New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sysutils/auto-recovery: a new plugin to rollback configuration changes #3321
Conversation
3a1af4a
to
952af26
Compare
952af26
to
ae2ff84
Compare
If I understand correctly auto-recovery reloads the previous config? Do you plan to implement anything to reload a previous firmware in case an update went wrong? |
That's the basic functionality, but you are able to customize this process to a certain degree.
No. But once the plugin has it's first release, anyone is welcome to contribute new features. |
CONFIG_BACKUP_FILE="${BASE_DIR}/config.xml_recover" | ||
CONFIG_ORIGINAL_FILE="${BASE_DIR}/config.xml_orig" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we simply cannot stray from the live config.xml vs. backups procedure adding another layer of misdirection. one thing it will do is confuse the history and I don't see a way to integrate this as a plugin in terms of eventual UX.
# Run configd command. | ||
if [ "${DO_CONFIGD}" == "1" ]; then | ||
log "Running system command: ${CONFIGD_CMD}" | ||
eval $CONFIGD_CMD |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dispatching random commands is out of the question as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Huh? This is not random, it is limited to pre-defined configd commands. This is already used elsewhere, so not exactly new functionality.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At least the eval makes no sense. Probably also prone to arbitrary command injection. I fail to see the point of deferring a predefined command through a model with a free form command input funnelled through a overcomplicated script.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, misread the free-form part. Apologies.
Am I allowed to put it on community repo to give it broader audiance? Maybe it will motivate someone to spend more time on it? |
Sure 👍 |
Why has this been closed? It is working fine on my tests and it is really needed when you make remote changes. I would ❤️ to see this or a similar plugin to become available for OPNsense. |
Preface
This new community plugin tries to immitate the
reload in 5
feature found in some routers/switches. It will start a countdown and restore all configuration changes if the countdown is not aborted. This is especially useful when working on remote devices.This PR implements the feature request #2976 using an extremely simplified approach. The main feature is implemented, but it may not be sufficient for production environments.
DISCLAIMER: Auto Recovery is a community plugin without support or guarantees. Auto Recovery can only restore the OPNsense system configuration to a previous state. It does not restore any other files, packages or revert any filesystem modification. It certainly is not meant to replace a backup, nor does it protect against failed software upgrades.
Testing
This plugin is expected to be able to reliably restore a working system configuration. Hence we need more people to test it's features, before this plugin can be released.
Adding the development version of the plugin on OPNsense 23.1 is simple:
Please let me know if it works for you, or if you experience any issues.
Screenshots
Configuration screen:
When the countdown is on:
Log messages in
System: Log Files: General
: