diff options
| author | Daniil Baturin <daniil@vyos.io> | 2023-10-12 15:35:54 +0100 | 
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-12 15:35:54 +0100 | 
| commit | e55f0793234975e0fb69f6121945e9556556ea44 (patch) | |
| tree | a801faafdfec6e284be72a049d8bb174c3938b65 | |
| parent | 227e3f2876e504a4e3dc52b009d378b675e5ce51 (diff) | |
| parent | aa0282ceb379df1ab3cc93e4bd019134d37f0d89 (diff) | |
| download | vyos-1x-e55f0793234975e0fb69f6121945e9556556ea44.tar.gz vyos-1x-e55f0793234975e0fb69f6121945e9556556ea44.zip | |
Merge pull request #2277 from aapostoliuk/T5254-1-sagitta
bonding: T5254: Fixed changing ethernet when it is a bond member
| -rw-r--r-- | data/config-mode-dependencies/vyos-1x.json | 3 | ||||
| -rw-r--r-- | git | 0 | ||||
| -rw-r--r-- | interface-definitions/include/version/interfaces-version.xml.i | 2 | ||||
| -rw-r--r-- | python/vyos/ifconfig/bond.py | 13 | ||||
| -rw-r--r-- | python/vyos/ifconfig/ethernet.py | 34 | ||||
| -rw-r--r-- | python/vyos/utils/dict.py | 59 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-bonding.py | 38 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-ethernet.py | 237 | ||||
| -rwxr-xr-x | src/migration-scripts/interfaces/30-to-31 | 71 | 
9 files changed, 420 insertions, 37 deletions
| diff --git a/data/config-mode-dependencies/vyos-1x.json b/data/config-mode-dependencies/vyos-1x.json index 6c86642c7..4d73c844c 100644 --- a/data/config-mode-dependencies/vyos-1x.json +++ b/data/config-mode-dependencies/vyos-1x.json @@ -6,6 +6,9 @@                  "group_resync": ["conntrack", "nat", "policy-route"]                },    "http_api": {"https": ["https"]}, +  "interfaces_bonding": { +           "ethernet": ["interfaces-ethernet"] +         },    "load_balancing_wan": {                            "conntrack": ["conntrack"],                            "conntrack_sync": ["conntrack_sync"] diff --git a/interface-definitions/include/version/interfaces-version.xml.i b/interface-definitions/include/version/interfaces-version.xml.i index 3d11ce888..76c5d3c05 100644 --- a/interface-definitions/include/version/interfaces-version.xml.i +++ b/interface-definitions/include/version/interfaces-version.xml.i @@ -1,3 +1,3 @@  <!-- include start from include/version/interfaces-version.xml.i --> -<syntaxVersion component='interfaces' version='30'></syntaxVersion> +<syntaxVersion component='interfaces' version='31'></syntaxVersion>  <!-- include end --> diff --git a/python/vyos/ifconfig/bond.py b/python/vyos/ifconfig/bond.py index d1d7d48c4..45e6e4c16 100644 --- a/python/vyos/ifconfig/bond.py +++ b/python/vyos/ifconfig/bond.py @@ -92,6 +92,19 @@ class BondIf(Interface):          }      }} +    @staticmethod +    def get_inherit_bond_options() -> list: +        """ +        Returns list of option +        which are inherited from bond interface to member interfaces +        :return: List of interface options +        :rtype: list +        """ +        options = [ +            'mtu' +        ] +        return options +      def remove(self):          """          Remove interface from operating system. Removing the interface diff --git a/python/vyos/ifconfig/ethernet.py b/python/vyos/ifconfig/ethernet.py index 285542057..aa1e87744 100644 --- a/python/vyos/ifconfig/ethernet.py +++ b/python/vyos/ifconfig/ethernet.py @@ -75,6 +75,40 @@ class EthernetIf(Interface):          },      }} +    @staticmethod +    def get_bond_member_allowed_options() -> list: +        """ +        Return list of options which are allowed for changing, +        when interface is a bond member +        :return: List of interface options +        :rtype: list +        """ +        bond_allowed_sections = [ +            'description', +            'disable', +            'disable_flow_control', +            'disable_link_detect', +            'duplex', +            'eapol.ca_certificate', +            'eapol.certificate', +            'eapol.passphrase', +            'mirror.egress', +            'mirror.ingress', +            'offload.gro', +            'offload.gso', +            'offload.lro', +            'offload.rfs', +            'offload.rps', +            'offload.sg', +            'offload.tso', +            'redirect', +            'ring_buffer.rx', +            'ring_buffer.tx', +            'speed', +            'hw_id' +        ] +        return bond_allowed_sections +      def __init__(self, ifname, **kargs):          super().