xref: /illumos-gate/usr/src/cmd/svc/milestone/net-physical (revision ba5ca68405ba4441c86a6cfc87f4ddcb3565c81d) 
1#!/sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T.
25# All rights reserved.
26# Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
27# Copyright 2012 Milan Jurik. All rights reserved.
28# Copyright 2021 Tintri by DDN, Inc. All rights reserved.
29#
30# Copyright 2020 OmniOS Community Edition (OmniOSce) Association.
31
32. /lib/svc/share/smf_include.sh
33. /lib/svc/share/net_include.sh
34
35#
36# In a shared-IP zone we need this service to be up, but all of the work
37# it tries to do is irrelevant (and will actually lead to the service
38# failing if we try to do it), so just bail out.
39# In the global zone and exclusive-IP zones we proceed.
40#
41smf_configure_ip || exit $SMF_EXIT_OK
42
43# Make sure that the libraries essential to this stage of booting can be found.
44LD_LIBRARY_PATH=/lib; export LD_LIBRARY_PATH
45
46smf_netstrategy
47
48if smf_is_globalzone; then
49	net_reconfigure || exit $SMF_EXIT_ERR_CONFIG
50
51	# Update PVID on interfaces configured with VLAN 1
52	update_pvid
53
54	#
55	# Upgrade handling. The upgrade file consists of a series of dladm(8)
56	# commands. Note that after we are done, we cannot rename the upgrade
57	# script file as the file system is still read-only at this point.
58	# Defer this to the manifest-import service.
59	#
60	upgrade_script=/var/svc/profile/upgrade_datalink
61	if [ -f "${upgrade_script}" ]; then
62		. "${upgrade_script}"
63	fi
64
65	#
66	# Upgrade handling for ibd:
67	# After we are done with the upgrade handling, we can not set the
68	# ibd/ibd_upgraded property to "true" as the file system is
69	# read-only at this point. It will be done later by ibd-post-upgrade
70	# service.
71	#
72	if [ -x /sbin/ibd_upgrade ]; then
73		ibd_upgraded=`/bin/svcprop -c -p ibd/ibd_upgraded \
74		    $SMF_FMRI 2> /dev/null`
75		if [ "$ibd_upgraded" != "true" ]; then
76			/sbin/ibd_upgrade -v
77		fi
78	fi
79
80	#
81	# Bring up simnets, link aggregations and initialize security objects.
82	# Note that link property initialization is deferred until after
83	# IP interfaces are plumbed to ensure that the links will not
84	# be unloaded (and the property settings lost). We should bring
85	# up simnets prior to VLANs/Aggrs to enable creation of VLANs/Aggrs
86	# over simnets.
87	#
88	/sbin/dladm up-simnet
89	/sbin/dladm up-aggr
90	/sbin/dladm up-vlan
91	/sbin/dladm up-part
92	/sbin/dladm init-secobj
93	#
94	# Bring up VNICs
95	#
96	/sbin/dladm up-vnic
97	#
98	# Create flows via flowadm.
99	#
100	/sbin/flowadm init-flow
101	#
102	# Bring up overlays
103	# Note that there may be VNICs configured over these overlays but
104	# these cannot be brought up until the network interface on which
105	# varpd will listen is enabled, and that doesn't happen until
106	# near the end of this script. Therefore VNIC initialisation is
107	# repeated below if overlays are present.
108	#
109	/sbin/dladm up-overlay
110fi
111
112#
113# If the system was net booted by DHCP, hand DHCP management off to the
114# DHCP agent (ifconfig communicates to the DHCP agent through the
115# loopback interface).
116#
117if [ -n "$_INIT_NET_IF" -a "$_INIT_NET_STRATEGY" = "dhcp" ]; then
118	/sbin/dhcpagent -a
119fi
120
121#
122# The network initialization is done early to support diskless and
123# dataless configurations.  For IPv4 interfaces that were configured by
124# the kernel (e.g.  those on diskless machines) and not configured by
125# DHCP, reset the netmask using the local "/etc/netmasks" file if one
126# exists, and then reset the broadcast address based on the netmask.
127#
128/sbin/ifconfig -auD4 netmask + broadcast +
129
130is_iptun ()
131{
132	intf=$1
133	# Is this a persistent IP tunnel link?
