summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/dhcpv6_server.py3
-rwxr-xr-xsrc/conf_mode/dns_forwarding.py8
-rwxr-xr-xsrc/conf_mode/host_name.py9
-rwxr-xr-xsrc/conf_mode/http-api.py104
-rwxr-xr-xsrc/conf_mode/https.py132
-rwxr-xr-xsrc/conf_mode/ipoe_server.py405
-rwxr-xr-xsrc/op_mode/show_dhcpv6.py104
-rw-r--r--src/systemd/vyos-http-api.service8
8 files changed, 755 insertions, 18 deletions
diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py
index 37da3ef25..f5117de53 100755
--- a/src/conf_mode/dhcpv6_server.py
+++ b/src/conf_mode/dhcpv6_server.py
@@ -101,6 +101,9 @@ shared-network {{ network.name }} {
{%- endfor %}
}
{%- endfor %}
+ on commit {
+ set shared-networkname = "{{ network.name }}";
+ }
}
{%- endif %}
{% endfor %}
diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py
index c7e362d07..aab389074 100755
--- a/src/conf_mode/dns_forwarding.py
+++ b/src/conf_mode/dns_forwarding.py
@@ -23,6 +23,8 @@ import argparse
import jinja2
import netifaces
+import vyos.util
+
from vyos.config import Config
from vyos import ConfigError
@@ -265,6 +267,12 @@ def apply(dns):
if __name__ == '__main__':
args = parser.parse_args()
+
+ if args.dhclient:
+ # There's a big chance it was triggered by a commit still in progress
+ # so we need to wait until the new values are in the running config
+ vyos.util.wait_for_commit_lock()
+
try:
c = get_config(args)
verify(c)
diff --git a/src/conf_mode/host_name.py b/src/conf_mode/host_name.py
index b0a4648c7..6fb7031a8 100755
--- a/src/conf_mode/host_name.py
+++ b/src/conf_mode/host_name.py
@@ -29,6 +29,8 @@ import subprocess
import argparse
import jinja2
+import vyos.util
+
from vyos.config import Config
from vyos import ConfigError
@@ -273,6 +275,13 @@ def apply(config):
if __name__ == '__main__':
args = parser.parse_args()
+
+ if args.dhclient:
+ # There's a big chance it was triggered by a commit still in progress
+ # so we need to wait until the new values are in the running config
+ vyos.util.wait_for_commit_lock()
+
+
try:
c = get_config(args)
verify(c)
diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py
new file mode 100755
index 000000000..7d618dded
--- /dev/null
+++ b/src/conf_mode/http-api.py
@@ -0,0 +1,104 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import sys
+import os
+import subprocess
+import json
+
+import vyos.defaults
+from vyos.config import Config
+from vyos import ConfigError
+
+config_file = '/etc/vyos/http-api.conf'
+
+default_config_data = {
+ 'listen_address' : '127.0.0.1',
+ 'port' : '8080',
+ 'strict' : 'false',
+ 'debug' : 'false',
+ 'api_keys' : [ {"id": "testapp", "key": "qwerty"} ]
+}
+
+vyos_conf_scripts_dir=vyos.defaults.directories['conf_mode']
+
+# XXX: this model will need to be extended for tag nodes
+dependencies = [
+ 'https.py',
+]
+
+def get_config():
+ http_api = default_config_data
+ conf = Config()
+ if not conf.exists('service https api'):
+ return None
+ else:
+ conf.set_level('service https api')
+
+ if conf.exists('strict'):
+ http_api['strict'] = 'true'
+
+ if conf.exists('debug'):
+ http_api['debug'] = 'true'
+
+ if conf.exists('port'):
+ port = conf.return_value('port')
+ http_api['port'] = port
+
+ if conf.exists('keys'):
+ for name in conf.list_nodes('keys id'):
+ if conf.exists('keys id {0} key'.format(name)):
+ key = conf.return_value('keys id {0} key'.format(name))
+ new_key = { 'id': name, 'key': key }
+ http_api['api_keys'].append(new_key)
+
+ return http_api
+
+def verify(http_api):
+ return None
+
+def generate(http_api):
+ if http_api is None:
+ return None
+
+ with open(config_file, 'w') as f:
+ json.dump(http_api, f, indent=2)
+
+ return None
+
+def apply(http_api):
+ if http_api is not None:
+ os.system('sudo systemctl restart vyos-http-api.service')
+ for dep in dependencies:
+ cmd = '{0}/{1}'.format(vyos_conf_scripts_dir, dep)
+ try:
+ subprocess.check_call(cmd, shell=True)
+ except subprocess.CalledProcessError as err:
+ raise ConfigError("{}.".format(err))
+ else:
+ os.system('sudo systemctl stop vyos-http-api.service')
+
+if __name__ == '__main__':
+ try:
+ c = get_config()
+ verify(c)
+ generate(c)
+ apply(c)
+ except ConfigError as e:
+ print(e)
+ sys.exit(1)
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
new file mode 100755
index 000000000..dae51dd7d
--- /dev/null
+++ b/src/conf_mode/https.py
@@ -0,0 +1,132 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import sys
+import os
+
+import jinja2
+
+from vyos.config import Config
+from vyos import ConfigError
+
+config_file = '/etc/nginx/sites-available/default'
+
+# Please be careful if you edit the template.
