gluon-mesh-vpn-fastd: add site.conf options for fastd peer upgrade
This commit introduces two additional fastd site.conf options: `sysupgrade_remove_old_peers` removes peer and peer group entries existing from an old configuration except those which were defined using the node2node VPN feature after a sysupgrade. `sysupgrade_remove_n2n_peers` removes existing peer and peer group entries which were defined using the node2node VPN feature (which have 'n2n_vpn' in their name) after a sysupgrade.
This commit is contained in:
Vincent Wiemann
parent
f52bd99e71
commit
eaa110fc5a
@ -292,6 +292,13 @@ mesh_vpn
|
|||||||
|
|
||||||
You can set syslog_level from verbose (default) to warn to reduce syslog output.
|
You can set syslog_level from verbose (default) to warn to reduce syslog output.
|
||||||
|
|
||||||
|
While performing a sysupgrade fastd retains existing peer group and peer configurations to allow
|
||||||
|
incremental addition of peers and peer groups by default. This behaviour might be unwanted.
|
||||||
|
To make sure that fastd's peers and peer groups from previous firmware versions are removed
|
||||||
|
(except those defined by the node2node VPN feature) set `sysupgrade_remove_old_peers` to `true`.
|
||||||
|
To remove peers and groups defined by the node2node VPN feature (which have ``n2n_vpn`` in their
|
||||||
|
names) set `sysupgrade_remove_n2n_peers` to `true`.
|
||||||
|
|
||||||
The `tunneldigger` section is used to define the *tunneldigger* broker list.
|
The `tunneldigger` section is used to define the *tunneldigger* broker list.
|
||||||
|
|
||||||
**Note:** It doesn't make sense to include both `fastd` and `tunneldigger`
|
**Note:** It doesn't make sense to include both `fastd` and `tunneldigger`
|
||||||
@ -313,6 +320,8 @@ mesh_vpn
|
|||||||
methods = {'salsa2012+umac'},
|
methods = {'salsa2012+umac'},
|
||||||
-- configurable = true,
|
-- configurable = true,
|
||||||
-- syslog_level = 'warn',
|
-- syslog_level = 'warn',
|
||||||
|
-- sysupgrade_remove_old_peers = false,
|
||||||
|
-- sysupgrade_remove_n2n_peers = false,
|
||||||
groups = {
|
groups = {
|
||||||
backbone = {
|
backbone = {
|
||||||
-- Limit number of connected peers from this group
|
-- Limit number of connected peers from this group
|
||||||
|
|||||||
@ -1,6 +1,8 @@
|
|||||||
local fastd_methods = {'salsa2012+gmac', 'salsa2012+umac', 'null+salsa2012+gmac', 'null+salsa2012+umac', 'null'}
|
local fastd_methods = {'salsa2012+gmac', 'salsa2012+umac', 'null+salsa2012+gmac', 'null+salsa2012+umac', 'null'}
|
||||||
need_array_of({'mesh_vpn', 'fastd', 'methods'}, fastd_methods)
|
need_array_of({'mesh_vpn', 'fastd', 'methods'}, fastd_methods)
|
||||||
need_boolean(in_site({'mesh_vpn', 'fastd', 'configurable'}), false)
|
need_boolean(in_site({'mesh_vpn', 'fastd', 'configurable'}), false)
|
||||||
|
need_boolean('mesh_vpn.fastd.sysupgrade_remove_old_peers', false)
|
||||||
|
need_boolean('mesh_vpn.fastd.sysupgrade_remove_n2n_peers', false)
|
||||||
|
|
||||||
need_one_of(in_site({'mesh_vpn', 'fastd', 'syslog_level'}), {'error', 'warn', 'info', 'verbose', 'debug', 'debug2'}, false)
|
need_one_of(in_site({'mesh_vpn', 'fastd', 'syslog_level'}), {'error', 'warn', 'info', 'verbose', 'debug', 'debug2'}, false)
|
||||||
|
|
||||||
|
|||||||
@ -92,6 +92,63 @@ function add_groups(prefix, groups, parent)
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
-- Checks if a peer or peer group entry belongs to the node2node VPN feature
|
||||||
|
local function is_n2n(gp)
|
||||||
|
if gp and gp['.name']:find('n2n_vpn') then return true end
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
--- Determine peers and peer groups from the old configuration that can be removed
|
||||||
|
-- @param group Peer group as returned by uci:foreach or 'nil' for ALL
|
||||||
|
-- @param deln2n Set 'true' for adding node2node VPN groups else 'false'
|
||||||
|
-- @return Array with first index being boolean indicating whether
|
||||||
|
-- any n2n peer groups have been restrained and second
|
||||||
|
-- being an array with the names of the items to delete.
|
||||||
|
local function get_delgroups(group, deln2n)
|
||||||
|
if not deln2n and is_n2n(group) then
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
local group_empty = true
|
||||||
|
local dellist = {}
|
||||||
|
|
||||||
|
if group then
|
||||||
|
uci:foreach('fastd', 'peer', function(peer)
|
||||||
|
if peer.group == group['.name'] then
|
||||||
|
if not deln2n and is_n2n(peer) then
|
||||||
|
group_empty = false
|
||||||
|
else
|
||||||
|
table.insert(dellist, peer['.name'])
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end)
|
||||||
|
end
|
||||||
|
|
||||||
|
uci:foreach('fastd', 'peer_group', function(gr)
|
||||||
|
if gr.parent == group or gr.parent == group['.name'] then
|
||||||
|
local ret = get_delgroups(gr, deln2n)
|
||||||
|
for _, v in pairs(ret[2]) do table.insert(dellist, v) end
|
||||||
|
if ret[1] then
|
||||||
|
table.insert(dellist, gr['.name'])
|
||||||
|
else
|
||||||
|
group_empty = false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end)
|
||||||
|
|
||||||
|
return {group_empty, dellist}
|
||||||
|
end
|
||||||
|
|
||||||
|
if site.mesh_vpn.fastd.sysupgrade_remove_old_peers then
|
||||||
|
local del = get_delgroups(nil, site.mesh_vpn.fastd.sysupgrade_remove_n2n_peers)
|
||||||
|
for _, v in pairs(del[2]) do uci:delete('fastd', v) end
|
||||||
|
elseif site.mesh_vpn.fastd.sysupgrade_remove_n2n_peers then
|
||||||
|
uci:delete_all('fastd', 'peer', is_n2n)
|
||||||
|
uci:delete_all('fastd', 'peer_group', is_n2n)
|
||||||
|
end
|
||||||
|
|
||||||
add_groups('mesh_vpn', site.mesh_vpn.fastd.groups())
|
add_groups('mesh_vpn', site.mesh_vpn.fastd.groups())
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user