rc.bootup 8.73 KB
Newer Older
1
#!/usr/local/bin/php
Ad Schellevis's avatar
Ad Schellevis committed
2 3 4
<?php

/*
Ad Schellevis's avatar
Ad Schellevis committed
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
    Copyright (C) 2004-2009 Scott Ullrich <sullrich@pfsense.org>.
    Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
    Copyright (C) 2009 Erik Kristensen
    All rights reserved.

    Redistribution and use in source and binary forms, with or without
    modification, are permitted provided that the following conditions are met:

    1. Redistributions of source code must retain the above copyright notice,
       this list of conditions and the following disclaimer.

    2. Redistributions in binary form must reproduce the above copyright
       notice, this list of conditions and the following disclaimer in the
       documentation and/or other materials provided with the distribution.

    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    POSSIBILITY OF SUCH DAMAGE.
Ad Schellevis's avatar
Ad Schellevis committed
30 31
*/

32 33
function is_install_media()
{
Ad Schellevis's avatar
Ad Schellevis committed
34 35 36 37 38 39 40 41 42 43 44 45 46
    /*
     * Despite unionfs underneath, / is still not writeable,
     * making the following the perfect test for install media.
     */

    $file = '/.probe.for.install.media';
    $fd = @fopen($file, 'w');
    if ($fd) {
        fclose($fd);
        unlink($file);
        return false;
    }
    return true;
47
}
48 49 50

function is_interface_mismatch()
{
Ad Schellevis's avatar
Ad Schellevis committed
51 52 53 54 55 56 57 58 59 60 61 62
    global $config;
    if (isset($config['interfaces'])) {
        foreach (legacy_config_get_interfaces(array("virtual" => false)) as $ifname => $ifcfg) {
            if (preg_match("/^enc|^cua|^tun|^tap|^l2tp|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) {
                /* Do not check these interfaces */
                continue;
            } elseif (does_interface_exist($ifcfg['if']) == false) {
                return true;
            }
        }
    }
    return false;
63 64
}

Ad Schellevis's avatar
Ad Schellevis committed
65 66 67
echo " done.\n";

echo "Initializing...";
68
require_once("config.inc");
Ad Schellevis's avatar
Ad Schellevis committed
69
echo ".";
70
require_once("config.console.inc");
Ad Schellevis's avatar
Ad Schellevis committed
71
echo ".";
72
require_once("auth.inc");
Ad Schellevis's avatar
Ad Schellevis committed
73
echo ".";
74
require_once("util.inc");
75
echo ".";
76
require_once("interfaces.inc");
77
echo ".";
78
require_once("services.inc");
79
echo ".";
80
require_once("system.inc");
81
echo ".";
82 83
require_once("unbound.inc");
echo ".";
84
require_once("vslb.inc");
Ad Schellevis's avatar
Ad Schellevis committed
85
echo ".";
86
require_once("filter.inc");
Ad Schellevis's avatar
Ad Schellevis committed
87
echo ".";
88
require_once("plugins.inc");
Ad Schellevis's avatar
Ad Schellevis committed
89
echo ".";
90 91
require_once("ipsec.inc");
echo ".";
92
require_once("openvpn.inc");
Ad Schellevis's avatar
Ad Schellevis committed
93
echo ".";
94
require_once("rrd.inc");
Ad Schellevis's avatar
Ad Schellevis committed
95 96 97 98 99
echo " done.\n";

/* start devd (dhclient now uses it) */
echo "Starting device manager (devd)...";
mute_kernel_msgs();
100 101
exec('/sbin/devd');
sleep(1);
Ad Schellevis's avatar
Ad Schellevis committed
102 103 104 105
set_device_perms();
unmute_kernel_msgs();
echo "done.\n";

106 107 108
/* configure console menu */
system_console_configure();

109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126
$setup_installer = is_install_media();
if ($setup_installer) {
    echo 'Press any key to start the early installer:  ';

