summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-11-20 19:31:33 +0100
committerGitHub <noreply@github.com>2023-11-20 19:31:33 +0100
commit03740f14ff0b34c997e74511ac35dbf3c1e48309 (patch)
tree989ecacd04cf311c6bf6d86dcda1f69ff6b215c0 /src
parent0650054e646d5119040635fbd19ae15785c16aa8 (diff)
parent3280a153713decf28eb5c564573028df19a4e1b1 (diff)
downloadvyos-1x-03740f14ff0b34c997e74511ac35dbf3c1e48309.tar.gz
vyos-1x-03740f14ff0b34c997e74511ac35dbf3c1e48309.zip
Merge pull request #2515 from vyos/mergify/bp/sagitta/pr-2508
http: T5762: api: make API socket backend communication the one and only default (backport #2508)
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/https.py5
-rw-r--r--src/etc/sysctl.d/30-vyos-router.conf8
-rwxr-xr-xsrc/migration-scripts/https/4-to-556
-rwxr-xr-xsrc/services/vyos-http-api-server10
4 files changed, 65 insertions, 14 deletions
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index 010490c7e..028a5007a 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -215,14 +215,9 @@ def generate(https):
api_data = vyos.defaults.api_data
api_settings = https.get('api', {})
if api_settings:
- port = api_settings.get('port', '')
- if port:
- api_data['port'] = port
vhosts = https.get('api-restrict', {}).get('virtual-host', [])
if vhosts:
api_data['vhost'] = vhosts[:]
- if 'socket' in list(api_settings):
- api_data['socket'] = True
if api_data:
vhost_list = api_data.get('vhost', [])
diff --git a/src/etc/sysctl.d/30-vyos-router.conf b/src/etc/sysctl.d/30-vyos-router.conf
index 1c9b8999f..67d96969e 100644
--- a/src/etc/sysctl.d/30-vyos-router.conf
+++ b/src/etc/sysctl.d/30-vyos-router.conf
@@ -105,3 +105,11 @@ net.core.rps_sock_flow_entries = 32768
net.core.default_qdisc=fq_codel
net.ipv4.tcp_congestion_control=bbr
+# VRF - Virtual routing and forwarding
+# When net.vrf.strict_mode=0 (default) it is possible to associate multiple
+# VRF devices to the same table. Conversely, when net.vrf.strict_mode=1 a
+# table can be associated to a single VRF device.
+#
+# A VRF table can be used by the VyOS CLI only once (ensured by verify()),
+# this simply adds an additional Kernel safety net
+net.vrf.strict_mode=1
diff --git a/src/migration-scripts/https/4-to-5 b/src/migration-scripts/https/4-to-5
new file mode 100755
index 000000000..a503e0cb7
--- /dev/null
+++ b/src/migration-scripts/https/4-to-5
@@ -0,0 +1,56 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# T5762: http: api: smoketests fail as they can not establish IPv6 connection
+# to uvicorn backend server, always make the UNIX domain socket the
+# default way of communication
+
+import sys
+
+from vyos.configtree import ConfigTree
+
+if len(sys.argv) < 2:
+ print("Must specify file name!")
+ sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+config = ConfigTree(config_file)
+
+base = ['service', 'https']
+if not config.exists(base):
+ # Nothing to do
+ sys.exit(0)
+
+# Delete "socket" CLI option - we always use UNIX domain sockets for
+# NGINX <-> API server communication
+if config.exists(base + ['api', 'socket']):
+ config.delete(base + ['api', 'socket'])
+
+# There is no need for an API service port, as UNIX domain sockets
+# are used
+if config.exists(base + ['api', 'port']):
+ config.delete(base + ['api', 'port'])
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ sys.exit(1)
diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server
index 3a9efb73e..daee24257 100755
--- a/src/services/vyos-http-api-server
+++ b/src/services/vyos-http-api-server
@@ -825,15 +825,7 @@ def initialization(session: ConfigSession, app: FastAPI = app):
if app.state.vyos_graphql:
graphql_init(app)
- if not server_config['socket']:
- config = ApiServerConfig(app,
- host=server_config["listen_address"],
- port=int(server_config["port"]),
- proxy_headers=True)
- else:
- config = ApiServerConfig(app,
- uds="/run/api.sock",
- proxy_headers=True)
+ config = ApiServerConfig(app, uds="/run/api.sock", proxy_headers=True)
server = ApiServer(config)
def run_server():