From 95ff6604198f0c946a1d8d5773dbad63878dc178 Mon Sep 17 00:00:00 2001 From: daniel-pro <43214013+daniel-pro@users.noreply.github.com> Date: Sun, 16 Dec 2018 18:28:12 +0100 Subject: Update show_ipsec_sa.py --- src/op_mode/show_ipsec_sa.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py index 3c8d678eb..9e1d6ce4d 100755 --- a/src/op_mode/show_ipsec_sa.py +++ b/src/op_mode/show_ipsec_sa.py @@ -42,8 +42,8 @@ for conn in connections: enc, hash, dh, bytes_in, bytes_out = parse_ike_line(status) # Convert bytes to human-readable units - bytes_in = hurry.filesize.size(bytes_in) - bytes_out = hurry.filesize.size(bytes_out) + bytes_in = hurry.filesize.size(int(bytes_in)) + bytes_out = hurry.filesize.size(int(bytes_out)) status_line = [conn, "up", time, "{0}/{1}".format(bytes_in, bytes_out), ip, id, "{0}/{1}/{2}".format(enc, hash, dh)] except Exception as e: -- cgit v1.2.3 From dd2a15158e8f22b8b1ba68160b686ff1047babf4 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Mon, 31 Dec 2018 11:52:29 +0100 Subject: T1108: warn the user and exit if there are no established IPsec SAs. --- src/op_mode/show_ipsec_sa.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py index 9e1d6ce4d..117824632 100755 --- a/src/op_mode/show_ipsec_sa.py +++ b/src/op_mode/show_ipsec_sa.py @@ -1,14 +1,21 @@ #!/usr/bin/env python3 import re +import sys import subprocess import tabulate import hurry.filesize def parse_conn_spec(s): - # Example: ESTABLISHED 14 seconds ago, 10.0.0.2[foo]...10.0.0.1[10.0.0.1] - return re.search(r'.*ESTABLISHED\s+(.*)ago,\s(.*)\[(.*)\]\.\.\.(.*)\[(.*)\].*', s).groups() + try: + # Example: ESTABLISHED 14 seconds ago, 10.0.0.2[foo]...10.0.0.1[10.0.0.1] + return re.search(r'.*ESTABLISHED\s+(.*)ago,\s(.*)\[(.*)\]\.\.\.(.*)\[(.*)\].*', s).groups() + except AttributeError: + # No active SAs found, so we have nothing to display + print("No established security associations found.") + print("Use \"show vpn ipsec sa\" to view inactive and connecting tunnels.") + sys.exit(0) def parse_ike_line(s): try: -- cgit v1.2.3 From b86f752fc6163938c879a3274777170b76800495 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Mon, 31 Dec 2018 12:40:58 +0100 Subject: T1112: migrate BGP redistribute options (patch by Merijn). --- src/migration-scripts/quagga/2-to-3 | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/migration-scripts/quagga/2-to-3 b/src/migration-scripts/quagga/2-to-3 index 99d96a0aa..88063470f 100755 --- a/src/migration-scripts/quagga/2-to-3 +++ b/src/migration-scripts/quagga/2-to-3 @@ -178,6 +178,17 @@ else: for peer_group in peer_groups: migrate_neighbor(config, peer_group_path, peer_group) + ## Migrate redistribute statements + redistribute_path = ['protocols', 'bgp', asn, 'redistribute'] + if config.exists(redistribute_path): + config.set(bgp_path + af_path + ['redistribute']) + + redistributes = config.list_nodes(redistribute_path) + for redistribute in redistributes: + config.set(bgp_path + af_path + ['redistribute', redistribute]) + + config.delete(redistribute_path) + try: with open(file_name, 'w') as f: f.write(config.to_string()) -- cgit v1.2.3 From 432d98347ab3fbb737796081e122b6c69a3bbb8f Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Mon, 31 Dec 2018 12:58:24 +0100 Subject: T1112: migrate BGP redistribute metric and route-map options too. --- src/migration-scripts/quagga/2-to-3 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/migration-scripts/quagga/2-to-3 b/src/migration-scripts/quagga/2-to-3 index 88063470f..4c1cd86a3 100755 --- a/src/migration-scripts/quagga/2-to-3 +++ b/src/migration-scripts/quagga/2-to-3 @@ -186,6 +186,12 @@ else: redistributes = config.list_nodes(redistribute_path) for redistribute in redistributes: config.set(bgp_path + af_path + ['redistribute', redistribute]) + if config.exists(redistribute_path + [redistribute, 'metric']): + redist_metric = config.return_value(redistribute_path + [redistribute, 'metric']) + config.set(bgp_path + af_path + ['redistribute', redistribute, 'metric'], value=redist_metric) + if config.exists(redistribute_path + [redistribute, 'route-map']): + redist_route_map = config.return_value(redistribute_path + [redistribute, 'route-map']) + config.set(bgp_path + af_path + ['redistribute', redistribute, 'route-map'], value=redist_route_map) config.delete(redistribute_path) -- cgit v1.2.3 From d50524722819582cc1d7ad289d12e9f585f701de Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Mon, 31 Dec 2018 13:41:29 +0100 Subject: T1128: restart SNMP on hostname change. --- debian/control | 1 + src/conf_mode/host_name.py | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 7061d50ef..93608d888 100644 --- a/debian/control +++ b/debian/control @@ -35,6 +35,7 @@ Depends: python3, lsscsi, pciutils, usbutils, + procps, snmp, snmpd, openssh-server, ntp, diff --git a/src/conf_mode/host_name.py b/src/conf_mode/host_name.py index 3b3958f7f..030735215 100755 --- a/src/conf_mode/host_name.py +++ b/src/conf_mode/host_name.py @@ -100,9 +100,13 @@ def apply(config): """Apply configuration""" os.system("hostnamectl set-hostname --static {0}".format(config["fqdn"])) - # restart services that use the hostname + # Restart services that use the hostname os.system("systemctl restart rsyslog.service") + # If SNMP is running, restart it too + if os.system("pgrep snmpd > /dev/null") == 0: + os.system("systemctl restart snmpd.service") + return None -- cgit v1.2.3