From cc95d6f89282c9d66120f2a9b40a9aaff2f981bb Mon Sep 17 00:00:00 2001 From: fmertz Date: Wed, 24 Jun 2020 16:25:21 +0000 Subject: system display: T2564 Extend VyOS to support appliance LCDs Added support for system LCDs under CLI system display +data/templates/system-display/LCDd.conf.tmpl template for LCDd server configuration file +data/templates/system-display/lcdproc.conf.tmpl template for lcdproc client configuration file +interface-definitions/system-display.xml.in CLI for system display +src/conf_mode/system-display.py processing code for system display +src/systemd/lcdproc.service systemd service definition file for lcdproc client CLI: system display model (SDEC|EZIO) system display config (enabled|disabled) system display show host (cpu|cpu-all|cpu-hist|disk|load-hist|memory|proc|uptime) network interface alias units (bps|Bps|pps) clock (big|mini|date-time) title system display duration system display hello system display bye --- data/templates/system-display/LCDd.conf.tmpl | 1525 +++++++++++++++++++++++ data/templates/system-display/lcdproc.conf.tmpl | 177 +++ 2 files changed, 1702 insertions(+) create mode 100644 data/templates/system-display/LCDd.conf.tmpl create mode 100644 data/templates/system-display/lcdproc.conf.tmpl (limited to 'data') diff --git a/data/templates/system-display/LCDd.conf.tmpl b/data/templates/system-display/LCDd.conf.tmpl new file mode 100644 index 000000000..0b605e09d --- /dev/null +++ b/data/templates/system-display/LCDd.conf.tmpl @@ -0,0 +1,1525 @@ +### Autogenerted by system-display.py ## +# LCDd.conf -- configuration file for the LCDproc server daemon LCDd +# +# This file contains the configuration for the LCDd server. +# +# The format is ini-file-like. It is divided into sections that start at +# markers that look like [section]. Comments are all line-based comments, +# and are lines that start with '#' or ';'. +# +# The server has a 'central' section named [server]. For the menu there is +# a section called [menu]. Further each driver has a section which +# defines how the driver acts. +# +# The drivers are activated by specifying them in a driver= line in the +# server section, like: +# +# Driver=curses +# +# This tells LCDd to use the curses driver. +# The first driver that is loaded and is capable of output defines the +# size of the display. The default driver to use is curses. +# If the driver is specified using the -d command line option, +# the Driver= options in the config file are ignored. +# +# The drivers read their own options from the respective sections. + + + +## Server section with all kinds of settings for the LCDd server ## +[server] + +# Where can we find the driver modules ? +# IMPORTANT: Make sure to change this setting to reflect your +# specific setup! Otherwise LCDd won't be able to find +# the driver modules and will thus not be able to +# function properly. +# NOTE: Always place a slash as last character ! +DriverPath=/usr/lib/x86_64-linux-gnu/lcdproc/ + +# Tells the server to load the given drivers. Multiple lines can be given. +# The name of the driver is case sensitive and determines the section +# where to look for further configuration options of the specific driver +# as well as the name of the dynamic driver module to load at runtime. +# The latter one can be changed by giving a File= directive in the +# driver specific section. +# +# The following drivers are supported: +# bayrad, CFontz, CFontzPacket, curses, CwLnx, ea65, EyeboxOne, futaba, +# g15, glcd, glcdlib, glk, hd44780, icp_a106, imon, imonlcd,, IOWarrior, +# irman, joy, lb216, lcdm001, lcterm, linux_input, lirc, lis, MD8800, +# mdm166a, ms6931, mtc_s16209x, MtxOrb, mx5000, NoritakeVFD, +# Olimex_MOD_LCD1x9, picolcd, pyramid, rawserial, sdeclcd, sed1330, +# sed1520, serialPOS, serialVFD, shuttleVFD, sli, stv5730, svga, t6963, +# text, tyan, ula200, vlsys_m428, xosd, yard2LCD +{%- if model == 'SDEC' %} +Driver=sdeclcd +{%- endif %} + +{%- if model == 'EZIO' %} +Driver=hd44780 +{%- endif %} + +# Tells the driver to bind to the given interface. [default: 127.0.0.1] +#Bind=127.0.0.1 + +# Listen on this specified port. [default: 13666] +#Port=13666 + +# Sets the reporting level; defaults to warnings and errors only. +# [default: 2; legal: 0-5] +#ReportLevel=3 + +# Should we report to syslog instead of stderr? [default: no; legal: yes, no] +#ReportToSyslog=yes + +# User to run as. LCDd will drop its root privileges and run as this user +# instead. [default: nobody] +User=nobody + +# The server will stay in the foreground if set to yes. +# [default: no, legal: yes, no] +#Foreground=yes + +# Hello message: each entry represents a display line; default: builtin +Hello="{%- if hello %}{{ hello }}{%- else %}Welcome to VyOS{%- endif %}" + +# GoodBye message: each entry represents a display line; default: builtin +GoodBye="{%- if bye %}{{ bye }}{%- else %}Bye from VyOS{%- endif %}" + +# Sets the interval in microseconds for updating the display. +# [default: 125000 meaning 8Hz] +#FrameInterval=125000 + +# Sets the default time in seconds to displays a screen. [default: 4] +WaitTime={%- if duration %}{{ duration }}{%- else%}4{%- endif %} + +# If set to no, LCDd will start with screen rotation disabled. This has the +# same effect as if the ToggleRotateKey had been pressed. Rotation will start +# if the ToggleRotateKey is pressed. Note that this setting does not turn off +# priority sorting of screens. [default: on; legal: on, off] +#AutoRotate=off + +# If yes, the the serverscreen will be rotated as a usual info screen. If no, +# it will be a background screen, only visible when no other screens are +# active. The special value 'blank' is similar to no, but only a blank screen +# is displayed. [default: on; legal: on, off, blank] +ServerScreen=no + +# Set master backlight setting. If set to 'open' a client may control the +# backlight for its own screens (only). [default: open; legal: off, open, on] +#Backlight=open + +# Set master heartbeat setting. If set to 'open' a client may control the +# heartbeat for its own screens (only). [default: open; legal: off, open, on] +#Heartbeat=open + +# set title scrolling speed [default: 10; legal: 0-10] +#TitleSpeed=10 + +# The "...Key=" lines define what the server does with keypresses that +# don't go to any client. The ToggleRotateKey stops rotation of screens, while +# the PrevScreenKey and NextScreenKey go back / forward one screen (even if +# rotation is disabled. +# Assign the key string returned by the driver to the ...Key setting. These +# are the defaults: +ToggleRotateKey=Enter +PrevScreenKey=Left +NextScreenKey=Right +#ScrollUpKey=Up +#ScrollDownKey=Down + +## The menu section. The menu is an internal LCDproc client. ## +[menu] +# If true the server allows transitions between different client's menus +# [default: false; legal: true, false] +#PermissiveGoto=false + +# You can configure what keys the menu should use. Note that the MenuKey +# will be reserved exclusively, the others work in shared mode. + +# Up to six keys are supported. The MenuKey (to enter and exit the menu), the +# EnterKey (to select values) and at least one movement keys are required. +# These are the default key assignments: +MenuKey=Escape +EnterKey=Enter +UpKey=Up +DownKey=Down +#LeftKey=Left +#RightKey=Right + + +### Driver sections are below this line, in alphabetical order ### + + +## EMAC BayRAD driver ## +[bayrad] + +# Select the output device to use [default: /dev/lcd] +Device=/dev/lcd + +# Set the communication speed [default: 9600; legal: 1200, 2400, 9600, 19200] +Speed=9600 + + + +## CrystalFontz driver (for CF632 & CF634) ## +[CFontz] + +# Select the output device to use [default: /dev/lcd] +Device=/dev/ttyS0 +# Select the LCD size [default: 20x4] +Size=20x4 +# Set the initial contrast [default: 560; legal: 0 - 1000] +Contrast=350 +# Set the initial brightness [default: 1000; legal: 0 - 1000] +Brightness=1000 +# Set the initial off-brightness [default: 0; legal: 0 - 1000] +# This value is used when the display is normally +# switched off in case LCDd is inactive +OffBrightness=0 +# Set the communication speed [default: 9600; legal: 1200, 2400, 9600, 19200, +# 115200] +Speed=9600 +# Set the firmware version (New means >= 2.0) [default: no; legal: yes, no] +NewFirmware=no +# Reinitialize the LCD's BIOS [default: no; legal: yes, no] +# normally you shouldn't need this +Reboot=no + + + +## CrystalFontz packet driver (for CFA533, CFA631, CFA633 & CFA635) ## +[CFontzPacket] + +# Select the LCD model [default: 633; legal: 533, 631, 633, 635] +Model=633 + +# Select the output device to use [default: /dev/lcd] +Device=/dev/ttyS1 + +# Set the initial contrast [default: 560; legal: 0 - 1000] +Contrast=350 + +# Set the initial brightness [default: 1000; legal: 0 - 1000] +Brightness=1000 + +# Set the initial off-brightness [default: 0; legal: 0 - 1000] +# This value is used when the display is normally +# switched off in case LCDd is inactive +OffBrightness=50 + +# Reinitialize the LCD's BIOS on driver start. [default: no; legal: yes, no] +Reboot=yes + +# Enable the USB flag if the device is connected to an USB port. For +# serial ports leave it disabled. [default: no; legal: yes, no] +#USB=yes + +# Very old 633 firmware versions do not support partial screen updates using +# 'Send Data to LCD' command (31). For those devices it may be necessary to +# enable this flag. [default: no; legal: yes, no] +#OldFirmware=yes + +# Override the LCD size known for the selected model. Usually setting this +# value should not be necessary. +#Size=20x4 + +# Override the default communication speed known for the selected model. +# Default value depends on model [legal: 19200, 115200] +#Speed=115200 + + + +## Curses driver ## +[curses] + +# color settings +# foreground color [default: blue] +Foreground=blue +# background color when "backlight" is off [default: cyan] +Background=cyan +# background color when "backlight" is on [default: red] +Backlight=red + +# display size [default: 20x4] +Size=20x2 + +# What position (X,Y) to start the left top corner at... +# Default: (7,7) +TopLeftX=7 +TopLeftY=7 + +# use ASC symbols for icons & bars [default: no; legal: yes, no] +UseACS=no + +# draw Border [default: yes; legal: yes, no] +DrawBorder=yes + + + +## Cwlinux driver ## +[CwLnx] + +# Select the LCD model [default: 12232; legal: 12232, 12832, 1602] +Model=12232 + +# Select the output device to use [default: /dev/lcd] +Device=/dev/ttyUSB0 + +# Select the LCD size. Default depends on model: +# 12232: 20x4 +# 12832: 21x4 +# 1602: 16x2 +Size=20x4 + +# Set the communication speed [default: 19200; legal: 9600, 19200] +Speed=19200 + +# Reinitialize the LCD's BIOS [default: no; legal: yes, no] +# normally you shouldn't need this +Reboot=no + +# If you have a keypad connected. Keypad layout is currently not +# configureable from the config file. +Keypad=yes + +# If you have a non-standard keypad you can associate any keystrings to keys. +# There are 6 input keys in the CwLnx hardware that generate characters +# from 'A' to 'F'. +# +# The following is the built-in default mapping hardcoded in the driver. +# You can leave those unchanged if you have a standard keypad. +# You can change it if you want to report other keystrings or have a non +# standard keypad. +# KeyMap_A=Up +# KeyMap_B=Down +# KeyMap_C=Left +# KeyMap_D=Right +# KeyMap_E=Enter +# KeyMap_F=Escape + +# keypad_test_mode permits one to test keypad assignment +# Default value is no +#keypad_test_mode=yes + + + +## ea65 driver for the display in AOpen XC Cube AV EA65 media barebones ## +[ea65] + +# Device is fixed /dev/ttyS1 +# Width and Height are fixed 9x1 + +# As the VFD is self luminescent we don't have a backlight +# But we can use the backlight functions to control the front LEDs +# Brightness 0 to 299 -> LEDs off +# Brightness 300 to 699 -> LEDs half bright +# Brightness 700 to 1000 -> LEDs full bright +Brightness=500 +# OffBrightness is the the value used for the 'backlight off' state +OffBrightness=0 + + + +## EyeboxOne driver ## +[EyeboxOne] + +# Select the output device to use [default: /dev/ttyS1] +# Device=/dev/cua01 +Device=/dev/ttyS1 + +# Set the display size [default: 20x4] +Size=20x4 + +# Switch on the backlight? [default: yes] +Backlight=yes + +# Switch on the cursor? [default: no] +Cursor=no + +# Set the communication speed [default: 19200; legal: 1200, 2400, 9600, 19200] +Speed=19200 + +# Enter Key is a \r character, so it's hardcoded in the driver +LeftKey=D +RightKey=C +UpKey=A +DownKey=B +EscapeKey=P + +# You can find out which key of your display sends which +# character by setting keypad_test_mode to yes and running +# LCDd. LCDd will output all characters it receives. +# Afterwards you can modify the settings above and set +# keypad_set_mode to no again. +keypad_test_mode=no + +## Futaba TOSD-5711BB VFD Driver ## +[futaba] + +## g15 driver for Logitech G15 Keyboard LCDs ## +[g15] + +# Display size (currently unused) +size=20x5 + + + +## glcd generic graphical display driver +[glcd] +# Select what type of connection. See documentation for types. +ConnectionType=t6963 + +# Width and height of the display in pixel. The supported sizes may depend on +# the ConnectionType. [default: 128x64; legal: 1x1 - 640x480] +#Size=128x64 + +# Width and height of a character cell in pixels. This value is only used if +# the driver has been compiled with FreeType and it is enabled. Otherwise the +# default 6x8 cell is used. +#CellSize=12x16 + +# If LCDproc has been compiled with FreeType 2 support this option can be used +# to turn if off intentionally. [default: yes; legal: yes, no] +#useFT2=no + +# Path to font file to use for FreeType rendering. This font must be monospace +# and should contain some special Unicode characters like arrows (Andale Mono +# is recommended and can be fetched at http://corefonts.sf.net). +#normal_font=/usr/local/lib/X11/fonts/TTF/andalemo.ttf + +# Some fonts miss the Unicode characters used to represent icons. In this case +# the built-in 5x8 font can used if this option is turned off. [default: yes; +# legal: yes, no] +#fontHasIcons=no + +# Set the initial contrast if supported by connection type. +# [default: 600; legal: 0 - 1000] +#Contrast=600 + +# Set brightness of the backlight if the backlight is switched 'on'. +# [default: 800; legal: 0 - 1000] +#Brightness=1000 + +# Set brightness of the backlight if the backlight is switched 'off'. Set this +# to zero to completely turn off the backlight. [default: 100; legal: 0 - 1000] +#OffBrightness=0 + +# Time (ms) from first key report to first repeat. Set to 0 to disable repeated +# key reports. [default: 500; legal: 0 - 3000] +#KeyRepeatDelay=500 + +# Time (ms) between repeated key reports. Ignored if KeyRepeatDelay is disabled +# (set to zero). [default: 300; legal: 0 - 3000] +#KeyRepeatInterval=300 + +# Assign key strings to keys. There may be up to 16 keys numbered 'A' to 'Z'. +# By default keys 'A' to 'F' are assigned Up, Down, Left, Right, Enter, Escape. +KeyMap_A=Up +KeyMap_B=Down +KeyMap_C=Enter +KeyMap_D=Escape + +# --- t6963 options --- + +# Parallel port to use [default: 0x378; legal: 0x200 - 0x400] +#Port=0x378 + +# Use LPT port in bi-directional mode. This should work on most LPT port +# and is required for proper timing! [default: yes; legal: yes, no] +#bidirectional=yes + +# Insert additional delays into reads / writes. [default: no; legal: yes, no] +#delayBus=no + +# --- serdisplib options --- + +# Name of the underlying serdisplib driver, e.g. ctinclud. See +# serdisplib documentation for details. +serdisp_name=t6963 + +# The display device to use, e.g. serraw:/dev/ttyS0, +# parport:/dev/parport0 or USB:07c0/1501. +serdisp_device=/dev/ppi0 + +# Options string to pass to serdisplib during initialization. Use +# this to set any display related options (e.g. wiring). The display size is +# always set based on the Size configured above! By default, no options are +# set. +# Important: The value must be quoted as it contains equal signs! +#serdisp_options="INVERT=1" + +# --- x11 options --- + +# PixelSize is size of each dot in pixels + a pixel gap. [default: 3+1] +#x11_PixelSize=3+1 + +# Colors are in RRGGBB format prefixed with "0x". +# PixelColor: The color of each dot at full contrast. [default: 0x000000] +#x11_PixelColor=0x000000 + +# BacklightColor: The color of the backlight as full brightness. +# [default: 0x80FF80] +#x11_BacklightColor=0x80FF80 + +# Border: Adds a border (empty space) around the LCD portion of X11 window. +# [default: 20] +#x11_Border=20 + +# Inverted: inverts the pixels [default: no; legal: yes, no] +#x11_Inverted=no + +# --- picolcdgfx options --- + +# Time in ms for usb_read to wait on a key press. [default: 125; legal: >0] +#picolcdgfx_KeyTimeout=125 + +# Inverted: Inverts the pixels. [default: no; legal: yes or no] +#picolcdgfx_Inverted=no + + + +## glcdlib meta driver for graphical LCDs ## +[glcdlib] + +## mandatory: + +# which graphical display supported by graphlcd-base to use [default: image] +# (see /etc/graphlcd.conf for possible drivers) +Driver=noritake800 + +# no=use graphlcd bitmap fonts (they have only one size / font file) +# yes=use fonts supported by FreeType2 (needs Freetype2 support in +# libglcdprocdriver and its dependants) +UseFT2=yes + +# text resolution in fixed width characters [default: 16x4] +# (if it won't fit according to available physical pixel resolution +# and the minimum available font face size in pixels, then +# 'DebugBorder' will automatically be turned on) +TextResolution=20x4 + +# path to font file to use +FontFile=/usr/share/fonts/corefonts/courbd.ttf + +## these only apply if UseFT2=yes: + +# character encoding to use +CharEncoding=iso8859-2 + +# minimum size in pixels in which fonts should be rendered +MinFontFaceSize=7x12 + +## optional: +Brightness=50 # Brightness (in %) if applicable +Contrast=50 # Contrast (in %) if applicable +Backlight=no # Backlight if applicable +UpsideDown=no # flip image upside down +Invert=no # invert light/dark pixels +ShowDebugFrame=no # turns on/off 1 pixel thick debugging + # border within the usable text area, + # for setting up TextResolution and + # MinFontFaceSize (if using FT2); +ShowBigBorder=no # border around the unused area +ShowThinBorder=yes # border around the unused area +PixelShiftX=0 +PixelShiftY=2 + + + +## Matrix Orbital GLK driver ## +[glk] + +# select the serial device to use [default: /dev/lcd] +Device=/dev/lcd + +# set the initial contrast value [default: 500; legal: 0 - 1000] +Contrast=500 + +# set the serial port speed [default: 19200; legal: 9600, 19200, 38400, 57600, 115200] +Speed=19200 + + + +## Hitachi HD44780 driver ## +[hd44780] +{%- if model == 'EZIO' %} +ConnectionType=ezio +Device=/dev/ttyS1 +Keypad=yes +Size=16x2 +KeyMatrix_4_1=Enter +KeyMatrix_4_2=Up +KeyMatrix_4_3=Down +KeyMatrix_4_4=Escape +{%- endif %} + +# Select what type of connection. See documentation for available types. +#ConnectionType=4bit + +# Select model if have non-standard one which require extra initialization or handling or +# just want extra features it offers. +# Available: standard (default), extended, winstar_oled, pt6314_vfd +# - standard is default, use for LCDs not mentioned below. +# - extended, hd66712, ks0073: allows use 4-line "extended" mode, +# same as deprecated now option ExtendedMode=yes +# - winstar_oled, weh00xxyya: changes initialization for WINSTAR's WEH00xxyyA displays +# and allows handling brightness +# - pt6314_vfd: allows handling brightness on PTC's PT6314 VFDs +# +# This option should be independent of connection type. +#Model = standard + +# I/O address of the LPT port. Usual values are: 0x278, 0x378 and 0x3BC. +# For I2C connections this sets the slave address (usually 0x20). +#Port=0x378 + +# Device of the serial, I2C, or SPI interface [default: /dev/lcd] +#Device=/dev/ttyS0 + +# Bitrate of the serial port (0 for interface default) +#Speed=0 + +# If you have a keypad connected. +# You may also need to configure the keypad layout further on in this file. +#Keypad=no + +# Set the initial contrast (bwctusb, lcd2usb, and usb4all) +# [default: 800; legal: 0 - 1000] +#Contrast=0 + +# Set brightness of the backlight (lcd2usb and usb4all): +# Brightness is the brightness while the backlight is set to 'on'. +# [default: 800; legal: 0 - 1000] +#Brightness=1000 + +# OffBrightness is the brightness while the backlight is set to 'off'. +# [default: 300; legal: 0 - 1000] +#OffBrightness=0 + +# Specify if you have a switchable backlight and if yes, can select method for turning it on/off: +# +# - none - no switchable backlight is available. For compability also boolean +# 0, n, no, off and false are aliases. +# - external - use external pin or any other method defined with ConnectionType backlight +# handling. For backward compability also this value is chosen for boolean +# TRUE values: 1, y, yes, on and true. +# - internal - means that backlight is handled using internal commands according +# to selected display model (with Model option). Depending on model, +# Brightness and OffBrightness options can be taken into account. +# - internalCmds - means that commands for turning on and off backlight are given +# with extra options BacklightOnCmd and BacklightOffCmd, which would be treated +# as catch up (last resort) for other types of displays which have similar features. +# +# You can provide multiple occurences of this option to use more than one method. +# Default is model specific: Winstar OLED and PT6314 VFD enables internal backlight mode, +# for others it is set to none. +#Backlight = none + +# Commands for enabling internal backlight for use with Backlight=internalCmds. +# Up to 4 bytes can be encoded, as integer number in big-endian order. +# +# NOTE: this is advanced option, if command contains bits other than only brighness handling, +# they must be set accordingly to not disrupt display state. If for example 'FUNCTION SET' command +# is used for this purpose, bits of interface length (4-bit / 8-bit) must be set according to +# selected ConnectionType. +#BacklightCmdOn=0x1223 + +# Commands for disabling internal backlight for use with Backlight=internalCmds. +# Up to 4 bytes can be encoded, as integer number in big-endian order. +#BacklightCmdOff=0x1234 + + +# If you have the additional output port ("bargraph") and you want to +# be able to control it with the lcdproc OUTPUT command +#OutputPort=no + +# Specifies if the last line is pixel addressable (yes) or it controls an +# underline effect (no). [default: yes; legal: yes, no] +#Lastline=yes + +# Specifies the size of the LCD. +# In case of multiple combined displays, this should be the total size. +#Size=20x4 + +# For multiple combined displays: how many lines does each display have. +# Vspan=2,2 means both displays have 2 lines. +#vspan=2,2 + +# If you have an HD66712, a KS0073 or another controller with 'extended mode', +# set this flag to get into 4-line mode. On displays with just two lines, do +# not set this flag. +# As an additional restriction, controllers with and without extended mode +# AND 4 lines cannot be mixed for those connection types that support more +# than one display! +# NOTE: This option is deprecated in favour of choosing Model=extended option. +#ExtendedMode=yes + +# In extended mode, on some controllers like the ST7036 (in 3 line mode) +# the next line in DDRAM won't start 0x20 higher. [default: 0x20] +#LineAddress=0x10 + +# Character map to to map ISO-8859-1 to the LCD's character set +# [default: hd44780_default; legal: hd44780_default, hd44780_euro, ea_ks0073, +# sed1278f_0b, hd44780_koi8_r, hd44780_cp1251, hd44780_8859_5, upd16314, +# weh001602a_1] +# (hd44780_koi8_r, hd44780_cp1251, hd44780_8859_5, upd16314 and weh001602a_1 +# are possible if compiled with additional charmaps) +CharMap=hd44780_default + +# Font bank to be used for some displays such as the WINSTAR WEH001602A +# 0: English/Japanese (default) +# 1: Western Europe I +# 2: English/Rusian +# 3: Western Europe II +#FontBank=0 + +# If your display is slow and cannot keep up with the flow of data from +# LCDd, garbage can appear on the LCDd. Set this delay factor to 2 or 4 +# to increase the delays. Default: 1. +#DelayMult=2 + +# Some displays (e.g. vdr-wakeup) need a message from the driver to that it +# is still alive. When set to a value bigger then null the character in the +# upper left corner is updated every seconds. Default: 0. +#KeepAliveDisplay=0 + +# If you experience occasional garbage on your display you can use this +# option as workaround. If set to a value bigger than null it forces a +# full screen refresh seconds. Default: 0. +#RefreshDisplay=5 + +# You can reduce the inserted delays by setting this to false. +# On fast PCs it is possible your LCD does not respond correctly. +# Default: true. +#DelayBus=true + +# If you have a keypad you can assign keystrings to the keys. +# See documentation for used terms and how to wire it. +# For example to give directly connected key 4 the string "Enter", use: +# KeyDirect_4=Enter +# For matrix keys use the X and Y coordinates of the key: +# KeyMatrix_1_3=Enter +#KeyMatrix_4_1=Enter +#KeyMatrix_4_2=Up +#KeyMatrix_4_3=Down +#KeyMatrix_4_4=Escape + +## ICP Peripheral Comminication Protocol driver ## +# Supports A125 and A106 +# +# Short Press Select: Down +# Long Press Select: Up +# Short Press Enter: Enter +# Long Press Enter: Escape +# +[icp_a106] +Device=/dev/ttyS1 + +# Display dimensions +Size=20x2 + + +## Code Mercenaries IO-Warrior driver ## +[IOWarrior] + +# display dimensions +Size=20x4 + +# serial number. Must be exactly as listed by usbview +# (if not given, the 1st IOWarrior found gets used) +#SerialNumber=00000674 + +# If you have an HD66712, a KS0073 or another 'almost HD44780-compatible', +# set this flag to get into extended mode (4-line linear). +#ExtendedMode=yes + +# Specifies if the last line is pixel addressable (yes) or it controls an +# underline effect (no). [default: yes; legal: yes, no] +#Lastline=yes + + + +## Soundgraph/Ahanix/Silverstone/Uneed/Accent iMON driver ## +[imon] + +# select the device to use +Device=/dev/lcd0 + +# display dimensions +Size=16x2 + +# Character map to to map ISO-8859-1 to the displays character set. +# [default: none; legal: none, hd44780_euro, upd16314, hd44780_koi8_r, +# hd44780_cp1251, hd44780_8859_5 ] (upd16314, hd44780_koi8_r, +# hd44780_cp1251, hd44780_8859_5 are possible if compiled with additional +# charmaps) +CharMap=hd44780_euro + +## Soundgraph iMON LCD ## +[imonlcd] +# Specify which iMon protocol should be used +# [legal: 0, 1; default: 0] +# Choose 0 for 15c2:ffdc device, +# Choose 1 for 15c2:0038 device +Protocol=0 + +# Set the exit behavior [legal: 0-2; default: 1] +# 0 means leave shutdown message, +# 1 means show the big clock, +# 2 means blank device +#OnExit=2 + +# Select the output device to use [default: /dev/lcd0] +Device=/dev/lcd0 + +# Select the displays contrast [default: 200; legal: 0-1000] +Contrast=200 + +# Specify the size of the display in pixels [default: 96x16] +#Size=96x16 + +# Set the backlight state [default: on; legal: on, off] +#Backlight=on + +# Set the disc mode [legal: 0,1; default: 0] +# 0 => spin the "slim" disc - two disc segments, +# 1 => their complement spinning; +#DiscMode=0 + + + +## IrMan driver ## +[IrMan] +# in case of trouble with IrMan, try the Lirc emulator for IrMan + +# Select the input device to use +#Device=/dev/irman + +# Select the configuration file to use +#Config=/etc/irman.cfg + + + +## IRtrans driver ## +[irtrans] + +# Does the device have a backlight? [default: no; legal: yes, no] +#Backlight=no + +# IRTrans device to connect to [default: localhost] +#Hostname=localhost + +# display dimensions +Size=16x2 + + + +## Joystick driver ## +[joy] + +# Select the input device to use [default: /dev/js0] +Device=/dev/js0 + +# set the axis map +Map_Axis1neg=Left +Map_Axis1pos=Right +Map_Axis2neg=Up +Map_Axis2pos=Down + +# set the button map +Map_Button1=Enter +Map_Button2=Escape + + +## JW-002 driver ## +[jw002] + +# Select the output device to use [default: /dev/lcd] +#Device=/dev/ttyS0 + +# Set the display size [default: 24x8] +Size=24x8 + +# Optional X and Y offsets (in characters) to center a smaller display +# size on the full 24x8 panel +X_offset=0 +Y_offset=0 + +# Set the communication speed [default: 19200; legal: 1200, 2400, 9600, 19200] +Speed=19200 + +# Pick which font page to use [default: 0] +# Note that different fonts probably have their bargraph chars in different +# spots. For ROM-based fonts 0-3, those characters are already known. +Font=0 + +# The following table translates from jw002 key letters to logical key names. +# By default no keys are mapped, meaning the keypad is not used at all. +#KeyMap_I=Left +#KeyMap_J=Right +#KeyMap_H=Up +#KeyMap_K=Down +#KeyMap_L=Enter +#KeyMap_A=Escape +# See the [menu] section for an explanation of the key mappings + +# You can find out which key of your display sends which +# character by setting keypad_test_mode to yes and running +# LCDd. LCDd will output all characters it receives. +# Afterwards you can modify the settings above and set +# keypad_set_mode to no again. +keypad_test_mode=no + + +## LB216 driver ## +[lb216] + +# Select the output device to use [default: /dev/lcd] +Device=/dev/lcd + +# Set the initial brightness [default: 255; legal: 0 - 255] +Brightness=255 + +# Set the communication speed [default: 9600; legal: 2400, 9600] +Speed=9600 + +# Reinitialize the LCD's BIOS [default: no; legal: yes, no] +Reboot=no + + + +## LCDM001 driver ## +[lcdm001] + +Device=/dev/ttyS1 + +# keypad settings +# Keyname Function +# Normal context Menu context +# ------- -------------- ------------ +# PauseKey Pause/Continue Enter/select +# BackKey Back(Go to previous screen) Up/Left +# ForwardKey Forward(Go to next screen) Down/Right +# MainMenuKey Open main menu Exit/Cancel +PauseKey=LeftKey +BackKey=UpKey +ForwardKey=DownKey +MainMenuKey=RightKey + +# You can rearrange the settings here. +# If your device is broken, have a look at server/drivers/lcdm001.h + + + +## HNE LCTerm driver ## +[lcterm] +Device=/dev/ttyS1 +Size=16x2 + + +## Linux event device input driver ## +[linux_input] + +# Select the input device to use [default: /dev/input/event0]. This may be +# either an absolute path to the input node, starting with '/', or +# an input device name, e.g. "Logitech Gaming Keyboard Gaming Keys". +# Device=/dev/input/event0 + +# specify a non-default key map +#key=1,Escape +#key=28,Enter +#key=96,Enter +#key=105,Left +#key=106,Right +#key=103,Up +#key=108,Down + + +## LIRC input driver ## +[lirc] + +# Specify an alternative location of the lircrc file [default: ~/.lircrc] +#lircrc=/etc/lircrc.lcdproc + +# Must be the same as in your lircrc +#prog=lcdd + + + +## LIS MCE 2005 driver ## +[lis] + +# Set the initial brightness [default: 1000; legal: 0 - 1000] +# 0-250 = 25%, 251-500 = 50%, 501-750 = 75%, 751-1000 = 100% +#Brightness=1000 + +# Columns by lines [default: 20x2] +#Size=20x2 + +# USB Vendor ID [default: 0x0403] +# Change only if testing a compatible device. +#VendorID=0x0403 + +# USB Product ID [default: 0x6001] +# Change only if testing a compatible device. +#ProductID=0x6001 + +# Specifies if the last line is pixel addressable (yes) or it only controls an +# underline effect (no). [default: yes; legal: yes, no] +#Lastline=yes + + + +##The driver for the VFD of the Medion MD8800 PC ## +[MD8800] +# device to use [default: /dev/ttyS1] +#Device=/dev/ttyS1 + +# display size [default: 16x2] +#Size=16x2 + +# Set the initial brightness [default: 1000; legal: 0 - 1000] +Brightness=1000 +# Set the initial off-brightness [default: 0; legal: 0 - 1000] +# This value is used when the display is normally +# switched off in case LCDd is inactive +OffBrightness=50 + + + +## Futuba MDM166A Display +[mdm166a] +# Show self-running clock after LCDd shutdown +# Possible values: [default: no; legal: no, small, big] +Clock=big +# Dim display, no dimming gives full brightness [default: no, legal: yes, no] +Dimming=no +# Dim display in case LCDd is inactive [default: no, legal: yes, no] +OffDimming=yes + + + +## MSI MS-6931 driver for displays in 1HU servers ## +[ms6931] + +# device to use [default: /dev/ttyS1] +Device=/dev/ttyS1 + +# display size [default: 16x2] +#Size=16x2 + + + +## MTC-S16209x driver ## +[mtc_s16209x] + +# Select the output device to use [default: /dev/lcd] +Device=/dev/lcd + +# Set the initial brightness [default: 255; legal: 0 - 255] +Brightness=255 + +# Reinitialize the LCD's BIOS [default: no; legal: yes, no] +Reboot=no + + + +## Matrix Orbital driver ## +[MtxOrb] + +# Select the output device to use [default: /dev/lcd] +Device=/dev/ttyS0 + +# Set the display size [default: 20x4] +Size=20x4 + +# Set the display type [default: lcd; legal: lcd, lkd, vfd, vkd] +Type=lkd + +# Set the initial contrast [default: 480] +# NOTE: The driver will ignore this if the display +# is a vfd or vkd as they don't have this feature +Contrast=480 + +# Some old displays do not have an adjustable backlight but only can +# switch the backlight on/off. If you experience randomly appearing block +# characters, try setting this to false. [default: yes; legal: yes, no] +hasAdjustableBacklight=no + +# Set the initial brightness [default: 1000; legal: 0 - 1000] +Brightness=1000 +# Set the initial off-brightness [default: 0; legal: 0 - 1000] +# This value is used when the display is normally +# switched off in case LCDd is inactive +OffBrightness=0 + +# Set the communication speed [default: 19200; legal: 1200, 2400, 9600, 19200] +Speed=19200 + +# The following table translates from MtxOrb key letters to logical key names. +# By default no keys are mapped, meaning the keypad is not used at all. +#KeyMap_A=Left +#KeyMap_B=Right +#KeyMap_C=Up +#KeyMap_D=Down +#KeyMap_E=Enter +#KeyMap_F=Escape +# See the [menu] section for an explanation of the key mappings + +# You can find out which key of your display sends which +# character by setting keypad_test_mode to yes and running +# LCDd. LCDd will output all characters it receives. +# Afterwards you can modify the settings above and set +# keypad_set_mode to no again. +keypad_test_mode=no + + + +## mx5000 driver for LCD display on the Logitech MX5000 keyboard ## +[mx5000] + +# Select the output device to use [default: /dev/hiddev0] +Device = /dev/hiddev0 +# Time to wait in ms after the refresh screen has been sent [default: 1000] +WaitAfterRefresh = 1000 + + + +## Noritake VFD driver ## +[NoritakeVFD] +# device where the VFD is. Usual values are /dev/ttyS0 and /dev/ttyS1 +# [default: /dev/lcd] +Device=/dev/ttyS0 +# Specifies the size of the LCD. +Size=20x4 +# Set the initial brightness [default: 1000; legal: 0 - 1000] +Brightness=1000 +# Set the initial off-brightness [default: 0; legal: 0 - 1000] +# This value is used when the display is normally +# switched off in case LCDd is inactive +OffBrightness=50 +# set the serial port speed [default: 9600, legal: 1200, 2400, 9600, 19200, 115200] +Speed=9600 +# Set serial data parity [default: 0; legal: 0-2 ] +# Meaning: 0(=none), 1(=odd), 2(=even) +Parity=0 +# re-initialize the VFD [default: no; legal: yes, no] +Reboot=no + + + +## Olimex MOD-LCD1x9 driver ## +[Olimex_MOD_LCD1x9] + +# device file of the i2c controler +Device=/dev/i2c-0 + + +## Mini-box.com picoLCD (usblcd) driver ## +[picolcd] + +# KeyTimeout is only used if the picoLCD driver is built with libusb-0.1. When +# built with libusb-1.0 key and IR data is input asynchronously so there is no +# need to wait for the USB data. +# KeyTimeout is the time in ms that LCDd spends waiting for a key press before +# cycling through other duties. Higher values make LCDd use less CPU time and +# make key presses more detectable. Lower values make LCDd more responsive +# but a little prone to missing key presses. 500 (.5 second) is the default +# and a balanced value. [default: 500; legal: 0 - 1000] +KeyTimeout=500 + +# Key auto repeat is only available if the picoLCD driver is built with +# libusb-1.0. Use KeyRepeatDelay and KeyRepeatInterval to configure key auto +# repeat. +# +# Key auto repeat delay (time in ms from first key report to first repeat). Use +# zero to disable auto repeat. [default: 300; legal: 0 - 3000] +KeyRepeatDelay=300 + +# Key auto repeat interval (time in ms between repeat reports). Only used if +# KeyRepeatDelay is not zero. [default: 200; legal: 0 - 3000] +KeyRepeatInterval=200 + +# Sets the initial state of the backlight upon start-up. +# [default: on; legal: on, off] +#Backlight=on + +# Set the initial brightness [default: 1000; legal: 0 - 1000]. Works only +# with the 20x4 device +Brightness=1000 + +# Set the brightness while the backlight is 'off' [default: 0; legal: 0 - 1000]. +# Works only with the 20x4 device. +#OffBrightness=0 + +# Set the initial contrast [default: 1000; legal: 0 - 1000] +Contrast=1000 + +# Link the key lights to the backlight? [default: on; legal: on, off] +#LinkLights=off + +# Light the keys? [default: on; legal: on, off] +Keylights=on + +# If Keylights is on, the you can unlight specific keys below: +# Key0 is the directional pad. Key1 - Key5 correspond to the F1 - F5 keys. +# There is no LED for the +/- keys. This is a handy way to indicate to users +# which keys are disabled. [default: on; legal: on, off] +Key0Light=on +Key1Light=on +Key2Light=on +Key3Light=on +Key4Light=on +Key5Light=on + +# Host name or IP address of the LIRC instance that is to receive IR codes +# If not set, or set to an empty value, IR support is disabled. +#LircHost=127.0.0.1 + +# UDP port on which LIRC is listening [default: 8765; legal: 1 - 65535] +LircPort=8765 + +# UDP data time unit for LIRC [default: off; legal: on, off] +# On: times sent in microseconds (requires LIRC UDP driver that accepts this). +# Off: times sent in 'jiffies' (1/16384s) (supported by standard LIRC UDP driver). +LircTime_us=on + +# Threshold in microseconds of the gap that triggers flushing the IR data +# to lirc [default: 8000; legal: 1000 - ] +# If LircTime_us is on values greater than 32.767ms will disable the flush +# If LircTime_us is off values greater than 1.999938s will disable the flush +LircFlushThreshold=10000 + + + +## Pyramid LCD driver ## +[pyramid] + +# device to connect to [default: /dev/lcd] +Device=/dev/ttyUSB0 + + + +## rawserial driver ## +[rawserial] + +# Select the output device to use [default: /dev/cuaU0] +Device=/dev/ttyS0 + +# Serial port baudrate [default: 9600] +Speed=9600 + +# Specifies the size of the LCD. If this driver is loaded as a secondary driver +# it always adopts to the size of the primary driver. If loaded as the only +# (or primary) driver, the size can be set. [default: 40x4] +#Size=16x2 + +# How often to dump the LCD contents out the port, in Hertz (times per second) +# 1 = once per second, 4 is 4 times per second, 0.1 is once every 10 seconds. +# [default: 1; legal: 0.0005 - 10] +UpdateRate=1 + + + +## SDEC driver for Watchguard Firebox ## +[sdeclcd] +# No options + + +## Seiko Epson 1330 driver ## +[sed1330] + +# Port where the LPT is. Common values are 0x278, 0x378 and 0x3BC +Port=0x378 + +# Type of LCD module (legal: G321D, G121C, G242C, G191D, G2446, SP14Q002) +# Note: Currently only tested with G321D & SP14Q002. +Type=G321D + +# Width x Height of a character cell in pixels [legal: 6x7 - 8x16; default: 6x10] +CellSize=6x10 + +# Select what type of connection [legal: classic, bitshaker; default: classic] +ConnectionType=classic + + + +## Seiko Epson 1520 driver ## +[sed1520] + +# Port where the LPT is. Usual values are 0x278, 0x378 and 0x3BC +Port=0x378 + +# Select the interface type (wiring) for the display. Supported values are +# 68 for 68-style connection (RESET level high) and 80 for 80-style connection +# (RESET level low). [legal: 68, 80; default: 80] +InterfaceType=80 + +# On fast machines it may be necessary to slow down transfer to the display. +# If this value is set to zero, delay is disabled. Any value greater than +# zero slows down each write by one microsecond. [legal: 0-1000; default: 1] +DelayMult=0 + +# The original wiring used an inverter to drive the control lines. If you do +# not use an inverter set haveInverter to no. [default: yes; legal: yes, no] +HaveInverter=no + +# On some displays column data in memory is mapped to segment lines from right +# to left. This is called inverted mapping (not to be confused with +# 'haveInverter' from above). [default: no; legal: yes, no] +#InvertedMapping=yes + +# At least one display is reported (Everbouquet MG1203D) that requires sending +# three times 0xFF before a reset during initialization. +# [default: no; legal: yes, no] +#UseHardReset=yes + + +## serial POS display driver ## +[serialPOS] + +# Device to use in serial mode [default: /dev/ttyS0] +Device=/dev/ttyS0 + +# Specifies the size of the display in characters. [default: 16x2] +Size=16x2 + +# Specifies the cell size of each character cell on the display in characters. +# [default: 5x8] +Cellsize=5x8 + +# Specifies the number of custom characters supported by the display. +# [default: 0] +Custom_chars=0 + +# Set the communication protocol to use with the POS display. +# [default: AEDEX; legal: AEDEX, CD5220, Epson, Emax, LogicControls, Ultimate] +Type=AEDEX + +# communication baud rate with the display [default: 9600; legal: 1200, 2400, +# 4800, 9600, 19200, 115200] +Speed=9600 + + + +## Serial VFD driver ## +## Drives various (see below) serial 5x7dot VFD's. ## +[serialVFD] + +# Specifies the displaytype.