Minor updates for cnf

* Update the configmap for cnf
* Change default values set for dpd
* Add length check for zone name
Change-Id: Ic0d8fcca36aca2f712354ed3c03ae0e7ae961b43
Signed-off-by: Ruoyu <ruoyu.ying@intel.com>

diff --git a/platform/cnf/src/ipsec_exec b/platform/cnf/src/ipsec_exec
index 6b906a3..032d732 100755 (executable)
--- a/platform/cnf/src/ipsec_exec
+++ b/platform/cnf/src/ipsec_exec
@@ -141,6 +141,7 @@ config_conn() {
        local dpddelay
        local inactivity
        local keyexchange
+       local closeaction
 
        config_get mode                     "$1"           mode "route"
        config_get local_subnet             "$1"           local_subnet ""
@@ -155,11 +156,12 @@ config_conn() {
        config_get ikelifetime              "$1"           ikelifetime "3h"
        config_get lifetime                 "$1"           lifetime "1h"
        config_get margintime               "$1"           margintime "9m"
-       config_get keyingtries              "$1"           keyingtries "3"
-       config_get dpdaction                "$1"           dpdaction "none"
+       config_get keyingtries              "$1"           keyingtries "%forever"
+       config_get dpdaction                "$1"           dpdaction "restart"
        config_get dpddelay                 "$1"           dpddelay "30s"
        config_get inactivity               "$1"           inactivity
        config_get keyexchange              "$1"           keyexchange "ikev2"
+       config_get closeaction              "$1"           closeaction "restart"
        config_get mark                     "$1"           mark ""
 
        [ -n "$local_nat" ] && local_subnet=$local_nat
@@ -180,6 +182,7 @@ config_conn() {
        ipsec_xappend "  keyingtries=$keyingtries"
        ipsec_xappend "  dpdaction=$dpdaction"
        ipsec_xappend "  dpddelay=$dpddelay"
+       ipsec_xappend "  closeaction=$closeaction"
 
        [ -n "$inactivity" ] && ipsec_xappend "  inactivity=$inactivity"
 

diff --git a/platform/cnf/src/rest_v1/firewall_rest.lua b/platform/cnf/src/rest_v1/firewall_rest.lua
index 28afdfd..41c748e 100644 (file)
--- a/platform/cnf/src/rest_v1/firewall_rest.lua
+++ b/platform/cnf/src/rest_v1/firewall_rest.lua
@@ -13,7 +13,7 @@ uci_conf = "firewall"
 
 zone_validator = {
     create_section_name=false,
-    {name="name"},
+    {name="name", validator=function(value) return is_valid_name(value) end, message="invalid zone name"},
     {name="network", item_validator=function(value) return is_network_interface_available(value) end, message="invalid network"},
     {name="masq", validator=function(value) return utils.in_array(value, {"0", "1"}) end, message="invalid masq"},
     {name="masq_src", item_validator=function(value) return is_valid_masq_subset(value) end, message="invalid masq_src"},
@@ -109,6 +109,15 @@ function is_network_interface_available(interface)
     return true, interface
 end
 
+function is_valid_name(name)
+    local len = string.len(name)
+    if len > 11 then
+       return false, "The length of Name shall not exceed 11 characters"
+    else
+       return true, name
+    end
+end
+
 function is_valid_masq_subset(s)
     local ip = s
     if utils.start_with(ip, "!") then
@@ -255,4 +264,4 @@ function update_zone(zone)
     end
 
