diff options
Diffstat (limited to 'python/vyos')
| -rw-r--r-- | python/vyos/airbag.py | 77 | ||||
| -rw-r--r-- | python/vyos/configdict.py | 362 | ||||
| -rw-r--r-- | python/vyos/configsession.py | 8 | ||||
| -rw-r--r-- | python/vyos/configtree.py | 6 | ||||
| -rw-r--r-- | python/vyos/debug.py | 21 | ||||
| -rw-r--r-- | python/vyos/ifconfig/dhcp.py | 129 | ||||
| -rw-r--r-- | python/vyos/ifconfig/ethernet.py | 5 | ||||
| -rw-r--r-- | python/vyos/ifconfig/geneve.py | 2 | ||||
| -rw-r--r-- | python/vyos/ifconfig/interface.py | 166 | ||||
| -rw-r--r-- | python/vyos/ifconfig/macvlan.py | 47 | ||||
| -rw-r--r-- | python/vyos/ifconfig/tunnel.py | 36 | ||||
| -rw-r--r-- | python/vyos/ifconfig/vlan.py | 40 | ||||
| -rw-r--r-- | python/vyos/ifconfig/vrrp.py | 2 | ||||
| -rw-r--r-- | python/vyos/ifconfig/vxlan.py | 3 | ||||
| -rw-r--r-- | python/vyos/ifconfig/wireguard.py | 5 | ||||
| -rw-r--r-- | python/vyos/ifconfig/wireless.py | 3 | ||||
| -rw-r--r-- | python/vyos/ifconfig_vlan.py | 8 | ||||
| -rw-r--r-- | python/vyos/logger.py | 143 | ||||
| -rw-r--r-- | python/vyos/remote.py | 9 | ||||
| -rw-r--r-- | python/vyos/template.py | 10 | ||||
| -rw-r--r-- | python/vyos/util.py | 149 | ||||
| -rw-r--r-- | python/vyos/validate.py | 28 | ||||
| -rw-r--r-- | python/vyos/version.py | 66 |
23 files changed, 889 insertions, 436 deletions
diff --git a/python/vyos/airbag.py b/python/vyos/airbag.py index b0565192d..b7838d8a2 100644 --- a/python/vyos/airbag.py +++ b/python/vyos/airbag.py @@ -13,22 +13,30 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see <http://www.gnu.org/licenses/>. -import os import sys -import logging -import logging.handlers from datetime import datetime from vyos import debug from vyos.config import Config +from vyos.logger import syslog from vyos.version import get_version -from vyos.util import run - +from vyos.version import get_full_version_data # we allow to disable the extra logging DISABLE = False +_noteworthy = [] + +def noteworthy(msg): + """ + noteworthy can be use to take note things which we may not want to + report to the user may but be worth including in bug report + if something goes wrong later on + """ + _noteworthy.append(msg) + + # emulate a file object class _IO(object): def __init__(self, std, log): @@ -59,12 +67,19 @@ def bug_report(dtype, value, trace): sys.stdout.flush() sys.stderr.flush() - information = { + information = get_full_version_data() + trace = '\n'.join(format_exception(dtype, value, trace)).replace('\n\n','\n') + note = '' + if _noteworthy: + note = 'noteworthy:\n' + note += '\n'.join(_noteworthy) + + information.update({ 'date': datetime.now().strftime('%Y-%m-%d %H:%M:%S'), - 'version': get_version(), - 'trace': format_exception(dtype, value, trace), + 'trace': trace, 'instructions': COMMUNITY if 'rolling' in get_version() else SUPPORTED, - } + 'note': note, + }) sys.stdout.write(INTRO.format(**information)) sys.stdout.flush() @@ -82,19 +97,14 @@ def intercepter(dtype, value, trace): pdb.pm() -def InterceptingLogger(address, _singleton=[False]): +def InterceptingLogger(_singleton=[False]): skip = _singleton.pop() _singleton.append(True) if skip: return - logger = logging.getLogger('VyOS') - logger.setLevel(logging.DEBUG) - handler = logging.handlers.SysLogHandler(address='/dev/log', facility='syslog') - logger.addHandler(handler) - # log to syslog any message sent to stderr - sys.stderr = _IO(sys.stderr, logger.critical) + sys.stderr = _IO(sys.stderr, syslog.critical) # lists as default arguments in function is normally dangerous @@ -124,29 +134,46 @@ except: # running testing so we are checking that we are on the router # as otherwise it prevents dpkg-buildpackage to work if get_version() and insession: - InterceptingLogger('/run/systemd/journal/dev-log') + InterceptingLogger() InterceptingException(intercepter) # Messages to print +# if the key before the value has not time, syslog takes that as the source of the message FAULT = """\ -Date: {date} -VyOS image: {version} +Report Time: {date} +Image Version: VyOS {version} +Release Train: {release_train} + +Built by: {built_by} +Built on: {built_on} +Build UUID: {build_uuid} +Build Commit ID: {build_git} + +Architecture: {system_arch} +Boot via: {boot_via} +System type: {system_type} + +Hardware vendor: {hardware_vendor} +Hardware model: {hardware_model} +Hardware S/N: {hardware_serial} +Hardware UUID: {hardware_uuid} {trace} +{note} """ INTRO = """\ VyOS had an issue completing a command. -We are sorry that you encountered a problem with VyOS. +We are sorry that you encountered a problem while using VyOS. There are a few things you can do to help us (and yourself): {instructions} -PLEASE, when reporting, do include as much information as you can: -- do not obfuscate any data (feel free to send us a private communication with - the extra information if your business policy is strict on information sharing) +When reporting problems, please include as much information as possible: +- do not obfuscate any data (feel free to contact us privately if your + business policy requires it) - and include all the information presented below """ @@ -163,6 +190,8 @@ COMMUNITY = """\ SUPPORTED = """\ - Make sure you are running the latest stable version of VyOS the code is available at https://downloads.vyos.io/?dir=release/current -- Contact us on our online help desk +- Contact us using the online help desk https://support.vyos.io/ +- Join our community on slack where our users exchange help and advice + https://vyos.slack.com """.strip() diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 24fe174d2..e1b704a31 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -18,7 +18,12 @@ A library for retrieving value dicts from VyOS configs in a declarative fashion. """ +from enum import Enum +from copy import deepcopy + from vyos import ConfigError +from vyos.ifconfig import Interface + def retrieve_config(path_hash, base_path, config): """ @@ -98,171 +103,338 @@ def get_ethertype(ethertype_val): raise ConfigError('invalid ethertype "{}"'.format(ethertype_val)) -def vlan_to_dict(conf): +vlan_default = { + 'address': [], + 'address_remove': [], + 'description': '', + 'dhcp_client_id': '', + 'dhcp_hostname': '', + 'dhcp_vendor_class_id': '', + 'dhcpv6_prm_only': False, + 'dhcpv6_temporary': False, + 'disable': False, + 'disable_link_detect': 1, + 'egress_qos': '', + 'egress_qos_changed': False, + 'ip_disable_arp_filter': 1, + 'ip_enable_arp_accept': 0, + 'ip_enable_arp_announce': 0, + 'ip_enable_arp_ignore': 0, + 'ip_proxy_arp': 0, + 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': [], + 'ipv6_eui64_prefix_remove': [], + 'ipv6_forwarding': 1, + 'ipv6_dup_addr_detect': 1, + 'ingress_qos': '', + 'ingress_qos_changed': False, + 'mac': '', + 'mtu': 1500, + 'vif_c': [], + 'vif_c_remove': [], + 'vrf': '' +} + +# see: https://docs.python.org/3/library/enum.html#functional-api +disable = Enum('disable','none was now both') + +def disable_state(conf, check=[3,5,7]): + """ + return if and how a particual section of the configuration is has disable'd + using "disable" including if it was disabled by one of its parent. + + check: a list of the level we should check, here 7,5 and 3 + interfaces ethernet eth1 vif-s 1 vif-c 2 disable + interfaces ethernet eth1 vif 1 disable + interfaces ethernet eth1 disable + + it returns an enum (none, was, now, both) + """ + + # save where we are in the config + current_level = conf.get_level() + + # logic to figure out if the interface (or one of it parent is disabled) + eff_disable = False + act_disable = False + + levels = check[:] + working_level = current_level[:] + + while levels: + position = len(working_level) + if not position: + break + if position not in levels: + working_level = working_level[:-1] + continue + + levels.remove(position) + conf.set_level(working_level) + working_level = working_level[:-1] + + eff_disable = eff_disable or conf.exists_effective('disable') + act_disable = act_disable or conf.exists('disable') + + conf.set_level(current_level) + + # how the disabling changed + if eff_disable and act_disable: + return disable.both + if eff_disable and not eff_disable: + return disable.was + if not eff_disable