diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-04-18 18:40:53 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-04-18 21:35:28 +0200 |
commit | f07f46d36e17ea07b0db65e3856cc090033d9e78 (patch) | |
tree | 0c98755d9466a3079edc1e7880bf9192c69a1b59 | |
parent | b81a37d19abfac0dbc1f49860dbe75a4f8caed61 (diff) | |
download | vyos-1x-f07f46d36e17ea07b0db65e3856cc090033d9e78.tar.gz vyos-1x-f07f46d36e17ea07b0db65e3856cc090033d9e78.zip |
ipoe-server: T2324: migrate RADIUS configuration to common CLI syntax
-rw-r--r-- | interface-definitions/service_ipoe-server.xml.in | 81 | ||||
-rwxr-xr-x | src/conf_mode/service_ipoe-server.py | 6 | ||||
-rwxr-xr-x | src/migration-scripts/ipoe-server/0-to-1 | 23 |
3 files changed, 45 insertions, 65 deletions
diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in index f0651d53d..decd94060 100644 --- a/interface-definitions/service_ipoe-server.xml.in +++ b/interface-definitions/service_ipoe-server.xml.in @@ -232,43 +232,26 @@ </tagNode> </children> </tagNode> - <tagNode name="radius-server"> - <properties> - <help>IP address of RADIUS server</help> - <valueHelp> - <format>ipv4</format> - <description>IP address of RADIUS server</description> - </valueHelp> - </properties> - <children> - <leafNode name="secret"> - <properties> - <help>Key for accessing the specified server</help> - </properties> - </leafNode> - <leafNode name="req-limit"> - <properties> - <help>Maximum number of simultaneous requests to server (default: unlimited)</help> - </properties> - </leafNode> - <leafNode name="fail-time"> - <properties> - <help>If server does not respond, mark it unavailable for this time (seconds)</help> - </properties> - </leafNode> - <leafNode name="disable"> - <properties> - <help>Temporary disable this server</help> - <valueless/> - </properties> - </leafNode> - </children> - </tagNode> - <node name="radius-settings"> - <properties> - <help>RADIUS settings</help> - </properties> + #include <include/radius-server.xml.i> + <node name="radius"> <children> + <tagNode name="server"> + <children> + <leafNode name="fail-time"> + <properties> + <help>Mark server unavailable for <n> seconds on failure</help> + <valueHelp> + <format>0-600</format> + <description>Fail time penalty</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-600"/> + </constraint> + <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> <leafNode name="timeout"> <properties> <help>Timeout to wait response from server (seconds)</help> @@ -289,18 +272,6 @@ <help>Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help> </properties> </leafNode> - <leafNode name="nas-ip-address"> - <properties> - <help>Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address.</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address of the DAE Server</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - </leafNode> <node name="dae-server"> <properties> <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help> @@ -309,25 +280,11 @@ <leafNode name="ip-address"> <properties> <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address of the DAE Server</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> </properties> </leafNode> <leafNode name="port"> <properties> <help>Port for Dynamic Authorization Extension server (DM/CoA)</help> - <valueHelp> - <format>1-65535</format> - <description>port number</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> </properties> </leafNode> <leafNode name="secret"> diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py index 25c33cc6d..958fbd561 100755 --- a/src/conf_mode/service_ipoe-server.py +++ b/src/conf_mode/service_ipoe-server.py @@ -137,7 +137,7 @@ def get_config(): # # authentication mode radius servers and settings if conf.exists(['authentication', 'mode', 'radius']): - for server in conf.list_nodes(['authentication', 'radius-server']): + for server in conf.list_nodes(['authentication', 'radius', 'server']): radius = { 'server' : server, 'key' : '', @@ -145,7 +145,7 @@ def get_config(): 'port' : '1812' } - conf.set_level(base_path + ['authentication', 'radius-server', server]) + conf.set_level(base_path + ['authentication', 'radius', 'server', server]) if conf.exists(['fail-time']): radius['fail-time'] = conf.return_value(['fail-time']) @@ -161,7 +161,7 @@ def get_config(): # # advanced radius-setting - conf.set_level(base_path + ['authentication', 'radius-settings']) + conf.set_level(base_path + ['authentication', 'radius']) if conf.exists(['acct-timeout']): ipoe['radius_acct_tmo'] = conf.return_value(['acct-timeout']) diff --git a/src/migration-scripts/ipoe-server/0-to-1 b/src/migration-scripts/ipoe-server/0-to-1 index 94addcbdb..c04a7fb19 100755 --- a/src/migration-scripts/ipoe-server/0-to-1 +++ b/src/migration-scripts/ipoe-server/0-to-1 @@ -15,6 +15,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # - remove primary/secondary identifier from nameserver +# - Unifi RADIUS configuration by placing it all under "authentication radius" node import os import sys @@ -58,6 +59,28 @@ else: config.delete(dns_base) + # Migrate radius-settings node to RADIUS and use this as base for the + # later migration of the RADIUS servers - this will save a lot of code + radius_settings = base + ['authentication', 'radius-settings'] + if config.exists(radius_settings): + config.rename(radius_settings, 'radius') + + # Migrate RADIUS server + radius_server = base + ['authentication', 'radius-server'] + if config.exists(radius_server): + new_base = base + ['authentication', 'radius', 'server'] + config.set(new_base) + config.set_tag(new_base) + for server in config.list_nodes(radius_server): + old_base = radius_server + [server] + config.copy(old_base, new_base + [server]) + + # remove old req-limit node + if config.exists(new_base + [server, 'req-limit']): + config.delete(new_base + [server, 'req-limit']) + + config.delete(radius_server) + try: with open(file_name, 'w') as f: f.write(config.to_string()) |