OK. Installation will not be performed.' + fi + + echo "OK. Proceding with installation anyway." + else + echo "Digital signature is valid." + fi + fi + NEW_ISO=$filename } diff --git a/scripts/install/install-image-existing b/scripts/install/install-image-existing index bad2be58..d35437ba 100755 --- a/scripts/install/install-image-existing +++ b/scripts/install/install-image-existing @@ -184,7 +184,7 @@ if [ -e "$DEF_GRUB" ]; then cp $DEF_GRUB $def_grub_vers sed -i "s/menuentry \"Vyatta.*(/menuentry \"Vyatta image $NEWNAME (/" $def_grub_vers sed -i "s/menuentry \"Lost password change.*(/menuentry \"Lost password change $NEWNAME (/" $def_grub_vers - sed -i "sX/boot/[A-Za-z0-9\.]*X/boot/${NEWNAME}Xg" $def_grub_vers + sed -i "sX/boot/[A-Za-z0-9\.\-]*X/boot/${NEWNAME}Xg" $def_grub_vers old_grub_cfg=$BOOT_DIR/grub/grub.cfg new_grub_cfg=/tmp/grub.cfg.$$ -- cgit v1.2.3 From c5fc79c7f9149bd81254c0b4826f78b1c7e02008 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 7 May 2010 15:00:38 -0700 Subject: Preserve file capablities and attributes during install-system --- scripts/install-system | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/install-system b/scripts/install-system index d17f0c2e..06deb0a3 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -936,7 +936,7 @@ install_root_filesystem () { exit 1 fi - output=$(cp -pR /mnt/squashfs/* $rootfsdir/) + output=$(cp --preserve=all -R /mnt/squashfs/* $rootfsdir/) status=$? if [ "$status" != 0 ]; then -- cgit v1.2.3 From 427ab38e9d8144b185e53f29504df36d48277ac4 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 7 May 2010 15:03:46 -0700 Subject: Preserve file attributes of root files Want to preserve labels and other attributes --- scripts/install/install-image-existing | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/install/install-image-existing b/scripts/install/install-image-existing index ce0e502d..c243fda6 100755 --- a/scripts/install/install-image-existing +++ b/scripts/install/install-image-existing @@ -108,7 +108,7 @@ if [ ! -f "$squash_img" ] || [ -z "$boot_files" ]; then fi target_squash=$REL_ROOT/$NEWVER.squashfs cp -p $squash_img $target_squash >&/dev/null -cp -dp $boot_files $REL_ROOT/ >&/dev/null +cp --no-dereference --preserve=all $boot_files $REL_ROOT/ >&/dev/null # mount copied squashfs if ! try_mount "-o loop,ro $target_squash $READ_ROOT"; then -- cgit v1.2.3 From 7d02fa70ca8207ebd6111827691735cd9d980c30 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 12 May 2010 13:36:16 -0700 Subject: Show progress bar when copying filesystem Better to show real progress than simple spinning wheel. --- scripts/install-system | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) (limited to 'scripts') diff --git a/scripts/install-system b/scripts/install-system index 06deb0a3..4f92ca37 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -890,6 +890,23 @@ create_partitions() { fi } +# Copy directory with pretty progress bar +copy_filesystem() { + cp -r -v --preserve=all "$@" | awk '{ + ++files + if ((files % 10) == 0) { + percent = files / total_files * 100 + printf "%3d%% [", percent + for (i=0;i" + for (;i<100;i+=2) + printf " " + printf "]\r" + } + }' total_files=$(find "$@" | wc -l) +} + # Install the root filesystem # $1 is the partition to install on install_root_filesystem () { @@ -914,8 +931,7 @@ install_root_filesystem () { fi if [ -z $UNION ]; then - echo -n "Copying system image files to /dev/$ROOT_PARTITION: " - progress_indicator start + echo "Copying system files to /dev/$ROOT_PARTITION: " # Mount the squashfs for copying output=$(mkdir -p /mnt/squashfs) if [ -f /live/image/live/filesystem.squashfs ]; then @@ -936,12 +952,13 @@ install_root_filesystem () { exit 1 fi - output=$(cp --preserve=all -R /mnt/squashfs/* $rootfsdir/) + echo "Copying /mnt/squashfs/* to $rootfsddir" >>$INSTALL_LOG + copy_filesystem /mnt/squashfs/* $rootfsdir 2>>$INSTALL_LOG status=$? - + echo + if [ "$status" != 0 ]; then echo -e "Error trying to copy the rootfs.\nPlease see install log for more details.\nExiting..." - echo -e "Error trying to copy the rootfs.\ncp -pR /mnt/squashfs/* $rootfsdir/\n$output" >> $INSTALL_LOG exit 1 fi -- cgit v1.2.3 From ab587ce0c92b5aeeb26eb678946a7e1faa6f9db1 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 12 May 2010 18:38:48 -0700 Subject: Better version of SNMP IPv6 support Need to use different syntax for community values on IPv6 versus IPv4 --- scripts/snmp/vyatta-snmp.pl | 64 ++++++++++------------ templates/service/snmp/community6/node.def | 5 ++ .../community6/node.tag/authorization/node.def | 7 +++ .../snmp/community6/node.tag/client/node.def | 3 + .../snmp/community6/node.tag/network/node.def | 4 ++ templates/service/snmp/node.def | 3 +- templates/service/snmp/trap-source/node.def | 2 +- templates/service/snmp/trap-target/node.def | 4 +- 8 files changed, 54 insertions(+), 38 deletions(-) create mode 100644 templates/service/snmp/community6/node.def create mode 100644 templates/service/snmp/community6/node.tag/authorization/node.def create mode 100644 templates/service/snmp/community6/node.tag/client/node.def create mode 100644 templates/service/snmp/community6/node.tag/network/node.def (limited to 'scripts') diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index 3adb37b7..e3aa3fc1 100644 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -93,6 +93,8 @@ sub snmp_get_constants { print "sysDescr Vyatta $version\n"; print "sysObjectID 1.3.6.1.4.1.30803\n"; print "sysServices 14\n"; + print "agentaddress unix:/var/run/snmpd.socket,udp:161,udp6:161\n"; + print "smuxpeer .1.3.6.1.4.1.3317.1.2.2\n"; # ospfd print "smuxpeer .1.3.6.1.4.1.3317.1.2.5\n"; # bgpd print "smuxpeer .1.3.6.1.4.1.3317.1.2.3\n"; # ripd @@ -106,44 +108,38 @@ sub randhex { return join "", map { unpack "H*", chr(rand(256)) } 1..($length/2); } +# output snmpd.conf file syntax for community +sub print_community { + my ($config, $community, $type) = @_; + $config->setLevel("service snmp $type $community"); + + my $auth = $config->returnValue('authorization'); + $auth = 'ro' unless $auth; + $auth .= $type; # rocommunity + + my @address = $config->returnValues('client'); + push @address, $config->returnValues('network'); + + if (@address) { + foreach my $addr (@address) { + print "$auth $community $addr\n"; + } + } else { + print "$auth $community\n"; + } +} + sub snmp_get_values { my $config = new Vyatta::Config; - $config->setLevel("service snmp community"); - my @communities = $config->listNodes(); - + my @communities = $config->listNodes("service snmp community"); + foreach my $community (@communities) { + print_community($config, $community, 'community'); + } + + @communities = $config->listNodes("service snmp community6"); foreach my $community (@communities) { - my $authorization = $config->returnValue("$community authorization"); - my @clients = $config->returnValues("$community client"); - my @networks = $config->returnValues("$community network"); - - if (scalar(@clients) == 0 and scalar(@networks) == 0){ - if (defined $authorization and $authorization eq "rw") { - print "rwcommunity $community\n"; - } else { - print "rocommunity $community\n"; - } - } else { - if (scalar(@clients) != 0) { - foreach my $client (@clients){ - if (defined $authorization and $authorization eq "rw") { - print "rwcommunity $community $client\n"; - } else { - print "rocommunity $community $client\n"; - } - } - } - if (scalar(@networks) != 0){ - foreach my $network (@networks){ - if (defined $authorization and $authorization eq "rw") { - print "rwcommunity $community $network\n"; - } else { - print "rocommunity $community $network\n"; - } - - } - } - } + print_community($config, $community, 'community6'); } $config->setLevel($snmp_level); diff --git a/templates/service/snmp/community6/node.def b/templates/service/snmp/community6/node.def new file mode 100644 index 00000000..32eb4800 --- /dev/null +++ b/templates/service/snmp/community6/node.def @@ -0,0 +1,5 @@ +tag: +type: txt +help: Set community name [REQUIRED] +syntax:expression: pattern $VAR(@) "^[^%]+$" ; \ + "Community string may not contain %" diff --git a/templates/service/snmp/community6/node.tag/authorization/node.def b/templates/service/snmp/community6/node.tag/authorization/node.def new file mode 100644 index 00000000..c8918d43 --- /dev/null +++ b/templates/service/snmp/community6/node.tag/authorization/node.def @@ -0,0 +1,7 @@ +type: txt +default: "ro" +help: Set authorization type (rw or ro) (default: ro) +syntax:expression: $VAR(@) in "ro", "rw"; "Authorization type must be either rw or ro" + + + diff --git a/templates/service/snmp/community6/node.tag/client/node.def b/templates/service/snmp/community6/node.tag/client/node.def new file mode 100644 index 00000000..fddbcb91 --- /dev/null +++ b/templates/service/snmp/community6/node.tag/client/node.def @@ -0,0 +1,3 @@ +multi: +type: ipv6 +help: Set IPv6 address of SNMP client allowed to contact system diff --git a/templates/service/snmp/community6/node.tag/network/node.def b/templates/service/snmp/community6/node.tag/network/node.def new file mode 100644 index 00000000..266a1bce --- /dev/null +++ b/templates/service/snmp/community6/node.tag/network/node.def @@ -0,0 +1,4 @@ +multi: +type: ipv6net +help: Set subnet of SNMP client(s) allowed to contact system +syntax:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --check-prefix-boundry $VAR(@)" diff --git a/templates/service/snmp/node.def b/templates/service/snmp/node.def index 13b39fa7..2952eb34 100644 --- a/templates/service/snmp/node.def +++ b/templates/service/snmp/node.def @@ -1,6 +1,7 @@ priority: 980 help: Configure Simple Network Management Protocol (SNMP) -commit:expression: $VAR(community/) != ""; "must configure a community" +commit:expression: $VAR(community/) != "" || $VAR(community6/) != "" \ + ; "must configure a community or community6" delete: touch /tmp/snmp.$PPID end:if [ -f "/tmp/snmp.$PPID" ] diff --git a/templates/service/snmp/trap-source/node.def b/templates/service/snmp/trap-source/node.def index d8add72c..61a8cd6a 100644 --- a/templates/service/snmp/trap-source/node.def +++ b/templates/service/snmp/trap-source/node.def @@ -1,2 +1,2 @@ -type: ipv4 +type: ipv4,ipv6 help: Set SNMP trap source address diff --git a/templates/service/snmp/trap-target/node.def b/templates/service/snmp/trap-target/node.def index 493484b7..561bc1ac 100644 --- a/templates/service/snmp/trap-target/node.def +++ b/templates/service/snmp/trap-target/node.def @@ -1,3 +1,3 @@ tag: -type: ipv4 -help: Set IP address of trap target +type: ipv4,ipv6 +help: Set address of trap target -- cgit v1.2.3 From 496c5f68ebdeb33ca75fac65f0c6f0ae29b781bb Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 12 May 2010 20:02:10 -0700 Subject: Allow configuring/restricting SNMP listen address Add: service snmp listen-address AAAA [port NNN] --- scripts/snmp/vyatta-snmp.pl | 50 ++++++++++++++++++++-- templates/service/snmp/listen-address/node.def | 3 ++ .../snmp/listen-address/node.tag/port/node.def | 3 ++ 3 files changed, 53 insertions(+), 3 deletions(-) create mode 100644 templates/service/snmp/listen-address/node.def create mode 100644 templates/service/snmp/listen-address/node.tag/port/node.def (limited to 'scripts') diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index e3aa3fc1..f80a68fd 100644 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -26,6 +26,7 @@ use lib "/opt/vyatta/share/perl5/"; use Vyatta::Config; use Vyatta::Misc; +use NetAddr::IP; use Getopt::Long; use File::Copy; @@ -40,6 +41,7 @@ my $snmp_tmp = "/tmp/snmpd.conf.