Revision 5ed254c4
Added by Reid Linnemann over 2 years ago
| src/etc/rc.filter_synchronize | ||
|---|---|---|
| 30 | 30 |
|
| 31 | 31 |
require_once("globals.inc");
|
| 32 | 32 |
require_once("config.inc");
|
| 33 |
require_once("config.lib.inc");
|
|
| 33 | 34 |
require_once("functions.inc");
|
| 34 | 35 |
require_once("filter.inc");
|
| 35 | 36 |
require_once("shaper.inc");
|
| ... | ... | |
| 40 | 41 |
* the configuration section |
| 41 | 42 |
*/ |
| 42 | 43 |
function backup_vip_config_section() {
|
| 43 |
global $config; |
|
| 44 |
|
|
| 45 | 44 |
$temp = array(); |
| 46 | 45 |
$temp['vip'] = array(); |
| 47 | 46 |
|
| 48 |
if (!is_array($config['virtualip']['vip'])) {
|
|
| 49 |
return $temp; |
|
| 50 |
} |
|
| 51 |
|
|
| 52 |
foreach ($config['virtualip']['vip'] as $section) {
|
|
| 47 |
foreach (config_get_path('virtualip/vip', []) as $section) {
|
|
| 53 | 48 |
if (($section['mode'] == 'proxyarp' || $section['mode'] == 'ipalias') && |
| 54 | 49 |
(strpos($section['interface'], '_vip') === FALSE) && |
| 55 | 50 |
(strpos($section['interface'], 'lo0') === FALSE)) {
|
| ... | ... | |
| 76 | 71 |
} |
| 77 | 72 |
|
| 78 | 73 |
function carp_check_version($rpc_client) {
|
| 79 |
global $config, $g;
|
|
| 74 |
global $g; |
|
| 80 | 75 |
|
| 81 | 76 |
if (file_exists("{$g['varrun_path']}/booting") || platform_booting()) {
|
| 82 | 77 |
return; |
| 83 | 78 |
} |
| 84 | 79 |
|
| 85 | 80 |
$resp = $rpc_client->xmlrpc_method('host_firmware_version');
|
| 86 |
|
|
| 87 |
log_error(sprintf(gettext("XMLRPC versioncheck: ").$resp['config_version'] ." -- ". $config['version']));
|
|
| 81 |
$ver = config_get_path('version');
|
|
| 82 |
log_error(sprintf(gettext("XMLRPC versioncheck: ").$resp['config_version'] ." -- ". $ver));
|
|
| 88 | 83 |
if (!isset($resp['config_version'])) {
|
| 89 | 84 |
update_filter_reload_status("The {$g['product_label']} software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!");
|
| 90 | 85 |
log_error("The {$g['product_label']} software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!");
|
| 91 | 86 |
return false; |
| 92 |
} elseif ($resp['config_version'] != $config['version']) {
|
|
| 87 |
} elseif ($resp['config_version'] != $ver) {
|
|
| 93 | 88 |
update_filter_reload_status("The other member is on a different configuration version of {$g['product_label']}. Sync will not be done to prevent problems!");
|
| 94 | 89 |
log_error("The other member is on a different configuration version of {$g['product_label']}. Sync will not be done to prevent problems!");
|
| 95 | 90 |
return false; |
| ... | ... | |
| 110 | 105 |
$config_copy = $config; |
| 111 | 106 |
|
| 112 | 107 |
/* strip out nosync items */ |
| 113 |
if (is_array($config_copy['nat']['outbound']['rule'])) {
|
|
| 114 |
$rulescnt = count($config_copy['nat']['outbound']['rule']); |
|
| 115 |
for ($x = 0; $x < $rulescnt; $x++) {
|
|
| 116 |
if (isset ($config_copy['nat']['outbound']['rule'][$x]['nosync'])) {
|
|
| 117 |
unset ($config_copy['nat']['outbound']['rule'][$x]); |
|
| 118 |
} |
|
| 119 |
} |
|
| 120 |
} |
|
| 121 |
