summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/interface-bridge.py130
-rwxr-xr-xsrc/conf_mode/interface-dummy.py35
-rwxr-xr-xsrc/conf_mode/interface-loopback.py19
-rwxr-xr-xsrc/conf_mode/ipsec-settings.py2
-rwxr-xr-xsrc/helpers/vyos-boot-config-loader.py101
-rw-r--r--src/systemd/vyos-hostsd.service9
6 files changed, 163 insertions, 133 deletions
diff --git a/src/conf_mode/interface-bridge.py b/src/conf_mode/interface-bridge.py
index d5661be93..6e48a1382 100755
--- a/src/conf_mode/interface-bridge.py
+++ b/src/conf_mode/interface-bridge.py
@@ -16,21 +16,20 @@
#
#
-from os import environ
+import os
+
from copy import deepcopy
from sys import exit
-from pyroute2 import IPDB
from netifaces import interfaces
from vyos.config import Config
-from vyos.validate import is_ip
-from vyos.ifconfig import Interface as IF
+from vyos.ifconfig import BridgeIf, Interface
from vyos import ConfigError
default_config_data = {
'address': [],
'address_remove': [],
'aging': 300,
- 'arp_cache_timeout_ms': 30000,
+ 'arp_cache_tmo': 30,
'description': '',
'deleted': False,
'disable': False,
@@ -57,7 +56,7 @@ def get_config():
# determine tagNode instance
try:
- bridge['intf'] = environ['VYOS_TAGNODE_VALUE']
+ bridge['intf'] = os.environ['VYOS_TAGNODE_VALUE']
except KeyError as E:
print("Interface not specified")
@@ -82,8 +81,6 @@ def get_config():
# retrieve interface description
if conf.exists('description'):
bridge['description'] = conf.return_value('description')
- else:
- bridge['description'] = bridge['intf']
# Disable this bridge interface
if conf.exists('disable'):
@@ -107,7 +104,7 @@ def get_config():
# ARP cache entry timeout in seconds
if conf.exists('ip arp-cache-timeout'):
- bridge['arp_cache_timeout_ms'] = int(conf.return_value('ip arp-cache-timeout')) * 1000
+ bridge['arp_cache_tmo'] = int(conf.return_value('ip arp-cache-timeout'))
# Media Access Control (MAC) address
if conf.exists('mac'):
@@ -181,56 +178,35 @@ def generate(bridge):
return None
def apply(bridge):
- ipdb = IPDB(mode='explicit')
- brif = bridge['intf']
+ br = BridgeIf(bridge['intf'])
if bridge['deleted']:
- try:
- # delete bridge interface
- with ipdb.interfaces[ brif ] as br:
- br.remove()
-
- # stop DHCP(v6) clients if configured
- for addr in bridge['address_remove']:
- if addr == 'dhcp':
- IF(brif).del_dhcpv4()
- elif addr == 'dhcpv6':
- IF(brif).del_dhcpv6()
- except:
- pass
+ # delete bridge interface
+ # DHCP is stopped inside remove()
+ br.remove()
else:
- try:
- # create bridge interface if it not already exists
- ipdb.create(kind='bridge', ifname=brif).commit()
- except:
- pass
-
- # get handle in bridge interface
- br = ipdb.interfaces[brif]
- # begin() a transaction prior to make any change
- br.begin()
# enable interface
- br.up()
- # set ageing time - - value is in centiseconds YES! centiseconds!
- br.br_ageing_time = bridge['aging'] * 100
- # set bridge forward delay - value is in centiseconds YES! centiseconds!
- br.br_forward_delay = bridge['forwarding_delay'] * 100
- # set hello time - value is in centiseconds YES! centiseconds!
- br.br_hello_time = bridge['hello_time'] * 100
- # set max message age - value is in centiseconds YES! centiseconds!
