summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--data/templates/ipoe-server/chap-secrets.tmpl18
-rw-r--r--data/templates/ipoe-server/ipoe.config.tmpl123
-rwxr-xr-xsrc/conf_mode/service-ipoe.py202
3 files changed, 166 insertions, 177 deletions
diff --git a/data/templates/ipoe-server/chap-secrets.tmpl b/data/templates/ipoe-server/chap-secrets.tmpl
new file mode 100644
index 000000000..707718e94
--- /dev/null
+++ b/data/templates/ipoe-server/chap-secrets.tmpl
@@ -0,0 +1,18 @@
+# username server password acceptable local IP addresses shaper
+{% for aifc in auth['auth_if'] %}
+{% for mac in auth['auth_if'][aifc] %}
+{% if (auth['auth_if'][aifc][mac]['up']) and (auth['auth_if'][aifc][mac]['down']) %}
+{% if auth['auth_if'][aifc][mac]['vlan'] %}
+{{aifc}}.{{auth['auth_if'][aifc][mac]['vlan']}}\t*\t{{mac.lower()}}\t*\t{{auth['auth_if'][aifc][mac]['down']}}/{{auth['auth_if'][aifc][mac]['up']}}
+{% else %}
+{{aifc}}\t*\t{{mac.lower()}}\t*\t{{auth['auth_if'][aifc][mac]['down']}}/{{auth['auth_if'][aifc][mac]['up']}}
+{% endif %}
+{% else %}
+{% if auth['auth_if'][aifc][mac]['vlan'] %}
+{{aifc}}.{{auth['auth_if'][aifc][mac]['vlan']}}\t*\t{{mac.lower()}}\t*
+{% else %}
+{{aifc}}\t*\t{{mac.lower()}}\t*
+{% endif %}
+{% endif %}
+{% endfor %}
+{% endfor %}
diff --git a/data/templates/ipoe-server/ipoe.config.tmpl b/data/templates/ipoe-server/ipoe.config.tmpl
new file mode 100644
index 000000000..109bc0d92
--- /dev/null
+++ b/data/templates/ipoe-server/ipoe.config.tmpl
@@ -0,0 +1,123 @@
+### generated by ipoe.py ###
+[modules]
+log_syslog
+ipoe
+shaper
+ipv6pool
+ipv6_nd
+ipv6_dhcp
+{% if auth['mech'] == 'radius' %}
+radius
+{% endif -%}
+ippool
+{% if auth['mech'] == 'local' %}
+chap-secrets
+{% endif %}
+
+[core]
+thread-count={{thread_cnt}}
+
+[log]
+syslog=accel-ipoe,daemon
+copy=1
+level=5
+
+[ipoe]
+verbose=1
+{% for intfc in interfaces %}
+{% if interfaces[intfc]['vlan_mon'] %}
+interface=re:{{intfc}}\.\d+,\
+{% else %}
+interface={{intfc}},\
+{% endif %}
+shared={{interfaces[intfc]['shared']}},\
+mode={{interfaces[intfc]['mode']}},\
+ifcfg={{interfaces[intfc]['ifcfg']}},\
+range={{interfaces[intfc]['range']}},\
+start={{interfaces[intfc]['sess_start']}},\
+ipv6=1
+{% endfor %}
+{% if auth['mech'] == 'noauth' %}
+noauth=1
+{% endif %}
+{% if auth['mech'] == 'local' %}
+username=ifname
+password=csid
+{% endif %}
+
+{%- for intfc in interfaces %}
+{% if (interfaces[intfc]['shared'] == '0') and (interfaces[intfc]['vlan_mon']) %}
+vlan-mon={{intfc}},{{interfaces[intfc]['vlan_mon']|join(',')}}
+{% endif %}
+{% endfor %}
+
+{% if (dns['server1']) or (dns['server2']) %}
+[dns]
+{% if dns['server1'] %}
+dns1={{dns['server1']}}
+{% endif -%}
+{% if dns['server2'] %}
+dns2={{dns['server2']}}
+{% endif -%}
+{% endif -%}
+
