diff options
Diffstat (limited to 'src/conf_mode')
| -rwxr-xr-x | src/conf_mode/bcast_relay.py | 4 | ||||
| -rwxr-xr-x | src/conf_mode/dns_forwarding.py | 10 | ||||
| -rwxr-xr-x | src/conf_mode/dynamic_dns.py | 33 | ||||
| -rwxr-xr-x | src/conf_mode/flow_accounting_conf.py | 4 | ||||
| -rwxr-xr-x | src/conf_mode/host_name.py | 2 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 48 | ||||
| -rwxr-xr-x | src/conf_mode/le_cert.py | 13 | ||||
| -rwxr-xr-x | src/conf_mode/mdns_repeater.py | 5 | ||||
| -rwxr-xr-x | src/conf_mode/system-syslog.py | 4 | ||||
| -rwxr-xr-x | src/conf_mode/tftp_server.py | 2 |
10 files changed, 56 insertions, 69 deletions
diff --git a/src/conf_mode/bcast_relay.py b/src/conf_mode/bcast_relay.py index 0069218f6..a3bc76ef8 100755 --- a/src/conf_mode/bcast_relay.py +++ b/src/conf_mode/bcast_relay.py @@ -146,7 +146,7 @@ def generate(relay): def apply(relay): # first stop all running services - call('sudo systemctl stop udp-broadcast-relay@{1..99}') + call('systemctl stop udp-broadcast-relay@{1..99}.service') if (relay is None) or relay['disabled']: return None @@ -156,7 +156,7 @@ def apply(relay): # Don't start individual instance when it's disabled if r['disabled']: continue - call('sudo systemctl start udp-broadcast-relay@{0}'.format(r['id'])) + call('systemctl start udp-broadcast-relay@{0}.service'.format(r['id'])) return None diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py index a7b12fa01..567dfa4b3 100755 --- a/src/conf_mode/dns_forwarding.py +++ b/src/conf_mode/dns_forwarding.py @@ -31,7 +31,7 @@ parser = argparse.ArgumentParser() parser.add_argument("--dhclient", action="store_true", help="Started from dhclient-script") -config_file = r'/etc/powerdns/recursor.conf' +config_file = r'/run/powerdns/recursor.conf' default_config_data = { 'allow_from': [], @@ -152,17 +152,21 @@ def generate(dns): if dns is None: return None + dirname = os.path.dirname(config_file) + if not os.path.exists(dirname): + os.mkdir(dirname) + render(config_file, 'dns-forwarding/recursor.conf.tmpl', dns, trim_blocks=True) return None def apply(dns): if dns is None: # DNS forwarding is removed in the commit - call("systemctl stop pdns-recursor") + call("systemctl stop pdns-recursor.service") if os.path.isfile(config_file): os.unlink(config_file) else: - call("systemctl restart pdns-recursor") + call("systemctl restart pdns-recursor.service") if __name__ == '__main__': args = parser.parse_args() diff --git a/src/conf_mode/dynamic_dns.py b/src/conf_mode/dynamic_dns.py index b76503419..038f77cf9 100755 --- a/src/conf_mode/dynamic_dns.py +++ b/src/conf_mode/dynamic_dns.py @@ -25,10 +25,7 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render - -config_file = r'/etc/ddclient/ddclient.conf' -cache_file = r'/var/cache/ddclient/ddclient.cache' -pid_file = r'/var/run/ddclient/ddclient.pid' +config_file = r'/run/ddclient/ddclient.conf' # Mapping of service name to service protocol default_service_protocol = { @@ -47,9 +44,7 @@ default_service_protocol = { default_config_data = { 'interfaces': [], - 'cache_file': cache_file, - 'deleted': False, - 'pid_file': pid_file + 'deleted': False } def get_config(): @@ -220,39 +215,27 @@ def verify(dyndns): def generate(dyndns): # bail out early - looks like removal from running config if dyndns['deleted']: - if os.path.exists(config_file): - os.unlink(config_file) - return None - dirname = os.path.dirname(dyndns['pid_file']) - if not os.path.exists(dirname): - os.mkdir(dirname) - dirname = os.path.dirname(config_file) if not os.path.exists(dirname): os.mkdir(dirname) render(config_file, 'dynamic-dns/ddclient.conf.tmpl', dyndns) - + # Config file must be accessible only by its owner os.chmod(config_file, S_IRUSR | S_IWUSR) return None def apply(dyndns): - if