134	/sbin/dladm show-iptun -P $intf > /dev/null 2>&1
135	if [ $? -eq 0 ]; then
136		return 0
137	fi
138	# Is this an implicit IP tunnel (i.e., ip.tun0)
139	ORIGIFS="$IFS"
140	IFS="$IFS."
141	set -- $intf
142	IFS="$ORIGIFS"
143	if [ $# -eq 2 -a \( "$1" = "ip" -o "$1" = "ip6" \) ]; then
144		#
145		# It looks like one, but another type of link might be
146		# using a name that looks like an implicit IP tunnel.
147		# If dladm show-link -P finds it, then it's not an IP
148		# tunnel.
149		#
150		/sbin/dladm show-link -Pp $intf > /dev/null 2>&1
151		if [ $? -eq 0 ]; then
152			return 1
153		else
154			return 0
155		fi
156	fi
157	return 1
158}
159
160bringup_ipif()
161{
162	for showif_output in `\
163	    /sbin/ipadm show-if -p -o ifname,state,current`; do
164		intf=`echo $showif_output | /usr/bin/cut -f1 -d:`
165		state=`echo $showif_output | /usr/bin/cut -f2 -d:`
166		current=`echo $showif_output | /usr/bin/cut -f3 -d:`
167		if  [[ "$state" != "disabled" && $current != *Z* ]]; then
168			#
169			# skip if not a persistent interface, or if it should
170			# get IP configuration from the global zone ('Z' flag
171			# is set)
172			#
173			continue;
174		elif is_iptun $intf; then
175			# skip IP tunnel interfaces plumbed by net-iptun
176			continue;
177		elif [ -f /etc/hostname.$intf ] || \
178		    [ -f /etc/hostname6.$intf ]; then
179			if [[ $current != *Z* ]]; then
180				echo "found /etc/hostname.$intf "\
181				    "or /etc/hostname6.$intf, "\
182				    "ignoring ipadm configuration" > /dev/msglog
183				continue;
184			else
185				echo "Ignoring /etc/hostname*.$intf" \
186				    > /dev/msglog
187				{
188					/sbin/ifconfig $intf unplumb
189					/sbin/ifconfig $intf inet6 unplumb
190				} > /dev/null 2>&1
191			fi
192		fi
193
194		# Enable the interface managed by ipadm
195		/sbin/ipadm enable-if -t $intf
196	done
197}
198
199#
200# All the IPv4 and IPv6 interfaces are plumbed before doing any
201# interface configuration.  This prevents errors from plumb failures
202# getting mixed in with the configured interface lists that the script
203# outputs.
204#
205
206#
207# First deal with /etc/hostname
208#
209# Get the list of IPv4 interfaces to configure by breaking
210# /etc/hostname.* into separate args by using "." as a shell separator
211# character.
212#
213interface_names="`echo /etc/hostname.*[0-9] 2>/dev/null`"
214if [ "$interface_names" != "/etc/hostname.*[0-9]" ]; then
215	ORIGIFS="$IFS"
216	IFS="$IFS."
217	set -- $interface_names
218	IFS="$ORIGIFS"
219	while [ $# -ge 2 ]; do
220		shift
221		intf_name=$1
222		while [ $# -gt 1 -a "$2" != "/etc/hostname" ]; do
223			intf_name="$intf_name.$2"
224			shift
225		done
226		shift
227
228		# skip IP tunnel interfaces plumbed by net-iptun.
229		if is_iptun $intf_name; then
230			continue
231		fi
232
233	        read one rest < /etc/hostname.$intf_name
234		if [ "$one" = ipmp ]; then
235			ipmp_list="$ipmp_list $intf_name"
236		else
237			inet_list="$inet_list $intf_name"
238		fi
239	done
240fi
241
242#
243# Get the list of IPv6 interfaces to configure by breaking
244# /etc/hostname6.* into separate args by using "." as a shell separator
245# character.
246#
247interface_names="`echo /etc/hostname6.*[0-9] 2>/dev/null`"
248if [ "$interface_names" != "/etc/hostname6.*[0-9]" ]; then
249	ORIGIFS="$IFS"
250	IFS="$IFS."
251	set -- $interface_names
252	IFS="$ORIGIFS"
253	while [ $# -ge 2 ]; do
254		shift
255		intf_name=$1
256		while [ $# -gt 1 -a "$2" != "/etc/hostname6" ]; do
257			intf_name="$intf_name.$2"
258			shift
259		done
260		shift
261
262		# skip IP tunnel interfaces plumbed by net-iptun.