and act_disable: + return disable.now + return disable.none + + +def intf_to_dict(conf, default): """ Common used function which will extract VLAN related information from config and represent the result as Python dictionary. Function call's itself recursively if a vif-s/vif-c pair is detected. """ - vlan = { - 'id': conf.get_level()[-1], # get the '100' in 'interfaces bonding bond0 vif-s 100' - 'address': [], - 'address_remove': [], - 'description': '', - 'dhcp_client_id': '', - 'dhcp_hostname': '', - 'dhcp_vendor_class_id': '', - 'dhcpv6_prm_only': False, - 'dhcpv6_temporary': False, - 'disable': False, - 'disable_link_detect': 1, - 'egress_qos': '', - 'egress_qos_changed': False, - 'ip_disable_arp_filter': 1, - 'ip_enable_arp_accept': 0, - 'ip_enable_arp_announce': 0, - 'ip_enable_arp_ignore': 0, - 'ip_proxy_arp': 0, - 'ipv6_autoconf': 0, - 'ipv6_forwarding': 1, - 'ipv6_dup_addr_detect': 1, - 'ingress_qos': '', - 'ingress_qos_changed': False, - 'mac': '', - 'mtu': 1500, - 'vrf': '' - } + + intf = deepcopy(default) + # retrieve configured interface addresses if conf.exists('address'): - vlan['address'] = conf.return_values('address') - - # Determine interface addresses (currently effective) - to determine which - # address is no longer valid and needs to be removed from the bond - eff_addr = conf.return_effective_values('address') - act_addr = conf.return_values('address') - vlan['address_remove'] = list_diff(eff_addr, act_addr) + intf['address'] = conf.return_values('address') # retrieve interface description if conf.exists('description'): - vlan['description'] = conf.return_value('description') + intf['description'] = conf.return_value('description') # get DHCP client identifier if conf.exists('dhcp-options client-id'): - vlan['dhcp_client_id'] = conf.return_value('dhcp-options client-id') + intf['dhcp_client_id'] = conf.return_value('dhcp-options client-id') # DHCP client host name (overrides the system host name) if conf.exists('dhcp-options host-name'): - vlan['dhcp_hostname'] = conf.return_value('dhcp-options host-name') + intf['dhcp_hostname'] = conf.return_value('dhcp-options host-name') # DHCP client vendor identifier if conf.exists('dhcp-options vendor-class-id'): - vlan['dhcp_vendor_class_id'] = conf.return_value('dhcp-options vendor-class-id') + intf['dhcp_vendor_class_id'] = conf.return_value( + 'dhcp-options vendor-class-id') # DHCPv6 only acquire config parameters, no address if conf.exists('dhcpv6-options parameters-only'): - vlan['dhcpv6_prm_only'] = True + intf['dhcpv6_prm_only'] = True # DHCPv6 temporary IPv6 address if conf.exists('dhcpv6-options temporary'): - vlan['dhcpv6_temporary'] = True + intf['dhcpv6_temporary'] = True # ignore link state changes if conf.exists('disable-link-detect'): - vlan['disable_link_detect'] = 2 - - # disable VLAN interface - if conf.exists('disable'): - vlan['disable'] = True + intf['disable_link_detect'] = 2 # ARP filter configuration if conf.exists('ip disable-arp-filter'): - vlan['ip_disable_arp_filter'] = 0 + intf['ip_disable_arp_filter'] = 0 # ARP enable accept if conf.exists('ip enable-arp-accept'): - vlan['ip_enable_arp_accept'] = 1 + intf['ip_enable_arp_accept'] = 1 # ARP enable announce if conf.exists('ip enable-arp-announce'): - vlan['ip_enable_arp_announce'] = 1 + intf['ip_enable_arp_announce'] = 1 # ARP enable ignore if conf.exists('ip enable-arp-ignore'): - vlan['ip_enable_arp_ignore'] = 1 + intf['ip_enable_arp_ignore'] = 1 # Enable Proxy ARP if conf.exists('ip enable-proxy-arp'): - vlan['ip_proxy_arp'] = 1 + intf['ip_proxy_arp'] = 1 # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) if conf.exists('ipv6 address autoconf'): - vlan['ipv6_autoconf'] = 1 + intf['ipv6_autoconf'] = 1 + + # Get prefixes for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + intf['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64') # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): - vlan['ipv6_forwarding'] = 0 - - # IPv6 Duplicate Address Detection (DAD) tries - if conf.exists('ipv6 dup-addr-detect-transmits'): - vlan['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) + intf['ipv6_forwarding'] = 0 # Media Access Control (MAC) address if conf.exists('mac'): - vlan['mac'] = conf.return_value('mac') + intf['mac'] = conf.return_value('mac') + + # IPv6 Duplicate Address Detection (DAD) tries + if conf.exists('ipv6 dup-addr-detect-transmits'): + intf['ipv6_dup_addr_detect'] = int( + conf.return_value('ipv6 dup-addr-detect-transmits')) # Maximum Transmission Unit (MTU) if conf.exists('mtu'): - vlan['mtu'] = int(conf.return_value('mtu')) + intf['mtu'] = int(conf.return_value('mtu')) # retrieve VRF instance if conf.exists('vrf'): - vlan['vrf'] = conf.return_value('vrf') + intf['vrf'] = conf.return_value('vrf') - # VLAN egress QoS + # egress QoS if conf.exists('egress-qos'): - vlan['egress_qos'] = conf.return_value('egress-qos') + intf['egress_qos'] = conf.return_value('egress-qos') # egress changes QoS require VLAN interface recreation if conf.return_effective_value('egress-qos'): - if vlan['egress_qos'] != conf.return_effective_value('egress-qos'): - vlan['egress_qos_changed'] = True + if intf['egress_qos'] != conf.return_effective_value('egress-qos'): + intf['egress_qos_changed'] = True - # VLAN ingress QoS + # ingress QoS if conf.exists('ingress-qos'): - vlan['ingress_qos'] = conf.return_value('ingress-qos') + intf['ingress_qos'] = conf.return_value('ingress-qos') # ingress changes QoS require VLAN interface recreation if conf.return_effective_value('ingress-qos'): - if vlan['ingress_qos'] != conf.return_effective_value('ingress-qos'): - vlan['ingress_qos_changed'] = True + if intf['ingress_qos'] != conf.return_effective_value('ingress-qos'): + intf['ingress_qos_changed'] = True - # ethertype is mandatory on vif-s nodes and only exists here! - # check if this is a vif-s node at all: - if conf.get_level()[-2] == 'vif-s': - vlan['vif_c'] = [] - vlan['vif_c_remove'] = [] - - # ethertype uses a default of 0x88A8 - tmp = '0x88A8' - if conf.exists('ethertype'): - tmp = conf.return_value('ethertype') - vlan['ethertype'] = get_ethertype(tmp) - - # get vif-c interfaces (currently effective) - to determine which vif-c + disabled = disable_state(conf) + + # Get the interface IPs + eff_addr = conf.return_effective_values('address') + act_addr = conf.return_values('address') + + # Get prefixes for IPv6 addressing based on MAC address (EUI-64) + eff_eui = conf.return_effective_values('ipv6 address eui64') + act_eui = conf.return_values('ipv6 address eui64') + + # Determine what should stay or be removed + if disabled == disable.both: + # was and is still disabled + intf['disable'] = True + intf['address'] = [] + intf['address_remove'] = [] + intf['ipv6_eui64_prefix'] = [] + intf['ipv6_eui64_prefix_remove'] = [] + elif disabled == disable.now: + # it is now disable but was not before + intf['disable'] = True + intf['address'] = [] + intf['address_remove'] = eff_addr + intf['ipv6_eui64_prefix'] = [] + intf['ipv6_eui64_prefix_remove'] = eff_eui + elif disabled == disable.was: + # it was disable but not anymore + intf['disable'] = False + intf['address'] = act_addr + intf['address_remove'] = [] + intf['ipv6_eui64_prefix'] = act_eui + intf['ipv6_eui64_prefix_remove'] = [] + else: + # normal change + intf['disable'] = False + intf['address'] = act_addr + intf['address_remove'] = list_diff(eff_addr, act_addr) + intf['ipv6_eui64_prefix'] = act_eui + intf['ipv6_eui64_prefix_remove'] = list_diff(eff_eui, act_eui) + + # Remove the default link-local address if set. + if conf.exists('ipv6 address no-default-link-local'): + intf['ipv6_eui64_prefix_remove'].append('fe80::/64') + else: + # add the link-local by default to make IPv6 work + intf['ipv6_eui64_prefix'].append('fe80::/64') + + # Find out if MAC has changed + try: + interface = Interface(intf['intf'], create=False) + if intf['mac'] and intf['mac'] != interface.get_mac(): + intf['ipv6_eui64_prefix_remove'] += intf['ipv6_eui64_prefix'] + except Exception: + # If the interface does not exists, it can not have changed + pass + + return intf, disable + + + +def add_to_dict(conf, disabled, ifdict, section, key): + """ + parse a section of