snmp: T1769: cleanup leftove code path for certificate migration

author: Christian Poessinger <christian@poessinger.com> 2020-02-18 16:39:18 +0100
committer: Christian Poessinger <christian@poessinger.com> 2020-02-18 16:39:18 +0100
commit: 373fcb829e95b52c6edd5fafd087012988d66c07 (patch)
tree: 41f4e96a799d63d1510502b420297fc28137ab99 /src/conf_mode/snmp.py
parent: 6a9eb11e1e420aafcc07fdcc2a3a3397c3463d5b (diff)
download: vyos-1x-373fcb829e95b52c6edd5fafd087012988d66c07.tar.gz
vyos-1x-373fcb829e95b52c6edd5fafd087012988d66c07.zip
1 files changed, 52 insertions, 86 deletions
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py
index 0f1fe8a79..7cffa5e04 100755
--- a/src/conf_mode/snmp.py
+++ b/src/conf_mode/snmp.py
@@ -701,92 +701,58 @@ def generate(snmp):
     return None
 
 def apply(snmp):
-    if snmp is not None:
-
-        nonvolatiledir = '/config/snmp/tls'
-        volatiledir = '/etc/snmp/tls'
-        if not os.path.exists(nonvolatiledir):
-            os.makedirs(nonvolatiledir)
-            os.chmod(nonvolatiledir, stat.S_IWUSR | stat.S_IRUSR)
-            # get uid for user 'snmp'
-            # jessie snmp user = snmp
-            # buster snmp user = Debian-snmp
-            # keep it backwards compatible for Crux
-
-            un = [x[0] for x in pwd.getpwall()]
-            # debian snmp uid is 114 per default across releases
-            snmp_uid = 114
-            if 'snmp' in un:
-                snmp_uid = pwd.getpwnam('snmp').pw_uid
-            elif 'Debian-snmp' in un:
-                snmp_uid = pwd.getpwnam('Debian-snmp').pw_uid
-
-            os.chown(nonvolatiledir, snmp_uid, -1)
-
-            # move SNMP certificate files from volatile location to non volatile /config/snmp
-            if os.path.exists(volatiledir) and os.path.isdir(volatiledir):
-                files = os.listdir(volatiledir)
-                for f in files:
-                    move(volatiledir + '/' + f, nonvolatiledir)
-                    os.chmod(nonvolatiledir + '/' + f, stat.S_IWUSR | stat.S_IRUSR)
-
-                os.rmdir(volatiledir)
-                os.symlink(nonvolatiledir, volatiledir)
-
-        if os.path.islink(volatiledir):
-            link = os.readlink(volatiledir)
-            if link != nonvolatiledir:
-                os.unlink(volatiledir)
-                os.symlink(nonvolatiledir, volatiledir)
-
-        # start SNMP daemon
-        os.system("systemctl daemon-reload")
-        os.system("systemctl restart snmpd.service")
-
-        # Passwords are not available immediately in the configuration file,
-        # after daemon startup - we wait until they have been processed by
-        # snmpd, which we see when a magic line appears in this file.
-        ready = False
-        while not ready:
-            while not os.path.exists(config_file_user):
-                sleep(0.1)
-
-            with open(config_file_user, 'r') as f:
-                for line in f:
-                    # Search for our magic string inside the file
-                    if 'usmUser' in line:
-                        ready = True
-                        break
-
-        # net-snmp is now regenerating the configuration file in the background
-        # thus we need to re-open and re-read the file as the content changed.
-        # After that we can no read the encrypted password from the config and
-        # replace the CLI plaintext password with its encrypted version.
-        with open(config_file_user, 'r') as f:
-            engineID = ''
-            for line in f:
-                if line.startswith('usmUser'):
-                    string = line.split(' ')
-                    cfg = {
-                        'user': string[4].replace(r'"', ''),
-                        'auth_pw': string[8],
-                        'priv_pw': string[10]
-                    }
-                    # No need to take care about the VyOS internal user
-                    if cfg['user'] == snmp['vyos_user']:
-                        ready = True
-                        continue
