From b242e24af4d870e936155bdbd965858bdd39aa98 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 18 Jun 2020 18:55:22 +0200 Subject: console-server: T2490: move CLI parsing to get_config_dict() For more examples on the new get_config_dict() approach migrate this implementation as it is not yet in production use. Also this serves as proof of concept code for further migrations. --- src/etc/systemd/system/conserver-server.service.d/override.conf | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 src/etc/systemd/system/conserver-server.service.d/override.conf (limited to 'src/etc/systemd/system/conserver-server.service.d/override.conf') diff --git a/src/etc/systemd/system/conserver-server.service.d/override.conf b/src/etc/systemd/system/conserver-server.service.d/override.conf new file mode 100644 index 000000000..1be5cec81 --- /dev/null +++ b/src/etc/systemd/system/conserver-server.service.d/override.conf @@ -0,0 +1,3 @@ +[Unit] +After= +After=vyos-router.service -- cgit v1.2.3 From 067ddcf27ac1fbc33cee710ae66a85b0368a26d9 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 18 Jun 2020 21:44:17 +0200 Subject: console-server: T2490: log to journald --- data/templates/conserver/conserver.conf.tmpl | 7 +++---- op-mode-definitions/show-log.xml | 6 ++++++ src/conf_mode/service_serial-proxy.py | 2 +- src/etc/systemd/system/conserver-server.service.d/override.conf | 6 ++++++ 4 files changed, 16 insertions(+), 5 deletions(-) (limited to 'src/etc/systemd/system/conserver-server.service.d/override.conf') diff --git a/data/templates/conserver/conserver.conf.tmpl b/data/templates/conserver/conserver.conf.tmpl index ec0eca5f0..329a9b4ae 100644 --- a/data/templates/conserver/conserver.conf.tmpl +++ b/data/templates/conserver/conserver.conf.tmpl @@ -3,13 +3,12 @@ # See https://www.conserver.com/docs/conserver.cf.man.html for additional options config * { + primaryport 3109; + daemonmode false; } default * { - motd "VyOS Console Server" - # The character '&' in logfile names are substituted with the console name. - logfile /var/log/conserver/&.log; - timestamp "30m"; + motd "VyOS Console Server"; rw *; } diff --git a/op-mode-definitions/show-log.xml b/op-mode-definitions/show-log.xml index 0c4da647b..827bee4c7 100644 --- a/op-mode-definitions/show-log.xml +++ b/op-mode-definitions/show-log.xml @@ -32,6 +32,12 @@ cat $(printf "%s\n" /var/log/messages* | sort -nr ) | grep -e conntrackd + + + Show log for serial console server + + /usr/bin/journalctl -u conserver-server.service + Show log for Dynamic Host Control Protocol (DHCP) diff --git a/src/conf_mode/service_serial-proxy.py b/src/conf_mode/service_serial-proxy.py index 85fcfed08..0dd1cfc6d 100755 --- a/src/conf_mode/service_serial-proxy.py +++ b/src/conf_mode/service_serial-proxy.py @@ -24,7 +24,7 @@ from vyos.template import render from vyos.util import call from vyos import ConfigError -config_file = r'/etc/conserver/conserver.cf' +config_file = r'/run/conserver/conserver.cf' # Default values are necessary until the implementation of T2588 is completed default_values = { diff --git a/src/etc/systemd/system/conserver-server.service.d/override.conf b/src/etc/systemd/system/conserver-server.service.d/override.conf index 1be5cec81..5301b38ce 100644 --- a/src/etc/systemd/system/conserver-server.service.d/override.conf +++ b/src/etc/systemd/system/conserver-server.service.d/override.conf @@ -1,3 +1,9 @@ [Unit] After= After=vyos-router.service + +[Service] +Type=simple +ExecStart= +ExecStart=/usr/sbin/conserver -C /run/conserver/conserver.cf + -- cgit v1.2.3 From 587416ef606827c5cbf6ac49834fc65283794fbb Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 19 Jun 2020 16:12:27 +0200 Subject: console-server: T2490: add SSH support for direct device access --- src/conf_mode/service_console-server.py | 17 +++++++++-------- .../system/conserver-server.service.d/override.conf | 3 ++- src/systemd/dropbear@.service | 6 +++--- 3 files changed, 14 insertions(+), 12 deletions(-) (limited to 'src/etc/systemd/system/conserver-server.service.d/override.conf') diff --git a/src/conf_mode/service_console-server.py b/src/conf_mode/service_console-server.py index 087b13c04..7f6967983 100755 --- a/src/conf_mode/service_console-server.py +++ b/src/conf_mode/service_console-server.py @@ -62,13 +62,14 @@ def verify(proxy): if not proxy: return None - for tmp in proxy['device']: - device = proxy['device'][tmp] - if not device['speed']: + for device in proxy['device']: + keys = proxy['device'][device].keys() + if 'speed' not in keys: raise ConfigError(f'Serial port speed must be defined for "{tmp}"!') - if 'ssh' in device.keys(): - if 'port' not in device['ssh'].keys(): + if 'ssh' in keys: + ssh_keys = proxy['device'][device]['ssh'].keys() + if 'port' not in ssh_keys: raise ConfigError(f'SSH port must be defined for "{tmp}"!') return None @@ -81,8 +82,7 @@ def generate(proxy): return None def apply(proxy): - call('systemctl stop conserver-server.service') - call('systemctl stop dropbear@*.service') + call('systemctl stop dropbear@*.service conserver-server.service') if not proxy: if os.path.isfile(config_file): @@ -93,7 +93,8 @@ def apply(proxy): for device in proxy['device']: if 'ssh' in proxy['device'][device].keys(): - call('systemctl restart dropbear@{device}.service') + port = proxy['device'][device]['ssh']['port'] + call(f'systemctl restart dropbear@{device}.service') return None diff --git a/src/etc/systemd/system/conserver-server.service.d/override.conf b/src/etc/systemd/system/conserver-server.service.d/override.conf index 5301b38ce..828d0bc4b 100644 --- a/src/etc/systemd/system/conserver-server.service.d/override.conf +++ b/src/etc/systemd/system/conserver-server.service.d/override.conf @@ -1,9 +1,10 @@ [Unit] After= After=vyos-router.service +ConditionPathExists=/run/conserver/conserver.cf [Service] Type=simple ExecStart= ExecStart=/usr/sbin/conserver -C /run/conserver/conserver.cf - +Restart=on-failure diff --git a/src/systemd/dropbear@.service b/src/systemd/dropbear@.service index a7057ffe1..606a7ea6d 100644 --- a/src/systemd/dropbear@.service +++ b/src/systemd/dropbear@.service @@ -2,13 +2,13 @@ Description=Dropbear SSH per-connection server Requires=dropbearkey.service Wants=conserver-server.service -After=mongodb.service +ConditionPathExists=/run/conserver/conserver.cf After=dropbearkey.service vyos-router.service conserver-server.service [Service] Type=forking -ExecStartPre=/usr/bin/bash -c '/usr/bin/systemctl set-environment PORT=$(cli-shell-api returnValue service console-server device "%I" ssh port)' +ExecStartPre=/usr/bin/bash -c '/usr/bin/systemctl set-environment PORT=$(cli-shell-api returnActiveValue service console-server device "%I" ssh port)' ExecStart=-/usr/sbin/dropbear -w -j -k -r /etc/dropbear/dropbear_rsa_host_key -c "/usr/bin/console %I" -P /run/conserver/dropbear.%I.pid -p ${PORT} PIDFile=/run/conserver/dropbear.%I.pid KillMode=process - +Restart=on-failure -- cgit v1.2.3 From 647af6c5405e6a3ae89bf96cb20558c581ed83d7 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 19 Jun 2020 16:38:40 +0200 Subject: console-server: T2490: server must listen only on localhost --- data/templates/conserver/conserver.conf.tmpl | 4 ++-- src/etc/systemd/system/conserver-server.service.d/override.conf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src/etc/systemd/system/conserver-server.service.d/override.conf') diff --git a/data/templates/conserver/conserver.conf.tmpl b/data/templates/conserver/conserver.conf.tmpl index 5fffaf31e..4e7b5d8d7 100644 --- a/data/templates/conserver/conserver.conf.tmpl +++ b/data/templates/conserver/conserver.conf.tmpl @@ -32,6 +32,6 @@ console {{ key }} { ## list of clients we allow ## access * { - trusted 127.0.0.1; - allowed 127.0.0.1; + trusted localhost; + allowed localhost; } diff --git a/src/etc/systemd/system/conserver-server.service.d/override.conf b/src/etc/systemd/system/conserver-server.service.d/override.conf index 828d0bc4b..3c753f572 100644 --- a/src/etc/systemd/system/conserver-server.service.d/override.conf +++ b/src/etc/systemd/system/conserver-server.service.d/override.conf @@ -6,5 +6,5 @@ ConditionPathExists=/run/conserver/conserver.cf [Service] Type=simple ExecStart= -ExecStart=/usr/sbin/conserver -C /run/conserver/conserver.cf +ExecStart=/usr/sbin/conserver -M localhost -C /run/conserver/conserver.cf Restart=on-failure -- cgit v1.2.3