diff options
39 files changed, 1586 insertions, 849 deletions
diff --git a/data/templates/dhcp-server/10-override.conf.j2 b/data/templates/dhcp-server/10-override.conf.j2 deleted file mode 100644 index 1504b6808..000000000 --- a/data/templates/dhcp-server/10-override.conf.j2 +++ /dev/null @@ -1,30 +0,0 @@ -### Autogenerated by dhcp_server.py ### -{% set lease_file = '/config/dhcpd.leases' %} -[Unit] -Description=ISC DHCP IPv4 server -Documentation=man:dhcpd(8) -RequiresMountsFor=/run -ConditionPathExists= -ConditionPathExists=/run/dhcp-server/dhcpd.conf -After= -After=vyos-router.service - -[Service] -Type=forking -WorkingDirectory= -WorkingDirectory=/run/dhcp-server -RuntimeDirectory=dhcp-server -RuntimeDirectoryPreserve=yes -Environment=PID_FILE=/run/dhcp-server/dhcpd.pid CONFIG_FILE=/run/dhcp-server/dhcpd.conf LEASE_FILE={{ lease_file }} -PIDFile=/run/dhcp-server/dhcpd.pid -ExecStartPre=/bin/sh -ec '\ -touch ${LEASE_FILE}; \ -chown dhcpd:vyattacfg ${LEASE_FILE}* ; \ -chmod 664 ${LEASE_FILE}* ; \ -/usr/sbin/dhcpd -4 -t -T -q -user dhcpd -group vyattacfg -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} ' -ExecStart= -ExecStart=/usr/sbin/dhcpd -4 -q -user dhcpd -group vyattacfg -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/data/templates/dhcp-server/dhcpd.conf.j2 b/data/templates/dhcp-server/dhcpd.conf.j2 deleted file mode 100644 index 639526532..000000000 --- a/data/templates/dhcp-server/dhcpd.conf.j2 +++ /dev/null @@ -1,250 +0,0 @@ -### Autogenerated by dhcp_server.py ### - -# For options please consult the following website: -# https://www.isc.org/wp-content/uploads/2017/08/dhcp43options.html -# -# log-facility local7; -{% if hostfile_update is vyos_defined %} -on release { - set ClientName = pick-first-value(host-decl-name, option fqdn.hostname, option host-name); - set ClientIp = binary-to-ascii(10, 8, ".",leased-address); - execute("/usr/libexec/vyos/system/on-dhcp-event.sh", "release", "", ClientIp, "", ""); -} -on expiry { - set ClientName = pick-first-value(host-decl-name, option fqdn.hostname, option host-name); - set ClientIp = binary-to-ascii(10, 8, ".",leased-address); - execute("/usr/libexec/vyos/system/on-dhcp-event.sh", "release", "", ClientIp, "", ""); -} -{% endif %} - -{{ 'use-host-decl-names on;' if host_decl_name is vyos_defined }} -ddns-update-style {{ 'interim' if dynamic_dns_update is vyos_defined else 'none' }}; -option rfc3442-static-route code 121 = array of integer 8; -option windows-static-route code 249 = array of integer 8; -option wpad-url code 252 = text; -option rfc8925-ipv6-only-preferred code 108 = unsigned integer 32; - -# Vendor specific options - Ubiquiti Networks -option space ubnt; -option ubnt.unifi-controller code 1 = ip-address; -class "ubnt" { - match if substring (option vendor-class-identifier , 0, 4) = "ubnt"; - option vendor-class-identifier "ubnt"; - vendor-option-space ubnt; -} - -{% if global_parameters is vyos_defined %} -# The following {{ global_parameters | length }} line(s) have been added as -# global-parameters in the CLI and have not been validated !!! -{% for parameter in global_parameters %} -{{ parameter }} -{% endfor %} - -{% endif %} -{% if failover is vyos_defined %} -# DHCP failover configuration -failover peer "{{ failover.name }}" { -{% if failover.status == 'primary' %} - primary; - mclt 1800; - split 128; -{% elif failover.status == 'secondary' %} - secondary; -{% endif %} - address {{ failover.source_address }}; - port 647; - peer address {{ failover.remote }}; - peer port 647; - max-response-delay 30; - max-unacked-updates 10; - load balance max seconds 3; -} -{% endif %} -{% if listen_address is vyos_defined %} - -# DHCP server serving relay subnet, we need a connector to the real world -{% for address in listen_address %} -# Connected subnet statement for listen-address {{ address }} -subnet {{ address | network_from_ipv4 }} netmask {{ address | netmask_from_ipv4 }} { } -{% endfor %} -{% endif %} - -# Shared network configration(s) -{% if shared_network_name is vyos_defined %} -{% for network, network_config in shared_network_name.items() if network_config.disable is not vyos_defined %} -shared-network {{ network }} { -{% if network_config.authoritative is vyos_defined %} - authoritative; -{% endif %} -{% if network_config.name_server is vyos_defined %} - option domain-name-servers {{ network_config.name_server | join(', ') }}; -{% endif %} -{% if network_config.domain_name is vyos_defined %} - option domain-name "{{ network_config.domain_name }}"; -{% endif %} -{% if network_config.domain_search is vyos_defined %} - option domain-search "{{ network_config.domain_search | join('", "') }}"; -{% endif %} -{% if network_config.ntp_server is vyos_defined %} - option ntp-servers {{ network_config.ntp_server | join(', ') }}; -{% endif %} -{% if network_config.ping_check is vyos_defined %} - ping-check true; -{% endif %} -{% if network_config.shared_network_parameters is vyos_defined %} - # The following {{ network_config.shared_network_parameters | length }} line(s) - # were added as shared-network-parameters in the CLI and have not been validated -{% for parameter in network_config.shared_network_parameters %} - {{ parameter }} -{% endfor %} -{% endif %} -{% if network_config.subnet is vyos_defined %} -{% for subnet, subnet_config in network_config.subnet.items() %} -{% if subnet_config.description is vyos_defined %} - # {{ subnet_config.description }} -{% endif %} - subnet {{ subnet | address_from_cidr }} netmask {{ subnet | netmask_from_cidr }} { -{% if subnet_config.name_server is vyos_defined %} - option domain-name-servers {{ subnet_config.name_server | join(', ') }}; -{% endif %} -{% if subnet_config.domain_name is vyos_defined %} - option domain-name "{{ subnet_config.domain_name }}"; -{% endif %} -{% if subnet_config.domain_search is vyos_defined %} - option domain-search "{{ subnet_config.domain_search | join('", "') }}"; -{% endif %} -{% if subnet_config.ntp_server is vyos_defined %} - option ntp-servers {{ subnet_config.ntp_server | join(', ') }}; -{% endif %} -{% if subnet_config.pop_server is vyos_defined %} - option pop-server {{ subnet_config.pop_server | join(', ') }}; -{% endif %} -{% if subnet_config.smtp_server is vyos_defined %} - option smtp-server {{ subnet_config.smtp_server | join(', ') }}; -{% endif %} -{% if subnet_config.time_server is vyos_defined %} - option time-servers {{ subnet_config.time_server | join(', ') }}; -{% endif %} -{% if subnet_config.wins_server is vyos_defined %} - option netbios-name-servers {{ subnet_config.wins_server | join(', ') }}; -{% endif %} -{% if subnet_config.ipv6_only_preferred is vyos_defined %} - option rfc8925-ipv6-only-preferred {{ subnet_config.ipv6_only_preferred }}; -{% endif %} -{% if subnet_config.static_route is vyos_defined %} -{% set static_default_route = '' %} -{% if subnet_config.default_router is vyos_defined %} -{% set static_default_route = ', ' ~ '0.0.0.0/0' | isc_static_route(subnet_config.default_router) %} -{% endif %} -{% if subnet_config.static_route is vyos_defined %} -{% set rfc3442_routes = [] %} -{% for route, route_options in subnet_config.static_route.items() %} -{% set rfc3442_routes = rfc3442_routes.append(route | isc_static_route(route_options.next_hop)) %} -{% endfor %} - option rfc3442-static-route {{ rfc3442_routes | join(', ') }}{{ static_default_route }}; - option windows-static-route {{ rfc3442_routes | join(', ') }}; -{% endif %} -{% endif %} -{% if subnet_config.ip_forwarding is vyos_defined %} - option ip-forwarding true; -{% endif %} -{% if subnet_config.default_router is vyos_defined %} - option routers {{ subnet_config.default_router }}; -{% endif %} -{% if subnet_config.server_identifier is vyos_defined %} - option dhcp-server-identifier {{ subnet_config.server_identifier }}; -{% endif %} -{% if subnet_config.subnet_parameters is vyos_defined %} - # The following {{ subnet_config.subnet_parameters | length }} line(s) were added as - # subnet-parameters in the CLI and have not been validated!!! -{% for parameter in subnet_config.subnet_parameters %} - {{ parameter }} -{% endfor %} -{% endif %} -{% if subnet_config.tftp_server_name is vyos_defined %} - option tftp-server-name "{{ subnet_config.tftp_server_name }}"; -{% endif %} -{% if subnet_config.bootfile_name is vyos_defined %} - option bootfile-name "{{ subnet_config.bootfile_name }}"; - filename "{{ subnet_config.bootfile_name }}"; -{% endif %} -{% if subnet_config.bootfile_server is vyos_defined %} - next-server {{ subnet_config.bootfile_server }}; -{% endif %} -{% if subnet_config.bootfile_size is vyos_defined %} - option boot-size {{ subnet_config.bootfile_size }}; -{% endif %} -{% if subnet_config.time_offset is vyos_defined %} - option time-offset {{ subnet_config.time_offset }}; -{% endif %} -{% if subnet_config.wpad_url is vyos_defined %} - option wpad-url "{{ subnet_config.wpad_url }}"; -{% endif %} -{% if subnet_config.client_prefix_length is vyos_defined %} - option subnet-mask {{ ('0.0.0.0/' ~ subnet_config.client_prefix_length) | netmask_from_cidr }}; -{% endif %} -{% if subnet_config.lease is vyos_defined %} - default-lease-time {{ subnet_config.lease }}; - max-lease-time {{ subnet_config.lease }}; -{% endif %} -{% if network_config.ping_check is not vyos_defined and subnet_config.ping_check is vyos_defined %} - ping-check true; -{% endif %} -{% if subnet_config.static_mapping is vyos_defined %} -{% for host, host_config in subnet_config.static_mapping.items() if host_config.disable is not vyos_defined %} - host {{ host | replace('_','-') if host_decl_name is vyos_defined else network | replace('_','-') ~ '_' ~ host | replace('_','-') }} { -{% if host_config.ip_address is vyos_defined %} - fixed-address {{ host_config.ip_address }}; -{% endif %} - hardware ethernet {{ host_config.mac_address }}; -{% if host_config.static_mapping_parameters is vyos_defined %} - # The following {{ host_config.static_mapping_parameters | length }} line(s) were added - # as static-mapping-parameters in the CLI and have not been validated -{% for parameter in host_config.static_mapping_parameters %} - {{ parameter }} -{% endfor %} -{% endif %} - } -{% endfor %} -{% endif %} -{% if subnet_config.vendor_option.ubiquiti.unifi_controller is vyos_defined %} - option ubnt.unifi-controller {{ subnet_config.vendor_option.ubiquiti.unifi_controller }}; -{% endif %} -{% if subnet_config.range is vyos_defined %} -{# pool configuration can only be used if there follows a range option #} - pool { -{% endif %} -{% if subnet_config.enable_failover is vyos_defined %} - failover peer "{{ failover.name }}"; - deny dynamic bootp clients; -{% endif %} -{% if subnet_config.range is vyos_defined %} -{% for range, range_options in subnet_config.range.items() %} - range {{ range_options.start }} {{ range_options.stop }}; -{% endfor %} -{% endif %} -{% if subnet_config.range is vyos_defined %} -{# pool configuration can only be used if there follows a range option #} - } -{% endif %} - } -{% endfor %} -{% endif %} - on commit { - set shared-networkname = "{{ network }}"; -{% if hostfile_update is vyos_defined %} - set ClientIp = binary-to-ascii(10, 8, ".", leased-address); - set ClientMac = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)); - set ClientName = pick-first-value(host-decl-name, option fqdn.hostname, option host-name, "empty_hostname"); - if not (ClientName = "empty_hostname") { - set ClientDomain = pick-first-value(config-option domain-name, "..YYZ!"); - execute("/usr/libexec/vyos/system/on-dhcp-event.sh", "commit", ClientName, ClientIp, ClientMac, ClientDomain); - } else { - log(concat("Hostname is not defined for client with IP: ", ClientIP, " MAC: ", ClientMac)); - } -{% endif %} - } -} - -{% endfor %} -{% endif %} diff --git a/data/templates/dhcp-server/dhcpdv6.conf.j2 b/data/templates/dhcp-server/dhcpdv6.conf.j2 deleted file mode 100644 index 5c3471316..000000000 --- a/data/templates/dhcp-server/dhcpdv6.conf.j2 +++ /dev/null @@ -1,132 +0,0 @@ -### Autogenerated by dhcpv6_server.py ### - -# For options please consult the following website: -# https://www.isc.org/wp-content/uploads/2017/08/dhcp43options.html - -log-facility local7; -{% if preference is vyos_defined %} -option dhcp6.preference {{ preference }}; -{% endif %} - -{% if global_parameters.name_server is vyos_defined %} -option dhcp6.name-servers {{ global_parameters.name_server | join(', ') }}; -{% endif %} - -# Vendor specific options - Cisco -option space cisco code width 2 length width 2; -option cisco.tftp-servers code 1 = array of ip6-address; -option vsio.cisco code 9 = encapsulate cisco; - -# Shared network configration(s) -{% if shared_network_name is vyos_defined %} -{% for network, network_config in shared_network_name.items() if network_config.disable is not vyos_defined %} -shared-network {{ network }} { -{% if network_config.common_options is vyos_defined %} -{% if network_config.common_options.info_refresh_time is vyos_defined %} - option dhcp6.info-refresh-time {{ network_config.common_options.info_refresh_time }}; -{% endif %} -{% if network_config.common_options.domain_search is vyos_defined %} - option dhcp6.domain-search "{{ network_config.common_options.domain_search | join('", "') }}"; -{% endif %} -{% if network_config.common_options.name_server is vyos_defined %} - option dhcp6.name-servers {{ network_config.common_options.name_server | join(', ') }}; -{% endif %} -{% endif %} -{% if network_config.subnet is vyos_defined %} -{% for subnet, subnet_config in network_config.subnet.items() %} - subnet6 {{ subnet }} { -{% if subnet_config.address_range is vyos_defined %} -{% if subnet_config.address_range.prefix is vyos_defined %} -{% for prefix, prefix_config in subnet_config.address_range.prefix.items() %} - range6 {{ prefix }} {{ "temporary" if prefix_config.temporary is vyos_defined }}; -{% endfor %} -{% endif %} -{% if subnet_config.address_range.start is vyos_defined %} -{% for address, address_config