diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-04-18 17:56:19 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-04-18 17:56:19 +0200 |
commit | e9a2c4b96edc52ea114451ece6884845ad18ba6f (patch) | |
tree | bbaf2bcaf8d8b081219e720820cca631dd934e2c | |
parent | 03c9155cd012a56c9454b396c5db7785abb80b0a (diff) | |
download | vyos-1x-e9a2c4b96edc52ea114451ece6884845ad18ba6f.tar.gz vyos-1x-e9a2c4b96edc52ea114451ece6884845ad18ba6f.zip |
ipoe-server: T2324: remove boilerplate code and adjust to other accel implementations
-rw-r--r-- | data/templates/accel-ppp/pppoe.config.tmpl | 46 | ||||
-rw-r--r-- | data/templates/ipoe-server/chap-secrets.tmpl | 18 | ||||
-rw-r--r-- | data/templates/ipoe-server/ipoe.config.tmpl | 109 | ||||
-rw-r--r-- | interface-definitions/service_ipoe-server.xml.in | 6 | ||||
-rw-r--r-- | python/vyos/util.py | 6 | ||||
-rwxr-xr-x | src/conf_mode/service_ipoe-server.py | 403 | ||||
-rwxr-xr-x | src/conf_mode/service_pppoe-server.py | 1 |
7 files changed, 299 insertions, 290 deletions
diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl index 325b75adc..39a20c1ca 100644 --- a/data/templates/accel-ppp/pppoe.config.tmpl +++ b/data/templates/accel-ppp/pppoe.config.tmpl @@ -88,37 +88,35 @@ wins{{ loop.index }}={{ server }} {% if auth_mode == 'local' %} [chap-secrets] chap-secrets={{ chap_secrets_file }} -{% elif auth_mode == 'radius' %} +{% endif %} + +{% if auth_mode == 'radius' %} [radius] verbose=1 -{% for r in radius_server %} -server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }} -{% endfor -%} - -acct-timeout={{ radius_acct_tmo }} -timeout={{ radius_timeout }} -max-try={{ radius_max_try }} -{% if radius_nas_id %} -nas-identifier={{ radius_nas_id }} +{% for srv in auth['radius'] %} +server={{srv}},{{auth['radius'][srv]['secret']}}, +req-limit={{auth['radius'][srv]['req-limit']}}, +fail-time={{auth['radius'][srv]['fail-time']}} +{% endfor %} +{% if auth['radsettings']['dae-server']['ip-address'] %} +dae-server={{auth['radsettings']['dae-server']['ip-address']}}: +{{auth['radsettings']['dae-server']['port']}}, +{{auth['radsettings']['dae-server']['secret']}} {% endif -%} -{% if radius_nas_ip %} -nas-ip-address={{ radius_nas_ip }} +{% if auth['radsettings']['acct-timeout'] %} +acct-timeout={{auth['radsettings']['acct-timeout']}} {% endif -%} -{% if radius_source_address %} -bind={{ radius_source_address }} +{% if auth['radsettings']['max-try'] %} +max-try={{auth['radsettings']['max-try']}} {% endif -%} - -{% if radius_dynamic_author %} -dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }} +{% if auth['radsettings']['timeout'] %} +timeout={{auth['radsettings']['timeout']}} {% endif -%} - -{% if radius_shaper_attr %} -[shaper] -verbose=1 -attr={{ radius_shaper_attr }} -{% if radius_shaper_vendor %} -vendor={{ radius_shaper_vendor }} +{% if auth['radsettings']['nas-ip-address'] %} +nas-ip-address={{auth['radsettings']['nas-ip-address']}} {% endif -%} +{% if auth['radsettings']['nas-identifier'] %} +nas-identifier={{auth['radsettings']['nas-identifier']}} {% endif -%} {% endif %} diff --git a/data/templates/ipoe-server/chap-secrets.tmpl b/data/templates/ipoe-server/chap-secrets.tmpl index 5e35d5775..a7d899354 100644 --- a/data/templates/ipoe-server/chap-secrets.tmpl +++ b/data/templates/ipoe-server/chap-secrets.tmpl @@ -1,17 +1,17 @@ # username server password acceptable local IP addresses shaper -{% for aifc in auth['auth_if'] -%} -{% for mac in auth['auth_if'][aifc] -%} -{% if (auth['auth_if'][aifc][mac]['up']) and (auth['auth_if'][aifc][mac]['down']) -%} -{% if auth['auth_if'][aifc][mac]['vlan'] -%} -{{aifc}}.