$$"; my $snmp_snmpv3_user_conf = '/usr/share/snmp/snmpd.conf'; my $snmp_snmpv3_createuser_conf = '/var/lib/snmp/snmpd.conf'; my $versionfile = '/opt/vyatta/etc/version'; +my $local_agent = 'unix:/var/run/snmpd.socket'; my $snmp_level = 'service snmp'; @@ -60,7 +62,7 @@ sub snmp_start { snmp_get_values(); close $fh; select STDOUT; - + snmp_client_config(); move($snmp_tmp, $snmp_conf) @@ -85,15 +87,57 @@ sub get_version { return $version; } +# convert address to snmpd transport syntac +sub transport_syntax { + my ($addr, $port) = @_; + my $ip = new NetAddr::IP $addr; + + return "udp:$addr:$port" if ($ip->version == 4); + return "udp6:[$addr]:$port" if ($ip->version == 6); + die "$addr: unknown protocol address"; +} + +sub ipv6_disabled { + my $config = new Vyatta::Config; + return $config->exists("system ipv6 disable"); +} + +# Find SNMP agent listening addresses +sub get_listen_address { + my $config = new Vyatta::Config; + my @listen; + + $config->setLevel('service snmp listen-address'); + my @address = $config->listNodes(); + + if(@address) { + foreach my $addr (@address) { + my $port = $config->returnValue("$addr port"); + push @listen, transport_syntax($addr, $port); + } + } else { + # default if no address specified + @listen = ( 'udp:' ); + push @listen, 'udp6:' unless ipv6_disabled(); + return @listen; + } + + return @listen; +} + sub snmp_get_constants { my $version = get_version(); my $now = localtime; + my @addr = get_listen_address(); + + # add local unix domain target for use by operational commands + unshift @addr, $local_agent; print "# autogenerated by vyatta-snmp.pl on $now\n"; print "sysDescr Vyatta $version\n"; print "sysObjectID 1.3.6.1.4.1.30803\n"; print "sysServices 14\n"; - print "agentaddress unix:/var/run/snmpd.socket,udp:161,udp6:161\n"; + print "agentaddress ", join(',',@addr), "\n"; print "smuxpeer .1.3.6.1.4.1.3317.1.2.2\n"; # ospfd print "smuxpeer .1.3.6.1.4.1.3317.1.2.5\n"; # bgpd @@ -119,7 +163,7 @@ sub print_community { my @address = $config->returnValues('client'); push @address, $config->returnValues('network'); - + if (@address) { foreach my $addr (@address) { print "$auth $community $addr\n"; diff --git a/templates/service/snmp/listen-address/node.def b/templates/service/snmp/listen-address/node.def new file mode 100644 index 00000000..f234edc8 --- /dev/null +++ b/templates/service/snmp/listen-address/node.def @@ -0,0 +1,3 @@ +tag: +type: ipv4,ipv6 +help: Set IP address to listen for incoming SNMP requests diff --git a/templates/service/snmp/listen-address/node.tag/port/node.def b/templates/service/snmp/listen-address/node.tag/port/node.def new file mode 100644 index 00000000..5a21b1d8 --- /dev/null +++ b/templates/service/snmp/listen-address/node.tag/port/node.def @@ -0,0 +1,3 @@ +type: u32 +default: 161 +help: Set port for SNMP service -- cgit v1.2.3 From ebc6b3916c76ff66f46f708d15194cb28829d066 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 14 May 2010 10:39:13 -0700 Subject: Change SNMP community handling Allow combination of IPv4 and IPv6 address in community setting. Use script to generate necessary community values in snmpd.conf --- scripts/snmp/vyatta-snmp.pl | 55 ++++++++++++---------- .../snmp/community/node.tag/client/node.def | 2 +- .../snmp/community/node.tag/network/node.def | 2 +- templates/service/snmp/community6/node.def | 5 -- .../community6/node.tag/authorization/node.def | 7 --- .../snmp/community6/node.tag/client/node.def | 3 -- .../snmp/community6/node.tag/network/node.def | 4 -- 7 files changed, 33 insertions(+), 45 deletions(-) delete mode 100644 templates/service/snmp/community6/node.def delete mode 100644 templates/service/snmp/community6/node.tag/authorization/node.def delete mode 100644 templates/service/snmp/community6/node.tag/client/node.def delete mode 100644 templates/service/snmp/community6/node.tag/network/node.def (limited to 'scripts') diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index f80a68fd..1c86321b 100644 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -87,14 +87,16 @@ sub get_version { return $version; } -# convert address to snmpd transport syntac +# convert address to snmpd transport syntax sub transport_syntax { my ($addr, $port) = @_; my $ip = new NetAddr::IP $addr; + die "$addr: not a valid IP address" unless $ip; - return "udp:$addr:$port" if ($ip->version == 4); - return "udp6:[$addr]:$port" if ($ip->version == 6); - die "$addr: unknown protocol address"; + my $version = $ip->version(); + return "udp:$addr:$port" if ($version == 4); + return "udp6:[$addr]:$port" if ($version == 6); + die "$addr: unknown IP version $version"; } sub ipv6_disabled { @@ -154,22 +156,31 @@ sub randhex { # output snmpd.conf file syntax for community sub print_community { - my ($config, $community, $type) = @_; - $config->setLevel("service snmp $type $community"); - - my $auth = $config->returnValue('authorization'); - $auth = 'ro' unless $auth; - $auth .= $type; # rocommunity - - my @address = $config->returnValues('client'); - push @address, $config->returnValues('network'); + my ($config, $community) = @_; + my $ro = $config->returnValue('authorization'); + $ro = 'ro' unless $ro; + + my @clients = $config->returnValues('client'); + my @networks = $config->returnValues('network'); + + my @restriction = (@clients, @networks); + if (!@restriction) { + print $ro . "community $community\n"; + print $ro . "community6 $community\n" unless ipv6_disabled(); + return; + } - if (@address) { - foreach my $addr (@address) { - print "$auth $community $addr\n"; + foreach my $addr (@restriction) { + my $ip = new NetAddr::IP $addr; + die "$addr: Not a valid IP address" unless $ip; + + if ($ip->version() == 4) { + print $ro . "community $community $addr\n"; + } elsif ($ip->version() == 6) { + print $ro . "community6 $community $addr\n"; + } else { + die "$addr: bad IP version ", $ip->version(); } - } else { - print "$auth $community\n"; } } @@ -178,12 +189,8 @@ sub snmp_get_values { my @communities = $config->listNodes("service snmp community"); foreach my $community (@communities) { - print_community($config, $community, 'community'); - } - - @communities = $config->listNodes("service snmp community6"); - foreach my $community (@communities) { - print_community($config, $community, 'community6'); + $config->setLevel("service snmp community $community"); + print_community($config, $community); } $config->setLevel($snmp_level); diff --git a/templates/service/snmp/community/node.tag/client/node.def b/templates/service/snmp/community/node.tag/client/node.def index 828faa97..427a9939 100644 --- a/templates/service/snmp/community/node.tag/client/node.def +++ b/templates/service/snmp/community/node.tag/client/node.def @@ -1,3 +1,3 @@ multi: -type: ipv4 +type: ipv4,ipv6 help: Set IP address of SNMP client allowed to contact system diff --git a/templates/service/snmp/community/node.tag/network/node.def b/templates/service/snmp/community/node.tag/network/node.def index 00a77d4b..4b80a51b 100644 --- a/templates/service/snmp/community/node.tag/network/node.def +++ b/templates/service/snmp/community/node.tag/network/node.def @@ -1,4 +1,4 @@ multi: -type: ipv4net +type: ipv4net,ipv6net help: Set subnet of SNMP client(s) allowed to contact system syntax:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --check-prefix-boundry $VAR(@)" diff --git a/templates/service/snmp/community6/node.def b/templates/service/snmp/community6/node.def deleted file mode 100644 index 32eb4800..00000000 --- a/templates/service/snmp/community6/node.def +++ /dev/null @@ -1,5 +0,0 @@ -tag: -type: txt -help: Set community name [REQUIRED] -syntax:expression: pattern $VAR(@) "^[^%]+$" ; \ - "Community string may not contain %" diff --git a/templates/service/snmp/community6/node.tag/authorization/node.def b/templates/service/snmp/community6/node.tag/authorization/node.def deleted file mode 100644 index c8918d43..00000000 --- a/templates/service/snmp/community6/node.tag/authorization/node.def +++ /dev/null @@ -1,7 +0,0 @@ -type: txt -default: "ro" -help: Set authorization type (rw or ro) (default: ro) -syntax:expression: $VAR(@) in "ro", "rw"; "Authorization type must be either rw or ro" - - - diff --git a/templates/service/snmp/community6/node.tag/client/node.def b/templates/service/snmp/community6/node.tag/client/node.def deleted file mode 100644 index fddbcb91..00000000 --- a/templates/service/snmp/community6/node.tag/client/node.def +++ /dev/null @@ -1,3 +0,0 @@ -multi: -type: ipv6 -help: Set IPv6 address of SNMP client allowed to contact system diff --git a/templates/service/snmp/community6/node.tag/network/node.def b/templates/service/snmp/community6/node.tag/network/node.def deleted file mode 100644 index 266a1bce..00000000 --- a/templates/service/snmp/community6/node.tag/network/node.def +++ /dev/null @@ -1,4 +0,0 @@ -multi: -type: ipv6net -help: Set subnet of SNMP client(s) allowed to contact system -syntax:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --check-prefix-boundry $VAR(@)" -- cgit v1.2.3 From 6a88206597a871be376554c010730218bb71dcf9 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 14 May 2010 10:54:29 -0700 Subject: Fix syntax of default listen address Despite documentation, udp6: is not a valid listen address, need to use udp6:161 --- scripts/snmp/vyatta-snmp.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index 1c86321b..a3be64ad 100644 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -119,8 +119,8 @@ sub get_listen_address { } } else { # default if no address specified - @listen = ( 'udp:' ); - push @listen, 'udp6:' unless ipv6_disabled(); + @listen = ( 'udp:161' ); + push @listen, 'udp6:161' unless ipv6_disabled(); return @listen; } -- cgit v1.2.3 From f37b24ae59372da6361b4acf9755270061bdc857 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 24 May 2010 10:10:35 -0700 Subject: Don't enable PAM Radius by default The pam-config mechanism will insert Radius pam module if it is in /usr/share/pam-configs. Therefore hold off installing file until Radius really needed. --- debian/vyatta-cfg-system.postinst.in | 3 --- lib/Vyatta/Login/RadiusServer.pm | 29 ++++++++++++++++++++--------- scripts/rl-system.init | 4 +++- 3 files changed, 23 insertions(+), 13 deletions(-) (limited to 'scripts') diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index fbf53739..4265d14b 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -132,9 +132,6 @@ EOF fi done - # Install pamradius config (should come with radius client eventually) - cp $sysconfdir/pam_radius.cfg /usr/share/pam-configs/radius - cp $sysconfdir/vyatta-sysctl.conf /etc/sysctl.d/30-vyatta-router.conf fi diff --git a/lib/Vyatta/Login/RadiusServer.pm b/lib/Vyatta/Login/RadiusServer.pm index d60f2baa..0de9bd28 100644 --- a/lib/Vyatta/Login/RadiusServer.pm +++ b/lib/Vyatta/Login/RadiusServer.pm @@ -20,18 +20,30 @@ use warnings; use lib "/opt/vyatta/share/perl5"; use Vyatta::Config; use File::Compare; +use File::Copy; my $PAM_RAD_CFG = '/etc/pam_radius_auth.conf'; my $PAM_RAD_TMP = "/tmp/pam_radius_auth.