diff options
author | Christian Breunig <christian@breunig.cc> | 2023-11-20 19:31:33 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-11-20 19:31:33 +0100 |
commit | 03740f14ff0b34c997e74511ac35dbf3c1e48309 (patch) | |
tree | 989ecacd04cf311c6bf6d86dcda1f69ff6b215c0 /src | |
parent | 0650054e646d5119040635fbd19ae15785c16aa8 (diff) | |
parent | 3280a153713decf28eb5c564573028df19a4e1b1 (diff) | |
download | vyos-1x-03740f14ff0b34c997e74511ac35dbf3c1e48309.tar.gz vyos-1x-03740f14ff0b34c997e74511ac35dbf3c1e48309.zip |
Merge pull request #2515 from vyos/mergify/bp/sagitta/pr-2508
http: T5762: api: make API socket backend communication the one and only default (backport #2508)
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/https.py | 5 | ||||
-rw-r--r-- | src/etc/sysctl.d/30-vyos-router.conf | 8 | ||||
-rwxr-xr-x | src/migration-scripts/https/4-to-5 | 56 | ||||
-rwxr-xr-x | src/services/vyos-http-api-server | 10 |
4 files changed, 65 insertions, 14 deletions
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index 010490c7e..028a5007a 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -215,14 +215,9 @@ def generate(https): api_data = vyos.defaults.api_data api_settings = https.get('api', {}) if api_settings: - port = api_settings.get('port', '') - if port: - api_data['port'] = port vhosts = https.get('api-restrict', {}).get('virtual-host', []) if vhosts: api_data['vhost'] = vhosts[:] - if 'socket' in list(api_settings): - api_data['socket'] = True if api_data: vhost_list = api_data.get('vhost', []) diff --git a/src/etc/sysctl.d/30-vyos-router.conf b/src/etc/sysctl.d/30-vyos-router.conf index 1c9b8999f..67d96969e 100644 --- a/src/etc/sysctl.d/30-vyos-router.conf +++ b/src/etc/sysctl.d/30-vyos-router.conf @@ -105,3 +105,11 @@ net.core.rps_sock_flow_entries = 32768 net.core.default_qdisc=fq_codel net.ipv4.tcp_congestion_control=bbr +# VRF - Virtual routing and forwarding +# When net.vrf.strict_mode=0 (default) it is possible to associate multiple +# VRF devices to the same table. Conversely, when net.vrf.strict_mode=1 a +# table can be associated to a single VRF device. +# +# A VRF table can be used by the VyOS CLI only once (ensured by verify()), +# this simply adds an additional Kernel safety net +net.vrf.strict_mode=1 diff --git a/src/migration-scripts/https/4-to-5 b/src/migration-scripts/https/4-to-5 new file mode 100755 index 000000000..a503e0cb7 --- /dev/null +++ b/src/migration-scripts/https/4-to-5 @@ -0,0 +1,56 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2023 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# T5762: http: api: smoketests fail as they can not establish IPv6 connection +# to uvicorn backend server, always make the UNIX domain socket the +# default way of communication + +import sys + +from vyos.configtree import ConfigTree + +if len(sys.argv) < 2: + print("Must specify file name!") + sys.exit(1) + +file_name = sys.argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +config = ConfigTree(config_file) + +base = ['service', 'https'] +if not config.exists(base): + # Nothing to do + sys.exit(0) + +# Delete "socket" CLI option - we always use UNIX domain sockets for +# NGINX <-> API server communication +if config.exists(base + ['api', 'socket']): + config.delete(base + ['api', 'socket']) + +# There is no need for an API service port, as UNIX domain sockets +# are used +if config.exists(base + ['api', 'port']): + config.delete(base + ['api', 'port']) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print("Failed to save the modified config: {}".format(e)) + sys.exit(1) diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server index 3a9efb73e..daee24257 100755 --- a/src/services/vyos-http-api-server +++ b/src/services/vyos-http-api-server @@ -825,15 +825,7 @@ def initialization(session: ConfigSession, app: FastAPI = app): if app.state.vyos_graphql: graphql_init(app) - if not server_config['socket']: - config = ApiServerConfig(app, - host=server_config["listen_address"], - port=int(server_config["port"]), - proxy_headers=True) - else: - config = ApiServerConfig(app, - uds="/run/api.sock", - proxy_headers=True) + config = ApiServerConfig(app, uds="/run/api.sock", proxy_headers=True) server = ApiServer(config) def run_server(): |