263		if is_iptun $intf_name; then
264			continue
265		fi
266
267	        read one rest < /etc/hostname6.$intf_name
268		if [ "$one" = ipmp ]; then
269			ipmp6_list="$ipmp6_list $intf_name"
270		else
271			inet6_list="$inet6_list $intf_name"
272		fi
273	done
274fi
275
276#
277# Create all of the IPv4 IPMP interfaces.
278#
279if [ -n "$ipmp_list" ]; then
280	set -- $ipmp_list
281	while [ $# -gt 0 ]; do
282		if /sbin/ifconfig $1 ipmp; then
283			ipmp_created="$ipmp_created $1"
284		else
285			ipmp_failed="$ipmp_failed $1"
286		fi
287		shift
288	done
289	[ -n "$ipmp_failed" ] && warn_failed_ifs "create IPv4 IPMP" \
290	    "$ipmp_failed"
291fi
292
293#
294# Step through the IPv4 interface list and try to plumb every interface.
295# Generate list of plumbed and failed IPv4 interfaces.
296#
297if [ -n "$inet_list" ]; then
298	set -- $inet_list
299	while [ $# -gt 0 ]; do
300		/sbin/ifconfig $1 plumb
301		if /sbin/ifconfig $1 inet >/dev/null 2>&1; then
302			inet_plumbed="$inet_plumbed $1"
303		else
304			inet_failed="$inet_failed $1"
305		fi
306		shift
307	done
308	[ -n "$inet_failed" ] && warn_failed_ifs "plumb IPv4" "$inet_failed"
309fi
310
311# Run autoconf to connect to a WLAN if the interface is a wireless one
312if [ -x /sbin/wificonfig -a -n "$inet_plumbed" ]; then
313	set -- $inet_plumbed
314	while [ $# -gt 0 ]; do
315			if [ -r /dev/wifi/$1 ]; then
316				/sbin/wificonfig -i $1 startconf >/dev/null
317			fi
318		shift
319	done
320fi
321
322#
323# Step through the IPv6 interface list and plumb every interface.
324# Generate list of plumbed and failed IPv6 interfaces.  Each plumbed
325# interface will be brought up later, after processing any contents of
326# the /etc/hostname6.* file.
327#
328if [ -n "$inet6_list" ]; then
329	set -- $inet6_list
330	while [ $# -gt 0 ]; do
331		/sbin/ifconfig $1 inet6 plumb
332		if /sbin/ifconfig $1 inet6 >/dev/null 2>&1; then
333			inet6_plumbed="$inet6_plumbed $1"
334		else
335			inet6_failed="$inet6_failed $1"
336		fi
337		shift
338	done
339	[ -n "$inet6_failed" ] && warn_failed_ifs "plumb IPv6" "$inet6_failed"
340fi
341
342#
343# Create all of the IPv6 IPMP interfaces.
344#
345if [ -n "$ipmp6_list" ]; then
346	set -- $ipmp6_list
347	while [ $# -gt 0 ]; do
348		if /sbin/ifconfig $1 inet6 ipmp; then
349			ipmp6_created="$ipmp6_created $1"
350		else
351			ipmp6_failed="$ipmp6_failed $1"
352		fi
353		shift
354	done
355	[ -n "$ipmp6_failed" ] && warn_failed_ifs "create IPv6 IPMP" \
356	    "$ipmp6_failed"
357fi
358
359#
360# Upgrade ipadm.conf.
361#
362if /usr/bin/grep -q _family /etc/ipadm/ipadm.conf; then
363	oldifs=$(/usr/bin/sed -En \
364	    's/^_ifname=([a-z0-9_]+);_family=[0-9]+;$/\1/p' \
365	    /etc/ipadm/ipadm.conf | /usr/bin/sort -u)
366	/usr/bin/sed -i '/_family/d' /etc/ipadm/ipadm.conf
367	for oldif in $oldifs; do
368		/usr/bin/printf \
369		    "_ifname=%s;_ifclass=0;_families=2,26;\n" \
370		    $oldif >> /etc/ipadm/ipadm.conf
371	done
372fi
373
374#
375# Finally configure interfaces set up with ipadm. Any /etc/hostname*.intf
376# files take precedence over ipadm defined configurations except when
377# we are in a non-global zone and Layer-3 protection of IP addresses is
378# enforced on the interface by the global zone.
379#
380bringup_ipif
381
382#
383# Process the /etc/hostname[6].* files for IPMP interfaces.  Processing these
384# before non-IPMP interfaces avoids accidental implicit IPMP group creation.
