From a7083429020488390319e84dd003d80668154ae6 Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Wed, 4 Dec 2019 16:08:01 -0600 Subject: [vyos.config] T1847: correctly set_level for path given as empty string --- python/vyos/config.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python/vyos/config.py b/python/vyos/config.py index 13b2c107e..c677d3118 100644 --- a/python/vyos/config.py +++ b/python/vyos/config.py @@ -160,7 +160,10 @@ class Config(object): # and path supplied as method argument # XXX: for small strings in-place concatenation is not a problem if isinstance(path, str): - self._level = re.split(r'\s*', path) + if path: + self._level = re.split(r'\s*', path) + else: + self._level = [] elif isinstance(path, list): self._level = path else: -- cgit v1.2.3 From a93a1dbd7d18ff82246b4f7fb9a3757c14e6a9c7 Mon Sep 17 00:00:00 2001 From: hagbard Date: Wed, 4 Dec 2019 08:24:16 -0800 Subject: syslog: T1845: syslog host no longer accepts a port - renamed interface xml - renamed syslog.py to system-syslog.py - moved protocol out of the facility node (bug) - node port created - migration script included --- interface-definitions/syslog.xml | 932 ------------------------------- interface-definitions/system-syslog.xml | 945 ++++++++++++++++++++++++++++++++ src/conf_mode/syslog.py | 320 ----------- src/conf_mode/system-syslog.py | 321 +++++++++++ src/migration-scripts/system/11-to-12 | 55 ++ 5 files changed, 1321 insertions(+), 1252 deletions(-) delete mode 100644 interface-definitions/syslog.xml create mode 100644 interface-definitions/system-syslog.xml delete mode 100755 src/conf_mode/syslog.py create mode 100755 src/conf_mode/system-syslog.py create mode 100755 src/migration-scripts/system/11-to-12 diff --git a/interface-definitions/syslog.xml b/interface-definitions/syslog.xml deleted file mode 100644 index d5ea4511e..000000000 --- a/interface-definitions/syslog.xml +++ /dev/null @@ -1,932 +0,0 @@ - - - - - - - System logging - 400 - - - - - Logging to specific user's terminal - - ^[a-z_][a-z0-9_-]{1,31}[$]? - - illegal characters in user - - username - user login name - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - Logging to a remote host - - - (?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$) - - Invalid host FQDN or IP address - - x.x.x.x or host.domain.tld - Remote host name or IP address - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - syslog communication protocol - - udp - send log messages to remote syslog server over udp - - - tcp - send log messages to remote syslog server over tcp - - - udp tcp - - - (udp|tcp) - - invalid protocol name - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - Logging to system standard location - - - - - Log file size and rotation characteristics - - - - - Number of saved files (default is 5) - - ^[0-9]+ - - illegal characters in number of files - - - - - Size of log files (in kbytes, default is 256) - - ^[0-9]+ - - illegal characters in size - - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - mark messages sent to syslog - - - - - time interval how often a mark message is being sent in seconds (default: 1200) - - - - - - - - - - uses FQDN for logging - - - - - - - - Logging to a file - - ^[a-zA-Z0-9\-_.]{1,255} - - illegal characters in filename or filename longer than 255 characters - - - - - Log file size and rotation characteristics - - - - - Number of saved files (default is 5) - - ^[0-9]+ - - illegal characters in number of files - - - - - Size of log files (in kbytes, default is 256) - - ^[0-9]+ - - illegal characters in size - - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - logging to serial console - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - - - diff --git a/interface-definitions/system-syslog.xml b/interface-definitions/system-syslog.xml new file mode 100644 index 000000000..504efd8fd --- /dev/null +++ b/interface-definitions/system-syslog.xml @@ -0,0 +1,945 @@ + + + + + + + System logging + 400 + + + + + Logging to specific user's terminal + + ^[a-z_][a-z0-9_-]{1,31}[$]? + + illegal characters in user + + username + user login name + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + Logging to a remote host + + + (?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$) + + Invalid host FQDN or IP address + + x.x.x.x or host.domain.tld + Remote host name or IP address + + + + + + Syslog communication protocol + + udp + Send log messages to remote syslog server over udp + + + tcp + Send log messages to remote syslog server over tcp + + + udp tcp + + + (udp|tcp) + + Invalid protocol name + + + + + Destination port + + 1-65535 + Protocol destination port + + + + + Invalid destination port + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + Logging to system standard location + + + + + Log file size and rotation characteristics + + + + + Number of saved files (default is 5) + + ^[0-9]+ + + illegal characters in number of files + + + + + Size of log files (in kbytes, default is 256) + + ^[0-9]+ + + illegal characters in size + + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + mark messages sent to syslog + + + + + time interval how often a mark message is being sent in seconds (default: 1200) + + + + + + + + + + uses FQDN for logging + + + + + + + + Logging to a file + + ^[a-zA-Z0-9\-_.]{1,255} + + illegal characters in filename or filename longer than 255 characters + + + + + Log file size and rotation characteristics + + + + + Number of saved files (default is 5) + + ^[0-9]+ + + illegal characters in number of files + + + + + Size of log files (in kbytes, default is 256) + + ^[0-9]+ + + illegal characters in size + + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + logging to serial console + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + + + diff --git a/src/conf_mode/syslog.py b/src/conf_mode/syslog.py deleted file mode 100755 index c4f3d2c9c..000000000 --- a/src/conf_mode/syslog.py +++ /dev/null @@ -1,320 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2018 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# - -import sys -import os -import re -import jinja2 - -from vyos.config import Config -from vyos import ConfigError - -# config templates - -# /etc/rsyslog.d/vyos-rsyslog.conf ### -configs = ''' -## generated by syslog.py ## -## file based logging -{% if files['global']['marker'] -%} -$ModLoad immark -{% if files['global']['marker-interval'] %} -$MarkMessagePeriod {{files['global']['marker-interval']}} -{% endif %} -{% endif -%} -{% if files['global']['preserver_fqdn'] -%} -$PreserveFQDN on -{% endif -%} -{% for file in files %} -$outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}} -{{files[file]['selectors']}} :omfile:${{file}} -{% endfor %} -{% if console %} -## console logging -{% for con in console %} -{{console[con]['selectors']}} /dev/console -{% endfor %} -{% endif %} -{% if hosts %} -## remote logging -{% for host in hosts %} -{% if hosts[host]['proto'] == 'tcp' %} -{{hosts[host]['selectors']}} @@{{host}} -{% else %} -{{hosts[host]['selectors']}} @{{host}} -{% endif %} -{% endfor %} -{% endif %} -{% if user %} -{% for u in user %} -{{user[u]['selectors']}} :omusrmsg:{{u}} -{% endfor %} -{% endif %} -''' - -logrotate_configs = ''' -{% for file in files %} -{{files[file]['log-file']}} { - missingok - notifempty - create - rotate {{files[file]['max-files']}} - size={{files[file]['max-size']//1024}}k - postrotate - invoke-rc.d rsyslog rotate > /dev/null - endscript -} -{% endfor %} -''' -# config templates end - - -def get_config(): - c = Config() - if not c.exists('system syslog'): - return None - c.set_level('system syslog') - - config_data = { - 'files': {}, - 'console': {}, - 'hosts': {}, - 'user': {} - } - - # - # /etc/rsyslog.d/vyos-rsyslog.conf - # 'set system syslog global' - # - config_data['files'].update( - { - 'global': { - 'log-file': '/var/log/messages', - 'max-size': 262144, - 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog', - 'selectors': '*.notice;local7.debug', - 'max-files': '5', - 'preserver_fqdn': False - } - } - ) - - if c.exists('global marker'): - config_data['files']['global']['marker'] = True - if c.exists('global marker interval'): - config_data['files']['global'][ - 'marker-interval'] = c.return_value('global marker interval') - if c.exists('global facility'): - config_data['files']['global'][ - 'selectors'] = generate_selectors(c, 'global facility') - if c.exists('global archive size'): - config_data['files']['global']['max-size'] = int( - c.return_value('global archive size')) * 1024 - if c.exists('global archive file'): - config_data['files']['global'][ - 'max-files'] = c.return_value('global archive file') - if c.exists('global preserve-fqdn'): - config_data['files']['global']['preserver_fqdn'] = True - - # - # set system syslog file - # - - if c.exists('file'): - filenames = c.list_nodes('file') - for filename in filenames: - config_data['files'].update( - { - filename: { - 'log-file': '/var/log/user/' + filename, - 'max-files': '5', - 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/' + filename, - 'selectors': '*.err', - 'max-size': 262144 - } - } - ) - - if c.exists('file ' + filename + ' facility'): - config_data['files'][filename]['selectors'] = generate_selectors( - c, 'file ' + filename + ' facility') - if c.exists('file ' + filename + ' archive size'): - config_data['files'][filename]['max-size'] = int( - c.return_value('file ' + filename + ' archive size')) * 1024 - if c.exists('file ' + filename + ' archive files'): - config_data['files'][filename]['max-files'] = c.return_value( - 'file ' + filename + ' archive files') - - # set system syslog console - if c.exists('console'): - config_data['console'] = { - '/dev/console': { - 'selectors': '*.err' - } - } - - for f in c.list_nodes('console facility'): - if c.exists('console facility ' + f + ' level'): - config_data['console'] = { - '/dev/console': { - 'selectors': generate_selectors(c, 'console facility') - } - } - - # set system syslog host - if c.exists('host'): - proto = 'udp' - rhosts = c.list_nodes('host') - for rhost in rhosts: - for fac in c.list_nodes('host ' + rhost + ' facility'): - if c.exists('host ' + rhost + ' facility ' + fac + ' protocol'): - proto = c.return_value( - 'host ' + rhost + ' facility ' + fac + ' protocol') - - config_data['hosts'].update( - { - rhost: { - 'selectors': generate_selectors(c, 'host ' + rhost + ' facility'), - 'proto': proto - } - } - ) - - # set system syslog user - if c.exists('user'): - usrs = c.list_nodes('user') - for usr in usrs: - config_data['user'].update( - { - usr: { - 'selectors': generate_selectors(c, 'user ' + usr + ' facility') - } - } - ) - - return config_data - - -def generate_selectors(c, config_node): -# protocols and security are being mapped here -# for backward compatibility with old configs -# security and protocol mappings