diff options
Diffstat (limited to 'src/conf_mode/ntp.py')
| -rwxr-xr-x | src/conf_mode/ntp.py | 78 |
1 files changed, 20 insertions, 58 deletions
diff --git a/src/conf_mode/ntp.py b/src/conf_mode/ntp.py index 8f32e6e81..75328dfd7 100755 --- a/src/conf_mode/ntp.py +++ b/src/conf_mode/ntp.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018 VyOS maintainers and contributors +# Copyright (C) 2018-2020 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -13,64 +13,21 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# -# -import sys import os -import jinja2 -import ipaddress -import copy +from copy import deepcopy +from ipaddress import ip_network +from jinja2 import FileSystemLoader, Environment +from sys import exit from vyos.config import Config +from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import call -config_file = r'/etc/ntp.conf' - -# Please be careful if you edit the template. -config_tmpl = """ -### Autogenerated by ntp.py ### -# -# Non-configurable defaults -# -driftfile /var/lib/ntp/ntp.drift -# By default, only allow ntpd to query time sources, ignore any incoming requests -restrict default noquery nopeer notrap nomodify -# Local users have unrestricted access, allowing reconfiguration via ntpdc -restrict 127.0.0.1 -restrict -6 ::1 - -# Do not listen on any interface address by default -interface ignore wildcard -# -# Configurable section -# - -{% if servers -%} -{% for s in servers -%} -# Server configuration for: {{ s.name }} -server {{ s.name }} iburst {{ s.options | join(" ") }} -{% endfor -%} -{% endif %} - -{% if allowed_networks -%} -{% for n in allowed_networks -%} -# Client configuration for network: {{ n.network }} -restrict {{ n.address }} mask {{ n.netmask }} nomodify notrap nopeer - -{% endfor -%} -{% endif %} - -{% if listen_address -%} -# NTP should listen on configured addresses only -{% for a in listen_address -%} -interface listen {{ a }} -{% endfor -%} -{% endif %} - -""" +config_file = r'/etc/ntp.conf' default_config_data = { 'servers': [], @@ -79,7 +36,7 @@ default_config_data = { } def get_config(): - ntp = copy.deepcopy(default_config_data) + ntp = deepcopy(default_config_data) conf = Config() if not conf.exists('system ntp'): return None @@ -89,7 +46,7 @@ def get_config(): if conf.exists('allow-clients address'): networks = conf.return_values('allow-clients address') for n in networks: - addr = ipaddress.ip_network(n) + addr = ip_network(n) net = { "network" : n, "address" : addr.network_address, @@ -131,7 +88,7 @@ def verify(ntp): for n in ntp['allowed_networks']: try: - addr = ipaddress.ip_network( n['network'] ) + addr = ip_network( n['network'] ) break except ValueError: raise ConfigError("{0} does not appear to be a valid IPv4 or IPv6 network, check host bits!".format(n['network'])) @@ -143,7 +100,12 @@ def generate(ntp): if ntp is None: return None - tmpl = jinja2.Template(config_tmpl) + # Prepare Jinja2 template loader from files + tmpl_path = os.path.join(vyos_data_dir['data'], 'templates', 'ntp') + fs_loader = FileSystemLoader(tmpl_path) + env = Environment(loader=fs_loader) + + tmpl = env.get_template('ntp.conf.tmpl') config_text = tmpl.render(ntp) with open(config_file, 'w') as f: f.write(config_text) @@ -152,10 +114,10 @@ def generate(ntp): def apply(ntp): if ntp is not None: - os.system('sudo systemctl restart ntp.service') + call('sudo systemctl restart ntp.service') else: # NTP support is removed in the commit - os.system('sudo systemctl stop ntp.service') + call('sudo systemctl stop ntp.service') os.unlink(config_file) return None @@ -168,4 +130,4 @@ if __name__ == '__main__': apply(c) except ConfigError as e: print(e) - sys.exit(1) + exit(1) |