webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

keepalived UI: add keepalived UI

Browse Source 
BPFire red0 does not support multicast, need to
have unicast peer configured, then the virtual
ipaddress can be added to red0 interface.

the UI requires /var/ipfire/keepalived/runsettings
/var/ipfire/keepalived/settings to be created, so
add them lfs/configroot

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This commit is contained in:
Vincent Li
2024-06-25 17:20:58 +00:00
parent 07750a74ba
commit ed89f965bf
7 changed files with 391 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
config/cfgroot/general-functions.pl
View File

@@ -366,6 +366,14 @@ sub validip
}
}
sub validnum {
my $num = shift;
if ($num =~ /^\d+$/) {
return 1;
}
return 0;
}
sub validmask {
my $mask = shift;

6
config/menu/60-ipfire.menu
View File

@@ -21,6 +21,12 @@
'title' => "$Lang::tr{'loxilb fw'}",
'enabled' => 1,
};
$subipfire->{'50.keepalived'} = {
'caption' => $Lang::tr{'keepalived'},
'uri' => '/cgi-bin/keepalived.cgi',
'title' => "$Lang::tr{'keepalived'}",
'enabled' => 1,
};
$subipfire->{'80.pakfire'} = {'caption' => 'Pakfire',
'uri' => '/cgi-bin/pakfire.cgi',
'title' => "Pakfire",

1
config/rootfiles/common/web-user-interface
View File

@@ -94,6 +94,7 @@ srv/web/ipfire/cgi-bin/ddos.cgi
srv/web/ipfire/cgi-bin/loxilb.cgi
srv/web/ipfire/cgi-bin/loxilbconfig.cgi
srv/web/ipfire/cgi-bin/loxilbfw.cgi
srv/web/ipfire/cgi-bin/keepalived.cgi
#srv/web/ipfire/html
srv/web/ipfire/html/blob.gif
#srv/web/ipfire/html/captive