[default: 0] +# 0 NEC (FIPC8367 based) VFDs. +# 1 KD Rev 2.1. +# 2 Noritake VFDs (*). +# 3 Futaba VFDs +# 4 IEE S03601-95B +# 5 IEE S03601-96-080 (*) +# 6 Futaba NA202SD08FA (allmost IEE compatible) +# 7 Samsung 20S207DA4 and 20S207DA6 +# 8 Nixdorf BA6x / VT100 +# (* most should work, not tested yet.) +Type=0 + +# "no" if display connected serial, "yes" if connected parallel. [default: no] +# I.e. serial by default +use_parallel=no + +# Number of Custom-Characters. default is display type dependent +#Custom-Characters=0 + +# Portaddress where the LPT is. Used in parallel mode only. Usual values are +# 0x278, 0x378 and 0x3BC. +Port=0x378 + +# Set parallel port timing delay (us). Used in parallel mode only. +# [default: 2; legal: 0 - 255] +#PortWait=2 + +# Device to use in serial mode. Usual values are /dev/ttyS0 and /dev/ttyS1 +Device=/dev/ttyS1 + +# Specifies the size of the VFD. +Size=20x2 + +# Set the initial brightness [default: 1000; legal: 0 - 1000] +# (4 steps 0-250, 251-500, 501-750, 751-1000) +Brightness=1000 +# Set the initial off-brightness [default: 0; legal: 0 - 1000] +# This value is used when the display is normally +# switched off in case LCDd is inactive +# (4 steps 0-250, 251-500, 501-750, 751-1000) +OffBrightness=0 + +# set the serial port speed [default: 9600; legal: 1200, 2400, 9600, 19200, 115200] +Speed=9600 + +# enable ISO 8859 1 compatibility [default: yes; legal: yes, no] +#ISO_8859_1=yes + + + +## shuttleVFD driver ## +[shuttleVFD] +# No options + + + +## stv5730 driver ## +[stv5730] + +# Port the device is connected to [default: 0x378] +Port=0x378 + + +[SureElec] + +# Port the device is connected to (by default first USB serial port) +Device=/dev/ttyUSB0 + +# Edition level of the device (can be 1, 2 or 3) [default: 2] +#Edition=1 + +# set display size +# Note: The size can be obtained directly from device for edition 2 & 3. +#Size=16x2 + +# Set the initial contrast [default: 480; legal: 0 - 1000] +#Contrast=200 + +# Set the initial brightness [default: 480; legal: 1 - 1000] +#Brightness=480 + +# Set the initial off-brightness [default: 100; legal: 1 - 1000] +# This value is used when the display is normally +# switched off in case LCDd is inactive +#OffBrightness=100 + + +## SVGAlib driver ## +[svga] + +# svgalib mode to use [default: G320x240x256 ] +# legal values are supported svgalib modes +#Mode=G640x480x256 + +# set display size [default: 20x4] +Size=20x4 + +# Set the initial contrast [default: 500; legal: 0 - 1000] +# Can be set but does not change anything internally +Contrast=500 + +# Set the initial brightness [default: 1000; legal: 1 - 1000] +Brightness=1000 + +# Set the initial off-brightness [default: 500; legal: 1 - 1000] +# This value is used when the display is normally +# switched off in case LCDd is inactive +OffBrightness=500 + + + +## Text driver ## +[text] +# Set the display size [default: 20x4] +Size=20x4 + + + +## Toshiba T6963 driver ## +[t6963] + +# set display size in pixels [default: 128x64] +Size=128x64 + +# port to use [default: 0x378; legal: 0x200 - 0x400] +Port=0x378 + +# Use LPT port in bi-directional mode. This should work on most LPT port and +# is required for proper timing! [default: yes; legal: yes, no] +#bidirectional=yes + +# Insert additional delays into reads / writes. [default: no; legal: yes, no] +#delayBus=no + +# Clear graphic memory on start-up. [default: no; legal: yes, no] +#ClearGraphic=no + + + +## Tyan Barebones LCD driver (GS10 & GS12 series) ## +[tyan] + +# Select the output device to use [default: /dev/lcd] +Device=/dev/lcd + +# Set the communication speed [default: 9600; legal: 4800, 9600] +Speed=9600 + +# set display size [default: 16x2] +Size=16x2 + + + +## ELV ula200 driver ## +[ula200] + +# Select the LCD size [default: 20x4] +Size=20x4 + +# If you have a non standard keypad you can associate any keystrings to keys. +# There are 6 input key in the CwLnx hardware that generate characters +# from 'A' to 'F'. +# +# The following it the built-in default mapping hardcoded in the driver. +# You can leave those unchanged if you have a standard keypad. +# You can change it if you want to report other keystrings or have a non +# standard keypad. +# KeyMap_A=Up +# KeyMap_B=Down +# KeyMap_C=Left +# KeyMap_D=Right +# KeyMap_E=Enter +# KeyMap_F=Escape + + + +## Wirz SLI LCD driver ## +[sli] + +# Select the output device to use [default: /dev/lcd] +Device=/dev/lcd + +# Set the communication speed [default: 19200; legal: 1200, 2400, 9600, 19200, +# 38400, 57600, 115200] +Speed=19200 + + + +## vlsys_m428 for VFD/IR combination in Moneual MonCaso 320 ## +[vlsys_m428] + +# Select the output device to use [default: /dev/ttyUSB0] +#Device=/dev/ttyUSB0 + + + +## OnScreen Display using libxosd ## +[xosd] + +# set display size [default: 20x4] +Size=20x4 + +# Offset in pixels from the top-left corner of the monitor [default: 0x0] +Offset=200x200 + +# X font to use, in XLFD format, as given by "xfontsel" +Font=-*-terminus-*-r-*-*-*-320-*-*-*-*-* + +## Y.A.R.D.2 LCD section +[yard2LCD] +Size=20x4 +# If rendering rate is too high, change in server\main.h #define RENDER_FREQ 8 to "1" + +# EOF diff --git a/data/templates/system-display/lcdproc.conf.tmpl b/data/templates/system-display/lcdproc.conf.tmpl new file mode 100644 index 000000000..2fe491e63 --- /dev/null +++ b/data/templates/system-display/lcdproc.conf.tmpl @@ -0,0 +1,177 @@ +### autogenerated by system-display.py ### + +# system display show host (CPU|SMP-CPU|CPU-Graph|Load|Memory|Proc-Size|Disk|Uptime) +# network interface alias +# units (bps|Bps|pps) +# clock (big|mini|date-time) + +# LCDproc client configuration file + +## general options ## +[lcdproc] +# address of the LCDd server to connect to +Server=127.0.0.1 + +# Port of the server to connect to +Port=13666 + +# set reporting level +#ReportLevel=2 + +# report to to syslog ? +ReportToSyslog=true + +# run in foreground [default: false; legal: true, false] +#Foreground=true + +# PidFile location when running as daemon [default: /var/run/lcdproc.pid] +#PidFile=/var/run/lcdproc.pid + +# slow down initial announcement of modes (in 1/100s) +#delay=2 + + +## screen specific configuration options ## +{%- if show %} +# display name for the main menu [default: LCDproc HOST] +DisplayName="{%- if show['title'] %}{{ show['title'] }}{%- else %}VyOS{%- endif %}" + +{%- if show['host'] %} +{#%- for s in show['host'] %#} + +[CPU] +# Show screen +Active={%- if 'cpu' in show['host'] %}true{%- else %}false{%- endif %} +OnTime=1 +OffTime=2 +ShowInvisible=false + +[SMP-CPU] +# Show screen +Active={%- if 'cpu-all' in show['host'] %}true{%- else %}false{%- endif %} + +[Memory] +# Show screen +Active={%- if 'memory' in show['host'] %}true{%- else %}false{%- endif %} + +[Load] +# Show screen +Active={%- if 'load-hist' in show['host'] %}true{%- else %}false{%- endif %} +# Min Load Avg at which the backlight will be turned off [default: 0.05] +LowLoad=0.05 +# Max Load Avg at which the backlight will start blinking [default: 1.3] +HighLoad=1.3 + +[Uptime] +# Show screen +Active={%- if 'uptime' in show['host'] %}true{%- else %}false{%- endif %} + +[CPUGraph] +# Show screen +Active={%- if 'cpu-hist' in show['host'] %}true{%- else %}false{%- endif %} + +[ProcSize] +# Show screen +Active={%- if 'proc' in show['host'] %}true{%- else %}false{%- endif %} + +[Disk] +# Show screen +Active={%- if 'disk' in show['host'] %}true{%- else %}false{%- endif %} +{#%- endfor %#} +{%- else %} {# if show['host'] #} +{# Turn off sections that default active #} + +[CPU] +Active=false + +[Memory] +Active=false + +[Load] +Active=false + +[TimeDate] +Active=false +{%- endif %} {# if show['host'] #} + +[TimeDate] +# Show screen +Active={%- if show['clock'] == 'date-time' %}true{%- else %}false{%- endif %} +# time format [default: %H:%M:%S; legal: see strftime(3)] +TimeFormat="%H:%M:%S" +# date format [default: %x; legal: see strftime(3)] +DateFormat="%x" + +[BigClock] +# Show screen +Active={%- if show['clock'] == 'big' %}true{%- else %}false{%- endif %} + +[MiniClock] +# Show screen +Active={%- if show['clock'] == 'mini' %}true{%- else %}false{%- endif %} +# time format [default: %H:%M; legal: see strftime(3)] +TimeFormat="%H:%M" + +{%- if show['network'] %} +[Iface] +# Show screen +Active={%- if show['network']['interface'] %}true{%- else %}false{%- endif %} +{%- for i in show['network']['interface'] %} +# Show stats for Interface {{ i }} +Interface0={{ i }} +{%- if show['network']['interface'][i]['alias'] %} +# Interface alias name to display [default: ] +Alias0={{ show['network']['interface'][i]['alias'] }} +{%- endif %} +{%- endfor %} + +# Units to display [default: byte; legal: byte, bit, packet] +{%- if show['network']['units'] == 'bps' %} +unit=bit +{%- elif show['network']['units'] == 'Bps'%} +unit=byte +{%- elif show['network']['units'] == 'pps' %} +unit=packet +{%- else %} +unit=bit +{%- endif %} +# add screen with transferred traffic +#transfer=TRUE +{%- endif %} {# if show['network'] #} + +{%- else %} {# if show #} +{# Turn off sections that default active #} + +[CPU] +Active=false + +[Memory] +Active=false + +[Load] +Active=false + +[TimeDate] +Active=false +{%- endif %} + +[Battery] +# Show screen +Active=false + +[About] +# Show screen +Active=false + +[OldTime] +# Show screen +Active=false +# time format [default: %H:%M:%S; legal: see strftime(3)] +TimeFormat="%H:%M:%S" +# date format [default: %x; legal: see strftime(3)] +DateFormat="%x" +# Display the title bar in two-line mode. Note that with four lines or more +# the title is always shown. [default: true; legal: true, false] +#ShowTitle=false + +# EOF -- cgit v1.2.3 From 3e8b6841db6ab803b898376754b469954d212cf7 Mon Sep 17 00:00:00 2001 From: fmertz Date: Sun, 28 Jun 2020 18:27:11 +0000 Subject: system display: T2564: Lowercase model names * data/templates/system-display/LCDd.conf.tmpl Lowercase sdec ezio * interface-definitions/system-display.xml.in Lowercase sdec ezio --- data/templates/system-display/LCDd.conf.tmpl | 6 +++--- interface-definitions/system-display.xml.in | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) (limited to 'data') diff --git a/data/templates/system-display/LCDd.conf.tmpl b/data/templates/system-display/LCDd.conf.tmpl index 0b605e09d..8079dcb76 100644 --- a/data/templates/system-display/LCDd.conf.tmpl +++ b/data/templates/system-display/LCDd.conf.tmpl @@ -52,11 +52,11 @@ DriverPath=/usr/lib/x86_64-linux-gnu/lcdproc/ # Olimex_MOD_LCD1x9, picolcd, pyramid, rawserial, sdeclcd, sed1330, # sed1520, serialPOS, serialVFD, shuttleVFD, sli, stv5730, svga, t6963, # text, tyan, ula200, vlsys_m428, xosd, yard2LCD -{%- if model == 'SDEC' %} +{%- if model == 'sdec' %} Driver=sdeclcd {%- endif %} -{%- if model == 'EZIO' %} +{%- if model == 'ezio' %} Driver=hd44780 {%- endif %} @@ -544,7 +544,7 @@ Speed=19200 ## Hitachi HD44780 driver ## [hd44780] -{%- if model == 'EZIO' %} +{%- if model == 'ezio' %} ConnectionType=ezio Device=/dev/ttyS1 Keypad=yes diff --git a/interface-definitions/system-display.xml.in b/interface-definitions/system-display.xml.in index 7a5cf9283..ac9f17b6c 100644 --- a/interface-definitions/system-display.xml.in +++ b/interface-definitions/system-display.xml.in @@ -1,7 +1,7 @@ + Model of the display attached to this system [REQUIRED] - SDEC EZIO + sdec ezio - (SDEC|EZIO) + (sdec|ezio) Invalid system display model - SDEC + sdec Display model for Lanner, Watchguard, Nexcom NSA, Sophos UTM appliances with built-in SDEC LCD - EZIO + ezio Display model for Portwell, Caswell appliances with built-in EZIO-100 or EZIO-300 LCD -- cgit v1.2.3 From 440d0fb1115bbfb428132ef91804ae213ffca30f Mon Sep 17 00:00:00 2001 From: fmertz Date: Sun, 28 Jun 2020 21:21:27 +0000 Subject: system display: T2564: py code cleanup * src/conf_mode/system-display.py cleanup use of dictionary * data/templates/system-display/lcdproc.conf.tmpl cleanup, removed extra DateTime --- data/templates/system-display/lcdproc.conf.tmpl | 12 ++-- src/conf_mode/system-display.py | 75 +++++++++++++------------ 2 files changed, 43 insertions(+), 44 deletions(-) (limited to 'data') diff --git a/data/templates/system-display/lcdproc.conf.tmpl b/data/templates/system-display/lcdproc.conf.tmpl index 2fe491e63..92aee8efe 100644 --- a/data/templates/system-display/lcdproc.conf.tmpl +++ b/data/templates/system-display/lcdproc.conf.tmpl @@ -37,7 +37,6 @@ ReportToSyslog=true DisplayName="{%- if show['title'] %}{{ show['title'] }}{%- else %}VyOS{%- endif %}" {%- if show['host'] %} -{#%- for s in show['host'] %#} [CPU] # Show screen @@ -77,7 +76,6 @@ Active={%- if 'proc' in show['host'] %}true{%- else %}false{%- endif %} [Disk] # Show screen Active={%- if 'disk' in show['host'] %}true{%- else %}false{%- endif %} -{#%- endfor %#} {%- else %} {# if show['host'] #} {# Turn off sections that default active #} @@ -90,8 +88,6 @@ Active=false [Load] Active=false -[TimeDate] -Active=false {%- endif %} {# if show['host'] #} [TimeDate] @@ -118,10 +114,10 @@ TimeFormat="%H:%M" Active={%- if show['network']['interface'] %}true{%- else %}false{%- endif %} {%- for i in show['network']['interface'] %} # Show stats for Interface {{ i }} -Interface0={{ i }} +Interface{{ loop.index0 }}={{ i }} {%- if show['network']['interface'][i]['alias'] %} # Interface alias name to display [default: ] -Alias0={{ show['network']['interface'][i]['alias'] }} +Alias{{ loop.index0 }}={{ show['network']['interface'][i]['alias'] }} {%- endif %} {%- endfor %} @@ -139,7 +135,7 @@ unit=bit #transfer=TRUE {%- endif %} {# if show['network'] #} -{%- else %} {# if show #} +{%- else %}{# if show #} {# Turn off sections that default active #} [CPU] @@ -153,7 +149,7 @@ Active=false [TimeDate] Active=false -{%- endif %} +{%- endif %}{# if show #} [Battery] # Show screen diff --git a/src/conf_mode/system-display.py b/src/conf_mode/system-display.py index e30d591cc..557b7cf6a 100755 --- a/src/conf_mode/system-display.py +++ b/src/conf_mode/system-display.py @@ -15,7 +15,6 @@ # along with this program. If not, see . import os -import re from sys import exit @@ -28,53 +27,57 @@ from vyos import airbag airbag.enable() def get_config(): - c = Config() + # Return a (possibly empty) configuration dictionary + return Config().get_config_dict(['system', 'display']) - if not c.exists('system display'): - return None - - c.set_level('system display') - - return c.get_config_dict([]) - -def generate(c): - if c == None: +def generate(config_dict): + if not config_dict: return None # Render config file for daemon LCDd - render('/etc/LCDd.conf', 'system-display/LCDd.conf.tmpl', c) + render('/etc/LCDd.conf', 'system-display/LCDd.conf.tmpl', config_dict) # Render config file for client lcdproc - render('/etc/lcdproc.conf', 'system-display/lcdproc.conf.tmpl', c) + render('/etc/lcdproc.conf', 'system-display/lcdproc.conf.tmpl', config_dict) return None -def verify(c): - if c == None: +def verify(config_dict): + if not config_dict: return None - if c.get('model') == None: - raise ConfigError('For system display, a model is [REQUIRED]') + if 'model' not in config_dict: + raise ConfigError('Display model is [REQUIRED]') - if c.get('show') == None: - raise ConfigError('For system display, show cannot be empty') + if ( 'show' not in config_dict + or ( 'clock' not in config_dict['show'] + and 'network' not in config_dict['show'] + and 'host' not in config_dict['show'] + ) + ): + raise ConfigError('Display show must have a clock, host or network') - if 'network' in c['show'] and 'interface' not in c['show']['network']: - raise ConfigError('system display show network must have at least one interface') + if ( 'network' in config_dict['show'] + and 'interface' not in config_dict['show']['network'] + ): + raise ConfigError('Display show network must have an interface') - if 'network' in c['show'] and 'interface' in c['show']['network'] and len(c['show']['network']['interface']) > 3: - raise ConfigError('system display show network interface cannot have more than 3 entries') + if ( 'network' in config_dict['show'] + and 'interface' in config_dict['show']['network'] + and len(config_dict['show']['network']['interface']) > 3 + ): + raise ConfigError('Display show network cannot have > 3 interfaces') return None -def apply(c): - if not c or 'disabled' in c.keys(): - # Stop client first - run('systemctl stop lcdproc.service') - # Stop server next - return run('systemctl stop LCDd.service') - - # Stop client first +def apply(config_dict): + # Stop client run('systemctl stop lcdproc.service') - # Restart server next + + if not config_dict or 'disabled' in config_dict: + # Stop server + run('systemctl stop LCDd.service') + return None + + # Restart server run('systemctl restart LCDd.service') # Start client run('systemctl start lcdproc.service') @@ -83,10 +86,10 @@ def apply(c): if __name__ == '__main__': try: - c = get_config() - verify(c) - generate(c) - apply(c) + config_dict = get_config() + verify(config_dict) + generate(config_dict) + apply(config_dict) except ConfigError as e: print(e) exit(1) -- cgit v1.2.3 From d4199a17adeac422882013a8951d18b7c3b74f2a Mon Sep 17 00:00:00 2001 From: fmertz Date: Mon, 29 Jun 2020 14:45:57 +0000 Subject: system display: T2564: Changed "duration" to "time" * data/templates/system-display/LCDd.conf.tmpl duration to time * interface-definitions/system-display.xml.in duration to time --- data/templates/system-display/LCDd.conf.tmpl | 2 +- interface-definitions/system-display.xml.in | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'data') diff --git a/data/templates/system-display/LCDd.conf.tmpl b/data/templates/system-display/LCDd.conf.tmpl index 8079dcb76..0ef796c76 100644 --- a/data/templates/system-display/LCDd.conf.tmpl +++ b/data/templates/system-display/LCDd.conf.tmpl @@ -92,7 +92,7 @@ GoodBye="{%- if bye %}{{ bye }}{%- else %}Bye from VyOS{%- endif %}" #FrameInterval=125000 # Sets the default time in seconds to displays a screen. [default: 4] -WaitTime={%- if duration %}{{ duration }}{%- else%}4{%- endif %} +WaitTime={%- if time %}{{ time }}{%- else%}4{%- endif %} # If set to no, LCDd will start with screen rotation disabled. This has the # same effect as if the ToggleRotateKey had been pressed. Rotation will start diff --git a/interface-definitions/system-display.xml.in b/interface-definitions/system-display.xml.in index afa6dba10..0439288a0 100644 --- a/interface-definitions/system-display.xml.in +++ b/interface-definitions/system-display.xml.in @@ -8,7 +8,7 @@ clock (big|mini|date-time) title - system display duration + system display time system display hello system display bye system display disabled @@ -191,8 +191,8 @@ - - + + Time in sec to show each screen on the system display @@ -203,7 +203,7 @@ - + -- cgit v1.2.3 From b5e0a1796cc7887245ae79c759f709e1705f5e93 Mon Sep 17 00:00:00 2001 From: fmertz Date: Sun, 5 Jul 2020 15:58:33 +0000 Subject: system display: T2564: Added test model * data/templates/system-display/LCDd.conf.tmpl * interface-definitions/system-display.xml.in May need to ba backed out, test code only for USB CrystalFontz CF533 --- data/templates/system-display/LCDd.conf.tmpl | 45 +++++++--------------------- interface-definitions/system-display.xml.in | 10 +++++-- 2 files changed, 17 insertions(+), 38 deletions(-) (limited to 'data') diff --git a/data/templates/system-display/LCDd.conf.tmpl b/data/templates/system-display/LCDd.conf.tmpl index 0ef796c76..1dd646202 100644 --- a/data/templates/system-display/LCDd.conf.tmpl +++ b/data/templates/system-display/LCDd.conf.tmpl @@ -60,6 +60,10 @@ Driver=sdeclcd Driver=hd44780 {%- endif %} +{%- if model == 'test' %} +Driver=CFontzPacket +{%- endif %} + # Tells the driver to bind to the given interface. [default: 127.0.0.1] #Bind=127.0.0.1 @@ -191,44 +195,15 @@ Reboot=no ## CrystalFontz packet driver (for CFA533, CFA631, CFA633 & CFA635) ## [CFontzPacket] - -# Select the LCD model [default: 633; legal: 533, 631, 633, 635] -Model=633 - -# Select the output device to use [default: /dev/lcd] -Device=/dev/ttyS1 - -# Set the initial contrast [default: 560; legal: 0 - 1000] +{%- if model == 'test' %} +Model=533 +Device=/dev/serial/by-bus/usb0b1.1p1.0 Contrast=350 - -# Set the initial brightness [default: 1000; legal: 0 - 1000] Brightness=1000 - -# Set the initial off-brightness [default: 0; legal: 0 - 1000] -# This value is used when the display is normally -# switched off in case LCDd is inactive OffBrightness=50 - -# Reinitialize the LCD's BIOS on driver start. [default: no; legal: yes, no] Reboot=yes - -# Enable the USB flag if the device is connected to an USB port. For -# serial ports leave it disabled. [default: no; legal: yes, no] -#USB=yes - -# Very old 633 firmware versions do not support partial screen updates using -# 'Send Data to LCD' command (31). For those devices it may be necessary to -# enable this flag. [default: no; legal: yes, no] -#OldFirmware=yes - -# Override the LCD size known for the selected model. Usually setting this -# value should not be necessary. -#Size=20x4 - -# Override the default communication speed known for the selected model. -# Default value depends on model [legal: 19200, 115200] -#Speed=115200 - +USB=yes +{%- endif %} ## Curses driver ## @@ -546,7 +521,7 @@ Speed=19200 [hd44780] {%- if model == 'ezio' %} ConnectionType=ezio -Device=/dev/ttyS1 +Device=/dev/ttyUSB0 Keypad=yes Size=16x2 KeyMatrix_4_1=Enter diff --git a/interface-definitions/system-display.xml.in b/interface-definitions/system-display.xml.in index 0439288a0..fbd897996 100644 --- a/interface-definitions/system-display.xml.in +++ b/interface-definitions/system-display.xml.in @@ -1,7 +1,7 @@ -- cgit v1.2.3 From 79af6c7b35164d3313c39dff2bc1bffbb4b326cd Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 24 Jul 2020 22:00:36 +0200 Subject: wireless: ifconfig: T2653: move to get_config_dict() The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge. --- data/templates/wifi/cfg80211.conf.tmpl | 4 +- data/templates/wifi/crda.tmpl | 4 +- data/templates/wifi/hostapd.conf.tmpl | 424 ++++++-------- data/templates/wifi/wpa_supplicant.conf.tmpl | 4 +- interface-definitions/interfaces-wireless.xml.in | 15 +- src/conf_mode/interfaces-wireless.py | 686 +++++------------------ 6 files changed, 337 insertions(+), 800 deletions(-) (limited to 'data') diff --git a/data/templates/wifi/cfg80211.conf.tmpl b/data/templates/wifi/cfg80211.conf.tmpl index b21bacc1e..91df57aab 100644 --- a/data/templates/wifi/cfg80211.conf.tmpl +++ b/data/templates/wifi/cfg80211.conf.tmpl @@ -1,3 +1 @@ -{%- if regdom -%} -options cfg80211 ieee80211_regdom={{ regdom }} -{% endif %} +{{ 'options cfg80211 ieee80211_regdom=' + regdom if regdom is defined }} diff --git a/data/templates/wifi/crda.tmpl b/data/templates/wifi/crda.tmpl index 750ad86ee..6cd125e37 100644 --- a/data/templates/wifi/crda.tmpl +++ b/data/templates/wifi/crda.tmpl @@ -1,3 +1 @@ -{%- if regdom -%} -REGDOMAIN={{ regdom }} -{% endif %} +{{ 'REGDOMAIN=' + regdom if regdom is defined }} diff --git a/data/templates/wifi/hostapd.conf.tmpl b/data/templates/wifi/hostapd.conf.tmpl index d6068e4db..765668c57 100644 --- a/data/templates/wifi/hostapd.conf.tmpl +++ b/data/templates/wifi/hostapd.conf.tmpl @@ -9,7 +9,7 @@ device_name={{ description | truncate(32, True) }} # management frames with the Host AP driver); wlan0 with many nl80211 drivers # Note: This attribute can be overridden by the values supplied with the '-i' # command line parameter. -interface={{ intf }} +interface={{ ifname }} # Driver interface type (hostap/wired/none/nl80211/bsd); # default: hostap). nl80211 is used with all Linux mac80211 drivers. @@ -28,8 +28,7 @@ logger_syslog_level=0 logger_stdout=-1 logger_stdout_level=0 -{%- if country_code %} - +{% if country_code %} # Country code (ISO/IEC 3166-1). Used to set regulatory domain. # Set as needed to indicate country in which device is operating. # This can limit available channels and transmit power. @@ -42,14 +41,12 @@ country_code={{ country_code }} ieee80211d=1 {% endif %} -{%- if ssid %} - +{% if ssid %} # SSID to be used in IEEE 802.11 management frames ssid={{ ssid }} {% endif %} -{%- if channel %} - +{% if channel %} # Channel number (IEEE 802.11) # (default: 0, i.e., not set) # Please note that some drivers do not use this value from hostapd and the @@ -61,8 +58,7 @@ ssid={{ ssid }} channel={{ channel }} {% endif %} -{%- if mode %} - +{% if mode %} # Operation mode (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz), # g = IEEE 802.11g (2.4 GHz), ad = IEEE 802.11ad (60 GHz); a/g options are used # with IEEE 802.11n (HT), too, to specify band). For IEEE 802.11ac (VHT), this @@ -71,29 +67,30 @@ channel={{ channel }} # special value "any" can be used to indicate that any support band can be used. # This special case is currently supported only with drivers with which # offloaded ACS is used. -{% if 'n' in mode -%} +{% if 'n' in mode %} hw_mode=g -{% elif 'ac' in mode -%} +{% elif 'ac' in mode %} hw_mode=a ieee80211h=1 ieee80211ac=1 -{% else -%} +{% else %} hw_mode={{ mode }} -{% endif %} +{% endif %} {% endif %} # ieee80211w: Whether management frame protection (MFP) is enabled # 0 = disabled (default) # 1 = optional # 2 = required -{% if 'disabled' in mgmt_frame_protection -%} +{% if 'disabled' in mgmt_frame_protection %} ieee80211w=0 -{% elif 'optional' in mgmt_frame_protection -%} +{% elif 'optional' in mgmt_frame_protection %} ieee80211w=1 -{% elif 'required' in mgmt_frame_protection -%} +{% elif 'required' in mgmt_frame_protection %} ieee80211w=2 {% endif %} +{% if capabilities is defined and capabilities.ht is defined %} # ht_capab: HT capabilities (list of flags) # LDPC coding capability: [LDPC] = supported # Supported channel width set: [HT40-] = both 20 MHz and 40 MHz with secondary @@ -127,79 +124,50 @@ ieee80211w=2 # DSSS/CCK Mode in 40 MHz: [DSSS_CCK-40] = allowed (not allowed if not set) # 40 MHz intolerant [40-INTOLERANT] (not advertised if not set) # L-SIG TXOP protection support: [LSIG-TXOP-PROT] (disabled if not set) -{% if cap_ht %} -ht_capab= -{%- endif -%} - -{%- if cap_ht_40mhz_incapable -%} -[40-INTOLERANT] -{%- endif -%} - -{%- if cap_ht_delayed_block_ack -%} -[DELAYED-BA] -{%- endif -%} - -{%- if cap_ht_dsss_cck_40 -%} -[DSSS_CCK-40] -{%- endif -%} - -{%- if cap_ht_greenfield -%} -[GF] -{%- endif -%} - -{%- if cap_ht_ldpc -%} -[LDPC] -{%- endif -%} - -{%- if cap_ht_lsig_protection -%} -[LSIG-TXOP-PROT] -{%- endif -%} - -{%- if cap_ht_max_amsdu -%} -[MAX-AMSDU-{{ cap_ht_max_amsdu }}] -{%- endif -%} - -{%- if cap_ht_smps -%} -[SMPS-{{ cap_ht_smps | upper }}] -{%- endif -%} - -{%- if cap_ht_chan_set_width -%} -{%- for csw in cap_ht_chan_set_width -%} -[{{ csw | upper }}] -{%- endfor -%} -{%- endif -%} - -{%- if cap_ht_short_gi -%} -{%- for gi in cap_ht_short_gi -%} -[SHORT-GI-{{ gi }}] -{%- endfor -%} -{%- endif -%} - -{%- if cap_ht_stbc_tx -%} -[TX-STBC] -{%- endif -%} -{%- if cap_ht_stbc_rx -%} -[RX-STBC{{ cap_ht_stbc_rx }}] -{%- endif %} +{% set output = '' %} +{% set output = output + '[40-INTOLERANT]' if capabilities.ht.fourtymhz_incapable is defined else '' %} +{% set output = output + '[DELAYED-BA]' if capabilities.ht.delayed_block_ack is defined else '' %} +{% set output = output + '[DSSS_CCK-40]' if capabilities.ht.dsss_cck_40 is defined else '' %} +{% set output = output + '[GF]' if capabilities.ht.greenfield is defined else '' %} +{% set output = output + '[LDPC]' if capabilities.ht.ldpc is defined else '' %} +{% set output = output + '[LSIG-TXOP-PROT]' if capabilities.ht.lsig_protection is defined else '' %} +{% set output = output + '[TX-STBC]' if capabilities.ht.stbc.tx is defined else '' %} +{% set output = output + '[RX-STBC-' + capabilities.ht.stbc.rx | upper + ']' if capabilities.ht.stbc.tx is defined else '' %} +{% set output = output + '[MAX-AMSDU-' + capabilities.ht.max_amsdu + ']' if capabilities.ht.max_amsdu is defined else '' %} +{% set output = output + '[SMPS-' + capabilities.ht.smps | upper + ']' if capabilities.ht.smps is defined else '' %} + +{% if capabilities.ht.channel_set_width is defined %} +{% for csw in capabilities.ht.channel_set_width %} +{% set output = output + '[' + csw | upper + ']' %} +{% endfor %} +{% endif %} -# Required for full HT and VHT functionality -wme_enabled=1 +{% if capabilities.ht.short_gi is defined %} +{% for short_gi in capabilities.ht.short_gi %} +{% set output = output + '[SHORT-GI-' + short_gi | upper + ']' %} +{% endfor %} +{% endif %} -{% if cap_ht_powersave -%} +ht_capab={{ output }} + +{% if capabilities.ht.auto_powersave is defined %} # WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD] # Enable this flag if U-APSD supported outside hostapd (eg., Firmware/driver) uapsd_advertisement_enabled=1 -{%- endif %} +{% endif %} + +{% endif %} + +# Required for full HT and VHT functionality +wme_enabled=1 -{% if cap_req_ht -%} + +{% if capabilities is defined and capabilities.require_ht is defined %} # Require stations to support HT PHY (reject association if they do not) require_ht=1 {% endif %} -{%- if cap_vht_chan_set_width -%} -vht_oper_chwidth={{ cap_vht_chan_set_width }} -{%- endif %} - +{% if capabilities is defined and capabilities.vht is defined %} # vht_capab: VHT capabilities (list of flags) # # vht_max_mpdu_len: [MAX-MPDU-7991] [MAX-MPDU-11454] @@ -316,133 +284,95 @@ vht_oper_chwidth={{ cap_vht_chan_set_width }} # Tx Antenna Pattern Consistency: [TX-ANTENNA-PATTERN] # Indicates the possibility of Tx antenna pattern change # 0 = Tx antenna pattern might change during the lifetime of an association -# 1 = Tx antenna pattern does not change during the lifetime of an association -{% if cap_vht %} -vht_capab= -{%- endif -%} - -{%- if cap_vht_max_mpdu -%} -[MAX-MPDU-{{ cap_vht_max_mpdu }}] -{%- endif -%} - -{%- if cap_vht_max_mpdu_exp -%} -[MAX-A-MPDU-LEN-EXP{{ cap_vht_max_mpdu_exp }}] -{%- endif -%} - -{%- if cap_vht_chan_set_width -%} -{%- if '2' in cap_vht_chan_set_width -%} -[VHT160] -{%- elif '3' in cap_vht_chan_set_width -%} -[VHT160-80PLUS80] -{%- endif -%} -{%- endif -%} - -{%- if cap_vht_stbc_tx -%} -[TX-STBC-2BY1] -{%- endif -%} - -{%- if cap_vht_stbc_rx -%} -[RX-STBC-{{ cap_vht_stbc_rx }}] -{%- endif -%} - -{%- if cap_vht_link_adaptation -%} -{%- if 'unsolicited' in cap_vht_link_adaptation -%} -[VHT-LINK-ADAPT2] -{%- elif 'both' in cap_vht_link_adaptation -%} -[VHT-LINK-ADAPT3] -{%- endif -%} -{%- endif -%} - -{%- if cap_vht_short_gi -%} -{%- for gi in cap_vht_short_gi -%} -[SHORT-GI-{{ gi }}] -{%- endfor -%} -{%- endif -%} - -{%- if cap_vht_ldpc -%} -[RXLDPC] -{%- endif -%} - -{%- if cap_vht_tx_powersave -%} -[VHT-TXOP-PS] -{%- endif -%} - -{%- if cap_vht_vht_cf -%} -[HTC-VHT] -{%- endif -%} - -{%- if cap_vht_beamform -%} -{%- for beamform in cap_vht_beamform -%} -{%- if 'single-user-beamformer' in beamform -%} -[SU-BEAMFORMER] -{%- elif 'single-user-beamformee' in beamform -%} -[SU-BEAMFORMEE] -{%- elif 'multi-user-beamformer' in beamform -%} -[MU-BEAMFORMER] -{%- elif 'multi-user-beamformee' in beamform -%} -[MU-BEAMFORMEE] -{%- endif -%} -{%- endfor -%} -{%- endif -%} - -{%- if cap_vht_antenna_fixed -%} -[RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN] -{%- endif -%} - -{%- if cap_vht_antenna_cnt -%} -{%- if cap_vht_antenna_cnt|int > 1 -%} -{%- if cap_vht_beamform -%} -{%- for beamform in cap_vht_beamform -%} -{%- if 'single-user-beamformer' in beamform -%} -{%- if cap_vht_antenna_cnt|int < 6 -%} -[BF-ANTENNA-{{ cap_vht_antenna_cnt|int -1 }}][SOUNDING-DIMENSION-{{ cap_vht_antenna_cnt|int -1}}] -{%- endif -%} -{%- else -%} -{%- if cap_vht_antenna_cnt|int < 5 -%} -[BF-ANTENNA-{{ cap_vht_antenna_cnt }}][SOUNDING-DIMENSION-{{ cap_vht_antenna_cnt }}] -{%- endif -%} -{%- endif -%} -{%- endfor -%} -{%- else -%} -{%- if cap_vht_antenna_cnt|int < 5 -%} -[BF-ANTENNA-{{ cap_vht_antenna_cnt }}][SOUNDING-DIMENSION-{{ cap_vht_antenna_cnt }}] -{%- endif -%} -{%- endif -%} -{%- endif -%} -{%- endif %} +# 1 = Tx antenna pattern does not change during the lifetime of an + +{% if capabilities.vht.center_channel_freq.freq_1 is defined %} +# center freq = 5 GHz + (5 * index) +# So index 42 gives center freq 5.210 GHz +# which is channel 42 in 5G band +vht_oper_centr_freq_seg0_idx={{ capabilities.vht.center_channel_freq.freq_1 }} +{% endif %} + +{% if capabilities.vht.center_channel_freq.freq_2 is defined %} +# center freq = 5 GHz + (5 * index) +# So index 159 gives center freq 5.795 GHz +# which is channel 159 in 5G band +vht_oper_centr_freq_seg1_idx={{ capabilities.vht.center_channel_freq.freq_2 }} +{% endif %} + +{% if capabilities.vht.channel_set_width is defined %} +vht_oper_chwidth={{ capabilities.vht.channel_set_width }} +{% endif %} + +{% set output = '' %} +{% set output = output + '[TX-STBC-2BY1]' if capabilities.vht.stbc.tx is defined else '' %} +{% set output = output + '[RXLDPC]' if capabilities.vht.ldpc is defined else '' %} +{% set output = output + '[VHT-TXOP-PS]' if capabilities.vht.tx_powersave is defined else '' %} +{% set output = output + '[HTC-VHT]' if capabilities.vht.vht_cf is defined else '' %} +{% set output = output + '[RX-ANTENNA-PATTERN]' if capabilities.vht.antenna_pattern_fixed is defined else '' %} +{% set output = output + '[TX-ANTENNA-PATTERN]' if capabilities.vht.antenna_pattern_fixed is defined else '' %} + +{% set output = output + '[RX-STBC-' + capabilities.vht.stbc.rx + ']' if capabilities.vht.stbc.rx is defined else '' %} +{% set output = output + '[MAX-MPDU-' + capabilities.vht.max_mpdu + ']' if capabilities.vht.max_mpdu is defined else '' %} +{% set output = output + '[MAX-A-MPDU-LEN-EXP-' + capabilities.vht.max_mpdu_exp + ']' if capabilities.vht.max_mpdu_exp is defined else '' %} +{% set output = output + '[MAX-A-MPDU-LEN-EXP-' + capabilities.vht.max_mpdu_exp + ']' if capabilities.vht.max_mpdu_exp is defined else '' %} + +{% set output = output + '[VHT160]' if capabilities.vht.max_mpdu_exp is defined and capabilities.vht.max_mpdu_exp == '2' else '' %} +{% set output = output + '[VHT160-80PLUS80]' if capabilities.vht.max_mpdu_exp is defined and capabilities.vht.max_mpdu_exp == '3' else '' %} +{% set output = output + '[VHT-LINK-ADAPT2]' if capabilities.vht.link_adaptation is defined and capabilities.vht.link_adaptation == 'unsolicited' else '' %} +{% set output = output + '[VHT-LINK-ADAPT3]' if capabilities.vht.link_adaptation is defined and capabilities.vht.link_adaptation == 'both' else '' %} + +{% if capabilities.vht.short_gi is defined %} +{% for short_gi in capabilities.vht.short_gi %} +{% set output = output + '[SHORT-GI-' + short_gi | upper + ']' %} +{% endfor %} +{% endif %} + +{% if capabilities.vht.beamform %} +{% for beamform in capabilities.vht.beamform %} +{% set output = output + '[SU-BEAMFORMER]' if beamform == 'single-user-beamformer' else '' %} +{% set output = output + '[SU-BEAMFORMEE]' if beamform == 'single-user-beamformee' else '' %} +{% set output = output + '[MU-BEAMFORMER]' if beamform == 'multi-user-beamformer' else '' %} +{% set output = output + '[MU-BEAMFORMEE]' if beamform == 'multi-user-beamformee' else '' %} +{% endfor %} +{% endif %} + +{% if capabilities.vht.antenna_count is defined and capabilities.vht.antenna_count|int > 1 %} +{% if capabilities.vht.beamform %} +{% if beamform == 'single-user-beamformer' %} +{% if capabilities.vht.antenna_count is defined and capabilities.vht.antenna_count|int > 1 and capabilities.vht.antenna_count|int < 6 %} +{% set output = output + '[BF-ANTENNA-' + capabilities.vht.antenna_count|int -1 + ']' %} +{% set output = output + '[SOUNDING-DIMENSION-' + capabilities.vht.antenna_count|int -1 + ']' %} +{% endif %} +{% endif %} +{% if capabilities.vht.antenna_count is defined and capabilities.vht.antenna_count|int > 1 and capabilities.vht.antenna_count|int < 5 %} +{% set output = output + '[BF-ANTENNA-' + capabilities.vht.antenna_count + ']' %} +{% set output = output + '[SOUNDING-DIMENSION-' + capabilities.vht.antenna_count+ ']' %} +{% endif %} +{% endif %} +{% endif %} + +vht_capab={{ output }} +{% endif %} # ieee80211n: Whether IEEE 802.11n (HT) is enabled # 0 = disabled (default) # 1 = enabled # Note: You will also need to enable WMM for full HT functionality. # Note: hw_mode=g (2.4 GHz) and hw_mode=a (5 GHz) is used to specify the band. -{% if cap_req_vht -%} +{% if capabilities is defined and capabilities.require_vht is defined %} ieee80211n=0 # Require stations to support VHT PHY (reject association if they do not) require_vht=1 -{% else -%} -{% if 'n' in mode or 'ac' in mode -%} +{% else %} +{% if 'n' in mode or 'ac' in mode %} ieee80211n=1 -{% else -%} +{% else %} ieee80211n=0 -{%- endif %} +{% endif %} {% endif %} -{% if cap_vht_center_freq_1 -%} -# center freq = 5 GHz + (5 * index) -# So index 42 gives center freq 5.210 GHz -# which is channel 42 in 5G band -vht_oper_centr_freq_seg0_idx={{ cap_vht_center_freq_1 }} -{% endif %} - -{% if cap_vht_center_freq_2 -%} -# center freq = 5 GHz + (5 * index) -# So index 159 gives center freq 5.795 GHz -# which is channel 159 in 5G band -vht_oper_centr_freq_seg1_idx={{ cap_vht_center_freq_2 }} -{% endif %} - -{% if disable_broadcast_ssid -%} +{% if disable_broadcast_ssid is defined %} # Send empty SSID in beacons and ignore probe request frames that do not # specify full SSID, i.e., require stations to know SSID. # default: disabled (0) @@ -463,7 +393,7 @@ ignore_broadcast_ssid=1 # 2 = use external RADIUS server (accept/deny lists are searched first) macaddr_acl=0 -{% if max_stations -%} +{% if max_stations is defined %} # Maximum number of stations allowed in station table. New stations will be # rejected after the station table is full. IEEE 802.11 has a limit of 2007 # different association IDs, so this number should not be larger than that. @@ -471,13 +401,13 @@ macaddr_acl=0 max_num_sta={{ max_stations }} {% endif %} -{% if isolate_stations -%} +{% if isolate_stations is defined %} # Client isolation can be used to prevent low-level bridging of frames between # associated stations in the BSS. By default, this bridging is allowed. ap_isolate=1 {% endif %} -{% if reduce_transmit_power -%} +{% if reduce_transmit_power is defined %} # Add Power Constraint element to Beacon and Probe Response frames # This config option adds Power Constraint element when applicable and Country # element is added. Power Constraint element is required by Transmit Power @@ -486,14 +416,15 @@ ap_isolate=1 local_pwr_constraint={{ reduce_transmit_power }} {% endif %} -{% if expunge_failing_stations -%} +{% if expunge_failing_stations is defined %} # Disassociate stations based on excessive transmission failures or other # indications of connection loss. This depends on the driver capabilities and # may not be available with all drivers. disassoc_low_ack=1 {% endif %} -{% if sec_wep -%} + +{% if security is defined and security.wep is defined %} # IEEE 802.11 specifies two authentication algorithms. hostapd can be # configured to allow both of these or only one. Open system authentication # should be used with IEEE 802.1X. @@ -522,13 +453,14 @@ wep_default_key=0 # digits, depending on whether 40-bit (64-bit), 104-bit (128-bit), or # 128-bit (152-bit) WEP is used. # Only the default key must be supplied; the others are optional. -{% if sec_wep_key -%} -{% for key in sec_wep_key -%} -wep_key{{ loop.index -1 }}={{ key}} -{% endfor %} -{%- endif %} +{% if security.wep.key is defined %} +{% for key in sec_wep_key %} +wep_key{{ loop.index -1 }}={{ security.wep.key }} +{% endfor %} +{% endif %} -{% elif sec_wpa -%} + +{% elif security is defined and security.wpa is defined %} ##### WPA/IEEE 802.11i configuration ########################################## # Enable WPA. Setting this variable configures the AP to require WPA (either @@ -542,15 +474,17 @@ wep_key{{ loop.index -1 }}={{ key}} # and/or WPA2 (full IEEE 802.11i/RSN): # bit0 = WPA # bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled) -{% if 'both' in sec_wpa_mode -%} +{% if security.wpa.mode is defined %} +{% if security.wpa.mode == 'both' %} wpa=3 -{%- elif 'wpa2' in sec_wpa_mode -%} +{% elif security.wpa.mode == 'wpa2' %} wpa=2 -{%- elif 'wpa' in sec_wpa_mode -%} +{% elif security.wpa.mode == 'wpa' %} wpa=1 -{%- endif %} +{% endif %} +{% endif %} -{% if sec_wpa_cipher -%} +{% if security.wpa.cipher is defined %} # Set of accepted cipher suites (encryption algorithms) for pairwise keys # (unicast packets). This is a space separated list of algorithms: # CCMP = AES in Counter mode with CBC-MAC (CCMP-128) @@ -563,26 +497,39 @@ wpa=1 # allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise, # TKIP will be used as the group cipher. The optional group_cipher parameter can # be used to override this automatic selection. -{% if 'wpa2' in sec_wpa_mode -%} + +{% if security.wpa.mode is defined and security.wpa.mode == 'wpa2' %} # Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value) -rsn_pairwise={{ sec_wpa_cipher | join(" ") }} -{% else -%} +{% if security.wpa.cipher is string %} +rsn_pairwise={{ security.wpa.cipher }} +{% else %} +rsn_pairwise={{ security.wpa.cipher | join(" ") }} +{% endif %} +{% else %} # Pairwise cipher for WPA (v1) (default: TKIP) -wpa_pairwise={{ sec_wpa_cipher | join(" ") }} -{%- endif -%} -{% endif %} - -{% if sec_wpa_group_cipher -%} +{% if security.wpa.cipher is string %} +wpa_pairwise={{ security.wpa.cipher }} +{% else %} +wpa_pairwise={{ security.wpa.cipher | join(" ") }} +{% endif %} +{% endif %} +{% endif %} + +{% if security.wpa.group_cipher is defined %} # Optional override for automatic group cipher selection # This can be used to select a specific group cipher regardless of which # pairwise ciphers were enabled for WPA and RSN. It should be noted that # overriding the group cipher with an unexpected value can result in # interoperability issues and in general, this parameter is mainly used for # testing purposes. -group_cipher={{ sec_wpa_group_cipher | join(" ") }} -{% endif %} - -{% if sec_wpa_passphrase -%} +{% if security.wpa.group_cipher is string %} +group_cipher={{ security.wpa.group_cipher }} +{% else %} +group_cipher={{ security.wpa.group_cipher | join(" ") }} +{% endif %} +{% endif %} + +{% if security.wpa.passphrase is defined %} # IEEE 802.11 specifies two authentication algorithms. hostapd can be # configured to allow both of these or only one. Open system authentication # should be used with IEEE 802.1X. @@ -595,7 +542,7 @@ auth_algs=1 # secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase # (8..63 characters) that will be converted to PSK. This conversion uses SSID # so the PSK changes when ASCII passphrase is used and the SSID is changed. -wpa_passphrase={{ sec_wpa_passphrase }} +wpa_passphrase={{ security.wpa.passphrase }} # Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The # entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be @@ -604,7 +551,7 @@ wpa_passphrase={{ sec_wpa_passphrase }} # WPA-PSK-SHA256 = WPA2-Personal using SHA256 wpa_key_mgmt=WPA-PSK -{% elif sec_wpa_radius -%} +{% elif security.wpa.radius is defined %} ##### IEEE 802.1X-2004 related configuration ################################## # Require IEEE 802.1X authorization ieee8021x=1 @@ -616,40 +563,37 @@ ieee8021x=1 # WPA-EAP-SHA256 = WPA2-Enterprise using SHA256 wpa_key_mgmt=WPA-EAP -{% if sec_wpa_radius_source -%} +{% if security.wpa.radius.server is defined %} # RADIUS client forced local IP address for the access point # Normally the local IP address is determined automatically based on configured # IP addresses, but this field can be used to force a specific address to be # used, e.g., when the device has multiple IP addresses. -radius_client_addr={{ sec_wpa_radius_source }} - -# The own IP address of the access point (used as NAS-IP-Address) -own_ip_addr={{ sec_wpa_radius_source }} -{% else %} # The own IP address of the access point (used as NAS-IP-Address) +{% if security.wpa.radius.source_address is defined %} +radius_client_addr={{ security.wpa.radius.source_address }} +own_ip_addr={{ security.wpa.radius.source_address }} +{% else %} own_ip_addr=127.0.0.1 -{% endif %} +{% endif %} -{% for radius in sec_wpa_radius -%} -{%- if not radius.disabled -%} +{% for radius in security.wpa.radius.server if not radius.disabled %} # RADIUS authentication server auth_server_addr={{ radius.server }} auth_server_port={{ radius.port }} auth_server_shared_secret={{ radius.key }} -{% if radius.acc_port -%} + +{% if radius.acc_port %} # RADIUS accounting server acct_server_addr={{ radius.server }} acct_server_port={{ radius.acc_port }} acct_server_shared_secret={{ radius.key }} -{% endif %} -{% endif %} -{% endfor %} - -{% endif %} - -{% else %} +{% endif %} +{% endfor %} +{% else %} # Open system auth_algs=1 +{% endif %} +{% endif %} {% endif %} # TX queue parameters (EDCF / bursting) diff --git a/data/templates/wifi/wpa_supplicant.conf.tmpl b/data/templates/wifi/wpa_supplicant.conf.tmpl index 2784883f1..9ddad35fd 100644 --- a/data/templates/wifi/wpa_supplicant.conf.tmpl +++ b/data/templates/wifi/wpa_supplicant.conf.tmpl @@ -1,8 +1,8 @@ # WPA supplicant config network={ ssid="{{ ssid }}" -{%- if sec_wpa_passphrase %} - psk="{{ sec_wpa_passphrase }}" +{% if security is defined and security.wpa is defined and security.wpa.passphrase is defined %} + psk="{{ security.wpa.passphrase }}" {% else %} key_mgmt=NONE {% endif %} diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index 06c7734f5..6f0ec9e71 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -320,7 +320,7 @@ VHT link adaptation capabilities - unsolicited both + unsolicited both unsolicited @@ -451,6 +451,7 @@ Disable broadcast of SSID from access-point + #include @@ -551,9 +552,10 @@ 802.11ac - 1300 Mbits/sec - (a|b|g|n|ac) + ^(a|b|g|n|ac)$ + g @@ -637,7 +639,7 @@ Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] - (GCMP-256|GCMP|CCMP-256|CCMP|TKIP) + ^(GCMP-256|GCMP|CCMP-256|CCMP|TKIP)$ Invalid cipher selection @@ -670,7 +672,7 @@ Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] - (GCMP-256|GCMP|CCMP-256|CCMP|TKIP) + ^(GCMP-256|GCMP|CCMP-256|CCMP|TKIP)$ Invalid group cipher selection @@ -695,7 +697,7 @@ Allow both WPA and WPA2 - (wpa|wpa2|both) + ^(wpa|wpa2|both)$ Unknown WPA mode @@ -762,10 +764,11 @@ Passively monitor all packets on the frequency/channel - (access-point|station|monitor) + ^(access-point|station|monitor)$ Type must be access-point, station or monitor + monitor #include #include diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 0162b642c..42b55ee6a 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -15,497 +15,169 @@ # along with this program. If not, see . import os + from sys import exit from re import findall - from copy import deepcopy - -from netifaces import interfaces from netaddr import EUI, mac_unix_expanded from vyos.config import Config -from vyos.configdict import list_diff, intf_to_dict, add_to_dict, interface_default_data -from vyos.ifconfig import WiFiIf, Section -from vyos.ifconfig_vlan import apply_all_vlans, verify_vlan_config +from vyos.configdict import get_interface_dict +from vyos.configdict import dict_merge +from vyos.configverify import verify_address +from vyos.configverify import verify_bridge_delete +from vyos.configverify import verify_dhcpv6 +from vyos.configverify import verify_source_interface +from vyos.configverify import verify_vlan_config +from vyos.configverify import verify_vrf +from vyos.ifconfig import WiFiIf from vyos.template import render -from vyos.util import chown, call -from vyos.validate import is_member +from vyos.util import call from vyos import ConfigError - from vyos import airbag airbag.enable() -default_config_data = { - **interface_default_data, - 'cap_ht' : False, - 'cap_ht_40mhz_incapable' : False, - 'cap_ht_powersave' : False, - 'cap_ht_chan_set_width' : '', - 'cap_ht_delayed_block_ack' : False, - 'cap_ht_dsss_cck_40' : False, - 'cap_ht_greenfield' : False, - 'cap_ht_ldpc' : False, - 'cap_ht_lsig_protection' : False, - 'cap_ht_max_amsdu' : '', - 'cap_ht_short_gi' : [], - 'cap_ht_smps' : '', - 'cap_ht_stbc_rx' : '', - 'cap_ht_stbc_tx' : False, - 'cap_req_ht' : False, - 'cap_req_vht' : False, - 'cap_vht' : False, - 'cap_vht_antenna_cnt' : '', - 'cap_vht_antenna_fixed' : False, - 'cap_vht_beamform' : '', - 'cap_vht_center_freq_1' : '', - 'cap_vht_center_freq_2' : '', - 'cap_vht_chan_set_width' : '', - 'cap_vht_ldpc' : False, - 'cap_vht_link_adaptation' : '', - 'cap_vht_max_mpdu_exp' : '', - 'cap_vht_max_mpdu' : '', - 'cap_vht_short_gi' : [], - 'cap_vht_stbc_rx' : '', - 'cap_vht_stbc_tx' : False, - 'cap_vht_tx_powersave' : False, - 'cap_vht_vht_cf' : False, - 'channel': '', - 'country_code': '', - 'deleted': False, - 'disable_broadcast_ssid' : False, - 'disable_link_detect' : 1, - 'expunge_failing_stations' : False, - 'hw_id' : '', - 'intf': '', - 'isolate_stations' : False, - 'max_stations' : '', - 'mgmt_frame_protection' : 'disabled', - 'mode' : 'g', - 'phy' : '', - 'reduce_transmit_power' : '', - 'sec_wep' : False, - 'sec_wep_key' : [], - 'sec_wpa' : False, - 'sec_wpa_cipher' : [], - 'sec_wpa_mode' : 'both', - 'sec_wpa_passphrase' : '', - 'sec_wpa_radius' : [], - 'ssid' : '', - 'op_mode' : 'monitor', - 'vif': {}, - 'vif_remove': [], - 'vif_s': {}, - 'vif_s_remove': [] -} - # XXX: wpa_supplicant works on the source interface -wpa_suppl_conf = '/run/wpa_supplicant/{intf}.conf' -hostapd_conf = '/run/hostapd/{intf}.conf' +wpa_suppl_conf = '/run/wpa_supplicant/{ifname}.conf' +hostapd_conf = '/run/hostapd/{ifname}.conf' + +def find_other_stations(conf, base, ifname): + """ + Only one wireless interface per phy can be in station mode - + find all interfaces attached to a phy which run in station mode + """ + old_level = conf.get_level() + conf.set_level(base) + dict = {} + for phy in os.listdir('/sys/class/ieee80211'): + list = [] + for interface in conf.list_nodes([]): + if interface == ifname: + continue + # the following node is mandatory + if conf.exists([interface, 'physical-device', phy]): + tmp = conf.return_value([interface, 'type']) + if tmp == 'station': + list.append(interface) + if list: + dict.update({phy: list}) + conf.set_level(old_level) + return dict def get_config(): + """ + Retrive CLI config as dictionary. Dictionary can never be empty, as at least the + interface name will be added or a deleted flag + """ + conf = Config() + base = ['interfaces', 'wireless'] + # determine tagNode instance if 'VYOS_TAGNODE_VALUE' not in os.environ: raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified') ifname = os.environ['VYOS_TAGNODE_VALUE'] - conf = Config() - - # check if wireless interface has been removed - cfg_base = ['interfaces', 'wireless ', ifname] - if not conf.exists(cfg_base): - wifi = deepcopy(default_config_data) - wifi['intf'] = ifname - wifi['deleted'] = True - # we need to know if we're a bridge member so we can refuse deletion - wifi['is_bridge_member'] = is_member(conf, wifi['intf'], 'bridge') - # we can not bail out early as wireless interface can not be removed - # Kernel will complain with: RTNETLINK answers: Operation not supported. - # Thus we need to remove individual settings - return wifi - - # set new configuration level - conf.set_level(cfg_base) - - # get common interface settings - wifi, disabled = intf_to_dict(conf, default_config_data) - - # 40MHz intolerance, use 20MHz only - if conf.exists('capabilities ht 40mhz-incapable'): - wifi['cap_ht'] = True - wifi['cap_ht_40mhz_incapable'] = True - - # WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD] - if conf.exists('capabilities ht auto-powersave'): - wifi['cap_ht'] = True - wifi['cap_ht_powersave'] = True - - # Supported channel set width - if conf.exists('capabilities ht channel-set-width'): - wifi['cap_ht'] = True - wifi['cap_ht_chan_set_width'] = conf.return_values('capabilities ht channel-set-width') - - # HT-delayed Block Ack - if conf.exists('capabilities ht delayed-block-ack'): - wifi['cap_ht'] = True - wifi['cap_ht_delayed_block_ack'] = True - - # DSSS/CCK Mode in 40 MHz - if conf.exists('capabilities ht dsss-cck-40'): - wifi['cap_ht'] = True - wifi['cap_ht_dsss_cck_40'] = True - - # HT-greenfield capability - if conf.exists('capabilities ht greenfield'): - wifi['cap_ht'] = True - wifi['cap_ht_greenfield'] = True - - # LDPC coding capability - if conf.exists('capabilities ht ldpc'): - wifi['cap_ht'] = True - wifi['cap_ht_ldpc'] = True - - # L-SIG TXOP protection capability - if conf.exists('capabilities ht lsig-protection'): - wifi['cap_ht'] = True - wifi['cap_ht_lsig_protection'] = True - - # Set Maximum A-MSDU length - if conf.exists('capabilities ht max-amsdu'): - wifi['cap_ht'] = True - wifi['cap_ht_max_amsdu'] = conf.return_value('capabilities ht max-amsdu') - - # Short GI capabilities - if conf.exists('capabilities ht short-gi'): - wifi['cap_ht'] = True - wifi['cap_ht_short_gi'] = conf.return_values('capabilities ht short-gi') - - # Spatial Multiplexing Power Save (SMPS) settings - if conf.exists('capabilities ht smps'): - wifi['cap_ht'] = True - wifi['cap_ht_smps'] = conf.return_value('capabilities ht smps') - - # Support for receiving PPDU using STBC (Space Time Block Coding) - if conf.exists('capabilities ht stbc rx'): - wifi['cap_ht'] = True - wifi['cap_ht_stbc_rx'] = conf.return_value('capabilities ht stbc rx') - - # Support for sending PPDU using STBC (Space Time Block Coding) - if conf.exists('capabilities ht stbc tx'): - wifi['cap_ht'] = True - wifi['cap_ht_stbc_tx'] = True - - # Require stations to support HT PHY (reject association if they do not) - if conf.exists('capabilities require-ht'): - wifi['cap_req_ht'] = True - - # Require stations to support VHT PHY (reject association if they do not) - if conf.exists('capabilities require-vht'): - wifi['cap_req_vht'] = True - - # Number of antennas on this card - if conf.exists('capabilities vht antenna-count'): - wifi['cap_vht'] = True - wifi['cap_vht_antenna_cnt'] = conf.return_value('capabilities vht antenna-count') - - # set if antenna pattern does not change during the lifetime of an association - if conf.exists('capabilities vht antenna-pattern-fixed'): - wifi['cap_vht'] = True - wifi['cap_vht_antenna_fixed'] = True - - # Beamforming capabilities - if conf.exists('capabilities vht beamform'): - wifi['cap_vht'] = True - wifi['cap_vht_beamform'] = conf.return_values('capabilities vht beamform') - - # VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes) - if conf.exists('capabilities vht center-channel-freq freq-1'): - wifi['cap_vht'] = True - wifi['cap_vht_center_freq_1'] = conf.return_value('capabilities vht center-channel-freq freq-1') - - # VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode) - if conf.exists('capabilities vht center-channel-freq freq-2'): - wifi['cap_vht'] = True - wifi['cap_vht_center_freq_2'] = conf.return_value('capabilities vht center-channel-freq freq-2') - - # VHT operating Channel width - if conf.exists('capabilities vht channel-set-width'): - wifi['cap_vht'] = True - wifi['cap_vht_chan_set_width'] = conf.return_value('capabilities vht channel-set-width') - - # LDPC coding capability - if conf.exists('capabilities vht ldpc'): - wifi['cap_vht'] = True - wifi['cap_vht_ldpc'] = True - - # VHT link adaptation capabilities - if conf.exists('capabilities vht link-adaptation'): - wifi['cap_vht'] = True - wifi['cap_vht_link_adaptation'] = conf.return_value('capabilities vht link-adaptation') - - # Set the maximum length of A-MPDU pre-EOF padding that the station can receive - if conf.exists('capabilities vht max-mpdu-exp'): - wifi['cap_vht'] = True - wifi['cap_vht_max_mpdu_exp'] = conf.return_value('capabilities vht max-mpdu-exp') - - # Increase Maximum MPDU length - if conf.exists('capabilities vht max-mpdu'): - wifi['cap_vht'] = True - wifi['cap_vht_max_mpdu'] = conf.return_value('capabilities vht max-mpdu') - - # Increase Maximum MPDU length - if conf.exists('capabilities vht short-gi'): - wifi['cap_vht'] = True - wifi['cap_vht_short_gi'] = conf.return_values('capabilities vht short-gi') - - # Support for receiving PPDU using STBC (Space Time Block Coding) - if conf.exists('capabilities vht stbc rx'): - wifi['cap_vht'] = True - wifi['cap_vht_stbc_rx'] = conf.return_value('capabilities vht stbc rx') - - # Support for the transmission of at least 2x1 STBC (Space Time Block Coding) - if conf.exists('capabilities vht stbc tx'): - wifi['cap_vht'] = True - wifi['cap_vht_stbc_tx'] = True - - # Support for VHT TXOP Power Save Mode - if conf.exists('capabilities vht tx-powersave'): - wifi['cap_vht'] = True - wifi['cap_vht_tx_powersave'] = True - - # STA supports receiving a VHT variant HT Control field - if conf.exists('capabilities vht vht-cf'): - wifi['cap_vht'] = True - wifi['cap_vht_vht_cf'] = True - - # Wireless radio channel - if conf.exists('channel'): - wifi['channel'] = conf.return_value('channel') - - # Disable broadcast of SSID from access-point - if conf.exists('disable-broadcast-ssid'): - wifi['disable_broadcast_ssid'] = True - - # Disassociate stations based on excessive transmission failures - if conf.exists('expunge-failing-stations'): - wifi['expunge_failing_stations'] = True - - # retrieve real hardware address - if conf.exists('hw-id'): - wifi['hw_id'] = conf.return_value('hw-id') - - # Isolate stations on the AP so they cannot see each other - if conf.exists('isolate-stations'): - wifi['isolate_stations'] = True - - # Wireless physical device - if conf.exists('physical-device'): - wifi['phy'] = conf.return_value('physical-device') - - # Maximum number of wireless radio stations - if conf.exists('max-stations'): - wifi['max_stations'] = conf.return_value('max-stations') - - # Management Frame Protection (MFP) according to IEEE 802.11w - if conf.exists('mgmt-frame-protection'): - wifi['mgmt_frame_protection'] = conf.return_value('mgmt-frame-protection') - - # Wireless radio mode - if conf.exists('mode'): - wifi['mode'] = conf.return_value('mode') - - # Transmission power reduction in dBm - if conf.exists('reduce-transmit-power'): - wifi['reduce_transmit_power'] = conf.return_value('reduce-transmit-power') - - # WEP enabled? - if conf.exists('security wep'): - wifi['sec_wep'] = True - - # WEP encryption key(s) - if conf.exists('security wep key'): - wifi['sec_wep_key'] = conf.return_values('security wep key') - - # WPA enabled? - if conf.exists('security wpa'): - wifi['sec_wpa'] = True - - # WPA Cipher suite - if conf.exists('security wpa cipher'): - wifi['sec_wpa_cipher'] = conf.return_values('security wpa cipher') - - # WPA mode - if conf.exists('security wpa mode'): - wifi['sec_wpa_mode'] = conf.return_value('security wpa mode') - - # WPA default ciphers depend on WPA mode - if not wifi['sec_wpa_cipher']: - if wifi['sec_wpa_mode'] == 'wpa': - wifi['sec_wpa_cipher'].append('TKIP') - wifi['sec_wpa_cipher'].append('CCMP') - - elif wifi['sec_wpa_mode'] == 'wpa2': - wifi['sec_wpa_cipher'].append('CCMP') - - elif wifi['sec_wpa_mode'] == 'both': - wifi['sec_wpa_cipher'].append('CCMP') - wifi['sec_wpa_cipher'].append('TKIP') - - # WPA Group Cipher suite - if conf.exists('security wpa group-cipher'): - wifi['sec_wpa_group_cipher'] = conf.return_values('security wpa group-cipher') - - # WPA personal shared pass phrase - if conf.exists('security wpa passphrase'): - wifi['sec_wpa_passphrase'] = conf.return_value('security wpa passphrase') - - # WPA RADIUS source address - if conf.exists('security wpa radius source-address'): - wifi['sec_wpa_radius_source'] = conf.return_value('security wpa radius source-address') - - # WPA RADIUS server - for server in conf.list_nodes('security wpa radius server'): - # set new configuration level - conf.set_level(cfg_base + ' security wpa radius server ' + server) - radius = { - 'server' : server, - 'acc_port' : '', - 'disabled': False, - 'port' : 1812, - 'key' : '' - } - - # RADIUS server port - if conf.exists('port'): - radius['port'] = int(conf.return_value('port')) - - # receive RADIUS accounting info - if conf.exists('accounting'): - radius['acc_port'] = radius['port'] + 1 - - # Check if RADIUS server was temporary disabled - if conf.exists(['disable']): - radius['disabled'] = True - - # RADIUS server shared-secret - if conf.exists('key'): - radius['key'] = conf.return_value('key') - - # append RADIUS server to list of servers - wifi['sec_wpa_radius'].append(radius) - - # re-set configuration level to parse new nodes - conf.set_level(cfg_base) - - # Wireless access-point service set identifier (SSID) - if conf.exists('ssid'): - wifi['ssid'] = conf.return_value('ssid') - - # Wireless device type for this interface - if conf.exists('type'): - tmp = conf.return_value('type') - if tmp == 'access-point': - tmp = 'ap' - - wifi['op_mode'] = tmp + wifi = get_interface_dict(conf, base, ifname) + + if 'security' in wifi and 'wpa' in wifi['security']: + wpa_cipher = wifi['security']['wpa'].get('cipher') + wpa_mode = wifi['security']['wpa'].get('mode') + if not wpa_cipher: + tmp = None + if wpa_mode == 'wpa': + tmp = {'security': {'wpa': {'cipher' : ['TKIP', 'CCMP']}}} + elif wpa_mode == 'wpa2': + tmp = {'security': {'wpa': {'cipher' : ['CCMP']}}} + elif wpa_mode == 'both': + tmp = {'security': {'wpa': {'cipher' : ['CCMP', 'TKIP']}}} + + if tmp: wifi = dict_merge(tmp, wifi) # retrieve configured regulatory domain - conf.set_level('system') - if conf.exists('wifi-regulatory-domain'): - wifi['country_code'] = conf.return_value('wifi-regulatory-domain') + conf.set_level(['system']) + if conf.exists(['wifi-regulatory-domain']): + wifi['country_code'] = conf.return_value(['wifi-regulatory-domain']) - return wifi + # Only one wireless interface per phy can be in station mode + tmp = find_other_stations(conf, base, wifi['ifname']) + if tmp: wifi['station_interfaces'] = tmp + return wifi def verify(wifi): - if wifi['deleted']: - if wifi['is_bridge_member']: - raise ConfigError(( - f'Cannot delete interface "{wifi["intf"]}" as it is a ' - f'member of bridge "{wifi["is_bridge_member"]}"!')) - + if 'deleted' in wifi: + verify_bridge_delete(wifi) return None - if wifi['op_mode'] != 'monitor' and not wifi['ssid']: - raise ConfigError('SSID must be set for {}'.format(wifi['intf'])) - - if not wifi['phy']: - raise ConfigError('You must specify physical-device') + if 'physical_device' not in wifi: + raise ConfigError('You must specify a physical-device "phy"') - if not wifi['mode']: + if 'type' not in wifi: raise ConfigError('You must specify a WiFi mode') - if wifi['op_mode'] == 'ap': - c = Config() - if not c.exists('system wifi-regulatory-domain'): - raise ConfigError('Wireless regulatory domain is mandatory,\n' \ - 'use "set system wifi-regulatory-domain".') - - if not wifi['channel']: - raise ConfigError('Channel must be set for {}'.format(wifi['intf'])) + if 'ssid' not in wifi and wifi['type'] != 'monitor': + raise ConfigError('SSID must be configured') - if len(wifi['sec_wep_key']) > 4: - raise ConfigError('No more then 4 WEP keys configurable') - - if wifi['cap_vht'] and not wifi['cap_ht']: - raise ConfigError('Specify HT flags if you want to use VHT!') - - if wifi['cap_vht_beamform'] and wifi['cap_vht_antenna_cnt'] == 1: - raise ConfigError('Cannot use beam forming with just one antenna!') - - if wifi['cap_vht_beamform'] == 'single-user-beamformer' and wifi['cap_vht_antenna_cnt'] < 3: - # Nasty Gotcha: see https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf lines 692-705 - raise ConfigError('Single-user beam former requires at least 3 antennas!') - - if wifi['sec_wep'] and (len(wifi['sec_wep_key']) == 0): - raise ConfigError('Missing WEP keys') - - if wifi['sec_wpa'] and not (wifi['sec_wpa_passphrase'] or wifi['sec_wpa_radius']): - raise ConfigError('Misssing WPA key or RADIUS server') - - for radius in wifi['sec_wpa_radius']: - if not radius['key']: - raise ConfigError('Misssing RADIUS shared secret key for server: {}'.format(radius['server'])) - - if ( wifi['is_bridge_member'] - and ( wifi['address'] - or wifi['ipv6_eui64_prefix'] - or wifi['ipv6_autoconf'] ) ): - raise ConfigError(( - f'Cannot assign address to interface "{wifi["intf"]}" ' - f'as it is a member of bridge "{wifi["is_bridge_member"]}"!')) - - if wifi['vrf']: - if wifi['vrf'] not in interfaces(): - raise ConfigError(f'VRF "{wifi["vrf"]}" does not exist') - - if wifi['is_bridge_member']: - raise ConfigError(( - f'Interface "{wifi["intf"]}" cannot be member of VRF ' - f'"{wifi["vrf"]}" and bridge {wifi["is_bridge_member"]} ' - f'at the same time!')) + if wifi['type'] == 'access-point': + if 'country_code' not in wifi: + raise ConfigError('Wireless regulatory domain is mandatory,\n' \ + 'use "set system wifi-regulatory-domain" for configuration.') + + if 'channel' not in wifi: + raise ConfigError('Wireless channel must be configured!') + + if 'security' in wifi: + if {'wep', 'wpa'} <= set(wifi.get('security', {})): + raise ConfigError('Must either use WEP or WPA security!') + + if 'wep' in wifi['security']: + if 'key' in wifi['security']['wep'] and len(wifi['security']['wep']) > 4: + raise ConfigError('No more then 4 WEP keys configurable') + elif 'key' not in wifi['security']['wep']: + raise ConfigError('Security WEP configured - missing WEP keys!') + + elif 'wpa' in wifi['security']: + wpa = wifi['security']['wpa'] + if not any(i in ['passphrase', 'radius'] for i in wpa): + raise ConfigError('Misssing WPA key or RADIUS server') + + if 'radius' in wpa: + if 'server' in wpa['radius']: + for server in wpa['radius']['server']: + if 'key' not in wpa['radius']['server'][server]: + raise ConfigError(f'Misssing RADIUS shared secret key for server: {server}') + + if 'capabilities' in wifi: + capabilities = wifi['capabilities'] + if 'vht' in capabilities: + if 'ht' not in capabilities: + raise ConfigError('Specify HT flags if you want to use VHT!') + + if {'beamform', 'antenna_count'} <= set(capabilities.get('vht', {})): + if capabilities['vht']['antenna_count'] == '1': + raise ConfigError('Cannot use beam forming with just one antenna!') + + if capabilities['vht']['beamform'] == 'single-user-beamformer': + if int(capabilities['vht']['antenna_count']) < 3: + # Nasty Gotcha: see https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf lines 692-705 + raise ConfigError('Single-user beam former requires at least 3 antennas!') + + if 'station_interfaces' in wifi and wifi['type'] == 'station': + phy = wifi['physical_device'] + if phy in wifi['station_interfaces']: + if len(wifi['station_interfaces'][phy]) > 0: + raise ConfigError('Only one station per wireless physical interface possible!') + + verify_address(wifi) + verify_vrf(wifi) # use common function to verify VLAN configuration verify_vlan_config(wifi) - conf = Config() - # Only one wireless interface per phy can be in station mode - base = ['interfaces', 'wireless'] - for phy in os.listdir('/sys/class/ieee80211'): - stations = [] - for wlan in conf.list_nodes(base): - # the following node is mandatory - if conf.exists(base + [wlan, 'physical-device', phy]): - tmp = conf.return_value(base + [wlan, 'type']) - if tmp == 'station': - stations.append(wlan) - - if len(stations) > 1: - raise ConfigError('Only one station per wireless physical interface possible!') - return None def generate(wifi): - interface = wifi['intf'] + interface = wifi['ifname'] # always stop hostapd service first before reconfiguring it call(f'systemctl stop hostapd@{interface}.service') @@ -513,7 +185,7 @@ def generate(wifi): call(f'systemctl stop wpa_supplicant@{interface}.service') # Delete config files if interface is removed - if wifi['deleted']: + if 'deleted' in wifi: if os.path.isfile(hostapd_conf.format(**wifi)): os.unlink(hostapd_conf.format(**wifi)) @@ -522,10 +194,10 @@ def generate(wifi): return None - if not wifi['mac']: + if 'mac' not in wifi: # http://wiki.stocksy.co.uk/wiki/Multiple_SSIDs_with_hostapd # generate locally administered MAC address from used phy interface - with open('/sys/class/ieee80211/{}/addresses'.format(wifi['phy']), 'r') as f: + with open('/sys/class/ieee80211/{physical_device}/addresses'.format(**wifi), 'r') as f: # some PHYs tend to have multiple interfaces and thus supply multiple MAC # addresses - we only need the first one for our calculation tmp = f.readline().rstrip() @@ -545,20 +217,18 @@ def generate(wifi): wifi['mac'] = str(mac) # render appropriate new config files depending on access-point or station mode - if wifi['op_mode'] == 'ap': - render(hostapd_conf.format(**wifi), 'wifi/hostapd.conf.tmpl', wifi) + if wifi['type'] == 'access-point': + render(hostapd_conf.format(**wifi), 'wifi/hostapd.conf.tmpl', wifi, trim_blocks=True) - elif wifi['op_mode'] == 'station': - render(wpa_suppl_conf.format(**wifi), 'wifi/wpa_supplicant.conf.tmpl', wifi) + elif wifi['type'] == 'station': + render(wpa_suppl_conf.format(**wifi), 'wifi/wpa_supplicant.conf.tmpl', wifi, trim_blocks=True) return None def apply(wifi): - interface = wifi['intf'] - if wifi['deleted']: - w = WiFiIf(interface) - # delete interface - w.remove() + interface = wifi['ifname'] + if 'deleted' in wifi: + WiFiIf(interface).remove() else: # WiFi interface needs to be created on-block (e.g. mode or physical # interface) instead of passing a ton of arguments, I just use a dict @@ -566,97 +236,21 @@ def apply(wifi): conf = deepcopy(WiFiIf.get_config()) # Assign WiFi instance configuration parameters to config dict - conf['phy'] = wifi['phy'] + conf['phy'] = wifi['physical_device'] # Finally create the new interface w = WiFiIf(interface, **conf) - - # assign/remove VRF (ONLY when not a member of a bridge, - # otherwise 'nomaster' removes it from it) - if not wifi['is_bridge_member']: - w.set_vrf(wifi['vrf']) - - # update interface description used e.g. within SNMP - w.set_alias(wifi['description']) - - if wifi['dhcp_client_id']: - w.dhcp.v4.options['client_id'] = wifi['dhcp_client_id'] - - if wifi['dhcp_hostname']: - w.dhcp.v4.options['hostname'] = wifi['dhcp_hostname'] - - if wifi['dhcp_vendor_class_id']: - w.dhcp.v4.options['vendor_class_id'] = wifi['dhcp_vendor_class_id'] - - if wifi['dhcpv6_prm_only']: - w.dhcp.v6.options['dhcpv6_prm_only'] = True - - if wifi['dhcpv6_temporary']: - w.dhcp.v6.options['dhcpv6_temporary'] = True - - if wifi['dhcpv6_pd_length']: - w.dhcp.v6.options['dhcpv6_pd_length'] = wifi['dhcpv6_pd_length'] - - if wifi['dhcpv6_pd_interfaces']: - w.dhcp.v6.options['dhcpv6_pd_interfaces'] = wifi['dhcpv6_pd_interfaces'] - - # ignore link state changes - w.set_link_detect(wifi['disable_link_detect']) - - # Delete old IPv6 EUI64 addresses before changing MAC - for addr in wifi['ipv6_eui64_prefix_remove']: - w.del_ipv6_eui64_address(addr) - - # Change interface MAC address - re-set to real hardware address (hw-id) - # if custom mac is removed - if wifi['mac']: - w.set_mac(wifi['mac']) - elif wifi['hw_id']: - w.set_mac(wifi['hw_id']) - - # Add IPv6 EUI-based addresses - for addr in wifi['ipv6_eui64_prefix']: - w.add_ipv6_eui64_address(addr) - - # configure ARP filter configuration - w.set_arp_filter(wifi['ip_disable_arp_filter']) - # configure ARP accept - w.set_arp_accept(wifi['ip_enable_arp_accept']) - # configure ARP announce - w.set_arp_announce(wifi['ip_enable_arp_announce']) - # configure ARP ignore - w.set_arp_ignore(wifi['ip_enable_arp_ignore']) - # IPv6 accept RA - w.set_ipv6_accept_ra(wifi['ipv6_accept_ra']) - # IPv6 address autoconfiguration - w.set_ipv6_autoconf(wifi['ipv6_autoconf']) - # IPv6 forwarding - w.set_ipv6_forwarding(wifi['ipv6_forwarding']) - # IPv6 Duplicate Address Detection (DAD) tries - w.set_ipv6_dad_messages(wifi['ipv6_dup_addr_detect']) - - # Configure interface address(es) - # - not longer required addresses get removed first - # - newly addresses will be added second - for addr in wifi['address_remove']: - w.del_addr(addr) - for addr in wifi['address']: - w.add_addr(addr) - - # apply all vlans to interface - apply_all_vlans(w, wifi) + w.update(wifi) # Enable/Disable interface - interface is always placed in # administrative down state in WiFiIf class - if not wifi['disable']: - w.set_admin_state('up') - + if 'disable' not in wifi: # Physical interface is now configured. Proceed by starting hostapd or # wpa_supplicant daemon. When type is monitor we can just skip this. - if wifi['op_mode'] == 'ap': + if wifi['type'] == 'access-point': call(f'systemctl start hostapd@{interface}.service') - elif wifi['op_mode'] == 'station': + elif wifi['type'] == 'station': call(f'systemctl start wpa_supplicant@{interface}.service') return None -- cgit v1.2.3 From 9f7ef46636c8b995a3b758484324db4bc9a4df37 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 29 Jul 2020 17:31:35 +0200 Subject: mdns-repeater: T2742: migrate to get_config_dict() --- data/templates/mdns-repeater/mdns-repeater.tmpl | 2 +- interface-definitions/mdns-repeater.xml.in | 38 -------- interface-definitions/service_mdns-repeater.xml.in | 37 +++++++ src/conf_mode/mdns_repeater.py | 107 --------------------- src/conf_mode/service_mdns-repeater.py | 89 +++++++++++++++++ 5 files changed, 127 insertions(+), 146 deletions(-) delete mode 100644 interface-definitions/mdns-repeater.xml.in create mode 100644 interface-definitions/service_mdns-repeater.xml.in delete mode 100755 src/conf_mode/mdns_repeater.py create mode 100755 src/conf_mode/service_mdns-repeater.py (limited to 'data') diff --git a/data/templates/mdns-repeater/mdns-repeater.tmpl b/data/templates/mdns-repeater/mdns-repeater.tmpl index 3fc4db67e..80f4ab047 100644 --- a/data/templates/mdns-repeater/mdns-repeater.tmpl +++ b/data/templates/mdns-repeater/mdns-repeater.tmpl @@ -1,2 +1,2 @@ ### Autogenerated by mdns_repeater.py ### -DAEMON_ARGS="{{ interfaces | join(' ') }}" +DAEMON_ARGS="{{ interface | join(' ') }}" diff --git a/interface-definitions/mdns-repeater.xml.in b/interface-definitions/mdns-repeater.xml.in deleted file mode 100644 index a59321294..000000000 --- a/interface-definitions/mdns-repeater.xml.in +++ /dev/null @@ -1,38 +0,0 @@ - - - - - - - - Multicast DNS (mDNS) parameters - - - - - mDNS repeater configuration - 990 - - - - - Disable mDNS repeater service - - - - - - Interface to repeat mDNS advertisements [REQUIRED] - - - - - - - - - - - - - diff --git a/interface-definitions/service_mdns-repeater.xml.in b/interface-definitions/service_mdns-repeater.xml.in new file mode 100644 index 000000000..e21b1b27c --- /dev/null +++ b/interface-definitions/service_mdns-repeater.xml.in @@ -0,0 +1,37 @@ + + + + + + + Multicast DNS (mDNS) parameters + + + + + mDNS repeater configuration + 990 + + + + + Disable mDNS repeater service + + + + + + Interface to repeat mDNS advertisements [REQUIRED] + + + + + + + + + + + + + diff --git a/src/conf_mode/mdns_repeater.py b/src/conf_mode/mdns_repeater.py deleted file mode 100755 index b43f9bdd8..000000000 --- a/src/conf_mode/mdns_repeater.py +++ /dev/null @@ -1,107 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2017-2020 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -import os - -from sys import exit -from copy import deepcopy -from netifaces import ifaddresses, AF_INET - -from vyos.config import Config -from vyos import ConfigError -from vyos.util import call -from vyos.template import render - -from vyos import airbag -airbag.enable() - -config_file = r'/etc/default/mdns-repeater' - -default_config_data = { - 'disabled': False, - 'interfaces': [] -} - -def get_config(): - mdns = deepcopy(default_config_data) - conf = Config() - base = ['service', 'mdns', 'repeater'] - if not conf.exists(base): - return None - else: - conf.set_level(base) - - # Service can be disabled by user - if conf.exists(['disable']): - mdns['disabled'] = True - return mdns - - # Interface to repeat mDNS advertisements - if conf.exists(['interface']): - mdns['interfaces'] = conf.return_values(['interface']) - - return mdns - -def verify(mdns): - if mdns is None: - return None - - if mdns['disabled']: - return None - - # We need at least two interfaces to repeat mDNS advertisments - if len(mdns['interfaces']) < 2: - raise ConfigError('mDNS repeater requires at least 2 configured interfaces!') - - # For mdns-repeater to work it is essential that the interfaces has - # an IPv4 address assigned - for interface in mdns['interfaces']: - if AF_INET in ifaddresses(interface).keys(): - if len(ifaddresses(interface)[AF_INET]) < 1: - raise ConfigError('mDNS repeater requires an IPv6 address configured on interface %s!'.format(interface)) - - return None - -def generate(mdns): - if mdns is None: - return None - - if mdns['disabled']: - print('Warning: mDNS repeater will be deactivated because it is disabled') - return None - - render(config_file, 'mdns-repeater/mdns-repeater.tmpl', mdns) - return None - -def apply(mdns): - if (mdns is None) or mdns['disabled']: - call('systemctl stop mdns-repeater.service') - if os.path.exists(config_file): - os.unlink(config_file) - else: - call('systemctl restart mdns-repeater.service') - - return None - -if __name__ == '__main__': - try: - c = get_config() - verify(c) - generate(c) - apply(c) - except ConfigError as e: - print(e) - exit(1) diff --git a/src/conf_mode/service_mdns-repeater.py b/src/conf_mode/service_mdns-repeater.py new file mode 100755 index 000000000..1a6b2c328 --- /dev/null +++ b/src/conf_mode/service_mdns-repeater.py @@ -0,0 +1,89 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2017-2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import os + +from sys import exit +from netifaces import ifaddresses, interfaces, AF_INET + +from vyos.config import Config +from vyos.template import render +from vyos.util import call +from vyos import ConfigError +from vyos import airbag +airbag.enable() + +config_file = r'/etc/default/mdns-repeater' + +def get_config(): + conf = Config() + base = ['service', 'mdns', 'repeater'] + mdns = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) + return mdns + +def verify(mdns): + if not mdns: + return None + + if 'disable' in mdns: + return None + + # We need at least two interfaces to repeat mDNS advertisments + if 'interface' not in mdns or len(mdns['interface']) < 2: + raise ConfigError('mDNS repeater requires at least 2 configured interfaces!') + + # For mdns-repeater to work it is essential that the interfaces has + # an IPv4 address assigned + for interface in mdns['interface']: + if interface not in interfaces(): + raise ConfigError(f'Interface "{interface}" does not exist!') + + if AF_INET not in ifaddresses(interface): + raise ConfigError('mDNS repeater requires an IPv4 address to be ' + f'configured on interface "{interface}"') + + return None + +def generate(mdns): + if not mdns: + return None + + if 'disable' in mdns: + print('Warning: mDNS repeater will be deactivated because it is disabled') + return None + + render(config_file, 'mdns-repeater/mdns-repeater.tmpl', mdns) + return None + +def apply(mdns): + if not mdns or 'disable' in mdns: + call('systemctl stop mdns-repeater.service') + if os.path.exists(config_file): + os.unlink(config_file) + else: + call('systemctl restart mdns-repeater.service') + + return None + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) -- cgit v1.2.3 From f75f9cf6aae10c061e7b757b4e8a658b4457def7 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 30 Jul 2020 22:54:48 +0200 Subject: router-advert: T2745: migrate to get_config_dict() --- data/templates/router-advert/radvd.conf.tmpl | 72 +++++---- interface-definitions/service_router-advert.xml.in | 11 +- src/conf_mode/service_router-advert.py | 163 ++++++--------------- 3 files changed, 98 insertions(+), 148 deletions(-) (limited to 'data') diff --git a/data/templates/router-advert/radvd.conf.tmpl b/data/templates/router-advert/radvd.conf.tmpl index 073623eac..cebfc54b5 100644 --- a/data/templates/router-advert/radvd.conf.tmpl +++ b/data/templates/router-advert/radvd.conf.tmpl @@ -1,37 +1,47 @@ ### Autogenerated by service_router-advert.py ### -{% for i in interfaces -%} -interface {{ i.name }} { +{% if interface is defined and interface is not none %} +{% for iface in interface %} +interface {{ iface }} { IgnoreIfMissing on; - AdvDefaultPreference {{ i.default_preference }}; - AdvManagedFlag {{ i.managed_flag }}; - MaxRtrAdvInterval {{ i.interval_max }}; -{% if i.interval_min %} - MinRtrAdvInterval {{ i.interval_min }}; -{% endif %} - AdvReachableTime {{ i.reachable_time }}; - AdvIntervalOpt {{ i.send_advert }}; - AdvSendAdvert {{ i.send_advert }}; -{% if i.default_lifetime %} - AdvDefaultLifetime {{ i.default_lifetime }}; -{% endif %} -{% if i.link_mtu %} - AdvLinkMTU {{ i.link_mtu }}; -{% endif %} - AdvOtherConfigFlag {{ i.other_config_flag }}; - AdvRetransTimer {{ i.retrans_timer }}; - AdvCurHopLimit {{ i.hop_limit }}; -{% for p in i.prefixes %} - prefix {{ p.prefix }} { - AdvAutonomous {{ p.autonomous_flag }}; - AdvValidLifetime {{ p.valid_lifetime }}; - AdvOnLink {{ p.on_link }}; - AdvPreferredLifetime {{ p.preferred_lifetime }}; +{% if interface[iface].default_preference is defined and interface[iface].default_preference is not none %} + AdvDefaultPreference {{ interface[iface].default_preference }}; +{% endif %} +{% if interface[iface].managed_flag is defined and interface[iface].managed_flag is not none %} + AdvManagedFlag {{ 'on' if interface[iface].managed_flag is defined else 'off' }}; +{% endif %} +{% if interface[iface].interval.max is defined and interface[iface].interval.max is not none %} + MaxRtrAdvInterval {{ interface[iface].interval.max }}; +{% endif %} +{% if interface[iface].interval.min is defined and interface[iface].interval.min is not none %} + MinRtrAdvInterval {{ interface[iface].interval.min }}; +{% endif %} +{% if interface[iface].reachable_time is defined and interface[iface].reachable_time is not none %} + AdvReachableTime {{ interface[iface].reachable_time }}; +{% endif %} + AdvIntervalOpt {{ 'off' if interface[iface].no_send_advert is defined else 'on' }}; + AdvSendAdvert {{ 'off' if interface[iface].no_send_advert is defined else 'on' }}; +{% if interface[iface].default_lifetime is defined %} + AdvDefaultLifetime {{ interface[iface].default_lifetime }}; +{% endif %} +{% if interface[iface].link_mtu is defined %} + AdvLinkMTU {{ interface[iface].link_mtu }}; +{% endif %} + AdvOtherConfigFlag {{ 'on' if interface[iface].other_config_flag is defined else 'off' }}; + AdvRetransTimer {{ interface[iface].retrans_timer }}; + AdvCurHopLimit {{ interface[iface].hop_limit }}; +{% for prefix in interface[iface].prefix %} + prefix {{ prefix }} { + AdvAutonomous {{ 'off' if interface[iface].prefix[prefix].no_autonomous_flag is defined else 'on' }}; + AdvValidLifetime {{ interface[iface].prefix[prefix].valid_lifetime }}; + AdvOnLink {{ 'off' if interface[iface].prefix[prefix].no_on_link_flag is defined else 'on' }}; + AdvPreferredLifetime {{ interface[iface].prefix[prefix].preferred_lifetime }}; }; -{% endfor %} -{% if i.name_server %} - RDNSS {{ i.name_server | join(" ") }} { +{% endfor %} +{% if interface[iface].name_server is defined %} + RDNSS {{ interface[iface].name_server | join(" ") }} { }; -{% endif %} +{% endif %} }; -{% endfor -%} +{% endfor -%} +{% endif %} diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in index 6a4706ab7..5a472fc9a 100644 --- a/interface-definitions/service_router-advert.xml.in +++ b/interface-definitions/service_router-advert.xml.in @@ -32,6 +32,7 @@ Hop count must be between 0 and 255 + 64 @@ -69,10 +70,11 @@ Default router has high preference - (low|medium|high) + ^(low|medium|high)$ Default preference must be low, medium or high + medium @@ -116,6 +118,7 @@ Maximum interval must be between 4 and 1800 seconds + 600 @@ -191,9 +194,10 @@ - (infinity) + ^(infinity)$ + 14400 @@ -214,6 +218,7 @@ (infinity) + 2592000 @@ -233,6 +238,7 @@ Reachable time must be 0 or between 1 and 3600000 milliseconds + 0 @@ -250,6 +256,7 @@ Retransmit interval must be 0 or between 1 and 4294967295 milliseconds + 0 diff --git a/src/conf_mode/service_router-advert.py b/src/conf_mode/service_router-advert.py index ef6148ebd..1b333e1a5 100755 --- a/src/conf_mode/service_router-advert.py +++ b/src/conf_mode/service_router-advert.py @@ -16,145 +16,77 @@ import os -from stat import S_IRUSR, S_IWUSR, S_IRGRP from sys import exit from vyos.config import Config -from vyos import ConfigError -from vyos.util import call +from vyos.configdict import dict_merge from vyos.template import render - +from vyos.util import call +from vyos.xml import defaults +from vyos import ConfigError from vyos import airbag airbag.enable() config_file = r'/run/radvd/radvd.conf' -default_config_data = { - 'interfaces': [] -} - def get_config(): - rtradv = default_config_data conf = Config() - base_level = ['service', 'router-advert'] - - if not conf.exists(base_level): - return rtradv - - for interface in conf.list_nodes(base_level + ['interface']): - intf = { - 'name': interface, - 'hop_limit' : '64', - 'default_lifetime': '', - 'default_preference': 'medium', - 'dnssl': [], - 'link_mtu': '', - 'managed_flag': 'off', - 'interval_max': '600', - 'interval_min': '', - 'name_server': [], - 'other_config_flag': 'off', - 'prefixes' : [], - 'reachable_time': '0', - 'retrans_timer': '0', - 'send_advert': 'on' - } - - # set config level first to reduce boilerplate code - conf.set_level(base_level + ['interface', interface]) - - if conf.exists(['hop-limit']): - intf['hop_limit'] = conf.return_value(['hop-limit']) - - if conf.exists(['default-lifetime']): - intf['default_lifetime'] = conf.return_value(['default-lifetime']) - - if conf.exists(['default-preference']): - intf['default_preference'] = conf.return_value(['default-preference']) - - if conf.exists(['dnssl']): - intf['dnssl'] = conf.return_values(['dnssl']) - - if conf.exists(['link-mtu']): - intf['link_mtu'] = conf.return_value(['link-mtu']) - - if conf.exists(['managed-flag']): - intf['managed_flag'] = 'on' - - if conf.exists(['interval', 'max']): - intf['interval_max'] = conf.return_value(['interval', 'max']) - - if conf.exists(['interval', 'min']): - intf['interval_min'] = conf.return_value(['interval', 'min']) - - if conf.exists(['name-server']): - intf['name_server'] = conf.return_values(['name-server']) - - if conf.exists(['other-config-flag']): - intf['other_config_flag'] = 'on' - - if conf.exists(['reachable-time']): - intf['reachable_time'] = conf.return_value(['reachable-time']) - - if conf.exists(['retrans-timer']): - intf['retrans_timer'] = conf.return_value(['retrans-timer']) - - if conf.exists(['no-send-advert']): - intf['send_advert'] = 'off' - - for prefix in conf.list_nodes(['prefix']): - tmp = { - 'prefix' : prefix, - 'autonomous_flag' : 'on', - 'on_link' : 'on', - 'preferred_lifetime': 14400, - 'valid_lifetime' : 2592000 - - } - - # set config level first to reduce boilerplate code - conf.set_level(base_level + ['interface', interface, 'prefix', prefix]) - - if conf.exists(['no-autonomous-flag']): - tmp['autonomous_flag'] = 'off' - - if conf.exists(['no-on-link-flag']): - tmp['on_link'] = 'off' - - if conf.exists(['preferred-lifetime']): - tmp['preferred_lifetime'] = int(conf.return_value(['preferred-lifetime'])) - - if conf.exists(['valid-lifetime']): - tmp['valid_lifetime'] = int(conf.return_value(['valid-lifetime'])) - - intf['prefixes'].append(tmp) - - rtradv['interfaces'].append(intf) + base = ['service', 'router-advert'] + rtradv = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) + + # We have gathered the dict representation of the CLI, but there are default + # options which we need to update into the dictionary retrived. + default_interface_values = defaults(base + ['interface']) + # we deal with prefix defaults later on + if 'prefix' in default_interface_values: + del default_interface_values['prefix'] + + default_prefix_values = defaults(base + ['interface', 'prefix']) + + if 'interface' in rtradv: + for interface in rtradv['interface']: + rtradv['interface'][interface] = dict_merge( + default_interface_values, rtradv['interface'][interface]) + + if 'prefix' in rtradv['interface'][interface]: + for prefix in rtradv['interface'][interface]['prefix']: + rtradv['interface'][interface]['prefix'][prefix] = dict_merge( + default_prefix_values, rtradv['interface'][interface]['prefix'][prefix]) + + if 'name_server' in rtradv['interface'][interface]: + # always use a list when dealing with nameservers - eases the template generation + if isinstance(rtradv['interface'][interface]['name_server'], str): + rtradv['interface'][interface]['name_server'] = [ + rtradv['interface'][interface]['name_server']] return rtradv def verify(rtradv): - for interface in rtradv['interfaces']: - for prefix in interface['prefixes']: - if not (prefix['valid_lifetime'] > prefix['preferred_lifetime']): - raise ConfigError('Prefix valid-lifetime must be greater then preferred-lifetime') + if not rtradv: + return None + + if 'interface' not in rtradv: + return None + + for interface in rtradv['interface']: + interface = rtradv['interface'][interface] + if 'prefix' in interface: + for prefix in interface['prefix']: + prefix = interface['prefix'][prefix] + if not (int(prefix['valid_lifetime']) > int(prefix['preferred_lifetime'])): + raise ConfigError('Prefix valid-lifetime must be greater then preferred-lifetime') return None def generate(rtradv): - if not rtradv['interfaces']: + if not rtradv: return None - render(config_file, 'router-advert/radvd.conf.tmpl', rtradv, trim_blocks=True) - - # adjust file permissions of new configuration file - if os.path.exists(config_file): - os.chmod(config_file, S_IRUSR | S_IWUSR | S_IRGRP) - + render(config_file, 'router-advert/radvd.conf.tmpl', rtradv, trim_blocks=True, permission=0o644) return None def apply(rtradv): - if not rtradv['interfaces']: + if not rtradv: # bail out early - looks like removal from running config call('systemctl stop radvd.service') if os.path.exists(config_file): @@ -163,6 +95,7 @@ def apply(rtradv): return None call('systemctl restart radvd.service') + return None if __name__ == '__main__': -- cgit v1.2.3 From ea10917897bb4478e7f6f576f2e1c42b134cc5c0 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 2 Aug 2020 14:58:42 +0200 Subject: accel-ppp: T2756: make RADIUS accounting port configurable Make the port used for RADIUS accounting user configurable. This is now valid for the following services which are based on Accel-PPP: * ipoe-server * pppoe-server * l2tp * pptp * sstp --- data/templates/accel-ppp/ipoe.config.tmpl | 2 +- data/templates/accel-ppp/l2tp.config.tmpl | 2 +- data/templates/accel-ppp/pppoe.config.tmpl | 2 +- data/templates/accel-ppp/pptp.config.tmpl | 2 +- data/templates/accel-ppp/sstp.config.tmpl | 2 +- interface-definitions/include/accel-radius-additions.xml.in | 12 ++++++++++++ src/conf_mode/service_ipoe-server.py | 6 +++++- src/conf_mode/service_pppoe-server.py | 6 +++++- src/conf_mode/vpn_l2tp.py | 6 +++++- src/conf_mode/vpn_pptp.py | 6 +++++- src/conf_mode/vpn_sstp.py | 6 +++++- 11 files changed, 42 insertions(+), 10 deletions(-) (limited to 'data') diff --git a/data/templates/accel-ppp/ipoe.config.tmpl b/data/templates/accel-ppp/ipoe.config.tmpl index 84de5bf51..fca520efa 100644 --- a/data/templates/accel-ppp/ipoe.config.tmpl +++ b/data/templates/accel-ppp/ipoe.config.tmpl @@ -77,7 +77,7 @@ chap-secrets={{ chap_secrets_file }} [radius] verbose=1 {% for r in radius_server %} -server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }} +server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} {% endfor -%} acct-timeout={{ radius_acct_tmo }} diff --git a/data/templates/accel-ppp/l2tp.config.tmpl b/data/templates/accel-ppp/l2tp.config.tmpl index b0ef17525..b9131684d 100644 --- a/data/templates/accel-ppp/l2tp.config.tmpl +++ b/data/templates/accel-ppp/l2tp.config.tmpl @@ -83,7 +83,7 @@ chap-secrets={{ chap_secrets_file }} [radius] verbose=1 {% for r in radius_server %} -server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }} +server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} {% endfor -%} acct-timeout={{ radius_acct_tmo }} diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl index 370ca7946..5ad628fde 100644 --- a/data/templates/accel-ppp/pppoe.config.tmpl +++ b/data/templates/accel-ppp/pppoe.config.tmpl @@ -93,7 +93,7 @@ chap-secrets={{ chap_secrets_file }} [radius] verbose=1 {% for r in radius_server %} -server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }} +server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} {% endfor -%} acct-timeout={{ radius_acct_tmo }} diff --git a/data/templates/accel-ppp/pptp.config.tmpl b/data/templates/accel-ppp/pptp.config.tmpl index 0bbfc13c5..e0f2c6da9 100644 --- a/data/templates/accel-ppp/pptp.config.tmpl +++ b/data/templates/accel-ppp/pptp.config.tmpl @@ -66,7 +66,7 @@ chap-secrets={{ chap_secrets_file }} [radius] verbose=1 {% for r in radius_server %} -server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }} +server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} {% endfor -%} acct-timeout={{ radius_acct_tmo }} diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.tmpl index 2c8c00023..c9e4a1d7d 100644 --- a/data/templates/accel-ppp/sstp.config.tmpl +++ b/data/templates/accel-ppp/sstp.config.tmpl @@ -69,7 +69,7 @@ chap-secrets={{ chap_secrets_file }} [radius] verbose=1 {% for r in radius_server %} -server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }} +server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} {% endfor -%} acct-timeout={{ radius_acct_tmo }} diff --git a/interface-definitions/include/accel-radius-additions.xml.in b/interface-definitions/include/accel-radius-additions.xml.in index 227a043cd..e37b68514 100644 --- a/interface-definitions/include/accel-radius-additions.xml.in +++ b/interface-definitions/include/accel-radius-additions.xml.in @@ -2,6 +2,18 @@ + + + Accounting port + + 1-65535 + Numeric IP port (default: 1813) + + + + + + Mark server unavailable for <n> seconds on failure diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py index fbc1000dd..553cc2e97 100755 --- a/src/conf_mode/service_ipoe-server.py +++ b/src/conf_mode/service_ipoe-server.py @@ -147,7 +147,8 @@ def get_config(): 'server' : server, 'key' : '', 'fail_time' : 0, - 'port' : '1812' + 'port' : '1812', + 'acct_port' : '1813' } conf.set_level(base_path + ['authentication', 'radius', 'server', server]) @@ -158,6 +159,9 @@ def get_config(): if conf.exists(['port']): radius['port'] = conf.return_value(['port']) + if conf.exists(['acct-port']): + radius['acct_port'] = conf.return_value(['acct-port']) + if conf.exists(['key']): radius['key'] = conf.return_value(['key']) diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py index 3149bbb2f..a8357f653 100755 --- a/src/conf_mode/service_pppoe-server.py +++ b/src/conf_mode/service_pppoe-server.py @@ -242,7 +242,8 @@ def get_config(): 'server' : server, 'key' : '', 'fail_time' : 0, - 'port' : '1812' + 'port' : '1812', + 'acct_port' : '1813' } conf.set_level(base_path + ['authentication', 'radius', 'server', server]) @@ -253,6 +254,9 @@ def get_config(): if conf.exists(['port']): radius['port'] = conf.return_value(['port']) + if conf.exists(['acct-port']): + radius['acct_port'] = conf.return_value(['acct-port']) + if conf.exists(['key']): radius['key'] = conf.return_value(['key']) diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py index 88df2902e..26ad1af84 100755 --- a/src/conf_mode/vpn_l2tp.py +++ b/src/conf_mode/vpn_l2tp.py @@ -151,7 +151,8 @@ def get_config(): 'server' : server, 'key' : '', 'fail_time' : 0, - 'port' : '1812' + 'port' : '1812', + 'acct_port' : '1813' } conf.set_level(base_path + ['authentication', 'radius', 'server', server]) @@ -162,6 +163,9 @@ def get_config(): if conf.exists(['port']): radius['port'] = conf.return_value(['port']) + if conf.exists(['acct-port']): + radius['acct_port'] = conf.return_value(['acct-port']) + if conf.exists(['key']): radius['key'] = conf.return_value(['key']) diff --git a/src/conf_mode/vpn_pptp.py b/src/conf_mode/vpn_pptp.py index 4536692d2..32cbadd74 100755 --- a/src/conf_mode/vpn_pptp.py +++ b/src/conf_mode/vpn_pptp.py @@ -111,7 +111,8 @@ def get_config(): 'server' : server, 'key' : '', 'fail_time' : 0, - 'port' : '1812' + 'port' : '1812', + 'acct_port' : '1813' } conf.set_level(base_path + ['authentication', 'radius', 'server', server]) @@ -122,6 +123,9 @@ def get_config(): if conf.exists(['port']): radius['port'] = conf.return_value(['port']) + if conf.exists(['acct-port']): + radius['acct_port'] = conf.return_value(['acct-port']) + if conf.exists(['key']): radius['key'] = conf.return_value(['key']) diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py index 4c4d8e403..ddb499bf4 100755 --- a/src/conf_mode/vpn_sstp.py +++ b/src/conf_mode/vpn_sstp.py @@ -118,7 +118,8 @@ def get_config(): 'server' : server, 'key' : '', 'fail_time' : 0, - 'port' : '1812' + 'port' : '1812', + 'acct_port' : '1813' } conf.set_level(base_path + ['authentication', 'radius', 'server', server]) @@ -129,6 +130,9 @@ def get_config(): if conf.exists(['port']): radius['port'] = conf.return_value(['port']) + if conf.exists(['acct-port']): + radius['acct_port'] = conf.return_value(['acct-port']) + if conf.exists(['key']): radius['key'] = conf.return_value(['key']) -- cgit v1.2.3 From 84331764a81d7e31c5c4dd5466f347054283d377 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 3 Aug 2020 12:56:13 +0200 Subject: ifconfig: T2740: pass config dict to DHCP class for IPv6 This removes additional code paths as we can instatly work with the input dict the same was as it was done for PPPoE. This fixes the entire DHCPv6-PD support on non PPPoE interfaces as this was lost in translation while processing T2653. --- data/templates/dhcp-client/ipv6.tmpl | 53 +++++++++++++++++--------------- data/templates/dhcp-client/ipv6_new.tmpl | 47 ---------------------------- python/vyos/ifconfig/dhcp.py | 36 +++++++++------------- python/vyos/ifconfig/interface.py | 49 ++++++++++++----------------- src/conf_mode/interfaces-pppoe.py | 2 +- 5 files changed, 63 insertions(+), 124 deletions(-) delete mode 100644 data/templates/dhcp-client/ipv6_new.tmpl (limited to 'data') diff --git a/data/templates/dhcp-client/ipv6.tmpl b/data/templates/dhcp-client/ipv6.tmpl index 490f14726..112431c5f 100644 --- a/data/templates/dhcp-client/ipv6.tmpl +++ b/data/templates/dhcp-client/ipv6.tmpl @@ -4,41 +4,44 @@ interface {{ ifname }} { request domain-name-servers; request domain-name; -{% if dhcpv6_prm_only %} +{% if dhcpv6_options is defined %} +{% if dhcpv6_options.parameters_only is defined %} information-only; -{% endif %} -{% if not dhcpv6_temporary %} +{% endif %} +{% if dhcpv6_options.temporary is not defined %} send ia-na 1; # non-temporary address -{% endif %} -{% if dhcpv6_pd_interfaces %} +{% endif %} +{% if dhcpv6_options.prefix_delegation is defined %} send ia-pd 2; # prefix delegation +{% endif %} {% endif %} }; -{% if not dhcpv6_temporary %} +{% if dhcpv6_options is defined %} +{% if dhcpv6_options.temporary is not defined %} id-assoc na 1 { # Identity association NA }; -{% endif %} +{% endif %} -{% if dhcpv6_pd_interfaces %} +{% if dhcpv6_options.prefix_delegation is defined %} id-assoc pd 2 { -{% if dhcpv6_pd_length %} - prefix ::/{{ dhcpv6_pd_length }} infinity; -{% endif %} -{% for intf in dhcpv6_pd_interfaces %} - prefix-interface {{ intf.ifname }} { -{% if intf.sla_id %} - sla-id {{ intf.sla_id }}; -{% endif %} -{% if intf.sla_len %} - sla-len {{ intf.sla_len }}; -{% endif %} -{% if intf.if_id %} - ifid {{ intf.if_id }}; -{% endif %} +{% if dhcpv6_options.prefix_delegation.length is defined %} + prefix ::/{{ dhcpv6_options.prefix_delegation.length }} infinity; +{% endif %} +{% for interface in dhcpv6_options.prefix_delegation.interface %} + prefix-interface {{ interface }} { +{% if dhcpv6_options.prefix_delegation.interface[interface].sla_id is defined %} + sla-id {{ dhcpv6_options.prefix_delegation.interface[interface].sla_id }}; +{% endif %} +{% if dhcpv6_options.prefix_delegation.interface[interface].sla_len is defined %} + sla-len {{ dhcpv6_options.prefix_delegation.interface[interface].sla_len }}; +{% endif %} +{% if dhcpv6_options.prefix_delegation.interface[interface].address is defined %} + ifid {{ dhcpv6_options.prefix_delegation.interface[interface].address }}; +{% endif %} }; -{% endfor %} +{% endfor %} }; -{% endif %} - +{% endif %} +{% endif %} diff --git a/data/templates/dhcp-client/ipv6_new.tmpl b/data/templates/dhcp-client/ipv6_new.tmpl deleted file mode 100644 index 112431c5f..000000000 --- a/data/templates/dhcp-client/ipv6_new.tmpl +++ /dev/null @@ -1,47 +0,0 @@ -# generated by dhcp.py -# man https://www.unix.com/man-page/debian/5/dhcp6c.conf/ - -interface {{ ifname }} { - request domain-name-servers; - request domain-name; -{% if dhcpv6_options is defined %} -{% if dhcpv6_options.parameters_only is defined %} - information-only; -{% endif %} -{% if dhcpv6_options.temporary is not defined %} - send ia-na 1; # non-temporary address -{% endif %} -{% if dhcpv6_options.prefix_delegation is defined %} - send ia-pd 2; # prefix delegation -{% endif %} -{% endif %} -}; - -{% if dhcpv6_options is defined %} -{% if dhcpv6_options.temporary is not defined %} -id-assoc na 1 { - # Identity association NA -}; -{% endif %} - -{% if dhcpv6_options.prefix_delegation is defined %} -id-assoc pd 2 { -{% if dhcpv6_options.prefix_delegation.length is defined %} - prefix ::/{{ dhcpv6_options.prefix_delegation.length }} infinity; -{% endif %} -{% for interface in dhcpv6_options.prefix_delegation.interface %} - prefix-interface {{ interface }} { -{% if dhcpv6_options.prefix_delegation.interface[interface].sla_id is defined %} - sla-id {{ dhcpv6_options.prefix_delegation.interface[interface].sla_id }}; -{% endif %} -{% if dhcpv6_options.prefix_delegation.interface[interface].sla_len is defined %} - sla-len {{ dhcpv6_options.prefix_delegation.interface[interface].sla_len }}; -{% endif %} -{% if dhcpv6_options.prefix_delegation.interface[interface].address is defined %} - ifid {{ dhcpv6_options.prefix_delegation.interface[interface].address }}; -{% endif %} - }; -{% endfor %} -}; -{% endif %} -{% endif %} diff --git a/python/vyos/ifconfig/dhcp.py b/python/vyos/ifconfig/dhcp.py index a8b9a2a87..bd37970a2 100644 --- a/python/vyos/ifconfig/dhcp.py +++ b/python/vyos/ifconfig/dhcp.py @@ -15,6 +15,7 @@ import os +from vyos.configverify import verify_dhcpv6 from vyos.dicts import FixedDict from vyos.ifconfig.control import Control from vyos.template import render @@ -82,39 +83,31 @@ class _DHCPv4 (Control): class _DHCPv6 (Control): def __init__(self, ifname): super().