if (is_array($config_copy['nat']['rule'])) {
|
|
| 122 |
$natcnt = count($config_copy['nat']['rule']); |
|
| 123 |
for ($x = 0; $x < $natcnt; $x++) {
|
|
| 124 |
if (isset ($config_copy['nat']['rule'][$x]['nosync'])) {
|
|
| 125 |
unset ($config_copy['nat']['rule'][$x]); |
|
| 126 |
} |
|
| 127 |
} |
|
| 128 |
} |
|
| 129 |
if (is_array($config_copy['filter']['rule'])) {
|
|
| 130 |
$filtercnt = count($config_copy['filter']['rule']); |
|
| 131 |
for ($x = 0; $x < $filtercnt; $x++) {
|
|
| 132 |
if (isset ($config_copy['filter']['rule'][$x]['nosync'])) {
|
|
| 133 |
unset ($config_copy['filter']['rule'][$x]); |
|
| 134 |
} |
|
| 135 |
} |
|
| 136 |
} |
|
| 137 |
if (is_array($config_copy['aliases']['alias'])) {
|
|
| 138 |
$aliascnt = count($config_copy['aliases']['alias']); |
|
| 139 |
for ($x = 0; $x < $aliascnt; $x++) {
|
|
| 140 |
if (isset ($config_copy['aliases']['alias'][$x]['nosync'])) {
|
|
| 141 |
unset ($config_copy['aliases']['alias'][$x]); |
|
| 142 |
} |
|
| 143 |
} |
|
| 144 |
} |
|
| 145 |
if (is_array($config_copy['dnsmasq']['hosts'])) {
|
|
| 146 |
$dnscnt = count($config_copy['dnsmasq']['hosts']); |
|
| 147 |
for ($x = 0; $x < $dnscnt; $x++) {
|
|
| 148 |
if (isset ($config_copy['dnsmasq']['hosts'][$x]['nosync'])) {
|
|
| 149 |
unset ($config_copy['dnsmasq']['hosts'][$x]); |
|
| 150 |
} |
|
| 151 |
} |
|
| 152 |
} |
|
| 153 |
if (is_array($config_copy['ipsec']['tunnel'])) {
|
|
| 154 |
$ipseccnt = count($config_copy['ipsec']['tunnel']); |
|
| 155 |
for ($x = 0; $x < $ipseccnt; $x++) {
|
|
| 156 |
if (isset ($config_copy['ipsec']['tunnel'][$x]['nosync'])) {
|
|
| 157 |
unset ($config_copy['ipsec']['tunnel'][$x]); |
|
| 158 |
} |
|
| 108 |
$nosyncs = [ |
|
| 109 |
'nat/outbound/rule', |
|
| 110 |
'nat/rule', |
|
| 111 |
'filter/rule', |
|
| 112 |
'aliases/alias', |
|
| 113 |
'dnsmasq/hosts', |
|
| 114 |
'ipsec/tunnel', |
|
| 115 |
]; |
|
| 116 |
foreach ($nosyncs as $path) {
|
|
| 117 |
$sect = array_get_path($config_copy, $path); |
|
| 118 |
if (!$sect) {
|
|
| 119 |
continue; |
|
| 159 | 120 |
} |
| 121 |
array_set_path($config_copy, $path, |
|
| 122 |
array_filter($sect, |
|
| 123 |
function ($v) {
|
|
| 124 |
return (!array_path_enabled($v, 'nosync')); |
|
| 125 |
})); |
|
| 160 | 126 |
} |
| 161 | 127 |
|
| 162 |
if (is_array($config_copy['dhcpd'])) {
|
|
| 163 |
foreach ($config_copy['dhcpd'] as $dhcpif => $dhcpifconf) {
|
|
| 164 |
if (($dhcpifconf['failover_peerip'] <> "") && |
|
| 165 |
(isset($config_copy['interfaces'][$dhcpif]['ipaddr']))) {
|
|
| 166 |
$config_copy['dhcpd'][$dhcpif]['failover_peerip'] = $config_copy['interfaces'][$dhcpif]['ipaddr']; |
|
| 167 |
} |
|
| 128 |
foreach (config_get_path('dhcpd', []) as $dhcpif => $dhcpifconf) {
|
|
| 129 |
$dhcpif_addr = array_get_path($config, "interfaces/{$dhcpif}/ipaddr");
|
|
| 130 |
if (($dhcpifconf['failover_peerip'] <> "") && |
|
| 131 |
$dhcpif_addr != null) {
|
|
| 132 |
array_set_path($config_copy, "dhcpd/{$dhcpif}/failover_peerip", $dhcpif_addr);
|
|
| 168 | 133 |
} |
| 169 | 134 |
} |
| 170 | 135 |
|
| ... | ... | |
| 176 | 141 |
*/ |
| 177 | 142 |
