From c2a5f57c40548f707d22140f34d32aa335bd3ad2 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 9 Jan 2022 16:32:00 +0100 Subject: [PATCH 1/8] treewide: regenerate network and system configs on every reconfigure --- .../upgrade/300-gluon-client-bridge-network | 15 +---- .../310-gluon-client-bridge-local-node | 2 - .../files/lib/gluon/upgrade/001-reset-uci | 23 ++++++++ .../files/lib/gluon/upgrade/998-commit | 3 + .../lib/gluon/upgrade/002-migrate-system | 31 ++++++++++ .../luasrc/lib/gluon/upgrade/020-interfaces | 4 +- .../luasrc/lib/gluon/upgrade/110-network | 26 ++++---- .../luasrc/lib/gluon/upgrade/200-wireless | 4 -- .../lib/gluon/upgrade/210-interface-wan | 30 +++++----- .../lib/gluon/upgrade/220-interface-lan | 59 +++++++------------ .../430-gluon-mesh-babel-add-mmfd-interface | 1 - .../upgrade/310-gluon-mesh-batman-adv-mesh | 4 +- .../320-gluon-mesh-batman-adv-client-bridge | 1 - .../330-gluon-mesh-batman-adv-mac-addresses | 2 - .../lib/gluon/upgrade/400-mesh-vpn-wireguard | 2 +- 15 files changed, 114 insertions(+), 93 deletions(-) create mode 100755 package/gluon-core/files/lib/gluon/upgrade/001-reset-uci create mode 100755 package/gluon-core/luasrc/lib/gluon/upgrade/002-migrate-system diff --git a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network index 490325cf..b344b2b3 100755 --- a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network +++ b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network @@ -6,26 +6,13 @@ local util = require 'gluon.util' local uci = require('simple-uci').cursor() -local interfaces = uci:get('network', 'client', 'ifname') or {} - -if type(interfaces) == 'string' then - local ifname = interfaces - interfaces = {} - for iface in ifname:gmatch('%S+') do - util.add_to_set(interfaces, iface) - end -end - +local interfaces = { 'local-port' } if sysconfig.lan_ifname and uci:get_bool('network', 'mesh_lan', 'disabled') then for lanif in sysconfig.lan_ifname:gmatch('%S+') do util.add_to_set(interfaces, lanif) end end -util.add_to_set(interfaces, 'local-port') - - -uci:delete('network', 'client') uci:section('network', 'interface', 'client', { type = 'bridge', ifname = interfaces, diff --git a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/310-gluon-client-bridge-local-node b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/310-gluon-client-bridge-local-node index 824d8d40..e67dc7d5 100755 --- a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/310-gluon-client-bridge-local-node +++ b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/310-gluon-client-bridge-local-node @@ -10,7 +10,6 @@ local uci = require('simple-uci').cursor() local next_node = site.next_node({}) -uci:delete('network', 'local_node_dev') uci:section('network', 'device', 'local_node_dev', { type = 'veth', name = 'local-node', @@ -31,7 +30,6 @@ if next_node.ip6 then ip6 = next_node.ip6 .. '/128' end -uci:delete('network', 'local_node') uci:section('network', 'interface', 'local_node', { ifname = 'local-node', proto = 'static', diff --git a/package/gluon-core/files/lib/gluon/upgrade/001-reset-uci b/package/gluon-core/files/lib/gluon/upgrade/001-reset-uci new file mode 100755 index 00000000..4981390d --- /dev/null +++ b/package/gluon-core/files/lib/gluon/upgrade/001-reset-uci @@ -0,0 +1,23 @@ +#!/bin/sh + +NETWORK_CFG='/etc/config/network' +NETWORK_SAVED="${NETWORK_CFG}_gluon-old" + +SYSTEM_CFG='/etc/config/system' +SYSTEM_SAVED="${SYSTEM_CFG}_gluon-old" + +# Make sure everything is saved before we move away the config files +uci commit + +# Save old configs (unless there is already a saved config, +# which means that the previous upgrade was interrupted) +if [ -s "$NETWORK_CFG" ] && ! [ -s "$NETWORK_SAVED" ]; then + mv -f "$NETWORK_CFG" "$NETWORK_SAVED" +fi +if [ -s "$SYSTEM_CFG" ] && ! [ -s "$SYSTEM_SAVED" ]; then + mv -f "$SYSTEM_CFG" "$SYSTEM_SAVED" +fi + +# Generate a new network config +rm -f /etc/board.json "$NETWORK_CFG" "$SYSTEM_CFG" +config_generate diff --git a/package/gluon-core/files/lib/gluon/upgrade/998-commit b/package/gluon-core/files/lib/gluon/upgrade/998-commit index 8b4be6a9..9e781f34 100755 --- a/package/gluon-core/files/lib/gluon/upgrade/998-commit +++ b/package/gluon-core/files/lib/gluon/upgrade/998-commit @@ -4,3 +4,6 @@ uci -q batch <<-EOF delete gluon.core.reconfigure commit EOF + +# New config is saved, we can delete the old one +rm -f /etc/config/*_gluon-old diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/002-migrate-system b/package/gluon-core/luasrc/lib/gluon/upgrade/002-migrate-system new file mode 100755 index 00000000..b08dc8a3 --- /dev/null +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/002-migrate-system @@ -0,0 +1,31 @@ +#!/usr/bin/lua + +local uci = require('simple-uci').cursor() + +-- Migrate system section +local system = uci:get_all('system_gluon-old', '@system[0]') +if system then + uci:tset('system', '@system[0]', system) +end + +-- Migrate ntp section +local ntp = uci:get_all('system_gluon-old', 'ntp') +if ntp then + uci:tset('system', 'ntp', ntp) +end + +-- Migrate gpio_switch sections +-- +-- Only the value is copied from the old config, so updates to names and +-- pins are preserved +uci:foreach('system', 'gpio_switch', function(s) + local name = s['.name'] + local value = uci:get('system_gluon-old', name, 'value') + if value then + uci:set('system', name, 'value', value) + end +end) + +-- No other sections are migrated, so updated LED and RSSI configs can take effect + +uci:save('system') diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces b/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces index 6371cc61..56799616 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces @@ -79,9 +79,7 @@ else end -uci:delete('network', 'lan') -uci:delete('network', 'wan') - uci:delete_all('network', 'device') +uci:delete_all('network', 'interface') uci:save('network') diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/110-network b/package/gluon-core/luasrc/lib/gluon/upgrade/110-network index 79c50d27..8903c126 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/110-network +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/110-network @@ -3,8 +3,21 @@ local uci = require('simple-uci').cursor() local sysconfig = require 'gluon.sysconfig' +local wan = uci:get_all('network_gluon-old', 'wan') or {} +local wan6 = uci:get_all('network_gluon-old', 'wan6') or {} + +uci:section('network', 'interface', 'loopback', { + ifname = 'lo', + proto = 'static', + ipaddr = '127.0.0.1', + netmask = '255.0.0.0', +}) uci:section('network', 'interface', 'wan', { + proto = wan.proto or 'dhcp', + ipaddr = wan.ipaddr, + netmask = wan.netmask, + gateway = wan.gateway, ifname = sysconfig.wan_ifname, type = 'bridge', igmp_snooping = true, @@ -13,12 +26,10 @@ uci:section('network', 'interface', 'wan', { auto = true, }) -if not uci:get('network', 'wan', 'proto') then - uci:set('network', 'wan', 'proto', 'dhcp') -end - - uci:section('network', 'interface', 'wan6', { + proto = wan6.proto or 'dhcpv6', + ip6addr = wan6.ip6addr, + ip6gw = wan6.ip6gw, ifname = 'br-wan', peerdns = false, ip6table = 1, @@ -26,11 +37,6 @@ uci:section('network', 'interface', 'wan6', { reqprefix = 'no', }) -if not uci:get('network', 'wan6', 'proto') then - uci:set('network', 'wan6', 'proto', 'dhcpv6') -end - - uci:section('network', 'rule6', 'wan6_lookup', { mark = '0x01/0x01', lookup = 1, diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/200-wireless b/package/gluon-core/luasrc/lib/gluon/upgrade/200-wireless index b0a5485f..604e33a8 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/200-wireless +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/200-wireless @@ -106,8 +106,6 @@ end local function delete_ibss(radio_name) local name = 'ibss_' .. radio_name - uci:delete('network', name) - uci:delete('network', name .. '_vlan') uci:delete('wireless', name) end @@ -118,8 +116,6 @@ local function configure_mesh(config, radio, index, suffix, disabled) local macfilter = uci:get('wireless', name, 'macfilter') local maclist = uci:get('wireless', name, 'maclist') - uci:delete('network', name) - uci:delete('network', name .. '_vlan') uci:delete('wireless', name) if not config then diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-wan b/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-wan index cf6eff71..4f24cbc4 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-wan +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-wan @@ -3,23 +3,23 @@ local site = require 'gluon.site' local uci = require('simple-uci').cursor() +local disabled = uci:get('network_gluon-old', 'mesh_wan', 'disabled') +if disabled == nil then + disabled = not site.mesh_on_wan(false) +end + +local transitive = uci:get('network_gluon-old', 'mesh_wan', 'transitive') +if transitive == nil then + transitive = true +end + uci:section('network', 'interface', 'mesh_wan', { ifname = 'br-wan', - proto = 'gluon_wired', - index = 0, - vxlan = site.mesh.vxlan(true), + proto = 'gluon_wired', + index = 0, + vxlan = site.mesh.vxlan(true), + disabled = disabled, + transitive = transitive, }) -local enable = site.mesh_on_wan(false) -local old_auto = uci:get('network', 'mesh_wan', 'auto') -local old_disabled = uci:get('network', 'mesh_wan', 'disabled') -if old_auto ~= nil or old_disabled ~= nil then - enable = old_auto ~= '0' and old_disabled ~= '1' -end -uci:set('network', 'mesh_wan', 'disabled', not enable) - -if uci:get('network', 'mesh_wan', 'transitive') == nil then - uci:set('network', 'mesh_wan', 'transitive', true) -end - uci:save('network') diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/220-interface-lan b/package/gluon-core/luasrc/lib/gluon/upgrade/220-interface-lan index 55586435..cd38f804 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/220-interface-lan +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/220-interface-lan @@ -1,7 +1,6 @@ #!/usr/bin/lua local site = require 'gluon.site' -local util = require 'gluon.util' local sysconfig = require 'gluon.sysconfig' local uci = require('simple-uci').cursor() @@ -10,44 +9,30 @@ if not sysconfig.lan_ifname then os.exit(0) end +local type +if sysconfig.lan_ifname:match(' ') then + type = 'bridge' +end + +local disabled = uci:get('network_gluon-old', 'mesh_lan', 'disabled') +if disabled == nil then + disabled = not site.mesh_on_lan(false) +end + +local transitive = uci:get('network_gluon-old', 'mesh_lan', 'transitive') +if transitive == nil then + transitive = true +end + uci:section('network', 'interface', 'mesh_lan', { - ifname = sysconfig.lan_ifname, + ifname = sysconfig.lan_ifname, + type = type, igmp_snooping = false, - proto = 'gluon_wired', - index = 4, - vxlan = site.mesh.vxlan(true), + proto = 'gluon_wired', + index = 4, + vxlan = site.mesh.vxlan(true), + disabled = disabled, + transitive = transitive, }) -if sysconfig.lan_ifname:match(' ') then - uci:set('network', 'mesh_lan', 'type', 'bridge') -else - uci:delete('network', 'mesh_lan', 'type') -end - -local enable = site.mesh_on_lan(false) -local old_auto = uci:get('network', 'mesh_lan', 'auto') -local old_disabled = uci:get('network', 'mesh_lan', 'disabled') -if old_auto ~= nil or old_disabled ~= nil then - enable = old_auto ~= '0' and old_disabled ~= '1' -end - -if enable then - local interfaces = uci:get_list('network', 'client', 'ifname') - - if interfaces then - for lanif in sysconfig.lan_ifname:gmatch('%S+') do - if util.contains(interfaces, lanif) then - enable = false - break - end - end - end -end - -uci:set('network', 'mesh_lan', 'disabled', not enable) - -if uci:get('network', 'mesh_lan', 'transitive') == nil then - uci:set('network', 'mesh_lan', 'transitive', true) -end - uci:save('network') diff --git a/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface b/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface index 47807d95..073d288e 100755 --- a/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface +++ b/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface @@ -2,7 +2,6 @@ local uci = require('simple-uci').cursor() -uci:delete('network', 'mmfd') uci:section('network', 'interface', 'mmfd', { proto = 'static', ifname = 'mmfd0', diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh index 40943207..977b44d1 100755 --- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh +++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh @@ -9,14 +9,12 @@ local uci = require('simple-uci').cursor() uci:delete('batman-adv', 'bat0') uci:save('batman-adv') -local gw_mode = uci:get('network', 'gluon_bat0', 'gw_mode') or 'client' -uci:delete('network', 'gluon_bat0') +local gw_mode = uci:get('network_gluon-old', 'gluon_bat0', 'gw_mode') or 'client' uci:section('network', 'interface', 'gluon_bat0', { proto = 'gluon_bat0', gw_mode = gw_mode, }) -uci:delete('network', 'bat0') uci:section('network', 'interface', 'bat0', { ifname = 'bat0', proto = 'none', diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge index fc14a6e6..1ea64049 100755 --- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge +++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge @@ -21,7 +21,6 @@ uci:section('network', 'interface', 'client', { query_response_interval = 500, }) -uci:delete('network', 'local_node_route6') uci:section('network', 'route6', 'local_node_route6', { interface = 'client', target = site.prefix6(), diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/330-gluon-mesh-batman-adv-mac-addresses b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/330-gluon-mesh-batman-adv-mac-addresses index d323c863..61153e10 100755 --- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/330-gluon-mesh-batman-adv-mac-addresses +++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/330-gluon-mesh-batman-adv-mac-addresses @@ -8,8 +8,6 @@ local uci = require('simple-uci').cursor() -- fix up potentially duplicate MAC addresses (for meshing) if not site.mesh.vxlan(true) then uci:set('network', 'wan', 'macaddr', util.generate_mac(0)) -else - uci:delete('network', 'wan', 'macaddr') end uci:set('network', 'mesh_lan', 'macaddr', util.generate_mac(4)) uci:save('network') diff --git a/package/gluon-mesh-vpn-wireguard/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard b/package/gluon-mesh-vpn-wireguard/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard index dfadc95b..05e1d9e9 100755 --- a/package/gluon-mesh-vpn-wireguard/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard +++ b/package/gluon-mesh-vpn-wireguard/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard @@ -3,7 +3,7 @@ local uci = require('simple-uci').cursor() local site = require 'gluon.site' -local private_key = uci:get("network", 'wg_mesh', "private_key") +local private_key = uci:get("network_gluon-old", 'wg_mesh', "private_key") if not private_key or not private_key:match("^" .. ("[%a%d+/]"):rep(42) .. "[AEIMQUYcgkosw480]=$") then private_key = "generate" From 05c29512ec030792c7f8218211a1b44a1caa0de6 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Tue, 28 Dec 2021 20:41:29 +0100 Subject: [PATCH 2/8] gluon-core: sysconfig: avoid unnecessary writes Do not write files when the content is unchanged. Avoids a few unnecessary filesystem writes when resetting ifname sysconfigs on each upgrade. --- package/gluon-core/luasrc/usr/lib/lua/gluon/sysconfig.lua | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/package/gluon-core/luasrc/usr/lib/lua/gluon/sysconfig.lua b/package/gluon-core/luasrc/usr/lib/lua/gluon/sysconfig.lua index 93eb6ed1..7caf05c6 100644 --- a/package/gluon-core/luasrc/usr/lib/lua/gluon/sysconfig.lua +++ b/package/gluon-core/luasrc/usr/lib/lua/gluon/sysconfig.lua @@ -11,6 +11,10 @@ local function get(_, name) end local function set(_, name, val) + if val == get(nil, name) then + return + end + if val then local f = io.open(sysconfigdir .. name, 'w+') f:write(val, '\n') From 4b8251c988868f2d6fbd6375092199110e2443b2 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 23 Jan 2022 13:39:35 +0100 Subject: [PATCH 3/8] gluon-core: initialize interfaces role configuration The new configuration generates sections iface_single/lan/wan in /etc/config/gluon. These sections usually refer to a sysconfig-controlled interface list, but adding custom sections with verbatim interfaces names is also possible. Each interface section contains a list of roles. The supported roles are 'client', 'uplink' and 'mesh'. Multiple roles can be configured on the same interface (for example the old 'mesh_on_wan' setting would become 'uplink'+'mesh'). 