diff options
Diffstat (limited to 'src')
| -rwxr-xr-x | src/completion/list_ipoe.py | 16 | ||||
| -rwxr-xr-x | src/conf_mode/bcast_relay.py | 4 | ||||
| -rwxr-xr-x | src/conf_mode/dns_forwarding.py | 10 | ||||
| -rwxr-xr-x | src/conf_mode/dynamic_dns.py | 33 | ||||
| -rwxr-xr-x | src/conf_mode/flow_accounting_conf.py | 4 | ||||
| -rwxr-xr-x | src/conf_mode/host_name.py | 2 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 48 | ||||
| -rwxr-xr-x | src/conf_mode/le_cert.py | 13 | ||||
| -rwxr-xr-x | src/conf_mode/mdns_repeater.py | 5 | ||||
| -rwxr-xr-x | src/conf_mode/system-syslog.py | 4 | ||||
| -rwxr-xr-x | src/conf_mode/tftp_server.py | 2 | ||||
| -rw-r--r-- | src/etc/systemd/system/pdns-recursor.service.d/override.conf | 5 | ||||
| -rwxr-xr-x | src/op_mode/dns_forwarding_restart.sh | 2 | ||||
| -rwxr-xr-x | src/op_mode/dynamic_dns.py | 9 | ||||
| -rwxr-xr-x | src/op_mode/flow_accounting_op.py | 4 | ||||
| -rwxr-xr-x | src/op_mode/generate_ssh_server_key.py | 11 | ||||
| -rwxr-xr-x | src/op_mode/ipoe-control.py | 65 | ||||
| -rwxr-xr-x | src/op_mode/restart_dhcp_relay.py | 4 | ||||
| -rwxr-xr-x | src/op_mode/show_dhcp.py | 2 | ||||
| -rwxr-xr-x | src/op_mode/show_dhcpv6.py | 2 | ||||
| -rw-r--r-- | src/systemd/ddclient.service | 14 |
21 files changed, 172 insertions, 87 deletions
diff --git a/src/completion/list_ipoe.py b/src/completion/list_ipoe.py new file mode 100755 index 000000000..c386b46a2 --- /dev/null +++ b/src/completion/list_ipoe.py @@ -0,0 +1,16 @@ +#!/usr/bin/env python3 + +import argparse +from vyos.util import popen + +if __name__ == '__main__': + parser = argparse.ArgumentParser() + parser.add_argument('--selector', help='Selector: username|ifname|sid', required=True) + args = parser.parse_args() + + output, err = popen("accel-cmd -p 2002 show sessions {0}".format(args.selector)) + if not err: + res = output.split("\r\n") + # Delete header from list + del res[:2] + print(' '.join(res)) diff --git a/src/conf_mode/bcast_relay.py b/src/conf_mode/bcast_relay.py index 0069218f6..a3bc76ef8 100755 --- a/src/conf_mode/bcast_relay.py +++ b/src/conf_mode/bcast_relay.py @@ -146,7 +146,7 @@ def generate(relay): def apply(relay): # first stop all running services - call('sudo systemctl stop udp-broadcast-relay@{1..99}') + call('systemctl stop udp-broadcast-relay@{1..99}.service') if (relay is None) or relay['disabled']: return None @@ -156,7 +156,7 @@ def apply(relay): # Don't start individual instance when it's disabled if r['disabled']: continue - call('sudo systemctl start udp-broadcast-relay@{0}'.format(r['id'])) + call('systemctl start udp-broadcast-relay@{0}.service'.format(r['id'])) return None diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py index a7b12fa01..567dfa4b3 100755 --- a/src/conf_mode/dns_forwarding.py +++ b/src/conf_mode/dns_forwarding.py @@ -31,7 +31,7 @@ parser = argparse.ArgumentParser() parser.add_argument("--dhclient", action="store_true", help="Started from dhclient-script") -config_file = r'/etc/powerdns/recursor.conf' +config_file = r'/run/powerdns/recursor.conf' default_config_data = { 'allow_from': [], @@ -152,17 +152,21 @@ def generate(dns): if dns is None: return None + dirname = os.path.dirname(config_file) + if not os.path.exists(dirname): + os.mkdir(dirname) + render(config_file, 'dns-forwarding/recursor.conf.tmpl', dns, trim_blocks=True) return None def apply(dns): if dns is None: # DNS forwarding is removed in the commit - call("systemctl stop pdns-recursor") + call("systemctl stop pdns-recursor.service") if os.path.isfile(config_file): os.unlink(config_file) else: - call("systemctl restart pdns-recursor") + call("systemctl restart pdns-recursor.service") if __name__ == '__main__': args = parser.parse_args() diff --git a/src/conf_mode/dynamic_dns.py b/src/conf_mode/dynamic_dns.py index b76503419..038f77cf9 100755 --- a/src/conf_mode/dynamic_dns.py +++ b/src/conf_mode/dynamic_dns.py @@ -25,10 +25,7 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render - -config_file = r'/etc/ddclient/ddclient.conf' -cache_file = r'/var/cache/ddclient/ddclient.cache' -pid_file = r'/var/run/ddclient/ddclient.pid' +config_file = r'/run/ddclient/ddclient.conf' # Mapping of service name to service protocol default_service_protocol = { @@ -47,9 +44,7 @@ default_service_protocol = { default_config_data = { 'interfaces': [], - 'cache_file': cache_file, - 'deleted': False, - 'pid_file': pid_file + 'deleted': False } def get_config(): @@ -220,39 +215,27 @@ def verify(dyndns): def generate(dyndns): # bail out early - looks like removal from running config if dyndns['deleted']: - if os.path.exists(config_file): - os.unlink(config_file) - return None - dirname = os.path.dirname(dyndns['pid_file']) - if not os.path.exists(dirname): - os.mkdir(dirname) - dirname = os.path.dirname(config_file) if not os.path.exists(dirname): os.mkdir(dirname) render(config_file, 'dynamic-dns/ddclient.conf.tmpl', dyndns) - + # Config file must be accessible only by its owner os.chmod(config_file, S_IRUSR | S_IWUSR) return None def apply(dyndns): - if os.path.exists(dyndns['cache_file']): - os.unlink(dyndns['cache_file']) - - if os.path.exists('/etc/ddclient.conf'): - os.unlink('/etc/ddclient.conf') - if dyndns['deleted']: - call('/etc/init.d/ddclient stop') - if os.path.exists(dyndns['pid_file']): - os.unlink(dyndns['pid_file']) + call('systemctl stop ddclient.service') + if os.path.exists(config_file): + os.unlink(config_file) + else: - call('/etc/init.d/ddclient restart') + call('systemctl restart ddclient.service') return None diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py index 3320075fb..1354488ac 100755 --- a/src/conf_mode/flow_accounting_conf.py +++ b/src/conf_mode/flow_accounting_conf.py @@ -346,9 +346,9 @@ def apply(config): command = None # Check if flow-accounting was removed and define command if not config['flow-accounting-configured']: - command = '/usr/bin/sudo /bin/systemctl stop uacctd' + command = 'systemctl stop uacctd.service' else: - command = '/usr/bin/sudo /bin/systemctl restart uacctd' + command = 'systemctl restart uacctd.service' # run command to start or stop flow-accounting cmd(command, raising=ConfigError, message='Failed to start/stop flow-accounting') diff --git a/src/conf_mode/host_name.py b/src/conf_mode/host_name.py index 7c2f79abc..dd5819f9f 100755 --- a/src/conf_mode/host_name.py +++ b/src/conf_mode/host_name.py @@ -173,7 +173,7 @@ def apply(config): # restart pdns if it is used ret = run('/usr/bin/rec_control ping') if ret == 0: - call('/etc/init.d/pdns-recursor restart >/dev/null') + call('systemctl restart pdns-recursor.service') return None diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index b42765586..6733623c6 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -79,7 +79,7 @@ default_config_data = { 'server_push_route': [], 'server_reject_unconfigured': False, 'server_subnet': '', - 'server_topology': 'net30', + 'server_topology': '', 'shared_secret_file': '', 'tls': False, 'tls_auth': '', @@ -124,13 +124,10 @@ def getDefaultServer(network, topology, devtype): Logic from openvpn's src/openvpn/helper.c. Returns a dict with addresses or False if the input parameters were incorrect. """ - if not (topology and devtype): - return False - if not (devtype == 'tun' or devtype == 'tap'): return False - if not network.prefixlen: + if not network.version == 4: return False elif (devtype == 'tun' and network.prefixlen > 29) or (devtype == 'tap' and network.prefixlen > 30): return False @@ -345,6 +342,7 @@ def get_config(): openvpn['server_topology'] = conf.return_value('server topology') # Server-mode subnet (from which client IPs are allocated) + server_network = None if conf.exists('server subnet'): # server_network is used later in this function server_network = IPv4Network(conf.return_value('server subnet')) @@ -476,25 +474,31 @@ def get_config(): if not openvpn['tls_dh'] and openvpn['tls_key'] and checkCertHeader('-----BEGIN EC PRIVATE