351
html/cgi-bin/keepalived.cgi Normal file
View File

@@ -0,0 +1,351 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# Copyright (C) 2024 BPFire <vincent.mc.li@gmail.com> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
use experimental 'smartmatch';
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::colouryellow} );
undef (@dummy);
our %hasettings=();
our %netsettings=();
my %mainsettings=();
my %timesettings=();
my $setting = "${General::swroot}/keepalived/settings";
my $runsetting = "${General::swroot}/keepalived/runsettings";
my $loxilbipfile = "${General::swroot}/loxilb/ipconfig";
# because we need commas in the some data
my $errormessage = '';
my @nosaved=();
my %color = ();
$hasettings{'ENABLE_HA'} = 'off';
# Load multiline data
our @current = ();
if (open(FILE, "$loxilbipfile")) {
@current = <FILE>;
close (FILE);
}
&Header::showhttpheaders();
our @ITFs=('RED', 'GREEN');
my @STATE= ('MASTER', 'BACKUP');
#Settings1 for the first screen box
foreach my $itf (@ITFs) {
$hasettings{"ENABLE_${itf}"} = 'off';
$hasettings{"state_${itf}"} = '';
$hasettings{"garp_master_delay_${itf}"} = '';
$hasettings{"virtual_router_id_${itf}"} = '';
$hasettings{"priority_${itf}"} = '';
$hasettings{"advert_int_${itf}"} = '';
$hasettings{"auth_pass_${itf}"} = '';
$hasettings{"unicast_peer_${itf}"} = '';
$hasettings{"virtual_ipaddress_${itf}"} = '';
}
# Read Ipcop settings
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
#Get GUI values
&Header::getcgihash(\%hasettings);
if ($hasettings{'ACTION'} eq $Lang::tr{'enable'})
{
&General::writehash("$runsetting", \%hasettings);
if ($hasettings{'ENABLE_HA'} eq 'on') {
&General::system('/usr/bin/touch', "${General::swroot}/keepalived/enable_ha");
&General::system('/usr/local/bin/keepalivedctrl', 'start');
} else {
&General::system('/usr/local/bin/keepalivedctrl', 'stop');
unlink "${General::swroot}/keepalived/enable_ha";
}
}
# Check Settings1 first because they are needed by &buildconf
if ($hasettings{'ACTION'} eq $Lang::tr{'save'}) {
foreach my $itf (@ITFs) {
if ($hasettings{"ENABLE_${itf}"} eq 'on' ) {
if (!(&General::validnum($hasettings{"virtual_router_id_${itf}"})) || ($hasettings{"virtual_router_id_${itf}"} eq '')) {
$errormessage = "virtual_router_id" . " is $Lang::tr{'required field'}" . " or not valid num";
goto ERROR;
}
if (!(&General::validnum($hasettings{"priority_${itf}"})) || ($hasettings{"priority_${itf}"} eq '')) {
$errormessage = "priority" . " is $Lang::tr{'required field'}" . " or not valid num";
goto ERROR;
}
if (!(&General::validnum($hasettings{"advert_int_${itf}"})) || ($hasettings{"advert_int_${itf}"} eq '')) {
$errormessage = "advert_int" . " is $Lang::tr{'required field'}" . " or not valid num";
goto ERROR;
}
if (!(&General::validnum($hasettings{"garp_master_delay_${itf}"})) || ($hasettings{"garp_master_delay_${itf}"} eq '')) {
$errormessage = "garp master delay" . " is $Lang::tr{'required field'}" . " or not valid num";
goto ERROR;
}
}
}
map (delete ($hasettings{$_}) ,@nosaved,'ACTION','KEY1','KEY2','q'); # Must not be saved
&General::writehash($setting, \%hasettings); # Save good settings
$hasettings{'ACTION'} = $Lang::tr{'save'}; # create an 'ACTION'
map ($hasettings{$_} = '',@nosaved,'KEY1','KEY2'); # and reinit vars to empty
&buildconf;
ERROR:
}
if ($hasettings{'ACTION'} eq '' ) { # First launch from GUI
# Set default DHCP values only if blank and disabled
foreach my $itf (@ITFs) {
if ($hasettings{"ENABLE_${itf}"} ne 'on' ) {
$hasettings{"virtual_router_id_${itf}"} = '50';
$hasettings{"priority_${itf}"} = '100';
$hasettings{"advert_int_${itf}"} = '1';
$hasettings{"auth_pass_${itf}"} = '';
$hasettings{"unicast_peer_${itf}"} = '';
$hasettings{"garp_master_delay_${itf}"} = '10';
}
}
}
### START PAGE ###
&Header::openpage($Lang::tr{'keepalived configuration'}, 1, $Header::extraHead);
&Header::openbigbox('100%', 'left', '', $errormessage);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<font class='base' color=red>$errormessage&nbsp;</font>\n";
&Header::closebox();
}
# Read configuration file.
&General::readhash("$runsetting", \%hasettings);
# Checkbox pre-selection.
my $checked;
if ($hasettings{'ENABLE_HA'} eq "on") {
$checked = "checked='checked'";
}
my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
my @status = &General::system_output('/usr/local/bin/keepalivedctrl', 'status');
if (grep(/is running/, @status)){
$sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
}
&Header::openbox('100%', 'center', $Lang::tr{'keepalived status'});
print <<END;
<table width='100%'>
<form method='POST' action='$ENV{'SCRIPT_NAME'}'>
<td width='25%'>&nbsp;</td>
<td width='25%'>&nbsp;</td>
<td width='25%'>&nbsp;</td>
<tr><td class='boldbase'>$Lang::tr{'keepalived status'}</td>
<td align='left'>$sactive</td>
</tr>
<tr>
<td width='50%' class='boldbase'>$Lang::tr{'enable'}
<td><input type='checkbox' name='ENABLE_HA' $checked></td>
<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'enable'}'></td>
</tr>
END
print "</form> </table>\n";
&Header::closebox();
#
&General::readhash($setting, \%hasettings); # Get saved settings and reset to good if needed
