diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-05-21 18:19:52 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-05-21 18:19:52 +0200 |
| commit | e12390d75b5ea0423f19efc1dc5dd97ae5fe42dd (patch) | |
| tree | 4ba301c80896404caacc98ac7d1d81cc695b593a | |
| parent | f8e2d8acd8a036a041cf4b51891d21a3c809afb0 (diff) | |
| download | vyos-1x-e12390d75b5ea0423f19efc1dc5dd97ae5fe42dd.tar.gz vyos-1x-e12390d75b5ea0423f19efc1dc5dd97ae5fe42dd.zip | |
macsec: T2023: delete wpa_supplicant config when interface is removed
| -rwxr-xr-x | src/conf_mode/interfaces-macsec.py | 14 | ||||
| -rw-r--r-- | src/systemd/wpa_supplicant-macsec@.service | 2 |
2 files changed, 9 insertions, 7 deletions
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py index d251f6408..6a3bb49fe 100755 --- a/src/conf_mode/interfaces-macsec.py +++ b/src/conf_mode/interfaces-macsec.py @@ -45,6 +45,9 @@ default_config_data = { 'vrf': '' } +# XXX: wpa_supplicant works on the source interface +wpa_suppl_conf = '/run/wpa_supplicant/{source_interface}.conf' + def get_config(): macsec = deepcopy(default_config_data) conf = Config() @@ -158,12 +161,7 @@ def verify(macsec): return None def generate(macsec): - # XXX: wpa_supplicant works on the source interface not the resulting - # MACsec interface - wpa_suppl_conf = '/run/wpa_supplicant/{source_interface}.conf' - conf = wpa_suppl_conf.format(**macsec) - - render(conf, 'macsec/wpa_supplicant.conf.tmpl', macsec, permission=0o640) + render(wpa_suppl_conf.format(**macsec), 'macsec/wpa_supplicant.conf.tmpl', macsec, permission=0o640) return None def apply(macsec): @@ -172,6 +170,10 @@ def apply(macsec): call('systemctl stop wpa_supplicant-macsec@{source_interface}.service'.format(**macsec)) MACsecIf(macsec['intf']).remove() + # delete configuration on interface removal + if os.path.isfile(wpa_suppl_conf.format(**macsec)): + os.unlink(wpa_suppl_conf.format(**macsec)) + else: # MACsec interfaces require a configuration when they are added using # iproute2. This static method will provide the configuration diff --git a/src/systemd/wpa_supplicant-macsec@.service b/src/systemd/wpa_supplicant-macsec@.service index 9fad6b773..21e189e4b 100644 --- a/src/systemd/wpa_supplicant-macsec@.service +++ b/src/systemd/wpa_supplicant-macsec@.service @@ -11,7 +11,7 @@ RequiresMountsFor=/run Type=simple
WorkingDirectory=/run/wpa_supplicant
PIDFile=/run/wpa_supplicant/%I.pid
-ExecStart=/sbin/wpa_supplicant -c /run/wpa_supplicant/%I.conf -Dmacsec_linux -i%I
+ExecStart=/sbin/wpa_supplicant -c/run/wpa_supplicant/%I.conf -Dmacsec_linux -i%I
[Install]
WantedBy=multi-user.target
|