Merge branch 'crux' of github.com:vyos/vyos-1x into crux

author: Daniil Baturin <daniil@vyos.io> 2020-03-09 19:24:00 +0200
committer: Daniil Baturin <daniil@vyos.io> 2020-03-09 19:24:00 +0200
commit: 806b944f62e675484a114f69be1fc80c1ec76337 (patch)
tree: fc9266a837a38c38dcfb79230727aed26a310aee /src/conf_mode
parent: f4000627dac973e1a2a001f8de2430cbd6a69e03 (diff)
parent: 6b4fb1820e740e6c7d63d7aba94fb2e0c7f5eded (diff)
download: vyos-1x-806b944f62e675484a114f69be1fc80c1ec76337.tar.gz
vyos-1x-806b944f62e675484a114f69be1fc80c1ec76337.zip
3 files changed, 109 insertions, 54 deletions
diff --git a/src/conf_mode/accel_pppoe.py b/src/conf_mode/accel_pppoe.py
index 31f439c68..97e3723f0 100755
--- a/src/conf_mode/accel_pppoe.py
+++ b/src/conf_mode/accel_pppoe.py
@@ -54,7 +54,7 @@ auth_chap_md5
 auth_mschap_v1
 auth_mschap_v2
 #pppd_compat
-#shaper
+shaper
 {% if snmp == 'enable' or snmp == 'enable-ma' %}
 net-snmp
 {% endif %}
@@ -76,7 +76,7 @@ level=5
 {% if snmp == 'enable-ma' %}
 [snmp]
 master=1
-{% endif %}
+{% endif -%}
 
 [client-ip-range]
 disable
@@ -101,24 +101,24 @@ gw-ip-address={{ppp_gw}}
 {% for prfx in client_ipv6_pool['delegate-prefix']: %}
 delegate={{prfx}}
 {% endfor %}
-{% endif %}
+{% endif -%}
 
 {% if dns %}
 [dns]
 {% if dns[0] %}
 dns1={{dns[0]}}
-{% endif %}
+{% endif -%}
 {% if dns[1] %}
 dns2={{dns[1]}}
-{% endif %}
-{% endif %}
+{% endif -%}
+{% endif -%}
 
 {% if dnsv6 %}
 [dnsv6]
 {% for srv in dnsv6: %}
 dns={{srv}}
 {% endfor %}
-{% endif %}
+{% endif -%}
 
 {% if wins %}
 [wins]
@@ -127,13 +127,13 @@ wins1={{wins[0]}}
 {% endif %}
 {% if wins[1] %}
 wins2={{wins[1]}}
-{% endif %}
-{% endif %}
+{% endif -%}
+{% endif -%}
 
 {% if authentication['mode'] == 'local' %}
 [chap-secrets]
 chap-secrets=/etc/accel-ppp/pppoe/chap-secrets
-{% endif %}
+{% endif -%}
 
 {% if authentication['mode'] == 'radius' %}
 [radius]
@@ -156,14 +156,23 @@ nas-identifier={{authentication['radiusopt']['nas-id']}}
 {% endif %}
 {% if authentication['radiusopt']['nas-ip'] %}
 nas-ip-address={{authentication['radiusopt']['nas-ip']}}
-{% endif %}
+{% endif -%}
 {% if authentication['radiusopt']['dae-srv'] %}
 dae-server={{authentication['radiusopt']['dae-srv']['ip-addr']}}:\
 {{authentication['radiusopt']['dae-srv']['port']}},\
 {{authentication['radiusopt']['dae-srv']['secret']}}
-{% endif %}
+{% endif -%}
 gw-ip-address={{ppp_gw}}
 verbose=1
+
+{% if authentication['radiusopt']['shaper'] %}
+[shaper]
+verbose=1
+attr={{authentication['radiusopt']['shaper']['attr']}}
+{% if authentication['radiusopt']['shaper']['vendor'] %}
+vendor={{authentication['radiusopt']['shaper']['vendor']}}
+{% endif -%}
+{% endif -%}
 {% endif %}
 