+{% if (dnsv6['server1']) or (dnsv6['server2']) or (dnsv6['server3']) %}
+[dnsv6]
+dns={{dnsv6['server1']}}
+dns={{dnsv6['server2']}}
+dns={{dnsv6['server3']}}
+{% endif %}
+
+[ipv6-nd]
+verbose=1
+
+[ipv6-dhcp]
+verbose=1
+
+{% if ipv6['prfx'] %}
+[ipv6-pool]
+{% for prfx in ipv6['prfx'] %}
+{{prfx}}
+{% endfor %}
+{% for pd in ipv6['pd'] %}
+delegate={{pd}}
+{% endfor %}
+{% endif %}
+
+{% if auth['mech'] == 'local' %}
+[chap-secrets]
+chap-secrets=/etc/accel-ppp/ipoe/chap-secrets
+{% endif %}
+
+{% if auth['mech'] == 'radius' %}
+[radius]
+verbose=1
+{% for srv in auth['radius'] %}
+server={{srv}},{{auth['radius'][srv]['secret']}},\
+req-limit={{auth['radius'][srv]['req-limit']}},\
+fail-time={{auth['radius'][srv]['fail-time']}}
+{% endfor %}
+{% if auth['radsettings']['dae-server']['ip-address'] %}
+dae-server={{auth['radsettings']['dae-server']['ip-address']}}:\
+{{auth['radsettings']['dae-server']['port']}},\
+{{auth['radsettings']['dae-server']['secret']}}
+{% endif -%}
+{% if auth['radsettings']['acct-timeout'] %}
+acct-timeout={{auth['radsettings']['acct-timeout']}}
+{% endif -%}
+{% if auth['radsettings']['max-try'] %}
+max-try={{auth['radsettings']['max-try']}}
+{% endif -%}
+{% if auth['radsettings']['timeout'] %}
+timeout={{auth['radsettings']['timeout']}}
+{% endif -%}
+{% if auth['radsettings']['nas-ip-address'] %}
+nas-ip-address={{auth['radsettings']['nas-ip-address']}}
+{% endif -%}
+{% if auth['radsettings']['nas-identifier'] %}
+nas-identifier={{auth['radsettings']['nas-identifier']}}
+{% endif -%}
+{% endif %}
+
+[cli]
+tcp=127.0.0.1:2002
diff --git a/src/conf_mode/service-ipoe.py b/src/conf_mode/service-ipoe.py
index bd7a898d0..dd9616a62 100755
--- a/src/conf_mode/service-ipoe.py
+++ b/src/conf_mode/service-ipoe.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2018 VyOS maintainers and contributors
+# Copyright (C) 2018-2020 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -13,19 +13,18 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#
-import sys
import os
import re
-import time
-import socket
import subprocess
-import jinja2
-import syslog as sl
+
+from jinja2 import FileSystemLoader, Environment
+from socket import socket, AF_INET, SOCK_STREAM
+from sys import exit
+from time import sleep
from vyos.config import Config
+from vyos.defaults import directories as vyos_data_dir
from vyos import ConfigError
ipoe_cnf_dir = r'/etc/accel-ppp/ipoe'
@@ -37,157 +36,8 @@ cmd_port = r'2002'
chap_secrets = ipoe_cnf_dir + '/chap-secrets'
## accel-pppd -d -c /etc/accel-ppp/pppoe/pppoe.config -p /var/run/accel_pppoe.pid
-ipoe_config = '''
-### generated by ipoe.py ###
-[modules]
-log_syslog
-ipoe
-shaper
-ipv6pool
-ipv6_nd
-ipv6_dhcp
-{% if auth['mech'] == 'radius' %}
-radius
-{% endif -%}
-ippool
-{% if auth['mech'] == 'local' %}
-chap-secrets
