diff options
29 files changed, 467 insertions, 526 deletions
diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl index a614d23f5..1731bf160 100644 --- a/data/templates/macsec/wpa_supplicant.conf.tmpl +++ b/data/templates/macsec/wpa_supplicant.conf.tmpl @@ -45,9 +45,10 @@ network={ # - the key server has decided to enable MACsec # 0: Encrypt traffic (default) # 1: Integrity only - macsec_integ_only={{ '0' if security_encrypt else '1' }} + macsec_integ_only={{ '0' if security is defined and security.encrypt is defined else '1' }} -{% if security_encrypt %} +{% if security is defined %} +{% if security.encrypt is defined %} # mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode # This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair. # In this mode, instances of wpa_supplicant can act as MACsec peers. The peer @@ -56,21 +57,22 @@ network={ # hex-string (32 hex-digits) or a 32-byte (256-bit) hex-string (64 hex-digits) # mka_ckn (CKN = CAK Name) takes a 1..32-bytes (8..256 bit) hex-string # (2..64 hex-digits) - mka_cak={{ security_mka_cak }} - mka_ckn={{ security_mka_ckn }} + mka_cak={{ security.mka.cak }} + mka_ckn={{ security.mka.ckn }} # mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being # default priority - mka_priority={{ security_mka_priority }} -{% endif %} -{% if security_replay_window %} + mka_priority={{ security.mka.priority }} +{% endif %} + +{% if security.replay_window is defined %} # macsec_replay_protect: IEEE 802.1X/MACsec replay protection # This setting applies only when MACsec is in use, i.e., # - macsec_policy is enabled # - the key server has decided to enable MACsec # 0: Replay protection disabled (default) # 1: Replay protection enabled - macsec_replay_protect={{ '1' if security_replay_window else '0' }} + macsec_replay_protect=1 # macsec_replay_window: IEEE 802.1X/MACsec replay protection window # This determines a window in which replay is tolerated, to allow receipt @@ -80,7 +82,8 @@ network={ # - the key server has decided to enable MACsec # 0: No replay window, strict check (default) # 1..2^32-1: number of packets that could be misordered - macsec_replay_window={{ security_replay_window }} + macsec_replay_window={{ security.replay_window }} +{% endif %} {% endif %} } diff --git a/data/templates/ssh/sshd_config.tmpl b/data/templates/ssh/sshd_config.tmpl index 1c136bb23..dbc5c3646 100644 --- a/data/templates/ssh/sshd_config.tmpl +++ b/data/templates/ssh/sshd_config.tmpl @@ -57,7 +57,7 @@ PasswordAuthentication {{ "no" if disable_password_authentication is defined els ListenAddress {{ listen_address }} {% else %} {% for address in listen_address %} -ListenAddress {{ value }} +ListenAddress {{ address }} {% endfor %} {% endif %} {% endif %} diff --git a/data/templates/wwan/ip-down.script.tmpl b/data/templates/wwan/ip-down.script.tmpl index f7b38cbc5..9dc15ea99 100644 --- a/data/templates/wwan/ip-down.script.tmpl +++ b/data/templates/wwan/ip-down.script.tmpl @@ -11,17 +11,17 @@ fi # Determine if we are running inside a VRF or not, required for proper routing table # NOTE: the down script can not be properly templated as we need the VRF name, # which is not present on deletion, thus we read it from the operating system. -if [ -d /sys/class/net/{{ intf }}/upper_* ]; then +if [ -d /sys/class/net/{{ ifname }}/upper_* ]; then # Determine upper (VRF) interface - VRF=$(basename $(ls -d /sys/class/net/{{ intf }}/upper_*)) + VRF=$(basename $(ls -d /sys/class/net/{{ ifname }}/upper_*)) # Remove upper_ prefix from result string VRF_NAME=${VRF#"upper_"} # Remove default route from VRF routing table - vtysh -c "conf t" -c "vrf ${VRF_NAME}" -c "no ip route 0.0.0.0/0 {{ intf }}" + vtysh -c "conf t" -c "vrf ${VRF_NAME}" -c "no ip route 0.0.0.0/0 {{ ifname }}" else # Remove default route from GRT (global routing table) - vtysh -c "conf t" -c "no ip route 0.0.0.0/0 {{ intf }}" + vtysh -c "conf t" -c "no ip route 0.0.0.0/0 {{ ifname }}" fi -DIALER_PID=$(cat /var/run/{{ intf }}.pid) -logger -t pppd[$DIALER_PID] "removed default route via {{ intf }} metric {{ metric }}" +DIALER_PID=$(cat /var/run/{{ ifname }}.pid) +logger -t pppd[$DIALER_PID] "removed default route via {{ ifname }} metric {{ backup.distance }}" diff --git a/data/templates/wwan/ip-pre-up.script.tmpl b/data/templates/wwan/ip-pre-up.script.tmpl index 7a17a1c71..efc065bad 100644 --- a/data/templates/wwan/ip-pre-up.script.tmpl +++ b/data/templates/wwan/ip-pre-up.script.tmpl @@ -7,17 +7,17 @@ ipparam=$6 # device name and metric are received using ipparam device=`echo "$ipparam"|awk '{ print $1 }'` -if [ "$device" != "{{ intf }}" ]; then +if [ "$device" != "{{ ifname }}" ]; then exit fi # add some info to syslog -DIALER_PID=$(cat /var/run/{{ intf }}.pid) +DIALER_PID=$(cat /var/run/{{ ifname }}.pid) logger -t pppd[$DIALER_PID] "executing $0" -echo "{{ description }}" > /sys/class/net/{{ intf }}/ifalias +echo "{{ description }}" > /sys/class/net/{{ ifname }}/ifalias {% if vrf -%} -logger -t pppd[$DIALER_PID] "configuring interface {{ intf }} for VRF {{ vrf }}" -ip link set dev {{ intf }} master {{ vrf }} +logger -t pppd[$DIALER_PID] "configuring interface {{ ifname }} for VRF {{ vrf }}" +ip link set dev {{ ifname }} master {{ vrf }} {% endif %} diff --git a/data/templates/wwan/ip-up.script.tmpl b/data/templates/wwan/ip-up.script.tmpl index 3a7eec800..2603a0286 100644 --- a/data/templates/wwan/ip-up.script.tmpl +++ b/data/templates/wwan/ip-up.script.tmpl @@ -9,17 +9,17 @@ if [ -z $(echo $2 | egrep "(ttyS[0-9]+|usb[0-9]+b.*)$") ]; then fi # Determine if we are running inside a VRF or not, required for proper routing table -if [ -d /sys/class/net/{{ intf }}/upper_* ]; then +if [ -d /sys/class/net/{{ ifname }}/upper_* ]; then # Determine upper (VRF) interface - VRF=$(basename $(ls -d /sys/class/net/{{ intf }}/upper_*)) + VRF=$(basename $(ls -d /sys/class/net/{{ ifname }}/upper_*)) # Remove upper_ prefix from result string VRF_NAME=${VRF#"upper_"} # Remove default route from VRF routing table - vtysh -c "conf t" -c "vrf ${VRF_NAME}" -c "ip route 0.0.0.0/0 {{ intf }} {{ metric }}" + vtysh -c "conf t" -c "vrf ${VRF_NAME}" -c "ip route 0.0.0.0/0 {{ ifname }} {{ backup.distance }}" else # Remove default route from GRT (global routing table) - vtysh -c "conf t" -c "ip route 0.0.0.0/0 {{ intf }} {{ metric }}" + vtysh -c "conf t" -c "ip route 0.0.0.0/0 {{ ifname }} {{ backup.distance }}" fi -DIALER_PID=$(cat /var/run/{{ intf }}.pid) -logger -t pppd[$DIALER_PID] "added default route via {{ intf }} metric {{ metric }} ${VRF_NAME}" +DIALER_PID=$(cat /var/run/{{ ifname }}.pid) +logger -t pppd[$DIALER_PID] "added default route via {{ ifname }} metric {{ backup.distance }} ${VRF_NAME}" diff --git a/data/templates/wwan/peer.tmpl b/data/templates/wwan/peer.tmpl index 0168283fd..aa759f741 100644 --- a/data/templates/wwan/peer.tmpl +++ b/data/templates/wwan/peer.tmpl @@ -1,19 +1,18 @@ ### Autogenerated by interfaces-wirelessmodem.py ### -{% if description %} -# {{ description }} -{% endif %} -ifname {{ intf }} -ipparam {{ intf }} -linkname {{ intf }} -{% if name_server -%} -usepeerdns -{%- endif %} +{{ "# description: " + description if description is defined }} +ifname {{ ifname }} +ipparam {{ ifname }} +linkname {{ ifname }} +{{ "usepeerdns" if no_peer_dns is defined }} # physical device {{ device }} lcp-echo-failure 0 115200 debug +debug +mtu {{ mtu }} +mru {{ mtu }} nodefaultroute ipcp-max-failure 4 ipcp-accept-local @@ -22,8 +21,7 @@ noauth crtscts lock persist -{% if on_demand -%} -demand -{%- endif %} +{{ "demand" if ondemand is defined }} + +connect '/usr/sbin/chat -v -t6 -f /etc/ppp/peers/chat.