diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/config.inc | 35 | ||||
-rw-r--r-- | etc/inc/filter.inc | 5 | ||||
-rw-r--r-- | etc/inc/functions.inc | 1 | ||||
-rw-r--r-- | etc/inc/globals.inc | 2 | ||||
-rw-r--r-- | etc/inc/gwlb.inc | 117 | ||||
-rw-r--r-- | etc/inc/vslb.inc | 212 | ||||
-rwxr-xr-x | etc/rc.bootup | 1 |
7 files changed, 225 insertions, 148 deletions
diff --git a/etc/inc/config.inc b/etc/inc/config.inc index b4f4eab..6ac373c 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -1225,6 +1225,41 @@ function convert_config() { $config['version'] = "4.5"; } + /* Upgrade load balancer from slb to relayd */ + /* Convert 4.5 -> 4.6 */ + if ($config['version'] <= 4.5) { + if (is_array($config['load_balancer']['virtual_server']) && count($config['load_balancer']['virtual_server'])) { + $vs_a = &$config['load_balancer']['virtual_server']; + $pool_a = &$config['load_balancer']['lbpool']; + $pools = array(); + /* Index pools by name */ + if(is_array($pool_a)) { + for ($i = 0; isset($pool_a[$i]); $i++) { + if ($pool_a[$i]['type'] == "server") { + $pools[$pool_a[$i]['name']] = $pool_a[$i]; + } + } + } + /* Convert sitedown entries to pools and re-attach */ + for ($i = 0; isset($vs_a[$i]); $i++) { + if (isset($vs_a[$i]['sitedown'])) { + $pool = array(); + $pool['type'] = 'server'; + $pool['behaviour'] = 'balance'; + $pool['name'] = "{$vs_a[$i]['name']}-sitedown"; + $pool['desc'] = "Sitedown pool for VS: {$vs_a[$i]['name']}"; + $pool['port'] = $pools[$vs_a[$i]['pool']]['port']; + $pool['servers'] = array(); + $pool['servers'][] = $vs_a[$i]['sitedown']; + $pool['monitor'] = $pools[$vs_a[$i]['pool']]['monitor']; + $pool_a[] = $pool; + $vs_a[$i]['sitedown'] = $pool['name']; + } + } + } + $config['version'] = "4.6"; + } + if ($prev_version != $config['version']) write_config("Upgraded config version level from {$prev_version} to {$config['version']}"); } diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 0a7ee2b..7265ffb 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -987,6 +987,8 @@ function filter_nat_rules_generate() { /* load balancer anchor */ $natrules .= "\n# Load balancing anchor - slbd updates\n"; $natrules .= "rdr-anchor \"slb\"\n"; + $natrules .= "rdr-anchor \"relayd/*\"\n"; + update_filter_reload_status("Setting up FTP helper"); @@ -2396,6 +2398,9 @@ function filter_rules_generate() { /* ftp-sesame */ $ipfrules .= "anchor \"ftpsesame/*\" \n"; + /* relayd */ + $ipfrules .= "anchor \"relayd/*\"\n"; + # BEGIN OF firewall rules $ipfrules .= "anchor \"firewallrules\"\n"; diff --git a/etc/inc/functions.inc b/etc/inc/functions.inc index ded7c77..8415def 100644 --- a/etc/inc/functions.inc +++ b/etc/inc/functions.inc @@ -81,6 +81,7 @@ require_once("pfsense-utils.inc"); require_once("util.inc"); require_once("vpn.inc"); require_once("vslb.inc"); +require_once("gwlb.inc"); require_once("notices.inc"); ?>
