diff options
author | Christian Breunig <christian@breunig.cc> | 2024-07-16 21:28:55 +0200 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2024-07-16 21:29:39 +0200 |
commit | c74ae852152b0c3c3f00a1847d081d28f500e178 (patch) | |
tree | 9317a44e31b6ed0688dfb546401ac237ff063b23 | |
parent | 887de85b7a78dde370ddb71ddcb3f87557536e08 (diff) | |
download | vyos-1x-c74ae852152b0c3c3f00a1847d081d28f500e178.tar.gz vyos-1x-c74ae852152b0c3c3f00a1847d081d28f500e178.zip |
op-mode: T6577: create generic service restart helper to work with the API
Right now we have multiple restart helpers (e.g. dhcp server, ssh, ntp) that
all do the same (more or less):
* Check if service is configured on CLI
* Restart if configured
* Error out if unconfigured
This is not available via the op-mode API. Create a new restart.py op-mode
helper that takes the service name and possible VRF as argument so it's also
exposed via API.
-rw-r--r-- | op-mode-definitions/dhcp.xml.in | 4 | ||||
-rw-r--r-- | op-mode-definitions/dns-dynamic.xml.in | 2 | ||||
-rw-r--r-- | op-mode-definitions/dns-forwarding.xml.in | 2 | ||||
-rw-r--r-- | op-mode-definitions/igmp-proxy.xml.in | 2 | ||||
-rw-r--r-- | op-mode-definitions/mdns-reflector.xml.in | 2 | ||||
-rw-r--r-- | op-mode-definitions/restart-router-advert.xml.in | 2 | ||||
-rw-r--r-- | op-mode-definitions/restart-snmp.xml.in | 2 | ||||
-rw-r--r-- | op-mode-definitions/restart-ssh.xml.in | 2 | ||||
-rw-r--r-- | op-mode-definitions/reverse-proxy.xml.in | 2 | ||||
-rw-r--r-- | op-mode-definitions/suricata.xml.in | 2 | ||||
-rw-r--r-- | op-mode-definitions/vpn-ipsec.xml.in | 2 | ||||
-rw-r--r-- | op-mode-definitions/vrrp.xml.in | 2 | ||||
-rw-r--r-- | op-mode-definitions/webproxy.xml.in | 2 | ||||
-rwxr-xr-x | src/op_mode/restart.py | 127 |
14 files changed, 141 insertions, 14 deletions
diff --git a/op-mode-definitions/dhcp.xml.in b/op-mode-definitions/dhcp.xml.in index eee6937d6..b3438ab80 100644 --- a/op-mode-definitions/dhcp.xml.in +++ b/op-mode-definitions/dhcp.xml.in @@ -245,7 +245,7 @@ <properties> <help>Restart DHCP server</help> </properties> - <command>if cli-shell-api existsActive service dhcp-server; then sudo systemctl restart kea-dhcp4-server.service; else echo "DHCP server not configured"; fi</command> + <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name dhcp</command> </node> <node name="relay-agent"> <properties> @@ -264,7 +264,7 @@ <properties> <help>Restart DHCPv6 server</help> </properties> - <command>if cli-shell-api existsActive service dhcpv6-server; then sudo systemctl restart kea-dhcp6-server.service; else echo "DHCPv6 server not configured"; fi</command> + <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name dhcpv6</command> </node> <node name="relay-agent"> <properties> diff --git a/op-mode-definitions/dns-dynamic.xml.in b/op-mode-definitions/dns-dynamic.xml.in index 45d58e2e8..ef0f03988 100644 --- a/op-mode-definitions/dns-dynamic.xml.in +++ b/op-mode-definitions/dns-dynamic.xml.in @@ -97,7 +97,7 @@ <properties> <help>Restart Dynamic DNS service</help> </properties> - <command>if cli-shell-api existsActive service dns dynamic; then sudo systemctl restart ddclient.service; else echo "Dynamic DNS not configured"; fi</command> + <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name dns_dynamic</command> </node> </children> </node> diff --git a/op-mode-definitions/dns-forwarding.xml.in b/op-mode-definitions/dns-forwarding.xml.in index 29bfc61cf..fac3fc345 100644 --- a/op-mode-definitions/dns-forwarding.xml.in +++ b/op-mode-definitions/dns-forwarding.xml.in @@ -73,7 +73,7 @@ <properties> <help>Restart DNS Forwarding service</help> </properties> - <command>if cli-shell-api existsActive service dns forwarding; then sudo systemctl restart pdns-recursor.service; else echo "DNS forwarding not configured"; fi</command> + <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name dns_forwarding</command> </leafNode> </children> </node> diff --git a/op-mode-definitions/igmp-proxy.xml.in b/op-mode-definitions/igmp-proxy.xml.in index 8533138d7..d6ad7ed7e 100644 --- a/op-mode-definitions/igmp-proxy.xml.in +++ b/op-mode-definitions/igmp-proxy.xml.in @@ -6,7 +6,7 @@ <properties> <help>Restart the IGMP proxy