diff options
| -rw-r--r-- | data/templates/ipoe-server/chap-secrets.tmpl | 32 | ||||
| -rw-r--r-- | data/templates/ipoe-server/ipoe.config.tmpl | 21 | ||||
| -rwxr-xr-x | src/conf_mode/service-ipoe.py | 93 |
3 files changed, 56 insertions, 90 deletions
diff --git a/data/templates/ipoe-server/chap-secrets.tmpl b/data/templates/ipoe-server/chap-secrets.tmpl index 707718e94..5e35d5775 100644 --- a/data/templates/ipoe-server/chap-secrets.tmpl +++ b/data/templates/ipoe-server/chap-secrets.tmpl @@ -1,18 +1,18 @@ # username server password acceptable local IP addresses shaper -{% for aifc in auth['auth_if'] %} -{% for mac in auth['auth_if'][aifc] %} -{% if (auth['auth_if'][aifc][mac]['up']) and (auth['auth_if'][aifc][mac]['down']) %} +{% for aifc in auth['auth_if'] -%} +{% for mac in auth['auth_if'][aifc] -%} +{% if (auth['auth_if'][aifc][mac]['up']) and (auth['auth_if'][aifc][mac]['down']) -%} +{% if auth['auth_if'][aifc][mac]['vlan'] -%} +{{aifc}}.{{auth['auth_if'][aifc][mac]['vlan']}} * {{mac.lower()}} * {{auth['auth_if'][aifc][mac]['down']}}/{{auth['auth_if'][aifc][mac]['up']}} +{% else -%} +{{aifc}} * {{mac.lower()}} * {{auth['auth_if'][aifc][mac]['down']}}/{{auth['auth_if'][aifc][mac]['up']}} +{% endif -%} +{% else -%} {% if auth['auth_if'][aifc][mac]['vlan'] %} -{{aifc}}.{{auth['auth_if'][aifc][mac]['vlan']}}\t*\t{{mac.lower()}}\t*\t{{auth['auth_if'][aifc][mac]['down']}}/{{auth['auth_if'][aifc][mac]['up']}} -{% else %} -{{aifc}}\t*\t{{mac.lower()}}\t*\t{{auth['auth_if'][aifc][mac]['down']}}/{{auth['auth_if'][aifc][mac]['up']}} -{% endif %} -{% else %} -{% if auth['auth_if'][aifc][mac]['vlan'] %} -{{aifc}}.{{auth['auth_if'][aifc][mac]['vlan']}}\t*\t{{mac.lower()}}\t* -{% else %} -{{aifc}}\t*\t{{mac.lower()}}\t* -{% endif %} -{% endif %} -{% endfor %} -{% endfor %} +{{aifc}}.{{auth['auth_if'][aifc][mac]['vlan']}} * {{mac.lower()}} * +{% else -%} +{{aifc}} * {{mac.lower()}} * +{% endif -%} +{% endif -%} +{% endfor -%} +{% endfor -%} diff --git a/data/templates/ipoe-server/ipoe.config.tmpl b/data/templates/ipoe-server/ipoe.config.tmpl index 109bc0d92..0a5ee09a6 100644 --- a/data/templates/ipoe-server/ipoe.config.tmpl +++ b/data/templates/ipoe-server/ipoe.config.tmpl @@ -26,16 +26,7 @@ level=5 verbose=1 {% for intfc in interfaces %} {% if interfaces[intfc]['vlan_mon'] %} -interface=re:{{intfc}}\.\d+,\ -{% else %} -interface={{intfc}},\ -{% endif %} -shared={{interfaces[intfc]['shared']}},\ -mode={{interfaces[intfc]['mode']}},\ -ifcfg={{interfaces[intfc]['ifcfg']}},\ -range={{interfaces[intfc]['range']}},\ -start={{interfaces[intfc]['sess_start']}},\ -ipv6=1 +interface=re:{{intfc}}\.\d+,{% else %}interface={{intfc}},{% endif %}shared={{interfaces[intfc]['shared']}},mode={{interfaces[intfc]['mode']}},ifcfg={{interfaces[intfc]['ifcfg']}},range={{interfaces[intfc]['range']}},start={{interfaces[intfc]['sess_start']}},ipv6=1 {% endfor %} {% if auth['mech'] == 'noauth' %} noauth=1 @@ -86,20 +77,20 @@ delegate={{pd}} {% if auth['mech'] == 'local' %} [chap-secrets] -chap-secrets=/etc/accel-ppp/ipoe/chap-secrets +chap-secrets={{chap_secrets_file}} {% endif %} {% if auth['mech'] == 'radius' %} [radius] verbose=1 {% for srv in auth['radius'] %} -server={{srv}},{{auth['radius'][srv]['secret']}},\ -req-limit={{auth['radius'][srv]['req-limit']}},\ +server={{srv}},{{auth['radius'][srv]['secret']}}, +req-limit={{auth['radius'][srv]['req-limit']}}, fail-time={{auth['radius'][srv]['fail-time']}} {% endfor %} {% if auth['radsettings']['dae-server']['ip-address'] %} -dae-server={{auth['radsettings']['dae-server']['ip-address']}}:\ -{{auth['radsettings']['dae-server']['port']}},\ +dae-server={{auth['radsettings']['dae-server']['ip-address']}}: +{{auth['radsettings']['dae-server']['port']}}, {{auth['radsettings']['dae-server']['secret']}} {% endif -%} {% if auth['radsettings']['acct-timeout'] %} diff --git a/src/conf_mode/service-ipoe.py b/src/conf_mode/service-ipoe.py index 3a14d92ef..76aa80a10 100755 --- a/src/conf_mode/service-ipoe.py +++ b/src/conf_mode/service-ipoe.py @@ -17,27 +17,18 @@ import os import re -from socket import socket, AF_INET, SOCK_STREAM from sys import exit from time import sleep +from stat import S_IRUSR, S_IWUSR, S_IRGRP from vyos.config import Config from vyos import ConfigError -from vyos.util import run +from vyos.util import call from vyos.template import render -ipoe_cnf_dir = r'/etc/accel-ppp/ipoe' -ipoe_cnf = ipoe_cnf_dir + r'/ipoe.config' - -pidfile = r'/var/run/accel_ipoe.pid' -cmd_port = r'2002' - -chap_secrets = ipoe_cnf_dir + '/chap-secrets' -## accel-pppd -d -c /etc/accel-ppp/pppoe/pppoe.config -p /var/run/accel_pppoe.pid - -if not os.path.exists(ipoe_cnf_dir): - os.makedirs(ipoe_cnf_dir) +ipoe_conf = '/run/accel-pppd/ipoe.conf' +ipoe_chap_secrets = '/run/accel-pppd/ipoe.chap-secrets' def _get_cpu(): @@ -49,33 +40,14 @@ def _get_cpu(): return cpu_cnt -def _chk_con(): - cnt = 0 - s = socket(AF_INET, SOCK_STREAM) - while True: - try: - s.connect(("127.0.0.1", int(cmd_port))) - break - except ConnectionRefusedError: - sleep(0.5) - cnt += 1 - if cnt == 100: - raise("failed to start pppoe server") - break - - -def _accel_cmd(command): - return run('/usr/bin/accel-cmd -p {cmd_port} {command}') - -##### Inline functions end #### - - def get_config(): c = Config() if not c.exists(['service', 'ipoe-server']): return None - config_data = {} + config_data = { + 'chap_secrets_file' : ipoe_chap_secrets + } c.set_level(['service', 'ipoe-server']) config_data['interfaces'] = {} @@ -215,20 +187,26 @@ def get_config(): return config_data -def generate(c): - if c == None or not c: +def generate(ipoe): + if not ipoe: return None - c['thread_cnt'] = _get_cpu() + dirname = os.path.dirname(ipoe_conf) + if not os.path.exists(dirname): + os.mkdir(dirname) - if c['auth']['mech'] == 'local': - old_umask = os.umask(0o077) - render(chap_secrets, 'ipoe-server/chap-secrets.tmpl', c, trim_blocks=True) - os.umask(old_umask) + ipoe['thread_cnt'] = _get_cpu() + render(ipoe_conf, 'ipoe-server/ipoe.config.tmpl', ipoe, trim_blocks=True) - render(ipoe_cnf, 'ipoe-server/ipoe.config.tmpl', c, trim_blocks=True) - # return c ?? - return c + if ipoe['auth']['mech'] == 'local': + render(ipoe_chap_secrets, 'ipoe-server/chap-secrets.tmpl', ipoe) + os.chmod(ipoe_chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP) + + else: + if os.path.exists(ipoe_chap_secrets): + os.unlink(ipoe_chap_secrets) + + return None def verify(c): @@ -280,22 +258,19 @@ def verify(c): return c -def apply(c): - if c == None: - if os.path.exists(pidfile): - _accel_cmd('shutdown hard') - if os.path.exists(pidfile): - os.remove(pidfile) +def apply(ipoe): + if ipoe == None: + call('systemctl stop accel-ppp@ipoe.service') + + if os.path.exists(ipoe_conf): + os.unlink(ipoe_conf) + + if os.path.exists(ipoe_chap_secrets): + os.unlink(ipoe_chap_secrets) + return None - if not os.path.exists(pidfile): - ret = run(f'/usr/sbin/accel-pppd -c {ipoe_cnf} -p {pidfile} -d') - _chk_con() - if ret != 0 and os.path.exists(pidfile): - os.remove(pidfile) - raise ConfigError('accel-pppd failed to start') - else: - _accel_cmd('restart') + call('systemctl restart accel-ppp@ipoe.service') if __name__ == '__main__': |