in subnet_config.address_range.start.items() %} - range6 {{ address }} {{ address_config.stop }}; -{% endfor %} -{% endif %} -{% endif %} -{% if subnet_config.domain_search is vyos_defined %} - option dhcp6.domain-search "{{ subnet_config.domain_search | join('", "') }}"; -{% endif %} -{% if subnet_config.lease_time is vyos_defined %} -{% if subnet_config.lease_time.default is vyos_defined %} - default-lease-time {{ subnet_config.lease_time.default }}; -{% endif %} -{% if subnet_config.lease_time.maximum is vyos_defined %} - max-lease-time {{ subnet_config.lease_time.maximum }}; -{% endif %} -{% if subnet_config.lease_time.minimum is vyos_defined %} - min-lease-time {{ subnet_config.lease_time.minimum }}; -{% endif %} -{% endif %} -{% if subnet_config.name_server is vyos_defined %} - option dhcp6.name-servers {{ subnet_config.name_server | join(', ') }}; -{% endif %} -{% if subnet_config.nis_domain is vyos_defined %} - option dhcp6.nis-domain-name "{{ subnet_config.nis_domain }}"; -{% endif %} -{% if subnet_config.nis_server is vyos_defined %} - option dhcp6.nis-servers {{ subnet_config.nis_server | join(', ') }}; -{% endif %} -{% if subnet_config.nisplus_domain is vyos_defined %} - option dhcp6.nisp-domain-name "{{ subnet_config.nisplus_domain }}"; -{% endif %} -{% if subnet_config.nisplus_server is vyos_defined %} - option dhcp6.nisp-servers {{ subnet_config.nisplus_server | join(', ') }}; -{% endif %} -{% if subnet_config.sip_server is vyos_defined %} -{% set server_ip = [] %} -{% set server_fqdn = [] %} -{% for address in subnet_config.sip_server %} -{% if address | is_ipv6 %} -{% set server_ip = server_ip.append(address) %} -{% else %} -{% set server_fqdn = server_fqdn.append(address) %} -{% endif %} -{% endfor %} -{% if server_ip is vyos_defined and server_ip | length > 0 %} - option dhcp6.sip-servers-addresses {{ server_ip | join(', ') }}; -{% endif %} -{% if server_fqdn is vyos_defined and server_fqdn | length > 0 %} - option dhcp6.sip-servers-names "{{ server_fqdn | join('", "') }}"; -{% endif %} -{% endif %} -{% if subnet_config.sntp_server is vyos_defined %} - option dhcp6.sntp-servers {{ subnet_config.sntp_server | join(', ') }}; -{% endif %} -{% if subnet_config.prefix_delegation.start is vyos_defined %} -{% for prefix, prefix_config in subnet_config.prefix_delegation.start.items() %} - prefix6 {{ prefix }} {{ prefix_config.stop }} /{{ prefix_config.prefix_length }}; -{% endfor %} -{% endif %} -{% if subnet_config.static_mapping is vyos_defined %} - - # begin configuration of static client mappings -{% for host, host_config in subnet_config.static_mapping.items() if host_config.disable is not vyos_defined %} - host {{ network | replace('_','-') }}_{{ host | replace('_','-') }} { -{% if host_config.identifier is vyos_defined %} - host-identifier option dhcp6.client-id {{ host_config.identifier }}; -{% endif %} -{% if host_config.ipv6_address is vyos_defined %} - fixed-address6 {{ host_config.ipv6_address }}; -{% endif %} -{% if host_config.ipv6_prefix is vyos_defined %} - fixed-prefix6 {{ host_config.ipv6_prefix }}; -{% endif %} - } -{% endfor %} -{% endif %} -{% if subnet_config.vendor_option.cisco.tftp_server is vyos_defined %} - option cisco.tftp-servers {{ subnet_config.vendor_option.cisco.tftp_server | join(', ') }}; -{% endif %} - } -{% endfor %} -{% endif %} - on commit { - set shared-networkname = "{{ network }}"; - } -} -{% endfor %} -{% endif %} diff --git a/data/templates/dhcp-server/kea-ctrl-agent.conf.j2 b/data/templates/dhcp-server/kea-ctrl-agent.conf.j2 new file mode 100644 index 000000000..74c63a7a0 --- /dev/null +++ b/data/templates/dhcp-server/kea-ctrl-agent.conf.j2 @@ -0,0 +1,14 @@ +{ + "Control-agent": { +{% if failover is vyos_defined %} + "http-host": "{{ failover.source_address }}", + "http-port": 647, + "control-sockets": { + "dhcp4": { + "socket-type": "unix", + "socket-name": "/run/kea/dhcp4-ctrl-socket" + } + } +{% endif %} + } +} diff --git a/data/templates/dhcp-server/kea-dhcp4.conf.j2 b/data/templates/dhcp-server/kea-dhcp4.conf.j2 new file mode 100644 index 000000000..6ab13ab27 --- /dev/null +++ b/data/templates/dhcp-server/kea-dhcp4.conf.j2 @@ -0,0 +1,72 @@ +{ + "Dhcp4": { + "interfaces-config": { + "interfaces": [ "*" ], + "dhcp-socket-type": "raw", + "service-sockets-max-retries": 5, + "service-sockets-retry-wait-time": 5000 + }, + "control-socket": { + "socket-type": "unix", + "socket-name": "/run/kea/dhcp4-ctrl-socket" + }, + "lease-database": { + "type": "memfile", + "persist": true, + "name": "{{ lease_file }}" + }, + "option-def": [ + { + "name": "rfc3442-static-route", + "code": 121, + "type": "record", + "array": true, + "record-types": "uint8,uint8,uint8,uint8,uint8,uint8,uint8,uint8" + }, + { + "name": "windows-static-route", + "code": 249, + "type": "record", + "array": true, + "record-types": "uint8,uint8,uint8,uint8,uint8,uint8,uint8,uint8" + }, + { + "name": "wpad-url", + "code": 252, + "type": "string" + }, + { + "name": "unifi-controller", + "code": 1, + "type": "ipv4-address", + "space": "ubnt" + } + ], + "hooks-libraries": [ +{% if failover is vyos_defined %} + { + "library": "/usr/lib/{{ machine }}-linux-gnu/kea/hooks/libdhcp_ha.so", + "parameters": { + "high-availability": [{{ failover | kea_failover_json }}] + } + }, +{% endif %} +{% if hostfile_update is vyos_defined %} + { + "library": "/usr/lib/{{ machine }}-linux-gnu/kea/hooks/libdhcp_run_script.so", + "parameters": { + "name": "/usr/libexec/vyos/system/on-dhcp-event.sh", + "sync": false + } + }, +{% endif %} + { + "library": "/usr/lib/{{ machine }}-linux-gnu/kea/hooks/libdhcp_lease_cmds.so", + "parameters": {} + } + ], +{% if shared_network_name is vyos_defined %} + "shared-networks": {{ shared_network_name | kea_shared_network_json }} +{% endif %} + } +} diff --git a/data/templates/dhcp-server/kea-dhcp6.conf.j2 b/data/templates/dhcp-server/kea-dhcp6.conf.j2 new file mode 100644 index 000000000..3ce4e6370 --- /dev/null +++ b/data/templates/dhcp-server/kea-dhcp6.conf.j2 @@ -0,0 +1,48 @@ +{ + "Dhcp6": { + "interfaces-config": { + "interfaces": [ "*" ], + "service-sockets-max-retries": 5, + "service-sockets-retry-wait-time": 5000 + }, + "control-socket": { + "socket-type": "unix", + "socket-name": "/run/kea/dhcp6-ctrl-socket" + }, + "lease-database": { + "type": "memfile", + "persist": true, + "name": "{{ lease_file }}" + }, + "hooks-libraries": [ + { + "library": "/usr/lib/{{ machine }}-linux-gnu/kea/hooks/libdhcp_lease_cmds.so", + "parameters": {} + } + ], + "option-data": [ +{% if global_parameters.name_server is vyos_defined %} + { + "name": "dns-servers", + "code": 23, + "space": "dhcp6", + "csv-format": true, + "data": "{{ global_parameters.name_server | join(", ") }}" + }{{ ',' if preference is vyos_defined else '' }} +{% endif %} +{% if preference is vyos_defined %} + { + "name": "preference", + "code": 7, + "space": "dhcp6", + "csv-format": true, + "data": "{{ preference }}" + } +{% endif %} + ], +{% if shared_network_name is vyos_defined %} + "shared-networks": {{ shared_network_name | kea6_shared_network_json }} +{% endif %} + + } +} diff --git a/debian/control b/debian/control index f20268444..816d41944 100644 --- a/debian/control +++ b/debian/control @@ -169,8 +169,7 @@ Depends: # For "service dhcp-relay" isc-dhcp-relay, # For "service dhcp-server" - isc-dhcp-server, - python3-isc-dhcp-leases, + kea, # End "service dhcp-server" # For "service lldp" lldpd, diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in index 583de7ba9..081f7ed42 100644 --- a/interface-definitions/dhcp-server.xml.in +++ b/interface-definitions/dhcp-server.xml.in @@ -63,26 +63,16 @@ <constraintErrorMessage>Invalid DHCP failover peer status</constraintErrorMessage> </properties> </leafNode> + #include <include/pki/ca-certificate.xml.i> + #include <include/pki/certificate.xml.i> </children> </node> - <leafNode name="global-parameters"> - <properties> - <help>Additional global parameters for DHCP server. You must use the syntax of dhcpd.conf in this text-field. Using this without proper knowledge may result in a crashed DHCP server. Check system log to look for errors.</help> - <multi/> - </properties> - </leafNode> <leafNode name="hostfile-update"> <properties> <help>Updating /etc/hosts file (per client lease)</help> <valueless/> </properties> </leafNode> - <leafNode name="host-decl-name"> - <properties> - <help>Use host declaration name for forward DNS name</help> - <valueless/> - </properties> - </leafNode> #include <include/listen-address-ipv4.xml.i> <tagNode name="shared-network-name"> <properties> @@ -102,16 +92,9 @@ #include <include/dhcp/domain-name.xml.i> #include <include/dhcp/domain-search.xml.i> #include <include/dhcp/ntp-server.xml.i> - #include <include/dhcp/ping-check.xml.i> #include <include/generic-description.xml.i> #include <include/generic-disable-node.xml.i> #include <include/name-server-ipv4.xml.i> - <leafNode name="shared-network-parameters"> - <properties> - <help>Additional shared-network parameters for DHCP server. You must use the syntax of dhcpd.conf in this text-field. Using this without proper knowledge may result in a crashed DHCP server. Check system log to look for errors.</help> - <multi/> - </properties> - </leafNode> <tagNode name="subnet"> <properties> <help>DHCP subnet for shared network</help> @@ -162,6 +145,7 @@ </constraint> </properties> </leafNode> + #include <include/dhcp/captive-portal.xml.i> <leafNode name="client-prefix-length"> <properties> <help>Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used.</help> @@ -191,12 +175,6 @@ #include <include/dhcp/domain-search.xml.i> #include <include/generic-description.xml.i> #include <include/name-server-ipv4.xml.i> - <leafNode name="enable-failover"> - <properties> - <help>Enable DHCP failover support for this subnet</help> - <valueless/> - </properties> - </leafNode> <leafNode name="exclude"> <properties> <help>IP address to exclude from DHCP lease range</help> @@ -231,7 +209,6 @@ <defaultValue>86400</defaultValue> </leafNode> #include <include/dhcp/ntp-server.xml.i> - #include <include/dhcp/ping-check.xml.i> <leafNode name="pop-server"> <properties> <help>IP address of POP3 server</help> @@ -339,12 +316,6 @@ </constraint> </properties> </leafNode> - <leafNode name="static-mapping-parameters"> - <properties> - <help>Additional static-mapping parameters for DHCP server. Will be placed inside the "host" block of the mapping. You must use the syntax of dhcpd.conf in this text-field. Using this without proper knowledge may result in a crashed DHCP server. Check system log to look for errors.</help> - <multi/> - </properties> - </leafNode> </children> </tagNode> <tagNode name="static-route"> @@ -386,12 +357,6 @@ <constraintErrorMessage>Seconds must be between 0 and 4294967295 (49 days)</constraintErrorMessage> </properties> </leafNode> - <leafNode name="subnet-parameters"> - <properties> - <help>Additional subnet parameters for DHCP server. You must use the syntax of dhcpd.conf in this text-field. Using this without proper knowledge may result in a crashed DHCP server. Check system log to look for errors.</help> - <multi/> - </properties> - </leafNode> <leafNode name="tftp-server-name"> <properties> <help>TFTP server name</help> @@ -435,6 +400,17 @@ <multi/> </properties> </leafNode> + <leafNode name="time-zone"> + <properties> + <help>Time zone to send to clients. Uses RFC4833 options 100 and 101</help> + <completionHelp> + <script>timedatectl list-timezones</script> + </completionHelp> + <constraint> + <validator name="timezone" argument="--validate"/> + </constraint> + </properties> + </leafNode> <node name="vendor-option"> <properties> <help>Vendor Specific Options</help> diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in index 9dff68a24..b37f79434 100644 --- a/interface-definitions/dhcpv6-server.xml.in +++ b/interface-definitions/dhcpv6-server.xml.in @@ -41,6 +41,21 @@ <children> #include <include/generic-disable-node.xml.i> #include <include/generic-description.xml.i> + <leafNode name="interface"> + <properties> + <help>Optional interface for this shared network to accept requests from</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + </leafNode> <node name="common-options"> <properties> <help>Common options to distribute to all clients, including stateless clients</help> @@ -79,7 +94,7 @@ <help>Parameters setting ranges for assigning IPv6 addresses</help> </properties> <children> - <tagNode name="prefix"> + <leafNode name="prefix"> <properties> <help>IPv6 prefix defining range of addresses to assign</help> <valueHelp> @@ -89,16 +104,9 @@ <constraint> <validator name="ipv6-prefix"/> </constraint> + <multi/> </properties> - <children> - <leafNode name="temporary"> - <properties> - <help>Address range will be used for temporary addresses</help> - <valueless/> - </properties> - </leafNode> - </children> - </tagNode> + </leafNode> <tagNode name="start"> <properties> <help>First in range of consecutive IPv6 addresses to assign</help> @@ -127,6 +135,7 @@ </tagNode> </children> </node> + #include <include/dhcp/captive-portal.xml.i> #include <include/dhcp/domain-search.xml.i> <node name="lease-time"> <properties> @@ -221,12 +230,12 @@ <help>Parameters relating to IPv6 prefix delegation</help> </properties> <children> - <tagNode name="start"> + <tagNode name="prefix"> <properties> - <help>First in range of IPv6 addresses to be used in prefix delegation</help> + <help>IPv6 prefix to be used in prefix delegation</help> <valueHelp> <format>ipv6</format> - <description>IPv6 address used in prefix delegation</description> + <description>IPv6 prefix used in prefix delegation</description> </valueHelp> <constraint> <validator name="ipv6-address"/> @@ -235,27 +244,28 @@ <children> <leafNode name="prefix-length"> <properties> - <help>Length in bits of prefixes to be delegated</help> + <help>Length in bits of prefix</help> <valueHelp> <format>u32:32-64</format> - <description>Delagated prefix length (32-64)</description> + <description>Prefix length (32-64)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 32-64"/> </constraint> - <constraintErrorMessage>Delegated prefix length must be between 32 and 64</constraintErrorMessage> + <constraintErrorMessage>Prefix length must be between 32 and 64</constraintErrorMessage> </properties> </leafNode> - <leafNode name="stop"> + <leafNode name="delegated-length"> <properties> - <help>Last in range of IPv6 addresses to be used in prefix delegation</help> + <help>Length in bits of prefixes to be delegated</help> <valueHelp> - <format>ipv6</format> - <description>IPv6 address used in prefix delegation</description> + <format>u32:32-64</format> + <description>Delegated prefix length (32-64)</description> </valueHelp> <constraint> - <validator name="ipv6-address"/> + <validator name="numeric" argument="--range 32-96"/> </constraint> + <constraintErrorMessage>Delegated prefix length must be between 32 and 96</constraintErrorMessage> </properties> </leafNode> </children> diff --git a/interface-definitions/include/dhcp/captive-portal.xml.i b/interface-definitions/include/dhcp/captive-portal.xml.i new file mode 100644 index 000000000..643f055a8 --- /dev/null +++ b/interface-definitions/include/dhcp/captive-portal.xml.i @@ -0,0 +1,11 @@ +<!