process</help> </properties> - <command>sudo systemctl restart igmpproxy.service</command> + <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name igmp_proxy</command> </node> </children> </node> diff --git a/op-mode-definitions/mdns-reflector.xml.in b/op-mode-definitions/mdns-reflector.xml.in index a90d4d385..115b2858c 100644 --- a/op-mode-definitions/mdns-reflector.xml.in +++ b/op-mode-definitions/mdns-reflector.xml.in @@ -53,7 +53,7 @@ <properties> <help>Restart mDNS repeater service</help> </properties> - <command>sudo systemctl restart avahi-daemon.service</command> + <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name mdns_repeater</command> </node> </children> </node> diff --git a/op-mode-definitions/restart-router-advert.xml.in b/op-mode-definitions/restart-router-advert.xml.in index 304b4dfd3..9eea3dfc4 100644 --- a/op-mode-definitions/restart-router-advert.xml.in +++ b/op-mode-definitions/restart-router-advert.xml.in @@ -6,7 +6,7 @@ <properties> <help>Restart IPv6 Router Advertisement service</help> </properties> - <command>if cli-shell-api existsActive service router-advert; then sudo systemctl restart radvd.service; else echo "IPv6 Router Advertisement service not configured"; fi</command> + <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name router_advert</command> </node> </children> </node> diff --git a/op-mode-definitions/restart-snmp.xml.in b/op-mode-definitions/restart-snmp.xml.in index 7de27df64..e9c43de01 100644 --- a/op-mode-definitions/restart-snmp.xml.in +++ b/op-mode-definitions/restart-snmp.xml.in @@ -6,7 +6,7 @@ <properties> <help>Restart SNMP service</help> </properties> - <command>if cli-shell-api existsActive service snmp; then sudo systemctl restart snmpd.service; else echo "Service SNMP not configured"; fi</command> + <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name snmp</command> </node> </children> </node> diff --git a/op-mode-definitions/restart-ssh.xml.in b/op-mode-definitions/restart-ssh.xml.in index 543cafc24..914586df8 100644 --- a/op-mode-definitions/restart-ssh.xml.in +++ b/op-mode-definitions/restart-ssh.xml.in @@ -6,7 +6,7 @@ <properties> <help>Restart SSH service</help> </properties> - <command>if cli-shell-api existsActive service ssh; then sudo systemctl restart "ssh@*.service"; else echo "Service SSH not configured"; fi</command> + <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name ssh --vrf "*"</command> </node> </children> </node> diff --git a/op-mode-definitions/reverse-proxy.xml.in b/op-mode-definitions/reverse-proxy.xml.in index 4af24880b..b45ce107f 100644 --- a/op-mode-definitions/reverse-proxy.xml.in +++ b/op-mode-definitions/reverse-proxy.xml.in @@ -6,7 +6,7 @@ <properties> <help>Restart reverse-proxy service</help> </properties> - <command>if cli-shell-api existsActive load-balancing reverse-proxy; then sudo systemctl restart haproxy.service; else echo "Reverse-Proxy not configured"; fi</command> + <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name reverse_proxy</command> </node> </children> </node> diff --git a/op-mode-definitions/suricata.xml.in b/op-mode-definitions/suricata.xml.in index a5025afba..ff1f84706 100644 --- a/op-mode-definitions/suricata.xml.in +++ b/op-mode-definitions/suricata.xml.in @@ -16,7 +16,7 @@ <properties> <help>Restart Suricata service</help> </properties> - <command>if systemctl is-active --quiet suricata; then sudo systemctl restart suricata.service; else echo "Service Suricata not configured"; fi</command> + <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name suricata</command> </node> </children> </node> diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in index b551af2be..0a8671aeb 100644 --- a/op-mode-definitions/vpn-ipsec.xml.in +++ b/op-mode-definitions/vpn-ipsec.xml.in @@ -112,7 +112,7 @@ <properties> <help>Restart the IPsec VPN process</help> </properties> - <command>if systemctl is-active --quiet strongswan; then sudo systemctl restart strongswan ; echo "IPsec process restarted"; else echo "IPsec process not running" ; fi</command> + <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name ipsec</command> </node> </children> </node> diff --git a/op-mode-definitions/vrrp.xml.in b/op-mode-definitions/vrrp.xml.in