summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-04-18 18:40:53 +0200
committerChristian Poessinger <christian@poessinger.com>2020-04-18 21:35:28 +0200
commitf07f46d36e17ea07b0db65e3856cc090033d9e78 (patch)
tree0c98755d9466a3079edc1e7880bf9192c69a1b59
parentb81a37d19abfac0dbc1f49860dbe75a4f8caed61 (diff)
downloadvyos-1x-f07f46d36e17ea07b0db65e3856cc090033d9e78.tar.gz
vyos-1x-f07f46d36e17ea07b0db65e3856cc090033d9e78.zip
ipoe-server: T2324: migrate RADIUS configuration to common CLI syntax
-rw-r--r--interface-definitions/service_ipoe-server.xml.in81
-rwxr-xr-xsrc/conf_mode/service_ipoe-server.py6
-rwxr-xr-xsrc/migration-scripts/ipoe-server/0-to-123
3 files changed, 45 insertions, 65 deletions
diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in
index f0651d53d..decd94060 100644
--- a/interface-definitions/service_ipoe-server.xml.in
+++ b/interface-definitions/service_ipoe-server.xml.in
@@ -232,43 +232,26 @@
</tagNode>
</children>
</tagNode>
- <tagNode name="radius-server">
- <properties>
- <help>IP address of RADIUS server</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IP address of RADIUS server</description>
- </valueHelp>
- </properties>
- <children>
- <leafNode name="secret">
- <properties>
- <help>Key for accessing the specified server</help>
- </properties>
- </leafNode>
- <leafNode name="req-limit">
- <properties>
- <help>Maximum number of simultaneous requests to server (default: unlimited)</help>
- </properties>
- </leafNode>
- <leafNode name="fail-time">
- <properties>
- <help>If server does not respond, mark it unavailable for this time (seconds)</help>
- </properties>
- </leafNode>
- <leafNode name="disable">
- <properties>
- <help>Temporary disable this server</help>
- <valueless/>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- <node name="radius-settings">
- <properties>
- <help>RADIUS settings</help>
- </properties>
+ #include <include/radius-server.xml.i>
+ <node name="radius">
<children>
+ <tagNode name="server">
+ <children>
+ <leafNode name="fail-time">
+ <properties>
+ <help>Mark server unavailable for &lt;n&gt; seconds on failure</help>
+ <valueHelp>
+ <format>0-600</format>
+ <description>Fail time penalty</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-600"/>
+ </constraint>
+ <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
<leafNode name="timeout">
<properties>
<help>Timeout to wait response from server (seconds)</help>
@@ -289,18 +272,6 @@
<help>Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help>
</properties>
</leafNode>
- <leafNode name="nas-ip-address">
- <properties>
- <help>Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address.</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address of the DAE Server</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
<node name="dae-server">
<properties>
<help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help>
@@ -309,25 +280,11 @@
<leafNode name="ip-address">
<properties>
<help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address of the DAE Server</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
</properties>
</leafNode>
<leafNode name="port">
<properties>
<help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
- <valueHelp>
- <format>1-65535</format>
- <description>port number</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-65535"/>
- </constraint>
</properties>
</leafNode>
<leafNode name="secret">
diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py
index 25c33cc6d..958fbd561 100755
--- a/src/conf_mode/service_ipoe-server.py
+++ b/src/conf_mode/service_ipoe-server.py
@@ -137,7 +137,7 @@ def get_config():
#
# authentication mode radius servers and settings
if conf.exists(['authentication', 'mode', 'radius']):
- for server in conf.list_nodes(['authentication', 'radius-server']):
+ for server in conf.list_nodes(['authentication', 'radius', 'server']):
radius = {
'server' : server,
'key' : '',
@@ -145,7 +145,7 @@ def get_config():
'port' : '1812'
}
- conf.set_level(base_path + ['authentication', 'radius-server', server])
+ conf.set_level(base_path + ['authentication', 'radius', 'server', server])
if conf.exists(['fail-time']):
radius['fail-time'] = conf.return_value(['fail-time'])
@@ -161,7 +161,7 @@ def get_config():
#
# advanced radius-setting
- conf.set_level(base_path + ['authentication', 'radius-settings'])
+ conf.set_level(base_path + ['authentication', 'radius'])
if conf.exists(['acct-timeout']):
ipoe['radius_acct_tmo'] = conf.return_value(['acct-timeout'])
diff --git a/src/migration-scripts/ipoe-server/0-to-1 b/src/migration-scripts/ipoe-server/0-to-1
index 94addcbdb..c04a7fb19 100755
--- a/src/migration-scripts/ipoe-server/0-to-1
+++ b/src/migration-scripts/ipoe-server/0-to-1
@@ -15,6 +15,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# - remove primary/secondary identifier from nameserver
+# - Unifi RADIUS configuration by placing it all under "authentication radius" node
import os
import sys
@@ -58,6 +59,28 @@ else:
config.delete(dns_base)
+ # Migrate radius-settings node to RADIUS and use this as base for the
+ # later migration of the RADIUS servers - this will save a lot of code
+ radius_settings = base + ['authentication', 'radius-settings']
+ if config.exists(radius_settings):
+ config.rename(radius_settings, 'radius')
+
+ # Migrate RADIUS server
+ radius_server = base + ['authentication', 'radius-server']
+ if config.exists(radius_server):
+ new_base = base + ['authentication', 'radius', 'server']
+ config.set(new_base)
+ config.set_tag(new_base)
+ for server in config.list_nodes(radius_server):
+ old_base = radius_server + [server]
+ config.copy(old_base, new_base + [server])
+
+ # remove old req-limit node
+ if config.exists(new_base + [server, 'req-limit']):
+ config.delete(new_base + [server, 'req-limit'])
+
+ config.delete(radius_server)
+
try:
with open(file_name, 'w') as f:
f.write(config.to_string())