Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
luci/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua
Jo-Philipp Wich 8deb949551 treewide: rework uci apply workflow 
Switch to rpcd based uci apply/rollback workflow which helps to avoid soft-
bricking devices by requiring an explicit confirmation call after config
apply.

When a user now clicks "Save & Apply", LuCI first issues a call to uci apply
which commits and reloads configuration, then goes into a polling countdown
mode where it repeatedly attempts to call uci confirm.

If the committed configuration is sane, the confirm call will go through and
cancel rpcd's pending rollback timer.

If the configuration change leads to a loss of connectivity (e.g. due to bad
firewall rules or similar), the rollback mechanism will kick in after the
timeout and revert configuration files and pending changes to the pre-apply
state.

In order to cover such rare cases where a lost of connectivity is expected
and desired, the user is offered an "unchecked" apply option after timing
out, which allows committing and applying the changes anyway, without the
extra safety checks.

As a consequence of this change, the luci-reload mechanism is now completely
unsused since rpcd uses ubus config reload signals to reload affected
services, which means that only procd-enabled services will receive proper
reload treatment with the new workflow.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-05 23:11:23 +02:00

101 lines
2.5 KiB
Lua
Raw Blame History

-- Copyright 2008 Steven Barth <steven@midlink.org>
-- Copyright 2010-2015 Jo-Philipp Wich <jow@openwrt.org>
-- Licensed to the public under the Apache License 2.0.
module("luci.controller.admin.uci", package.seeall)
function index()
local redir = luci.http.formvalue("redir", true)
or table.concat(luci.dispatcher.context.request, "/")
entry({"admin", "uci"}, nil, _("Configuration"))
entry({"admin", "uci", "changes"}, call("action_changes"), _("Changes"), 40).query = {redir=redir}
entry({"admin", "uci", "revert"}, post("action_revert"), _("Revert"), 30).query = {redir=redir}
local node
local authen = function(checkpass, allowed_users)
return "root", luci.http.formvalue("sid")
end
node = entry({"admin", "uci", "apply_rollback"}, post("action_apply_rollback"), nil)
node.cors = true
node.sysauth_authenticator = authen
node = entry({"admin", "uci", "apply_unchecked"}, post("action_apply_unchecked"), nil)
node.cors = true
node.sysauth_authenticator = authen
node = entry({"admin", "uci", "confirm"}, post("action_confirm"), nil)
node.cors = true
node.sysauth_authenticator = authen
end
function action_changes()
local uci = require "luci.model.uci"
local changes = uci:changes()
luci.template.render("admin_uci/changes", {
changes = next(changes) and changes,
timeout = timeout
})
end
function action_revert()
local uci = require "luci.model.uci"
local changes = uci:changes()
-- Collect files to be reverted
local r, tbl
for r, tbl in pairs(changes) do
uci:revert(r)
end
luci.template.render("admin_uci/revert", {
changes = next(changes) and changes
})
end
local function ubus_state_to_http(errstr)
local map = {
["Invalid command"] = 400,
["Invalid argument"] = 400,
["Method not found"] = 404,
["Entry not found"] = 404,
["No data"] = 204,
["Permission denied"] = 403,
["Timeout"] = 504,
["Not supported"] = 500,
["Unknown error"] = 500,
["Connection failed"] = 503
}
local code = map[errstr] or 200
local msg = errstr or "OK"
luci.http.status(code, msg)
if code ~= 204 then
luci.http.prepare_content("text/plain")
luci.http.write(msg)
end
end
function action_apply_rollback()
local uci = require "luci.model.uci"
local _, errstr = uci:apply(true)
ubus_state_to_http(errstr)
end
function action_apply_unchecked()
local uci = require "luci.model.uci"
local _, errstr = uci:apply(false)
ubus_state_to_http(errstr)
end
function action_confirm()
local uci = require "luci.model.uci"
local _, errstr = uci:confirm()
ubus_state_to_http(errstr)
end
Reference in a new issue View git blame Copy permalink