switch ($section) {
|
| 178 | 143 |
case 'virtualip': |
| 179 |
$xml[$section] = backup_vip_config_section();
|
|
| 144 |
array_set_path($xml, $section, backup_vip_config_section());
|
|
| 180 | 145 |
break; |
| 181 | 146 |
case 'user': |
| 182 |
$xml['system'][$section] = $config_copy['system'][$section];
|
|
| 183 |
$xml['system']['nextuid'] = $config_copy['system']['nextuid'];
|
|
| 147 |
array_set_path($xml, "system/{$section}", array_get_path($config_copy, "system/{$section}", []));
|
|
| 148 |
array_set_path($xml, "system/nextuid", array_get_path($config_copy, 'system/nextuid'));
|
|
| 184 | 149 |
break; |
| 185 | 150 |
case 'group': |
| 186 |
$xml['system'][$section] = $config_copy['system'][$section];
|
|
| 187 |
$xml['system']['nextgid'] = $config_copy['system']['nextgid'];
|
|
| 151 |
array_set_path($xml, "system/{$section}", array_get_path($config_copy, "system/{$section}", []));
|
|
| 152 |
array_set_path($xml, "system/nextgid", array_get_path($config_copy, 'system/nextgid'));
|
|
| 188 | 153 |
break; |
| 189 | 154 |
case 'authserver': |
| 190 |
$xml['system'][$section] = $config_copy['system'][$section];
|
|
| 155 |
array_set_path($xml, "system/{$section}", array_get_path($config_copy, "system/{$section}", []));
|
|
| 191 | 156 |
break; |
| 192 | 157 |
default: |
| 193 |
$xml[$section] = $config_copy[$section];
|
|
| 158 |
array_set_path($xml, $section, array_get_path($config_copy, $section, []));
|
|
| 194 | 159 |
} |
| 195 | 160 |
} |
| 196 | 161 |
|
| 197 |
if (isset($config_copy['hasync']['adminsync'])) {
|
|
| 198 |
$xml['hasync']['adminsync'] = $config_copy['hasync']['adminsync'];
|
|
| 162 |
if (array_path_enabled($config_copy, 'hasync', 'adminsync')) {
|
|
| 163 |
array_set_path($xml, 'hasync/adminsync', array_get_path($config_copy, 'hasync/adminsync'));
|
|
| 199 | 164 |
} |
| 200 | 165 |
|
| 201 | 166 |
$resp = $rpc_client->xmlrpc_method('restore_config_section', $xml, 900);
|
| 202 | 167 |
if ($resp != null) {
|
| 203 | 168 |
$url = $rpc_client->getUrl(); |
| 204 | 169 |
update_filter_reload_status("XMLRPC sync successfully completed with {$url}.");
|
| 205 |
if (isset($config['hasync']['new_password'])) {
|
|
| 170 |
if (config_get_path('hasync/new_password')) {
|
|
| 206 | 171 |
update_filter_reload_status("Updating XMLRPC sync password.");
|
| 207 |
$config['hasync']['password'] = $config['hasync']['new_password'];
|
|
| 208 |
unset($config['hasync']['new_password']);
|
|
| 172 |
config_set_path('hasync/password', config_get_path('hasync/new_password'));
|
|
| 173 |
config_del_path('hasync/new_password');
|
|
| 209 | 174 |
write_config("Update XMLRPC sync password.");
|
| 210 | 175 |
} |
| 211 | 176 |
return true; |
| ... | ... | |
| 217 | 182 |
return; |
| 218 | 183 |
} |
| 219 | 184 |
|
| 220 |
if (is_array($config['hasync'])) {
|
|
| 185 |
if (config_get_path('hasync')) {
|
|
| 221 | 186 |
update_filter_reload_status("Building high availability sync information");
|
| 222 |
$hasync = $config['hasync'];
|
|
| 187 |
$hasync = config_get_path('hasync', []);
|
|
| 223 | 188 |
$sections = array(); |
