summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--data/templates/dhcp-server/10-override.conf.j2 (renamed from src/systemd/isc-dhcp-server.service)8
-rw-r--r--data/templates/load-balancing/haproxy.cfg.j26
-rwxr-xr-xsrc/conf_mode/dhcp_server.py5
-rwxr-xr-xsrc/helpers/vyos-save-config.py5
-rwxr-xr-xsrc/migration-scripts/system/13-to-142
-rw-r--r--src/pam-configs/radius3
6 files changed, 22 insertions, 7 deletions
diff --git a/src/systemd/isc-dhcp-server.service b/data/templates/dhcp-server/10-override.conf.j2
index a7d86e69c..1504b6808 100644
--- a/src/systemd/isc-dhcp-server.service
+++ b/data/templates/dhcp-server/10-override.conf.j2
@@ -1,22 +1,28 @@
+### Autogenerated by dhcp_server.py ###
+{% set lease_file = '/config/dhcpd.leases' %}
[Unit]
Description=ISC DHCP IPv4 server
Documentation=man:dhcpd(8)
RequiresMountsFor=/run
+ConditionPathExists=
ConditionPathExists=/run/dhcp-server/dhcpd.conf
+After=
After=vyos-router.service
[Service]
Type=forking
+WorkingDirectory=
WorkingDirectory=/run/dhcp-server
RuntimeDirectory=dhcp-server
RuntimeDirectoryPreserve=yes
-Environment=PID_FILE=/run/dhcp-server/dhcpd.pid CONFIG_FILE=/run/dhcp-server/dhcpd.conf LEASE_FILE=/config/dhcpd.leases
+Environment=PID_FILE=/run/dhcp-server/dhcpd.pid CONFIG_FILE=/run/dhcp-server/dhcpd.conf LEASE_FILE={{ lease_file }}
PIDFile=/run/dhcp-server/dhcpd.pid
ExecStartPre=/bin/sh -ec '\
touch ${LEASE_FILE}; \
chown dhcpd:vyattacfg ${LEASE_FILE}* ; \
chmod 664 ${LEASE_FILE}* ; \
/usr/sbin/dhcpd -4 -t -T -q -user dhcpd -group vyattacfg -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} '
+ExecStart=
ExecStart=/usr/sbin/dhcpd -4 -q -user dhcpd -group vyattacfg -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE}
Restart=always
diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2
index f8e1587f8..0a40e1ecf 100644
--- a/data/templates/load-balancing/haproxy.cfg.j2
+++ b/data/templates/load-balancing/haproxy.cfg.j2
@@ -150,13 +150,13 @@ backend {{ back }}
{% endfor %}
{% endif %}
{% if back_config.timeout.check is vyos_defined %}
- timeout check {{ back_config.timeout.check }}
+ timeout check {{ back_config.timeout.check }}s
{% endif %}
{% if back_config.timeout.connect is vyos_defined %}
- timeout connect {{ back_config.timeout.connect }}
+ timeout connect {{ back_config.timeout.connect }}s
{% endif %}
{% if back_config.timeout.server is vyos_defined %}
- timeout server {{ back_config.timeout.server }}
+ timeout server {{ back_config.timeout.server }}s
{% endif %}
{% endfor %}
diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py
index c4c72aae9..ac7d95632 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/dhcp_server.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2018-2022 VyOS maintainers and contributors
+# Copyright (C) 2018-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -34,6 +34,7 @@ from vyos import airbag
airbag.enable()
config_file = '/run/dhcp-server/dhcpd.conf'
+systemd_override = r'/run/systemd/system/isc-dhcp-server.service.d/10-override.conf'
def dhcp_slice_range(exclude_list, range_dict):
"""
@@ -295,6 +296,7 @@ def generate(dhcp):
# render the "real" configuration
render(config_file, 'dhcp-server/dhcpd.conf.j2', dhcp,
formater=lambda _: _.replace(""", '"'))
+ render(systemd_override, 'dhcp-server/10-override.conf.j2', dhcp)
# Clean up configuration test file
if os.path.exists(tmp_file):
@@ -303,6 +305,7 @@ def generate(dhcp):
return None
def apply(dhcp):
+ call('systemctl daemon-reload')
# bail out early - looks like removal from running config
if not dhcp or 'disable' in dhcp:
call('systemctl stop isc-dhcp-server.service')
diff --git a/src/helpers/vyos-save-config.py b/src/helpers/vyos-save-config.py
index 2812155e8..8af4a7916 100755
--- a/src/helpers/vyos-save-config.py
+++ b/src/helpers/vyos-save-config.py
@@ -44,7 +44,10 @@ ct = config.get_config_tree(effective=True)
write_file = save_file if remote_save is None else NamedTemporaryFile(delete=False).name
with open(write_file, 'w') as f:
- f.write(ct.to_string())
+ # config_tree is None before boot configuration is complete;
+ # automated saves should check boot_configuration_complete
+ if ct is not None:
+ f.write(ct.to_string())
f.write("\n")
f.write(system_footer())
diff --git a/src/migration-scripts/system/13-to-14 b/src/migration-scripts/system/13-to-14
index 1fa781869..5b781158b 100755
--- a/src/migration-scripts/system/13-to-14
+++ b/src/migration-scripts/system/13-to-14
@@ -34,7 +34,7 @@ else:
# retrieve all valid timezones
try:
- tz_datas = cmd('find /usr/share/zoneinfo/posix -type f -or -type l | sed -e s:/usr/share/zoneinfo/posix/::')
+ tz_datas = cmd('timedatectl list-timezones')
except OSError:
tz_datas = ''
tz_data = tz_datas.split('\n')
diff --git a/src/pam-configs/radius b/src/pam-configs/radius
index 08247f77c..eee9cb93e 100644
--- a/src/pam-configs/radius
+++ b/src/pam-configs/radius
@@ -3,15 +3,18 @@ Default: no
Priority: 257
Auth-Type: Primary
Auth:
+ [default=ignore success=2] pam_succeed_if.so service = sudo
[default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet
[authinfo_unavail=ignore success=end default=ignore] pam_radius_auth.so
Account-Type: Primary
Account:
+ [default=ignore success=2] pam_succeed_if.so service = sudo
[default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet
[authinfo_unavail=ignore success=end perm_denied=bad default=ignore] pam_radius_auth.so
Session-Type: Additional
Session:
+ [default=ignore success=2] pam_succeed_if.so service = sudo
[default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet
[authinfo_unavail=ignore success=ok default=ignore] pam_radius_auth.so