OpenWRT Packages/Implementation
This page describes how specific features are implemented in the new node firmware.
Contents
System config
OpenWRT stores its config in /etc/config/
in UCI format.
SOWN packages also store config in this location and format wherever possible.
Config for daemons is usually converted to a config file, or to command line arguments, by the OpenWRT /etc/init.d/
scripts. These config files usually end up in /var/run/
which is mapped to a directory in /tmp/
.
System config updating
System config updating is performed by individual scripts in /etc/sown/configure_scripts/available
.
UCI config updating
Scripts generally call update_config
to check for new versions of a UCI config file.
NB: the magic parameters __PACKAGE__
and __VERSION__
are replaced with the package name and version at package build time for easier maintenance.
update_config
returns 0 if there was an update to the config file, and 1 on error or no update.
NB: Un-parsable config files will be reverted by update_config
and result in an error code.
Scripts then use this return code to determine when to restart services.
Non-UCI config updating
Under the hood update_config
calls download_package_uri
to download files.
The caller of download_package_uri
is responsible for handling the file retrieved.
download_package_uri
will return 0 on success, 1 on HTTP 304 Not Modified and 1 on error.
download_package_uri
can be passed extra curl config lines which can be used to specify last-modified times, or etag hashes.
The credentials
update script uses this to download an archive containing the client public and private keys, and the /etc/passwd
file.
Server-side code
HTTP requests to auth are to URLs of the following form:
https://sown-auth.ecs.soton.ac.uk/pkg/config/backfire/<package_name>/<version_number>/<request_name>
The prefix https://sown-auth.ecs.soton.ac.uk/pkg/config/backfire/
is read from the /etc/config/sown_core
config file.
On Auth, package config generation functions live in kohana/application/classes/package/config/backfire/
.
Requests for these first pass through the request controller in kohana/application/classes/controller/package/config/backfire.php
which handles request version numbers, client identity and request permission logic.
The URL is mapped through a rewrite in pkg/.htaccess
and the package_config
route in kohana/application/bootstrap.php
.
Automatic system config updating
Enabled config updating scripts are symlinked in /etc/sown/configure_scripts/enabled
.
These scripts are invoked by /usr/sbin/update_sown_config
, which is invoked by crontab when auth is reachable.
Crontabs
Available crontabs are found in /etc/sown/crontabs/available/
.
Currently enabled crontabs are symlinked in /tmp/sown/crontabs/current
, this directory is populated at boot from /etc/sown/crontabs/at_boot/
by /etc/init.d/sown_boot
.
The rationale for this is that dynamic changes to the crontab will not require changes to the flash memory.
The sown functions file (/etc/sown/functions.sh
) contains three functions for managing the crontabs.
- enable_crontab and disable_crontab
- Updates the symlinks in
/tmp/sown/crontabs/current
. Returns 0 on a change, 1 otherwise. - update_crontabs
- Installs a new crontab if changes from the running crontab are detected.
This may be used most effectively for single crontab changes as follows:
enable_crontab my_crontab && update_crontabs
For multiple changes, either do the overall change detection manually, or do this:
enable_crontab my_crontab1
enable_crontab my_crontab2
update_crontabs
update_crontabs
will MD5 the crontabs anyway, so it may be considered safe.
Server status check
The server status checker lives in /usr/sbin/server_status_check
. It pings the sown core servers on their different IP addresses to determine the state of the network.
Currently it is designed to trigger the following event scripts:
- auth_ecs_reachable
- auth_ecs_unreachable
- sown_network_reachable
- sown_network_unreachable
Events
Event scripts live in /etc/sown/events/
.
Tunnel
The sown tunnel is maintained by the /usr/sbin/maintain_sown_tunnel
script.
The maintainer script is started periodically by crontab, and by hotplug as soon as eth0 comes up (see /etc/hotplug.d/90_tunnel
).
If it is already running, the script will not start a second instance.
The maintainer waits until the VPN server is reachable before starting OpenVPN. If sufficient servers are reachable, the script will not start OpenVPN.
Openvpn triggers the following event scripts:
- tunnel_up
- tunnel_down
Logging
Logging is implemented through syslog-ng.
The OpenWRT syslog package design is not very well engineered, so syslog-ng cannot replace it fully out of the box.
In the sown_core
package postinst
script we remove the busybox symlinks for syslogd and klogd, and add in a script to start syslog-ng.
This ensures that OpenWRT starts syslog-ng as early as possible.
The prerm
package script reinstates the altered links.
The configuration options for a node to log to our VPN servers are currently commented out.
Circular log
For development there's a hacked-together circular logging script which logs 150-200 lines to /var/log/messages
.
This should be replaced by a better compiled binary utility if there is one available.
Unimplemented Ideas
when auth becomes reachable then start offering eduroam
when auth becomes unreachable and no clients are using eduroam then switch eduroam to hidden
if eth0 comes up and it's configured to a static IP after X seconds if auth has never been reachable then revert to DHCP