From 395fa73cf7d9c5df1d85f9ee67055f3e719ca5b2 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Sun, 28 Feb 2021 19:19:58 +0100
Subject: [PATCH] HA Sync: extend rc.filter_synchronize with capabilities to
 reconfigure the backup node (template flush + service reload) for
 https://github.com/opnsense/core/issues/4604 to offer the ability to schedule
 a new configd action "system ha_reconfigure_backup":

configctl system ha_reconfigure_backup
---
 src/etc/rc.filter_synchronize                 | 37 ++++++++++++++++++-
 .../conf/actions.d/actions_system.conf        |  7 ++++
 2 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/src/etc/rc.filter_synchronize b/src/etc/rc.filter_synchronize
index 2bb40219d..5de003671 100755
--- a/src/etc/rc.filter_synchronize
+++ b/src/etc/rc.filter_synchronize
@@ -233,7 +233,30 @@ if (file_exists('/var/run/booting')) {
 
 if (isset($config['hasync']) && is_array($config['hasync'])) {
     $hasync = $config['hasync'];
-    $enable_debug = count($argv) > 1 && $argv[1] == 'debug';
+    $enable_debug = in_array('debug', $argv);
+    $restart_services = in_array('restart_services', $argv);
+    $pre_check_master = in_array('pre_check_master', $argv);
+    if (in_array('-h', $argv)) {
+        // show help and exit
+        echo "rc.filter_synchronize [debug] [restart_services] [pre_check_master]\n";
+        echo "debug - enable debug output\n";
+        echo "restart_services - restart remote configured services\n";
+        echo "pre_check_master - exit when carp is not in master mode\n";
+        exit;
+    }
+
+    if ($pre_check_master) {
+        foreach (legacy_interfaces_details() as $intf) {
+            if (!empty($intf['carp'])) {
+                foreach ($intf['carp'] as $carp) {
+                    if ($carp['status'] !== 'MASTER') {
+                        echo "pre_check_master: backup mode, exit\n";
+                        exit;
+                    }
+                }
+            }
+        }
+    }
 
     if (empty($hasync['synchronizetoip'])) {
         log_error("Config sync not being done because of missing sync IP (this is normal on secondary systems).");
@@ -321,5 +344,17 @@ if (isset($config['hasync']) && is_array($config['hasync'])) {
         exit;
     }
 
+    if ($restart_services) {
+        $client->query('opnsense.configd_reload_all_templates', []);
+        if ($client->query('opnsense.list_services', [])) {
+            foreach ($client->getResponse() as $service) {
+                $client->query('opnsense.restart_service', [
+                    "service" => $service['name'],
+                    "id" => isset($service['id']) ? $service['name'] : ""
+                ]);
+            }
+        }
+    }
+
     log_error("Filter sync successfully completed with {$synchronizeto}.");
 }
diff --git a/src/opnsense/service/conf/actions.d/actions_system.conf b/src/opnsense/service/conf/actions.d/actions_system.conf
index f75258f19..035cead01 100644
--- a/src/opnsense/service/conf/actions.d/actions_system.conf
+++ b/src/opnsense/service/conf/actions.d/actions_system.conf
@@ -66,3 +66,10 @@ command:/usr/local/opnsense/scripts/system/temperature.sh
 parameters:%s
 type:script_output
 message:Reading system temperature values
+
+[ha_reconfigure_backup]
+command:/usr/local/bin/flock -n -E 0 -o /tmp/ha_reconfigure_backup.lock /usr/local/etc/rc.filter_synchronize pre_check_master restart_services
+parameters:
+type:script
+message: ha_reconfigure_backup
+description: HA update and reconfigure backup