switching the debian install around: all 'templates' are modified in the local folder and are than installed when already modified using isc-dhcp-server as an example in hope to imporove upgrade-consistency.

2019-02-14 12:35:33 -08:00 · 2019-02-14 12:35:33 -08:00 · db0f639547
parent 94b3a68407
commit db0f639547
9 changed files with 18 additions and 25 deletions
--- a/debian/wit-network-config.displace
+++ b/debian/wit-network-config.displace
@ -1,5 +1,6 @@
 /etc/frr/frr.conf.wit
 /etc/ipsec.conf.wit
 /etc/ipsec.secrets.wit
 /etc/qemu-ifdown.wit
 /etc/qemu-ifup.wit
 /etc/default/lldpd.wit
--- a/debian/wit-network-config.install
+++ b/debian/wit-network-config.install
@ -10,9 +10,12 @@ files/qemu-ifdown etc/libvirt/hooks
 files/qemu-ifup-public etc/libvirt/hooks
 files/qemu-ifup etc/libvirt/hooks
 files/firewall etc/init.d
 files/frr.conf.wit etc/frr
 files/ipsec.conf.wit etc
 files/ips.issue etc/issue.d
 files/wit-logging.conf etc/strongswan.d
 files/wit-swanctl.conf etc/swanctl/conf.d
 files/lldpd.wit /etc/default
 templates/wit-swanctl.conf etc/swanctl/conf.d
 templates/frr.conf.wit etc/frr
 templates/70-persistent-net.rules etc/udev/rules.d
 templates/interfaces /etc/network
 templates/ipsec.conf.wit etc
 templates/ipsec.secrets.wit etc
--- a/debian/wit-network-config.postinst
+++ b/debian/wit-network-config.postinst
@ -22,15 +22,15 @@ case "$1" in
     ## START gather all the info from the box and generate the variabels
-        IFCONFIG="/etc/network/interfaces"
+        IFCONFIG="templates/interfaces"
-        UDEVCONFIG="/etc/udev/rules.d/70-persistent-net.rules"
+        UDEVCONFIG="templates/70-persistent-net.rules"
-        FRRCONFIG="/etc/frr/frr.conf.wit"
+        FRRCONFIG="templates/frr.conf.wit"
-        IPSECCONFIG="/etc/ipsec.conf.wit"
+        IPSECCONFIG="templates/ipsec.conf.wit"
-        SWANCTLCONFIG="/etc/swanctl/conf.d/wit-swanctl.conf"
+        IPSECSECRETS="templates/ipsec.secrets.wit"
        SWANCTLCONFIG="templates/wit-swanctl.conf"
        DOMAINNAME=$(hostname -d)
        dig_txt() {
            TMPDIG=$(dig txt +short $1)
            [ -z ${TMPDIG} ] && exit 2
@ -63,14 +63,6 @@ case "$1" in
     ## START nic config compile
      # wiping existing config in prep for re-deploying it
        mv -f ${IFCONFIG} ${IFCONFIG}.dpkg-old || true
        mv -f ${UDEVCONFIG} ${UDEVCONFIG}.dpkg-old || true
       # write loopback config
        cat <<-EOF >>$IFCONFIG
 		auto lo
@ -363,7 +355,7 @@ case "$1" in
      # set ipsec config
-        for IPSECCONFIGFILE in $IPSECCONFIG $SWANCTLCONFIG
+        for IPSECCONFIGFILE in $IPSECCONFIG $SWANCTLCONFIG $IPSECSECRETS
 	  do
            sed -i \
                -e "s/FQHOSTNAME/${HOSTNAME}/" \
@ -374,12 +366,6 @@ case "$1" in
                $IPSECCONFIGFILE
        done
        echo ": RSA ${HOSTNAME}.key" >/etc/ipsec.secrets
        chown frr.frr $FRRCONFIG /etc/frr/daemons.wit
    ## END config file section
@ -390,7 +376,7 @@ case "$1" in
        systemctl restart ssh
        systemctl reload strongswan || true       ## in case we kick-start or done have it enabled for some reason
-        sysctl -p /etc/sysctl.d/10-frr.conf
+        sysctl -p files/10-frr.conf
    ## END services section
--- a/templates/70-persistent-net.rules
+++ b/templates/70-persistent-net.rules
@ -0,0 +1 @@
 # this file is entirely compiled dynamically
--- a/templates/frr.conf.wit
+++ b/templates/frr.conf.wit
--- a/templates/interfaces
+++ b/templates/interfaces
@ -0,0 +1 @@
 # this file is entirely compiled dynamically
--- a/templates/ipsec.conf.wit
+++ b/templates/ipsec.conf.wit
--- a/templates/ipsec.secrets.wit
+++ b/templates/ipsec.secrets.wit
@ -0,0 +1 @@
 : RSA FQDNHOSTNAME.key
--- a/templates/wit-swanctl.conf
+++ b/templates/wit-swanctl.conf
		`@ -0,0 +1 @@`
							`# this file is entirely compiled dynamically`