{{ ifname }}' -connect '/usr/sbin/chat -v -t6 -f {{ chat_script }}' diff --git a/interface-definitions/include/interface-mtu-1200-9000.xml.i b/interface-definitions/include/interface-mtu-1200-9000.xml.i index 336845b77..de48db65e 100644 --- a/interface-definitions/include/interface-mtu-1200-9000.xml.i +++ b/interface-definitions/include/interface-mtu-1200-9000.xml.i @@ -10,4 +10,5 @@ </constraint> <constraintErrorMessage>MTU must be between 1200 and 9000</constraintErrorMessage> </properties> + <defaultValue>1500</defaultValue> </leafNode> diff --git a/interface-definitions/include/interface-mtu-1450-9000.xml.i b/interface-definitions/include/interface-mtu-1450-9000.xml.i index 87296a050..d15987394 100644 --- a/interface-definitions/include/interface-mtu-1450-9000.xml.i +++ b/interface-definitions/include/interface-mtu-1450-9000.xml.i @@ -10,4 +10,5 @@ </constraint> <constraintErrorMessage>MTU must be between 1450 and 9000</constraintErrorMessage> </properties> + <defaultValue>1500</defaultValue> </leafNode> diff --git a/interface-definitions/include/interface-mtu-64-8024.xml.i b/interface-definitions/include/interface-mtu-64-8024.xml.i index e917c816f..e60867e35 100644 --- a/interface-definitions/include/interface-mtu-64-8024.xml.i +++ b/interface-definitions/include/interface-mtu-64-8024.xml.i @@ -10,4 +10,5 @@ </constraint> <constraintErrorMessage>MTU must be between 64 and 8024</constraintErrorMessage> </properties> + <defaultValue>1500</defaultValue> </leafNode> diff --git a/interface-definitions/include/interface-mtu-68-1500.xml.i b/interface-definitions/include/interface-mtu-68-1500.xml.i index 81223c332..d47efd2c9 100644 --- a/interface-definitions/include/interface-mtu-68-1500.xml.i +++ b/interface-definitions/include/interface-mtu-68-1500.xml.i @@ -10,4 +10,5 @@ </constraint> <constraintErrorMessage>MTU must be between 68 and 1500</constraintErrorMessage> </properties> + <defaultValue>1500</defaultValue> </leafNode> diff --git a/interface-definitions/include/interface-mtu-68-9000.xml.i b/interface-definitions/include/interface-mtu-68-9000.xml.i index ad11afa80..8fae2043c 100644 --- a/interface-definitions/include/interface-mtu-68-9000.xml.i +++ b/interface-definitions/include/interface-mtu-68-9000.xml.i @@ -10,4 +10,5 @@ </constraint> <constraintErrorMessage>MTU must be between 68 and 9000</constraintErrorMessage> </properties> + <defaultValue>1500</defaultValue> </leafNode> diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in index 36605ab59..dfef387d2 100644 --- a/interface-definitions/interfaces-macsec.xml.in +++ b/interface-definitions/interfaces-macsec.xml.in @@ -83,6 +83,7 @@ <validator name="numeric" argument="--range 0-255" /> </constraint> </properties> + <defaultValue>255</defaultValue> </leafNode> </children> </node> diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in index 0092f9ce5..3747a2a7e 100644 --- a/interface-definitions/interfaces-pppoe.xml.in +++ b/interface-definitions/interfaces-pppoe.xml.in @@ -128,19 +128,7 @@ </constraint> </properties> </leafNode> - <leafNode name="mtu"> - <properties> - <help>Maximum Transmission Unit (MTU)</help> - <valueHelp> - <format>68-1500</format> - <description>Maximum Transmission Unit (default 1492)</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 68-1500"/> - </constraint> - <constraintErrorMessage>MTU must be between 68 and 1500</constraintErrorMessage> - </properties> - </leafNode> + #include <include/interface-mtu-68-1500.xml.i> <leafNode name="no-peer-dns"> <properties> <help>Do not use DNS servers provided by the peer</help> diff --git a/interface-definitions/interfaces-wirelessmodem.xml.in b/interface-definitions/interfaces-wirelessmodem.xml.in index 8b68594da..d375b808d 100644 --- a/interface-definitions/interfaces-wirelessmodem.xml.in +++ b/interface-definitions/interfaces-wirelessmodem.xml.in @@ -38,6 +38,7 @@ </constraint> <constraintErrorMessage>Must be between (1-255)</constraintErrorMessage> </properties> + <defaultValue>10</defaultValue> </leafNode> </children> </node> diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index ce086872e..0dc7578d8 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -22,7 +22,6 @@ from enum import Enum from copy import deepcopy from vyos import ConfigError -from vyos.ifconfig import Interface from vyos.validate import is_member from vyos.util import ifname_from_config @@ -97,6 +96,8 @@ def dict_merge(source, destination): for key, value in source.items(): if key not in tmp.keys(): tmp[key] = value + elif isinstance(source[key], dict): + tmp[key] = dict_merge(source[key], tmp[key]) return tmp @@ -214,6 +215,8 @@ def disable_state(conf, check=[3,5,7]): def intf_to_dict(conf, default): + from vyos.ifconfig import Interface + """ Common used function which will extract VLAN related information from config and represent the result as Python dictionary. diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py new file mode 100644 index 000000000..e2fffeca7 --- /dev/null +++ b/python/vyos/configverify.py @@ -0,0 +1,74 @@ +# Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +# The sole purpose of this module is to hold common functions used in +# all kinds of implementations to verify the CLI configuration. +# It is started by migrating the interfaces to the new get_config_dict() +# approach which will lead to a lot of code that can be reused. + +# NOTE: imports should be as local as possible to the function which +# makes use of it! + +from vyos import ConfigError + +def verify_bridge_vrf(config): + """ + Common helper function used by interface implementations to + perform recurring validation of VRF configuration + """ + from netifaces import interfaces + if 'vrf' in config.keys(): + if config['vrf'] not in interfaces(): + raise ConfigError('VRF "{vrf}" does not exist'.format(**config)) + + if 'is_bridge_member' in config.keys(): + raise ConfigError( + 'Interface "{ifname}" cannot be both a member of VRF "{vrf}" ' + 'and bridge "{is_bridge_member}"!'.format(**config)) + + +def verify_bridge_address(config): + """ + Common helper function used by interface implementations to + perform recurring validation of IP address assignmenr + when interface also is part of a bridge. + """ + if {'is_bridge_member', 'address'} <= set(config): + raise ConfigError( + f'Cannot assign address to interface "{ifname}" as it is a ' + f'member of bridge "{is_bridge_member}"!'.format(**config)) + + +def verify_bridge_delete(config): + """ + Common helper function used by interface implementations to + perform recurring validation of IP address assignmenr + when interface also is part of a bridge. + """ + if 'is_bridge_member' in config.keys(): + raise ConfigError( + 'Interface "{ifname}" cannot be deleted as it is a ' + 'member of bridge "{is_bridge_member}"!'.format(**config)) + + +def verify_source_interface(config): + """ + Common helper function used by interface implementations to + perform recurring validation of the existence of a source-interface + required by e.g. peth/MACvlan, MACsec ... + """ + if not 'source_interface' in config.keys(): + raise ConfigError('Physical source-interface required for ' + 'interface "{ifname}"'.format(**config)) diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 2c2396440..1819ffc82 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -27,6 +27,7 @@ from netifaces import AF_INET from netifaces import AF_INET6 from vyos import ConfigError +from vyos.configdict import list_diff from vyos.util import mac2eui64 from vyos.validate import is_ipv4 from vyos.validate import is_ipv6 @@ -757,3 +758,41 @@ class Interface(Control): # TODO: port config (STP) return True + + def update(self, config): + """ General helper function which works on a dictionary retrived by + get_config_dict(). It's main intention is to consolidate the scattered + interface setup code and