KEY-----', openvpn['tls_key']): openvpn['tls_dh'] = 'none' + # set default server topology to net30 + if openvpn['mode'] == 'server' and not openvpn['server_topology']: + openvpn['server_topology'] = 'net30' + # Set defaults where necessary. - # If any of the input parameters are missing or wrong, + # If any of the input parameters are wrong, # this will return False and no defaults will be set. - default_server = getDefaultServer(server_network, openvpn['server_topology'], openvpn['type']) - if default_server: - # server-bridge doesn't require a pool so don't set defaults for it - if not openvpn['bridge_member']: - openvpn['server_pool'] = True - if not openvpn['server_pool_start']: - openvpn['server_pool_start'] = default_server['pool_start'] - - if not openvpn['server_pool_stop']: - openvpn['server_pool_stop'] = default_server['pool_stop'] - - if not openvpn['server_pool_netmask']: - openvpn['server_pool_netmask'] = default_server['pool_netmask'] - - for client in openvpn['client']: - client['remote_netmask'] = default_server['client_remote_netmask'] + if server_network and openvpn['server_topology'] and openvpn['type']: + default_server = None + default_server = getDefaultServer(server_network, openvpn['server_topology'], openvpn['type']) + if default_server: + # server-bridge doesn't require a pool so don't set defaults for it + if not openvpn['bridge_member']: + openvpn['server_pool'] = True + if not openvpn['server_pool_start']: + openvpn['server_pool_start'] = default_server['pool_start'] + + if not openvpn['server_pool_stop']: + openvpn['server_pool_stop'] = default_server['pool_stop'] + + if not openvpn['server_pool_netmask']: + openvpn['server_pool_netmask'] = default_server['pool_netmask'] + + for client in openvpn['client']: + client['remote_netmask'] = default_server['client_remote_netmask'] return openvpn diff --git a/src/conf_mode/le_cert.py b/src/conf_mode/le_cert.py index 4b365a566..2db31d3fc 100755 --- a/src/conf_mode/le_cert.py +++ b/src/conf_mode/le_cert.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019 VyOS maintainers and contributors +# Copyright (C) 2019-2020 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -13,8 +13,6 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# -# import sys import os @@ -25,7 +23,6 @@ from vyos import ConfigError from vyos.util import cmd from vyos.util import call - vyos_conf_scripts_dir = vyos.defaults.directories['conf_mode'] dependencies = [ @@ -86,17 +83,17 @@ def generate(cert): # certbot will attempt to reload nginx, even with 'certonly'; # start nginx if not active - ret = call('systemctl is-active --quiet nginx.ervice') + ret = call('systemctl is-active --quiet nginx.service') if ret: - call('sudo systemctl start nginx.service') + call('systemctl start nginx.service') request_certbot(cert) def apply(cert): if cert is not None: - call('sudo systemctl restart certbot.timer') + call('systemctl restart certbot.timer') else: - call('sudo systemctl stop certbot.timer') + call('systemctl stop certbot.timer') return None for dep in dependencies: diff --git a/src/conf_mode/mdns_repeater.py b/src/conf_mode/mdns_repeater.py index bca1a537e..a652553f7 100755 --- a/src/conf_mode/mdns_repeater.py +++ b/src/conf_mode/mdns_repeater.py @@ -25,7 +25,6 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render - config_file = r'/etc/default/mdns-repeater' default_config_data = { @@ -86,11 +85,11 @@ def generate(mdns): def apply(mdns): if (mdns is None) or mdns['disabled']: - call('sudo systemctl stop mdns-repeater') + call('systemctl stop mdns-repeater.service') if os.path.exists(config_file): os.unlink(config_file) else: - call('sudo systemctl restart mdns-repeater') + call('systemctl restart mdns-repeater.service') return None diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py index 7d93ffdd5..9da3d9157 100755 --- a/src/conf_mode/system-syslog.py +++ b/src/conf_mode/system-syslog.py @@ -244,8 +244,8 @@ def verify(c): def apply(c): if