\ No newline at end of file diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 009ce9c..ec5733a 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -60,7 +60,7 @@ $g = array( "n_pppoe_units" => 16, /* this value can be overriden in pppoe->n_pppoe_units */ "pppoe_subnet" => 28, /* this value can be overriden in pppoe->pppoe_subnet */ "debug" => false, - "latest_config" => "4.5", + "latest_config" => "4.6", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "115", "minimum_ram_warning_text" => "128 megabytes", diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc new file mode 100644 index 0000000..b0d4bd7 --- /dev/null +++ b/etc/inc/gwlb.inc @@ -0,0 +1,117 @@ +<?php +/* $Id$ */ +/* + Copyright (C) 2008 Bill Marquette + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + + */ + +/* include all configuration functions */ +require_once("functions.inc"); +require_once("pkg-utils.inc"); +require_once("notices.inc"); + +function slbd_configure() { + global $config, $g; + + $a_vs = &$config['load_balancer']['virtual_server']; + $a_pool = &$config['load_balancer']['lbpool']; + + $should_start=0; + + $fd = fopen("{$g['varetc_path']}/slbd.conf", "w"); + + /* Gateway Pools */ + if(is_array($a_pool)) { + foreach ($a_pool as $vspool) { + if ($vspool['type'] != "gateway") + continue; + + if ($vspool['desc'] == "") + $slbdconf .= "{$vspool['name']}:\\\n"; + else + $slbdconf .= "{$vspool['name']}|{$vspool['desc']}:\\\n"; + + /* pool name */ + $slbdconf .= "\t:poolname={$vspool['name']}:\\\n"; + /* remove pool status files so we don't end up with a mismatch */ + if(file_exists("{$g['tmp_path']}/{$vspool['name']}.pool")) + unlink("{$g['tmp_path']}/{$vspool['name']}.pool"); + /* virtual IP */ + $slbdconf .= "\t:vip=127.0.0.1:\\\n"; + $slbdconf .= "\t:vip-port=666:\\\n"; + /* fallback IP */ + $slbdconf .= "\t:sitedown=127.0.0.1:\\\n"; + /* fallback port */ + $slbdconf .= "\t:sitedown-port=666:\\\n"; + + $svrcnt = 0; + $svrtxt = ""; + if($vspool['servers']) + foreach ($vspool['servers'] as $lbsvr) { + $lbsvr_split=split("\|", $lbsvr); + $svrtxt .= "\t:{$svrcnt}={$lbsvr_split[1]}:\\\n"; + $svrcnt++; + + /* Add static routes to the monitor IPs */ + $int = convert_friendly_interface_to_real_interface_name($lbsvr_split[0]); + $gateway = get_interface_gateway($int); + $int_ip = find_interface_ip($int); + if($int_ip == "0.0.0.0") { + /* DHCP Corner case. If DHCP is down, we delete the route then + * there is a chance the monitor ip gateway will go out the link + * that is up. + */ + mwexec("/sbin/route delete -host {$lbsvr_split[1]} 1>/dev/null 2>&1"); + mwexec("/sbin/route add -host {$lbsvr_split[1]} 127.0.0.1 1> /dev/null 2>&1"); + } else { + mwexec("/sbin/route delete -host {$lbsvr_split[1]} 1>/dev/null 2>&1"); + mwexec("/sbin/route add -host {$lbsvr_split[1]} {$gateway} 1> /dev/null 2>&1"); + } + } + $slbdconf .= "\t:service-port=666:\\\n"; + $slbdconf .= "\t:method=round-robin:\\\n"; + $slbdconf .= "\t:services={$svrcnt}:\\\n"; + $slbdconf .= $svrtxt; + + $slbdconf .= "\t:ping:\n"; + + $should_start=1; + } + } + + if($should_start == 1) { + fwrite($fd, $slbdconf); + fclose($fd); + mwexec("/usr/bin/killall -9 slbd"); + sleep(2); + /* startup slbd pointing it's config at /var/etc/slbd.conf with a polling interval of 5 seconds */ + mwexec("/usr/local/sbin/slbd -c{$g['varetc_path']}/slbd.conf -r5000"); + } else { + mwexec("/usr/bin/killall -9 slbd"); + fclose($fd); + } +} + +?>
