From 4ad1185536756890295fdd8b566fb65a75ef429d Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 6 Apr 2024 11:24:49 +0200 Subject: ipoe: T6205: error in migration script logic while renaming mac-address to mac node The problem was introduced in [1] but the config migrator part unfortunately was added to the wrong version [2]. As IPoE config version 0 was only active during the 1.3 development cycle and VyOS 1.3.0 was already released with config version 1 we can safely drop the migrator 0-to-1 and move the code to 1-to-2 to properly support upgrades from VyOS 1.3 -> 1.4 or newer. 1: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-08291bf77870abe3af8bbe3e8ce4bbf344fd0498b2c5c75a75aa7235d381c88eL168 2: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-b8bb58b75607d3653e74d82eff02442f9f3ab82698f160ba37858f7cdf6c79ccR44-R46 (cherry picked from commit a5ccc06c08d3a9696f1c03c8d0c7de78ce1fd3c5) --- smoketest/config-tests/ipoe-server | 35 ++++++++++++++++ smoketest/configs/ipoe-server | 10 ++--- src/conf_mode/service_ipoe-server.py | 4 +- src/migration-scripts/ipoe-server/0-to-1 | 71 -------------------------------- src/migration-scripts/ipoe-server/1-to-2 | 36 +++++++++++++++- 5 files changed, 74 insertions(+), 82 deletions(-) create mode 100644 smoketest/config-tests/ipoe-server delete mode 100755 src/migration-scripts/ipoe-server/0-to-1 diff --git a/smoketest/config-tests/ipoe-server b/smoketest/config-tests/ipoe-server new file mode 100644 index 000000000..fb32fdb14 --- /dev/null +++ b/smoketest/config-tests/ipoe-server @@ -0,0 +1,35 @@ +set interfaces ethernet eth0 address 'dhcp' +set interfaces ethernet eth1 address '192.168.0.1/24' +set interfaces loopback lo +set service ntp server time1.vyos.net +set service ntp server time2.vyos.net +set service ntp server time3.vyos.net +set service ipoe-server authentication interface eth1 mac 08:00:27:2f:d8:06 rate-limit download '1000' +set service ipoe-server authentication interface eth1 mac 08:00:27:2f:d8:06 rate-limit upload '500' +set service ipoe-server authentication interface eth1 mac 08:00:27:2f:d8:06 vlan '100' +set service ipoe-server authentication interface eth2 mac 08:00:27:2f:d8:06 +set service ipoe-server authentication mode 'local' +set service ipoe-server client-ip-pool POOL1 range '192.0.2.0/24' +set service ipoe-server client-ipv6-pool ipv6-pool delegate 2001:db8:1::/48 delegation-prefix '56' +set service ipoe-server client-ipv6-pool ipv6-pool prefix 2001:db8::/48 mask '64' +set service ipoe-server default-ipv6-pool 'ipv6-pool' +set service ipoe-server default-pool 'POOL1' +set service ipoe-server gateway-address '192.0.2.1/24' +set service ipoe-server interface eth1 mode 'l3' +set service ipoe-server interface eth1 network 'vlan' +set service ipoe-server interface eth1 vlan '100' +set service ipoe-server interface eth1 vlan '200' +set service ipoe-server interface eth1 vlan '1000-2000' +set service ipoe-server interface eth1 vlan '2500-2700' +set service ipoe-server name-server '10.10.1.1' +set service ipoe-server name-server '10.10.1.2' +set service ipoe-server name-server '2001:db8:aaa::' +set service ipoe-server name-server '2001:db8:bbb::' +set system config-management commit-revisions '100' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' +set system console device ttyS0 speed '115200' +set nat source rule 100 outbound-interface name 'eth0' +set nat source rule 100 source address '192.168.0.0/24' +set nat source rule 100 translation address 'masquerade' diff --git a/smoketest/configs/ipoe-server b/smoketest/configs/ipoe-server index a375e91de..fdd554b7d 100644 --- a/smoketest/configs/ipoe-server +++ b/smoketest/configs/ipoe-server @@ -56,7 +56,6 @@ service { } } interface eth1 { - client-subnet 192.168.0.0/24 network vlan network-mode L3 vlan-id 100 @@ -64,9 +63,6 @@ service { vlan-range 1000-2000 vlan-range 2500-2700 } - interface eth2 { - client-subnet 192.168.1.0/24 - } name-server 10.10.1.1 name-server 10.10.1.2 name-server 2001:db8:aaa:: @@ -94,11 +90,11 @@ system { } } ntp { - server 0.pool.ntp.org { + server time1.vyos.net { } - server 1.pool.ntp.org { + server time2.vyos.net { } - server 2.pool.ntp.org { + server time3.vyos.net { } } syslog { diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py index 852b714eb..11e950782 100755 --- a/src/conf_mode/service_ipoe-server.py +++ b/src/conf_mode/service_ipoe-server.py @@ -68,8 +68,8 @@ def verify(ipoe): for interface, iface_config in