{{auth['auth_if'][aifc][mac]['vlan']}} * {{mac.lower()}} * {{auth['auth_if'][aifc][mac]['down']}}/{{auth['auth_if'][aifc][mac]['up']}} +{% for interface in auth_interfaces -%} +{% for mac in interface.mac -%} +{% if mac.rate_upload and mac.rate_download -%} +{% if mac.vlan_id -%} +{{ interface.name }}.{{ mac.vlan_id }} * {{ mac.address | lower }} * {{ mac.rate_download }}/{{ mac.rate_upload }} {% else -%} -{{aifc}} * {{mac.lower()}} * {{auth['auth_if'][aifc][mac]['down']}}/{{auth['auth_if'][aifc][mac]['up']}} +{{ interface.name }} * {{ mac.address | lower }} * {{ mac.rate_download }}/{{ mac.rate_upload }} {% endif -%} {% else -%} -{% if auth['auth_if'][aifc][mac]['vlan'] %} -{{aifc}}.{{auth['auth_if'][aifc][mac]['vlan']}} * {{mac.lower()}} * +{% if mac.vlan_id -%} +{{ interface.name }}.{{ mac.vlan_id }} * {{ mac.address | lower }} * {% else -%} -{{aifc}} * {{mac.lower()}} * +{{ interface.name }} * {{ mac.address | lower }} * {% endif -%} {% endif -%} {% endfor -%} diff --git a/data/templates/ipoe-server/ipoe.config.tmpl b/data/templates/ipoe-server/ipoe.config.tmpl index 0a5ee09a6..1f34b67c8 100644 --- a/data/templates/ipoe-server/ipoe.config.tmpl +++ b/data/templates/ipoe-server/ipoe.config.tmpl @@ -6,16 +6,15 @@ shaper ipv6pool ipv6_nd ipv6_dhcp -{% if auth['mech'] == 'radius' %} -radius -{% endif -%} ippool -{% if auth['mech'] == 'local' %} +{% if auth_mode == 'radius' %} +radius +{% elif auth_mode == 'local' %} chap-secrets {% endif %} [core] -thread-count={{thread_cnt}} +thread-count={{ thread_cnt }} [log] syslog=accel-ipoe,daemon @@ -24,39 +23,35 @@ level=5 [ipoe] verbose=1 -{% for intfc in interfaces %} -{% if interfaces[intfc]['vlan_mon'] %} -interface=re:{{intfc}}\.\d+,{% else %}interface={{intfc}},{% endif %}shared={{interfaces[intfc]['shared']}},mode={{interfaces[intfc]['mode']}},ifcfg={{interfaces[intfc]['ifcfg']}},range={{interfaces[intfc]['range']}},start={{interfaces[intfc]['sess_start']}},ipv6=1 +{% for interface in interfaces %} +{% if interface.vlan_mon %} +interface=re:{{ interface.name }}\.\d+,{% else %}interface={{ interface }},{% endif %}shared={{ interface.shared }},mode={{ interface.mode }},ifcfg={{ interface.ifcfg }},range={{ interface.range }},start={{ interface.sess_start }},ipv6=1 {% endfor %} -{% if auth['mech'] == 'noauth' %} +{% if auth_mode == 'noauth' %} noauth=1 -{% endif %} -{% if auth['mech'] == 'local' %} +{% elif auth_mode == 'local' %} username=ifname password=csid {% endif %} -{%- for intfc in interfaces %} -{% if (interfaces[intfc]['shared'] == '0') and (interfaces[intfc]['vlan_mon']) %} -vlan-mon={{intfc}},{{interfaces[intfc]['vlan_mon']|join(',')}} +{%- for interface in interfaces %} +{% if (interface.shared == '0') and (interface.vlan_mon) %} +vlan-mon={{ interface.name }},{{ interface.vlan_mon | join(',') }} {% endif %} {% endfor %} -{% if (dns['server1']) or (dns['server2']) %} +{% if dnsv4 %} [dns] -{% if dns['server1'] %} -dns1={{dns['server1']}} -{% endif -%} -{% if dns['server2'] %} -dns2={{dns['server2']}} -{% endif -%} -{% endif -%} +{% for dns in dnsv4 -%} +dns{{ loop.index }}={{ dns }} +{% endfor -%} +{% endif %} -{% if (dnsv6['server1']) or (dnsv6['server2']) or (dnsv6['server3']) %} -[dnsv6] -dns={{dnsv6['server1']}} -dns={{dnsv6['server2']}} -dns={{dnsv6['server3']}} +{% if dnsv6 %} +[ipv6-dns] +{% for dns in dnsv6 -%} +{{ dns }} +{% endfor -%} {% endif %} [ipv6-nd] @@ -65,48 +60,50 @@ verbose=1 [ipv6-dhcp] verbose=1 -{% if ipv6['prfx'] %} +{% if client_ipv6_pool %} [ipv6-pool] -{% for prfx in ipv6['prfx'] %} -{{prfx}} +{% for p in client_ipv6_pool %} +{{ p }} {% endfor %} -{% for pd in ipv6['pd'] %} -delegate={{pd}} +{% for pd in client_ipv6_delegate_prefix %} +delegate={{ pd }} {% endfor %} {% endif %} -{% if auth['mech'] == 'local' %} +{% if auth_mode == 