summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/dynamic_dns.py55
-rwxr-xr-xsrc/conf_mode/https.py109
-rwxr-xr-xsrc/conf_mode/interfaces-ethernet.py6
-rwxr-xr-xsrc/conf_mode/snmp.py139
4 files changed, 116 insertions, 193 deletions
diff --git a/src/conf_mode/dynamic_dns.py b/src/conf_mode/dynamic_dns.py
index ff3c1f825..027a7f7e3 100755
--- a/src/conf_mode/dynamic_dns.py
+++ b/src/conf_mode/dynamic_dns.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2018 VyOS maintainers and contributors
+# Copyright (C) 2018-2019 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -13,8 +13,6 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#
import os
import sys
@@ -23,16 +21,17 @@ import jinja2
from vyos.config import Config
from vyos import ConfigError
-config_file = r'/etc/ddclient.conf'
+config_file = r'/etc/ddclient/ddclient.conf'
cache_file = r'/var/cache/ddclient/ddclient.cache'
+pid_file = r'/var/run/ddclient/ddclient.pid'
config_tmpl = """
### Autogenerated by dynamic_dns.py ###
daemon=1m
syslog=yes
ssl=yes
-pid=/var/run/ddclient/ddclient.pid
-cache=/var/cache/ddclient/ddclient.cache
+pid={{ pid_file }}
+cache={{ cache_file }}
{% for interface in interfaces -%}
@@ -48,11 +47,11 @@ use=if, if={{ interface.interface }}
{% for rfc in interface.rfc2136 -%}
{% for record in rfc.record %}
# RFC2136 dynamic DNS configuration for {{ record }}.{{ rfc.zone }}
-server={{ rfc.server }}
-protocol=nsupdate
-password={{ rfc.keyfile }}
-ttl={{ rfc.ttl }}
-zone={{ rfc.zone }}
+server={{ rfc.server }},
+protocol=nsupdate,
+password={{ rfc.keyfile }},
+ttl={{ rfc.ttl }},
+zone={{ rfc.zone }},
{{ record }}
{% endfor -%}
{% endfor -%}
@@ -60,12 +59,16 @@ zone={{ rfc.zone }}
{% for srv in interface.service %}
{% for host in srv.host %}
# DynDNS provider configuration for {{ host }}
-protocol={{ srv.protocol }}
-max-interval=28d
-login={{ srv.login }}
-password='{{ srv.password }}'
+protocol={{ srv.protocol }},
+max-interval=28d,
+login={{ srv.login }},
+password='{{ srv.password }}',
{% if srv.server -%}
-server={{ srv.server }}
+server={{ srv.server }},
+{% endif -%}
+{% if 'cloudflare' in srv.protocol -%}
+{% set zone = host.split('.',1) -%}
+zone={{ zone[1] }},
{% endif -%}
{{ host }}
{% endfor %}
@@ -91,6 +94,8 @@ default_service_protocol = {
default_config_data = {
'interfaces': [],
+ 'cache_file': cache_file,
+ 'pid_file': pid_file
}
def get_config():
@@ -237,8 +242,15 @@ def generate(dyndns):
if dyndns is None:
return None
- tmpl = jinja2.Template(config_tmpl)
+ dirname = os.path.dirname(dyndns['pid_file'])
+ if not os.path.exists(dirname):
+ os.mkdir(dirname)
+ dirname = os.path.dirname(config_file)
+ if not os.path.exists(dirname):
+ os.mkdir(dirname)
+
+ tmpl = jinja2.Template(config_tmpl)
config_text = tmpl.render(dyndns)
with open(config_file, 'w') as f:
f.write(config_text)
@@ -246,11 +258,16 @@ def generate(dyndns):
return None
def apply(dyndns):
- if os.path.exists(cache_file):
- os.unlink(cache_file)
+ if os.path.exists(dyndns['cache_file']):
+ os.unlink(dyndns['cache_file'])
+
+ if os.path.exists('/etc/ddclient.conf'):
+ os.unlink('/etc/ddclient.conf')
if dyndns is None:
os.system('/etc/init.d/ddclient stop')
+ if os.path.exists(dyndns['pid_file']):
+ os.unlink(dyndns['pid_file'])
else:
os.system('/etc/init.d/ddclient restart')
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index f948063e9..d7fcb74de 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -30,34 +30,34 @@ config_file = '/etc/nginx/sites-available/default'