vif/vif-s/vif-c and add them to the dict + follow the convention to: + * use the "key" for what to add + * use the "key" what what to remove + + conf: is the Config() already at the level we need to parse + disabled: is a disable enum so we know how to handle to data + intf: if the interface dictionary + section: is the section name to parse (vif/vif-s/vif-c) + key: is the dict key to use (vif/vifs/vifc) + """ + + if not conf.exists(section): + return ifdict + + effect = conf.list_effective_nodes(section) + active = conf.list_nodes(section) + + # the section to parse for vlan + sections = [] + + # Determine interface addresses (currently effective) - to determine which + # address is no longer valid and needs to be removed from the bond + if disabled == disable.both: + # was and is still disabled + ifdict[f'{key}_remove'] = [] + elif disabled == disable.now: + # it is now disable but was not before + ifdict[f'{key}_remove'] = effect + elif disabled == disable.was: + # it was disable but not anymore + ifdict[f'{key}_remove'] = [] + sections = active + else: + # normal change + # get vif-s interfaces (currently effective) - to determine which vif-s # interface is no longer present and needs to be removed - eff_intf = conf.list_effective_nodes('vif-c') - act_intf = conf.list_nodes('vif-c') - vlan['vif_c_remove'] = list_diff(eff_intf, act_intf) - - # check if there is a Q-in-Q vlan customer interface - # and call this function recursively - if conf.exists('vif-c'): - cfg_level = conf.get_level() - # add new key (vif-c) to dictionary - for vif in conf.list_nodes('vif-c'): - # set config level to vif interface - conf.set_level(cfg_level + ['vif-c', vif]) - vlan['vif_c'].append(vlan_to_dict(conf)) + ifdict[f'{key}_remove'] = list_diff(effect, active) + sections = active + + current_level = conf.get_level() + + # add each section, the key must already exists + for s in sections: + # set config level to vif interface + conf.set_level(current_level + [section, s]) + ifdict[f'{key}'].append(vlan_to_dict(conf)) + + # re-set configuration level to leave things as found + conf.set_level(current_level) + + return ifdict + + +def vlan_to_dict(conf, default=vlan_default): + vlan, disabled = intf_to_dict(conf, default) + # get the '100' in 'interfaces bonding bond0 vif-s 100 + vlan['id'] = conf.get_level()[-1] + + current_level = conf.get_level() + + # if this is a not within vif-s node, we are done + if current_level[-2] != 'vif-s': + return vlan + + # ethertype is mandatory on vif-s nodes and only exists here! + # ethertype uses a default of 0x88A8 + tmp = '0x88A8' + if conf.exists('ethertype'): + tmp = conf.return_value('ethertype') + vlan['ethertype'] = get_ethertype(tmp) + + # check if there is a Q-in-Q vlan customer interface + # and call this function recursively + + add_to_dict(conf, disable, vlan, 'vif-c', 'vif_c') return vlan diff --git a/python/vyos/configsession.py b/python/vyos/configsession.py index aaf08e726..f2524b37e 100644 --- a/python/vyos/configsession.py +++ b/python/vyos/configsession.py @@ -181,11 +181,11 @@ class ConfigSession(object): out = self.__run_command(REMOVE_IMAGE + [name]) return out - def generate(self, cmd): - out = self.__run_command(GENERATE + cmd.split()) + def generate(self, path): + out = self.__run_command(GENERATE + path) return out - def show(self, cmd): - out = self.__run_command(SHOW + cmd.split()) + def show(self, path): + out = self.__run_command(SHOW + path) return out diff --git a/python/vyos/configtree.py b/python/vyos/configtree.py index a0b0eb3c1..d8ffaca99 100644 --- a/python/vyos/configtree.py +++ b/python/vyos/configtree.py @@ -10,7 +10,7 @@ # See the GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License along with this library; -# if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA import re import json @@ -200,7 +200,7 @@ class ConfigTree(object): raise ConfigTreeError() res = self.__rename(self.__config, path_str, newname_str) if (res != 0): - raise ConfigTreeError("Path [{}] doesn't exist".format(oldpath)) + raise ConfigTreeError("Path [{}] doesn't exist".format(path)) def copy(self, old_path, new_path): check_path(old_path) @@ -213,7 +213,7 @@ class ConfigTree(object): raise ConfigTreeError() res = self.__copy(self.__config, oldpath_str, newpath_str) if (res != 0): - raise ConfigTreeError("Path [{}] doesn't exist".format(oldpath)) + raise ConfigTreeError("Path [{}] doesn't exist".format(old_path)) def exists(self, path): check_path(path) diff --git a/python/vyos/debug.py b/python/vyos/debug.py index 20090fb85..1a042cbb4 100644 --- a/python/vyos/debug.py +++ b/python/vyos/debug.py @@ -41,8 +41,9 @@ def message(message, flag='', destination=sys.stdout): try: # at boot the file is created as root:vyattacfg # at runtime the file is created as user:vyattacfg - # the default permission are 644 - mask = os.umask(0o113) + # but the helper scripts are not run as this so it + # need the default permission to be 666 (an not 660) + mask = os.umask(0o111) with open(logfile, 'a') as f: f.write(_format('log', message)) @@ -133,7 +134,7 @@ def _contentenv(flag): return os.environ.get(f'VYOS_{flag.upper()}_DEBUG', '').strip() -def _contentfile(flag): +def _contentfile(flag, default=''): """ Check if debug exist for a given debug flag name @@ -153,7 +154,8 @@ def _contentfile(flag): if not os.path.isfile(flagfile): continue with open(flagfile) as f: - return f.readline().strip() + content = f.readline().strip() + return content or default return '' @@ -166,7 +168,7 @@ def _logfile(flag, default): """ # For log we return the location of the log file - log_location = _contentenv(flag) or _contentfile(flag) + log_location = _contentenv(flag) or _contentfile(flag, default) # it was not set if not log_location: @@ -177,6 +179,15 @@ def _logfile(flag, default): not log_location.startswith('/config/') and \ not log_location.startswith('/var/log/'): return default + # Do not allow to escape the folders if '..' in log_location: return default + + if not os.path.exists(log_location): + return log_location + + # this permission is unique the the config and var folder + stat = os.stat(log_location).st_mode + if stat != 0o100666: + return default return log_location diff --git a/python/vyos/ifconfig/dhcp.py b/python/vyos/ifconfig/dhcp.py index d4ff9c2cd..bf6566c07 100644 --- a/python/vyos/ifconfig/dhcp.py +++ b/python/vyos/ifconfig/dhcp.py @@ -19,28 +19,20 @@ from vyos.dicts import FixedDict from vyos.ifconfig.control import Control from vyos.template import render +config_base = r'/var/lib/dhcp/dhclient_' -class _DHCP (Control): - client_base = r'/var/lib/dhcp/dhclient_' - - def __init__(self, ifname, version, **kargs): - super().__init__(**kargs) - self.version = version - self.file = { - 'ifname': ifname, - 'conf': self.client_base + ifname + '.' + version + 'conf', - 'pid': self.client_base + ifname + '.' + version + 'pid', - 'lease': self.client_base + ifname + '.' + version + 'leases', - } - -class _DHCPv4 (_DHCP): +class _DHCPv4 (Control): def __init__(self, ifname): - super().__init__(ifname, '') + super().