 [ppp]
@@ -245,11 +254,16 @@ tcp=127.0.0.1:2001
 
 ### pppoe chap secrets
 chap_secrets_conf = '''
-# username  server  password  acceptable local IP addresses
+# username  server  password  acceptable local IP addresses   shaper
 {% for user in authentication['local-users'] %}
 {% if authentication['local-users'][user]['state'] == 'enabled' %}
+{% if (authentication['local-users'][user]['upload']) and (authentication['local-users'][user]['download']) %}
+{{user}}\t*\t{{authentication['local-users'][user]['passwd']}}\t{{authentication['local-users'][user]['ip']}}\t\
+{{authentication['local-users'][user]['download']}}/{{authentication['local-users'][user]['upload']}}
+{% else %}
 {{user}}\t*\t{{authentication['local-users'][user]['passwd']}}\t{{authentication['local-users'][user]['ip']}}
 {% endif %}
+{% endif %}
 {% endfor %}
 '''
 ###
@@ -389,9 +403,11 @@ def get_config():
         config_data['authentication']['local-users'].update(
           {
             usr : {
-              'passwd' : '',
-              'state'  : 'enabled',
-              'ip'     : '*'
+              'passwd'    : None,
+              'state'     : 'enabled',
+              'ip'        : '*',
+              'upload'    : None,
+              'download'  : None
             }
           }
         )
@@ -401,7 +417,11 @@ def get_config():
           config_data['authentication']['local-users'][usr]['state'] = 'disable'
         if c.exists('authentication local-users username ' + usr + ' static-ip'):
           config_data['authentication']['local-users'][usr]['ip'] = c.return_value('authentication local-users username ' + usr + ' static-ip')
-   
+        if c.exists('authentication local-users username ' + usr + ' rate-limit download'):
+          config_data['authentication']['local-users'][usr]['download'] = c.return_value('authentication local-users username ' + usr + ' rate-limit download')
+        if c.exists('authentication local-users username ' + usr + ' rate-limit upload'):
+          config_data['authentication']['local-users'][usr]['upload'] = c.return_value('authentication local-users username ' + usr + ' rate-limit upload')
+
     ### authentication mode radius servers and settings
 
   if c.exists('authentication mode radius'):
@@ -426,28 +446,42 @@ def get_config():
         }
       )
 