| 224 | 189 |
|
| 225 | 190 |
if (empty($hasync['synchronizetoip'])) {
|
| ... | ... | |
| 228 | 193 |
} |
| 229 | 194 |
|
| 230 | 195 |
if ($hasync['synchronizerules'] != "") {
|
| 231 |
if (!is_array($config['filter'])) {
|
|
| 232 |
$config['filter'] = array(); |
|
| 233 |
} |
|
| 196 |
config_init_path('filter');
|
|
| 234 | 197 |
$sections[] = 'filter'; |
| 235 | 198 |
} |
| 236 | 199 |
if ($hasync['synchronizenat'] != "") {
|
| 237 |
if (!is_array($config['nat'])) {
|
|
| 238 |
$config['nat'] = array(); |
|
| 239 |
} |
|
| 240 |
$sections[] = 'nat'; |
|
| 200 |
config_init_path('nat');
|
|
| 201 |
$sections[] = 'nat'; |
|
| 241 | 202 |
} |
| 242 | 203 |
if ($hasync['synchronizealiases'] != "") {
|
| 243 |
if (!is_array($config['aliases'])) {
|
|
| 244 |
$config['aliases'] = array(); |
|
| 245 |
} |
|
| 204 |
config_init_path('aliases');
|
|
| 246 | 205 |
$sections[] = 'aliases'; |
| 247 | 206 |
} |
| 248 |
if ($hasync['synchronizedhcpd'] != "" and is_array($config['dhcpd'])) {
|
|
| 207 |
if ($hasync['synchronizedhcpd'] != "" and is_array(config_get_path('dhcpd'))) {
|
|
| 249 | 208 |
$sections[] = 'dhcpd'; |
| 250 | 209 |
} |
| 251 |
if ($hasync['synchronizedhcrelay'] != "" and is_array($config['dhcrelay'])) {
|
|
| 210 |
if ($hasync['synchronizedhcrelay'] != "" and is_array(config_get_path('dhcrelay'))) {
|
|
| 252 | 211 |
$sections[] = 'dhcrelay'; |
| 253 | 212 |
} |
| 254 |
if ($hasync['synchronizedhcrelay6'] != "" and is_array($config['dhcrelay6'])) {
|
|
| 213 |
if ($hasync['synchronizedhcrelay6'] != "" and is_array(config_get_path('dhcrelay6'))) {
|
|
| 255 | 214 |
$sections[] = 'dhcrelay6'; |
| 256 | 215 |
} |
| 257 | 216 |
if ($hasync['synchronizewol'] != "") {
|
| 258 |
if (!is_array($config['wol'])) {
|
|
| 259 |
$config['wol'] = array(); |
|
| 260 |
} |
|
| 217 |
config_init_path('wol');
|
|
| 261 | 218 |
$sections[] = 'wol'; |
| 262 | 219 |
} |
| 263 | 220 |
if ($hasync['synchronizetrafficshaper'] != "") {
|
| 264 |
init_config_arr(array('shaper'));
|
|
| 221 |
config_init_path('shaper');
|
|
| 265 | 222 |
$sections[] = 'shaper'; |
| 266 | 223 |
} |
| 267 | 224 |
if ($hasync['synchronizetrafficshaperlimiter'] != "") {
|
| 268 |
init_config_arr(array('dnshaper'));
|
|
| 225 |
config_init_path('dnshaper');
|
|
| 269 | 226 |
$sections[] = 'dnshaper'; |
| 270 | 227 |
} |
| 271 | 228 |
if ($hasync['synchronizestaticroutes'] != "") {
|
| 272 |
if (!is_array($config['staticroutes'])) {
|
|
| 273 |
$config['staticroutes'] = array(); |
|
| 274 |
} |
|
| 275 |
if (!is_array($config['staticroutes']['route'])) {
|
|
| 276 |
$config['staticroutes']['route'] = array(); |
|
| 277 |
} |
|
| 229 |
config_init_path('staticroutes/route');
|
|
| 230 |
config_init_path('gateways');
|
|
| 278 | 231 |
$sections[] = 'staticroutes'; |
| 279 |
if (!is_array($config['gateways'])) {
|
|
| 280 |
$config['gateways'] = array(); |
|
| 281 |
} |
|
| 282 | 232 |
$sections[] = 'gateways'; |
| 283 | 233 |
} |
| 284 | 234 |
if ($hasync['synchronizevirtualip'] != "") {
|
| 285 |
if (!is_array($config['virtualip'])) {
|
|
| 286 |
$config['virtualip'] = array(); |