# Please be careful if you edit the template.
config_tmpl = """
-### Autogenerated by http-api.py ###
+### Autogenerated by https.py ###
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
- return 302 https://$server_name$request_uri;
+ return 301 https://$server_name$request_uri;
}
-{% for addr, names in listen_addresses.items() %}
+{% for server in server_block_list %}
server {
# SSL configuration
#
-{% if addr == '*' %}
- listen 443 ssl default_server;
- listen [::]:443 ssl default_server;
+{% if server.address == '*' %}
+ listen 443 ssl;
+ listen [::]:443 ssl;
{% else %}
- listen {{ addr }}:443 ssl;
+ listen {{ server.address }}:443 ssl;
{% endif %}
-{% for name in names %}
+{% for name in server.name %}
server_name {{ name }};
{% endfor %}
-{% if vyos_cert %}
- include {{ vyos_cert.conf }};
+{% if server.vyos_cert %}
+ include {{ server.vyos_cert.conf }};
{% else %}
#
# Self signed certs generated by the ssl-cert package
@@ -67,46 +67,9 @@ server {
{% endif %}
# proxy settings for HTTP API, if enabled; 503, if not
- location ~ /(retrieve|configure) {
-{% if api %}
- proxy_pass http://localhost:{{ api.port }};
- proxy_buffering off;
-{% else %}
- return 503;
-{% endif %}
- }
-
- error_page 501 502 503 =200 @50*_json;
-
- location @50*_json {
- default_type application/json;
- return 200 '{"error": "Start service in configuration mode: set service https api"}';
- }
-
-}
-{% else %}
-server {
- # SSL configuration
- #
- listen 443 ssl default_server;
- listen [::]:443 ssl default_server;
-
- server_name _;
-
-{% if vyos_cert %}
- include {{ vyos_cert.conf }};
-{% else %}
- #
- # Self signed certs generated by the ssl-cert package
- # Don't use them in a production server!
- #
- include snippets/snakeoil.conf;
-{% endif %}
-
- # proxy settings for HTTP API, if enabled; 503, if not
- location ~ /(retrieve|configure) {
-{% if api %}
- proxy_pass http://localhost:{{ api.port }};
+ location ~ /(retrieve|configure|config-file|image) {
+{% if server.api %}
+ proxy_pass http://localhost:{{ server.api.port }};
proxy_buffering off;
{% else %}
return 503;
@@ -125,8 +88,16 @@ server {
{% endfor %}
"""
+default_server_block = {
+ 'address' : '*',
+ 'name' : ['_'],
+ # api :
+ # vyos_cert :
+ # le_cert :
+}
+
def get_config():
- https = vyos.defaults.https_data
+ server_block_list = []
conf = Config()
if not conf.exists('service https'):
return None
@@ -134,25 +105,36 @@ def get_config():
conf.set_level('service https')
if conf.exists('listen-address'):
- addrs = {}
for addr in conf.list_nodes('listen-address'):
- addrs[addr] = ['_']
+ server_block = {'address' : addr}
+ server_block['name'] = ['_']
if conf.exists('listen-address {0} server-name'.format(addr)):
names = conf.return_values('listen-address {0} server-name'.format(addr))
- addrs[addr] = names[:]
- https['listen_addresses'] = addrs
+ server_block['name'] = names[:]
+ server_block_list.append(server_block)
+ if not server_block_list:
+ server_block_list.append(default_server_block)
+
+ vyos_cert_data = {}
if conf.exists('certificates'):
if conf.exists('certificates system-generated-certificate'):
- https['vyos_cert'] = vyos.defaults.vyos_cert_data
+ vyos_cert_data = vyos.defaults.vyos_cert_data
+ if vyos_cert_data:
+ for block in server_block_list:
+ block['vyos_cert'] = vyos_cert_data
+ api_data = {}
if conf.exists('api'):
- https['api'] = vyos.defaults.api_data
-
- if conf.exists('api port'):
- port = conf.return_value('api port')
- https['api']['port'] = port
-
+ api_data = vyos.defaults.api_data
+ if conf.exists('api port'):
+ port = conf.return_value('api port')
+ api_data['port'] = port
+ if api_data:
+ for block in server_block_list:
+ block['api'] = api_data
+
+ https = {'server_block_list' : server_block_list}
return https