__init__() - self.options = FixedDict(**{ - 'ifname': ifname, - 'dhcpv6_prm_only': False, - 'dhcpv6_temporary': False, - 'dhcpv6_pd_interfaces': [], - 'dhcpv6_pd_length': '' - }) - self._conf_file = f'/run/dhcp6c/dhcp6c.{ifname}.conf' + self.options = {'ifname' : ifname} + self._config = f'/run/dhcp6c/dhcp6c.{ifname}.conf' def set(self): """ - Configure interface as DHCPv6 client. The dhclient binary is automatically - started in background! + Configure interface as DHCPv6 client. The client is automatically + started in background when address is configured as DHCP. Example: - >>> from vyos.ifconfig import Interface >>> j = Interface('eth0') >>> j.dhcp.v6.set() """ - # better save then sorry .. should be checked in interface script - # but if you missed it we are safe! - if self.options['dhcpv6_prm_only'] and self.options['dhcpv6_temporary']: - raise Exception( - 'DHCPv6 temporary and parameters-only options are mutually exclusive!') + # better save then sorry .. should be checked in interface script but if you + # missed it we are safe! + verify_dhcpv6(self.options) - render(self._conf_file, 'dhcp-client/ipv6.tmpl', self.options, trim_blocks=True) - return self._cmd('systemctl restart dhcp6c@{ifname}.service'.format(**self.options)) + render(self._config, 'dhcp-client/ipv6.tmpl', self.options, trim_blocks=True) + return self._cmd('systemctl restart dhcp6c@{ifname}.service'.format( + **self.options)) def delete(self): """ - De-configure interface as DHCPv6 clinet. All auto generated files like + De-configure interface as DHCPv6 client. All auto generated files like pid, config and lease will be removed. Example: @@ -126,9 +119,8 @@ class _DHCPv6 (Control): self._cmd('systemctl stop dhcp6c@{ifname}.service'.format(**self.options)) # cleanup old config files - if os.path.isfile(self._conf_file): - os.remove(self._conf_file) - + if os.path.isfile(self._config): + os.remove(self._config) class DHCP(object): def __init__(self, ifname): diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index d477153e8..f5e43e172 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -822,6 +822,22 @@ class Interface(Control): value = '2' if 'disable_link_detect' in config else '1' self.set_link_detect(value) + # DHCP options + if 'dhcp_options' in config: + dhcp_options = config.get('dhcp_options') + if 'client_id' in dhcp_options: + self.dhcp.v4.options['client_id'] = dhcp_options.get('client_id') + + if 'host_name' in dhcp_options: + self.dhcp.v4.options['hostname'] = dhcp_options.get('host_name') + + if 'vendor_class_id' in dhcp_options: + self.dhcp.v4.options['vendor_class_id'] = dhcp_options.get('vendor_class_id') + + # DHCPv6 options + if 'dhcpv6_options' in config: + self.dhcp.v6.options = config + # Configure assigned interface IP addresses. No longer # configured addresses will be removed first new_addr = config.get('address', []) @@ -849,35 +865,6 @@ class Interface(Control): # checked before self.set_vrf(config.get('vrf', '')) - # DHCP options - if 'dhcp_options' in config: - dhcp_options = config.get('dhcp_options') - if 'client_id' in dhcp_options: - self.dhcp.v4.options['client_id'] = dhcp_options.get('client_id') - - if 'host_name' in dhcp_options: - self.dhcp.v4.options['hostname'] = dhcp_options.get('host_name') - - if 'vendor_class_id' in dhcp_options: - self.dhcp.v4.options['vendor_class_id'] = dhcp_options.get('vendor_class_id') - - # DHCPv6 options - if 'dhcpv6_options' in config: - dhcpv6_options = config.get('dhcpv6_options') - if 'parameters_only' in dhcpv6_options: - self.dhcp.v6.options['dhcpv6_prm_only'] = True - - if 'temporary' in dhcpv6_options: - self.dhcp.v6.options['dhcpv6_temporary'] = True - - if 'prefix_delegation' in dhcpv6_options: - prefix_delegation = dhcpv6_options.get('prefix_delegation') - if 'length' in prefix_delegation: - self.dhcp.v6.options['dhcpv6_pd_length'] = prefix_delegation.get('length') - - if 'interface' in prefix_delegation: - self.dhcp.v6.options['dhcpv6_pd_interfaces'] = prefix_delegation.get('interface') - # Configure ARP cache timeout in milliseconds - has default value tmp = jmespath.search('ip.arp_cache_timeout', config) value = tmp if (tmp != None) else '30' @@ -982,9 +969,11 @@ class Interface(Control): self.del_vlan(vif_s_id) # create/update 802.1ad (Q-in-Q VLANs) + ifname = config['ifname'] for vif_s_id, vif_s in config.get('vif_s', {}).items(): tmp=get_ethertype(vif_s.get('ethertype', '0x88A8')) s_vlan = self.add_vlan(vif_s_id, ethertype=tmp) + vif_s['ifname'] = f'{ifname}.{vif_s_id}' s_vlan.update(vif_s) # remove no longer required client VLAN (vif-c) @@ -994,6 +983,7 @@ class Interface(Control): # create/update client VLAN (vif-c) interface for vif_c_id, vif_c in vif_s.get('vif_c', {}).items(): c_vlan = s_vlan.add_vlan(vif_c_id) + vif_c['ifname'] = f'{ifname}.{vif_s_id}.{vif_c_id}' c_vlan.update(vif_c) # remove no longer required 802.1q VLAN interfaces @@ -1003,4 +993,5 @@ class Interface(Control): # create/update 802.1q VLAN interfaces for vif_id, vif in config.get('vif', {}).items(): vlan = self.add_vlan(vif_id) + vif['ifname'] = f'{ifname}.{vif_id}' vlan.update(vif) diff --git a/src/conf_mode/interfaces-pppoe.py b/src/conf_mode/interfaces-pppoe.py index b9a88a949..928113b49 100755 --- a/src/conf_mode/interfaces-pppoe.py +++ b/src/conf_mode/interfaces-pppoe.py @@ -108,7 +108,7 @@ def generate(pppoe): if tmp and len(tmp) > 0: # ipv6.tmpl relies on ifname - this should be made consitent in the # future better then double key-ing the same value - render(config_wide_dhcp6c, 'dhcp-client/ipv6_new.tmpl', pppoe, trim_blocks=True) + render(config_wide_dhcp6c, 'dhcp-client/ipv6.tmpl', pppoe, trim_blocks=True) return None -- cgit v1.2.3 From b6dcb0a887a4fab89ca870d6142d6856cccc181f Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 3 Aug 2020 13:51:48 +0200 Subject: ifconfig: T2653: unify DHCPv4 configuration Pass the interface dictionary transparently to the DHCP module and render the DHCP client config template directly from the same source instead of transcoding it once more. --- data/templates/dhcp-client/daemon-options.tmpl | 2 +- data/templates/dhcp-client/ipv4.tmpl | 20 +++++------ python/vyos/ifconfig/dhcp.py | 48 +++++++++++++------------- python/vyos/ifconfig/interface.py | 10 +----- 4 files changed, 36 insertions(+), 44 deletions(-) (limited to 'data') diff --git a/data/templates/dhcp-client/daemon-options.tmpl b/data/templates/dhcp-client/daemon-options.tmpl index 12786b777..a0ba2c9ef 100644 --- a/data/templates/dhcp-client/daemon-options.tmpl +++ b/data/templates/dhcp-client/daemon-options.tmpl @@ -1 +1 @@ -DHCLIENT_OPTS="-nw -cf {{ conf_file }} -pf {{ pid_file }} -lf {{ lease_file }} {{ '-S' if dhcpv6_prm_only }} {{ '-T' if dhcpv6_temporary }} {{ ifname }}" +DHCLIENT_OPTS="-nw -cf /var/lib/dhcp/dhclient_{{ifname}}.conf -pf /var/lib/dhcp/dhclient_{{ifname}}.pid -lf /var/lib/dhcp/dhclient_{{ifname}}.leases {{ifname}}" diff --git a/data/templates/dhcp-client/ipv4.tmpl b/data/templates/dhcp-client/ipv4.tmpl index ab772b5f6..fe2a67f08 100644 --- a/data/templates/dhcp-client/ipv4.tmpl +++ b/data/templates/dhcp-client/ipv4.tmpl @@ -4,14 +4,14 @@ timeout 60; retry 300; interface "{{ ifname }}" { - send host-name "{{ hostname }}"; - {% if client_id -%} - send dhcp-client-identifier "{{ client_id }}"; - {% endif -%} - {% if vendor_class_id -%} - send vendor-class-identifier "{{ vendor_class_id }}"; - {% endif -%} - request subnet-mask, broadcast-address, routers, domain-name-servers, - rfc3442-classless-static-routes, domain-name, interface-mtu; - require subnet-mask; + send host-name "{{ dhcp_options.host_name }}"; +{% if dhcp_options.client_id is defined and dhcp_options.client_id is not none %} + send dhcp-client-identifier "{{ dhcp_options.client_id }}"; +{% endif %} +{% if dhcp_options.vendor_class_id is defined and dhcp_options.vendor_class_id is not none %} + send vendor-class-identifier "{{ dhcp_options.vendor_class_id }}"; +{% endif %} + request subnet-mask, broadcast-address, routers, domain-name-servers, + rfc3442-classless-static-routes, domain-name, interface-mtu; + require subnet-mask; } diff --git a/python/vyos/ifconfig/dhcp.py b/python/vyos/ifconfig/dhcp.py index bd37970a2..5f99a0b7e 100644 --- a/python/vyos/ifconfig/dhcp.py +++ b/python/vyos/ifconfig/dhcp.py @@ -14,26 +14,22 @@ # License along with this library. If not, see . import os +import jmespath +from vyos.configdict import dict_merge from vyos.configverify import verify_dhcpv6 -from vyos.dicts import FixedDict from vyos.ifconfig.control import Control from vyos.template import render class _DHCPv4 (Control): def __init__(self, ifname): super().__init__() - config_base = r'/var/lib/dhcp/dhclient_' - self.options = FixedDict(**{ - 'ifname': ifname, - 'hostname': '', - 'client_id': '', - 'vendor_class_id': '', - 'conf_file': config_base + f'{ifname}.conf', - 'options_file': config_base + f'{ifname}.options', - 'pid_file': config_base + f'{ifname}.pid', - 'lease_file': config_base + f'{ifname}.leases', - }) + config_base = r'/var/lib/dhcp/dhclient' + self._conf_file = f'{config_base}_{ifname}.conf' + self._options_file = f'{config_base}_{ifname}.options' + self._pid_file = f'{config_base}_{ifname}.pid' + self._lease_file = f'{config_base}_{ifname}.leases' + self.options = {'ifname' : ifname} # replace dhcpv4/v6 with systemd.networkd? def set(self): @@ -42,19 +38,24 @@ class _DHCPv4 (Control): started in background! Example: - >>> from vyos.ifconfig import Interface >>> j = Interface('eth0') >>> j.dhcp.v4.set() """ - if not self.options['hostname']: + + if jmespath.search('dhcp_options.host_name', self.options) == None: # read configured system hostname. # maybe change to vyos hostd client ??? + hostname = 'vyos' with open('/etc/hostname', 'r') as f: - self.options['hostname'] = f.read().rstrip('\n') + hostname = f.read().rstrip('\n') + tmp = {'dhcp_options' : { 'host_name' : hostname}} + self.options = dict_merge(tmp, self.options) - render(self.options['options_file'], 'dhcp-client/daemon-options.tmpl', self.options) - render(self.options['conf_file'], 'dhcp-client/ipv4.tmpl', self.options) + render(self._options_file, 'dhcp-client/daemon-options.tmpl', + self.options, trim_blocks=True) + render(self._conf_file, 'dhcp-client/ipv4.tmpl', + self.options, trim_blocks=True) return self._cmd('systemctl restart dhclient@{ifname}.service'.format(**self.options)) @@ -64,21 +65,20 @@ class _DHCPv4 (Control): pid, config and lease will be removed. Example: - >>> from vyos.ifconfig import Interface >>> j = Interface('eth0') >>> j.dhcp.v4.delete() """ - if not os.path.isfile(self.options['pid_file']): + if not os.path.isfile(self._pid_file): self._debug_msg('No DHCP client PID found') return None self._cmd('systemctl stop dhclient@{ifname}.service'.format(**self.options)) # cleanup old config files - for name in ('conf_file', 'options_file', 'pid_file', 'lease_file'): - if os.path.isfile(self.options[name]): - os.remove(self.options[name]) + for file in [self._conf_file, self._options_file, self._pid_file, self._lease_file]: + if os.path.isfile(file): + os.remove(file) class _DHCPv6 (Control): def __init__(self, ifname): @@ -101,7 +101,8 @@ class _DHCPv6 (Control): # missed it we are safe! verify_dhcpv6(self.options) - render(self._config, 'dhcp-client/ipv6.tmpl', self.options, trim_blocks=True) + render(self._config, 'dhcp-client/ipv6.tmpl', + self.options, trim_blocks=True) return self._cmd('systemctl restart dhcp6c@{ifname}.service'.format( **self.options)) @@ -111,7 +112,6 @@ class _DHCPv6 (Control): pid, config and lease will be removed. Example: - >>> from vyos.ifconfig import Interface >>> j = Interface('eth0') >>> j.dhcp.v6.delete() diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index f5e43e172..214ece8cd 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -824,15 +824,7 @@ class Interface(Control): # DHCP options if 'dhcp_options' in config: - dhcp_options = config.get('dhcp_options') - if 'client_id' in dhcp_options: - self.dhcp.v4.options['client_id'] = dhcp_options.get('client_id') - - if 'host_name' in dhcp_options: - self.dhcp.v4.options['hostname'] = dhcp_options.get('host_name') - - if 'vendor_class_id' in dhcp_options: - self.dhcp.v4.options['vendor_class_id'] = dhcp_options.get('vendor_class_id') + self.dhcp.v4.options = config # DHCPv6 options if 'dhcpv6_options' in config: -- cgit v1.2.3 From ca2ab503f42a8446175954e9e7280ecc8e75e927 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 3 Aug 2020 18:38:55 +0200 Subject: ssh: T1076: make configuration volatile Move sshd_config file to /run so it must be generated on every boot and is not stored accidently. --- data/templates/ssh/override.conf.tmpl | 3 ++- src/conf_mode/ssh.py | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'data') diff --git a/data/templates/ssh/override.conf.tmpl b/data/templates/ssh/override.conf.tmpl index 4276366ae..843aa927b 100644 --- a/data/templates/ssh/override.conf.tmpl +++ b/data/templates/ssh/override.conf.tmpl @@ -2,9 +2,10 @@ [Unit] StartLimitIntervalSec=0 After=vyos-router.service +ConditionPathExists={{config_file}} [Service] ExecStart= -ExecStart={{vrf_command}}/usr/sbin/sshd -D $SSHD_OPTS +ExecStart={{vrf_command}}/usr/sbin/sshd -f {{config_file}} -D $SSHD_OPTS RestartSec=10 diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index ffb0b700d..7b262565a 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -28,7 +28,7 @@ from vyos.xml import defaults from vyos import airbag airbag.enable() -config_file = r'/etc/ssh/sshd_config' +config_file = r'/run/ssh/sshd_config' systemd_override = r'/etc/systemd/system/ssh.service.d/override.conf' def get_config(): @@ -42,6 +42,8 @@ def get_config(): # options which we need to update into the dictionary retrived. default_values = defaults(base) ssh = dict_merge(default_values, ssh) + # pass config file path - used in override template + ssh['config_file'] = config_file return ssh -- cgit v1.2.3 From 4526ceadf4a9a81b51ec394970188daccd69539b Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 4 Aug 2020 08:34:52 +0200 Subject: cleanup: convert multiple files from DOS to UNIX line ending --- data/templates/frr/bgp.frr.tmpl | 2 +- data/templates/system/curlrc.tmpl | 16 +++++----- .../include/bgp-afi-aggregate-address.xml.i | 24 +++++++-------- .../systemd/system/radvd.service.d/override.conf | 34 +++++++++++----------- src/systemd/wpa_supplicant-macsec@.service | 34 +++++++++++----------- 5 files changed, 55 insertions(+), 55 deletions(-) (limited to 'data') diff --git a/data/templates/frr/bgp.frr.tmpl b/data/templates/frr/bgp.frr.tmpl index cd6f31c93..cdf4cb4fe 100644 --- a/data/templates/frr/bgp.frr.tmpl +++ b/data/templates/frr/bgp.frr.tmpl @@ -1 +1 @@ -! +! diff --git a/data/templates/system/curlrc.tmpl b/data/templates/system/curlrc.tmpl index 675e35a0c..3e5ce801c 100644 --- a/data/templates/system/curlrc.tmpl +++ b/data/templates/system/curlrc.tmpl @@ -1,8 +1,8 @@ -{% if http_client is defined %} -{% if http_client.source_interface is defined %} ---interface "{{ http_client.source_interface }}" -{% endif %} -{% if http_client.source_address is defined %} ---interface "{{ http_client.source_address }}" -{% endif %} -{% endif %} +{% if http_client is defined %} +{% if http_client.source_interface is defined %} +--interface "{{ http_client.source_interface }}" +{% endif %} +{% if http_client.source_address is defined %} +--interface "{{ http_client.source_address }}" +{% endif %} +{% endif %} diff --git a/interface-definitions/include/bgp-afi-aggregate-address.xml.i b/interface-definitions/include/bgp-afi-aggregate-address.xml.i index 40c030fc1..050ee0074 100644 --- a/interface-definitions/include/bgp-afi-aggregate-address.xml.i +++ b/interface-definitions/include/bgp-afi-aggregate-address.xml.i @@ -1,12 +1,12 @@ - - - Generate AS-set path information for this aggregate address - - - - - - Announce the aggregate summary network only - - - + + + Generate AS-set path information for this aggregate address + + + + + + Announce the aggregate summary network only + + + diff --git a/src/etc/systemd/system/radvd.service.d/override.conf b/src/etc/systemd/system/radvd.service.d/override.conf index 44c4345e1..c2f640cf5 100644 --- a/src/etc/systemd/system/radvd.service.d/override.conf +++ b/src/etc/systemd/system/radvd.service.d/override.conf @@ -1,17 +1,17 @@ -[Unit] -ConditionPathExists=/run/radvd/radvd.conf -After= -After=vyos-router.service - -[Service] -WorkingDirectory= -WorkingDirectory=/run/radvd -ExecStartPre= -ExecStartPre=/usr/sbin/radvd --logmethod stderr_clean --configtest --config /run/radvd/radvd.conf -ExecStart= -ExecStart=/usr/sbin/radvd --logmethod stderr_clean --config /run/radvd/radvd.conf --pidfile /run/radvd/radvd.pid -ExecReload= -ExecReload=/usr/sbin/radvd --logmethod stderr_clean --configtest --config /run/radvd/radvd.conf -ExecReload=/bin/kill -HUP $MAINPID -PIDFile= -PIDFile=/run/radvd/radvd.pid +[Unit] +ConditionPathExists=/run/radvd/radvd.conf +After= +After=vyos-router.service + +[Service] +WorkingDirectory= +WorkingDirectory=/run/radvd +ExecStartPre= +ExecStartPre=/usr/sbin/radvd --logmethod stderr_clean --configtest --config /run/radvd/radvd.conf +ExecStart= +ExecStart=/usr/sbin/radvd --logmethod stderr_clean --config /run/radvd/radvd.conf --pidfile /run/radvd/radvd.pid +ExecReload= +ExecReload=/usr/sbin/radvd --logmethod stderr_clean --configtest --config /run/radvd/radvd.conf +ExecReload=/bin/kill -HUP $MAINPID +PIDFile= +PIDFile=/run/radvd/radvd.pid diff --git a/src/systemd/wpa_supplicant-macsec@.service b/src/systemd/wpa_supplicant-macsec@.service index 21e189e4b..7e0bee8e1 100644 --- a/src/systemd/wpa_supplicant-macsec@.service +++ b/src/systemd/wpa_supplicant-macsec@.service @@ -1,17 +1,17 @@ -[Unit] -Description=WPA supplicant daemon (macsec-specific version) -Requires=sys-subsystem-net-devices-%i.device -ConditionPathExists=/run/wpa_supplicant/%I.conf -After=vyos-router.service -RequiresMountsFor=/run - -# NetworkManager users will probably want the dbus version instead. - -[Service] -Type=simple -WorkingDirectory=/run/wpa_supplicant -PIDFile=/run/wpa_supplicant/%I.pid -ExecStart=/sbin/wpa_supplicant -c/run/wpa_supplicant/%I.conf -Dmacsec_linux -i%I - -[Install] -WantedBy=multi-user.target +[Unit] +Description=WPA supplicant daemon (macsec-specific version) +Requires=sys-subsystem-net-devices-%i.device +ConditionPathExists=/run/wpa_supplicant/%I.conf +After=vyos-router.service +RequiresMountsFor=/run + +# NetworkManager users will probably want the dbus version instead. + +[Service] +Type=simple +WorkingDirectory=/run/wpa_supplicant +PIDFile=/run/wpa_supplicant/%I.pid +ExecStart=/sbin/wpa_supplicant -c/run/wpa_supplicant/%I.conf -Dmacsec_linux -i%I + +[Install] +WantedBy=multi-user.target -- cgit v1.2.3 From 846e306700af191d22dc874992bbf5f04d2799c4 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 4 Aug 2020 22:33:18 +0200 Subject: ssh: T2651: add cli options for source address When running SSH from the VyOS system the source IP address can be set by: set system options ssh-client source-address x.x.x.x --- data/templates/system/ssh_config.tmpl | 3 +++ interface-definitions/system-options.xml.in | 10 +++++++++- src/conf_mode/system-options.py | 31 ++++++++++++++++++++++++----- 3 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 data/templates/system/ssh_config.tmpl (limited to 'data') diff --git a/data/templates/system/ssh_config.tmpl b/data/templates/system/ssh_config.tmpl new file mode 100644 index 000000000..509bd5479 --- /dev/null +++ b/data/templates/system/ssh_config.tmpl @@ -0,0 +1,3 @@ +{% if ssh_client is defined and ssh_client.source_address is defined and ssh_client.source_address is not none %} +BindAddress {{ ssh_client.source_address }} +{% endif %} diff --git a/interface-definitions/system-options.xml.in b/interface-definitions/system-options.xml.in index 194773329..a5fec10db 100644 --- a/interface-definitions/system-options.xml.in +++ b/interface-definitions/system-options.xml.in @@ -46,13 +46,21 @@ - Global options used for HTTP based commands + Global options used for HTTP client #include #include + + + Global options used for SSH client + + + #include + + diff --git a/src/conf_mode/system-options.py b/src/conf_mode/system-options.py index d7c5c0443..0aacd19d8 100755 --- a/src/conf_mode/system-options.py +++ b/src/conf_mode/system-options.py @@ -22,11 +22,13 @@ from sys import exit from vyos.config import Config from vyos.template import render from vyos.util import call +from vyos.validate import is_addr_assigned from vyos import ConfigError from vyos import airbag airbag.enable() -config_file = r'/etc/curlrc' +curlrc_config = r'/etc/curlrc' +ssh_config = r'/etc/ssh/ssh_config' systemd_action_file = '/lib/systemd/system/ctrl-alt-del.target' def get_config(): @@ -36,9 +38,9 @@ def get_config(): return options def verify(options): - if 'http_client' in options.keys(): + if 'http_client' in options: config = options['http_client'] - if 'source_interface' in config.keys(): + if 'source_interface' in config: if not config['source_interface'] in interfaces(): raise ConfigError(f'Source interface {source_interface} does not ' f'exist'.format(**config)) @@ -46,10 +48,21 @@ def verify(options): if {'source_address', 'source_interface'} <= set(config): raise ConfigError('Can not define both HTTP source-interface and source-address') + if 'source_address' in config: + if not is_addr_assigned(config['source_address']): + raise ConfigError('No interface with give address specified!') + + if 'ssh_client' in options: + config = options['ssh_client'] + if 'source_address' in config: + if not is_addr_assigned(config['source_address']): + raise ConfigError('No interface with give address specified!') + return None def generate(options): - render(config_file, 'system/curlrc.tmpl', options, trim_blocks=True) + render(curlrc_config, 'system/curlrc.tmpl', options, trim_blocks=True) + render(ssh_config, 'system/ssh_config.tmpl', options, trim_blocks=True) return None def apply(options): @@ -63,12 +76,20 @@ def apply(options): if os.path.exists(systemd_action_file): os.unlink(systemd_action_file) - if 'ctrl_alt_del_action' in options.keys(): + if 'ctrl_alt_del_action' in options: if options['ctrl_alt_del_action'] == 'reboot': os.symlink('/lib/systemd/system/reboot.target', systemd_action_file) elif options['ctrl_alt_del_action'] == 'poweroff': os.symlink('/lib/systemd/system/poweroff.target', systemd_action_file) + if 'http_client' not in options: + if os.path.exists(curlrc_config): + os.unlink(curlrc_config) + + if 'ssh_client' not in options: + if os.path.exists(ssh_config): + os.unlink(ssh_config) + # Reboot system on kernel panic with open('/proc/sys/kernel/panic', 'w') as f: if 'reboot_on_panic' in options.keys(): -- cgit v1.2.3 From 9a85c946e5f4d125276da432bb3055d1369d47fd Mon Sep 17 00:00:00 2001 From: Christian Pössinger Date: Fri, 14 Aug 2020 07:39:05 +0200 Subject: templates: dhcp-client: fix "Autogenerated by" script name Commit 21bc98f1 ("ifconfig: dhcp: T2767: client must not start when interface is disabled") dropped dhcp.py which is now directly handled by interface.py. This change should also be reflected in the generated files. --- data/templates/dhcp-client/daemon-options.tmpl | 3 +++ data/templates/dhcp-client/ipv4.tmpl | 4 +++- data/templates/dhcp-client/ipv6.tmpl | 5 +++-- 3 files changed, 9 insertions(+), 3 deletions(-) (limited to 'data') diff --git a/data/templates/dhcp-client/daemon-options.tmpl b/data/templates/dhcp-client/daemon-options.tmpl index a0ba2c9ef..290aefa49 100644 --- a/data/templates/dhcp-client/daemon-options.tmpl +++ b/data/templates/dhcp-client/daemon-options.tmpl @@ -1 +1,4 @@ +### Autogenerated by interface.py ### + DHCLIENT_OPTS="-nw -cf /var/lib/dhcp/dhclient_{{ifname}}.conf -pf /var/lib/dhcp/dhclient_{{ifname}}.pid -lf /var/lib/dhcp/dhclient_{{ifname}}.leases {{ifname}}" + diff --git a/data/templates/dhcp-client/ipv4.tmpl b/data/templates/dhcp-client/ipv4.tmpl index fe2a67f08..8a44a9761 100644 --- a/data/templates/dhcp-client/ipv4.tmpl +++ b/data/templates/dhcp-client/ipv4.tmpl @@ -1,4 +1,5 @@ -# generated by dhcp.py +### Autogenerated by interface.py ### + option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; timeout 60; retry 300; @@ -15,3 +16,4 @@ interface "{{ ifname }}" { rfc3442-classless-static-routes, domain-name, interface-mtu; require subnet-mask; } + diff --git a/data/templates/dhcp-client/ipv6.tmpl b/data/templates/dhcp-client/ipv6.tmpl index 112431c5f..5c0cea280 100644 --- a/data/templates/dhcp-client/ipv6.tmpl +++ b/data/templates/dhcp-client/ipv6.tmpl @@ -1,6 +1,6 @@ -# generated by dhcp.py -# man https://www.unix.com/man-page/debian/5/dhcp6c.conf/ +### Autogenerated by interface.py ### +# man https://www.unix.com/man-page/debian/5/dhcp6c.conf/ interface {{ ifname }} { request domain-name-servers; request domain-name; @@ -45,3 +45,4 @@ id-assoc pd 2 { }; {% endif %} {% endif %} + -- cgit v1.2.3 From b082a6fb211ef19d75c4c81414be9aa1b9248b45 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 13 Aug 2020 18:31:08 +0200 Subject: lcd: T2564: flatten CLI interface * set system lcd device * set system lcd model Both device and model have completion helpers for supported interfaces and LCD displays. --- data/templates/lcd/LCDd.conf.tmpl | 126 ++ data/templates/lcd/lcdproc.conf.tmpl | 60 + data/templates/system-display/LCDd.conf.tmpl | 1500 -------------------- data/templates/system-display/lcdproc.conf.tmpl | 173 --- interface-definitions/system-display.xml.in | 235 --- interface-definitions/system-lcd.xml.in | 62 + python/vyos/util.py | 12 + src/conf_mode/interfaces-wirelessmodem.py | 12 +- src/conf_mode/system-display.py | 98 -- src/conf_mode/system_lcd.py | 84 ++ .../systemd/system/LCDd.service.d/override.conf | 8 + .../system/hostapd@.service.d/override.conf | 7 +- src/systemd/LCDd@.service | 10 - src/systemd/lcdproc.service | 13 + src/systemd/lcdproc@.service | 10 - 15 files changed, 369 insertions(+), 2041 deletions(-) create mode 100644 data/templates/lcd/LCDd.conf.tmpl create mode 100644 data/templates/lcd/lcdproc.conf.tmpl delete mode 100644 data/templates/system-display/LCDd.conf.tmpl delete mode 100644 data/templates/system-display/lcdproc.conf.tmpl delete mode 100644 interface-definitions/system-display.xml.in create mode 100644 interface-definitions/system-lcd.xml.in delete mode 100755 src/conf_mode/system-display.py create mode 100755 src/conf_mode/system_lcd.py create mode 100644 src/etc/systemd/system/LCDd.service.d/override.conf delete mode 100644 src/systemd/LCDd@.service create mode 100644 src/systemd/lcdproc.service delete mode 100644 src/systemd/lcdproc@.service (limited to 'data') diff --git a/data/templates/lcd/LCDd.conf.tmpl b/data/templates/lcd/LCDd.conf.tmpl new file mode 100644 index 000000000..da749d04a --- /dev/null +++ b/data/templates/lcd/LCDd.conf.tmpl @@ -0,0 +1,126 @@ +### Autogenerted by system-display.py ## + +# LCDd.conf -- configuration file for the LCDproc server daemon LCDd +# +# This file contains the configuration for the LCDd server. +# +# The format is ini-file-like. It is divided into sections that start at +# markers that look like [section]. Comments are all line-based comments, +# and are lines that start with '#' or ';'. +# +# The server has a 'central' section named [server]. For the menu there is +# a section called [menu]. Further each driver has a section which +# defines how the driver acts. +# +# The drivers are activated by specifying them in a driver= line in the +# server section, like: +# +# Driver=curses +# +# This tells LCDd to use the curses driver. +# The first driver that is loaded and is capable of output defines the +# size of the display. The default driver to use is curses. +# If the driver is specified using the -d command line option, +# the Driver= options in the config file are ignored. +# +# The drivers read their own options from the respective sections. + +## Server section with all kinds of settings for the LCDd server ## +[server] + +# Where can we find the driver modules ? +# NOTE: Always place a slash as last character ! +DriverPath=/usr/lib/x86_64-linux-gnu/lcdproc/ + +# Tells the server to load the given drivers. Multiple lines can be given. +# The name of the driver is case sensitive and determines the section +# where to look for further configuration options of the specific driver +# as well as the name of the dynamic driver module to load at runtime. +# The latter one can be changed by giving a File= directive in the +# driver specific section. +# +# The following drivers are supported: +# bayrad, CFontz, CFontzPacket, curses, CwLnx, ea65, EyeboxOne, futaba, +# g15, glcd, glcdlib, glk, hd44780, icp_a106, imon, imonlcd,, IOWarrior, +# irman, joy, lb216, lcdm001, lcterm, linux_input, lirc, lis, MD8800, +# mdm166a, ms6931, mtc_s16209x, MtxOrb, mx5000, NoritakeVFD, +# Olimex_MOD_LCD1x9, picolcd, pyramid, rawserial, sdeclcd, sed1330, +# sed1520, serialPOS, serialVFD, shuttleVFD, sli, stv5730, svga, t6963, +# text, tyan, ula200, vlsys_m428, xosd, yard2LCD + +{% if model is defined and model.startswith('CFA-') %} +Driver=CFontzPacket +{% endif %} + +# Tells the driver to bind to the given interface. [default: 127.0.0.1] +Bind=127.0.0.1 + +# Listen on this specified port. [default: 13666] +Port=13666 + +# Sets the reporting level; defaults to warnings and errors only. +# [default: 2; legal: 0-5] +ReportLevel=3 + +# Should we report to syslog instead of stderr? [default: no; legal: yes, no] +ReportToSyslog=yes + +# User to run as. LCDd will drop its root privileges and run as this user +# instead. [default: nobody] +User=nobody + +# The server will stay in the foreground if set to yes. +# [default: no, legal: yes, no] +Foreground=yes + +# Hello message: each entry represents a display line; default: builtin +Hello="Starting VyOS" +Hello=" ... " + +# GoodBye message: each entry represents a display line; default: builtin +GoodBye=" VyOS shutting" +GoodBye=" down... " + +# Sets the interval in microseconds for updating the display. +# [default: 125000 meaning 8Hz] +FrameInterval=250000 # 4 updates per second + +# Sets the default time in seconds to displays a screen. [default: 4] +WaitTime=1 + +# If set to no, LCDd will start with screen rotation disabled. This has the +# same effect as if the ToggleRotateKey had been pressed. Rotation will start +# if the ToggleRotateKey is pressed. Note that this setting does not turn off +# priority sorting of screens. [default: on; legal: on, off] +AutoRotate=on + +# If yes, the the serverscreen will be rotated as a usual info screen. If no, +# it will be a background screen, only visible when no other screens are +# active. The special value 'blank' is similar to no, but only a blank screen +# is displayed. [default: on; legal: on, off, blank] +ServerScreen=blank + +# Set master backlight setting. If set to 'open' a client may control the +# backlight for its own screens (only). [default: open; legal: off, open, on] +Backlight=on + +# Set master heartbeat setting. If set to 'open' a client may control the +# heartbeat for its own screens (only). [default: open; legal: off, open, on] +Heartbeat=off + +# set title scrolling speed [default: 10; legal: 0-10] +TitleSpeed=10 + +{% if model is defined and model is not none %} +{% if model.startswith('CFA-') %} +## CrystalFontz packet driver (for CFA533, CFA631, CFA633 & CFA635) ## +[CFontzPacket] +Model={{ model.split('-')[1] }} +Device={{ device }} +Contrast=350 +Brightness=500 +OffBrightness=50 +Reboot=yes +USB=yes +{% endif %} +{% endif %} diff --git a/data/templates/lcd/lcdproc.conf.tmpl b/data/templates/lcd/lcdproc.conf.tmpl new file mode 100644 index 000000000..c79f3cd0d --- /dev/null +++ b/data/templates/lcd/lcdproc.conf.tmpl @@ -0,0 +1,60 @@ +### autogenerated by system-lcd.py ### + +# LCDproc client configuration file + +[lcdproc] +Server=127.0.0.1 +Port=13666 + +# set reporting level +ReportLevel=3 + +# report to to syslog ? +ReportToSyslog=true + +Foreground=yes + +[CPU] +Active=true +OnTime=1 +OffTime=2 +ShowInvisible=false + +[SMP-CPU] +Active=false + +[Memory] +Active=false + +[Load] +Active=false + +[Uptime] +Active=true + +[ProcSize] +Active=false + +[Disk] +Active=false + +[About] +Active=false + +[TimeDate] +Active=true +TimeFormat="%H:%M:%S" + +[OldTime] +Active=false + +[BigClock] +Active=false + +[MiniClock] +Active=false + +# Display the title bar in two-line mode. Note that with four lines or more +# the title is always shown. [default: true; legal: true, false] +ShowTitle=false + diff --git a/data/templates/system-display/LCDd.conf.tmpl b/data/templates/system-display/LCDd.conf.tmpl deleted file mode 100644 index 1dd646202..000000000 --- a/data/templates/system-display/LCDd.conf.tmpl +++ /dev/null @@ -1,1500 +0,0 @@ -### Autogenerted by system-display.py ## -# LCDd.conf -- configuration file for the LCDproc server daemon LCDd -# -# This file contains the configuration for the LCDd server. -# -# The format is ini-file-like. It is divided into sections that start at -# markers that look like [section]. Comments are all line-based comments, -# and are lines that start with '#' or ';'. -# -# The server has a 'central' section named [server]. For the menu there is -# a section called [menu]. Further each driver has a section which -# defines how the driver acts. -# -# The drivers are activated by specifying them in a driver= line in the -# server section, like: -# -# Driver=curses -# -# This tells LCDd to use the curses driver. -# The first driver that is loaded and is capable of output defines the -# size of the display. The default driver to use is curses. -# If the driver is specified using the -d command line option, -# the Driver= options in the config file are ignored. -# -# The drivers read their own options from the respective sections. - - - -## Server section with all kinds of settings for the LCDd server ## -[server] - -# Where can we find the driver modules ? -# IMPORTANT: Make sure to change this setting to reflect your -# specific setup! Otherwise LCDd won't be able to find -# the driver modules and will thus not be able to -# function properly. -# NOTE: Always place a slash as last character ! -DriverPath=/usr/lib/x86_64-linux-gnu/lcdproc/ - -# Tells the server to load the given drivers. Multiple lines can be given. -# The name of the driver is case sensitive and determines the section -# where to look for further configuration options of the specific driver -# as well as the name of the dynamic driver module to load at runtime. -# The latter one can be changed by giving a File= directive in the -# driver specific section. -# -# The following drivers are supported: -# bayrad, CFontz, CFontzPacket, curses, CwLnx, ea65, EyeboxOne, futaba, -# g15, glcd, glcdlib, glk, hd44780, icp_a106, imon, imonlcd,, IOWarrior, -# irman, joy, lb216, lcdm001, lcterm, linux_input, lirc, lis, MD8800, -# mdm166a, ms6931, mtc_s16209x, MtxOrb, mx5000, NoritakeVFD, -# Olimex_MOD_LCD1x9, picolcd, pyramid, rawserial, sdeclcd, sed1330, -# sed1520, serialPOS, serialVFD, shuttleVFD, sli, stv5730, svga, t6963, -# text, tyan, ula200, vlsys_m428, xosd, yard2LCD -{%- if model == 'sdec' %} -Driver=sdeclcd -{%- endif %} - -{%- if model == 'ezio' %} -Driver=hd44780 -{%- endif %} - -{%- if model == 'test' %} -Driver=CFontzPacket -{%- endif %} - -# Tells the driver to bind to the given interface. [default: 127.0.0.1] -#Bind=127.0.0.1 - -# Listen on this specified port. [default: 13666] -#Port=13666 - -# Sets the reporting level; defaults to warnings and errors only. -# [default: 2; legal: 0-5] -#ReportLevel=3 - -# Should we report to syslog instead of stderr? [default: no; legal: yes, no] -#ReportToSyslog=yes - -# User to run as. LCDd will drop its root privileges and run as this user -# instead. [default: nobody] -User=nobody - -# The server will stay in the foreground if set to yes. -# [default: no, legal: yes, no] -#Foreground=yes - -# Hello message: each entry represents a display line; default: builtin -Hello="{%- if hello %}{{ hello }}{%- else %}Welcome to VyOS{%- endif %}" - -# GoodBye message: each entry represents a display line; default: builtin -GoodBye="{%- if bye %}{{ bye }}{%- else %}Bye from VyOS{%- endif %}" - -# Sets the interval in microseconds for updating the display. -# [default: 125000 meaning 8Hz] -#FrameInterval=125000 - -# Sets the default time in seconds to displays a screen. [default: 4] -WaitTime={%- if time %}{{ time }}{%- else%}4{%- endif %} - -# If set to no, LCDd will start with screen rotation disabled. This has the -# same effect as if the ToggleRotateKey had been pressed. Rotation will start -# if the ToggleRotateKey is pressed. Note that this setting does not turn off -# priority sorting of screens. [default: on; legal: on, off] -#AutoRotate=off - -# If yes, the the serverscreen will be rotated as a usual info screen. If no, -# it will be a background screen, only visible when no other screens are -# active. The special value 'blank' is similar to no, but only a blank screen -# is displayed. [default: on; legal: on, off, blank] -ServerScreen=no - -# Set master backlight setting. If set to 'open' a client may control the -# backlight for its own screens (only). [default: open; legal: off, open, on] -#Backlight=open - -# Set master heartbeat setting. If set to 'open' a client may control the -# heartbeat for its own screens (only). [default: open; legal: off, open, on] -#Heartbeat=open - -# set title scrolling speed [default: 10; legal: 0-10] -#TitleSpeed=10 - -# The "...Key=" lines define what the server does with keypresses that -# don't go to any client. The ToggleRotateKey stops rotation of screens, while -# the PrevScreenKey and NextScreenKey go back / forward one screen (even if -# rotation is disabled. -# Assign the key string returned by the driver to the ...Key setting. These -# are the defaults: -ToggleRotateKey=Enter -PrevScreenKey=Left -NextScreenKey=Right -#ScrollUpKey=Up -#ScrollDownKey=Down - -## The menu section. The menu is an internal LCDproc client. ## -[menu] -# If true the server allows transitions between different client's menus -# [default: false; legal: true, false] -#PermissiveGoto=false - -# You can configure what keys the menu should use. Note that the MenuKey -# will be reserved exclusively, the others work in shared mode. - -# Up to six keys are supported. The MenuKey (to enter and exit the menu), the -# EnterKey (to select values) and at least one movement keys are required. -# These are the default key assignments: -MenuKey=Escape -EnterKey=Enter -UpKey=Up -DownKey=Down -#LeftKey=Left -#RightKey=Right - - -### Driver sections are below this line, in alphabetical order ### - - -## EMAC BayRAD driver ## -[bayrad] - -# Select the output device to use [default: /dev/lcd] -Device=/dev/lcd - -# Set the communication speed [default: 9600; legal: 1200, 2400, 9600, 19200] -Speed=9600 - - - -## CrystalFontz driver (for CF632 & CF634) ## -[CFontz] - -# Select the output device to use [default: /dev/lcd] -Device=/dev/ttyS0 -# Select the LCD size [default: 20x4] -Size=20x4 -# Set the initial contrast [default: 560; legal: 0 - 1000] -Contrast=350 -# Set the initial brightness [default: 1000; legal: 0 - 1000] -Brightness=1000 -# Set the initial off-brightness [default: 0; legal: 0 - 1000] -# This value is used when the display is normally -# switched off in case LCDd is inactive -OffBrightness=0 -# Set the communication speed [default: 9600; legal: 1200, 2400, 9600, 19200, -# 115200] -Speed=9600 -# Set the firmware version (New means >= 2.0) [default: no; legal: yes, no] -NewFirmware=no -# Reinitialize the LCD's BIOS [default: no; legal: yes, no] -# normally you shouldn't need this -Reboot=no - - - -## CrystalFontz packet driver (for CFA533, CFA631, CFA633 & CFA635) ## -[CFontzPacket] -{%- if model == 'test' %} -Model=533 -Device=/dev/serial/by-bus/usb0b1.1p1.0 -Contrast=350 -Brightness=1000 -OffBrightness=50 -Reboot=yes -USB=yes -{%- endif %} - - -## Curses driver ## -[curses] - -# color settings -# foreground color [default: blue] -Foreground=blue -# background color when "backlight" is off [default: cyan] -Background=cyan -# background color when "backlight" is on [default: red] -Backlight=red - -# display size [default: 20x4] -Size=20x2 - -# What position (X,Y) to start the left top corner at... -# Default: (7,7) -TopLeftX=7 -TopLeftY=7 - -# use ASC symbols for icons & bars [default: no; legal: yes, no] -UseACS=no - -# draw Border [default: yes; legal: yes, no] -DrawBorder=yes - - - -## Cwlinux driver ## -[CwLnx] - -# Select the LCD model [default: 12232; legal: 12232, 12832, 1602] -Model=12232 - -# Select the output device to use [default: /dev/lcd] -Device=/dev/ttyUSB0 - -# Select the LCD size. Default depends on model: -# 12232: 20x4 -# 12832: 21x4 -# 1602: 16x2 -Size=20x4 - -# Set the communication speed [default: 19200; legal: 9600, 19200] -Speed=19200 - -# Reinitialize the LCD's BIOS [default: no; legal: yes, no] -# normally you shouldn't need this -Reboot=no - -# If you have a keypad connected. Keypad layout is currently not -# configureable from the config file. -Keypad=yes - -# If you have a non-standard keypad you can associate any keystrings to keys. -# There are 6 input keys in the CwLnx hardware that generate characters -# from 'A' to 'F'. -# -# The following is the built-in default mapping hardcoded in the driver. -# You can leave those unchanged if you have a standard keypad. -# You can change it if you want to report other keystrings or have a non -# standard keypad. -# KeyMap_A=Up -# KeyMap_B=Down -# KeyMap_C=Left -# KeyMap_D=Right -# KeyMap_E=Enter -# KeyMap_F=Escape - -# keypad_test_mode permits one to test keypad assignment -# Default value is no -#keypad_test_mode=yes - - - -## ea65 driver for the display in AOpen XC Cube AV EA65 media barebones ## -[ea65] - -# Device is fixed /dev/ttyS1 -# Width and Height are fixed 9x1 - -# As the VFD is self luminescent we don't have a backlight -# But we can use the backlight functions to control the front LEDs -# Brightness 0 to 299 -> LEDs off -# Brightness 300 to 699 -> LEDs half bright -# Brightness 700 to 1000 -> LEDs full bright -Brightness=500 -# OffBrightness is the the value used for the 'backlight off' state -OffBrightness=0 - - - -## EyeboxOne driver ## -[EyeboxOne] - -# Select the output device to use [default: /dev/ttyS1] -# Device=/dev/cua01 -Device=/dev/ttyS1 - -# Set the display size [default: 20x4] -Size=20x4 - -# Switch on the backlight? [default: yes] -Backlight=yes - -# Switch on the cursor? [default: no] -Cursor=no - -# Set the communication speed [default: 19200; legal: 1200, 2400, 9600, 19200] -Speed=19200 - -# Enter Key is a \r character, so it's hardcoded in the driver -LeftKey=D -RightKey=C -UpKey=A -DownKey=B -EscapeKey=P - -# You can find out which key of your display sends which -# character by setting keypad_test_mode to yes and running -# LCDd. LCDd will output all characters it receives. -# Afterwards you can modify the settings above and set -# keypad_set_mode to no again. -keypad_test_mode=no - -## Futaba TOSD-5711BB VFD Driver ## -[futaba] - -## g15 driver for Logitech G15 Keyboard LCDs ## -[g15] - -# Display size (currently unused) -size=20x5 - - - -## glcd generic graphical display driver -[glcd] -# Select what type of connection. See documentation for types. -ConnectionType=t6963 - -# Width and height of the display in pixel. The supported sizes may depend on -# the ConnectionType. [default: 128x64; legal: 1x1 - 640x480] -#Size=128x64 - -# Width and height of a character cell in pixels. This value is only used if -# the driver has been compiled with FreeType and it is enabled. Otherwise the -# default 6x8 cell is used. -#CellSize=12x16 - -# If LCDproc has been compiled with FreeType 2 support this option can be used -# to turn if off intentionally. [default: yes; legal: yes, no] -#useFT2=no - -# Path to font file to use for FreeType rendering. This font must be monospace -# and should contain some special Unicode characters like arrows (Andale Mono -# is recommended and can be fetched at http://corefonts.sf.net). -#normal_font=/usr/local/lib/X11/fonts/TTF/andalemo.ttf - -# Some fonts miss the Unicode characters used to represent icons. In this case -# the built-in 5x8 font can used if this option is turned off. [default: yes; -# legal: yes, no] -#fontHasIcons=no - -# Set the initial contrast if supported by connection type. -# [default: 600; legal: 0 - 1000] -#Contrast=600 - -# Set brightness of the backlight if the backlight is switched 'on'. -# [default: 800; legal: 0 - 1000] -#Brightness=1000 - -# Set brightness of the backlight if the backlight is switched 'off'. Set this -# to zero to completely turn off the backlight. [default: 100; legal: 0 - 1000] -#OffBrightness=0 - -# Time (ms) from first key report to first repeat. Set to 0 to disable repeated -# key reports. [default: 500; legal: 0 - 3000] -#KeyRepeatDelay=500 - -# Time (ms) between repeated key reports. Ignored if KeyRepeatDelay is disabled -# (set to zero). [default: 300; legal: 0 - 3000] -#KeyRepeatInterval=300 - -# Assign key strings to keys. There may be up to 16 keys numbered 'A' to 'Z'. -# By default keys 'A' to 'F' are assigned Up, Down, Left, Right, Enter, Escape. -KeyMap_A=Up -KeyMap_B=Down -KeyMap_C=Enter -KeyMap_D=Escape - -# --- t6963 options --- - -# Parallel port to use [default: 0x378; legal: 0x200 - 0x400] -#Port=0x378 - -# Use LPT port in bi-directional mode. This should work on most LPT port -# and is required for proper timing! [default: yes; legal: yes, no] -#bidirectional=yes - -# Insert additional delays into reads / writes. [default: no; legal: yes, no] -#delayBus=no - -# --- serdisplib options --- - -# Name of the underlying serdisplib driver, e.g. ctinclud. See -# serdisplib documentation for details. -serdisp_name=t6963 - -# The display device to