+config_tmpl = """
+
+### Autogenerated by http-api.py ###
+# Default server configuration
+#
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+ server_name _;
+ return 302 https://$server_name$request_uri;
+}
+
+server {
+
+ # SSL configuration
+ #
+ listen 443 ssl default_server;
+ listen [::]:443 ssl default_server;
+ #
+ # Self signed certs generated by the ssl-cert package
+ # Don't use them in a production server!
+ #
+ include snippets/snakeoil.conf;
+
+{% for l_addr in listen_address %}
+ server_name {{ l_addr }};
+{% endfor %}
+
+ location / {
+{% if api %}
+ proxy_pass http://localhost:{{ api.port }};
+ proxy_buffering off;
+{% endif %}
+ }
+
+ error_page 501 502 503 =200 @50*_json;
+
+ location @50*_json {
+ default_type application/json;
+ return 200 '{"error": "Start service in configuration mode: set service https api"}';
+ }
+
+}
+"""
+
+default_config_data = {
+ 'listen_address' : [ '127.0.0.1' ]
+}
+
+default_api_config_data = {
+ 'port' : '8080',
+}
+
+def get_config():
+ https = default_config_data
+ conf = Config()
+ if not conf.exists('service https'):
+ return None
+ else:
+ conf.set_level('service https')
+
+ if conf.exists('listen-address'):
+ addrs = conf.return_values('listen-address')
+ https['listen_address'] = addrs[:]
+
+ if conf.exists('api'):
+ https['api'] = default_api_config_data
+
+ if conf.exists('api port'):
+ port = conf.return_value('api port')
+ https['api']['port'] = port
+
+ return https
+
+def verify(https):
+ return None
+
+def generate(https):
+ if https is None:
+ return None
+
+ tmpl = jinja2.Template(config_tmpl, trim_blocks=True)
+ config_text = tmpl.render(https)
+ with open(config_file, 'w') as f:
+ f.write(config_text)
+
+ return None
+
+def apply(https):
+ if https is not None:
+ os.system('sudo systemctl restart nginx.service')
+ else:
+ os.system('sudo systemctl stop nginx.service')
+
+if __name__ == '__main__':
+ try:
+ c = get_config()
+ verify(c)
+ generate(c)
+ apply(c)
+ except ConfigError as e:
+ print(e)
+ sys.exit(1)
diff --git a/src/conf_mode/ipoe_server.py b/src/conf_mode/ipoe_server.py
new file mode 100755
index 000000000..45c64c617
--- /dev/null
+++ b/src/conf_mode/ipoe_server.py
@@ -0,0 +1,405 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2018 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import sys
+import os
+import re
+import time
+import socket
+import subprocess
+import jinja2
+import syslog as sl
+
+from vyos.config import Config
+from vyos import ConfigError
+
+ipoe_cnf_dir = r'/etc/accel-ppp/ipoe'
+ipoe_cnf = ipoe_cnf_dir + r'/ipoe.config'
+
+pidfile = r'/var/run/accel_ipoe.pid'
+cmd_port = r'2002'
+
+chap_secrets = ipoe_cnf_dir + '/chap-secrets'
+## accel-pppd -d -c /etc/accel-ppp/pppoe/pppoe.config -p /var/run/accel_pppoe.pid
+
+ipoe_config = '''
+### generated by ipoe.py ###
+[modules]
+log_syslog
+ippool
+ipoe
+shaper
+ipv6pool
+ipv6_nd
+ipv6_dhcp
+{% if auth['mech'] == 'radius' %}
+radius
+{% endif -%}
+{% if auth['mech'] == 'local' %}
+chap-secrets
+{% endif %}
+
+[core]
+thread-count={{thread_cnt}}
+
+[log]
+syslog=accel-ipoe,daemon
+copy=1
+level=5
+
+[ipoe]
+verbose=1
+{% for intfc in interfaces %}
+interface={{intfc}},\
+shared={{interfaces[intfc]['shared']}},\
+mode={{interfaces[intfc]['mode']}},\
+ifcfg={{interfaces[intfc]['ifcfg']}},\
+range={{interfaces[intfc]['range']}},\
+start={{interfaces[intfc]['sess_start']}},\
+ipv6=1
+{% endfor %}
+{% if auth['mech'] == 'noauth' %}
+noauth=1
+{% endif %}