def verify(https):
@@ -162,6 +144,9 @@ def generate(https):
if https is None:
return None
+ if 'server_block_list' not in https or not https['server_block_list']:
+ https['server_block_list'] = [default_server_block]
+
tmpl = jinja2.Template(config_tmpl, trim_blocks=True)
config_text = tmpl.render(https)
with open(config_file, 'w') as f:
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py
index cd40aff3e..a9ed6bfb6 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces-ethernet.py
@@ -130,7 +130,7 @@ def get_config():
print("Interface not specified")
# check if ethernet interface has been removed
- cfg_base = 'interfaces ethernet ' + eth['intf']
+ cfg_base = ['interfaces', 'ethernet', eth['intf']]
if not conf.exists(cfg_base):
eth['deleted'] = True
# we can not bail out early as ethernet interface can not be removed
@@ -249,7 +249,7 @@ def get_config():
if conf.exists('vif-s'):
for vif_s in conf.list_nodes('vif-s'):
# set config level to vif-s interface
- conf.set_level(cfg_base + ' vif-s ' + vif_s)
+ conf.set_level(cfg_base + ['vif-s', vif_s])
eth['vif_s'].append(vlan_to_dict(conf))
# re-set configuration level to parse new nodes
@@ -263,7 +263,7 @@ def get_config():
if conf.exists('vif'):
for vif in conf.list_nodes('vif'):
# set config level to vif interface
- conf.set_level(cfg_base + ' vif ' + vif)
+ conf.set_level(cfg_base + ['vif', vif])
eth['vif'].append(vlan_to_dict(conf))
return eth
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py
index cba1fe319..b64cccbfa 100755
--- a/src/conf_mode/snmp.py
+++ b/src/conf_mode/snmp.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2018 VyOS maintainers and contributors
+# Copyright (C) 2018-2019 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -13,24 +13,21 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#
import sys
import os
-import shutil
import stat
import pwd
-import time
-
import jinja2
-import random
-import binascii
import re
import vyos.version
import vyos.validate
+from binascii import hexlify
+from shutil import move
+from time import sleep
+from stat import S_IRWXU,S_IXGRP,S_IXOTH
from vyos.config import Config
from vyos import ConfigError
@@ -78,7 +75,7 @@ createUser {{ u.name }}
{%- elif u.authPassword %}
createUser {{ u.name }} {{ u.authProtocol | upper }} "{{ u.authPassword }}" {{ u.privProtocol | upper }} {{ u.privPassword }}
{%- else %}
-usmUser 1 3 {{ u.engineID }} "{{ u.name }}" "{{ u.name }}" NULL {{ u.authOID }} {{ u.authMasterKey }} {{ u.privOID }} {{ u.privMasterKey }} 0x
+usmUser 1 3 {{ v3_engineid }} "{{ u.name }}" "{{ u.name }}" NULL {{ u.authOID }} {{ u.authMasterKey }} {{ u.privOID }} {{ u.privMasterKey }} 0x
{%- endif %}
{%- endfor %}
@@ -117,9 +114,6 @@ monitor -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2
########################
# configurable section #
########################
-{% if v3_tsm_key %}
-[snmp] localCert {{ v3_tsm_key }}
-{%- endif %}
# Default system description is VyOS version
sysDescr VyOS {{ version }}
@@ -130,7 +124,7 @@ SysDescr {{ description }}
{%- endif %}
# Listen
-agentaddress unix:/run/snmpd.socket{% if listen_on %}{% for li in listen_on %},{{ li }}{% endfor %}{% else %},udp:161,udp6:161{% endif %}{% if v3_tsm_key %},tlstcp:{{ v3_tsm_port }},dtlsudp::{{ v3_tsm_port }}{% endif %}
+agentaddress unix:/run/snmpd.socket{% if listen_on %}{% for li in listen_on %},{{ li }}{% endfor %}{% else %},udp:161,udp6:161{% endif %}
# SNMP communities
{%- for c in communities %}
@@ -192,25 +186,23 @@ view {{ v.name }} included .{{ oid.oid }}
# context sec.model sec.level match read write notif
{%- for g in v3_groups %}
access {{ g.name }} "" usm {{ g.seclevel }} exact {{ g.view }} {% if g.mode == 'ro' %}none{% else %}{{ g.view }}{% endif %} none