'client' is subsumed by any other role configured on the same interface ('client'+'mesh' is equivalent to 'mesh'). This property is important, as it allows the Wired Mesh settings in gluon-web-network to simply add and remove the mesh role without having to care what other roles are set - so in the default setup, this would switch between 'client' and 'client'+'mesh' for the LAN interface. By default, the WAN interface has role 'uplink' and the LAN interface 'client'; if only a single interface exists, the roles from the WAN interface are used by default. The default for each of the three interfaces (WAN/LAN/single) can be changed separated in site.conf, superseding the old mesh_on_wan, mesh_on_lan and single_as_lan settings. --- package/gluon-core/check_site.lua | 11 +++- .../lib/gluon/upgrade/021-interface-roles | 66 +++++++++++++++++++ 2 files changed, 74 insertions(+), 3 deletions(-) create mode 100755 package/gluon-core/luasrc/lib/gluon/upgrade/021-interface-roles diff --git a/package/gluon-core/check_site.lua b/package/gluon-core/check_site.lua index 4cb44d5b..103cb929 100644 --- a/package/gluon-core/check_site.lua +++ b/package/gluon-core/check_site.lua @@ -74,6 +74,11 @@ need_string_match(in_domain({'next_node', 'ip4'}), '^%d+.%d+.%d+.%d+$', false) need_boolean(in_domain({'mesh', 'vxlan'}), false) -need_boolean(in_site({'mesh_on_wan'}), false) -need_boolean(in_site({'mesh_on_lan'}), false) -need_boolean(in_site({'single_as_lan'}), false) +local interfaces_roles = {'client', 'uplink', 'mesh'} +for _, config in ipairs({'wan', 'lan', 'single'}) do + need_array_of(in_site({'interfaces', config, 'default_roles'}), interfaces_roles, false) +end + +obsolete({'mesh_on_wan'}, 'Use interfaces.wan.default_roles.') +obsolete({'mesh_on_lan'}, 'Use interfaces.lan.default_roles.') +obsolete({'single_as_lan'}, 'Use interfaces.single.default_roles.') diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/021-interface-roles b/package/gluon-core/luasrc/lib/gluon/upgrade/021-interface-roles new file mode 100755 index 00000000..182c8903 --- /dev/null +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/021-interface-roles @@ -0,0 +1,66 @@ +#!/usr/bin/lua + +local site = require 'gluon.site' +local sysconfig = require 'gluon.sysconfig' +local uci = require('simple-uci').cursor() +local util = require 'gluon.util' + +-- Defaults from site.conf +local roles = { + lan = site.interfaces.lan.roles({'client'}), + wan = site.interfaces.wan.roles({'uplink'}), +} +roles.single = site.interfaces.single.roles(roles.wan) + +-- Migration of Mesh-on-WAN/LAN setting from Gluon 2021.1 and older (to be removed in 2024) +-- +-- Wired meshing is enabled for single interfaces if either of the settings +-- was previously enabled +local mesh_lan_disabled = uci:get('network_gluon-old', 'mesh_lan', 'disabled') +local mesh_wan_disabled = uci:get('network_gluon-old', 'mesh_wan', 'disabled') +if mesh_wan_disabled == '0' then + util.add_to_set(roles.wan, 'mesh') + util.add_to_set(roles.single, 'mesh') +elseif mesh_wan_disabled == '1' then + util.remove_from_set(roles.wan, 'mesh') + util.remove_from_set(roles.single, 'mesh') +end +if mesh_lan_disabled == '0' then + util.add_to_set(roles.lan, 'mesh') + util.add_to_set(roles.single, 'mesh') +elseif mesh_lan_disabled == '1' then + util.remove_from_set(roles.lan, 'mesh') + util.remove_from_set(roles.single, 'mesh') +end + +-- Migration of single to WAN/LAN or vice-versa (an interface was added or removed) +-- We identify the WAN with the single interface in this case +-- +-- These settings only take effect when the section that is the target of the +-- migration does not exist yet. +if uci:get('gluon', 'iface_wan') then + roles.single = uci:get_list('gluon', 'iface_wan', 'role') +end +if uci:get('gluon', 'iface_single') then + roles.wan = uci:get_list('gluon', 'iface_single', 'role') +end + +-- Non-existing interfaces are nil, so they will not be added to the table +local interfaces = { + lan = sysconfig.lan_ifname, + wan = sysconfig.wan_ifname, + single = sysconfig.single_ifname, +} + +for iface in pairs(interfaces) do + local section_name = 'iface_' .. iface + if not uci:get('gluon', section_name) then + uci:section('gluon', 'interface', section_name, { + -- / prefix refers to sysconfig ifnames + name = '/' .. iface, + role = roles[iface], + }) + end +end + +uci:save('gluon') From c779d123692956badec1686df1d9ff1c4d86828e Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 23 Jan 2022 14:43:35 +0100 Subject: [PATCH 4/8] treewide: use interface roles as basis for network configuration With the new role-based interface configuration, it would be better to rename the wan/wan6 interfaces to uplink/uplink6, but that would cause unnecessary churn for the firewall configuration, so it is left for a later update. As all interfaces with the 'uplink' role are in the br-wan bridge, it is not possible to assign these to the 'mesh' role independently - instead, br-wan is added as a mesh interface as soon as a single interface has both the 'uplink' and 'mesh' roles. The UCI section for this configuration is now called 'mesh_uplink' instead of 'mesh_wan'. For all interfaces that have the 'mesh', but not the 'uplink' role a second configuration 'mesh_other' is created. If there is more than one such interface, all these interfaces are bridged as well (creating a bridge 'br-mesh_other'). This replaces the 'mesh_lan' section with its optional 'br-mesh_lan' bridge, but can also include interfaces that were not considered "LAN" when interfaces roles are modified (via site.conf or manually). --- .../upgrade/300-gluon-client-bridge-network | 8 +--- .../luasrc/lib/gluon/upgrade/110-network | 4 +- .../lib/gluon/upgrade/210-interface-mesh | 48 +++++++++++++++++++ .../lib/gluon/upgrade/210-interface-wan | 25 ---------- .../lib/gluon/upgrade/220-interface-lan | 38 --------------- .../lib/gluon/upgrade/300-firewall-rules | 4 +- .../luasrc/usr/lib/lua/gluon/util.lua | 28 +++++++++++ .../330-gluon-mesh-batman-adv-mac-addresses | 4 +- 8 files changed, 85 insertions(+), 74 deletions(-) create mode 100755 package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-mesh delete mode 