summaryrefslogtreecommitdiff
path: root/src/migration-scripts
diff options
context:
space:
mode:
Diffstat (limited to 'src/migration-scripts')
-rwxr-xr-xsrc/migration-scripts/firewall/6-to-75
-rwxr-xr-xsrc/migration-scripts/interfaces/24-to-2537
-rwxr-xr-xsrc/migration-scripts/monitoring/0-to-171
-rwxr-xr-xsrc/migration-scripts/system/23-to-244
-rwxr-xr-xsrc/migration-scripts/system/24-to-2552
5 files changed, 157 insertions, 12 deletions
diff --git a/src/migration-scripts/firewall/6-to-7 b/src/migration-scripts/firewall/6-to-7
index 5f4cff90d..626d6849f 100755
--- a/src/migration-scripts/firewall/6-to-7
+++ b/src/migration-scripts/firewall/6-to-7
@@ -194,11 +194,12 @@ if config.exists(base + ['ipv6-name']):
if config.exists(rule_icmp + ['type']):
tmp = config.return_value(rule_icmp + ['type'])
- type_code_match = re.match(r'^(\d+)/(\d+)$', tmp)
+ type_code_match = re.match(r'^(\d+)(?:/(\d+))?$', tmp)
if type_code_match:
config.set(rule_icmp + ['type'], value=type_code_match[1])
- config.set(rule_icmp + ['code'], value=type_code_match[2])
+ if type_code_match[2]:
+ config.set(rule_icmp + ['code'], value=type_code_match[2])
elif tmp in icmpv6_remove:
config.delete(rule_icmp + ['type'])
elif tmp in icmpv6_translations:
diff --git a/src/migration-scripts/interfaces/24-to-25 b/src/migration-scripts/interfaces/24-to-25
index 93ce9215f..4095f2a3e 100755
--- a/src/migration-scripts/interfaces/24-to-25
+++ b/src/migration-scripts/interfaces/24-to-25
@@ -20,6 +20,7 @@
import os
import sys
from vyos.configtree import ConfigTree
+from vyos.pki import CERT_BEGIN
from vyos.pki import load_certificate
from vyos.pki import load_crl
from vyos.pki import load_dh_parameters
@@ -27,6 +28,7 @@ from vyos.pki import load_private_key
from vyos.pki import encode_certificate
from vyos.pki import encode_dh_parameters
from vyos.pki import encode_private_key
+from vyos.pki import verify_crl
from vyos.util import run
def wrapped_pem_to_config_value(pem):
@@ -129,6 +131,8 @@ if config.exists(base):
config.delete(base + [interface, 'tls', 'crypt-file'])
+ ca_certs = {}
+
if config.exists(x509_base + ['ca-cert-file']):
if not config.exists(pki_base + ['ca']):
config.set(pki_base + ['ca'])
@@ -136,20 +140,27 @@ if config.exists(base):
cert_file = config.return_value(x509_base + ['ca-cert-file'])
cert_path = os.path.join(AUTH_DIR, cert_file)
- cert = None
if os.path.isfile(cert_path):
if not os.access(cert_path, os.R_OK):
run(f'sudo chmod 644 {cert_path}')
with open(cert_path, 'r') as f:
- cert_data = f.read()
- cert = load_certificate(cert_data, wrap_tags=False)
-
- if cert:
- cert_pem = encode_certificate(cert)
- config.set(pki_base + ['ca', pki_name, 'certificate'], value=wrapped_pem_to_config_value(cert_pem))
- config.set(x509_base + ['ca-certificate'], value=pki_name)
+ certs_str = f.read()
+ certs_data = certs_str.split(CERT_BEGIN)
+ index = 1
+ for cert_data in certs_data[1:]:
+ cert = load_certificate(CERT_BEGIN + cert_data, wrap_tags=False)
+
+ if cert:
+ ca_certs[f'{pki_name}_{index}'] = cert
+ cert_pem = encode_certificate(cert)
+ config.set(pki_base + ['ca', f'{pki_name}_{index}', 'certificate'], value=wrapped_pem_to_config_value(cert_pem))
+ config.set(x509_base + ['ca-certificate'], value=f'{pki_name}_{index}', replace=False)
+ else:
+ print(f'Failed to migrate CA certificate on openvpn interface {interface}')
+
+ index += 1
else:
print(f'Failed to migrate CA certificate on openvpn interface {interface}')
@@ -163,6 +174,7 @@ if config.exists(base):
crl_file = config.return_value(x509_base + ['crl-file'])
crl_path = os.path.join(AUTH_DIR, crl_file)
crl = None
+ crl_ca_name = None
if os.path.isfile(crl_path):
if not os.access(crl_path, os.R_OK):
@@ -172,9 +184,14 @@ if config.exists(base):
crl_data = f.read()
crl = load_crl(crl_data, wrap_tags=False)
- if crl:
+ for ca_name, ca_cert in ca_certs.items():
+ if verify_crl(crl, ca_cert):
+ crl_ca_name = ca_name
+ break
+
+ if crl and crl_ca_name:
crl_pem = encode_certificate(crl)
- config.set(pki_base + ['ca', pki_name, 'crl'], value=wrapped_pem_to_config_value(crl_pem))
+ config.set(pki_base + ['ca', crl_ca_name, 'crl'], value=wrapped_pem_to_config_value(crl_pem))
else:
print(f'Failed to migrate CRL on openvpn interface {interface}')
diff --git a/src/migration-scripts/monitoring/0-to-1 b/src/migration-scripts/monitoring/0-to-1
new file mode 100755
index 000000000..803cdb49c
--- /dev/null
+++ b/src/migration-scripts/monitoring/0-to-1
@@ -0,0 +1,71 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2022 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# T3417: migrate IS-IS tagNode to node as we can only have one IS-IS process
+
+from sys import argv
+from sys import exit
+
+from vyos.configtree import ConfigTree
+
+if (len(argv) < 1):
+ print("Must specify file name!")
+ exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+base = ['service', 'monitoring', 'telegraf']
+config = ConfigTree(config_file)
+
+if not config.exists(base):
+ # Nothing to do
+ exit(0)
+
+if config.exists(base + ['authentication', 'organization']):
+ tmp = config.return_value(base + ['authentication', 'organization'])
+ config.delete(base + ['authentication', 'organization'])
+ config.set(base + ['influxdb', 'authentication', 'organization'], value=tmp)
+
+if config.exists(base + ['authentication', 'token']):
+ tmp = config.return_value(base + ['authentication', 'token'])
+ config.delete(base + ['authentication', 'token'])
+ config.set(base + ['influxdb', 'authentication', 'token'], value=tmp)
+
+if config.exists(base + ['bucket']):
+ tmp = config.return_value(base + ['bucket'])
+ config.delete(base + ['bucket'])
+ config.set(base + ['influxdb', 'bucket'], value=tmp)
+
+if config.exists(base + ['port']):
+ tmp = config.return_value(base + ['port'])
+ config.delete(base + ['port'])
+ config.set(base + ['influxdb', 'port'], value=tmp)
+
+if config.exists(base + ['url']):
+ tmp = config.return_value(base + ['url'])
+ config.delete(base + ['url'])
+ config.set(base + ['influxdb', 'url'], value=tmp)
+
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print(f'Failed to save the modified config: {e}')
+ exit(1)
diff --git a/src/migration-scripts/system/23-to-24 b/src/migration-scripts/system/23-to-24
index 5ea71d51a..97fe82462 100755
--- a/src/migration-scripts/system/23-to-24
+++ b/src/migration-scripts/system/23-to-24
@@ -20,6 +20,7 @@ from ipaddress import ip_interface
from ipaddress import ip_address
from sys import exit, argv
from vyos.configtree import ConfigTree
+from vyos.template import is_ipv4
if (len(argv) < 1):
print("Must specify file name!")
@@ -37,6 +38,9 @@ def fixup_cli(config, path, interface):
if config.exists(path + ['address']):
for address in config.return_values(path + ['address']):
tmp = ip_interface(address)
+ # ARP is only available for IPv4 ;-)
+ if not is_ipv4(tmp):
+ continue
if ip_address(host) in tmp.network.hosts():
mac = config.return_value(tmp_base + [host, 'hwaddr'])
iface_path = ['protocols', 'static', 'arp', 'interface']
diff --git a/src/migration-scripts/system/24-to-25 b/src/migration-scripts/system/24-to-25
new file mode 100755
index 000000000..c2f70689d
--- /dev/null
+++ b/src/migration-scripts/system/24-to-25
@@ -0,0 +1,52 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2022 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# Migrate system syslog global archive to system logs logrotate messages
+
+from sys import exit, argv
+from vyos.configtree import ConfigTree
+
+if (len(argv) < 1):
+ print("Must specify file name!")
+ exit(1)
+
+file_name = argv[1]
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+base = ['system', 'syslog', 'global', 'archive']
+config = ConfigTree(config_file)
+
+if not config.exists(base):
+ exit(0)
+
+if config.exists(base + ['file']):
+ tmp = config.return_value(base + ['file'])
+ config.set(['system', 'logs', 'logrotate', 'messages', 'rotate'], value=tmp)
+
+if config.exists(base + ['size']):
+ tmp = config.return_value(base + ['size'])
+ tmp = max(round(int(tmp) / 1024), 1) # kb -> mb
+ config.set(['system', 'logs', 'logrotate', 'messages', 'max-size'], value=tmp)
+
+config.delete(base)
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print(f'Failed to save the modified config: {e}')
+ exit(1)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-24 12:53:05 +0000