+{% if auth['mech'] == 'local' %}
+username=ifname
+password=csid
+{% endif %}
+
+{% if (dns['server1']) or (dns['server2']) %}
+[dns]
+{% if dns['server1'] %}
+dns1={{dns['server1']}}
+{% endif -%}
+{% if dns['server2'] %}
+dns2={{dns['server2']}}
+{% endif -%}
+{% endif -%}
+
+{% if (dnsv6['server1']) or (dnsv6['server2']) or (dnsv6['server3']) %}
+[dnsv6]
+dns={{dnsv6['server1']}}
+dns={{dnsv6['server2']}}
+dns={{dnsv6['server3']}}
+{% endif %}
+
+[ipv6-nd]
+verbose=1
+
+[ipv6-dhcp]
+verbose=1
+
+{% if ipv6['prfx'] %}
+[ipv6-pool]
+{% for prfx in ipv6['prfx'] %}
+{{prfx}}
+{% endfor %}
+{% for pd in ipv6['pd'] %}
+delegate={{pd}}
+{% endfor %}
+{% endif %}
+
+{% if auth['mech'] == 'local' %}
+[chap-secrets]
+chap-secrets=/etc/accel-ppp/ipoe/chap-secrets
+{% endif %}
+
+{% if auth['mech'] == 'radius' %}
+[radius]
+verbose=1
+{% for srv in auth['radius'] %}
+server={{srv}},{{auth['radius'][srv]['secret']}},\
+req-limit={{auth['radius'][srv]['req-limit']}},\
+fail-time={{auth['radius'][srv]['fail-time']}}
+{% endfor %}
+{% if auth['radsettings']['dae-server']['ip-address'] %}
+dae-server={{auth['radsettings']['dae-server']['ip-address']}}:\
+{{auth['radsettings']['dae-server']['port']}},\
+{{auth['radsettings']['dae-server']['secret']}}
+{% endif -%}
+{% if auth['radsettings']['acct-timeout'] %}
+acct-timeout={{auth['radsettings']['acct-timeout']}}
+{% endif -%}
+{% if auth['radsettings']['max-try'] %}
+max-try={{auth['radsettings']['max-try']}}
+{% endif -%}
+{% if auth['radsettings']['timeout'] %}
+timeout={{auth['radsettings']['timeout']}}
+{% endif -%}
+{% if auth['radsettings']['nas-ip-address'] %}
+nas-ip-address={{auth['radsettings']['nas-ip-address']}}
+{% endif -%}
+{% if auth['radsettings']['nas-identifier'] %}
+nas-identifier={{auth['radsettings']['nas-identifier']}}
+{% endif -%}
+{% endif %}
+
+[cli]
+tcp=127.0.0.1:2002
+'''
+
+### pppoe chap secrets
+chap_secrets_conf = '''
+# username server password acceptable local IP addresses shaper
+{% for aifc in auth['auth_if'] %}
+{% for mac in auth['auth_if'][aifc] %}
+{% if (auth['auth_if'][aifc][mac]['up']) and (auth['auth_if'][aifc][mac]['down']) %}
+{{aifc}}\t*\t{{mac.lower()}}\t*\t{{auth['auth_if'][aifc][mac]['down']}}/{{auth['auth_if'][aifc][mac]['up']}}
+{% else %}
+{{aifc}}\t*\t{{mac.lower()}}\t*
+{% endif %}
+{% endfor %}
+{% endfor %}
+'''
+
+##### Inline functions start ####
+### config path creation
+if not os.path.exists(ipoe_cnf_dir):
+ os.makedirs(ipoe_cnf_dir)
+ sl.syslog(sl.LOG_NOTICE, ipoe_cnf_dir + " created")
+
+def get_cpu():
+ cpu_cnt = 1
+ if os.cpu_count() == 1:
+ cpu_cnt = 1
+ else:
+ cpu_cnt = int(os.cpu_count()/2)
+ return cpu_cnt
+
+def chk_con():
+ cnt = 0
+ s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ while True:
+ try:
+ s.connect(("127.0.0.1", int(cmd_port)))
+ break
+ except ConnectionRefusedError:
+ time.sleep(0.5)
+ cnt +=1
+ if cnt == 100:
+ raise("failed to start pppoe server")
+ break
+
+def accel_cmd(cmd=''):
+ if not cmd:
+ return None
+ try:
+ ret = subprocess.check_output(['/usr/bin/accel-cmd', '-p', cmd_port, cmd]).decode().strip()
+ return ret
+ except:
+ return 1
+
+### chap_secrets file if auth mode local
+def gen_chap_secrets(c):
+ tmpl = jinja2.Template(chap_secrets_conf, trim_blocks=True)
+ chap_secrets_txt = tmpl.render(c)
+ old_umask = os.umask(0o077)
+ open(chap_secrets,'w').write(chap_secrets_txt)
+ os.umask(old_umask)
+ sl.syslog(sl.LOG_NOTICE, chap_secrets + ' written')