100755 package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-wan delete mode 100755 package/gluon-core/luasrc/lib/gluon/upgrade/220-interface-lan diff --git a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network index b344b2b3..3d4dbac3 100755 --- a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network +++ b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network @@ -6,12 +6,8 @@ local util = require 'gluon.util' local uci = require('simple-uci').cursor() -local interfaces = { 'local-port' } -if sysconfig.lan_ifname and uci:get_bool('network', 'mesh_lan', 'disabled') then - for lanif in sysconfig.lan_ifname:gmatch('%S+') do - util.add_to_set(interfaces, lanif) - end -end +local interfaces = util.get_role_interfaces(uci, 'client', true) +util.add_to_set(interfaces, 'local-port') uci:section('network', 'interface', 'client', { type = 'bridge', diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/110-network b/package/gluon-core/luasrc/lib/gluon/upgrade/110-network index 8903c126..ac084e6a 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/110-network +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/110-network @@ -1,7 +1,7 @@ #!/usr/bin/lua local uci = require('simple-uci').cursor() -local sysconfig = require 'gluon.sysconfig' +local util = require 'gluon.util' local wan = uci:get_all('network_gluon-old', 'wan') or {} local wan6 = uci:get_all('network_gluon-old', 'wan6') or {} @@ -18,7 +18,7 @@ uci:section('network', 'interface', 'wan', { ipaddr = wan.ipaddr, netmask = wan.netmask, gateway = wan.gateway, - ifname = sysconfig.wan_ifname, + ifname = util.get_role_interfaces(uci, 'uplink'), type = 'bridge', igmp_snooping = true, multicast_querier = false, diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-mesh b/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-mesh new file mode 100755 index 00000000..7e2f8471 --- /dev/null +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-mesh @@ -0,0 +1,48 @@ +#!/usr/bin/lua + +local site = require 'gluon.site' +local uci = require('simple-uci').cursor() +local util = require 'gluon.util' + +local mesh_interfaces = util.get_role_interfaces(uci, 'mesh') +local uplink_interfaces = util.get_role_interfaces(uci, 'uplink') + +local mesh_interfaces_uplink = {} +local mesh_interfaces_other = {} +for _, iface in ipairs(mesh_interfaces) do + if util.contains(uplink_interfaces, iface) then + table.insert(mesh_interfaces_uplink, iface) + else + table.insert(mesh_interfaces_other, iface) + end +end + +if #mesh_interfaces_uplink > 0 then + uci:section('network', 'interface', 'mesh_uplink', { + ifname = 'br-wan', + proto = 'gluon_wired', + index = 0, + vxlan = site.mesh.vxlan(true), + }) +end + +if #mesh_interfaces_other > 0 then + local iftype, ifname + if #mesh_interfaces_other == 1 then + ifname = mesh_interfaces_other[1] + else + iftype = 'bridge' + ifname = mesh_interfaces_other + end + + uci:section('network', 'interface', 'mesh_other', { + ifname = ifname, + type = iftype, + igmp_snooping = false, + proto = 'gluon_wired', + index = 4, + vxlan = site.mesh.vxlan(true), + }) +end + +uci:save('network') diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-wan b/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-wan deleted file mode 100755 index 4f24cbc4..00000000 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-wan +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/lua - -local site = require 'gluon.site' -local uci = require('simple-uci').cursor() - -local disabled = uci:get('network_gluon-old', 'mesh_wan', 'disabled') -if disabled == nil then - disabled = not site.mesh_on_wan(false) -end - -local transitive = uci:get('network_gluon-old', 'mesh_wan', 'transitive') -if transitive == nil then - transitive = true -end - -uci:section('network', 'interface', 'mesh_wan', { - ifname = 'br-wan', - proto = 'gluon_wired', - index = 0, - vxlan = site.mesh.vxlan(true), - disabled = disabled, - transitive = transitive, -}) - -uci:save('network') diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/220-interface-lan b/package/gluon-core/luasrc/lib/gluon/upgrade/220-interface-lan deleted file mode 100755 index cd38f804..00000000 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/220-interface-lan +++ /dev/null @@ -1,38 +0,0 @@ -#!/usr/bin/lua - -local site = require 'gluon.site' -local sysconfig = require 'gluon.sysconfig' - -local uci = require('simple-uci').cursor() - -if not sysconfig.lan_ifname then - os.exit(0) -end - -local type -if sysconfig.lan_ifname:match(' ') then - type = 'bridge' -end - -local disabled = uci:get('network_gluon-old', 'mesh_lan', 'disabled') -if disabled == nil then - disabled = not site.mesh_on_lan(false) -end - -local transitive = uci:get('network_gluon-old', 'mesh_lan', 'transitive') -if transitive == nil then - transitive = true -end - -uci:section('network', 'interface', 'mesh_lan', { - ifname = sysconfig.lan_ifname, - type = type, - igmp_snooping = false, - proto = 'gluon_wired', - index = 4, - vxlan = site.mesh.vxlan(true), - disabled = disabled, - transitive = transitive, -}) - -uci:save('network') diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/300-firewall-rules b/package/gluon-core/luasrc/lib/gluon/upgrade/300-firewall-rules index 605f6684..ef616aef 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/300-firewall-rules +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/300-firewall-rules @@ -86,9 +86,9 @@ local wired_mesh_ifaces = {} uci:foreach('network', 'interface', function(iface) -- Select all interfaces with proto gluon_wired except for - -- mesh_wan into this zone, as mesh_wan is the same + -- mesh_uplink into this