__init__(ifname, **kargs)          self.ethtool = Ethtool(ifname) diff --git a/python/vyos/utils/dict.py b/python/vyos/utils/dict.py index 9484eacdd..d36b6fcfb 100644 --- a/python/vyos/utils/dict.py +++ b/python/vyos/utils/dict.py @@ -199,6 +199,31 @@ def dict_search_recursive(dict_object, key, path=[]):              for x in dict_search_recursive(j, key, new_path):                  yield x + +def dict_set(key_path, value, dict_object): +    """ Set value to Python dictionary (dict_object) using path to key delimited by dot (.). +        The key will be added if it does not exist. +    """ +    path_list = key_path.split(".") +    dynamic_dict = dict_object +    if len(path_list) > 0: +        for i in range(0, len(path_list)-1): +            dynamic_dict = dynamic_dict[path_list[i]] +        dynamic_dict[path_list[len(path_list)-1]] = value + +def dict_delete(key_path, dict_object): +    """ Delete key in Python dictionary (dict_object) using path to key delimited by dot (.). +    """ +    path_dict = dict_object +    path_list = key_path.split('.') +    inside = path_list[:-1] +    if not inside: +        del dict_object[path_list] +    else: +        for key in path_list[:-1]: +            path_dict = path_dict[key] +        del path_dict[path_list[len(path_list)-1]] +  def dict_to_list(d, save_key_to=None):      """ Convert a dict to a list of dicts. @@ -228,6 +253,39 @@ def dict_to_list(d, save_key_to=None):      return collect +def dict_to_paths_values(conf: dict) -> dict: +    """ +    Convert nested dictionary to simple dictionary, where key is a path is delimited by dot (.). +    """ +    list_of_paths = [] +    dict_of_options ={} +    for path in dict_to_key_paths(conf): +        str_path = '.'.join(path) +        list_of_paths.append(str_path) + +    for path in list_of_paths: +        dict_of_options[path] = dict_search(path,conf) + +    return dict_of_options +def dict_to_key_paths(d: dict) -> list: +    """ Generator to return list of key paths from dict of list[str]|str +    """ +    def func(d, path): +        if isinstance(d, dict): +            if not d: +                yield path +            for k, v in d.items(): +                for r in func(v, path + [k]): +                    yield r +        elif isinstance(d, list): +            yield path +        elif isinstance(d, str): +            yield path +        else: +            raise ValueError('object is not a dict of strings/list of strings') +    for r in func(d, []): +        yield r +  def dict_to_paths(d: dict) -> list:      """ Generator to return list of paths from dict of list[str]|str      """ @@ -305,3 +363,4 @@ class FixedDict(dict):          if k not in self._allowed:              raise ConfigError(f'Option "{k}" has no defined default')          super().__setitem__(k, v) + diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index 0bd306ed0..1179e3e4f 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -18,7 +18,6 @@ import os  from sys import exit  from netifaces import interfaces -  from vyos.config import Config  from vyos.configdict import get_interface_dict  from vyos.configdict import is_node_changed @@ -34,10 +33,13 @@ from vyos.configverify import verify_source_interface  from vyos.configverify import verify_vlan_config  from vyos.configverify import verify_vrf  from vyos.ifconfig import BondIf +from vyos.ifconfig.ethernet import EthernetIf  from vyos.ifconfig import Section  from vyos.utils.dict import dict_search +from vyos.utils.dict import dict_to_paths_values  from vyos.configdict import has_address_configured  from vyos.configdict import has_vrf_configured +from vyos.configdep import set_dependents, call_dependents  from vyos import ConfigError  from vyos import airbag  airbag.enable() @@ -90,7 +92,6 @@ def get_config(config=None):      # determine which members have been removed      interfaces_removed = leaf_node_changed(conf, base + [ifname, 'member', 'interface']) -      # Reset config level to interfaces      old_level = conf.get_level()      conf.set_level(['interfaces']) @@ -102,6 +103,10 @@ def get_config(config=None):          tmp = {}          for interface in interfaces_removed: +            # if member is deleted from bond, add dependencies to call +            # ethernet commit again in apply function +            # to apply options under ethernet section +            set_dependents('ethernet', conf, interface)              section = Section.section(interface) # this will be 'ethernet' for 'eth0'              if conf.exists([section, interface, 'disable']):                  tmp[interface] = {'disable': ''} @@ -116,9 +121,21 @@ def get_config(config=None):      if dict_search('member.interface', bond):          for interface, interface_config in bond['member']['interface'].items(): + +            interface_ethernet_config = conf.get_config_dict( +                ['interfaces', 'ethernet', interface], +                key_mangling=('-', '_'), +                