385#
386[ -n "$ipmp_created" ] && if_configure inet "IPMP" $ipmp_created
387[ -n "$ipmp6_created" ] && if_configure inet6 "IPMP" $ipmp6_created
388
389#
390# Process the /etc/hostname[6].* files for non-IPMP interfaces.
391#
392[ -n "$inet_plumbed" ] && if_configure inet "" $inet_plumbed
393[ -n "$inet6_plumbed" ] && if_configure inet6 "" $inet6_plumbed
394
395#
396# For the IPv4 and IPv6 interfaces that failed to plumb, find (or create)
397# IPMP meta-interfaces to host their data addresses.
398#
399[ -n "$inet_failed" ] && move_addresses inet
400[ -n "$inet6_failed" ] && move_addresses inet6
401
402# Run DHCP if requested. Skip boot-configured interface.
403interface_names="`echo /etc/dhcp.*[0-9] 2>/dev/null`"
404if [ "$interface_names" != '/etc/dhcp.*[0-9]' ]; then
405	#
406	# First find the primary interface. Default to the first
407	# interface if not specified. First primary interface found
408	# "wins". Use care not to "reconfigure" a net-booted interface
409	# configured using DHCP. Run through the list of interfaces
410	# again, this time trying DHCP.
411	#
412	i4d_fail=
413	firstif=
414	primary=
415	ORIGIFS="$IFS"
416	IFS="${IFS}."
417	set -- $interface_names
418
419	while [ $# -ge 2 ]; do
420		shift
421		[ -z "$firstif" ] && firstif=$1
422
423		for i in `shcat /etc/dhcp\.$1`; do
424			if [ "$i" = primary ]; then
425				primary=$1
426				break
427			fi
428		done
429
430		[ -n "$primary" ] && break
431		shift
432	done
433
434	[ -z "$primary" ] && primary="$firstif"
435	cmdline=`shcat /etc/dhcp\.${primary}`
436
437	if [ "$_INIT_NET_IF" != "$primary" ]; then
438		echo "starting DHCP on primary interface $primary"
439		/sbin/ifconfig $primary auto-dhcp primary $cmdline
440		# Exit code 4 means ifconfig timed out waiting for dhcpagent
441		[ $? != 0 ] && [ $? != 4 ] && i4d_fail="$i4d_fail $primary"
442	fi
443
444	set -- $interface_names
445
446	while [ $# -ge 2 ]; do
447		shift
448		cmdline=`shcat /etc/dhcp\.$1`
449		if [ "$1" != "$primary" -a \
450			"$1" != "$_INIT_NET_IF"  ]; then
451			echo "starting DHCP on interface $1"
452			/sbin/ifconfig $1 dhcp start wait 0 $cmdline
453			# Exit code can't be timeout when wait is 0
454			[ $? != 0 ] && i4d_fail="$i4d_fail $1"
455		fi
456		shift
457	done
458	IFS="$ORIGIFS"
459	unset ORIGIFS
460	[ -n "$i4d_fail" ] && warn_failed_ifs "configure IPv4 DHCP" "$i4d_fail"
461fi
462
463# There is a chicken-and-egg problem with bringing up overlay VNICs at boot
464# time. When the first VNIC is added to an overlay, it creates a kernel socket
465# to listen for incoming encapsulated frames. Therefore, VNICs cannot be added
466# until after IP interfaces have been brought up. Overlay VNICs may themselves
467# have IP interfaces over them and so it is necessary to attempt to bring up
468# any remaining IP interfaces once the overlay VNICs are in place.
469if smf_is_globalzone && dladm show-link -p -o class | egrep -s 'overlay'; then
470	echo "Bringing up any remaining VNICs on overlays"
471	/sbin/dladm up-vnic
472	echo "Bringing up any remaining IP interfaces on overlay VNICs"
473	bringup_ipif
474fi
475
476# In order to avoid bringing up the interfaces that have
477# intentionally been left down, perform RARP only if the system
478# has no configured hostname in /etc/nodename
479hostname="`shcat /etc/nodename 2>/dev/null`"
480if [ "$_INIT_NET_STRATEGY" = "rarp" -o -z "$hostname" ]; then
481	/sbin/ifconfig -adD4 auto-revarp netmask + broadcast + up
482fi
483
484#
485# If the /etc/defaultrouter file exists, process it now so that the next
486# stage of booting will have access to NFS.