zone, as mesh_uplink is the same -- interface as wan, which has its own zone - if iface['proto'] == 'gluon_wired' and iface['.name'] ~= 'mesh_wan' then + if iface['proto'] == 'gluon_wired' and iface['.name'] ~= 'mesh_uplink' then table.insert(wired_mesh_ifaces, iface['.name']) end end diff --git a/package/gluon-core/luasrc/usr/lib/lua/gluon/util.lua b/package/gluon-core/luasrc/usr/lib/lua/gluon/util.lua index 48b8340e..7152bc4d 100644 --- a/package/gluon-core/luasrc/usr/lib/lua/gluon/util.lua +++ b/package/gluon-core/luasrc/usr/lib/lua/gluon/util.lua @@ -138,6 +138,34 @@ function M.get_mesh_devices(uconn) return devices end +-- Returns a list of all interfaces with a given role +-- +-- If exclusive is set to true, only interfaces that have no other role +-- are returned; this is used to ensure that the client role is not active +-- at the same time as any other role +function M.get_role_interfaces(uci, role, exclusive) + local ret = {} + + local function add(name) + -- Interface names with a / prefix refer to sysconfig interfaces + -- (lan_ifname/wan_ifname/single_ifname) + if string.sub(name, 1, 1) == '/' then + name = sysconfig[string.sub(name, 2) .. '_ifname'] or '' + end + for iface in string.gmatch(name, '%S+') do + M.add_to_set(ret, iface) + end + end + + uci:foreach('gluon', 'interface', function(s) + if M.contains(s.role, role) and (not exclusive or #s.role == 1) then + add(s.name) + end + end) + + return ret +end + -- Safe glob: returns an empty table when the glob fails because of -- a non-existing path function M.glob(pattern) diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/330-gluon-mesh-batman-adv-mac-addresses b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/330-gluon-mesh-batman-adv-mac-addresses index 61153e10..09639e34 100755 --- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/330-gluon-mesh-batman-adv-mac-addresses +++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/330-gluon-mesh-batman-adv-mac-addresses @@ -9,5 +9,7 @@ local uci = require('simple-uci').cursor() if not site.mesh.vxlan(true) then uci:set('network', 'wan', 'macaddr', util.generate_mac(0)) end -uci:set('network', 'mesh_lan', 'macaddr', util.generate_mac(4)) +if uci:get('network', 'mesh_other') then + uci:set('network', 'mesh_other', 'macaddr', util.generate_mac(4)) +end uci:save('network') From 316e96a467cd98c93758eadddc8ea284e4939704 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Tue, 28 Dec 2021 20:47:26 +0100 Subject: [PATCH 5/8] gluon-core, gluon-setup-mode: reset ifname sysconfigs on each update, introduce single_ifname Allow interface names to change on updates to handle hwconfig -> DSA and similar migrations. On devices with only a single interface, a sysconfig single_ifname is created instead of wan_ifname or lan_ifname to allow separate configuration in site.conf. --- .../luasrc/lib/gluon/upgrade/020-interfaces | 20 +++++-------------- .../luasrc/lib/gluon/upgrade/320-setup-ifname | 9 ++------- 2 files changed, 7 insertions(+), 22 deletions(-) diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces b/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces index 56799616..b56a1e26 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces @@ -1,15 +1,7 @@ #!/usr/bin/lua -local sysconfig = require 'gluon.sysconfig' - --- Are we already set up? -if sysconfig.lan_ifname or sysconfig.wan_ifname then - os.exit(0) -end - - local platform = require 'gluon.platform' -local site = require 'gluon.site' +local sysconfig = require 'gluon.sysconfig' local json = require 'jsonc' local uci = require('simple-uci').cursor() @@ -69,13 +61,11 @@ end if wan_ifname and lan_ifname then sysconfig.wan_ifname = wan_ifname sysconfig.lan_ifname = lan_ifname + sysconfig.single_ifname = nil else - local single_ifname = lan_ifname or wan_ifname - if site.single_as_lan(false) then - sysconfig.lan_ifname = single_ifname - else - sysconfig.wan_ifname = single_ifname - end + sysconfig.wan_ifname = nil + sysconfig.lan_ifname = nil + sysconfig.single_ifname = lan_ifname or wan_ifname end diff --git a/package/gluon-setup-mode/luasrc/lib/gluon/upgrade/320-setup-ifname b/package/gluon-setup-mode/luasrc/lib/gluon/upgrade/320-setup-ifname index 53d60d1c..145d371e 100755 --- a/package/gluon-setup-mode/luasrc/lib/gluon/upgrade/320-setup-ifname +++ b/package/gluon-setup-mode/luasrc/lib/gluon/upgrade/320-setup-ifname @@ -3,13 +3,8 @@ local platform = require 'gluon.platform' local sysconfig = require 'gluon.sysconfig' - -if sysconfig.setup_ifname then - os.exit(0) -end - if platform.is_outdoor_device() then - sysconfig.setup_ifname = sysconfig.wan_ifname or sysconfig.lan_ifname + sysconfig.setup_ifname = sysconfig.single_ifname or sysconfig.wan_ifname else - sysconfig.setup_ifname = sysconfig.lan_ifname or sysconfig.wan_ifname + sysconfig.setup_ifname = sysconfig.single_ifname or sysconfig.lan_ifname end From 6dcee2e324bf9b2f1a49672d635808da6619c1b6 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 23 Jan 2022 17:34:29 +0100 Subject: [PATCH 6/8] gluon-web-network: update wired mesh settings for new role-based configuration --- package/gluon-web-network/i18n/de.po | 3 ++ package/gluon-web-network/i18n/fr.po | 3 ++ .../i18n/gluon-web-network.pot | 3 ++ .../gluon/config-mode/model/admin/network.lua | 47 ++++++++++--------- 4 files changed, 33 insertions(+), 23 deletions(-) diff --git a/package/gluon-web-network/i18n/de.po b/package/gluon-web-network/i18n/de.po index 4a6bc8b5..77b3a6a3 100644 --- a/package/gluon-web-network/i18n/de.po +++ b/package/gluon-web-network/i18n/de.po @@ -28,6 +28,9 @@ msgstr "PoE-Passthrough aktivieren" msgid "Enable PoE Power Port %s" msgstr "PoE-Ausgabe