$$"; +my $PAM_RAD_AUTH = "/usr/share/pam-configs/radius"; +my $PAM_RAD_SYSCONF = "/opt/vyatta/etc/pam_radius.cfg"; + sub remove_pam_radius { - return system("sudo DEBIAN_FRONTEND=noninteractive" - . " pam-auth-update --remove radius") == 0; + system("DEBIAN_FRONTEND=noninteractive " . + " pam-auth-update --package --remove radius") == 0 + or die "pam-auth-update remove failed"; + + unlink($PAM_RAD_AUTH) + or die "Can't remove $PAM_RAD_AUTH"; } sub add_pam_radius { - return system("sudo DEBIAN_FRONTEND=noninteractive" - . " pam-auth-update radius") == 0; + copy($PAM_RAD_SYSCONF,$PAM_RAD_AUTH) + or die "Can't copy $PAM_RAD_SYSCONF to $PAM_RAD_AUTH"; + + system("DEBIAN_FRONTEND=noninteractive " . + "pam-auth-update --package radius") == 0 + or die "pam-auth-update add failed" } sub update { @@ -58,16 +70,15 @@ sub update { close($cfg); if ( compare( $PAM_RAD_CFG, $PAM_RAD_TMP ) != 0 ) { - system("sudo cp $PAM_RAD_TMP $PAM_RAD_CFG") == 0 + copy ($PAM_RAD_TMP, $PAM_RAD_CFG) or die "Copy of $PAM_RAD_TMP to $PAM_RAD_CFG failed"; } unlink($PAM_RAD_TMP); if ( $count > 0 ) { - exit 1 unless add_pam_radius(); - } - else { - exit 1 unless remove_pam_radius(); + add_pam_radius(); + } else { + remove_pam_radius(); } } diff --git a/scripts/rl-system.init b/scripts/rl-system.init index e7eaed14..ca51166a 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -173,7 +173,9 @@ security_reset () { # restore PAM back to virgin state (no radius other services) rm -f /etc/pam_radius_auth.conf if grep -q radius /etc/pam.d/common-auth - then pam-auth-update --remove radius + then + pam-auth-update --package --remove radius + rm /usr/share/pam-configs/radius fi # Disable root login with ssh -- cgit v1.2.3 From 74105f39b3646c12c0dfed647c7fd9922cdd864e Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Wed, 26 May 2010 16:11:36 -0700 Subject: Move DHCPv6 client configuration to this package and restructre parameters. --- Makefile.am | 1 + scripts/vyatta-dhcpv6-client.pl | 157 +++++++++++++++++++++ scripts/vyatta-interfaces.pl | 9 +- .../interfaces/ethernet/node.tag/address/node.def | 43 ++++-- .../ethernet/node.tag/dhcpv6-options/node.def | 49 +++++++ .../dhcpv6-options/parameters-only/node.def | 3 + .../node.tag/dhcpv6-options/temporary/node.def | 3 + 7 files changed, 256 insertions(+), 9 deletions(-) create mode 100644 scripts/vyatta-dhcpv6-client.pl create mode 100644 templates/interfaces/ethernet/node.tag/dhcpv6-options/node.def create mode 100644 templates/interfaces/ethernet/node.tag/dhcpv6-options/parameters-only/node.def create mode 100644 templates/interfaces/ethernet/node.tag/dhcpv6-options/temporary/node.def (limited to 'scripts') diff --git a/Makefile.am b/Makefile.am index ac8374a3..e4025c5b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -56,6 +56,7 @@ sbin_SCRIPTS += scripts/install/install-image-existing sbin_SCRIPTS += scripts/install/install-postinst-new sbin_SCRIPTS += scripts/install/install-image sbin_SCRIPTS += scripts/vyatta-bridgegroup-depedency.pl +sbin_SCRIPTS += scripts/vyatta-dhcpv6-client.pl share_perl5_DATA = lib/Vyatta/Login/User.pm share_perl5_DATA += lib/Vyatta/Login/RadiusServer.pm diff --git a/scripts/vyatta-dhcpv6-client.pl b/scripts/vyatta-dhcpv6-client.pl new file mode 100644 index 00000000..c1a0dbd3 --- /dev/null +++ b/scripts/vyatta-dhcpv6-client.pl @@ -0,0 +1,157 @@ +#!/usr/bin/perl +# +# Module: vyatta-dhcpv6-client.pl +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2005-2009 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Bob Gilligan +# Date: April 2010 +# Description: Start and stop DHCPv6 client daemon for an interface. +# +# **** End License **** +# +# + +use strict; +use lib "/opt/vyatta/share/perl5/"; +use FileHandle; +use Vyatta::Config; +use Getopt::Long; + +my $start_flag; # Start the daemon +my $stop_flag; # Stop the daemon and delete all config files +my $release_flag; # Stop the daemon, but leave config file +my $renew_flag; # Re-start the daemon. Functionally same as start_flag +my $temp_flag; +my $params_only_flag; +my $ifname; + + +sub gen_conf_file { + my ($conffile, $ifname) = @_; + + my $FD_WR = new FileHandle; + + if (!open($FD_WR, ">$conffile")) { + printf("Can't write config file: $conffile\n"); + exit 1; + } + my $date = `date`; + my $user = `id -un`; + my $hostname = `hostname`; + chomp($date); + chomp($user); + chomp($hostname); + + print $FD_WR "# This file was auto-generated by the Vyatta\n"; + print $FD_WR "# configuration sub-system. Do not edit it.\n"; + print $FD_WR "\n"; + print $FD_WR "# Generated on $date by $user\n"; + print $FD_WR "#\n"; + print $FD_WR "interface \"$ifname\" {\n"; + print $FD_WR " send host-name \"$hostname\";\n"; + print $FD_WR " send dhcp6.oro 1, 2, 7, 12, 13, 23, 24, 39;\n"; + print $FD_WR "}\n"; +} + + +# +# Main Section +# + +GetOptions("start" => \$start_flag, + "stop" => \$stop_flag, + "release" => \$release_flag, + "renew" => \$renew_flag, + "temporary" => \$temp_flag, + "parameters-only" => \$params_only_flag, + "ifname=s" => \$ifname, + ); + +if ((defined $temp_flag) && (defined $params_only_flag)) { + printf("Error: --temporary and --parameters-only flags are mutually exclusive.\n"); + exit 1; +} + +if (!defined $ifname) { + printf("Error: Interface name must be specified with --ifname parameter.\n"); + exit 1; +} + +my $pidfile = "/var/lib/dhcp3/dhclient_v6_$ifname.pid"; +my $leasefile = "/var/lib/dhcp3/dhclient_v6_$ifname.leases"; +my $conffile = "/var/lib/dhcp3/dhclient_v6_$ifname.conf"; +my $cmdname = "/sbin/dhclient"; + +if (defined $release_flag) { + if (! -e $conffile) { + printf("DHCPv6 client is not configured on interface $ifname.\n"); + exit 1; + } + + if (! -e $pidfile) { + printf("DHCPv6 client is already released on interface $ifname.\n"); + exit 1; + } +} + +if (defined $renew_flag) { + if (! -e $conffile) { + printf("DHCPv6 client is not configured on interface $ifname.\n"); + exit 1; + } +} + +if (defined $stop_flag || defined $release_flag) { + # Stop dhclient -6 on $ifname + + printf("Stopping daemon...\n"); + my $output=`$cmdname -6 -nw -cf $conffile -pf $pidfile -lf $leasefile -r $ifname`; + printf($output); + + # Delete files it leaves behind... + printf("Deleting related files...\n"); + unlink($pidfile); + if (defined $stop_flag) { + # If just releasing, leave the config file around as a flag that + # DHCPv6 remains configured on this interface. + unlink($conffile); + } +} + +if (defined $start_flag || defined $renew_flag) { + # Generate the DHCP client config file... + gen_conf_file($conffile, $ifname); + + # First, kill any previous instance of dhclient running on this interface + # + printf("Stopping old daemon...\n"); + my $output = `$cmdname -6 -pf $pidfile -x $ifname`; + printf($output); + + # start "dhclient -6" on $ifname + + my $args = ""; + if (defined $temp_flag) { + $args .= " -T"; + } + if (defined $params_only_flag) { + $args .= " -S"; + } + + printf("Starting new daemon...\n"); + my $output=`$cmdname -6 -nw -cf $conffile -pf $pidfile -lf $leasefile $args $ifname`; + printf($output); +} diff --git a/scripts/vyatta-interfaces.pl b/scripts/vyatta-interfaces.pl index 90d8dfc7..42ffc7d8 100755 --- a/scripts/vyatta-interfaces.pl +++ b/scripts/vyatta-interfaces.pl @@ -356,6 +356,13 @@ sub is_valid_addr_set { exit 0; } + if ($addr_net eq "dhcpv6") { + die "Error: can't use dhcpv6 client on loopback interface\n" + if ($intf eq "lo"); + + exit 0; + } + my ($addr, $net); if ($addr_net =~ m/^([0-9a-fA-F\.\:]+)\/(\d+)$/) { $addr = $1; @@ -423,7 +430,7 @@ sub is_valid_addr_commit { $dhcp = 1; } else { my $version = is_ip_v4_or_v6($addr); - if ($version == 4) { + if (defined($version) && $version == 4) { $static_v4 = 1; } } diff --git a/templates/interfaces/ethernet/node.tag/address/node.def b/templates/interfaces/ethernet/node.tag/address/node.def index db87ff05..7ed12bba 100644 --- a/templates/interfaces/ethernet/node.tag/address/node.def +++ b/templates/interfaces/ethernet/node.tag/address/node.def @@ -15,14 +15,41 @@ syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr-set # commit:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr-commit $VAR(@@) --dev $VAR(../@)" -create:sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@) - -delete:sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@) - -allowed: echo "dhcp <>" +create: + ifname=$VAR(../@) + param=$VAR(@) + if [ "$param" = "dhcpv6" ]; then + if [ -n "$VAR(../dhcpv6-options/parameters-only)" ]; then + echo "parameters-only is set" + arg1="--parameters-only" + fi + if [ -n "$VAR(../dhcpv6-options/temporary)" ]; then + echo "temporary is set" + arg2="--temporary" + fi + + echo "Starting DHCPv6 client on ${ifname}..." + sudo /opt/vyatta/sbin/vyatta-dhcpv6-client.pl --start \ + --ifname $ifname $arg1 $arg2 + else + sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@) + fi + +delete: + ifname=$VAR(../@) + param=$VAR(@) + if [ "$param" = "dhcpv6" ]; then + echo "Stopping DHCPv6 client on ${ifname}..." + sudo /opt/vyatta/sbin/vyatta-dhcpv6-client.pl --stop --ifname \ + $ifname + else + sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@) + fi + +allowed: echo "dhcp dhcpv6 <>" comp_help:Possible completions: - Set the IP address and prefix length + Set the IPv4 address and prefix length Set the IPv6 address and prefix length - dhcp Set the IP address and prefix length via DHCP - + dhcp Set the IPv4 address and prefix length via DHCP + dhcpv6 Set the IPv6 address and prefix length via DHCPv6 diff --git a/templates/interfaces/ethernet/node.tag/dhcpv6-options/node.def b/templates/interfaces/ethernet/node.tag/dhcpv6-options/node.def new file mode 100644 index 00000000..aaeca067 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/dhcpv6-options/node.def @@ -0,0 +1,49 @@ +# This node is run before the rest of the interface is configured. +# We first check to see if DHCPv6 is still configured on the interface by +# looking over at the interface address parameters. Then we check to see +# if the DHCPv6 client program is still running on this interface. If both +# of those are true, then any change to this tree means that the user +# has changed this tree ONLY, and that we are going to have to re-start +# the DHCPv6 client using the new parameters. + + +priority: 317 # Run before interface has been configured + +help: Set options for DHCPv6 + +end: + ifname="$VAR(../@)" + echo "dhcpv6-options: ifname is $ifname" + + dhcpv6_set=0 + for param in $VAR(../address/@@); do + if [ "$param" = "dhcpv6" ]; then + dhcpv6_set=1 + fi + done + + if [ $dhcpv6_set -eq 0 ]; then + echo "DHCPv6 is not configured on this interface" + exit 0 + fi + + conffile=/var/lib/dhcp3/dhclient_v6_$VAR(../@).conf + if [ ! -e $conffile ]; then + echo "Conf file $conffile doesn't exist" + exit 0 + fi + + if [ -n "$VAR(./parameters-only)" ]; then + arg1="--parameters-only" + fi + + if [ -n "$VAR(./temporary)" ]; then + arg2="--temporary" + fi + + echo "Re-starting DHCPv6 client on ${ifname}..." + sudo /opt/vyatta/sbin/vyatta-dhcpv6-client.pl --stop --start \ + --ifname $ifname $arg1 $arg2 + + echo "Done." + exit 0 \ No newline at end of file diff --git a/templates/interfaces/ethernet/node.tag/dhcpv6-options/parameters-only/node.def b/templates/interfaces/ethernet/node.tag/dhcpv6-options/parameters-only/node.def new file mode 100644 index 00000000..0178c469 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/dhcpv6-options/parameters-only/node.def @@ -0,0 +1,3 @@ + +help: Acquire only config parameters, not address, via DHCPv6 + diff --git a/templates/interfaces/ethernet/node.tag/dhcpv6-options/temporary/node.def b/templates/interfaces/ethernet/node.tag/dhcpv6-options/temporary/node.def new file mode 100644 index 00000000..afb9de9c --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/dhcpv6-options/temporary/node.def @@ -0,0 +1,3 @@ + +help: Acquire a "temporary" IPv6 address + -- cgit v1.2.3 From 481e7ac37759e4fc061d7e56a630eb16ea9b0f1c Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Fri, 28 May 2010 14:31:38 -0700 Subject: Fix 5521: Cannot Delete vif with vrrp configured. --- scripts/keepalived/vyatta-keepalived.pl | 1 + 1 file changed, 1 insertion(+) (limited to 'scripts') diff --git a/scripts/keepalived/vyatta-keepalived.pl b/scripts/keepalived/vyatta-keepalived.pl index e87c9f64..2c84f252 100755 --- a/scripts/keepalived/vyatta-keepalived.pl +++ b/scripts/keepalived/vyatta-keepalived.pl @@ -212,6 +212,7 @@ sub vrrp_get_sync_groups { sub vrrp_read_changes { my @lines = (); + return @lines if ! -e $changes_file; open(my $FILE, "<", $changes_file) or die "Error: read $!"; @lines = <$FILE>; close($FILE); -- cgit v1.2.3 From fa76fb6b1d99218cfd3a181b8dcc718d83906f93 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Thu, 3 Jun 2010 16:29:20 -0700 Subject: move list functions to vrrp perl module so other scripts can use it as well --- scripts/keepalived/vyatta-keepalived.pl | 34 +++------------------------------ 1 file changed, 3 insertions(+), 31 deletions(-) (limited to 'scripts') diff --git a/scripts/keepalived/vyatta-keepalived.pl b/scripts/keepalived/vyatta-keepalived.pl index 2c84f252..b891bdf7 100755 --- a/scripts/keepalived/vyatta-keepalived.pl +++ b/scripts/keepalived/vyatta-keepalived.pl @@ -205,7 +205,9 @@ sub vrrp_get_sync_groups { foreach my $vrrp_instance ( 0 .. $#{ $HoA_sync_groups{$sync_group} } ) { $output .