    $key = timeout();
    if ($key != "\n") {
        echo "\n";
    }

    if (isset($key)) {
        passthru('/usr/local/etc/rc.installer');
        if (file_exists('/tmp/install_complete')) {
            passthru('/usr/local/etc/rc.reboot');
            exit;
        }
    }

    /* config may have changed via installer import */
Ad Schellevis's avatar
Ad Schellevis committed
127
    OPNsense\Core\Config::getInstance()->forceReload();
128
}
Ad Schellevis's avatar
Ad Schellevis committed
129 130

echo "Loading configuration...";
131 132
global $config;
$config = parse_config();
133
convert_config();
Ad Schellevis's avatar
Ad Schellevis committed
134 135
echo "done.\n";

136 137 138 139 140
/*
 *  Determine if we need to throw a interface exception
 *  and ask the user to reassign interfaces.  This will
 *  avoid a reboot and thats a good thing.
 */
141
if (is_interface_mismatch()) {
142
    echo "\nDefault interfaces not found -- Running interface assignment option.\n";
Ad Schellevis's avatar
Ad Schellevis committed
143
    while (!set_networking_interfaces_ports(true));
Ad Schellevis's avatar
Ad Schellevis committed
144 145
}

146 147 148
/* load extra modules not in GENERIC */
load_kernel_module();

Ad Schellevis's avatar
Ad Schellevis committed
149
/* enable optional crypto modules */
150
load_crypto_module();
Ad Schellevis's avatar
Ad Schellevis committed
151 152

/* enable optional thermal sensor modules */
153
load_thermal_module();
Ad Schellevis's avatar
Ad Schellevis committed
154

155 156 157 158 159
/* read in /etc/sysctl.conf and set values if needed */
echo "Setting up extended sysctls...";
system_setup_sysctl();
echo "done.\n";

Ad Schellevis's avatar
Ad Schellevis committed
160 161 162
/* set up our timezone */
system_timezone_configure();

163 164 165
/* set up firmware configuration */
system_firmware_configure();

Ad Schellevis's avatar
Ad Schellevis committed
166 167 168 169 170 171 172 173 174 175 176 177 178
/* set up our hostname */
system_hostname_configure();

/* make hosts file */
system_hosts_generate();

/* configure loopback interface */
interfaces_loopback_configure();

/* start syslogd */
system_syslogd_start();

/* set up interfaces */
179
mute_kernel_msgs();
180
openvpn_prepare_all();
Ad Schellevis's avatar
Ad Schellevis committed
181
interfaces_configure();
182
unmute_kernel_msgs();
Ad Schellevis's avatar
Ad Schellevis committed
183 184 185 186 187 188 189 190 191 192 193 194

/* re-make hosts file after configuring interfaces */
system_hosts_generate();

/* start OpenVPN server & clients */
echo "Syncing OpenVPN settings...";
openvpn_resync_all();
echo "done.\n";

/* generate resolv.conf */
system_resolvconf_generate();

195
/* setup pf */
Ad Schellevis's avatar
Ad Schellevis committed
196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211
filter_configure_sync();

/* start pflog */
echo "Starting PFLOG...";
filter_pflog_start();
echo "done.\n";

/* reconfigure our gateway monitor */
echo "Setting up gateway monitors...";
setup_gateways_monitor();
echo "done.\n";

echo "Synchronizing user settings...";
local_sync_accounts();
echo "done.\n";

212 213 214
/* start ssh daemon */
mwexec("/usr/local/etc/rc.sshd");

215
/* start web server */
216
echo 'Starting webConfigurator...'. (system_webgui_configure() ? "done.\n" : "failed.\n");
Ad Schellevis's avatar
Ad Schellevis committed
217 218 219 220 221 222 223 224 225 226 227 228 229

/* configure cron service */
echo "Configuring CRON...";
configure_cron();
echo "done.\n";

/* set up static routes */
system_routing_configure();

/* enable routing */
system_routing_enable();

/* start dnsmasq service */
230
services_dnsmasq_configure(false);
Ad Schellevis's avatar
Ad Schellevis committed
231 232

