/src/etc/rc.carpmaster - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/rc.carpmaster @ 595ae1aa

1	cb7d18d5	Renato Botelho	#!/usr/local/bin/php-cgi -f
2	ae75bcb4	Scott Ullrich	<?php
3			/*
4	ac24dc24	Renato Botelho	* rc.carpmaster
5			*
6			* part of pfSense (https://www.pfsense.org)
7	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
8			* Copyright (c) 2013-2016 Electric Sheep Fencing
9	0284d79e	jim-p	* Copyright (c) 2014-2020 Rubicon Communications, LLC (Netgate)
10	ac24dc24	Renato Botelho	* All rights reserved.
11			*
12	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
13			* you may not use this file except in compliance with the License.
14			* You may obtain a copy of the License at
15	ac24dc24	Renato Botelho	*
16	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
17	ac24dc24	Renato Botelho	*
18	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
19			* distributed under the License is distributed on an "AS IS" BASIS,
20			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21			* See the License for the specific language governing permissions and
22			* limitations under the License.
23	ac24dc24	Renato Botelho	*/
24	ae75bcb4	Scott Ullrich
25			require_once("functions.inc");
26			require_once("config.inc");
27			require_once("notices.inc");
28	9ea0cb90	jim-p	require_once("openvpn.inc");
29	e3449857	PiBa-NL	require_once("interfaces.inc");
30	0eae38cd	Augustin-FL	require_once("captiveportal.inc");
31	ae75bcb4	Scott Ullrich
32	7de4474e	Luiz Otavio O Souza	if (isset($_GET['interface'])) {
33	815f1f77	Ermal	$argument = $_GET['interface'];
34	e173dd74	Phil Davis	} else {
35	815f1f77	Ermal	$argument = str_replace("\n", "", $argv[1]);
36	e173dd74	Phil Davis	}
37	de9df940	jim-p	$argument = ltrim($argument, '$');
38	e173dd74	Phil Davis	if (!strstr($argument, "@")) {
39	10e58a70	Chris Buechler	log_error("CARP master event triggered from wrong source {$argument}");
40	7de4474e	Luiz Otavio O Souza	exit;
41	e173dd74	Phil Davis	}
42	77411fa7	Ermal
43			list($vhid, $iface) = explode("@", $argument);
44
45			$friendly = convert_real_interface_to_friendly_interface_name($iface);
46	34cd5348	Chris Buechler	$friendly_descr = convert_friendly_interface_to_friendly_descr($friendly);
47			$vips = link_interface_to_vips($friendly, '', $vhid);
48	7de4474e	Luiz Otavio O Souza	if (!is_array($vips)) {
49			log_error("CARP master event triggered from wrong source {$argument} - no associated VIPs");
50			exit;
51			}
52	34cd5348	Chris Buechler	foreach ($vips as $vip) {
53	7de4474e	Luiz Otavio O Souza	$notificationmsg = sprintf('HA cluster member "(%1$s@%2$s): (%3$s)" has resumed CARP state "MASTER" for vhid %4$s',
54			$vip['subnet'], $iface, $friendly_descr, $vhid);
55	ae75bcb4	Scott Ullrich
56	34cd5348	Chris Buechler	notify_via_smtp($notificationmsg);
57			log_error($notificationmsg);
58			}
59	a9a74b49	Luiz Souza	restart_ppp_interfaces_using_interfaces($vips);
60	ae75bcb4	Scott Ullrich
61	9ea0cb90	jim-p	/* Start OpenVPN clients running on this VIP, since they should be in the stopped state while the VIP is CARP Backup. */
62			global $config;
63	43a9b03d	PiBa-NL	$a_groups = return_gateway_groups_array(true);
64	2156f02a	jim-p	if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) {
65			foreach ($config['openvpn']['openvpn-client'] as $settings) {
66	d20dd658	Chris Buechler	if (substr($settings['interface'], 0, 4) == '_vip') {
67			$openvpn_vip = $settings['interface'];
68			} else if (is_array($a_groups[$settings['interface']])) {
69			// interface is a gateway group, check CARP VIP
70			if (substr($a_groups[$settings['interface']][0]['vip'], 0, 4) == '_vip') {
71			$openvpn_vip = $a_groups[$settings['interface']][0]['vip'];
72			}
73			} else {
74			// this OpenVPN instance not on a CARP IP
75			continue;
76			}
77	34cd5348	Chris Buechler	foreach ($vips as $vip) {
78	d20dd658	Chris Buechler	if ($openvpn_vip == "_vip{$vip['uniqid']}") {
79	89f171b0	Ermal LUÇI	log_error("Starting OpenVPN client instance on {$friendly_descr} because of transition to CARP master.");
80			openvpn_restart('client', $settings);
81			}
82	2156f02a	jim-p	}
83	9ea0cb90	jim-p	}
84			}
85	e61a6db2	jim-p	if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) {
86			foreach ($config['openvpn']['openvpn-server'] as $settings) {
87	f003f8db	jim-p	if (substr($settings['interface'], 0, 4) == '_vip') {
88			$openvpn_vip = $settings['interface'];
89			} else if (is_array($a_groups[$settings['interface']])) {
90			// interface is a gateway group, check CARP VIP
91			if (substr($a_groups[$settings['interface']][0]['vip'], 0, 4) == '_vip') {
92			$openvpn_vip = $a_groups[$settings['interface']][0]['vip'];
93			}
94			} else {
95			// this OpenVPN instance not on a CARP IP
96			continue;
97			}