-access {{ g.name }} "" tsm {{ g.seclevel }} exact {{ g.view }} {% if g.mode == 'ro' %}none{% else %}{{ g.view }}{% endif %} none
{%- endfor %}
# trap-target
{%- for t in v3_traps %}
-trapsess -v 3 {{ '-Ci' if t.type == 'inform' }} -e {{ t.engineID }} -u {{ t.secName }} -l {{ t.secLevel }} -a {{ t.authProtocol }} {% if t.authPassword %}-A {{ t.authPassword }}{% elif t.authMasterKey %}-3m {{ t.authMasterKey }}{% endif %} -x {{ t.privProtocol }} {% if t.privPassword %}-X {{ t.privPassword }}{% elif t.privMasterKey %}-3M {{ t.privMasterKey }}{% endif %} {{ t.ipProto }}:{{ t.ipAddr }}:{{ t.ipPort }}
+trapsess -v 3 {{ '-Ci' if t.type == 'inform' }} -e {{ v3_engineid }} -u {{ t.secName }} -l {{ t.secLevel }} -a {{ t.authProtocol }} {% if t.authPassword %}-A {{ t.authPassword }}{% elif t.authMasterKey %}-3m {{ t.authMasterKey }}{% endif %} -x {{ t.privProtocol }} {% if t.privPassword %}-X {{ t.privPassword }}{% elif t.privMasterKey %}-3M {{ t.privMasterKey }}{% endif %} {{ t.ipProto }}:{{ t.ipAddr }}:{{ t.ipPort }}
{%- endfor %}
# group
{%- for u in v3_users %}
group {{ u.group }} usm {{ u.name }}
-group {{ u.group }} tsm {{ u.name }}
{% endfor %}
{%- endif %}
{% if script_ext %}
# extension scripts
{%- for ext in script_ext|sort %}
-extend\t{{ext}}\t{{script_ext[ext]}}
+extend {{ ext.name }} {{ ext.script }}
{%- endfor %}
{% endif %}
"""
@@ -244,11 +236,9 @@ default_config_data = {
'v3_engineid': '',
'v3_groups': [],
'v3_traps': [],
- 'v3_tsm_key': '',
- 'v3_tsm_port': '10161',
'v3_users': [],
'v3_views': [],
- 'script_ext': {}
+ 'script_ext': []
}
def rmfile(file):
@@ -266,10 +256,10 @@ def get_config():
version_data = vyos.version.get_version_data()
snmp['version'] = version_data['version']
- # create an internal snmpv3 user of the form 'vyattaxxxxxxxxxxxxxxxx'
+ # create an internal snmpv3 user of the form 'vyosxxxxxxxxxxxxxxxx'
# os.urandom(8) returns 8 bytes of random data
- snmp['vyos_user'] = 'vyatta' + binascii.hexlify(os.urandom(8)).decode('utf-8')
- snmp['vyos_user_pass'] = binascii.hexlify(os.urandom(16)).decode('utf-8')
+ snmp['vyos_user'] = 'vyos' + hexlify(os.urandom(8)).decode('utf-8')
+ snmp['vyos_user_pass'] = hexlify(os.urandom(16)).decode('utf-8')
if conf.exists('community'):
for name in conf.list_nodes('community'):
@@ -357,9 +347,13 @@ def get_config():
# 'set service snmp script-extensions'
#
if conf.exists('script-extensions'):
- for extname in conf.list_nodes('script-extensions extension-name'):
- snmp['script_ext'][extname] = '/config/user-data/' + conf.return_value('script-extensions extension-name ' + extname + ' script')
+ for extname in conf.list_nodes('script-extensions extension-name'):
+ extension = {
+ 'name': extname,
+ 'script' : conf.return_value('script-extensions extension-name {} script'.format(extname))
+ }
+ snmp['script_ext'].append(extension)
#########################################################################
# ____ _ _ __ __ ____ _____ #
@@ -375,15 +369,11 @@ def get_config():
else:
snmp['v3_enabled'] = True
- #
# 'set service snmp v3 engineid'
- #
if conf.exists('v3 engineid'):
snmp['v3_engineid'] = conf.return_value('v3 engineid')
- #
# 'set service snmp v3 group'
- #
if conf.exists('v3 group'):
for group in conf.list_nodes('v3 group'):
v3_group = {
@@ -404,14 +394,11 @@ def get_config():
snmp['v3_groups'].append(v3_group)
- #
# 'set service snmp v3 trap-target'
- #
if conf.exists('v3 trap-target'):
for trap in conf.list_nodes('v3 trap-target'):
trap_cfg = {
'ipAddr': trap,
- 'engineID': '',
'secName': '',
'authProtocol': 'md5',
'authPassword': '',
@@ -425,11 +412,6 @@ def get_config():
'secLevel': 'noAuthNoPriv'
}
- if conf.exists('v3 trap-target {0} engineid'.format(trap)):
- # Set the context engineID used for SNMPv3 REQUEST messages scopedPdu.