can be removed later - if c.is_tag(config_node): - nodes = c.list_nodes(config_node) - selectors = "" - for node in nodes: - lvl = c.return_value(config_node + ' ' + node + ' level') - if lvl == None: - lvl = "err" - if lvl == 'all': - lvl = '*' - if node == 'all' and node != nodes[-1]: - selectors += "*." + lvl + ";" - elif node == 'all': - selectors += "*." + lvl - elif node != nodes[-1]: - if node == 'protocols': - node = 'local7' - if node == 'security': - node = 'auth' - selectors += node + "." + lvl + ";" - else: - if node == 'protocols': - node = 'local7' - if node == 'security': - node = 'auth' - selectors += node + "." + lvl - return selectors - - -def generate(c): - if c == None: - return None - - tmpl = jinja2.Template(configs, trim_blocks=True) - config_text = tmpl.render(c) - with open('/etc/rsyslog.d/vyos-rsyslog.conf', 'w') as f: - f.write(config_text) - - # eventually write for each file its own logrotate file, since size is - # defined it shouldn't matter - tmpl = jinja2.Template(logrotate_configs, trim_blocks=True) - config_text = tmpl.render(c) - with open('/etc/logrotate.d/vyos-rsyslog', 'w') as f: - f.write(config_text) - - -def verify(c): - if c == None: - return None - # - # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) - # it interferes with the global logging, to make sure we are using a single base, template is enforced here - # - if not os.path.islink('/etc/rsyslog.conf'): - os.remove('/etc/rsyslog.conf') - os.symlink( - '/usr/share/vyos/templates/rsyslog/rsyslog.conf', '/etc/rsyslog.conf') - - # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there - # is a chance that someone still needs it, so I don't automatically remove - # them - - if c == None: - return None - - fac = [ - '*', 'auth', 'authpriv', 'cron', 'daemon', 'kern', 'lpr', 'mail', 'mark', 'news', 'protocols', 'security', - 'syslog', 'user', 'uucp', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7'] - lvl = ['emerg', 'alert', 'crit', 'err', - 'warning', 'notice', 'info', 'debug', '*'] - - for conf in c: - if c[conf]: - for item in c[conf]: - for s in c[conf][item]['selectors'].split(";"): - f = re.sub("\..*$", "", s) - if f not in fac: - print (c[conf]) - raise ConfigError( - 'Invalid facility ' + s + ' set in ' + conf + ' ' + item) - l = re.sub("^.+\.", "", s) - if l not in lvl: - raise ConfigError( - 'Invalid logging level ' + s + ' set in ' + conf + ' ' + item) - - -def apply(c): - if not c and os.path.exists('/var/run/rsyslogd.pid'): - os.system("sudo systemctl stop syslog.socket") - os.system("sudo systemctl stop rsyslog") - else: - if not os.path.exists('/var/run/rsyslogd.pid'): - os.system("sudo systemctl start rsyslog >/dev/null") - else: - os.system("sudo systemctl restart rsyslog >/dev/null") - - -if __name__ == '__main__': - try: - c = get_config() - verify(c) - generate(c) - apply(c) - except ConfigError as e: - print(e) - sys.exit(1) diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py new file mode 100755 index 000000000..f238acc15 --- /dev/null +++ b/src/conf_mode/system-syslog.py @@ -0,0 +1,321 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# + +import sys +import os +import re +import jinja2 + +from vyos.config import Config +from vyos import ConfigError + +# config templates + +# /etc/rsyslog.d/vyos-rsyslog.conf ### +configs = ''' +## generated by syslog.py ## +## file based logging +{% if files['global']['marker'] -%} +$ModLoad immark +{% if files['global']['marker-interval'] %} +$MarkMessagePeriod {{files['global']['marker-interval']}} +{% endif %} +{% endif -%} +{% if files['global']['preserver_fqdn'] -%} +$PreserveFQDN on +{% endif -%} +{% for file in files %} +$outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}} +{{files[file]['selectors']}} :omfile:${{file}} +{% endfor %} +{% if console %} +## console logging +{% for con in console %} +{{console[con]['selectors']}} /dev/console +{% endfor %} +{% endif %} +{% if hosts %} +## remote logging +{% for host in hosts %} +{% if hosts[host]['proto'] == 'tcp' %} +{{hosts[host]['selectors']}} @@{{host}}:{{hosts[host]['port']}} +{% else %} +{{hosts[host]['selectors']}} @{{host}}:{{hosts[host]['port']}} +{% endif %} +{% endfor %} +{% endif %} +{% if user %} +{% for u in user %} +{{user[u]['selectors']}} :omusrmsg:{{u}} +{% endfor %} +{% endif %} +''' + +logrotate_configs = ''' +{% for file in files %} +{{files[file]['log-file']}} { + missingok + notifempty + create + rotate {{files[file]['max-files']}} + size={{files[file]['max-size']//1024}}k + postrotate + invoke-rc.d rsyslog rotate > /dev/null + endscript +} +{% endfor %} +''' +# config templates end + + +def get_config(): + c = Config() + if not c.exists('system syslog'): + return None + c.set_level('system syslog') + + config_data = { + 'files': {}, + 'console': {}, + 'hosts': {}, + 'user': {} + } + + # + # /etc/rsyslog.d/vyos-rsyslog.conf + # 'set system syslog global' + # + config_data['files'].update( + { + 'global': { + 'log-file': '/var/log/messages', + 'max-size': 262144, + 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog', + 'selectors': '*.notice;local7.debug', + 'max-files': '5', + 'preserver_fqdn': False + } + } + ) + + if c.exists('global marker'): + config_data['files']['global']['marker'] = True + if c.exists('global marker interval'): + config_data['files']['global'][ + 'marker-interval'] = c.return_value('global marker interval') + if c.exists('global facility'): + config_data['files']['global'][ + 'selectors'] = generate_selectors(c, 'global facility') + if c.exists('global archive size'): + config_data['files']['global']['max-size'] = int( + c.return_value('global archive size')) * 1024 + if c.exists('global archive file'): + config_data['files']['global'][ + 'max-files'] = c.return_value('global archive file') + if c.exists('global preserve-fqdn'): + config_data['files']['global']['preserver_fqdn'] = True + + # + # set system syslog file + # + + if c.exists('file'): + filenames = c.list_nodes('file') + for filename in filenames: + config_data['files'].update( + { + filename: { + 'log-file': '/var/log/user/' + filename, + 'max-files': '5', + 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/' + filename, + 'selectors': '*.err', + 'max-size': 262144 + } + } + ) + + if c.exists('file ' + filename + ' facility'): + config_data['files'][filename]['selectors'] = generate_selectors( + c, 'file ' + filename + ' facility') + if c.exists('file ' + filename + ' archive size'): + config_data['files'][filename]['max-size'] = int( + c.return_value('file ' + filename + ' archive size')) * 1024 + if c.exists('file ' + filename + ' archive files'): + config_data['files'][filename]['max-files'] = c.return_value( + 'file ' + filename + ' archive files') + + # set system syslog console + if c.exists('console'): + config_data['console'] = { + '/dev/console': { + 'selectors': '*.err' + } + } + + for f in c.list_nodes('console facility'): + if c.exists('console facility ' + f + ' level'): + config_data['console'] = { + '/dev/console': { + 'selectors': generate_selectors(c, 'console facility') + } + } + + # set system syslog host + if c.exists('host'): + rhosts = c.list_nodes(['host']) + for rhost in rhosts: + if c.exists('host ' + rhost + ' port'): + port = c.return_value(['host', rhost, 'port']) + else: + port = '514' + if c.exists('host ' + rhost + ' protocol'): + proto = c.return_value(['host', rhost, 'protocol']) + else: + proto = 'udp' + config_data['hosts'].update( + { + rhost: { + 'selectors': generate_selectors(c, 'host ' + rhost + ' facility'), + 'proto': proto, + 'port' : port + } + } + ) + + # set system syslog user + if c.exists('user'): + usrs = c.list_nodes('user') + for usr in usrs: + config_data['user'].update( + { + usr: { + 'selectors': generate_selectors(c, 'user ' + usr + ' facility') + } + } + ) + + return config_data + + +def generate_selectors(c, config_node): +# protocols and security are being mapped here +# for backward compatibility with old configs +# security and protocol mappings can be removed later + if c.is_tag(config_node): + nodes = c.list_nodes(config_node) + selectors = "" + for node in nodes: + lvl = c.return_value(config_node + ' ' + node + ' level') + if lvl == None: + lvl = "err" + if lvl == 'all': + lvl = '*' + if node == 'all' and node != nodes[-1]: + selectors += "*." + lvl + ";" + elif node == 'all': + selectors += "*." + lvl + elif node != nodes[-1]: + if node == 'protocols': + node = 'local7' + if node == 'security': + node = 'auth' + selectors += node + "." + lvl + ";" + else: + if node == 'protocols': + node = 'local7' + if node == 'security': + node = 'auth' + selectors += node + "." + lvl + return selectors + + +def generate(c): + if c == None: + return None + + tmpl = jinja2.Template(configs, trim_blocks=True) + config_text = tmpl.render(c) + with open('/etc/rsyslog.d/vyos-rsyslog.conf', 'w') as f: + f.write(config_text) + + # eventually write for each file its own logrotate file, since size is + # defined it shouldn't matter + tmpl = jinja2.Template(logrotate_configs, trim_blocks=True) + config_text = tmpl.render(c) + with open('/etc/logrotate.d/vyos-rsyslog', 'w') as f: + f.write(config_text) + + +def verify(c): + if c == None: + return None + # + # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) + # it interferes with the global logging, to make sure we are using a single base, template is enforced here + # + if not os.path.islink('/etc/rsyslog.conf'): + os.remove('/etc/rsyslog.conf') + os.symlink( + '/usr/share/vyos/templates/rsyslog/rsyslog.conf', '/etc/rsyslog.conf') + + # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there + # is a chance that someone still needs it, so I don't automatically remove + # them + + if c == None: + return None + + fac = [ + '*', 'auth', 'authpriv', 'cron', 'daemon', 'kern', 'lpr', 'mail', 'mark', 'news', 'protocols', 'security', + 'syslog', 'user', 'uucp', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7'] + lvl = ['emerg', 'alert', 'crit', 'err', + 'warning', 'notice', 'info', 'debug', '*'] + + for conf in c: + if c[conf]: + for item in c[conf]: + for s in c[conf][item]['selectors'].split(";"): + f = re.sub("\..*$", "", s) + if f not in fac: + raise ConfigError( + 'Invalid facility ' + s + ' set in ' + conf + ' ' + item) + l = re.sub("^.+\.", "", s) + if l not in lvl: + raise ConfigError( + 'Invalid logging level ' + s + ' set in ' + conf + ' ' + item) + +def apply(c): + if not c and os.path.exists('/var/run/rsyslogd.pid'): + os.system("sudo systemctl stop syslog.socket") + os.system("sudo systemctl stop rsyslog") + else: + if not os.path.exists('/var/run/rsyslogd.pid'): + os.system("sudo systemctl start rsyslog >/dev/null") + else: + os.system("sudo systemctl restart rsyslog >/dev/null") + + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + sys.exit(1) diff --git a/src/migration-scripts/system/11-to-12 b/src/migration-scripts/system/11-to-12 new file mode 100755 index 000000000..beba194fc --- /dev/null +++ b/src/migration-scripts/system/11-to-12 @@ -0,0 +1,55 @@ +#!/usr/bin/env python3 + +# converts 'set system syslog host