-- include start from dhcp/captive-portal.xml.i --> +<leafNode name="captive-portal"> + <properties> + <help>Captive portal API endpoint</help> + <valueHelp> + <format>txt</format> + <description>Captive portal API endpoint</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/dhcp/ping-check.xml.i b/interface-definitions/include/dhcp/ping-check.xml.i deleted file mode 100644 index a506f68e4..000000000 --- a/interface-definitions/include/dhcp/ping-check.xml.i +++ /dev/null @@ -1,8 +0,0 @@ -<!-- include start from dhcp/ping-check.xml.i --> -<leafNode name="ping-check"> - <properties> - <help>Sends ICMP Echo request to the address being assigned</help> - <valueless/> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/version/dhcp-server-version.xml.i b/interface-definitions/include/version/dhcp-server-version.xml.i index 330cb7d1b..7c4b5633e 100644 --- a/interface-definitions/include/version/dhcp-server-version.xml.i +++ b/interface-definitions/include/version/dhcp-server-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/dhcp-server-version.xml.i --> -<syntaxVersion component='dhcp-server' version='6'></syntaxVersion> +<syntaxVersion component='dhcp-server' version='7'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/dhcpv6-server-version.xml.i b/interface-definitions/include/version/dhcpv6-server-version.xml.i index 4b2cf40aa..ae4178c90 100644 --- a/interface-definitions/include/version/dhcpv6-server-version.xml.i +++ b/interface-definitions/include/version/dhcpv6-server-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/dhcpv6-server-version.xml.i --> -<syntaxVersion component='dhcpv6-server' version='1'></syntaxVersion> +<syntaxVersion component='dhcpv6-server' version='2'></syntaxVersion> <!-- include end --> diff --git a/op-mode-definitions/dhcp.xml.in b/op-mode-definitions/dhcp.xml.in index 9c2e2be76..ceb321f3e 100644 --- a/op-mode-definitions/dhcp.xml.in +++ b/op-mode-definitions/dhcp.xml.in @@ -163,7 +163,7 @@ <properties> <help>Restart DHCP server</help> </properties> - <command>if cli-shell-api existsActive service dhcp-server; then sudo systemctl restart isc-dhcp-server.service; else echo "DHCP server not configured"; fi</command> + <command>if cli-shell-api existsActive service dhcp-server; then sudo systemctl restart kea-dhcp4-server.service; else echo "DHCP server not configured"; fi</command> </node> <node name="relay-agent"> <properties> @@ -182,7 +182,7 @@ <properties> <help>Restart DHCPv6 server</help> </properties> - <command>if cli-shell-api existsActive service dhcpv6-server; then sudo systemctl restart isc-dhcp-server6.service; else echo "DHCPv6 server not configured"; fi</command> + <command>if cli-shell-api existsActive service dhcpv6-server; then sudo systemctl restart kea-dhcp6-server.service; else echo "DHCPv6 server not configured"; fi</command> </node> <node name="relay-agent"> <properties> diff --git a/op-mode-definitions/monitor-log.xml.in b/op-mode-definitions/monitor-log.xml.in index 44628a112..3a8118dcb 100644 --- a/op-mode-definitions/monitor-log.xml.in +++ b/op-mode-definitions/monitor-log.xml.in @@ -51,7 +51,7 @@ <properties> <help>Monitor last lines of DHCP server log</help> </properties> - <command>journalctl --no-hostname --follow --boot --unit isc-dhcp-server.service</command> + <command>journalctl --no-hostname --follow --boot --unit kea-dhcp4-server.service</command> </node> <node name="client"> <properties> @@ -81,7 +81,7 @@ <properties> <help>Monitor last lines of DHCPv6 server log</help> </properties> - <command>journalctl --no-hostname --follow --boot --unit isc-dhcp-server6.service</command> + <command>journalctl --no-hostname --follow --boot --unit kea-dhcp6-server.service</command> </node> <node name="client"> <properties> diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in index 3a622cfb5..399c6acf8 100644 --- a/op-mode-definitions/show-log.xml.in +++ b/op-mode-definitions/show-log.xml.in @@ -78,7 +78,7 @@ <properties> <help>Show log for DHCP server</help> </properties> - <command>journalctl --no-hostname --boot --unit isc-dhcp-server.service</command> + <command>journalctl --no-hostname --boot --unit kea-dhcp4-server.service</command> </node> <node name="client"> <properties> @@ -108,7 +108,7 @@ <properties> <help>Show log for DHCPv6 server</help> </properties> - <command>journalctl --no-hostname --boot --unit isc-dhcp-server6.service</command> + <command>journalctl --no-hostname --boot --unit kea-dhcp6-server.service</command> </node> <node name="client"> <properties> diff --git a/python/vyos/config_mgmt.py b/python/vyos/config_mgmt.py index df7240c88..950f14d4f 100644 --- a/python/vyos/config_mgmt.py +++ b/python/vyos/config_mgmt.py @@ -233,7 +233,7 @@ Proceed ?''' msg = '' if not self._check_revision_number(rev): - msg = f'Invalid revision number {rev}: must be 0 < rev < {maxrev}' + msg = f'Invalid revision number {rev}: must be 0 < rev < {self.max_revisions}' return msg, 1 prompt_str = 'Proceed with reboot ?' diff --git a/python/vyos/kea.py b/python/vyos/kea.py new file mode 100644 index 000000000..cb341e0f2 --- /dev/null +++ b/python/vyos/kea.py @@ -0,0 +1,319 @@ +# Copyright 2023 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +import json +import os +import socket + +from datetime import datetime + +from vyos.template import is_ipv6 +from vyos.template import isc_static_route +from vyos.template import netmask_from_cidr +from vyos.utils.dict import dict_search_args +from vyos.utils.file import read_file + +kea4_options = { + 'name_server': 'domain-name-servers', + 'domain_name': 'domain-name', + 'domain_search': 'domain-search', + 'ntp_server': 'ntp-servers', + 'pop_server': 'pop-server', + 'smtp_server': 'smtp-server', + 'time_server': 'time-servers', + 'wins_server': 'netbios-name-servers', + 'default_router': 'routers', + 'server_identifier': 'dhcp-server-identifier', + 'tftp_server_name': 'tftp-server-name', + 'bootfile_size': 'boot-size', + 'time_offset': 'time-offset', + 'wpad_url': 'wpad-url', + 'ipv6_only_preferred': 'v6-only-preferred', + 'captive_portal': 'v4-captive-portal' +} + +kea6_options = { + 'info_refresh_time': 'information-refresh-time', + 'name_server': 'dns-servers', + 'domain_search': 'domain-search', + 'nis_domain': 'nis-domain-name', + 'nis_server': 'nis-servers', + 'nisplus_domain': 'nisp-domain-name', + 'nisplus_server': 'nisp-servers', + 'sntp_server': 'sntp-servers', + 'captive_portal': 'v6-captive-portal' +} + +def kea_parse_options(config): + options = [] + + for node, option_name in kea4_options.items(): + if node not in config: + continue + + value = ", ".join(config[node]) if isinstance(config[node], list) else config[node] + options.append({'name': option_name, 'data': value}) + + if 'client_prefix_length' in config: + options.append({'name': 'subnet-mask', 'data': netmask_from_cidr('0.0.0.0/' + config['client_prefix_length'])}) + + if 'ip_forwarding' in config: + options.append({'name': 'ip-forwarding', 'data': "true"}) + + if 'static_route' in config: + default_route = '' + + if 'default_router' in config: + default_route = isc_static_route('0.0.0.0/0', config['default_router']) + + routes = [isc_static_route(route, route_options['next_hop']) for route, route_options in config['static_route'].items()] + + options.append({'name': 'rfc3442-static-route', 'data': ", ".join(routes if not default_route else routes + [default_route])}) + options.append({'name': 'windows-static-route', 'data': ", ".join(routes)}) + + if 'time_zone' in config: + with open("/usr/share/zoneinfo/" + config['time_zone'], "rb") as f: + tz_string = f.read().split(b"\n")[-2].decode("utf-8") + + options.append({'name': 'pcode', 'data': tz_string}) + options.append({'name': 'tcode', 'data': config['time_zone']}) + + return options + +def kea_parse_subnet(subnet, config): + out = {'subnet': subnet} + options = kea_parse_options(config) + + if 'bootfile_name' in config: + out['boot-file-name'] = config['bootfile_name'] + + if 'bootfile_server' in config: + out['next-server'] = config['bootfile_server'] + + if 'lease' in config: + out['valid-lifetime'] = int(config['lease']) + out['max-valid-lifetime'] = int(config['lease']) + + if 'range' in config: + pools = [] + for num, range_config in config['range'].items(): + start, stop = range_config['start'], range_config['stop'] + pools.append({'pool': f'{start} - {stop}'}) + out['pools'] = pools + + if 'static_mapping' in config: + reservations = [] + for host, host_config in config['static_mapping'].items(): + if 'disable' in host_config: + continue + + reservations.append({ + 'hw-address': host_config['mac_address'], + 'ip-address': host_config['ip_address'] + }) + out['reservations'] = reservations + + unifi_controller = dict_search_args(config, 'vendor_option', 'ubiquiti', 'unifi_controller') + if unifi_controller: + options.append({ + 'name': 'unifi-controller', + 'data': unifi_controller, + 'space': 'ubnt' + }) + + if options: + out['option-data'] = options + + return out + +def kea6_parse_options(config): + options = [] + + if 'common_options' in config: + common_opt = config['common_options'] + + for node, option_name in kea6_options.items(): + if node not in common_opt: + continue + + value = ", ".join(common_opt[node]) if isinstance(common_opt[node], list) else common_opt[node] + options.append({'name': option_name, 'data': value}) + + for node, option_name in kea6_options.items(): + if node not in config: + continue + + value = ", ".join(config[node]) if isinstance(config[node], list) else config[node] + options.append({'name': option_name, 'data': value}) + + if 'sip_server' in config: + sip_servers = config['sip_server'] + + addrs = [] + hosts = [] + + for server in sip_servers: + if is_ipv6(server): + addrs.append(server) + else: + hosts.append(server) + + if addrs: + options.append({'name': 'sip-server-addr', 'data': ", ".join(addrs)}) + + if hosts: + options.append({'name': 'sip-server-dns', 'data': ", ".join(hosts)}) + + cisco_tftp = dict_search_args(config, 'vendor_option', 'cisco', 'tftp-server') + if cisco_tftp: + options.append({'name': 'tftp-servers', 'code': 2, 'space': 'cisco', 'data': cisco_tftp}) + + return options + +def kea6_parse_subnet(subnet, config): + out = {'subnet': subnet} + options = kea6_parse_options(config) + + if 'address_range' in config: + addr_range = config['address_range'] + pools = [] + + if 'prefix' in addr_range: + for prefix in addr_range['prefix']: + pools.append({'pool': prefix}) + + if 'start' in addr_range: + for start, range_conf in addr_range['start'].items(): + stop = range_conf['stop'] + pools.append({'pool': f'{start} - {stop}'}) + + out['pools'] = pools + + if 'prefix_delegation' in config: + pd_pools = [] + + if 'prefix' in config['prefix_delegation']: + for prefix, pd_conf in config['prefix_delegation']['prefix'].items(): + pd_pools.append({ + 'prefix': prefix, + 'prefix-len': int(pd_conf['prefix_length']), + 'delegated-len': int(pd_conf['delegated_length']) + }) + + out['pd-pools'] = pd_pools + + if 'lease_time' in config: + if 'default' in config['lease_time']: + out['valid-lifetime'] = int(config['lease_time']['default']) + if 'maximum' in config['lease_time']: + out['max-valid-lifetime'] = int(config['lease_time']['maximum']) + if 'minimum' in config['lease_time']: + out['min-valid-lifetime'] = int(config['lease_time']['minimum']) + + if 'static_mapping' in config: + reservations = [] + for host, host_config in config['static_mapping'].items(): + if 'disable' in host_config: + continue + + reservation = {} + + if 'identifier' in host_config: + reservation['duid'] = host_config['identifier'] + + if 'ipv6_address' in host_config: + reservation['ip-addresses'] = [ host_config['ipv6_address'] ] + + if 'ipv6_prefix' in host_config: + reservation['prefixes'] = [ host_config['ipv6_prefix'] ] + + reservations.append(reservation) + + out['reservations'] = reservations + + if options: + out['option-data'] = options + + return out + +def kea_parse_leases(lease_path): + contents = read_file(lease_path) + lines = contents.split("\n") + output = [] + + if len(lines) < 2: + return output + + headers = lines[0].split(",") + + for line in lines[1:]: + line_out = dict(zip(headers, line.split(","))) + + lifetime = int(line_out['valid_lifetime']) + expiry = int(line_out['expire']) + + line_out['start_timestamp'] = datetime.utcfromtimestamp(expiry - lifetime) + line_out['expire_timestamp'] = datetime.utcfromtimestamp(expiry) if expiry else None + + output.append(line_out) + + return output + +def _ctrl_socket_command(path, command, args=None): + if not os.path.exists(path): + return None + + with socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as sock: + sock.connect(path) + + payload = {'command': command} + if args: + payload['arguments'] = args + + sock.send(bytes(json.dumps(payload), 'utf-8')) + result = b'' + while True: + data = sock.recv(4096) + result += data + if len(data) < 4096: + break + + return json.loads(result.decode('utf-8')) + +def kea_get_active_config(inet): + ctrl_socket = f'/run/kea/dhcp{inet}-ctrl-socket' + + config = _ctrl_socket_command(ctrl_socket, 'config-get') + + if not config or 'result' not in config or config['result'] != 0: + return None + + return config + +def kea_get_pool_from_subnet_id(config, inet, subnet_id): + shared_networks = dict_search_args(config, 'arguments', f'Dhcp{inet}', 'shared-networks') + + if not shared_networks: + return None + + for network in shared_networks: + if f'subnet{inet}' not in network: + continue + + for subnet in network[f'subnet{inet}']: + if 'id' in subnet and int(subnet['id']) == int(subnet_id): + return network['name'] + + return None diff --git a/python/vyos/template.py b/python/vyos/template.py index 2d4beeec2..f0a50e728 100644 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -791,6 +791,106 @@ def range_to_regex(num_range): regex = range_to_regex(num_range) return f'({regex})' +@register_filter('kea_failover_json') +def kea_failover_json(config): + from json import dumps + + source_addr = config['source_address'] + remote_addr = config['remote'] + + data = { + 'this-server-name': os.uname()[1], + 'mode': 'hot-standby', + 'heartbeat-delay': 10000, + 'max-response-delay': 10000, + 'max-ack-delay': 5000, + 'max-unacked-clients': 0, + 'peers': [ + { + 'name': os.uname()[1], + 'url': f'http://{source_addr}:647/', + 'role': 'standby' if config['status'] == 'secondary' else 'primary', + 'auto-failover': True + }, + { + 'name': config['name'], + 'url': f'http://{remote_addr}:647/', + 'role': 'primary' if config['status'] == 'secondary' else 'standby', + 'auto-failover': True + }] + } + + if 'ca_cert_file' in config: + data['trust-anchor'] = config['ca_cert_file'] + + if 'cert_file' in config: + data['cert-file'] = config['cert_file'] + + if 'cert_key_file' in config: + data['key-file'] = config['cert_key_file'] + + return dumps(data) + +@register_filter('kea_shared_network_json') +def kea_shared_network_json(shared_networks): + from vyos.kea import kea_parse_options + from vyos.kea import kea_parse_subnet + from json import dumps + out = [] + + for name, config in shared_networks.items(): + if 'disable' in config: + continue + + network = { + 'name': name, + 'authoritative': ('authoritative' in config), + 'subnet4': [] + } + options = kea_parse_options(config) + + if 'subnet' in config: + for subnet, subnet_config in config['subnet'].items(): + network['subnet4'].append(kea_parse_subnet(subnet, subnet_config)) + + if options: + network['option-data'] = options + + out.append(network) + + return dumps(out, indent=4) + +@register_filter('kea6_shared_network_json') +def kea6_shared_network_json(shared_networks): + from vyos.kea import kea6_parse_options + from vyos.kea import kea6_parse_subnet + from json import dumps + out = [] + + for name, config in shared_networks.items(): + if 'disable' in config: + continue + + network = { + 'name': name, + 'subnet6': [] + } + options = kea6_parse_options(config) + + if 'interface' in config: + network['interface'] = config['interface'] + + if 'subnet' in config: + for subnet, subnet_config in config['subnet'].items(): + network['subnet6'].append(kea6_parse_subnet(subnet, subnet_config)) + + if options: + network['option-data'] = options + + out.append(network) + + return dumps(out, indent=4) + @register_test('vyos_defined') def vyos_defined(value, test_value=None, var_type=None): """ diff --git a/python/vyos/utils/file.py b/python/vyos/utils/file.py index 9f27a7fb9..2af87a0ca 100644 --- a/python/vyos/utils/file.py +++ b/python/vyos/utils/file.py @@ -141,6 +141,14 @@ def chmod_2775(path): bitmask = S_ISGID | S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH chmod(path, bitmask) +def chmod_775(path): + """ Make file executable by all """ + from stat import S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IWGRP, S_IXGRP, S_IROTH, S_IXOTH + + bitmask = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | \ + S_IROTH | S_IXOTH + chmod(path, bitmask) + def makedir(path, user=None, group=None): if os.path.exists(path): return diff --git a/python/vyos/utils/network.py b/python/vyos/utils/network.py index f1b3bac73..997ee6309 100644 --- a/python/vyos/utils/network.py +++ b/python/vyos/utils/network.py @@ -520,3 +520,37 @@ def get_vxlan_vni_filter(interface: str) -> list: os_configured_vnis.append(str(vniStart)) return os_configured_vnis + +# Calculate prefix length of an IPv6 range, where possible +# Python-ified from source: https://gitlab.isc.org/isc-projects/dhcp/-/blob/master/keama/confparse.c#L4591 +def ipv6_prefix_length(low, high): + import socket + + bytemasks = [0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff] + + try: + lo = bytearray(socket.inet_pton(socket.AF_INET6, low)) + hi = bytearray(socket.inet_pton(socket.AF_INET6, high)) + except: + return None + + xor = bytearray(a ^ b for a, b in zip(lo, hi)) + + plen = 0 + while plen < 128 and xor[plen // 8] == 0: + plen += 8 + + if plen == 128: + return plen + + for i in range((plen // 8) + 1, 16): + if xor[i] != 0: + return None + + for i in range(8): + msk = ~xor[plen // 8] & 0xff + + if msk == bytemasks[i]: + return plen + i + 1 + + return None diff --git a/smoketest/config-tests/dialup-router-medium-vpn b/smoketest/config-tests/dialup-router-medium-vpn index e10adbbc6..039a50594 100644 --- a/smoketest/config-tests/dialup-router-medium-vpn +++ b/smoketest/config-tests/dialup-router-medium-vpn @@ -257,7 +257,6 @@ set service dhcp-server shared-network-name LAN authoritative set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 domain-name 'vyos.net' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 domain-search 'vyos.net' -set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 enable-failover set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease '86400' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 name-server '192.168.0.1' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range LANDynamic start '192.168.0.200' @@ -268,16 +267,12 @@ set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-map set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping IPTV mac-address '00:50:01:31:b5:f6' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping McPrintus ip-address '192.168.0.60' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping McPrintus mac-address '00:50:01:58:ac:95' -set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping McPrintus static-mapping-parameters 'option domain-name-servers 192.168.0.6,192.168.0.17;' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping Mobile01 ip-address '192.168.0.109' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping Mobile01 mac-address '00:50:01:bc:ac:51' -set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping Mobile01 static-mapping-parameters 'option domain-name-servers 192.168.0.6,192.168.0.17;' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping camera1 ip-address '192.168.0.11' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping camera1 mac-address '00:50:01:70:b9:4d' -set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping camera1 static-mapping-parameters 'option domain-name-servers 192.168.0.6,192.168.0.17;' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping camera2 ip-address '192.168.0.12' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping camera2 mac-address '00:50:01:70:b7:4f' -set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping camera2 static-mapping-parameters 'option domain-name-servers 192.168.0.6,192.168.0.17;' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping pearTV ip-address '192.168.0.101' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping pearTV mac-address '00:50:01:ba:62:79' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping sand ip-address '192.168.0.110' diff --git a/smoketest/configs/basic-vyos b/smoketest/configs/basic-vyos index 78dba3ee2..fca4964bf 100644 --- a/smoketest/configs/basic-vyos +++ b/smoketest/configs/basic-vyos @@ -1,6 +1,7 @@ interfaces { ethernet eth0 { address 192.168.0.1/24 + address fe88::1/56 duplex auto smp-affinity auto speed auto @@ -90,6 +91,23 @@ service { } } } + dhcpv6-server { + shared-network-name LAN6 { + subnet fe88::/56 { + address-range { + prefix fe88::/56 { + temporary + } + } + prefix-delegation { + start fe88:0000:0000:0001:: { + prefix-length 64 + stop fe88:0000:0000:0010:: + } + } + } + } + } dns { forwarding { allow-from 192.168.0.0/16 diff --git a/smoketest/scripts/cli/test_service_dhcp-server.py b/smoketest/scripts/cli/test_service_dhcp-server.py index 093e43494..9f6e05ff3 100755 --- a/smoketest/scripts/cli/test_service_dhcp-server.py +++ b/smoketest/scripts/cli/test_service_dhcp-server.py @@ -14,11 +14,15 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +import os import unittest +from json import loads + from base_vyostest_shim import VyOSUnitTestSHIM from vyos.configsession import ConfigSessionError +from vyos.utils.dict import dict_search_recursive from vyos.utils.process import process_named_running from vyos.utils.file import read_file from vyos.template import address_from_cidr @@ -26,8 +30,10 @@ from vyos.template import inc_ip from vyos.template import dec_ip from vyos.template import netmask_from_cidr -PROCESS_NAME = 'dhcpd' -DHCPD_CONF = '/run/dhcp-server/dhcpd.conf' +PROCESS_NAME = 'kea-dhcp4' +CTRL_PROCESS_NAME = 'kea-ctrl-agent' +KEA4_CONF = '/run/kea/kea-dhcp4.conf' +KEA4_CTRL = '/run/kea/dhcp4-ctrl-socket' base_path = ['service', 'dhcp-server'] subnet = '192.0.2.0/25' router = inc_ip(subnet, 1) @@ -52,6 +58,36 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): self.cli_delete(base_path) self.cli_commit() + def walk_path(self, obj, path): + current = obj + + for i, key in enumerate(path): + if isinstance(key, str): + self.assertTrue(isinstance(current, dict), msg=f'Failed path: {path}') + self.assertTrue(key in current, msg=f'Failed path: {path}') + elif isinstance(key, int): + self.assertTrue(isinstance(current, list), msg=f'Failed path: {path}') + self.assertTrue(0 <= key < len(current), msg=f'Failed path: {path}') + else: + assert False, "Invalid type" + + current = current[key] + + return current + + def verify_config_object(self, obj, path, value): + base_obj = self.walk_path(obj, path) + self.assertTrue(isinstance(base_obj, list)) + self.assertTrue(any(True for v in base_obj if v == value)) + + def verify_config_value(self, obj, path, key, value): + base_obj = self.walk_path(obj, path) + if isinstance(base_obj, list): + self.assertTrue(any(True for v in base_obj if key in v and v[key] == value)) + elif isinstance(base_obj, dict): + self.assertTrue(key in base_obj) + self.assertEqual(base_obj[key], value) + def test_dhcp_single_pool_range(self): shared_net_name = 'SMOKE-1' @@ -60,15 +96,12 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): range_1_start = inc_ip(subnet, 40) range_1_stop = inc_ip(subnet, 50) - self.cli_set(base_path + ['dynamic-dns-update']) - pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet] # we use the first subnet IP address as default gateway self.cli_set(pool + ['default-router', router]) self.cli_set(pool + ['name-server', dns_1]) self.cli_set(pool + ['name-server', dns_2]) self.cli_set(pool + ['domain-name', domain_name]) - self.cli_set(pool + ['ping-check']) # check validate() - No DHCP address range or active static-mapping set with self.assertRaises(ConfigSessionError): @@ -81,20 +114,37 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): # commit changes self.cli_commit() - config = read_file(DHCPD_CONF) - network = address_from_cidr(subnet) - netmask = netmask_from_cidr(subnet) - self.assertIn(f'ddns-update-style interim;', config) - self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config) - self.assertIn(f'option domain-name-servers {dns_1}, {dns_2};', config) - self.assertIn(f'option routers {router};', config) - self.assertIn(f'option domain-name "{domain_name}";', config) - self.assertIn(f'default-lease-time 86400;', config) - self.assertIn(f'max-lease-time 86400;', config) - self.assertIn(f'ping-check true;', config) - self.assertIn(f'range {range_0_start} {range_0_stop};', config) - self.assertIn(f'range {range_1_start} {range_1_stop};', config) - self.assertIn(f'set shared-networkname = "{shared_net_name}";', config) + config = read_file(KEA4_CONF) + obj = loads(config) + + self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', shared_net_name) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'subnet', subnet) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'valid-lifetime', 86400) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'max-valid-lifetime', 86400) + + # Verify options + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'domain-name', 'data': domain_name}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'domain-name-servers', 'data': f'{dns_1}, {dns_2}'}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'routers', 'data': router}) + + # Verify pools + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'], + {'pool': f'{range_0_start} - {range_0_stop}'}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'], + {'pool': f'{range_1_start} - {range_1_stop}'}) # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) @@ -134,6 +184,7 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): self.cli_set(pool + ['static-route', '10.0.0.0/24', 'next-hop', '192.0.2.1']) self.cli_set(pool + ['ipv6-only-preferred', ipv6_only_preferred]) + self.cli_set(pool + ['time-zone', 'Europe/London']) # check validate() - No DHCP address range or active static-mapping set with self.assertRaises(ConfigSessionError): @@ -144,38 +195,89 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): # commit changes