diff options
| -rw-r--r-- | Jenkinsfile | 2 | ||||
| -rw-r--r-- | python/vyos/config.py | 6 | ||||
| -rwxr-xr-x | src/conf_mode/dhcp_server.py | 13 | ||||
| -rwxr-xr-x | src/conf_mode/dhcpv6_server.py | 9 | ||||
| -rwxr-xr-x | src/conf_mode/ssh.py | 7 | ||||
| -rwxr-xr-x | src/etc/init.d/igmpproxy | 166 | ||||
| -rwxr-xr-x | src/etc/init.d/isc-dhcpv4-server | 113 | ||||
| -rwxr-xr-x | src/etc/init.d/isc-dhcpv6-server | 14 | ||||
| -rwxr-xr-x | src/op_mode/show_dhcp.py | 4 | ||||
| -rwxr-xr-x | src/op_mode/show_dhcpv6.py | 2 |
10 files changed, 140 insertions, 196 deletions
diff --git a/Jenkinsfile b/Jenkinsfile index 7b6dc49e3..a169b8f2c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -73,7 +73,7 @@ pipeline { agent { docker { args '--sysctl net.ipv6.conf.lo.disable_ipv6=0 -e GOSU_UID=1006 -e GOSU_GID=1006' - image 'vyos/vyos-build:current' + image 'vyos/vyos-build:equuleus' alwaysPull true } } diff --git a/python/vyos/config.py b/python/vyos/config.py index 27422786e..6aed8693c 100644 --- a/python/vyos/config.py +++ b/python/vyos/config.py @@ -126,7 +126,7 @@ class Config(object): # It may cause problems with exists() when it's used for checking values, # since values may contain whitespace. if isinstance(path, str): - path = re.split(r'\s*', path) + path = re.split(r'\s+', path) elif isinstance(path, list): pass else: @@ -161,7 +161,7 @@ class Config(object): # XXX: for small strings in-place concatenation is not a problem if isinstance(path, str): if path: - self._level = re.split(r'\s*', path) + self._level = re.split(r'\s+', path) else: self._level = [] elif isinstance(path, list): @@ -195,7 +195,7 @@ class Config(object): # libvyosconfig exists() works only for _nodes_, not _values_ # libvyattacfg one also worked for values, so we emulate that case here if isinstance(path, str): - path = re.split(r'\s*', path) + path = re.split(r'\s+', path) path_without_value = path[:-1] path_str = " ".join(path_without_value) try: diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py index c2a188812..bf86e484b 100755 --- a/src/conf_mode/dhcp_server.py +++ b/src/conf_mode/dhcp_server.py @@ -28,7 +28,8 @@ from vyos import ConfigError config_file = r'/etc/dhcp/dhcpd.conf' lease_file = r'/config/dhcpd.leases' -daemon_config_file = r'/etc/default/isc-dhcp-server' +pid_file = r'/var/run/dhcpd.pid' +daemon_config_file = r'/etc/default/isc-dhcpv4-server' # Please be careful if you edit the template. config_tmpl = """ @@ -231,10 +232,10 @@ shared-network {{ network.name }} { daemon_tmpl = """ ### Autogenerated by dhcp_server.py ### -# sourced by /etc/init.d/isc-dhcp-server +# sourced by /etc/init.d/isc-dhcpv4-server -DHCPD_CONF=/etc/dhcp/dhcpd.conf -DHCPD_PID=/var/run/dhcpd.pid +DHCPD_CONF={{ config_file }} +DHCPD_PID={{ pid_file }} OPTIONS="-4 -lf {{ lease_file }}" INTERFACES="" """ @@ -827,7 +828,7 @@ def generate(dhcp): def apply(dhcp): if (dhcp is None) or dhcp['disabled']: # DHCP server is removed in the commit - os.system('sudo systemctl stop isc-dhcp-server.service') + os.system('sudo systemctl stop isc-dhcpv4-server.service') if os.path.exists(config_file): os.unlink(config_file) if os.path.exists(daemon_config_file): @@ -837,7 +838,7 @@ def apply(dhcp): if not os.path.exists(lease_file): os.mknod(lease_file) - os.system('sudo systemctl restart isc-dhcp-server.service') + os.system('sudo systemctl restart isc-dhcpv4-server.service') return None diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py index 039321430..44a927789 100755 --- a/src/conf_mode/dhcpv6_server.py +++ b/src/conf_mode/dhcpv6_server.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018 VyOS maintainers and contributors +# Copyright (C) 2018-2019 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -29,6 +29,7 @@ from vyos import ConfigError config_file = r'/etc/dhcp/dhcpdv6.conf' lease_file = r'/config/dhcpdv6.leases' +pid_file = r'/var/run/dhcpdv6.pid' daemon_config_file = r'/etc/default/isc-dhcpv6-server' # Please be careful if you edit the template. @@ -115,12 +116,12 @@ shared-network {{ network.name }} { """ daemon_tmpl = """ -### Autogenerated by dhcp_server.py ### +### Autogenerated by dhcpv6_server.py ### # sourced by /etc/init.d/isc-dhcpv6-server -DHCPD_CONF=/etc/dhcp/dhcpdv6.conf -DHCPD_PID=/var/run/dhcpdv6.pid +DHCPD_CONF={{ config_file }} +DHCPD_PID={{ pid_file }} OPTIONS="-6 -lf {{ lease_file }}" INTERFACES="" """ diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index