ipoe['interface'].items(): verify_interface_exists(interface) if 'client_subnet' in iface_config and 'vlan' in iface_config: - raise ConfigError('Option "client-subnet" incompatible with "vlan"!' - 'Use "ipoe client-ip-pool" instead.') + raise ConfigError('Option "client-subnet" and "vlan" are mutually exclusive, ' + 'use "client-ip-pool" instead!') verify_accel_ppp_authentication(ipoe, local_users=False) verify_accel_ppp_ip_pool(ipoe) diff --git a/src/migration-scripts/ipoe-server/0-to-1 b/src/migration-scripts/ipoe-server/0-to-1 deleted file mode 100755 index a6dd46ac1..000000000 --- a/src/migration-scripts/ipoe-server/0-to-1 +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2022-2024 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# - T4703: merge vlan-id and vlan-range to vlan CLI node - -# L2|L3 -> l2|l3 -# mac-address -> mac -# network-mode -> mode - -from sys import argv, exit -from vyos.configtree import ConfigTree - -if len(argv) < 2: - print("Must specify file name!") - exit(1) - -file_name = argv[1] - -with open(file_name, 'r') as f: - config_file = f.read() - -config = ConfigTree(config_file) -base = ['service', 'ipoe-server'] -if not config.exists(base): - # Nothing to do - exit(0) - -if config.exists(base + ['authentication', 'interface']): - for interface in config.list_nodes(base + ['authentication', 'interface']): - config.rename(base + ['authentication', 'interface', interface, 'mac-address'], 'mac') - - mac_base = base + ['authentication', 'interface', interface, 'mac'] - for mac in config.list_nodes(mac_base): - vlan_config = mac_base + [mac, 'vlan-id'] - if config.exists(vlan_config): - config.rename(vlan_config, 'vlan') - -for interface in config.list_nodes(base + ['interface']): - base_path = base + ['interface', interface] - for vlan in ['vlan-id', 'vlan-range']: - if config.exists(base_path + [vlan]): - print(interface, vlan) - for tmp in config.return_values(base_path + [vlan]): - config.set(base_path + ['vlan'], value=tmp, replace=False) - config.delete(base_path + [vlan]) - - if config.exists(base_path + ['network-mode']): - tmp = config.return_value(base_path + ['network-mode']) - config.delete(base_path + ['network-mode']) - # Change L2|L3 to lower case l2|l3 - config.set(base_path + ['mode'], value=tmp.lower()) - -try: - with open(file_name, 'w') as f: - f.write(config.to_string()) -except OSError as e: - print("Failed to save the modified config: {}".format(e)) - exit(1) diff --git a/src/migration-scripts/ipoe-server/1-to-2 b/src/migration-scripts/ipoe-server/1-to-2 index 378702693..f1335b5a5 100755 --- a/src/migration-scripts/ipoe-server/1-to-2 +++ b/src/migration-scripts/ipoe-server/1-to-2 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -14,6 +14,11 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +# - T4703: merge vlan-id and vlan-range to vlan CLI node +# L2|L3 -> l2|l3 +# mac-address -> mac +# network-mode -> mode + # - changed cli of all named pools # - moved gateway-address from pool to global configuration with / netmask # gateway can exist without pool if radius is used @@ -39,12 +44,39 @@ with open(file_name, 'r') as f: config = ConfigTree(config_file) base = ['service', 'ipoe-server'] -pool_base = base + ['client-ip-pool'] + if not config.exists(base): exit(0) +if config.exists(base + ['authentication', 'interface']): + for interface in config.list_nodes(base + ['authentication', 'interface']): + config.rename(base + ['authentication', 'interface', interface, 'mac-address'], 'mac') + + mac_base = base + ['authentication', 'interface', interface, 'mac'] + for mac in config.list_nodes(mac_base): + vlan_config = mac_base + [mac, 'vlan-id'] + if config.exists(vlan_config): + config.rename(vlan_config, 'vlan') + +for interface in config.list_nodes(base + ['interface']): + base_path = base + ['interface', interface] + for vlan in ['vlan-id', 'vlan-range']: + if config.exists(base_path + [vlan]): + print(interface, vlan) + for tmp in config.return_values(base_path + [vlan]): + config.set(base_path + ['vlan'], value=tmp, replace=False) + config.delete(base_path + [vlan]) + + if config.exists(base_path + ['network-mode']): + tmp = config.return_value(base_path + ['network-mode']) + config.delete(base_path + ['network-mode']) + # Change L2|L3 to lower case l2|l3 + config.set(base_path + ['mode'], value=tmp.lower()) + +pool_base = base + ['client-ip-pool'] if not config.exists(pool_base): exit(0) + default_pool = '' gateway = '' -- cgit v1.2.3