self.cli_commit() - config = read_file(DHCPD_CONF) - - network = address_from_cidr(subnet) - netmask = netmask_from_cidr(subnet) - self.assertIn(f'ddns-update-style none;', config) - self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config) - self.assertIn(f'option domain-name-servers {dns_1}, {dns_2};', config) - self.assertIn(f'option routers {router};', config) - self.assertIn(f'option domain-name "{domain_name}";', config) - - search = '"' + ('", "').join(search_domains) + '"' - self.assertIn(f'option domain-search {search};', config) - - self.assertIn(f'option ip-forwarding true;', config) - self.assertIn(f'option smtp-server {smtp_server};', config) - self.assertIn(f'option pop-server {smtp_server};', config) - self.assertIn(f'option time-servers {time_server};', config) - self.assertIn(f'option wpad-url "{wpad}";', config) - self.assertIn(f'option dhcp-server-identifier {server_identifier};', config) - self.assertIn(f'option tftp-server-name "{tftp_server}";', config) - self.assertIn(f'option bootfile-name "{bootfile_name}";', config) - self.assertIn(f'filename "{bootfile_name}";', config) - self.assertIn(f'next-server {bootfile_server};', config) - self.assertIn(f'default-lease-time 86400;', config) - self.assertIn(f'max-lease-time 86400;', config) - self.assertIn(f'range {range_0_start} {range_0_stop};', config) - self.assertIn(f'set shared-networkname = "{shared_net_name}";', config) - self.assertIn(f'option rfc8925-ipv6-only-preferred {ipv6_only_preferred};', config) - - # weird syntax for those static routes - self.assertIn(f'option rfc3442-static-route 24,10,0,0,192,0,2,1, 0,192,0,2,1;', config) - self.assertIn(f'option windows-static-route 24,10,0,0,192,0,2,1;', config) + config = read_file(KEA4_CONF) + obj = loads(config) + + self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', shared_net_name) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'subnet', subnet) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'boot-file-name', bootfile_name) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'next-server', bootfile_server) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'valid-lifetime', 86400) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'max-valid-lifetime', 86400) + + # Verify options + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'domain-name', 'data': domain_name}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'domain-name-servers', 'data': f'{dns_1}, {dns_2}'}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'domain-search', 'data': ', '.join(search_domains)}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'pop-server', 'data': smtp_server}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'smtp-server', 'data': smtp_server}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'time-servers', 'data': time_server}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'routers', 'data': router}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'dhcp-server-identifier', 'data': server_identifier}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'tftp-server-name', 'data': tftp_server}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'wpad-url', 'data': wpad}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'rfc3442-static-route', 'data': '24,10,0,0,192,0,2,1, 0,192,0,2,1'}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'windows-static-route', 'data': '24,10,0,0,192,0,2,1'}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'v6-only-preferred', 'data': ipv6_only_preferred}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'ip-forwarding', 'data': "true"}) + + # Time zone + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'pcode', 'data': 'GMT0BST,M3.5.0/1,M10.5.0'}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'tcode', 'data': 'Europe/London'}) + + # Verify pools + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'], + {'pool': f'{range_0_start} - {range_0_stop}'}) # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) @@ -205,27 +307,39 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): # commit changes self.cli_commit() - config = read_file(DHCPD_CONF) - network = address_from_cidr(subnet) - netmask = netmask_from_cidr(subnet) - self.assertIn(f'ddns-update-style none;', config) - self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config) - self.assertIn(f'option domain-name-servers {dns_1}, {dns_2};', config) - self.assertIn(f'option routers {router};', config) - self.assertIn(f'option domain-name "{domain_name}";', config) - self.assertIn(f'default-lease-time 86400;', config) - self.assertIn(f'max-lease-time 86400;', config) + config = read_file(KEA4_CONF) + obj = loads(config) + + self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', shared_net_name) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'subnet', subnet) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'valid-lifetime', 86400) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'max-valid-lifetime', 86400) + + # Verify options + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'domain-name', 'data': domain_name}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'domain-name-servers', 'data': f'{dns_1}, {dns_2}'}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'routers', 'data': router}) client_base = 10 for client in ['client1', 'client2', 'client3']: mac = '00:50:00:00:00:{}'.format(client_base) ip = inc_ip(subnet, client_base) - self.assertIn(f'host {shared_net_name}_{client}' + ' {', config) - self.assertIn(f'fixed-address {ip};', config) - self.assertIn(f'hardware ethernet {mac};', config) - client_base += 1 - self.assertIn(f'set shared-networkname = "{shared_net_name}";', config) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'reservations'], + {'hw-address': mac, 'ip-address': ip}) + + client_base += 1 # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) @@ -266,7 +380,9 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): # commit changes self.cli_commit() - config = read_file(DHCPD_CONF) + config = read_file(KEA4_CONF) + obj = loads(config) + for network in ['0', '1', '2', '3']: shared_net_name = f'VyOS-SMOKETEST-{network}' subnet = f'192.0.{network}.0/24' @@ -278,27 +394,43 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): range_1_start = inc_ip(subnet, 30) range_1_stop = inc_ip(subnet, 40) - network = address_from_cidr(subnet) - netmask = netmask_from_cidr(subnet) - - self.assertIn(f'ddns-update-style none;', config) - self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config) - self.assertIn(f'option domain-name-servers {dns_1};', config) - self.assertIn(f'option routers {router};', config) - self.assertIn(f'option domain-name "{domain_name}";', config) - self.assertIn(f'default-lease-time {lease_time};', config) - self.assertIn(f'max-lease-time {lease_time};', config) - self.assertIn(f'range {range_0_start} {range_0_stop};', config) - self.assertIn(f'range {range_1_start} {range_1_stop};', config) - self.assertIn(f'set shared-networkname = "{shared_net_name}";', config) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', shared_net_name) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', int(network), 'subnet4'], 'subnet', subnet) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', int(network), 'subnet4'], 'valid-lifetime', int(lease_time)) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', int(network), 'subnet4'], 'max-valid-lifetime', int(lease_time)) + + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', int(network), 'subnet4', 0, 'option-data'], + {'name': 'domain-name', 'data': domain_name}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', int(network), 'subnet4', 0, 'option-data'], + {'name': 'domain-name-servers', 'data': dns_1}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', int(network), 'subnet4', 0, 'option-data'], + {'name': 'routers', 'data': router}) + + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', int(network), 'subnet4', 0, 'pools'], + {'pool': f'{range_0_start} - {range_0_stop}'}) + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', int(network), 'subnet4', 0, 'pools'], + {'pool': f'{range_1_start} - {range_1_stop}'}) client_base = 60 for client in ['client1', 'client2', 'client3', 'client4']: mac = '02:50:00:00:00:{}'.format(client_base) ip = inc_ip(subnet, client_base) - self.assertIn(f'host {shared_net_name}_{client}' + ' {', config) - self.assertIn(f'fixed-address {ip};', config) - self.assertIn(f'hardware ethernet {mac};', config) + + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', int(network), 'subnet4', 0, 'reservations'], + {'hw-address': mac, 'ip-address': ip}) + client_base += 1 # Check for running process @@ -319,14 +451,23 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): # commit changes self.cli_commit() - # VErify - config = read_file(DHCPD_CONF) - network = address_from_cidr(subnet) - netmask = netmask_from_cidr(subnet) + config = read_file(KEA4_CONF) + obj = loads(config) - self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config) - self.assertIn(f'option routers {router};', config) - self.assertIn(f'range {range_0_start} {range_0_stop};', config) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', 'EXCLUDE-TEST') + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'subnet', subnet) + + # Verify options + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'routers', 'data': router}) + + # Verify pools + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'], + {'pool': f'{range_0_start} - {range_0_stop}'}) # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) @@ -352,15 +493,27 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): # commit changes self.cli_commit() - # Verify - config = read_file(DHCPD_CONF) - network = address_from_cidr(subnet) - netmask = netmask_from_cidr(subnet) + config = read_file(KEA4_CONF) + obj = loads(config) + + self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', 'EXCLUDE-TEST-2') + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'subnet', subnet) - self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config) - self.assertIn(f'option routers {router};', config) - self.assertIn(f'range {range_0_start} {range_0_stop_excl};', config) - self.assertIn(f'range {range_0_start_excl} {range_0_stop};', config) + # Verify options + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'routers', 'data': router}) + + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'], + {'pool': f'{range_0_start} - {range_0_stop_excl}'}) + + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'], + {'pool': f'{range_0_start_excl} - {range_0_stop}'}) # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) @@ -384,41 +537,23 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): # commit changes self.cli_commit() - config = read_file(DHCPD_CONF) - network = address_from_cidr(subnet) - netmask = netmask_from_cidr(subnet) - # Check the relay network - self.assertIn(f'subnet {network} netmask {netmask}' + r' { }', config) - - relay_network = address_from_cidr(relay_subnet) - relay_netmask = netmask_from_cidr(relay_subnet) - self.assertIn(f'subnet {relay_network} netmask {relay_netmask}' + r' {', config) - self.assertIn(f'option routers {relay_router};', config) - self.assertIn(f'range {range_0_start} {range_0_stop};', config) - - # Check for running process - self.assertTrue(process_named_running(PROCESS_NAME)) - - def test_dhcp_invalid_raw_options(self): - shared_net_name = 'SMOKE-5' + config = read_file(KEA4_CONF) + obj = loads(config) - range_0_start = inc_ip(subnet, 10) - range_0_stop = inc_ip(subnet, 20) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', 'RELAY') + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'subnet', relay_subnet) - pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet] - # we use the first subnet IP address as default gateway - self.cli_set(pool + ['default-router', router]) - self.cli_set(pool + ['range', '0', 'start', range_0_start]) - self.cli_set(pool + ['range', '0', 'stop', range_0_stop]) + # Verify options + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'routers', 'data': relay_router}) - self.cli_set(base_path + ['global-parameters', 'this-is-crap']) - # check generate() - dhcpd should not acceot this garbage config - with self.assertRaises(ConfigSessionError): - self.cli_commit() - self.cli_delete(base_path + ['global-parameters']) - - # commit changes - self.cli_commit() + # Verify pools + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'], + {'pool': f'{range_0_start} - {range_0_stop}'}) # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) @@ -449,41 +584,43 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ['failover', 'remote', failover_remote]) self.cli_set(base_path + ['failover', 'status', 'primary']) - # check validate() - failover needs to be enabled for at least one subnet - with self.assertRaises(ConfigSessionError): - self.cli_commit() - self.cli_set(pool + ['enable-failover']) - # commit changes self.cli_commit() - config = read_file(DHCPD_CONF) - - self.assertIn(f'failover peer "{failover_name}"' + r' {', config) - self.assertIn(f'primary;', config) - self.assertIn(f'mclt 1800;', config) - self.assertIn(f'mclt 1800;', config) - self.assertIn(f'split 128;', config) - self.assertIn(f'port 647;', config) - self.assertIn(f'peer port 647;', config) - self.assertIn(f'max-response-delay 30;', config) - self.assertIn(f'max-unacked-updates 10;', config) - self.assertIn(f'load balance max seconds 3;', config) - self.assertIn(f'address {failover_local};', config) - self.assertIn(f'peer address {failover_remote};', config) - - network = address_from_cidr(subnet) - netmask = netmask_from_cidr(subnet) - self.assertIn(f'ddns-update-style none;', config) - self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config) - self.assertIn(f'option routers {router};', config) - self.assertIn(f'range {range_0_start} {range_0_stop};', config) - self.assertIn(f'set shared-networkname = "{shared_net_name}";', config) - self.assertIn(f'failover peer "{failover_name}";', config) - self.assertIn(f'deny dynamic bootp clients;', config) + config = read_file(KEA4_CONF) + obj = loads(config) + + # Verify failover + self.verify_config_value(obj, ['Dhcp4', 'control-socket'], 'socket-name', KEA4_CTRL) + + self.verify_config_object( + obj, + ['Dhcp4', 'hooks-libraries', 0, 'parameters', 'high-availability', 0, 'peers'], + {'name': os.uname()[1], 'url': f'http://{failover_local}:647/', 'role': 'primary', 'auto-failover': True}) + + self.verify_config_object( + obj, + ['Dhcp4', 'hooks-libraries', 0, 'parameters', 'high-availability', 0, 'peers'], + {'name': failover_name, 'url': f'http://{failover_remote}:647/', 'role': 'standby', 'auto-failover': True}) + + self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', shared_net_name) + self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'subnet', subnet) + + # Verify options + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'], + {'name': 'routers', 'data': router}) + + # Verify pools + self.verify_config_object( + obj, + ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'], + {'pool': f'{range_0_start} - {range_0_stop}'}) # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) + self.assertTrue(process_named_running(CTRL_PROCESS_NAME)) if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_service_dhcpv6-server.py b/smoketest/scripts/cli/test_service_dhcpv6-server.py index 4d9dabc3f..175a67537 100755 --- a/smoketest/scripts/cli/test_service_dhcpv6-server.py +++ b/smoketest/scripts/cli/test_service_dhcpv6-server.