e3b11b537..9fe22bfee 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -37,16 +37,11 @@ HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key -UsePrivilegeSeparation yes -KeyRegenerationInterval 3600 -ServerKeyBits 1024 SyslogFacility AUTH LoginGraceTime 120 StrictModes yes -RSAAuthentication yes PubkeyAuthentication yes IgnoreRhosts yes -RhostsRSAAuthentication no HostbasedAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no @@ -58,7 +53,7 @@ TCPKeepAlive yes Banner /etc/issue.net Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes -HostKey /etc/ssh/ssh_host_key +HostKey /etc/ssh/ssh_host_rsa_key # Specifies whether sshd should look up the remote host name, # and to check that the resolved host name for the remote IP diff --git a/src/etc/init.d/igmpproxy b/src/etc/init.d/igmpproxy deleted file mode 100755 index 4a2c94a4d..000000000 --- a/src/etc/init.d/igmpproxy +++ /dev/null @@ -1,166 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: igmpproxy -# Required-Start: $local_fs $network $remote_fs $syslog -# Required-Stop: $local_fs $network $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: IGMP multicast routing daemon -# Description: IGMPproxy is a simple dynamic Multicast Routing Daemon -# using only IGMP signalling. It's intended for simple -# forwarding of Multicast traffic between networks. -### END INIT INFO - -# Author: Pali Rohár <pali.rohar@gmail.com> - -# Do NOT "set -e" - -# PATH should only include /usr/* if it runs after the mountnfs.sh script -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="igmpproxy" -NAME=igmpproxy -DAEMON=/sbin/igmpproxy -DAEMON_ARGS="/etc/igmpproxy.conf" -PIDFILE=/var/run/$NAME.pid -SCRIPTNAME=/etc/init.d/$NAME - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.2-14) to ensure that this file is present -# and status_of_proc is working. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -m -- \ - $DAEMON_OPTS $DAEMON_ARGS \ - || return 2 - # The above code will not work for interpreted scripts, use the next - # six lines below instead (Ref: #643337, start-stop-daemon(8) ) - #start-stop-daemon --start --quiet --pidfile $PIDFILE --startas $DAEMON \ - # --name $NAME --test > /dev/null \ - # || return 1 - #start-stop-daemon --start --quiet --pidfile $PIDFILE --startas $DAEMON \ - # --name $NAME -- $DAEMON_ARGS \ - # || return 2 - - # Add code here, if necessary, that waits for the process to be ready - # to handle requests from services started subsequently which depend - # on this one. As a last resort, sleep for some time. -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - # Wait for children to finish too if this is a daemon that forks - # and if the daemon is only ever run from this initscript. - # If the above conditions are not satisfied then add some other code - # that waits for the process to drop all resources that could be - # needed by services started subsequently. A last resort is to - # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON - [ "$?" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - rm -f $PIDFILE - return "$RETVAL" -} - -# -# Function that sends a SIGHUP to the daemon/service -# -do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME - return 0 -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - #reload|force-reload) - # - # If do_reload() is not implemented then leave this commented out - # and leave 'force-reload' as an alias for 'restart'. - # - #log_daemon_msg "Reloading $DESC" "$NAME" - #do_reload - #log_end_msg $? - #;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/src/etc/init.d/isc-dhcpv4-server b/src/etc/init.d/isc-dhcpv4-server new file mode 100755 index 000000000..377634a13 --- /dev/null +++ b/src/etc/init.d/isc-dhcpv4-server @@ -0,0 +1,113 @@ +#!/bin/sh +# +# + +### BEGIN INIT INFO +# Provides: isc-dhcpv4-server +# Required-Start: $remote_fs $network $syslog +# Required-Stop: $remote_fs $network $syslog +# Should-Start: $local_fs slapd $named +# Should-Stop: $local_fs slapd +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: IPv4 DHCP server +# Description: Dynamic Host Configuration Protocol Server for IPv4 +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin + +test -f /usr/sbin/dhcpd || exit 0 + +DHCPD_DEFAULT="${DHCPD_DEFAULT:-/etc/default/isc-dhcpv4-server}" + +# It is not safe to start if we don't have a default configuration... +if [ ! -f "$DHCPD_DEFAULT" ]; then + echo "$DHCPD_DEFAULT does not exist! - Aborting..." + exit 0 +fi + +. /lib/lsb/init-functions + +# Read init script configuration +[ -f "$DHCPD_DEFAULT" ] && . "$DHCPD_DEFAULT" + +NAME=dhcpd +DESC="ISC DHCP server" +# fallback to default config file +DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpd.conf} +# try to read pid file name from config file, with fallback to /var/run/dhcpd.pid +if [ -z "$DHCPD_PID" ]; then + DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"(.