\ No newline at end of file diff --git a/etc/inc/vslb.inc b/etc/inc/vslb.inc index bd19244..cc7232b 100644 --- a/etc/inc/vslb.inc +++ b/etc/inc/vslb.inc @@ -1,165 +1,83 @@ <?php /* $Id$ */ /* - vslb.inc - Copyright (C) 2005 Bill Marquette - All rights reserved. + vslb.inc + Copyright (C) 2005-2008 Bill Marquette + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. -*/ + */ /* include all configuration functions */ require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("notices.inc"); -function slbd_configure() { - global $config, $g; - - $a_vs = &$config['load_balancer']['virtual_server']; - $a_pool = &$config['load_balancer']['lbpool']; +function relayd_configure() { + global $config, $g; + + $vs_a = &$config['load_balancer']['virtual_server']; + $pool_a = &$config['load_balancer']['lbpool']; + + $fd = fopen("{$g['varetc_path']}/relayd.conf", "w"); + + /* reindex pools by name as we loop through the pools array */ + $pools = array(); + /* Virtual server pools */ + if(is_array($pool_a)) { + for ($i = 0; isset($pool_a[$i]); $i++) { + /* Don't deal with gateway pools */ + if ($pool_a[$i]['type'] == "gateway") + continue; + + if(is_array($pool_a[$i]['servers'])) { + $srvtxt = implode(", ", $pool_a[$i]['servers']); + $conf .= "table <{$pool_a[$i]['name']}> { $srvtxt }\n"; + /* Index by name for easier fetching when we loop through the virtual servers */ + $pools[$pool_a[$i]['name']] = $pool_a[$i]; + } + } + } + + if(is_array($vs_a)) { + for ($i = 0; isset($vs_a[$i]); $i++) { + $conf .= "redirect \"{$vs_a[$i]['name']}\" {\n"; + $conf .= " listen on {$vs_a[$i]['ipaddr']} port {$vs_a[$i]['port']}\n"; + $conf .= " forward to <{$vs_a[$i]['pool']}> port {$pools[$vs_a[$i]['pool']]['port']} check tcp\n"; + /* XXX - this needs to use the backup pool aka sitedown - but that isn't converted yet */ + if (isset($vs_a[$i]['sitedown'])) + $conf .= " forward to <{$vs_a[$i]['sitedown']}> port {$pools[$vs_a[$i]['pool']]['port']} check tcp\n"; + $conf .= "}\n"; + } + } + fwrite($fd, $conf); + fclose($fd); + + if (is_process_running('/usr/local/sbin/relayd')) { + mwexec('/usr/local/bin/relayctl stop'); + } + mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf"); - $should_start=0; - - $fd = fopen("{$g['varetc_path']}/slbd.conf", "w"); - - - /* Virtual server pools */ - if(is_array($a_vs)) { - foreach ($a_vs as $vsent) { - if ($vsent['desc'] == "") - $slbdconf .= "{$vsent['name']}:\\\n"; - else - $slbdconf .= "{$vsent['name']}|{$vsent['desc']}:\\\n"; - - /* pool name */ - $slbdconf .= "\t:poolname={$vsent['name']}:\\\n"; - /* remove pool status files so we don't end up with a mismatch */ - if(file_exists("{$g['tmp_path']}/{$vsent['name']}.pool")) - unlink("{$g['tmp_path']}/{$vsent['name']}.pool"); - /* virtual IP */ - $slbdconf .= "\t:vip={$vsent['ipaddr']}:\\\n"; - /* virtual port */ - $slbdconf .= "\t:vip-port={$vsent['port']}:\\\n"; - if($vsent['port'] <> "" and $vsent['sitedown'] <> "") { - /* fallback IP */ - $slbdconf .= "\t:sitedown={$vsent['sitedown']}:\\\n"; - /* fallback port */ - $slbdconf .