- # If not specified, this will default to the authoritative engineID.
- trap_cfg['engineID'] = conf.return_value('v3 trap-target {0} engineid'.format(trap))
-
if conf.exists('v3 trap-target {0} user'.format(trap)):
# Set the securityName used for authenticated SNMPv3 messages.
trap_cfg['secName'] = conf.return_value('v3 trap-target {0} user'.format(trap))
@@ -483,19 +465,7 @@ def get_config():
snmp['v3_traps'].append(trap_cfg)
- #
- # 'set service snmp v3 tsm'
- #
- if conf.exists('v3 tsm'):
- if conf.exists('v3 tsm local-key'):
- snmp['v3_tsm_key'] = conf.return_value('v3 tsm local-key')
-
- if conf.exists('v3 tsm port'):
- snmp['v3_tsm_port'] = conf.return_value('v3 tsm port')
-
- #
# 'set service snmp v3 user'
- #
if conf.exists('v3 user'):
for user in conf.list_nodes('v3 user'):
user_cfg = {
@@ -504,19 +474,15 @@ def get_config():
'authPassword': '',
'authProtocol': 'md5',
'authOID': 'none',
- 'engineID': '',
'group': '',
'mode': 'ro',
'privMasterKey': '',
'privPassword': '',
'privOID': '',
- 'privTsmKey': '',
'privProtocol': 'des'
}
- #
# v3 user {0} auth
- #
if conf.exists('v3 user {0} auth encrypted-key'.format(user)):
user_cfg['authMasterKey'] = conf.return_value('v3 user {0} auth encrypted-key'.format(user))
@@ -532,36 +498,21 @@ def get_config():
user_cfg['authProtocol'] = type
user_cfg['authOID'] = OIDs[type]
- #
- # v3 user {0} engineid
- #
- if conf.exists('v3 user {0} engineid'.format(user)):
- user_cfg['engineID'] = conf.return_value('v3 user {0} engineid'.format(user))
-
- #
# v3 user {0} group
- #
if conf.exists('v3 user {0} group'.format(user)):
user_cfg['group'] = conf.return_value('v3 user {0} group'.format(user))
- #
# v3 user {0} mode
- #
if conf.exists('v3 user {0} mode'.format(user)):
user_cfg['mode'] = conf.return_value('v3 user {0} mode'.format(user))
- #
# v3 user {0} privacy
- #
if conf.exists('v3 user {0} privacy encrypted-key'.format(user)):
user_cfg['privMasterKey'] = conf.return_value('v3 user {0} privacy encrypted-key'.format(user))
if conf.exists('v3 user {0} privacy plaintext-key'.format(user)):
user_cfg['privPassword'] = conf.return_value('v3 user {0} privacy plaintext-key'.format(user))
- if conf.exists('v3 user {0} privacy tsm-key'.format(user)):
- user_cfg['privTsmKey'] = conf.return_value('v3 user {0} privacy tsm-key'.format(user))
-
# load default value
type = user_cfg['privProtocol']
if conf.exists('v3 user {0} privacy type'.format(user)):
@@ -573,9 +524,7 @@ def get_config():
snmp['v3_users'].append(user_cfg)
- #
# 'set service snmp v3 view'
- #
if conf.exists('v3 view'):
for view in conf.list_nodes('v3 view'):
view_cfg = {
@@ -599,23 +548,11 @@ def verify(snmp):
### check if the configured script actually exist under /config/user-data
if snmp['script_ext']:
- for ext in snmp['script_ext']:
- if not os.path.isfile(snmp['script_ext'][ext]):
- print ("WARNING: script: " + snmp['script_ext'][ext] + " doesn\'t exist")
- else:
- os.chmod(snmp['script_ext'][ext], 0o555)
-
- # bail out early if SNMP v3 is not configured
- if not snmp['v3_enabled']:
- return None
-
- tsmKeyPattern = re.compile('^[0-9A-F]{2}(:[0-9A-F]{2}){19}$', re.IGNORECASE)
-
- if snmp['v3_tsm_key']:
- if not tsmKeyPattern.match(snmp['v3_tsm_key']):
- if not os.path.isfile('/etc/snmp/tls/certs/' + snmp['v3_tsm_key']):
- if not os.path.isfile('/config/snmp/tls/certs/' + snmp['v3_tsm_key']):