use, e.g. serraw:/dev/ttyS0, -# parport:/dev/parport0 or USB:07c0/1501. -serdisp_device=/dev/ppi0 - -# Options string to pass to serdisplib during initialization. Use -# this to set any display related options (e.g. wiring). The display size is -# always set based on the Size configured above! By default, no options are -# set. -# Important: The value must be quoted as it contains equal signs! -#serdisp_options="INVERT=1" - -# --- x11 options --- - -# PixelSize is size of each dot in pixels + a pixel gap. [default: 3+1] -#x11_PixelSize=3+1 - -# Colors are in RRGGBB format prefixed with "0x". -# PixelColor: The color of each dot at full contrast. [default: 0x000000] -#x11_PixelColor=0x000000 - -# BacklightColor: The color of the backlight as full brightness. -# [default: 0x80FF80] -#x11_BacklightColor=0x80FF80 - -# Border: Adds a border (empty space) around the LCD portion of X11 window. -# [default: 20] -#x11_Border=20 - -# Inverted: inverts the pixels [default: no; legal: yes, no] -#x11_Inverted=no - -# --- picolcdgfx options --- - -# Time in ms for usb_read to wait on a key press. [default: 125; legal: >0] -#picolcdgfx_KeyTimeout=125 - -# Inverted: Inverts the pixels. [default: no; legal: yes or no] -#picolcdgfx_Inverted=no - - - -## glcdlib meta driver for graphical LCDs ## -[glcdlib] - -## mandatory: - -# which graphical display supported by graphlcd-base to use [default: image] -# (see /etc/graphlcd.conf for possible drivers) -Driver=noritake800 - -# no=use graphlcd bitmap fonts (they have only one size / font file) -# yes=use fonts supported by FreeType2 (needs Freetype2 support in -# libglcdprocdriver and its dependants) -UseFT2=yes - -# text resolution in fixed width characters [default: 16x4] -# (if it won't fit according to available physical pixel resolution -# and the minimum available font face size in pixels, then -# 'DebugBorder' will automatically be turned on) -TextResolution=20x4 - -# path to font file to use -FontFile=/usr/share/fonts/corefonts/courbd.ttf - -## these only apply if UseFT2=yes: - -# character encoding to use -CharEncoding=iso8859-2 - -# minimum size in pixels in which fonts should be rendered -MinFontFaceSize=7x12 - -## optional: -Brightness=50 # Brightness (in %) if applicable -Contrast=50 # Contrast (in %) if applicable -Backlight=no # Backlight if applicable -UpsideDown=no # flip image upside down -Invert=no # invert light/dark pixels -ShowDebugFrame=no # turns on/off 1 pixel thick debugging - # border within the usable text area, - # for setting up TextResolution and - # MinFontFaceSize (if using FT2); -ShowBigBorder=no # border around the unused area -ShowThinBorder=yes # border around the unused area -PixelShiftX=0 -PixelShiftY=2 - - - -## Matrix Orbital GLK driver ## -[glk] - -# select the serial device to use [default: /dev/lcd] -Device=/dev/lcd - -# set the initial contrast value [default: 500; legal: 0 - 1000] -Contrast=500 - -# set the serial port speed [default: 19200; legal: 9600, 19200, 38400, 57600, 115200] -Speed=19200 - - - -## Hitachi HD44780 driver ## -[hd44780] -{%- if model == 'ezio' %} -ConnectionType=ezio -Device=/dev/ttyUSB0 -Keypad=yes -Size=16x2 -KeyMatrix_4_1=Enter -KeyMatrix_4_2=Up -KeyMatrix_4_3=Down -KeyMatrix_4_4=Escape -{%- endif %} - -# Select what type of connection. See documentation for available types. -#ConnectionType=4bit - -# Select model if have non-standard one which require extra initialization or handling or -# just want extra features it offers. -# Available: standard (default), extended, winstar_oled, pt6314_vfd -# - standard is default, use for LCDs not mentioned below. -# - extended, hd66712, ks0073: allows use 4-line "extended" mode, -# same as deprecated now option ExtendedMode=yes -# - winstar_oled, weh00xxyya: changes initialization for WINSTAR's WEH00xxyyA displays -# and allows handling brightness -# - pt6314_vfd: allows handling brightness on PTC's PT6314 VFDs -# -# This option should be independent of connection type. -#Model = standard - -# I/O address of the LPT port. Usual values are: 0x278, 0x378 and 0x3BC. -# For I2C connections this sets the slave address (usually 0x20). -#Port=0x378 - -# Device of the serial, I2C, or SPI interface [default: /dev/lcd] -#Device=/dev/ttyS0 - -# Bitrate of the serial port (0 for interface default) -#Speed=0 - -# If you have a keypad connected. -# You may also need to configure the keypad layout further on in this file. -#Keypad=no - -# Set the initial contrast (bwctusb, lcd2usb, and usb4all) -# [default: 800; legal: 0 - 1000] -#Contrast=0 - -# Set brightness of the backlight (lcd2usb and usb4all): -# Brightness is the brightness while the backlight is set to 'on'. -# [default: 800; legal: 0 - 1000] -#Brightness=1000 - -# OffBrightness is the brightness while the backlight is set to 'off'. -# [default: 300; legal: 0 - 1000] -#OffBrightness=0 - -# Specify if you have a switchable backlight and if yes, can select method for turning it on/off: -# -# - none - no switchable backlight is available. For compability also boolean -# 0, n, no, off and false are aliases. -# - external - use external pin or any other method defined with ConnectionType backlight -# handling. For backward compability also this value is chosen for boolean -# TRUE values: 1, y, yes, on and true. -# - internal - means that backlight is handled using internal commands according -# to selected display model (with Model option). Depending on model, -# Brightness and OffBrightness options can be taken into account. -# - internalCmds - means that commands for turning on and off backlight are given -# with extra options BacklightOnCmd and BacklightOffCmd, which would be treated -# as catch up (last resort) for other types of displays which have similar features. -# -# You can provide multiple occurences of this option to use more than one method. -# Default is model specific: Winstar OLED and PT6314 VFD enables internal backlight mode, -# for others it is set to none. -#Backlight = none - -# Commands for enabling internal backlight for use with Backlight=internalCmds. -# Up to 4 bytes can be encoded, as integer number in big-endian order. -# -# NOTE: this is advanced option, if command contains bits other than only brighness handling, -# they must be set accordingly to not disrupt display state. If for example 'FUNCTION SET' command -# is used for this purpose, bits of interface length (4-bit / 8-bit) must be set according to -# selected ConnectionType. -#BacklightCmdOn=0x1223 - -# Commands for disabling internal backlight for use with Backlight=internalCmds. -# Up to 4 bytes can be encoded, as integer number in big-endian order. -#BacklightCmdOff=0x1234 - - -# If you have the additional output port ("bargraph") and you want to -# be able to control it with the lcdproc OUTPUT command -#OutputPort=no - -# Specifies if the last line is pixel addressable (yes) or it controls an -# underline effect (no). [default: yes; legal: yes, no] -#Lastline=yes - -# Specifies the size of the LCD. -# In case of multiple combined displays, this should be the total size. -#Size=20x4 - -# For multiple combined displays: how many lines does each display have. -# Vspan=2,2 means both displays have 2 lines. -#vspan=2,2 - -# If you have an HD66712, a KS0073 or another controller with 'extended mode', -# set this flag to get into 4-line mode. On displays with just two lines, do -# not set this flag. -# As an additional restriction, controllers with and without extended mode -# AND 4 lines cannot be mixed for those connection types that support more -# than one display! -# NOTE: This option is deprecated in favour of choosing Model=extended option. -#ExtendedMode=yes - -# In extended mode, on some controllers like the ST7036 (in 3 line mode) -# the next line in DDRAM won't start 0x20 higher. [default: 0x20] -#LineAddress=0x10 - -# Character map to to map ISO-8859-1 to the LCD's character set -# [default: hd44780_default; legal: hd44780_default, hd44780_euro, ea_ks0073, -# sed1278f_0b, hd44780_koi8_r, hd44780_cp1251, hd44780_8859_5, upd16314, -# weh001602a_1] -# (hd44780_koi8_r, hd44780_cp1251, hd44780_8859_5, upd16314 and weh001602a_1 -# are possible if compiled with additional charmaps) -CharMap=hd44780_default - -# Font bank to be used for some displays such as the WINSTAR WEH001602A -# 0: English/Japanese (default) -# 1: Western Europe I -# 2: English/Rusian -# 3: Western Europe II -#FontBank=0 - -# If your display is slow and cannot keep up with the flow of data from -# LCDd, garbage can appear on the LCDd. Set this delay factor to 2 or 4 -# to increase the delays. Default: 1. -#DelayMult=2 - -# Some displays (e.g. vdr-wakeup) need a message from the driver to that it -# is still alive. When set to a value bigger then null the character in the -# upper left corner is updated every seconds. Default: 0. -#KeepAliveDisplay=0 - -# If you experience occasional garbage on your display you can use this -# option as workaround. If set to a value bigger than null it forces a -# full screen refresh seconds. Default: 0. -#RefreshDisplay=5 - -# You can reduce the inserted delays by setting this to false. -# On fast PCs it is possible your LCD does not respond correctly. -# Default: true. -#DelayBus=true - -# If you have a keypad you can assign keystrings to the keys. -# See documentation for used terms and how to wire it. -# For example to give directly connected key 4 the string "Enter", use: -# KeyDirect_4=Enter -# For matrix keys use the X and Y coordinates of the key: -# KeyMatrix_1_3=Enter -#KeyMatrix_4_1=Enter -#KeyMatrix_4_2=Up -#KeyMatrix_4_3=Down -#KeyMatrix_4_4=Escape - -## ICP Peripheral Comminication Protocol driver ## -# Supports A125 and A106 -# -# Short Press Select: Down -# Long Press Select: Up -# Short Press Enter: Enter -# Long Press Enter: Escape -# -[icp_a106] -Device=/dev/ttyS1 - -# Display dimensions -Size=20x2 - - -## Code Mercenaries IO-Warrior driver ## -[IOWarrior] - -# display dimensions -Size=20x4 - -# serial number. Must be exactly as listed by usbview -# (if not given, the 1st IOWarrior found gets used) -#SerialNumber=00000674 - -# If you have an HD66712, a KS0073 or another 'almost HD44780-compatible', -# set this flag to get into extended mode (4-line linear). -#ExtendedMode=yes - -# Specifies if the last line is pixel addressable (yes) or it controls an -# underline effect (no). [default: yes; legal: yes, no] -#Lastline=yes - - - -## Soundgraph/Ahanix/Silverstone/Uneed/Accent iMON driver ## -[imon] - -# select the device to use -Device=/dev/lcd0 - -# display dimensions -Size=16x2 - -# Character map to to map ISO-8859-1 to the displays character set. -# [default: none; legal: none, hd44780_euro, upd16314, hd44780_koi8_r, -# hd44780_cp1251, hd44780_8859_5 ] (upd16314, hd44780_koi8_r, -# hd44780_cp1251, hd44780_8859_5 are possible if compiled with additional -# charmaps) -CharMap=hd44780_euro - -## Soundgraph iMON LCD ## -[imonlcd] -# Specify which iMon protocol should be used -# [legal: 0, 1; default: 0] -# Choose 0 for 15c2:ffdc device, -# Choose 1 for 15c2:0038 device -Protocol=0 - -# Set the exit behavior [legal: 0-2; default: 1] -# 0 means leave shutdown message, -# 1 means show the big clock, -# 2 means blank device -#OnExit=2 - -# Select the output device to use [default: /dev/lcd0] -Device=/dev/lcd0 - -# Select the displays contrast [default: 200; legal: 0-1000] -Contrast=200 - -# Specify the size of the display in pixels [default: 96x16] -#Size=96x16 - -# Set the backlight state [default: on; legal: on, off] -#Backlight=on - -# Set the disc mode [legal: 0,1; default: 0] -# 0 => spin the "slim" disc - two disc segments, -# 1 => their complement spinning; -#DiscMode=0 - - - -## IrMan driver ## -[IrMan] -# in case of trouble with IrMan, try the Lirc emulator for IrMan - -# Select the input device to use -#Device=/dev/irman - -# Select the configuration file to use -#Config=/etc/irman.cfg - - - -## IRtrans driver ## -[irtrans] - -# Does the device have a backlight? [default: no; legal: yes, no] -#Backlight=no - -# IRTrans device to connect to [default: localhost] -#Hostname=localhost - -# display dimensions -Size=16x2 - - - -## Joystick driver ## -[joy] - -# Select the input device to use [default: /dev/js0] -Device=/dev/js0 - -# set the axis map -Map_Axis1neg=Left -Map_Axis1pos=Right -Map_Axis2neg=Up -Map_Axis2pos=Down - -# set the button map -Map_Button1=Enter -Map_Button2=Escape - - -## JW-002 driver ## -[jw002] - -# Select the output device to use [default: /dev/lcd] -#Device=/dev/ttyS0 - -# Set the display size [default: 24x8] -Size=24x8 - -# Optional X and Y offsets (in characters) to center a smaller display -# size on the full 24x8 panel -X_offset=0 -Y_offset=0 - -# Set the communication speed [default: 19200; legal: 1200, 2400, 9600, 19200] -Speed=19200 - -# Pick which font page to use [default: 0] -# Note that different fonts probably have their bargraph chars in different -# spots. For ROM-based fonts 0-3, those characters are already known. -Font=0 - -# The following table translates from jw002 key letters to logical key names. -# By default no keys are mapped, meaning the keypad is not used at all. -#KeyMap_I=Left -#KeyMap_J=Right -#KeyMap_H=Up -#KeyMap_K=Down -#KeyMap_L=Enter -#KeyMap_A=Escape -# See the [menu] section for an explanation of the key mappings - -# You can find out which key of your display sends which -# character by setting keypad_test_mode to yes and running -# LCDd. LCDd will output all characters it receives. -# Afterwards you can modify the settings above and set -# keypad_set_mode to no again. -keypad_test_mode=no - - -## LB216 driver ## -[lb216] - -# Select the output device to use [default: /dev/lcd] -Device=/dev/lcd - -# Set the initial brightness [default: 255; legal: 0 - 255] -Brightness=255 - -# Set the communication speed [default: 9600; legal: 2400, 9600] -Speed=9600 - -# Reinitialize the LCD's BIOS [default: no; legal: yes, no] -Reboot=no - - - -## LCDM001 driver ## -[lcdm001] - -Device=/dev/ttyS1 - -# keypad settings -# Keyname Function -# Normal context Menu context -# ------- -------------- ------------ -# PauseKey Pause/Continue Enter/select -# BackKey Back(Go to previous screen) Up/Left -# ForwardKey Forward(Go to next screen) Down/Right -# MainMenuKey Open main menu Exit/Cancel -PauseKey=LeftKey -BackKey=UpKey -ForwardKey=DownKey -MainMenuKey=RightKey - -# You can rearrange the settings here. -# If your device is broken, have a look at server/drivers/lcdm001.h - - - -## HNE LCTerm driver ## -[lcterm] -Device=/dev/ttyS1 -Size=16x2 - - -## Linux event device input driver ## -[linux_input] - -# Select the input device to use [default: /dev/input/event0]. This may be -# either an absolute path to the input node, starting with '/', or -# an input device name, e.g. "Logitech Gaming Keyboard Gaming Keys". -# Device=/dev/input/event0 - -# specify a non-default key map -#key=1,Escape -#key=28,Enter -#key=96,Enter -#key=105,Left -#key=106,Right -#key=103,Up -#key=108,Down - - -## LIRC input driver ## -[lirc] - -# Specify an alternative location of the lircrc file [default: ~/.lircrc] -#lircrc=/etc/lircrc.lcdproc - -# Must be the same as in your lircrc -#prog=lcdd - - - -## LIS MCE 2005 driver ## -[lis] - -# Set the initial brightness [default: 1000; legal: 0 - 1000] -# 0-250 = 25%, 251-500 = 50%, 501-750 = 75%, 751-1000 = 100% -#Brightness=1000 - -# Columns by lines [default: 20x2] -#Size=20x2 - -# USB Vendor ID [default: 0x0403] -# Change only if testing a compatible device. -#VendorID=0x0403 - -# USB Product ID [default: 0x6001] -# Change only if testing a compatible device. -#ProductID=0x6001 - -# Specifies if the last line is pixel addressable (yes) or it only controls an -# underline effect (no). [default: yes; legal: yes, no] -#Lastline=yes - - - -##The driver for the VFD of the Medion MD8800 PC ## -[MD8800] -# device to use [default: /dev/ttyS1] -#Device=/dev/ttyS1 - -# display size [default: 16x2] -#Size=16x2 - -# Set the initial brightness [default: 1000; legal: 0 - 1000] -Brightness=1000 -# Set the initial off-brightness [default: 0; legal: 0 - 1000] -# This value is used when the display is normally -# switched off in case LCDd is inactive -OffBrightness=50 - - - -## Futuba MDM166A Display -[mdm166a] -# Show self-running clock after LCDd shutdown -# Possible values: [default: no; legal: no, small, big] -Clock=big -# Dim display, no dimming gives full brightness [default: no, legal: yes, no] -Dimming=no -# Dim display in case LCDd is inactive [default: no, legal: yes, no] -OffDimming=yes - - - -## MSI MS-6931 driver for displays in 1HU servers ## -[ms6931] - -# device to use [default: /dev/ttyS1] -Device=/dev/ttyS1 - -# display size [default: 16x2] -#Size=16x2 - - - -## MTC-S16209x driver ## -[mtc_s16209x] - -# Select the output device to use [default: /dev/lcd] -Device=/dev/lcd - -# Set the initial brightness [default: 255; legal: 0 - 255] -Brightness=255 - -# Reinitialize the LCD's BIOS [default: no; legal: yes, no] -Reboot=no - - - -## Matrix Orbital driver ## -[MtxOrb] - -# Select the output device to use [default: /dev/lcd] -Device=/dev/ttyS0 - -# Set the display size [default: 20x4] -Size=20x4 - -# Set the display type [default: lcd; legal: lcd, lkd, vfd, vkd] -Type=lkd - -# Set the initial contrast [default: 480] -# NOTE: The driver will ignore this if the display -# is a vfd or vkd as they don't have this feature -Contrast=480 - -# Some old displays do not have an adjustable backlight but only can -# switch the backlight on/off. If you experience randomly appearing block -# characters, try setting this to false. [default: yes; legal: yes, no] -hasAdjustableBacklight=no - -# Set the initial brightness [default: 1000; legal: 0 - 1000] -Brightness=1000 -# Set the initial off-brightness [default: 0; legal: 0 - 1000] -# This value is used when the display is normally -# switched off in case LCDd is inactive -OffBrightness=0 - -# Set the communication speed [default: 19200; legal: 1200, 2400, 9600, 19200] -Speed=19200 - -# The following table translates from MtxOrb key letters to logical key names. -# By default no keys are mapped, meaning the keypad is not used at all. -#KeyMap_A=Left -#KeyMap_B=Right -#KeyMap_C=Up -#KeyMap_D=Down -#KeyMap_E=Enter -#KeyMap_F=Escape -# See the [menu] section for an explanation of the key mappings - -# You can find out which key of your display sends which -# character by setting keypad_test_mode to yes and running -# LCDd. LCDd will output all characters it receives. -# Afterwards you can modify the settings above and set -# keypad_set_mode to no again. -keypad_test_mode=no - - - -## mx5000 driver for LCD display on the Logitech MX5000 keyboard ## -[mx5000] - -# Select the output device to use [default: /dev/hiddev0] -Device = /dev/hiddev0 -# Time to wait in ms after the refresh screen has been sent [default: 1000] -WaitAfterRefresh = 1000 - - - -## Noritake VFD driver ## -[NoritakeVFD] -# device where the VFD is. Usual values are /dev/ttyS0 and /dev/ttyS1 -# [default: /dev/lcd] -Device=/dev/ttyS0 -# Specifies the size of the LCD. -Size=20x4 -# Set the initial brightness [default: 1000; legal: 0 - 1000] -Brightness=1000 -# Set the initial off-brightness [default: 0; legal: 0 - 1000] -# This value is used when the display is normally -# switched off in case LCDd is inactive -OffBrightness=50 -# set the serial port speed [default: 9600, legal: 1200, 2400, 9600, 19200, 115200] -Speed=9600 -# Set serial data parity [default: 0; legal: 0-2 ] -# Meaning: 0(=none), 1(=odd), 2(=even) -Parity=0 -# re-initialize the VFD [default: no; legal: yes, no] -Reboot=no - - - -## Olimex MOD-LCD1x9 driver ## -[Olimex_MOD_LCD1x9] - -# device file of the i2c controler -Device=/dev/i2c-0 - - -## Mini-box.com picoLCD (usblcd) driver ## -[picolcd] - -# KeyTimeout is only used if the picoLCD driver is built with libusb-0.1. When -# built with libusb-1.0 key and IR data is input asynchronously so there is no -# need to wait for the USB data. -# KeyTimeout is the time in ms that LCDd spends waiting for a key press before -# cycling through other duties. Higher values make LCDd use less CPU time and -# make key presses more detectable. Lower values make LCDd more responsive -# but a little prone to missing key presses. 500 (.5 second) is the default -# and a balanced value. [default: 500; legal: 0 - 1000] -KeyTimeout=500 - -# Key auto repeat is only available if the picoLCD driver is built with -# libusb-1.0. Use KeyRepeatDelay and KeyRepeatInterval to configure key auto -# repeat. -# -# Key auto repeat delay (time in ms from first key report to first repeat). Use -# zero to disable auto repeat. [default: 300; legal: 0 - 3000] -KeyRepeatDelay=300 - -# Key auto repeat interval (time in ms between repeat reports). Only used if -# KeyRepeatDelay is not zero. [default: 200; legal: 0 - 3000] -KeyRepeatInterval=200 - -# Sets the initial state of the backlight upon start-up. -# [default: on; legal: on, off] -#Backlight=on - -# Set the initial brightness [default: 1000; legal: 0 - 1000]. Works only -# with the 20x4 device -Brightness=1000 - -# Set the brightness while the backlight is 'off' [default: 0; legal: 0 - 1000]. -# Works only with the 20x4 device. -#OffBrightness=0 - -# Set the initial contrast [default: 1000; legal: 0 - 1000] -Contrast=1000 - -# Link the key lights to the backlight? [default: on; legal: on, off] -#LinkLights=off - -# Light the keys? [default: on; legal: on, off] -Keylights=on - -# If Keylights is on, the you can unlight specific keys below: -# Key0 is the directional pad. Key1 - Key5 correspond to the F1 - F5 keys. -# There is no LED for the +/- keys. This is a handy way to indicate to users -# which keys are disabled. [default: on; legal: on, off] -Key0Light=on -Key1Light=on -Key2Light=on -Key3Light=on -Key4Light=on -Key5Light=on - -# Host name or IP address of the LIRC instance that is to receive IR codes -# If not set, or set to an empty value, IR support is disabled. -#LircHost=127.0.0.1 - -# UDP port on which LIRC is listening [default: 8765; legal: 1 - 65535] -LircPort=8765 - -# UDP data time unit for LIRC [default: off; legal: on, off] -# On: times sent in microseconds (requires LIRC UDP driver that accepts this). -# Off: times sent in 'jiffies' (1/16384s) (supported by standard LIRC UDP driver). -LircTime_us=on - -# Threshold in microseconds of the gap that triggers flushing the IR data -# to lirc [default: 8000; legal: 1000 - ] -# If LircTime_us is on values greater than 32.767ms will disable the flush -# If LircTime_us is off values greater than 1.999938s will disable the flush -LircFlushThreshold=10000 - - - -## Pyramid LCD driver ## -[pyramid] - -# device to connect to [default: /dev/lcd] -Device=/dev/ttyUSB0 - - - -## rawserial driver ## -[rawserial] - -# Select the output device to use [default: /dev/cuaU0] -Device=/dev/ttyS0 - -# Serial port baudrate [default: 9600] -Speed=9600 - -# Specifies the size of the LCD. If this driver is loaded as a secondary driver -# it always adopts to the size of the primary driver. If loaded as the only -# (or primary) driver, the size can be set. [default: 40x4] -#Size=16x2 - -# How often to dump the LCD contents out the port, in Hertz (times per second) -# 1 = once per second, 4 is 4 times per second, 0.1 is once every 10 seconds. -# [default: 1; legal: 0.0005 - 10] -UpdateRate=1 - - - -## SDEC driver for Watchguard Firebox ## -[sdeclcd] -# No options - - -## Seiko Epson 1330 driver ## -[sed1330] - -# Port where the LPT is. Common values are 0x278, 0x378 and 0x3BC -Port=0x378 - -# Type of LCD module (legal: G321D, G121C, G242C, G191D, G2446, SP14Q002) -# Note: Currently only tested with G321D & SP14Q002. -Type=G321D - -# Width x Height of a character cell in pixels [legal: 6x7 - 8x16; default: 6x10] -CellSize=6x10 - -# Select what type of connection [legal: classic, bitshaker; default: classic] -ConnectionType=classic - - - -## Seiko Epson 1520 driver ## -[sed1520] - -# Port where the LPT is. Usual values are 0x278, 0x378 and 0x3BC -Port=0x378 - -# Select the interface type (wiring) for the display. Supported values are -# 68 for 68-style connection (RESET level high) and 80 for 80-style connection -# (RESET level low). [legal: 68, 80; default: 80] -InterfaceType=80 - -# On fast machines it may be necessary to slow down transfer to the display. -# If this value is set to zero, delay is disabled. Any value greater than -# zero slows down each write by one microsecond. [legal: 0-1000; default: 1] -DelayMult=0 - -# The original wiring used an inverter to drive the control lines. If you do -# not use an inverter set haveInverter to no. [default: yes; legal: yes, no] -HaveInverter=no - -# On some displays column data in memory is mapped to segment lines from right -# to left. This is called inverted mapping (not to be confused with -# 'haveInverter' from above). [default: no; legal: yes, no] -#InvertedMapping=yes - -# At least one display is reported (Everbouquet MG1203D) that requires sending -# three times 0xFF before a reset during initialization. -# [default: no; legal: yes, no] -#UseHardReset=yes - - -## serial POS display driver ## -[serialPOS] - -# Device to use in serial mode [default: /dev/ttyS0] -Device=/dev/ttyS0 - -# Specifies the size of the display in characters. [default: 16x2] -Size=16x2 - -# Specifies the cell size of each character cell on the display in characters. -# [default: 5x8] -Cellsize=5x8 - -# Specifies the number of custom characters supported by the display. -# [default: 0] -Custom_chars=0 - -# Set the communication protocol to use with the POS display. -# [default: AEDEX; legal: AEDEX, CD5220, Epson, Emax, LogicControls, Ultimate] -Type=AEDEX - -# communication baud rate with the display [default: 9600; legal: 1200, 2400, -# 4800, 9600, 19200, 115200] -Speed=9600 - - - -## Serial VFD driver ## -## Drives various (see below) serial 5x7dot VFD's. ## -[serialVFD] - -# Specifies the displaytype.[default: 0] -# 0 NEC (FIPC8367 based) VFDs. -# 1 KD Rev 2.1. -# 2 Noritake VFDs (*). -# 3 Futaba VFDs -# 4 IEE S03601-95B -# 5 IEE S03601-96-080 (*) -# 6 Futaba NA202SD08FA (allmost IEE compatible) -# 7 Samsung 20S207DA4 and 20S207DA6 -# 8 Nixdorf BA6x / VT100 -# (* most should work, not tested yet.) -Type=0 - -# "no" if display connected serial, "yes" if connected parallel. [default: no] -# I.e. serial by default -use_parallel=no - -# Number of Custom-Characters. default is display type dependent -#Custom-Characters=0 - -# Portaddress where the LPT is. Used in parallel mode only. Usual values are -# 0x278, 0x378 and 0x3BC. -Port=0x378 - -# Set parallel port timing delay (us). Used in parallel mode only. -# [default: 2; legal: 0 - 255] -#PortWait=2 - -# Device to use in serial mode. Usual values are /dev/ttyS0 and /dev/ttyS1 -Device=/dev/ttyS1 - -# Specifies the size of the VFD. -Size=20x2 - -# Set the initial brightness [default: 1000; legal: 0 - 1000] -# (4 steps 0-250, 251-500, 501-750, 751-1000) -Brightness=1000 -# Set the initial off-brightness [default: 0; legal: 0 - 1000] -# This value is used when the display is normally -# switched off in case LCDd is inactive -# (4 steps 0-250, 251-500, 501-750, 751-1000) -OffBrightness=0 - -# set the serial port speed [default: 9600; legal: 1200, 2400, 9600, 19200, 115200] -Speed=9600 - -# enable ISO 8859 1 compatibility [default: yes; legal: yes, no] -#ISO_8859_1=yes - - - -## shuttleVFD driver ## -[shuttleVFD] -# No options - - - -## stv5730 driver ## -[stv5730] - -# Port the device is connected to [default: 0x378] -Port=0x378 - - -[SureElec] - -# Port the device is connected to (by default first USB serial port) -Device=/dev/ttyUSB0 - -# Edition level of the device (can be 1, 2 or 3) [default: 2] -#Edition=1 - -# set display size -# Note: The size can be obtained directly from device for edition 2 & 3. -#Size=16x2 - -# Set the initial contrast [default: 480; legal: 0 - 1000] -#Contrast=200 - -# Set the initial brightness [default: 480; legal: 1 - 1000] -#Brightness=480 - -# Set the initial off-brightness [default: 100; legal: 1 - 1000] -# This value is used when the display is normally -# switched off in case LCDd is inactive -#OffBrightness=100 - - -## SVGAlib driver ## -[svga] - -# svgalib mode to use [default: G320x240x256 ] -# legal values are supported svgalib modes -#Mode=G640x480x256 - -# set display size [default: 20x4] -Size=20x4 - -# Set the initial contrast [default: 500; legal: 0 - 1000] -# Can be set but does not change anything internally -Contrast=500 - -# Set the initial brightness [default: 1000; legal: 1 - 1000] -Brightness=1000 - -# Set the initial off-brightness [default: 500; legal: 1 - 1000] -# This value is used when the display is normally -# switched off in case LCDd is inactive -OffBrightness=500 - - - -## Text driver ## -[text] -# Set the display size [default: 20x4] -Size=20x4 - - - -## Toshiba T6963 driver ## -[t6963] - -# set display size in pixels [default: 128x64] -Size=128x64 - -# port to use [default: 0x378; legal: 0x200 - 0x400] -Port=0x378 - -# Use LPT port in bi-directional mode. This should work on most LPT port and -# is required for proper timing! [default: yes; legal: yes, no] -#bidirectional=yes - -# Insert additional delays into reads / writes. [default: no; legal: yes, no] -#delayBus=no - -# Clear graphic memory on start-up. [default: no; legal: yes, no] -#ClearGraphic=no - - - -## Tyan Barebones LCD driver (GS10 & GS12 series) ## -[tyan] - -# Select the output device to use [default: /dev/lcd] -Device=/dev/lcd - -# Set the communication speed [default: 9600; legal: 4800, 9600] -Speed=9600 - -# set display size [default: 16x2] -Size=16x2 - - - -## ELV ula200 driver ## -[ula200] - -# Select the LCD size [default: 20x4] -Size=20x4 - -# If you have a non standard keypad you can associate any keystrings to keys. -# There are 6 input key in the CwLnx hardware that generate characters -# from 'A' to 'F'. -# -# The following it the built-in default mapping hardcoded in the driver. -# You can leave those unchanged if you have a standard keypad. -# You can change it if you want to report other keystrings or have a non -# standard keypad. -# KeyMap_A=Up -# KeyMap_B=Down -# KeyMap_C=Left -# KeyMap_D=Right -# KeyMap_E=Enter -# KeyMap_F=Escape - - - -## Wirz SLI LCD driver ## -[sli] - -# Select the output device to use [default: /dev/lcd] -Device=/dev/lcd - -# Set the communication speed [default: 19200; legal: 1200, 2400, 9600, 19200, -# 38400, 57600, 115200] -Speed=19200 - - - -## vlsys_m428 for VFD/IR combination in Moneual MonCaso 320 ## -[vlsys_m428] - -# Select the output device to use [default: /dev/ttyUSB0] -#Device=/dev/ttyUSB0 - - - -## OnScreen Display using libxosd ## -[xosd] - -# set display size [default: 20x4] -Size=20x4 - -# Offset in pixels from the top-left corner of the monitor [default: 0x0] -Offset=200x200 - -# X font to use, in XLFD format, as given by "xfontsel" -Font=-*-terminus-*-r-*-*-*-320-*-*-*-*-* - -## Y.A.R.D.2 LCD section -[yard2LCD] -Size=20x4 -# If rendering rate is too high, change in server\main.h #define RENDER_FREQ 8 to "1" - -# EOF diff --git a/data/templates/system-display/lcdproc.conf.tmpl b/data/templates/system-display/lcdproc.conf.tmpl deleted file mode 100644 index 92aee8efe..000000000 --- a/data/templates/system-display/lcdproc.conf.tmpl +++ /dev/null @@ -1,173 +0,0 @@ -### autogenerated by system-display.py ### - -# system display show host (CPU|SMP-CPU|CPU-Graph|Load|Memory|Proc-Size|Disk|Uptime) -# network interface alias -# units (bps|Bps|pps) -# clock (big|mini|date-time) - -# LCDproc client configuration file - -## general options ## -[lcdproc] -# address of the LCDd server to connect to -Server=127.0.0.1 - -# Port of the server to connect to -Port=13666 - -# set reporting level -#ReportLevel=2 - -# report to to syslog ? -ReportToSyslog=true - -# run in foreground [default: false; legal: true, false] -#Foreground=true - -# PidFile location when running as daemon [default: /var/run/lcdproc.pid] -#PidFile=/var/run/lcdproc.pid - -# slow down initial announcement of modes (in 1/100s) -#delay=2 - - -## screen specific configuration options ## -{%- if show %} -# display name for the main menu [default: LCDproc HOST] -DisplayName="{%- if show['title'] %}{{ show['title'] }}{%- else %}VyOS{%- endif %}" - -{%- if show['host'] %} - -[CPU] -# Show screen -Active={%- if 'cpu' in show['host'] %}true{%- else %}false{%- endif %} -OnTime=1 -OffTime=2 -ShowInvisible=false - -[SMP-CPU] -# Show screen -Active={%- if 'cpu-all' in show['host'] %}true{%- else %}false{%- endif %} - -[Memory] -# Show screen -Active={%- if 'memory' in show['host'] %}true{%- else %}false{%- endif %} - -[Load] -# Show screen -Active={%- if 'load-hist' in show['host'] %}true{%- else %}false{%- endif %} -# Min Load Avg at which the backlight will be turned off [default: 0.05] -LowLoad=0.05 -# Max Load Avg at which the backlight will start blinking [default: 1.3] -HighLoad=1.3 - -[Uptime] -# Show screen -Active={%- if 'uptime' in show['host'] %}true{%- else %}false{%- endif %} - -[CPUGraph] -# Show screen -Active={%- if 'cpu-hist' in show['host'] %}true{%- else %}false{%- endif %} - -[ProcSize] -# Show screen -Active={%- if 'proc' in show['host'] %}true{%- else %}false{%- endif %} - -[Disk] -# Show screen -Active={%- if 'disk' in show['host'] %}true{%- else %}false{%- endif %} -{%- else %} {# if show['host'] #} -{# Turn off sections that default active #} - -[CPU] -Active=false - -[Memory] -Active=false - -[Load] -Active=false - -{%- endif %} {# if show['host'] #} - -[TimeDate] -# Show screen -Active={%- if show['clock'] == 'date-time' %}true{%- else %}false{%- endif %} -# time format [default: %H:%M:%S; legal: see strftime(3)] -TimeFormat="%H:%M:%S" -# date format [default: %x; legal: see strftime(3)] -DateFormat="%x" - -[BigClock] -# Show screen -Active={%- if show['clock'] == 'big' %}true{%- else %}false{%- endif %} - -[MiniClock] -# Show screen -Active={%- if show['clock'] == 'mini' %}true{%- else %}false{%- endif %} -# time format [default: %H:%M; legal: see strftime(3)] -TimeFormat="%H:%M" - -{%- if show['network'] %} -[Iface] -# Show screen -Active={%- if show['network']['interface'] %}true{%- else %}false{%- endif %} -{%- for i in show['network']['interface'] %} -# Show stats for Interface {{ i }} -Interface{{ loop.index0 }}={{ i }} -{%- if show['network']['interface'][i]['alias'] %} -# Interface alias name to display [default: ] -Alias{{ loop.index0 }}={{ show['network']['interface'][i]['alias'] }} -{%- endif %} -{%- endfor %} - -# Units to display [default: byte; legal: byte, bit, packet] -{%- if show['network']['units'] == 'bps' %} -unit=bit -{%- elif show['network']['units'] == 'Bps'%} -unit=byte -{%- elif show['network']['units'] == 'pps' %} -unit=packet -{%- else %} -unit=bit -{%- endif %} -# add screen with transferred traffic -#transfer=TRUE -{%- endif %} {# if show['network'] #} - -{%- else %}{# if show #} -{# Turn off sections that default active #} - -[CPU] -Active=false - -[Memory] -Active=false - -[Load] -Active=false - -[TimeDate] -Active=false -{%- endif %}{# if show #} - -[Battery] -# Show screen -Active=false - -[About] -# Show screen -Active=false - -[OldTime] -# Show screen -Active=false -# time format [default: %H:%M:%S; legal: see strftime(3)] -TimeFormat="%H:%M:%S" -# date format [default: %x; legal: see strftime(3)] -DateFormat="%x" -# Display the title bar in two-line mode. Note that with four lines or more -# the title is always shown. [default: true; legal: true, false] -#ShowTitle=false - -# EOF diff --git a/interface-definitions/system-display.xml.in b/interface-definitions/system-display.xml.in deleted file mode 100644 index fbd897996..000000000 --- a/interface-definitions/system-display.xml.in +++ /dev/null @@ -1,235 +0,0 @@ - - - - - - - - System display LCD/VFD/LED - 400 - - - - - - Model of the display attached to this system [REQUIRED] - - sdec ezio test - - - (sdec|ezio|test) - - Invalid system display model - - sdec - Display model for Lanner, Watchguard, Nexcom NSA, Sophos UTM appliances with built-in SDEC LCD - - - ezio - Display model for Portwell, Caswell appliances with built-in EZIO-100 or EZIO-300 LCD - - - test - Test model for USB CrystalFonz CF533 - - - - - - - Disable sytem display - - - - - - Select the screens for the system display [REQUIRED] - - - - - - - Select host screens for the system display - - cpu cpu-all cpu-hist disk load-hist memory proc uptime - - - (cpu|cpu-all|cpu-hist|disk|load-hist|memory|proc|uptime) - - Invalid host screen - - cpu - Detailed CPU usage - - - cpu-all - CPU usage overview (one line per CPU) - - - cpu-hist - CPU usage histogram - - - disk - File systems fill level - - - load-hist - Load histogram - - - memory - Memory and swap usage - - - proc - Top processes by size - - - uptime - System uptime - - - - - - - Network settings for system display - - - - - - Show network traffic on the system display [Max 3 interfaces] - - - - - - - - Interface alias - - [A-Za-z0-9]{1,10} - - Invalid alias, must be 1 to 10 char or digit - - - - - - - - Unit for network details - - bps Bps pps - - - (bps|Bps|pps) - - Invalid network detail unit - - bps - Bit(s) per second - - - Bps - Byte(s) per second - - - pps - Packet(s) per second - - - - - - - - - - Show a clock on the system display - - big mini date-time - - - (big|mini|date-time) - - Invalid clock format - - big - Multi-line clock - - - mini - Minimal clock - - - date-time - Clock with Date and Time - - - - - - - Screen title to show on the system display - - [A-Za-z0-9]{1,16} - - Invalid title, must be 1 to 16 char or digit - - - - - - - - Time in sec to show each screen on the system display - - 1-30 - Numer of seconds - - - - - - - - - - Message to show when system display first starts - - .{1,16} - - Hello message must be 1 to 16 char - - - - - - Message to show when system display stops - - .{1,16} - - Bye message must be 1 to 16 char - - - - - - - diff --git a/interface-definitions/system-lcd.xml.in b/interface-definitions/system-lcd.xml.in new file mode 100644 index 000000000..ad59acb6b --- /dev/null +++ b/interface-definitions/system-lcd.xml.in @@ -0,0 +1,62 @@ + + + + + + + System LCD display + 100 + + + + + Model of the display attached to this system [REQUIRED] + + CFA-533 CFA-631 CFA-633 CFA-635 + + + CFA-533 + Crystalfontz CFA-533 + + + CFA-631 + Crystalfontz CFA-631 + + + CFA-633 + Crystalfontz CFA-633 + + + CFA-635 + Crystalfontz CFA-635 + + + ^(CFA-533|CFA-631|CFA-633|CFA-635)$ + + + + + + Physical device used by LCD display + + + + + + ttySXX + TTY device name, regular serial port + + + usbNbXpY + TTY device name, USB based + + + ^(ttyS[0-9]+|usb[0-9]+b.*)$ + + + + + + + + diff --git a/python/vyos/util.py b/python/vyos/util.py index 7078762df..c07fef599 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -661,3 +661,15 @@ def check_kmod(k_mod): if not os.path.exists(f'/sys/module/{module}'): if call(f'modprobe {module}') != 0: raise ConfigError(f'Loading Kernel module {module} failed') + +def find_device_file(device): + """ Recurively search /dev for the given device file and return its full path. + If no device file was found 'None' is returned """ + from fnmatch import fnmatch + + for root, dirs, files in os.walk('/dev'): + for basename in files: + if fnmatch(basename, device): + return os.path.join(root, basename) + + return None diff --git a/src/conf_mode/interfaces-wirelessmodem.py b/src/conf_mode/interfaces-wirelessmodem.py index 4081be3c9..6d168d918 100755 --- a/src/conf_mode/interfaces-wirelessmodem.py +++ b/src/conf_mode/interfaces-wirelessmodem.py @@ -16,7 +16,6 @@ import os -from fnmatch import fnmatch from sys import exit from vyos.config import Config @@ -25,22 +24,13 @@ from vyos.configverify import verify_vrf from vyos.template import render from vyos.util import call from vyos.util import check_kmod +from vyos.util import find_device_file from vyos import ConfigError from vyos import airbag airbag.enable() k_mod = ['option', 'usb_wwan', 'usbserial'] -def find_device_file(device): - """ Recurively search /dev for the given device file and return its full path. - If no device file was found 'None' is returned """ - for root, dirs, files in os.walk('/dev'): - for basename in files: - if fnmatch(basename, device): - return os.path.join(root, basename) - - return None - def get_config(): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the diff --git a/src/conf_mode/system-display.py b/src/conf_mode/system-display.py deleted file mode 100755 index 3eafc30c0..000000000 --- a/src/conf_mode/system-display.py +++ /dev/null @@ -1,98 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2020 Francois Mertz fireboxled at gmail.com -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -import os - -from sys import exit - -from vyos.config import Config -from vyos import ConfigError -from vyos.util import run -from vyos.template import render - -from vyos import airbag -airbag.enable() - -def get_config(): - conf = Config() - base = ['system', 'display'] - display = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) - # Return a (possibly empty) configuration dictionary - return display - -def verify(config_dict): - if not config_dict: - return None - - if 'model' not in config_dict: - raise ConfigError('Display model is [REQUIRED]') - - if ( 'show' not in config_dict - or ( 'clock' not in config_dict['show'] - and 'network' not in config_dict['show'] - and 'host' not in config_dict['show'] - ) - ): - raise ConfigError('Display show must have a clock, host or network') - - if ( 'network' in config_dict['show'] - and 'interface' not in config_dict['show']['network'] - ): - raise ConfigError('Display show network must have an interface') - - if ( 'network' in config_dict['show'] - and 'interface' in config_dict['show']['network'] - and len(config_dict['show']['network']['interface']) > 3 - ): - raise ConfigError('Display show network cannot have > 3 interfaces') - - return None - -def generate(config_dict): - if not config_dict: - return None - # Render config file for daemon LCDd - render('/run/LCDd/LCDd.lo.conf', 'system-display/LCDd.conf.tmpl', config_dict) - # Render config file for client lcdproc - render('/run/lcdproc/lcdproc.lo.conf', 'system-display/lcdproc.conf.tmpl', config_dict) - - return None - -def apply(config_dict): - # Stop client - run('systemctl stop lcdproc@lo.service') - - if not config_dict or 'disabled' in config_dict: - # Stop server - run('systemctl stop LCDd@lo.service') - return None - - # Restart server - run('systemctl restart LCDd@lo.service') - # Start client - run('systemctl start lcdproc@lo.service') - - return None - -if __name__ == '__main__': - try: - config_dict = get_config() - verify(config_dict) - generate(config_dict) - apply(config_dict) - except ConfigError as e: - print(e) - exit(1) diff --git a/src/conf_mode/system_lcd.py b/src/conf_mode/system_lcd.py new file mode 100755 index 000000000..0ad1318f0 --- /dev/null +++ b/src/conf_mode/system_lcd.py @@ -0,0 +1,84 @@ +#!/usr/bin/env python3 +# +# Copyright 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import os + +from sys import exit + +from vyos.config import Config +from vyos.util import call +from vyos.util import find_device_file +from vyos.template import render +from vyos import ConfigError +from vyos import airbag +airbag.enable() + +lcdd_conf = '/run/LCDd/LCDd.conf' +lcdproc_conf = '/run/lcdproc/lcdproc.conf' + +def get_config(): + conf = Config() + base = ['system', 'lcd'] + lcd = conf.get_config_dict(base, key_mangling=('-', '_'), + get_first_key=True) + # Return (possibly empty) dictionary + return lcd + +def verify(lcd): + if not lcd: + return None + + if not {'device', 'model'} <= set(lcd): + raise ConfigError('Both device and driver must be set!') + + return None + +def generate(lcd): + if not lcd: + return None + + if 'device' in lcd: + lcd['device'] = find_device_file(lcd['device']) + + # Render config file for daemon LCDd + render(lcdd_conf, 'lcd/LCDd.conf.tmpl', lcd, trim_blocks=True) + # Render config file for client lcdproc + render(lcdproc_conf, 'lcd/lcdproc.conf.tmpl', lcd, trim_blocks=True) + + return None + +def apply(lcd): + if not lcd: + call('systemctl stop lcdproc.service LCDd.service') + + for file in [lcdd_conf, lcdproc_conf]: + if os.path.exists(file): + os.remove(file) + else: + # Restart server + call('systemctl restart LCDd.service lcdproc.service') + + return None + +if __name__ == '__main__': + try: + config_dict = get_config() + verify(config_dict) + generate(config_dict) + apply(config_dict) + except ConfigError as e: + print(e) + exit(1) diff --git a/src/etc/systemd/system/LCDd.service.d/override.conf b/src/etc/systemd/system/LCDd.service.d/override.conf new file mode 100644 index 000000000..5f3f0dc95 --- /dev/null +++ b/src/etc/systemd/system/LCDd.service.d/override.conf @@ -0,0 +1,8 @@ +[Unit] +After= +After=vyos-router.service + +[Service] +ExecStart= +ExecStart=/usr/sbin/LCDd -c /run/LCDd/LCDd.conf + diff --git a/src/etc/systemd/system/hostapd@.service.d/override.conf b/src/etc/systemd/system/hostapd@.service.d/override.conf index bb8e81d7a..b03dbc299 100644 --- a/src/etc/systemd/system/hostapd@.service.d/override.conf +++ b/src/etc/systemd/system/hostapd@.service.d/override.conf @@ -3,8 +3,7 @@ After= After=vyos-router.service [Service] -WorkingDirectory=/run/hostapd -EnvironmentFile= +WorkingDirectory=/run/LCDd ExecStart= -ExecStart=/usr/sbin/hostapd -B -P /run/hostapd/%i.pid /run/hostapd/%i.conf -PIDFile=/run/hostapd/%i.pid +ExecStart=/usr/sbin/LCDd -s 1 -f -c /run/LCDd/LCDd.conf + diff --git a/src/systemd/LCDd@.service b/src/systemd/LCDd@.service deleted file mode 100644 index a4604cf21..000000000 --- a/src/systemd/LCDd@.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=LCD display daemon on %I -Documentation=man:LCDd(8) http://www.lcdproc.org/ - -[Service] -User=root -ExecStart=/usr/sbin/LCDd -s 1 -f -c /run/LCDd/LCDd.%I.conf - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/src/systemd/lcdproc.service b/src/systemd/lcdproc.service new file mode 100644 index 000000000..5aa99ec78 --- /dev/null +++ b/src/systemd/lcdproc.service @@ -0,0 +1,13 @@ +[Unit] +Description=LCDproc system status information viewer on %I +Documentation=man:lcdproc(8) http://www.lcdproc.org/ +After=vyos-router.service +After=LCDd.service + +[Service] +User=root +ExecStart=/usr/bin/lcdproc -f -c /run/lcdproc/lcdproc.conf +PIDFile=/run/lcdproc/lcdproc.pid + +[Install] +WantedBy=multi-user.target diff --git a/src/systemd/lcdproc@.service b/src/systemd/lcdproc@.service deleted file mode 100644 index 9a1723dba..000000000 --- a/src/systemd/lcdproc@.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=LCDproc system status information viewer on %I -Documentation=man:lcdproc(8) http://www.lcdproc.org/ - -[Service] -User=root -ExecStart=/usr/bin/lcdproc -f -c /run/lcdproc/lcdproc.