     return false, code, msg
-end
\ No newline at end of file
+end

diff --git a/platform/crd-ctrlr/examples/cnf-deployment-older-than-1.16.yaml b/platform/crd-ctrlr/examples/cnf-deployment-older-than-1.16.yaml
index 01c6726..3e07b4e 100644 (file)
--- a/platform/crd-ctrlr/examples/cnf-deployment-older-than-1.16.yaml
+++ b/platform/crd-ctrlr/examples/cnf-deployment-older-than-1.16.yaml
@@ -17,6 +17,7 @@ data:
       interface=$(echo $net | jq -r .interface)
       ipaddr=$(ifconfig $interface | awk '/inet/{print $2}' | cut -f2 -d ":" | awk 'NR==1 {print $1}')
       vif="$interface"
+      netmask=$(ifconfig $interface | awk '/inet/{print $4}'| cut -f2 -d ":" | head -1)
       cat >> /etc/config/network <<EOF
     config interface '$vif'
         option ifname '$interface'
@@ -42,7 +43,7 @@ data:
     done
     /sbin/procd &
     /sbin/ubusd &
-    iptables -S
+    iptables -t nat -L
     sleep 1
     /etc/init.d/rpcd start
     /etc/init.d/dnsmasq start
@@ -52,6 +53,7 @@ data:
     /etc/init.d/log start
     /etc/init.d/dropbear start
     /etc/init.d/mwan3 restart
+    /etc/init.d/firewall restart
     echo "Entering sleep... (success)"
     # Sleep forever.
     while true; do sleep 100; done
@@ -104,7 +106,7 @@ spec:
               #- "3600"
         - /bin/sh
         - /tmp/sdewan/entrypoint.sh
-        image: integratedcloudnative/openwrt:dev
+        image: integratedcloudnative/openwrt:0.3.0
         imagePullPolicy: IfNotPresent
         name: sdewan
         readinessProbe:

diff --git a/platform/crd-ctrlr/examples/cnf-deployment.yaml b/platform/crd-ctrlr/examples/cnf-deployment.yaml
index 1050d50..6d5a01a 100644 (file)
--- a/platform/crd-ctrlr/examples/cnf-deployment.yaml
+++ b/platform/crd-ctrlr/examples/cnf-deployment.yaml
@@ -17,6 +17,7 @@ data:
       interface=$(echo $net | jq -r .interface)
       ipaddr=$(ifconfig $interface | awk '/inet/{print $2}' | cut -f2 -d ":" | awk 'NR==1 {print $1}')
       vif="$interface"
+      netmask=$(ifconfig $interface | awk '/inet/{print $4}'| cut -f2 -d ":" | head -1)
       cat >> /etc/config/network <<EOF
     config interface '$vif'
         option ifname '$interface'
@@ -42,7 +43,7 @@ data:
     done
     /sbin/procd &
     /sbin/ubusd &
-    iptables -S
+    iptables -t nat -L
     sleep 1
     /etc/init.d/rpcd start
     /etc/init.d/dnsmasq start

diff --git a/platform/test/e2e-test-crd/edge-scripts/helm-tmp/cnf/templates/cm.yaml b/platform/test/e2e-test-crd/edge-scripts/helm-tmp/cnf/templates/cm.yaml
index e15dd5c..9ef4ac5 100644 (file)
--- a/platform/test/e2e-test-crd/edge-scripts/helm-tmp/cnf/templates/cm.yaml
+++ b/platform/test/e2e-test-crd/edge-scripts/helm-tmp/cnf/templates/cm.yaml
@@ -67,6 +67,7 @@ data:
     /etc/init.d/log start
     /etc/init.d/dropbear start
     /etc/init.d/mwan3 restart
+    /etc/init.d/firewall restart
     echo "Entering sleep... (success)"
     # Sleep forever.
     while true; do sleep 100; done

diff --git a/platform/test/e2e-test-crd/sdewan-hub/scripts/cnf/templates/cm.yaml b/platform/test/e2e-test-crd/sdewan-hub/scripts/cnf/templates/cm.yaml
index e15dd5c..9ef4ac5 100644 (file)
--- a/platform/test/e2e-test-crd/sdewan-hub/scripts/cnf/templates/cm.yaml
+++ b/platform/test/e2e-test-crd/sdewan-hub/scripts/cnf/templates/cm.yaml
@@ -67,6 +67,7 @@ data:
     /etc/init.d/log start
     /etc/init.d/dropbear start
     /etc/init.d/mwan3 restart
+    /etc/init.d/firewall restart
     echo "Entering sleep... (success)"
     # Sleep forever.
     while true; do sleep 100; done

diff --git a/platform/test/e2e-test-crd/sdewan-hub/scripts/setup-cnf.sh b/platform/test/e2e-test-crd/sdewan-hub/scripts/setup-cnf.sh
index b91d640..e8d9b38 100755 (executable)
--- a/platform/test/e2e-test-crd/sdewan-hub/scripts/setup-cnf.sh
+++ b/platform/test/e2e-test-crd/sdewan-hub/scripts/setup-cnf.sh
@@ -85,6 +85,7 @@ sudo apt-get update
 sudo apt-get install helm
 
 envsubst < ./cnf/values.yaml >> ./cnf/values.yaml
+helm init
 helm package ./cnf
 helm install ./cnf-0.1.0.tgz