+
+##### Inline functions end ####
+
+def get_config():
+ c = Config()
+ if not c.exists('service ipoe-server'):
+ return None
+
+ config_data = {}
+
+ c.set_level('service ipoe-server')
+ config_data['interfaces'] = {}
+ for intfc in c.list_nodes('interface'):
+ config_data['interfaces'][intfc] = {
+ 'mode' : 'L2',
+ 'shared' : '1',
+ 'sess_start' : 'dhcpv4', ### may need a conifg option, can be dhcpv4 or up for unclassified pkts
+ 'range' : None,
+ 'ifcfg' : '1'
+ }
+ config_data['dns'] = {
+ 'server1' : None,
+ 'server2' : None
+ }
+ config_data['dnsv6'] = {
+ 'server1' : None,
+ 'server2' : None,
+ 'server3' : None
+ }
+ config_data['ipv6'] = {
+ 'prfx' : [],
+ 'pd' : [],
+ }
+ config_data['auth'] = {
+ 'auth_if' : {},
+ 'mech' : 'noauth',
+ 'radius' : {},
+ 'radsettings' : {
+ 'dae-server' : {}
+ }
+ }
+
+ if c.exists('interface ' + intfc + ' network-mode'):
+ config_data['interfaces'][intfc]['mode'] = c.return_value('interface ' + intfc + ' network-mode')
+ if c.return_value('interface ' + intfc + ' network') == 'vlan':
+ config_data['interfaces'][intfc]['shared'] = '0'
+ if c.exists('interface ' + intfc + ' client-subnet'):
+ config_data['interfaces'][intfc]['range'] = c.return_value('interface ' + intfc + ' client-subnet')
+ if c.exists('dns-server server-1'):
+ config_data['dns']['server1'] = c.return_value('dns-server server-1')
+ if c.exists('dns-server server-2'):
+ config_data['dns']['server2'] = c.return_value('dns-server server-2')
+ if c.exists('dnsv6-server server-1'):
+ config_data['dnsv6']['server1'] = c.return_value('dnsv6-server server-1')
+ if c.exists('dnsv6-server server-2'):
+ config_data['dnsv6']['server2'] = c.return_value('dnsv6-server server-2')
+ if c.exists('dnsv6-server server-3'):
+ config_data['dnsv6']['server3'] = c.return_value('dnsv6-server server-3')
+ if not c.exists('authentication mode noauth'):
+ config_data['auth']['mech'] = c.return_value('authentication mode')
+ if c.exists('authentication mode local'):
+ for auth_int in c.list_nodes('authentication interface'):
+ for mac in c.list_nodes('authentication interface ' + auth_int + ' mac-address'):
+ config_data['auth']['auth_if'][auth_int] = {}
+ if c.exists('authentication interface ' + auth_int + ' mac-address ' + mac + ' rate-limit'):
+ config_data['auth']['auth_if'][auth_int][mac] = {}
+ config_data['auth']['auth_if'][auth_int][mac]['up'] = c.return_value('authentication interface ' + auth_int + ' mac-address ' + mac + ' rate-limit upload')
+ config_data['auth']['auth_if'][auth_int][mac]['down'] = c.return_value('authentication interface ' + auth_int + ' mac-address ' + mac + ' rate-limit download')
+ else:
+ config_data['auth']['auth_if'][auth_int][mac] = {}
+ config_data['auth']['auth_if'][auth_int][mac]['up'] = None
+ config_data['auth']['auth_if'][auth_int][mac]['down'] = None
+ if c.exists('authentication mode radius'):
+ for rsrv in c.list_nodes('authentication radius-server'):
+ config_data['auth']['radius'][rsrv] = {}
+ if c.exists('authentication radius-server ' + rsrv + ' secret'):
+ config_data['auth']['radius'][rsrv]['secret'] = c.return_value('authentication radius-server ' + rsrv + ' secret')
+ else:
+ config_data['auth']['radius'][rsrv]['secret'] = None
+ if c.exists('authentication radius-server ' + rsrv + ' fail-time'):
+ config_data['auth']['radius'][rsrv]['fail-time'] = c.return_value('authentication radius-server ' + rsrv + ' fail-time')
+ else:
+ config_data['auth']['radius'][rsrv]['fail-time'] = '0'
