diff options
| author | hagbard <vyosdev@derith.de> | 2019-09-19 13:16:56 -0700 |
|---|---|---|
| committer | hagbard <vyosdev@derith.de> | 2019-09-19 13:16:56 -0700 |
| commit | eb9c6ff745fc5d4e23c224a441874ae6fcf97ac5 (patch) | |
| tree | 9c6497096d67079154d222e9164880a2e74817f5 | |
| parent | 4a2a06f400593107393755777fdd42b57bbaa21b (diff) | |
| download | vyos-1x-eb9c6ff745fc5d4e23c224a441874ae6fcf97ac5.tar.gz vyos-1x-eb9c6ff745fc5d4e23c224a441874ae6fcf97ac5.zip | |
[wireguard] - T1672: Wireguard keys not automatically moved
- due to the named keys feature keys reside in named directories
- adding a check if the variable VYOS_TAGNODE_VALUE has content
| -rwxr-xr-x | src/conf_mode/interface-wireguard.py | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/src/conf_mode/interface-wireguard.py b/src/conf_mode/interface-wireguard.py index d51a7a08d..4ae3251fe 100755 --- a/src/conf_mode/interface-wireguard.py +++ b/src/conf_mode/interface-wireguard.py @@ -26,12 +26,16 @@ from vyos.config import Config from vyos import ConfigError from vyos.ifconfig import WireGuardIf -ifname = str(os.environ['VYOS_TAGNODE_VALUE']) -intfc = WireGuardIf(ifname) +try: + ifname = str(os.environ['VYOS_TAGNODE_VALUE']) + intfc = WireGuardIf(ifname) +except KeyError: + print("Interface not specified") + sys.exit(1) kdir = r'/config/auth/wireguard' -def check_kmod(): +def _check_kmod(): if not os.path.exists('/sys/module/wireguard'): sl.syslog(sl.LOG_NOTICE, "loading wirguard kmod") if os.system('sudo modprobe wireguard') != 0: @@ -39,6 +43,19 @@ def check_kmod(): raise ConfigError("modprobe wireguard failed") +def _migrate_default_keys(): + if os.path.exists('{}/private.key'.format(kdir)) and not os.path.exists('{}/default/private.key'.format(kdir)): + sl.syslog(sl.LOG_NOTICE, "migrate keypair to default") + old_umask = os.umask(0o027) + location = '{}/default'.format(kdir) + subprocess.call(['sudo mkdir -p ' + location], shell=True) + subprocess.call(['sudo chgrp vyattacfg ' + location], shell=True) + subprocess.call(['sudo chmod 750 ' + location], shell=True) + os.rename('{}/private.key'.format(kdir),'{}/private.key'.format(location)) + os.rename('{}/public.key'.format(kdir),'{}/public.key'.format(location)) + os.umask(old_umask) + + def get_config(): c = Config() if not c.exists('interfaces wireguard'): @@ -257,7 +274,8 @@ def apply(c): if __name__ == '__main__': try: - check_kmod() + _check_kmod() + _migrate_default_keys() c = get_config() verify(c) apply(c) |