= "\t\t$HoA_sync_groups{$sync_group}[$vrrp_instance]\n"; } - $output .= "\t\}\n\}\n"; + $output .= "\t\}\n"; + ## add conntrack-sync part here if configured ## + $output .= "\}\n"; } return $output; } @@ -354,36 +356,6 @@ sub keepalived_write_file { close $fh; } -sub list_vrrp_intf { - my $config = new Vyatta::Config; - my @intfs = (); - - foreach my $name ( getInterfaces() ) { - my $intf = new Vyatta::Interface($name); - next unless $intf; - my $path = $intf->path(); - $config->setLevel($path); - push @intfs, $name if $config->existsOrig("vrrp"); - } - - return @intfs; -} - -sub list_vrrp_group { - my ($name) = @_; - my $config = new Vyatta::Config; - my $path; - - my $intf = new Vyatta::Interface($name); - next unless $intf; - $path = $intf->path(); - $path .= " vrrp vrrp-group"; - $config->setLevel($path); - my @groups = $config->listOrigNodes(); - return @groups; -} - - # # main # -- cgit v1.2.3 From 67151d699de7c046c9bd557bbadc5fe12950228e Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 26 May 2010 17:18:49 -0700 Subject: Fix use of bareword file handles Rather than using BAREWORD file handles, use 3 arg open and local variable. --- scripts/system/vyatta_update_resolv.pl | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) (limited to 'scripts') diff --git a/scripts/system/vyatta_update_resolv.pl b/scripts/system/vyatta_update_resolv.pl index 7f2b84b2..a4e2b9ba 100755 --- a/scripts/system/vyatta_update_resolv.pl +++ b/scripts/system/vyatta_update_resolv.pl @@ -134,10 +134,11 @@ if ($dhclient_script == 1) { } } if ($ns_in_resolvconf == 0) { - open (APPEND, ">>/etc/resolv.conf") or die "$! error trying to overwrite"; - print APPEND "nameserver\t$ns\t\t#nameserver written by $0\n"; - close (APPEND); - $restart_ntp = 1; + open (my $rf, '>>', '/etc/resolv.conf') + or die "$! error trying to overwrite"; + print $rf "nameserver\t$ns\t\t#nameserver written by $0\n"; + close $rf; + $restart_ntp = 1; } } } @@ -190,37 +191,40 @@ if ($dhclient_script == 1) { my @resolv; if (-e '/etc/resolv.conf') { - open (RESOLV, '; - close (RESOLV); + open (my $f, '<', '/etc/resolv.conf') + or die("$0: Error! Unable to open '/etc/resolv.conf' for input: $!\n"); + @resolv = <$f>; + close ($f); } my $foundSearch = 0; my $foundDomain = 0; -open (RESOLV, '>/etc/resolv.conf') or die("$0: Error! Unable to open '/etc/resolv.conf' for output: $!\n"); +open (my $r, '>', '/etc/resolv.conf') + or die("$0: Error! Unable to open '/etc/resolv.conf' for output: $!\n"); + foreach my $line (@resolv) { if ($line =~ /^search\s/) { $foundSearch = 1; if (length($search) > 0) { - print RESOLV $search; + print $r $search; } } elsif ($line =~ /^domain\s/) { $foundDomain = 1; if (length($domain) > 0) { - print RESOLV $domain; + print $r $domain; } } else { - print RESOLV $line; + print $r $line; } } if ($foundSearch == 0 && length($search) > 0) { - print RESOLV $search; + print $r $search; } if ($foundDomain == 0 && length($domain) > 0) { - print RESOLV $domain; + print $r $domain; } -close (RESOLV); +close ($r); -- cgit v1.2.3 From 62d85a7cd7db7a45733d3d265760c3616879ef15 Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Sun, 30 May 2010 07:13:51 -0700 Subject: Using "send dhcp6.oro" is no longer required in config file. --- scripts/vyatta-dhcpv6-client.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/vyatta-dhcpv6-client.pl b/scripts/vyatta-dhcpv6-client.pl index c1a0dbd3..b23d1700 100644 --- a/scripts/vyatta-dhcpv6-client.pl +++ b/scripts/vyatta-dhcpv6-client.pl @@ -61,8 +61,8 @@ sub gen_conf_file { print $FD_WR "# Generated on $date by $user\n"; print $FD_WR "#\n"; print $FD_WR "interface \"$ifname\" {\n"; - print $FD_WR " send host-name \"$hostname\";\n"; - print $FD_WR " send dhcp6.oro 1, 2, 7, 12, 13, 23, 24, 39;\n"; +# print $FD_WR " send host-name \"$hostname\";\n"; +# print $FD_WR " send dhcp6.oro 1, 2, 7, 12, 13, 23, 24, 39;\n"; print $FD_WR "}\n"; } -- cgit v1.2.3 From e131104a11915b19478cf4a46cd2a18cade05ab3 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 7 Jun 2010 16:20:47 -0700 Subject: Add skip option to vyatta-interfaces Used to skip the existing interface name when doing mirror/redirect --- scripts/vyatta-interfaces.pl | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/vyatta-interfaces.pl b/scripts/vyatta-interfaces.pl index 42ffc7d8..d5abaa36 100755 --- a/scripts/vyatta-interfaces.pl +++ b/scripts/vyatta-interfaces.pl @@ -47,10 +47,11 @@ use warnings; my $dhcp_daemon = '/sbin/dhclient'; -my ($eth_update, $eth_delete, $addr_set, @addr_commit, $dev, $mac, $mac_update); +my ($eth_update, $eth_delete, $addr_set, $dev, $mac, $mac_update); +my %skip_interface; my ($check_name, $show_names, $intf_cli_path, $vif_name, $warn_name); my ($check_up, $show_path, $dhcp_command); -my @speed_duplex; +my (@speed_duplex, @addr_commit); sub usage { print < \$eth_update, "dhcp=s" => \$dhcp_command, "check=s" => \$check_name, "show=s" => \$show_names, + "skip=s" => sub { $skip_interface{$_[1]} = 1 }, "vif=s" => \$vif_name, "warn" => \$warn_name, "path" => \$show_path, @@ -523,6 +525,7 @@ sub show_interfaces { foreach my $name (@interfaces) { my $intf = new Vyatta::Interface($name); next unless $intf; # skip unknown types + next if $skip_interface{$name}; next unless ($type eq 'all' || $type eq $intf->type()); if ($vif_name) { -- cgit v1.2.3 From 5f95547ba4d6f4762ff286ddc4421b27367cdf56 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Wed, 9 Jun 2010 14:46:57 -0700 Subject: * make vrrp work with conntrack-sync --- scripts/keepalived/vyatta-keepalived.pl | 102 ++++++++++++++++++++++++++++---- 1 file changed, 90 insertions(+), 12 deletions(-) (limited to 'scripts') diff --git a/scripts/keepalived/vyatta-keepalived.pl b/scripts/keepalived/vyatta-keepalived.pl index b891bdf7..4ade0394 100755 --- a/scripts/keepalived/vyatta-keepalived.pl +++ b/scripts/keepalived/vyatta-keepalived.pl @@ -28,15 +28,17 @@ use Vyatta::Config; use Vyatta::Keepalived; use Vyatta::TypeChecker; use Vyatta::Interface; +use Vyatta::ConntrackSync; use Vyatta::Misc; use Getopt::Long; use strict; use warnings; -my ($action, $vrrp_intf, $vrrp_group, $vrrp_vip); +my ($action, $vrrp_intf, $vrrp_group, $vrrp_vip, $ctsync); my ($conf_file, $changes_file); my %HoA_sync_groups; +my $ctsync_script = "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh"; sub validate_source_addr { my ($ifname, $source_addr) = @_; @@ -69,6 +71,28 @@ sub validate_source_addr { return; } +sub get_ctsync_syncgrp { + my ($origfunc) = @_; + my $failover_sync_grp = undef; + + my $listnodesfunc = "listNodes"; + my $returnvalfunc = "returnValue"; + if (defined $origfunc) { + $listnodesfunc = "listOrigNodes"; + $returnvalfunc = "returnOrigValue"; + } + + my @failover_mechanism = Vyatta::ConntrackSync::get_conntracksync_val( + $listnodesfunc, "failover-mechanism" ); + + if (defined $failover_mechanism[0] && $failover_mechanism[0] eq 'vrrp') { + $failover_sync_grp = Vyatta::ConntrackSync::get_conntracksync_val( + $returnvalfunc, + "failover-mechanism $failover_mechanism[0] vrrp-sync-group" ); + } + return $failover_sync_grp; +} + sub keepalived_get_values { my ($intf, $path) = @_; @@ -159,7 +183,21 @@ sub keepalived_get_values { $output .= "vrrp_instance $vrrp_instance \{\n"; my $init_state; - $init_state = vrrp_get_init_state($intf, $group, $vips[0], $preempt); + if (defined $ctsync) { + # check if this group is part of conntrack-sync vrrp-sync-group + my $ctsync_syncgrp = get_ctsync_syncgrp(); + my $vrrpsyncgrp = list_vrrp_sync_group($intf, $group, 'returnOrigPlusComValue'); + if ( defined $ctsync_syncgrp && + defined $vrrpsyncgrp && + ($ctsync_syncgrp eq $vrrpsyncgrp) + ) { + $init_state = 'BACKUP'; + } else { + $init_state = vrrp_get_init_state($intf, $group, $vips[0], $preempt); + } + } else { + $init_state = vrrp_get_init_state($intf, $group, $vips[0], $preempt); + } $output .= "\tstate $init_state\n"; $output .= "\tinterface $intf\n"; $output .= "\tvirtual_router_id $group\n"; @@ -203,10 +241,19 @@ sub vrrp_get_sync_groups { foreach my $sync_group ( keys %HoA_sync_groups) { $output .= "vrrp_sync_group $sync_group \{\n\tgroup \{\n"; foreach my $vrrp_instance ( 0 .. $#{ $HoA_sync_groups{$sync_group} } ) { - $output .= "\t\t$HoA_sync_groups{$sync_group}[$vrrp_instance]\n"; + $output .= "\t\t$HoA_sync_groups{$sync_group}[$vrrp_instance]\n"; } $output .= "\t\}\n"; + ## add conntrack-sync part here if configured ## + my $origfunc = undef; + $origfunc = 'true' if ! defined $ctsync; + my $failover_sync_grp = get_ctsync_syncgrp($origfunc); + if (defined $failover_sync_grp && $failover_sync_grp eq $sync_group) { + $output .= "\tnotify_master \"$ctsync_script master $sync_group\"\n"; + $output .= "\tnotify_backup \"$ctsync_script backup $sync_group\"\n"; + $output .= "\tnotify_fault \"$ctsync_script fault $sync_group\"\n"; + } $output .