- br.br_max_age = bridge['max_age'] * 100
+ br.state = 'up'
+ # set ageing time
+ br.ageing_time = bridge['aging']
+ # set bridge forward delay
+ br.forward_delay = bridge['forwarding_delay']
+ # set hello time
+ br.hello_time = bridge['hello_time']
+ # set max message age
+ br.max_age = bridge['max_age']
# set bridge priority
- br.br_priority = bridge['priority']
+ br.priority = bridge['priority']
# turn stp on/off
- br.br_stp_state = bridge['stp']
+ br.stp_state = bridge['stp']
# enable or disable IGMP querier
- br.br_mcast_querier = bridge['igmp_querier']
+ br.multicast_querier = bridge['igmp_querier']
# update interface description used e.g. within SNMP
br.ifalias = bridge['description']
# Change interface MAC address
if bridge['mac']:
- br.set_address = bridge['mac']
+ br.mac = bridge['mac']
# remove interface from bridge
for intf in bridge['member_remove']:
@@ -240,52 +216,40 @@ def apply(bridge):
for member in bridge['member']:
br.add_port(member['name'])
+ # up/down interface
+ if bridge['disable']:
+ br.state = 'down'
+
# remove configured network interface addresses/DHCP(v6) configuration
for addr in bridge['address_remove']:
- try:
- is_ip(addr)
- br.del_ip(addr)
- except ValueError:
- if addr == 'dhcp':
- IF(brif).del_dhcpv4()
- elif addr == 'dhcpv6':
- IF(brif).del_dhcpv6()
+ if addr == 'dhcp':
+ br.del_dhcp()
+ elif addr == 'dhcpv6':
+ br.del_dhcpv6()
+ else:
+ br.del_addr(addr)
# add configured network interface addresses/DHCP(v6) configuration
for addr in bridge['address']:
- try:
- is_ip(addr)
- br.add_ip(addr)
- except:
- if addr == 'dhcp':
- IF(brif).set_dhcpv4()
- elif addr == 'dhcpv6':
- IF(brif).set_dhcpv6()
-
- # up/down interface
- if bridge['disable']:
- br.down()
-
- # commit changes on bridge interface
- br.commit()
+ if addr == 'dhcp':
+ br.set_dhcp()
+ elif addr == 'dhcpv6':
+ br.set_dhcpv6()
+ else:
+ br.add_addr(addr)
# configure additional bridge member options
for member in bridge['member']:
- # configure ARP cache timeout in milliseconds
- with open('/proc/sys/net/ipv4/neigh/' + member['name'] + '/base_reachable_time_ms', 'w') as f:
- f.write(str(bridge['arp_cache_timeout_ms']))
- # ignore link state changes
- with open('/proc/sys/net/ipv4/conf/' + member['name'] + '/link_filter', 'w') as f:
- f.write(str(bridge['disable_link_detect']))
-
- # adjust member port stp attributes
- member_if = ipdb.interfaces[ member['name'] ]
- member_if.begin()
# set bridge port cost
- member_if.brport_cost = member['cost']
+ br.set_cost(member['name'], member['cost'])
# set bridge port priority
- member_if.brport_priority = member['priority']
- member_if.commit()
+ br.set_priority(member['name'], member['priority'])
+
+ i = Interface(member['name'])
+ # configure ARP cache timeout
+ i.arp_cache_tmo = bridge['arp_cache_tmo']
+ # ignore link state changes
+ i.link_detect = bridge['disable_link_detect']
return None
diff --git a/src/conf_mode/interface-dummy.py b/src/conf_mode/interface-dummy.py
index d8a36a5b2..03afdc668 100755
--- a/src/conf_mode/interface-dummy.py
+++ b/src/conf_mode/interface-dummy.py
@@ -19,8 +19,8 @@
from os import environ
from copy import deepcopy
from sys import exit
-from pyroute2 import IPDB
from vyos.config import Config
+from vyos.ifconfig import DummyIf
from vyos import ConfigError
default_config_data = {
@@ -61,8 +61,6 @@ def get_config():
# retrieve interface description
if conf.exists('description'):
dummy['description'] = conf.return_value('description')
- else:
- dummy['description'] = dummy['intf']
# Disable this interface
if conf.exists('disable'):
@@ -83,45 +81,26 @@ def generate(dummy):
return None
def apply(dummy):
- ipdb = IPDB(mode='explicit')
- dummyif = dummy['intf']
+ du = DummyIf(dummy['intf'])
# Remove dummy interface
if dummy['deleted']:
- try:
- # delete dummy interface
- with ipdb.interface[ dummyif ] as du:
- du.remove()
- except:
- pass
+ du.remove()
else:
- try:
- # create dummy interface if it's non existing
- ipdb.create(kind='dummy', ifname=dummyif).commit()
- except:
- pass
-
- # retrieve handle to dummy interface
- du = ipdb.interfaces[dummyif]
- # begin a transaction prior to make any change
- du.begin()
# enable interface
- du.up()
+ du.state = 'up'
# update interface description used e.g. within SNMP
du.ifalias = dummy['description']
# Configure interface address(es)
for addr in dummy['address_remove']:
- du.del_ip(addr)
+ du.del_addr(addr)
for addr in dummy['address']:
- du.add_ip(addr)
+ du.add_addr(addr)
# disable interface on demand
if dummy['disable']:
- du.down()
-
- # commit changes on bridge interface
- du.commit()
+ du.state = 'down'
return None
diff --git a/src/conf_mode/interface-loopback.py b/src/conf_mode/interface-loopback.py
index 5c1419b11..be47324c1 100755
--- a/src/conf_mode/interface-loopback.py
+++ b/src/conf_mode/interface-loopback.py
@@ -18,7 +18,7 @@
from os import environ
from sys import exit
from copy import deepcopy
-from pyroute2 import IPDB
+from vyos.ifconfig import LoopbackIf
from vyos.config import Config
from vyos import ConfigError
@@ -57,8 +57,6 @@ def get_config():
# retrieve interface description
if conf.exists('description'):
loopback['description'] = conf.return_value('description')
- else:
- loopback['description'] = loopback['intf']
# Determine interface addresses (currently effective) - to determine which
# address is no longer valid and needs to be removed from the interface
@@ -75,28 +73,19 @@ def generate(loopback):
return None
def apply(loopback):
- ipdb = IPDB(mode='explicit')
- lo_if = loopback['intf']
-
- # the loopback device always exists
- lo = ipdb.interfaces[lo_if]
- # begin() a transaction prior to make any change
- lo.begin()
-
+ lo = LoopbackIf(loopback['intf'])
if not loopback['deleted']:
# update interface description used e.g. within SNMP
# update interface description used e.g. within SNMP
lo.ifalias = loopback['description']
# configure interface address(es)
for addr in loopback['address']:
- lo.add_ip(addr)
+ lo.add_addr(addr)
# remove interface address(es)
for addr in loopback['address_remove']:
- lo.del_ip(addr)
+ lo.del_addr(addr)
- # commit changes on loopback interface
- lo.commit()
return None
if __name__ == '__main__':
diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py
index 8d25e7abd..156bb2edd 100755
--- a/src/conf_mode/ipsec-settings.py
+++ b/src/conf_mode/ipsec-settings.py
@@ -62,7 +62,7 @@ conn {{ra_conn_name}}
left={{outside_addr}}
leftsubnet=%dynamic[/1701]
rightsubnet=%dynamic
- mark=%unique
+ mark_in=%unique
auto=add
ike=aes256-sha1-modp1024,3des-sha1-modp1024,3des-sha1-modp1024!
