From b242e24af4d870e936155bdbd965858bdd39aa98 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 18 Jun 2020 18:55:22 +0200 Subject: console-server: T2490: move CLI parsing to get_config_dict() For more examples on the new get_config_dict() approach migrate this implementation as it is not yet in production use. Also this serves as proof of concept code for further migrations. --- data/templates/conserver/conserver.conf.tmpl | 38 ++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 data/templates/conserver/conserver.conf.tmpl (limited to 'data/templates/conserver/conserver.conf.tmpl') diff --git a/data/templates/conserver/conserver.conf.tmpl b/data/templates/conserver/conserver.conf.tmpl new file mode 100644 index 000000000..ec0eca5f0 --- /dev/null +++ b/data/templates/conserver/conserver.conf.tmpl @@ -0,0 +1,38 @@ +### Autogenerated by service_serial-proxy.py ### + +# See https://www.conserver.com/docs/conserver.cf.man.html for additional options + +config * { +} + +default * { + motd "VyOS Console Server" + # The character '&' in logfile names are substituted with the console name. + logfile /var/log/conserver/&.log; + timestamp "30m"; + rw *; +} + +## +## list of consoles we serve +## +{% for key, value in device.items() %} +{# Depending on our USB serial console we could require a path adjustment #} +{% set path = '/dev' if key.startswith('ttyS') else '/dev/serial/by-bus' %} +console {{ key }} { + master localhost; + type device; + device {{ path }}/{{ key }}; + baud {{ value.speed }}; + parity {{ value.parity }}; + options {{ "!" if value.stop_bits == "1" }}cstopb; +} +{% endfor %} + +## +## list of clients we allow +## +access * { + trusted 127.0.0.1; + allowed 127.0.0.1; +} -- cgit v1.2.3 From 067ddcf27ac1fbc33cee710ae66a85b0368a26d9 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 18 Jun 2020 21:44:17 +0200 Subject: console-server: T2490: log to journald --- data/templates/conserver/conserver.conf.tmpl | 7 +++---- op-mode-definitions/show-log.xml | 6 ++++++ src/conf_mode/service_serial-proxy.py | 2 +- src/etc/systemd/system/conserver-server.service.d/override.conf | 6 ++++++ 4 files changed, 16 insertions(+), 5 deletions(-) (limited to 'data/templates/conserver/conserver.conf.tmpl') diff --git a/data/templates/conserver/conserver.conf.tmpl b/data/templates/conserver/conserver.conf.tmpl index ec0eca5f0..329a9b4ae 100644 --- a/data/templates/conserver/conserver.conf.tmpl +++ b/data/templates/conserver/conserver.conf.tmpl @@ -3,13 +3,12 @@ # See https://www.conserver.com/docs/conserver.cf.man.html for additional options config * { + primaryport 3109; + daemonmode false; } default * { - motd "VyOS Console Server" - # The character '&' in logfile names are substituted with the console name. - logfile /var/log/conserver/&.log; - timestamp "30m"; + motd "VyOS Console Server"; rw *; } diff --git a/op-mode-definitions/show-log.xml b/op-mode-definitions/show-log.xml index 0c4da647b..827bee4c7 100644 --- a/op-mode-definitions/show-log.xml +++ b/op-mode-definitions/show-log.xml @@ -32,6 +32,12 @@ cat $(printf "%s\n" /var/log/messages* | sort -nr ) | grep -e conntrackd + + + Show log for serial console server + + /usr/bin/journalctl -u conserver-server.service + Show log for Dynamic Host Control Protocol (DHCP) diff --git a/src/conf_mode/service_serial-proxy.py b/src/conf_mode/service_serial-proxy.py index 85fcfed08..0dd1cfc6d 100755 --- a/src/conf_mode/service_serial-proxy.py +++ b/src/conf_mode/service_serial-proxy.py @@ -24,7 +24,7 @@ from vyos.template import render from vyos.util import call from vyos import ConfigError -config_file = r'/etc/conserver/conserver.cf' +config_file = r'/run/conserver/conserver.cf' # Default values are necessary until the implementation of T2588 is completed default_values = { diff --git