diff options
| author | Ermal <eri@pfsense.org> | 2010-12-07 12:30:36 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2010-12-07 12:30:36 +0000 |
| commit | 7380bcdbe4be18bcb007f283b71fd5f83b51fced (patch) | |
| tree | ce02b38390369b750cbd061ffb66391d5991c410 /etc | |
| parent | d064a115350a7460265cad5d4c50b5a5fcc91cfd (diff) | |
| download | pfsense-7380bcdbe4be18bcb007f283b71fd5f83b51fced.zip pfsense-7380bcdbe4be18bcb007f283b71fd5f83b51fced.tar.gz | |
Prevent sync problems when upgrading carp clusters. Now we check that the other cluster is at least at our config file version.
Diffstat (limited to 'etc')
| -rwxr-xr-x | etc/rc.filter_synchronize | 81 |
1 files changed, 69 insertions, 12 deletions
diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index 466e3b1..cd60e91 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -81,10 +81,59 @@ function remove_special_characters($string) { return $string; } +function carp_check_version($url, $password, $port = 80, $method = 'pfsense.check_firmware_version') { + global $config, $g; + + if(file_exists("{$g['varrun_path']}/booting") || $g['booting']) + return; + + $params = array( + XML_RPC_encode($password), + XML_RPC_encode("all") + ); + + $numberofruns = 0; + while ($numberofruns < 2) { + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $username = $config['system']['user'][0]['name']; + $cli->setCredentials($username, $password); + if($numberofruns > 1) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after 240 seconds */ + $resp = $cli->send($msg, "240"); + if(!is_object($resp)) { + $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}."; + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + } else { + $parsed_response = XML_RPC_Decode($resp->value()); + if(!is_array($parsed_response)) { + if (trim($parsed_response) == "Authentication failed") { + $error = "A authentication failure occurred while trying to access {$url}:{$port} ({$method})."; + log_error($error); + return false; + } + } else { + if (!isset($parsed_response['current']['config_version']) || + $parsed_response['current']['config_version'] < $config['version']) + return false; + else + return true; + } + } + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + $numberofruns++; + } + + return false; +} + function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { global $config, $g; - if(file_exists("{$g['varrun_path']}/booting")) + if(file_exists("{$g['varrun_path']}/booting") || $g['booting']) return; update_filter_reload_status("Syncing CARP data to {$url}"); @@ -200,10 +249,10 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens $numberofruns = 3; } $parsed_response = XML_RPC_Decode($resp->value()); - if(!is_array($firewall_info) && trim($firewall_info) == "Authentication failed") { - $error = "A authentication failure occurred while trying to access {$url}:{$port} (pfsense.exec_php)."; + if(!is_array($parsed_response) && trim($parsed_repsonse) == "Authentication failed") { + $error = "A authentication failure occurred while trying to access {$url}:{$port} ($method)."; log_error($error); - $numberofruns = 5; + break; } $numberofruns++; } @@ -216,19 +265,22 @@ if (file_exists("{$g['varrun_path']}/booting") || $g['booting']) if (is_array($config['installedpackages']['carpsettings']['config'])) { update_filter_reload_status("Building CARP sync information"); foreach($config['installedpackages']['carpsettings']['config'] as $carp) { - if ($carp['synchronizetoip'] != "" ) { - /* - * XXX: The way we're finding the port right now is really suboptimal - - * we can't assume that the other machine is setup identically. - */ - if ($config['system']['webgui']['protocol'] != "") { + if (empty($carp['synchronizetoip'])) { + log_error("CARP sync not being done because of missing sync ip!"); + break; + } + /* + * XXX: The way we're finding the port right now is really suboptimal - + * we can't assume that the other machine is setup identically. + */ + if (!empty($config['system']['webgui']['protocol'])) { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; } /* if port is empty lets rely on the protocol selection */ $port = $config['system']['webgui']['port']; - if ($port == "") { + if (empty($port)) { if ($config['system']['webgui']['protocol'] == "http") $port = "80"; else @@ -323,6 +375,12 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { if ($carp['synchronizecaptiveportal'] != "" and is_array($config['vouchers'])) $sections[] = 'vouchers'; if (count($sections) > 0) { + if (!carp_check_version($synchronizetoip, $carp['password'], $port)) { + update_filter_reload_status("The other member is on older version of {$g['product']}. Sync will not be done to prevent problems!"); + log_error("The other member is on older version of {$g['product']}. Sync will not be done to prevent problems!"); + break; + } + update_filter_reload_status("Signaling CARP reload signal..."); carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); if (is_array($mergesections)) @@ -351,7 +409,6 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { } } break; - } } } |