-  #### advanced radius-setting
-      if c.exists('authentication radius-settings'): 
-        if c.exists('authentication radius-settings acct-timeout'):
-          config_data['authentication']['radiusopt']['acct-timeout'] = c.return_value('authentication radius-settings acct-timeout')
-        if c.exists('authentication radius-settings max-try'):
-          config_data['authentication']['radiusopt']['max-try'] = c.return_value('authentication radius-settings max-try') 
-        if c.exists('authentication radius-settings timeout'):
-          config_data['authentication']['radiusopt']['timeout'] = c.return_value('authentication radius-settings timeout')
-        if c.exists('authentication radius-settings nas-identifier'):
-          config_data['authentication']['radiusopt']['nas-id'] = c.return_value('authentication radius-settings nas-identifier')
-        if c.exists('authentication radius-settings nas-ip-address'):
-          config_data['authentication']['radiusopt']['nas-ip'] = c.return_value('authentication radius-settings nas-ip-address')
-        if c.exists('authentication radius-settings dae-server'):
-          config_data['authentication']['radiusopt'].update(
-            {
-              'dae-srv' : {
-                'ip-addr' : c.return_value('authentication radius-settings dae-server ip-address'),
-                'port'    : c.return_value('authentication radius-settings dae-server port'), 
-                'secret'  : str(c.return_value('authentication radius-settings dae-server secret'))
-              }
+    #### advanced radius-setting
+    if c.exists('authentication radius-settings'):
+      if c.exists('authentication radius-settings acct-timeout'):
+        config_data['authentication']['radiusopt']['acct-timeout'] = c.return_value('authentication radius-settings acct-timeout')
+      if c.exists('authentication radius-settings max-try'):
+        config_data['authentication']['radiusopt']['max-try'] = c.return_value('authentication radius-settings max-try')
+      if c.exists('authentication radius-settings timeout'):
+        config_data['authentication']['radiusopt']['timeout'] = c.return_value('authentication radius-settings timeout')
+      if c.exists('authentication radius-settings nas-identifier'):
+        config_data['authentication']['radiusopt']['nas-id'] = c.return_value('authentication radius-settings nas-identifier')
+      if c.exists('authentication radius-settings nas-ip-address'):
+        config_data['authentication']['radiusopt']['nas-ip'] = c.return_value('authentication radius-settings nas-ip-address')
+      if c.exists('authentication radius-settings dae-server'):
+        config_data['authentication']['radiusopt'].update(
+          {
+            'dae-srv' : {
+              'ip-addr' : c.return_value('authentication radius-settings dae-server ip-address'),
+              'port'    : c.return_value('authentication radius-settings dae-server port'),
+              'secret'  : str(c.return_value('authentication radius-settings dae-server secret'))
             }
-          )
+          }
+        )
+      #### filter-id is the internal accel default if attribute is empty
+      #### set here as default for visibility which may change in the future
+      if c.exists('authentication radius-settings rate-limit enable'):
+        if not c.exists('authentication radius-settings rate-limit attribute'):
+          config_data['authentication']['radiusopt']['shaper'] = {
+            'attr'  : 'Filter-Id'
+          }
+        else:
+          config_data['authentication']['radiusopt']['shaper'] = {
+          'attr'  : c.return_value('authentication radius-settings rate-limit attribute')
+          }
+        if c.exists('authentication radius-settings rate-limit vendor'):
+          config_data['authentication']['radiusopt']['shaper']['vendor'] = c.return_value('authentication radius-settings rate-limit vendor')
+
 
   if c.exists('mtu'):
     config_data['mtu'] = c.return_value('mtu')
@@ -496,10 +530,17 @@ def verify(c):
   if c['authentication']['mode'] == 'local':
     if not c['authentication']['local-users']:
       raise ConfigError('pppoe-server authentication local-users required')
-  
+
     for usr in c['authentication']['local-users']:
       if not c['authentication']['local-users'][usr]['passwd']:
         raise ConfigError('user ' + usr + ' requires a password')
+      ### if up/download is set, check that both have a value
+      if c['authentication']['local-users'][usr]['upload']:
+        if not c['authentication']['local-users'][usr]['download']:
+          raise ConfigError('user ' + usr + ' requires download speed value')
+      if c['authentication']['local-users'][usr]['download']:
+        if not c['authentication']['local-users'][usr]['upload']:
+          raise ConfigError('user ' + usr + ' requires upload speed value')
 
   if c['authentication']['mode'] == 'radius':
     if len(c['authentication']['radiussrv']) == 0:
diff --git a/src/conf_mode/igmp_proxy.py b/src/conf_mode/igmp_proxy.py
index b994369af..cd0704124 100755
--- a/src/conf_mode/igmp_proxy.py
+++ b/src/conf_mode/igmp_proxy.py
@@ -20,6 +20,7 @@ import sys
 import os
 import jinja2
 
+from netifaces import interfaces
 from vyos.config import Config
 from vyos import ConfigError
 
@@ -50,17 +51,17 @@ config_tmpl = """
 quickleave
 {% endif -%}
 
-{% for i in interface %}
-# Configuration for {{ i.interface }} ({{ i.role }} interface)
-{% if i.role == 'disabled' -%}
-phyint {{ i.interface }} disabled
+{% for interface in interfaces %}
+# Configuration for {{ interface.name }} ({{ interface.role }} interface)
+{% if interface.role == 'disabled' -%}
+phyint {{ interface.name }} disabled
 {%- else -%}
-phyint {{ i.interface }} {{ i.role }} ratelimit 0 threshold {{ i.threshold }}
+phyint {{ interface.name }} {{ interface.role }} ratelimit 0 threshold {{ interface.threshold }}
 {%- endif -%}
-{%- for subnet in i.alt_subnet %}
+{%- for subnet in interface.alt_subnet %}
         altnet {{ subnet }}
 {%- endfor %}
-{%- for subnet in i.whitelist %}
+{%- for subnet in interface.whitelist %}
         whitelist {{ subnet }}
 {%- endfor %}
 {% endfor %}
@@ -69,7 +70,7 @@ phyint {{ i.interface }} {{ i.role }} ratelimit 0 threshold {{ i.threshold }}
 default_config_data = {
     'disable': False,
     'disable_quickleave': False,
-    'interface': [],
+    'interfaces': [],
 }
 