= "\}\n"; } return $output; @@ -303,7 +350,6 @@ sub remove_from_changes { } sub vrrp_update_config { - my ($intf) = @_; my @errs = (); my $date = localtime(); @@ -359,31 +405,63 @@ sub keepalived_write_file { # # main # -GetOptions("vrrp-action=s" => \$action, - "intf=s" => \$vrrp_intf, - "group=s" => \$vrrp_group, - "vip=s" => \$vrrp_vip); +GetOptions("vrrp-action=s" => \$action, + "intf=s" => \$vrrp_intf, + "group=s" => \$vrrp_group, + "vip=s" => \$vrrp_vip, + "ctsync=s" => \$ctsync,); if (! defined $action) { print "no action\n"; exit 1; } +if (! defined $ctsync) { + # make sure sync-group used by ctsync has not been deleted + + my $failover_sync_grp = get_ctsync_syncgrp(); + if (defined $failover_sync_grp) { + # make sure vrrp-sync-group exists + my $sync_grp_exists = 'false'; + my @vrrp_intfs = list_vrrp_intf('exists'); + foreach my $vrrp_intf (@vrrp_intfs) { + my @vrrp_groups = list_vrrp_group($vrrp_intf, 'listNodes'); + foreach my $vrrp_group (@vrrp_groups) { + my $sync_grp = list_vrrp_sync_group($vrrp_intf, $vrrp_group, 'returnValue'); + if (defined $sync_grp && $sync_grp eq "$failover_sync_grp") { + $sync_grp_exists = 'true'; + last; + } + } + last if $sync_grp_exists eq 'true'; + } + + if ($sync_grp_exists eq 'false') { + print "sync-group $failover_sync_grp used for conntrack-sync" . + " is either deleted or undefined\n"; + exit 1; + } + } + +} + if ($action eq "update") { $changes_file = get_changes_file(); $conf_file = get_conf_file(); - vrrp_log("vrrp update $vrrp_intf"); + vrrp_log("vrrp update $vrrp_intf") if defined $vrrp_intf; + vrrp_log("vrrp update conntrack-sync") if defined $ctsync; if ( ! -e $changes_file) { my $num_changes = vrrp_find_changes(); if ($num_changes == 0) { # # Shouldn't happen, but ... # - vrrp_log("unexpected 0 changes"); + vrrp_log("unexpected 0 changes"); } } - my ($vrrp_instances, @errs) = vrrp_update_config($vrrp_intf); - my $more_changes = remove_from_changes($vrrp_intf); + my ($vrrp_instances, @errs) = vrrp_update_config(); + my $more_changes = 0; + $more_changes = remove_from_changes($vrrp_intf) if ! defined $ctsync; vrrp_log(" instances $vrrp_instances, $more_changes"); if ($vrrp_instances > 0 and $more_changes == 0) { restart_daemon($conf_file); -- cgit v1.2.3 From 159b91093c5665e6962954e83d15c31d97d26b94 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Wed, 9 Jun 2010 14:48:27 -0700 Subject: * perltidy vyatta-keepalived.pl --- scripts/keepalived/vyatta-keepalived.pl | 792 ++++++++++++++++---------------- 1 file changed, 401 insertions(+), 391 deletions(-) (limited to 'scripts') diff --git a/scripts/keepalived/vyatta-keepalived.pl b/scripts/keepalived/vyatta-keepalived.pl index 4ade0394..d06b9e36 100755 --- a/scripts/keepalived/vyatta-keepalived.pl +++ b/scripts/keepalived/vyatta-keepalived.pl @@ -1,12 +1,12 @@ #!/usr/bin/perl # # Module: vyatta-keepalived.pl -# +# # **** License **** # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 as # published by the Free Software Foundation. -# +# # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -15,11 +15,11 @@ # This code was originally developed by Vyatta, Inc. # Portions created by Vyatta are Copyright (C) 2007-2009 Vyatta, Inc. # All Rights Reserved. -# +# # Author: Stig Thormodsrud # Date: October 2007 # Description: Script to glue vyatta cli to keepalived daemon -# +# # **** End License **** # @@ -35,40 +35,41 @@ use Getopt::Long; use strict; use warnings; -my ($action, $vrrp_intf, $vrrp_group, $vrrp_vip, $ctsync); -my ($conf_file, $changes_file); +my ( $action, $vrrp_intf, $vrrp_group, $vrrp_vip, $ctsync ); +my ( $conf_file, $changes_file ); my %HoA_sync_groups; my $ctsync_script = "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh"; sub validate_source_addr { - my ($ifname, $source_addr) = @_; - - my @ipaddrs; - if (defined $source_addr) { - my %config_ipaddrs; - my @ipaddrs = Vyatta::Misc::getInterfacesIPadresses('all'); - foreach my $ip (@ipaddrs) { - if ($ip =~ /^([\d.]+)\/([\d.]+)$/) { # strip /mask - $config_ipaddrs{$1} = 1; - } - } - if (!defined $config_ipaddrs{$source_addr}) { - vrrp_log("no hello-source"); - return "hello-source-address [$source_addr] must be " . - "configured on the interface\n"; - } - return; + my ( $ifname, $source_addr ) = @_; + + my @ipaddrs; + if ( defined $source_addr ) { + my %config_ipaddrs; + my @ipaddrs = Vyatta::Misc::getInterfacesIPadresses('all'); + foreach my $ip (@ipaddrs) { + if ( $ip =~ /^([\d.]+)\/([\d.]+)$/ ) { # strip /mask + $config_ipaddrs{$1} = 1; + } } - # if the hello-source-address wasn't configured, check that the - # interface has an IPv4 address configured on it. - my $intf = new Vyatta::Interface($ifname); - @ipaddrs = $intf->address(4); - if (scalar(@ipaddrs) < 1) { - vrrp_log("no primary or hello-source"); - return "must configure either a primary address on [$ifname] or" . - " a hello-source-address\n"; + if ( !defined $config_ipaddrs{$source_addr} ) { + vrrp_log("no hello-source"); + return "hello-source-address [$source_addr] must be " + . "configured on the interface\n"; } return; + } + + # if the hello-source-address wasn't configured, check that the + # interface has an IPv4 address configured on it. + my $intf = new Vyatta::Interface($ifname); + @ipaddrs = $intf->address(4); + if ( scalar(@ipaddrs) < 1 ) { + vrrp_log("no primary or hello-source"); + return "must configure either a primary address on [$ifname] or" + . " a hello-source-address\n"; + } + return; } sub get_ctsync_syncgrp { @@ -77,358 +78,366 @@ sub get_ctsync_syncgrp { my $listnodesfunc = "listNodes"; my $returnvalfunc = "returnValue"; - if (defined $origfunc) { + if ( defined $origfunc ) { $listnodesfunc = "listOrigNodes"; $returnvalfunc = "returnOrigValue"; } - my @failover_mechanism = Vyatta::ConntrackSync::get_conntracksync_val( - $listnodesfunc, "failover-mechanism" ); + my @failover_mechanism = + Vyatta::ConntrackSync::get_conntracksync_val( $listnodesfunc, + "failover-mechanism" ); - if (defined $failover_mechanism[0] && $failover_mechanism[0] eq 'vrrp') { - $failover_sync_grp = Vyatta::ConntrackSync::get_conntracksync_val( - $returnvalfunc, - "failover-mechanism $failover_mechanism[0] vrrp-sync-group" ); + if ( defined $failover_mechanism[0] && $failover_mechanism[0] eq 'vrrp' ) { + $failover_sync_grp = + Vyatta::ConntrackSync::get_conntracksync_val( $returnvalfunc, + "failover-mechanism $failover_mechanism[0] vrrp-sync-group" ); } return $failover_sync_grp; } sub keepalived_get_values { - my ($intf, $path) = @_; - - my @errs = (); - my $output = ''; - my $config = new Vyatta::Config; - - my $state_transition_script = get_state_script(); - - vrrp_log("keepalived_get_values [$intf][$path]"); - $config->setLevel("$path vrrp vrrp-group"); - my @groups = $config->listNodes(); - foreach my $group (@groups) { - my $vrrp_instance = "vyatta-$intf-$group"; - $config->setLevel("$path vrrp vrrp-group $group"); - if ($config->exists("disable")) { - vrrp_log("$vrrp_instance disabled - skipping"); - my $state_file = get_state_file($intf, $group); - system("rm -f $state_file"); - next; - } - my @vips = $config->returnValues("virtual-address"); - my $num_vips = scalar(@vips); - if ($num_vips == 0) { - push @errs, "must define a virtual-address for vrrp-group $group\n"; - next; - } - if ($num_vips > 20) { - push @errs, "can not set more than 20 VIPs per group\n"; - next - } - my $priority = $config->returnValue("priority"); - if (!defined $priority) { - $priority = 1; - } - my $preempt = $config->returnValue("preempt"); - if (!defined $preempt) { - $preempt = "true"; - } - my $preempt_delay = $config->returnValue("preempt-delay"); - if (defined $preempt_delay and $preempt eq "false") { - print "Warning: preempt delay is ignored when preempt=false\n"; - } - my $advert_int = $config->returnValue("advertise-interval"); - if (!defined $advert_int) { - $advert_int = 1; - } - my $sync_group = $config->returnValue("sync-group"); - if (defined $sync_group && $sync_group ne "") { - push @{ $HoA_sync_groups{$sync_group} }, $vrrp_instance; - } - my $hello_source_addr = $config->returnValue("hello-source-address"); - my $err = validate_source_addr($intf, $hello_source_addr); - if (defined $err) { - push @errs, $err; - next; - } - - $config->setLevel("$path vrrp vrrp-group $group authentication"); - my $auth_type = $config->returnValue("type"); - my $auth_pass; - if (defined $auth_type) { - $auth_type = "PASS" if $auth_type eq "simple"; - $auth_type = uc($auth_type); - $auth_pass = $config->returnValue("password"); - if (! defined $auth_pass) { - push @errs, "vrrp authentication password not set\n"; - next; - } - } - - $config->setLevel("$path vrrp vrrp-group $group run-transition-scripts"); - my $run_backup_script = $config->returnValue("backup"); - if(!defined $run_backup_script){ - $run_backup_script = "null"; - } - my $run_fault_script = $config->returnValue("fault"); - if(!defined $run_fault_script){ - $run_fault_script = "null"; - } - my $run_master_script = $config->returnValue("master"); - if(!defined $run_master_script){ - $run_master_script = "null"; - } + my ( $intf, $path ) = @_; + + my @errs = (); + my $output = ''; + my $config = new Vyatta::Config; + + my $state_transition_script = get_state_script(); + + vrrp_log("keepalived_get_values [$intf][$path]"); + $config->setLevel("$path vrrp vrrp-group"); + my @groups = $config->listNodes(); + foreach my $group (@groups) { + my $vrrp_instance = "vyatta-$intf-$group"; + $config->setLevel("$path vrrp vrrp-group $group"); + if ( $config->exists("disable") ) { + vrrp_log("$vrrp_instance disabled - skipping"); + my $state_file = get_state_file( $intf, $group ); + system("rm -f $state_file"); + next; + } + my @vips = $config->returnValues("virtual-address"); + my $num_vips = scalar(@vips); + if ( $num_vips == 0 ) { + push @errs, "must define a virtual-address for vrrp-group $group\n"; + next; + } + if ( $num_vips > 20 ) { + push @errs, "can not set more than 20 VIPs per group\n"; + next; + } + my $priority = $config->returnValue("priority"); + if ( !defined $priority ) { + $priority = 1; + } + my $preempt = $config->returnValue("preempt"); + if ( !defined $preempt ) { + $preempt = "true"; + } + my $preempt_delay = $config->returnValue("preempt-delay"); + if ( defined $preempt_delay and $preempt eq "false" ) { + print "Warning: preempt delay is ignored when preempt=false\n"; + } + my $advert_int = $config->returnValue("advertise-interval"); + if ( !defined $advert_int ) { + $advert_int = 1; + } + my $sync_group = $config->returnValue("sync-group"); + if ( defined $sync_group && $sync_group ne "" ) { + push @{ $HoA_sync_groups{$sync_group} }, $vrrp_instance; + } + my $hello_source_addr = $config->returnValue("hello-source-address"); + my $err = validate_source_addr( $intf, $hello_source_addr ); + if ( defined $err ) { + push @errs, $err; + next; + } - # We now have the values and have validated them, so - # generate the config. - - $output .= "vrrp_instance $vrrp_instance \{\n"; - my $init_state; - if (defined $ctsync) { - # check if this group is part of conntrack-sync vrrp-sync-group - my $ctsync_syncgrp = get_ctsync_syncgrp(); - my $vrrpsyncgrp = list_vrrp_sync_group($intf, $group, 'returnOrigPlusComValue'); - if ( defined $ctsync_syncgrp && - defined $vrrpsyncgrp && - ($ctsync_syncgrp eq $vrrpsyncgrp) - ) { - $init_state = 'BACKUP'; - } else { - $init_state = vrrp_get_init_state($intf, $group, $vips[0], $preempt); - } - } else { - $init_state = vrrp_get_init_state($intf, $group, $vips[0], $preempt); - } - $output .= "\tstate $init_state\n"; - $output .= "\tinterface $intf\n"; - $output .= "\tvirtual_router_id $group\n"; - $output .= "\tpriority $priority\n"; - if ($preempt eq "false") { - $output .= "\tnopreempt\n"; - } - if (defined $preempt_delay) { - $output .= "\tpreempt_delay $preempt_delay\n"; - } - $output .= "\tadvert_int $advert_int\n"; - if (defined $auth_type) { - $output .= "\tauthentication {\n"; - $output .= "\t\tauth_type $auth_type\n"; - $output .= "\t\tauth_pass $auth_pass\n\t}\n"; - } - if (defined $hello_source_addr) { - $output .= "\tmcast_src_ip $hello_source_addr\n"; - } - $output .= "\tvirtual_ipaddress \{\n"; - foreach my $vip (@vips) { - $output .= "\t\t$vip\n"; - } - $output .= "\t\}\n"; - $output .= "\tnotify_master \"$state_transition_script master "; - $output .= "$intf $group $run_master_script @vips\" \n"; - $output .