mirror of
https://github.com/fwbuilder/fwbuilder
synced 2025-10-17 07:57:43 +02:00
see #2064 CARP interfaces are not properly installed on FreeBSD cluster. Need to populate failover group objects with default values when they are created
This commit is contained in:
Vadim Kurland
parent
77ea506d63
commit
3c966ffc31
2
VERSION
2
VERSION
@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0
|
||||
# build number is like "nano" version number. I am incrementing build
|
||||
# number during development cycle
|
||||
#
|
||||
BUILD_NUM="3467"
|
||||
BUILD_NUM="3468"
|
||||
|
||||
VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"
|
||||
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
#define VERSION "4.2.0.3467"
|
||||
#define VERSION "4.2.0.3468"
|
||||
#define GENERATION "4.2"
|
||||
|
||||
@ -1,5 +1,10 @@
|
||||
2011-02-09 Vadim Kurland <vadim@netcitadel.com>
|
||||
|
||||
* platforms.cpp (setDefaultFailoverGroupAttributes): fixes #2064
|
||||
"CARP interfaces are not properly installed on FreeBSD cluster".
|
||||
I need to populate failover group objects with some reasonable
|
||||
defaults when they are created.
|
||||
|
||||
* configlets/freebsd/installer_commands_root: fixes #2065
|
||||
"activation commands on FreeBSD and OpenBSD lose script exit
|
||||
status". Sequence of commands ran by the built-in installer on
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
|
||||
|
||||
%define name fwbuilder
|
||||
%define version 4.2.0.3467
|
||||
%define version 4.2.0.3468
|
||||
%define release 1
|
||||
|
||||
%if "%_vendor" == "MandrakeSoft"
|
||||
|
||||
@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
|
||||
Priority: extra
|
||||
Section: checkinstall
|
||||
Maintainer: vadim@fwbuilder.org
|
||||
Version: 4.2.0.3467-1
|
||||
Version: 4.2.0.3468-1
|
||||
Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
|
||||
Description: Firewall Builder GUI and policy compilers
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
|
||||
%define name fwbuilder
|
||||
%define version 4.2.0.3467
|
||||
%define version 4.2.0.3468
|
||||
%define release 1
|
||||
|
||||
%if "%_vendor" == "MandrakeSoft"
|
||||
|
||||
@ -166,13 +166,12 @@ void newClusterDialog::createNewCluster()
|
||||
.arg(m_dialog->obj_name->text())
|
||||
.arg(data.name);
|
||||
|
||||
ClusterGroup *failover_grp = ClusterGroup::cast(
|
||||
FailoverClusterGroup *failover_grp = FailoverClusterGroup::cast(
|
||||
db->create(FailoverClusterGroup::TYPENAME));
|
||||
failover_grp->setName(string(grpname.toUtf8().constData()));
|
||||
oi->add(failover_grp);
|
||||
|
||||
QString failover_protocol_name = data.protocol.toLower();
|
||||
|
||||
failover_grp->setStr("type",
|
||||
failover_protocol_name.toAscii().constData());
|
||||
|
||||
@ -193,6 +192,12 @@ void newClusterDialog::createNewCluster()
|
||||
failover_grp->setStr("master_iface", masteriface_id);
|
||||
}
|
||||
}
|
||||
|
||||
// need to populate failover group with some reasonable
|
||||
// default values. If this is not done, parameters such as
|
||||
// CARP vhid remain blank and that leads to incomplete
|
