1 files changed, 11 insertions, 28 deletions

diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py
index c2f5c8e07..4fffa11ee 100755
--- a/src/conf_mode/ipsec-settings.py
+++ b/src/conf_mode/ipsec-settings.py
@@ -18,13 +18,13 @@ import re
 import os
 
 from time import sleep
-from jinja2 import FileSystemLoader, Environment
 from sys import exit
 
 from vyos.config import Config
-from vyos.defaults import directories as vyos_data_dir
 from vyos import ConfigError
-from vyos.util import run
+from vyos.util import call
+from vyos.template import render
+
 
 ra_conn_name = "remote-access"
 charon_conf_file = "/etc/strongswan.d/charon.conf"
@@ -99,7 +99,7 @@ def get_config():
 
 ### Remove config from file by delimiter
 def remove_confs(delim_begin, delim_end, conf_file):
-    run("sed -i '/"+delim_begin+"/,/"+delim_end+"/d' "+conf_file)
+    call("sed -i '/"+delim_begin+"/,/"+delim_end+"/d' "+conf_file)
 
 
 ### Checking certificate storage and notice if certificate not in /config directory
@@ -112,7 +112,7 @@ def check_cert_file_store(cert_name, file_path, dts_path):
     else:
       ### Cpy file to /etc/ipsec.d/certs/ /etc/ipsec.d/cacerts/
       # todo make check
-      ret = run('cp -f '+file_path+' '+dts_path)
+      ret = call('cp -f '+file_path+' '+dts_path)
       if ret:
          raise ConfigError("L2TP VPN configuration error: Cannot copy "+file_path)
 
@@ -147,43 +147,26 @@ def verify(data):
            raise ConfigError("L2TP VPN configuration error: \"vpn ipsec ipsec-interfaces\" must be specified.")
 
 def generate(data):
-    tmpl_path = os.path.join(vyos_data_dir['data'], 'templates', 'ipsec')
-    fs_loader = FileSystemLoader(tmpl_path)
-    env = Environment(loader=fs_loader, trim_blocks=True)
-
-    tmpl = env.get_template('charon.tmpl')
-    config_text = tmpl.render(data)
-    with open(charon_conf_file, 'w') as f:
-        f.write(config_text)
+    render(charon_conf_file, 'ipsec/charon.tmpl', data, trim_blocks=True)
 
     if data["ipsec_l2tp"]:
         remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_conf_flie)
 
-        tmpl = env.get_template('ipsec.secrets.tmpl')
-        l2pt_ipsec_secrets_txt = tmpl.render(c)
         old_umask = os.umask(0o077)
-        with open(ipsec_secrets_flie,'w') as f:
-            f.write(l2pt_ipsec_secrets_txt)
+        render(ipsec_secrets_flie, 'ipsec/ipsec.secrets.tmpl', c, trim_blocks=True)
         os.umask(old_umask)
 
-        tmpl = env.get_template('remote-access.tmpl')
-        ipsec_ra_conn_txt = tmpl.render(c)
         old_umask = os.umask(0o077)
 
         # Create tunnels directory if does not exist
         if not os.path.exists(ipsec_ra_conn_dir):
             os.makedirs(ipsec_ra_conn_dir)
 
-        with open(ipsec_ra_conn_file,'w') as f:
-            f.write(ipsec_ra_conn_txt)
+        render(ipsec_ra_conn_file, 'ipsec/remote-access.tmpl', c, trim_blocks=True)
         os.umask(old_umask)
 
-
-        tmpl = env.get_template('ipsec.conf.tmpl')
-        l2pt_ipsec_conf_txt = tmpl.render(c)
         old_umask = os.umask(0o077)
-        with open(ipsec_conf_flie,'a') as f:
-            f.write(l2pt_ipsec_conf_txt)
+        render(ipsec_conf_flie, 'ipsec/ipsec.conf.tmpl', c, trim_blocks=True)
         os.umask(old_umask)
 
     else:
@@ -193,12 +176,12 @@ def generate(data):
         remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_conf_flie)
 
 def restart_ipsec():
-    run('ipsec restart >&/dev/null')
+    call('ipsec restart >&/dev/null')
     # counter for apply swanctl config
     counter = 10
     while counter <= 10:
         if os.path.exists(charon_pidfile):
-            run('swanctl -q >&/dev/null')
+            call('swanctl -q >&/dev/null')
             break
         counter -=1
         sleep(1)