dpddelay=15
diff --git a/src/helpers/vyos-boot-config-loader.py b/src/helpers/vyos-boot-config-loader.py
new file mode 100755
index 000000000..06c95765f
--- /dev/null
+++ b/src/helpers/vyos-boot-config-loader.py
@@ -0,0 +1,101 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import os
+import sys
+import subprocess
+import traceback
+
+from vyos.configsession import ConfigSession, ConfigSessionError
+from vyos.configtree import ConfigTree
+
+STATUS_FILE = '/tmp/vyos-config-status'
+TRACE_FILE = '/tmp/boot-config-trace'
+
+session = ConfigSession(os.getpid(), 'vyos-boot-config-loader')
+env = session.get_session_env()
+
+default_file_name = env['vyatta_sysconfdir'] + '/config.boot.default'
+
+if len(sys.argv) < 1:
+ print("Must be called with argument.")
+ sys.exit(1)
+else:
+ file_name = sys.argv[1]
+
+def write_config_status(status):
+ with open(STATUS_FILE, 'w') as f:
+ f.write('{0}\n'.format(status))
+
+def trace_to_file(trace_file_name):
+ with open(trace_file_name, 'w') as trace_file:
+ traceback.print_exc(file=trace_file)
+
+def failsafe():
+ try:
+ with open(default_file_name, 'r') as f:
+ config_file = f.read()
+ except Exception as e:
+ print("Catastrophic: no default config file "
+ "'{0}'".format(default_file_name))
+ sys.exit(1)
+
+ config = ConfigTree(config_file)
+ if not config.exists(['system', 'login', 'user', 'vyos',
+ 'authentication', 'encrypted-password']):
+ print("No password entry in default config file;")
+ print("unable to recover password for user 'vyos'.")
+ sys.exit(1)
+ else:
+ passwd = config.return_value(['system', 'login', 'user', 'vyos',
+ 'authentication',
+ 'encrypted-password'])
+
+ cmd = ("useradd -s /bin/bash -G 'users,sudo' -m -N -p '{0}' "
+ "vyos".format(passwd))
+ try:
+ subprocess.check_call(cmd, shell=True)
+ except subprocess.CalledProcessError as e:
+ sys.exit("{0}".format(e))
+
+ with open('/etc/motd', 'a+') as f:
+ f.write('\n\n')
+ f.write('!!!!!\n')
+ f.write('There were errors loading the initial configuration;\n')
+ f.write('please examine the errors in {0} and correct.'
+ '\n'.format(TRACE_FILE))
+ f.write('!!!!!\n\n')
+
+try:
+ with open(file_name, 'r') as f:
+ config_file = f.read()
+except Exception as e:
+ write_config_status(1)
+ failsafe()
+ trace_to_file(TRACE_FILE)
+ sys.exit("{0}".format(e))
+
+try:
+ session.load_config(file_name)
+ session.commit()
+ write_config_status(0)
+except ConfigSessionError as e:
+ write_config_status(1)
+ failsafe()
+ trace_to_file(TRACE_FILE)
+ sys.exit(1)
diff --git a/src/systemd/vyos-hostsd.service b/src/systemd/vyos-hostsd.service
index 3b0fadb5c..2444f5352 100644
--- a/src/systemd/vyos-hostsd.service
+++ b/src/systemd/vyos-hostsd.service
@@ -1,8 +1,7 @@
[Unit]
Description=VyOS DNS configuration keeper
-After=auditd.service time-sync.target
-Before=network-pre.target vyos-router.service
-Wants=network-pre.target
+DefaultDependencies=no
+After=systemd-remount-fs.service
[Service]
ExecStart=/usr/bin/python3 -u /usr/libexec/vyos/services/vyos-hostsd
@@ -19,6 +18,4 @@ User=root
Group=vyattacfg
[Install]
-#
-WantedBy=network.target
-
+RequiredBy=cloud-init-local.service vyos-router.service
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-23 02:04:31 +0000