# # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License (the "License"). # You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at usr/src/OPENSOLARIS.LICENSE. # If applicable, add the following below this CDDL HEADER, with the # fields enclosed by brackets "[]" replaced with your own identifying # information: Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # # Convert datalink configuration into a series of dladm(1M) commands and # keep them in an upgrade script. This script will then be run in the # network-physical service. # # Note that we cannot use the /var/svc/profile/upgrade script because # that script is run during manifest-import which is too late for # datalink configuration. # UPGRADE_SCRIPT=/var/svc/profile/upgrade_datalink AGGR_CONF=/etc/aggregation.conf ORIG=$BASEDIR/$AGGR_CONF if [ ! -f "${ORIG}" ]; then # Try the alternate location. AGGR_CONF=/etc/dladm/aggregation.conf ORIG=$BASEDIR/$AGGR_CONF fi # Now upgrade aggregation.conf to the new format. if [ -f "${ORIG}" ]; then # Strip off comments, then each remaining line defines an # aggregation the admnistrator configured on the old system. # Each line corresponds to one dladm command that is appended # to the upgrade script. cat $ORIG | grep '^[^#]' | while read line; do echo $line | while read aggr_index rest do policy=`echo $rest | /usr/bin/awk '{print $1}'` nports=`echo $rest | /usr/bin/awk '{print $2}'` ports=`echo $rest | /usr/bin/awk '{print $3}'` mac=`echo $rest | /usr/bin/awk '{print $4}'` lacp_mode=`echo $rest | /usr/bin/awk '{print $5}'` lacp_timer=`echo $rest | /usr/bin/awk '{print $6}'` dladm_string="dladm create-aggr -P $policy -l \ $lacp_mode -T $lacp_timer" # A fixed MAC address if [ "${mac}" != "auto" ]; then dladm_string="$dladm_string -u $mac" fi i=1 while [ $i -le "${nports}" ]; do device=`echo $ports | cut -d, -f$i` # Older aggregation.conf files have the format # of device_name/port_number. We don't need # the port number, so get rid of it if it is # there. device=`echo $device | cut -d/ -f1` i=`expr $i + 1` dladm_string="$dladm_string -d $device" done dladm_string="$dladm_string $aggr_index" echo $dladm_string >> \ ${PKG_INSTALL_ROOT}/$UPGRADE_SCRIPT done done # no longer needed, get rid of it. rm -f $ORIG removef $PKGINST $AGGR_CONF > /dev/null removef -f $PKGINST > /dev/null 2>&1 fi # Upgrade linkprop.conf ORIG=$BASEDIR/etc/dladm/linkprop.conf if [ -f "${ORIG}" ]; then # Strip off comments, then each remaining line lists properties # the administrator configured for a particular interface. # Each line includes several properties, but we can only set # one property per dladm invocation. cat $ORIG | grep '^[^#]' | while read line; do echo $line | while read link rest do while [ -n "${rest}" ]; do linkprop=`echo $rest | cut -d";" -f1` rest=`echo $rest | cut -d";" -f2-` echo dladm set-linkprop -p $linkprop $link >> \ ${PKG_INSTALL_ROOT}/$UPGRADE_SCRIPT done done done # no longer needed, get rid of it rm -f $ORIG removef $PKGINST /etc/dladm/linkprop.conf > /dev/null removef -f $PKGINST > /dev/null 2>&1 fi # Convert (hostname|hostname6|dhcp).xxx and zonecfg vlan entries for iftype in hostname hostname6 dhcp do interface_names="`echo $rootprefix/etc/$iftype.*[0-9] 2>/dev/null`" if [ "$interface_names" != "$rootprefix/etc/$iftype.*[0-9]" ]; then ORIGIFS="$IFS" IFS="$IFS." set -- $interface_names IFS="$ORIGIFS" while [ $# -ge 2 ]; do shift if [ $# -gt 1 -a \ "$2" != "$rootprefix/etc/$iftype" ]; then while [ $# -gt 1 -a \ "$1" != "$rootprefix/etc/$iftype" ]; do shift done else host_ifs="$host_ifs $1" shift fi done fi done zones=`zoneadm list -c | grep -v global` for zone in $zones do zonecfg -z $zone info ip-type | grep exclusive >/dev/null if [ $? -eq 0 ]; then zif=`zonecfg -z $zone info net | grep physical | \ nawk '{print $2}'` zone_ifs="$zone_ifs $zif" fi done ORIG=$BASEDIR/etc/dladm/datalink.conf for ifname in $host_ifs $zone_ifs do grep $ifname $ORIG >/dev/null if [ $? != 0 ]; then phys=`echo $ifname | sed "s/[0-9]*$//"` devnum=`echo $ifname | sed "s/$phys//g"` if [ "$phys$devnum" != $ifname -o \ -n "`echo $devnum | tr -d '[0-9]'`" ]; then echo "skipping invalid interface $ifname" continue fi vid=`expr $devnum / 1000` inst=`expr $devnum % 1000` if [ "$vid" != "0" ]; then echo dladm create-vlan -l $phys$inst -v $vid \ $ifname >> ${PKG_INSTALL_ROOT}/$UPGRADE_SCRIPT if [ "$vid" != "1" ]; then continue fi # If default PVID VLAN 1 is in use then warn # the user and force PVID to zero. echo "Warning: default VLAN tag set to 0 on $ifname" echo dladm set-linkprop -p default_tag=0 \ $ifname >> ${PKG_INSTALL_ROOT}/$UPGRADE_SCRIPT fi fi done # # Change permissions of public IKE certificates and CRLs # that may have been incorrectly created as private # PKCS#11 hints files must be left root-only readable. # Make sure this files starts with "30 82" # for file in `ls ${PKG_INSTALL_ROOT}/etc/inet/ike/crls/* \ ${PKG_INSTALL_ROOT}/etc/inet/ike/publickeys/* 2>/dev/null`; do if dd if=$file count=2 bs=1 2>/dev/null | cat -v | \ grep "0M-^B" >/dev/null 2>&1 then chmod 644 $file fi done # # Change group and permissions of /etc/dladm/*.conf config files. # secobj.conf changes permissions and group. The rest only change the group. # DLADM_PATH="${PKG_INSTALL_ROOT}/etc/dladm" DLADM_FILES="${DLADM_PATH}/datalink.conf ${DLADM_PATH}/flowadm.conf \ ${DLADM_PATH}/flowprop.conf ${DLADM_PATH}/secobj.conf" chgrp netadm ${DLADM_FILES} chmod 660 ${DLADM_PATH}/secobj.conf exit 0