= "\tnotify_backup \"$state_transition_script backup "; - $output .= "$intf $group $run_backup_script @vips\" \n"; - $output .= "\tnotify_fault \"$state_transition_script fault "; - $output .= "$intf $group $run_fault_script @vips\" \n"; - $output .= "\}\n\n"; + $config->setLevel("$path vrrp vrrp-group $group authentication"); + my $auth_type = $config->returnValue("type"); + my $auth_pass; + if ( defined $auth_type ) { + $auth_type = "PASS" if $auth_type eq "simple"; + $auth_type = uc($auth_type); + $auth_pass = $config->returnValue("password"); + if ( !defined $auth_pass ) { + push @errs, "vrrp authentication password not set\n"; + next; + } } - return ($output, @errs); + $config->setLevel("$path vrrp vrrp-group $group run-transition-scripts"); + my $run_backup_script = $config->returnValue("backup"); + if ( !defined $run_backup_script ) { + $run_backup_script = "null"; + } + my $run_fault_script = $config->returnValue("fault"); + if ( !defined $run_fault_script ) { + $run_fault_script = "null"; + } + my $run_master_script = $config->returnValue("master"); + if ( !defined $run_master_script ) { + $run_master_script = "null"; + } + + # We now have the values and have validated them, so + # generate the config. + + $output .= "vrrp_instance $vrrp_instance \{\n"; + my $init_state; + if ( defined $ctsync ) { + + # check if this group is part of conntrack-sync vrrp-sync-group + my $ctsync_syncgrp = get_ctsync_syncgrp(); + my $vrrpsyncgrp = + list_vrrp_sync_group( $intf, $group, 'returnOrigPlusComValue' ); + if ( defined $ctsync_syncgrp + && defined $vrrpsyncgrp + && ( $ctsync_syncgrp eq $vrrpsyncgrp ) ) + { + $init_state = 'BACKUP'; + } else { + $init_state = vrrp_get_init_state( $intf, $group, $vips[0], $preempt ); + } + } else { + $init_state = vrrp_get_init_state( $intf, $group, $vips[0], $preempt ); + } + $output .= "\tstate $init_state\n"; + $output .= "\tinterface $intf\n"; + $output .= "\tvirtual_router_id $group\n"; + $output .= "\tpriority $priority\n"; + if ( $preempt eq "false" ) { + $output .= "\tnopreempt\n"; + } + if ( defined $preempt_delay ) { + $output .= "\tpreempt_delay $preempt_delay\n"; + } + $output .= "\tadvert_int $advert_int\n"; + if ( defined $auth_type ) { + $output .= "\tauthentication {\n"; + $output .= "\t\tauth_type $auth_type\n"; + $output .= "\t\tauth_pass $auth_pass\n\t}\n"; + } + if ( defined $hello_source_addr ) { + $output .= "\tmcast_src_ip $hello_source_addr\n"; + } + $output .= "\tvirtual_ipaddress \{\n"; + foreach my $vip (@vips) { + $output .= "\t\t$vip\n"; + } + $output .= "\t\}\n"; + $output .= "\tnotify_master \"$state_transition_script master "; + $output .= "$intf $group $run_master_script @vips\" \n"; + $output .= "\tnotify_backup \"$state_transition_script backup "; + $output .= "$intf $group $run_backup_script @vips\" \n"; + $output .= "\tnotify_fault \"$state_transition_script fault "; + $output .= "$intf $group $run_fault_script @vips\" \n"; + $output .= "\}\n\n"; + } + + return ( $output, @errs ); } sub vrrp_get_sync_groups { - - my $output = ""; - - foreach my $sync_group ( keys %HoA_sync_groups) { - $output .= "vrrp_sync_group $sync_group \{\n\tgroup \{\n"; - foreach my $vrrp_instance ( 0 .. $#{ $HoA_sync_groups{$sync_group} } ) { - $output .= "\t\t$HoA_sync_groups{$sync_group}[$vrrp_instance]\n"; - } - $output .= "\t\}\n"; - - ## add conntrack-sync part here if configured ## - my $origfunc = undef; - $origfunc = 'true' if ! defined $ctsync; - my $failover_sync_grp = get_ctsync_syncgrp($origfunc); - if (defined $failover_sync_grp && $failover_sync_grp eq $sync_group) { - $output .= "\tnotify_master \"$ctsync_script master $sync_group\"\n"; - $output .= "\tnotify_backup \"$ctsync_script backup $sync_group\"\n"; - $output .= "\tnotify_fault \"$ctsync_script fault $sync_group\"\n"; - } - $output .= "\}\n"; + + my $output = ""; + + foreach my $sync_group ( keys %HoA_sync_groups ) { + $output .= "vrrp_sync_group $sync_group \{\n\tgroup \{\n"; + foreach my $vrrp_instance ( 0 .. $#{ $HoA_sync_groups{$sync_group} } ) { + $output .= "\t\t$HoA_sync_groups{$sync_group}[$vrrp_instance]\n"; + } + $output .= "\t\}\n"; + + ## add conntrack-sync part here if configured ## + my $origfunc = undef; + $origfunc = 'true' if !defined $ctsync; + my $failover_sync_grp = get_ctsync_syncgrp($origfunc); + if ( defined $failover_sync_grp && $failover_sync_grp eq $sync_group ) { + $output .= "\tnotify_master \"$ctsync_script master $sync_group\"\n"; + $output .= "\tnotify_backup \"$ctsync_script backup $sync_group\"\n"; + $output .= "\tnotify_fault \"$ctsync_script fault $sync_group\"\n"; } - return $output; + $output .= "\}\n"; + } + return $output; } sub vrrp_read_changes { - my @lines = (); - return @lines if ! -e $changes_file; - open(my $FILE, "<", $changes_file) or die "Error: read $!"; - @lines = <$FILE>; - close($FILE); - chomp @lines; - return @lines; + my @lines = (); + return @lines if !-e $changes_file; + open( my $FILE, "<", $changes_file ) or die "Error: read $!"; + @lines = <$FILE>; + close($FILE); + chomp @lines; + return @lines; } sub vrrp_save_changes { - my @list = @_; + my @list = @_; - my $num_changes = scalar(@list); - vrrp_log("saving changes file $num_changes"); - open(my $FILE, ">", $changes_file) or die "Error: write $!"; - print $FILE join("\n", @list), "\n"; - close($FILE); + my $num_changes = scalar(@list); + vrrp_log("saving changes file $num_changes"); + open( my $FILE, ">", $changes_file ) or die "Error: write $!"; + print $FILE join( "\n", @list ), "\n"; + close($FILE); } sub vrrp_find_changes { - my @list = (); - my $config = new Vyatta::Config; - my $vrrp_instances = 0; - - foreach my $name ( getInterfaces() ) { - my $intf = new Vyatta::Interface($name); - next unless $intf; - my $path = $intf->path(); - $config->setLevel($path); - if ($config->exists("vrrp")) { - my %vrrp_status_hash = $config->listNodeStatus("vrrp"); - my ($vrrp, $vrrp_status) = each(%vrrp_status_hash); - if ($vrrp_status ne "static") { - push @list, $name; - vrrp_log("$vrrp_status found $name"); - } - } - - # - # Now look for deleted from the origin tree - # - $config->setLevel($path); - if ($config->isDeleted("vrrp")) { - push @list, $name; - vrrp_log("Delete found $name"); - } - - + my @list = (); + my $config = new Vyatta::Config; + my $vrrp_instances = 0; + + foreach my $name ( getInterfaces() ) { + my $intf = new Vyatta::Interface($name); + next unless $intf; + my $path = $intf->path(); + $config->setLevel($path); + if ( $config->exists("vrrp") ) { + my %vrrp_status_hash = $config->listNodeStatus("vrrp"); + my ( $vrrp, $vrrp_status ) = each(%vrrp_status_hash); + if ( $vrrp_status ne "static" ) { + push @list, $name; + vrrp_log("$vrrp_status found $name"); + } } - my $num = scalar(@list); - vrrp_log("Start transation: $num changes"); - if ($num) { - vrrp_save_changes(@list); + # + # Now look for deleted from the origin tree + # + $config->setLevel($path); + if ( $config->isDeleted("vrrp") ) { + push @list, $name; + vrrp_log("Delete found $name"); } - return $num; + + } + + my $num = scalar(@list); + vrrp_log("Start transation: $num changes"); + if ($num) { + vrrp_save_changes(@list); + } + return $num; } sub remove_from_changes { - my $intf = shift; - - my @lines = vrrp_read_changes(); - if (scalar(@lines) < 1) { - # - # we shouldn't get to this point, but try to handle it if we do - # - vrrp_log("unexpected remove_from_changes()"); - system("rm -f $changes_file"); - return 0; - } - my @new_lines = (); - foreach my $line (@lines) { - if ($line =~ /$intf$/) { - vrrp_log("remove_from_changes [$line]"); - } else { - push @new_lines, $line; - } - } + my $intf = shift; + + my @lines = vrrp_read_changes(); + if ( scalar(@lines) < 1 ) { - my $num_changes = scalar(@new_lines); - if ($num_changes > 0) { - vrrp_save_changes(@new_lines); + # + # we shouldn't get to this point, but try to handle it if we do + # + vrrp_log("unexpected remove_from_changes()"); + system("rm -f $changes_file"); + return 0; + } + my @new_lines = (); + foreach my $line (@lines) { + if ( $line =~ /$intf$/ ) { + vrrp_log("remove_from_changes [$line]"); } else { - system("rm -f $changes_file"); + push @new_lines, $line; } - return $num_changes; + } + + my $num_changes = scalar(@new_lines); + if ( $num_changes > 0 ) { + vrrp_save_changes(@new_lines); + } else { + system("rm -f $changes_file"); + } + return $num_changes; } sub vrrp_update_config { - my @errs = (); - my $date = localtime(); - my $output = "#\n# autogenerated by $0 on $date\n#\n\n"; - - my $config = new Vyatta::Config; - my $vrrp_instances = 0; - - foreach my $name ( getInterfaces() ) { - my $intf = new Vyatta::Interface($name); - next unless $intf; - my $path = $intf->path(); - $config->setLevel($path); - if ($config->exists("vrrp")) { - # - # keepalived gets real grumpy with interfaces that - # don't exist, so skip vlans that haven't been - # instantiated yet (typically occurs at boot up). - # - if (!(-d "/sys/class/net/$name")) { - push @errs, "$name doesn't exist"; - next; - } - my ($inst_output, @inst_errs) = - keepalived_get_values($name, $path); - if (scalar(@inst_errs)) { - push @errs, @inst_errs; - } else { - $output .= $inst_output; - $vrrp_instances++; - } - } + my @errs = (); + my $date = localtime(); + my $output = "#\n# autogenerated by $0 on $date\n#\n\n"; + + my $config = new Vyatta::Config; + my $vrrp_instances = 0; + + foreach my $name ( getInterfaces() ) { + my $intf = new Vyatta::Interface($name); + next unless $intf; + my $path = $intf->path(); + $config->setLevel($path); + if ( $config->exists("vrrp") ) { + + # + # keepalived gets real grumpy with interfaces that + # don't exist, so skip vlans that haven't been + # instantiated yet (typically occurs at boot up). + # + if ( !( -d "/sys/class/net/$name" ) ) { + push @errs, "$name doesn't exist"; + next; + } + my ( $inst_output, @inst_errs ) = keepalived_get_values( $name, $path ); + if ( scalar(@inst_errs) ) { + push @errs, @inst_errs; + } else { + $output .