From 745b9ea8f0df58ccd68215360b0375e89c0632a8 Mon Sep 17 00:00:00 2001 From: Indrajit Raychaudhuri Date: Wed, 27 Dec 2023 01:51:35 -0600 Subject: dhcp: T3316: Adjust kea lease files' location and permissions Move the kea lease file to a separate directory `/config/dhcp` that `kea` process can write to so that subprocesses spawned by `kea` process can operate on the lease files. To allow `kea` process to write to `/config/dhcp`, add `_kea` user to `vyattacfg` group. And the lease files are owned completely by `_kea` user to play well with `kea-lfc` process. Specifically, this is necessary for `kea-lfc` which is spawned by `kea` process to clean up expired leases. Since `kea-lfc` creates additional backup lease files, it needs write access to the lease file directory. Additionally, change the extension of the lease file from `.leases` to `.csv` to reflect the actual file format. --- src/conf_mode/dhcpv6_server.py | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'src/conf_mode/dhcpv6_server.py') diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py index f9da3d84a..9cc57dbcf 100755 --- a/src/conf_mode/dhcpv6_server.py +++ b/src/conf_mode/dhcpv6_server.py @@ -22,8 +22,9 @@ from sys import exit from vyos.config import Config from vyos.template import render -from vyos.template import is_ipv6 from vyos.utils.process import call +from vyos.utils.file import chmod_775 +from vyos.utils.file import makedir from vyos.utils.file import write_file from vyos.utils.dict import dict_search from vyos.utils.network import is_subnet_connected @@ -33,7 +34,8 @@ airbag.enable() config_file = '/run/kea/kea-dhcp6.conf' ctrl_socket = '/run/kea/dhcp6-ctrl-socket' -lease_file = '/config/dhcp6.leases' +lease_file = '/config/dhcp/dhcp6-leases.csv' +user_group = '_kea' def get_config(config=None): if config: @@ -182,10 +184,17 @@ def generate(dhcpv6): dhcpv6['lease_file'] = lease_file dhcpv6['machine'] = os.uname().machine + # Create directory for lease file if necessary + lease_dir = os.path.dirname(lease_file) + if not os.path.isdir(lease_dir): + makedir(lease_dir, group='vyattacfg') + chmod_775(lease_dir) + + # Create lease file if necessary and let kea own it - 'kea-lfc' expects it that way if not os.path.exists(lease_file): - write_file(lease_file, '', user='_kea', group='vyattacfg', mode=0o755) + write_file(lease_file, '', user=user_group, group=user_group, mode=0o644) - render(config_file, 'dhcp-server/kea-dhcp6.conf.j2', dhcpv6) + render(config_file, 'dhcp-server/kea-dhcp6.conf.j2', dhcpv6, user=user_group, group=user_group) return None def apply(dhcpv6): -- cgit v1.2.3