summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-04-16 16:12:43 +0200
committerGitHub <noreply@github.com>2020-04-16 16:12:43 +0200
commit30b85d8316abde986f5ec10cd3365786a0eb88ed (patch)
tree100d6729b22a2dec3fc1dffa30dad2f0d7bcdcd4
parentf50877bff8afed409f02d2978da6a70c383ccea1 (diff)
parent3c4e32ec1f09d709cf99c94e84c4c647418ae57f (diff)
downloadvyos-1x-30b85d8316abde986f5ec10cd3365786a0eb88ed.tar.gz
vyos-1x-30b85d8316abde986f5ec10cd3365786a0eb88ed.zip
Merge pull request #347 from DmitriyEshenko/fix-ipoe
ipoe: T2294: Fix templates and migrate to systemd
-rw-r--r--data/templates/ipoe-server/chap-secrets.tmpl32
-rw-r--r--data/templates/ipoe-server/ipoe.config.tmpl21
-rwxr-xr-xsrc/conf_mode/service-ipoe.py93
3 files changed, 56 insertions, 90 deletions
diff --git a/data/templates/ipoe-server/chap-secrets.tmpl b/data/templates/ipoe-server/chap-secrets.tmpl
index 707718e94..5e35d5775 100644
--- a/data/templates/ipoe-server/chap-secrets.tmpl
+++ b/data/templates/ipoe-server/chap-secrets.tmpl
@@ -1,18 +1,18 @@
# username server password acceptable local IP addresses shaper
-{% for aifc in auth['auth_if'] %}
-{% for mac in auth['auth_if'][aifc] %}
-{% if (auth['auth_if'][aifc][mac]['up']) and (auth['auth_if'][aifc][mac]['down']) %}
+{% for aifc in auth['auth_if'] -%}
+{% for mac in auth['auth_if'][aifc] -%}
+{% if (auth['auth_if'][aifc][mac]['up']) and (auth['auth_if'][aifc][mac]['down']) -%}
+{% if auth['auth_if'][aifc][mac]['vlan'] -%}
+{{aifc}}.{{auth['auth_if'][aifc][mac]['vlan']}} * {{mac.lower()}} * {{auth['auth_if'][aifc][mac]['down']}}/{{auth['auth_if'][aifc][mac]['up']}}
+{% else -%}
+{{aifc}} * {{mac.lower()}} * {{auth['auth_if'][aifc][mac]['down']}}/{{auth['auth_if'][aifc][mac]['up']}}
+{% endif -%}
+{% else -%}
{% if auth['auth_if'][aifc][mac]['vlan'] %}
-{{aifc}}.{{auth['auth_if'][aifc][mac]['vlan']}}\t*\t{{mac.lower()}}\t*\t{{auth['auth_if'][aifc][mac]['down']}}/{{auth['auth_if'][aifc][mac]['up']}}
-{% else %}
-{{aifc}}\t*\t{{mac.lower()}}\t*\t{{auth['auth_if'][aifc][mac]['down']}}/{{auth['auth_if'][aifc][mac]['up']}}
-{% endif %}
-{% else %}
-{% if auth['auth_if'][aifc][mac]['vlan'] %}
-{{aifc}}.{{auth['auth_if'][aifc][mac]['vlan']}}\t*\t{{mac.lower()}}\t*
-{% else %}
-{{aifc}}\t*\t{{mac.lower()}}\t*
-{% endif %}
-{% endif %}
-{% endfor %}
-{% endfor %}
+{{aifc}}.{{auth['auth_if'][aifc][mac]['vlan']}} * {{mac.lower()}} *
+{% else -%}
+{{aifc}} * {{mac.lower()}} *
+{% endif -%}
+{% endif -%}
+{% endfor -%}
+{% endfor -%}
diff --git a/data/templates/ipoe-server/ipoe.config.tmpl b/data/templates/ipoe-server/ipoe.config.tmpl
index 109bc0d92..0a5ee09a6 100644
--- a/data/templates/ipoe-server/ipoe.config.tmpl
+++ b/data/templates/ipoe-server/ipoe.config.tmpl
@@ -26,16 +26,7 @@ level=5
verbose=1
{% for intfc in interfaces %}
{% if interfaces[intfc]['vlan_mon'] %}
-interface=re:{{intfc}}\.\d+,\
-{% else %}
-interface={{intfc}},\
-{% endif %}
-shared={{interfaces[intfc]['shared']}},\
-mode={{interfaces[intfc]['mode']}},\
-ifcfg={{interfaces[intfc]['ifcfg']}},\
-range={{interfaces[intfc]['range']}},\
-start={{interfaces[intfc]['sess_start']}},\
-ipv6=1
+interface=re:{{intfc}}\.\d+,{% else %}interface={{intfc}},{% endif %}shared={{interfaces[intfc]['shared']}},mode={{interfaces[intfc]['mode']}},ifcfg={{interfaces[intfc]['ifcfg']}},range={{interfaces[intfc]['range']}},start={{interfaces[intfc]['sess_start']}},ipv6=1
{% endfor %}
{% if auth['mech'] == 'noauth' %}
noauth=1
@@ -86,20 +77,20 @@ delegate={{pd}}
{% if auth['mech'] == 'local' %}
[chap-secrets]
-chap-secrets=/etc/accel-ppp/ipoe/chap-secrets
+chap-secrets={{chap_secrets_file}}
{% endif %}
{% if auth['mech'] == 'radius' %}
[radius]
verbose=1
{% for srv in auth['radius'] %}
-server={{srv}},{{auth['radius'][srv]['secret']}},\
-req-limit={{auth['radius'][srv]['req-limit']}},\
+server={{srv}},{{auth['radius'][srv]['secret']}},
