8 files changed, 68 insertions, 93 deletions

diff --git a/op-mode-definitions/raid.xml.in b/op-mode-definitions/raid.xml.in
index 5d0c9ef3d..85fbf4566 100644
--- a/op-mode-definitions/raid.xml.in
+++ b/op-mode-definitions/raid.xml.in
@@ -37,7 +37,7 @@
     <children>
       <tagNode name="raid">
         <properties>
-          <help>Add a RAID set element</help>
+          <help>Delete a RAID set element</help>
           <completionHelp>
             <script>${vyos_completion_dir}/list_raidset.sh</script>
           </completionHelp>
@@ -50,7 +50,7 @@
             <children>
               <tagNode name="member">
                 <properties>
-                  <help>Add a member to a RAID set</help>
+                  <help>Delete a member from a RAID set</help>
                 </properties>
                 <command>sudo ${vyos_op_scripts_dir}/raid.py delete --raid-set-name $3 --by-id --member $6</command>
               </tagNode>
@@ -58,7 +58,7 @@
           </node>
           <tagNode name="member">
             <properties>
-              <help>Add a member to a RAID set</help>
+              <help>Delete a member from a RAID set</help>
             </properties>
             <command>sudo ${vyos_op_scripts_dir}/raid.py delete --raid-set-name $3 --member $5</command>
           </tagNode>
diff --git a/python/vyos/component_version.py b/python/vyos/component_version.py
index 84e0ae51a..9662ebfcf 100644
--- a/python/vyos/component_version.py
+++ b/python/vyos/component_version.py
@@ -90,31 +90,6 @@ def from_system():
     """
     return component_version()
 
-def legacy_from_system():
-    """
-    Get system component version dict from legacy location.
-    This is for a transitional sanity check; the directory will eventually
-    be removed.
-    """
-    system_versions = {}
-    legacy_dir = directories['current']
-
-    # To be removed:
-    if not os.path.isdir(legacy_dir):
-        return system_versions
-
-    try:
-        version_info = os.listdir(legacy_dir)
-    except OSError as err:
-        sys.exit(repr(err))
-
-    for info in version_info:
-        if re.match(r'[\w,-]+@\d+', info):
-            pair = info.split('@')
-            system_versions[pair[0]] = int(pair[1])
-
-    return system_versions
-
 def format_string(ver: dict) -> str:
     """
     Version dict to string.
diff --git a/python/vyos/config_mgmt.py b/python/vyos/config_mgmt.py
index dbf17ade4..654a8d698 100644
--- a/python/vyos/config_mgmt.py
+++ b/python/vyos/config_mgmt.py
@@ -25,7 +25,7 @@ from datetime import datetime
 from textwrap import dedent
 from pathlib import Path
 from tabulate import tabulate
-from shutil import copy
+from shutil import copy, chown
 
 from vyos.config import Config
 from vyos.configtree import ConfigTree, ConfigTreeError, show_diff
@@ -37,6 +37,7 @@ from vyos.utils.process import is_systemd_service_active
 from vyos.utils.process import rc_cmd
 
 SAVE_CONFIG = '/usr/libexec/vyos/vyos-save-config.py'
+config_json = '/run/vyatta/config/config.json'
 
 # created by vyatta-cfg-postinst
 commit_post_hook_dir = '/etc/commit/post-hooks.d'
@@ -64,8 +65,11 @@ formatter = logging.Formatter('%(funcName)s: %(levelname)s:%(message)s')
 ch.setFormatter(formatter)
 logger.addHandler(ch)
 
-def save_config(target):
-    cmd = f'{SAVE_CONFIG} {target}'
+def save_config(target, json_out=None):
+    if json_out is None:
+        cmd = f'{SAVE_CONFIG} {target}'
+    else:
+        cmd = f'{SAVE_CONFIG} {target} --write-json-file {json_out}'
     rc, out = rc_cmd(cmd)
     if rc != 0:
         logger.critical(f'save config failed: {out}')
@@ -326,6 +330,12 @@ Proceed ?'''
         """
         mask = os.umask(0o002)
         os.makedirs(archive_dir, exist_ok=True)
+        json_dir = os.path.dirname(config_json)
+        try:
+            os.makedirs(json_dir, exist_ok=True)
+            chown(json_dir, group='vyattacfg')
+        except OSError as e:
+            logger.warning(f'cannot create {json_dir}: {e}')
 
         self._add_logrotate_conf()
 