%I.conf - -[Install] -WantedBy=multi-user.target \ No newline at end of file -- cgit v1.2.3 From b1675e420479cd6b582c66c0902d6e326340658f Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 18 Aug 2020 16:40:51 +0200 Subject: lcd: T2564: add support for Lanner, Watchguard, Symantec boxes --- data/templates/lcd/LCDd.conf.tmpl | 12 ++++++++++-- interface-definitions/system-lcd.xml.in | 16 ++++++++++------ src/conf_mode/system_lcd.py | 4 ++++ src/systemd/lcdproc.service | 4 ++-- 4 files changed, 26 insertions(+), 10 deletions(-) (limited to 'data') diff --git a/data/templates/lcd/LCDd.conf.tmpl b/data/templates/lcd/LCDd.conf.tmpl index da749d04a..bde177b6a 100644 --- a/data/templates/lcd/LCDd.conf.tmpl +++ b/data/templates/lcd/LCDd.conf.tmpl @@ -48,8 +48,12 @@ DriverPath=/usr/lib/x86_64-linux-gnu/lcdproc/ # sed1520, serialPOS, serialVFD, shuttleVFD, sli, stv5730, svga, t6963, # text, tyan, ula200, vlsys_m428, xosd, yard2LCD -{% if model is defined and model.startswith('CFA-') %} +{% if model is defined %} +{% if model.startswith('cfa-') %} Driver=CFontzPacket +{% elif model == 'sdec' %} +Driver=sdeclcd +{% endif %} {% endif %} # Tells the driver to bind to the given interface. [default: 127.0.0.1] @@ -112,7 +116,7 @@ Heartbeat=off TitleSpeed=10 {% if model is defined and model is not none %} -{% if model.startswith('CFA-') %} +{% if model.startswith('cfa-') %} ## CrystalFontz packet driver (for CFA533, CFA631, CFA633 & CFA635) ## [CFontzPacket] Model={{ model.split('-')[1] }} @@ -122,5 +126,9 @@ Brightness=500 OffBrightness=50 Reboot=yes USB=yes +{% elif model == 'sdec' %} +## SDEC driver for Lanner, Watchguard, Sophos sppliances ## +[sdeclcd] +# No options {% endif %} {% endif %} diff --git a/interface-definitions/system-lcd.xml.in b/interface-definitions/system-lcd.xml.in index ad59acb6b..36116ae1b 100644 --- a/interface-definitions/system-lcd.xml.in +++ b/interface-definitions/system-lcd.xml.in @@ -12,26 +12,30 @@ Model of the display attached to this system [REQUIRED] - CFA-533 CFA-631 CFA-633 CFA-635 + cfa-533 cfa-631 cfa-633 cfa-635 sdec - CFA-533 + cfa-533 Crystalfontz CFA-533 - CFA-631 + cfa-631 Crystalfontz CFA-631 - CFA-633 + cfa-633 Crystalfontz CFA-633 - CFA-635 + cfa-635 Crystalfontz CFA-635 + + sdec + Lanner, Watchguard, Nexcom NSA, Sophos UTM appliances + - ^(CFA-533|CFA-631|CFA-633|CFA-635)$ + ^(cfa-533|cfa-631|cfa-633|cfa-635|sdec)$ diff --git a/src/conf_mode/system_lcd.py b/src/conf_mode/system_lcd.py index 0ad1318f0..31a09252d 100755 --- a/src/conf_mode/system_lcd.py +++ b/src/conf_mode/system_lcd.py @@ -41,6 +41,10 @@ def verify(lcd): if not lcd: return None + if 'model' in lcd and lcd['model'] in ['sdec']: + # This is a fixed LCD display, no device needed - bail out early + return None + if not {'device', 'model'} <= set(lcd): raise ConfigError('Both device and driver must be set!') diff --git a/src/systemd/lcdproc.service b/src/systemd/lcdproc.service index 5aa99ec78..ef717667a 100644 --- a/src/systemd/lcdproc.service +++ b/src/systemd/lcdproc.service @@ -1,8 +1,8 @@ [Unit] Description=LCDproc system status information viewer on %I Documentation=man:lcdproc(8) http://www.lcdproc.org/ -After=vyos-router.service -After=LCDd.service +After=vyos-router.service LCDd.service +Requires=LCDd.service [Service] User=root -- cgit v1.2.3 From 3282250a9a7c7a1df5c32e76fdc0024fd1ce9d9f Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 18 Aug 2020 17:36:08 +0200 Subject: dhcpv6: T2510: fix missing id-assoc for non temporary address --- data/templates/dhcp-client/ipv6.tmpl | 42 ++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 23 deletions(-) (limited to 'data') diff --git a/data/templates/dhcp-client/ipv6.tmpl b/data/templates/dhcp-client/ipv6.tmpl index 5c0cea280..9673f302b 100644 --- a/data/templates/dhcp-client/ipv6.tmpl +++ b/data/templates/dhcp-client/ipv6.tmpl @@ -4,45 +4,41 @@ interface {{ ifname }} { request domain-name-servers; request domain-name; -{% if dhcpv6_options is defined %} -{% if dhcpv6_options.parameters_only is defined %} +{% if dhcpv6_options is defined and dhcpv6_options.parameters_only is defined %} information-only; -{% endif %} -{% if dhcpv6_options.temporary is not defined %} +{% endif %} +{% if dhcpv6_options is not defined or dhcpv6_options.temporary is not defined %} send ia-na 1; # non-temporary address -{% endif %} -{% if dhcpv6_options.prefix_delegation is defined %} +{% endif %} +{% if dhcpv6_options is defined and dhcpv6_options.prefix_delegation is defined %} send ia-pd 2; # prefix delegation -{% endif %} -{% endif %} +{% endif %} }; -{% if dhcpv6_options is defined %} -{% if dhcpv6_options.temporary is not defined %} +{% if dhcpv6_options is not defined or dhcpv6_options.temporary is not defined %} id-assoc na 1 { # Identity association NA }; -{% endif %} +{% endif %} -{% if dhcpv6_options.prefix_delegation is defined %} +{% if dhcpv6_options is defined and dhcpv6_options.prefix_delegation is defined %} id-assoc pd 2 { -{% if dhcpv6_options.prefix_delegation.length is defined %} +{% if dhcpv6_options.prefix_delegation.length is defined %} prefix ::/{{ dhcpv6_options.prefix_delegation.length }} infinity; -{% endif %} -{% for interface in dhcpv6_options.prefix_delegation.interface %} +{% endif %} +{% for interface in dhcpv6_options.prefix_delegation.interface %} prefix-interface {{ interface }} { -{% if dhcpv6_options.prefix_delegation.interface[interface].sla_id is defined %} +{% if dhcpv6_options.prefix_delegation.interface[interface].sla_id is defined %} sla-id {{ dhcpv6_options.prefix_delegation.interface[interface].sla_id }}; -{% endif %} -{% if dhcpv6_options.prefix_delegation.interface[interface].sla_len is defined %} +{% endif %} +{% if dhcpv6_options.prefix_delegation.interface[interface].sla_len is defined %} sla-len {{ dhcpv6_options.prefix_delegation.interface[interface].sla_len }}; -{% endif %} -{% if dhcpv6_options.prefix_delegation.interface[interface].address is defined %} +{% endif %} +{% if dhcpv6_options.prefix_delegation.interface[interface].address is defined %} ifid {{ dhcpv6_options.prefix_delegation.interface[interface].address }}; -{% endif %} +{% endif %} }; -{% endfor %} +{% endfor %} }; -{% endif %} {% endif %} -- cgit v1.2.3 From 865cba395223afaa263ff7581fb53ee509f36266 Mon Sep 17 00:00:00 2001 From: Eshenko Dmitriy Date: Wed, 19 Aug 2020 00:37:00 +0300 Subject: anyconnect: T2036: add anyconnect VPN support --- data/templates/ocserv/ocserv_config.tmpl | 82 +++++++ data/templates/ocserv/ocserv_passwd.tmpl | 6 + data/templates/ocserv/radius_conf.tmpl | 22 ++ data/templates/ocserv/radius_servers.tmpl | 7 + debian/control | 1 + interface-definitions/vpn_anyconnect.xml.in | 258 +++++++++++++++++++++ op-mode-definitions/anyconnect.xml | 20 ++ src/conf_mode/vpn_anyconnect.py | 132 +++++++++++ .../systemd/system/ocserv.service.d/override.conf | 14 ++ src/op_mode/anyconnect-control.py | 67 ++++++ 10 files changed, 609 insertions(+) create mode 100644 data/templates/ocserv/ocserv_config.tmpl create mode 100644 data/templates/ocserv/ocserv_passwd.tmpl create mode 100644 data/templates/ocserv/radius_conf.tmpl create mode 100644 data/templates/ocserv/radius_servers.tmpl create mode 100644 interface-definitions/vpn_anyconnect.xml.in create mode 100644 op-mode-definitions/anyconnect.xml create mode 100755 src/conf_mode/vpn_anyconnect.py create mode 100644 src/etc/systemd/system/ocserv.service.d/override.conf create mode 100755 src/op_mode/anyconnect-control.py (limited to 'data') diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.tmpl new file mode 100644 index 000000000..6aaeff693 --- /dev/null +++ b/data/templates/ocserv/ocserv_config.tmpl @@ -0,0 +1,82 @@ +### generated by vpn_anyconnect.py ### + +tcp-port = {{ listen_ports.tcp }} +udp-port = {{ listen_ports.udp }} + +run-as-user = nobody +run-as-group = daemon + +{% if "radius" in authentication.mode %} +auth = "radius [config=/run/ocserv/radiusclient.conf]" +{% else %} +auth = "plain[/run/ocserv/ocpasswd]" +{% endif %} + +{% if ssl.cert_file %} +server-cert = {{ ssl.cert_file }} +{% endif %} + +{% if ssl.key_file %} +server-key = {{ ssl.key_file }} +{% endif %} + +{% if ssl.ca_cert_file %} +ca-cert = {{ ssl.ca_cert_file }} +{% endif %} + +socket-file = /run/ocserv/ocserv.socket +occtl-socket-file = /run/ocserv/occtl.socket +use-occtl = true +isolate-workers = true +keepalive = 300 +dpd = 60 +mobile-dpd = 300 +switch-to-tcp-timeout = 30 +tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128" +auth-timeout = 240 +idle-timeout = 1200 +mobile-idle-timeout = 1800 +min-reauth-time = 3 +cookie-timeout = 300 +rekey-method = ssl +try-mtu-discovery = true +cisco-client-compat = true +dtls-legacy = true + + +# The name to use for the tun device +device = sslvpn + +# An alternative way of specifying the network: +{% if network_settings %} +# DNS settings +{% if network_settings.name_server is string %} +dns = {{ network_settings.name_server }} +{% else %} +{% for dns in network_settings.name_server %} +dns = {{ dns }} +{% endfor %} +{% endif %} +# IPv4 network pool +{% if network_settings.client_ip_settings %} +{% if network_settings.client_ip_settings.subnet %} +ipv4-network = {{ network_settings.client_ip_settings.subnet }} +{% endif %} +{% endif %} +# IPv6 network pool +{% if network_settings.client_ipv6_pool %} +{% if network_settings.client_ipv6_pool.prefix %} +ipv6-network = {{ network_settings.client_ipv6_pool.prefix }} +ipv6-subnet-prefix = {{ network_settings.client_ipv6_pool.mask }} +{% endif %} +{% endif %} +{% endif %} + +{% if network_settings.push_route is string %} +route = {{ network_settings.push_route }} +{% else %} +{% for route in network_settings.push_route %} +route = {{ route }} +{% endfor %} +{% endif %} + diff --git a/data/templates/ocserv/ocserv_passwd.tmpl b/data/templates/ocserv/ocserv_passwd.tmpl new file mode 100644 index 000000000..ffadb4860 --- /dev/null +++ b/data/templates/ocserv/ocserv_passwd.tmpl @@ -0,0 +1,6 @@ +#:: +{% for user in username if username is defined %} +{% if not "disable" in username[user] %} +{{ user }}:*:{{ username[user].hash }} +{% endif %} +{% endfor %} \ No newline at end of file diff --git a/data/templates/ocserv/radius_conf.tmpl b/data/templates/ocserv/radius_conf.tmpl new file mode 100644 index 000000000..2d19306a0 --- /dev/null +++ b/data/templates/ocserv/radius_conf.tmpl @@ -0,0 +1,22 @@ +### generated by cpn_anyconnect.py ### +nas-identifier VyOS +{% for srv in server %} +{% if not "disable" in server[srv] %} +{% if "port" in server[srv] %} +authserver {{ srv }}:{{server[srv]["port"]}} +{% else %} +authserver {{ srv }} +{% endif %} +{% endif %} +{% endfor %} +radius_timeout {{ timeout }} +{% if source_address %} +bindaddr {{ source_address }} +{% else %} +bindaddr * +{% endif %} +servers /run/ocserv/radius_servers +dictionary /etc/radcli/dictionary +default_realm +radius_retries 3 +# \ No newline at end of file diff --git a/data/templates/ocserv/radius_servers.tmpl b/data/templates/ocserv/radius_servers.tmpl new file mode 100644 index 000000000..ba21fa074 --- /dev/null +++ b/data/templates/ocserv/radius_servers.tmpl @@ -0,0 +1,7 @@ +### generated by cpn_anyconnect.py ### +# server key +{% for srv in server %} +{% if not "disable" in server[srv] %} +{{ srv }} {{ server[srv].key }} +{% endif %} +{% endfor %} diff --git a/debian/control b/debian/control index 34ba4be8e..520401d57 100644 --- a/debian/control +++ b/debian/control @@ -107,6 +107,7 @@ Depends: python3, libatomic1, fastnetmon, libndp-tools, + ocserv, tcptraceroute Description: VyOS configuration scripts and data VyOS configuration scripts, interface definitions, and everything diff --git a/interface-definitions/vpn_anyconnect.xml.in b/interface-definitions/vpn_anyconnect.xml.in new file mode 100644 index 000000000..e74326986 --- /dev/null +++ b/interface-definitions/vpn_anyconnect.xml.in @@ -0,0 +1,258 @@ + + + + + + + SSL VPN AnyConnect + 901 + + + + + Authentication for remote access SSL VPN Server + + + + + Authentication mode used by this server + + local + Use local username/password configuration + + + radius + Use RADIUS server for user autentication + + + (local|radius) + + + local radius + + + + + + Local user authentication for SSL VPN server + + + + + User name for authentication + + + + + Option to disable a SSL VPN Server user + + + + + + Password for authentication + + + + + + + #include + + + + + Session timeout + + 1-30 + Session timeout in seconds (default: 2) + + + + + Timeout must be between 1 and 30 seconds + + 2 + + + + + + + + SSL Certificate, SSL Key and CA (/config/auth) + + + + + tcp port number to accept connections (default: 443) + + 1-65535 + Numeric IP port (default: 443) + + + + + + 443 + + + + udp port number to accept connections (default: 443) + + 1-65535 + Numeric IP port (default: 443) + + + + + + 443 + + + + + + SSL Certificate, SSL Key and CA (/config/auth) + + + + + Certificate Authority certificate + + + + + file + File in /config/auth directory + + + + + + + + + Server Certificate + + file + File in /config/auth directory + + + + + + + + + Privat Key of the Server Certificate + + file + File in /config/auth directory + + + + + + + + + + + Network settings + + + + + Route to be pushed to the client + + ipv4net + IPv4 network and prefix length + + + ipv6net + IPv6 network and prefix length + + + + + + + + + + Client IP pools settings + + + + + Client IP subnet (CIDR notation) + + ipv4net + IPv4 address and prefix length + + + + + Not a valid CIDR formatted prefix + + + + + + + Pool of client IPv6 addresses + + + + + Pool of addresses used to assign to clients + + ipv6net + IPv6 address and prefix length + + + + + + + + + Prefix length used for individual client + + <48-128> + Client prefix length (default: 64) + + + + + + 64 + + + + + + Domain Name Server (DNS) propagated to client + + ipv4 + Domain Name Server (DNS) IPv4 address + + + ipv6 + Domain Name Server (DNS) IPv6 address + + + + + + + + + + + + + + + diff --git a/op-mode-definitions/anyconnect.xml b/op-mode-definitions/anyconnect.xml new file mode 100644 index 000000000..7e8cdd35b --- /dev/null +++ b/op-mode-definitions/anyconnect.xml @@ -0,0 +1,20 @@ + + + + + + + show anyconnect-server information + + + + + Show active anyconnect server sessions + + ${vyos_op_scripts_dir}/anyconnect-control.py --action="show_sessions" + + + + + + diff --git a/src/conf_mode/vpn_anyconnect.py b/src/conf_mode/vpn_anyconnect.py new file mode 100755 index 000000000..45c06bffa --- /dev/null +++ b/src/conf_mode/vpn_anyconnect.py @@ -0,0 +1,132 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018-2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import os +from sys import exit + +from vyos.config import Config +from vyos.configdict import dict_merge +from vyos.xml import defaults +from vyos.template import render +from vyos.util import call +from vyos import ConfigError +from crypt import crypt, mksalt, METHOD_SHA512 + +from vyos import airbag +airbag.enable() + +cfg_dir = '/run/ocserv' +ocserv_conf = cfg_dir + '/ocserv.conf' +ocserv_passwd = cfg_dir + '/ocpasswd' +radius_cfg = cfg_dir + '/radiusclient.conf' +radius_servers = cfg_dir + '/radius_servers' + + +# Generate hash from user cleartext password +def get_hash(password): + return crypt(password, mksalt(METHOD_SHA512)) + + +def get_config(): + conf = Config() + base = ['vpn', 'anyconnect'] + ocserv = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) + default_values = defaults(base) + ocserv = dict_merge(default_values, ocserv) + return ocserv + + +def verify(ocserv): + if ocserv is None: + return None + + # Check authentication + if "authentication" in ocserv: + if "mode" in ocserv["authentication"]: + if "local" in ocserv["authentication"]["mode"]: + if not ocserv["authentication"]["local_users"] or not ocserv["authentication"]["local_users"]["username"]: + raise ConfigError('Anyconect mode local required at leat one user') + else: + for user in ocserv["authentication"]["local_users"]["username"]: + if not "password" in ocserv["authentication"]["local_users"]["username"][user]: + raise ConfigError(f'password required for user {user}') + else: + raise ConfigError('anyconnect authentication mode required') + else: + raise ConfigError('anyconnect authentication credentials required') + + # Check ssl + if "ssl" in ocserv: + req_cert = ['ca_cert_file', 'cert_file', 'key_file'] + for cert in req_cert: + if not cert in ocserv["ssl"]: + raise ConfigError('anyconnect ssl {0} required'.format(cert.replace('_', '-'))) + else: + raise ConfigError('anyconnect ssl required') + + # Check network settings + if "network_settings" in ocserv: + if "push_route" in ocserv["network_settings"]: + # Replace default route + if "0.0.0.0/0" in ocserv["network_settings"]["push_route"]: + ocserv["network_settings"]["push_route"].remove("0.0.0.0/0") + ocserv["network_settings"]["push_route"].append("default") + else: + ocserv["network_settings"]["push_route"] = "default" + else: + raise ConfigError('anyconnect network settings required') + + +def generate(ocserv): + if not ocserv: + return None + + if "radius" in ocserv["authentication"]["mode"]: + # Render radius client configuration + render(radius_cfg, 'ocserv/radius_conf.tmpl', ocserv["authentication"]["radius"], trim_blocks=True) + # Render radius servers + render(radius_servers, 'ocserv/radius_servers.tmpl', ocserv["authentication"]["radius"], trim_blocks=True) + else: + if "local_users" in ocserv["authentication"]: + for user in ocserv["authentication"]["local_users"]["username"]: + ocserv["authentication"]["local_users"]["username"][user]["hash"] = get_hash(ocserv["authentication"]["local_users"]["username"][user]["password"]) + # Render local users + render(ocserv_passwd, 'ocserv/ocserv_passwd.tmpl', ocserv["authentication"]["local_users"], trim_blocks=True) + + # Render config + render(ocserv_conf, 'ocserv/ocserv_config.tmpl', ocserv, trim_blocks=True) + + + +def apply(ocserv): + if not ocserv: + call('systemctl stop ocserv.service') + for file in [ocserv_conf, ocserv_passwd]: + if os.path.exists(file): + os.unlink(file) + else: + call('systemctl restart ocserv.service') + + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) diff --git a/src/etc/systemd/system/ocserv.service.d/override.conf b/src/etc/systemd/system/ocserv.service.d/override.conf new file mode 100644 index 000000000..89dbb153f --- /dev/null +++ b/src/etc/systemd/system/ocserv.service.d/override.conf @@ -0,0 +1,14 @@ +[Unit] +RequiresMountsFor=/run +ConditionPathExists=/run/ocserv/ocserv.conf +After= +After=vyos-router.service +After=dbus.service + +[Service] +WorkingDirectory=/run/ocserv +PIDFile= +PIDFile=/run/ocserv/ocserv.pid +ExecStart= +ExecStart=/usr/sbin/ocserv --foreground --pid-file /run/ocserv/ocserv.pid --config /run/ocserv/ocserv.conf + diff --git a/src/op_mode/anyconnect-control.py b/src/op_mode/anyconnect-control.py new file mode 100755 index 000000000..6382016b7 --- /dev/null +++ b/src/op_mode/anyconnect-control.py @@ -0,0 +1,67 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import sys +import argparse +import json + +from vyos.config import Config +from vyos.util import popen, run, DEVNULL +from tabulate import tabulate + +occtl = '/usr/bin/occtl' +occtl_socket = '/run/ocserv/occtl.socket' + +def show_sessions(): + out, code = popen("sudo {0} -j -s {1} show users".format(occtl, occtl_socket),stderr=DEVNULL) + if code: + sys.exit('Cannot get anyconnect users information') + else: + headers = ["interface", "username", "ip", "remote IP", "RX", "TX", "state", "uptime"] + sessions = json.loads(out) + ses_list = [] + for ses in sessions: + ses_list.append([ses["Device"], ses["Username"], ses["IPv4"], ses["Remote IP"], ses["_RX"], ses["_TX"], ses["State"], ses["_Connected at"]]) + if len(ses_list) > 0: + print(tabulate(ses_list, headers)) + else: + print("No active anyconnect sessions") + +def is_ocserv_configured(): + if not Config().exists_effective('vpn anyconnect'): + print("vpn anyconnect server is not configured") + sys.exit(1) + +def main(): + #parese args + parser = argparse.ArgumentParser() + parser.add_argument('--action', help='Control action', required=True) + parser.add_argument('--selector', help='Selector username|ifname|sid', required=False) + parser.add_argument('--target', help='Target must contain username|ifname|sid', required=False) + args = parser.parse_args() + + + # Check is IPoE configured + is_ocserv_configured() + + if args.action == "restart": + run("systemctl restart ocserv") + sys.exit(0) + elif args.action == "show_sessions": + show_sessions() + +if __name__ == '__main__': + main() -- cgit v1.2.3 From 93c3a4a4f05014914dd2e9353ddd676e20bced1a Mon Sep 17 00:00:00 2001 From: sever-sever Date: Wed, 19 Aug 2020 17:07:14 +0000 Subject: mpls-ldp: T915: Add discovery hello timers --- data/templates/frr/ldpd.frr.tmpl | 12 ++++++++++++ interface-definitions/protocols-mpls.xml.in | 26 +++++++++++++++++++++++++- src/conf_mode/protocols_mpls.py | 24 +++++++++++++++++++++--- 3 files changed, 58 insertions(+), 4 deletions(-) (limited to 'data') diff --git a/data/templates/frr/ldpd.frr.tmpl b/data/templates/frr/ldpd.frr.tmpl index bbff88ae5..dbaa917e8 100644 --- a/data/templates/frr/ldpd.frr.tmpl +++ b/data/templates/frr/ldpd.frr.tmpl @@ -21,6 +21,18 @@ no discovery transport-address {{ old_ldp.d_transp_ipv4 }} {% if ldp.d_transp_ipv4 -%} discovery transport-address {{ ldp.d_transp_ipv4 }} {% endif -%} +{% if old_ldp.hello_holdtime -%} +no discovery hello holdtime {{ old_ldp.hello_holdtime }} +{% endif -%} +{% if ldp.hello_holdtime -%} +discovery hello holdtime {{ ldp.hello_holdtime }} +{% endif -%} +{% if old_ldp.hello_interval -%} +no discovery hello interval {{ old_ldp.hello_interval }} +{% endif -%} +{% if ldp.hello_interval -%} +discovery hello interval {{ ldp.hello_interval }} +{% endif -%} {% for interface in old_ldp.interfaces -%} no interface {{interface}} {% endfor -%} diff --git a/interface-definitions/protocols-mpls.xml.in b/interface-definitions/protocols-mpls.xml.in index 376323855..3e9edbf72 100644 --- a/interface-definitions/protocols-mpls.xml.in +++ b/interface-definitions/protocols-mpls.xml.in @@ -54,6 +54,30 @@ + + + Hello holdtime + + 1-65535 + Time in seconds + + + + + + + + + Hello interval + + 1-65535 + Time in seconds + + + + + + Transport ipv4 address @@ -95,4 +119,4 @@ - \ No newline at end of file + diff --git a/src/conf_mode/protocols_mpls.py b/src/conf_mode/protocols_mpls.py index 72208ffa1..bcb16fa04 100755 --- a/src/conf_mode/protocols_mpls.py +++ b/src/conf_mode/protocols_mpls.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019 VyOS maintainers and contributors +# Copyright (C) 2019-2020 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -38,13 +38,17 @@ def get_config(): 'interfaces' : [], 'neighbors' : {}, 'd_transp_ipv4' : None, - 'd_transp_ipv6' : None + 'd_transp_ipv6' : None, + 'hello_holdtime' : None, + 'hello_interval' : None }, 'ldp' : { 'interfaces' : [], 'neighbors' : {}, 'd_transp_ipv4' : None, - 'd_transp_ipv6' : None + 'd_transp_ipv6' : None, + 'hello_holdtime' : None, + 'hello_interval' : None } } if not (conf.exists('protocols mpls') or conf.exists_effective('protocols mpls')): @@ -61,6 +65,20 @@ def get_config(): if conf.exists('router-id'): mpls_conf['router_id'] = conf.return_value('router-id') + # Get hello holdtime + if conf.exists_effective('discovery hello-holdtime'): + mpls_conf['old_ldp']['hello_holdtime'] = conf.return_effective_value('discovery hello-holdtime') + + if conf.exists('discovery hello-holdtime'): + mpls_conf['ldp']['hello_holdtime'] = conf.return_value('discovery hello-holdtime') + + # Get hello interval + if conf.exists_effective('discovery hello-interval'): + mpls_conf['old_ldp']['hello_interval'] = conf.return_effective_value('discovery hello-interval') + + if conf.exists('discovery hello-interval'): + mpls_conf['ldp']['hello_interval'] = conf.return_value('discovery hello-interval') + # Get discovery transport-ipv4-address if conf.exists_effective('discovery transport-ipv4-address'): mpls_conf['old_ldp']['d_transp_ipv4'] = conf.return_effective_value('discovery transport-ipv4-address') -- cgit v1.2.3 From 41c847593551496770c4d08e09e32af638a30f40 Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Wed, 19 Aug 2020 23:16:35 -0500 Subject: https: T2815: adjust for change in certbot config directory --- data/templates/https/nginx.default.tmpl | 8 ++++---- src/conf_mode/https.py | 4 +++- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'data') diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl index f4f2c1848..aaa652e09 100644 --- a/data/templates/https/nginx.default.tmpl +++ b/data/templates/https/nginx.default.tmpl @@ -25,10 +25,10 @@ server { {% endfor %} {% if server.certbot %} - ssl_certificate /etc/letsencrypt/live/{{ server.certbot_dir }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ server.certbot_dir }}/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + ssl_certificate {{ server.certbot_dir }}/live/{{ server.certbot_domain_dir }}/fullchain.pem; + ssl_certificate_key {{ server.certbot_dir }}/live/{{ server.certbot_domain_dir }}/privkey.pem; + include {{ server.certbot_dir }}/options-ssl-nginx.conf; + ssl_dhparam {{ server.certbot_dir }}/ssl-dhparams.pem; {% elif server.vyos_cert %} include {{ server.vyos_cert.conf }}; {% else %} diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index 7acb629bd..3dae0fddb 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -31,6 +31,7 @@ from vyos import airbag airbag.enable() config_file = '/etc/nginx/sites-available/default' +certbot_dir = vyos.defaults.directories['certbot'] default_server_block = { 'id' : '', @@ -86,8 +87,9 @@ def get_config(): if sub_list: for sb in sub_list: sb['certbot'] = True + sb['certbot_dir'] = certbot_dir # certbot organizes certificates by first domain - sb['certbot_dir'] = certbot_domains[0] + sb['certbot_domain_dir'] = certbot_domains[0] api_somewhere = False api_data = {} -- cgit v1.2.3 From 98c2c5e0585e0806099a353de207f392223eff9a Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 22 Aug 2020 23:15:29 +0200 Subject: dhcpv6-pd: T2677: optimize CLI interface for PD configuration The current CLI did not support multiple prefix-delegations per interface. Some ISPs only send one /64 to a client per prefix-delegation request, but they allow the customer to request multiple prefixes. The 'dhcpv6-options prefix-delegation' node has been renamed and converted to a tag node named 'dhcpv6-options pd'. The tag node specifies a PD request (>=0). In the past the user needed to know what prefix will be assigned and required to calculate the sla-len by himself. The 'sla-len' node was dropped and is now calculated in the background from the 'dhcpv6-options pd 0 length' node. It is no longer mandatory to supply the 'sla-id' node, if sla-id is not specified it is 'guessed' by counting upwards. Example configuration: ---------------------- ethernet eth1 { address dhcpv6 dhcpv6-options { pd 0 { length 56 interface eth2 { address 1 } } } } This will request a /56 assignment from the ISP and will delegate a /64 network to interface eth2. VyOS will use the interface address ::1 on the delegate interface (eth2) as its local address. --- data/templates/dhcp-client/ipv6.tmpl | 48 +++++++++------- interface-definitions/include/dhcp-options.xml.i | 2 +- interface-definitions/include/dhcpv6-options.xml.i | 40 ++++++-------- python/vyos/configdict.py | 64 ++++++++++++++++++---- src/conf_mode/interfaces-pppoe.py | 4 +- src/migration-scripts/interfaces/11-to-12 | 58 ++++++++++++++++++++ 6 files changed, 157 insertions(+), 59 deletions(-) create mode 100755 src/migration-scripts/interfaces/11-to-12 (limited to 'data') diff --git a/data/templates/dhcp-client/ipv6.tmpl b/data/templates/dhcp-client/ipv6.tmpl index 9673f302b..e9285d86b 100644 --- a/data/templates/dhcp-client/ipv6.tmpl +++ b/data/templates/dhcp-client/ipv6.tmpl @@ -8,37 +8,43 @@ interface {{ ifname }} { information-only; {% endif %} {% if dhcpv6_options is not defined or dhcpv6_options.temporary is not defined %} - send ia-na 1; # non-temporary address + send ia-na 0; # non-temporary address {% endif %} -{% if dhcpv6_options is defined and dhcpv6_options.prefix_delegation is defined %} - send ia-pd 2; # prefix delegation +{% if dhcpv6_options is defined and dhcpv6_options.pd is defined %} +{% for pd in dhcpv6_options.pd %} + send ia-pd {{ pd }}; # prefix delegation #{{ pd }} +{% endfor %} {% endif %} }; {% if dhcpv6_options is not defined or dhcpv6_options.temporary is not defined %} -id-assoc na 1 { - # Identity association NA +id-assoc na 0 { + # Identity association for non temporary address }; {% endif %} -{% if dhcpv6_options is defined and dhcpv6_options.prefix_delegation is defined %} -id-assoc pd 2 { -{% if dhcpv6_options.prefix_delegation.length is defined %} - prefix ::/{{ dhcpv6_options.prefix_delegation.length }} infinity; -{% endif %} -{% for interface in dhcpv6_options.prefix_delegation.interface %} +{% if dhcpv6_options is defined and dhcpv6_options.pd is defined %} +{% for pd in dhcpv6_options.pd %} +id-assoc pd {{ pd }} { +{# length got a default value #} + prefix ::/{{ dhcpv6_options.pd[pd].length }} infinity; +{% set sla_len = 64 - dhcpv6_options.pd[pd].length|int %} +{% set count = namespace(value=0) %} +{% for interface in dhcpv6_options.pd[pd].interface if dhcpv6_options.pd[pd].interface is defined %} prefix-interface {{ interface }} { -{% if dhcpv6_options.prefix_delegation.interface[interface].sla_id is defined %} - sla-id {{ dhcpv6_options.prefix_delegation.interface[interface].sla_id }}; -{% endif %} -{% if dhcpv6_options.prefix_delegation.interface[interface].sla_len is defined %} - sla-len {{ dhcpv6_options.prefix_delegation.interface[interface].sla_len }}; -{% endif %} -{% if dhcpv6_options.prefix_delegation.interface[interface].address is defined %} - ifid {{ dhcpv6_options.prefix_delegation.interface[interface].address }}; -{% endif %} + sla-len {{ sla_len }}; +{% if dhcpv6_options.pd[pd].interface[interface].sla_id is defined and dhcpv6_options.pd[pd].interface[interface].sla_id is not none %} + sla-id {{ dhcpv6_options.pd[pd].interface[interface].sla_id }}; +{% else %} + sla-id {{ count.value }}; +{% endif %} +{% if dhcpv6_options.pd[pd].interface[interface].address is defined and dhcpv6_options.pd[pd].interface[interface].address is not none %} + ifid {{ dhcpv6_options.pd[pd].interface[interface].address }}; +{% endif %} }; -{% endfor %} +{% set count.value = count.value + 1 %} +{% endfor %} }; +{% endfor %} {% endif %} diff --git a/interface-definitions/include/dhcp-options.xml.i b/interface-definitions/include/dhcp-options.xml.i index 0f71d9321..9989291fc 100644 --- a/interface-definitions/include/dhcp-options.xml.i +++ b/interface-definitions/include/dhcp-options.xml.i @@ -1,6 +1,6 @@ - DHCP options + DHCP client settings/options diff --git a/interface-definitions/include/dhcpv6-options.xml.i b/interface-definitions/include/dhcpv6-options.xml.i index 98a87dba2..5d088b83d 100644 --- a/interface-definitions/include/dhcpv6-options.xml.i +++ b/interface-definitions/include/dhcpv6-options.xml.i @@ -1,11 +1,24 @@ - DHCPv6 options + DHCPv6 client settings/options - + + + Acquire only config parameters, no address + + + + - DHCPv6 Prefix Delegation Options + DHCPv6 prefix delegation interface statement + + instance number + Prefix delegation instance (>= 0) + + + + @@ -19,6 +32,7 @@ + 64 @@ -52,28 +66,10 @@ - - - Site-Level aggregator (SLA) length - - 0-128 - Length of delegated prefix - - - - - - - - - - Acquire only config parameters, no address - - - + IPv6 "temporary" address diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 010eda45c..c1e93955e 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -93,7 +93,7 @@ def dict_merge(source, destination): tmp = deepcopy(destination) for key, value in source.items(): - if key not in tmp.keys(): + if key not in tmp: tmp[key] = value elif isinstance(source[key], dict): tmp[key] = dict_merge(source[key], tmp[key]) @@ -109,15 +109,15 @@ def T2665_default_dict_cleanup(dict): """ Cleanup default keys for tag nodes https://phabricator.vyos.net/T2665. """ # Cleanup for vif in ['vif', 'vif_s']: - if vif in dict.keys(): - for key in ['ip', 'mtu']: - if key in dict[vif].keys(): + if vif in dict: + for key in ['ip', 'mtu', 'dhcpv6_options']: + if key in dict[vif]: del dict[vif][key] # cleanup VIF-S defaults - if 'vif_c' in dict[vif].keys(): - for key in ['ip', 'mtu']: - if key in dict[vif]['vif_c'].keys(): + if 'vif_c' in dict[vif]: + for key in ['ip', 'mtu', 'dhcpv6_options']: + if key in dict[vif]['vif_c']: del dict[vif]['vif_c'][key] # If there is no vif-c defined and we just cleaned the default # keys - we can clean the entire vif-c dict as it's useless @@ -129,6 +129,21 @@ def T2665_default_dict_cleanup(dict): if not dict[vif]: del dict[vif] + if 'dhcpv6_options' in dict and 'pd' in dict['dhcpv6_options']: + if 'length' in dict['dhcpv6_options']['pd']: + del dict['dhcpv6_options']['pd']['length'] + + # delete empty dicts + if 'dhcpv6_options' in dict: + if 'pd' in dict['dhcpv6_options']: + # test if 'pd' is an empty node so we can remove it + if not dict['dhcpv6_options']['pd']: + del dict['dhcpv6_options']['pd'] + + # test if 'dhcpv6_options' is an empty node so we can remove it + if not dict['dhcpv6_options']: + del dict['dhcpv6_options'] + return dict def leaf_node_changed(conf, path): @@ -193,6 +208,16 @@ def get_removed_vlans(conf, dict): return dict + +def dict_add_dhcpv6pd_defaults(defaults, config_dict): + # Implant default dictionary for DHCPv6-PD instances + if 'dhcpv6_options' in config_dict and 'pd' in config_dict['dhcpv6_options']: + for pd, pd_config in config_dict['dhcpv6_options']['pd'].items(): + config_dict['dhcpv6_options']['pd'][pd] = dict_merge( + defaults, pd_config) + + return config_dict + def get_interface_dict(config, base, ifname=''): """ Common utility function to retrieve and mandgle the interfaces available @@ -257,15 +282,30 @@ def get_interface_dict(config, base, ifname=''): # remove wrongly inserted values dict = T2665_default_dict_cleanup(dict) - # The values are identical for vif, vif-s and vif-c as the all include the same - # XML definitions which hold the defaults + # Implant default dictionary for DHCPv6-PD instances + default_pd_values = defaults(base + ['dhcpv6-options', 'pd']) + dict = dict_add_dhcpv6pd_defaults(default_pd_values, dict) + + # Implant default dictionary in vif/vif-s VLAN interfaces. Values are + # identical for all types of VLAN interfaces as they all include the same + # XML definitions which hold the defaults. default_vif_values = defaults(base + ['vif']) for vif, vif_config in dict.get('vif', {}).items(): - vif_config = dict_merge(default_vif_values, vif_config) + dict['vif'][vif] = dict_add_dhcpv6pd_defaults( + default_pd_values, vif_config) + dict['vif'][vif] = T2665_default_dict_cleanup( + dict_merge(default_vif_values, vif_config)) + for vif_s, vif_s_config in dict.get('vif_s', {}).items(): - vif_s_config = dict_merge(default_vif_values, vif_s_config) + dict['vif_s'][vif_s] = dict_add_dhcpv6pd_defaults( + default_pd_values, vif_s_config) + dict['vif_s'][vif_s] = T2665_default_dict_cleanup( + dict_merge(default_vif_values, vif_s_config)) for vif_c, vif_c_config in vif_s_config.get('vif_c', {}).items(): - vif_c_config = dict_merge(default_vif_values, vif_c_config) + dict['vif_s'][vif_s]['vif_c'][vif_c] = dict_add_dhcpv6pd_defaults( + default_pd_values, vif_c_config) + dict['vif_s'][vif_s]['vif_c'][vif_c] = T2665_default_dict_cleanup( + dict_merge(default_vif_values, vif_c_config)) # Check vif, vif-s/vif-c VLAN interfaces for removal dict = get_removed_vlans(config, dict) diff --git a/src/conf_mode/interfaces-pppoe.py b/src/conf_mode/interfaces-pppoe.py index 928113b49..901ea769c 100755 --- a/src/conf_mode/interfaces-pppoe.py +++ b/src/conf_mode/interfaces-pppoe.py @@ -15,7 +15,6 @@ # along with this program. If not, see . import os -import jmespath from sys import exit from copy import deepcopy @@ -104,8 +103,7 @@ def generate(pppoe): render(script_pppoe_ipv6_up, 'pppoe/ipv6-up.script.tmpl', pppoe, trim_blocks=True, permission=0o755) - tmp = jmespath.search('dhcpv6_options.prefix_delegation.interface', pppoe) - if tmp and len(tmp) > 0: + if 'dhcpv6_options' in pppoe and 'pd' in pppoe['dhcpv6_options']: # ipv6.tmpl relies on ifname - this should be made consitent in the # future better then double key-ing the same value render(config_wide_dhcp6c, 'dhcp-client/ipv6.tmpl', pppoe, trim_blocks=True) diff --git a/src/migration-scripts/interfaces/11-to-12 b/src/migration-scripts/interfaces/11-to-12 new file mode 100755 index 000000000..0dad24642 --- /dev/null +++ b/src/migration-scripts/interfaces/11-to-12 @@ -0,0 +1,58 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# - rename 'dhcpv6-options prefix-delegation' from single node to a new tag node +# 'dhcpv6-options pd 0' +# - delete 'sla-len' from CLI - value is calculated on demand + +from sys import exit, argv +from vyos.configtree import ConfigTree + +if __name__ == '__main__': + if (len(argv) < 1): + print("Must specify file name!") + exit(1) + + file_name = argv[1] + with open(file_name, 'r') as f: + config_file = f.read() + + config = ConfigTree(config_file) + + for type in config.list_nodes(['interfaces']): + for interface in config.list_nodes(['interfaces', type]): + # cache current config tree + base_path = ['interfaces', type, interface, 'dhcpv6-options'] + old_base = base_path + ['prefix-delegation'] + new_base = base_path + ['pd'] + if config.exists(old_base): + config.set(new_base) + config.set_tag(new_base) + config.copy(old_base, new_base + ['0']) + config.delete(old_base) + + for pd in config.list_nodes(new_base): + for tmp in config.list_nodes(new_base + [pd, 'interface']): + sla_config = new_base + [pd, 'interface', tmp, 'sla-len'] + if config.exists(sla_config): + config.delete(sla_config) + + try: + with open(file_name, 'w') as f: + f.write(config.to_string()) + except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1) -- cgit v1.2.3 From ec1cf7dd1508e4a84d99818c7e34d093242b3331 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 23 Aug 2020 00:04:09 +0200 Subject: dhcpv6-pd: T2821: support dhcpv6-pd without "address dhcpv6" Currently DHCPv6-PD requires an interface address configured to dhcpv6 on the CLI. This is not required also sometimes there is either no dhcpv6 interface addressing available (PPPoE) or wanted. This limitation was artificial due to the old interface code. Change the implementation to spawn the DHCPv6 client and request a prefix even when there is no address request configured. --- data/templates/dhcp-client/ipv6.tmpl | 12 ++++++++---- python/vyos/ifconfig/interface.py | 17 +++++++++++++---- 2 files changed, 21 insertions(+), 8 deletions(-) (limited to 'data') diff --git a/data/templates/dhcp-client/ipv6.tmpl b/data/templates/dhcp-client/ipv6.tmpl index e9285d86b..85841fe94 100644 --- a/data/templates/dhcp-client/ipv6.tmpl +++ b/data/templates/dhcp-client/ipv6.tmpl @@ -2,13 +2,15 @@ # man https://www.unix.com/man-page/debian/5/dhcp6c.conf/ interface {{ ifname }} { +{% if address is defined and 'dhcpv6' in address %} request domain-name-servers; request domain-name; -{% if dhcpv6_options is defined and dhcpv6_options.parameters_only is defined %} +{% if dhcpv6_options is defined and dhcpv6_options.parameters_only is defined %} information-only; -{% endif %} -{% if dhcpv6_options is not defined or dhcpv6_options.temporary is not defined %} +{% endif %} +{% if dhcpv6_options is not defined or dhcpv6_options.temporary is not defined %} send ia-na 0; # non-temporary address +{% endif %} {% endif %} {% if dhcpv6_options is defined and dhcpv6_options.pd is defined %} {% for pd in dhcpv6_options.pd %} @@ -17,10 +19,12 @@ interface {{ ifname }} { {% endif %} }; -{% if dhcpv6_options is not defined or dhcpv6_options.temporary is not defined %} +{% if address is defined and 'dhcpv6' in address %} +{% if dhcpv6_options is not defined or dhcpv6_options.temporary is not defined %} id-assoc na 0 { # Identity association for non temporary address }; +{% endif %} {% endif %} {% if dhcpv6_options is defined and dhcpv6_options.pd is defined %} diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 892495dec..537c4bc2d 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -901,10 +901,15 @@ class Interface(Control): if isinstance(new_addr, str): new_addr = [new_addr] - # ensure DHCP/DHCPv6 is stopped (when not configured explicitly) - for proto in ['dhcp', 'dhcpv6']: - if proto not in new_addr: - self.del_addr(proto) + # always ensure DHCP client is stopped (when not configured explicitly) + if 'dhcp' not in new_addr: + self.del_addr('dhcp') + + # always ensure DHCPv6 client is stopped (when not configured as client + # for IPv6 address or prefix delegation + dhcpv6pd = jmespath.search('dhcpv6_options.pd', config) + if 'dhcpv6' not in new_addr or dhcpv6pd == None: + self.del_addr('dhcpv6') # determine IP addresses which are assigned to the interface and build a # list of addresses which are no longer in the dict so they can be removed @@ -915,6 +920,10 @@ class Interface(Control): for addr in new_addr: self.add_addr(addr) + # start DHCPv6 client when only PD was configured + if dhcpv6pd != None: + self.set_dhcpv6(True) + # There are some items in the configuration which can only be applied # if this instance is not bound to a bridge. This should be checked # by the caller but better save then sorry! -- cgit v1.2.3 From a574a01ab5c02aeb90c6d099dce482c1bf8be096 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 23 Aug 2020 00:16:45 +0200 Subject: dhcpv6-pd: T2677: add support for rapid-commit option When rapid-commit is specified, dhcp6c will include a rapid-commit option in solicit messages and wait for an immediate reply instead of advertisements. --- data/templates/dhcp-client/ipv6.tmpl | 3 +++ interface-definitions/include/dhcpv6-options.xml.i | 8 +++++++- 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'data') diff --git a/data/templates/dhcp-client/ipv6.tmpl b/data/templates/dhcp-client/ipv6.tmpl index 85841fe94..68f668117 100644 --- a/data/templates/dhcp-client/ipv6.tmpl +++ b/data/templates/dhcp-client/ipv6.tmpl @@ -11,6 +11,9 @@ interface {{ ifname }} { {% if dhcpv6_options is not defined or dhcpv6_options.temporary is not defined %} send ia-na 0; # non-temporary address {% endif %} +{% if dhcpv6_options is defined and dhcpv6_options.rapid_commit is defined %} + send rapid-commit; # wait for immediate reply instead of advertisements +{% endif %} {% endif %} {% if dhcpv6_options is defined and dhcpv6_options.pd is defined %} {% for pd in dhcpv6_options.pd %} diff --git a/interface-definitions/include/dhcpv6-options.xml.i b/interface-definitions/include/dhcpv6-options.xml.i index 5d088b83d..b0a806806 100644 --- a/interface-definitions/include/dhcpv6-options.xml.i +++ b/interface-definitions/include/dhcpv6-options.xml.i @@ -70,9 +70,15 @@ + + + Wait for immediate reply instead of advertisements + + + - IPv6 "temporary" address + IPv6 temporary address -- cgit v1.2.3 From 52a78e3d76672a66e27c29b70102c844757e2055 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 23 Aug 2020 11:50:41 +0200 Subject: dhcpv6-pd: pppoe: T2677: fix dhcpc6 startup DHCPv6 client was not started as it used the old dict keys. --- data/templates/pppoe/ip-down.script.tmpl | 2 +- data/templates/pppoe/ipv6-up.script.tmpl | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) (limited to 'data') diff --git a/data/templates/pppoe/ip-down.script.tmpl b/data/templates/pppoe/ip-down.script.tmpl index 7b1952a80..c2d0cd09a 100644 --- a/data/templates/pppoe/ip-down.script.tmpl +++ b/data/templates/pppoe/ip-down.script.tmpl @@ -30,7 +30,7 @@ vtysh -c "conf t" ${VRF_NAME} -c "no ipv6 route ::/0 {{ ifname }} ${VRF_NAME}" {% endif %} {% endif %} -{% if dhcpv6_options is defined and dhcpv6_options.prefix_delegation is defined %} +{% if dhcpv6_options is defined and dhcpv6_options.pd is defined %} # Stop wide dhcpv6 client systemctl stop dhcp6c@{{ ifname }}.service {% endif %} diff --git a/data/templates/pppoe/ipv6-up.script.tmpl b/data/templates/pppoe/ipv6-up.script.tmpl index 3dee3d011..d0a62478c 100644 --- a/data/templates/pppoe/ipv6-up.script.tmpl +++ b/data/templates/pppoe/ipv6-up.script.tmpl @@ -40,12 +40,11 @@ echo 2 > /proc/sys/net/ipv6/conf/{{ ifname }}/accept_ra echo 1 > /proc/sys/net/ipv6/conf/{{ ifname }}/autoconf {% endif %} -{% if dhcpv6_options is defined and dhcpv6_options.prefix_delegation is defined %} +{% if dhcpv6_options is defined and dhcpv6_options.pd is defined %} # Start wide dhcpv6 client systemctl start dhcp6c@{{ ifname }}.service {% endif %} - {% if default_route != 'none' -%} # See https://phabricator.vyos.net/T2248 & T2220. Determine if we are enslaved # to a VRF, this is needed to properly insert the default route. -- cgit v1.2.3 From f7e3e7fe417e665f42af0025bccbb4f2ba56fbe4 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 23 Aug 2020 20:34:32 +0200 Subject: lcd: T2564: make hello and goodbye message oneline ... required for smoketest and ConfigParser --- data/templates/lcd/LCDd.conf.tmpl | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'data') diff --git a/data/templates/lcd/LCDd.conf.tmpl b/data/templates/lcd/LCDd.conf.tmpl index bde177b6a..f8ad62ff4 100644 --- a/data/templates/lcd/LCDd.conf.tmpl +++ b/data/templates/lcd/LCDd.conf.tmpl @@ -78,12 +78,10 @@ User=nobody Foreground=yes # Hello message: each entry represents a display line; default: builtin -Hello="Starting VyOS" -Hello=" ... " +Hello="Starting VyOS..." # GoodBye message: each entry represents a display line; default: builtin -GoodBye=" VyOS shutting" -GoodBye=" down... " +GoodBye="VyOS shutdown..." # Sets the interval in microseconds for updating the display. # [default: 125000 meaning 8Hz] -- cgit v1.2.3 From ffb3e2dc9df93c53abbd7ff0742ea75090d8c33d Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 23 Aug 2020 20:35:29 +0200 Subject: lcd: T2564: limit LCD display update to 2 updates per second ... this reduces CPU load. --- data/templates/lcd/LCDd.conf.