summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-12-06 20:57:20 +0100
committerChristian Poessinger <christian@poessinger.com>2021-12-09 23:36:20 +0100
commitfc7b8a225879a216788b68fefba5390e9d9f0ee4 (patch)
tree1d998441ca518f4e0cdacaf339d8fae500af22be
parent977dbf6b9452a81e7f04789182f852afe5f3a0bd (diff)
downloadvyos-1x-fc7b8a225879a216788b68fefba5390e9d9f0ee4.tar.gz
vyos-1x-fc7b8a225879a216788b68fefba5390e9d9f0ee4.zip
https: T4055: add vrf support
(cherry picked from commit 955f260ce682d64d27b3b11e618b1ae0176e4b91)
Diffstat
-rw-r--r--data/templates/https/override.conf.tmpl15
-rw-r--r--interface-definitions/https.xml.in1
-rwxr-xr-xsrc/conf_mode/https.py7
3 files changed, 23 insertions, 0 deletions
diff --git a/data/templates/https/override.conf.tmpl b/data/templates/https/override.conf.tmpl
new file mode 100644
index 000000000..824b1ba3b
--- /dev/null
+++ b/data/templates/https/override.conf.tmpl
@@ -0,0 +1,15 @@
+{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
+[Unit]
+StartLimitIntervalSec=0
+After=vyos-router.service
+
+[Service]
+ExecStartPre=
+ExecStartPre={{vrf_command}}/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
+ExecStart=
+ExecStart={{vrf_command}}/usr/sbin/nginx -g 'daemon on; master_process on;'
+ExecReload=
+ExecReload={{vrf_command}}/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
+Restart=always
+RestartPreventExitStatus=
+RestartSec=10
diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in
index ccb77910a..6490099fd 100644
--- a/interface-definitions/https.xml.in
+++ b/interface-definitions/https.xml.in
@@ -157,6 +157,7 @@
</node>
</children>
</node>
+ #include <include/interface/vrf.xml.i>
</children>
</node>
</children>
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index a6e2d9c8c..05f245509 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -22,6 +22,7 @@ import vyos.defaults
import vyos.certbot_util
from vyos.config import Config
+from vyos.configverify import verify_vrf
from vyos import ConfigError
from vyos.util import call
from vyos.template import render
@@ -30,6 +31,7 @@ from vyos import airbag
airbag.enable()
config_file = '/etc/nginx/sites-available/default'
+systemd_override = r'/etc/systemd/system/nginx.service.d/override.conf'
certbot_dir = vyos.defaults.directories['certbot']
# https config needs to coordinate several subsystems: api, certbot,
@@ -150,6 +152,8 @@ def verify(https):
return None
raise ConfigError("At least one 'virtual-host <id> server-name' "
"matching the 'certbot domain-name' is required.")
+
+ verify_vrf(https)
return None
def generate(https):
@@ -160,10 +164,13 @@ def generate(https):
https['server_block_list'] = [default_server_block]
render(config_file, 'https/nginx.default.tmpl', https)
+ render(systemd_override, 'https/override.conf.tmpl', https)
return None
def apply(https):
+ # Reload systemd manager configuration
+ call('systemctl daemon-reload')
if https is not None:
call('systemctl restart nginx.service')
else:
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-22 13:25:46 +0000