487#
488if [ -f /etc/defaultrouter ]; then
489	while read router rubbish; do
490		case "$router" in
491			'#'* | '') ;;	#  Ignore comments, empty lines
492			*)	/sbin/route -n add default -gateway $router ;;
493		esac
494	done </etc/defaultrouter
495fi
496
497#
498# If we get here and were not asked to plumb any IPv4 interfaces, look
499# for boot properties that direct us.
500#
501# - The "network-interface" property is required and indicates the
502#   interface name.
503# - The "xpv-hcp" property, if present, is used by the hypervisor
504#   tools to indicate how the specified interface should be configured.
505#   Permitted values are "dhcp" and "off", where "off" indicates static
506#   IP configuration.
507#
508# In the case where "xpv-hcp" is set to "dhcp", no further properties
509# are required or examined.
510#
511# In the case where "xpv-hcp" is not present or set to "off", the
512# "host-ip" and "subnet-mask" properties are used to configure
513# the specified interface.  The "router-ip" property, if present,
514# is used to add a default route.
515#
516nic="`/sbin/devprop network-interface`"
517if smf_is_globalzone && [ -z "$inet_list" ] && [ -n "$nic" ]; then
518	hcp="`/sbin/devprop xpv-hcp`"
519	case "$hcp" in
520	"dhcp")
521		/sbin/ifconfig $nic plumb 2>/dev/null
522		[ -n "`/sbin/ifconfig $nic 2>/dev/null`" ] && (
523			# The interface is successfully plumbed, so
524			# modify "inet_list" to force the exit code
525			# checks to work.
526			inet_list=$nic;
527			# Given that this is the only IPv4 interface,
528			# we assert that it is primary.
529			echo "starting DHCP on primary interface $primary";
530			/sbin/ifconfig $nic auto-dhcp primary;
531			# Exit code 4 means ifconfig timed out waiting
532			# for dhcpagent
533			[ $? != 0 ] && [ $? != 4 ] && \
534			    i4d_fail="$i4d_fail $nic";
535		)
536		;;
537
538	"off"|"")
539		/sbin/devprop host-ip subnet-mask router-ip | (
540			read ip;
541			read mask;
542			read router;
543			[ -n "$ip" ] && [ -n "$mask" ] && \
544				/sbin/ifconfig $nic plumb 2>/dev/null
545			[ -n "`/sbin/ifconfig $nic 2>/dev/null`" ] && (
546				# The interface is successfully
547				# plumbed, so modify "inet_list" to
548				# force the exit code checks to work.
549				inet_list=$nic;
550				/sbin/ifconfig $nic  inet $ip \
551				    netmask $mask broadcast + up 2>/dev/null;
552				[ -n "$router" ] && route add \
553				    default $router 2>/dev/null;
554			)
555		)
556		;;
557	esac
558fi
559
560#
561# We tell smf this service is online if any of the following is true:
562# - no interfaces were configured for plumbing and no DHCP failures
563# - any non-loopback IPv4 interfaces are up and have a non-zero address
564# - there are any DHCP interfaces started
565# - any non-loopback IPv6 interfaces are up
566#
567# If we weren't asked to configure any interfaces, exit
568if [ -z "$inet_list" ] && [ -z "$inet6_list" ]; then
569	# Config error if DHCP was attempted without plumbed interfaces
570	[ -n "$i4d_fail" ] && exit $SMF_EXIT_ERR_CONFIG
571	exit $SMF_EXIT_OK
572fi
573
574# Any non-loopback IPv4 interfaces with usable addresses up?
575if [ -n "`/sbin/ifconfig -a4u`" ]; then
576	/sbin/ifconfig -a4u | while read intf addr rest; do
577		[ $intf = inet ] && [ $addr != 127.0.0.1 ] &&
578		[ $addr != 0.0.0.0 ] && exit $SMF_EXIT_OK
579	done && exit $SMF_EXIT_OK
580fi
581
582# Any DHCP interfaces started?
583[ -n "`/sbin/ifconfig -a4 dhcp status 2>/dev/null`" ] && exit $SMF_EXIT_OK
584
585# Any non-loopback IPv6 interfaces up?
586if [ -n "`/sbin/ifconfig -au6`" ]; then
587	/sbin/ifconfig -au6 | while read intf addr rest; do
588		[ $intf = inet6 ] && [ $addr != ::1/128 ] && exit $SMF_EXIT_OK
589	done && exit $SMF_EXIT_OK
590fi
591
592# This service was supposed to configure something yet didn't.  Exit
593# with config error.
594exit $SMF_EXIT_ERR_CONFIG
595