/* start unbound service */
233
services_unbound_configure(false);
Ad Schellevis's avatar
Ad Schellevis committed
234 235 236 237 238 239 240 241 242 243 244 245 246

/* Do an initial time sync */
echo "Starting NTP time client...";
system_ntp_configure(false);
echo "done.\n";

/* start load balancer daemon */
relayd_configure();

/* start DHCP service */
services_dhcpd_configure();

/* start dhcpleases dhpcp hosts leases program */
247
services_dhcpleases_configure();
Ad Schellevis's avatar
Ad Schellevis committed
248 249 250 251 252 253 254 255

/* start DHCP relay */
services_dhcrelay_configure();

/* start DHCP6 relay */
services_dhcrelay6_configure();

/* dyndns service updates */
256
mwexec("/usr/local/etc/rc.dyndns.update");
Ad Schellevis's avatar
Ad Schellevis committed
257 258 259 260

/* Run a filter configure now that most all services have started */
filter_configure_sync();

261 262
/* Run all registered plugins */
plugins_configure();
Ad Schellevis's avatar
Ad Schellevis committed
263 264

/* start IPsec tunnels */
265
$ipsec_dynamic_hosts = ipsec_configure();
Ad Schellevis's avatar
Ad Schellevis committed
266 267 268 269 270 271 272 273 274 275

/* start SNMP service */
services_snmpd_configure();

/* load graphing functions */
enable_rrd_graphing();

/* if we are operating at 1000 then increase timeouts.
   this was never accounted for after moving to 1000 hz */
$kern_hz = get_single_sysctl('kern.clockrate');
276 277 278
$kern_hz = substr($kern_hz, strpos($kern_hz, 'hz = ') + 5);
$kern_hz = substr($kern_hz, 0, strpos($kern_hz, ','));
if ($kern_hz == '1000') {
Ad Schellevis's avatar
Ad Schellevis committed
279
    set_single_sysctl('net.inet.tcp.rexmit_min' , '30');
280
}
Ad Schellevis's avatar
Ad Schellevis committed
281 282 283 284 285

/* start the igmpproxy daemon */
services_igmpproxy_configure();

/* start the upnp daemon if it is enabled */
286
upnp_configure();
Ad Schellevis's avatar
Ad Schellevis committed
287 288 289 290 291 292 293

/* If powerd is enabled, lets launch it */
activate_powerd();

/* Set preferred protocol */
prefer_ipv4_or_ipv6();

294 295 296 297 298
/*
 * Give syslogd a kick after everything else has been
 * initialized, otherwise it can occasionally fail to
 * route syslog messages properly on both IPv4 and IPv6.
 */
Ad Schellevis's avatar
Ad Schellevis committed
299 300 301 302
system_syslogd_start();

/* If there are ipsec dynamic hosts try again to reload the tunnels as rc.newipsecdns does */
if ($ipsec_dynamic_hosts) {
Ad Schellevis's avatar
Ad Schellevis committed
303 304
    ipsec_configure();
    filter_configure();
Ad Schellevis's avatar
Ad Schellevis committed
305 306
}

307 308
// generate configuration data for all installed templates
configd_run('template reload *');
309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345

if ($setup_installer) {
    /*
     * Installer mode requires setting up an extra user and
     * we will protect it with root's password.  We can only
     * do this if user does not exist, though.
     */

    $root = null;

    if (isset($config['system']['user'])) {
        foreach ($config['system']['user'] as $user) {
            if ($user['name'] == 'installer') {
                $root = null;
                break;
            }
            if ($user['uid'] == 0) {
                $root = $user;
            }
        }
    }

    if ($root) {
        $root['shell'] = '/usr/local/etc/rc.installer';
        $root['name'] = 'installer';
        local_user_set($root);

        mwexec("/usr/local/etc/rc.sshd installer");

        echo "\n";
        echo "Welcome!  Both `root' and `installer' users are availabe for system\n";
        echo "setup or invoking the installer, respectively.  The predefined root\n";
        echo "password works for both accounts.  Remote login via SSH is possible.\n\n";
    }
}

exit(0);