-{% endif %}
-
-[core]
-thread-count={{thread_cnt}}
-
-[log]
-syslog=accel-ipoe,daemon
-copy=1
-level=5
-
-[ipoe]
-verbose=1
-{% for intfc in interfaces %}
-{% if interfaces[intfc]['vlan_mon'] %}
-interface=re:{{intfc}}\.\d+,\
-{% else %}
-interface={{intfc}},\
-{% endif %}
-shared={{interfaces[intfc]['shared']}},\
-mode={{interfaces[intfc]['mode']}},\
-ifcfg={{interfaces[intfc]['ifcfg']}},\
-range={{interfaces[intfc]['range']}},\
-start={{interfaces[intfc]['sess_start']}},\
-ipv6=1
-{% endfor %}
-{% if auth['mech'] == 'noauth' %}
-noauth=1
-{% endif %}
-{% if auth['mech'] == 'local' %}
-username=ifname
-password=csid
-{% endif %}
-
-{%- for intfc in interfaces %}
-{% if (interfaces[intfc]['shared'] == '0') and (interfaces[intfc]['vlan_mon']) %}
-vlan-mon={{intfc}},{{interfaces[intfc]['vlan_mon']|join(',')}}
-{% endif %}
-{% endfor %}
-
-{% if (dns['server1']) or (dns['server2']) %}
-[dns]
-{% if dns['server1'] %}
-dns1={{dns['server1']}}
-{% endif -%}
-{% if dns['server2'] %}
-dns2={{dns['server2']}}
-{% endif -%}
-{% endif -%}
-
-{% if (dnsv6['server1']) or (dnsv6['server2']) or (dnsv6['server3']) %}
-[dnsv6]
-dns={{dnsv6['server1']}}
-dns={{dnsv6['server2']}}
-dns={{dnsv6['server3']}}
-{% endif %}
-
-[ipv6-nd]
-verbose=1
-
-[ipv6-dhcp]
-verbose=1
-
-{% if ipv6['prfx'] %}
-[ipv6-pool]
-{% for prfx in ipv6['prfx'] %}
-{{prfx}}
-{% endfor %}
-{% for pd in ipv6['pd'] %}
-delegate={{pd}}
-{% endfor %}
-{% endif %}
-
-{% if auth['mech'] == 'local' %}
-[chap-secrets]
-chap-secrets=/etc/accel-ppp/ipoe/chap-secrets
-{% endif %}
-
-{% if auth['mech'] == 'radius' %}
-[radius]
-verbose=1
-{% for srv in auth['radius'] %}
-server={{srv}},{{auth['radius'][srv]['secret']}},\
-req-limit={{auth['radius'][srv]['req-limit']}},\
-fail-time={{auth['radius'][srv]['fail-time']}}
-{% endfor %}
-{% if auth['radsettings']['dae-server']['ip-address'] %}
-dae-server={{auth['radsettings']['dae-server']['ip-address']}}:\
-{{auth['radsettings']['dae-server']['port']}},\
-{{auth['radsettings']['dae-server']['secret']}}
-{% endif -%}
-{% if auth['radsettings']['acct-timeout'] %}
-acct-timeout={{auth['radsettings']['acct-timeout']}}
-{% endif -%}
-{% if auth['radsettings']['max-try'] %}
-max-try={{auth['radsettings']['max-try']}}
-{% endif -%}
-{% if auth['radsettings']['timeout'] %}
-timeout={{auth['radsettings']['timeout']}}
-{% endif -%}
-{% if auth['radsettings']['nas-ip-address'] %}
-nas-ip-address={{auth['radsettings']['nas-ip-address']}}
-{% endif -%}
-{% if auth['radsettings']['nas-identifier'] %}
-nas-identifier={{auth['radsettings']['nas-identifier']}}
-{% endif -%}
-{% endif %}
-
-[cli]
-tcp=127.0.0.1:2002
-'''
-
-# chap secrets
-chap_secrets_conf = '''
-# username server password acceptable local IP addresses shaper
-{% for aifc in auth['auth_if'] %}