provide a single point of entry when workin + on any interface. """ + + # Update interface description + self.set_alias(config.get('description', None)) + + # Configure assigned interface IP addresses. No longer + # configured addresses will be removed first + new_addr = config.get('address', []) + + # XXX workaround for T2636, convert IP address string to a list + # with one element + if isinstance(new_addr, str): + new_addr = [new_addr] + + # determine IP addresses which are assigned to the interface and build a + # list of addresses which are no longer in the dict so they can be removed + cur_addr = self.get_addr() + for addr in list_diff(cur_addr, new_addr): + self.del_addr(addr) + + for addr in new_addr: + self.add_addr(addr) + + # There are some items in the configuration which can only be applied + # if this instance is not bound to a bridge. This should be checked + # by the caller but better save then sorry! + if not config.get('is_bridge_member', False): + # Bind interface instance into VRF + self.set_vrf(config.get('vrf', '')) + + # Interface administrative state + state = 'down' if 'disable' in config.keys() else 'up' + self.set_admin_state(state) diff --git a/python/vyos/ifconfig/loopback.py b/python/vyos/ifconfig/loopback.py index 8e4438662..7ebd13b54 100644 --- a/python/vyos/ifconfig/loopback.py +++ b/python/vyos/ifconfig/loopback.py @@ -23,7 +23,7 @@ class LoopbackIf(Interface): The loopback device is a special, virtual network interface that your router uses to communicate with itself. """ - + _persistent_addresses = ['127.0.0.1/8', '::1/128'] default = { 'type': 'loopback', } @@ -49,10 +49,31 @@ class LoopbackIf(Interface): """ # remove all assigned IP addresses from interface for addr in self.get_addr(): - if addr in ["127.0.0.1/8", "::1/128"]: + if addr in self._persistent_addresses: # Do not allow deletion of the default loopback addresses as # this will cause weird system behavior like snmp/ssh no longer # operating as expected, see https://phabricator.vyos.net/T2034. continue self.del_addr(addr) + + def update(self, config): + """ General helper function which works on a dictionary retrived by + get_config_dict(). It's main intention is to consolidate the scattered + interface setup code and provide a single point of entry when workin + on any interface. """ + + addr = config.get('address', []) + # XXX workaround for T2636, convert IP address string to a list + # with one element + if isinstance(addr, str): + addr = [addr] + + # We must ensure that the loopback addresses are never deleted from the system + addr += self._persistent_addresses + + # Update IP address entry in our dictionary + config.update({'address' : addr}) + + # now call the regular function from within our base class + super().update(config) diff --git a/python/vyos/ifconfig/vrrp.py b/python/vyos/ifconfig/vrrp.py index a872725b2..5e6387881 100644 --- a/python/vyos/ifconfig/vrrp.py +++ b/python/vyos/ifconfig/vrrp.py @@ -28,6 +28,9 @@ from vyos import util class VRRPError(Exception): pass +class VRRPNoData(VRRPError): + pass + class VRRP(object): _vrrp_prefix = '00:00:5E:00:01:' location = { @@ -96,6 +99,8 @@ class VRRP(object): # shoud look for file size change ? sleep(0.2) return util.read_file(fname) + except FileNotFoundError: + raise VRRPNoData("VRRP data is not available (process not running or no active groups)") except Exception: name = cls._name[what] raise VRRPError(f'VRRP {name} is not available') diff --git a/python/vyos/xml/__init__.py b/python/vyos/xml/__init__.py index 52f5bfb38..6e0e73b1b 100644 --- a/python/vyos/xml/__init__.py +++ b/python/vyos/xml/__init__.py @@ -9,7 +9,7 @@ # See the GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License along with this library; -# if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA from vyos.xml import definition @@ -35,5 +35,10 @@ def