:' +# to 'set system syslog host
port ' + +import sys +import re + +from vyos.configtree import ConfigTree + +if (len(sys.argv) < 1): + print("Must specify file name!") + sys.exit(1) + +file_name = sys.argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +config = ConfigTree(config_file) +cbase = ['system', 'syslog', 'host'] + +if not config.exists(cbase): + sys.exit(0) +else: + config.set(cbase) + config.set_tag(cbase) + for host in config.list_nodes(cbase): + h = None + pt = None + if re.search('^[a-zA-Z\-0-9\.]+', host): + h = re.search('^[a-zA-Z\-0-9\.]+', host).group(0) + if re.search(':[0-9]+$', host): + pt = re.sub(':', '', re.search(':[0-9]+$', host).group(0)) + + config.set(cbase + [h]) + for fac in config.list_nodes(cbase + [host, 'facility']): + config.set(cbase + [h, 'facility', fac]) + config.set_tag(cbase + [h, 'facility']) + lvl = config.return_value(cbase + [host, 'facility', fac, 'level']) + prot = config.return_value(cbase + [host, 'facility', fac, 'protocol']) + config.set(cbase + [h, 'facility', fac, 'level'], value=lvl) + # port can be be in each tag node and different, + # that's something we can't fix here + if prot: + config.set(cbase + [h, 'protocol'], value=prot) + config.set(cbase + [h, 'port'], value=pt) + config.delete(cbase + [host]) + + try: + open(file_name,'w').write(config.to_string()) + except OSError as e: + print("Failed to save the modified config: {}".format(e)) + sys.exit(1) + -- cgit v1.2.3 From f412545f8d43ab7523790f159bd4f8416fa94e2e Mon Sep 17 00:00:00 2001 From: DmitriyEshenko Date: Thu, 5 Dec 2019 12:40:03 +0000 Subject: dmvpn: T1784: Add swanctl load call --- src/conf_mode/ipsec-settings.py | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py index 156bb2edd..331a62316 100755 --- a/src/conf_mode/ipsec-settings.py +++ b/src/conf_mode/ipsec-settings.py @@ -21,6 +21,7 @@ import re import os import jinja2 import syslog as sl +import time import vyos.config import vyos.defaults @@ -38,6 +39,7 @@ server_cert_path = '/etc/ipsec.d/certs' server_key_path = '/etc/ipsec.d/private' delim_ipsec_l2tp_begin = "### VyOS L2TP VPN Begin ###" delim_ipsec_l2tp_end = "### VyOS L2TP VPN End ###" +charon_pidfile = '/var/run/charon.pid' l2pt_ipsec_conf = ''' {{delim_ipsec_l2tp_begin}} @@ -243,11 +245,22 @@ def generate(data): remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_secrets_flie) remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_conf_flie) -def apply(data): - # Do nothing - # StrongSWAN should only be restarted when actual tunnels are configured - # Restart ipsec for l2tp +def restart_ipsec(): os.system("ipsec restart >&/dev/null") + # counter for apply swanctl config + counter = 10 + while counter <= 10: + if os.path.exists(charon_pidfile): + os.system("swanctl -q >&/dev/null") + break + counter -=1 + time.sleep(1) + if counter == 0: + raise ConfigError('VPN configuration error: IPSec is not running.') + +def apply(data): + # Restart IPSec daemon + restart_ipsec() if __name__ == '__main__': try: -- cgit v1.2.3 From c9390e9f1522cf5208dcdce59f2913639ab7fd6d Mon Sep 17 00:00:00 2001 From: hagbard Date: Thu, 5 Dec 2019 08:06:29 -0800 Subject: Revert "syslog: T1845: syslog host no longer accepts a port" This reverts commit a93a1dbd7d18ff82246b4f7fb9a3757c14e6a9c7. --- interface-definitions/syslog.xml | 932 +++++++++++++++++++++++++++++++ interface-definitions/system-syslog.xml | 945 -------------------------------- src/conf_mode/syslog.py | 320 +++++++++++ src/conf_mode/system-syslog.py | 321 ----------- src/migration-scripts/system/11-to-12 | 55 -- 5 files changed, 1252 insertions(+), 1321 deletions(-) create mode 100644 interface-definitions/syslog.xml delete mode 100644 interface-definitions/system-syslog.xml create mode 100755 src/conf_mode/syslog.py delete mode 100755 src/conf_mode/system-syslog.py delete mode 100755 src/migration-scripts/system/11-to-12 diff --git a/interface-definitions/syslog.xml b/interface-definitions/syslog.xml new file mode 100644 index 000000000..d5ea4511e --- /dev/null +++ b/interface-definitions/syslog.xml @@ -0,0 +1,932 @@ + + + + + + + System logging + 400 + + + + + Logging to specific user's terminal + + ^[a-z_][a-z0-9_-]{1,31}[$]? + + illegal characters in user + + username + user login name + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + Logging to a remote host + + + (?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$) + + Invalid host FQDN or IP address + + x.x.x.x or host.domain.tld + Remote host name or IP address + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + syslog communication protocol + + udp + send log messages to remote syslog server over udp + + + tcp + send log messages to remote syslog server over tcp + + + udp tcp + + + (udp|tcp) + + invalid protocol name + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + Logging to system standard location + + + + + Log file size and rotation characteristics + + + + + Number of saved files (default is 5) + + ^[0-9]+ + + illegal characters in number of files + + + + + Size of log files (in kbytes, default is 256) + + ^[0-9]+ + + illegal characters in size + + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + mark messages sent to syslog + + + + + time interval how often a mark message is being sent in seconds (default: 1200) + + + + + + + + + + uses FQDN for logging + + + + + + + + Logging to a file + + ^[a-zA-Z0-9\-_.]{1,255} + + illegal characters in filename or filename longer than 255 characters + + + + + Log file size and rotation characteristics + + + + + Number of saved files (default is 5) + + ^[0-9]+ + + illegal characters in number of files + + + + + Size of log files (in kbytes, default is 256) + + ^[0-9]+ + + illegal characters in size + + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + logging to serial console + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + + + diff --git a/interface-definitions/system-syslog.xml b/interface-definitions/system-syslog.xml deleted file mode 100644 index 504efd8fd..000000000 --- a/interface-definitions/system-syslog.xml +++ /dev/null @@ -1,945 +0,0 @@ - - - - - - - System logging - 400 - - - - - Logging to specific user's terminal - - ^[a-z_][a-z0-9_-]{1,31}[$]? - - illegal characters in user - - username - user login name - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - Logging to a remote host - - - (?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$) - - Invalid host FQDN or IP address - - x.x.x.x or host.domain.tld - Remote host name or IP address - - - - - - Syslog communication protocol - - udp - Send log messages to remote syslog server over udp - - - tcp - Send log messages to remote syslog server over tcp - - - udp tcp - - - (udp|tcp) - - Invalid protocol name - - - - - Destination port - - 1-65535 - Protocol destination port - - - - - Invalid destination port - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - Logging to system standard location - - - - - Log file size and rotation characteristics - - - - - Number of saved files (default is 5) - - ^[0-9]+ - - illegal characters in number of files - - - - - Size of log files (in kbytes, default is 256) - - ^[0-9]+ - - illegal characters in size - - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - mark messages sent to syslog - - - - - time interval how often a mark message is being sent in seconds (default: 1200) - - - - - - - - - - uses FQDN for logging - - - - - - - - Logging to a file - - ^[a-zA-Z0-9\-_.]{1,255} - - illegal characters in filename or filename longer than 255 characters - - - - - Log file size and rotation characteristics - - - - - Number of saved files (default is 5) - - ^[0-9]+ - - illegal characters in number of files - - - - - Size of log files (in kbytes, default is 256) - - ^[0-9]+ - - illegal characters in size - - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - logging to serial console - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - - - diff --git a/src/conf_mode/syslog.py b/src/conf_mode/syslog.py new file mode 100755 index 000000000..c4f3d2c9c --- /dev/null +++ b/src/conf_mode/syslog.py @@ -0,0 +1,320 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# + +import sys +import os +import re +import jinja2 + +from vyos.config import Config +from vyos import ConfigError + +# config templates + +# /etc/rsyslog.d/vyos-rsyslog.conf ### +configs = ''' +## generated by syslog.py ## +## file based logging +{% if files['global']['marker'] -%} +$ModLoad immark +{% if files['global']['marker-interval'] %} +$MarkMessagePeriod {{files['global']['marker-interval']}} +{% endif %} +{% endif -%} +{% if files['global']['preserver_fqdn'] -%} +$PreserveFQDN on +{% endif -%} +{% for file in files %} +$outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}} +{{files[file]['selectors']}} :omfile:${{file}} +{% endfor %} +{% if console %} +## console logging +{% for con in console %} +{{console[con]['selectors']}} /dev/console +{% endfor %} +{% endif %} +{% if hosts %} +## remote logging +{% for host in hosts %} +{% if hosts[host]['proto'] == 'tcp' %} +{{hosts[host]['selectors']}} @@{{host}} +{% else %} +{{hosts[host]['selectors']}} @{{host}} +{% endif %} +{% endfor %} +{% endif %} +{% if user %} +{% for u in user %} +{{user[u]['selectors']}} :omusrmsg:{{u}} +{% endfor %} +{% endif %} +''' + +logrotate_configs = ''' +{% for file in files %} +{{files[file]['log-file']}} { + missingok + notifempty + create + rotate {{files[file]['max-files']}} + size={{files[file]['max-size']//1024}}k + postrotate + invoke-rc.d rsyslog rotate > /dev/null + endscript +} +{% endfor %} +''' +# config templates end + + +def get_config(): + c = Config() + if not c.exists('system syslog'): + return None + c.set_level('system syslog') + + config_data = { + 'files': {}, + 'console': {}, + 'hosts': {}, + 'user': {} + } + + # + # /etc/rsyslog.d/vyos-rsyslog.conf + # 'set system syslog global' + # + config_data['files'].update( + { + 'global': { + 'log-file': '/var/log/messages', + 'max-size': 262144, + 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog', + 'selectors': '*.notice;local7.debug', + 'max-files': '5', + 'preserver_fqdn': False + } + } + ) + + if c.exists('global marker'): + config_data['files']['global']['marker'] = True + if c.exists('global marker interval'): + config_data['files']['global'][ + 'marker-interval'] = c.return_value('global marker interval') + if c.exists('global facility'): + config_data['files']['global'][ + 'selectors'] = generate_selectors(c, 'global facility') + if c.exists('global archive size'): + config_data['files']['global']['max-size'] = int( + c.return_value('global archive