+ if c.exists('authentication radius-server ' + rsrv + ' req-limit'):
+ config_data['auth']['radius'][rsrv]['req-limit'] = c.return_value('authentication radius-server ' + rsrv + ' req-limit')
+ else:
+ config_data['auth']['radius'][rsrv]['req-limit'] = '0'
+ if c.exists('authentication radius-settings'):
+ if c.exists('authentication radius-settings timeout'):
+ config_data['auth']['radsettings']['timeout'] = c.return_value('authentication radius-settings timeout')
+ if c.exists('authentication radius-settings nas-ip-address'):
+ config_data['auth']['radsettings']['nas-ip-address'] = c.return_value('authentication radius-settings nas-ip-address')
+ if c.exists('authentication radius-settings nas-identifier'):
+ config_data['auth']['radsettings']['nas-identifier'] = c.return_value('authentication radius-settings nas-identifier')
+ if c.exists('authentication radius-settings max-try'):
+ config_data['auth']['radsettings']['max-try'] = c.return_value('authentication radius-settings max-try')
+ if c.exists('authentication radius-settings acct-timeout'):
+ config_data['auth']['radsettings']['acct-timeout'] = c.return_value('authentication radius-settings acct-timeout')
+ if c.exists('authentication radius-settings dae-server ip-address'):
+ config_data['auth']['radsettings']['dae-server']['ip-address'] = c.return_value('authentication radius-settings dae-server ip-address')
+ if c.exists('authentication radius-settings dae-server port'):
+ config_data['auth']['radsettings']['dae-server']['port'] = c.return_value('authentication radius-settings dae-server port')
+ if c.exists('authentication radius-settings dae-server secret'):
+ config_data['auth']['radsettings']['dae-server']['secret'] = c.return_value('authentication radius-settings dae-server secret')
+
+ if c.exists('client-ipv6-pool prefix'):
+ config_data['ipv6']['prfx'] = c.return_values('client-ipv6-pool prefix')
+ if c.exists('client-ipv6-pool delegate-prefix'):
+ config_data['ipv6']['pd'] = c.return_values('client-ipv6-pool delegate-prefix')
+
+ return config_data
+
+def generate(c):
+ if c == None or not c:
+ return None
+
+ c['thread_cnt'] = get_cpu()
+
+ if c['auth']['mech'] == 'local':
+ gen_chap_secrets(c)
+
+ tmpl = jinja2.Template(ipoe_config, trim_blocks=True)
+ config_text = tmpl.render(c)
+ open(ipoe_cnf,'w').write(config_text)
+ return c
+
+def verify(c):
+ if c == None or not c:
+ return None
+
+ for intfc in c['interfaces']:
+ if not c['interfaces'][intfc]['range']:
+ raise ConfigError("service ipoe-server interface " + intfc + " client-subnet needs a value")
+
+ if c['auth']['mech'] == 'radius':
+ if not c['auth']['radius']:
+ raise ConfigError("service ipoe-server authentication radius-server requires a value for authentication mode radius")
+ else:
+ for radsrv in c['auth']['radius']:
+ if not c['auth']['radius'][radsrv]['secret']:
+ raise ConfigError("service ipoe-server authentication radius-server " + radsrv + " secret requires a value")
+
+ if c['auth']['radsettings']['dae-server']:
+ try:
+ if c['auth']['radsettings']['dae-server']['ip-address']:
+ pass
+ except:
+ raise ConfigError("service ipoe-server authentication radius-settings dae-server ip-address value required")
+ try:
+ if c['auth']['radsettings']['dae-server']['secret']:
+ pass
+ except:
+ raise ConfigError("service ipoe-server authentication radius-settings dae-server secret value required")
+ try:
+ if c['auth']['radsettings']['dae-server']['port']:
