diff options
author | John Estabrook <jestabro@vyos.io> | 2023-09-05 18:26:13 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-09-05 18:26:13 -0500 |
commit | 490249bc57d948a60cd94f868d3bf0342caf136a (patch) | |
tree | 2e7092e110b533bf4e38639f23d0c8b11c1057f7 | |
parent | 3fe5482a29042c92298d3e69d90c0c38404d2fcc (diff) | |
parent | 5f2926cf04e8a569bb25cd4121179d12b9e04c6c (diff) | |
download | vyos-1x-490249bc57d948a60cd94f868d3bf0342caf136a.tar.gz vyos-1x-490249bc57d948a60cd94f868d3bf0342caf136a.zip |
Merge pull request #2204 from sever-sever/T5480
T5480: Ability to disable SNMP for keepalived service VRRP
-rw-r--r-- | data/templates/high-availability/10-override.conf.j2 (renamed from src/etc/systemd/system/keepalived.service.d/override.conf) | 4 | ||||
-rw-r--r-- | interface-definitions/high-availability.xml.in | 6 | ||||
-rwxr-xr-x | src/conf_mode/high-availability.py | 20 |
3 files changed, 27 insertions, 3 deletions
diff --git a/src/etc/systemd/system/keepalived.service.d/override.conf b/data/templates/high-availability/10-override.conf.j2 index d91a824b9..d1cb25581 100644 --- a/src/etc/systemd/system/keepalived.service.d/override.conf +++ b/data/templates/high-availability/10-override.conf.j2 @@ -1,3 +1,5 @@ +### Autogenerated by ${vyos_conf_scripts_dir}/high-availability.py ### +{% set snmp = '' if vrrp.disable_snmp is vyos_defined else '--snmp' %} [Unit] After=vyos-router.service # Only start if there is our configuration file - remove Debian default @@ -10,5 +12,5 @@ KillMode=process Type=simple # Read configuration variable file if it is present ExecStart= -ExecStart=/usr/sbin/keepalived --use-file /run/keepalived/keepalived.conf --pid /run/keepalived/keepalived.pid --dont-fork --snmp +ExecStart=/usr/sbin/keepalived --use-file /run/keepalived/keepalived.conf --pid /run/keepalived/keepalived.pid --dont-fork {{ snmp }} PIDFile=/run/keepalived/keepalived.pid diff --git a/interface-definitions/high-availability.xml.in b/interface-definitions/high-availability.xml.in index 4f55916fa..47a772d04 100644 --- a/interface-definitions/high-availability.xml.in +++ b/interface-definitions/high-availability.xml.in @@ -12,6 +12,12 @@ <help>Virtual Router Redundancy Protocol settings</help> </properties> <children> + <leafNode name="disable-snmp"> + <properties> + <valueless/> + <help>Disable SNMP</help> + </properties> + </leafNode> <node name="global-parameters"> <properties> <help>VRRP global parameters</help> diff --git a/src/conf_mode/high-availability.py b/src/conf_mode/high-availability.py index 0121df11c..70f43ab52 100755 --- a/src/conf_mode/high-availability.py +++ b/src/conf_mode/high-availability.py @@ -15,6 +15,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. +import os import time from sys import exit @@ -24,6 +25,7 @@ from ipaddress import IPv6Interface from vyos.base import Warning from vyos.config import Config +from vyos.configdict import leaf_node_changed from vyos.ifconfig.vrrp import VRRP from vyos.template import render from vyos.template import is_ipv4 @@ -35,6 +37,9 @@ from vyos import airbag airbag.enable() +systemd_override = r'/run/systemd/system/keepalived.service.d/10-override.conf' + + def get_config(config=None): if config: conf = config @@ -54,6 +59,9 @@ def get_config(config=None): if conf.exists(conntrack_path): ha['conntrack_sync_group'] = conf.return_value(conntrack_path) + if leaf_node_changed(conf, base + ['vrrp', 'disable-snmp']): + ha.update({'restart_required': {}}) + return ha def verify(ha): @@ -164,19 +172,23 @@ def verify(ha): def generate(ha): if not ha or 'disable' in ha: + if os.path.isfile(systemd_override): + os.unlink(systemd_override) return None render(VRRP.location['config'], 'high-availability/keepalived.conf.j2', ha) + render(systemd_override, 'high-availability/10-override.conf.j2', ha) return None def apply(ha): service_name = 'keepalived.service' + call('systemctl daemon-reload') if not ha or 'disable' in ha: call(f'systemctl stop {service_name}') return None # Check if IPv6 address is tentative T5533 - for group, group_config in ha['vrrp']['group'].items(): + for group, group_config in ha.get('vrrp', {}).get('group', {}).items(): if 'hello_source_address' in group_config: if is_ipv6(group_config['hello_source_address']): ipv6_address = group_config['hello_source_address'] @@ -187,7 +199,11 @@ def apply(ha): if is_ipv6_tentative(interface, ipv6_address): time.sleep(interval) - call(f'systemctl reload-or-restart {service_name}') + systemd_action = 'reload-or-restart' + if 'restart_required' in ha: + systemd_action = 'restart' + + call(f'systemctl {systemd_action} {service_name}') return None if __name__ == '__main__': |