os.path.exists(dyndns['cache_file']): - os.unlink(dyndns['cache_file']) - - if os.path.exists('/etc/ddclient.conf'): - os.unlink('/etc/ddclient.conf') - if dyndns['deleted']: - call('/etc/init.d/ddclient stop') - if os.path.exists(dyndns['pid_file']): - os.unlink(dyndns['pid_file']) + call('systemctl stop ddclient.service') + if os.path.exists(config_file): + os.unlink(config_file) + else: - call('/etc/init.d/ddclient restart') + call('systemctl restart ddclient.service') return None diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py index 3320075fb..1354488ac 100755 --- a/src/conf_mode/flow_accounting_conf.py +++ b/src/conf_mode/flow_accounting_conf.py @@ -346,9 +346,9 @@ def apply(config): command = None # Check if flow-accounting was removed and define command if not config['flow-accounting-configured']: - command = '/usr/bin/sudo /bin/systemctl stop uacctd' + command = 'systemctl stop uacctd.service' else: - command = '/usr/bin/sudo /bin/systemctl restart uacctd' + command = 'systemctl restart uacctd.service' # run command to start or stop flow-accounting cmd(command, raising=ConfigError, message='Failed to start/stop flow-accounting') diff --git a/src/conf_mode/host_name.py b/src/conf_mode/host_name.py index 7c2f79abc..dd5819f9f 100755 --- a/src/conf_mode/host_name.py +++ b/src/conf_mode/host_name.py @@ -173,7 +173,7 @@ def apply(config): # restart pdns if it is used ret = run('/usr/bin/rec_control ping') if ret == 0: - call('/etc/init.d/pdns-recursor restart >/dev/null') + call('systemctl restart pdns-recursor.service') return None diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index b42765586..6733623c6 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -79,7 +79,7 @@ default_config_data = { 'server_push_route': [], 'server_reject_unconfigured': False, 'server_subnet': '', - 'server_topology': 'net30', + 'server_topology': '', 'shared_secret_file': '', 'tls': False, 'tls_auth': '', @@ -124,13 +124,10 @@ def getDefaultServer(network, topology, devtype): Logic from openvpn's src/openvpn/helper.c. Returns a dict with addresses or False if the input parameters were incorrect. """ - if not (topology and devtype): - return False - if not (devtype == 'tun' or devtype == 'tap'): return False - if not network.prefixlen: + if not network.version == 4: return False elif (devtype == 'tun' and network.prefixlen > 29) or (devtype == 'tap' and network.prefixlen > 30): return False @@ -345,6 +342,7 @@ def get_config(): openvpn['server_topology'] = conf.return_value('server topology') # Server-mode subnet (from which client IPs are allocated) + server_network = None if conf.exists('server subnet'): # server_network is used later in this function server_network = IPv4Network(conf.return_value('server subnet')) @@ -476,25 +474,31 @@ def get_config(): if not openvpn['tls_dh'] and openvpn['tls_key'] and checkCertHeader('-----BEGIN EC PRIVATE KEY-----', openvpn['tls_key']): openvpn['tls_dh'] = 'none' + # set default server topology to net30 + if openvpn['mode'] == 'server' and not openvpn['server_topology']: + openvpn['server_topology'] = 'net30' + # Set defaults where necessary. - # If any of the input parameters are missing or wrong, + # If any of the input parameters are wrong, # this will return False and no defaults will be set. - default_server = getDefaultServer(server_network, openvpn['server_topology'], openvpn['type']) - if default_server: - # server-bridge doesn't require a pool so don't set defaults for it - if not openvpn['bridge_member']: - openvpn['server_pool'] = True - if not openvpn['server_pool_start']: - openvpn['server_pool_start'] = default_server['pool_start'] - - if not openvpn['server_pool_stop']: - openvpn['server_pool_stop'] = default_server['pool_stop'] - - if