diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-03-20 21:54:05 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-03-20 23:25:05 +0100 |
commit | 86e47301786da64a035156edd24ed2ec89918a49 (patch) | |
tree | 4c76075673e16e36ba082a21ea268884aa350d3e /src/migration-scripts/sstp | |
parent | 806f912d8bf1af148623bd0d2e14dbdeaa059a6f (diff) | |
download | vyos-1x-86e47301786da64a035156edd24ed2ec89918a49.tar.gz vyos-1x-86e47301786da64a035156edd24ed2ec89918a49.zip |
sstp: T2110: use uniform RADIUS CLI syntax
- migrate RADIUS configuration to a more uniform syntax accross the system
- authentication radius-server x.x.x.x to authentication radius server x.x.x.x
- authentication radius-settings to authentication radius
Diffstat (limited to 'src/migration-scripts/sstp')
-rwxr-xr-x | src/migration-scripts/sstp/0-to-1 | 51 |
1 files changed, 49 insertions, 2 deletions
diff --git a/src/migration-scripts/sstp/0-to-1 b/src/migration-scripts/sstp/0-to-1 index 88d3b4fb4..652a2662f 100755 --- a/src/migration-scripts/sstp/0-to-1 +++ b/src/migration-scripts/sstp/0-to-1 @@ -14,7 +14,12 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. + # - migrate from "service sstp-server" to "vpn sstp" +# - remove primary/secondary identifier from nameserver +# - migrate RADIUS configuration to a more uniform syntax accross the system +# - authentication radius-server x.x.x.x to authentication radius server x.x.x.x +# - authentication radius-settings to authentication radius import os import sys @@ -58,8 +63,50 @@ else: config.delete(dns_base) - print(config.to_string()) - sys.exit(1) + + # migrate radius options - copy subtree + # thus must happen before migration of the individual RADIUS servers + old_options = new_base + ['authentication', 'radius-settings'] + new_options = new_base + ['authentication', 'radius'] + config.copy(old_options, new_options) + config.delete(old_options) + + + # migrate radius dynamic author / change of authorisation server + dae_old = new_base + ['authentication', 'radius', 'dae-server'] + if config.exists(dae_old): + config.rename(dae_old, 'dynamic-author') + dae_new = new_base + ['authentication', 'radius', 'dynamic-author'] + + if config.exists(dae_new + ['ip-address']): + config.rename(dae_new + ['ip-address'], 'server') + + if config.exists(dae_new + ['secret']): + config.rename(dae_new + ['secret'], 'key') + + + # migrate radius server + radius_server = new_base + ['authentication', 'radius-server'] + if config.exists(radius_server): + for server in config.list_nodes(radius_server): + base = radius_server + [server] + new = new_base + ['authentication', 'radius', 'server', server] + + # convert secret to key + if config.exists(base + ['secret']): + tmp = config.return_value(base + ['secret']) + config.set(new + ['key'], value=tmp) + + if config.exists(base + ['fail-time']): + tmp = config.return_value(base + ['fail-time']) + config.set(new + ['fail-time'], value=tmp) + + if config.exists(base + ['req-limit']): + tmp = config.return_value(base + ['req-limit']) + config.set(new + ['req-limit'], value=tmp) + + config.set_tag(new_base + ['authentication', 'radius', 'server']) + config.delete(radius_server) try: with open(file_name, 'w') as f: |