get_first_key=True, +                no_tag_node_value_mangle=True, +                with_defaults=False, +                with_recursive_defaults=False) + +            interface_config['config_paths'] = dict_to_paths_values(interface_ethernet_config) +              # Check if member interface is a new member              if not conf.exists_effective(base + [ifname, 'member', 'interface', interface]):                  bond['shutdown_required'] = {} +                interface_config['new_added'] = {}              # Check if member interface is disabled              conf.set_level(['interfaces']) @@ -151,7 +168,6 @@ def get_config(config=None):              # bond members must not have a VRF attached              tmp = has_vrf_configured(conf, interface)              if tmp: interface_config['has_vrf'] = {} -      return bond @@ -212,6 +228,14 @@ def verify(bond):              if 'has_vrf' in interface_config:                  raise ConfigError(error_msg + 'it has a VRF assigned!') +            if 'new_added' in interface_config and 'config_paths' in interface_config: +                for option_path, option_value in interface_config['config_paths'].items(): +                    if option_path in EthernetIf.get_bond_member_allowed_options() : +                        continue +                    if option_path in BondIf.get_inherit_bond_options(): +                        continue +                    raise ConfigError(error_msg + f'it has a "{option_path.replace(".", " ")}" assigned!') +      if 'primary' in bond:          if bond['primary'] not in bond['member']['interface']:              raise ConfigError(f'Primary interface of bond "{bond_name}" must be a member interface') @@ -227,13 +251,17 @@ def generate(bond):  def apply(bond):      b = BondIf(bond['ifname']) -      if 'deleted' in bond:          # delete interface          b.remove()      else:          b.update(bond) - +    if dict_search('member.interface_remove', bond): +        try: +            call_dependents() +        except ConfigError: +            raise ConfigError('Error in updating ethernet interface ' +                              'after deleting it from bond')      return None  if __name__ == '__main__': diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index f3e65ad5e..7374a29f7 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -15,6 +15,7 @@  # along with this program.  If not, see <http://www.gnu.org/licenses/>.  import os +import pprint  from glob import glob  from sys import exit @@ -35,6 +36,7 @@ from vyos.configverify import verify_vrf  from vyos.configverify import verify_bond_bridge_member  from vyos.ethtool import Ethtool  from vyos.ifconfig import EthernetIf +from vyos.ifconfig import BondIf  from vyos.pki import find_chain  from vyos.pki import encode_certificate  from vyos.pki import load_certificate @@ -42,6 +44,9 @@ from vyos.pki import wrap_private_key  from vyos.template import render  from vyos.utils.process import call  from vyos.utils.dict import dict_search +from vyos.utils.dict import dict_to_paths_values +from vyos.utils.dict import dict_set +from vyos.utils.dict import dict_delete  from vyos.utils.file import write_file  from vyos import ConfigError  from vyos import airbag @@ -51,6 +56,90 @@ airbag.enable()  cfg_dir = '/run/wpa_supplicant'  wpa_suppl_conf = '/run/wpa_supplicant/{ifname}.conf' +def update_bond_options(conf: Config, eth_conf: dict) -> list: +    """ +    Return list of blocked options if interface is a bond member +    :param conf: Config object +    :type conf: Config +    :param eth_conf: Ethernet config dictionary +    :type eth_conf: dict +    :return: List of blocked options +    :rtype: list +    """ +    blocked_list = [] +    bond_name = list(eth_conf['is_bond_member'].keys())[0] +    config_without_defaults = conf.get_config_dict( +        ['interfaces', 'ethernet', eth_conf['ifname']], +        key_mangling=('-', '_'), +        get_first_key=True, +        no_tag_node_value_mangle=True, +        with_defaults=False, +        with_recursive_defaults=False) +    config_with_defaults = conf.get_config_dict( +        ['interfaces', 'ethernet', eth_conf['ifname']], +        key_mangling=('-', '_'), +        get_first_key=True, +        no_tag_node_value_mangle=True, +        with_defaults=True, +        with_recursive_defaults=True) +    bond_config_with_defaults = conf.get_config_dict( +        ['interfaces', 'bonding', bond_name], +        key_mangling=('-', '_'), +        get_first_key=True, +        no_tag_node_value_mangle=True, +        with_defaults=True, +        with_recursive_defaults=True) +    eth_dict_paths = dict_to_paths_values(config_without_defaults) +    eth_path_base = ['interfaces', 