+ pass
+ except:
+ raise ConfigError("service ipoe-server authentication radius-settings dae-server port value required")
+
+ if len(c['ipv6']['pd']) != 0 and len(c['ipv6']['prfx']) == 0:
+ raise ConfigError("service ipoe-server client-ipv6-pool prefix needs a value")
+
+ return c
+
+def apply(c):
+ if c == None:
+ if os.path.exists(pidfile):
+ accel_cmd('shutdown hard')
+ if os.path.exists(pidfile):
+ os.remove(pidfile)
+ return None
+
+ if not os.path.exists(pidfile):
+ ret = subprocess.call(['/usr/sbin/accel-pppd', '-c', ipoe_cnf, '-p', pidfile, '-d'])
+ chk_con()
+ if ret !=0 and os.path.exists(pidfile):
+ os.remove(pidfile)
+ raise ConfigError('accel-pppd failed to start')
+ else:
+ accel_cmd('restart')
+ sl.syslog(sl.LOG_NOTICE, "reloading config via daemon restart")
+
+if __name__ == '__main__':
+ try:
+ c = get_config()
+ verify(c)
+ generate(c)
+ apply(c)
+ except ConfigError as e:
+ print(e)
+ sys.exit(1)
diff --git a/src/op_mode/show_dhcpv6.py b/src/op_mode/show_dhcpv6.py
index bf73b92ea..f1f5a6a55 100755
--- a/src/op_mode/show_dhcpv6.py
+++ b/src/op_mode/show_dhcpv6.py
@@ -20,11 +20,42 @@ import argparse
import ipaddress
import tabulate
import sys
+import collections
from vyos.config import Config
from isc_dhcp_leases import Lease, IscDhcpLeases
lease_file = "/config/dhcpdv6.leases"
+pool_key = "shared-networkname"
+
+lease_display_fields = collections.OrderedDict()
+lease_display_fields['ip'] = 'IPv6 address'
+lease_display_fields['state'] = 'State'
+lease_display_fields['last_comm'] = 'Last communication'
+lease_display_fields['expires'] = 'Lease expiration'
+lease_display_fields['type'] = 'Type'
+lease_display_fields['pool'] = 'Pool'
+lease_display_fields['iaid_duid'] = 'IAID_DUID'
+
+lease_valid_states = ['all', 'active', 'free', 'expired', 'released', 'abandoned', 'reset', 'backup']
+
+def in_pool(lease, pool):
+ if pool_key in lease.sets:
+ if lease.sets[pool_key] == pool:
+ return True
+
+ return False
+
+def format_hex_string(in_str):
+ out_str = ""
+
+ # if input is divisible by 2, add : every 2 chars
+ if len(in_str) > 0 and len(in_str) % 2 == 0:
+ out_str = ':'.join(a+b for a,b in zip(in_str[::2], in_str[1::2]))
+ else:
+ out_str = in_str
+
+ return out_str
def get_lease_data(lease):
data = {}
@@ -35,27 +66,55 @@ def get_lease_data(lease):
except:
data["expires"] = ""
- data["duid"] = lease.host_identifier_string
+ try:
+ data["last_comm"] = lease.last_communication.strftime("%Y/%m/%d %H:%M:%S")
+ except:
+ data["last_comm"] = ""
+
+ # isc-dhcp records lease declarations as ia_{na|ta|pd} IAID_DUID {...}
+ # where IAID_DUID is the combined IAID and DUID
+ data["iaid_duid"] = format_hex_string(lease.host_identifier_string)
+
+ lease_types_long = {"na": "non-temporary", "ta": "temporary", "pd": "prefix delegation"}
+ data["type"] = lease_types_long[lease.type]
+
+ data["state"] = lease.binding_state
data["ip"] = lease.ip
+ try:
+ data["pool"] = lease.sets[pool_key]
+ except:
+ data["pool"] = ""
+
return data
-def get_leases(leases, state=None):
+def get_leases(leases, state, pool=None, sort='ip'):
leases = IscDhcpLeases(lease_file).get()
- if state is not None:
- leases = list(filter(lambda x: x.binding_state == 'active', leases))
+ if state != 'all':
+ leases = list(filter(lambda x: x.binding_state == state, leases))
- return list(map(get_lease_data, leases))
+ # filter lease by pool name
+ if pool is not None:
+ leases = list(filter(lambda x: in_pool(x, pool), leases))
