T671: add remains from rl-system.init script

1 files changed, 79 insertions, 2 deletions

diff --git a/scripts/init/vyos-router b/scripts/init/vyos-router
index 6e01ee4..23b69be 100755
--- a/scripts/init/vyos-router
+++ b/scripts/init/vyos-router
@@ -45,7 +45,7 @@ if [ ! -z "$VYOS_CONFIG" ]; then
 fi
 
 declare -a subinit
-declare -a all_subinits=( rl-system firewall )
+declare -a all_subinits=( firewall )
 
 if [ $# -gt 0 ] ; then
     for s in $@ ; do
@@ -59,6 +59,12 @@ fi
 
 GROUP=vyattacfg
 
+# easy way to make empty file without any command
+empty()
+{
+    >$1
+}
+
 # check if bootup of this portion is disabled
 disabled () {
     grep -q -w no-vyos-$1 /proc/cmdline
@@ -167,8 +173,65 @@ bind_mount_boot ()
     fi
 }
 
+clear_or_override_config_files ()
+{
+    for conf in snmp/snmpd.conf snmp/snmptrapd.conf snmp/snmp.conf \
+        keepalived/keepalived.conf cron.d/vyos-crontab \
+        ipvsadm.rules default/ipvsadm resolv.conf
+    do
+    if [ -s /etc/$conf ] ; then
+        empty /etc/$conf
+        chmod 0644 /etc/$conf
+    fi
+    done
+}
+
+update_interface_config ()
+{
+    if [ -d /run/udev/vyatta ]; then
+        $vyatta_sbindir/vyatta_interface_rescan /run/udev/vyatta $BOOTFILE
+    fi
+}
+
+cleanup_post_commit_hooks () {
+    # Remove links from the post-commit hooks directory.
+    # note that this approach only supports hooks that are "configured",
+    # i.e., it does not support hooks that need to always be present.
+    cpostdir=$(cli-shell-api getPostCommitHookDir)
+    # exclude commits hooks from vyatta-cfg
+    excluded="10vyatta-log-commit.pl 99vyos-user-postcommit-hooks"
+    if [ -d "$cpostdir" ]; then
+	    for f in $cpostdir/*; do
+	        if [[ ! $excluded =~ $(basename $f) ]]; then
+		        rm -f $cpostdir/$(basename $f)
+	        fi
+	    done
+    fi
+}
+
+# These are all the default security setting which are later
+# overridden when configuration is read. These are the values the
+# system defaults.
+security_reset ()
+{
+    # restore PAM back to virgin state (no radius other services)
+    rm -f /etc/pam_radius_auth.conf
+    if grep -q radius /etc/pam.d/common-auth; then
+        pam-auth-update --package --remove radius
+    fi
+
+    # The PPPOE config files are re-generated by the configuration subsystem
+    # on every boot, so we delete the old ones here.
+    rm -f /etc/ppp/peers/pppoe* /etc/ppp/peers/wlm*
+}
+
 start ()
 {
+    # some legacy directories migrated over from old rl-system.init
+    mkdir -p /var/run/vyatta /var/log/vyatta
+    chgrp vyattacfg /var/run/vyatta /var/log/vyatta
+    chmod 775 /var/run/vyatta /var/log/vyatta
+
     log_daemon_msg "Waiting for NICs to settle down"
     # On boot time udev migth take a long time to reorder nic's, this will ensure that
     # all udev activity is completed and all nics presented at boot-time will have their
@@ -178,8 +241,14 @@ start ()
     STATUS=$?
     log_progress_msg "settled in ${SECONDS}sec."
     log_end_msg ${STATUS}
-    # Fixup for FRR
 
+    # mountpoint for bpf maps required by xdp
+    mount -t bpf none /sys/fs/bpf
+
+    # Clear out Debian APT source config file
+    empty /etc/apt/sources.list
+
+    # Fixup for FRR
     # In 5.1 master, zebra thinks existence of /var/run/netns is
     # a requirement for netns support
     mkdir -p /var/run/netns
@@ -192,6 +261,12 @@ start ()
     # all daemons if just one failed, do the start manually
     /usr/lib/frr/frrinit.sh start
 
+    # reset and clean config files
+    security_reset
+
+    update_interface_config
+    clear_or_override_config_files || log_failure_msg "can\'t reset config files"
+
     log_action_begin_msg "Mounting VyOS Config"
     # ensure the vyatta_configdir supports a large number of inodes since
     # the config hierarchy is often inode-bound (instead of size).
@@ -206,6 +281,8 @@ start ()
 
     disabled bootfile || init_bootfile
 
+    cleanup_post_commit_hooks
+
     log_daemon_msg "Starting VyOS router"
     disabled migrate || migrate_bootfile