__init__() self.options = FixedDict(**{ 'ifname': ifname, 'hostname': '', 'client_id': '', - 'vendor_class_id': '' + 'vendor_class_id': '', + 'conf_file': config_base + f'{ifname}.conf', + 'options_file': config_base + f'{ifname}.options', + 'pid_file': config_base + f'{ifname}.pid', + 'lease_file': config_base + f'{ifname}.leases', }) # replace dhcpv4/v6 with systemd.networkd? @@ -55,25 +47,16 @@ class _DHCPv4 (_DHCP): >>> j = Interface('eth0') >>> j.dhcp.v4.set() """ - if not self.options['hostname']: # read configured system hostname. # maybe change to vyos hostd client ??? with open('/etc/hostname', 'r') as f: self.options['hostname'] = f.read().rstrip('\n') - render(self.file['conf'], 'dhcp-client/ipv4.tmpl' ,self.options) + render(self.options['options_file'], 'dhcp-client/daemon-options.tmpl', self.options) + render(self.options['conf_file'], 'dhcp-client/ipv4.tmpl', self.options) - cmd = 'start-stop-daemon' - cmd += ' --start' - cmd += ' --oknodo' - cmd += ' --quiet' - cmd += ' --pidfile {pid}' - cmd += ' --exec /sbin/dhclient' - cmd += ' --' - # now pass arguments to dhclient binary - cmd += ' -4 -nw -cf {conf} -pf {pid} -lf {lease} {ifname}' - return self._cmd(cmd.format(**self.file)) + return self._cmd('systemctl restart dhclient@{ifname}.service'.format(**self.options)) def delete(self): """ @@ -86,44 +69,29 @@ class _DHCPv4 (_DHCP): >>> j = Interface('eth0') >>> j.dhcp.v4.delete() """ - if not os.path.isfile(self.file['pid']): + if not os.path.isfile(self.options['pid_file']): self._debug_msg('No DHCP client PID found') return None - # with open(self.file['pid'], 'r') as f: - # pid = int(f.read()) - - # stop dhclient, we need to call dhclient and tell it should release the - # aquired IP address. tcpdump tells me: - # 172.16.35.103.68 > 172.16.35.254.67: [bad udp cksum 0xa0cb -> 0xb943!] BOOTP/DHCP, Request from 00:50:56:9d:11:df, length 300, xid 0x620e6946, Flags [none] (0x0000) - # Client-IP 172.16.35.103 - # Client-Ethernet-Address 00:50:56:9d:11:df - # Vendor-rfc1048 Extensions - # Magic Cookie 0x63825363 - # DHCP-Message Option 53, length 1: Release - # Server-ID Option 54, length 4: 172.16.35.254 - # Hostname Option 12, length 10: "vyos" - # - cmd = '/sbin/dhclient -cf {conf} -pf {pid} -lf {lease} -r {ifname}' - self._cmd(cmd.format(**self.file)) + self._cmd('systemctl stop dhclient@{ifname}.service'.format(**self.options)) # cleanup old config files - for name in ('conf', 'pid', 'lease'): - if os.path.isfile(self.file[name]): - os.remove(self.file[name]) + for name in ('conf_file', 'options_file', 'pid_file', 'lease_file'): + if os.path.isfile(self.options[name]): + os.remove(self.options[name]) - -class _DHCPv6 (_DHCP): +class _DHCPv6 (Control): def __init__(self, ifname): - super().__init__(ifname, 'v6') + super().__init__() self.options = FixedDict(**{ 'ifname': ifname, + 'conf_file': config_base + f'v6_{ifname}.conf', + 'options_file': config_base + f'v6_{ifname}.options', + 'pid_file': config_base + f'v6_{ifname}.pid', + 'lease_file': config_base + f'v6_{ifname}.leases', 'dhcpv6_prm_only': False, 'dhcpv6_temporary': False, }) - self.file.update({ - 'accept_ra': f'/proc/sys/net/ipv6/conf/{ifname}/accept_ra', - }) def set(self): """ @@ -134,7 +102,7 @@ class _DHCPv6 (_DHCP): >>> from vyos.ifconfig import Interface >>> j = Interface('eth0') - >>> j.set_dhcpv6() + >>> j.dhcp.v6.set() """ # better save then sorry .. should be checked in interface script @@ -143,29 +111,13 @@ class _DHCPv6 (_DHCP): raise Exception( 'DHCPv6 temporary and parameters-only options are mutually exclusive!') - render(self.file['conf'], 'dhcp-client/ipv6.tmpl', self.options) + render(self.options['options_file'], 'dhcp-client/daemon-options.tmpl', self.options) + render(self.options['conf_file'], 'dhcp-client/ipv6.tmpl', self.options) # no longer accept router announcements on this interface - self._write_sysfs(self.file['accept_ra'], 0) - - # assemble command-line to start DHCPv6 client (dhclient) - cmd = 'start-stop-daemon' - cmd += ' --start' - cmd += ' --oknodo' - cmd += ' --quiet' - cmd += ' --pidfile {pid}' - cmd += ' --exec /sbin/dhclient' - cmd += ' --' - # now pass arguments to dhclient binary - cmd += ' -6 -nw -cf {conf} -pf {pid} -lf {lease}' - # add optional arguments - if self.options['dhcpv6_prm_only']: - cmd += ' -S' - if self.options['dhcpv6_temporary']: - cmd += ' -T' - cmd += ' {ifname}' - - return self._cmd(cmd.format(**self.file)) + self._write_sysfs('/proc/sys/net/ipv6/conf/{ifname}/accept_ra'.format(**self.options), 0) + + return self._cmd('systemctl restart dhclient6@{ifname}.service'.format(**self.options)) def delete(self): """ @@ -176,33 +128,24 @@ class _DHCPv6 (_DHCP): >>> from vyos.ifconfig import Interface >>> j = Interface('eth0') - >>> j.del_dhcpv6() + >>> j.dhcp.v6.delete() """ - if not os.path.isfile(self.file['pid']): + if not os.path.isfile(self.options['pid_file']): self._debug_msg('No DHCPv6 client PID found') return None - # with open(self.file['pid'], 'r') as f: - # pid = int(f.read()) - - # stop dhclient - cmd = 'start-stop-daemon' - cmd += ' --start' - cmd += ' --oknodo' - cmd += ' --quiet' - cmd += ' --pidfile {pid}' - self._cmd(cmd.format(**self.file)) + self._cmd('systemctl stop dhclient6@{ifname}.service'.format(**self.options)) # accept router announcements on this interface - self._write_sysfs(self.options['accept_ra'], 1) + self._write_sysfs('/proc/sys/net/ipv6/conf/{ifname}/accept_ra'.format(**self.options), 1) # cleanup old config files - for name in ('conf', 'pid', 'lease'): - if os.path.isfile(self.file[name]): - os.remove(self.file[name]) + for name in ('conf_file', 'options_file', 'pid_file', 'lease_file'): + if os.path.isfile(self.options[name]): + os.remove(self.options[name]) -class DHCP (object): +class DHCP(object): def __init__(self, ifname): self.v4 = _DHCPv4(ifname) self.v6 = _DHCPv6(ifname) diff --git a/python/vyos/ifconfig/ethernet.py b/python/vyos/ifconfig/ethernet.py index 542de4f59..5b18926c9 100644 --- a/python/vyos/ifconfig/ethernet.py +++ b/python/vyos/ifconfig/ethernet.py @@ -40,6 +40,7 @@ class EthernetIf(Interface): 'bondable': True, 'broadcast': True, 'bridgeable': True, + 'eternal': '(lan|eth|eno|ens|enp|enx)[0-9]+$', } } @@ -76,10 +77,6 @@ class EthernetIf(Interface): }, }} - def _delete(self): - # Ethernet interfaces can not be removed - pass - def get_driver_name(self): """ Return the driver name used by NIC. Some NICs don't support all diff --git a/python/vyos/ifconfig/geneve.py b/python/vyos/ifconfig/geneve.py index 0c1cdade9..145dc268c 100644 --- a/python/vyos/ifconfig/geneve.py +++ b/python/vyos/ifconfig/geneve.py @@ -35,6 +35,8 @@ class GeneveIf(Interface): 'vni': 0, 'remote': '', } + options = Interface.options + \ + ['vni', 'remote'] definition = { **Interface.definition, **{ diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 32ce1a80c..de5ca369f 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -1,4 +1,4 @@ -# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2020 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -14,6 +14,7 @@ # License along with this library. If not, see <http://www.gnu.org/licenses/>. import os +import re import json from copy import deepcopy @@ -49,7 +50,7 @@ class Interface(Control): # WireGuard to modify their display behaviour OperationalClass = Operational - options = [] + options = ['debug', 'create',] required = [] default = { 'type': '', @@ -63,6 +64,7 @@ class Interface(Control): 'bondable': False, 'broadcast': False, 'bridgeable': False, + 'eternal': '', } _command_get = { @@ -217,7 +219,7 @@ class Interface(Control): else: raise Exception('interface "{}" not found'.format(self.config['ifname'])) - # list of assigned IP addresses + # temporary list of assigned IP addresses self._addr = [] self.operational = self.OperationalClass(ifname) @@ -238,39 +240,21 @@ class Interface(Control): >>> i = Interface('eth0') >>> i.remove() """ - # stop DHCP(v6) if running - self.dhcp.v4.delete() - self.dhcp.v6.delete() # remove all assigned IP addresses from interface - this is a bit redundant # as the kernel will remove all addresses on interface deletion, but we # can not delete ALL interfaces, see below - for addr in self.get_addr(): - self.del_addr(addr) + self.flush_addrs() # --------------------------------------------------------------------- - # A code refactoring is required as this type check is present as - # Interface implement behaviour for one of it's sub-class. - - # It is required as the current pattern for vlan is: - # Interface('name').remove() to delete an interface - # The code should be modified to have a class method called connect and - # have Interface.connect('name').remove() + # Any class can define an eternal regex in its definition + # interface matching the regex will not be deleted - # each subclass should register within Interface the pattern for that - # interface ie: (ethX, etc.) and use this to create an instance of - # the right class (EthernetIf, ...) - - # Ethernet interfaces can not be removed - - # Commented out as nowhere in the code do we call Interface() - # This would also cause an import loop - # if self.