||||
// generated configurations
|
||||
setDefaultFailoverGroupAttributes(failover_grp);
|
||||
}
|
||||
|
||||
if (fwbdebug) qDebug() << "newClusterDialog::createNewCluster() checkpoint 3";
|
||||
|
||||
@ -1003,3 +1003,66 @@ void _repackStringList(list<string> &list1, list<QStringPair> &list2)
|
||||
}
|
||||
}
|
||||
|
||||
void setDefaultFailoverGroupAttributes(FailoverClusterGroup *grp)
|
||||
{
|
||||
FWObject *p = grp;
|
||||
while (p && Cluster::cast(p)==NULL) p = p->getParent();
|
||||
assert(p != NULL);
|
||||
Cluster *cluster = Cluster::cast(p);
|
||||
Resources *os_res = Resources::os_res[cluster->getStr("host_OS")];
|
||||
assert(os_res != NULL);
|
||||
|
||||
FWOptions *gropt = grp-> getOptionsObject();
|
||||
assert(gropt != NULL);
|
||||
|
||||
string failover_protocol = grp->getStr("type");
|
||||
|
||||
if (failover_protocol == "carp")
|
||||
{
|
||||
gropt->setStr("carp_password", "");
|
||||
gropt->setInt("carp_vhid", 1);
|
||||
gropt->setInt("carp_advbase", 1);
|
||||
gropt->setInt("carp_master_advskew", 0);
|
||||
gropt->setInt("carp_default_advskew", 0);
|
||||
}
|
||||
|
||||
if (failover_protocol == "vrrp")
|
||||
{
|
||||
gropt->setStr("vrrp_secret", "");
|
||||
gropt->setInt("vrrp_vrid", 1);
|
||||
gropt->setBool("vrrp_over_ipsec_ah", false);
|
||||
}
|
||||
|
||||
if (failover_protocol == "heartbeat")
|
||||
{
|
||||
string default_address =
|
||||
os_res->getResourceStr(
|
||||
"/FWBuilderResources/Target/protocols/heartbeat/default_address");
|
||||
string default_port =
|
||||
os_res->getResourceStr(
|
||||
"/FWBuilderResources/Target/protocols/heartbeat/default_port");
|
||||
|
||||
gropt->setStr("heartbeat_address", default_address);
|
||||
gropt->setStr("heartbeat_port", default_port);
|
||||
gropt->setBool("heartbeat_unicast", false);
|
||||
}
|
||||
|
||||
if (failover_protocol == "openais")
|
||||
{
|
||||
string default_address =
|
||||
os_res->getResourceStr(
|
||||
"/FWBuilderResources/Target/protocols/openais/default_address");
|
||||
string default_port =
|
||||
os_res->getResourceStr(
|
||||
"/FWBuilderResources/Target/protocols/openais/default_port");
|
||||
gropt->setStr("openais_address", default_address);
|
||||
gropt->setStr("openais_port", default_port);
|
||||
}
|
||||
|
||||
if (failover_protocol == "pix_failover")
|
||||
{
|
||||
gropt->setStr("pix_failover_key", "");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -38,8 +38,11 @@
|
||||
#include <utility>
|
||||
|
||||
#include <fwbuilder/Rule.h>
|
||||
#include <fwbuilder/FailoverClusterGroup.h>
|
||||
|
||||
namespace libfwbuilder {
|
||||
|
||||
namespace libfwbuilder
|
||||
{
|
||||
class FWOptions;
|
||||
class Firewall;
|
||||
class PolicyRule;
|
||||
@ -53,6 +56,7 @@ bool isDefaultPolicyRuleOptions(libfwbuilder::FWOptions *opt);
|
||||
bool isDefaultNATRuleOptions(libfwbuilder::FWOptions *opt);
|
||||
bool isDefaultRoutingRuleOptions(libfwbuilder::FWOptions *opt);
|
||||
|
||||
void setDefaultFailoverGroupAttributes(libfwbuilder::FailoverClusterGroup *grp);
|
||||
|
||||
// using list of pairs instead of a map or QMap because maps are dictionaries