size')) * 1024 + if c.exists('global archive file'): + config_data['files']['global'][ + 'max-files'] = c.return_value('global archive file') + if c.exists('global preserve-fqdn'): + config_data['files']['global']['preserver_fqdn'] = True + + # + # set system syslog file + # + + if c.exists('file'): + filenames = c.list_nodes('file') + for filename in filenames: + config_data['files'].update( + { + filename: { + 'log-file': '/var/log/user/' + filename, + 'max-files': '5', + 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/' + filename, + 'selectors': '*.err', + 'max-size': 262144 + } + } + ) + + if c.exists('file ' + filename + ' facility'): + config_data['files'][filename]['selectors'] = generate_selectors( + c, 'file ' + filename + ' facility') + if c.exists('file ' + filename + ' archive size'): + config_data['files'][filename]['max-size'] = int( + c.return_value('file ' + filename + ' archive size')) * 1024 + if c.exists('file ' + filename + ' archive files'): + config_data['files'][filename]['max-files'] = c.return_value( + 'file ' + filename + ' archive files') + + # set system syslog console + if c.exists('console'): + config_data['console'] = { + '/dev/console': { + 'selectors': '*.err' + } + } + + for f in c.list_nodes('console facility'): + if c.exists('console facility ' + f + ' level'): + config_data['console'] = { + '/dev/console': { + 'selectors': generate_selectors(c, 'console facility') + } + } + + # set system syslog host + if c.exists('host'): + proto = 'udp' + rhosts = c.list_nodes('host') + for rhost in rhosts: + for fac in c.list_nodes('host ' + rhost + ' facility'): + if c.exists('host ' + rhost + ' facility ' + fac + ' protocol'): + proto = c.return_value( + 'host ' + rhost + ' facility ' + fac + ' protocol') + + config_data['hosts'].update( + { + rhost: { + 'selectors': generate_selectors(c, 'host ' + rhost + ' facility'), + 'proto': proto + } + } + ) + + # set system syslog user + if c.exists('user'): + usrs = c.list_nodes('user') + for usr in usrs: + config_data['user'].update( + { + usr: { + 'selectors': generate_selectors(c, 'user ' + usr + ' facility') + } + } + ) + + return config_data + + +def generate_selectors(c, config_node): +# protocols and security are being mapped here +# for backward compatibility with old configs +# security and protocol mappings can be removed later + if c.is_tag(config_node): + nodes = c.list_nodes(config_node) + selectors = "" + for node in nodes: + lvl = c.return_value(config_node + ' ' + node + ' level') + if lvl == None: + lvl = "err" + if lvl == 'all': + lvl = '*' + if node == 'all' and node != nodes[-1]: + selectors += "*." + lvl + ";" + elif node == 'all': + selectors += "*." + lvl + elif node != nodes[-1]: + if node == 'protocols': + node = 'local7' + if node == 'security': + node = 'auth' + selectors += node + "." + lvl + ";" + else: + if node == 'protocols': + node = 'local7' + if node == 'security': + node = 'auth' + selectors += node + "." + lvl + return selectors + + +def generate(c): + if c == None: + return None + + tmpl = jinja2.Template(configs, trim_blocks=True) + config_text = tmpl.render(c) + with open('/etc/rsyslog.d/vyos-rsyslog.conf', 'w') as f: + f.write(config_text) + + # eventually write for each file its own logrotate file, since size is + # defined it shouldn't matter + tmpl = jinja2.Template(logrotate_configs, trim_blocks=True) + config_text = tmpl.render(c) + with open('/etc/logrotate.d/vyos-rsyslog', 'w') as f: + f.write(config_text) + + +def verify(c): + if c == None: + return None + # + # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) + # it interferes with the global logging, to make sure we are using a single base, template is enforced here + # + if not os.path.islink('/etc/rsyslog.conf'): + os.remove('/etc/rsyslog.conf') + os.symlink( + '/usr/share/vyos/templates/rsyslog/rsyslog.conf', '/etc/rsyslog.conf') + + # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there + # is a chance that someone still needs it, so I don't automatically remove + # them + + if c == None: + return None + + fac = [ + '*', 'auth', 'authpriv', 'cron', 'daemon', 'kern', 'lpr', 'mail', 'mark', 'news', 'protocols', 'security', + 'syslog', 'user', 'uucp', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7'] + lvl = ['emerg', 'alert', 'crit', 'err', + 'warning', 'notice', 'info', 'debug', '*'] + + for conf in c: + if c[conf]: + for item in c[conf]: + for s in c[conf][item]['selectors'].split(";"): + f = re.sub("\..*$", "", s) + if f not in fac: + print (c[conf]) + raise ConfigError( + 'Invalid facility ' + s + ' set in ' + conf + ' ' + item) + l = re.sub("^.+\.", "", s) + if l not in lvl: + raise ConfigError( + 'Invalid logging level ' + s + ' set in ' + conf + ' ' + item) + + +def apply(c): + if not c and os.path.exists('/var/run/rsyslogd.pid'): + os.system("sudo systemctl stop syslog.socket") + os.system("sudo systemctl stop rsyslog") + else: + if not os.path.exists('/var/run/rsyslogd.pid'): + os.system("sudo systemctl start rsyslog >/dev/null") + else: + os.system("sudo systemctl restart rsyslog >/dev/null") + + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + sys.exit(1) diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py deleted file mode 100755 index f238acc15..000000000 --- a/src/conf_mode/system-syslog.py +++ /dev/null @@ -1,321 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2018 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# - -import sys -import os -import re -import jinja2 - -from vyos.config import Config -from vyos import ConfigError - -# config templates - -# /etc/rsyslog.d/vyos-rsyslog.conf ### -configs = ''' -## generated by syslog.py ## -## file based logging -{% if files['global']['marker'] -%} -$ModLoad immark -{% if files['global']['marker-interval'] %} -$MarkMessagePeriod {{files['global']['marker-interval']}} -{% endif %} -{% endif -%} -{% if files['global']['preserver_fqdn'] -%} -$PreserveFQDN on -{% endif -%} -{% for file in files %} -$outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}} -{{files[file]['selectors']}} :omfile:${{file}} -{% endfor %} -{% if console %} -## console logging -{% for con in console %} -{{console[con]['selectors']}} /dev/console -{% endfor %} -{% endif %} -{% if hosts %} -## remote logging -{% for host in hosts %} -{% if hosts[host]['proto'] == 'tcp' %} -{{hosts[host]['selectors']}} @@{{host}}:{{hosts[host]['port']}} -{% else %} -{{hosts[host]['selectors']}} @{{host}}:{{hosts[host]['port']}} -{% endif %} -{% endfor %} -{% endif %} -{% if user %} -{% for u in user %} -{{user[u]['selectors']}} :omusrmsg:{{u}} -{% endfor %} -{% endif %} -''' - -logrotate_configs = ''' -{% for file in files %} -{{files[file]['log-file']}} { - missingok - notifempty - create - rotate {{files[file]['max-files']}} - size={{files[file]['max-size']//1024}}k - postrotate - invoke-rc.d rsyslog rotate > /dev/null - endscript -} -{% endfor %} -''' -# config templates end - - -def get_config(): - c = Config() - if not c.exists('system syslog'): - return None - c.set_level('system syslog') - - config_data = { - 'files': {}, - 'console': {}, - 'hosts': {}, - 'user': {} - } - - # - # /etc/rsyslog.d/vyos-rsyslog.conf - # 'set system syslog global' - # - config_data['files'].update( - { - 'global': { - 'log-file': '/var/log/messages', - 'max-size': 262144, - 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog', - 'selectors': '*.notice;local7.debug', - 'max-files': '5', - 'preserver_fqdn': False - } - } - ) - - if c.exists('global marker'): - config_data['files']['global']['marker'] = True - if c.exists('global marker interval'): - config_data['files']['global'][ - 'marker-interval'] = c.return_value('global marker interval') - if c.exists('global facility'): - config_data['files']['global'][ - 'selectors'] = generate_selectors(c, 'global facility') - if c.exists('global archive size'): - config_data['files']['global']['max-size'] = int( - c.return_value('global archive size')) * 1024 - if c.exists('global archive file'): - config_data['files']['global'][ - 'max-files'] = c.return_value('global archive file') - if c.exists('global preserve-fqdn'): - config_data['files']['global']['preserver_fqdn'] = True - - # - # set system syslog file - # - - if c.exists('file'): - filenames = c.list_nodes('file') - for filename in filenames: - config_data['files'].update( - { - filename: { - 'log-file': '/var/log/user/' + filename, - 'max-files': '5', - 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/' + filename, - 'selectors': '*.err', - 'max-size': 262144 - } - } - ) - - if c.exists('file ' + filename + ' facility'): - config_data['files'][filename]['selectors'] = generate_selectors( - c, 'file ' + filename + ' facility') - if c.exists('file ' + filename + ' archive size'): - config_data['files'][filename]['max-size'] = int( - c.return_value('file ' + filename + ' archive size')) * 1024 - if c.exists('file ' + filename + ' archive files'): - config_data['files'][filename]['max-files'] = c.return_value( - 'file ' + filename + ' archive files') - - # set system syslog console - if c.exists('console'): - config_data['console'] = { - '/dev/console': { - 'selectors': '*.err' - } - } - - for f in c.list_nodes('console facility'): - if c.exists('console facility ' + f + ' level'): - config_data['console'] = { - '/dev/console': { - 'selectors': generate_selectors(c, 'console facility') - } - } - - # set system syslog host - if c.exists('host'): - rhosts = c.list_nodes(['host']) - for rhost in rhosts: - if c.exists('host ' + rhost + ' port'): - port = c.return_value(['host', rhost, 'port']) - else: - port = '514' - if c.exists('host ' + rhost + ' protocol'): - proto = c.return_value(['host', rhost, 'protocol']) - else: - proto = 'udp' - config_data['hosts'].update( - { - rhost: { - 'selectors': generate_selectors(c, 'host ' + rhost + ' facility'), - 'proto': proto, - 'port' : port - } - } - ) - - # set system syslog user - if c.exists('user'): - usrs = c.list_nodes('user') - for usr in usrs: - config_data['user'].update( - { - usr: { - 'selectors': generate_selectors(c, 'user ' + usr + ' facility') - } - } - ) - - return config_data - - -def generate_selectors(c, config_node): -# protocols and security are being mapped here -# for backward compatibility with old configs -# security and protocol mappings can be removed later - if c.is_tag(config_node): - nodes = c.list_nodes(config_node) - selectors = "" - for node in nodes: - lvl = c.return_value(config_node + ' ' + node + ' level') - if lvl == None: - lvl = "err" - if lvl == 'all': - lvl = '*' - if node == 'all' and node != nodes[-1]: - selectors += "*." + lvl + ";" - elif node == 'all': - selectors += "*." + lvl - elif node != nodes[-1]: - if node == 'protocols': - node = 'local7' - if node == 'security': - node = 'auth' - selectors += node + "." + lvl + ";" - else: - if node == 'protocols': - node = 'local7' - if node == 'security': - node = 'auth' - selectors += node + "." + lvl - return selectors - - -def generate(c): - if c == None: - return None - - tmpl = jinja2.Template(configs, trim_blocks=True) - config_text = tmpl.render(c) - with open('/etc/rsyslog.d/vyos-rsyslog.conf', 'w') as f: - f.write(config_text) - - # eventually write for each file its own logrotate file, since size is - # defined it shouldn't matter - tmpl = jinja2.Template(logrotate_configs, trim_blocks=True) - config_text = tmpl.render(c) - with open('/etc/logrotate.d/vyos-rsyslog', 'w') as f: - f.write(config_text) - - -def verify(c): - if c == None: - return None - # - # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) - # it interferes with the global logging, to make sure we are using a single base, template is enforced here - # - if not os.path.islink('/etc/rsyslog.conf'): - os.remove('/etc/rsyslog.conf') - os.symlink( - '/usr/share/vyos/templates/rsyslog/rsyslog.conf', '/etc/rsyslog.conf') - - # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there - # is a chance that someone still needs it, so I don't automatically remove - # them - - if c == None: - return None - - fac = [ - '*', 'auth', 'authpriv', 'cron', 'daemon', 'kern', 'lpr', 'mail', 'mark', 'news', 'protocols', 'security', - 'syslog', 'user', 'uucp', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7'] - lvl = ['emerg', 'alert', 'crit', 'err', - 'warning', 'notice', 'info', 'debug', '*'] - - for conf in c: - if c[conf]: - for item in c[conf]: - for s in c[conf][item]['selectors'].split(";"): - f = re.sub("\..