= $inst_output; + $vrrp_instances++; + } + } + } + + if ( $vrrp_instances > 0 ) { + my $sync_groups = vrrp_get_sync_groups(); + if ( defined $sync_groups && $sync_groups ne "" ) { + $output = $sync_groups . $output; } - - if ($vrrp_instances > 0) { - my $sync_groups = vrrp_get_sync_groups(); - if (defined $sync_groups && $sync_groups ne "") { - $output = $sync_groups . $output; - } - keepalived_write_file($conf_file, $output); - } - return ($vrrp_instances, @errs); + keepalived_write_file( $conf_file, $output ); + } + return ( $vrrp_instances, @errs ); } sub keepalived_write_file { - my ($file, $data) = @_; + my ( $file, $data ) = @_; - open(my $fh, '>', $file) || die "Couldn't open $file - $!"; - print $fh $data; - close $fh; + open( my $fh, '>', $file ) || die "Couldn't open $file - $!"; + print $fh $data; + close $fh; } # # main # -GetOptions("vrrp-action=s" => \$action, - "intf=s" => \$vrrp_intf, - "group=s" => \$vrrp_group, - "vip=s" => \$vrrp_vip, - "ctsync=s" => \$ctsync,); - -if (! defined $action) { - print "no action\n"; - exit 1; +GetOptions( + "vrrp-action=s" => \$action, + "intf=s" => \$vrrp_intf, + "group=s" => \$vrrp_group, + "vip=s" => \$vrrp_vip, + "ctsync=s" => \$ctsync, +); + +if ( !defined $action ) { + print "no action\n"; + exit 1; } -if (! defined $ctsync) { +if ( !defined $ctsync ) { + # make sure sync-group used by ctsync has not been deleted my $failover_sync_grp = get_ctsync_syncgrp(); - if (defined $failover_sync_grp) { + if ( defined $failover_sync_grp ) { + # make sure vrrp-sync-group exists my $sync_grp_exists = 'false'; - my @vrrp_intfs = list_vrrp_intf('exists'); + my @vrrp_intfs = list_vrrp_intf('exists'); foreach my $vrrp_intf (@vrrp_intfs) { - my @vrrp_groups = list_vrrp_group($vrrp_intf, 'listNodes'); + my @vrrp_groups = list_vrrp_group( $vrrp_intf, 'listNodes' ); foreach my $vrrp_group (@vrrp_groups) { - my $sync_grp = list_vrrp_sync_group($vrrp_intf, $vrrp_group, 'returnValue'); - if (defined $sync_grp && $sync_grp eq "$failover_sync_grp") { + my $sync_grp = + list_vrrp_sync_group( $vrrp_intf, $vrrp_group, 'returnValue' ); + if ( defined $sync_grp && $sync_grp eq "$failover_sync_grp" ) { $sync_grp_exists = 'true'; last; } @@ -436,88 +445,89 @@ if (! defined $ctsync) { last if $sync_grp_exists eq 'true'; } - if ($sync_grp_exists eq 'false') { - print "sync-group $failover_sync_grp used for conntrack-sync" . - " is either deleted or undefined\n"; + if ( $sync_grp_exists eq 'false' ) { + print "sync-group $failover_sync_grp used for conntrack-sync" + . " is either deleted or undefined\n"; exit 1; - } + } } } -if ($action eq "update") { - $changes_file = get_changes_file(); - $conf_file = get_conf_file(); - vrrp_log("vrrp update $vrrp_intf") if defined $vrrp_intf; - vrrp_log("vrrp update conntrack-sync") if defined $ctsync; - if ( ! -e $changes_file) { - my $num_changes = vrrp_find_changes(); - if ($num_changes == 0) { - # - # Shouldn't happen, but ... - # - vrrp_log("unexpected 0 changes"); - } - } - my ($vrrp_instances, @errs) = vrrp_update_config(); - my $more_changes = 0; - $more_changes = remove_from_changes($vrrp_intf) if ! defined $ctsync; - vrrp_log(" instances $vrrp_instances, $more_changes"); - if ($vrrp_instances > 0 and $more_changes == 0) { - restart_daemon($conf_file); - } - if ($vrrp_instances == 0) { - stop_daemon(); - system("rm -f $conf_file"); - } - if (scalar(@errs)) { - print join("\n", @errs); - vrrp_log(join("\n", @errs)); - exit 1 +if ( $action eq "update" ) { + $changes_file = get_changes_file(); + $conf_file = get_conf_file(); + vrrp_log("vrrp update $vrrp_intf") if defined $vrrp_intf; + vrrp_log("vrrp update conntrack-sync") if defined $ctsync; + if ( !-e $changes_file ) { + my $num_changes = vrrp_find_changes(); + if ( $num_changes == 0 ) { + + # + # Shouldn't happen, but ... + # + vrrp_log("unexpected 0 changes"); } - exit 0; + } + my ( $vrrp_instances, @errs ) = vrrp_update_config(); + my $more_changes = 0; + $more_changes = remove_from_changes($vrrp_intf) if !defined $ctsync; + vrrp_log(" instances $vrrp_instances, $more_changes"); + if ( $vrrp_instances > 0 and $more_changes == 0 ) { + restart_daemon($conf_file); + } + if ( $vrrp_instances == 0 ) { + stop_daemon(); + system("rm -f $conf_file"); + } + if ( scalar(@errs) ) { + print join( "\n", @errs ); + vrrp_log( join( "\n", @errs ) ); + exit 1; + } + exit 0; } -if ($action eq "delete") { - if (! defined $vrrp_intf || ! defined $vrrp_group) { - print "must include interface & group"; - exit 1; - } - vrrp_log("vrrp delete $vrrp_intf $vrrp_group"); - my $state_file = get_state_file($vrrp_intf, $vrrp_group); - system("rm -f $state_file"); - exit 0; +if ( $action eq "delete" ) { + if ( !defined $vrrp_intf || !defined $vrrp_group ) { + print "must include interface & group"; + exit 1; + } + vrrp_log("vrrp delete $vrrp_intf $vrrp_group"); + my $state_file = get_state_file( $vrrp_intf, $vrrp_group ); + system("rm -f $state_file"); + exit 0; } -if ($action eq "check-vip") { - if (! defined $vrrp_vip) { - print "must include the virtual-address to check"; - exit 1; - } - my $rc = 1; - if ($vrrp_vip =~ /\//) { - $rc = Vyatta::TypeChecker::validateType('ipv4net', $vrrp_vip, 1); - } else { - $rc = Vyatta::TypeChecker::validateType('ipv4', $vrrp_vip, 1); - } - exit 1 if ! $rc; - exit 0; +if ( $action eq "check-vip" ) { + if ( !defined $vrrp_vip ) { + print "must include the virtual-address to check"; + exit 1; + } + my $rc = 1; + if ( $vrrp_vip =~ /\// ) { + $rc = Vyatta::TypeChecker::validateType( 'ipv4net', $vrrp_vip, 1 ); + } else { + $rc = Vyatta::TypeChecker::validateType( 'ipv4', $vrrp_vip, 1 ); + } + exit 1 if !$rc; + exit 0; } -if ($action eq "list-vrrp-intf") { - my @intfs = list_vrrp_intf(); - print join(' ', @intfs); - exit 0; +if ( $action eq "list-vrrp-intf" ) { + my @intfs = list_vrrp_intf(); + print join( ' ', @intfs ); + exit 0; } -if ($action eq "list-vrrp-group") { - if (! defined $vrrp_intf) { - print "must include interface\n"; - exit 1; - } - my @groups = list_vrrp_group($vrrp_intf); - print join(' ', @groups); - exit 0; +if ( $action eq "list-vrrp-group" ) { + if ( !defined $vrrp_intf ) { + print "must include interface\n"; + exit 1; + } + my @groups = list_vrrp_group($vrrp_intf); + print join( ' ', @groups ); + exit 0; } exit 0; -- cgit v1.2.3 From e24523cda77d3277844bfe638c086bcf85348f7d Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 15 Jun 2010 10:08:16 -0700 Subject: Remove sudo from ip command No longer need sudo on ip because of cap_net_admin --- scripts/vyatta-interfaces.pl | 8 ++++---- templates/interfaces/bonding/node.def | 2 +- templates/interfaces/bonding/node.tag/disable/node.def | 4 ++-- templates/interfaces/bonding/node.tag/mtu/node.def | 4 ++-- templates/interfaces/bonding/node.tag/vif/node.def | 6 +++--- .../interfaces/bonding/node.tag/vif/node.tag/disable/node.def | 4 ++-- templates/interfaces/bridge/node.def | 4 ++-- templates/interfaces/bridge/node.tag/disable/node.def | 4 ++-- templates/interfaces/ethernet/node.def | 4 ++-- templates/interfaces/ethernet/node.tag/disable/node.def | 4 ++-- templates/interfaces/ethernet/node.tag/mtu/node.def | 4 ++-- templates/interfaces/ethernet/node.tag/vif/node.def | 6 +++--- .../interfaces/ethernet/node.tag/vif/node.tag/disable/node.def | 4 ++-- templates/interfaces/input/node.def | 4 ++-- templates/interfaces/loopback/node.def | 2 +- templates/interfaces/pseudo-ethernet/node.def | 6 +++--- templates/interfaces/pseudo-ethernet/node.tag/disable/node.def | 4 ++-- templates/interfaces/tunnel/node.def | 6 +++--- templates/interfaces/tunnel/node.tag/disable/node.def | 4 ++-- templates/interfaces/tunnel/node.tag/key/node.def | 2 +- templates/interfaces/tunnel/node.tag/mtu/node.def | 4 ++-- templates/interfaces/tunnel/node.tag/tos/node.def | 4 ++-- templates/interfaces/tunnel/node.tag/ttl/node.def | 4 ++-- 23 files changed, 49 insertions(+), 49 deletions(-) (limited to 'scripts') diff --git a/scripts/vyatta-interfaces.pl b/scripts/vyatta-interfaces.pl index d5abaa36..a303c82c 100755 --- a/scripts/vyatta-interfaces.pl +++ b/scripts/vyatta-interfaces.pl @@ -314,14 +314,14 @@ sub update_mac { if (POSIX::strtoul($flags) & 1) { # NB: Perl 5 system return value is bass-ackwards - system "sudo ip link set $intf down" + system "ip link set $intf down" and die "Could not set $intf down ($!)\n"; - system "sudo ip link set $intf address $mac" + system "ip link set $intf address $mac" and die "Could not set $intf address ($!)\n"; - system "sudo ip link set $intf up" + system "ip link set $intf up" and die "Could not set $intf up ($!)\n"; } else { - system "sudo ip link set $intf address $mac" + system "ip link set $intf address $mac" and die "Could not set $intf address ($!)\n"; } exit 0; diff --git a/templates/interfaces/bonding/node.def b/templates/interfaces/bonding/node.def index 9e27ebad..4a944970 100644 --- a/templates/interfaces/bonding/node.def +++ b/templates/interfaces/bonding/node.def @@ -9,7 +9,7 @@ begin: if [ ! -f /sys/class/net/bonding_masters ]; then sudo modprobe bonding max_bonds=0 miimon=250 fi create: sudo sh -c "echo +$VAR(@) > /sys/class/net/bonding_masters" || exit 1 - sudo ip link set "$VAR(@)" up + ip link set "$VAR(@)" up /opt/vyatta/sbin/vyatta-link-detect $VAR(@) on delete: SLAVES=`cat /sys/class/net/$VAR(@)/bonding/slaves`; if [ -z "$SLAVES" ] diff --git a/templates/interfaces/bonding/node.tag/disable/node.def b/templates/interfaces/bonding/node.tag/disable/node.def index ad033365..96325d72 100644 --- a/templates/interfaces/bonding/node.tag/disable/node.def +++ b/templates/interfaces/bonding/node.tag/disable/node.def @@ -1,11 +1,11 @@ help: Set interface disabled create: /etc/netplug/linkdown.d/dhclient $VAR(../@) - if ! sudo ip link set $VAR(../@) down 2>/dev/null; then + if ! ip link set $VAR(../@) down 2>/dev/null; then echo "Error disabling dev $VAR(../@)" /etc/netplug/linkup.d/dhclient $VAR(../@) exit 1 fi -delete: if ! sudo ip link set $VAR(../@) up; then +delete: if ! ip link set $VAR(../@) up; then echo "Error enabling dev $VAR(../@)" exit 1 fi diff --git a/templates/interfaces/bonding/node.tag/mtu/node.def b/templates/interfaces/bonding/node.tag/mtu/node.def index 07c102ac..8be06dc3 100644 --- a/templates/interfaces/bonding/node.tag/mtu/node.def +++ b/templates/interfaces/bonding/node.tag/mtu/node.def @@ -1,5 +1,5 @@ type: u32 help: Set the Maximum Transmission Unit (MTU) for this interface syntax:expression: $VAR(@) >= 68 && $VAR(@) <= 9000; "MTU must be between 68 and 9000" -update:expression: "sudo ip link set $VAR(../@) mtu $VAR(@)"; "Error setting MTU on dev $VAR(../@)" -delete:expression: "sudo ip link set $VAR(../@) mtu 1500"; "Error deleting MTU on dev $VAR(../@)" +update:expression: "ip link set $VAR(../@) mtu $VAR(@)"; "Error setting MTU on dev $VAR(../@)" +delete:expression: "ip link set $VAR(../@) mtu 1500"; "Error deleting MTU on dev $VAR(../@)" diff --git a/templates/interfaces/bonding/node.tag/vif/node.def b/templates/interfaces/bonding/node.tag/vif/node.def index 2e718f41..62e7ab95 100644 --- a/templates/interfaces/bonding/node.tag/vif/node.def +++ b/templates/interfaces/bonding/node.tag/vif/node.def @@ -8,9 +8,9 @@ create: read -a SLAVES Set VLAN ID diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def index 78b24870..b2119c9c 100644 --- a/templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/disable/node.def @@ -1,11 +1,11 @@ help: Set interface disabled update: /etc/netplug/linkdown.d/dhclient $VAR(../../@).$VAR(../@) - if ! sudo ip link set $VAR(../../@).$VAR(../@) down 2>/dev/null; then + if ! ip link set $VAR(../../@).$VAR(../@) down 2>/dev/null; then echo "Error disabling dev $VAR(../../@).$VAR(../@)" /etc/netplug/linkup.d/dhclient $VAR(../../@).$VAR(../@) exit 1 fi -delete: if ! sudo ip link set $VAR(../../@).$VAR(../@) up; then +delete: if ! ip link set $VAR(../../@).$VAR(../@) up; then echo "Error enabling dev $VAR(../../@).