Revision 3e798da2
Added by Jim Pingle over 2 years ago
| src/etc/rc.carpmaster | ||
|---|---|---|
| 52 | 52 |
} |
| 53 | 53 |
foreach ($vips as $vip) {
|
| 54 | 54 |
$notificationmsg = sprintf('HA cluster member "(%1$s@%2$s): (%3$s)" has resumed CARP state "MASTER" for vhid %4$s',
|
| 55 |
$vip['subnet'], $iface, $friendly_descr, $vhid);
|
|
| 55 |
$vip['subnet'], $iface, $friendly_descr, $vhid);
|
|
| 56 | 56 |
|
| 57 | 57 |
notify_all_remote($notificationmsg); |
| 58 | 58 |
log_error($notificationmsg); |
| ... | ... | |
| 62 | 62 |
/* Start OpenVPN clients running on this VIP, since they should be in the stopped state while the VIP is CARP Backup. */ |
| 63 | 63 |
global $config; |
| 64 | 64 |
$a_groups = return_gateway_groups_array(true); |
| 65 |
if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) {
|
|
| 66 |
foreach ($config['openvpn']['openvpn-client'] as $settings) {
|
|
| 67 |
if (substr($settings['interface'], 0, 4) == '_vip') {
|
|
| 68 |
$openvpn_vip = $settings['interface']; |
|
| 69 |
} else if (is_array($a_groups[$settings['interface']])) {
|
|
| 70 |
// interface is a gateway group, check CARP VIP |
|
| 71 |
if (substr($a_groups[$settings['interface']][0]['vip'], 0, 4) == '_vip') {
|
|
| 72 |
$openvpn_vip = $a_groups[$settings['interface']][0]['vip']; |
|
| 73 |
} |
|
| 74 |
} else {
|
|
| 75 |
// this OpenVPN instance not on a CARP IP |
|
| 65 |
|
|
| 66 |
foreach (array('server', 'client') as $mode) {
|
|
| 67 |
foreach (config_get_path("openvpn/openvpn-{$mode}", []) as $settings) {
|
|
| 68 |
if (empty($settings)) {
|
|
| 76 | 69 |
continue; |
| 77 | 70 |
} |
| 78 |
foreach ($vips as $vip) {
|
|
| 79 |
if ($openvpn_vip == "_vip{$vip['uniqid']}") {
|
|
| 80 |
log_error("Starting OpenVPN client instance on {$friendly_descr} because of transition to CARP master.");
|
|
| 81 |
openvpn_restart('client', $settings);
|
|
| 82 |
} |
|
| 83 |
} |
|
| 84 |
} |
|
| 85 |
} |
|
| 86 |
if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) {
|
|
| 87 |
foreach ($config['openvpn']['openvpn-server'] as $settings) {
|
|
| 88 | 71 |
if (substr($settings['interface'], 0, 4) == '_vip') {
|
| 89 | 72 |
$openvpn_vip = $settings['interface']; |
| 90 | 73 |
} else if (is_array($a_groups[$settings['interface']])) {
|
| 91 | 74 |
// interface is a gateway group, check CARP VIP |
| 92 |
if (substr($a_groups[$settings['interface']][0]['vip'], 0, 4) == '_vip') {
|
|
| 93 |
$openvpn_vip = $a_groups[$settings['interface']][0]['vip']; |
|
| 75 |
$vip = array_get_path($a_groups, "{$settings['interface']}/0/vip");
|
|
| 76 |
if (substr($vip, 0, 4) == '_vip') {
|
|
| 77 |
$openvpn_vip = $vip; |
|
| 94 | 78 |
} |
| 95 | 79 |
} else {
|
| 96 |
// this OpenVPN instance not on a CARP IP |
|
| 80 |
// this OpenVPN instance not on a CARP VIP
|
|
| 97 | 81 |
continue; |
| 98 | 82 |
} |
| 99 | 83 |
foreach ($vips as $vip) {
|
| 100 | 84 |
if ($openvpn_vip == "_vip{$vip['uniqid']}") {
|
| 101 |
log_error("Starting OpenVPN server instance on {$friendly_descr} because of transition to CARP master.");
|
|
| 102 |
openvpn_restart('server', $settings);
|
|
| 85 |
log_error("Starting OpenVPN {$mode} instance on {$friendly_descr} because of transition to CARP master.");
|
|
