summaryrefslogtreecommitdiff
path: root/src/etc/dhcp/dhclient-exit-hooks.d
AgeCommit message (Collapse)Author
2024-01-15Merge pull request #2823 from sever-sever/T4856Christian Breunig
T4856: Fix IPsec DHCP-client exit hook
2024-01-15T5901: Add DHCP base_path dir during first bootViacheslav Hletenko
We should create dhclient base_path dir `/run/dhclient` during the first boot. It fixes cloud-init boot issues ``` /etc/dhcp/dhclient-exit-hooks.d/03-vyos-dhclient-hook: line 33: /run/dhclient/dhclient_eth0.lease: No such file or directory ```
2024-01-14T4856: Fix IPsec DHCP-client exit hookViacheslav Hletenko
The script acually does not have the variable `secrets_lines` and secret lines itself does not have the marker `# dhcp:{interface}` in `to_find` Needs to rewrite this script in the future if it is required This commit fixes DHCP-client exit hook: ``` dhclient[6800]: NameError: name 'secrets_lines' is not defined root[6801]: /etc/dhcp/dhclient-exit-hooks.d/99-ipsec-dhclient-hook returned non-zero exit status 1 ```
2023-11-11dhclient: T5724: run user hooks using run_hookdirgavol
User hooks are executed using run_hookdir (defined in the /sbin/dhclient-script script) instead of run-parts. That allows user hooks to modify variables set by the dhcp client (e.g., the new_routers variable to avoid the installation of the default routes).
2023-08-05T5428: remove hardcoded dhcp lease file path from dhclient hookChristian Breunig
2023-08-05dhcp: T5428: remove hardcoded path to client runtime directoriesChristian Breunig
2023-07-14T5195: vyos.util -> vyos.utils package refactoring (#2093)Christian Breunig
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io
2023-07-14dhclient: T5358: Use return in 99-ipsec-dhclient-hookDarin Kuo
Use return instead of exit in 99-dhclient-exit-hook to allow subsequent unnumbered hooks to run (like rfc3442-classless-routes). Hooks are sourced, not executed.
2023-04-03T5141: Add numbers for dhclient-exit-hooks.d to enforce orderViacheslav Hletenko
Add numbers for all dhclient-exit-hooks.d to enforce script order execution Also, move '99-run-user-hooks' to '98-run-user-hooks' due to vyatta-dhclient-hook bug and exit with 'exit 1' it is described in the https://vyos.dev/T4856, so we should move this hook to the end. Rename 'vyatta-dhclient-hook' to '99-vyatta-dhclient-hook'
2023-02-26T4997: add dhcp client user hooksbri
This commit adds a script to run user-defined hook scripts upon renewing a DHCP lease. This can be used to, for example, dynamically define a firewall address-group based on the dynamic IP address of an interface. For an example of its use (as well as the use case I had in mind while coding this), see https://vyos.dev/T2196#142394 Co-authored-by: br <git@ibeep.com>
2022-12-23ipsec: T2816: do not explicitly call intepreter for python scriptChristian Poessinger
Our python scripts use the shebang logic to set an intepreter - we should rely on this and not use an external interpreter in front of the helper.
2022-11-14T4815: Fix various name server config issuesYuxiang Zhu
1. When a PPPoE session is connected, `pppd` will update `/etc/resolv.conf` regardless of `system name-server` option unless `no-peer-dns` is set. This is because `pppd` vendors scripts `/etc/ppp/ip-up.d/0000usepeerdns` and `/etc/ppp/ip-down.d/0000usepeerdns`, which updates `/etc/resolv.conf` on PPPoE connection and reverts the change on disconnection. This PR removes those scripts and adds custom scripts to update name server entries through `vyos-hostsd` instead. 2. There is a typo in `/etc/dhcp/dhclient-enter-hooks.d/04-vyos-resolvconf, which misspells variable name `new_dhcp6_name_servers` as `new_dhcpv6_name_servers`. This causes IPv6 name server entries in `vyos-hostsd` not updated when dhclient receives nameservers from DHCPv6. 3. Regular expressions in scripts under `/etc/dhcp/dhclient-enter-hooks.d` and `/etc/dhcp/dhclient-exit-hooks.d/` are not enclosed in `^$`, so those IPv4 related branches (like `BOUND`) could be mistakenly executed when an IPv6 reason (like `BOUND6`) is given.
2022-02-01Revert "dhclient: T3392: remove /usr/sbin prefix from iproute2 ip command"Christian Poessinger
This reverts commit 78b247b724f74bdabab0706aaa7f5b00e5809bc1.
2022-01-28dhclient: T3392: remove /usr/sbin prefix from iproute2 ip commandChristian Poessinger
2021-12-30dhclient: T4121: Fixed resolv.conf generation at early boot stagezsdc
In case if a CLI configuration is not available, dhclient cannot add nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that an interface be listed in the `set system name-server` option. This commit introduces two changes: * `vyos-hostsd` service will not be started before Cloud-Init fetch all remote data. This is required because all meta-data should be available for Cloud-Init before any of VyOS-related services start since it is used for configuration generation. * the `vyos-hostsd-client` in the `dhclient-script` will be used only if the `vyos-hostsd` is running. In other words - if VyOS services already started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other cases - does this directly. These changes should protect us from problems with DHCP during system boot if DHCP is required by third-party utils.