__class__ == EthernetIf: - # return - - # --------------------------------------------------------------------- - - self._delete() + eternal = self.definition['eternal'] + if not eternal: + self._delete() + elif not re.match(eternal, self.ifname): + self._delete() def _delete(self): # NOTE (Improvement): @@ -431,39 +415,28 @@ class Interface(Control): """ return self.set_interface('ipv6_autoconf', autoconf) - def set_ipv6_eui64_address(self, prefix): + def add_ipv6_eui64_address(self, prefix): """ Extended Unique Identifier (EUI), as per RFC2373, allows a host to - assign iteslf a unique IPv6 address based on a given IPv6 prefix. + assign itself a unique IPv6 address based on a given IPv6 prefix. - If prefix is passed address is assigned, if prefix is '' address is - removed from interface. + Calculate the EUI64 from the interface's MAC, then assign it + with the given prefix to the interface. """ - # if prefix is an empty string convert it to None so mac2eui64 works - # as expected - if not prefix: - prefix = None eui64 = mac2eui64(self.get_mac(), prefix) + prefixlen = prefix.split('/')[1] + self.add_addr(f'{eui64}/{prefixlen}') - if not prefix: - # if prefix is empty - thus removed - we need to walk through all - # interface IPv6 addresses and find the one with the calculated - # EUI-64 identifier. The address is then removed - for addr in self.get_addr(): - addr_wo_prefix = addr.split('/')[0] - if is_ipv6(addr_wo_prefix): - if eui64 in IPv6Address(addr_wo_prefix).exploded: - self.del_addr(addr) - - return None + def del_ipv6_eui64_address(self, prefix): + """ + Delete the address based on the interface's MAC-based EUI64 + combined with the prefix address. + """ + eui64 = mac2eui64(self.get_mac(), prefix) + prefixlen = prefix.split('/')[1] + self.del_addr(f'{eui64}/{prefixlen}') - # calculate and add EUI-64 IPv6 address - if IPv6Network(prefix): - # we also need to take the subnet length into account - prefix = prefix.split('/')[1] - eui64 = f'{eui64}/{prefix}' - self.add_addr(eui64 ) def set_ipv6_forwarding(self, forwarding): """ @@ -644,7 +617,8 @@ class Interface(Control): def add_addr(self, addr): """ Add IP(v6) address to interface. Address is only added if it is not - already assigned to that interface. + already assigned to that interface. Address format must be validated + and compressed/normalized before calling this function. addr: can be an IPv4 address, IPv6 address, dhcp or dhcpv6! IPv4: add IPv4 address to interface @@ -652,6 +626,7 @@ class Interface(Control): dhcp: start dhclient (IPv4) on interface dhcpv6: start dhclient (IPv6) on interface + Returns False if address is already assigned and wasn't re-added. Example: >>> from vyos.ifconfig import Interface >>> j = Interface('eth0') @@ -660,32 +635,44 @@ class Interface(Control): >>> j.get_addr() ['192.0.2.1/24', '2001:db8::ffff/64'] """ + # XXX: normalize/compress with ipaddress if calling functions don't? + # is subnet mask always passed, and in the same way? - # cache new IP address which is assigned to interface - self._addr.append(addr) + # we can't have both DHCP and static IPv4 addresses assigned + for a in self._addr: + if ( ( addr == 'dhcp' and a != 'dhcpv6' and is_ipv4(a) ) or + ( a == 'dhcp' and addr != 'dhcpv6' and is_ipv4(addr) ) ): + raise ConfigError(( + "Can't configure both static IPv4 and DHCP address " + "on the same interface")) - # we can not have both DHCP and static IPv4 addresses assigned to an interface - if 'dhcp' in self._addr: - for addr in self._addr: - # do not change below 'if' ordering esle you will get an exception as: - # ValueError: 'dhcp' does not appear to be an IPv4 or IPv6 address - if addr != 'dhcp' and is_ipv4(addr): - raise ConfigError( - "Can't configure both static IPv4 and DHCP address on the same interface") + # do not add same address twice + if addr in self._addr: + return False + # add to interface if addr == 'dhcp': + self._addr.append(addr) self.dhcp.v4.set() - elif addr == 'dhcpv6': + return True + + if addr == 'dhcpv6': + self._addr.append(addr) self.dhcp.v6.set() - else: - if not is_intf_addr_assigned(self.config['ifname'], addr): - cmd = 'ip addr add "{}" dev "{}"'.format(addr, self.config['ifname']) - return self._cmd(cmd) + return True + + if not is_intf_addr_assigned(self.ifname, addr): + self._addr.append(addr) + self._cmd(f'ip addr add "{addr}" dev "{self.ifname}"') + return True + + return False def del_addr(self, addr): """ - Delete IP(v6) address to interface. Address is only added if it is - assigned to that interface. + Delete IP(v6) address from interface. Address is only deleted if it is + assigned to that interface. Address format must be exactly the same as + was used when adding the address. addr: can be an IPv4 address, IPv6 address, dhcp or dhcpv6! IPv4: delete IPv4 address from interface @@ -693,6 +680,7 @@ class Interface(Control): dhcp: stop dhclient (IPv4) on interface dhcpv6: stop dhclient (IPv6) on interface + Returns False if address isn't already assigned and wasn't deleted. Example: >>> from vyos.ifconfig import Interface >>> j = Interface('eth0') @@ -704,11 +692,35 @@ class Interface(Control): >>> j.get_addr() ['2001:db8::ffff/64'] """ + + # remove from cache (dhcp, and dhcpv6 can not be in it) + if addr in self._addr: + self._addr.remove(addr) + + # remove from interface if addr == 'dhcp': self.dhcp.v4.delete() - elif addr == 'dhcpv6': + return True + + if addr == 'dhcpv6': self.dhcp.v6.delete() - else: - if is_intf_addr_assigned(self.config['ifname'], addr): - cmd = 'ip addr del "{}" dev "{}"'.format(addr, self.config['ifname']) - return self._cmd(cmd) + return True + + if is_intf_addr_assigned(self.ifname, addr): + self._cmd(f'ip addr del "{addr}" dev "{self.ifname}"') + return True + + return False + + def flush_addrs(self): + """ + Flush all addresses from an interface, including DHCP. + + Will raise an exception on error. + """ + # stop DHCP(v6) if running + self.dhcp.v4.delete() + self.dhcp.v6.delete() + + # flush all addresses + self._cmd(f'ip addr flush dev "{self.ifname}"') diff --git a/python/vyos/ifconfig/macvlan.py b/python/vyos/ifconfig/macvlan.py index 55b1a3e91..b5481f4a7 100644 --- a/python/vyos/ifconfig/macvlan.py +++ b/python/vyos/ifconfig/macvlan.py @@ -13,6 +13,7 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see <http://www.gnu.org/licenses/>. +from copy import deepcopy from vyos.ifconfig.interface import Interface from vyos.ifconfig.vlan import VLAN @@ -27,6 +28,9 @@ class MACVLANIf(Interface): default = { 'type': 'macvlan', + 'address': '', + 'source_interface': '', + 'mode': '', } definition = { **Interface.definition, @@ -35,33 +39,32 @@ class MACVLANIf(Interface): 'prefixes': ['peth', ], }, } - options = Interface.options + ['source_interface', 'mode'] + options = Interface.options + \ + ['source_interface', 'mode'] def _create(self): - cmd = 'ip link add {ifname} link {source_interface} type macvlan mode {mode}'.format( - **self.config) - self._cmd(cmd) + # please do not change the order when assembling the command + cmd = 'ip link add {ifname}' + if self.config['source_interface']: + cmd += ' link {source_interface}' + cmd += ' type macvlan' + if self.config['mode']: + cmd += ' mode {mode}' + self._cmd(cmd.format(**self.config)) - @staticmethod - def get_config(): + def set_mode(self, mode): + ifname = self.config['ifname'] + cmd = f'ip link set dev {ifname} type macvlan mode {mode}' + return self._cmd(cmd) + + @classmethod + def get_config(cls): """ - VXLAN interfaces require a configuration when they are added using - iproute2. This static method will provide the configuration dictionary - used by this class. + MACVLAN interfaces require a configuration when they are added using + iproute2. This method will provide the configuration dictionary used + by this class. Example: >> dict = MACVLANIf().get_config() """ - config = { - 'address': '', - 'source_interface': '', - 'mode': '' - } - return config - - def set_mode(self, mode): - """ - """ - ifname = self.config['ifname'] - cmd = f'ip link set dev {ifname} type macvlan mode {mode}' - return self._cmd(cmd) + return deepcopy(cls.default) diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py index 009a53a82..85c22b5b4 100644 --- a/python/vyos/ifconfig/tunnel.py +++ b/python/vyos/ifconfig/tunnel.py @@ -43,7 +43,7 @@ class _Tunnel(Interface): **{ 'section': 'tunnel', 'prefixes': ['tun',], - 'bridgeable': True, + 'bridgeable': False, }, } @@ -135,14 +135,21 @@ class GREIf(_Tunnel): https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/ip/link_gre.c """ + definition = { + **_Tunnel.definition, + **{ + 'bridgeable': True, + }, + } + ip = [IP4, IP6] tunnel = IP4 default = {'type': 'gre'} required = ['local', ] # mGRE is a GRE without remote endpoint - options = ['local', 'remote', 'ttl', 'tos', 'key'] - updates = ['local', 'remote', 'ttl', 'tos', + options = ['local', 'remote', 'dev', 'ttl', 'tos', 'key'] + updates = ['local', 'remote', 'dev', 'ttl', 'tos', 'mtu', 'multicast', 'allmulticast'] create = 'ip tunnel add {ifname} mode {type}' @@ -160,6 +167,13 @@ class GRETapIf(_Tunnel): # no multicast, ttl or tos for gretap + definition = { + **_Tunnel.definition, + **{ + 'bridgeable': True, + }, + } + ip = [IP4, ] tunnel = IP4 @@ -189,9 +203,9 @@ class IP6GREIf(_Tunnel): default = {'type': 'ip6gre'} required = ['local', 'remote'] - options = ['local', 'remote', 'encaplimit', + options = ['local', 'remote', 'dev', 'encaplimit', 'hoplimit', 'tclass', 'flowlabel'] - updates = ['local', 'remote', 'encaplimit', + updates = ['local', 'remote', 'dev', 'encaplimit', 'hoplimit', 'tclass', 'flowlabel', 'mtu', 'multicast', 'allmulticast'] @@ -225,8 +239,8 @@ class IPIPIf(_Tunnel): default = {'type': 'ipip'} required = ['local', 'remote'] - options = ['local', 'remote', 'ttl', 'tos', 'key'] - updates = ['local', 'remote', 'ttl', 'tos', + options = ['local', 'remote', 'dev', 'ttl', 'tos', 'key'] + updates = ['local', 'remote', 'dev', 'ttl', 'tos', 'mtu', 'multicast', 'allmulticast'] create = 'ip tunnel add {ifname} mode {type}' @@ -248,9 +262,9 @@ class IPIP6If(_Tunnel): default = {'type': 'ipip6'} required = ['local', 'remote'] - options = ['local', 'remote', 'encaplimit', + options = ['local', 'remote', 'dev', 'encaplimit', 'hoplimit', 'tclass', 'flowlabel'] - updates = ['local', 'remote', 'encaplimit', + updates = ['local', 'remote', 'dev', 'encaplimit', 'hoplimit', 'tclass', 'flowlabel', 'mtu', 'multicast', 'allmulticast'] @@ -286,8 +300,8 @@ class SitIf(_Tunnel): default = {'type': 'sit'} required = ['local', 'remote'] - options = ['local', 'remote', 'ttl', 'tos', 'key'] - updates = ['local', 'remote', 'ttl', 'tos', + options = ['local', 'remote', 'dev', 'ttl', 'tos', 'key'] + updates = ['local', 'remote', 'dev', 'ttl', 'tos', 'mtu', 'multicast', 'allmulticast'] create = 'ip tunnel add {ifname} mode {type}' diff --git a/python/vyos/ifconfig/vlan.py b/python/vyos/ifconfig/vlan.py index 7b1e00d87..d68e8f6cd 100644 --- a/python/vyos/ifconfig/vlan.py +++ b/python/vyos/ifconfig/vlan.py @@ -101,26 +101,26 @@ class VLAN: >>> i.add_vlan(10) """ vlan_ifname = self.config['ifname'] + '.' + str(vlan_id) - if not os.path.exists(f'/sys/class/net/{vlan_ifname}'): - self._vlan_id = int(vlan_id) - - if ethertype: - self._ethertype = ethertype - ethertype = 'proto {}'.format(ethertype) - - # Optional ingress QOS mapping - opt_i = '' - if ingress_qos: - opt_i = 'ingress-qos-map ' + ingress_qos - # Optional egress QOS mapping - opt_e = '' - if egress_qos: - opt_e = 'egress-qos-map ' + egress_qos - - # create interface in the system - cmd = 'ip link add link {ifname} name {ifname}.{vlan} type vlan {proto} id {vlan} {opt_e} {opt_i}' \ - .format(ifname=self.config['ifname'], vlan=self._vlan_id, proto=ethertype, opt_e=opt_e, opt_i=opt_i) - self._cmd(cmd) + if os.path.exists(f'/sys/class/net/{vlan_ifname}'): + return self.__class__(vlan_ifname) + + if ethertype: + self._ethertype = ethertype + ethertype = 'proto {}'.format(ethertype) + + # Optional ingress QOS mapping + opt_i = '' + if ingress_qos: + opt_i = 'ingress-qos-map ' + ingress_qos + # Optional egress QOS mapping + opt_e = '' + if egress_qos: + opt_e = 'egress-qos-map ' + egress_qos + + # create interface in the system + cmd = 'ip link add link {ifname} name {ifname}.{vlan} type vlan {proto} id {vlan} {opt_e} {opt_i}' \ + .format(ifname=self.ifname, vlan=vlan_id, proto=ethertype, opt_e=opt_e, opt_i=opt_i) + self._cmd(cmd) # return new object mapping to the newly created interface # we can now work on this object for e.g. IP address setting diff --git a/python/vyos/ifconfig/vrrp.py b/python/vyos/ifconfig/vrrp.py index 29b10dd9e..a872725b2 100644 --- a/python/vyos/ifconfig/vrrp.py +++ b/python/vyos/ifconfig/vrrp.py @@ -109,7 +109,7 @@ class VRRP(object): return [] disabled = [] - config = json.loads(util.readfile(cls.location['vyos'])) + config = json.loads(util.read_file(cls.location['vyos'])) # add disabled groups to the list for group in config['vrrp_groups']: diff --git a/python/vyos/ifconfig/vxlan.py b/python/vyos/ifconfig/vxlan.py index f47ae17cc..f9f2e38e9 100644 --- a/python/vyos/ifconfig/vxlan.py +++ b/python/vyos/ifconfig/vxlan.py @@ -59,7 +59,8 @@ class VXLANIf(Interface): 'bridgeable': True, } } - options = ['group', 'remote', 'src_interface', 'port', 'vni', 'src_address'] + options = Interface.options + \ + ['group', 'remote', 'src_interface', 'port', 'vni', 'src_address'] mapping = { 'ifname': 'add', diff --git a/python/vyos/ifconfig/wireguard.py b/python/vyos/ifconfig/wireguard.py index ff945c9d0..fdf5d9347 100644 --- a/python/vyos/ifconfig/wireguard.py +++ b/python/vyos/ifconfig/wireguard.py @@ -165,8 +165,9 @@ class WireGuardIf(Interface): 'bridgeable': True, } } - options = ['port', 'private-key', 'pubkey', 'psk', - 'allowed-ips', 'fwmark', 'endpoint', 'keepalive'] + options = Interface.options + \ + ['port', 'private-key', 'pubkey', 'psk', + 'allowed-ips', 'fwmark', 'endpoint', 'keepalive'] """ Wireguard interface class, contains a comnfig dictionary since diff --git a/python/vyos/ifconfig/wireless.py b/python/vyos/ifconfig/wireless.py index 946ae1642..3122ac0a3 100644 --- a/python/vyos/ifconfig/wireless.py +++ b/python/vyos/ifconfig/wireless.py @@ -38,7 +38,8 @@ class WiFiIf(Interface): 'bridgeable': True, } } - options = ['phy', 'op_mode'] + options = Interface.options + \ + ['phy', 'op_mode'] def _create(self): # all interfaces will be added in monitor mode diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py index 899fd17da..ee009f7f9 100644 --- a/python/vyos/ifconfig_vlan.py +++ b/python/vyos/ifconfig_vlan.py @@ -66,10 +66,18 @@ def apply_vlan_config(vlan, config): # assign/remove VRF vlan.set_vrf(config['vrf']) + # Delete old IPv6 EUI64 addresses before changing MAC + for addr in config['ipv6_eui64_prefix_remove']: + vlan.del_ipv6_eui64_address(addr) + # Change VLAN interface MAC address if config['mac']: vlan.set_mac(config['mac']) + # Add IPv6 EUI-based addresses + for addr in config['ipv6_eui64_prefix']: + vlan.add_ipv6_eui64_address(addr) + # enable/disable VLAN interface if config['disable']: vlan.set_admin_state('down') diff --git a/python/vyos/logger.py b/python/vyos/logger.py new file mode 100644 index 000000000..f7cc964d5 --- /dev/null +++ b/python/vyos/logger.py @@ -0,0 +1,143 @@ +# Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library. If not, see <http://www.gnu.org/licenses/>. + +# A wrapper class around logging to make it easier to use + +# for a syslog logger: +# from vyos.logger import syslog +# syslog.critical('message') + +# for a stderr logger: +# from vyos.logger import stderr +# stderr.critical('message') + +# for a custom logger (syslog and file): +# from vyos.logger import getLogger +# combined = getLogger(__name__, syslog=True, stream=sys.stdout, filename='/tmp/test') +# combined.critical('message') + +import sys +import logging +import logging.handlers as handlers + +TIMED = '%(asctime)s: %(message)s' +SHORT = '%(filename)s: %(message)s' +CLEAR = '%(levelname) %(asctime)s %(filename)s: %(message)s' + +_levels = { + 'CRITICAL': logging.CRITICAL, + 'ERROR': logging.CRITICAL, + 'WARNING': logging.WARNING, + 'INFO': logging.INFO, + 'DEBUG': logging.DEBUG, + 'NOTSET': logging.NOTSET, +} + +# prevent recreation of already created logger +_created = {} + +def getLogger(name=None, **kwargs): + if name in _created: + if len(kwargs) == 0: + return _created[name] + raise ValueError('a logger with the name "{name} already exists') + + logger = logging.getLogger(name) + logger.setLevel(_levels[kwargs.get('level', 'DEBUG')]) + + if 