-{% for mac in auth['auth_if'][aifc] %}
-{% if (auth['auth_if'][aifc][mac]['up']) and (auth['auth_if'][aifc][mac]['down']) %}
-{% if auth['auth_if'][aifc][mac]['vlan'] %}
-{{aifc}}.{{auth['auth_if'][aifc][mac]['vlan']}}\t*\t{{mac.lower()}}\t*\t{{auth['auth_if'][aifc][mac]['down']}}/{{auth['auth_if'][aifc][mac]['up']}}
-{% else %}
-{{aifc}}\t*\t{{mac.lower()}}\t*\t{{auth['auth_if'][aifc][mac]['down']}}/{{auth['auth_if'][aifc][mac]['up']}}
-{% endif %}
-{% else %}
-{% if auth['auth_if'][aifc][mac]['vlan'] %}
-{{aifc}}.{{auth['auth_if'][aifc][mac]['vlan']}}\t*\t{{mac.lower()}}\t*
-{% else %}
-{{aifc}}\t*\t{{mac.lower()}}\t*
-{% endif %}
-{% endif %}
-{% endfor %}
-{% endfor %}
-'''
-
if not os.path.exists(ipoe_cnf_dir):
os.makedirs(ipoe_cnf_dir)
- sl.syslog(sl.LOG_NOTICE, ipoe_cnf_dir + " created")
def _get_cpu():
@@ -201,13 +51,13 @@ def _get_cpu():
def _chk_con():
cnt = 0
- s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ s = socket(AF_INET, SOCK_STREAM)
while True:
try:
s.connect(("127.0.0.1", int(cmd_port)))
break
except ConnectionRefusedError:
- time.sleep(0.5)
+ sleep(0.5)
cnt += 1
if cnt == 100:
raise("failed to start pppoe server")
@@ -224,18 +74,6 @@ def _accel_cmd(cmd=''):
except:
return 1
-# chap_secrets file if auth mode local
-
-
-def _gen_chap_secrets(c):
-
- tmpl = jinja2.Template(chap_secrets_conf, trim_blocks=True)
- chap_secrets_txt = tmpl.render(c)
- old_umask = os.umask(0o077)
- open(chap_secrets, 'w').write(chap_secrets_txt)
- os.umask(old_umask)
- sl.syslog(sl.LOG_NOTICE, chap_secrets + ' written')
-
##### Inline functions end ####
@@ -388,14 +226,25 @@ def generate(c):
if c == None or not c:
return None
+ # Prepare Jinja2 template loader from files
+ tmpl_path = os.path.join(vyos_data_dir['data'], 'templates', 'ipoe-server')
+ fs_loader = FileSystemLoader(tmpl_path)
+ env = Environment(loader=fs_loader, trim_blocks=True)
+
c['thread_cnt'] = _get_cpu()
if c['auth']['mech'] == 'local':
- _gen_chap_secrets(c)
-
- tmpl = jinja2.Template(ipoe_config, trim_blocks=True)
+ tmpl = env.get_template('chap-secrets.tmpl')
+ chap_secrets_txt = tmpl.render(c)
+ old_umask = os.umask(0o077)
+ with open(chap_secrets, 'w') as f:
+ f.write(chap_secrets_txt)
+ os.umask(old_umask)
+
+ tmpl = env.get_template('ipoe.config.tmpl')
config_text = tmpl.render(c)
- open(ipoe_cnf, 'w').write(config_text)
+ with open(ipoe_cnf, 'w') as f:
+ f.write(config_text)
return c
@@ -465,7 +314,6 @@ def apply(c):
raise ConfigError('accel-pppd failed to start')
else:
_accel_cmd('restart')
- sl.syslog(sl.LOG_NOTICE, "reloading config via daemon restart")
if __name__ == '__main__':
@@ -476,4 +324,4 @@ if __name__ == '__main__':
apply(c)
except ConfigError as e:
print(e)
- sys.exit(1)
+ exit(1)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-06 04:45:37 +0000