'local' %} [chap-secrets] -chap-secrets={{chap_secrets_file}} -{% endif %} - -{% if auth['mech'] == 'radius' %} +chap-secrets={{ chap_secrets_file }} +{% elif auth_mode == 'radius' %} [radius] verbose=1 -{% for srv in auth['radius'] %} -server={{srv}},{{auth['radius'][srv]['secret']}}, -req-limit={{auth['radius'][srv]['req-limit']}}, -fail-time={{auth['radius'][srv]['fail-time']}} -{% endfor %} -{% if auth['radsettings']['dae-server']['ip-address'] %} -dae-server={{auth['radsettings']['dae-server']['ip-address']}}: -{{auth['radsettings']['dae-server']['port']}}, -{{auth['radsettings']['dae-server']['secret']}} +{% for r in radius_server %} +server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }} +{% endfor -%} + +acct-timeout={{ radius_acct_tmo }} +timeout={{ radius_timeout }} +max-try={{ radius_max_try }} +{% if radius_nas_id %} +nas-identifier={{ radius_nas_id }} {% endif -%} -{% if auth['radsettings']['acct-timeout'] %} -acct-timeout={{auth['radsettings']['acct-timeout']}} +{% if radius_nas_ip %} +nas-ip-address={{ radius_nas_ip }} {% endif -%} -{% if auth['radsettings']['max-try'] %} -max-try={{auth['radsettings']['max-try']}} +{% if radius_source_address %} +bind={{ radius_source_address }} {% endif -%} -{% if auth['radsettings']['timeout'] %} -timeout={{auth['radsettings']['timeout']}} + +{% if radius_dynamic_author %} +dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }} {% endif -%} -{% if auth['radsettings']['nas-ip-address'] %} -nas-ip-address={{auth['radsettings']['nas-ip-address']}} + +{% if radius_shaper_attr %} +[shaper] +verbose=1 +attr={{ radius_shaper_attr }} +{% if radius_shaper_vendor %} +vendor={{ radius_shaper_vendor }} {% endif -%} -{% if auth['radsettings']['nas-identifier'] %} -nas-identifier={{auth['radsettings']['nas-identifier']}} {% endif -%} {% endif %} diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in index 4033b56d6..3948627d7 100644 --- a/interface-definitions/service_ipoe-server.xml.in +++ b/interface-definitions/service_ipoe-server.xml.in @@ -292,6 +292,12 @@ <help>If server does not respond, mark it unavailable for this time (seconds)</help> </properties> </leafNode> + <leafNode name="disable"> + <properties> + <help>Temporary disable this server</help> + <valueless/> + </properties> + </leafNode> </children> </tagNode> <node name="radius-settings"> diff --git a/python/vyos/util.py b/python/vyos/util.py index eb78c4a26..c70bff091 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -447,3 +447,9 @@ def is_bridge_member(interface): return False, None +def get_half_cpus(): + """ return 1/2 of the numbers of available CPUs """ + cpu = os.cpu_count() + if cpu > 1: + cpu /= 2 + return int(cpu) diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py index 76aa80a10..e0a607629 100755 --- a/src/conf_mode/service_ipoe-server.py +++ b/src/conf_mode/service_ipoe-server.py @@ -17,174 +17,227 @@ import os import re +from copy import deepcopy +from stat import S_IRUSR, S_IWUSR, S_IRGRP from sys import exit -from time import sleep -from stat import S_IRUSR, S_IWUSR, S_IRGRP from vyos.config import Config from vyos import ConfigError -from vyos.util import call +from vyos.util import call, get_half_cpus from vyos.template import render - ipoe_conf = '/run/accel-pppd/ipoe.conf' ipoe_chap_secrets = '/run/accel-pppd/ipoe.chap-secrets' - -def _get_cpu(): - cpu_cnt = 1 - if os.cpu_count() == 1: - cpu_cnt = 1 - else: - cpu_cnt = int(os.cpu_count()/2) - return cpu_cnt - +default_config_data = { + 'auth_mode': 'local', + 'auth_interfaces': [], + 'chap_secrets_file': ipoe_chap_secrets, # used in Jinja2 template + 'interfaces': [], + 'dnsv4': [], + 'dnsv6': [], + 'client_ipv6_pool': [], + 