*)"[ \t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1) +fi +DHCPD_PID="${DHCPD_PID:-/var/run/dhcpd.pid}" + +test_config() +{ + if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 2>&1; then + echo "dhcpd self-test failed. Please fix $DHCPD_CONF." + echo "The error was: " + /usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF" + exit 1 + fi + touch /var/lib/dhcp/dhcpd.leases +} + +# single arg is -v for messages, -q for none +check_status() +{ + if [ ! -r "$DHCPD_PID" ]; then + test "$1" != -v || echo "$NAME is not running." + return 3 + fi + if read pid < "$DHCPD_PID" && ps -p "$pid" > /dev/null 2>&1; then + test "$1" != -v || echo "$NAME is running." + return 0 + else + test "$1" != -v || echo "$NAME is not running but $DHCPD_PID exists." + return 1 + fi +} + +case "$1" in + start) + test_config + log_daemon_msg "Starting $DESC" "$NAME" + start-stop-daemon --start --quiet --pidfile "$DHCPD_PID" \ + --exec /usr/sbin/dhcpd -- \ + -q $OPTIONS -cf "$DHCPD_CONF" -pf "$DHCPD_PID" $INTERFACES + sleep 2 + + if check_status -q; then + log_end_msg 0 + else + log_failure_msg "check syslog for diagnostics." + log_end_msg 1 + exit 1 + fi + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --stop --quiet --pidfile "$DHCPD_PID" + log_end_msg $? + rm -f "$DHCPD_PID" + ;; + restart | force-reload) + test_config + $0 stop + sleep 2 + $0 start + if [ "$?" != "0" ]; then + exit 1 + fi + ;; + status) + echo -n "Status of $DESC: " + check_status -v + exit "$?" + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload|status}" + exit 1 +esac + +exit 0 diff --git a/src/etc/init.d/isc-dhcpv6-server b/src/etc/init.d/isc-dhcpv6-server index 441827d5f..55f59b68e 100755 --- a/src/etc/init.d/isc-dhcpv6-server +++ b/src/etc/init.d/isc-dhcpv6-server @@ -31,15 +31,15 @@ fi # Read init script configuration [ -f "$DHCPD_DEFAULT" ] && . "$DHCPD_DEFAULT" -NAME=dhcpd -DESC="ISC DHCP server" +NAME=dhcpdv6 +DESC="ISC DHCP server IPv6" # fallback to default config file -DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpd.conf} -# try to read pid file name from config file, with fallback to /var/run/dhcpd.pid +DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpdv6.conf} +# try to read pid file name from config file, with fallback to /var/run/dhcpdv6.pid if [ -z "$DHCPD_PID" ]; then DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"(.*)"[ \t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1) fi -DHCPD_PID="${DHCPD_PID:-/var/run/dhcpd.pid}" +DHCPD_PID="${DHCPD_PID:-/var/run/dhcpdv6.pid}" test_config() { @@ -49,7 +49,7 @@ test_config() /usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF" exit 1 fi - touch /var/lib/dhcp/dhcpd.leases + touch /var/lib/dhcp/dhcpdv6.leases } # single arg is -v for messages, -q for none @@ -107,7 +107,7 @@ case "$1" in ;; *) echo "Usage: $0 {start|stop|restart|force-reload|status}" - exit 1 + exit 1 esac exit 0 diff --git a/src/op_mode/show_dhcp.py b/src/op_mode/show_dhcp.py index c2a05f516..f801ba753 100755 --- a/src/op_mode/show_dhcp.py +++ b/src/op_mode/show_dhcp.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018 VyOS maintainers and contributors +# Copyright (C) 2018-2019 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -190,7 +190,7 @@ if __name__ == '__main__': sys.exit(0) # if dhcp server is down, inactive leases may still be shown as active, so warn the user. - if os.system('systemctl -q is-active isc-dhcp-server.service') != 0: + if os.system('systemctl -q is-active isc-dhcpv4-server.service') != 0: print("WARNING: DHCP server is configured but not started. Data may be stale.") if args.leases: diff --git a/src/op_mode/show_dhcpv6.py b/src/op_mode/show_dhcpv6.py index 1a6ee62e6..ae63af39b 100755 --- a/src/op_mode/show_dhcpv6.py +++ b/src/op_mode/show_dhcpv6.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018 VyOS maintainers and contributors +# Copyright (C) 2018-2019 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as |