*$", "", s) - if f not in fac: - raise ConfigError( - 'Invalid facility ' + s + ' set in ' + conf + ' ' + item) - l = re.sub("^.+\.", "", s) - if l not in lvl: - raise ConfigError( - 'Invalid logging level ' + s + ' set in ' + conf + ' ' + item) - -def apply(c): - if not c and os.path.exists('/var/run/rsyslogd.pid'): - os.system("sudo systemctl stop syslog.socket") - os.system("sudo systemctl stop rsyslog") - else: - if not os.path.exists('/var/run/rsyslogd.pid'): - os.system("sudo systemctl start rsyslog >/dev/null") - else: - os.system("sudo systemctl restart rsyslog >/dev/null") - - -if __name__ == '__main__': - try: - c = get_config() - verify(c) - generate(c) - apply(c) - except ConfigError as e: - print(e) - sys.exit(1) diff --git a/src/migration-scripts/system/11-to-12 b/src/migration-scripts/system/11-to-12 deleted file mode 100755 index beba194fc..000000000 --- a/src/migration-scripts/system/11-to-12 +++ /dev/null @@ -1,55 +0,0 @@ -#!/usr/bin/env python3 - -# converts 'set system syslog host
:' -# to 'set system syslog host
port ' - -import sys -import re - -from vyos.configtree import ConfigTree - -if (len(sys.argv) < 1): - print("Must specify file name!") - sys.exit(1) - -file_name = sys.argv[1] - -with open(file_name, 'r') as f: - config_file = f.read() - -config = ConfigTree(config_file) -cbase = ['system', 'syslog', 'host'] - -if not config.exists(cbase): - sys.exit(0) -else: - config.set(cbase) - config.set_tag(cbase) - for host in config.list_nodes(cbase): - h = None - pt = None - if re.search('^[a-zA-Z\-0-9\.]+', host): - h = re.search('^[a-zA-Z\-0-9\.]+', host).group(0) - if re.search(':[0-9]+$', host): - pt = re.sub(':', '', re.search(':[0-9]+$', host).group(0)) - - config.set(cbase + [h]) - for fac in config.list_nodes(cbase + [host, 'facility']): - config.set(cbase + [h, 'facility', fac]) - config.set_tag(cbase + [h, 'facility']) - lvl = config.return_value(cbase + [host, 'facility', fac, 'level']) - prot = config.return_value(cbase + [host, 'facility', fac, 'protocol']) - config.set(cbase + [h, 'facility', fac, 'level'], value=lvl) - # port can be be in each tag node and different, - # that's something we can't fix here - if prot: - config.set(cbase + [h, 'protocol'], value=prot) - config.set(cbase + [h, 'port'], value=pt) - config.delete(cbase + [host]) - - try: - open(file_name,'w').write(config.to_string()) - except OSError as e: - print("Failed to save the modified config: {}".format(e)) - sys.exit(1) - -- cgit v1.2.3 From fde531d3791a3d71aa27f99244d7cbb3b3625bf0 Mon Sep 17 00:00:00 2001 From: hagbard Date: Thu, 5 Dec 2019 13:56:26 -0800 Subject: wireguard: T1853: disable peer doesn't work --- src/conf_mode/interfaces-wireguard.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 013a07f32..cac911c8c 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -169,6 +169,10 @@ def get_config(): if key_eff != key_cfg and key_eff != None: wg['peer_remove'].append(key_cfg) + # if a peer is disabled, we have to exec a remove for it's pubkey + else: + peer_key = c.return_value('peer {peer} pubkey'.format(peer=p)) + wg['peer_remove'].append(peer_key) return wg @@ -191,6 +195,7 @@ def verify(c): if not c['peer'][p]['pubkey']: raise ConfigError("peer pubkey required for peer " + p) + def apply(c): # no wg configs left, remove all interface from system # maybe move it into ifconfig.py -- cgit v1.2.3 From 48a52b36a86119ab3c83fc1da4db0215fb428cf2 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Fri, 6 Dec 2019 00:10:13 +0100 Subject: T1855, T1826: clean up the reboot/shutdown script. --- src/op_mode/powerctrl.py | 104 +++++++++++++++++++++++++---------------------- 1 file changed, 55 insertions(+), 49 deletions(-) diff --git a/src/op_mode/powerctrl.py b/src/op_mode/powerctrl.py index 46ebf5ffb..8de25d752 100755 --- a/src/op_mode/powerctrl.py +++ b/src/op_mode/powerctrl.py @@ -25,48 +25,55 @@ from subprocess import check_output, CalledProcessError, STDOUT from vyos.util import ask_yes_no -def valid_time(s): +def parse_time(s): try: return datetime.strptime(s, "%H:%M").time() except ValueError: return None - -def valid_date(s): - try: - return datetime.strptime(s, "%d%m%Y").date() - except ValueError: +def parse_date(s): + for fmt in ["%d%m%Y", "%d/%m/%Y", "%d.%m.%Y", "%d:%m:%Y", "%Y-%m-%d"]: try: - return datetime.strptime(s, "%d/%m/%Y").date() + return datetime.strptime(s, fmt).date() except ValueError: - try: - return datetime.strptime(s, "%d.%m.%Y").date() - except ValueError: - try: - return datetime.strptime(s, "%d:%m:%Y").date() - except ValueError: - return None + continue + # If nothing matched... + return None +def get_shutdown_status(): + try: + output = check_output(["/bin/systemctl", "status", "systemd-shutdownd.service"]).decode() + return output + except CalledProcessError: + return None def check_shutdown(): - try: - cmd = check_output(["/bin/systemctl","status","systemd-shutdownd.service"]) - #Shutodwn is scheduled - r = re.findall(r'Status: \"(.*)\"\n', cmd.decode())[0] - print(r) - except CalledProcessError as e: - #Shutdown is not scheduled - print("Shutdown is not scheduled") + output = get_shutdown_status() + if output: + r = re.findall(r'Status: \"(.*)\"\n', output) + if r: + # When available, that line is like + # Status: "Shutting down at Thu 1970-01-01 00:00:00 UTC (poweroff)..." + print(r[0]) + else: + # Sometimes status string is not available immediately + # after service startup + print("Poweroff or reboot is scheduled") + else: + print("Poweroff or reboot is not scheduled") def cancel_shutdown(): - try: - timenow = datetime.now().strftime('%Y-%m-%d %H:%M:%S') - cmd = check_output(["/sbin/shutdown","-c","--no-wall"]) - message = "Reboot scheduled has been cancelled %s" % timenow - #Generate broadcast message about cancel reboot - os.system("wall %s" % message) - except CalledProcessError as e: - sys.exit("Error aborting shutdown: %s" % e) + output = get_shutdown_status() + if output: + try: + timenow = datetime.now().strftime('%Y-%m-%d %H:%M:%S') + cmd = check_output(["/sbin/shutdown","-c","--no-wall"]) + message = "Scheduled reboot or poweroff has been cancelled %s" % timenow + os.system("wall %s" % message) + except CalledProcessError as e: + sys.exit("Could not cancel a reboot or poweroff: %s" % e) + else: + print("Reboot or poweroff is not scheduled") def execute_shutdown(time, reboot = True, ask=True): if not ask: @@ -84,31 +91,29 @@ def execute_shutdown(time, reboot = True, ask=True): cmd = check_output(["/sbin/shutdown",action,"now"],stderr=STDOUT) print(cmd.decode().split(",",1)[0]) return - - # Try to extract date from the first argument - if len(time) == 1: - time = time[0].split(" ",1) - - if len(time) == 1: - ts = valid_time(time[0]) - if time[0].isdigit() or valid_time(time[0]): - cmd = check_output(["/sbin/shutdown",action,time[0]],stderr=STDOUT) + elif len(time) == 1: + # Assume the argument is just time + ts = parse_time(time[0]) + if ts: + cmd = check_output(["/sbin/shutdown", action, time[0]], stderr=STDOUT) else: - sys.exit("Timestamp needs to be in format of 12:34") - + sys.exit("Invalid time \"{0}\". The valid format is HH:MM".format(time[0])) elif len(time) == 2: - ts = valid_time(time[0]) - ds = valid_date(time[1]) + # Assume it's date and time + ts = parse_time(time[0]) + ds = parse_date(time[1]) if ts and ds: t = datetime.combine(ds, ts) td = t - datetime.now() t2 = 1 + int(td.total_seconds())//60 # Get total minutes - cmd = check_output(["/sbin/shutdown",action,str(t2)],stderr=STDOUT) + cmd = check_output(["/sbin/shutdown", action, str(t2)], stderr=STDOUT) else: - sys.exit("Timestamp needs to be in format of 12:34\nDatestamp in the format of DD.MM.YY") + if not ts: + sys.exit("Invalid time \"{0}\". The valid format is HH:MM".format(time[0])) + else: + sys.exit("Invalid time \"{0}\". A valid format is YYYY-MM-DD [HH:MM]".format(time[1])) else: - sys.exit("Could not decode time and date") - + sys.exit("Could not decode date and time. Valids formats are HH:MM or YYYY-MM-DD HH:MM") check_shutdown() def chk_vyatta_based_reboots(): @@ -117,7 +122,7 @@ def chk_vyatta_based_reboots(): ### name is the node of scheduled the job, commit-confirm checks for that f = r'/var/run/confirm.job' - if os .path.exists(f): + if os.path.exists(f): jid = open(f).read().strip() if jid != 0: subprocess.call(['sudo', 'atrm', jid]) @@ -126,7 +131,7 @@ def chk_vyatta_based_reboots(): def main(): parser = argparse.ArgumentParser() parser.add_argument("--yes", "-y", - help="dont as for shutdown", + help="Do not ask for confirmation", action="store_true", dest="yes") action = parser.add_mutually_exclusive_group(required=True) @@ -164,3 +169,4 @@ def main(): if __name__ == "__main__": main() + -- cgit v1.2.3 From a45c23b57f09a805843c72d3dee5256eb118497a Mon Sep 17 00:00:00 2001 From: hagbard Date: Thu, 5 Dec 2019 15:13:11 -0800 Subject: syslog: renaming files and conf script to fit new scheme --- interface-definitions/syslog.xml | 932 -------------------------------- interface-definitions/system-syslog.xml | 932 ++++++++++++++++++++++++++++++++ src/conf_mode/syslog.py | 320 ----------- src/conf_mode/system-syslog.py | 320 +++++++++++ 4 files changed, 1252 insertions(+), 1252 deletions(-) delete mode 100644 interface-definitions/syslog.xml create mode 100644 interface-definitions/system-syslog.xml delete mode 100755 src/conf_mode/syslog.py create mode 100755 src/conf_mode/system-syslog.py diff --git a/interface-definitions/syslog.xml b/interface-definitions/syslog.xml deleted file mode 100644 index d5ea4511e..000000000 --- a/interface-definitions/syslog.xml +++ /dev/null @@ -1,932 +0,0 @@ - - - - - - - System logging - 400 - - - - - Logging to specific user's terminal - - ^[a-z_][a-z0-9_-]{1,31}[$]? - - illegal characters in user - - username - user login name - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - Logging to a remote host - - - (?