'ethernet', eth_conf['ifname']] + +    #if option is configured under ethernet section +    for option_path, option_value in eth_dict_paths.items(): +        bond_option_value = dict_search(option_path, bond_config_with_defaults) + +        #If option is allowed for changing then continue +        if option_path in EthernetIf.get_bond_member_allowed_options(): +            continue +        # if option is inherited from bond then set valued from bond interface +        if option_path in BondIf.get_inherit_bond_options(): +            # If option equals to bond option then do nothing +            if option_value == bond_option_value: +                continue +            else: +                # if ethernet has option and bond interface has +                # then copy it from bond +                if bond_option_value is not None: +                    if is_node_changed(conf, eth_path_base + option_path.split('.')): +                        Warning( +                            f'Cannot apply "{option_path.replace(".", " ")}" to "{option_value}".' \ +                            f' Interface "{eth_conf["ifname"]}" is a bond member.' \ +                            f' Option is inherited from bond "{bond_name}"') +                    dict_set(option_path, bond_option_value, eth_conf) +                    continue +                # if ethernet has option and bond interface does not have +                # then delete it form dict and do not apply it +                else: +                    if is_node_changed(conf, eth_path_base + option_path.split('.')): +                        Warning( +                            f'Cannot apply "{option_path.replace(".", " ")}".' \ +                            f' Interface "{eth_conf["ifname"]}" is a bond member.' \ +                            f' Option is inherited from bond "{bond_name}"') +                    dict_delete(option_path, eth_conf) +        blocked_list.append(option_path) + +    # if inherited option is not configured under ethernet section but configured under bond section +    for option_path in BondIf.get_inherit_bond_options(): +        bond_option_value = dict_search(option_path, bond_config_with_defaults) +        if bond_option_value is not None: +            if option_path not in eth_dict_paths: +                if is_node_changed(conf, eth_path_base + option_path.split('.')): +                    Warning( +                        f'Cannot apply "{option_path.replace(".", " ")}" to "{dict_search(option_path, config_with_defaults)}".' \ +                        f' Interface "{eth_conf["ifname"]}" is a bond member. ' \ +                        f'Option is inherited from bond "{bond_name}"') +                dict_set(option_path, bond_option_value, eth_conf) +    eth_conf['bond_blocked_changes'] = blocked_list +    return None +  def get_config(config=None):      """      Retrive CLI config as dictionary. Dictionary can never be empty, as at least the @@ -68,6 +157,8 @@ def get_config(config=None):      base = ['interfaces', 'ethernet']      ifname, ethernet = get_interface_dict(conf, base) +    if 'is_bond_member' in ethernet: +        update_bond_options(conf, ethernet)      if 'deleted' not in ethernet:         if pki: ethernet['pki'] = pki @@ -80,26 +171,20 @@ def get_config(config=None):      return ethernet -def verify(ethernet): -    if 'deleted' in ethernet: -        return None -    ifname = ethernet['ifname'] -    verify_interface_exists(ifname) -    verify_mtu(ethernet) -    verify_mtu_ipv6(ethernet) -    verify_dhcpv6(ethernet) -    verify_address(ethernet) -    verify_vrf(ethernet) -    verify_bond_bridge_member(ethernet) -    verify_eapol(ethernet) -    verify_mirror_redirect(ethernet) -    ethtool = Ethtool(ifname) -    # No need to check speed and duplex keys as both have default values. +def verify_speed_duplex(ethernet: dict, ethtool: Ethtool): +    """ +     Verify speed and duplex +    :param ethernet: dictionary which is received from get_interface_dict +    :type ethernet: dict +    :param ethtool: Ethernet object +    :type ethtool: Ethtool +    """      if ((ethernet['speed'] == 'auto' and ethernet['duplex'] != 'auto') or -        (ethernet['speed'] != 'auto' and ethernet['duplex'] == 'auto')): -            raise ConfigError('Speed/Duplex missmatch. Must be both auto or manually configured') +            (ethernet['speed'] != 'auto' and ethernet['duplex'] == 'auto')): +        raise ConfigError( +            'Speed/Duplex missmatch. Must be both auto or manually configured')      if ethernet['speed'] != 'auto' and ethernet['duplex'] != 'auto':          # We need to verify if the requested speed and duplex setting is @@ -107,37 +192,66 @@ def verify(ethernet):          speed = ethernet['speed']          duplex = ethernet['duplex']          if not ethtool.check_speed_duplex(speed, duplex): -            raise ConfigError(f'Adapter does not support changing speed and duplex '\ -                              f'settings to: {speed}/{duplex}!') +            raise ConfigError( +                f'Adapter does not support changing speed ' \ +                f'and duplex settings to: {speed}/{duplex}!') + +def verify_flow_control(ethernet: dict, ethtool: Ethtool): +    """ +     Verify flow control +    :param ethernet: dictionary which is received from get_interface_dict +    :type ethernet: dict +    :param ethtool: Ethernet object +    :type ethtool: Ethtool +    """      if 'disable_flow_control' in ethernet:          if not ethtool.check_flow_control(): -            raise ConfigError('Adapter does not support changing flow-control settings!') +            raise ConfigError( +                'Adapter does not support changing flow-control settings!') + +def verify_ring_buffer(ethernet: dict, ethtool: Ethtool): +    """ +     Verify ring buffer +    :param ethernet: dictionary which is received from get_interface_dict +    :type ethernet: dict +    :param ethtool: Ethernet object +    :type ethtool: Ethtool +    """      if 'ring_buffer' in ethernet:          max_rx = ethtool.get_ring_buffer_max('rx')          if not max_rx: -            raise ConfigError('Driver does not support RX ring-buffer configuration!') +            raise ConfigError( +                'Driver does not support RX ring-buffer configuration!')          max_tx = ethtool.get_ring_buffer_max('tx')          if not max_tx: -            raise ConfigError('Driver does not support TX ring-buffer configuration!') +            raise ConfigError( +                'Driver does not support TX ring-buffer configuration!')          rx = dict_search('ring_buffer.rx', ethernet)          if rx and int(rx) > int(max_rx): -            raise ConfigError(f'Driver only supports a maximum RX ring-buffer '\ +            raise ConfigError(f'Driver only supports a maximum RX ring-buffer ' \                                f'size of "{max_rx}" bytes!')          tx = dict_search('ring_buffer.tx', ethernet)          if tx and int(tx) > int(max_tx): -            raise ConfigError(f'Driver only supports a maximum TX ring-buffer '\ +            raise ConfigError(f'Driver only supports a maximum TX ring-buffer ' \                                f'size of "{max_tx}" bytes!') -    # verify offloading capabilities + +def verify_offload(ethernet: dict, ethtool: Ethtool): +    """ +     Verify offloading capabilities +    :param ethernet: dictionary which is received from get_interface_dict +    :type ethernet: dict +    :param ethtool: Ethernet object +    :type ethtool: Ethtool +    """      if dict_search('offload.rps', ethernet) != None: -        if not os.path.exists(f'/sys/class/net/{ifname}/queues/rx-0/rps_cpus'): +        if not os.path.exists(f'/sys/class/net/{ethernet["ifname"]}/queues/rx-0/rps_cpus'):              raise ConfigError('Interface does not suport RPS!') -      driver = ethtool.get_driver_name()      # T3342 - Xen driver requires special treatment      if driver == 'vif': @@ -145,14 +259,73 @@ def verify(ethernet):              raise ConfigError('Xen netback drivers requires scatter-gatter offloading '\                                'for MTU size larger then 1500 bytes') -    if {'is_bond_member', 'mac'} <= set(ethernet): -        Warning(f'changing mac address "{mac}" will be ignored as "{ifname}" ' \ -                f'is a member of bond "{is_bond_member}"'.format(**ethernet)) +def verify_allowedbond_changes(ethernet: dict): +    """ +     Verify changed options if interface is in bonding +    :param ethernet: dictionary which is received from get_interface_dict +    :type ethernet: dict +    """ +    if 'bond_blocked_changes' in ethernet: +        for option in ethernet['bond_blocked_changes']: +            raise ConfigError(f'Cannot configure "{option.replace(".", " ")}"' \ +                              f' on interface "{ethernet["ifname"]}".' \ +                              f' Interface is a bond member') + + +def verify(ethernet): +    if 'deleted' in ethernet: +        return None +    if 'is_bond_member' in ethernet: +        verify_bond_member(ethernet) +    else: +        verify_ethernet(ethernet) + + +def verify_bond_member(ethernet): +    """ +     Verification function for ethernet interface which is in bonding +    :param ethernet: dictionary which is received from get_interface_dict +    :type ethernet: dict +    """ +    ifname = ethernet['ifname'] +    verify_interface_exists(ifname) +    