auf Port %s aktivieren" +msgid "Enable meshing on the Ethernet interface" +msgstr "Mesh auf dem Ethernet-Port aktivieren" + msgid "Enable meshing on the LAN interface" msgstr "Mesh auf dem LAN-Port aktivieren" diff --git a/package/gluon-web-network/i18n/fr.po b/package/gluon-web-network/i18n/fr.po index 292d6e25..97067343 100644 --- a/package/gluon-web-network/i18n/fr.po +++ b/package/gluon-web-network/i18n/fr.po @@ -28,6 +28,9 @@ msgstr "" msgid "Enable PoE Power Port %s" msgstr "" +msgid "Enable meshing on the Ethernet interface" +msgstr "" + msgid "Enable meshing on the LAN interface" msgstr "Activer le réseau MESH sur le port LAN" diff --git a/package/gluon-web-network/i18n/gluon-web-network.pot b/package/gluon-web-network/i18n/gluon-web-network.pot index 913b78b3..a75929df 100644 --- a/package/gluon-web-network/i18n/gluon-web-network.pot +++ b/package/gluon-web-network/i18n/gluon-web-network.pot @@ -19,6 +19,9 @@ msgstr "" msgid "Enable PoE Power Port %s" msgstr "" +msgid "Enable meshing on the Ethernet interface" +msgstr "" + msgid "Enable meshing on the LAN interface" msgstr "" diff --git a/package/gluon-web-network/luasrc/lib/gluon/config-mode/model/admin/network.lua b/package/gluon-web-network/luasrc/lib/gluon/config-mode/model/admin/network.lua index dab31ec0..df92c965 100644 --- a/package/gluon-web-network/luasrc/lib/gluon/config-mode/model/admin/network.lua +++ b/package/gluon-web-network/luasrc/lib/gluon/config-mode/model/admin/network.lua @@ -76,36 +76,37 @@ end s = f:section(Section) -local mesh_wan = s:option(Flag, "mesh_wan", translate("Enable meshing on the WAN interface")) -mesh_wan.default = not uci:get_bool("network", "mesh_wan", "disabled") +local wired_mesh_help = { + single = translate('Enable meshing on the Ethernet interface'), + wan = translate('Enable meshing on the WAN interface'), + lan = translate('Enable meshing on the LAN interface'), +} -function mesh_wan:write(data) - uci:set("network", "mesh_wan", "disabled", not data) -end +local function wired_mesh(iface) + if not sysconfig[iface .. '_ifname'] then return end + local iface_roles = uci:get_list('gluon', 'iface_' .. iface, 'role') -if sysconfig.lan_ifname then - s = f:section(Section) + local option = s:option(Flag, 'mesh_' .. iface, wired_mesh_help[iface]) + option.default = util.contains(iface_roles, 'mesh') ~= false - local mesh_lan = s:option(Flag, "mesh_lan", translate("Enable meshing on the LAN interface")) - mesh_lan.default = not uci:get_bool("network", "mesh_lan", "disabled") - - function mesh_lan:write(data) - uci:set("network", "mesh_lan", "disabled", not data) - - local interfaces = uci:get_list("network", "client", "ifname") - - for lanif in sysconfig.lan_ifname:gmatch('%S+') do - if data then - util.remove_from_set(interfaces, lanif) - else - util.add_to_set(interfaces, lanif) - end + function option:write(data) + local roles = uci:get_list('gluon', 'iface_' .. iface, 'role') + if data then + util.add_to_set(roles, 'mesh') + else + util.remove_from_set(roles, 'mesh') end + uci:set_list('gluon', 'iface_' .. iface, 'role', roles) - uci:set_list("network", "client", "ifname", interfaces) + -- Reconfigure on next reboot + uci:set('gluon', 'core', 'reconfigure', true) end end +wired_mesh('single') +wired_mesh('wan') +wired_mesh('lan') + local section uci:foreach("system", "gpio_switch", function(si) if si[".name"]:match("poe") then @@ -160,7 +161,7 @@ function f:write() uci:delete("network", "wan6", "ip6gw") end - + uci:commit('gluon') uci:commit("network") uci:commit('system') end From a671b5081c19707d1fc94f2ca8815d1a6ecf1c6c Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 23 Jan 2022 23:12:37 +0100 Subject: [PATCH 7/8] gluon-core: preserve explicitly marked network and system sections A section can be marked as preseved by setting the gluon_preserve option to 1. In addition the following conditions must hold: - The preserved section must not already exist after OpenWrt's and Gluons setup scripts run. Modifying existing sections is currently unsupported. - Preserved sections must be named, so it can be detected whether a section conflicts with a preexisting one. --- .../lib/gluon/upgrade/997-migrate-preserved | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100755 package/gluon-core/luasrc/lib/gluon/upgrade/997-migrate-preserved diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/997-migrate-preserved b/package/gluon-core/luasrc/lib/gluon/upgrade/997-migrate-preserved new file mode 100755 index 00000000..c40bbc9f --- /dev/null +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/997-migrate-preserved @@ -0,0 +1,19 @@ +#!/usr/bin/lua + +local uci = require('simple-uci').cursor() + +for _, config in ipairs({'system', 'network'}) do + uci:foreach(config .. '_gluon-old', nil, function(s) + if s.gluon_preserve ~= '1' then return end + + -- Unnamed sections can't be preserved + if s['.anonymous'] then return end + + -- We don't allow overwriting existing sections + if uci:get(config, s['.name']) then return end + + uci:section(config, s['.type'], s['.name'], s) + end) + + uci:save(config) +end From 210cacdf55d2a0017b7360dd059240033e2470e3 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 24 Jan 2022 00:18:02 +0100 Subject: [PATCH 8/8] docs: update for role-based interface configuration --- docs/dev/{wan.rst => uplink.rst} | 15 ++++++----- docs/features/multidomain.rst | 4 +-- docs/features/private-wlan.rst | 4 +-- docs/features/wired-mesh.rst | 4 +-- docs/index.rst | 2 +- docs/user/site.rst | 46 +++++++++++++++++++++++++++----- 6 files changed, 53 insertions(+), 22 deletions(-) rename docs/dev/{wan.rst => uplink.rst} (86%) diff --git