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$) - - Invalid host FQDN or IP address - - x.x.x.x or host.domain.tld - Remote host name or IP address - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - syslog communication protocol - - udp - send log messages to remote syslog server over udp - - - tcp - send log messages to remote syslog server over tcp - - - udp tcp - - - (udp|tcp) - - invalid protocol name - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - Logging to system standard location - - - - - Log file size and rotation characteristics - - - - - Number of saved files (default is 5) - - ^[0-9]+ - - illegal characters in number of files - - - - - Size of log files (in kbytes, default is 256) - - ^[0-9]+ - - illegal characters in size - - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - mark messages sent to syslog - - - - - time interval how often a mark message is being sent in seconds (default: 1200) - - - - - - - - - - uses FQDN for logging - - - - - - - - Logging to a file - - ^[a-zA-Z0-9\-_.]{1,255} - - illegal characters in filename or filename longer than 255 characters - - - - - Log file size and rotation characteristics - - - - - Number of saved files (default is 5) - - ^[0-9]+ - - illegal characters in number of files - - - - - Size of log files (in kbytes, default is 256) - - ^[0-9]+ - - illegal characters in size - - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - logging to serial console - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - - - diff --git a/interface-definitions/system-syslog.xml b/interface-definitions/system-syslog.xml new file mode 100644 index 000000000..2d6af5395 --- /dev/null +++ b/interface-definitions/system-syslog.xml @@ -0,0 +1,932 @@ + + + + + + + System logging + 400 + + + + + Logging to specific user's terminal + + ^[a-z_][a-z0-9_-]{1,31}[$]? + + illegal characters in user + + username + user login name + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + Logging to a remote host + + + (?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$) + + Invalid host FQDN or IP address + + x.x.x.x or host.domain.tld + Remote host name or IP address + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + syslog communication protocol + + udp + send log messages to remote syslog server over udp + + + tcp + send log messages to remote syslog server over tcp + + + udp tcp + + + (udp|tcp) + + invalid protocol name + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + Logging to system standard location + + + + + Log file size and rotation characteristics + + + + + Number of saved files (default is 5) + + ^[0-9]+ + + illegal characters in number of files + + + + + Size of log files (in kbytes, default is 256) + + ^[0-9]+ + + illegal characters in size + + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + mark messages sent to syslog + + + + + time interval how often a mark message is being sent in seconds (default: 1200) + + + + + + + + + + uses FQDN for logging + + + + + + + + Logging to a file + + ^[a-zA-Z0-9\-_.]{1,255} + + illegal characters in filename or filename longer than 255 characters + + + + + Log file size and rotation characteristics + + + + + Number of saved files (default is 5) + + ^[0-9]+ + + illegal characters in number of files + + + + + Size of log files (in kbytes, default is 256) + + ^[0-9]+ + + illegal characters in size + + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + logging to serial console + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + + + diff --git a/src/conf_mode/syslog.py b/src/conf_mode/syslog.py deleted file mode 100755 index c4f3d2c9c..000000000 --- a/src/conf_mode/syslog.py +++ /dev/null @@ -1,320 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2018 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# - -import sys -import os -import re -import jinja2 - -from vyos.config import Config -from vyos import ConfigError - -# config templates - -# /etc/rsyslog.d/vyos-rsyslog.conf ### -configs = ''' -## generated by syslog.py ## -## file based logging -{% if files['global']['marker'] -%} -$ModLoad immark -{% if files['global']['marker-interval'] %} -$MarkMessagePeriod {{files['global']['marker-interval']}} -{% endif %} -{% endif -%} -{% if files['global']['preserver_fqdn'] -%} -$PreserveFQDN on -{% endif -%} -{% for file in files %} -$outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}} -{{files[file]['selectors']}} :omfile:${{file}} -{% endfor %} -{% if console %} -## console logging -{% for con in console %} -{{console[con]['selectors']}} /dev/console -{% endfor %} -{% endif %} -{% if hosts %} -## remote logging -{% for host in hosts %} -{% if hosts[host]['proto'] == 'tcp' %} -{{hosts[host]['selectors']}} @@{{host}} -{% else %} -{{hosts[host]['selectors']}} @{{host}} -{% endif %} -{% endfor %} -{% endif %} -{% if user %} -{% for u in user %} -{{user[u]['selectors']}} :omusrmsg:{{u}} -{% endfor %} -{% endif %} -''' - -logrotate_configs = ''' -{% for file in files %} -{{files[file]['log-file']}} { - missingok - notifempty - create - rotate {{files[file]['max-files']}} - size={{files[file]['max-size']//1024}}k - postrotate - invoke-rc.d rsyslog rotate > /dev/null - endscript -} -{% endfor %} -''' -# config templates end - - -def get_config(): - c = Config() - if not c.exists('system syslog'): - return None - c.set_level('system syslog') - - config_data = { - 'files': {}, - 'console': {}, - 'hosts': {}, - 'user': {} - } - - # - # /etc/rsyslog.d/vyos-rsyslog.conf - # 'set system syslog global' - # - config_data['files'].update( - { - 'global': { - 'log-file': '/var/log/messages', - 'max-size': 262144, - 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog', - 'selectors': '*.notice;local7.debug', - 'max-files': '5', - 'preserver_fqdn': False - } - } - ) - - if c.exists('global marker'): - config_data['files']['global']['marker'] = True - if c.exists('global marker interval'): - config_data['files']['global'][ - 'marker-interval'] = c.return_value('global marker interval') - if c.exists('global facility'): - config_data['files']['global'][ - 'selectors'] = generate_selectors(c, 'global facility') - if c.exists('global archive size'): - config_data['files']['global']['max-size'] = int( - c.return_value('global archive size')) * 1024 - if c.exists('global archive file'): - config_data['files']['global'][ - 'max-files'] = c.return_value('global archive file') - if c.exists('global preserve-fqdn'): - config_data['files']['global']['preserver_fqdn'] = True - - # - # set system syslog file - # - - if c.exists('file'): - filenames = c.list_nodes('file') - for filename in filenames: - config_data['files'].update( - { - filename: { - 'log-file': '/var/log/user/' + filename, - 'max-files': '5', - 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/' + filename, - 'selectors': '*.err', - 'max-size': 262144 - } - } - ) - - if c.exists('file ' + filename + ' facility'): - config_data['files'][filename]['selectors'] = generate_selectors( - c, 'file ' + filename + ' facility') - if c.exists('file ' + filename + ' archive size'): - config_data['files'][filename]['max-size'] = int( - c.return_value('file ' + filename + ' archive size')) * 1024 - if c.exists('file ' + filename + ' archive files'): - config_data['files'][filename]['max-files'] = c.return_value( - 'file ' + filename + ' archive files') - - # set system syslog console - if c.exists('console'): - config_data['console'] = { - '/dev/console': { - 'selectors': '*.err' - } - } - - for f in c.list_nodes('console facility'): - if c.exists('console facility ' + f + ' level'): - config_data['console'] = { - '/dev/console': { - 'selectors': generate_selectors(c, 'console facility') - } - } - - # set system syslog host - if c.exists('host'): - proto = 'udp' - rhosts = c.list_nodes('host') - for rhost in rhosts: - for fac in c.list_nodes('host ' + rhost + ' facility'): - if c.exists('host ' + rhost + ' facility ' + fac + ' protocol'): - proto = c.return_value( - 'host ' + rhost + ' facility ' + fac + ' protocol') - - config_data['hosts'].update( - { - rhost: { - 'selectors': generate_selectors(c, 'host ' + rhost + ' facility'), - 'proto': proto - } - } - ) - - # set system syslog user - if c.exists('user'): - usrs = c.list_nodes('user') - for usr in usrs: - config_data['user'].update( - { - usr: { - 'selectors': generate_selectors(c, 'user ' + usr + ' facility') - } - } - ) - - return config_data - - -def generate_selectors(c, config_node): -# protocols and security are being mapped here -# for backward compatibility with old configs -# security and protocol mappings can be removed later - if c.is_tag(config_node): - nodes = c.list_nodes(config_node) - selectors = "" - for node in nodes: - lvl = c.return_value(config_node + ' ' + node + ' level') - if lvl == None: - lvl = "err" - if lvl == 'all': - lvl = '*' - if node == 'all' and node != nodes[-1]: - selectors += "*." + lvl + ";" - elif node == 'all': - selectors += "*." + lvl - elif node != nodes[-1]: - if node == 'protocols': - node = 'local7' - if node == 'security': - node = 'auth' - selectors += node + "." + lvl + ";" - else: - if node == 'protocols': - node = 'local7' - if node == 'security': - node = 'auth' - selectors += node + "." + lvl - return selectors - - -def generate(c): - if c == None: - return None - - tmpl = jinja2.Template(configs, trim_blocks=True) - config_text = tmpl.render(c) - with open('/etc/rsyslog.d/vyos-rsyslog.conf', 'w') as f: - f.write(config_text) - - # eventually write for each file its own logrotate file, since size is - # defined it shouldn't matter - tmpl = jinja2.Template(logrotate_configs, trim_blocks=True) - config_text = tmpl.render(c) - with open('/etc/logrotate.d/vyos-rsyslog', 'w') as f: - f.write(config_text) - - -def verify(c): - if c == None: - return None - # - # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) - # it interferes with the global logging, to make sure we are using a single base, template is enforced here - # - if not os.path.islink('/etc/rsyslog.conf'): - os.remove('/etc/rsyslog.conf') - os.symlink( - '/usr/share/vyos/templates/rsyslog/rsyslog.conf', '/etc/rsyslog.conf') - - # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there - # is a chance that someone still needs it, so I don't automatically remove - # them - - if c == None: - return None - - fac = [ - '*', 'auth', 'authpriv', 'cron', 'daemon', 'kern', 'lpr', 'mail', 'mark', 'news', 'protocols', 'security', - 'syslog', 'user', 'uucp', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7'] - lvl = ['emerg', 'alert', 'crit', 'err', - 'warning', 'notice', 'info', 'debug', '*'] - - for conf in c: - if c[conf]: - for item in c[conf]: - for s in c[conf][item]['selectors'].split(";"): - f = re.sub("\..