From 2cd0f2aad01e57fe052622c7062d472e8cda3bcc Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 20 May 2021 20:21:16 +0200 Subject: sysctl: T3565: initial implementation in XML and Python migrate from old vyatta-cfg-system / Perl implementation. --- Makefile | 1 - data/templates/system/sysctl.conf.tmpl | 7 +++ interface-definitions/system-sysctl.xml.in | 40 ++++++++++++++++ src/completion/list_sysctl_parameters.sh | 20 ++++++++ src/conf_mode/system_sysctl.py | 73 ++++++++++++++++++++++++++++++ src/migration-scripts/system/20-to-21 | 57 +++++++++++++++++++++++ src/validators/sysctl | 24 ++++++++++ 7 files changed, 221 insertions(+), 1 deletion(-) create mode 100644 data/templates/system/sysctl.conf.tmpl create mode 100644 interface-definitions/system-sysctl.xml.in create mode 100755 src/completion/list_sysctl_parameters.sh create mode 100755 src/conf_mode/system_sysctl.py create mode 100755 src/migration-scripts/system/20-to-21 create mode 100755 src/validators/sysctl diff --git a/Makefile b/Makefile index ccdb212c2..24a811e47 100644 --- a/Makefile +++ b/Makefile @@ -39,7 +39,6 @@ interface_definitions: $(config_xml_obj) # XXX: delete top level node.def's that now live in other packages rm -f $(TMPL_DIR)/firewall/node.def - rm -f $(TMPL_DIR)/system/node.def rm -f $(TMPL_DIR)/vpn/node.def rm -f $(TMPL_DIR)/vpn/ipsec/node.def rm -rf $(TMPL_DIR)/vpn/nipsec diff --git a/data/templates/system/sysctl.conf.tmpl b/data/templates/system/sysctl.conf.tmpl new file mode 100644 index 000000000..72af82ee5 --- /dev/null +++ b/data/templates/system/sysctl.conf.tmpl @@ -0,0 +1,7 @@ +# autogenerated by system_sysctl.py + +{% if parameter is defined and parameter is not none %} +{% for k, v in parameter.items() %} +{{ k }} = {{ v.value }} +{% endfor %} +{% endif %} diff --git a/interface-definitions/system-sysctl.xml.in b/interface-definitions/system-sysctl.xml.in new file mode 100644 index 000000000..bf118c24b --- /dev/null +++ b/interface-definitions/system-sysctl.xml.in @@ -0,0 +1,40 @@ + + + + + System parameters + + + + + Configure kernel parameters at runtime + 318 + + + + + Sysctl key name + + + + + txt + Sysctl key name + + + + + + + + + Sysctl configuration value + + + + + + + + + diff --git a/src/completion/list_sysctl_parameters.sh b/src/completion/list_sysctl_parameters.sh new file mode 100755 index 000000000..c111716bb --- /dev/null +++ b/src/completion/list_sysctl_parameters.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +declare -a vals +eval "vals=($(/sbin/sysctl -N -a))" +echo ${vals[@]} +exit 0 diff --git a/src/conf_mode/system_sysctl.py b/src/conf_mode/system_sysctl.py new file mode 100755 index 000000000..4f16d1ed6 --- /dev/null +++ b/src/conf_mode/system_sysctl.py @@ -0,0 +1,73 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import os + +from sys import exit + +from vyos.config import Config +from vyos.template import render +from vyos.util import cmd +from vyos import ConfigError +from vyos import airbag +airbag.enable() + +config_file = r'/run/sysctl/99-vyos-sysctl.conf' + +def get_config(config=None): + if config: + conf = config + else: + conf = Config() + base = ['system', 'sysctl'] + if not conf.exists(base): + return None + + sysctl = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True, + no_tag_node_value_mangle=True) + + return sysctl + +def verify(sysctl): + return None + +def generate(sysctl): + if not sysctl: + if os.path.isfile(config_file): + os.unlink(config_file) + return None + + render(config_file, 'system/sysctl.conf.tmpl', sysctl) + return None + +def apply(sysctl): + if not sysctl: + return None + + # We silently ignore all errors + # See: https://bugzilla.redhat.com/show_bug.cgi?id=1264080 + cmd(f'sysctl -f {config_file}') + return None + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) diff --git a/src/migration-scripts/system/20-to-21 b/src/migration-scripts/system/20-to-21 new file mode 100755 index 000000000..ad41be646 --- /dev/null +++ b/src/migration-scripts/system/20-to-21 @@ -0,0 +1,57 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import os + +from sys import exit, argv +from vyos.configtree import ConfigTree + +if (len(argv) < 1): + print("Must specify file name!") + exit(1) + +file_name = argv[1] +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['system', 'sysctl'] +config = ConfigTree(config_file) + +if not config.exists(base): + # Nothing to do + exit(0) + +for all_custom in ['all', 'custom']: + if config.exists(base + [all_custom]): + for key in config.list_nodes(base + [all_custom]): + tmp = config.return_value(base + [all_custom, key, 'value']) + config.set(base + ['parameter', key, 'value'], value=tmp) + config.set_tag(base + ['parameter']) + config.delete(base + [all_custom]) + +for ipv4_param in ['net.ipv4.igmp_max_memberships', 'net.ipv4.ipfrag_time']: + if config.exists(base + [ipv4_param]): + tmp = config.return_value(base + [ipv4_param]) + config.set(base + ['parameter', ipv4_param, 'value'], value=tmp) + config.set_tag(base + ['parameter']) + config.delete(base + [ipv4_param]) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1) diff --git a/src/validators/sysctl b/src/validators/sysctl new file mode 100755 index 000000000..9b5bba3e1 --- /dev/null +++ b/src/validators/sysctl @@ -0,0 +1,24 @@ +#!/bin/sh +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +declare -a array +eval "array=($(/sbin/sysctl -N -a))" + +if [[ ! " ${array[@]} " =~ " $1 " ]]; then + # passed sysctl option is invalid + exit 1 +fi +exit 0 -- cgit v1.2.3