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020-2022 VyOS maintainers and contributors +# Copyright (C) 2020-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -16,6 +16,8 @@ import unittest +from json import loads + from base_vyostest_shim import VyOSUnitTestSHIM from vyos.configsession import ConfigSessionError @@ -23,8 +25,8 @@ from vyos.template import inc_ip from vyos.utils.process import process_named_running from vyos.utils.file import read_file -PROCESS_NAME = 'dhcpd' -DHCPD_CONF = '/run/dhcp-server/dhcpdv6.conf' +PROCESS_NAME = 'kea-dhcp6' +KEA6_CONF = '/run/kea/kea-dhcp6.conf' base_path = ['service', 'dhcpv6-server'] subnet = '2001:db8:f00::/64' @@ -52,6 +54,36 @@ class TestServiceDHCPv6Server(VyOSUnitTestSHIM.TestCase): self.cli_delete(base_path) self.cli_commit() + def walk_path(self, obj, path): + current = obj + + for i, key in enumerate(path): + if isinstance(key, str): + self.assertTrue(isinstance(current, dict), msg=f'Failed path: {path}') + self.assertTrue(key in current, msg=f'Failed path: {path}') + elif isinstance(key, int): + self.assertTrue(isinstance(current, list), msg=f'Failed path: {path}') + self.assertTrue(0 <= key < len(current), msg=f'Failed path: {path}') + else: + assert False, "Invalid type" + + current = current[key] + + return current + + def verify_config_object(self, obj, path, value): + base_obj = self.walk_path(obj, path) + self.assertTrue(isinstance(base_obj, list)) + self.assertTrue(any(True for v in base_obj if v == value)) + + def verify_config_value(self, obj, path, key, value): + base_obj = self.walk_path(obj, path) + if isinstance(base_obj, list): + self.assertTrue(any(True for v in base_obj if key in v and v[key] == value)) + elif isinstance(base_obj, dict): + self.assertTrue(key in base_obj) + self.assertEqual(base_obj[key], value) + def test_single_pool(self): shared_net_name = 'SMOKE-1' search_domains = ['foo.vyos.net', 'bar.vyos.net'] @@ -99,34 +131,66 @@ class TestServiceDHCPv6Server(VyOSUnitTestSHIM.TestCase): # commit changes self.cli_commit() - config = read_file(DHCPD_CONF) - self.assertIn(f'option dhcp6.preference {preference};', config) - - self.assertIn(f'subnet6 {subnet}' + r' {', config) - search = '"' + '", "'.join(search_domains) + '"' - nissrv = ', '.join(nis_servers) - self.assertIn(f'range6 {range_start} {range_stop};', config) - self.assertIn(f'default-lease-time {lease_time};', config) - self.assertIn(f'default-lease-time {lease_time};', config) - self.assertIn(f'max-lease-time {max_lease_time};', config) - self.assertIn(f'min-lease-time {min_lease_time};', config) - self.assertIn(f'option dhcp6.domain-search {search};', config) - self.assertIn(f'option dhcp6.name-servers {dns_1}, {dns_2};', config) - self.assertIn(f'option dhcp6.nis-domain-name "{domain}";', config) - self.assertIn(f'option dhcp6.nis-servers {nissrv};', config) - self.assertIn(f'option dhcp6.nisp-domain-name "{domain}";', config) - self.assertIn(f'option dhcp6.nisp-servers {nissrv};', config) - self.assertIn(f'set shared-networkname = "{shared_net_name}";', config) + config = read_file(KEA6_CONF) + obj = loads(config) + + self.verify_config_value(obj, ['Dhcp6', 'shared-networks'], 'name', shared_net_name) + self.verify_config_value(obj, ['Dhcp6', 'shared-networks', 0, 'subnet6'], 'subnet', subnet) + self.verify_config_value(obj, ['Dhcp6', 'shared-networks', 0, 'subnet6'], 'valid-lifetime', int(lease_time)) + self.verify_config_value(obj, ['Dhcp6', 'shared-networks', 0, 'subnet6'], 'min-valid-lifetime', int(min_lease_time)) + self.verify_config_value(obj, ['Dhcp6', 'shared-networks', 0, 'subnet6'], 'max-valid-lifetime', int(max_lease_time)) + + # Verify options + self.verify_config_object( + obj, + ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'], + {'name': 'dns-servers', 'data': f'{dns_1}, {dns_2}'}) + self.verify_config_object( + obj, + ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'], + {'name': 'domain-search', 'data': ", ".join(search_domains)}) + self.verify_config_object( + obj, + ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'], + {'name': 'nis-domain-name', 'data': domain}) + self.verify_config_object( + obj, + ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'], + {'name': 'nis-servers', 'data': ", ".join(nis_servers)}) + self.verify_config_object( + obj, + ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'], + {'name': 'nisp-domain-name', 'data': domain}) + self.verify_config_object( + obj, + ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'], + {'name': 'nisp-servers', 'data': ", ".join(nis_servers)}) + self.verify_config_object( + obj, + ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'], + {'name': 'sntp-servers', 'data': sntp_server}) + self.verify_config_object( + obj, + ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'], + {'name': 'sip-server-dns', 'data': sip_server}) + + # Verify pools + self.verify_config_object( + obj, + ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'pools'], + {'pool': f'{range_start} - {range_stop}'}) client_base = 1 for client in ['client1', 'client2', 'client3']: cid = '00:01:00:01:12:34:56:78:aa:bb:cc:dd:ee:{}'.format(client_base) ip = inc_ip(subnet, client_base) prefix = inc_ip(subnet, client_base << 64) + '/64' - self.assertIn(f'host {shared_net_name}_{client}' + ' {', config) - self.assertIn(f'fixed-address6 {ip};', config) - self.assertIn(f'fixed-prefix6 {prefix};', config) - self.assertIn(f'host-identifier option dhcp6.client-id {cid};', config) + + self.verify_config_object( + obj, + ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'reservations'], + {'duid': cid, 'ip-addresses': [ip], 'prefixes': [prefix]}) + client_base += 1 # Check for running process @@ -138,22 +202,34 @@ class TestServiceDHCPv6Server(VyOSUnitTestSHIM.TestCase): range_start = inc_ip(subnet, 256) # ::100 range_stop = inc_ip(subnet, 65535) # ::ffff delegate_start = '2001:db8:ee::' - delegate_stop = '2001:db8:ee:ff00::' - delegate_len = '56' + delegate_len = '64' + prefix_len = '56' pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet] self.cli_set(pool + ['address-range', 'start', range_start, 'stop', range_stop]) - self.cli_set(pool + ['prefix-delegation', 'start', delegate_start, 'stop', delegate_stop]) - self.cli_set(pool + ['prefix-delegation', 'start', delegate_start, 'prefix-length', delegate_len]) + self.cli_set(pool + ['prefix-delegation', 'prefix', delegate_start, 'delegated-length', delegate_len]) + self.cli_set(pool + ['prefix-delegation', 'prefix', delegate_start, 'prefix-length', prefix_len]) # commit changes self.cli_commit() - config = read_file(DHCPD_CONF) - self.assertIn(f'subnet6 {subnet}' + r' {', config) - self.assertIn(f'range6 {range_start} {range_stop};', config) - self.assertIn(f'prefix6 {delegate_start} {delegate_stop} /{delegate_len};', config) + config = read_file(KEA6_CONF) + obj = loads(config) + + self.verify_config_value(obj, ['Dhcp6', 'shared-networks'], 'name', shared_net_name) + self.verify_config_value(obj, ['Dhcp6', 'shared-networks', 0, 'subnet6'], 'subnet', subnet) + + # Verify pools + self.verify_config_object( + obj, + ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'pools'], + {'pool': f'{range_start} - {range_stop}'}) + + self.verify_config_object( + obj, + ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'pd-pools'], + {'prefix': delegate_start, 'prefix-len': int(prefix_len), 'delegated-len': int(delegate_len)}) # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) @@ -170,10 +246,16 @@ class TestServiceDHCPv6Server(VyOSUnitTestSHIM.TestCase): # commit changes self.cli_commit() - config = read_file(DHCPD_CONF) - self.assertIn(f'option dhcp6.name-servers {ns_global_1}, {ns_global_2};', config) - self.assertIn(f'subnet6 {subnet}' + r' {', config) - self.assertIn(f'set shared-networkname = "{shared_net_name}";', config) + config = read_file(KEA6_CONF) + obj = loads(config) + + self.verify_config_value(obj, ['Dhcp6', 'shared-networks'], 'name', shared_net_name) + self.verify_config_value(obj, ['Dhcp6', 'shared-networks', 0, 'subnet6'], 'subnet', subnet) + + self.verify_config_object( + obj, + ['Dhcp6', 'option-data'], + {'name': 'dns-servers', "code": 23, "space": "dhcp6", "csv-format": True, 'data': f'{ns_global_1}, {ns_global_2}'}) # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) diff --git a/smoketest/scripts/cli/test_service_https.py b/smoketest/scripts/cli/test_service_https.py index 6cb91bcf1..703e3e8c4 100755 --- a/smoketest/scripts/cli/test_service_https.py +++ b/smoketest/scripts/cli/test_service_https.py @@ -23,6 +23,7 @@ from urllib3.exceptions import InsecureRequestWarning from base_vyostest_shim import VyOSUnitTestSHIM from base_vyostest_shim import ignore_warning from vyos.utils.file import read_file +from vyos.utils.process import call from vyos.utils.process import process_named_running from vyos.configsession import ConfigSessionError @@ -51,6 +52,23 @@ MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPLpD0Ohhoq0g4nhx u8/3jHMM7sDwL3aWzW/zp54/LhCWUoLMjDdDEEigK4fal4ZF9aA9F0Ww """ +# to test load config via HTTP URL +nginx_conf_smoketest = """ +server { + listen 8000; + server_name localhost; + + root /tmp; + + index index.html; + + location / { + try_files $uri $uri/ =404; + autoindex on; + } +} +""" + PROCESS_NAME = 'nginx' class TestHTTPSService(VyOSUnitTestSHIM.TestCase): @@ -375,6 +393,57 @@ class TestHTTPSService(VyOSUnitTestSHIM.TestCase): r = request('POST', url, verify=False, headers=headers, data=payload) self.assertEqual(r.status_code, 200) + @ignore_warning(InsecureRequestWarning) + def test_api_config_file_load_http(self): + """Test load config from HTTP URL + """ + address = '127.0.0.1' + key = 'VyOS-key' + url = f'https://{address}/config-file' + url_config = f'https://{address}/configure' + headers = {} + tmp_file = 'tmp-config.boot' + nginx_tmp_site = '/etc/nginx/sites-enabled/smoketest' + + self.cli_set(base_path + ['api', 'keys', 'id', 'key-01', 'key', key]) + self.cli_commit() + + # load config via HTTP requires nginx config + call(f'sudo touch {nginx_tmp_site}') + call(f'sudo chown vyos:vyattacfg {nginx_tmp_site}') + call(f'sudo chmod +w {nginx_tmp_site}') + + with open(nginx_tmp_site, 'w') as f: + f.write(nginx_conf_smoketest) + call('sudo nginx -s reload') + + # save config + payload = { + 'data': '{"op": "save", "file": "/tmp/tmp-config.boot"}', + 'key': f'{key}', + } + r = request('POST', url, verify=False, headers=headers, data=payload) + self.assertEqual(r.status_code, 200) + + # change config + payload = { + 'data': '{"op": "set", "path": ["interfaces", "dummy", "dum1", "address", "192.0.2.31/32"]}', + 'key': f'{key}', + } + r = request('POST', url_config, verify=False, headers=headers, data=payload) + self.assertEqual(r.status_code, 200) + + # load config from URL + payload = { + 'data': '{"op": "load", "file": "http://localhost:8000/tmp-config.boot"}', + 'key': f'{key}', + } + r = request('POST', url, verify=False, headers=headers, data=payload) + self.assertEqual(r.status_code, 200) + + # cleanup tmp nginx conf + call(f'sudo rm -rf {nginx_tmp_site}') + call('sudo nginx -s reload') if __name__ == '__main__': unittest.main(verbosity=5) diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py index ac7d95632..66f7c8057 100755 --- a/src/conf_mode/dhcp_server.py +++ b/src/conf_mode/dhcp_server.py @@ -21,10 +21,16 @@ from ipaddress import ip_network from netaddr import IPAddress from netaddr import IPRange from sys import exit +from time import sleep from vyos.config import Config +from vyos.pki import wrap_certificate +from vyos.pki import wrap_private_key from vyos.template import render from vyos.utils.dict import dict_search +from vyos.utils.dict import dict_search_args +from vyos.utils.file import chmod_775 +from vyos.utils.file import write_file from vyos.utils.process import call from vyos.utils.process import run from vyos.utils.network import is_subnet_connected @@ -33,8 +39,14 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -config_file = '/run/dhcp-server/dhcpd.conf' -systemd_override = r'/run/systemd/system/isc-dhcp-server.service.d/10-override.conf' +ctrl_config_file = '/run/kea/kea-ctrl-agent.conf' +ctrl_socket = '/run/kea/dhcp4-ctrl-socket' +config_file = '/run/kea/kea-dhcp4.conf' +lease_file = '/config/dhcp4.leases' + +ca_cert_file = '/run/kea/kea-failover-ca.pem' +cert_file = '/run/kea/kea-failover.pem' +cert_key_file = '/run/kea/kea-failover-key.pem' def dhcp_slice_range(exclude_list, range_dict): """ @@ -130,6 +142,9 @@ def get_config(config=None): dhcp['shared_network_name'][network]['subnet'][subnet].update( {'range' : new_range_dict}) + if dict_search('failover.certificate', dhcp): + dhcp['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'), get_first_key=True, no_tag_node_value_mangle=True) + return dhcp def verify(dhcp): @@ -166,13 +181,6 @@ def verify(dhcp): if 'next_hop' not in route_option: raise ConfigError(f'DHCP static-route "{route}" requires router to be defined!') - # DHCP failover needs at least one subnet that uses it - if 'enable_failover' in subnet_config: - if 'failover' not in dhcp: - raise ConfigError(f'Can not enable failover for "{subnet}" in "{network}".