a/docs/dev/wan.rst b/docs/dev/uplink.rst similarity index 86% rename from docs/dev/wan.rst rename to docs/dev/uplink.rst index ec9d942b..4d48168d 100644 --- a/docs/dev/wan.rst +++ b/docs/dev/uplink.rst @@ -1,5 +1,5 @@ -WAN support -=========== +Uplink support +============== As the WAN port of a node will be connected to a user's private network, it is essential that the node only uses the WAN when it is absolutely necessary. @@ -11,11 +11,12 @@ There are two cases in which the WAN port is used: After the VPN connection has been established, the node should be able to reach the mesh's DNS servers and use these for all other name resolution. -If the device does not feature a WAN port, the LAN port is configured as WAN port. -In case such a device has multiple LAN ports, all these can be used as WAN. -Devices, which feature a "hybrid" port (labelled as WAN/LAN), this port is used as WAN. - -This behavior can be reversed using the ``single_as_lan`` site.conf option. +If a device has only a single Ethernet port (or group of ports), it will be +used as an uplink port even when it is not labelled as "WAN" by default. This +behavior can be controlled using the ``interfaces.single.default_roles`` +site.conf option. It is also possible to alter the interface assignment after +installation by modifying ``/etc/config/gluon`` and running +``gluon-reconfigure``. Routing tables ~~~~~~~~~~~~~~ diff --git a/docs/features/multidomain.rst b/docs/features/multidomain.rst index 80cae0de..43f343bb 100644 --- a/docs/features/multidomain.rst +++ b/docs/features/multidomain.rst @@ -130,9 +130,7 @@ site.conf only variables - authorized_keys - default_domain - poe_passthrough - - mesh_on_wan - - mesh_on_lan - - single_as_lan + - interfaces.*.default_roles - setup_mode.skip - autoupdater.branch - mesh_vpn.enabled diff --git a/docs/features/private-wlan.rst b/docs/features/private-wlan.rst index 3c26c8f8..41664b73 100644 --- a/docs/features/private-wlan.rst +++ b/docs/features/private-wlan.rst @@ -1,8 +1,8 @@ Private WLAN ============ -It is possible to set up a private WLAN that bridges the WAN port and is separated from the mesh network. -Please note that you should not enable ``mesh_on_wan`` simultaneously. +It is possible to set up a private WLAN that bridges the uplink port and is separated from the mesh network. +Please note that you should not enable Wired Mesh on the uplink port at the same time. The private WLAN is encrypted using WPA2 by default. On devices with enough flash and a supported radio, WPA3 or WPA2/WPA3 mixed-mode can be used instead of WPA2. For this to work, the ``wireless-encryption-wpa3`` diff --git a/docs/features/wired-mesh.rst b/docs/features/wired-mesh.rst index 7f99c3c0..b48ec072 100644 --- a/docs/features/wired-mesh.rst +++ b/docs/features/wired-mesh.rst @@ -50,8 +50,8 @@ Configuration Both Mesh-on-WAN and Mesh-on-LAN can be configured on the "Network" page of the *Advanced settings* (if the package ``gluon-web-network`` is installed). -It is also possible to enable Mesh-on-WAN and Mesh-on-LAN by default by -adding ``mesh_on_wan = true`` and ``mesh_on_lan = true`` to ``site.conf``. +It is also possible to enable Mesh-on-WAN and Mesh-on-LAN by default by adding +the ``mesh`` role to the ``interfaces.*.default_roles`` options in site.conf. Commandline =========== diff --git a/docs/index.rst b/docs/index.rst index d8e39465..72648a9a 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -39,7 +39,7 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre dev/hardware dev/packages dev/upgrade - dev/wan + dev/uplink dev/mac_addresses dev/site_library dev/build diff --git a/docs/user/site.rst b/docs/user/site.rst index 79e7ca1e..5b2e0eeb 100644 --- a/docs/user/site.rst +++ b/docs/user/site.rst @@ -399,17 +399,49 @@ mesh_vpn }, } -mesh_on_wan \: optional - Enables the mesh on the WAN port (``true`` or ``false``). +interfaces \: optional + Default setup for Ethernet ports. :: - mesh_on_wan = true, + interfaces = { + lan = { + default_roles = { 'client', 'mesh' }, + }, + wan = { + default_roles = { 'uplink', 'mesh' }, + }, + single = { + default_roles = { 'uplink', 'mesh' }, + }, + }, -mesh_on_lan \: optional - Enables the mesh on the LAN port (``true`` or ``false``). - :: + For devices that have two distinct Ethernet ports or port groups (often + labelled WAN and LAN), the ``lan`` and ``wan`` sections are used. When there + is only one port (group), ``single`` is used instead. - mesh_on_lan = true, + Available interface roles: + + - ``client``: Port allows regular clients to connect to the mesh + - ``uplink``: Port is used to establish Mesh VPN connections + - ``mesh``: Wired meshing to another Gluon or Gluon-compatible node + + The ``client`` role requires exclusive control over an interface. When + the ``client`` role is assigned to an interface at the same time as other + roles (like ``'client', 'mesh'`` in the above example), the other roles take + precedence (enabling ``mesh``, but not ``client`` in the example). + + Such a default configuration still fulfills a purpose (and is in fact the + recommended way to enable "Mesh-on-LAN" by default): The "LAN interface + meshing" checkbox in the advanced network settings will only add or remove + the ``mesh`` role, so the ``client`` role must already be in the configuration + to make the LAN port a regular client interface when the checkbox is disabled. + + All interface settings are optional. If unset, the following defaults are + used: + + - ``lan``: ``{ 'client' }`` + - ``wan``: ``{ 'uplink' }`` + - ``single``: Same as ``wan`` poe_passthrough \: optional Enable PoE passthrough by default on hardware with such a feature.