'client_ipv6_delegate_prefix': [], + 'radius_server': [], + 'radius_acct_tmo': '3', + 'radius_max_try': '3', + 'radius_timeout': '3', + 'radius_nas_id': '', + 'radius_nas_ip': '', + 'radius_source_address': '', + 'radius_shaper_attr': '', + 'radius_shaper_vendor': '', + 'radius_dynamic_author': '', + 'thread_cnt': get_half_cpus() +} def get_config(): - c = Config() - if not c.exists(['service', 'ipoe-server']): + conf = Config() + base_path = ['service', 'ipoe-server'] + if not conf.exists(base_path): return None - config_data = { - 'chap_secrets_file' : ipoe_chap_secrets - } + conf.set_level(base_path) + ipoe = deepcopy(default_config_data) - c.set_level(['service', 'ipoe-server']) - config_data['interfaces'] = {} - for intfc in c.list_nodes(['interface']): - config_data['interfaces'][intfc] = { + for interface in conf.list_nodes(['interface']): + tmp = { 'mode': 'L2', + 'name': interface, 'shared': '1', - # may need a conifg option, can be dhcpv4 or up for unclassified pkts + # may need a config option, can be dhcpv4 or up for unclassified pkts 'sess_start': 'dhcpv4', 'range': None, 'ifcfg': '1', 'vlan_mon': [] } - config_data['dns'] = { - 'server1': None, - 'server2': None - } - config_data['dnsv6'] = { - 'server1': None, - 'server2': None, - 'server3': None - } - config_data['ipv6'] = { - 'prfx': [], - 'pd': [], - } - config_data['auth'] = { - 'auth_if': {}, - 'mech': 'noauth', - 'radius': {}, - 'radsettings': { - 'dae-server': {} + + conf.set_level(base_path + ['interface', interface]) + + if conf.exists(['network-mode']): + tmp['mode'] = conf.return_value(['network-mode']) + + if conf.exists(['network']): + mode = conf.return_value(['network']) + if mode == 'vlan': + tmp['shared'] = '0' + + if conf.exists(['vlan-id']): + tmp['vlan_mon'] += conf.return_values(['vlan-id']) + + if conf.exists(['vlan-range']): + tmp['vlan_mon'] += conf.return_values(['vlan-range']) + + if conf.exists(['client-subnet']): + tmp['range'] = conf.return_value(['client-subnet']) + + ipoe['interfaces'].append(tmp) + + conf.set_level(base_path) + for server in ['server-1', 'server-2']: + if conf.exists(['dns-server', server]): + tmp = conf.return_value(['dns-server', server]) + ipoe['dnsv4'].append(tmp) + + for server in ['server-1', 'server-2', 'server-3']: + if conf.exists(['dnsv6-server', server]): + tmp = conf.return_value(['dnsv6-server', server]) + ipoe['dnsv6'].append(tmp) + + if conf.exists(['authentication', 'mode']): + ipoe['auth_mode'] = conf.return_value(['authentication', 'mode']) + + if conf.exists(['authentication', 'interface']): + for interface in conf.list_nodes(['authentication', 'interface']): + tmp = { + 'name': interface, + 'mac': [] + } + for client in conf.list_nodes(base_path + ['authentication', 'interface', interface, 'mac-address']): + mac = { + 'address': mac, + 'rate_download': '', + 'rate_upload': '', + 'vlan_id': '' + } + conf.set_level(base_path + ['authentication', 'interface', interface, 'mac-address', client]) + + if conf.exists(['rate-limit', 'download']): + mac['rate_download'] = conf.return_value(['rate-limit', 'download']) + + if conf.exists(['rate-limit', 'upload']): + mac['rate_upload'] = conf.return_value(['rate-limit', 'upload']) + + if conf.exists(['vlan-id']): + mac['vlan'] = conf.return_value(['vlan-id']) + + tmp['mac'].append(mac) + + ipoe['auth_interfaces'].append(tmp) + + # + # authentication mode radius servers and settings + if conf.exists(['authentication', 'mode', 'radius']): + for server in conf.list_nodes(['authentication', 'radius-server']): + radius = { + 'server' : server, + 'key' : '', + 'fail_time' : 0, + 'port' : '1812' } + + conf.set_level(base_path + ['authentication', 'radius-server', server]) + + if