diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-04-11 01:05:35 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-04-11 11:26:33 +0200 |
| commit | fb40f020bcd2bdb0e2fbbbd13d4557e7e4da030d (patch) | |
| tree | 7816d53f1f2a8bb4aaa7c11a019424a167f38add | |
| parent | becda904d1c4a8995488713420265c7c85a64cb9 (diff) | |
| download | vyos-1x-fb40f020bcd2bdb0e2fbbbd13d4557e7e4da030d.tar.gz vyos-1x-fb40f020bcd2bdb0e2fbbbd13d4557e7e4da030d.zip | |
vpn: l2tp: T2264: migrate from SysVinit -> systemd
| -rwxr-xr-x | src/conf_mode/vpn_l2tp.py | 70 | ||||
| -rw-r--r-- | src/etc/systemd/system/accel-ppp-l2tp.service | 14 |
2 files changed, 31 insertions, 53 deletions
diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py index fa336f6de..fbccc93d1 100755 --- a/src/conf_mode/vpn_l2tp.py +++ b/src/conf_mode/vpn_l2tp.py @@ -18,7 +18,6 @@ import os import re from copy import deepcopy -from socket import AF_INET, SOCK_STREAM, socket from stat import S_IRUSR, S_IWUSR, S_IRGRP from sys import exit from time import sleep @@ -27,19 +26,18 @@ from jinja2 import FileSystemLoader, Environment from vyos.config import Config from vyos.defaults import directories as vyos_data_dir -from vyos.util import run +from vyos.util import call from vyos.validate import is_ipv4 from vyos import ConfigError -pidfile = '/var/run/accel_l2tp.pid' -l2tp_conf = '/etc/accel-ppp/l2tp/l2tp.config' -l2tp_chap_secrets = '/etc/accel-ppp/l2tp/chap-secrets' +l2tp_conf = '/etc/accel-ppp/l2tp.conf' +l2tp_chap_secrets = '/etc/accel-ppp/l2tp.chap-secrets' default_config_data = { 'auth_mode': 'local', 'auth_ppp_mppe': 'prefer', 'auth_proto': ['auth_mschap_v2'], - 'chap_secrets_file': l2tp_chap_secrets, + 'chap_secrets_file': l2tp_chap_secrets, # used in Jinja2 template 'client_ip_pool': None, 'client_ip_subnets': [], 'client_ipv6_pool': {}, @@ -70,30 +68,6 @@ default_config_data = { 'thread_cnt': 1 } -def chk_con(): - """ - Depending on hardware and threads, daemon needs a little to start if it - takes longer than 100 * 0.5 secs, exception is being raised not sure if - that's the best way to check it, but it worked so far quite well - """ - cnt = 0 - s = socket(AF_INET, SOCK_STREAM) - while True: - try: - s.connect(("127.0.0.1", 2004)) - break - except ConnectionRefusedError: - sleep(0.5) - cnt += 1 - if cnt == 100: - raise("failed to start l2tp server") - break - - -def _accel_cmd(command): - return run(f'/usr/bin/accel-cmd -p 2004 {command}') - - def get_config(): conf = Config() base_path = ['vpn', 'l2tp', 'remote-access'] @@ -351,11 +325,6 @@ def generate(l2tp): if not l2tp: return None - # Create configuration directory if it's non existent - dirname = os.path.dirname(l2tp_conf) - if not os.path.isdir(dirname): - os.mkdir(dirname) - # Prepare Jinja2 template loader from files tmpl_path = os.path.join(vyos_data_dir['data'], 'templates', 'l2tp') fs_loader = FileSystemLoader(tmpl_path) @@ -369,36 +338,31 @@ def generate(l2tp): if l2tp['auth_mode'] == 'local': tmpl = env.get_template('chap-secrets.tmpl') config_text = tmpl.render(l2tp) - with open(l2tp['chap_secrets_file'], 'w') as f: + with open(l2tp_chap_secrets, 'w') as f: f.write(config_text) - os.chmod(l2tp['chap_secrets_file'], S_IRUSR | S_IWUSR | S_IRGRP) + os.chmod(l2tp_chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP) else: - if os.path.exists(l2tp['chap_secrets_file']): - os.unlink(l2tp['chap_secrets_file']) + if os.path.exists(l2tp_chap_secrets): + os.unlink(l2tp_chap_secrets) return None def apply(l2tp): if not l2tp: - if os.path.exists(pidfile): - _accel_cmd('shutdown hard') - if os.path.exists(pidfile): - os.remove(pidfile) - return None + call('systemctl stop accel-ppp-l2tp.service') - if not os.path.exists(pidfile): - ret = run(f'/usr/sbin/accel-pppd -c {l2tp_conf} -p {pidfile} -d') - chk_con() - if ret != 0 and os.path.exists(pidfile): - os.remove(pidfile) - raise ConfigError('accel-pppd failed to start') - else: - # if gw ip changes, only restart doesn't work - _accel_cmd('restart') + if os.path.exists(l2tp_conf): + os.unlink(l2tp_conf) + + if os.path.exists(l2tp_chap_secrets): + os.unlink(l2tp_chap_secrets) + + return None + call('systemctl restart accel-ppp-l2tp.service') if __name__ == '__main__': try: diff --git a/src/etc/systemd/system/accel-ppp-l2tp.service b/src/etc/systemd/system/accel-ppp-l2tp.service new file mode 100644 index 000000000..27f0cc8c0 --- /dev/null +++ b/src/etc/systemd/system/accel-ppp-l2tp.service @@ -0,0 +1,14 @@ +[Unit] +Description=Accel-PPP/L2TP +After=vyos-router.service + +[Service] +ExecStart=/usr/sbin/accel-pppd -d -p /run/accel-pppd-l2tp.pid -c /etc/accel-ppp/l2tp.conf +ExecReload=/bin/kill -SIGUSR1 $MAINPID +PIDFile=/run/accel-pppd-l2tp.pid +Type=forking +Restart=always + +[Install] +WantedBy=multi-user.target +Alias=accel-ppp-l2tp.service |