summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile1
-rw-r--r--data/templates/system/sysctl.conf.tmpl7
-rw-r--r--interface-definitions/system-sysctl.xml.in40
-rwxr-xr-xsrc/completion/list_sysctl_parameters.sh20
-rwxr-xr-xsrc/conf_mode/system_sysctl.py73
-rwxr-xr-xsrc/migration-scripts/system/20-to-2157
-rwxr-xr-xsrc/validators/sysctl24
7 files changed, 221 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index ccdb212c2..24a811e47 100644
--- a/Makefile
+++ b/Makefile
@@ -39,7 +39,6 @@ interface_definitions: $(config_xml_obj)
# XXX: delete top level node.def's that now live in other packages
rm -f $(TMPL_DIR)/firewall/node.def
- rm -f $(TMPL_DIR)/system/node.def
rm -f $(TMPL_DIR)/vpn/node.def
rm -f $(TMPL_DIR)/vpn/ipsec/node.def
rm -rf $(TMPL_DIR)/vpn/nipsec
diff --git a/data/templates/system/sysctl.conf.tmpl b/data/templates/system/sysctl.conf.tmpl
new file mode 100644
index 000000000..72af82ee5
--- /dev/null
+++ b/data/templates/system/sysctl.conf.tmpl
@@ -0,0 +1,7 @@
+# autogenerated by system_sysctl.py
+
+{% if parameter is defined and parameter is not none %}
+{% for k, v in parameter.items() %}
+{{ k }} = {{ v.value }}
+{% endfor %}
+{% endif %}
diff --git a/interface-definitions/system-sysctl.xml.in b/interface-definitions/system-sysctl.xml.in
new file mode 100644
index 000000000..bf118c24b
--- /dev/null
+++ b/interface-definitions/system-sysctl.xml.in
@@ -0,0 +1,40 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="system">
+ <properties>
+ <help>System parameters</help>
+ </properties>
+ <children>
+ <node name="sysctl" owner="${vyos_conf_scripts_dir}/system_sysctl.py">
+ <properties>
+ <help>Configure kernel parameters at runtime</help>
+ <priority>318</priority>
+ </properties>
+ <children>
+ <tagNode name="parameter">
+ <properties>
+ <help>Sysctl key name</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_sysctl_parameters.sh</script>
+ </completionHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>Sysctl key name</description>
+ </valueHelp>
+ <constraint>
+ <validator name="sysctl"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="value">
+ <properties>
+ <help>Sysctl configuration value</help>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/src/completion/list_sysctl_parameters.sh b/src/completion/list_sysctl_parameters.sh
new file mode 100755
index 000000000..c111716bb
--- /dev/null
+++ b/src/completion/list_sysctl_parameters.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# Copyright (C) 2021 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+declare -a vals
+eval "vals=($(/sbin/sysctl -N -a))"
+echo ${vals[@]}
+exit 0
diff --git a/src/conf_mode/system_sysctl.py b/src/conf_mode/system_sysctl.py
new file mode 100755
index 000000000..4f16d1ed6
--- /dev/null
+++ b/src/conf_mode/system_sysctl.py
@@ -0,0 +1,73 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2021 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import os
+
+from sys import exit
+
+from vyos.config import Config
+from vyos.template import render
+from vyos.util import cmd
+from vyos import ConfigError
+from vyos import airbag
+airbag.enable()
+
+config_file = r'/run/sysctl/99-vyos-sysctl.conf'
+
+def get_config(config=None):
+ if config:
+ conf = config
+ else:
+ conf = Config()
+ base = ['system', 'sysctl']
+ if not conf.exists(base):
+ return None
+
+ sysctl = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True,
+ no_tag_node_value_mangle=True)
+
+ return sysctl
+
+def verify(sysctl):
+ return None
+
+def generate(sysctl):
+ if not sysctl:
+ if os.path.isfile(config_file):
+ os.unlink(config_file)
+ return None
+
+ render(config_file, 'system/sysctl.conf.tmpl', sysctl)
+ return None
+
+def apply(sysctl):
+ if not sysctl:
+ return None
+
+ # We silently ignore all errors
+ # See: https://bugzilla.redhat.com/show_bug.cgi?id=1264080
+ cmd(f'sysctl -f {config_file}')
+ return None
+
+if __name__ == '__main__':
+ try:
+ c = get_config()
+ verify(c)
+ generate(c)
+ apply(c)
+ except ConfigError as e:
+ print(e)
+ exit(1)
diff --git a/src/migration-scripts/system/20-to-21 b/src/migration-scripts/system/20-to-21
new file mode 100755
index 000000000..ad41be646
--- /dev/null
+++ b/src/migration-scripts/system/20-to-21
@@ -0,0 +1,57 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2021 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import os
+
+from sys import exit, argv
+from vyos.configtree import ConfigTree
+
+if (len(argv) < 1):
+ print("Must specify file name!")
+ exit(1)
+
+file_name = argv[1]
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+base = ['system', 'sysctl']
+config = ConfigTree(config_file)
+
+if not config.exists(base):
+ # Nothing to do
+ exit(0)
+
+for all_custom in ['all', 'custom']:
+ if config.exists(base + [all_custom]):
+ for key in config.list_nodes(base + [all_custom]):
+ tmp = config.return_value(base + [all_custom, key, 'value'])
+ config.set(base + ['parameter', key, 'value'], value=tmp)
+ config.set_tag(base + ['parameter'])
+ config.delete(base + [all_custom])
+
+for ipv4_param in ['net.ipv4.igmp_max_memberships', 'net.ipv4.ipfrag_time']:
+ if config.exists(base + [ipv4_param]):
+ tmp = config.return_value(base + [ipv4_param])
+ config.set(base + ['parameter', ipv4_param, 'value'], value=tmp)
+ config.set_tag(base + ['parameter'])
+ config.delete(base + [ipv4_param])
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ exit(1)
diff --git a/src/validators/sysctl b/src/validators/sysctl
new file mode 100755
index 000000000..9b5bba3e1
--- /dev/null
+++ b/src/validators/sysctl
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# Copyright (C) 2021 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+declare -a array
+eval "array=($(/sbin/sysctl -N -a))"
+
+if [[ ! " ${array[@]} " =~ " $1 " ]]; then
+ # passed sysctl option is invalid
+ exit 1
+fi
+exit 0