diff options
| -rw-r--r-- | interface-definitions/container.xml.in | 36 | ||||
| -rw-r--r-- | interface-definitions/dns-domain-name.xml.in | 2 | ||||
| -rw-r--r-- | interface-definitions/include/constraint/host-name.xml.in | 3 | ||||
| -rw-r--r-- | python/vyos/configdiff.py | 31 | ||||
| -rwxr-xr-x | src/conf_mode/container.py | 33 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-tunnel.py | 4 | ||||
| -rwxr-xr-x | src/op_mode/show_openvpn.py | 27 |
7 files changed, 115 insertions, 21 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in index 1c971b58a..91fb4dba0 100644 --- a/interface-definitions/container.xml.in +++ b/interface-definitions/container.xml.in @@ -104,11 +104,47 @@ </leafNode> </children> </tagNode> + <leafNode name="entrypoint"> + <properties> + <help>Override the default ENTRYPOINT from the image</help> + <constraint> + <regex>[ !#-%&(-~]+</regex> + </constraint> + <constraintErrorMessage>Entrypoint must be ascii characters, use &quot; and &apos for double and single quotes respectively</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="host-name"> + <properties> + <help>Container host name</help> + <constraint> + #include <include/constraint/host-name.xml.in> + </constraint> + <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage> + </properties> + </leafNode> <leafNode name="image"> <properties> <help>Image name in the hub-registry</help> </properties> </leafNode> + <leafNode name="command"> + <properties> + <help>Override the default CMD from the image</help> + <constraint> + <regex>[ !#-%&(-~]+</regex> + </constraint> + <constraintErrorMessage>Command must be ascii characters, use &quot; and &apos for double and single quotes respectively</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="arguments"> + <properties> + <help>The command's arguments for this container</help> + <constraint> + <regex>[ !#-%&(-~]+</regex> + </constraint> + <constraintErrorMessage>The command's arguments must be ascii characters, use &quot; and &apos for double and single quotes respectively</constraintErrorMessage> + </properties> + </leafNode> <leafNode name="memory"> <properties> <help>Memory (RAM) available to this container (default: 512)</help> diff --git a/interface-definitions/dns-domain-name.xml.in b/interface-definitions/dns-domain-name.xml.in index a599a75cc..d77c94898 100644 --- a/interface-definitions/dns-domain-name.xml.in +++ b/interface-definitions/dns-domain-name.xml.in @@ -33,7 +33,7 @@ <properties> <help>System host name (default: vyos)</help> <constraint> - <regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]</regex> + #include <include/constraint/host-name.xml.in> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/constraint/host-name.xml.in b/interface-definitions/include/constraint/host-name.xml.in new file mode 100644 index 000000000..202c200f4 --- /dev/null +++ b/interface-definitions/include/constraint/host-name.xml.in @@ -0,0 +1,3 @@ +<!-- include start from constraint/host-name.xml.in -->
+<regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]</regex>
+<!-- include end -->
diff --git a/python/vyos/configdiff.py b/python/vyos/configdiff.py index 81932e6d0..4dfade36d 100644 --- a/python/vyos/configdiff.py +++ b/python/vyos/configdiff.py @@ -76,23 +76,34 @@ def get_config_diff(config, key_mangling=None): isinstance(key_mangling[1], str)): raise ValueError("key_mangling must be a tuple of two strings") - diff_t = DiffTree(config._running_config, config._session_config) + if hasattr(config, 'cached_diff_tree'): + diff_t = getattr(config, 'cached_diff_tree') + else: + diff_t = DiffTree(config._running_config, config._session_config) + setattr(config, 'cached_diff_tree', diff_t) - return ConfigDiff(config, key_mangling, diff_tree=diff_t) + if hasattr(config, 'cached_diff_dict'): + diff_d = getattr(config, 'cached_diff_dict') + else: + diff_d = diff_t.dict + setattr(config, 'cached_diff_dict', diff_d) + + return ConfigDiff(config, key_mangling, diff_tree=diff_t, + diff_dict=diff_d) class ConfigDiff(object): """ The class of config changes as represented by comparison between the session config dict and the effective config dict. """ - def __init__(self, config, key_mangling=None, diff_tree=None): + def __init__(self, config, key_mangling=None, diff_tree=None, diff_dict=None): self._level = config.get_level() self._session_config_dict = config.get_cached_root_dict(effective=False) self._effective_config_dict = config.get_cached_root_dict(effective=True) self._key_mangling = key_mangling self._diff_tree = diff_tree - self._diff_dict = diff_tree.dict if diff_tree else {} + self._diff_dict = diff_dict # mirrored from Config; allow path arguments relative to level def _make_path(self, path): @@ -179,9 +190,9 @@ class ConfigDiff(object): if self._diff_tree is None: raise NotImplementedError("diff_tree class not available") else: - add = get_sub_dict(self._diff_tree.dict, ['add'], get_first_key=True) - sub = get_sub_dict(self._diff_tree.dict, ['sub'], get_first_key=True) - inter = get_sub_dict(self._diff_tree.dict, ['inter'], get_first_key=True) + add = get_sub_dict(self._diff_dict, ['add'], get_first_key=True) + sub = get_sub_dict(self._diff_dict, ['sub'], get_first_key=True) + inter = get_sub_dict(self._diff_dict, ['inter'], get_first_key=True) ret = {} ret[enum_to_key(Diff.MERGE)] = session_dict ret[enum_to_key(Diff.DELETE)] = get_sub_dict(sub, self._make_path(path), @@ -254,9 +265,9 @@ class ConfigDiff(object): if self._diff_tree is None: raise NotImplementedError("diff_tree class not available") else: - add = get_sub_dict(self._diff_tree.dict, ['add'], get_first_key=True) - sub = get_sub_dict(self._diff_tree.dict, ['sub'], get_first_key=True) - inter = get_sub_dict(self._diff_tree.dict, ['inter'], get_first_key=True) + add = get_sub_dict(self._diff_dict, ['add'], get_first_key=True) + sub = get_sub_dict(self._diff_dict, ['sub'], get_first_key=True) + inter = get_sub_dict(self._diff_dict, ['inter'], get_first_key=True) ret = {} ret[enum_to_key(Diff.MERGE)] = session_dict ret[enum_to_key(Diff.DELETE)] = get_sub_dict(sub, self._make_path(path)) diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py index 90e5f84f2..10e9e9213 100755 --- a/src/conf_mode/container.py +++ b/src/conf_mode/container.py @@ -256,6 +256,11 @@ def generate_run_arguments(name, container_config): for k, v in container_config['environment'].items(): env_opt += f" --env \"{k}={v['value']}\"" + hostname = '' + if 'host_name' in container_config: + hostname = container_config['host_name'] + hostname = f'--hostname {hostname}' + # Publish ports port = '' if 'port' in container_config: @@ -277,10 +282,29 @@ def generate_run_arguments(name, container_config): container_base_cmd = f'--detach --interactive --tty --replace {cap_add} ' \ f'--memory {memory}m --shm-size {shared_memory}m --memory-swap 0 --restart {restart} ' \ - f'--name {name} {device} {port} {volume} {env_opt}' + f'--name {name} {hostname} {device} {port} {volume} {env_opt}' + + entrypoint = '' + if 'entrypoint' in container_config: + # it needs to be json-formatted with single quote on the outside + entrypoint = json_write(container_config['entrypoint'].split()).replace('"', """) + entrypoint = f'--entrypoint '{entrypoint}'' + + hostname = '' + if 'host_name' in container_config: + hostname = container_config['host_name'] + hostname = f'--hostname {hostname}' + + command = '' + if 'command' in container_config: + command = container_config['command'].strip() + + command_arguments = '' + if 'arguments' in container_config: + command_arguments = container_config['arguments'].strip() if 'allow_host_networks' in container_config: - return f'{container_base_cmd} --net host {image}' + return