#!/usr/bin/env python3 # Copyright (C) 2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # T3008: move from ntpd to chrony and migrate "system ntp" to "service ntp" import sys from vyos.configtree import ConfigTree if (len(sys.argv) < 1): print("Must specify file name!") sys.exit(1) file_name = sys.argv[1] with open(file_name, 'r') as f: config_file = f.read() config = ConfigTree(config_file) base_path = ['system', 'ntp'] new_base_path = ['service', 'ntp'] if not config.exists(base_path): # Nothing to do sys.exit(0) # config.copy does not recursively create a path, so create ['service'] if # it doesn't yet exist, such as for config.boot.default if not config.exists(['service']): config.set(['service']) # copy "system ntp" to "service ntp" config.copy(base_path, new_base_path) config.delete(base_path) # chrony does not support the preempt option, drop it for server in config.list_nodes(new_base_path + ['server']): server_base = new_base_path + ['server', server] if config.exists(server_base + ['preempt']): config.delete(server_base + ['preempt']) # Rename "allow-clients" -> "allow-client" if config.exists(new_base_path + ['allow-clients']): config.rename(new_base_path + ['allow-clients'], 'allow-client') # By default VyOS 1.3 allowed NTP queries for all networks - in chrony we # explicitly disable this behavior and clients need to be specified using the # allow-client CLI option. In order to be fully backwards compatible, we specify # 0.0.0.0/0 and ::/0 as allow networks if not specified otherwise explicitly. if not config.exists(new_base_path + ['allow-client']): config.set(new_base_path + ['allow-client', 'address'], value='0.0.0.0/0', replace=False) config.set(new_base_path + ['allow-client', 'address'], value='::/0', replace=False) try: with open(file_name, 'w') as f: f.write(config.to_string()) except OSError as e: print("Failed to save the modified config: {}".format(e)) sys.exit(1)