not c: - return run('systemctl stop syslog') - return run('systemctl restart syslog') + return run('systemctl stop syslog.service') + return run('systemctl restart syslog.service') if __name__ == '__main__': try: diff --git a/src/conf_mode/tftp_server.py b/src/conf_mode/tftp_server.py index 229202304..94c8bcf03 100755 --- a/src/conf_mode/tftp_server.py +++ b/src/conf_mode/tftp_server.py @@ -106,7 +106,7 @@ def generate(tftpd): def apply(tftpd): # stop all services first - then we will decide - call('systemctl stop tftpd@{0..20}') + call('systemctl stop tftpd@{0..20}.service') # bail out early - e.g. service deletion if tftpd is None: diff --git a/src/etc/systemd/system/pdns-recursor.service.d/override.conf b/src/etc/systemd/system/pdns-recursor.service.d/override.conf new file mode 100644 index 000000000..602d7b774 --- /dev/null +++ b/src/etc/systemd/system/pdns-recursor.service.d/override.conf @@ -0,0 +1,5 @@ +[Service] +WorkingDirectory= +WorkingDirectory=/run/powerdns +ExecStart= +ExecStart=/usr/sbin/pdns_recursor --daemon=no --write-pid=no --disable-syslog --log-timestamp=no --config-dir=/run/powerdns diff --git a/src/op_mode/dns_forwarding_restart.sh b/src/op_mode/dns_forwarding_restart.sh index 8e556f2f0..64cc92115 100755 --- a/src/op_mode/dns_forwarding_restart.sh +++ b/src/op_mode/dns_forwarding_restart.sh @@ -2,7 +2,7 @@ if cli-shell-api existsEffective service dns forwarding; then echo "Restarting the DNS forwarding service" - systemctl restart pdns-recursor + systemctl restart pdns-recursor.service else echo "DNS forwarding is not configured" fi diff --git a/src/op_mode/dynamic_dns.py b/src/op_mode/dynamic_dns.py index 405dd9f04..e4e5043d5 100755 --- a/src/op_mode/dynamic_dns.py +++ b/src/op_mode/dynamic_dns.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018 VyOS maintainers and contributors +# Copyright (C) 2018-2020 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -23,8 +23,7 @@ import time from vyos.config import Config from vyos.util import call - -cache_file = r'/var/cache/ddclient/ddclient.cache' +cache_file = r'/run/ddclient/ddclient.cache' OUT_TMPL_SRC = """ {%- for entry in hosts -%} @@ -86,9 +85,9 @@ def show_status(): def update_ddns(): - call('systemctl stop ddclient') + call('systemctl stop ddclient.service') os.remove(cache_file) - call('systemctl start ddclient') + call('systemctl start ddclient.service') def main(): diff --git a/src/op_mode/flow_accounting_op.py b/src/op_mode/flow_accounting_op.py index 71fdfc288..bf8c39fd6 100755 --- a/src/op_mode/flow_accounting_op.py +++ b/src/op_mode/flow_accounting_op.py @@ -70,7 +70,7 @@ def _is_host(host): # check if flow-accounting running def _uacctd_running(): - command = '/usr/bin/sudo /bin/systemctl status uacctd > /dev/null' + command = 'systemctl status uacctd.service > /dev/null' return run(command) == 0 # get list of interfaces @@ -195,7 +195,7 @@ if not _uacctd_running(): # restart pmacct daemon if cmd_args.action == 'restart': # run command to restart flow-accounting - cmd('/usr/bin/sudo /bin/systemctl restart uacctd', + cmd('systemctl restart uacctd.service', message='Failed to restart flow-accounting') # clear in-memory collected flows diff --git a/src/op_mode/generate_ssh_server_key.py b/src/op_mode/generate_ssh_server_key.py index f65d383c0..cbc9ef973 100755 --- a/src/op_mode/generate_ssh_server_key.py +++ b/src/op_mode/generate_ssh_server_key.py @@ -14,14 +14,13 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import sys - +from sys import exit from vyos.util import ask_yes_no from vyos.util import cmd if not ask_yes_no('Do you really want to remove the existing SSH host keys?'): - sys.exit(0) + exit(0) -cmd('sudo rm -v /etc/ssh/ssh_host_*') -cmd('sudo dpkg-reconfigure openssh-server') -cmd('sudo systemctl restart ssh') +cmd('rm -v /etc/ssh/ssh_host_*') +cmd('dpkg-reconfigure openssh-server') +cmd('systemctl restart ssh.service') diff --git a/src/op_mode/ipoe-control.py b/src/op_mode/ipoe-control.py new