nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gluon-mesh-vpn-fastd: clean up peers and groups on update

Browse Source 
The 'preserve' flag can be used to mark a peer so it is not removed or
modified on upgrades. In addition, groups containing preserved peers are
not removed.

Fixes: #557
This commit is contained in:
Matthias Schiffer 2020-05-10 13:32:39 +02:00
parent b019c703c9
commit 3ccf7fdd96
No known key found for this signature in database
GPG Key ID: 16EF3F64CB201D9C
2 changed files with 40 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/user/site.rst
View File

@ -302,6 +302,12 @@ mesh_vpn
You can set syslog_level from verbose (default) to warn to reduce syslog output. You can set syslog_level from verbose (default) to warn to reduce syslog output.
fastd allows to configure a tree of peer groups and peers. By default, the
list of groups and peers configured in the *fastd* UCI config is completely
replaced by the list from site.conf on upgrades. To allow custom modifications
to the peer list, removal and modification of peers can be prevented by
setting the *preserve* option of a peer to ``1`` in UCI.
The `tunneldigger` section is used to define the *tunneldigger* broker list. The `tunneldigger` section is used to define the *tunneldigger* broker list.
**Note:** It doesn't make sense to include both `fastd` and `tunneldigger` **Note:** It doesn't make sense to include both `fastd` and `tunneldigger`

41
package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
View File

@ -48,10 +48,43 @@ uci:section('fastd', 'fastd', 'mesh_vpn', {
uci:delete('fastd', 'mesh_vpn', 'user') uci:delete('fastd', 'mesh_vpn', 'user')
-- Collect list of groups that have peers with 'preserve' flag
local preserve_groups = {}
local function preserve_group(name)
if not name or preserve_groups[name] then
return
end
preserve_groups[name] = true
local parent = uci:get('fastd', name, 'group')
preserve_group(parent)
end
uci:foreach('fastd', 'peer', function(peer)
if peer.net == 'mesh_vpn' and peer.preserve == '1' then
preserve_group(peer.group)
end
end)
-- Clean up previous configuration
uci:delete_all('fastd', 'peer', function(peer)
return (peer.net == 'mesh_vpn' and peer.preserve ~= '1')
end)
uci:delete_all('fastd', 'peer_group', function(group)
return (group.net == 'mesh_vpn' and not preserve_groups[group['.name']])
end)
local add_groups local add_groups
local function add_peer(group, name, config) local function add_peer(group, name, config)
uci:section('fastd', 'peer', group .. '_peer_' .. name, { local uci_name = group .. '_peer_' .. name
if uci:get_bool('fastd', uci_name, 'preserve') then
return
end
uci:section('fastd', 'peer', uci_name, {
enabled = true, enabled = true,
net = 'mesh_vpn', net = 'mesh_vpn',
group = group, group = group,
@ -61,12 +94,6 @@ local function add_peer(group, name, config)
end end
local function add_group(name, config, parent) local function add_group(name, config, parent)
uci:delete('fastd', name)
uci:delete_all('fastd', 'peer', function(peer)
return (peer.net == 'mesh_vpn' and peer.group == name)
end)
uci:section('fastd', 'peer_group', name, { uci:section('fastd', 'peer_group', name, {
enabled = true, enabled = true,
net = 'mesh_vpn', net = 'mesh_vpn',