@@ -481,10 +491,21 @@ Proceed ?'''
         ext = os.getpid()
         cmp_saved = f'/tmp/config.boot.{ext}'
         if save_to_tmp:
-            save_config(cmp_saved)
+            save_config(cmp_saved, json_out=config_json)
         else:
             copy(config_file, cmp_saved)
 
+        # on boot, we need to manually create the config.json file; after
+        # boot, it is written by save_config, above
+        if not os.path.exists(config_json):
+            ct = self._get_saved_config_tree()
+            try:
+                with open(config_json, 'w') as f:
+                    f.write(ct.to_json())
+                chown(config_json, group='vyattacfg')
+            except OSError as e:
+                logger.warning(f'cannot create {config_json}: {e}')
+
         try:
             if cmp(cmp_saved, archive_config_file, shallow=False):
                 os.unlink(cmp_saved)
diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py
index a5314790d..a229533bd 100644
--- a/python/vyos/defaults.py
+++ b/python/vyos/defaults.py
@@ -24,7 +24,6 @@ directories = {
   'op_mode' : f'{base_dir}/op_mode',
   'services' : f'{base_dir}/services',
   'config' : '/opt/vyatta/etc/config',
-  'current' : '/opt/vyatta/etc/config-migrate/current',
   'migrate' : '/opt/vyatta/etc/config-migrate/migrate',
   'log' : '/var/log/vyatta',
   'templates' : '/usr/share/vyos/templates/',
diff --git a/smoketest/scripts/cli/test_component_version.py b/smoketest/scripts/cli/test_component_version.py
deleted file mode 100755
index 7b1b12c53..000000000
--- a/smoketest/scripts/cli/test_component_version.py
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/usr/bin/env python3
-#
-# Copyright (C) 2022 VyOS maintainers and contributors
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 or later as
-# published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-import unittest
-
-import vyos.component_version as component_version
-
-# After T3474, component versions should be updated in the files in
-# vyos-1x/interface-definitions/include/version/
-# This test verifies that the legacy version in curver_DATA does not exceed
-# that in the xml cache.
-class TestComponentVersion(unittest.TestCase):
-    def setUp(self):
-        self.legacy_d = component_version.legacy_from_system()
-        self.xml_d = component_version.from_system()
-        self.set_legacy_d = set(self.legacy_d)
-        self.set_xml_d = set(self.xml_d)
-
-    def test_component_version(self):
-        bool_issubset = (self.set_legacy_d.issubset(self.set_xml_d))
-        if not bool_issubset:
-            missing = self.set_legacy_d.difference(self.set_xml_d)
-            print(f'\n\ncomponents in legacy but not in XML: {missing}')
-            print('new components must be listed in xml-component-version.xml.in')
-        self.assertTrue(bool_issubset)
-
-        bad_component_version = False
-        for k, v in self.legacy_d.items():
-            bool_inequality = (v <= self.xml_d[k])
-            if not bool_inequality:
-                print(f'\n\n{k} has not been updated in XML component versions:')
-                print(f'legacy version {v}; XML version {self.xml_d[k]}')
-                bad_component_version = True
-        self.assertFalse(bad_component_version)
-
-if __name__ == '__main__':
-    unittest.main(verbosity=2)
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
index 2cf50cb92..87a269499 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system-login.py
@@ -28,7 +28,6 @@ from vyos.configverify import verify_vrf
 from vyos.defaults import directories
 from vyos.template import render
 from vyos.template import is_ipv4
-from vyos.utils.boot import boot_configuration_complete
 from vyos.utils.dict import dict_search
 from vyos.utils.process import cmd
 from vyos.utils.process import call
@@ -282,6 +281,8 @@ def generate(login):
         if os.path.isfile(tacacs_nss_config_file):
             os.unlink(tacacs_nss_config_file)
 