= "\t:sitedown-port={$vsent['port']}:\\\n"; - } - for ($i = 0; isset($config['load_balancer']['lbpool'][$i]); $i++) { - if ($config['load_balancer']['lbpool'][$i]['name'] == $vsent['pool']) { - $svrcnt = 0; - $svrtxt = ""; - $svrtxt = "\t:service-port={$config['load_balancer']['lbpool'][$i]['port']}:\\\n"; - if($config['load_balancer']['lbpool']) - if(is_array($config['load_balancer']['lbpool'][$i]['servers'])) - foreach ($config['load_balancer']['lbpool'][$i]['servers'] as $lbsvr) { - $svrtxt .= "\t:{$svrcnt}={$lbsvr}:\\\n"; - $svrcnt++; - } - $slbdconf .= "\t:method=round-robin:\\\n"; - $slbdconf .= "\t:services={$svrcnt}:\\\n"; - $slbdconf .= $svrtxt; - } - } - - $slbdconf .= "\t:tcppoll:send=:expect=:\n"; - - $should_start=1; - } - } - - /* Gateway Pools */ - if(is_array($a_pool)) { - foreach ($a_pool as $vspool) { - if ($vspool['type'] != "gateway") - continue; - - if ($vspool['desc'] == "") - $slbdconf .= "{$vspool['name']}:\\\n"; - else - $slbdconf .= "{$vspool['name']}|{$vspool['desc']}:\\\n"; - - /* pool name */ - $slbdconf .= "\t:poolname={$vspool['name']}:\\\n"; - /* remove pool status files so we don't end up with a mismatch */ - if(file_exists("{$g['tmp_path']}/{$vspool['name']}.pool")) - unlink("{$g['tmp_path']}/{$vspool['name']}.pool"); - /* virtual IP */ - $slbdconf .= "\t:vip=127.0.0.1:\\\n"; - $slbdconf .= "\t:vip-port=666:\\\n"; - /* fallback IP */ - $slbdconf .= "\t:sitedown=127.0.0.1:\\\n"; - /* fallback port */ - $slbdconf .= "\t:sitedown-port=666:\\\n"; - - $svrcnt = 0; - $svrtxt = ""; - if($vspool['servers']) - foreach ($vspool['servers'] as $lbsvr) { - $lbsvr_split=split("\|", $lbsvr); - $svrtxt .= "\t:{$svrcnt}={$lbsvr_split[1]}:\\\n"; - $svrcnt++; - - /* Add static routes to the monitor IPs */ - $int = convert_friendly_interface_to_real_interface_name($lbsvr_split[0]); - $gateway = get_interface_gateway($int); - $int_ip = find_interface_ip($int); - if($int_ip == "0.0.0.0") { - /* DHCP Corner case. If DHCP is down, we delete the route then - * there is a chance the monitor ip gateway will go out the link - * that is up. - */ - mwexec("/sbin/route delete -host {$lbsvr_split[1]} 1>/dev/null 2>&1"); - mwexec("/sbin/route add -host {$lbsvr_split[1]} 127.0.0.1 1> /dev/null 2>&1"); - } else { - mwexec("/sbin/route delete -host {$lbsvr_split[1]} 1>/dev/null 2>&1"); - mwexec("/sbin/route add -host {$lbsvr_split[1]} {$gateway} 1> /dev/null 2>&1"); - } - } - $slbdconf .= "\t:service-port=666:\\\n"; - $slbdconf .= "\t:method=round-robin:\\\n"; - $slbdconf .= "\t:services={$svrcnt}:\\\n"; - $slbdconf .= $svrtxt; - - $slbdconf .= "\t:ping:\n"; - - $should_start=1; - } - } - - if($should_start == 1) { - fwrite($fd, $slbdconf); - fclose($fd); - mwexec("/usr/bin/killall -9 slbd"); - sleep(2); - /* startup slbd pointing it's config at /var/etc/slbd.conf with a polling interval of 5 seconds */ - mwexec("/usr/local/sbin/slbd -c{$g['varetc_path']}/slbd.conf -r5000"); - } else { - mwexec("/usr/bin/killall -9 slbd"); - fclose($fd); - } } ?>
\ No newline at end of file diff --git a/etc/rc.bootup b/etc/rc.bootup index 537f606..52a0d39 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -197,6 +197,7 @@ /* start load balancer daemon */ load_balancer_use_sticky(); slbd_configure(); + relayd_configure(); /* start OpenVPN server & clients */ openvpn_resync_all(); |