&Header::openbox('100%', 'left', $Lang::tr{'keepalived config'});
print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>";
foreach my $itf (@ITFs) {
my %checked = ();
my @vips;
my $lc_itf = lc($itf);
my $current_state = $hasettings{"state_${itf}"};
my @current_vips = split(/\|/, $hasettings{"virtual_ipaddress_${itf}"}); #multi selected value is separated by pipe |
foreach my $line (@current) {
chomp($line);
my @temp = split(/\,/, $line);
if ($temp[1] eq $netsettings{"${itf}_DEV"}) {
push(@vips, $temp[0]);
}
}
$checked{'ENABLE'}{'on'} = ($hasettings{"ENABLE_${itf}"} ne 'on') ? '' : "checked='checked'";
print <<END;
<table width='100%'>
<tr>
<td width='25%' class='boldbase'><b><font color='$lc_itf'>$Lang::tr{"$lc_itf interface"}</font></b></td>
<td class='base'>$Lang::tr{'enabled'}
<input type='checkbox' name='ENABLE_${itf}' $checked{'ENABLE'}{'on'} /></td>
</tr>
<tr>
<td class='base'>$Lang::tr{'keepalived state'}:&nbsp;</td>
<td>
<select name='state_${itf}' id='state' style="width: 95px;">
END
# display selected, tip from chatgpt
foreach my $state (@STATE) {
my $selected = ($state eq $current_state) ? 'selected' : '';
print "<option value=\"$state\" $selected>$state</option>";
}
print <<END;
</select>
</td>
</tr>
<tr>
<td width='25%' class='base'>$Lang::tr{'keepalived virtual router id'}&nbsp;<img src='/blob.gif' alt='*' /></td>
<td width='25%'><input type='text' name='virtual_router_id_${itf}' value='$hasettings{"virtual_router_id_${itf}"}' /></td>
</tr>
<tr>
<td width='25%' class='base'>$Lang::tr{'keepalived priority'}&nbsp;<img src='/blob.gif' alt='*' /></td>
<td width='25%'><input type='text' name='priority_${itf}' value='$hasettings{"priority_${itf}"}' /></td>
</tr>
<tr>
<td width='25%' class='base'>$Lang::tr{'keepalived advert int'}&nbsp;<img src='/blob.gif' alt='*' /></td>
<td width='25%'><input type='text' name='advert_int_${itf}' value='$hasettings{"advert_int_${itf}"}' /></td>
</tr>
<tr>
<td width='25%' class='base'>$Lang::tr{'keepalived garp master delay'}&nbsp;</td>
<td width='25%'><input type='text' name='garp_master_delay_${itf}' value='$hasettings{"garp_master_delay_${itf}"}' /></td>
</tr>
<tr>
<td width='25%' class='base'>$Lang::tr{'keepalived auth pass'}&nbsp;<img src='/blob.gif' alt='*' /></td>
<td width='25%'><input type='text' name='auth_pass_${itf}' value='$hasettings{"auth_pass_${itf}"}' /></td>
</tr>
<tr>
<td width='25%' class='base'>$Lang::tr{'keepalived unicast peer'}&nbsp;<img src='/blob.gif' alt='*' /></td>
<td width='25%'><input type='text' name='unicast_peer_${itf}' value='$hasettings{"unicast_peer_${itf}"}' /></td>
</tr>
<tr>
<td class='base'>$Lang::tr{'keepalived virtual address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
<td>
<select name='virtual_ipaddress_${itf}' id='virtual_ipaddress' style="width: 200px;" multiple>
END
# display selected, tip from chatgpt
foreach my $vip (@vips) {
my $selected = (grep { $_ eq $vip } @current_vips) ? 'selected' : '';
print "<option value=\"$vip\" $selected>$vip</option>";
}
print <<END;
</select>
</td>
</tr>
</table>
<hr />
END
} # foreach itf
print <<END;
<table width='100%'>
<tr>
<td class='base' width='25%'><img src='/blob.gif' align='top' alt='*' />&nbsp;$Lang::tr{'required field'}</td>
<td width='40%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
</tr>
</table>
</form>
END
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
# Build the configuration file mixing settings, fixed leases and advanced options
sub buildconf {
open(FILE, ">/${General::swroot}/keepalived/keepalived.conf") or die "Unable to write keepalived.conf file";
flock(FILE, 2);
# Global settings
print FILE "global_defs {\n";
print FILE "\trouter_id BPFire_DEVEL\n";
print FILE "}\n";
print FILE "\n";
#Subnet range definition
foreach my $itf (@ITFs) {
my $lc_itf=lc($itf);
if ($hasettings{"ENABLE_${itf}"} eq 'on' ){
print FILE "vrrp_instance VI_$lc_itf {" . "\n";
print FILE "\tstate " . $hasettings{"state_${itf}"} . "\n";
print FILE "\tinterface " . $netsettings{"${itf}_DEV"} . "\n";
print FILE "\tvirtual_router_id " . $hasettings{"virtual_router_id_${itf}"} . "\n";
print FILE "\tpriority " . $hasettings{"priority_${itf}"} . "\n";
print FILE "\tadvert_int " . $hasettings{"advert_int_${itf}"} . "\n";
print FILE "\tgarp_master_delay " . $hasettings{"garp_master_delay_${itf}"} . "\n";
#unicast peer, red0 does not support multicast
print FILE "\tunicast_peer {" . "\n";
print FILE "\t\t" . $hasettings{"unicast_peer_${itf}"} . "\n";
print FILE "\t}" . "\n";
# authentication
print FILE "\tauthentication {" . "\n";
print FILE "\t\tauth_type PASS" . "\n";
print FILE "\t\tauth_pass " . $hasettings{"auth_pass_${itf}"} . "\n";
print FILE "\t}" . "\n";
# virtual ipaddress
print FILE "\tvirtual_ipaddress {" . "\n";
my @vips = split(/\|/, $hasettings{"virtual_ipaddress_${itf}"});
foreach my $ip (@vips) {
print FILE "\t\t$ip" . "\n";
}
print FILE "\t}" . "\n";
print FILE "} #$itf\n\n";
&General::system('/usr/bin/touch', "${General::swroot}/keepalived/enable_${lc_itf}");
} else {
unlink "${General::swroot}/keepalived/enable_${lc_itf}";
}
}
close FILE;
&General::system_background('/usr/local/bin/keepalivedctrl', 'restart');
}