+
+
     # NSS must always be present on the system
     render(nss_config_file, 'login/nsswitch.conf.j2', login,
                permission=0o644, user='root', group='root')
@@ -305,12 +306,6 @@ def generate(login):
 
 
 def apply(login):
-    # Script is invoked from vyos-router.service during startup.
-    # While configuration mounting and so on is not yet complete,
-    # skip any code that messes with the local user database
-    if not boot_configuration_complete():
-        return None
-
     if 'user' in login:
         for user, user_config in login['user'].items():
             # make new user using vyatta shell and make home directory (-m),
diff --git a/src/helpers/vyos-save-config.py b/src/helpers/vyos-save-config.py
index 8af4a7916..518bd9864 100755
--- a/src/helpers/vyos-save-config.py
+++ b/src/helpers/vyos-save-config.py
@@ -19,6 +19,7 @@ import os
 import re
 import sys
 from tempfile import NamedTemporaryFile
+from argparse import ArgumentParser
 
 from vyos.config import Config
 from vyos.remote import urlc
@@ -28,8 +29,15 @@ from vyos.defaults import directories
 DEFAULT_CONFIG_PATH = os.path.join(directories['config'], 'config.boot')
 remote_save = None
 
-if len(sys.argv) > 1:
-    save_file = sys.argv[1]
+parser = ArgumentParser(description='Save configuration')
+parser.add_argument('file', type=str, nargs='?', help='Save configuration to file')
+parser.add_argument('--write-json-file', type=str, help='Save JSON of configuration to file')
+args = parser.parse_args()
+file = args.file
+json_file = args.write_json_file
+
+if file is not None:
+    save_file = file
 else:
     save_file = DEFAULT_CONFIG_PATH
 
@@ -51,6 +59,13 @@ with open(write_file, 'w') as f:
     f.write("\n")
     f.write(system_footer())
 
+if json_file is not None and ct is not None:
+    try:
+        with open(json_file, 'w') as f:
+            f.write(ct.to_json())
+    except OSError as e:
+        print(f'failed to write JSON file: {e}')
+
 if remote_save is not None:
     try:
         remote_save.upload(write_file)
diff --git a/src/init/vyos-router b/src/init/vyos-router
index dd63921e0..35095afe4 100755
--- a/src/init/vyos-router
+++ b/src/init/vyos-router
@@ -234,6 +234,27 @@ cleanup_post_commit_hooks () {
 # system defaults.
 security_reset ()
 {
+
+    # restore NSS cofniguration back to sane system defaults
+    # will be overwritten later when configuration is loaded
+    cat <<EOF >/etc/nsswitch.conf
+passwd:         files
+group:          files
+shadow:         files
+gshadow:        files
+
+# Per T2678, commenting out myhostname
+hosts:          files dns #myhostname
+networks:       files
+
+protocols:      db files
+services:       db files
+ethers:         db files
+rpc:            db files
+
+netgroup:       nis
+EOF
+
     # restore PAM back to virgin state (no radius/tacacs services)
     pam-auth-update --disable radius-mandatory radius-optional
     rm -f /etc/pam_radius_auth.conf
@@ -349,7 +370,6 @@ start ()
     # As VyOS does not execute commands that are not present in the CLI we call
     # the script by hand to have a single source for the login banner and MOTD
     ${vyos_conf_scripts_dir}/system_console.py || log_failure_msg "could not reset serial console"
-    ${vyos_conf_scripts_dir}/system-login.py || log_failure_msg "could not reset system login"
     ${vyos_conf_scripts_dir}/system-login-banner.py || log_failure_msg "could not reset motd and issue files"
     ${vyos_conf_scripts_dir}/system-option.py || log_failure_msg "could not reset system option files"
     ${vyos_conf_scripts_dir}/system-ip.py || log_failure_msg "could not reset system IPv4 options"