index 34484c706..158e7093e 100644 --- a/op-mode-definitions/vrrp.xml.in +++ b/op-mode-definitions/vrrp.xml.in @@ -30,7 +30,7 @@ <properties> <help>Restart VRRP (Virtual Router Redundancy Protocol) process</help> </properties> - <command>sudo systemctl restart keepalived.service</command> + <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name vrrp</command> </node> </children> </node> diff --git a/op-mode-definitions/webproxy.xml.in b/op-mode-definitions/webproxy.xml.in index 57df44ff8..ba13907b8 100644 --- a/op-mode-definitions/webproxy.xml.in +++ b/op-mode-definitions/webproxy.xml.in @@ -34,7 +34,7 @@ <properties> <help>Restart WebProxy service</help> </properties> - <command>if cli-shell-api existsActive service webproxy; then sudo systemctl restart squid.service; else echo "Service WebProxy not configured"; fi</command> + <command>sudo ${vyos_op_scripts_dir}/restart.py restart_service --name webproxy</command> </node> </children> </node> diff --git a/src/op_mode/restart.py b/src/op_mode/restart.py new file mode 100755 index 000000000..813d3a2b7 --- /dev/null +++ b/src/op_mode/restart.py @@ -0,0 +1,127 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2024 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import sys +import typing +import vyos.opmode + +from vyos.configquery import ConfigTreeQuery +from vyos.utils.process import call +from vyos.utils.commit import commit_in_progress + +config = ConfigTreeQuery() + +service_map = { + 'dhcp' : { + 'systemd_service': 'kea-dhcp4-server', + 'path': ['service', 'dhcp-server'], + }, + 'dhcpv6' : { + 'systemd_service': 'kea-dhcp6-server', + 'path': ['service', 'dhcpv6-server'], + }, + 'dns_dynamic': { + 'systemd_service': 'ddclient', + 'path': ['service', 'dns', 'dynamic'], + }, + 'dns_forwarding': { + 'systemd_service': 'pdns-recursor', + 'path': ['service', 'dns', 'forwarding'], + }, + 'igmp_proxy': { + 'systemd_service': 'igmpproxy', + 'path': ['protocols', 'igmp-proxy'], + }, + 'ipsec': { + 'systemd_service': 'strongswan', + 'path': ['vpn', 'ipsec'], + }, + 'mdns_repeater': { + 'systemd_service': 'avahi-daemon', + 'path': ['service', 'mdns', 'repeater'], + }, + 'reverse_proxy': { + 'systemd_service': 'haproxy', + 'path': ['load-balancing', 'reverse-proxy'], + }, + 'router_advert': { + 'systemd_service': 'radvd', + 'path': ['service', 'router-advert'], + }, + 'snmp' : { + 'systemd_service': 'snmpd', + }, + 'ssh' : { + 'systemd_service': 'ssh', + }, + 'suricata' : { + 'systemd_service': 'suricata', + }, + 'vrrp' : { + 'systemd_service': 'keepalived', + 'path': ['high-availability', 'vrrp'], + }, + 'webproxy' : { + 'systemd_service': 'squid', + }, +} +services = typing.Literal['dhcp', 'dhcpv6', 'dns_dynamic', 'dns_forwarding', 'igmp_proxy', 'ipsec', 'mdns_repeater', 'reverse_proxy', 'router_advert', 'snmp', 'ssh', 'suricata' 'vrrp', 'webproxy'] + +def _verify(func): + """Decorator checks if DHCP(v6) config exists""" + from functools import wraps + + @wraps(func) + def _wrapper(*args, **kwargs): + config = ConfigTreeQuery() + name = kwargs.get('name') + human_name = name.replace('_', '-') + + if commit_in_progress(): + print(f'Cannot restart {human_name} service while a commit is in progress') + sys.exit(1) + + # Get optional CLI path from service_mapping dict + # otherwise use "service name" CLI path + path = ['service', name] + if 'path' in service_map[name]: + path = service_map[name]['path'] + + # Check if config does not exist + if not config.exists(path): + raise vyos.opmode.UnconfiguredSubsystem(f'Service {human_name} is not configured!') + if config.exists(path + ['disable']): + raise vyos.opmode.UnconfiguredSubsystem(f'Service {human_name} is disabled!') + return func(*args, **kwargs) + + return _wrapper + +@_verify +def restart_service(raw: bool, name: services, vrf: typing.Optional[str]): + systemd_service = service_map[name]['systemd_service'] + if vrf: + call(f'systemctl restart "{systemd_service}@{vrf}.service"') + else: + call(f'systemctl restart "{systemd_service}.service"') + +if __name__ == '__main__': + try: + res = vyos.opmode.run(sys.modules[__name__]) + if res: + print(res) + except (ValueError, vyos.opmode.Error) as e: + print(e) + sys.exit(1) |