 def get_config():
@@ -91,7 +92,7 @@ def get_config():
     for intf in conf.list_nodes('interface'):
         conf.set_level('protocols igmp-proxy interface {0}'.format(intf))
         interface = {
-            'interface': intf,
+            'name': intf,
             'alt_subnet': [],
             'role': 'downstream',
             'threshold': '1',
@@ -111,7 +112,7 @@ def get_config():
             interface['whitelist'] = conf.return_values('whitelist')
 
         # Append interface configuration to global configuration list
-        igmp_proxy['interface'].append(interface)
+        igmp_proxy['interfaces'].append(interface)
 
     return igmp_proxy
 
@@ -125,12 +126,14 @@ def verify(igmp_proxy):
         return None
 
     # at least two interfaces are required, one upstream and one downstream
-    if len(igmp_proxy['interface']) < 2:
+    if len(igmp_proxy['interfaces']) < 2:
         raise ConfigError('Must define an upstream and at least 1 downstream interface!')
 
     upstream = 0
-    for i in igmp_proxy['interface']:
-        if "upstream" == i['role']:
+    for interface in igmp_proxy['interfaces']:
+        if interface['name'] not in interfaces():
+            raise ConfigError('Interface "{}" does not exist'.format(interface['name']))
+        if "upstream" == interface['role']:
             upstream += 1
 
     if upstream == 0:
diff --git a/src/conf_mode/vrrp.py b/src/conf_mode/vrrp.py
index a08493309..04bce9d39 100755
--- a/src/conf_mode/vrrp.py
+++ b/src/conf_mode/vrrp.py
@@ -27,7 +27,7 @@ import vyos.keepalived
 
 from vyos import ConfigError
 
-
+daemon_file = "/etc/default/keepalived"
 config_file = "/etc/keepalived/keepalived.conf"
 
 config_tmpl = """
@@ -136,6 +136,14 @@ vrrp_sync_group {{ sync_group.name }} {
 
 """
 
+daemon_tmpl = """
+# Autogenerated by VyOS
+# Options to pass to keepalived
+
+# DAEMON_ARGS are appended to the keepalived command-line
+DAEMON_ARGS="--snmp"
+"""
+
 def get_config():
     vrrp_groups = []
     sync_groups = []
@@ -304,9 +312,12 @@ def generate(data):
 
     tmpl = jinja2.Template(config_tmpl)
     config_text = tmpl.render({"groups": vrrp_groups, "sync_groups": sync_groups})
-    
     with open(config_file, 'w') as f:
         f.write(config_text)
+
+    with open(daemon_file, 'w') as f:
+        f.write(daemon_tmpl)
+
     return None
 
 def apply(data):
author	Daniil Baturin <daniil@vyos.io>	2020-03-09 19:24:00 +0200
committer	Daniil Baturin <daniil@vyos.io>	2020-03-09 19:24:00 +0200
commit	806b944f62e675484a114f69be1fc80c1ec76337 (patch)
tree	fc9266a837a38c38dcfb79230727aed26a310aee /src/conf_mode
parent	f4000627dac973e1a2a001f8de2430cbd6a69e03 (diff)
parent	6b4fb1820e740e6c7d63d7aba94fb2e0c7f5eded (diff)
download	vyos-1x-806b944f62e675484a114f69be1fc80c1ec76337.tar.gz vyos-1x-806b944f62e675484a114f69be1fc80c1ec76337.zip