Merge branch 'current' into equuleus

4 files changed, 205 insertions, 12 deletions

diff --git a/src/migration-scripts/dns-forwarding/0-to-1 b/src/migration-scripts/dns-forwarding/0-to-1
new file mode 100755
index 000000000..6e8720eef
--- /dev/null
+++ b/src/migration-scripts/dns-forwarding/0-to-1
@@ -0,0 +1,50 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# This migration script will check if there is a allow-from directive configured
+# for the dns forwarding service - if not, the node will be created with the old
+# default values of 0.0.0.0/0 and ::/0
+
+import sys
+from vyos.configtree import ConfigTree
+
+if (len(sys.argv) < 1):
+    print("Must specify file name!")
+    sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+config = ConfigTree(config_file)
+
+base = ['service', 'dns', 'forwarding']
+if not config.exists(base):
+    # Nothing to do
+    sys.exit(0)
+else:
+    if not config.exists(base + ['allow-from']):
+        config.set(base + ['allow-from'], value='0.0.0.0/0', replace=False)
+        config.set(base + ['allow-from'], value='::/0', replace=False)
+
+    try:
+        with open(file_name, 'w') as f:
+            f.write(config.to_string())
+    except OSError as e:
+        print("Failed to save the modified config: {}".format(e))
+        sys.exit(1)
diff --git a/src/migration-scripts/dns-forwarding/1-to-2 b/src/migration-scripts/dns-forwarding/1-to-2
new file mode 100755
index 000000000..31ba5573f
--- /dev/null
+++ b/src/migration-scripts/dns-forwarding/1-to-2
@@ -0,0 +1,78 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# This migration script will remove the deprecated 'listen-on' statement
+# from the dns forwarding service and will add the corresponding 
+# listen-address nodes instead. This is required as PowerDNS can only listen
+# on interface addresses and not on interface names.
+
+import sys
+
+from ipaddress import ip_interface
+from vyos.configtree import ConfigTree
+from vyos.interfaces import get_type_of_interface
+
+if (len(sys.argv) < 1):
+    print("Must specify file name!")
+    sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+config = ConfigTree(config_file)
+
+base = ['service', 'dns', 'forwarding']
+if not config.exists(base):
+    # Nothing to do
+    sys.exit(0)
+else:
+    if config.exists(base + ['listen-on']):
+        listen_intf = config.return_values(base + ['listen-on'])
+        # Delete node with abandoned command
+        config.delete(base + ['listen-on'])
+
+        # retrieve interface addresses for every configured listen-on interface
+        listen_addr = []
+        for intf in listen_intf:
+            # we need to treat vif and vif-s interfaces differently,
+            # both "real interfaces" use dots for vlan identifiers - those
+            # need to be exchanged with vif and vif-s identifiers
+            if intf.count('.') == 1:
+                # this is a regular VLAN interface
+                intf = intf.split('.')[0] + ' vif ' + intf.split('.')[1]
+            elif intf.count('.') == 2:
+                # this is a QinQ VLAN interface
+                intf = intf.split('.')[0] + ' vif-s ' + intf.split('.')[1] + ' vif-c ' +  intf.split('.')[2]
+
+            path = ['interfaces', get_type_of_interface(intf), intf, 'address']
+
+            # retrieve corresponding interface addresses in CIDR format
+            # those need to be converted in pure IP addresses without network information
+            for addr in config.return_values(path):
+                listen_addr.append( ip_interface(addr).ip )
+
+        for addr in listen_addr:
+            config.set(base + ['listen-address'], value=addr, replace=False)
+
+    try:
+        with open(file_name, 'w') as f:
+            f.write(config.to_string())
+    except OSError as e:
+        print("Failed to save the modified config: {}".format(e))
+        sys.exit(1)
diff --git a/src/migration-scripts/interfaces/0-to-1 b/src/migration-scripts/interfaces/0-to-1
index 38f2bd8f5..96e18b5d5 100755
--- a/src/migration-scripts/interfaces/0-to-1
+++ b/src/migration-scripts/interfaces/0-to-1
@@ -30,20 +30,22 @@ else:
     #
     for br in config.list_nodes(base):
         # STP: check if enabled
-        stp_val = config.return_value(base + [br, 'stp'])
-        # STP: delete node with old syntax
-        config.delete(base + [br, 'stp'])
-        # STP: set new node - if enabled
-        if stp_val == "true":
-            config.set(base + [br, 'stp'], value=None)
+        if config.exists(base + [br, 'stp']):
+            stp_val = config.return_value(base + [br, 'stp'])
+            # STP: delete node with old syntax
+            config.delete(base + [br, 'stp'])
+            # STP: set new node - if enabled
+            if stp_val == "true":
+                config.set(base + [br, 'stp'], value=None)
 
