diff options
| author | Daniil Baturin <daniil@vyos.io> | 2025-05-20 15:28:12 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-05-20 15:28:12 +0100 |
| commit | 37598a366e8d17fc7a546b23d3a4d8ff097272ce (patch) | |
| tree | a4e6e35705a11366fe9d5e055697687b30434514 /src/conf_mode/interfaces_wireguard.py | |
| parent | d15000b645c690c4d67dc6bb6bc924f16703e352 (diff) | |
| parent | ab602253d57c1fb4a01a9c84f75bbbc480a66189 (diff) | |
| download | vyos-1x-37598a366e8d17fc7a546b23d3a4d8ff097272ce.tar.gz vyos-1x-37598a366e8d17fc7a546b23d3a4d8ff097272ce.zip | |
Merge pull request #4468 from sarthurdev/T5707
wireguard: T7387: Optimise wireguard peer handling
Diffstat (limited to 'src/conf_mode/interfaces_wireguard.py')
| -rwxr-xr-x | src/conf_mode/interfaces_wireguard.py | 28 |
1 files changed, 11 insertions, 17 deletions
diff --git a/src/conf_mode/interfaces_wireguard.py b/src/conf_mode/interfaces_wireguard.py index 3ca6ecdca..770667df1 100755 --- a/src/conf_mode/interfaces_wireguard.py +++ b/src/conf_mode/interfaces_wireguard.py @@ -14,6 +14,9 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +import os + +from glob import glob from sys import exit from vyos.config import Config @@ -35,7 +38,6 @@ from vyos.utils.network import is_wireguard_key_pair from vyos.utils.process import call from vyos import ConfigError from vyos import airbag -from pathlib import Path airbag.enable() @@ -145,19 +147,11 @@ def generate(wireguard): def apply(wireguard): check_kmod('wireguard') - if 'rebuild_required' in wireguard or 'deleted' in wireguard: - wg = WireGuardIf(**wireguard) - # WireGuard only supports peer removal based on the configured public-key, - # by deleting the entire interface this is the shortcut instead of parsing - # out all peers and removing them one by one. - # - # Peer reconfiguration will always come with a short downtime while the - # WireGuard interface is recreated (see below) - wg.remove() + wg = WireGuardIf(**wireguard) - # Create the new interface if required - if 'deleted' not in wireguard: - wg = WireGuardIf(**wireguard) + if 'deleted' in wireguard: + wg.remove() + else: wg.update(wireguard) domain_resolver_usage = '/run/use-vyos-domain-resolver-interfaces-wireguard-' + wireguard['ifname'] @@ -168,12 +162,12 @@ def apply(wireguard): from vyos.utils.file import write_file text = f'# Automatically generated by interfaces_wireguard.py\nThis file indicates that vyos-domain-resolver service is used by the interfaces_wireguard.\n' - text += "intefaces:\n" + "".join([f" - {peer}\n" for peer in wireguard['peers_need_resolve']]) - Path(domain_resolver_usage).write_text(text) + text += "interfaces:\n" + "".join([f" - {peer}\n" for peer in wireguard['peers_need_resolve']]) write_file(domain_resolver_usage, text) else: - Path(domain_resolver_usage).unlink(missing_ok=True) - if not Path('/run').glob('use-vyos-domain-resolver*'): + if os.path.exists(domain_resolver_usage): + os.unlink(domain_resolver_usage) + if not glob('/run/use-vyos-domain-resolver*'): domain_action = 'stop' call(f'systemctl {domain_action} vyos-domain-resolver.service') |