Brian J. Murrell | 21 Feb 23:08 2012
Picon

Re: remote execute hook prior to evaluating params

On 12-02-21 04:38 PM, Tom Eastep wrote:
> On 02/21/2012 01:23 PM, Brian J. Murrell wrote:
>> Currently I have in my params:
>>
>> CGCOIF=$(ssh root <at> gw "/sbin/uci -p /var/state get network.wan0.ifname")
>> IGSIF=$(ssh root <at> gw "/sbin/uci -p /var/state get network.wan1.ifname")
>> PPPEIF=$(ssh root <at> gw "/sbin/uci -p /var/state get network.pppoe_ether.device")
>> CGCO_GATEWAY=$(ssh root <at> gw "/sbin/uci -p /var/state get network.wan0.gateway")
>> IGS_GATEWAY=$(ssh root <at> gw "/sbin/uci -p /var/state get network.wan1.gateway")
>> IGS_ADDRESS=$(ssh root <at> gw "/sbin/uci -p /var/state get network.wan1.ipaddr")

FWIW, the following seems to do the trick in params:

ssh root <at> gw "echo CGCOIF=\$(/sbin/uci -p /var/state get network.wan0.ifname)
echo IGSIF=\$(/sbin/uci -p /var/state get network.wan1.ifname)
echo PPPEIF=\$(/sbin/uci -p /var/state get network.pppoe_ether.device)
echo CGCO_GATEWAY=\$(/sbin/uci -p /var/state get network.wan0.gateway)
echo CGCO_ADDRESS=\$(/sbin/uci -p /var/state get network.wan0.ipaddr)
echo IGS_GATEWAY=\$(/sbin/uci -p /var/state get network.wan1.gateway)
echo IGS_ADDRESS=\$(/sbin/uci -p /var/state get network.wan1.ipaddr)" > foo
eval $(cat foo)
rm foo

I'm sure there's some quoting magic to eliminate the "foo"
intermediate, but it's just too late in the day to keep messing with it.

> I guess my first question is "How are you using these variables?".

Some examples:

./masq:$IGSIF			!$IGS_ADDRESS		$IGS_ADDRESS
./interfaces:pppe	$PPPEIF		detect		maclist,routeback,optional
./rules:Ping/ACCEPT fw          net:$CGCO_GATEWAY
./accounting:DONE       -       -               $CGCO_ADDRESS
./rules:#Ping/ACCEPT fw         net:$IGS_GATEWAY

> In
> configuration files, the first three can be replaced by "Runtime Address
> Variables"; see
> http://www.shorewall.net/configuration_file_basics.htm#Variables.

Ahhh.  &<ifname>?  Note that those first three variables in my list
above are interface names not their addresses.  The .ipaddr ones are
addresses.  Can I assume these runtime variables will work for
shorewall-lite installations?

> Shorewall will detect the gateway addresses for you and store them in
> shell variables in the generated script, but so far I haven't
> implemented gateway Runtime Address Variables, though. Not hard to do,
> though...

Is this answering my question about application in shorewall-lite
configurations perhaps?

I guess ultimately it would be nice to generalize my above ssh-and-eval
for an arbitrary list of <variable>=<the-result-of-some-command-on-gateway>
but with optimizing the remote executions into a single round-trip.

The above trick does work though it not entirely straightforward for
the average user to figure out.

Cheers,
b.

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

Gmane