| 86 |
openvpn_restart($mode, $settings);
|
|
| 103 | 87 |
} |
| 104 | 88 |
} |
| 105 | 89 |
} |
| 106 | 90 |
} |
| 107 |
if (is_array($config['ipsec']) && is_array($config['ipsec']['phase1'])) {
|
|
| 108 |
foreach ($config['ipsec']['phase1'] as $ph1ent) {
|
|
| 109 |
if ((substr($ph1ent['interface'], 0, 4) == '_vip') && (in_array($ph1ent['interface'], $vips))) {
|
|
| 110 |
log_error("Reconfiguring IPsec because of transition to CARP master.");
|
|
| 111 |
ipsec_configure(); |
|
| 112 |
break; |
|
| 113 |
} |
|
| 91 |
|
|
| 92 |
foreach (config_get_path("ipsec/phase1", []) as $ph1ent) {
|
|
| 93 |
if (empty($ph1ent)) {
|
|
| 94 |
continue; |
|
| 95 |
} |
|
| 96 |
if ((substr($ph1ent['interface'], 0, 4) == '_vip') && (in_array($ph1ent['interface'], $vips))) {
|
|
| 97 |
log_error("Reconfiguring IPsec because of transition to CARP master.");
|
|
| 98 |
ipsec_configure(); |
|
| 99 |
break; |
|
| 114 | 100 |
} |
| 115 | 101 |
} |
| 116 | 102 |
|
| 117 | 103 |
/* Reconfigure radvd when necessary */ |
| 118 |
if (isset($config['dhcpdv6']) && is_array($config['dhcpdv6'])) {
|
|
| 119 |
$rafound = false; |
|
| 120 |
foreach ($config['dhcpdv6'] as $dhcpv6if => $dhcpv6ifconf) {
|
|
| 121 |
foreach ($vips as $vip) {
|
|
| 122 |
if ($dhcpv6ifconf['rainterface'] == "_vip{$vip['uniqid']}") {
|
|
| 123 |
log_error("Starting radvd instance on {$friendly_descr} because of transition to CARP master.");
|
|
| 124 |
$rafound = true; |
|
| 125 |
} |
|
| 126 |
} |
|
| 104 |
$rafound = false; |
|
| 105 |
foreach (config_get_path("dhcpdv6", []) as $dhcpv6if => $dhcpv6ifconf) {
|
|
| 106 |
if (empty($dhcpv6ifconf)) {
|
|
| 107 |
continue; |
|
| 127 | 108 |
} |
| 128 |
if ($rafound) {
|
|
| 129 |
services_radvd_configure(); |
|
| 109 |
foreach ($vips as $vip) {
|
|
| 110 |
if ($dhcpv6ifconf['rainterface'] == "_vip{$vip['uniqid']}") {
|
|
| 111 |
log_error("Starting radvd instance on {$friendly_descr} because of transition to CARP master.");
|
|
| 112 |
$rafound = true; |
|
| 113 |
} |
|
| 130 | 114 |
} |
| 131 | 115 |
} |
| 116 |
if ($rafound) {
|
|
| 117 |
services_radvd_configure(); |
|
| 118 |
} |
|
| 132 | 119 |
|
| 133 | 120 |
/* Reconfigure DHCP Relay when necessary */ |
| 134 |
if (isset($config['dhcrelay']) && is_array($config['dhcrelay']) && isset($config['dhcrelay']['enable']) &&
|
|
| 135 |
isset($config['dhcrelay']['carpstatusvip']) && ($config['dhcrelay']['carpstatusvip'] == "_vip{$vip['uniqid']}")) {
|
|
| 121 |
if (config_path_enabled('dhcrelay') &&
|
|
| 122 |
(config_get_path('dhcrelay/carpstatusvip') == "_vip{$vip['uniqid']}")) {
|
|
| 136 | 123 |
log_error("Starting DHCP Relay service because of transition to CARP master.");
|
| 137 | 124 |
services_dhcrelay_configure(); |
| 138 | 125 |
} |
| 139 | 126 |
|
| 140 | 127 |
/* Reconfigure DHCPv6 Relay when necessary */ |
| 141 |
if (isset($config['dhcrelay6']) && is_array($config['dhcrelay6']) && isset($config['dhcrelay6']['enable']) &&
|
|
| 142 |
isset($config['dhcrelay6']['carpstatusvip']) && ($config['dhcrelay6']['carpstatusvip'] == "_vip{$vip['uniqid']}")) {
|
|
| 128 |
if (config_path_enabled('dhcrelay6') &&
|
|
| 129 |
(config_get_path('dhcrelay6/carpstatusvip') == "_vip{$vip['uniqid']}")) {
|
|
| 143 | 130 |