         # igmp-snooping: check if enabled
-        igmp_val = config.return_value(base + [br, 'igmp-snooping', 'querier'])
-        # igmp-snooping: delete node with old syntax
-        config.delete(base + [br, 'igmp-snooping', 'querier'])
-        # igmp-snooping: set new node - if enabled
-        if igmp_val == "enable":
-            config.set(base + [br, 'igmp', 'querier'], value=None)
+        if config.exists(base + [br, 'igmp-snooping', 'querier']):
+            igmp_val = config.return_value(base + [br, 'igmp-snooping', 'querier'])
+            # igmp-snooping: delete node with old syntax
+            config.delete(base + [br, 'igmp-snooping', 'querier'])
+            # igmp-snooping: set new node - if enabled
+            if igmp_val == "enable":
+                config.set(base + [br, 'igmp', 'querier'], value=None)
 
     #
     # move interface based bridge-group to actual bridge (de-nest)
diff --git a/src/migration-scripts/interfaces/1-to-2 b/src/migration-scripts/interfaces/1-to-2
new file mode 100755
index 000000000..050137318
--- /dev/null
+++ b/src/migration-scripts/interfaces/1-to-2
@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+
+# Change syntax of bond interface
+# - move interface based bond-group to actual bond (de-nest)
+# https://phabricator.vyos.net/T1614
+
+import sys
+from vyos.configtree import ConfigTree
+
+if (len(sys.argv) < 1):
+    print("Must specify file name!")
+    sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+config = ConfigTree(config_file)
+base = ['interfaces', 'bonding']
+
+if not config.exists(base):
+    # Nothing to do
+    sys.exit(0)
+else:
+    #
+    # move interface based bond-group to actual bond (de-nest)
+    #
+    for intf in config.list_nodes(['interfaces', 'ethernet']):
+        # check if bond-group exists
+        if config.exists(['interfaces', 'ethernet', intf, 'bond-group']):
+            # get configured bond interface
+            bond = config.return_value(['interfaces', 'ethernet', intf, 'bond-group'])
+            # delete old interface asigned (nested) bond group
+            config.delete(['interfaces', 'ethernet', intf, 'bond-group'])
+            # create new bond member interface
+            config.set(base + [bond, 'member', 'interface'], value=intf, replace=False)
+
+    #
+    # some combinations were allowed in the past from a CLI perspective
+    # but the kernel overwrote them - remove from CLI to not confuse the users.
+    # In addition new consitency checks are in place so users can't repeat the
+    # mistake. One of those nice issues is https://phabricator.vyos.net/T532
+    for bond in config.list_nodes(base):
+        if config.exists(base + [bond, 'arp-monitor', 'interval']) and config.exists(base + [bond, 'mode']):
+            mode = config.return_value(base + [bond, 'mode'])
+            if mode in ['802.3ad', 'transmit-load-balance', 'adaptive-load-balance']:
+                intvl = int(config.return_value(base + [bond, 'arp-monitor', 'interval']))
+                if intvl > 0:
+                    # this is not allowed and the linux kernel replies with:
+                    # option arp_interval: mode dependency failed, not supported in mode 802.3ad(4)
+                    # option arp_interval: mode dependency failed, not supported in mode balance-alb(6)
+                    # option arp_interval: mode dependency failed, not supported in mode balance-tlb(5)
+                    #
+                    # so we simply disable arp_interval by setting it to 0 and miimon will take care about the link
+                    config.set(base + [bond, 'arp-monitor', 'interval'], value='0')
+
+    try:
+        with open(file_name, 'w') as f:
+            f.write(config.to_string())
+    except OSError as e:
+        print("Failed to save the modified config: {}".format(e))
+        sys.exit(1)