*$", "", s) - if f not in fac: - print (c[conf]) - raise ConfigError( - 'Invalid facility ' + s + ' set in ' + conf + ' ' + item) - l = re.sub("^.+\.", "", s) - if l not in lvl: - raise ConfigError( - 'Invalid logging level ' + s + ' set in ' + conf + ' ' + item) - - -def apply(c): - if not c and os.path.exists('/var/run/rsyslogd.pid'): - os.system("sudo systemctl stop syslog.socket") - os.system("sudo systemctl stop rsyslog") - else: - if not os.path.exists('/var/run/rsyslogd.pid'): - os.system("sudo systemctl start rsyslog >/dev/null") - else: - os.system("sudo systemctl restart rsyslog >/dev/null") - - -if __name__ == '__main__': - try: - c = get_config() - verify(c) - generate(c) - apply(c) - except ConfigError as e: - print(e) - sys.exit(1) diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py new file mode 100755 index 000000000..c4f3d2c9c --- /dev/null +++ b/src/conf_mode/system-syslog.py @@ -0,0 +1,320 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# + +import sys +import os +import re +import jinja2 + +from vyos.config import Config +from vyos import ConfigError + +# config templates + +# /etc/rsyslog.d/vyos-rsyslog.conf ### +configs = ''' +## generated by syslog.py ## +## file based logging +{% if files['global']['marker'] -%} +$ModLoad immark +{% if files['global']['marker-interval'] %} +$MarkMessagePeriod {{files['global']['marker-interval']}} +{% endif %} +{% endif -%} +{% if files['global']['preserver_fqdn'] -%} +$PreserveFQDN on +{% endif -%} +{% for file in files %} +$outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}} +{{files[file]['selectors']}} :omfile:${{file}} +{% endfor %} +{% if console %} +## console logging +{% for con in console %} +{{console[con]['selectors']}} /dev/console +{% endfor %} +{% endif %} +{% if hosts %} +## remote logging +{% for host in hosts %} +{% if hosts[host]['proto'] == 'tcp' %} +{{hosts[host]['selectors']}} @@{{host}} +{% else %} +{{hosts[host]['selectors']}} @{{host}} +{% endif %} +{% endfor %} +{% endif %} +{% if user %} +{% for u in user %} +{{user[u]['selectors']}} :omusrmsg:{{u}} +{% endfor %} +{% endif %} +''' + +logrotate_configs = ''' +{% for file in files %} +{{files[file]['log-file']}} { + missingok + notifempty + create + rotate {{files[file]['max-files']}} + size={{files[file]['max-size']//1024}}k + postrotate + invoke-rc.d rsyslog rotate > /dev/null + endscript +} +{% endfor %} +''' +# config templates end + + +def get_config(): + c = Config() + if not c.exists('system syslog'): + return None + c.set_level('system syslog') + + config_data = { + 'files': {}, + 'console': {}, + 'hosts': {}, + 'user': {} + } + + # + # /etc/rsyslog.d/vyos-rsyslog.conf + # 'set system syslog global' + # + config_data['files'].update( + { + 'global': { + 'log-file': '/var/log/messages', + 'max-size': 262144, + 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog', + 'selectors': '*.notice;local7.debug', + 'max-files': '5', + 'preserver_fqdn': False + } + } + ) + + if c.exists('global marker'): + config_data['files']['global']['marker'] = True + if c.exists('global marker interval'): + config_data['files']['global'][ + 'marker-interval'] = c.return_value('global marker interval') + if c.exists('global facility'): + config_data['files']['global'][ + 'selectors'] = generate_selectors(c, 'global facility') + if c.exists('global archive size'): + config_data['files']['global']['max-size'] = int( + c.return_value('global archive size')) * 1024 + if c.exists('global archive file'): + config_data['files']['global'][ + 'max-files'] = c.return_value('global archive file') + if c.exists('global preserve-fqdn'): + config_data['files']['global']['preserver_fqdn'] = True + + # + # set system syslog file + # + + if c.exists('file'): + filenames = c.list_nodes('file') + for filename in filenames: + config_data['files'].update( + { + filename: { + 'log-file': '/var/log/user/' + filename, + 'max-files': '5', + 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/' + filename, + 'selectors': '*.err', + 'max-size': 262144 + } + } + ) + + if c.exists('file ' + filename + ' facility'): + config_data['files'][filename]['selectors'] = generate_selectors( + c, 'file ' + filename + ' facility') + if c.exists('file ' + filename + ' archive size'): + config_data['files'][filename]['max-size'] = int( + c.return_value('file ' + filename + ' archive size')) * 1024 + if c.exists('file ' + filename + ' archive files'): + config_data['files'][filename]['max-files'] = c.return_value( + 'file ' + filename + ' archive files') + + # set system syslog console + if c.exists('console'): + config_data['console'] = { + '/dev/console': { + 'selectors': '*.err' + } + } + + for f in c.list_nodes('console facility'): + if c.exists('console facility ' + f + ' level'): + config_data['console'] = { + '/dev/console': { + 'selectors': generate_selectors(c, 'console facility') + } + } + + # set system syslog host + if c.exists('host'): + proto = 'udp' + rhosts = c.list_nodes('host') + for rhost in rhosts: + for fac in c.list_nodes('host ' + rhost + ' facility'): + if c.exists('host ' + rhost + ' facility ' + fac + ' protocol'): + proto = c.return_value( + 'host ' + rhost + ' facility ' + fac + ' protocol') + + config_data['hosts'].update( + { + rhost: { + 'selectors': generate_selectors(c, 'host ' + rhost + ' facility'), + 'proto': proto + } + } + ) + + # set system syslog user + if c.exists('user'): + usrs = c.list_nodes('user') + for usr in usrs: + config_data['user'].update( + { + usr: { + 'selectors': generate_selectors(c, 'user ' + usr + ' facility') + } + } + ) + + return config_data + + +def generate_selectors(c, config_node): +# protocols and security are being mapped here +# for backward compatibility with old configs +# security and protocol mappings can be removed later + if c.is_tag(config_node): + nodes = c.list_nodes(config_node) + selectors = "" + for node in nodes: + lvl = c.return_value(config_node + ' ' + node + ' level') + if lvl == None: + lvl = "err" + if lvl == 'all': + lvl = '*' + if node == 'all' and node != nodes[-1]: + selectors += "*." + lvl + ";" + elif node == 'all': + selectors += "*." + lvl + elif node != nodes[-1]: + if node == 'protocols': + node = 'local7' + if node == 'security': + node = 'auth' + selectors += node + "." + lvl + ";" + else: + if node == 'protocols': + node = 'local7' + if node == 'security': + node = 'auth' + selectors += node + "." + lvl + return selectors + + +def generate(c): + if c == None: + return None + + tmpl = jinja2.Template(configs, trim_blocks=True) + config_text = tmpl.render(c) + with open('/etc/rsyslog.d/vyos-rsyslog.conf', 'w') as f: + f.write(config_text) + + # eventually write for each file its own logrotate file, since size is + # defined it shouldn't matter + tmpl = jinja2.Template(logrotate_configs, trim_blocks=True) + config_text = tmpl.render(c) + with open('/etc/logrotate.d/vyos-rsyslog', 'w') as f: + f.write(config_text) + + +def verify(c): + if c == None: + return None + # + # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) + # it interferes with the global logging, to make sure we are using a single base, template is enforced here + # + if not os.path.islink('/etc/rsyslog.conf'): + os.remove('/etc/rsyslog.conf') + os.symlink( + '/usr/share/vyos/templates/rsyslog/rsyslog.conf', '/etc/rsyslog.conf') + + # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there + # is a chance that someone still needs it, so I don't automatically remove + # them + + if c == None: + return None + + fac = [ + '*', 'auth', 'authpriv', 'cron', 'daemon', 'kern', 'lpr', 'mail', 'mark', 'news', 'protocols', 'security', + 'syslog', 'user', 'uucp', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7'] + lvl = ['emerg', 'alert', 'crit', 'err', + 'warning', 'notice', 'info', 'debug', '*'] + + for conf in c: + if c[conf]: + for item in c[conf]: + for s in c[conf][item]['selectors'].split(";"): + f = re.sub("\..*$", "", s) + if f not in fac: + print (c[conf]) + raise ConfigError( + 'Invalid facility ' + s + ' set in ' + conf + ' ' + item) + l = re.sub("^.+\.", "", s) + if l not in lvl: + raise ConfigError( + 'Invalid logging level ' + s + ' set in ' + conf + ' ' + item) + + +def apply(c): + if not c and os.path.exists('/var/run/rsyslogd.pid'): + os.system("sudo systemctl stop syslog.socket") + os.system("sudo systemctl stop rsyslog") + else: + if not os.path.exists('/var/run/rsyslogd.pid'): + os.system("sudo systemctl start rsyslog >/dev/null") + else: + os.system("sudo systemctl restart rsyslog >/dev/null") + + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + sys.exit(1) -- cgit v1.2.3 From 123e7f8c07f56ad868604bcb42f8da095f97b2c9 Mon Sep 17 00:00:00 2001 From: hagbard Date: Fri, 6 Dec 2019 07:59:59 -0800 Subject: syslog: T1845: syslog host no longer accepts a port - created 'set system syslog host port' --- interface-definitions/system-syslog.xml | 13 +++++++++++++ src/conf_mode/system-syslog.py | 17 +++++++++++++++-- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/interface-definitions/system-syslog.xml b/interface-definitions/system-syslog.xml index 2d6af5395..8f4b105c8 100644 --- a/interface-definitions/system-syslog.xml +++ b/interface-definitions/system-syslog.xml @@ -191,6 +191,19 @@ + + + Destination port + + 1-65535 + Destination port + + + + + Invalid destination port value + + Facility for logging diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py index c4f3d2c9c..950a185bc 100755 --- a/src/conf_mode/system-syslog.py +++ b/src/conf_mode/system-syslog.py @@ -53,10 +53,18 @@ $outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{f ## remote logging {% for host in hosts %} {% if hosts[host]['proto'] == 'tcp' %} +{% if hosts[host]['port'] %} +{{hosts[host]['selectors']}} @@{{host}}:{{hosts[host]['port']}} +{% else %} {{hosts[host]['selectors']}} @@{{host}} +{% endif %} +{% else %} +{% if hosts[host]['port'] %} +{{hosts[host]['selectors']}} @{{host}}:{{hosts[host]['port']}} {% else %} {{hosts[host]['selectors']}} @{{host}} {% endif %} +{% endif %} {% endfor %} {% endif %} {% if user %} @@ -177,13 +185,14 @@ def get_config(): # set system syslog host if c.exists('host'): - proto = 'udp' rhosts = c.list_nodes('host') for rhost in rhosts: for fac in c.list_nodes('host ' + rhost + ' facility'): if c.exists('host ' + rhost + ' facility ' + fac + ' protocol'): proto = c.return_value( 'host ' + rhost + ' facility ' + fac + ' protocol') + else: + proto = 'udp' config_data['hosts'].update( { @@ -193,6 +202,8 @@ def get_config(): } } ) + if c.exists('host ' + rhost + ' port'): + config_data['hosts'][rhost]['port'] = c.return_value(['host', rhost, 'port']) # set system syslog user if c.exists('user'): @@ -261,7 +272,8 @@ def generate(c): def verify(c): if c == None: return None - # + + ### may be obsolete # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) # it interferes with the global logging, to make sure we are using a single base, template is enforced here # @@ -273,6 +285,7 @@ def verify(c): # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there # is a chance that someone still needs it, so I don't automatically remove # them + ### if c == None: return None -- cgit v1.2.3 From d02b0d62185018521cd8e14e550af72551b15ae9 Mon Sep 17 00:00:00 2001 From: hagbard Date: Fri, 6 Dec 2019 08:07:25 -0800 Subject: syslog: code formatting --- src/conf_mode/system-syslog.