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'data') diff --git a/data/templates/lcd/LCDd.conf.tmpl b/data/templates/lcd/LCDd.conf.tmpl index f8ad62ff4..6cf6a440f 100644 --- a/data/templates/lcd/LCDd.conf.tmpl +++ b/data/templates/lcd/LCDd.conf.tmpl @@ -85,7 +85,7 @@ GoodBye="VyOS shutdown..." # Sets the interval in microseconds for updating the display. # [default: 125000 meaning 8Hz] -FrameInterval=250000 # 4 updates per second +FrameInterval=500000 # 2 updates per second # Sets the default time in seconds to displays a screen. [default: 4] WaitTime=1 -- cgit v1.2.3 From a7ab5c9f57d216818cf896ef163a314f07cd7c93 Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Wed, 26 Aug 2020 13:11:48 -0500 Subject: https: T2830: update to use get_config_dict --- data/templates/https/nginx.default.tmpl | 2 +- src/conf_mode/https.py | 97 +++++++++++++++++++++------------ 2 files changed, 62 insertions(+), 37 deletions(-) (limited to 'data') diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl index aaa652e09..a20be45ae 100644 --- a/data/templates/https/nginx.default.tmpl +++ b/data/templates/https/nginx.default.tmpl @@ -52,7 +52,7 @@ server { error_page 501 502 503 =200 @50*_json; -{% if api_somewhere %} +{% if api_set %} location @50*_json { default_type application/json; return 200 '{"error": "service https api unavailable at this proxy address: set service https api-restrict virtual-host"}'; diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index 3dae0fddb..a13f131ab 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -14,9 +14,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -import os +import sys -from sys import exit from copy import deepcopy import vyos.defaults @@ -33,6 +32,11 @@ airbag.enable() config_file = '/etc/nginx/sites-available/default' certbot_dir = vyos.defaults.directories['certbot'] +# https config needs to coordinate several subsystems: api, certbot, +# self-signed certificate, as well as the virtual hosts defined within the +# https config definition itself. Consequently, one needs a general dict, +# encompassing the https and other configs, and a list of such virtual hosts +# (server blocks in nginx terminology) to pass to the jinja2 template. default_server_block = { 'id' : '', 'address' : '*', @@ -44,44 +48,57 @@ default_server_block = { } def get_config(): - server_block_list = [] conf = Config() if not conf.exists('service https'): return None - else: - conf.set_level('service https') - if not conf.exists('virtual-host'): + server_block_list = [] + https_dict = conf.get_config_dict('service https', get_first_key=True) + + # organize by vhosts + + vhost_dict = https_dict.get('virtual-host', {}) + + if not vhost_dict: + # no specified virtual hosts (server blocks); use default server_block_list.append(default_server_block) else: - for vhost in conf.list_nodes('virtual-host'): + for vhost in list(vhost_dict): server_block = deepcopy(default_server_block) server_block['id'] = vhost - if conf.exists(f'virtual-host {vhost} listen-address'): - addr = conf.return_value(f'virtual-host {vhost} listen-address') - server_block['address'] = addr - if conf.exists(f'virtual-host {vhost} listen-port'): - port = conf.return_value(f'virtual-host {vhost} listen-port') - server_block['port'] = port - if conf.exists(f'virtual-host {vhost} server-name'): - names = conf.return_values(f'virtual-host {vhost} server-name') - server_block['name'] = names[:] + data = vhost_dict.get(vhost, {}) + server_block['address'] = data.get('listen-address', '*') + server_block['port'] = data.get('listen-port', '443') + name = data.get('server-name', ['_']) + # XXX: T2636 workaround: convert string to a list with one element + if not isinstance(name, list): + name = [name] + server_block['name'] = name server_block_list.append(server_block) + # get certificate data + + cert_dict = https_dict.get('certificates', {}) + + # self-signed certificate + vyos_cert_data = {} - if conf.exists('certificates system-generated-certificate'): + if 'system-generated-certificate' in list(cert_dict): vyos_cert_data = vyos.defaults.vyos_cert_data if vyos_cert_data: for block in server_block_list: block['vyos_cert'] = vyos_cert_data + # letsencrypt certificate using certbot + certbot = False - certbot_domains = [] - if conf.exists('certificates certbot domain-name'): - certbot_domains = conf.return_values('certificates certbot domain-name') - if certbot_domains: + cert_domains = cert_dict.get('certbot', {}).get('domain-name', []) + if cert_domains: + # XXX: T2636 workaround: convert string to a list with one element + if not isinstance(cert_domains, list): + cert_domains = [cert_domains] certbot = True - for domain in certbot_domains: + for domain in cert_domains: sub_list = vyos.certbot_util.choose_server_block(server_block_list, domain) if sub_list: @@ -89,25 +106,30 @@ def get_config(): sb['certbot'] = True sb['certbot_dir'] = certbot_dir # certbot organizes certificates by first domain - sb['certbot_domain_dir'] = certbot_domains[0] + sb['certbot_domain_dir'] = cert_domains[0] - api_somewhere = False + # get api data + + api_set = False api_data = {} - if conf.exists('api'): - api_somewhere = True + if 'api' in list(https_dict): + api_set = True api_data = vyos.defaults.api_data - if conf.exists('api port'): - port = conf.return_value('api port') + api_settings = https_dict.get('api', {}) + if api_settings: + port = api_settings.get('port', '') + if port: api_data['port'] = port - if conf.exists('api-restrict virtual-host'): - vhosts = conf.return_values('api-restrict virtual-host') + vhosts = https_dict.get('api-restrict', {}).get('virtual-host', []) + # XXX: T2636 workaround: convert string to a list with one element + if not isinstance(vhosts, list): + vhosts = [vhosts] + if vhosts: api_data['vhost'] = vhosts[:] if api_data: - # we do not want to include 'vhost' key as part of - # vyos.defaults.api_data, so check for key existence - vhost_list = api_data.get('vhost') - if vhost_list is None: + vhost_list = api_data.get('vhost', []) + if not vhost_list: for block in server_block_list: block['api'] = api_data else: @@ -115,9 +137,12 @@ def get_config(): if block['id'] in vhost_list: block['api'] = api_data + # return dict for use in template + https = {'server_block_list' : server_block_list, - 'api_somewhere': api_somewhere, + 'api_set': api_set, 'certbot': certbot} + return https def verify(https): @@ -157,4 +182,4 @@ if __name__ == '__main__': apply(c) except ConfigError as e: print(e) - exit(1) + sys.exit(1) -- cgit v1.2.3 From 88985dad133d5e85aca559dbfce53207a2292e0a Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Fri, 28 Aug 2020 15:49:55 -0500 Subject: configd: T2582: add config daemon and supporting files --- data/configd-include.json | 1 + data/vyos-configd-env-set | 2 + data/vyos-configd-env-unset | 2 + debian/control | 1 + debian/rules | 1 + src/services/vyos-configd | 224 +++++++++++++++++++++++++++++++++++++++ src/systemd/vyos-configd.service | 27 +++++ 7 files changed, 258 insertions(+) create mode 100644 data/configd-include.json create mode 100644 data/vyos-configd-env-set create mode 100644 data/vyos-configd-env-unset create mode 100755 src/services/vyos-configd create mode 100644 src/systemd/vyos-configd.service (limited to 'data') diff --git a/data/configd-include.json b/data/configd-include.json new file mode 100644 index 000000000..fe51488c7 --- /dev/null +++ b/data/configd-include.json @@ -0,0 +1 @@ +[] diff --git a/data/vyos-configd-env-set b/data/vyos-configd-env-set new file mode 100644 index 000000000..d6d421eba --- /dev/null +++ b/data/vyos-configd-env-set @@ -0,0 +1,2 @@ +# +export vyshim=/usr/sbin/vyshim diff --git a/data/vyos-configd-env-unset b/data/vyos-configd-env-unset new file mode 100644 index 000000000..9616f9858 --- /dev/null +++ b/data/vyos-configd-env-unset @@ -0,0 +1,2 @@ +# +unset vyshim diff --git a/debian/control b/debian/control index 65f3be228..d9663d07b 100644 --- a/debian/control +++ b/debian/control @@ -6,6 +6,7 @@ Build-Depends: debhelper (>= 9), fakeroot, libvyosconfig0 (>= 0.0.7), + libzmq3-dev, python3, python3-coverage, python3-lxml, diff --git a/debian/rules b/debian/rules index 58bafd333..6b982fd8e 100755 --- a/debian/rules +++ b/debian/rules @@ -33,6 +33,7 @@ override_dh_auto_install: mkdir -p $(DIR)/$(VYOS_SBIN_DIR) mkdir -p $(DIR)/$(VYOS_BIN_DIR) cp -r src/utils/* $(DIR)/$(VYOS_BIN_DIR) + cp src/shim/vyshim $(DIR)/$(VYOS_SBIN_DIR) # Install conf mode scripts mkdir -p $(DIR)/$(VYOS_LIBEXEC_DIR)/conf_mode diff --git a/src/services/vyos-configd b/src/services/vyos-configd new file mode 100755 index 000000000..75f84d3df --- /dev/null +++ b/src/services/vyos-configd @@ -0,0 +1,224 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# + +import os +import sys +import grp +import re +import json +import logging +import signal +import importlib.util +import zmq + +from vyos.defaults import directories +from vyos.configsource import ConfigSourceString +from vyos.config import Config +from vyos import ConfigError + +CFG_GROUP = 'vyattacfg' + +debug = True + +logger = logging.getLogger(__name__) +logs_handler = logging.StreamHandler() +logger.addHandler(logs_handler) + +if debug: + logger.setLevel(logging.DEBUG) +else: + logger.setLevel(logging.INFO) + +SOCKET_PATH = "ipc:///run/vyos-configd.sock" + +# Response error codes +R_SUCCESS = 1 +R_ERROR_COMMIT = 2 +R_ERROR_DAEMON = 4 +R_PASS = 8 + +vyos_conf_scripts_dir = directories['conf_mode'] +configd_include_file = os.path.join(directories['data'], 'configd-include.json') +configd_env_set_file = os.path.join(directories['data'], 'vyos-configd-env-set') +configd_env_unset_file = os.path.join(directories['data'], 'vyos-configd-env-unset') +# sourced on entering config session +configd_env_file = '/etc/default/vyos-configd-env' + +active_string = '' +session_string = '' + +def key_name_from_file_name(f): + return os.path.splitext(f)[0] + +def module_name_from_key(k): + return k.replace('-', '_') + +def path_from_file_name(f): + return os.path.join(vyos_conf_scripts_dir, f) + +# opt-in to be run by daemon +with open(configd_include_file) as f: + try: + include = json.load(f) + except OSError as e: + logger.critical(f"configd include file error: {e}") + sys.exit(1) + except json.JSONDecodeError as e: + logger.critical(f"JSON load error: {e}") + sys.exit(1) + +# import conf_mode scripts +(_, _, filenames) = next(iter(os.walk(vyos_conf_scripts_dir))) +filenames.sort() + +load_filenames = [f for f in filenames if f in include] +imports = [key_name_from_file_name(f) for f in load_filenames] +module_names = [module_name_from_key(k) for k in imports] +paths = [path_from_file_name(f) for f in load_filenames] +to_load = list(zip(module_names, paths)) + +modules = [] + +for x in to_load: + spec = importlib.util.spec_from_file_location(x[0], x[1]) + module = importlib.util.module_from_spec(spec) + spec.loader.exec_module(module) + modules.append(module) + +conf_mode_scripts = dict(zip(imports, modules)) + +exclude_set = {key_name_from_file_name(f) for f in filenames if f not in include} +include_set = {key_name_from_file_name(f) for f in filenames if f in include} + + +def run_script(script, config) -> int: + config.set_level([]) + try: + c = script.get_config(config) + script.verify(c) + script.generate(c) + script.apply(c) + except ConfigError as e: + logger.critical(e) + return R_ERROR_COMMIT + except Exception: + return R_ERROR_DAEMON + + return R_SUCCESS + +def initialization(socket): + # Reset config strings: + active_string = '' + session_string = '' + # zmq synchronous for ipc from single client: + active_string = socket.recv().decode() + resp = "active" + socket.send(resp.encode()) + session_string = socket.recv().decode() + resp = "session" + socket.send(resp.encode()) + + configsource = ConfigSourceString(running_config_text=active_string, + session_config_text=session_string) + + config = Config(config_source=configsource) + + return config + +def process_node_data(config, data) -> int: + if not config: + logger.critical(f"Empty config") + return R_ERROR_DAEMON + + script_name = None + + res = re.match(r'^.+\/([^/].+).py(VYOS_TAGNODE_VALUE=.+)?', data) + if res.group(1): + script_name = res.group(1) + if res.group(2): + env = res.group(2).split('=') + os.environ[env[0]] = env[1] + + if not script_name: + logger.critical(f"Missing script_name") + return R_ERROR_DAEMON + + if script_name in exclude_set: + return R_PASS + + result = run_script(conf_mode_scripts[script_name], config) + + return result + +def remove_if_file(f: str): + try: + os.remove(f) + except FileNotFoundError: + pass + except OSError: + raise + +def shutdown(): + remove_if_file(configd_env_file) + os.symlink(configd_env_unset_file, configd_env_file) + sys.exit(0) + +if __name__ == '__main__': + context = zmq.Context() + socket = context.socket(zmq.REP) + + # Set the right permissions on the socket, then change it back + o_mask = os.umask(0) + socket.bind(SOCKET_PATH) + os.umask(o_mask) + + cfg_group = grp.getgrnam(CFG_GROUP) + os.setgid(cfg_group.gr_gid) + + os.environ['SUDO_USER'] = 'vyos' + os.environ['SUDO_GID'] = str(cfg_group.gr_gid) + + def sig_handler(signum, frame): + shutdown() + + signal.signal(signal.SIGTERM, sig_handler) + signal.signal(signal.SIGINT, sig_handler) + + # Define the vyshim environment variable + remove_if_file(configd_env_file) + os.symlink(configd_env_set_file, configd_env_file) + + config = None + + while True: + # Wait for next request from client + msg = socket.recv().decode() + logger.debug(f"Received message: {msg}") + message = json.loads(msg) + + if message["type"] == "init": + resp = "init" + socket.send(resp.encode()) + config = initialization(socket) + elif message["type"] == "node": + res = process_node_data(config, message["data"]) + response = res.to_bytes(1, byteorder=sys.byteorder) + logger.debug(f"Sending response {res}") + socket.send(response) + else: + logger.critical(f"Unexpected message: {message}") diff --git a/src/systemd/vyos-configd.service b/src/systemd/vyos-configd.service new file mode 100644 index 000000000..274ccc787 --- /dev/null +++ b/src/systemd/vyos-configd.service @@ -0,0 +1,27 @@ +[Unit] +Description=VyOS configuration daemon + +# Without this option, lots of default dependencies are added, +# among them network.target, which creates a dependency cycle +DefaultDependencies=no + +# Seemingly sensible way to say "as early as the system is ready" +# All vyos-configd needs is read/write mounted root +After=systemd-remount-fs.service +Before=vyos-router.service + +[Service] +ExecStart=/usr/bin/python3 -u /usr/libexec/vyos/services/vyos-configd +Type=idle + +SyslogIdentifier=vyos-configd +SyslogFacility=daemon + +Restart=on-failure + +# Does't work in Jessie but leave it here +User=root +Group=vyattacfg + +[Install] +WantedBy=vyos.target -- cgit v1.2.3 From ad69fb36201ee0930b76d80f0869284e26846991 Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Fri, 28 Aug 2020 15:50:50 -0500 Subject: configd: T2582: add scripts to include list for daemon --- data/configd-include.json | 65 ++++++++++++++++++++++++++++- src/conf_mode/bcast_relay.py | 7 +++- src/conf_mode/dhcp_relay.py | 7 +++- src/conf_mode/dhcp_server.py | 7 +++- src/conf_mode/dhcpv6_relay.py | 7 +++- src/conf_mode/dhcpv6_server.py | 7 +++- src/conf_mode/dynamic_dns.py | 7 +++- src/conf_mode/firewall_options.py | 7 +++- src/conf_mode/host_name.py | 7 +++- src/conf_mode/http-api.py | 8 +++- src/conf_mode/https.py | 8 +++- src/conf_mode/igmp_proxy.py | 7 +++- src/conf_mode/intel_qat.py | 7 +++- src/conf_mode/interfaces-bonding.py | 7 +++- src/conf_mode/interfaces-bridge.py | 7 +++- src/conf_mode/interfaces-dummy.py | 7 +++- src/conf_mode/interfaces-ethernet.py | 7 +++- src/conf_mode/interfaces-geneve.py | 7 +++- src/conf_mode/interfaces-l2tpv3.py | 7 +++- src/conf_mode/interfaces-loopback.py | 7 +++- src/conf_mode/interfaces-macsec.py | 7 +++- src/conf_mode/interfaces-openvpn.py | 7 +++- src/conf_mode/interfaces-pppoe.py | 7 +++- src/conf_mode/interfaces-pseudo-ethernet.py | 7 +++- src/conf_mode/interfaces-tunnel.py | 8 +++- src/conf_mode/interfaces-vxlan.py | 7 +++- src/conf_mode/interfaces-wireguard.py | 7 +++- src/conf_mode/interfaces-wireless.py | 7 +++- src/conf_mode/interfaces-wirelessmodem.py | 7 +++- src/conf_mode/ipsec-settings.py | 7 +++- src/conf_mode/lldp.py | 7 +++- src/conf_mode/nat.py | 7 +++- src/conf_mode/ntp.py | 7 +++- src/conf_mode/protocols_igmp.py | 7 +++- src/conf_mode/protocols_mpls.py | 7 +++- src/conf_mode/protocols_pim.py | 7 +++- src/conf_mode/protocols_rip.py | 7 +++- src/conf_mode/protocols_static_multicast.py | 7 +++- src/conf_mode/salt-minion.py | 7 +++- src/conf_mode/service_console-server.py | 7 +++- src/conf_mode/service_ids_fastnetmon.py | 7 +++- src/conf_mode/service_ipoe-server.py | 7 +++- src/conf_mode/service_mdns-repeater.py | 7 +++- src/conf_mode/service_pppoe-server.py | 7 +++- src/conf_mode/service_router-advert.py | 7 +++- src/conf_mode/ssh.py | 7 +++- src/conf_mode/system-ip.py | 7 +++- src/conf_mode/system-ipv6.py | 7 +++- src/conf_mode/system-login-banner.py | 7 +++- src/conf_mode/system-login.py | 7 +++- src/conf_mode/system-options.py | 7 +++- src/conf_mode/system-syslog.py | 7 +++- src/conf_mode/system-timezone.py | 7 +++- src/conf_mode/system-wifi-regdom.py | 7 +++- src/conf_mode/system_console.py | 7 +++- src/conf_mode/system_lcd.py | 7 +++- src/conf_mode/task_scheduler.py | 7 +++- src/conf_mode/tftp_server.py | 7 +++- src/conf_mode/vpn_l2tp.py | 7 +++- src/conf_mode/vpn_pptp.py | 7 +++- src/conf_mode/vpn_sstp.py | 7 +++- src/conf_mode/vrf.py | 7 +++- src/conf_mode/vrrp.py | 7 +++- src/conf_mode/vyos_cert.py | 7 +++- 64 files changed, 382 insertions(+), 127 deletions(-) (limited to 'data') diff --git a/data/configd-include.json b/data/configd-include.json index fe51488c7..11d550f59 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -1 +1,64 @@ -[] +[ +"bcast_relay.py", +"dhcp_relay.py", +"dhcp_server.py", +"dhcpv6_relay.py", +"dhcpv6_server.py", +"dynamic_dns.py", +"firewall_options.py", +"host_name.py", +"http-api.py", +"https.py", +"igmp_proxy.py", +"intel_qat.py", +"interfaces-bonding.py", +"interfaces-bridge.py", +"interfaces-dummy.py", +"interfaces-ethernet.py", +"interfaces-geneve.py", +"interfaces-l2tpv3.py", +"interfaces-loopback.py", +"interfaces-macsec.py", +"interfaces-openvpn.py", +"interfaces-pppoe.py", +"interfaces-pseudo-ethernet.py", +"interfaces-tunnel.py", +"interfaces-vxlan.py", +"interfaces-wireguard.py", +"interfaces-wireless.py", +"interfaces-wirelessmodem.py", +"ipsec-settings.py", +"lldp.py", +"nat.py", +"ntp.py", +"protocols_igmp.py", +"protocols_mpls.py", +"protocols_pim.py", +"protocols_rip.py", +"protocols_static_multicast.py", +"salt-minion.py", +"service_console-server.py", +"service_ids_fastnetmon.py", +"service_ipoe-server.py", +"service_mdns-repeater.py", +"service_pppoe-server.py", +"service_router-advert.py", +"ssh.py", +"system-ip.py", +"system-ipv6.py", +"system-login-banner.py", +"system-options.py", +"system-syslog.py", +"system-timezone.py", +"system-wifi-regdom.py", +"system_console.py", +"system_lcd.py", +"task_scheduler.py", +"tftp_server.py", +"vpn_l2tp.py", +"vpn_pptp.py", +"vpn_sstp.py", +"vrf.py", +"vrrp.py", +"vyos_cert.py" +] \ No newline at end of file diff --git a/src/conf_mode/bcast_relay.py b/src/conf_mode/bcast_relay.py index a3e141a00..4a47b9246 100755 --- a/src/conf_mode/bcast_relay.py +++ b/src/conf_mode/bcast_relay.py @@ -29,8 +29,11 @@ airbag.enable() config_file_base = r'/etc/default/udp-broadcast-relay' -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base = ['service', 'broadcast-relay'] relay = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) diff --git a/src/conf_mode/dhcp_relay.py b/src/conf_mode/dhcp_relay.py index f093a005e..352865b9d 100755 --- a/src/conf_mode/dhcp_relay.py +++ b/src/conf_mode/dhcp_relay.py @@ -36,9 +36,12 @@ default_config_data = { 'relay_agent_packets': 'forward' } -def get_config(): +def get_config(config=None): relay = default_config_data - conf = Config() + if config: + conf = config + else: + conf = Config() if not conf.exists(['service', 'dhcp-relay']): return None else: diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py index 0eaa14c5b..fd4e2ec61 100755 --- a/src/conf_mode/dhcp_server.py +++ b/src/conf_mode/dhcp_server.py @@ -126,9 +126,12 @@ def dhcp_static_route(static_subnet, static_router): return string -def get_config(): +def get_config(config=None): dhcp = default_config_data - conf = Config() + if config: + conf = config + else: + conf = Config() if not conf.exists('service dhcp-server'): return None else: diff --git a/src/conf_mode/dhcpv6_relay.py b/src/conf_mode/dhcpv6_relay.py index 6ef290bf0..d4212b8be 100755 --- a/src/conf_mode/dhcpv6_relay.py +++ b/src/conf_mode/dhcpv6_relay.py @@ -35,9 +35,12 @@ default_config_data = { 'options': [], } -def get_config(): +def get_config(config=None): relay = deepcopy(default_config_data) - conf = Config() + if config: + conf = config + else: + conf = Config() if not conf.exists('service dhcpv6-relay'): return None else: diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py index 53c8358a5..4ce4cada1 100755 --- a/src/conf_mode/dhcpv6_server.py +++ b/src/conf_mode/dhcpv6_server.py @@ -37,9 +37,12 @@ default_config_data = { 'shared_network': [] } -def get_config(): +def get_config(config=None): dhcpv6 = deepcopy(default_config_data) - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['service', 'dhcpv6-server'] if not conf.exists(base): return None diff --git a/src/conf_mode/dynamic_dns.py b/src/conf_mode/dynamic_dns.py index 5b1883c03..57c910a68 100755 --- a/src/conf_mode/dynamic_dns.py +++ b/src/conf_mode/dynamic_dns.py @@ -50,9 +50,12 @@ default_config_data = { 'deleted': False } -def get_config(): +def get_config(config=None): dyndns = deepcopy(default_config_data) - conf = Config() + if config: + conf = config + else: + conf = Config() base_level = ['service', 'dns', 'dynamic'] if not conf.exists(base_level): diff --git a/src/conf_mode/firewall_options.py b/src/conf_mode/firewall_options.py index 71b2a98b3..67bf5d0e2 100755 --- a/src/conf_mode/firewall_options.py +++ b/src/conf_mode/firewall_options.py @@ -32,9 +32,12 @@ default_config_data = { 'new_chain6': False } -def get_config(): +def get_config(config=None): opts = copy.deepcopy(default_config_data) - conf = Config() + if config: + conf = config + else: + conf = Config() if not conf.exists('firewall options'): # bail out early return opts diff --git a/src/conf_mode/host_name.py b/src/conf_mode/host_name.py index 9d66bd434..f4c75c257 100755 --- a/src/conf_mode/host_name.py +++ b/src/conf_mode/host_name.py @@ -43,8 +43,11 @@ default_config_data = { hostsd_tag = 'system' -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() hosts = copy.deepcopy(default_config_data) diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py index b8a084a40..472eb77e4 100755 --- a/src/conf_mode/http-api.py +++ b/src/conf_mode/http-api.py @@ -39,7 +39,7 @@ dependencies = [ 'https.py', ] -def get_config(): +def get_config(config=None): http_api = deepcopy(vyos.defaults.api_data) x = http_api.get('api_keys') if x is None: @@ -48,7 +48,11 @@ def get_config(): default_key = x[0] keys_added = False - conf = Config() + if config: + conf = config + else: + conf = Config() + if not conf.exists('service https api'): return None else: diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index a13f131ab..dc51cb117 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -47,8 +47,12 @@ default_server_block = { 'certbot' : False } -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() + if not conf.exists('service https'): return None diff --git a/src/conf_mode/igmp_proxy.py b/src/conf_mode/igmp_proxy.py index 49aea9b7f..754f46566 100755 --- a/src/conf_mode/igmp_proxy.py +++ b/src/conf_mode/igmp_proxy.py @@ -36,9 +36,12 @@ default_config_data = { 'interfaces': [], } -def get_config(): +def get_config(config=None): igmp_proxy = deepcopy(default_config_data) - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['protocols', 'igmp-proxy'] if not conf.exists(base): return None diff --git a/src/conf_mode/intel_qat.py b/src/conf_mode/intel_qat.py index 742f09a54..1e5101a9f 100755 --- a/src/conf_mode/intel_qat.py +++ b/src/conf_mode/intel_qat.py @@ -30,8 +30,11 @@ airbag.enable() # Define for recovering gl_ipsec_conf = None -def get_config(): - c = Config() +def get_config(config=None): + if config: + c = config + else: + c = Config() config_data = { 'qat_conf' : None, 'ipsec_conf' : None, diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index 3b238f1ea..16e6e4f6e 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -53,12 +53,15 @@ def get_bond_mode(mode): else: raise ConfigError(f'invalid bond mode "{mode}"') -def get_config(): +def get_config(config=None): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the interface name will be added or a deleted flag """ - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['interfaces', 'bonding'] bond = get_interface_dict(conf, base) diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py index ee8e85e73..47c8c05f9 100755 --- a/src/conf_mode/interfaces-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -34,12 +34,15 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -def get_config(): +def get_config(config=None): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the interface name will be added or a deleted flag """ - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['interfaces', 'bridge'] bridge = get_interface_dict(conf, base) diff --git a/src/conf_mode/interfaces-dummy.py b/src/conf_mode/interfaces-dummy.py index 8df86c8ea..44fc9cb9e 100755 --- a/src/conf_mode/interfaces-dummy.py +++ b/src/conf_mode/interfaces-dummy.py @@ -28,12 +28,15 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -def get_config(): +def get_config(config=None): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the interface name will be added or a deleted flag """ - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['interfaces', 'dummy'] dummy = get_interface_dict(conf, base) return dummy diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index 10758e35a..a8df64cce 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -30,12 +30,15 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -def get_config(): +def get_config(config=None): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the interface name will be added or a deleted flag """ - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['interfaces', 'ethernet'] ethernet = get_interface_dict(conf, base) return ethernet diff --git a/src/conf_mode/interfaces-geneve.py b/src/conf_mode/interfaces-geneve.py index 1104bd3c0..cc2cf025a 100755 --- a/src/conf_mode/interfaces-geneve.py +++ b/src/conf_mode/interfaces-geneve.py @@ -30,12 +30,15 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -def get_config(): +def get_config(config=None): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the interface name will be added or a deleted flag """ - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['interfaces', 'geneve'] geneve = get_interface_dict(conf, base) return geneve diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index 0978df5b6..8250a3df8 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -35,12 +35,15 @@ airbag.enable() k_mod = ['l2tp_eth', 'l2tp_netlink', 'l2tp_ip', 'l2tp_ip6'] -def get_config(): +def get_config(config=None): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the interface name will be added or a deleted flag """ - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['interfaces', 'l2tpv3'] l2tpv3 = get_interface_dict(conf, base) diff --git a/src/conf_mode/interfaces-loopback.py b/src/conf_mode/interfaces-loopback.py index 0398cd591..30a27abb4 100755 --- a/src/conf_mode/interfaces-loopback.py +++ b/src/conf_mode/interfaces-loopback.py @@ -25,12 +25,15 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -def get_config(): +def get_config(config=None): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the interface name will be added or a deleted flag """ - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['interfaces', 'loopback'] loopback = get_interface_dict(conf, base) return loopback diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py index ca15212d4..2866ccc0a 100755 --- a/src/conf_mode/interfaces-macsec.py +++ b/src/conf_mode/interfaces-macsec.py @@ -35,12 +35,15 @@ airbag.enable() # XXX: wpa_supplicant works on the source interface wpa_suppl_conf = '/run/wpa_supplicant/{source_interface}.conf' -def get_config(): +def get_config(config=None): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the interface name will be added or a deleted flag """ - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['interfaces', 'macsec'] macsec = get_interface_dict(conf, base) diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 1420b4116..958b305dd 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -192,9 +192,12 @@ def getDefaultServer(network, topology, devtype): return server -def get_config(): +def get_config(config=None): openvpn = deepcopy(default_config_data) - conf = Config() + if config: + conf = config + else: + conf = Config() # determine tagNode instance if 'VYOS_TAGNODE_VALUE' not in os.environ: diff --git a/src/conf_mode/interfaces-pppoe.py b/src/conf_mode/interfaces-pppoe.py index 901ea769c..1b4b9e4ee 100755 --- a/src/conf_mode/interfaces-pppoe.py +++ b/src/conf_mode/interfaces-pppoe.py @@ -30,12 +30,15 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -def get_config(): +def get_config(config=None): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the interface name will be added or a deleted flag """ - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['interfaces', 'pppoe'] pppoe = get_interface_dict(conf, base) diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index fe2d7b1be..59edca1cc 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -34,12 +34,15 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -def get_config(): +def get_config(config=None): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the interface name will be added or a deleted flag """ - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['interfaces', 'pseudo-ethernet'] peth = get_interface_dict(conf, base) diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py index ea15a7fb7..11d8d6edc 100755 --- a/src/conf_mode/interfaces-tunnel.py +++ b/src/conf_mode/interfaces-tunnel.py @@ -397,12 +397,16 @@ def ip_proto (afi): return 6 if afi == IP6 else 4 -def get_config(): +def get_config(config=None): ifname = os.environ.get('VYOS_TAGNODE_VALUE','') if not ifname: raise ConfigError('Interface not specified') - config = Config() + if config: + config = config + else: + config = Config() + conf = ConfigurationState(config, ['interfaces', 'tunnel ', ifname], default_config_data) options = conf.options changes = conf.changes diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index 47c0bdcb8..bea3aa25b 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -30,12 +30,15 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -def get_config(): +def get_config(config=None): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the interface name will be added or a deleted flag """ - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['interfaces', 'vxlan'] vxlan = get_interface_dict(conf, base) diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 8b64cde4d..e7c22da1a 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -33,12 +33,15 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -def get_config(): +def get_config(config=None): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the interface name will be added or a deleted flag """ - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['interfaces', 'wireguard'] wireguard = get_interface_dict(conf, base) diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index b6f247952..9861f72db 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -64,12 +64,15 @@ def find_other_stations(conf, base, ifname): conf.set_level(old_level) return dict -def get_config(): +def get_config(config=None): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the interface name will be added or a deleted flag """ - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['interfaces', 'wireless'] wifi = get_interface_dict(conf, base) diff --git a/src/conf_mode/interfaces-wirelessmodem.py b/src/conf_mode/interfaces-wirelessmodem.py index 6d168d918..7d8110096 100755 --- a/src/conf_mode/interfaces-wirelessmodem.py +++ b/src/conf_mode/interfaces-wirelessmodem.py @@ -31,12 +31,15 @@ airbag.enable() k_mod = ['option', 'usb_wwan', 'usbserial'] -def get_config(): +def get_config(config=None): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the interface name will be added or a deleted flag """ - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['interfaces', 'wirelessmodem'] wwan = get_interface_dict(conf, base) return wwan diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py index 015d1a480..11a5b7aaa 100755 --- a/src/conf_mode/ipsec-settings.py +++ b/src/conf_mode/ipsec-settings.py @@ -41,8 +41,11 @@ delim_ipsec_l2tp_begin = "### VyOS L2TP VPN Begin ###" delim_ipsec_l2tp_end = "### VyOS L2TP VPN End ###" charon_pidfile = "/var/run/charon.pid" -def get_config(): - config = Config() +def get_config(config=None): + if config: + config = config + else: + config = Config() data = {"install_routes": "yes"} if config.exists("vpn ipsec options disable-route-autoinstall"): diff --git a/src/conf_mode/lldp.py b/src/conf_mode/lldp.py index 1b539887a..6b645857a 100755 --- a/src/conf_mode/lldp.py +++ b/src/conf_mode/lldp.py @@ -146,9 +146,12 @@ def get_location(config): return intfs_location -def get_config(): +def get_config(config=None): lldp = deepcopy(default_config_data) - conf = Config() + if config: + conf = config + else: + conf = Config() if not conf.exists(base): return None else: diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index f79f0f42b..eb634fd78 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -167,9 +167,12 @@ def parse_configuration(conf, source_dest): return ruleset -def get_config(): +def get_config(config=None): nat = deepcopy(default_config_data) - conf = Config() + if config: + conf = config + else: + conf = Config() # read in current nftable (once) for further processing tmp = cmd('nft -j list table raw') diff --git a/src/conf_mode/ntp.py b/src/conf_mode/ntp.py index bba8f87a4..d6453ec83 100755 --- a/src/conf_mode/ntp.py +++ b/src/conf_mode/ntp.py @@ -27,8 +27,11 @@ airbag.enable() config_file = r'/etc/ntp.conf' systemd_override = r'/etc/systemd/system/ntp.service.d/override.conf' -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base = ['system', 'ntp'] ntp = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) diff --git a/src/conf_mode/protocols_igmp.py b/src/conf_mode/protocols_igmp.py index ca148fd6a..6f4fc784d 100755 --- a/src/conf_mode/protocols_igmp.py +++ b/src/conf_mode/protocols_igmp.py @@ -29,8 +29,11 @@ airbag.enable() config_file = r'/tmp/igmp.frr' -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() igmp_conf = { 'igmp_conf' : False, 'old_ifaces' : {}, diff --git a/src/conf_mode/protocols_mpls.py b/src/conf_mode/protocols_mpls.py index bcb16fa04..e515490d0 100755 --- a/src/conf_mode/protocols_mpls.py +++ b/src/conf_mode/protocols_mpls.py @@ -29,8 +29,11 @@ config_file = r'/tmp/ldpd.frr' def sysctl(name, value): call('sysctl -wq {}={}'.format(name, value)) -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() mpls_conf = { 'router_id' : None, 'mpls_ldp' : False, diff --git a/src/conf_mode/protocols_pim.py b/src/conf_mode/protocols_pim.py index 8aa324bac..6d333e19a 100755 --- a/src/conf_mode/protocols_pim.py +++ b/src/conf_mode/protocols_pim.py @@ -29,8 +29,11 @@ airbag.enable() config_file = r'/tmp/pimd.frr' -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() pim_conf = { 'pim_conf' : False, 'old_pim' : { diff --git a/src/conf_mode/protocols_rip.py b/src/conf_mode/protocols_rip.py index 95e8ce901..8ddd705f2 100755 --- a/src/conf_mode/protocols_rip.py +++ b/src/conf_mode/protocols_rip.py @@ -28,8 +28,11 @@ airbag.enable() config_file = r'/tmp/ripd.frr' -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base = ['protocols', 'rip'] rip_conf = { 'rip_conf' : False, diff --git a/src/conf_mode/protocols_static_multicast.py b/src/conf_mode/protocols_static_multicast.py index 232d1e181..99157835a 100755 --- a/src/conf_mode/protocols_static_multicast.py +++ b/src/conf_mode/protocols_static_multicast.py @@ -30,8 +30,11 @@ airbag.enable() config_file = r'/tmp/static_mcast.frr' # Get configuration for static multicast route -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() mroute = { 'old_mroute' : {}, 'mroute' : {} diff --git a/src/conf_mode/salt-minion.py b/src/conf_mode/salt-minion.py index 3343d1247..841bf6a39 100755 --- a/src/conf_mode/salt-minion.py +++ b/src/conf_mode/salt-minion.py @@ -44,9 +44,12 @@ default_config_data = { 'master_key': '' } -def get_config(): +def get_config(config=None): salt = deepcopy(default_config_data) - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['service', 'salt-minion'] if not conf.exists(base): diff --git a/src/conf_mode/service_console-server.py b/src/conf_mode/service_console-server.py index 613ec6879..0e5fc75b0 100755 --- a/src/conf_mode/service_console-server.py +++ b/src/conf_mode/service_console-server.py @@ -27,8 +27,11 @@ from vyos import ConfigError config_file = r'/run/conserver/conserver.cf' -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base = ['service', 'console-server'] # Retrieve CLI representation as dictionary diff --git a/src/conf_mode/service_ids_fastnetmon.py b/src/conf_mode/service_ids_fastnetmon.py index d46f9578e..27d0ee60c 100755 --- a/src/conf_mode/service_ids_fastnetmon.py +++ b/src/conf_mode/service_ids_fastnetmon.py @@ -28,8 +28,11 @@ airbag.enable() config_file = r'/etc/fastnetmon.conf' networks_list = r'/etc/networks_list' -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base = ['service', 'ids', 'ddos-protection'] fastnetmon = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) return fastnetmon diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py index 553cc2e97..96cf932d1 100755 --- a/src/conf_mode/service_ipoe-server.py +++ b/src/conf_mode/service_ipoe-server.py @@ -55,8 +55,11 @@ default_config_data = { 'thread_cnt': get_half_cpus() } -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base_path = ['service', 'ipoe-server'] if not conf.exists(base_path): return None diff --git a/src/conf_mode/service_mdns-repeater.py b/src/conf_mode/service_mdns-repeater.py index 1a6b2c328..729518c96 100755 --- a/src/conf_mode/service_mdns-repeater.py +++ b/src/conf_mode/service_mdns-repeater.py @@ -28,8 +28,11 @@ airbag.enable() config_file = r'/etc/default/mdns-repeater' -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base = ['service', 'mdns', 'repeater'] mdns = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) return mdns diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py index 39d34a7e2..45d3806d5 100755 --- a/src/conf_mode/service_pppoe-server.py +++ b/src/conf_mode/service_pppoe-server.py @@ -85,8 +85,11 @@ default_config_data = { 'thread_cnt': get_half_cpus() } -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base_path = ['service', 'pppoe-server'] if not conf.exists(base_path): return None diff --git a/src/conf_mode/service_router-advert.py b/src/conf_mode/service_router-advert.py index 4e1c432ab..687d7068f 100755 --- a/src/conf_mode/service_router-advert.py +++ b/src/conf_mode/service_router-advert.py @@ -29,8 +29,11 @@ airbag.enable() config_file = r'/run/radvd/radvd.conf' -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base = ['service', 'router-advert'] rtradv = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index 7b262565a..a19fa72d8 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -31,8 +31,11 @@ airbag.enable() config_file = r'/run/ssh/sshd_config' systemd_override = r'/etc/systemd/system/ssh.service.d/override.conf' -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base = ['service', 'ssh'] if not conf.exists(base): return None diff --git a/src/conf_mode/system-ip.py b/src/conf_mode/system-ip.py index 85f1e3771..64c9e6d05 100755 --- a/src/conf_mode/system-ip.py +++ b/src/conf_mode/system-ip.py @@ -35,9 +35,12 @@ default_config_data = { def sysctl(name, value): call('sysctl -wq {}={}'.format(name, value)) -def get_config(): +def get_config(config=None): ip_opt = deepcopy(default_config_data) - conf = Config() + if config: + conf = config + else: + conf = Config() conf.set_level('system ip') if conf.exists(''): if conf.exists('arp table-size'): diff --git a/src/conf_mode/system-ipv6.py b/src/conf_mode/system-ipv6.py index 3417c609d..f70ec2631 100755 --- a/src/conf_mode/system-ipv6.py +++ b/src/conf_mode/system-ipv6.py @@ -41,9 +41,12 @@ default_config_data = { def sysctl(name, value): call('sysctl -wq {}={}'.format(name, value)) -def get_config(): +def get_config(config=None): ip_opt = deepcopy(default_config_data) - conf = Config() + if config: + conf = config + else: + conf = Config() conf.set_level('system ipv6') if conf.exists(''): ip_opt['disable_addr_assignment'] = conf.exists('disable') diff --git a/src/conf_mode/system-login-banner.py b/src/conf_mode/system-login-banner.py index 5c0adc921..569010735 100755 --- a/src/conf_mode/system-login-banner.py +++ b/src/conf_mode/system-login-banner.py @@ -41,9 +41,12 @@ default_config_data = { 'motd': motd } -def get_config(): +def get_config(config=None): banner = default_config_data - conf = Config() + if config: + conf = config + else: + conf = Config() base_level = ['system', 'login', 'banner'] if not conf.exists(base_level): diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index b1dd583b5..2aca199f9 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -56,9 +56,12 @@ def get_local_users(): return local_users -def get_config(): +def get_config(config=None): login = default_config_data - conf = Config() + if config: + conf = config + else: + conf = Config() base_level = ['system', 'login'] # We do not need to check if the nodes exist or not and bail out early diff --git a/src/conf_mode/system-options.py b/src/conf_mode/system-options.py index 0aacd19d8..6ac35a4ab 100755 --- a/src/conf_mode/system-options.py +++ b/src/conf_mode/system-options.py @@ -31,8 +31,11 @@ curlrc_config = r'/etc/curlrc' ssh_config = r'/etc/ssh/ssh_config' systemd_action_file = '/lib/systemd/system/ctrl-alt-del.target' -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base = ['system', 'options'] options = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) return options diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py index cfc1ca55f..d29109c41 100755 --- a/src/conf_mode/system-syslog.py +++ b/src/conf_mode/system-syslog.py @@ -27,8 +27,11 @@ from vyos.template import render from vyos import airbag airbag.enable() -def get_config(): - c = Config() +def get_config(config=None): + if config: + c = config + else: + c = Config() if not c.exists('system syslog'): return None c.set_level('system syslog') diff --git a/src/conf_mode/system-timezone.py b/src/conf_mode/system-timezone.py index 0f4513122..4d9f017a6 100755 --- a/src/conf_mode/system-timezone.py +++ b/src/conf_mode/system-timezone.py @@ -29,9 +29,12 @@ default_config_data = { 'name': 'UTC' } -def get_config(): +def get_config(config=None): tz = deepcopy(default_config_data) - conf = Config() + if config: + conf = config + else: + conf = Config() if conf.exists('system time-zone'): tz['name'] = conf.return_value('system time-zone') diff --git a/src/conf_mode/system-wifi-regdom.py b/src/conf_mode/system-wifi-regdom.py index 30ea89098..874f93923 100755 --- a/src/conf_mode/system-wifi-regdom.py +++ b/src/conf_mode/system-wifi-regdom.py @@ -34,9 +34,12 @@ default_config_data = { 'deleted' : False } -def get_config(): +def get_config(config=None): regdom = deepcopy(default_config_data) - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['system', 'wifi-regulatory-domain'] # Check if interface has been removed diff --git a/src/conf_mode/system_console.py b/src/conf_mode/system_console.py index 6f83335f3..b17818797 100755 --- a/src/conf_mode/system_console.py +++ b/src/conf_mode/system_console.py @@ -26,8 +26,11 @@ airbag.enable() by_bus_dir = '/dev/serial/by-bus' -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base = ['system', 'console'] # retrieve configuration at once diff --git a/src/conf_mode/system_lcd.py b/src/conf_mode/system_lcd.py index 31a09252d..a540d1b9e 100755 --- a/src/conf_mode/system_lcd.py +++ b/src/conf_mode/system_lcd.py @@ -29,8 +29,11 @@ airbag.enable() lcdd_conf = '/run/LCDd/LCDd.conf' lcdproc_conf = '/run/lcdproc/lcdproc.conf' -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base = ['system', 'lcd'] lcd = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) diff --git a/src/conf_mode/task_scheduler.py b/src/conf_mode/task_scheduler.py index 51d8684cb..129be5d3c 100755 --- a/src/conf_mode/task_scheduler.py +++ b/src/conf_mode/task_scheduler.py @@ -53,8 +53,11 @@ def make_command(executable, arguments): else: return("sg vyattacfg \"{0}\"".format(executable)) -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() conf.set_level("system task-scheduler task") task_names = conf.list_nodes("") tasks = [] diff --git a/src/conf_mode/tftp_server.py b/src/conf_mode/tftp_server.py index d31851bef..ad5ee9c33 100755 --- a/src/conf_mode/tftp_server.py +++ b/src/conf_mode/tftp_server.py @@ -40,9 +40,12 @@ default_config_data = { 'listen': [] } -def get_config(): +def get_config(config=None): tftpd = deepcopy(default_config_data) - conf = Config() + if config: + conf = config + else: + conf = Config() base = ['service', 'tftp-server'] if not conf.exists(base): return None diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py index 26ad1af84..13831dcd8 100755 --- a/src/conf_mode/vpn_l2tp.py +++ b/src/conf_mode/vpn_l2tp.py @@ -70,8 +70,11 @@ default_config_data = { 'thread_cnt': get_half_cpus() } -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base_path = ['vpn', 'l2tp', 'remote-access'] if not conf.exists(base_path): return None diff --git a/src/conf_mode/vpn_pptp.py b/src/conf_mode/vpn_pptp.py index 32cbadd74..9f3b40534 100755 --- a/src/conf_mode/vpn_pptp.py +++ b/src/conf_mode/vpn_pptp.py @@ -56,8 +56,11 @@ default_pptp = { 'thread_cnt': get_half_cpus() } -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base_path = ['vpn', 'pptp', 'remote-access'] if not conf.exists(base_path): return None diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py index ddb499bf4..7fc370f99 100755 --- a/src/conf_mode/vpn_sstp.py +++ b/src/conf_mode/vpn_sstp.py @@ -65,10 +65,13 @@ default_config_data = { 'thread_cnt' : get_half_cpus() } -def get_config(): +def get_config(config=None): sstp = deepcopy(default_config_data) base_path = ['vpn', 'sstp'] - conf = Config() + if config: + conf = config + else: + conf = Config() if not conf.exists(base_path): return None diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index 56ca813ff..2f4da0240 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -76,8 +76,11 @@ def vrf_routing(c, match): return matched -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() vrf_config = deepcopy(default_config_data) cfg_base = ['vrf'] diff --git a/src/conf_mode/vrrp.py b/src/conf_mode/vrrp.py index 292eb0c78..f1ceb261b 100755 --- a/src/conf_mode/vrrp.py +++ b/src/conf_mode/vrrp.py @@ -32,11 +32,14 @@ from vyos.ifconfig.vrrp import VRRP from vyos import airbag airbag.enable() -def get_config(): +def get_config(config=None): vrrp_groups = [] sync_groups = [] - config = vyos.config.Config() + if config: + config = config + else: + config = vyos.config.Config() # Get the VRRP groups for group_name in config.list_nodes("high-availability vrrp group"): diff --git a/src/conf_mode/vyos_cert.py b/src/conf_mode/vyos_cert.py index fb4644d5a..dc7c64684 100755 --- a/src/conf_mode/vyos_cert.py +++ b/src/conf_mode/vyos_cert.py @@ -103,10 +103,13 @@ def generate_self_signed(cert_data): if san_config: san_config.close() -def get_config(): +def get_config(config=None): vyos_cert = vyos.defaults.vyos_cert_data - conf = Config() + if config: + conf = config + else: + conf = Config() if not conf.exists('service https certificates system-generated-certificate'): return None else: -- cgit v1.2.3 From 9c63731d6683f59ea784c08852ed38e3ac22794b Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 31 Aug 2020 19:57:06 +0200 Subject: T2636: remove workarounds for get_config_dict() Now that b40c52682a256 ("config: T2636: get_config_dict() returns a list on multi node by default") is implemented the workarounds can be removed. --- data/templates/ntp/ntp.conf.tmpl | 16 ++++------------ data/templates/ssh/sshd_config.tmpl | 16 ++++------------ data/templates/wifi/hostapd.conf.tmpl | 12 ------------ python/vyos/configdict.py | 3 --- python/vyos/ifconfig/interface.py | 7 ------- python/vyos/ifconfig/loopback.py | 5 ----- src/conf_mode/https.py | 9 --------- 7 files changed, 8 insertions(+), 60 deletions(-) (limited to 'data') diff --git