diff options
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/load-balancing_reverse-proxy.py | 13 | ||||
| -rwxr-xr-x | src/conf_mode/protocols_bfd.py | 2 | ||||
| -rwxr-xr-x | src/conf_mode/service_dns_forwarding.py | 15 | ||||
| -rwxr-xr-x | src/migration-scripts/reverse-proxy/0-to-1 | 48 | ||||
| -rwxr-xr-x | src/op_mode/snmp_v3.py | 3 |
5 files changed, 75 insertions, 6 deletions
diff --git a/src/conf_mode/load-balancing_reverse-proxy.py b/src/conf_mode/load-balancing_reverse-proxy.py index 1c1252df0..09c68dadd 100755 --- a/src/conf_mode/load-balancing_reverse-proxy.py +++ b/src/conf_mode/load-balancing_reverse-proxy.py @@ -79,12 +79,21 @@ def verify(lb): raise ConfigError(f'"TCP" port "{tmp_port}" is used by another service') for back, back_config in lb['backend'].items(): - if 'http-check' in back_config: - http_check = back_config['http-check'] + if 'http_check' in back_config: + http_check = back_config['http_check'] if 'expect' in http_check and 'status' in http_check['expect'] and 'string' in http_check['expect']: raise ConfigError(f'"expect status" and "expect string" can not be configured together!') + + if 'health_check' in back_config: + if 'mode' not in back_config or back_config['mode'] != 'tcp': + raise ConfigError(f'backend "{back}" can only be configured with {back_config["health_check"]} ' + + f'health-check whilst in TCP mode!') + if 'http_check' in back_config: + raise ConfigError(f'backend "{back}" cannot be configured with both http-check and health-check!') + if 'server' not in back_config: raise ConfigError(f'"{back} server" must be configured!') + for bk_server, bk_server_conf in back_config['server'].items(): if 'address' not in bk_server_conf or 'port' not in bk_server_conf: raise ConfigError(f'"backend {back} server {bk_server} address and port" must be configured!') diff --git a/src/conf_mode/protocols_bfd.py b/src/conf_mode/protocols_bfd.py index 1c01a9013..1361bb1a9 100755 --- a/src/conf_mode/protocols_bfd.py +++ b/src/conf_mode/protocols_bfd.py @@ -49,7 +49,7 @@ def verify(bfd): for peer, peer_config in bfd['peer'].items(): # IPv6 link local peers require an explicit local address/interface if is_ipv6_link_local(peer): - if 'source' not in peer_config or len(peer_config['source'] < 2): + if 'source' not in peer_config or len(peer_config['source']) < 2: raise ConfigError('BFD IPv6 link-local peers require explicit local address and interface setting') # IPv6 peers require an explicit local address diff --git a/src/conf_mode/service_dns_forwarding.py b/src/conf_mode/service_dns_forwarding.py index 7e863073a..70686534f 100755 --- a/src/conf_mode/service_dns_forwarding.py +++ b/src/conf_mode/service_dns_forwarding.py @@ -102,7 +102,7 @@ def get_config(config=None): 'ttl': rdata['ttl'], 'value': address }) - elif rtype in ['cname', 'ptr', 'ns']: + elif rtype in ['cname', 'ptr']: if not 'target' in rdata: dns['authoritative_zone_errors'].append(f'{subnode}.{node}: target is required') continue @@ -113,6 +113,19 @@ def get_config(config=None): 'ttl': rdata['ttl'], 'value': '{}.'.format(rdata['target']) }) + elif rtype == 'ns': + if not 'target' in rdata: + dns['authoritative_zone_errors'].append(f'{subnode}.{node}: at least one target is required') + continue + + for target in rdata['target']: + zone['records'].append({ + 'name': subnode, + 'type': rtype.upper(), + 'ttl': rdata['ttl'], + 'value': f'{target}.' + }) + elif rtype == 'mx': if not 'server' in rdata: dns['authoritative_zone_errors'].append(f'{subnode}.{node}: at least one server is required') diff --git a/src/migration-scripts/reverse-proxy/0-to-1 b/src/migration-scripts/reverse-proxy/0-to-1 new file mode 100755 index 000000000..d61493815 --- /dev/null +++ b/src/migration-scripts/reverse-proxy/0-to-1 @@ -0,0 +1,48 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2024 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# T6409: Remove unused 'backend bk-example parameters' node + +from sys import argv, exit +from vyos.configtree import ConfigTree + +if len(argv) < 2: + print("Must specify file name!") + exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +config = ConfigTree(config_file) +base = ['load-balancing', 'reverse-proxy', 'backend'] +if not config.exists(base): + # Nothing to do + exit(0) + +# we need to run this for every configured network +for backend in config.list_nodes(base): + param_node = base + [backend, 'parameters'] + if config.exists(param_node): + config.delete(param_node) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1) diff --git a/src/op_mode/snmp_v3.py b/src/op_mode/snmp_v3.py index a1f76f0bc..abeb524dd 100755 --- a/src/op_mode/snmp_v3.py +++ b/src/op_mode/snmp_v3.py @@ -85,7 +85,7 @@ if __name__ == '__main__': 'user': [], 'view': [] } - + if c.exists_effective('service snmp v3 group'): for g in c.list_effective_nodes('service snmp v3 group'): group = { @@ -146,7 +146,6 @@ if __name__ == '__main__': data['trap'].append(trap) - print(data) if args.all: # Special case, print all templates ! tmpl = jinja2.Template(GROUP_OUTP_TMPL_SRC) |