From 3872f5995644a8a52358285d682a7103b54dde04 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 21 May 2020 13:55:32 +0200 Subject: macsec: T2023: use wpa_supplicant for key management --- src/systemd/wpa_supplicant-macsec@.service | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 src/systemd/wpa_supplicant-macsec@.service (limited to 'src/systemd') diff --git a/src/systemd/wpa_supplicant-macsec@.service b/src/systemd/wpa_supplicant-macsec@.service new file mode 100644 index 000000000..7ad12e54e --- /dev/null +++ b/src/systemd/wpa_supplicant-macsec@.service @@ -0,0 +1,16 @@ +[Unit] +Description=WPA supplicant daemon (macsec-specific version) +Requires=sys-subsystem-net-devices-%i.device +ConditionPathExists=/run/wpa_supplicant/wpa_supplicant-%I.conf +After=vyos-router.service +RequiresMountsFor=/run + +# NetworkManager users will probably want the dbus version instead. + +[Service] +Type=simple +WorkingDirectory=/run/wpa_supplicant +ExecStart=/sbin/wpa_supplicant -c /run/wpa_supplicant/wpa_supplicant-%I.conf -Dmacsec_linux -i%I + +[Install] +WantedBy=multi-user.target -- cgit v1.2.3 From 5df7e8f35234497c03d504ea838dbd7044c49bb3 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 21 May 2020 16:08:26 +0200 Subject: macsec: T2023: cleanup wpa_supplicant config file name --- src/conf_mode/interfaces-macsec.py | 8 +++++--- src/systemd/wpa_supplicant-macsec@.service | 5 +++-- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'src/systemd') diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py index efac92169..ed88e877d 100755 --- a/src/conf_mode/interfaces-macsec.py +++ b/src/conf_mode/interfaces-macsec.py @@ -155,14 +155,16 @@ def verify(macsec): def generate(macsec): # XXX: wpa_supplicant works on the source interface not the resulting # MACsec interface - conf = f'/run/wpa_supplicant/wpa_supplicant-{macsec["source_interface"]}.conf' + wpa_suppl_conf = '/run/wpa_supplicant/{source_interface}.conf' + conf = wpa_suppl_conf.format(**macsec) + render(conf, 'macsec/wpa_supplicant.conf.tmpl', macsec, permission=0o640) return None def apply(macsec): # Remove macsec interface if macsec['deleted']: - call(f'systemctl stop wpa_supplicant-@{macsec["intf"]}.service') + call('systemctl stop wpa_supplicant-macsec@{intf}.service'.format(**macsec)) MACsecIf(macsec['intf']).remove() else: @@ -199,7 +201,7 @@ def apply(macsec): if not macsec['disable']: i.set_admin_state('up') - call(f'systemctl restart wpa_supplicant-macsec@{macsec["source_interface"]}.service') + call('systemctl restart wpa_supplicant-macsec@{source_interface}.service'.format(**macsec)) return None diff --git a/src/systemd/wpa_supplicant-macsec@.service b/src/systemd/wpa_supplicant-macsec@.service index 7ad12e54e..9fad6b773 100644 --- a/src/systemd/wpa_supplicant-macsec@.service +++ b/src/systemd/wpa_supplicant-macsec@.service @@ -1,7 +1,7 @@ [Unit] Description=WPA supplicant daemon (macsec-specific version) Requires=sys-subsystem-net-devices-%i.device -ConditionPathExists=/run/wpa_supplicant/wpa_supplicant-%I.conf +ConditionPathExists=/run/wpa_supplicant/%I.conf After=vyos-router.service RequiresMountsFor=/run @@ -10,7 +10,8 @@ RequiresMountsFor=/run [Service] Type=simple WorkingDirectory=/run/wpa_supplicant -ExecStart=/sbin/wpa_supplicant -c /run/wpa_supplicant/wpa_supplicant-%I.conf -Dmacsec_linux -i%I +PIDFile=/run/wpa_supplicant/%I.pid +ExecStart=/sbin/wpa_supplicant -c /run/wpa_supplicant/%I.conf -Dmacsec_linux -i%I [Install] WantedBy=multi-user.target -- cgit v1.2.3