conf.exists(['fail-time']): + radius['fail-time'] = conf.return_value(['fail-time']) + + if conf.exists(['port']): + radius['port'] = conf.return_value(['port']) + + if conf.exists(['key']): + radius['key'] = conf.return_value(['key']) + + if not conf.exists(['disable']): + ipoe['radius_server'].append(radius) + + # + # advanced radius-setting + conf.set_level(base_path + ['authentication', 'radius-settings']) + if conf.exists(['acct-timeout']): + ipoe['radius_acct_tmo'] = conf.return_value(['acct-timeout']) + + if conf.exists(['max-try']): + ipoe['radius_max_try'] = conf.return_value(['max-try']) + + if conf.exists(['timeout']): + ipoe['radius_timeout'] = conf.return_value(['timeout']) + + if conf.exists(['nas-identifier']): + ipoe['radius_nas_id'] = conf.return_value(['nas-identifier']) + + if conf.exists(['nas-ip-address']): + ipoe['radius_nas_ip'] = conf.return_value(['nas-ip-address']) + + if conf.exists(['source-address']): + ipoe['radius_source_address'] = conf.return_value(['source-address']) + + # Dynamic Authorization Extensions (DOA)/Change Of Authentication (COA) + if conf.exists(['dynamic-author']): + dae = { + 'port' : '', + 'server' : '', + 'key' : '' } - if c.exists(['interface', intfc, 'network-mode']): - config_data['interfaces'][intfc]['mode'] = c.return_value( - ['interface', intfc, 'network-mode']) - if c.return_value(['interface', intfc, 'network']) == 'vlan': - config_data['interfaces'][intfc]['shared'] = '0' - if c.exists(['interface', intfc, 'vlan-id']): - config_data['interfaces'][intfc]['vlan_mon'] += c.return_values( - ['interface', intfc, 'vlan-id']) - if c.exists(['interface', intfc, 'vlan-range']): - config_data['interfaces'][intfc]['vlan_mon'] += c.return_values( - ['interface', intfc, 'vlan-range']) - if c.exists(['interface', intfc, 'client-subnet']): - config_data['interfaces'][intfc]['range'] = c.return_value( - ['interface', intfc, 'client-subnet']) - if c.exists(['dns-server', 'server-1']): - config_data['dns']['server1'] = c.return_value( - ['dns-server', 'server-1']) - if c.exists(['dns-server', 'server-2']): - config_data['dns']['server2'] = c.return_value( - ['dns-server', 'server-2']) - if c.exists(['dnsv6-server', 'server-1']): - config_data['dnsv6']['server1'] = c.return_value( - ['dnsv6-server', 'server-1']) - if c.exists(['dnsv6-server', 'server-2']): - config_data['dnsv6']['server2'] = c.return_value( - ['dnsv6-server', 'server-2']) - if c.exists(['dnsv6-server', 'server-3']): - config_data['dnsv6']['server3'] = c.return_value( - ['dnsv6-server', 'server-3']) - if not c.exists(['authentication', 'mode', 'noauth']): - config_data['auth']['mech'] = c.return_value( - ['authentication', 'mode']) - if c.exists(['authentication', 'mode', 'local']): - for auth_int in c.list_nodes(['authentication', 'interface']): - for mac in c.list_nodes(['authentication', 'interface', auth_int, 'mac-address']): - config_data['auth']['auth_if'][auth_int] = {} - if c.exists(['authentication', 'interface', auth_int, 'mac-address', mac, 'rate-limit']): - config_data['auth']['auth_if'][auth_int][mac] = {} - config_data['auth']['auth_if'][auth_int][mac]['up'] = c.return_value( - ['authentication', 'interface', auth_int, 'mac-address', mac, 'rate-limit upload']) - config_data['auth']['auth_if'][auth_int][mac]['down'] = c.return_value( - ['authentication', 'interface', auth_int, 'mac-address', 'mac', 'rate-limit download']) - else: - config_data['auth']['auth_if'][auth_int][mac] = {} - config_data['auth']['auth_if'][auth_int][mac]['up'] = None - config_data['auth']['auth_if'][auth_int][mac]['down'] = None - # client vlan-id - if c.exists(['authentication', 'interface', auth_int, 'mac-address', mac, 