a/data/templates/ntp/ntp.conf.tmpl b/data/templates/ntp/ntp.conf.tmpl index 6ef0c0f2c..df8157a41 100644 --- a/data/templates/ntp/ntp.conf.tmpl +++ b/data/templates/ntp/ntp.conf.tmpl @@ -25,23 +25,15 @@ server {{ srv | replace('_', '-') }} iburst {{ options }} {% if allow_clients is defined and allow_clients.address is defined %} # Allowed clients configuration -{% if allow_clients.address is string %} -restrict {{ allow_clients.address|address_from_cidr }} mask {{ allow_clients.address|netmask_from_cidr }} nomodify notrap nopeer -{% else %} -{% for address in allow_clients.address %} +{% for address in allow_clients.address %} restrict {{ address|address_from_cidr }} mask {{ address|netmask_from_cidr }} nomodify notrap nopeer -{% endfor %} -{% endif %} +{% endfor %} {% endif %} {% if listen_address %} # NTP should listen on configured addresses only interface ignore wildcard -{% if listen_address is string %} -interface listen {{ listen_address }} -{% else %} -{% for address in listen_address %} +{% for address in listen_address %} interface listen {{ address }} -{% endfor %} -{% endif %} +{% endfor %} {% endif %} diff --git a/data/templates/ssh/sshd_config.tmpl b/data/templates/ssh/sshd_config.tmpl index 4fde24255..52d537aca 100644 --- a/data/templates/ssh/sshd_config.tmpl +++ b/data/templates/ssh/sshd_config.tmpl @@ -37,13 +37,9 @@ PermitRootLogin no UseDNS {{ "no" if disable_host_validation is defined else "yes" }} # Specifies the port number that sshd(8) listens on -{% if port is string %} -Port {{ port }} -{% else %} -{% for value in port %} +{% for value in port %} Port {{ value }} -{% endfor %} -{% endif %} +{% endfor %} # Gives the verbosity level that is used when logging messages from sshd LogLevel {{ loglevel | upper }} @@ -53,13 +49,9 @@ PasswordAuthentication {{ "no" if disable_password_authentication is defined els {% if listen_address %} # Specifies the local addresses sshd should listen on -{% if listen_address is string %} -ListenAddress {{ listen_address }} -{% else %} -{% for address in listen_address %} +{% for address in listen_address %} ListenAddress {{ address }} -{% endfor %} -{% endif %} +{% endfor %} {% endif %} {% if ciphers %} diff --git a/data/templates/wifi/hostapd.conf.tmpl b/data/templates/wifi/hostapd.conf.tmpl index 765668c57..a7efee6d5 100644 --- a/data/templates/wifi/hostapd.conf.tmpl +++ b/data/templates/wifi/hostapd.conf.tmpl @@ -500,18 +500,10 @@ wpa=1 {% if security.wpa.mode is defined and security.wpa.mode == 'wpa2' %} # Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value) -{% if security.wpa.cipher is string %} -rsn_pairwise={{ security.wpa.cipher }} -{% else %} rsn_pairwise={{ security.wpa.cipher | join(" ") }} -{% endif %} {% else %} # Pairwise cipher for WPA (v1) (default: TKIP) -{% if security.wpa.cipher is string %} -wpa_pairwise={{ security.wpa.cipher }} -{% else %} wpa_pairwise={{ security.wpa.cipher | join(" ") }} -{% endif %} {% endif %} {% endif %} @@ -522,11 +514,7 @@ wpa_pairwise={{ security.wpa.cipher | join(" ") }} # overriding the group cipher with an unexpected value can result in # interoperability issues and in general, this parameter is mainly used for # testing purposes. -{% if security.wpa.group_cipher is string %} -group_cipher={{ security.wpa.group_cipher }} -{% else %} group_cipher={{ security.wpa.group_cipher | join(" ") }} -{% endif %} {% endif %} {% if security.wpa.passphrase is defined %} diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index bd8624ced..e8c0aa5b3 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -270,9 +270,6 @@ def get_interface_dict(config, base, ifname=''): eui64 = leaf_node_changed(config, ['ipv6', 'address', 'eui64']) if eui64: - # XXX: T2636 workaround: convert string to a list with one element - if isinstance(eui64, str): - eui64 = [eui64] tmp = vyos_dict_search('ipv6.address', dict) if not tmp: dict.update({'ipv6': {'address': {'eui64_old': eui64}}}) diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 67ba973c4..ef2336c17 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -898,10 +898,6 @@ class Interface(Control): # configured addresses will be removed first new_addr = config.get('address', []) - # XXX: T2636 workaround: convert string to a list with one element - if isinstance(new_addr, str): - new_addr = [new_addr] - # always ensure DHCP client is stopped (when not configured explicitly) if 'dhcp' not in new_addr: self.del_addr('dhcp') @@ -1023,9 +1019,6 @@ class Interface(Control): # Add IPv6 EUI-based addresses tmp = vyos_dict_search('ipv6.address.eui64', config) if tmp: - # XXX: T2636 workaround: convert string to a list with one element - if isinstance(tmp, str): - tmp = [tmp] for addr in tmp: self.add_ipv6_eui64_address(addr) diff --git a/python/vyos/ifconfig/loopback.py b/python/vyos/ifconfig/loopback.py index 2b4ebfdcc..c70e1773f 100644 --- a/python/vyos/ifconfig/loopback.py +++ b/python/vyos/ifconfig/loopback.py @@ -64,11 +64,6 @@ class LoopbackIf(Interface): on any interface. """ addr = config.get('address', []) - # XXX workaround for T2636, convert IP address string to a list - # with one element - if isinstance(addr, str): - addr = [addr] - # We must ensure that the loopback addresses are never deleted from the system addr += self._persistent_addresses diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index dc51cb117..de228f0f8 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -74,9 +74,6 @@ def get_config(config=None): server_block['address'] = data.get('listen-address', '*') server_block['port'] = data.get('listen-port', '443') name = data.get('server-name', ['_']) - # XXX: T2636 workaround: convert string to a list with one element - if not isinstance(name, list): - name = [name] server_block['name'] = name server_block_list.append(server_block) @@ -98,9 +95,6 @@ def get_config(config=None): certbot = False cert_domains = cert_dict.get('certbot', {}).get('domain-name', []) if cert_domains: - # XXX: T2636 workaround: convert string to a list with one element - if not isinstance(cert_domains, list): - cert_domains = [cert_domains] certbot = True for domain in cert_domains: sub_list = vyos.certbot_util.choose_server_block(server_block_list, @@ -125,9 +119,6 @@ def get_config(config=None): if port: api_data['port'] = port vhosts = https_dict.get('api-restrict', {}).get('virtual-host', []) - # XXX: T2636 workaround: convert string to a list with one element - if not isinstance(vhosts, list): - vhosts = [vhosts] if vhosts: api_data['vhost'] = vhosts[:] -- cgit v1.2.3 From 570886631deae3de8c38ea4ff70710e7a4858cbd Mon Sep 17 00:00:00 2001 From: sever-sever Date: Tue, 1 Sep 2020 16:07:51 +0000 Subject: frr-template: T2850: Add BGP template for FRR --- data/templates/frr/bgp.frr.tmpl | 966 ++++++++++++++++++++++++++++++++++++++++ src/conf_mode/protocols_bgp.py | 69 ++- 2 files changed, 995 insertions(+), 40 deletions(-) (limited to 'data') diff --git a/data/templates/frr/bgp.frr.tmpl b/data/templates/frr/bgp.frr.tmpl index cdf4cb4fe..d011a1e85 100644 --- a/data/templates/frr/bgp.frr.tmpl +++ b/data/templates/frr/bgp.frr.tmpl @@ -1 +1,967 @@ +{% set conf_bgp = nbgp -%} +{% for asn in nbgp -%} ! +router bgp {{ asn }} + no bgp default ipv4-unicast + +{#- set 'conf_bgp[asn].parameters' as bgp_params #} +{%- set bgp_params = conf_bgp[asn].parameters %} +{%- set bgp_afi = conf_bgp[asn].address_family %} + +{#- START Global ASN address-family section; set protocol bgp xxx address-family #} +{%- if 'address_family' in conf_bgp[asn] %} +{%- for type in bgp_afi %} +{%- if type == "ipv4_unicast" %} + ! + address-family ipv4 unicast +{# need to check #} +{%- if 'aggregate_address' in bgp_afi[type] %} +{%- for ip in bgp_afi[type].aggregate_address %} +{%- if ( ('as_set' and 'summary_only') in bgp_afi[type].aggregate_address[ip] ) %} + aggregate-address {{ ip }} as-set summary-only +{%- elif 'as_set' in bgp_afi[type].aggregate_address[ip] %} + aggregate-address {{ ip }} as-set +{%- elif 'summary_only' in bgp_afi[type].aggregate_address[ip] %} + aggregate-address {{ ip }} summary-only +{%- else %} + aggregate-address {{ ip }} +{%- endif %} +{%- endfor %} +{%- endif %} +{# END aggregate address#} +{#- redistribute #} +{# need to check. dont work. + 'metric' and 'route_map' match also only 'route_map' + 'table' parameter also include in protocol, its not what I want #} +{%- if 'redistribute' in bgp_afi[type] %} +{%- if 'table' in bgp_afi[type].redistribute %} + redistribute table {{bgp_afi[type].redistribute.table}} +{%- endif %} +{%- for protocol in bgp_afi[type].redistribute %} +{%- if ( ('metric' and 'route_map') in bgp_afi[type].redistribute[protocol] ) %} + redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}} route-map {{bgp_afi[type].redistribute[protocol].route_map}} +{%- elif 'metric' in bgp_afi[type].redistribute[protocol] %} + redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}} +{%- elif 'route_map' in bgp_afi[type].redistribute[protocol] %} + redistribute {{protocol}} route-map {{bgp_afi[type].redistribute[protocol].route_map}} +{%- else %} + redistribute {{protocol}} +{%- endif %} +{%- endfor %} +{%- endif %} +{#- END redistribute #} + +{%- if 'network' in bgp_afi[type] %} +{%- for net in bgp_afi[type].network %} + network {{ net }} +{%- endfor %} +{%- endif %} + exit-address-family + ! +{%- endif %} + +{%- if type == "ipv6_unicast" %} + ! + address-family ipv6 unicast +{%- if 'aggregate_address' in bgp_afi[type] %} +{%- for ip in bgp_afi[type].aggregate_address %} +{%- if ( ('as_set' and 'summary_only') in bgp_afi[type].aggregate_address[ip] ) %} + aggregate-address {{ ip }} as-set summary-only +{%- elif 'as_set' in bgp_afi[type].aggregate_address[ip] %} + aggregate-address {{ ip }} as-set +{%- elif 'summary_only' in bgp_afi[type].aggregate_address[ip] %} + aggregate-address {{ ip }} summary-only +{%- else %} + aggregate-address {{ ip }} +{%- endif %} +{%- endfor %} +{%- endif %} +{# END aggregate address#} + +{#- redistribute #} +{# need to check. doesn't work. 'metric' and 'route_map' match also only 'route_map' #} +{%- if 'redistribute' in bgp_afi[type] %} +{%- if 'table' in bgp_afi[type].redistribute %} + redistribute table {{bgp_afi[type].redistribute.table}} +{%- endif %} +{%- for protocol in bgp_afi[type].redistribute %} +{%- if ( ('metric' and 'route_map') in bgp_afi[type].redistribute[protocol] ) %} + redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}} route-map {{bgp_afi[type].redistribute[protocol].route_map}} +{%- elif 'metric' in bgp_afi[type].redistribute[protocol] %} + redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}} +{%- elif 'route_map' in bgp_afi[type].redistribute[protocol] %} + redistribute {{protocol}} route-map {{bgp_afi[type].redistribute[protocol].route_map}} +{%- else %} + redistribute {{protocol}} +{%- endif %} +{%- endfor %} +{%- endif %} +{#- END redistribute #} + +{%- if 'network' in bgp_afi[type] %} +{%- for net in bgp_afi[type].network %} + network {{ net }} +{%- endfor %} +{%- endif %} + exit-address-family +! +{%- endif %} +{%- endfor %} +{%- endif %} +{#- END Global ASN address-family section; set protocols bgp 65001 address-family #} + +{#- set protocols nbgp xxxx maximum-paths ibgp x, Generated by default for afi_4 #} +{#- We don't have this parameter in afi_6. But this is supported in the FRR #} +{%- if 'maximum_paths' in conf_bgp[asn] %} +{%- if 'ebgp' in conf_bgp[asn].maximum_paths %} + ! + address-family ipv4 unicast + maximum-paths {{ conf_bgp[asn].maximum_paths.ebgp }} + exit-address-family + ! +{%- endif %} +{%- if 'ibgp' in conf_bgp[asn].maximum_paths %} + ! + address-family ipv4 unicast + maximum-paths ibgp {{ conf_bgp[asn].maximum_paths.ibgp }} + exit-address-family + ! +{%- endif %} +{%- endif %} + +{#- START peer-group; set protocol bgp xxx peer-group #} +{%- if 'peer_group' in conf_bgp[asn] %} +{%- for pr_group in conf_bgp[asn].peer_group %} +{%- set conf_peer_group = conf_bgp[asn].peer_group[pr_group] %} + neighbor {{pr_group}} peer-group + +{#- First parameter for peer-group - remote-as #} +{%- if 'remote_as' in conf_peer_group %} + neighbor {{ pr_group }} remote-as {{ conf_peer_group.remote_as }} +{%- endif %} + +{%- if 'bfd' in conf_peer_group %} + neighbor {{ pr_group }} bfd +{%- endif %} + +{%- if 'capability' in conf_peer_group %} +{%- if 'dynamic' in conf_peer_group.capability %} + neighbor {{ pr_group }} capability dynamic +{%- endif %} +{%- if 'extended_nexthop' in conf_peer_group.capability %} + neighbor {{ pr_group }} capability extended-nexthop +{%- endif %} +{%- endif %} + +{%- if 'description' in conf_peer_group %} + neighbor {{ pr_group }} description {{ conf_peer_group.description }} +{%- endif %} + +{%- if 'disable_capability_negotiation' in conf_peer_group %} + neighbor {{ pr_group }} disable-capability-negotiation +{%- endif %} + +{#- https://phabricator.vyos.net/T2844. 'disable-send-community' only for afi #} +{%- if 'disable_send_community' in conf_peer_group %} + ! +{%- endif %} + +{%- if 'ebgp_multihop' in conf_peer_group %} + neighbor {{ pr_group }} ebgp-multihop {{conf_peer_group.ebgp_multihop}} +{%- endif %} + +{%- if 'local_as' in conf_peer_group %} +{%- for loc_asn in conf_peer_group.local_as %} +{%- if 'no_prepend' in conf_peer_group.local_as[loc_asn] %} + neighbor {{ pr_group }} local-as {{loc_asn}} no-prepend +{%- else %} + neighbor {{ pr_group }} local-as {{loc_asn}} +{%- endif %} +{%- endfor %} +{%- endif %} + +{%- if 'override_capability' in conf_peer_group %} + neighbor {{ pr_group }} override-capability +{%- endif %} + +{%- if 'passive' in conf_peer_group %} + neighbor {{ pr_group }} passive +{%- endif %} + +{%- if 'password' in conf_peer_group %} + neighbor {{ pr_group }} password {{ conf_peer_group.password }} +{%- endif %} + +{%- if 'shutdown' in conf_peer_group %} + neighbor {{ pr_group }} shutdown +{%- endif %} + +{%- if 'ttl_security' in conf_peer_group %} +{%- if 'hops' in conf_peer_group.ttl_security %} + neighbor {{ pr_group }} ttl-security hops {{conf_peer_group.ttl_security.hops}} +{%- endif %} +{%- endif %} + +{%- if 'update_source' in conf_peer_group %} + neighbor {{ pr_group }} update-source {{ conf_peer_group.update_source }} +{%- endif %} + +{# START peer-group afi; set protocols bgp xxx peer-group FOO address-family #} +{%- if 'address_family' in conf_peer_group %} +{%- for afi in conf_peer_group.address_family %} +{%- if afi == "ipv4_unicast" %} + ! + address-family ipv4 unicast + +{%- if 'allowas_in' in conf_peer_group.address_family.ipv4_unicast %} +{%- if 'number' in conf_peer_group.address_family.ipv4_unicast.allowas_in %} + neighbor {{ pr_group }} allowas-in {{ conf_peer_group.address_family.ipv4_unicast.allowas_in.number }} +{%- else %} + neighbor {{ pr_group }} allowas-in +{%- endif %} +{%- endif %} + +{#- START Single Params for peer-group; set protocols bgp xxx peer-group FOO address-family ipv4-unicast #} + +{%- if 'remove_private_as' in conf_peer_group.address_family.ipv4_unicast %} + neighbor {{ pr_group }} remove-private-AS +{%- endif %} + +{%- if 'route_reflector_client' in conf_peer_group.address_family.ipv4_unicast %} + neighbor {{ pr_group }} route-reflector-client +{%- endif %} + +{%- if 'weight' in conf_peer_group.address_family.ipv4_unicast %} + neighbor {{ pr_group }} weight {{ conf_peer_group.address_family.ipv4_unicast.weight }} +{%- endif %} +{#- END single params for peer-group #} + +{#- Checks need to be done as-path|med|next-hop #} +{%- if 'attribute_unchanged' in conf_peer_group.address_family.ipv4_unicast %} +{%- if 'as_path' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged %} + neighbor {{ pr_group }} attribute-unchanged as-path +{%- else %} + neighbor {{ pr_group }} attribute-unchanged as-path next-hop med +{%- endif %} +{%- endif %} +{#- END attribute-unchanged #} + +{%- if 'capability' in conf_peer_group.address_family.ipv4_unicast %} +{%- if 'receive' in conf_peer_group.address_family.ipv4_unicast.capability.orf.prefix_list %} + neighbor {{ pr_group }} capability orf prefix-list receive +{%- endif %} +{%- if 'send' in conf_peer_group.address_family.ipv4_unicast.capability.orf.prefix_list %} + neighbor {{ pr_group }} capability orf prefix-list send +{%- endif %} +{%- endif %} + +{%- if 'default_originate' in conf_peer_group.address_family.ipv4_unicast %} +{%- if 'route_map' in conf_peer_group.address_family.ipv4_unicast.default_originate %} + neighbor {{ pr_group }} default-originate route-map {{ conf_peer_group.address_family.ipv4_unicast.default_originate.route_map }} +{%- else %} + neighbor {{ pr_group }} default-originate +{%- endif %} +{%- endif %} + +{%- if 'distribute_list' in conf_peer_group.address_family.ipv4_unicast %} +{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.distribute_list %} + neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv4_unicast.distribute_list.export}} out +{%- endif %} +{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.distribute_list %} + neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv4_unicast.distribute_list.import}} in +{%- endif %} +{%- endif %} + +{%- if 'filter_list' in conf_peer_group.address_family.ipv4_unicast %} +{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.filter_list %} + neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv4_unicast.filter_list.export}} out +{%- endif %} +{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.filter_list %} + neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv4_unicast.filter_list.import}} in +{%- endif %} +{%- endif %} + +{%- if 'maximum_prefix' in conf_peer_group.address_family.ipv4_unicast %} + neighbor {{ pr_group }} maximum-prefix {{ conf_peer_group.address_family.ipv4_unicast.maximum_prefix }} +{%- endif %} + +{#- https://phabricator.vyos.net/T1817 #} +{%- if 'nexthop_self' in conf_peer_group.address_family.ipv4_unicast %} +{%- if 'force' in conf_peer_group.address_family.ipv4_unicast.nexthop_self %} + neighbor {{ pr_group }} next-hop-self force + neighbor {{ pr_group }} next-hop-self +{%- else %} + neighbor {{ pr_group }} next-hop-self +{%- endif %} +{%- endif %} + +{%- if 'route_server_client' in conf_peer_group.address_family.ipv4_unicast %} + neighbor {{ pr_group }} route-server-client +{%- endif %} + +{%- if 'route_map' in conf_peer_group.address_family.ipv4_unicast %} +{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.route_map %} + neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv4_unicast.route_map.export}} out +{%- endif %} +{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.route_map %} + neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv4_unicast.route_map.import}} in +{%- endif %} +{%- endif %} +{%- if 'prefix_list' in conf_peer_group.address_family.ipv4_unicast %} +{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.prefix_list %} + neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv4_unicast.prefix_list.export}} out +{%- endif %} +{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.prefix_list %} + neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv4_unicast.prefix_list.import}} in +{%- endif %} +{%- endif %} + +{%- if 'soft_reconfiguration' in conf_peer_group.address_family.ipv4_unicast %} +{%- if 'inbound' is defined %} + neighbor {{ pr_group }} soft-reconfiguration inbound +{%- endif %} +{%- endif %} + +{#- Need to check. https://phabricator.vyos.net/T2387#73900 #} +{%- if 'unsuppress_map' in conf_peer_group.address_family.ipv4_unicast %} + neighbor {{ pr_group }} unsuppress-map {{conf_peer_group.address_family.ipv4_unicast.unsuppress_map}} +{%- endif %} + neighbor {{ pr_group }} activate + exit-address-family + ! +{%- endif %} + +{%- if afi == "ipv6_unicast" %} + ! + address-family ipv6 unicast + +{%- if 'allowas_in' in conf_peer_group.address_family.ipv6_unicast %} +{%- if 'number' in conf_peer_group.address_family.ipv6_unicast.allowas_in %} + neighbor {{ pr_group }} allowas-in {{ conf_peer_group.address_family.ipv6_unicast.allowas_in.number }} +{%- else %} + neighbor {{ pr_group }} allowas-in +{%- endif %} +{%- endif %} + +{#- START Single Params for peer-group afi6; set protocols bgp xxx peer-group FOO address-family ipv6-unicast #} +{%- if 'remove_private_as' in conf_peer_group.address_family.ipv6_unicast %} + neighbor {{ pr_group }} remove-private-AS +{%- endif %} + +{%- if 'route_reflector_client' in conf_peer_group.address_family.ipv6_unicast %} + neighbor {{ pr_group }} route-reflector-client +{%- endif %} + +{%- if 'weight' in conf_peer_group.address_family.ipv6_unicast %} + neighbor {{ pr_group }} weight {{ conf_peer_group.address_family.ipv6_unicast.weight }} +{%- endif %} +{#- END single params for peer-group afi6 #} + +{#- Checks need to be done as-path|med|next-hop #} +{%- if 'attribute_unchanged' in conf_peer_group.address_family.ipv6_unicast %} +{%- if 'as_path' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged %} + neighbor {{ pr_group }} attribute-unchanged as-path +{%- else %} + neighbor {{ pr_group }} attribute-unchanged as-path next-hop med +{%- endif %} +{%- endif %} + +{%- if 'capability' in conf_peer_group.address_family.ipv6_unicast %} +{%- if 'receive' in conf_peer_group.address_family.ipv6_unicast.capability.orf.prefix_list %} + neighbor {{ pr_group }} capability orf prefix-list receive +{%- endif %} +{%- if 'send' in conf_peer_group.address_family.ipv6_unicast.capability.orf.prefix_list %} + neighbor {{ pr_group }} capability orf prefix-list send +{%- endif %} +{%- endif %} + +{%- if 'default_originate' in conf_peer_group.address_family.ipv6_unicast %} +{%- if 'route_map' in conf_peer_group.address_family.ipv6_unicast.default_originate %} + neighbor {{ pr_group }} default-originate route-map {{ conf_peer_group.address_family.ipv6_unicast.default_originate.route_map }} +{%- else %} + neighbor {{ pr_group }} default-originate +{%- endif %} +{%- endif %} + +{%- if 'distribute_list' in conf_peer_group.address_family.ipv6_unicast %} +{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.distribute_list %} + neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv6_unicast.distribute_list.export}} out +{%- endif %} +{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.distribute_list %} + neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv6_unicast.distribute_list.import}} in +{%- endif %} +{%- endif %} + +{%- if 'filter_list' in conf_peer_group.address_family.ipv6_unicast %} +{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.filter_list %} + neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv6_unicast.filter_list.export}} out +{%- endif %} +{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.filter_list %} + neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv6_unicast.filter_list.import}} in +{%- endif %} +{%- endif %} + +{%- if 'maximum_prefix' in conf_peer_group.address_family.ipv6_unicast %} + neighbor {{ pr_group }} maximum-prefix {{ conf_peer_group.address_family.ipv6_unicast.maximum_prefix }} +{%- endif %} + +{#- https://phabricator.vyos.net/T1817 #} +{%- if 'nexthop_self' in conf_peer_group.address_family.ipv6_unicast %} +{%- if 'force' in conf_peer_group.address_family.ipv6_unicast.nexthop_self %} + neighbor {{ pr_group }} next-hop-self force + neighbor {{ pr_group }} next-hop-self +{%- else %} + neighbor {{ pr_group }} next-hop-self +{%- endif %} +{%- endif %} + +{%- if 'route_server_client' in conf_peer_group.address_family.ipv6_unicast %} + neighbor {{ pr_group }} route-server-client +{%- endif %} + +{%- if 'route_map' in conf_peer_group.address_family.ipv6_unicast %} +{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.route_map %} + neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv6_unicast.route_map.export}} out +{%- endif %} +{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.route_map %} + neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv6_unicast.route_map.import}} in +{%- endif %} +{%- endif %} +{%- if 'prefix_list' in conf_peer_group.address_family.ipv6_unicast %} +{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.prefix_list %} + neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv6_unicast.prefix_list.export}} out +{%- endif %} +{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.prefix_list %} + neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv6_unicast.prefix_list.import}} in +{%- endif %} +{%- endif %} + +{%- if 'soft_reconfiguration' in conf_peer_group.address_family.ipv6_unicast %} +{%- if 'inbound' is defined %} + neighbor {{ pr_group }} soft-reconfiguration inbound +{%- endif %} +{%- endif %} + +{#- Checks need to be done. https://phabricator.vyos.net/T2387#73900 #} +{%- if 'unsuppress_map' in conf_peer_group.address_family.ipv6_unicast %} + neighbor {{ pr_group }} unsuppress-map {{conf_peer_group.address_family.ipv6_unicast.unsuppress_map}} +{%- endif %} + neighbor {{ pr_group }} activate + exit-address-family + ! +{%- endif %} + +{%- endfor %} +{%- endif %} +{# END peer-group afi; set protocols bgp xxx peer-group FOO address-family #} + +{%- endfor %} +{%- endif %} +{#- END peer-group; set protocol bgp xxx peer-group #} + +{#- START peer section; set protocol bgp xxx neighbor #} +{%- for peer in conf_bgp[asn].neighbor %} +{#- set peer-group as conf_peer #} +{%- set conf_peer = conf_bgp[asn].neighbor[peer] %} + +{#- First parameter for peer-group - remote-as #} +{%- if 'remote_as' in conf_peer %} + neighbor {{ peer }} remote-as {{ conf_peer.remote_as }} +{%- endif %} + +{%- if 'advertisement_interval' in conf_peer %} + neighbor {{ peer }} advertisement-interval {{ conf_peer.advertisement_interval }} +{%- endif %} + +{%- if 'bfd' in conf_peer %} +{%- if 'check_control_plane_failure' in conf_peer.bfd %} + neighbor {{ peer }} bfd + neighbor {{ peer }} bfd check-control-plane-failure +{%- else %} + neighbor {{ peer }} bfd +{%- endif %} +{%- endif %} + +{%- if 'capability' in conf_peer %} +{%- if 'dynamic' in conf_peer.capability %} + neighbor {{ peer }} capability dynamic +{%- endif %} +{%- if 'extended_nexthop' in conf_peer.capability %} + neighbor {{ peer }} capability extended-nexthop +{%- endif %} +{%- endif %} + +{%- if 'description' in conf_peer %} + neighbor {{ peer }} description {{ conf_peer.description }} +{%- endif %} + +{%- if 'disable_capability_negotiation' in conf_peer %} + neighbor {{ peer }} disable-capability-negotiation +{%- endif %} + +{#- https://phabricator.vyos.net/T2844. 'disable-send-community' only for afi #} +{%- if 'disable_send_community' in conf_peer %} + ! +{%- endif %} + +{%- if 'ebgp_multihop' in conf_peer %} + neighbor {{ peer }} ebgp-multihop {{conf_peer.ebgp_multihop}} +{%- endif %} + +{#- Need to check. 'Peer-group' needs to define before this section #} +{%- if 'interface' in conf_peer %} +{%- if 'peer_group' in conf_peer.interface %} + neighbor {{ peer }} interface peer-group {{conf_peer.interface.peer_group}} +{%- endif %} +{%- if 'remote_as' in conf_peer.interface %} + neighbor {{ peer }} interface remote-as {{conf_peer.interface.remote_as}} +{%- endif %} +{%- if 'v6only' in conf_peer.interface %} +{%- if 'peer_group' in conf_peer.interface.v6only %} + neighbor {{ peer }} peer-group {{conf_peer.interface.peer_group}} +{%- endif %} +{%- if 'remote_as' in conf_peer.interface.v6only %} + neighbor {{ peer }} interface v6only remote-as {{conf_peer.interface.v6only.remote_as}} +{%- endif %} +{%- endif %} +{%- endif %} + +{%- if 'local_as' in conf_peer %} +{%- for loc_asn in conf_peer.local_as %} +{%- if 'no_prepend' in conf_peer.local_as[loc_asn] %} + neighbor {{ peer }} local-as {{loc_asn}} no-prepend +{%- else %} + neighbor {{ peer }} local-as {{loc_asn}} +{%- endif %} +{%- endfor %} +{%- endif %} + +{%- if 'override_capability' in conf_peer %} + neighbor {{ peer }} override-capability +{%- endif %} + +{%- if 'passive' in conf_peer %} + neighbor {{ peer }} passive +{%- endif %} + +{%- if 'password' in conf_peer %} + neighbor {{ peer }} password {{ conf_peer.password }} +{%- endif %} + +{%- if 'peer_group' in conf_peer %} + neighbor {{ peer }} peer-group {{ conf_peer.peer_group }} +{%- endif %} + +{%- if 'port' in conf_peer %} + neighbor {{ peer }} port {{ conf_peer.port }} +{%- endif %} + +{%- if 'shutdown' in conf_peer %} + neighbor {{ peer }} shutdown +{%- endif %} + +{%- if 'strict_capability_match' in conf_peer %} + neighbor {{ peer }} strict-capability-match +{%- endif %} + +{#- Need to check #} +{%- if 'timers' in conf_peer %} +{%- if ( ('connect' and 'holdtime' and 'keepalive') in conf_peer.timers ) %} + neighbor {{ peer }} timers {{conf_peer.timers.keepalive}} {{conf_peer.timers.holdtime}} + neighbor {{ peer }} timers connect {{conf_peer.timers.connect}} +{%- endif %} +{%- endif %} + +{%- if 'ttl_security' in conf_peer %} +{%- if 'hops' in conf_peer.ttl_security %} + neighbor {{ peer }} ttl-security hops {{conf_peer.ttl_security.hops}} +{%- endif %} +{%- endif %} + +{%- if 'update_source' in conf_peer %} + neighbor {{ peer }} update-source {{ conf_peer.update_source }} +{%- endif %} + +{#- START address family for peer; set protocols bgp xxx neighbor x.x.x.x address-family ipvX-unicast #} +{%- if 'address_family' in conf_peer %} +{%- for afi in conf_peer.address_family %} +{%- if afi == "ipv4_unicast" %} + ! + address-family ipv4 unicast + +{%- if 'allowas_in' in conf_peer.address_family.ipv4_unicast %} +{%- if 'number' in conf_peer.address_family.ipv4_unicast.allowas_in %} + neighbor {{ peer }} allowas-in {{ conf_peer.address_family.ipv4_unicast.allowas_in.number }} +{%- else %} + neighbor {{ peer }} allowas-in +{%- endif %} +{%- endif %} + +{#- START Single Params for neighbor; #} +{%- if 'as_override' in conf_peer.address_family.ipv4_unicast %} + neighbor {{ peer }} as-override +{%- endif %} + +{%- if 'remove_private_as' in conf_peer.address_family.ipv4_unicast %} + neighbor {{ peer }} remove-private-AS +{%- endif %} + +{%- if 'route_reflector_client' in conf_peer.address_family.ipv4_unicast %} + neighbor {{ peer }} route-reflector-client +{%- endif %} + +{%- if 'weight' in conf_peer.address_family.ipv4_unicast %} + neighbor {{ peer }} weight {{ conf_peer.address_family.ipv4_unicast.weight }} +{%- endif %} +{#- END single params for neighbor #} + +{#- Checks need to be done as-path|med|next-hop #} +{%- if 'attribute_unchanged' in conf_peer.address_family.ipv4_unicast %} +{%- if 'as_path' in conf_peer.address_family.ipv4_unicast.attribute_unchanged %} + neighbor {{ peer }} attribute-unchanged as-path +{%- else %} + neighbor {{ peer }} attribute-unchanged as-path next-hop med +{%- endif %} +{%- endif %} +{#- END attribute-unchanged #} + +{%- if 'capability' in conf_peer.address_family.ipv4_unicast %} +{%- if 'receive' in conf_peer.address_family.ipv4_unicast.capability.orf.prefix_list %} + neighbor {{ peer }} capability orf prefix-list receive +{%- endif %} +{%- if 'send' in conf_peer.address_family.ipv4_unicast.capability.orf.prefix_list %} + neighbor {{ peer }} capability orf prefix-list send +{%- endif %} +{%- endif %} + +{%- if 'default_originate' in conf_peer.address_family.ipv4_unicast %} +{%- if 'route_map' in conf_peer.address_family.ipv4_unicast.default_originate %} + neighbor {{ peer }} default-originate route-map {{ conf_peer.address_family.ipv4_unicast.default_originate.route_map }} +{%- else %} + neighbor {{ peer }} default-originate +{%- endif %} +{%- endif %} + +{%- if 'distribute_list' in conf_peer.address_family.ipv4_unicast %} +{%- if 'export' in conf_peer.address_family.ipv4_unicast.distribute_list %} + neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv4_unicast.distribute_list.export}} out +{%- endif %} +{%- if 'import' in conf_peer.address_family.ipv4_unicast.distribute_list %} + neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv4_unicast.distribute_list.import}} in +{%- endif %} +{%- endif %} + +{%- if 'filter_list' in conf_peer.address_family.ipv4_unicast %} +{%- if 'export' in conf_peer.address_family.ipv4_unicast.filter_list %} + neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv4_unicast.filter_list.export}} out +{%- endif %} +{%- if 'import' in conf_peer.address_family.ipv4_unicast.filter_list %} + neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv4_unicast.filter_list.import}} in +{%- endif %} +{%- endif %} + +{%- if 'maximum_prefix' in conf_peer.address_family.ipv4_unicast %} + neighbor {{ peer }} maximum-prefix {{ conf_peer.address_family.ipv4_unicast.maximum_prefix }} +{%- endif %} + +{#- https://phabricator.vyos.net/T1817 #} +{%- if 'nexthop_self' in conf_peer.address_family.ipv4_unicast %} +{%- if 'force' in conf_peer.address_family.ipv4_unicast.nexthop_self %} + neighbor {{ peer }} next-hop-self force + neighbor {{ peer }} next-hop-self +{%- else %} + neighbor {{ peer }} next-hop-self +{%- endif %} +{%- endif %} + +{%- if 'route_server_client' in conf_peer.address_family.ipv4_unicast %} + neighbor {{ peer }} route-server-client +{%- endif %} + +{%- if 'route_map' in conf_peer.address_family.ipv4_unicast %} +{%- if 'export' in conf_peer.address_family.ipv4_unicast.route_map %} + neighbor {{ peer }} route-map {{conf_peer.address_family.ipv4_unicast.route_map.export}} out +{%- endif %} +{%- if 'import' in conf_peer.address_family.ipv4_unicast.route_map %} + neighbor {{ peer }} route-map {{conf_peer.address_family.ipv4_unicast.route_map.import}} in +{%- endif %} +{%- endif %} +{%- if 'prefix_list' in conf_peer.address_family.ipv4_unicast %} +{%- if 'export' in conf_peer.address_family.ipv4_unicast.prefix_list %} + neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv4_unicast.prefix_list.export}} out +{%- endif %} +{%- if 'import' in conf_peer.address_family.ipv4_unicast.prefix_list %} + neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv4_unicast.prefix_list.import}} in +{%- endif %} +{%- endif %} + +{%- if 'soft_reconfiguration' in conf_peer.address_family.ipv4_unicast %} +{%- if 'inbound' is defined %} + neighbor {{ peer }} soft-reconfiguration inbound +{%- endif %} +{%- endif %} + +{#- Checks need to be done. https://phabricator.vyos.net/T2387#73900 #} +{%- if 'unsuppress_map' in conf_peer.address_family.ipv4_unicast %} + neighbor {{ peer }} unsuppress-map {{conf_peer.address_family.ipv4_unicast.unsuppress_map}} +{%- endif %} + neighbor {{ peer }} activate + exit-address-family + ! +{%- endif %} + +{%- if afi == "ipv6_unicast" %} + ! + address-family ipv6 unicast + +{%- if 'allowas_in' in conf_peer.address_family.ipv6_unicast %} +{%- if 'number' in conf_peer.address_family.ipv6_unicast.allowas_in %} + neighbor {{ peer }} allowas-in {{ conf_peer.address_family.ipv6_unicast.allowas_in.number }} +{%- else %} + neighbor {{ peer }} allowas-in +{%- endif %} +{%- endif %} + +{#- START Single Params for neighbor #} +{%- if 'as_override' in conf_peer.address_family.ipv6_unicast %} + neighbor {{ peer }} as-override +{%- endif %} + +{%- if 'remove_private_as' in conf_peer.address_family.ipv6_unicast %} + neighbor {{ peer }} remove-private-AS +{%- endif %} + +{%- if 'route_reflector_client' in conf_peer.address_family.ipv6_unicast %} + neighbor {{ peer }} route-reflector-client +{%- endif %} + +{%- if 'weight' in conf_peer.address_family.ipv6_unicast %} + neighbor {{ peer }} weight {{ conf_peer.address_family.ipv6_unicast.weight }} +{%- endif %} +{#- END single params for neighbor #} + +{#- Checks need to be done as-path|med|next-hop #} +{%- if 'attribute_unchanged' in conf_peer.address_family.ipv6_unicast %} +{%- if 'as_path' in conf_peer.address_family.ipv6_unicast.attribute_unchanged %} + neighbor {{ peer }} attribute-unchanged as-path +{%- else %} + neighbor {{ peer }} attribute-unchanged as-path next-hop med +{%- endif %} +{%- endif %} +{#- END attribute-unchanged #} + +{%- if 'capability' in conf_peer.address_family.ipv6_unicast %} +{%- if 'receive' in conf_peer.address_family.ipv6_unicast.capability.orf.prefix_list %} + neighbor {{ peer }} capability orf prefix-list receive +{%- endif %} +{%- if 'send' in conf_peer.address_family.ipv6_unicast.capability.orf.prefix_list %} + neighbor {{ peer }} capability orf prefix-list send +{%- endif %} +{%- endif %} + +{%- if 'default_originate' in conf_peer.address_family.ipv6_unicast %} +{%- if 'route_map' in conf_peer.address_family.ipv6_unicast.default_originate %} + neighbor {{ peer }} default-originate route-map {{ conf_peer.address_family.ipv6_unicast.default_originate.route_map }} +{%- else %} + neighbor {{ peer }} default-originate +{%- endif %} +{%- endif %} + +{%- if 'distribute_list' in conf_peer.address_family.ipv6_unicast %} +{%- if 'export' in conf_peer.address_family.ipv6_unicast.distribute_list %} + neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv6_unicast.distribute_list.export}} out +{%- endif %} +{%- if 'import' in conf_peer.address_family.ipv6_unicast.distribute_list %} + neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv6_unicast.distribute_list.import}} in +{%- endif %} +{%- endif %} + +{%- if 'filter_list' in conf_peer.address_family.ipv6_unicast %} +{%- if 'export' in conf_peer.address_family.ipv6_unicast.filter_list %} + neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv6_unicast.filter_list.export}} out +{%- endif %} +{%- if 'import' in conf_peer.address_family.ipv6_unicast.filter_list %} + neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv6_unicast.filter_list.import}} in +{%- endif %} +{%- endif %} + +{%- if 'maximum_prefix' in conf_peer.address_family.ipv6_unicast %} + neighbor {{ peer }} maximum-prefix {{ conf_peer.address_family.ipv6_unicast.maximum_prefix }} +{%- endif %} + +{#- https://phabricator.vyos.net/T1817 #} +{%- if 'nexthop_self' in conf_peer.address_family.ipv6_unicast %} +{%- if 'force' in conf_peer.address_family.ipv6_unicast.nexthop_self %} + neighbor {{ peer }} next-hop-self force + neighbor {{ peer }} next-hop-self +{%- else %} + neighbor {{ peer }} next-hop-self +{%- endif %} +{%- endif %} + +{%- if 'route_server_client' in conf_peer.address_family.ipv6_unicast %} + neighbor {{ peer }} route-server-client +{%- endif %} + +{%- if 'route_map' in conf_peer.address_family.ipv6_unicast %} +{%- if 'export' in conf_peer.address_family.ipv6_unicast.route_map %} + neighbor {{ peer }} route-map {{conf_peer.address_family.ipv6_unicast.route_map.export}} out +{%- endif %} +{%- if 'import' in conf_peer.address_family.ipv6_unicast.route_map %} + neighbor {{ peer }} route-map {{conf_peer.address_family.ipv6_unicast.route_map.import}} in +{%- endif %} +{%- endif %} +{%- if 'prefix_list' in conf_peer.address_family.ipv6_unicast %} +{%- if 'export' in conf_peer.address_family.ipv6_unicast.prefix_list %} + neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv6_unicast.prefix_list.export}} out +{%- endif %} +{%- if 'import' in conf_peer.address_family.ipv6_unicast.prefix_list %} + neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv6_unicast.prefix_list.import}} in +{%- endif %} +{%- endif %} + +{%- if 'soft_reconfiguration' in conf_peer.address_family.ipv6_unicast %} +{%- if 'inbound' is defined %} + neighbor {{ peer }} soft-reconfiguration inbound +{%- endif %} +{%- endif %} + +{#- Checks need to be done. https://phabricator.vyos.net/T2387#73900 #} +{%- if 'unsuppress_map' in conf_peer.address_family.ipv6_unicast %} + neighbor {{ peer }} unsuppress-map {{conf_peer.address_family.ipv6_unicast.unsuppress_map}} +{%- endif %} + neighbor {{ peer }} activate + exit-address-family + ! +{%- endif %} + +{%- endfor %} +{%- endif %} +{#- END address family for peer #} + +{%- endfor %} +{#- END peer section; set protocols bgp xxx neighbor #} + +{#- START parameters section; set protocol bgp xxx parameters #} +{%- if 'always_compare_med' in bgp_params %} + bgp always-compare-med +{%- endif %} + +{%- if 'bestpath' in bgp_params %} +{%- if 'compare_routerid' in bgp_params.bestpath %} + bgp bestpath compare-routerid +{%- endif %} +{%- if 'as_path' in bgp_params.bestpath %} +{%- if 'confed' in bgp_params.bestpath.as_path %} + bgp bestpath as-path confed +{%- endif %} +{%- if 'ignore' in bgp_params.bestpath.as_path %} + bgp bestpath as-path ignore +{%- endif %} +{%- if 'multipath_relax' in bgp_params.bestpath.as_path %} + bgp bestpath as-path multipath-relax +{%- endif %} +{%- endif %} +{%- if 'med' in bgp_params.bestpath %} +{%- if ( ('confed' and 'missing_as_worst') in bgp_params.bestpath.med ) %} + bgp bestpath med confed missing-as-worst +{%- elif 'confed' in bgp_params.bestpath.med %} + bgp bestpath med confed +{%- elif 'missing_as_worst' in bgp_params.bestpath.med %} + bgp bestpath med missing-as-worst +{%- endif%} +{%- endif %} +{%- endif %} + +{%- if 'cluster_id' in bgp_params %} + bgp cluster-id {{ bgp_params.cluster_id }} +{%- endif %} + +{%- if 'confederation' in bgp_params %} +{%- if 'identifier' in bgp_params.confederation %} + bgp confederation identifier {{ bgp_params.confederation.identifier }} +{%- endif %} +{%- if 'peers' in bgp_params.confederation %} + bgp confederation peers {{ bgp_params.confederation.peers }} +{%- endif %} +{%- endif %} + +{#- Doesn't work in current FRR configuration (bgp dampening 16 751 2001 61) #} +{%- if 'dampening' in bgp_params %} +{%- if ( ('half_life' and 'max_suppress_time' and 're_use' and 'start_suppress_time') in bgp_params.dampening ) %} + bgp dampening {{ bgp_params.dampening.half_life }} {{ bgp_params.dampening.re_use }} {{ bgp_params.dampening.start_suppress_time }} {{ bgp_params.dampening.max_suppress_time }} +{%- endif %} +{%- endif %} + +{%- if 'default' in bgp_params %} +{%- if 'local_pref' in bgp_params.default %} + bgp default local-preference {{ bgp_params.default.local_pref }} +{%- endif %} +{#- We use this is parameter as default in template (5-th string) #} +{%- if 'no_ipv4_unicast' in bgp_params.default %} + no bgp default ipv4-unicast +{%- endif %} +{%- endif %} + +{%- if 'deterministic_med' in bgp_params %} + bgp deterministic-med +{%- endif %} + +{%- if 'distance' in bgp_params %} +{%- if 'global' in bgp_params.distance %} +{%- if ( ('external' and 'internal' and 'local') in bgp_params.distance.global ) %} + ! + address-family ipv4 unicast + distance bgp {{ bgp_params.distance.global.external }} {{ bgp_params.distance.global.internal }} {{ bgp_params.distance.global.local }} + exit-address-family +! +{%- endif %} +{%- endif %} +{%- if 'prefix' in bgp_params.distance %} + ! + address-family ipv4 unicast +{%- for prfx in bgp_params.distance.prefix %} + distance {{ bgp_params.distance.prefix[prfx].distance }} {{ prfx }} +{%- endfor %} + exit-address-family +! +{%- endif %} +{%- endif %} + +{%- if 'graceful_restart' in bgp_params %} +{%- if 'stalepath_time' in bgp_params.graceful_restart %} + bgp graceful-restart stalepath-time {{ bgp_params.graceful_restart.stalepath_time }} +{%- endif %} +{%- endif %} + +{%- if 'log_neighbor_changes' in bgp_params %} + bgp log-neighbor-changes +{%- endif %} + +{%- if 'network_import_check' in bgp_params %} + bgp network import-check +{%- endif %} + +{%- if 'no_client_to_client_reflection' in bgp_params %} + no bgp client-to-client reflection +{%- endif %} + +{%- if 'no_fast_external_failover' in bgp_params %} + no bgp fast-external-failover +{%- endif %} + +{#- END parameters; set protocols bgp xxx parameters #} + +{%- if 'timers' in conf_bgp[asn] %} +{%- if ( ('holdtime' and 'keepalive') in conf_bgp[asn].timers ) %} + timers bgp {{conf_bgp[asn].timers.keepalive}} {{conf_bgp[asn].timers.holdtime}} +{%- endif %} +{%- endif %} + +{%- if 'route_map' in conf_bgp[asn] %} +! +ip protocol bgp route-map {{conf_bgp[asn].route_map}} +{%- endif %} +! +{%- endfor -%} +{#- END asn; router bgp xxx #} diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py index 3aa76d866..1978adff5 100755 --- a/src/conf_mode/protocols_bgp.py +++ b/src/conf_mode/protocols_bgp.py @@ -14,83 +14,72 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -import jmespath +import os -from copy import deepcopy from sys import exit from vyos.config import Config +from vyos.util import call from vyos.template import render +from vyos.template import render_to_string +from vyos import frr from vyos import ConfigError, airbag airbag.enable() config_file = r'/tmp/bgp.frr' -default_config_data = { - 'as_number': '' -} - def get_config(): - bgp = deepcopy(default_config_data) conf = Config() - - # this lives in the "nbgp" tree until we switch over base = ['protocols', 'nbgp'] + bgp = conf.get_config_dict(base, key_mangling=('-', '_')) if not conf.exists(base): return None - bgp = deepcopy(default_config_data) - # Get full BGP configuration as dictionary - output the configuration for development - # - # vyos@vyos# commit - # [ protocols nbgp 65000 ] - # {'nbgp': {'65000': {'address-family': {'ipv4-unicast': {'aggregate-address': {'1.1.0.0/16': {}, - # '2.2.2.0/24': {}}}, - # 'ipv6-unicast': {'aggregate-address': {'2001:db8::/32': {}}}}, - # 'neighbor': {'192.0.2.1': {'password': 'foo', - # 'remote-as': '100'}}}}} - # - tmp = conf.get_config_dict(base) - - # extract base key from dict as this is our AS number - bgp['as_number'] = jmespath.search('nbgp | keys(@) [0]', tmp) - - # adjust level of dictionary returned by get_config_dict() - # by using jmesgpath and update dictionary - bgp.update(jmespath.search('nbgp.* | [0]', tmp)) - from pprint import pprint pprint(bgp) - # resulting in e.g. - # vyos@vyos# commit - # [ protocols nbgp 65000 ] - # {'address-family': {'ipv4-unicast': {'aggregate-address': {'1.1.0.0/16': {}, - # '2.2.2.0/24': {}}}, - # 'ipv6-unicast': {'aggregate-address': {'2001:db8::/32': {}}}}, - # 'as_number': '65000', - # 'neighbor': {'192.0.2.1': {'password': 'foo', 'remote-as': '100'}}, - # 'timers': {'holdtime': '5'}} return bgp def verify(bgp): - # bail out early - looks like removal from running config if not bgp: return None return None def generate(bgp): - # bail out early - looks like removal from running config if not bgp: return None + # render(config) not needed, its only for debug render(config_file, 'frr/bgp.frr.tmpl', bgp) + + bgp['new_frr_config'] = render_to_string('frr/bgp.frr.tmpl', bgp) + return None def apply(bgp): + if bgp is None: + return None + + # Save original configration prior to starting any commit actions + bgp['original_config'] = frr.get_configuration(daemon='bgpd') + bgp['modified_config'] = frr.replace_section(bgp['original_config'], bgp['new_frr_config'], from_re='router bgp .*') + + # Debugging + print('--------- DEBUGGING ----------') + print(f'Existing config:\n{bgp["original_config"]}\n\n') + print(f'Replacement config:\n{bgp["new_frr_config"]}\n\n') + print(f'Modified config:\n{bgp["modified_config"]}\n\n') + + # Frr Mark configuration will test for syntax errors and exception out if any syntax errors are detected + frr.mark_configuration(bgp['modified_config']) + + # Commit the resulting new configuration to frr, this will render an frr.CommitError() Exception on fail + frr.reload_configuration(bgp['modified_config'], daemon='bgpd') + return None + if __name__ == '__main__': try: c = get_config() -- cgit v1.2.3 From 04665fd813bebeb8a4c7951fcc9979c09987f41a Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Thu, 3 Sep 2020 14:41:38 -0500 Subject: configd: T2582: exclude dhcp[v6]_server.py to investigate regression --- data/configd-include.json | 2 -- 1 file changed, 2 deletions(-) (limited to 'data') diff --git a/data/configd-include.json b/data/configd-include.json index 11d550f59..0c75657e0 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -1,9 +1,7 @@ [ "bcast_relay.py", "dhcp_relay.py", -"dhcp_server.py", "dhcpv6_relay.py", -"dhcpv6_server.py", "dynamic_dns.py", "firewall_options.py", "host_name.py", -- cgit v1.2.3