98	7de4474e	Luiz Otavio O Souza	foreach ($vips as $vip) {
99	f003f8db	jim-p	if ($openvpn_vip == "_vip{$vip['uniqid']}") {
100			log_error("Starting OpenVPN server instance on {$friendly_descr} because of transition to CARP master.");
101	7de4474e	Luiz Otavio O Souza	openvpn_restart('server', $settings);
102			}
103	e173dd74	Phil Davis	}
104			}
105	52b5a223	Renato Botelho	}
106
107	fcac6e87	Chris Buechler	/* Reconfigure radvd when necessary */
108			if (isset($config['dhcpdv6']) && is_array($config['dhcpdv6'])) {
109			$rafound = false;
110			foreach ($config['dhcpdv6'] as $dhcpv6if => $dhcpv6ifconf) {
111			foreach ($vips as $vip) {
112			if ($dhcpv6ifconf['rainterface'] == "_vip{$vip['uniqid']}") {
113			log_error("Starting radvd instance on {$friendly_descr} because of transition to CARP master.");
114			$rafound = true;
115			}
116			}
117			}
118			if ($rafound) {
119			services_radvd_configure();
120			}
121			}
122
123	0eae38cd	Augustin-FL	/* Reconfigure captive portal when necessary :
124			If we are the primary node, and we are switching back from backup to master : Get user list from the backup node */
125			if (!empty($config['captiveportal']) && is_array($config['hasync']) && !empty($config['hasync']['synchronizetoip']) &&
126			$config['hasync']['synchronizecaptiveportal'] != "") {
127			if (empty($config['hasync']['username'])) {
128			$xmlrpc_username = "admin";
129			} else {
130			$xmlrpc_username = $config['hasync']['username'];
131			}
132			$xmlrpc_port = $config['system']['webgui']['port'];
133			if (empty($port)) {
134			if ($config['system']['webgui']['protocol'] == "http") {
135			$xmlrpc_port = "80";
136			} else {
137			$xmlrpc_port = "443";
138			}
139			}
140
141			foreach ($config['captiveportal'] as $cpzone=>$cp) {
142			$rpc_client = new pfsense_xmlrpc_client();
143			$rpc_client->setConnectionData($config['hasync']['synchronizetoip'], $xmlrpc_port, $xmlrpc_username, $config['hasync']['password']);
144			$resp = $rpc_client->xmlrpc_method('captive_portal_sync', array('op' => 'get_databases', 'zone' => $cpzone));
145
146	a81a6edc	Viktor G	if (is_array($resp)) { // $resp will be an array only if the communication was successful
147	0eae38cd	Augustin-FL	// Contains array of connected users (will be stored in SQLite DB)
148			$connected_users = unserialize(base64_decode($resp['connected_users']));
149			// Contains array of active vouchers (will be stored in active vouchers db)
150			$active_vouchers = unserialize(base64_decode($resp['active_vouchers']));
151			// Contain bitmask of both in use and expired vouchers (will be stored in "used vouchers" db)
152			$expired_vouchers = unserialize(base64_decode($resp['expired_vouchers']));
153	a81a6edc	Viktor G	// Contains array of usedmacs (will be stored in usedmacs db)
154			$usedmacs = unserialize(base64_decode($resp['usedmacs']));
155	0eae38cd	Augustin-FL
156			$cpdb = captiveportal_read_db();
157			$unsetindexes = array_column($cpdb, 5);
158			if (!empty($unsetindexes)) {
159			captiveportal_remove_entries($unsetindexes, true); // true: prevent carp loop
160			}
161			captiveportal_free_dnrules();
162
163			foreach ($connected_users as $id => $user) {
164			$pipeno = captiveportal_get_next_dn_ruleno('auth');
165			$attributes = array();
166			$attributes['allow_time'] = $user['allow_time'];
167			$attributes['session_timeout'] = $user['session_timeout'];
168			$attributes['idle_timeout'] = $user['idle_timeout'];
169			$attributes['session_terminate_time'] = $user['session_terminate_time'];
170			$attributes['interim_interval'] = $user['interim_interval'];
171			$attributes['maxbytes'] = $user['traffic_quota'];
172
173			portal_allow($user['ip'], $user['mac'], $user['username'], base64_decode($user['bpassword']), null,
174			$attributes, $pipeno, $user['authmethod'], $user['context'], $user['sessionid'], true);
175			}
176			foreach ($expired_vouchers as $roll => $vdb) {
177			voucher_write_used_db($roll, $vdb);
178			}
179			foreach ($active_vouchers as $roll => $vouchers) {
180			voucher_write_active_db($roll, $vouchers);
181			}
182	a81a6edc	Viktor G	captiveportal_write_usedmacs_db($usedmacs);
183	0eae38cd	Augustin-FL	}
184	a81a6edc	Viktor G	captiveportal_syslog(sprintf(gettext('Connected users, used vouchers and used MACs have been synchronized from %1$s'), $config['hasync']['synchronizetoip']));
185	0eae38cd	Augustin-FL	}
186			}
187			openlog("", LOG_PID, LOG_LOCAL0);
188	eaee3af6	PiBa-NL	$pluginparams = array();
189			$pluginparams['type'] = 'carp';
190			$pluginparams['event'] = 'rc.carpmaster';
191	eda14265	jim-p	$pluginparams['interface'] = $argument;
192	331166a8	PiBa-NL	pkg_call_plugins('plugin_carp', $pluginparams);
193	eaee3af6	PiBa-NL
194	34cd5348	Chris Buechler	?>

Project

General

Profile

pfSense