+req-limit={{auth['radius'][srv]['req-limit']}},
fail-time={{auth['radius'][srv]['fail-time']}}
{% endfor %}
{% if auth['radsettings']['dae-server']['ip-address'] %}
-dae-server={{auth['radsettings']['dae-server']['ip-address']}}:\
-{{auth['radsettings']['dae-server']['port']}},\
+dae-server={{auth['radsettings']['dae-server']['ip-address']}}:
+{{auth['radsettings']['dae-server']['port']}},
{{auth['radsettings']['dae-server']['secret']}}
{% endif -%}
{% if auth['radsettings']['acct-timeout'] %}
diff --git a/src/conf_mode/service-ipoe.py b/src/conf_mode/service-ipoe.py
index 3a14d92ef..76aa80a10 100755
--- a/src/conf_mode/service-ipoe.py
+++ b/src/conf_mode/service-ipoe.py
@@ -17,27 +17,18 @@
import os
import re
-from socket import socket, AF_INET, SOCK_STREAM
from sys import exit
from time import sleep
+from stat import S_IRUSR, S_IWUSR, S_IRGRP
from vyos.config import Config
from vyos import ConfigError
-from vyos.util import run
+from vyos.util import call
from vyos.template import render
-ipoe_cnf_dir = r'/etc/accel-ppp/ipoe'
-ipoe_cnf = ipoe_cnf_dir + r'/ipoe.config'
-
-pidfile = r'/var/run/accel_ipoe.pid'
-cmd_port = r'2002'
-
-chap_secrets = ipoe_cnf_dir + '/chap-secrets'
-## accel-pppd -d -c /etc/accel-ppp/pppoe/pppoe.config -p /var/run/accel_pppoe.pid
-
-if not os.path.exists(ipoe_cnf_dir):
- os.makedirs(ipoe_cnf_dir)
+ipoe_conf = '/run/accel-pppd/ipoe.conf'
+ipoe_chap_secrets = '/run/accel-pppd/ipoe.chap-secrets'
def _get_cpu():
@@ -49,33 +40,14 @@ def _get_cpu():
return cpu_cnt
-def _chk_con():
- cnt = 0
- s = socket(AF_INET, SOCK_STREAM)
- while True:
- try:
- s.connect(("127.0.0.1", int(cmd_port)))
- break
- except ConnectionRefusedError:
- sleep(0.5)
- cnt += 1
- if cnt == 100:
- raise("failed to start pppoe server")
- break
-
-
-def _accel_cmd(command):
- return run('/usr/bin/accel-cmd -p {cmd_port} {command}')
-
-##### Inline functions end ####
-
-
def get_config():
c = Config()
if not c.exists(['service', 'ipoe-server']):
return None
- config_data = {}
+ config_data = {
+ 'chap_secrets_file' : ipoe_chap_secrets
+ }
c.set_level(['service', 'ipoe-server'])
config_data['interfaces'] = {}
@@ -215,20 +187,26 @@ def get_config():
return config_data
-def generate(c):
- if c == None or not c:
+def generate(ipoe):
+ if not ipoe:
return None
- c['thread_cnt'] = _get_cpu()
+ dirname = os.path.dirname(ipoe_conf)
+ if not os.path.exists(dirname):
+ os.mkdir(dirname)
- if c['auth']['mech'] == 'local':
- old_umask = os.umask(0o077)
- render(chap_secrets, 'ipoe-server/chap-secrets.tmpl', c, trim_blocks=True)
- os.umask(old_umask)
+ ipoe['thread_cnt'] = _get_cpu()
+ render(ipoe_conf, 'ipoe-server/ipoe.config.tmpl', ipoe, trim_blocks=True)
- render(ipoe_cnf, 'ipoe-server/ipoe.config.tmpl', c, trim_blocks=True)
- # return c ??
- return c
+ if ipoe['auth']['mech'] == 'local':
+ render(ipoe_chap_secrets, 'ipoe-server/chap-secrets.tmpl', ipoe)
+ os.chmod(ipoe_chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP)
+
+ else:
+ if os.path.exists(ipoe_chap_secrets):
+ os.unlink(ipoe_chap_secrets)
+
+ return None
def verify(c):
@@ -280,22 +258,19 @@ def verify(c):
return c
-def apply(c):
- if c == None:
- if os.path.exists(pidfile):
- _accel_cmd('shutdown hard')
- if os.path.exists(pidfile):
- os.remove(pidfile)
+def apply(ipoe):
+ if ipoe == None:
+ call('systemctl stop accel-ppp@ipoe.service')
+
+ if os.path.exists(ipoe_conf):
+ os.unlink(ipoe_conf)
+
+ if os.path.exists(ipoe_chap_secrets):
+ os.unlink(ipoe_chap_secrets)
+
return None
- if not os.path.exists(pidfile):
- ret = run(f'/usr/sbin/accel-pppd -c {ipoe_cnf} -p {pidfile} -d')
- _chk_con()
- if ret != 0 and os.path.exists(pidfile):
- os.remove(pidfile)
- raise ConfigError('accel-pppd failed to start')
- else:
- _accel_cmd('restart')
+ call('systemctl restart accel-ppp@ipoe.service')
if __name__ == '__main__':