2021-10-21dhclient hooks: T3920: avoid 'too many args' error when no vrfRoss Dougherty
(cherry picked from commit 67b3dd6b4715fef266eb47e68623944f8be617e0)
2021-09-25ipsec: T2816: ipsec-dhclient-hook should only run if swanctl.conf existsChristian Poessinger
2021-09-25ipsec: T2816: ipsec-dhclient-hook should use exit(0)Christian Poessinger
2021-09-25ipsec: T2816: ipsec-dhclient-hook should use vyos.util.read_file() / ↵Christian Poessinger
write_file()
2021-06-26Revert "ipsec: T3643: move swanctl.conf to /run"Christian Poessinger
This reverts commit 95bbbb8bed92a60a320ff255c8b8656145f3c540.
2021-06-24ipsec: T3643: move swanctl.conf to /runChristian Poessinger
This is the completion of commit 50a742b5 ("IPSec: T3643: Fix path for swanctl.conf file") that moves the generated swanctl file from non-volatile to a volatile (tmpfs backed) storage like we do for all out configuration files. Thus it is ensured after a reboot or service deprecation there are no accidential leftovers from previous configurations stored on the system.
2021-06-15ipsec: T2816: T645: T3613: Migrated IPsec to swanctl, includes multiple ↵sarthurdev
selectors, and selectors with VTI.
2021-06-12ipsec: T1501: T3617: Add handling for missing addresses on boot when using ↵sarthurdev
dhcp-interface
2021-06-10ipsec: T2816: add .py extenstion to dhclient helper script for processingChristian Poessinger
dhclient fails to execute the script without the extension.
2021-05-28ipsec: T2816: IPSec python rework, includes DMVPN and VTI supportSimon
2021-04-15dhclient: T3392: Changed dhclient-script hooks for VRFzsdc
There were two problems with VRF support inside dhclient-script: - VRF check inside the `01-vyos-cleanup` hook was needless because it will be done inside the `03-vyos-ipwrapper` anyway; - VRF was ignored for in-kernel routes in `03-vyos-ipwrapper`. Theoretically, there must be no situation now when this can leads to a real problem, but better will be to keep both kernel and FRR backends in sync. Also, the way to get and use a VRF name was changed to an easier one.
2021-02-15dhcp: T3300: add DHCP default route distanceBrandon Stepler
2020-08-16dhclient: T2277: remove VRF route when DHCP client exitsChristian Poessinger
2020-06-11dhclient hooks: T2486: update for vyos-hostsd rewriteJernej Jakob
- vyos-hostsd-client syntax changed - track changes in changes variable - call apply only once at the end if any changes were made - remove 'cli-shell-api existsEffective system disable-dhcp-nameservers' condition check as the functionality was moved into vyos-hostsd - remove comparison between old_ and new_ variables as it caused a bug as the nameservers didn't get updated on renew or system restart, the dhclient lease file persists across reboots, so on boot the old variables will contain the values from previous dhclient run so they will usually be equal to the new variables.
2020-04-26dhclient: T1381: Improved RFC3442 routes processingGabriel Skupien
Several improvements in processing RFC3442 routes (support for route deletion, DHCP RENEW and link-local routes)
2020-04-11dhcp: T2265: v4/v6 conflict for lease fileThomas Mangin
The vyatta-dhclient-hook is not differentiating between v4 and v6 and attempting to use the same lease file for both protocol. Therefore only dhcp v4 or v6 could be setup on an interface and not both.
2020-02-12dhclient-script: T1987: Multiple fixes in dhclient-scriptzsdc
This changeset contains multiple changes in structure, logic, and bugfixes for dhclient-script. It should provide better compatibility with new Debian versions and flexibility in controlling and changing VyOS-related functions. 1. Structure change: * All VyOS-related functionality was moved from dhclient-script itself to separated hook files. * Old vyatta-dhclient-hook was moved from vyatta-cfg to vyos-1x. * This change allows discard dhclient-script replacing and use the original one from Debian without any changes. So, we do not need to track all changes in upstream so carefully. * To provide compatibility between original dhclient-script and VyOS, two internal commands/functions are repaced in hooks: ip and make_resolv_conf. So, in all places where used ${ip} or make_resolv_conf, actually using VyOS-tuned functions instead original. * `ip` function is a wrapper, which automatically chooses what to use: transparently pass a command to /usr/sbin/ip, change a route in kernel table or FRRouting config via vtysh. * `make_resolv_conf` function main logic was copied from current VyOS implementation and use vyos-hostsd-client for making changes 2. Added: * Logging. Now is possible to log all changes, what is doing by dhclient-script. Logs can be saved to the journal and displayed in stderr (for debugging purposes). By default, logging to the journal is enabled (at least for some time) to provide a way to collect enough information in case if some bug in this new implementation will be found. This can be changed in the 01-vyos-logging file. 3. Fixed/Changed: * If DHCP lease was expired, released or dhclient was stopped, dhclient-script will try to delete default route from this lease. * Instead of blindly killing all dhclients in case if FRRouting daemon is not running, now used more intelligent logic: * dhclients are stopping natively (with all triggers processing), instead of killing; * dhclient-script will not kill parent dhclient process. This allows to fix the problem when systemd inform about failing to rise up interfaces at early boot stages (used in Cloud-init images); * dhclient-script will not touch dhclients, which are not related to the current interface or IP protocol version. * For getting FRRouting daemon status used native way via watchfrr.sh, instead of the previous trick with vtysh accessibility. * before adding a new route to FRRouting configuration, this route will be deleted from the kernel (if it is presented there). This allows to properly replace routes, added at early boot stages, when FRR not available. * Routes in FRRouting are adding with "tag 210". This allows protecting static routes, added via CLI, from deletion when old routes are deleting by DHCP. * DNS servers will be reconfigured only when $new_domain_name_servers are not the same as $old_domain_name_servers. Previously, this was done during each RENEW procedure. * Replacing MTU for preconfigured one was changed to Python (via vyos.config). The previous version with vyatta-interfaces.pl was obsoleted and seems to be broken.