'vlan-id']): - config_data['auth']['auth_if'][auth_int][mac]['vlan'] = c.return_value( - ['authentication', 'interface', auth_int, 'mac-address', mac, 'vlan-id']) - if c.exists(['authentication', 'mode', 'radius']): - for rsrv in c.list_nodes(['authentication', 'radius-server']): - config_data['auth']['radius'][rsrv] = {} - if c.exists(['authentication', 'radius-server', rsrv, 'secret']): - config_data['auth']['radius'][rsrv]['secret'] = c.return_value( - ['authentication', 'radius-server', rsrv, 'secret']) - else: - config_data['auth']['radius'][rsrv]['secret'] = None - if c.exists(['authentication', 'radius-server', rsrv, 'fail-time']): - config_data['auth']['radius'][rsrv]['fail-time'] = c.return_value( - ['authentication', 'radius-server', rsrv, 'fail-time']) - else: - config_data['auth']['radius'][rsrv]['fail-time'] = '0' - if c.exists(['authentication', 'radius-server', rsrv, 'req-limit']): - config_data['auth']['radius'][rsrv]['req-limit'] = c.return_value( - ['authentication', 'radius-server', rsrv, 'req-limit']) - else: - config_data['auth']['radius'][rsrv]['req-limit'] = '0' - if c.exists(['authentication', 'radius-settings']): - if c.exists(['authentication', 'radius-settings', 'timeout']): - config_data['auth']['radsettings']['timeout'] = c.return_value( - ['authentication', 'radius-settings', 'timeout']) - if c.exists(['authentication', 'radius-settings', 'nas-ip-address']): - config_data['auth']['radsettings']['nas-ip-address'] = c.return_value( - ['authentication', 'radius-settings', 'nas-ip-address']) - if c.exists(['authentication', 'radius-settings', 'nas-identifier']): - config_data['auth']['radsettings']['nas-identifier'] = c.return_value( - ['authentication', 'radius-settings', 'nas-identifier']) - if c.exists(['authentication', 'radius-settings', 'max-try']): - config_data['auth']['radsettings']['max-try'] = c.return_value( - ['authentication', 'radius-settings', 'max-try']) - if c.exists(['authentication', 'radius-settings', 'acct-timeout']): - config_data['auth']['radsettings']['acct-timeout'] = c.return_value( - ['authentication', 'radius-settings', 'acct-timeout']) - if c.exists(['authentication', 'radius-settings', 'dae-server', 'ip-address']): - config_data['auth']['radsettings']['dae-server']['ip-address'] = c.return_value( - ['authentication', 'radius-settings', 'dae-server', 'ip-address']) - if c.exists(['authentication', 'radius-settings', 'dae-server', 'port']): - config_data['auth']['radsettings']['dae-server']['port'] = c.return_value( - ['authentication', 'radius-settings', 'dae-server', 'port']) - if c.exists(['authentication', 'radius-settings', 'dae-server', 'secret']): - config_data['auth']['radsettings']['dae-server']['secret'] = c.return_value( - ['authentication', 'radius-settings', 'dae-server', 'secret']) - - if c.exists(['client-ipv6-pool', 'prefix']): - config_data['ipv6']['prfx'] = c.return_values( - ['client-ipv6-pool', 'prefix']) - if c.exists(['client-ipv6-pool', 'delegate-prefix']): - config_data['ipv6']['pd'] = c.return_values( - ['client-ipv6-pool', 'delegate-prefix']) - - return config_data + if conf.exists(['dynamic-author', 'ip-address']): + dae['server'] = conf.return_value(['dynamic-author', 'ip-address']) + + if conf.exists(['dynamic-author', 'port']): + dae['port'] = conf.return_value(['dynamic-author', 'port']) + + if conf.exists(['dynamic-author', 'secret']): + dae['key'] = conf.return_value(['dynamic-author', 'secret']) + + ipoe['radius_dynamic_author'] = dae + + + conf.set_level(base_path) + if conf.exists(['client-ipv6-pool', 'prefix']): + ipoe['client_ipv6_pool'] = conf.return_values(['client-ipv6-pool', 'prefix']) + + if conf.exists(['client-ipv6-pool', 