diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-04-11 11:24:46 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-04-11 11:26:33 +0200 |
| commit | 13510cac5a4aadc3f6ca79c8c7fd7276abe95be3 (patch) | |
| tree | d391c823185bf8d93032c9b0a86ad7000e24e832 | |
| parent | 7f648cb2348ebe790757a98ef1d51275d0377650 (diff) | |
| download | vyos-1x-13510cac5a4aadc3f6ca79c8c7fd7276abe95be3.tar.gz vyos-1x-13510cac5a4aadc3f6ca79c8c7fd7276abe95be3.zip | |
vpn: sstp: T2008: migrate from SysVinit -> systemd
| -rw-r--r-- | data/templates/sstp/sstp.config.tmpl | 2 | ||||
| -rwxr-xr-x | src/conf_mode/vpn_sstp.py | 85 | ||||
| -rw-r--r-- | src/etc/systemd/system/accel-ppp-sstp.service | 14 |
3 files changed, 33 insertions, 68 deletions
diff --git a/data/templates/sstp/sstp.config.tmpl b/data/templates/sstp/sstp.config.tmpl index 19805358e..d5f55b2df 100644 --- a/data/templates/sstp/sstp.config.tmpl +++ b/data/templates/sstp/sstp.config.tmpl @@ -52,7 +52,7 @@ dns{{ loop.index }}={{ dns }} {% if auth_mode == 'local' %} [chap-secrets] -chap-secrets=/etc/accel-ppp/sstp/chap-secrets +chap-secrets={{ sstp_chap_secrets }} {% elif auth_mode == 'radius' %} [radius] verbose=1 diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py index 13a24675d..a0bcb1acf 100755 --- a/src/conf_mode/vpn_sstp.py +++ b/src/conf_mode/vpn_sstp.py @@ -18,7 +18,6 @@ import os from time import sleep from sys import exit -from socket import socket, AF_INET, SOCK_STREAM from copy import deepcopy from stat import S_IRUSR, S_IWUSR, S_IRGRP from jinja2 import FileSystemLoader, Environment @@ -26,41 +25,16 @@ from jinja2 import FileSystemLoader, Environment from vyos.config import Config from vyos import ConfigError from vyos.defaults import directories as vyos_data_dir -from vyos.util import process_running -from vyos.util import process_running, cmd, run - -pidfile = r'/var/run/accel_sstp.pid' -sstp_cnf_dir = r'/etc/accel-ppp/sstp' -chap_secrets = sstp_cnf_dir + '/chap-secrets' -sstp_conf = sstp_cnf_dir + '/sstp.config' - -# config path creation -if not os.path.exists(sstp_cnf_dir): - os.makedirs(sstp_cnf_dir) - -def chk_con(): - cnt = 0 - s = socket(AF_INET, SOCK_STREAM) - while True: - try: - s.connect(("127.0.0.1", 2005)) - s.close() - break - except ConnectionRefusedError: - sleep(0.5) - cnt += 1 - if cnt == 100: - raise("failed to start sstp server") - break - - -def _accel_cmd(command): - return run(f'/usr/bin/accel-cmd -p 2005 {command}') +from vyos.util import call, run + +sstp_conf = '/etc/accel-ppp/sstp.conf' +sstp_chap_secrets = '/etc/accel-ppp/sstp.chap-secrets' default_config_data = { 'local_users' : [], 'auth_mode' : 'local', 'auth_proto' : ['auth_mschap_v2'], + 'chap_secrets_file': sstp_chap_secrets, # used in Jinja2 template 'client_gateway': '', 'radius_server' : [], 'radius_acct_tmo' : '3', @@ -340,52 +314,29 @@ def generate(sstp): if sstp['local_users']: tmpl = env.get_template('chap-secrets.tmpl') config_text = tmpl.render(sstp) - with open(chap_secrets, 'w') as f: - f.write(config_text) + with open(sstp_chap_secrets, 'w') as f: + f.write(sstp_chap_secrets) - os.chmod(chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP) + os.chmod(sstp_chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP) else: - if os.path.exists(chap_secrets): - os.unlink(chap_secrets) + if os.path.exists(sstp_chap_secrets): + os.unlink(sstp_chap_secrets) return sstp def apply(sstp): - if sstp is None: - if process_running(pidfile): - command = 'start-stop-daemon' - command += ' --stop ' - command += ' --quiet' - command += ' --oknodo' - command += ' --pidfile ' + pidfile - cmd(command) + if not sstp: + call('systemctl stop accel-ppp-sstp.service') - if os.path.exists(pidfile): - os.remove(pidfile) + if os.path.exists(sstp_conf): + os.unlink(sstp_conf) - return None + if os.path.exists(sstp_chap_secrets): + os.unlink(sstp_chap_secrets) - if not process_running(pidfile): - if os.path.exists(pidfile): - os.remove(pidfile) - - command = 'start-stop-daemon' - command += ' --start ' - command += ' --quiet' - command += ' --oknodo' - command += ' --pidfile ' + pidfile - command += ' --exec /usr/sbin/accel-pppd' - # now pass arguments to accel-pppd binary - command += ' --' - command += ' -c ' + sstp_conf - command += ' -p ' + pidfile - command += ' -d' - cmd(command) - - chk_con() + return None - else: - _accel_cmd('restart') + call('systemctl restart accel-ppp-sstp.service') if __name__ == '__main__': diff --git a/src/etc/systemd/system/accel-ppp-sstp.service b/src/etc/systemd/system/accel-ppp-sstp.service new file mode 100644 index 000000000..03bd7f99c --- /dev/null +++ b/src/etc/systemd/system/accel-ppp-sstp.service @@ -0,0 +1,14 @@ +[Unit] +Description=Accel-PPP/SSTP +After=vyos-router.service + +[Service] +ExecStart=/usr/sbin/accel-pppd -d -p /run/accel-pppd-sstp.pid -c /etc/accel-ppp/sstp.conf +ExecReload=/bin/kill -SIGUSR1 $MAINPID +PIDFile=/run/accel-pppd-sstp.pid +Type=forking +Restart=always + +[Install] +WantedBy=multi-user.target +Alias=accel-ppp-sstp.service |