load_configuration(cache=[]): return xml -def defaults(lpath): - return load_configuration().defaults(lpath) +def defaults(lpath, flat=False): + return load_configuration().defaults(lpath, flat) + + +if __name__ == '__main__': + print(defaults(['service'], flat=True)) + print(defaults(['service'], flat=False)) diff --git a/python/vyos/xml/definition.py b/python/vyos/xml/definition.py index c5f6b0fc7..5421007e0 100644 --- a/python/vyos/xml/definition.py +++ b/python/vyos/xml/definition.py @@ -11,7 +11,6 @@ # You should have received a copy of the GNU Lesser General Public License along with this library; # if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - from vyos.xml import kw # As we index by key, the name is first and then the data: @@ -228,8 +227,9 @@ class XML(dict): inner = self.tree[option] prefix = '+> ' if inner.get(kw.node, '') != kw.leafNode else ' ' if kw.help in inner: - h = inner[kw.help] - yield (prefix + option, h.get(kw.summary), '') + yield (prefix + option, inner[kw.help].get(kw.summary), '') + else: + yield (prefix + option, '(no help available)', '') def debug(self): print('------') @@ -245,36 +245,48 @@ class XML(dict): # @lru_cache(maxsize=100) # XXX: need to use cachetool instead - for later - def defaults(self, lpath): + def defaults(self, lpath, flat): d = self[kw.default] for k in lpath: d = d[k] - r = {} - def _flatten(inside, index, d, r): + if not flat: + r = {} + for k in d: + under = k.replace('-','_') + if isinstance(d[k],dict): + r[under] = self.defaults(lpath + [k], flat) + continue + r[under] = d[k] + return r + + def _flatten(inside, index, d): + r = {} local = inside[index:] prefix = '_'.join(_.replace('-','_') for _ in local) + '_' if local else '' for k in d: under = prefix + k.replace('-','_') level = inside + [k] if isinstance(d[k],dict): - _flatten(level, index, d[k], r) + r.update(_flatten(level, index, d[k])) continue - if self.is_multi(level): + if self.is_multi(level, with_tag=False): r[under] = [_.strip() for _ in d[k].split(',')] continue r[under] = d[k] + return r - _flatten(lpath, len(lpath), d, r) - return r + return _flatten(lpath, len(lpath), d) # from functools import lru_cache # @lru_cache(maxsize=100) # XXX: need to use cachetool instead - for later - def _tree(self, lpath): + def _tree(self, lpath, with_tag=True): """ returns the part of the tree searched or None if it does not exists + if with_tag is set, this is a configuration path (with tagNode names) + and tag name will be removed from the path when traversing the tree """ tree = self[kw.tree] spath = lpath.copy() @@ -283,19 +295,21 @@ class XML(dict): if p not in tree: return None tree = tree[p] + if with_tag and spath and tree[kw.node] == kw.tagNode: + spath.pop(0) return tree - def _get(self, lpath, tag): - return self._tree(lpath + [tag]) + def _get(self, lpath, tag, with_tag=True): + return self._tree(lpath + [tag], with_tag) - def is_multi(self, lpath): - return self._get(lpath, kw.multi) is True + def is_multi(self, lpath, with_tag=True): + return self._get(lpath, kw.multi, with_tag) is True - def is_tag(self, lpath): - return self._get(lpath, kw.node) == kw.tagNode + def is_tag(self, lpath, with_tag=True): + return self._get(lpath, kw.node, with_tag) == kw.tagNode - def is_leaf(self, lpath): - return self._get(lpath, kw.node) == kw.leafNode + def is_leaf(self, lpath, with_tag=True): + return self._get(lpath, kw.node, with_tag) == kw.leafNode - def exists(self, lpath): - return self._get(lpath, kw.node) is not None + def exists(self, lpath, with_tag=True): + return self._get(lpath, kw.node, with_tag) is not None diff --git a/src/conf_mode/host_name.py b/src/conf_mode/host_name.py index 3e301477d..f2fa64233 100755 --- a/src/conf_mode/host_name.py +++ b/src/conf_mode/host_name.py @@ -97,10 +97,6 @@ def verify(conf, hosts): for host, hostprops in hosts['static_host_mapping'].items(): if