-def show_leases(leases):
- headers = ["IPv6 address", "Lease expiration", "DUID"]
+ leases = list(map(get_lease_data, leases))
+ if sort == 'ip':
+ leases = sorted(leases, key = lambda k: int(ipaddress.IPv6Address(k['ip'])))
+ else:
+ leases = sorted(leases, key = lambda k: k[sort])
+
+ return leases
+def show_leases(leases):
lease_list = []
for l in leases:
- lease_list.append([l["ip"], l["expires"], l["duid"]])
+ lease_list_params = []
+ for k in lease_display_fields.keys():
+ lease_list_params.append(l[k])
+ lease_list.append(lease_list_params)
- output = tabulate.tabulate(lease_list, headers)
+ output = tabulate.tabulate(lease_list, lease_display_fields.values())
print(output)
@@ -63,11 +122,14 @@ if __name__ == '__main__':
parser = argparse.ArgumentParser()
group = parser.add_mutually_exclusive_group()
- group.add_argument("-l", "--leases", action="store_true", help="Show DHCP leases")
- group.add_argument("-s", "--statistics", action="store_true", help="Show DHCP statistics")
+ group.add_argument("-l", "--leases", action="store_true", help="Show DHCPv6 leases")
+ group.add_argument("-s", "--statistics", action="store_true", help="Show DHCPv6 statistics")
+ group.add_argument("--allowed", type=str, choices=["pool", "sort", "state"], help="Show allowed values for argument")
- parser.add_argument("-p", "--pool", type=str, action="store", help="Show lease for specific pool")
- parser.add_argument("-j", "--json", action="store_true", default=False, help="Product JSON output")
+ parser.add_argument("-p", "--pool", type=str, help="Show lease for specific pool")
+ parser.add_argument("-S", "--sort", type=str, choices=lease_display_fields.keys(), default='ip', help="Sort by")
+ parser.add_argument("-t", "--state", type=str, choices=lease_valid_states, default="active", help="Lease state to show")
+ parser.add_argument("-j", "--json", action="store_true", default=False, help="Produce JSON output")
args = parser.parse_args()
@@ -78,9 +140,19 @@ if __name__ == '__main__':
sys.exit(0)
if args.leases:
- leases = get_leases(lease_file, state='active')
- show_leases(leases)
+ leases = get_leases(lease_file, args.state, args.pool, args.sort)
+
+ if args.json:
+ print(json.dumps(leases, indent=4))
+ else:
+ show_leases(leases)
elif args.statistics:
print("DHCPv6 statistics option is not available")
+ elif args.allowed == 'pool':
+ print(' '.join(c.list_effective_nodes("service dhcpv6-server shared-network-name")))
+ elif args.allowed == 'sort':
+ print(' '.join(lease_display_fields.keys()))
+ elif args.allowed == 'state':
+ print(' '.join(lease_valid_states))
else:
- print("Invalid option")
+ parser.print_help()
diff --git a/src/systemd/vyos-http-api.service b/src/systemd/vyos-http-api.service
index 509af4816..4fa68b4ff 100644
--- a/src/systemd/vyos-http-api.service
+++ b/src/systemd/vyos-http-api.service
@@ -1,9 +1,12 @@
[Unit]
Description=VyOS HTTP API service
-After=auditd.service systemd-user-sessions.service time-sync.target
+After=auditd.service systemd-user-sessions.service time-sync.target vyos-router.service
+Requires=vyos-router.service
[Service]
+ExecStartPre=/usr/libexec/vyos/init/vyos-config
ExecStart=/usr/bin/python3 -u /usr/libexec/vyos/services/vyos-http-api-server
+Type=idle
KillMode=process
SyslogIdentifier=vyos-http-api
@@ -16,5 +19,6 @@ User=root
Group=vyattacfg
[Install]
-WantedBy=multi-user.target
+# Installing in a earlier target leaves ExecStartPre waiting
+WantedBy=getty.target