log_error("Starting DHCPv6 Relay service because of transition to CARP master.");
|
| 144 | 131 |
services_dhcrelay6_configure(); |
| 145 | 132 |
} |
| 146 | 133 |
|
| 147 | 134 |
/* Reconfigure captive portal when necessary : |
| 148 | 135 |
If we are the primary node, and we are switching back from backup to master : Get user list from the backup node */ |
| 149 |
if (!empty($config['captiveportal']) && is_array($config['hasync']) && !empty($config['hasync']['synchronizetoip']) && |
|
| 150 |
$config['hasync']['synchronizecaptiveportal'] != "") {
|
|
| 151 |
if (empty($config['hasync']['username'])) {
|
|
| 136 |
if (!empty(config_get_path('captiveportal')) &&
|
|
| 137 |
!empty(config_get_path('hasync/synchronizetoip')) &&
|
|
| 138 |
!empty(config_get_path('hasync/synchronizecaptiveportal'))) {
|
|
| 139 |
$xmlrpc_username = config_get_path('hasync/username');
|
|
| 140 |
if (empty($xmlrpc_username)) {
|
|
| 152 | 141 |
$xmlrpc_username = "admin"; |
| 153 |
} else {
|
|
| 154 |
$xmlrpc_username = $config['hasync']['username']; |
|
| 155 | 142 |
} |
| 156 |
$xmlrpc_port = $config['system']['webgui']['port'];
|
|
| 143 |
$xmlrpc_port = config_get_path('system/webgui/port');
|
|
| 157 | 144 |
if (empty($xmlrpc_port)) {
|
| 158 |
if ($config['system']['webgui']['protocol'] == "http") {
|
|
| 145 |
if (config_get_path('system/webgui/protocol') == "http") {
|
|
| 159 | 146 |
$xmlrpc_port = "80"; |
| 160 | 147 |
} else {
|
| 161 | 148 |
$xmlrpc_port = "443"; |
| 162 | 149 |
} |
| 163 | 150 |
} |
| 164 | 151 |
|
| 165 |
foreach ($config['captiveportal'] as $cpzone=>$cp) {
|
|
| 152 |
foreach (array_keys(config_get_path('captiveportal')) as $cpzone) {
|
|
| 166 | 153 |
$rpc_client = new pfsense_xmlrpc_client(); |
| 167 |
$rpc_client->setConnectionData($config['hasync']['synchronizetoip'], $xmlrpc_port, $xmlrpc_username, $config['hasync']['password']);
|
|
| 154 |
$rpc_client->setConnectionData(config_get_path('hasync/synchronizetoip'), $xmlrpc_port, $xmlrpc_username, config_get_path('hasync/password'));
|
|
| 168 | 155 |
$resp = $rpc_client->xmlrpc_method('captive_portal_sync', array('op' => 'get_databases', 'zone' => $cpzone));
|
| 169 | 156 |
|
| 170 |
if (is_array($resp)) { // $resp will be an array only if the communication was successful
|
|
| 157 |
if (is_array($resp) || !empty($resp)) { // $resp will be an array only if the communication was successful
|
|
| 171 | 158 |
// Contains array of connected users (will be stored in SQLite DB) |
| 172 | 159 |
$connected_users = unserialize(base64_decode($resp['connected_users'])); |
| 173 | 160 |
// Contains array of active vouchers (will be stored in active vouchers db) |
| ... | ... | |
| 184 | 171 |
} |
| 185 | 172 |
captiveportal_free_dnrules(); |
| 186 | 173 |
|
| 187 |
foreach ($connected_users as $id => $user) {
|
|
| 174 |
foreach ($connected_users as $user) {
|
|
| 175 |
if (!is_array($user) || empty($user)) {
|
|
| 176 |
continue; |
|
| 177 |
} |
|
| 188 | 178 |
$pipeno = captiveportal_get_next_dn_ruleno('auth');
|
| 189 | 179 |
$attributes = array(); |
| 190 | 180 |
$attributes['allow_time'] = $user['allow_time']; |
Also available in: Unified diff
Fix PHP8 issues in rc.openvpn and rc.carp*