- raise ConfigError('TSM key must be fingerprint or filename in "/config/snmp/tls/certs/" folder')
+ for ext in snmp['script_ext']:
+ if not os.path.isfile(ext['script']):
+ print ("WARNING: script: {} doesn't exist".format(ext['script']))
+ else:
+ os.chmod(ext['script'], S_IRWXU|S_IXGRP|S_IXOTH)
for listen in snmp['listen_address']:
addr = listen[0]
@@ -635,6 +572,10 @@ def verify(snmp):
else:
print('WARNING: SNMP listen address {0} not configured!'.format(addr))
+ # bail out early if SNMP v3 is not configured
+ if not snmp['v3_enabled']:
+ return None
+
if 'v3_groups' in snmp.keys():
for group in snmp['v3_groups']:
#
@@ -683,13 +624,6 @@ def verify(snmp):
if not 'privPassword' and 'privMasterKey' in trap.keys():
raise ConfigError('v3 trap: "user" must be specified')
- if 'type' in trap.keys():
- if trap['type'] == 'trap' and trap['engineID'] == '':
- raise ConfigError('must specify engineid if type is "trap"')
- else:
- raise ConfigError('"type" must be specified')
-
-
if 'v3_users' in snmp.keys():
for user in snmp['v3_users']:
#
@@ -721,21 +655,9 @@ def verify(snmp):
if user['privPassword'] == '' and user['privMasterKey'] == '':
raise ConfigError('Must specify encrypted-key or plaintext-key for user privacy')
- if user['privMasterKey'] and user['engineID'] == '':
- raise ConfigError('Can not have "encrypted-key" without engineid')
-
- if user['authPassword'] == '' and user['authMasterKey'] == '' and user['privTsmKey'] == '':
- raise ConfigError('Must specify auth or tsm-key for user auth')
-
if user['mode'] == '':
raise ConfigError('Must specify user mode ro/rw')
- if user['privTsmKey']:
- if not tsmKeyPattern.match(snmp['v3_tsm_key']):
- if not os.path.isfile('/etc/snmp/tls/certs/' + snmp['v3_tsm_key']):
- if not os.path.isfile('/config/snmp/tls/certs/' + snmp['v3_tsm_key']):
- raise ConfigError('User TSM key must be fingerprint or filename in "/config/snmp/tls/certs/" folder')
-
if 'v3_views' in snmp.keys():
for view in snmp['v3_views']:
if not view['oids']:
@@ -804,7 +726,7 @@ def apply(snmp):
if os.path.exists(volatiledir) and os.path.isdir(volatiledir):
files = os.listdir(volatiledir)
for f in files:
- shutil.move(volatiledir + '/' + f, nonvolatiledir)
+ move(volatiledir + '/' + f, nonvolatiledir)
os.chmod(nonvolatiledir + '/' + f, stat.S_IWUSR | stat.S_IRUSR)
os.rmdir(volatiledir)
@@ -825,7 +747,7 @@ def apply(snmp):
snmpReady = False
while not snmpReady:
while not os.path.exists(config_file_user):
- time.sleep(1)
+ sleep(1)
with open(config_file_user, 'r') as f:
for line in f:
@@ -858,7 +780,6 @@ def apply(snmp):
# Now update the running configuration
#
# Currently when executing os.system() the environment does not have the vyos_libexec_dir variable set, see T685
- os.system('vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set service snmp v3 user "{0}" engineid {1} > /dev/null'.format(cfg['user'], engineID))
os.system('vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set service snmp v3 user "{0}" auth encrypted-key {1} > /dev/null'.format(cfg['user'], cfg['auth_pw']))
os.system('vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set service snmp v3 user "{0}" privacy encrypted-key {1} > /dev/null'.format(cfg['user'], cfg['priv_pw']))
os.system('vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_delete service snmp v3 user "{0}" auth plaintext-key > /dev/null'.format(cfg['user']))