\n' \ - 'Failover is not configured globally!') - failover_ok = True - # Check if DHCP address range is inside configured subnet declaration if 'range' in subnet_config: networks = [] @@ -249,14 +257,34 @@ def verify(dhcp): raise ConfigError(f'At least one shared network must be active!') if 'failover' in dhcp: - if not failover_ok: - raise ConfigError('DHCP failover must be enabled for at least one subnet!') - for key in ['name', 'remote', 'source_address', 'status']: if key not in dhcp['failover']: tmp = key.replace('_', '-') raise ConfigError(f'DHCP failover requires "{tmp}" to be specified!') + if len({'certificate', 'ca_certificate'} & set(dhcp['failover'])) == 1: + raise ConfigError(f'DHCP secured failover requires both certificate and CA certificate') + + if 'certificate' in dhcp['failover']: + cert_name = dhcp['failover']['certificate'] + + if cert_name not in dhcp['pki']['certificate']: + raise ConfigError(f'Invalid certificate specified for DHCP failover') + + if not dict_search_args(dhcp['pki']['certificate'], cert_name, 'certificate'): + raise ConfigError(f'Invalid certificate specified for DHCP failover') + + if not dict_search_args(dhcp['pki']['certificate'], cert_name, 'private', 'key'): + raise ConfigError(f'Missing private key on certificate specified for DHCP failover') + + if 'ca_certificate' in dhcp['failover']: + ca_cert_name = dhcp['failover']['ca_certificate'] + if ca_cert_name not in dhcp['pki']['ca']: + raise ConfigError(f'Invalid CA certificate specified for DHCP failover') + + if not dict_search_args(dhcp['pki']['ca'], ca_cert_name, 'certificate'): + raise ConfigError(f'Invalid CA certificate specified for DHCP failover') + for address in (dict_search('listen_address', dhcp) or []): if is_addr_assigned(address): listen_ok = True @@ -278,43 +306,71 @@ def generate(dhcp): if not dhcp or 'disable' in dhcp: return None - # Please see: https://vyos.dev/T1129 for quoting of the raw - # parameters we can pass to ISC DHCPd - tmp_file = '/tmp/dhcpd.conf' - render(tmp_file, 'dhcp-server/dhcpd.conf.j2', dhcp, - formater=lambda _: _.replace(""", '"')) - # XXX: as we have the ability for a user to pass in "raw" options via VyOS - # CLI (see T3544) we now ask ISC dhcpd to test the newly rendered - # configuration - tmp = run(f'/usr/sbin/dhcpd -4 -q -t -cf {tmp_file}') - if tmp > 0: - if os.path.exists(tmp_file): - os.unlink(tmp_file) - raise ConfigError('Configuration file errors encountered - check your options!') - - # Now that we know that the newly rendered configuration is "good" we can - # render the "real" configuration - render(config_file, 'dhcp-server/dhcpd.conf.j2', dhcp, - formater=lambda _: _.replace(""", '"')) - render(systemd_override, 'dhcp-server/10-override.conf.j2', dhcp) - - # Clean up configuration test file - if os.path.exists(tmp_file): - os.unlink(tmp_file) + dhcp['lease_file'] = lease_file + dhcp['machine'] = os.uname().machine + + if not os.path.exists(lease_file): + write_file(lease_file, '', user='_kea', group='vyattacfg', mode=0o755) + + for f in [cert_file, cert_key_file, ca_cert_file]: + if os.path.exists(f): + os.unlink(f) + + if 'failover' in dhcp: + if 'certificate' in dhcp['failover']: + cert_name = dhcp['failover']['certificate'] + cert_data = dhcp['pki']['certificate'][cert_name]['certificate'] + key_data = dhcp['pki']['certificate'][cert_name]['private']['key'] + write_file(cert_file, wrap_certificate(cert_data), user='_kea', mode=0o600) + write_file(cert_key_file, wrap_private_key(key_data), user='_kea', mode=0o600) + + dhcp['failover']['cert_file'] = cert_file + dhcp['failover']['cert_key_file'] = cert_key_file + + if 'ca_certificate' in dhcp['failover']: + ca_cert_name = dhcp['failover']['ca_certificate'] + ca_cert_data = dhcp['pki']['ca'][ca_cert_name]['certificate'] + write_file(ca_cert_file, wrap_certificate(ca_cert_data), user='_kea', mode=0o600) + + dhcp['failover']['ca_cert_file'] = ca_cert_file + + render(ctrl_config_file, 'dhcp-server/kea-ctrl-agent.conf.j2', dhcp) + render(config_file, 'dhcp-server/kea-dhcp4.conf.j2', dhcp) return None def apply(dhcp): - call('systemctl daemon-reload') - # bail out early - looks like removal from running config + services = ['kea-ctrl-agent', 'kea-dhcp4-server', 'kea-dhcp-ddns-server'] + if not dhcp or 'disable' in dhcp: - call('systemctl stop isc-dhcp-server.service') + for service in services: + call(f'systemctl stop {service}.service') + if os.path.exists(config_file): os.unlink(config_file) return None - call('systemctl restart isc-dhcp-server.service') + for service in services: + action = 'restart' + + if service == 'kea-dhcp-ddns-server' and 'dynamic_dns_update' not in dhcp: + action = 'stop' + + if service == 'kea-ctrl-agent' and 'failover' not in dhcp: + action = 'stop' + + call(f'systemctl {action} {service}.service') + + # op-mode needs ctrl socket permission change + i = 0 + while not os.path.exists(ctrl_socket): + if i > 15: + break + i += 1 + sleep(1) + chmod_775(ctrl_socket) + return None if __name__ == '__main__': diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py index 427001609..73a708ff5 100755 --- a/src/conf_mode/dhcpv6_server.py +++ b/src/conf_mode/dhcpv6_server.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2022 VyOS maintainers and contributors +# Copyright (C) 2018-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -19,18 +19,23 @@ import os from ipaddress import ip_address from ipaddress import ip_network from sys import exit +from time import sleep from vyos.config import Config from vyos.template import render from vyos.template import is_ipv6 from vyos.utils.process import call +from vyos.utils.file import chmod_775 +from vyos.utils.file import write_file from vyos.utils.dict import dict_search from vyos.utils.network import is_subnet_connected from vyos import ConfigError from vyos import airbag airbag.enable() -config_file = '/run/dhcp-server/dhcpdv6.conf' +config_file = '/run/kea/kea-dhcp6.conf' +ctrl_socket = '/run/kea/dhcp6-ctrl-socket' +lease_file = '/config/dhcp6.leases' def get_config(config=None): if config: @@ -110,17 +115,20 @@ def verify(dhcpv6): # Prefix delegation sanity checks if 'prefix_delegation' in subnet_config: - if 'start' not in subnet_config['prefix_delegation']: - raise ConfigError('prefix-delegation start address not defined!') + if 'prefix' not in subnet_config['prefix_delegation']: + raise ConfigError('prefix-delegation prefix not defined!') - for prefix, prefix_config in subnet_config['prefix_delegation']['start'].items(): - if 'stop' not in prefix_config: - raise ConfigError(f'Stop address of delegated IPv6 prefix range "{prefix}" '\ + for prefix, prefix_config in subnet_config['prefix_delegation']['prefix'].items(): + if 'delegated_length' not in prefix_config: + raise ConfigError(f'Delegated IPv6 prefix length for "{prefix}" '\ f'must be configured') if 'prefix_length' not in prefix_config: raise ConfigError('Length of delegated IPv6 prefix must be configured') + if prefix_config['prefix_length'] > prefix_config['delegated_length']: + raise ConfigError('Length of delegated IPv6 prefix must be within parent prefix') + # Static mappings don't require anything (but check if IP is in subnet if it's set) if 'static_mapping' in subnet_config: for mapping, mapping_config in subnet_config['static_mapping'].items(): @@ -168,12 +176,18 @@ def generate(dhcpv6): if not dhcpv6 or 'disable' in dhcpv6: return None - render(config_file, 'dhcp-server/dhcpdv6.conf.j2', dhcpv6) + dhcpv6['lease_file'] = lease_file + dhcpv6['machine'] = os.uname().machine + + if not os.path.exists(lease_file): + write_file(lease_file, '', user='_kea', group='vyattacfg', mode=0o755) + + render(config_file, 'dhcp-server/kea-dhcp6.conf.j2', dhcpv6) return None def apply(dhcpv6): # bail out early - looks like removal from running config - service_name = 'isc-dhcp-server6.service' + service_name = 'kea-dhcp6-server.service' if not dhcpv6 or 'disable' in dhcpv6: # DHCP server is removed in the commit call(f'systemctl stop {service_name}') @@ -182,6 +196,16 @@ def apply(dhcpv6): return None call(f'systemctl restart {service_name}') + + # op-mode needs ctrl socket permission change + i = 0 + while not os.path.exists(ctrl_socket): + if i > 15: + break + i += 1 + sleep(1) + chmod_775(ctrl_socket) + return None if __name__ == '__main__': diff --git a/src/conf_mode/dns_dynamic.py b/src/conf_mode/dns_dynamic.py index 3ddc8e7fd..c4dcb76ed 100755 --- a/src/conf_mode/dns_dynamic.py +++ b/src/conf_mode/dns_dynamic.py @@ -18,6 +18,7 @@ import os from sys import exit +from vyos.base import Warning from vyos.config import Config from vyos.configverify import verify_interface_exists from vyos.template import render @@ -88,7 +89,12 @@ def verify(dyndns): # If dyndns address is an interface, ensure that it exists # and that web-options are not set if config['address'] != 'web': - verify_interface_exists(config['address']) + # exclude check interface for dynamic interfaces + interface_filter = ('pppoe', 'sstpc') + if config['address'].startswith(interface_filter): + Warning(f'interface {config["address"]} does not exist!') + else: + verify_interface_exists(config['address']) if 'web_options' in config: raise ConfigError(f'"web-options" is applicable only when using HTTP(S) web request to obtain the IP address') diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index cd85a5066..aeac82462 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -331,7 +331,7 @@ def apply(login): if tmp: command += f" --home '{tmp}'" else: command += f" --home '/home/{user}'" - command += f' --groups frr,frrvty,vyattacfg,sudo,adm,dip,disk {user}' + command += f' --groups frr,frrvty,vyattacfg,sudo,adm,dip,disk,_kea {user}' try: cmd(command) diff --git a/src/etc/systemd/system/kea-ctrl-agent.service.d/override.conf b/src/etc/systemd/system/kea-ctrl-agent.service.d/override.conf new file mode 100644 index 000000000..0f5bf801e --- /dev/null +++ b/src/etc/systemd/system/kea-ctrl-agent.service.d/override.conf @@ -0,0 +1,9 @@ +[Unit] +After= +After=vyos-router.service + +[Service] +ExecStart= +ExecStart=/usr/sbin/kea-ctrl-agent -c /run/kea/kea-ctrl-agent.conf +AmbientCapabilities=CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_BIND_SERVICE diff --git a/src/etc/systemd/system/kea-dhcp4-server.service.d/override.conf b/src/etc/systemd/system/kea-dhcp4-server.service.d/override.conf new file mode 100644 index 000000000..682e5bbce --- /dev/null +++ b/src/etc/systemd/system/kea-dhcp4-server.service.d/override.conf @@ -0,0 +1,7 @@ +[Unit] +After= +After=vyos-router.service + +[Service] +ExecStart= +ExecStart=/usr/sbin/kea-dhcp4 -c /run/kea/kea-dhcp4.conf diff --git a/src/etc/systemd/system/kea-dhcp6-server.service.d/override.conf b/src/etc/systemd/system/kea-dhcp6-server.service.d/override.conf new file mode 100644 index 000000000..cb33fc057 --- /dev/null +++ b/src/etc/systemd/system/kea-dhcp6-server.service.d/override.conf @@ -0,0 +1,7 @@ +[Unit] +After= +After=vyos-router.service + +[Service] +ExecStart= +ExecStart=/usr/sbin/kea-dhcp6 -c /run/kea/kea-dhcp6.conf diff --git a/src/migration-scripts/dhcp-server/6-to-7 b/src/migration-scripts/dhcp-server/6-to-7 new file mode 100755 index 000000000..ccf385a30 --- /dev/null +++ b/src/migration-scripts/dhcp-server/6-to-7 @@ -0,0 +1,87 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2023 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# T3316: Migrate to Kea +# - global-parameters will not function +# - shared-network-parameters will not function +# - subnet-parameters will not function +# - static-mapping-parameters will not function +# - host-decl-name is on by default, option removed +# - ping-check no longer supported +# - failover is default enabled on all subnets that exist on failover servers + +import sys +from vyos.configtree import ConfigTree + +if (len(sys.argv) < 2): + print("Must specify file name!") + sys.exit(1) + +file_name = sys.argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['service', 'dhcp-server'] +config = ConfigTree(config_file) + +if not config.exists(base): + # Nothing to do + sys.exit(0) + +if config.exists(base + ['host-decl-name']): + config.delete(base + ['host-decl-name']) + +if config.exists(base + ['global-parameters']): + config.delete(base + ['global-parameters']) + +if config.exists(base + ['shared-network-name']): + for network in config.list_nodes(base + ['shared-network-name']): + base_network = base + ['shared-network-name', network] + + if config.exists(base_network + ['ping-check']): + config.delete(base_network + ['ping-check']) + + if config.exists(base_network + ['shared-network-parameters']): + config.delete(base_network +['shared-network-parameters']) + + if not config.exists(base_network + ['subnet']): + continue + + # Run this for every specified 'subnet' + for subnet in config.list_nodes(base_network + ['subnet']): + base_subnet = base_network + ['subnet', subnet] + + if config.exists(base_subnet + ['enable-failover']): + config.delete(base_subnet + ['enable-failover']) + + if config.exists(base_subnet + ['ping-check']): + config.delete(base_subnet + ['ping-check']) + + if config.exists(base_subnet + ['subnet-parameters']): + config.delete(base_subnet + ['subnet-parameters']) + + if config.exists(base_subnet + ['static-mapping']): + for mapping in config.list_nodes(base_subnet + ['static-mapping']): + if config.exists(base_subnet + ['static-mapping', mapping, 'static-mapping-parameters']): + config.delete(base_subnet + ['static-mapping', mapping, 'static-mapping-parameters']) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1) diff --git a/src/migration-scripts/dhcpv6-server/1-to-2 b/src/migration-scripts/dhcpv6-server/1-to-2 new file mode 100755 index 000000000..cc5a8900a --- /dev/null +++ b/src/migration-scripts/dhcpv6-server/1-to-2 @@ -0,0 +1,86 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2023 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# T3316: Migrate to Kea +# - Kea was meant to have support for key "prefix-highest" under PD which would allow an address range +# However this seems to have never been implemented. A conversion to prefix length is needed (where possible). +# Ref: https://lists.isc.org/pipermail/kea-users/2022-November/003686.html +# - Remove prefix temporary value, convert to multi leafNode (https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp6-srv.html#dhcpv6-server-limitations) + +import sys +from vyos.configtree import ConfigTree +from vyos.utils.network import ipv6_prefix_length + +if (len(sys.argv) < 1): + print("Must specify file name!") + sys.exit(1) + +file_name = sys.argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['service', 'dhcpv6-server', 'shared-network-name'] +config = ConfigTree(config_file) + +if not config.exists(base): + # Nothing to do + exit(0) + +for network in config.list_nodes(base): + if not config.exists(base + [network, 'subnet']): + continue + + for subnet in config.list_nodes(base + [network, 'subnet']): + # Delete temporary value under address-range prefix, convert tagNode to leafNode multi + if config.exists(base + [network, 'subnet', subnet, 'address-range', 'prefix']): + prefix_base = base + [network, 'subnet', subnet, 'address-range', 'prefix'] + prefixes = config.list_nodes(prefix_base) + + config.delete(prefix_base) + + for prefix in prefixes: + config.set(prefix_base, value=prefix, replace=False) + + if config.exists(base + [network, 'subnet', subnet, 'prefix-delegation', 'prefix']): + prefix_base = base + [network, 'subnet', subnet, 'prefix-delegation', 'prefix'] + + config.set(prefix_base) + config.set_tag(prefix_base) + + for start in config.list_nodes(base + [network, 'subnet', subnet, 'prefix-delegation', 'start']): + path = base + [network, 'subnet', subnet, 'prefix-delegation', 'start', start] + + delegated_length = config.return_value(path + ['prefix-length']) + stop = config.return_value(path + ['stop']) + + prefix_length = ipv6_prefix_length(start, stop) + + # This range could not be converted into a simple prefix length and must be skipped + if not prefix_length: + continue + + config.set(prefix_base + [start, 'delegated-length'], value=delegated_length) + config.set(prefix_base + [start, 'prefix-length'], value=prefix_length) + + config.delete(base + [network, 'subnet', subnet, 'prefix-delegation', 'start']) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1) diff --git a/src/op_mode/clear_dhcp_lease.py b/src/op_mode/clear_dhcp_lease.py index f372d3af0..2c95a2b08 100755 --- a/src/op_mode/clear_dhcp_lease.py +++ b/src/op_mode/clear_dhcp_lease.py @@ -1,20 +1,34 @@ #!/usr/bin/env python3 +# +# Copyright 2023 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. import argparse import re -from isc_dhcp_leases import Lease -from isc_dhcp_leases import IscDhcpLeases - from vyos.configquery import ConfigTreeQuery +from vyos.kea import kea_parse_leases from vyos.utils.io import ask_yes_no from vyos.utils.process import call from vyos.utils.commit import commit_in_progress +# TODO: Update to use Kea control socket command "lease4-del" config = ConfigTreeQuery() base = ['service', 'dhcp-server'] -lease_file = '/config/dhcpd.leases' +lease_file = '/config/dhcp4.leases' def del_lease_ip(address): @@ -25,8 +39,7 @@ def del_lease_ip(address): """ with open(lease_file, encoding='utf-8') as f: data = f.read().rstrip() - lease_config_ip = '{(?P<config>[\s\S]+?)\n}' - pattern = rf"lease {address} {lease_config_ip}" + pattern = rf"^{address},[^\n]+\n" # Delete lease for ip block data = re.sub(pattern, '', data) @@ -38,15 +51,13 @@ def is_ip_in_leases(address): """ Return True if address found in the lease file """ - leases = IscDhcpLeases(lease_file) + leases = kea_parse_leases(lease_file) lease_ips = [] - for lease in leases.get(): - lease_ips.append(lease.ip) - if address not in lease_ips: - print(f'Address "{address}" not found in "{lease_file}"') - return False - return True - + for lease in leases: + if address == lease['address']: + return True + print(f'Address "{address}" not found in "{lease_file}"') + return False if not config.exists(base): print('DHCP-server not configured!') @@ -75,4 +86,4 @@ if __name__ == '__main__': exit(1) else: del_lease_ip(address) - call('systemctl restart isc-dhcp-server.service') + call('systemctl restart kea-dhcp4-server.service') diff --git a/src/op_mode/dhcp.py b/src/op_mode/dhcp.py index d6b8aa0b8..bd2c522ca 100755 --- a/src/op_mode/dhcp.py +++ b/src/op_mode/dhcp.py @@ -21,7 +21,6 @@ import typing from datetime import datetime from glob import glob from ipaddress import ip_address -from isc_dhcp_leases import IscDhcpLeases from tabulate import tabulate import vyos.opmode @@ -29,6 +28,9 @@ import vyos.opmode from vyos.base import Warning from vyos.configquery import ConfigTreeQuery +from vyos.kea import kea_get_active_config +from vyos.kea import kea_get_pool_from_subnet_id +from vyos.kea import kea_parse_leases from vyos.utils.dict import dict_search from vyos.utils.file import read_file from vyos.utils.process import cmd @@ -77,67 +79,62 @@ def _get_raw_server_leases(family='inet', pool=None, sorted=None, state=[], orig Get DHCP server leases :return list """ - lease_file = '/config/dhcpdv6.leases' if family == 'inet6' else '/config/dhcpd.leases' + lease_file = '/config/dhcp6.leases' if family == 'inet6' else '/config/dhcp4.leases' data = [] - leases = IscDhcpLeases(lease_file).get() + leases = kea_parse_leases(lease_file) if pool is None: pool = _get_dhcp_pools(family=family) - aux = False else: pool = [pool] - aux = True - - ## Search leases for every pool - for pool_name in pool: - for lease in leases: - if lease.sets.get('shared-networkname', '') == pool_name or lease.sets.get('shared-networkname', '') == '': - #if lease.sets.get('shared-networkname', '') == pool_name: - data_lease = {} - data_lease['ip'] = lease.ip - data_lease['state'] = lease.binding_state - #data_lease['pool'] = pool_name if lease.sets.get('shared-networkname', '') != '' else 'Fail-Over Server' - data_lease['pool'] = lease.sets.get('shared-networkname', '') - data_lease['end'] = lease.end.timestamp() if lease.end else None - data_lease['origin'] = 'local' if data_lease['pool'] != '' else 'remote' - - if family == 'inet': - data_lease['mac'] = lease.ethernet - data_lease['start'] = lease.start.timestamp() - data_lease['hostname'] = lease.hostname - - if family == 'inet6': - data_lease['last_communication'] = lease.last_communication.timestamp() - data_lease['iaid_duid'] = _format_hex_string(lease.host_identifier_string) - lease_types_long = {'na': 'non-temporary', 'ta': 'temporary', 'pd': 'prefix delegation'} - data_lease['type'] = lease_types_long[lease.type] - - data_lease['remaining'] = '-' - - if lease.end: - data_lease['remaining'] = lease.end - datetime.utcnow() - - if data_lease['remaining'].days >= 0: - # substraction gives us a timedelta object which can't be formatted with strftime - # so we use str(), split gets rid of the microseconds - data_lease['remaining'] = str(data_lease["remaining"]).split('.')[0] - - # Do not add old leases - if data_lease['remaining'] != '' and data_lease['state'] != 'free': - if not state or data_lease['state'] in state or state == 'all': - if not origin or data_lease['origin'] in origin: - if not aux or (aux and data_lease['pool'] == pool_name): - data.append(data_lease) - - # deduplicate - checked = [] - for entry in data: - addr = entry.get('ip') - if addr not in checked: - checked.append(addr) - else: - idx = _find_list_of_dict_index(data, key='ip', value=addr) - data.pop(idx) + + inet_suffix = '6' if family == 'inet6' else '4' + active_config = kea_get_active_config(inet_suffix) + + for lease in leases: + data_lease = {} + data_lease['ip'] = lease['address'] + lease_state_long = {'0': 'active', '1': 'rejected', '2': 'expired'} + data_lease['state'] = lease_state_long[lease['state']] + data_lease['pool'] = kea_get_pool_from_subnet_id(active_config, inet_suffix, lease['subnet_id']) if active_config else '-' + data_lease['end'] = lease['expire_timestamp'].timestamp() if lease['expire_timestamp'] else None + data_lease['origin'] = 'local' # TODO: Determine remote in HA + + if family == 'inet': + data_lease['mac'] = lease['hwaddr'] + data_lease['start'] = lease['start_timestamp'] + data_lease['hostname'] = lease['hostname'] + + if family == 'inet6': + data_lease['last_communication'] = lease['start_timestamp'] + data_lease['iaid_duid'] = _format_hex_string(lease['duid']) + lease_types_long = {'0': 'non-temporary', '1': 'temporary', '2': 'prefix delegation'} + data_lease['type'] = lease_types_long[lease['lease_type']] + + data_lease['remaining'] = '-' + + if lease['expire']: + data_lease['remaining'] = lease['expire_timestamp'] - datetime.utcnow() + + if data_lease['remaining'].days >= 0: + # substraction gives us a timedelta object which can't be formatted with strftime + # so we use str(), split gets rid of the microseconds + data_lease['remaining'] = str(data_lease["remaining"]).split('.')[0] + + # Do not add old leases + if data_lease['remaining'] != '' and data_lease['pool'] in pool and data_lease['state'] != 'free': + if not state or data_lease['state'] in state: + data.append(data_lease) + + # deduplicate + checked = [] + for entry in data: + addr = entry.get('ip') + if addr not in checked: + checked.append(addr) + else: + idx = _find_list_of_dict_index(data, key='ip', value=addr) + data.pop(idx) if sorted: if sorted == 'ip': @@ -154,7 +151,7 @@ def _get_formatted_server_leases(raw_data, family='inet'): ipaddr = lease.get('ip') hw_addr = lease.get('mac') state = lease.get('state') - start = lease.get('start') + start = lease.get('start').timestamp() start = _utc_to_local(start).strftime('%Y/%m/%d %H:%M:%S') end = lease.get('end') end = _utc_to_local(end).strftime('%Y/%m/%d %H:%M:%S') if end else '-' @@ -171,7 +168,7 @@ def _get_formatted_server_leases(raw_data, family='inet'): for lease in raw_data: ipaddr = lease.get('ip') state = lease.get('state') - start = lease.get('last_communication') + start = lease.get('last_communication').timestamp() start = _utc_to_local(start).strftime('%Y/%m/%d %H:%M:%S') end = lease.get('end') end = _utc_to_local(end).strftime('%Y/%m/%d %H:%M:%S') @@ -282,10 +279,9 @@ def show_server_leases(raw: bool, family: ArgFamily, pool: typing.Optional[str], sorted: typing.Optional[str], state: typing.Optional[ArgState], origin: typing.Optional[ArgOrigin] ): # if dhcp server is down, inactive leases may still be shown as active, so warn the user. - v = '6' if family == 'inet6' else '' - service_name = 'DHCPv6' if family == 'inet6' else 'DHCP' - if not is_systemd_service_running(f'isc-dhcp-server{v}.service'): - Warning(f'{service_name} server is configured but not started. Data may be stale.') + v = '6' if family == 'inet6' else '4' + if not is_systemd_service_running(f'kea-dhcp{v}-server.service'): + Warning('DHCP server is configured but not started. Data may be stale.') v = 'v6' if family == 'inet6' else '' if pool and pool not in _get_dhcp_pools(family=family): diff --git a/src/system/on-dhcp-event.sh b/src/system/on-dhcp-event.sh index 49e53d7e1..7b25bf338 100755 --- a/src/system/on-dhcp-event.sh +++ b/src/system/on-dhcp-event.sh @@ -15,20 +15,20 @@ if [ $# -lt 5 ]; then fi action=$1 -client_name=$2 -client_ip=$3 -client_mac=$4 -domain=$5 +client_name=$LEASE4_HOSTNAME +client_ip=$LEASE4_ADDRESS +client_mac=$LEASE4_HWADDR +domain=$(echo "$client_name" | cut -d"." -f2-) hostsd_client="/usr/bin/vyos-hostsd-client" case "$action" in - commit) # add mapping for new lease + leases4_renew|lease4_recover) # add mapping for new lease if [ -z "$client_name" ]; then logger -s -t on-dhcp-event "Client name was empty, using MAC \"$client_mac\" instead" client_name=$(echo "client-"$client_mac | tr : -) fi - if [ "$domain" == "..YYZ!" ]; then + if [ -z "$domain" ]; then client_fqdn_name=$client_name client_search_expr=$client_name else @@ -39,7 +39,7 @@ case "$action" in exit 0 ;; - release) # delete mapping for released address + lease4_release|lease4_expire) # delete mapping for released address) $hostsd_client --delete-hosts --tag "dhcp-server-$client_ip" --apply exit 0 ;; diff --git a/src/systemd/isc-dhcp-server6.service b/src/systemd/isc-dhcp-server6.service deleted file mode 100644 index 1345c5fc5..000000000 --- a/src/systemd/isc-dhcp-server6.service +++ /dev/null @@ -1,24 +0,0 @@ -[Unit] -Description=ISC DHCP IPv6 server -Documentation=man:dhcpd(8) -RequiresMountsFor=/run -ConditionPathExists=/run/dhcp-server/dhcpdv6.conf -After=vyos-router.service - -[Service] -Type=forking -WorkingDirectory=/run/dhcp-server -RuntimeDirectory=dhcp-server -RuntimeDirectoryPreserve=yes -Environment=PID_FILE=/run/dhcp-server/dhcpdv6.pid CONFIG_FILE=/run/dhcp-server/dhcpdv6.conf LEASE_FILE=/config/dhcpdv6.leases -PIDFile=/run/dhcp-server/dhcpdv6.pid -ExecStartPre=/bin/sh -ec '\ -touch ${LEASE_FILE}; \ -chown nobody:nogroup ${LEASE_FILE}* ; \ -chmod 664 ${LEASE_FILE}* ; \ -/usr/sbin/dhcpd -6 -t -T -q -user dhcpd -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} ' -ExecStart=/usr/sbin/dhcpd -6 -q -user dhcpd -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} -Restart=always - -[Install] -WantedBy=multi-user.target |