|
||||
// and do not preserve order of elements
|
||||
|
||||
@ -475,7 +475,12 @@ void OSConfigurator_bsd::interfaceConfigLineCARPInternal(
|
||||
FailoverClusterGroup::cast(failover_group)->getOptionsObject();
|
||||
string carp_password = failover_opts->getStr("carp_password");
|
||||
if (carp_password.empty()) carp_password = "\"\"";
|
||||
string vhid = failover_opts->getStr("carp_vhid");
|
||||
int vhid = failover_opts->getInt("carp_vhid");
|
||||
|
||||
// use the same default as the one we use in
|
||||
// setDefaultFailoverGroupAttributes() in platforms.cpp
|
||||
if (vhid < 0) vhid = 1;
|
||||
|
||||
int advbase = failover_opts->getInt("carp_advbase");
|
||||
int master_advskew = failover_opts->getInt("carp_master_advskew");
|
||||
int default_advskew = failover_opts->getInt("carp_default_advskew");
|
||||
@ -500,7 +505,7 @@ void OSConfigurator_bsd::interfaceConfigLineCARPInternal(
|
||||
configlet->setVariable("have_base_inetrface", !base_interface.empty());
|
||||
configlet->setVariable("base_inetrface", base_interface.c_str());
|
||||
configlet->setVariable("carp_password", carp_password.c_str());
|
||||
configlet->setVariable("vhid", vhid.c_str());
|
||||
configlet->setVariable("vhid", vhid);
|
||||
|
||||
interface_configuration_lines << configlet->expand();
|
||||
}
|
||||
|
||||
@ -27,13 +27,13 @@ missing_vlan() {
|
||||
vlan_id=$(echo $subint | sed 's/vlan//')
|
||||
test "$cmd" = "add" && {
|
||||
echo "# Adding VLAN interface $subint (parent: $parent)"
|
||||
$FWBDEBUG $IFCONFIG $subint vlan $vlan_id vlandev $parent
|
||||
$FWBDEBUG $IFCONFIG $subint up
|
||||
$FWBDEBUG $IFCONFIG $subint vlan $vlan_id vlandev $parent || exit 1
|
||||
$FWBDEBUG $IFCONFIG $subint up || exit 1
|
||||
}
|
||||
test "$cmd" = "rem" && {
|
||||
echo "# Removing VLAN interface $subint (parent: $parent)"
|
||||
$FWBDEBUG $IFCONFIG $subint vlan $vlan_id -vlandev
|
||||
$FWBDEBUG $IFCONFIG $subint destroy
|
||||
$FWBDEBUG $IFCONFIG $subint vlan $vlan_id -vlandev || exit 1
|
||||
$FWBDEBUG $IFCONFIG $subint destroy || exit 1
|
||||
}
|
||||
}
|
||||
|
||||
@ -73,7 +73,7 @@ update_vlans_of_interface() {
|
||||
FWB_VLANS=$(parse_fwb_vlans "$args")
|
||||
CURRENT_VLANS=$(parse_current_vlans $vlan_parent_interface)
|
||||
|
||||
$IFCONFIG $vlan_parent_interface up
|
||||
$IFCONFIG $vlan_parent_interface up || exit 1
|
||||
diff_intf missing_vlan "$FWB_VLANS" "$CURRENT_VLANS" add
|
||||
diff_intf missing_vlan "$CURRENT_VLANS" "$FWB_VLANS" rem
|
||||
}
|
||||
@ -87,13 +87,13 @@ sync_vlan_interfaces() {
|
||||
($1 ~ /^vlan[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\
|
||||
while read intf; do
|
||||
echo "# Deleting vlan interface $intf"
|
||||
$FWBDEBUG $IFCONFIG $intf destroy
|
||||
$FWBDEBUG $IFCONFIG $intf destroy || exit 1
|
||||
done
|
||||
|
||||
for intf in $*; do
|
||||
$IFCONFIG $intf >/dev/null 2>&1 || {
|
||||
echo "# Creating vlan interface $intf"
|
||||
$FWBDEBUG $IFCONFIG $intf create
|
||||
$FWBDEBUG $IFCONFIG $intf create || exit 1
|
||||
}
|
||||
done
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user