not openvpn['server_pool_netmask']: - openvpn['server_pool_netmask'] = default_server['pool_netmask'] - - for client in openvpn['client']: - client['remote_netmask'] = default_server['client_remote_netmask'] + if server_network and openvpn['server_topology'] and openvpn['type']: + default_server = None + default_server = getDefaultServer(server_network, openvpn['server_topology'], openvpn['type']) + if default_server: + # server-bridge doesn't require a pool so don't set defaults for it + if not openvpn['bridge_member']: + openvpn['server_pool'] = True + if not openvpn['server_pool_start']: + openvpn['server_pool_start'] = default_server['pool_start'] + + if not openvpn['server_pool_stop']: + openvpn['server_pool_stop'] = default_server['pool_stop'] + + if not openvpn['server_pool_netmask']: + openvpn['server_pool_netmask'] = default_server['pool_netmask'] + + for client in openvpn['client']: + client['remote_netmask'] = default_server['client_remote_netmask'] return openvpn diff --git a/src/conf_mode/le_cert.py b/src/conf_mode/le_cert.py index 4b365a566..2db31d3fc 100755 --- a/src/conf_mode/le_cert.py +++ b/src/conf_mode/le_cert.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019 VyOS maintainers and contributors +# Copyright (C) 2019-2020 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -13,8 +13,6 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# -# import sys import os @@ -25,7 +23,6 @@ from vyos import ConfigError from vyos.util import cmd from vyos.util import call - vyos_conf_scripts_dir = vyos.defaults.directories['conf_mode'] dependencies = [ @@ -86,17 +83,17 @@ def generate(cert): # certbot will attempt to reload nginx, even with 'certonly'; # start nginx if not active - ret = call('systemctl is-active --quiet nginx.ervice') + ret = call('systemctl is-active --quiet nginx.service') if ret: - call('sudo systemctl start nginx.service') + call('systemctl start nginx.service') request_certbot(cert) def apply(cert): if cert is not None: - call('sudo systemctl restart certbot.timer') + call('systemctl restart certbot.timer') else: - call('sudo systemctl stop certbot.timer') + call('systemctl stop certbot.timer') return None for dep in dependencies: diff --git a/src/conf_mode/mdns_repeater.py b/src/conf_mode/mdns_repeater.py index bca1a537e..a652553f7 100755 --- a/src/conf_mode/mdns_repeater.py +++ b/src/conf_mode/mdns_repeater.py @@ -25,7 +25,6 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render - config_file = r'/etc/default/mdns-repeater' default_config_data = { @@ -86,11 +85,11 @@ def generate(mdns): def apply(mdns): if (mdns is None) or mdns['disabled']: - call('sudo systemctl stop mdns-repeater') + call('systemctl stop mdns-repeater.service') if os.path.exists(config_file): os.unlink(config_file) else: - call('sudo systemctl restart mdns-repeater') + call('systemctl restart mdns-repeater.service') return None diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py index 7d93ffdd5..9da3d9157 100755 --- a/src/conf_mode/system-syslog.py +++ b/src/conf_mode/system-syslog.py @@ -244,8 +244,8 @@ def verify(c): def apply(c): if not c: - return run('systemctl stop syslog') - return run('systemctl restart syslog') + return run('systemctl stop syslog.service') + return run('systemctl restart syslog.service') if __name__ == '__main__': try: diff --git a/src/conf_mode/tftp_server.py b/src/conf_mode/tftp_server.py index 229202304..94c8bcf03 100755 --- a/src/conf_mode/tftp_server.py +++ b/src/conf_mode/tftp_server.py @@ -106,7 +106,7 @@ def generate(tftpd): def apply(tftpd): # stop all services first - then we will decide - call('systemctl stop tftpd@{0..20}') + call('systemctl stop tftpd@{0..20}.service') # bail out early - e.g. service deletion if tftpd is None: |