'delegate-prefix']): + ipoe['client_ipv6_delegate_prefix'] = conf.return_values(['client-ipv6-pool', 'delegate-prefix']) + + return ipoe + + +def verify(ipoe): + if not ipoe: + return None + + import pprint + pprint.pprint(ipoe) + + if not ipoe['interfaces']: + raise ConfigError('No IPoE interface configured') + + for interface in ipoe['interfaces']: + if not interface['range']: + raise ConfigError(f'No IPoE client subnet defined on interface "{{ interface }}"') + + if ipoe['auth_mode'] == 'radius': + if len(ipoe['radius_server']) == 0: + raise ConfigError('RADIUS authentication requires at least one server') + + for radius in ipoe['radius_server']: + if not radius['key']: + server = radius['server'] + raise ConfigError(f'Missing RADIUS secret key for server "{{ server }}"') + + if ipoe['client_ipv6_delegate_prefix'] and not ipoe['client_ipv6_pool']: + raise ConfigError('IPoE IPv6 deletate-prefix requires IPv6 prefix to be configured!') + + return None def generate(ipoe): @@ -195,10 +248,9 @@ def generate(ipoe): if not os.path.exists(dirname): os.mkdir(dirname) - ipoe['thread_cnt'] = _get_cpu() render(ipoe_conf, 'ipoe-server/ipoe.config.tmpl', ipoe, trim_blocks=True) - if ipoe['auth']['mech'] == 'local': + if ipoe['auth_mode'] == 'local': render(ipoe_chap_secrets, 'ipoe-server/chap-secrets.tmpl', ipoe) os.chmod(ipoe_chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP) @@ -209,69 +261,18 @@ def generate(ipoe): return None -def verify(c): - if c == None or not c: - return None - - if not c['interfaces']: - raise ConfigError("service ipoe-server interface requires a value") - - for intfc in c['interfaces']: - if not c['interfaces'][intfc]['range']: - raise ConfigError("service ipoe-server interface " + - intfc + " client-subnet needs a value") - - if c['auth']['mech'] == 'radius': - if not c['auth']['radius']: - raise ConfigError( - "service ipoe-server authentication radius-server requires a value for authentication mode radius") - else: - for radsrv in c['auth']['radius']: - if not c['auth']['radius'][radsrv]['secret']: - raise ConfigError( - "service ipoe-server authentication radius-server " + radsrv + " secret requires a value") - - if c['auth']['radsettings']['dae-server']: - try: - if c['auth']['radsettings']['dae-server']['ip-address']: - pass - except: - raise ConfigError( - "service ipoe-server authentication radius-settings dae-server ip-address value required") - try: - if c['auth']['radsettings']['dae-server']['secret']: - pass - except: - raise ConfigError( - "service ipoe-server authentication radius-settings dae-server secret value required") - try: - if c['auth']['radsettings']['dae-server']['port']: - pass - except: - raise ConfigError( - "service ipoe-server authentication radius-settings dae-server port value required") - - if len(c['ipv6']['pd']) != 0 and len(c['ipv6']['prfx']) == 0: - raise ConfigError( - "service ipoe-server client-ipv6-pool prefix needs a value") - - return c - - def apply(ipoe): if ipoe == None: call('systemctl stop accel-ppp@ipoe.service') - - if os.path.exists(ipoe_conf): - os.unlink(ipoe_conf) - - if os.path.exists(ipoe_chap_secrets): - os.unlink(ipoe_chap_secrets) + for file in [ipoe_conf, ipoe_chap_secrets]: + if os.path.exists(file): + os.unlink(file) return None call('systemctl restart accel-ppp@ipoe.service') + raise ConfigError("faslkdjfhaslkjdfhklsjahdf") if __name__ == '__main__': try: diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py index 13d0b1920..b791f1716 100755 --- a/src/conf_mode/service_pppoe-server.py +++ b/src/conf_mode/service_pppoe-server.py @@ -78,6 +78,7 @@ default_config_data = { 'radius_dynamic_author': '', 'sesscrtl': 'replace', 'snmp': False, + 'thread_cnt': '1' } def get_config(): |