verify_eapol(ethernet) +    verify_mirror_redirect(ethernet) +    ethtool = Ethtool(ifname) +    verify_speed_duplex(ethernet, ethtool) +    verify_flow_control(ethernet, ethtool) +    verify_ring_buffer(ethernet, ethtool) +    verify_offload(ethernet, ethtool) +    verify_allowedbond_changes(ethernet) + +def verify_ethernet(ethernet): +    """ +     Verification function for simple ethernet interface +    :param ethernet: dictionary which is received from get_interface_dict +    :type ethernet: dict +    """ +    ifname = ethernet['ifname'] +    verify_interface_exists(ifname) +    verify_mtu(ethernet) +    verify_mtu_ipv6(ethernet) +    verify_dhcpv6(ethernet) +    verify_address(ethernet) +    verify_vrf(ethernet) +    verify_bond_bridge_member(ethernet) +    verify_eapol(ethernet) +    verify_mirror_redirect(ethernet) +    ethtool = Ethtool(ifname) +    # No need to check speed and duplex keys as both have default values. +    verify_speed_duplex(ethernet, ethtool) +    verify_flow_control(ethernet, ethtool) +    verify_ring_buffer(ethernet, ethtool) +    verify_offload(ethernet, ethtool)      # use common function to verify VLAN configuration      verify_vlan_config(ethernet)      return None +  def generate(ethernet):      # render real configuration file once      wpa_supplicant_conf = wpa_suppl_conf.format(**ethernet) @@ -192,7 +365,8 @@ def generate(ethernet):                  pki_ca_cert = ethernet['pki']['ca'][ca_cert_name]                  loaded_ca_cert = load_certificate(pki_ca_cert['certificate'])                  ca_full_chain = find_chain(loaded_ca_cert, loaded_ca_certs) -                ca_chains.append('\n'.join(encode_certificate(c) for c in ca_full_chain)) +                ca_chains.append( +                    '\n'.join(encode_certificate(c) for c in ca_full_chain))              write_file(ca_cert_file_path, '\n'.join(ca_chains)) @@ -219,6 +393,7 @@ if __name__ == '__main__':          c = get_config()          verify(c)          generate(c) +          apply(c)      except ConfigError as e:          print(e) diff --git a/src/migration-scripts/interfaces/30-to-31 b/src/migration-scripts/interfaces/30-to-31 new file mode 100755 index 000000000..894106ef4 --- /dev/null +++ b/src/migration-scripts/interfaces/30-to-31 @@ -0,0 +1,71 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021-2023 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program.  If not, see <http://www.gnu.org/licenses/>. +# +# Deletes Wireguard peers if they have the same public key as the router has. + +import json +from sys import argv +from sys import exit +from vyos.configtree import ConfigTree +from vyos.ifconfig import EthernetIf +from vyos.ifconfig import BondIf +from vyos.utils.dict import dict_to_paths_values + +if len(argv) < 2: +    print("Must specify file name!") +    exit(1) + +file_name = argv[1] +with open(file_name, 'r') as f: +    config_file = f.read() +    base = ['interfaces', 'bonding'] + +config = ConfigTree(config_file) +if not config.exists(base): +    # Nothing to do +    exit(0) +for bond in config.list_nodes(base): +    member_base = base + [bond, 'member', 'interface'] +    if config.exists(member_base): +        for interface in config.return_values(member_base): +            if_base = ['interfaces', 'ethernet', interface] +            if config.exists(if_base): +                config_ethernet = json.loads(config.get_subtree(if_base).to_json()) +                eth_dict_paths = dict_to_paths_values(config_ethernet) +                for option_path, option_value in eth_dict_paths.items(): +                    # If option is allowed for changing then continue +                    converted_path = option_path.replace('-','_') +                    if converted_path in EthernetIf.get_bond_member_allowed_options(): +                        continue +                    # if option is inherited from bond then continue +                    if converted_path in BondIf.get_inherit_bond_options(): +                        continue +                    option_path_list = option_path.split('.') +                    config.delete(if_base + option_path_list) +                    del option_path_list[-1] +                    # delete empty node from config +                    while len(option_path_list) > 0: +                        if config.list_nodes(if_base + option_path_list): +                            break +                        config.delete(if_base + option_path_list) +                        del option_path_list[-1] + +try: +    with open(file_name, 'w') as f: +        f.write(config.to_string()) +except OSError as e: +    print(f'Failed to save the modified config: {e}') +    exit(1) | 