file mode 100755 index 000000000..7111498b2 --- /dev/null +++ b/src/op_mode/ipoe-control.py @@ -0,0 +1,65 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import sys +import argparse + +from vyos.config import Config +from vyos.util import popen, run + +cmd_dict = { + 'cmd_base' : '/usr/bin/accel-cmd -p 2002 ', + 'selector' : ['if', 'username', 'sid'], + 'actions' : { + 'show_sessions' : 'show sessions', + 'show_stat' : 'show stat', + 'terminate' : 'teminate' + } +} + +def is_ipoe_configured(): + if not Config().exists_effective('service ipoe-server'): + print("Service IPoE is not configured") + sys.exit(1) + +def main(): + #parese args + parser = argparse.ArgumentParser() + parser.add_argument('--action', help='Control action', required=True) + parser.add_argument('--selector', help='Selector username|ifname|sid', required=False) + parser.add_argument('--target', help='Target must contain username|ifname|sid', required=False) + args = parser.parse_args() + + + # Check is IPoE configured + is_ipoe_configured() + + if args.action == "restart": + run(cmd_dict['cmd_base'] + "restart") + sys.exit(0) + + if args.action in cmd_dict['actions']: + if args.selector in cmd_dict['selector'] and args.target: + run(cmd_dict['cmd_base'] + "{0} {1} {2}".format(args.action, args.selector, args.target)) + else: + output, err = popen(cmd_dict['cmd_base'] + cmd_dict['actions'][args.action], decode='utf-8') + if not err: + print(output) + else: + print("IPoE server is not running") + +if __name__ == '__main__': + main() diff --git a/src/op_mode/restart_dhcp_relay.py b/src/op_mode/restart_dhcp_relay.py index 66dc435b3..af4fb2d15 100755 --- a/src/op_mode/restart_dhcp_relay.py +++ b/src/op_mode/restart_dhcp_relay.py @@ -39,7 +39,7 @@ if __name__ == '__main__': if not c.exists_effective('service dhcp-relay'): print("DHCP relay service not configured") else: - call('sudo systemctl restart isc-dhcp-relay.service') + call('systemctl restart isc-dhcp-server.service') sys.exit(0) elif args.ipv6: @@ -47,7 +47,7 @@ if __name__ == '__main__': if not c.exists_effective('service dhcpv6-relay'): print("DHCPv6 relay service not configured") else: - call('sudo systemctl restart isc-dhcpv6-relay.service') + call('systemctl restart isc-dhcp-server6.service') sys.exit(0) else: diff --git a/src/op_mode/show_dhcp.py b/src/op_mode/show_dhcp.py index a79033f69..c49e604b7 100755 --- a/src/op_mode/show_dhcp.py +++ b/src/op_mode/show_dhcp.py @@ -193,7 +193,7 @@ if __name__ == '__main__': sys.exit(0) # if dhcp server is down, inactive leases may still be shown as active, so warn the user. - if call('systemctl -q is-active isc-dhcpv4-server.service') != 0: + if call('systemctl -q is-active isc-dhcp-server.service') != 0: print("WARNING: DHCP server is configured but not started. Data may be stale.") if args.leases: diff --git a/src/op_mode/show_dhcpv6.py b/src/op_mode/show_dhcpv6.py index 18baa5517..d686defc0 100755 --- a/src/op_mode/show_dhcpv6.py +++ b/src/op_mode/show_dhcpv6.py @@ -179,7 +179,7 @@ if __name__ == '__main__': sys.exit(0) # if dhcp server is down, inactive leases may still be shown as active, so warn the user. - if call('systemctl -q is-active isc-dhcpv6-server.service') != 0: + if call('systemctl -q is-active isc-dhcp-server6.service') != 0: print("WARNING: DHCPv6 server is configured but not started. Data may be stale.") if args.leases: diff --git a/src/systemd/ddclient.service b/src/systemd/ddclient.service new file mode 100644 index 000000000..a4d55827a --- /dev/null +++ b/src/systemd/ddclient.service @@ -0,0 +1,14 @@ +[Unit] +Description=Dynamic DNS Update Client +RequiresMountsFor=/run +ConditionPathExists=/run/ddclient/ddclient.conf +After=vyos-router.service + +[Service] +WorkingDirectory=/run/ddclient +Type=forking +PIDFile=/run/ddclient/ddclient.pid +ExecStart=/usr/sbin/ddclient -cache /run/ddclient/ddclient.cache -pid /run/ddclient/ddclient.pid -file /run/ddclient/ddclient.conf + +[Install] +WantedBy=multi-user.target |