12
langs/en/cgi-bin/en.pl
View File

@@ -1386,6 +1386,7 @@
'graph per' => 'per',
'green' => 'GREEN',
'green interface' => 'Green Interface',
'red interface' => 'Red Interface',
'grouptype' => 'Grouptype:',
'guaranteed bandwidth' => 'Guaranteed bandwidth',
'guardian' => 'Guardian',
@@ -2492,6 +2493,17 @@
'loxilb ip virtualIP' => 'Virtual IP',
'loxilb ip interface' => 'Interface',
'loxilb ip add' => 'Add Virtual IP',
'keepalived' => 'High Availability',
'keepalived config' => 'Keepalived Configuration',
'keepalived status' => 'Keepalived Status',
'keepalived state' => 'State',
'keepalived virtual router id' => 'Virtual Router ID',
'keepalived priority' => 'Priority',
'keepalived advert int' => 'Advert Interval',
'keepalived garp master delay' => 'Garp Master Delay',
'keepalived auth pass' => 'Auth Pass',
'keepalived unicast peer' => 'Unicast Peer',
'keepalived virtual address' => 'Virtual Address',
'status' => 'Status',
'status information' => 'Status information',
'status ovpn' => 'OpenVPN',

12
langs/zh/cgi-bin/zh.pl
View File

@@ -1379,6 +1379,7 @@
'graph per' => 'per',
'green' => '绿色',
'green interface' => '绿色接口',
'red interface' => '红色接口',
'grouptype' => '组类型:',
'guaranteed bandwith' => '保证带宽',
'guardian' => '监护人',
@@ -2459,6 +2460,17 @@
'loxilb ip virtualIP' => '虚拟 IP',
'loxilb ip interface' => '网络接口',
'loxilb ip add' => '添加虚拟 IP',
'keepalived' => '高可用性',
'keepalived config' => 'Keepalived 配置',
'keepalived status' => 'Keepalived 运行状态',
'keepalived state' => '主备状态',
'keepalived virtual router id' => '虚拟路由 ID',
'keepalived priority' => '优先级',
'keepalived advert int' => '广告间隔',
'keepalived garp master delay' => 'Garp 主设备延迟',
'keepalived auth pass' => '认证密码',
'keepalived unicast peer' => '单播同伴设备',
'keepalived virtual address' => '虚拟 IP地址',
'status' => '状态',
'status information' => '状态信息',
'status ovpn' => 'OpenVPN',

2
lfs/configroot
View File

@@ -68,7 +68,7 @@ $(TARGET) :
fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customlocationgrp fwlogs/ipsettings fwlogs/portsettings ipblocklist/modified \
ipblocklist/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \
ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings ddos/settings ddos/tcp_ports ddos/udp-ddos-settings ddos/udp_ports ddos/dns-ddos-settings loxilb/settings keepalived/keepalived.conf qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings ddos/settings ddos/tcp_ports ddos/udp-ddos-settings ddos/udp_ports ddos/dns-ddos-settings loxilb/settings keepalived/keepalived.conf keepalived/runsettings keepalived/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
qos/tosconfig suricata/settings vpn/config vpn/settings vpn/ipsec.conf \
vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
touch $(CONFIG_ROOT)/$$i; \