summaryrefslogtreecommitdiff
path: root/python/vyos/initialsetup.py
blob: 574e7892d1c6ffcdb41bf4e190819138b9fc8270 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# initialsetup -- functions for setting common values in config file,
# for use in installation and first boot scripts
#
# Copyright (C) 2018 VyOS maintainers and contributors
#
# This library is free software; you can redistribute it and/or modify it under the terms of
# the GNU Lesser General Public License as published by the Free Software Foundation;
# either version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along with this library;
# if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 

import vyos.configtree
import vyos.authutils

def set_interface_address(config, intf, addr, intf_type="ethernet"):
    config.set(["interfaces", intf_type, intf, "address"], value=addr)
    config.set_tag(["interfaces", intf_type])

def set_host_name(config, hostname):
    config.set(["system", "host-name"], value=hostname)

def set_name_servers(config, servers):
    for s in servers:
        config.set(["system", "name-server"], replace=False, value=s)

def set_default_gateway(config, gateway):
    config.set(["protocols", "static", "route", "0.0.0.0/0", "next-hop", gateway])
    config.set_tag(["protocols", "static", "route"])
    config.set_tag(["protocols", "static", "route", "0.0.0.0/0", "next-hop"])

def set_user_password(config, user, password):
    # Make a password hash
    hash = vyos.authutils.make_password_hash(password)
 
    config.set(["system", "login", "user", user, "authentication", "encrypted-password"], value=hash)
    config.set(["system", "login", "user", user, "authentication", "plaintext-password"], value="")

def disable_user_password(config, user):
    config.set(["system", "login", "user", user, "authentication", "encrypted-password"], value="!")
    config.set(["system", "login", "user", user, "authentication", "plaintext-password"], value="")

def set_user_level(config, user, level):
    config.set(["system", "login", "user", user, "level"], value=level)

def set_user_ssh_key(config, user, key_string):
    key = vyos.authutils.split_ssh_public_key(key_string, defaultname=user)

    config.set(["system", "login", "user", user, "authentication", "public-keys", key["name"], "key"], value=key["data"])
    config.set(["system", "login", "user", user, "authentication", "public-keys", key["name"], "type"], value=key["type"])
    config.set_tag(["system", "login", "user", user, "authentication", "public-keys"])

def create_user(config, user, password=None, key=None, level="admin"):
    config.set(["system", "login", "user", user])
    config.set_tag(["system", "login", "user", user])

    if not key and not password:
        raise ValueError("Must set at least password or SSH public key")

    if password:
        set_user_password(config, user, password)
    else:
        disable_user_password(config, user)

    if key:
        set_user_ssh_key(config, user, key)

    set_user_level(config, user, level)