diff options
| -rw-r--r-- | debian/control | 2 | ||||
| -rwxr-xr-x | scripts/init/vyos-router | 28 | ||||
| -rwxr-xr-x | scripts/vyatta-save-config.pl | 54 |
3 files changed, 33 insertions, 51 deletions
diff --git a/debian/control b/debian/control index edbeee7..f1b719d 100644 --- a/debian/control +++ b/debian/control @@ -19,7 +19,7 @@ Depends: sed (>= 4.1.5), libvyatta-cfg1 (>=${binary:Version}), unionfs-fuse, systemd, - libboost-filesystem1.55.0 | libboost-filesystem1.62.0 | libboost-filesystem1.67.0, + libboost-filesystem1.55.0 | libboost-filesystem1.62.0 | libboost-filesystem1.67.0 | libboost-filesystem1.74.0, libapt-pkg4.12 | libapt-pkg5.0, ${perl:Depends}, ${shlibs:Depends} Suggests: util-linux (>= 2.13-5), diff --git a/scripts/init/vyos-router b/scripts/init/vyos-router index 8678c92..c73fe17 100755 --- a/scripts/init/vyos-router +++ b/scripts/init/vyos-router @@ -225,6 +225,15 @@ security_reset () rm -f /etc/ppp/peers/pppoe* /etc/ppp/peers/wlm* } +# As VyOS does not execute commands that are not present in the CLI we need this +# workaround to reset the issue / motd files on boot to a sane default, probably +# the same default as listed in the python script. +issue_reset () +{ + echo -e "Welcome to VyOS - \\\n \\\l\n" > /etc/issue + echo -e "Welcome to VyOS\n" > /etc/issue.net +} + start () { # some legacy directories migrated over from old rl-system.init @@ -253,6 +262,14 @@ start () # a requirement for netns support mkdir -p /var/run/netns + # Fixup for FRR save configs T3217 + mkdir -p /run/frr/config + echo "log syslog" > /run/frr/config/frr.conf + echo "log facility local7" >> /run/frr/config/frr.conf + chown -R root:frrvty /run/frr/config/frr.conf + chmod 775 /run/frr/config/frr.conf + mount --bind /run/frr/config/frr.conf /etc/frr/frr.conf + # chown the config dir to give all admins access chown -R root:frrvty /etc/frr chmod 775 /etc/frr @@ -261,10 +278,17 @@ start () # all daemons if just one failed, do the start manually /usr/lib/frr/frrinit.sh start + # Mount a temporary filesystem for container networks. + # Configuration should be loaded from VyOS cli. + cni_dir="/etc/cni/net.d" + [ ! -d ${cni_dir} ] && mkdir -p ${cni_dir} + mount -t tmpfs none ${cni_dir} + # reset and clean config files - security_reset + security_reset || log_failure_msg "security reset failed" + issue_reset || log_failure_msg "could not reset motd and issue files" - clear_or_override_config_files || log_failure_msg "can\'t reset config files" + clear_or_override_config_files || log_failure_msg "could not reset config files" log_action_begin_msg "Mounting VyOS Config" # ensure the vyatta_configdir supports a large number of inodes since diff --git a/scripts/vyatta-save-config.pl b/scripts/vyatta-save-config.pl index 19941a7..39f1f9e 100755 --- a/scripts/vyatta-save-config.pl +++ b/scripts/vyatta-save-config.pl @@ -57,11 +57,7 @@ if ($save_file =~ /^[^\/]\w+:\//) { if ($save_file =~ /^(\w+):\/\/\w/) { $mode = 'url'; $proto = lc($1); - if ($proto eq 'tftp') { - } elsif ($proto eq 'ftp') { - } elsif ($proto eq 'scp') { - } elsif ($proto eq 'sftp') { - } else { + if (grep { lc($proto) ne $_ } ("ftp", "tftp", "scp", "sftp")) { print "Invalid url protocol [$proto]\n"; exit 1; } @@ -86,7 +82,7 @@ print "Saving configuration to '$shortened_save_file'...\n"; my $save; if ($mode eq 'local') { - # first check if this file exists, and if so ensure this is a config file. + # First check if this file exists, and if so ensure this is a config file. if (-e $save_file) { my $result = `grep -e ' === vyatta-config-version:' -e '// vyos-config-version:' $save_file`; if (!defined $result || length($result) == 0) { @@ -94,15 +90,11 @@ if ($mode eq 'local') { exit 1; } } + # TODO: This overwrites the file if it exists. We should create a backup first. + open $save, '>', $save_file or die "Can not open file '$save_file': $!\n"; - # this overwrites the file if it exists. we could create a backup first. - open $save, '>', $save_file - or die "Can not open file '$save_file': $!\n"; } elsif ($mode eq 'url') { - die "Package [curl] not installed\n" unless (-f '/usr/bin/curl'); - - open $save, '>', $url_tmp_file - or die "Cannot open file '$url_tmp_file': $!\n"; + open $save, '>', $url_tmp_file or die "Cannot open file '$url_tmp_file': $!\n"; } select $save; @@ -122,42 +114,8 @@ fsync $save; close $save; if ($mode eq 'url') { - - my $rc = 0; - if ($proto =~ /^(scp|sftp)$/){ - $save_file =~ m/(?:scp|sftp):\/\/(.*?)\//; - my $host = $1; - my $user = getpwuid($<); - if ($host =~ m/(.*)@(.*)/) { - $user = $1; - $host = $2; - } - - $rc = system("curl -u $user -# -T $url_tmp_file $save_file"); - if($rc >> 8 == 51){ - my $rsa_key = `ssh-keyscan -t rsa $host 2>/dev/null`; - print "The authenticity of host '$host' can't be established.\n"; - my $fingerprint = `ssh-keygen -lf /dev/stdin <<< \"$rsa_key\" | awk {' print \$2 '}`; - chomp $fingerprint; - print "RSA key fingerprint is $fingerprint.\n"; - if (prompt("Are you sure you want to continue connecting (yes/no) [Yes]? ", -tynd=>"y")) { - mkdir "$ENV{HOME}/.ssh/",0700 unless -d "$ENV{HOME}/.ssh"; - open(my $known_hosts, ">>", "$ENV{HOME}/.ssh/known_hosts") - or die "Cannot open known_hosts: $!"; - print $known_hosts "$rsa_key\n"; - close($known_hosts); - $rc = system("curl -u $user -# -T $url_tmp_file $save_file"); - print "\n"; - } - } - } else { - $rc = system("curl -# -T $url_tmp_file $save_file"); - } + system("python3 -c 'from vyos.remote import upload; upload(\"$url_tmp_file\", \"$save_file\")'"); system("rm -f $url_tmp_file"); - if ($rc) { - print "Error saving $save_file\n"; - exit 1; - } } print "Done\n"; |