We actually only want the vpn_map event in the stable branch
and move to a backwards compatible format for 25.1 but as a
new coalesced (mapped) caller.
Add RRD package with a simple factory class and a basic construct to define different rrd output types we support.
This package contains the following:
* RRD/Types -- Output definitions, responsible for generating RRD structures and feeding data
* RRD/Stats -- Statistics gathering classes
* Factory -- binds types and statistics together.
On my end on a simple test this is roughly 40% faster than running /var/db/rrd/updaterrd.sh, which makes caching of metadata (config access) less relevant.
The new script should be able to replace all existing rrd cruft and supports a debug mode to find discrepanties between defined outputs in types and collected data in stats.
```
Usage: updaterrd.php [-h] [-d]
-d debug mode, output errors to stdout
```
Everything has been converted and plugins do not ship with a
"vpn" event. "newwanip" is similar and the plugins have been
ensured to be moved to the new one in 24.7.3 already.
There appear to be no callers in plugins. We could argue
that the vpn/vpn_map event isn't really needed as it brings
just OpenVPN, IPsec and WireGuard to the table, but we can
decide on this later.
Add -u option for this reason as we cannot afford to abort when
otherwise locked and here it also doesn't matter. We could also
wait for the lock but this seems more beneficial and we can pick
up the correct environment as well, see 5c064a57090.
Separate use cases to allow for clean non-removal of static addressing
(including CARP VIPs) for use in rc.linkup et al. While interface_bring_down()
is more or less only being extended with $suspend the journey of this code
change was long and winding. Therefore remove the old ambiguous function
and introduce the new interface_reset() and interface_suspend() variant to
make more sense of the caller's requirements.
interfaces.php is a special case depending on interface enable state so we
pass the $suspend request down to interface_reset() to avoid an if-else
dance.
Where the first stage primarily aims to keep the legacy handling of gateways intact, this stage does the conversion to MVC.
As part of the migration strategy, configured gateways will not be touched if the migration fails. This allows users to repair the gateways in the new situation.
"primary" now works like its IPv4 counterpart not using tracking
interface addresses to suggest a different derived listening address.
OTOH "routed" and "scoped" variants are only relevant for services
listening on a particularly connected (functional) address. Its use
is relatively low but better to have these variants than handroll each
required spot.
Replace a few easy spots. Eventually we want to call both
functions for each spot instead of doing both (in switching order)
or only one of them. They are both cheap operations since they
don't (re)start DNS processes any longer.
Some call flows require this, others don't and on 22.7 we seem to miss
one that did. Instead of adding more monitor reloads in the possible
spots move the ones that are shared into the general routing reload since
the two are almost always clustered together.
Also use the $interface argument to figure out which monitors require
reloading. This will avoid quite a few spurious reloads on larger
setups.
Boot is a little special, but easy enough to ensure we don't call monitor
reload twice.
primary will move to tracking interfaces or pick up any
SLAAC related address even though that is not being
actively configured. Similar to the dashboard only print
the scoped address without the need to do the logic in
the caller.
Maybe we could even return the assigned prefix here for
clarity, but then the prefix isn't a reachable address.
Displaying changelogs requires a different menu flow but for now focus
on providing a changelog opportunistically before performing the update,
but intentionally after starting it to keep previous flow for now.
We need to make sure both the local and the remote IP belong to
the same CIDR range, which might not be the case if we just
calculate the subnet size required by their direct distance.
Rewrite find_smallest_cidr() to take an array of IPs to calculate
their smallest shared subnet mask. Code is actually pretty simple
and fast. However, we are not going to account for network and
broadcast address reservation unless that turns out to be an issue.
In the IPv6 case assume that /64 is a good approximation of the
result.
Remove code cruft in utilities while at it also replacing a simple
function only called once in setaddr.sh.
o add "Automatic user creation" option in System/Access/Servers (for ldap + derivatives)
o simple detached flow, updatePolicies() calculates differences between local and remote group membership, when there is something to sync (remote groups exists) and a local user doesn't exist a configd signal is send to create a new empty user without rights and a random password.
The user_dn field isn't populated, although this will cost additional queries to the remote host, it might be worth the flexibility of allowing to move users to different auth scopes.
Type "s" for security audit, or "h" for health audit.
We don't add it to the option prompt to not clutter the menu flow.
This is mostly for debug and development purposes.
I see no easy way to untangle this for now. At least make sure
the user is asked for the defaults to be restored making this
a little better than before.