-
-                    # Now update the running configuration
-                    #
-                    # Currently when executing os.system() the environment does not have the vyos_libexec_dir variable set, see T685
-                    os.system('vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set service snmp v3 user "{0}" auth encrypted-key {1} > /dev/null'.format(cfg['user'], cfg['auth_pw']))
-                    os.system('vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set service snmp v3 user "{0}" privacy encrypted-key {1} > /dev/null'.format(cfg['user'], cfg['priv_pw']))
-                    os.system('vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_delete service snmp v3 user "{0}" auth plaintext-key > /dev/null'.format(cfg['user']))
-                    os.system('vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_delete service snmp v3 user "{0}" privacy plaintext-key > /dev/null'.format(cfg['user']))
-
-        # Enable AgentX in FRR
-        os.system('vtysh -c "configure terminal" -c "agentx" >/dev/null')
+    if snmp is None:
+        return None
+
+    # start SNMP daemon
+    os.system("systemctl restart snmpd.service")
+
+    # Passwords are not available immediately in the configuration file,
+    # after daemon startup - we wait until they have been processed by
+    # snmpd, which we see when a magic line appears in this file.
+    ready = False
+    while not ready:
+        while not os.path.exists(config_file_user):
+            sleep(0.5)
+            ready = True
+
+    with open(config_file_user, 'r') as f:
+        for line in f:
+            # Search for our magic string inside the file
+            if 'usmUser' in line:
+                ready = True
+                break
+
+    # net-snmp is now regenerating the configuration file in the background
+    # thus we need to re-open and re-read the file as the content changed.
+    # After that we can no read the encrypted password from the config and
+    # replace the CLI plaintext password with its encrypted version.
+    os.environ["vyos_libexec_dir"] = "/usr/libexec/vyos"
+    with open(config_file_user, 'r') as f:
+        engineID = ''
+        for line in f:
+            if line.startswith('usmUser'):
+                string = line.split(' ')
+                cfg = {
+                    'user': string[4].replace(r'"', ''),
+                    'auth_pw': string[8],
+                    'priv_pw': string[10]
+                }
+                # No need to take care about the VyOS internal user
+                if cfg['user'] == snmp['vyos_user']:
+                    continue
+
+                # Now update the running configuration
+                #
+                # Currently when executing os.system() the environment does not
+                # have the vyos_libexec_dir variable set, see Phabricator T685.
+                os.system('/opt/vyatta/sbin/my_set service snmp v3 user "{0}" auth encrypted-key "{1}" > /dev/null'.format(cfg['user'], cfg['auth_pw']))
+                os.system('/opt/vyatta/sbin/my_set service snmp v3 user "{0}" privacy encrypted-key "{1}" > /dev/null'.format(cfg['user'], cfg['priv_pw']))
+                os.system('/opt/vyatta/sbin/my_delete service snmp v3 user "{0}" auth plaintext-key > /dev/null'.format(cfg['user']))
+                os.system('/opt/vyatta/sbin/my_delete service snmp v3 user "{0}" privacy plaintext-key > /dev/null'.format(cfg['user']))
+
+    # Enable AgentX in FRR
+    os.system('vtysh -c "configure terminal" -c "agentx" >/dev/null')
 
     return None
author	Christian Poessinger <christian@poessinger.com>	2020-02-18 16:39:18 +0100
committer	Christian Poessinger <christian@poessinger.com>	2020-02-18 16:39:18 +0100
commit	373fcb829e95b52c6edd5fafd087012988d66c07 (patch)
tree	41f4e96a799d63d1510502b420297fc28137ab99 /src/conf_mode/snmp.py
parent	6a9eb11e1e420aafcc07fdcc2a3a3397c3463d5b (diff)
download	vyos-1x-373fcb829e95b52c6edd5fafd087012988d66c07.tar.gz vyos-1x-373fcb829e95b52c6edd5fafd087012988d66c07.zip