a/src/etc/systemd/system/conserver-server.service.d/override.conf b/src/etc/systemd/system/conserver-server.service.d/override.conf index 1be5cec81..5301b38ce 100644 --- a/src/etc/systemd/system/conserver-server.service.d/override.conf +++ b/src/etc/systemd/system/conserver-server.service.d/override.conf @@ -1,3 +1,9 @@ [Unit] After= After=vyos-router.service + +[Service] +Type=simple +ExecStart= +ExecStart=/usr/sbin/conserver -C /run/conserver/conserver.cf + -- cgit v1.2.3 From b509bbf0c0bf33f39e67f0aa8df481ef15d6bae9 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 18 Jun 2020 23:09:58 +0200 Subject: console-server: T2490: rename CLI to console-server --- data/templates/conserver/conserver.conf.tmpl | 2 +- .../service_console-server.xml.in | 90 +++++++++++++++++ interface-definitions/service_serial-proxy.xml.in | 90 ----------------- op-mode-definitions/connect-disconnect.xml | 6 +- src/conf_mode/service_console-server.py | 108 +++++++++++++++++++++ src/conf_mode/service_serial-proxy.py | 108 --------------------- src/systemd/dropbear@.service | 2 +- 7 files changed, 203 insertions(+), 203 deletions(-) create mode 100644 interface-definitions/service_console-server.xml.in delete mode 100644 interface-definitions/service_serial-proxy.xml.in create mode 100755 src/conf_mode/service_console-server.py delete mode 100755 src/conf_mode/service_serial-proxy.py (limited to 'data/templates/conserver/conserver.conf.tmpl') diff --git a/data/templates/conserver/conserver.conf.tmpl b/data/templates/conserver/conserver.conf.tmpl index 329a9b4ae..5fffaf31e 100644 --- a/data/templates/conserver/conserver.conf.tmpl +++ b/data/templates/conserver/conserver.conf.tmpl @@ -1,4 +1,4 @@ -### Autogenerated by service_serial-proxy.py ### +### Autogenerated by service_console-server.py ### # See https://www.conserver.com/docs/conserver.cf.man.html for additional options diff --git a/interface-definitions/service_console-server.xml.in b/interface-definitions/service_console-server.xml.in new file mode 100644 index 000000000..679ea32a2 --- /dev/null +++ b/interface-definitions/service_console-server.xml.in @@ -0,0 +1,90 @@ + + + + + + + Serial Console Server + + + + + System serial interface name (ttyS or ttyUSB) + + + + + + ttySxxx + Regular serial interface + + + usbxbxpx + USB based serial interface + + + ^(ttyS\d+|usb\d+b.*p.*)$ + + + + #include + #include + + + Serial port baud rate + + 300 1200 2400 4800 9600 19200 38400 57600 115200 + + + (300|1200|2400|4800|9600|19200|38400|57600|115200) + + + + + + Serial port data bits (default: 8) + + 7 8 + + + (7|8) + + + + + + Serial port stop bits (default: 1) + + 1 2 + + + (1|2) + + + + + + Parity setting (default: none) + + even odd none + + + (even|odd|none) + + + + + + SSH remote access to this console + + + #include + + + + + + + + + diff --git a/interface-definitions/service_serial-proxy.xml.in b/interface-definitions/service_serial-proxy.xml.in deleted file mode 100644 index 917af0122..000000000 --- a/interface-definitions/service_serial-proxy.xml.in +++ /dev/null @@ -1,90 +0,0 @@ - - - - - - - Serial to Network - - - - - System serial interface name (ttyS or ttyUSB) - - - - - - ttySxxx - Regular serial interface - - - usbxbxpx - USB based serial interface - - - ^(ttyS\d+|usb\d+b.*p.