f'{container_base_cmd} --net host {entrypoint} {image} {command} {command_arguments}'.strip() ip_param = '' networks = ",".join(container_config['network']) @@ -289,7 +313,7 @@ def generate_run_arguments(name, container_config): address = container_config['network'][network]['address'] ip_param = f'--ip {address}' - return f'{container_base_cmd} --net {networks} {ip_param} {image}' + return f'{container_base_cmd} --net {networks} {ip_param} {entrypoint} {image} {command} {command_arguments}'.strip() def generate(container): # bail out early - looks like removal from running config @@ -341,7 +365,8 @@ def generate(container): file_path = os.path.join(systemd_unit_path, f'vyos-container-{name}.service') run_args = generate_run_arguments(name, container_config) - render(file_path, 'container/systemd-unit.j2', {'name': name, 'run_args': run_args}) + render(file_path, 'container/systemd-unit.j2', {'name': name, 'run_args': run_args,}, + formater=lambda _: _.replace(""", '"').replace("'", "'")) return None diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py index 3bfc7d665..681caff8e 100755 --- a/src/conf_mode/interfaces-tunnel.py +++ b/src/conf_mode/interfaces-tunnel.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2022 yOS maintainers and contributors +# Copyright (C) 2018-2023 yOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -115,7 +115,7 @@ def verify(tunnel): if our_key != None: if their_address == our_address and their_key == our_key: raise ConfigError(f'Key "{our_key}" for source-address "{our_address}" ' \ - f'is already used for tunnel "{tunnel_if}"!') + f'is already used for tunnel "{o_tunnel}"!') else: our_source_if = dict_search('source_interface', tunnel) their_source_if = dict_search('source_interface', o_tunnel_conf) diff --git a/src/op_mode/show_openvpn.py b/src/op_mode/show_openvpn.py index f7b99cc0d..e29e594a5 100755 --- a/src/op_mode/show_openvpn.py +++ b/src/op_mode/show_openvpn.py @@ -26,10 +26,10 @@ outp_tmpl = """ {% if clients %} OpenVPN status on {{ intf }} -Client CN Remote Host Local Host TX bytes RX bytes Connected Since ---------- ----------- ---------- -------- -------- --------------- +Client CN Remote Host Tunnel IP Local Host TX bytes RX bytes Connected Since +--------- ----------- --------- ---------- -------- -------- --------------- {% for c in clients %} -{{ "%-15s"|format(c.name) }} {{ "%-21s"|format(c.remote) }} {{ "%-21s"|format(local) }} {{ "%-9s"|format(c.tx_bytes) }} {{ "%-9s"|format(c.rx_bytes) }} {{ c.online_since }} +{{ "%-15s"|format(c.name) }} {{ "%-21s"|format(c.remote) }} {{ "%-15s"|format(c.tunnel) }} {{ "%-21s"|format(local) }} {{ "%-9s"|format(c.tx_bytes) }} {{ "%-9s"|format(c.rx_bytes) }} {{ c.online_since }} {% endfor %} {% endif %} """ @@ -50,6 +50,23 @@ def bytes2HR(size): output="{0:.1f} {1}".format(size, suff[suffIdx]) return output +def get_vpn_tunnel_address(peer, interface): + lst = [] + status_file = '/var/run/openvpn/{}.status'.format(interface) + + with open(status_file, 'r') as f: + lines = f.readlines() + for line in lines: + if peer in line: + lst.append(line) + + # filter out subnet entries + lst = [l for l in lst[1:] if '/' not in l.split(',')[0]] + + tunnel_ip = lst[0].split(',')[0] + + return tunnel_ip + def get_status(mode, interface): status_file = '/var/run/openvpn/{}.status'.format(interface) # this is an empirical value - I assume we have no more then 999999 @@ -110,7 +127,7 @@ def get_status(mode, interface): 'tx_bytes': bytes2HR(line.split(',')[3]), 'online_since': line.split(',')[4] } - + client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface) data['clients'].append(client) continue else: @@ -173,5 +190,7 @@ if __name__ == '__main__': if len(remote_host) >= 1: client['remote'] = str(remote_host[0]) + ':' + remote_port + client['tunnel'] = 'N/A' + tmpl = jinja2.Template(outp_tmpl) print(tmpl.render(data)) |