'address' in kwargs or kwargs.get('syslog', False): + logger.addHandler(_syslog(**kwargs)) + if 'stream' in kwargs: + logger.addHandler(_stream(**kwargs)) + if 'filename' in kwargs: + logger.addHandler(_file(**kwargs)) + + _created[name] = logger + return logger + + +def _syslog(**kwargs): + formating = kwargs.get('format', SHORT) + handler = handlers.SysLogHandler( + address=kwargs.get('address', '/dev/log'), + facility=kwargs.get('facility', 'syslog'), + ) + handler.setFormatter(logging.Formatter(formating)) + return handler + + +def _stream(**kwargs): + formating = kwargs.get('format', CLEAR) + handler = logging.StreamHandler( + stream=kwargs.get('stream', sys.stderr), + ) + handler.setFormatter(logging.Formatter(formating)) + return handler + + +def _file(**kwargs): + formating = kwargs.get('format', CLEAR) + handler = handlers.RotatingFileHandler( + filename=kwargs.get('filename', 1048576), + maxBytes=kwargs.get('maxBytes', 1048576), + backupCount=kwargs.get('backupCount', 3), + ) + handler.setFormatter(logging.Formatter(formating)) + return handler + + +# exported pre-built logger, please keep in mind that the names +# must be unique otherwise the logger are shared + +# a logger for stderr +stderr = getLogger( + 'VyOS Syslog', + format=SHORT, + stream=sys.stderr, + address='/dev/log' +) + +# a logger to syslog +syslog = getLogger( + 'VyOS StdErr', + format='%(message)s', + address='/dev/log' +) + + +# testing +if __name__ == '__main__': + # from vyos.logger import getLogger + formating = '%(asctime)s (%(filename)s) %(levelname)s: %(message)s' + + # syslog logger + # syslog=True if no 'address' field is provided + syslog = getLogger(__name__ + '.1', syslog=True, format=formating) + syslog.info('syslog test') + + # steam logger + stream = getLogger(__name__ + '.2', stream=sys.stdout, level='ERROR') + stream.info('steam test') + + # file logger + filelog = getLogger(__name__ + '.3', filename='/tmp/test') + filelog.info('file test') + + # create a combined logger + getLogger('VyOS', syslog=True, stream=sys.stdout, filename='/tmp/test') + + # recover the created logger from name + combined = getLogger('VyOS') + combined.info('combined test') diff --git a/python/vyos/remote.py b/python/vyos/remote.py index 1b4d3876e..3f46d979b 100644 --- a/python/vyos/remote.py +++ b/python/vyos/remote.py @@ -91,7 +91,7 @@ def get_remote_config(remote_file): ftp://<user>[:<passwd>]@<host>/<file> tftp://<host>/<file> """ - request = dict.fromkeys(['protocol', 'host', 'file', 'user', 'passwd']) + request = dict.fromkeys(['protocol', 'user', 'host', 'file']) protocols = ['scp', 'sftp', 'http', 'https', 'ftp', 'tftp'] or_protocols = '|'.join(protocols) @@ -108,11 +108,6 @@ def get_remote_config(remote_file): if user_match: request['user'] = user_match.groups()[0] request['host'] = user_match.groups()[1] - passwd_match = re.search(r'(.*):(.*)', request['user']) - if passwd_match: - # Deprectated in RFC 3986, but maintain for backward compatability. - request['user'] = passwd_match.groups()[0] - request['passwd'] = passwd_match.groups()[1] remote_file = '{0}://{1}{2}'.format(request['protocol'], request['host'], request['file']) @@ -137,7 +132,7 @@ def get_remote_config(remote_file): print('HTTP error: {0} {1}'.format(*val)) sys.exit(1) - if request['user'] and not request['passwd']: + if request['user']: curl_cmd = 'curl -# -u {0} {1}'.format(request['user'], remote_file) else: curl_cmd = 'curl {0} -# {1}'.format(redirect_opt, remote_file) diff --git a/python/vyos/template.py b/python/vyos/template.py index 6c73ce753..e4b253ed3 100644 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -19,6 +19,7 @@ from jinja2 import Environment from jinja2 import FileSystemLoader from vyos.defaults import directories +from vyos.util import chmod, chown, makedir # reuse the same Environment to improve performance @@ -32,7 +33,7 @@ _templates_mem = { } -def render(destination, template, content, trim_blocks=False, formater=None): +def render(destination, template, content, trim_blocks=False, formater=None, permission=None, user=None, group=None): """ render a template from the template directory, it will raise on any errors destination: the file where the rendered template must be saved @@ -46,6 +47,10 @@ def render(destination, template, content, trim_blocks=False, formater=None): (recovering the load time and overhead caused by having the file out of the code) """ + # Create the directory if it does not exists + folder = os.path.dirname(destination) + makedir(folder, user, group) + # Setup a renderer for the given template # This is cached and re-used for performance if template not in _templates_mem[trim_blocks]: @@ -63,3 +68,6 @@ def render(destination, template, content, trim_blocks=False, formater=None): # Write client config file with open(destination, 'w') as f: f.write(content) + + chmod(destination, permission) + chown(destination, user, group) diff --git a/python/vyos/util.py b/python/vyos/util.py index eb78c4a26..92b6f7992 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -14,6 +14,7 @@ # License along with this library. If not, see <http://www.gnu.org/licenses/>. import os +import sys # # NOTE: Do not import full classes here, move your import to the function @@ -25,7 +26,7 @@ import os # which all have slighty different behaviour from subprocess import Popen, PIPE, STDOUT, DEVNULL def popen(command, flag='', shell=None, input=None, timeout=None, env=None, - stdout=PIPE, stderr=None, decode=None): + stdout=PIPE, stderr=PIPE, decode='utf-8'): """ popen is a wrapper helper aound subprocess.Popen with it default setting it will return a tuple (out, err) @@ -48,12 +49,14 @@ def popen(command, flag='', shell=None, input=None, timeout=None, env=None, - STDOUT, send the data to be merged with stdout - DEVNULL, discard the output decode: specify the expected text encoding (utf-8, ascii, ...) + the default is explicitely utf-8 which is python's own default usage: to get both stdout, and stderr: popen('command', stdout=PIPE, stderr=STDOUT) to discard stdout and get stderr: popen('command', stdout=DEVNUL, stderr=PIPE) """ from vyos import debug + from vyos import airbag # log if the flag is set, otherwise log if command is set if not debug.enabled(flag): flag = 'command' @@ -77,27 +80,39 @@ def popen(command, flag='', shell=None, input=None, timeout=None, env=None, stdin=stdin, stdout=stdout, stderr=stderr, env=env, shell=use_shell, ) - tmp = p.communicate(input, timeout) - out1 = b'' - out2 = b'' + + pipe = p.communicate(input, timeout) + + pipe_out = b'' if stdout == PIPE: - out1 = tmp[0] + pipe_out = pipe[0] + + pipe_err = b'' if stderr == PIPE: - out2 += tmp[1] - decoded1 = out1.decode(decode) if decode else out1.decode() - decoded2 = out2.decode(decode) if decode else out2.decode() - decoded1 = decoded1.replace('\r\n', '\n').strip() - decoded2 = decoded2.replace('\r\n', '\n').strip() - nl = '\n' if decoded1 and decoded2 else '' - decoded = decoded1 + nl + decoded2 - if decoded: - ret_msg = f"returned:\n{decoded}" - debug.message(ret_msg, flag) - return decoded, p.returncode + pipe_err = pipe[1] + + str_out = pipe_out.decode(decode).replace('\r\n', '\n').strip() + str_err = pipe_err.decode(decode).replace('\r\n', '\n').strip() + + out_msg = f"returned (out):\n{str_out}" + if str_out: + debug.message(out_msg, flag) + + if str_err: + err_msg = f"returned (err):\n{str_err}" + # this message will also be send to syslog via airbag + debug.message(err_msg, flag, destination=sys.stderr) + + # should something go wrong, report this too via airbag + airbag.noteworthy(cmd_msg) + airbag.noteworthy(out_msg) + airbag.noteworthy(err_msg) + + return str_out, p.returncode def run(command, flag='', shell=None, input=None, timeout=None, env=None, - stdout=DEVNULL, stderr=None, decode=None): + stdout=DEVNULL, stderr=PIPE, decode='utf-8'): """ A wrapper around vyos.util.popen, which discard the stdout and will return the error code of a command @@ -113,14 +128,15 @@ def run(command, flag='', shell=None, input=None, timeout=None, env=None, def cmd(command, flag='', shell=None, input=None, timeout=None, env=None, - stdout=PIPE, stderr=None, decode=None, - raising=None, message=''): + stdout=PIPE, stderr=PIPE, decode='utf-8', + raising=None, message='', expect=[0]): """ A wrapper around vyos.util.popen, which returns the stdout and will raise the error code of a command raising: specify which call should be used when raising (default is OSError) the class should only require a string as parameter + expect: a list of error codes to consider as normal """ decoded, code = popen( command, flag, @@ -129,7 +145,7 @@ def cmd(command, flag='', shell=None, input=None, timeout=None, env=None, env=env, shell=shell, decode=decode, ) - if code != 0: + if code not in expect: feedback = message + '\n' if message else '' feedback += f'failed to run command: {command}\n' feedback += f'returned: {decoded}\n' @@ -143,7 +159,7 @@ def cmd(command, flag='', shell=None, input=None, timeout=None, env=None, def call(command, flag='', shell=None, input=None, timeout=None, env=None, - stdout=PIPE, stderr=None, decode=None): + stdout=PIPE, stderr=PIPE, decode='utf-8'): """ A wrapper around vyos.util.popen, which print the stdout and will return the error code of a command @@ -155,15 +171,41 @@ def call(command, flag='', shell=None, input=None, timeout=None, env=None, env=env, shell=shell, decode=decode, ) - print(out) + if out: + print(out) return code -def read_file(path): - """ Read a file to string """ - with open(path, 'r') as f: - data = f.read().strip() - return data +def read_file(fname, defaultonfailure=None): + """ + read the content of a file, stripping any end characters (space, newlines) + should defaultonfailure be not None, it is returned on failure to read + """ + try: + """ Read a file to string """ + with open(fname, 'r') as f: + data = f.read().strip() + return data + except Exception as e: + if defaultonfailure is not None: + return defaultonfailure + raise e + + +def read_json(fname, defaultonfailure=None): + """ + read and json decode the content of a file + should defaultonfailure be not None, it is returned on failure to read + """ + import json + try: + with open(fname, 'r') as f: + data = json.load(f) + return data + except Exception as e: + if defaultonfailure is not None: + return defaultonfailure + raise e def chown(path, user, group): @@ -171,10 +213,24 @@ def chown(path, user, group): from pwd import getpwnam from grp import getgrnam - if os.path.exists(path): - uid = getpwnam(user).pw_uid - gid = getgrnam(group).gr_gid - os.chown(path, uid, gid) + if user is None or group is None: + return False + + if not os.path.exists(path): + return False + + uid = getpwnam(user).pw_uid + gid = getgrnam(group).gr_gid + os.chown(path, uid, gid) + return True + + +def chmod(path, bitmask): + if not os.path.exists(path): + return + if bitmask is None: + return + os.chmod(path, bitmask) def chmod_600(path): @@ -205,6 +261,13 @@ def chmod_755(path): os.chmod(path, bitmask) +def makedir(path, user=None, group=None): + if os.path.exists(path): + return + os.mkdir(path) + chown(path, user, group) + + def colon_separated_to_dict(data_string, uniquekeys=False): """ Converts a string containing newline-separated entries of colon-separated key-value pairs into a dict. @@ -429,21 +492,9 @@ def mac2eui64(mac, prefix=None): except: # pylint: disable=bare-except return -def is_bridge_member(interface): - """ - Checks if passed interfaces is part of a bridge device or not. - - Returns a tuple: - False, None -> Not part of a bridge - True, bridge-name -> If it is assigned to a bridge - """ - from vyos.config import Config - c = Config() - base = ['interfaces', 'bridge'] - for bridge in c.list_nodes(base): - members = c.list_nodes(base + [bridge, 'member', 'interface']) - if interface in members: - return (True, bridge) - - return False, None - +def get_half_cpus(): + """ return 1/2 of the numbers of available CPUs """ + cpu = os.cpu_count() + if cpu > 1: + cpu /= 2 + return int(cpu) diff --git a/python/vyos/validate.py b/python/vyos/validate.py index 9d413ffab..446f6e4ca 100644 --- a/python/vyos/validate.py +++ b/python/vyos/validate.py @@ -86,8 +86,8 @@ def _is_intf_addr_assigned(intf, address, netmask=''): # check if the requested address type is configured at all # { - # 17: [{'addr': '08:00:27:d9:5b:04', 'broadcast': 'ff:ff:ff:ff:ff:ff'}], - # 2: [{'addr': '10.0.2.15', 'netmask': '255.255.255.0', 'broadcast': '10.0.2.255'}], + # 17: [{'addr': '08:00:27:d9:5b:04', 'broadcast': 'ff:ff:ff:ff:ff:ff'}], + # 2: [{'addr': '10.0.2.15', 'netmask': '255.255.255.0', 'broadcast': '10.0.2.255'}], # 10: [{'addr': 'fe80::a00:27ff:fed9:5b04%eth0', 'netmask': 'ffff:ffff:ffff:ffff::'}] # } try: @@ -240,3 +240,27 @@ def assert_mac(m): if octets[:5] == (0, 0, 94, 0, 1): raise ValueError(f'{m} is a VRRP MAC address') + +def is_bridge_member(conf, interface): + """ + Checks if passed interfaces is part of a bridge device or not. + + Returns a tuple: + None -> Interface not a bridge member + Bridge -> Interface is a member of this bridge + """ + ret_val = None + old_level = conf.get_level() + + # set config level to root + conf.set_level([]) + base = ['interfaces', 'bridge'] + for bridge in conf.list_nodes(base): + members = conf.list_nodes(base + [bridge, 'member', 'interface']) + if interface in members: + ret_val = bridge + break + + old_level = conf.set_level(old_level) + return ret_val + diff --git a/python/vyos/version.py b/python/vyos/version.py index d51a940d6..a524b36ea 100644 --- a/python/vyos/version.py +++ b/python/vyos/version.py @@ -34,9 +34,17 @@ import json import vyos.defaults +from vyos.util import read_file +from vyos.util import read_json +from vyos.util import popen +from vyos.util import run +from vyos.util import DEVNULL + + version_file = os.path.join(vyos.defaults.directories['data'], 'version.json') -def get_version_data(file=version_file): + +def get_version_data(fname=version_file): """ Get complete version data @@ -52,20 +60,50 @@ def get_version_data(file=version_file): is an implementation detail and may change in the future, while the interface of this module will stay the same. """ - try: - with open(file, 'r') as f: - version_data = json.load(f) - return version_data - except FileNotFoundError: - return {} + return read_json(fname, {}) -def get_version(file=None): + +def get_version(fname=version_file): """ Get the version number, or an empty string if it could not be determined """ - version_data = None - if file: - version_data = get_version_data(file=file) - else: - version_data = get_version_data() - return version_data.get('version','') + return get_version_data(fname=fname).get('version', '') + + +def get_full_version_data(fname=version_file): + version_data = get_version_data(fname) + + # Get system architecture (well, kernel architecture rather) + version_data['system_arch'], _ = popen('uname -m', stderr=DEVNULL) + + # Get hypervisor name, if any + try: + hypervisor, _ = popen('hvinfo', stderr=DEVNULL) + version_data['system_type'] = f"{hypervisor} guest" + except OSError: + # hvinfo returns 1 if it cannot detect any hypervisor + version_data['system_type'] = 'bare metal' + + # Get boot type, it can be livecd, installed image, or, possible, a system installed + # via legacy "install system" mechanism + # In installed images, the squashfs image file is named after its image version, + # while on livecd it's just "filesystem.squashfs", that's how we tell a livecd boot + # from an installed image + boot_via = "installed image" + if run(""" grep -e '^overlay.*/filesystem.squashfs' /proc/mounts >/dev/null""") == 0: + boot_via = "livecd" + elif run(""" grep '^overlay /' /proc/mounts >/dev/null """) != 0: + boot_via = "legacy non-image installation" + version_data['boot_via'] = boot_via + + # Get hardware details from DMI + dmi = '/sys/class/dmi/id' + version_data['hardware_vendor'] = read_file(dmi + '/sys_vendor', 'Unknown') + version_data['hardware_model'] = read_file(dmi +'/product_name','Unknown') + + # These two assume script is run as root, normal users can't access those files + subsystem = '/sys/class/dmi/id/subsystem/id' + version_data['hardware_serial'] = read_file(subsystem + '/product_serial','Unknown') + version_data['hardware_uuid'] = read_file(subsystem + '/product_uuid', 'Unknown') + + return version_data |