|
| 287 |
} |
|
| 235 |
config_init_path('virtualip');
|
|
| 288 | 236 |
$sections[] = 'virtualip'; |
| 289 | 237 |
} |
| 290 | 238 |
if ($hasync['synchronizeipsec'] != "") {
|
| 291 |
if (!is_array($config['ipsec'])) {
|
|
| 292 |
$config['ipsec'] = array(); |
|
| 293 |
} |
|
| 239 |
config_init_path('ipsec');
|
|
| 294 | 240 |
$sections[] = 'ipsec'; |
| 295 | 241 |
} |
| 296 | 242 |
if ($hasync['synchronizeopenvpn'] != "") {
|
| 297 |
if (!is_array($config['openvpn'])) {
|
|
| 298 |
$config['openvpn'] = array(); |
|
| 299 |
} |
|
| 243 |
config_init_path('openvpn');
|
|
| 300 | 244 |
$sections[] = 'openvpn'; |
| 301 | 245 |
} |
| 302 | 246 |
if ($hasync['synchronizecerts'] != "" || $hasync['synchronizeopenvpn'] != "") {
|
| 303 |
if (!is_array($config['cert'])) {
|
|
| 304 |
$config['cert'] = array();
|
|
| 305 |
}
|
|
| 247 |
config_init_path('cert');
|
|
| 248 |
config_init_path('ca');
|
|
| 249 |
config_init_path('crl');
|
|
| 306 | 250 |
$sections[] = 'cert'; |
| 307 |
|
|
| 308 |
if (!is_array($config['ca'])) {
|
|
| 309 |
$config['ca'] = array(); |
|
| 310 |
} |
|
| 311 | 251 |
$sections[] = 'ca'; |
| 312 |
|
|
| 313 |
if (!is_array($config['crl'])) {
|
|
| 314 |
$config['crl'] = array(); |
|
| 315 |
} |
|
| 316 | 252 |
$sections[] = 'crl'; |
| 317 | 253 |
} |
| 318 | 254 |
if ($hasync['synchronizeusers'] != "") {
|
| ... | ... | |
| 320 | 256 |
$sections[] = 'group'; |
| 321 | 257 |
} |
| 322 | 258 |
if ($hasync['synchronizeauthservers'] != "") {
|
| 323 |
if (!is_array($config['system']['authserver'])) {
|
|
| 324 |
$config['system']['authserver'] = array(); |
|
| 325 |
} |
|
| 259 |
config_init_path('authserver');
|
|
| 326 | 260 |
$sections[] = 'authserver'; |
| 327 | 261 |
} |
| 328 | 262 |
if ($hasync['synchronizednsforwarder'] != "") {
|
| 329 |
if (is_array($config['dnsmasq'])) {
|
|
| 263 |
if (is_array(config_get_path('dnsmasq'))) {
|
|
| 330 | 264 |
$sections[] = 'dnsmasq'; |
| 331 | 265 |
} |
| 332 |
if (is_array($config['unbound'])) {
|
|
| 266 |
if (is_array(config_get_path('unbound'))) {
|
|
| 333 | 267 |
$sections[] = 'unbound'; |
| 334 | 268 |
} |
| 335 | 269 |
} |
| 336 | 270 |
if ($hasync['synchronizeschedules'] != "" || $hasync['synchronizerules'] != "") {
|
| 337 |
if (!is_array($config['schedules'])) {
|
|
| 338 |
$config['schedules'] = array(); |
|
| 339 |
} |
|
| 340 | 271 |
$sections[] = 'schedules'; |
| 341 | 272 |
} |
| 342 | 273 |
if ($hasync['synchronizecaptiveportal'] != "") {
|
| 343 |
if (!is_array($config['captiveportal'])) {
|
|
| 344 |
$config['captiveportal'] = array(); |
|
| 345 |
} |
|
| 274 |
config_init_path('captiveportal');
|
|
| 346 | 275 |
$sections[] = 'captiveportal'; |
| 347 | 276 |
} |
| 348 |
if ($hasync['synchronizecaptiveportal'] != "" and is_array($config['voucher'])) {
|
|
| 277 |
if ($hasync['synchronizecaptiveportal'] != "" and is_array(config_get_path('voucher'))) {
|
|
| 349 | 278 |
$sections[] = 'voucher'; |
| 350 | 279 |
} |
| 351 | 280 |
|
Also available in: Unified diff
Remove direct $config accesses form rc.filter_synchronize. Fixes Issue #13446