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py index 950a185bc..4f0a54962 100755 --- a/src/conf_mode/system-syslog.py +++ b/src/conf_mode/system-syslog.py @@ -203,7 +203,8 @@ def get_config(): } ) if c.exists('host ' + rhost + ' port'): - config_data['hosts'][rhost]['port'] = c.return_value(['host', rhost, 'port']) + config_data['hosts'][rhost][ + 'port'] = c.return_value(['host', rhost, 'port']) # set system syslog user if c.exists('user'): @@ -273,7 +274,7 @@ def verify(c): if c == None: return None - ### may be obsolete + # may be obsolete # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) # it interferes with the global logging, to make sure we are using a single base, template is enforced here # @@ -285,7 +286,7 @@ def verify(c): # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there # is a chance that someone still needs it, so I don't automatically remove # them - ### + # if c == None: return None -- cgit v1.2.3 From 3559244db333132101a7ab70a11ce50f8bb08f08 Mon Sep 17 00:00:00 2001 From: hagbard Date: Fri, 6 Dec 2019 09:02:39 -0800 Subject: syslog: T1845: syslog host no longer accepts a port - migrates 'system syslog host ' to system syslog host port --- src/migration-scripts/system/11-to-12 | 47 +++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100755 src/migration-scripts/system/11-to-12 diff --git a/src/migration-scripts/system/11-to-12 b/src/migration-scripts/system/11-to-12 new file mode 100755 index 000000000..64425e2b9 --- /dev/null +++ b/src/migration-scripts/system/11-to-12 @@ -0,0 +1,47 @@ +#!/usr/bin/env python3 + +# converts 'set system syslog host
:' +# to 'set system syslog host
port ' + +import sys +import re + +from vyos.configtree import ConfigTree + +if (len(sys.argv) < 1): + print("Must specify file name!") + sys.exit(1) + +file_name = sys.argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +config = ConfigTree(config_file) +cbase = ['system', 'syslog', 'host'] + +if not config.exists(cbase): + sys.exit(0) + +for host in config.list_nodes(cbase): + if re.search(':[0-9]{1,5}$',host): + h = re.search('^[a-zA-Z\-0-9\.]+', host).group(0) + p = re.sub(':', '', re.search(':[0-9]+$', host).group(0)) + config.set(cbase + [h]) + config.set(cbase + [h, 'port'], value=p) + for fac in config.list_nodes(cbase + [host, 'facility']): + config.set(cbase + [h, 'facility', fac]) + config.set_tag(cbase + [h, 'facility']) + if config.exists(cbase + [host, 'facility', fac, 'protocol']): + proto = config.return_value(cbase + [host, 'facility', fac, 'protocol']) + config.set(cbase + [h, 'facility', fac, 'protocol'], value=proto) + if config.exists(cbase + [host, 'facility', fac, 'level']): + lvl = config.return_value(cbase + [host, 'facility', fac, 'level']) + config.set(cbase + [h, 'facility', fac, 'level'], value=lvl) + config.delete(cbase + [host]) + + try: + open(file_name,'w').write(config.to_string()) + except OSError as e: + print("Failed to save the modified config: {}".format(e)) + sys.exit(1) -- cgit v1.2.3 From c4c0cc382ffa98cd9e0adb31dabc46ba4aa30674 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 6 Dec 2019 18:49:37 +0100 Subject: ddclient: T1853: bugfix TypeError exception When service was deleted we tried accessing a key in the dictionary. But there was no dictionary at all as get_config() returned 'None' instead of 'dyndns'. --- src/conf_mode/dynamic_dns.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/conf_mode/dynamic_dns.py b/src/conf_mode/dynamic_dns.py index 7c3b9ff6a..9ba8659a1 100755 --- a/src/conf_mode/dynamic_dns.py +++ b/src/conf_mode/dynamic_dns.py @@ -95,6 +95,7 @@ default_service_protocol = { default_config_data = { 'interfaces': [], 'cache_file': cache_file, + 'deleted': False, 'pid_file': pid_file } @@ -102,7 +103,8 @@ def get_config(): dyndns = default_config_data conf = Config() if not conf.exists('service dns dynamic'): - return None + dyndns['deleted'] = True + return dyndns else: conf.set_level('service dns dynamic') @@ -194,7 +196,7 @@ def get_config(): def verify(dyndns): # bail out early - looks like removal from running config - if dyndns is None: + if dyndns['deleted']: return None # A 'node' corresponds to an interface @@ -239,7 +241,10 @@ def verify(dyndns): def generate(dyndns): # bail out early - looks like removal from running config - if dyndns is None: + if dyndns['deleted']: + if os.path.exists(config_file): + os.unlink(config_file) + return None dirname = os.path.dirname(dyndns['pid_file']) @@ -264,7 +269,7 @@ def apply(dyndns): if os.path.exists('/etc/ddclient.conf'): os.unlink('/etc/ddclient.conf') - if dyndns is None: + if dyndns['deleted']: os.system('/etc/init.d/ddclient stop') if os.path.exists(dyndns['pid_file']): os.unlink(dyndns['pid_file']) -- cgit v1.2.3 From 242251ea50f1d26127effc140933cbdb1149a206 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 6 Dec 2019 19:07:51 +0100 Subject: ifconfig: T1793: remove dhcpv6 client debug output --- python/vyos/ifconfig.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/python/vyos/ifconfig.py b/python/vyos/ifconfig.py index f487e6a5b..2f2f05f74 100644 --- a/python/vyos/ifconfig.py +++ b/python/vyos/ifconfig.py @@ -615,8 +615,6 @@ class Interface: >>> j.set_dhcpv6() """ dhcpv6 = self.get_dhcpv6_options() - import pprint - pprint.pprint(dhcpv6) # better save then sorry .. should be checked in interface script # but if you missed it we are safe! -- cgit v1.2.3 From 3a16fb46a16f91557f6805e74aafb568f46fd1c0 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 6 Dec 2019 19:32:09 +0100 Subject: Python/VyOS validate: T1849: handle is_ipv6()/is_ipv6() exceptions --- python/vyos/validate.py | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/python/vyos/validate.py b/python/vyos/validate.py index 258f7f76a..3f3166022 100644 --- a/python/vyos/validate.py +++ b/python/vyos/validate.py @@ -29,10 +29,13 @@ def is_ipv4(addr): # With the below statement we can check for IPv4 networks and host # addresses at the same time - if ipaddress.ip_address(addr.split(r'/')[0]).version == 4: - return True - else: - return False + try: + if ipaddress.ip_address(addr.split(r'/')[0]).version == 4: + return True + except: + pass + + return False def is_ipv6(addr): """ @@ -41,10 +44,13 @@ def is_ipv6(addr): # With the below statement we can check for IPv4 networks and host # addresses at the same time - if ipaddress.ip_network(addr.split(r'/')[0]).version == 6: - return True - else: - return False + try: + if ipaddress.ip_network(addr.split(r'/')[0]).version == 6: + return True + except: + pass + + return False def is_intf_addr_assigned(intf, addr): """ -- cgit v1.2.3 From 6e2cf6e4515b2f143d1e2fdff6fe22fcc666ce18 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 6 Dec 2019 19:32:45 +0100 Subject: ifconfig: T1849: fix DHCPv6 startup --- python/vyos/ifconfig.py | 53 ++++++++++++++++++++++++------------------------- 1 file changed, 26 insertions(+), 27 deletions(-) diff --git a/python/vyos/ifconfig.py b/python/vyos/ifconfig.py index 2f2f05f74..72f11c04d 100644 --- a/python/vyos/ifconfig.py +++ b/python/vyos/ifconfig.py @@ -627,33 +627,32 @@ class Interface: with open(self._dhcpv6_cfg_file, 'w') as f: f.write(dhcpv6_text) - if self.get_state() == 'up': - # https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1447715 - # - # wee need to wait for IPv6 DAD to finish once and interface is added - # this suxx :-( - sleep(5) - - # no longer accept router announcements on this interface - self._write_sysfs('/proc/sys/net/ipv6/conf/{}/accept_ra' - .format(self._ifname), 0) - - # assemble command-line to start DHCPv6 client (dhclient) - cmd = 'start-stop-daemon --start --quiet --pidfile ' + \ - self._dhcpv6_pid_file - cmd += ' --exec /sbin/dhclient --' - # now pass arguments to dhclient binary - cmd += ' -6 -nw -cf {} -pf {} -lf {}'.format( - self._dhcpv6_cfg_file, self._dhcpv6_pid_file, self._dhcpv6_lease_file) - - # add optional arguments - if dhcpv6['dhcpv6_prm_only']: - cmd += ' -S' - if dhcpv6['dhcpv6_temporary']: - cmd += ' -T' - - cmd += ' {}'.format(self._ifname) - return self._cmd(cmd) + # https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1447715 + # + # wee need to wait for IPv6 DAD to finish once and interface is added + # this suxx :-( + sleep(5) + + # no longer accept router announcements on this interface + self._write_sysfs('/proc/sys/net/ipv6/conf/{}/accept_ra' + .format(self._ifname), 0) + + # assemble command-line to start DHCPv6 client (dhclient) + cmd = 'start-stop-daemon --start --quiet --pidfile ' + \ + self._dhcpv6_pid_file + cmd += ' --exec /sbin/dhclient --' + # now pass arguments to dhclient binary + cmd += ' -6 -nw -cf {} -pf {} -lf {}'.format( + self._dhcpv6_cfg_file, self._dhcpv6_pid_file, self._dhcpv6_lease_file) + + # add optional arguments + if dhcpv6['dhcpv6_prm_only']: + cmd += ' -S' + if dhcpv6['dhcpv6_temporary']: + cmd += ' -T' + + cmd += ' {}'.format(self._ifname) + return self._cmd(cmd) def _del_dhcpv6(self): -- cgit v1.2.3 From 1ac177febfdd0dfc5a5b40a1b30294de0e2a45e0 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 6 Dec 2019 20:57:27 +0100 Subject: openvpn: bridge: T1556: remove obsolete bridge-group definition --- interface-definitions/interfaces-openvpn.xml | 39 ---------------------------- 1 file changed, 39 deletions(-) diff --git a/interface-definitions/interfaces-openvpn.xml b/interface-definitions/interfaces-openvpn.xml index 2c77bcf37..2c2556f45 100644 --- a/interface-definitions/interfaces-openvpn.xml +++ b/interface-definitions/interfaces-openvpn.xml @@ -33,45 +33,6 @@ - - - Interface to be added to a bridge group - - - - - Interface to a bridge-group - - - - - - - - Path cost for this port - - 0-2147483647 - Path cost for this port - - - - - - - - - Path priority for this port - - 0-255 - Path priority for this port - - - - - - - - Description -- cgit v1.2.3