*)$ - - - - #include - #include - - - Serial port baud rate - - 300 1200 2400 4800 9600 19200 38400 57600 115200 - - - (300|1200|2400|4800|9600|19200|38400|57600|115200) - - - - - - Serial port data bits (default: 8) - - 7 8 - - - (7|8) - - - - - - Serial port stop bits (default: 1) - - 1 2 - - - (1|2) - - - - - - Parity setting (default: none) - - even odd none - - - (even|odd|none) - - - - - - SSH remote access to this console - - - #include - - - - - - - - - diff --git a/op-mode-definitions/connect-disconnect.xml b/op-mode-definitions/connect-disconnect.xml index a394e9b91..69afe6db0 100644 --- a/op-mode-definitions/connect-disconnect.xml +++ b/op-mode-definitions/connect-disconnect.xml @@ -15,11 +15,11 @@ sudo ${vyos_op_scripts_dir}/connect_disconnect.py --connect "$3" - + - Connect to serial proxy port + Connect to port of serial console server - service serial-proxy device + service console-server device /usr/bin/console "$3" diff --git a/src/conf_mode/service_console-server.py b/src/conf_mode/service_console-server.py new file mode 100755 index 000000000..087b13c04 --- /dev/null +++ b/src/conf_mode/service_console-server.py @@ -0,0 +1,108 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018-2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import os + +from sys import exit + +from vyos.config import Config +from vyos.configdict import dict_merge +from vyos.template import render +from vyos.util import call +from vyos import ConfigError + +config_file = r'/run/conserver/conserver.cf' + +# Default values are necessary until the implementation of T2588 is completed +default_values = { + 'data_bits': '8', + 'parity': 'none', + 'stop_bits': '1' +} + +def get_config(): + conf = Config() + base = ['service', 'console-server'] + + if not conf.exists(base): + return None + + # Retrieve CLI representation as dictionary + proxy = conf.get_config_dict(base, key_mangling=('-', '_')) + # The retrieved dictionary will look something like this: + # + # {'device': {'usb0b2.4p1.0': {'speed': '9600'}, + # 'usb0b2.4p1.1': {'data_bits': '8', + # 'parity': 'none', + # 'speed': '115200', + # 'stop_bits': '2'}}} + + # We have gathered the dict representation of the CLI, but there are default + # options which we need to update into the dictionary retrived. + for device in proxy['device'].keys(): + tmp = dict_merge(default_values, proxy['device'][device]) + proxy['device'][device] = tmp + + return proxy + +def verify(proxy): + if not proxy: + return None + + for tmp in proxy['device']: + device = proxy['device'][tmp] + if not device['speed']: + raise ConfigError(f'Serial port speed must be defined for "{tmp}"!') + + if 'ssh' in device.keys(): + if 'port' not in device['ssh'].keys(): + raise ConfigError(f'SSH port must be defined for "{tmp}"!') + + return None + +def generate(proxy): + if not proxy: + return None + + render(config_file, 'conserver/conserver.conf.tmpl', proxy) + return None + +def apply(proxy): + call('systemctl stop conserver-server.service') + call('systemctl stop dropbear@*.service') + + if not proxy: + if os.path.isfile(config_file): + os.unlink(config_file) + return None + + call('systemctl restart conserver-server.service') + + for device in proxy['device']: + if 'ssh' in proxy['device'][device].keys(): + call('systemctl restart dropbear@{device}.service') + + return None + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) diff --git a/src/conf_mode/service_serial-proxy.py b/src/conf_mode/service_serial-proxy.py deleted file mode 100755 index 5f510d311..000000000 --- a/src/conf_mode/service_serial-proxy.py +++ /dev/null @@ -1,108 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2018-2020 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -import os - -from sys import exit - -from vyos.config import Config -from vyos.configdict import dict_merge -from vyos.template import render -from vyos.util import call -from vyos import ConfigError - -config_file = r'/run/conserver/conserver.cf' - -# Default values are necessary until the implementation of T2588 is completed -default_values = { - 'data_bits': '8', - 'parity': 'none', - 'stop_bits': '1' -} - -def get_config(): - conf = Config() - base = ['service', 'serial-proxy'] - - if not conf.exists(base): - return None - - # Retrieve CLI representation as dictionary - proxy = conf.get_config_dict(base, key_mangling=('-', '_')) - # The retrieved dictionary will look something like this: - # - # {'device': {'usb0b2.4p1.0': {'speed': '9600'}, - # 'usb0b2.4p1.1': {'data_bits': '8', - # 'parity': 'none', - # 'speed': '115200', - # 'stop_bits': '2'}}} - - # We have gathered the dict representation of the CLI, but there are default - # options which we need to update into the dictionary retrived. - for device in proxy['device'].keys(): - tmp = dict_merge(default_values, proxy['device'][device]) - proxy['device'][device] = tmp - - return proxy - -def verify(proxy): - if not proxy: - return None - - for tmp in proxy['device']: - device = proxy['device'][tmp] - if not device['speed']: - raise ConfigError(f'Serial port speed must be defined for "{tmp}"!') - - if 'ssh' in device.keys(): - if 'port' not in device['ssh'].keys(): - raise ConfigError(f'SSH port must be defined for "{tmp}"!') - - return None - -def generate(proxy): - if not proxy: - return None - - render(config_file, 'conserver/conserver.conf.tmpl', proxy) - return None - -def apply(proxy): - call('systemctl stop conserver-server.service') - call('systemctl stop dropbear@*.service') - - if not proxy: - if os.path.isfile(config_file): - os.unlink(config_file) - return None - - call('systemctl restart conserver-server.service') - - for device in proxy['device']: - if 'ssh' in proxy['device'][device].keys(): - call('systemctl restart dropbear@{device}.service') - - return None - -if __name__ == '__main__': - try: - c = get_config() - verify(c) - generate(c) - apply(c) - except ConfigError as e: - print(e) - exit(1) diff --git a/src/systemd/dropbear@.service b/src/systemd/dropbear@.service index a4df6ad41..a7057ffe1 100644 --- a/src/systemd/dropbear@.service +++ b/src/systemd/dropbear@.service @@ -7,7 +7,7 @@ After=dropbearkey.service vyos-router.service conserver-server.service [Service] Type=forking -ExecStartPre=/usr/bin/bash -c '/usr/bin/systemctl set-environment PORT=$(cli-shell-api returnValue service serial-proxy device "%I" ssh port)' +ExecStartPre=/usr/bin/bash -c '/usr/bin/systemctl set-environment PORT=$(cli-shell-api returnValue service console-server device "%I" ssh port)' ExecStart=-/usr/sbin/dropbear -w -j -k -r /etc/dropbear/dropbear_rsa_host_key -c "/usr/bin/console %I" -P /run/conserver/dropbear.%I.pid -p ${PORT} PIDFile=/run/conserver/dropbear.%I.pid KillMode=process -- cgit v1.2.3 From 647af6c5405e6a3ae89bf96cb20558c581ed83d7 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 19 Jun 2020 16:38:40 +0200 Subject: console-server: T2490: server must listen only on localhost --- data/templates/conserver/conserver.conf.tmpl | 4 ++-- src/etc/systemd/system/conserver-server.service.d/override.conf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'data/templates/conserver/conserver.conf.tmpl') diff --git a/data/templates/conserver/conserver.conf.tmpl b/data/templates/conserver/conserver.conf.tmpl index 5fffaf31e..4e7b5d8d7 100644 --- a/data/templates/conserver/conserver.conf.tmpl +++ b/data/templates/conserver/conserver.conf.tmpl @@ -32,6 +32,6 @@ console {{ key }} { ## list of clients we allow ## access * { - trusted 127.0.0.1; - allowed 127.0.0.1; + trusted localhost; + allowed localhost; } diff --git a/src/etc/systemd/system/conserver-server.service.d/override.conf b/src/etc/systemd/system/conserver-server.service.d/override.conf index 828d0bc4b..3c753f572 100644 --- a/src/etc/systemd/system/conserver-server.service.d/override.conf +++ b/src/etc/systemd/system/conserver-server.service.d/override.conf @@ -6,5 +6,5 @@ ConditionPathExists=/run/conserver/conserver.cf [Service] Type=simple ExecStart= -ExecStart=/usr/sbin/conserver -C /run/conserver/conserver.cf +ExecStart=/usr/sbin/conserver -M localhost -C /run/conserver/conserver.cf Restart=on-failure -- cgit v1.2.3