$VAR(../@)" exit 1 fi diff --git a/templates/interfaces/bridge/node.def b/templates/interfaces/bridge/node.def index 343cf984..786bc825 100644 --- a/templates/interfaces/bridge/node.def +++ b/templates/interfaces/bridge/node.def @@ -7,13 +7,13 @@ comp_help: "Enter bridge interface name (br0 - br999)" syntax:expression: pattern $VAR(@) "^br[0-9]+$" ; "Must be (br0 - br999)" create: sudo brctl addbr $VAR(@) - sudo ip link set $VAR(@) up + ip link set $VAR(@) up delete: if ! /opt/vyatta/sbin/vyatta-bridgegroup-depedency.pl \ --no-interfaces-assigned \ --bridge-interface="$VAR(@)"; then \ exit 1 fi - sudo ip link set $VAR(@) down; + ip link set $VAR(@) down; sudo brctl delbr $VAR(@); diff --git a/templates/interfaces/bridge/node.tag/disable/node.def b/templates/interfaces/bridge/node.tag/disable/node.def index 3f37a6d6..2e20be3b 100644 --- a/templates/interfaces/bridge/node.tag/disable/node.def +++ b/templates/interfaces/bridge/node.tag/disable/node.def @@ -1,11 +1,11 @@ help: Disable the bridge interface update: /etc/netplug/linkdown.d/dhclient $VAR(../@) - if ! sudo ip link set $VAR(../@) down 2>/dev/null; then + if ! ip link set $VAR(../@) down 2>/dev/null; then echo "Error disabling dev $VAR(../@)" /etc/netplug/linkup.d/dhclient $VAR(../@) exit 1 fi -delete: if ! sudo ip link set $VAR(../@) up; then +delete: if ! ip link set $VAR(../@) up; then echo "Error enabling dev $VAR(../@)" exit 1 fi diff --git a/templates/interfaces/ethernet/node.def b/templates/interfaces/ethernet/node.def index 0b67836b..05b2e03c 100644 --- a/templates/interfaces/ethernet/node.def +++ b/templates/interfaces/ethernet/node.def @@ -12,7 +12,7 @@ syntax:expression: exec \ echo \"interface ethernet $VAR(@): does not exist\"; exit 1; \ fi" -create: sudo ip link set "$VAR(@)" up +create: ip link set "$VAR(@)" up /opt/vyatta/sbin/vyatta-link-detect $VAR(@) on delete: [ -d /sys/class/net/$VAR(../@) ] || exit 0 - sudo ip link set $VAR(@) down + ip link set $VAR(@) down diff --git a/templates/interfaces/ethernet/node.tag/disable/node.def b/templates/interfaces/ethernet/node.tag/disable/node.def index fbfb155a..5fe2b748 100644 --- a/templates/interfaces/ethernet/node.tag/disable/node.def +++ b/templates/interfaces/ethernet/node.tag/disable/node.def @@ -1,12 +1,12 @@ help: Set interface disabled create: /etc/netplug/linkdown.d/dhclient $VAR(../@) - if ! sudo ip link set $VAR(../@) down 2>/dev/null; then + if ! ip link set $VAR(../@) down 2>/dev/null; then echo "Error disabling dev $VAR(../@)" /etc/netplug/linkup.d/dhclient $VAR(../@) exit 1 fi delete: [ -d /sys/class/net/$VAR(../@) ] || exit 0 - if ! sudo ip link set $VAR(../@) up; then + if ! ip link set $VAR(../@) up; then echo "Error enabling dev $VAR(../@)" exit 1 fi diff --git a/templates/interfaces/ethernet/node.tag/mtu/node.def b/templates/interfaces/ethernet/node.tag/mtu/node.def index dc03ae16..f33158f8 100644 --- a/templates/interfaces/ethernet/node.tag/mtu/node.def +++ b/templates/interfaces/ethernet/node.tag/mtu/node.def @@ -1,8 +1,8 @@ type: u32 help: Set the Maximum Transmission Unit (MTU) for this interface syntax:expression: $VAR(@) >= 68 && $VAR(@) <= 9000; "MTU must be between 68 and 9000" -update: if ! sudo ip link set $VAR(../@) mtu $VAR(@) +update: if ! ip link set $VAR(../@) mtu $VAR(@) then echo "Error setting MTU on dev $VAR(../@)"; exit 1 fi delete: [ -d /sys/class/net/$VAR(../@) ] || exit 0 - sudo ip link set $VAR(../@) mtu 1500 + ip link set $VAR(../@) mtu 1500 diff --git a/templates/interfaces/ethernet/node.tag/vif/node.def b/templates/interfaces/ethernet/node.tag/vif/node.def index b6b8abc7..c14ed002 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.def @@ -5,17 +5,17 @@ help: Set Virtual Local Area Network (VLAN) ID syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 4094; "VLAN ID must be between 0 and 4094" -create: if ! sudo ip link add link $VAR(../@) name "$VAR(../@).$VAR(@)" type vlan id $VAR(@) +create: if ! ip link add link $VAR(../@) name "$VAR(../@).$VAR(@)" type vlan id $VAR(@) then echo "Error creating VLAN device $VAR(../@).$VAR(@)" exit 1 fi # if parent is up, then bring VLAN up if [ $(( $(cat /sys/class/net/$VAR(../@)/flags) & 1 )) -eq 1 ]; then - sudo ip link set "$VAR(../@).$VAR(@)" up + ip link set "$VAR(../@).$VAR(@)" up fi /opt/vyatta/sbin/vyatta-link-detect "$VAR(../@).$VAR(@)" on delete: [ -d /sys/class/net/$VAR(../@) ] || exit 0 - sudo ip link delete dev "$VAR(../@).$VAR(@)" type vlan id $VAR(@) + ip link delete dev "$VAR(../@).$VAR(@)" type vlan id $VAR(@) comp_help: possible completions: <0-4094> Set VLAN ID diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/disable/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/disable/node.def index 78b24870..b2119c9c 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/disable/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/disable/node.def @@ -1,11 +1,11 @@ help: Set interface disabled update: /etc/netplug/linkdown.d/dhclient $VAR(../../@).$VAR(../@) - if ! sudo ip link set $VAR(../../@).$VAR(../@) down 2>/dev/null; then + if ! ip link set $VAR(../../@).$VAR(../@) down 2>/dev/null; then echo "Error disabling dev $VAR(../../@).$VAR(../@)" /etc/netplug/linkup.d/dhclient $VAR(../../@).$VAR(../@) exit 1 fi -delete: if ! sudo ip link set $VAR(../../@).$VAR(../@) up; then +delete: if ! ip link set $VAR(../../@).$VAR(../@) up; then echo "Error enabling dev $VAR(../../@).$VAR(../@)" exit 1 fi diff --git a/templates/interfaces/input/node.def b/templates/interfaces/input/node.def index b90cb0b3..1873190c 100644 --- a/templates/interfaces/input/node.def +++ b/templates/interfaces/input/node.def @@ -7,5 +7,5 @@ comp_help: Enter input functional block interface name (ifb0 - ifb999) syntax:expression: pattern $VAR(@) "^ifb[0-9]+$" ; "name must be (ifb0-ifb999)" begin: [ -d /sys/module/ifb ] || sudo modprobe ifb numifbs=0 -create: sudo ip link add $VAR(@) type ifb && sudo ip link set $VAR(@) up -delete: sudo ip link delete dev $VAR(@) +create: ip link add $VAR(@) type ifb && ip link set $VAR(@) up +delete: ip link delete dev $VAR(@) diff --git a/templates/interfaces/loopback/node.def b/templates/interfaces/loopback/node.def index ae166e7b..b78cf10b 100644 --- a/templates/interfaces/loopback/node.def +++ b/templates/interfaces/loopback/node.def @@ -6,4 +6,4 @@ comp_help: Enter looback interface name (lo) syntax:expression: exec \ "/opt/vyatta/sbin/vyatta-interfaces.pl --dev=$VAR(@) --check=loopback" allowed: /opt/vyatta/sbin/vyatta-interfaces.pl --show=loopback -create: sudo ip link set $VAR(@) up +create: ip link set $VAR(@) up diff --git a/templates/interfaces/pseudo-ethernet/node.def b/templates/interfaces/pseudo-ethernet/node.def index 14ee0a34..bf88b047 100644 --- a/templates/interfaces/pseudo-ethernet/node.def +++ b/templates/interfaces/pseudo-ethernet/node.def @@ -7,7 +7,7 @@ syntax:expression: pattern $VAR(@) "^peth[0-9]+$" \ ; "name must be (peth0-peth999)" commit:expression: $VAR(link) != "" ; "link device must be set for virtual ethernet $VAR(@)" -create: sudo ip link add $VAR(@) link $VAR(link/@) type macvlan || exit 1 - sudo ip link set $VAR(@) up +create: ip link add $VAR(@) link $VAR(link/@) type macvlan || exit 1 + ip link set $VAR(@) up /opt/vyatta/sbin/vyatta-link-detect $VAR(@) on -delete: sudo ip link delete dev $VAR(@) type macvlan +delete: ip link delete dev $VAR(@) type macvlan diff --git a/templates/interfaces/pseudo-ethernet/node.tag/disable/node.def b/templates/interfaces/pseudo-ethernet/node.tag/disable/node.def index 3d3ffef9..9dafeacf 100644 --- a/templates/interfaces/pseudo-ethernet/node.tag/disable/node.def +++ b/templates/interfaces/pseudo-ethernet/node.tag/disable/node.def @@ -5,12 +5,12 @@ create: vif=`/opt/vyatta/sbin/vyatta-interfaces.pl --vif=$VAR(../@) --show=all` exit 1 fi /etc/netplug/linkdown.d/dhclient $VAR(../@) - if ! sudo ip link set $VAR(../@) down 2>/dev/null; then + if ! ip link set $VAR(../@) down 2>/dev/null; then echo "Error disabling dev $VAR(../@)" /etc/netplug/linkup.d/dhclient $VAR(../@) exit 1 fi -delete: if ! sudo ip link set $VAR(../@) up; then +delete: if ! ip link set $VAR(../@) up; then echo "Error enabling dev $VAR(../@)" exit 1 fi diff --git a/templates/interfaces/tunnel/node.def b/templates/interfaces/tunnel/node.def index c4446163..34ef1ad6 100644 --- a/templates/interfaces/tunnel/node.def +++ b/templates/interfaces/tunnel/node.def @@ -21,11 +21,11 @@ create:expression: "\ if [ x$VAR(./multicast/@) == xenable ]; then \ MC=\"multicast on allmulticast on\"; \ fi; \ - sudo ip tunnel add $VAR(@) \ + ip tunnel add $VAR(@) \ local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) \ mode $VAR(./encapsulation/@) $KEY; \ - sudo ip link set $VAR(@) $MC up;" ; \ + ip link set $VAR(@) $MC up;" ; \ "Error creating $VAR(@)" -delete:expression: "sudo ip tunnel del $VAR(@)" ; "Error deleting $VAR(@)" +delete:expression: "ip tunnel del $VAR(@)" ; "Error deleting $VAR(@)" diff --git a/templates/interfaces/tunnel/node.tag/disable/node.def b/templates/interfaces/tunnel/node.tag/disable/node.def index cd3c019a..23fb46e7 100644 --- a/templates/interfaces/tunnel/node.tag/disable/node.def +++ b/templates/interfaces/tunnel/node.tag/disable/node.def @@ -1,6 +1,6 @@ help: Disable interface -update:expression: "sudo ip link set $VAR(../@) down"; \ +update:expression: "ip link set $VAR(../@) down"; \ "Error disabling dev $VAR(../@)" -delete:expression: "sudo ip link set $VAR(../@) up"; \ +delete:expression: "ip link set $VAR(../@) up"; \ "Error enabling dev $VAR(../@)" diff --git a/templates/interfaces/tunnel/node.tag/key/node.def b/templates/interfaces/tunnel/node.tag/key/node.def index 1ece7642..c137107c 100644 --- a/templates/interfaces/tunnel/node.tag/key/node.def +++ b/templates/interfaces/tunnel/node.tag/key/node.def @@ -3,7 +3,7 @@ help: Set the tunnel key syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 999999; \ "Must be between 0-999999 for $VAR(../@)" syntax:expression: exec " \ - if [ -n \"`sudo ip tunnel show $VAR(../@) | grep $VAR(../@) `\" ]; then \ + if [ -n \"`ip tunnel show $VAR(../@) | grep $VAR(../@) `\" ]; then \ echo Key can only be set at tunnel creation for $VAR(../@); \ exit 1 ; \ fi ; " diff --git a/templates/interfaces/tunnel/node.tag/mtu/node.def b/templates/interfaces/tunnel/node.tag/mtu/node.def index f1fdf39b..8076cacd 100644 --- a/templates/interfaces/tunnel/node.tag/mtu/node.def +++ b/templates/interfaces/tunnel/node.tag/mtu/node.def @@ -1,7 +1,7 @@ type: u32 help: Set the tunnel Maximum Transmission Unit (MTU) syntax:expression: $VAR(@) >= 64 && $VAR(@) <= 8024; "Must be between 64-8024" -update:expression: "sudo ip link set $VAR(../@) mtu $VAR(@)" -delete:expression: "sudo ip link set $VAR(../@) mtu 1476" +update:expression: "ip link set $VAR(../@) mtu $VAR(@)" +delete:expression: "ip link set $VAR(../@) mtu 1476" comp_help: possible completions: <64-8024> Set MTU diff --git a/templates/interfaces/tunnel/node.tag/tos/node.def b/templates/interfaces/tunnel/node.tag/tos/node.def index 1f739966..9492d7aa 100644 --- a/templates/interfaces/tunnel/node.tag/tos/node.def +++ b/templates/interfaces/tunnel/node.tag/tos/node.def @@ -1,7 +1,7 @@ type: u32 help: Set the tunnel Type of Service (TOS) syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 99; "Must be between 0-99" -update:expression: "sudo ip tunnel change $VAR(../@) tos $VAR(@)" -delete:expression: "sudo ip tunnel change $VAR(../@) tos inherit" +update:expression: "ip tunnel change $VAR(../@) tos $VAR(@)" +delete:expression: "ip tunnel change $VAR(../@) tos inherit" comp_help: possible completions <0-99> Set type of service diff --git a/templates/interfaces/tunnel/node.tag/ttl/node.def b/templates/interfaces/tunnel/node.tag/ttl/node.def index 298c4d61..29bc4ced 100644 --- a/templates/interfaces/tunnel/node.tag/ttl/node.def +++ b/templates/interfaces/tunnel/node.tag/ttl/node.def @@ -2,7 +2,7 @@ type: u32 help: Set the tunnel time to live field default: 255 syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 255; "Must be between 0-255" -update:expression: "sudo ip tunnel change $VAR(../@) ttl $VAR(@)" -delete:expression: "sudo ip tunnel change $VAR(../@) ttl inherit" +update:expression: "ip tunnel change $VAR(../@) ttl $VAR(@)" +delete:expression: "ip tunnel change $VAR(../@) ttl inherit" comp_help: possible completions: <0-255> Set time to live (default 255) -- cgit v1.2.3