diff options
-rw-r--r-- | data/templates/pmacct/override.conf.tmpl (renamed from src/etc/systemd/system/uacctd.service.d/override.conf) | 5 | ||||
-rw-r--r-- | data/templates/pmacct/uacctd.conf.tmpl (renamed from data/templates/netflow/uacctd.conf.tmpl) | 10 | ||||
-rw-r--r-- | interface-definitions/flow-accounting-conf.xml.in | 1 | ||||
-rw-r--r-- | interface-definitions/vpn_ipsec.xml.in | 4 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_system_flow-accounting.py | 5 | ||||
-rwxr-xr-x | src/conf_mode/flow_accounting_conf.py | 14 |
6 files changed, 26 insertions, 13 deletions
diff --git a/src/etc/systemd/system/uacctd.service.d/override.conf b/data/templates/pmacct/override.conf.tmpl index 38bcce515..216927666 100644 --- a/src/etc/systemd/system/uacctd.service.d/override.conf +++ b/data/templates/pmacct/override.conf.tmpl @@ -1,3 +1,4 @@ +{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} [Unit] After= After=vyos-router.service @@ -7,8 +8,10 @@ ConditionPathExists=/run/pmacct/uacctd.conf [Service] EnvironmentFile= ExecStart= -ExecStart=/usr/sbin/uacctd -f /run/pmacct/uacctd.conf +ExecStart={{vrf_command}}/usr/sbin/uacctd -f /run/pmacct/uacctd.conf WorkingDirectory= WorkingDirectory=/run/pmacct PIDFile= PIDFile=/run/pmacct/uacctd.pid +Restart=always +RestartSec=10 diff --git a/data/templates/netflow/uacctd.conf.tmpl b/data/templates/pmacct/uacctd.conf.tmpl index f81002dc1..b58f7c796 100644 --- a/data/templates/netflow/uacctd.conf.tmpl +++ b/data/templates/pmacct/uacctd.conf.tmpl @@ -19,19 +19,19 @@ imt_mem_pools_number: 169 {% endif %} {% set plugin = [] %} -{% if disable_imt is not defined %} -{% set plugin = ['memory'] %} -{% endif %} {% if netflow is defined and netflow.server is defined and netflow.server is not none %} {% for server in netflow.server %} -{% set plugin = plugin.append('nfprobe[nf_' ~ server ~ ']') %} +{% set _ = plugin.append('nfprobe[nf_' ~ server ~ ']') %} {% endfor %} {% endif %} {% if sflow is defined and sflow.server is defined and sflow.server is not none %} {% for server in sflow.server %} -{% set plugin = plugin.append('sfprobe[sf_' ~ server ~ ']') %} +{% set _ = plugin.append('sfprobe[sf_' ~ server ~ ']') %} {% endfor %} {% endif %} +{% if disable_imt is not defined %} +{% set _ = plugin.append('memory') %} +{% endif %} plugins: {{ plugin | join(',') }} {% if netflow is defined and netflow.server is defined and netflow.server is not none %} diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in index 05cf5e170..133e45c72 100644 --- a/interface-definitions/flow-accounting-conf.xml.in +++ b/interface-definitions/flow-accounting-conf.xml.in @@ -431,6 +431,7 @@ #include <include/source-address-ipv4-ipv6.xml.i> </children> </node> + #include <include/interface/vrf.xml.i> </children> </node> </children> diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 885bac979..0ad69c637 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -879,11 +879,11 @@ <properties> <help>Local IPv4 or IPv6 pool prefix exclusions</help> <valueHelp> - <format>ipv4</format> + <format>ipv4net</format> <description>Local IPv4 pool prefix exclusion</description> </valueHelp> <valueHelp> - <format>ipv6</format> + <format>ipv6net</format> <description>Local IPv6 pool prefix exclusion</description> </valueHelp> <constraint> diff --git a/smoketest/scripts/cli/test_system_flow-accounting.py b/smoketest/scripts/cli/test_system_flow-accounting.py index 857df1be6..84f17bcb0 100755 --- a/smoketest/scripts/cli/test_system_flow-accounting.py +++ b/smoketest/scripts/cli/test_system_flow-accounting.py @@ -39,6 +39,9 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase): cls.cli_delete(cls, base_path) def tearDown(self): + # after service removal process must no longer run + self.assertTrue(process_named_running(PROCESS_NAME)) + self.cli_delete(base_path) self.cli_commit() @@ -213,9 +216,9 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase): uacctd = read_file(uacctd_conf) tmp = [] - tmp.append('memory') for server, server_config in netflow_server.items(): tmp.append(f'nfprobe[nf_{server}]') + tmp.append('memory') self.assertIn('plugins: ' + ','.join(tmp), uacctd) for server, server_config in netflow_server.items(): diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py index 975f19acf..25bf54790 100755 --- a/src/conf_mode/flow_accounting_conf.py +++ b/src/conf_mode/flow_accounting_conf.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2021 VyOS maintainers and contributors +# Copyright (C) 2018-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -27,6 +27,7 @@ from vyos.configdict import dict_merge from vyos.ifconfig import Section from vyos.ifconfig import Interface from vyos.template import render +from vyos.util import call from vyos.util import cmd from vyos.validate import is_addr_assigned from vyos.xml import defaults @@ -35,6 +36,8 @@ from vyos import airbag airbag.enable() uacctd_conf_path = '/run/pmacct/uacctd.conf' +systemd_service = 'uacctd.service' +systemd_override = f'/etc/systemd/system/{systemd_service}.d/override.conf' nftables_nflog_table = 'raw' nftables_nflog_chain = 'VYOS_CT_PREROUTING_HOOK' egress_nftables_nflog_table = 'inet mangle' @@ -236,7 +239,10 @@ def generate(flow_config): if not flow_config: return None - render(uacctd_conf_path, 'netflow/uacctd.conf.tmpl', flow_config) + render(uacctd_conf_path, 'pmacct/uacctd.conf.tmpl', flow_config) + render(systemd_override, 'pmacct/override.conf.tmpl', flow_config) + # Reload systemd manager configuration + call('systemctl daemon-reload') def apply(flow_config): action = 'restart' @@ -246,13 +252,13 @@ def apply(flow_config): _nftables_config([], 'egress') # Stop flow-accounting daemon and remove configuration file - cmd('systemctl stop uacctd.service') + call(f'systemctl stop {systemd_service}') if os.path.exists(uacctd_conf_path): os.unlink(uacctd_conf_path) return # Start/reload flow-accounting daemon - cmd(f'systemctl restart uacctd.service') + call(f'systemctl restart {systemd_service}') # configure nftables rules for defined interfaces if 'interface' in flow_config: |