not hostprops['address']: raise ConfigError(f'IP address required for static-host-mapping "{host}"') - if hostprops['address'] in all_static_host_mapping_addresses: - raise ConfigError(( - f'static-host-mapping "{host}" address "{hostprops["address"]}"' - f'already used in another static-host-mapping')) all_static_host_mapping_addresses.append(hostprops['address']) for a in hostprops['aliases']: if not hostname_regex.match(a) and len(a) != 0: diff --git a/src/conf_mode/interfaces-dummy.py b/src/conf_mode/interfaces-dummy.py index ec255edd5..a8093ffa5 100755 --- a/src/conf_mode/interfaces-dummy.py +++ b/src/conf_mode/interfaces-dummy.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019 VyOS maintainers and contributors +# Copyright (C) 2019-2020 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -16,98 +16,53 @@ import os -from copy import deepcopy from sys import exit -from netifaces import interfaces -from vyos.ifconfig import DummyIf -from vyos.configdict import list_diff from vyos.config import Config +from vyos.configverify import verify_bridge_vrf +from vyos.configverify import verify_bridge_address +from vyos.configverify import verify_bridge_delete +from vyos.ifconfig import DummyIf from vyos.validate import is_member from vyos import ConfigError - from vyos import airbag airbag.enable() -default_config_data = { - 'address': [], - 'address_remove': [], - 'deleted': False, - 'description': '', - 'disable': False, - 'intf': '', - 'is_bridge_member': False, - 'vrf': '' -} - def get_config(): - dummy = deepcopy(default_config_data) + """ Retrive CLI config as dictionary. Dictionary can never be empty, + as at least the interface name will be added or a deleted flag """ conf = Config() # determine tagNode instance if 'VYOS_TAGNODE_VALUE' not in os.environ: raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified') - dummy['intf'] = os.environ['VYOS_TAGNODE_VALUE'] - - # check if we are a member of any bridge - dummy['is_bridge_member'] = is_member(conf, dummy['intf'], 'bridge') + ifname = os.environ['VYOS_TAGNODE_VALUE'] + base = ['interfaces', 'dummy', ifname] + dummy = conf.get_config_dict(base, key_mangling=('-', '_')) # Check if interface has been removed - if not conf.exists('interfaces dummy ' + dummy['intf']): - dummy['deleted'] = True - return dummy - - # set new configuration level - conf.set_level('interfaces dummy ' + dummy['intf']) + if dummy == {}: + dummy.update({'deleted' : ''}) - # retrieve configured interface addresses - if conf.exists('address'): - dummy['address'] = conf.return_values('address') + # store interface instance name in dictionary + dummy.update({'ifname': ifname}) - # retrieve interface description - if conf.exists('description'): - dummy['description'] = conf.return_value('description') - - # Disable this interface - if conf.exists('disable'): - dummy['disable'] = True - - # Determine interface addresses (currently effective) - to determine which - # address is no longer valid and needs to be removed from the interface - eff_addr = conf.return_effective_values('address') - act_addr = conf.return_values('address') - dummy['address_remove'] = list_diff(eff_addr, act_addr) - - # retrieve VRF instance - if conf.exists('vrf'): - dummy['vrf'] = conf.return_value('vrf') + # check if we are a member of any bridge + bridge = is_member(conf, ifname, 'bridge') + if bridge: + tmp = {'is_bridge_member' : bridge} + dummy.update(tmp) return dummy def verify(dummy): - if dummy['deleted']: - if dummy['is_bridge_member']: - raise ConfigError(( - f'Interface "{dummy["intf"]}" cannot be deleted as it is a ' - f'member of bridge "{dummy["is_bridge_member"]}"!')) - + if 'deleted' in dummy.keys(): + verify_bridge_delete(dummy) return None - if dummy['vrf']: - if dummy['vrf'] not in interfaces(): - raise ConfigError(f'VRF "{dummy["vrf"]}" does not exist') - - if dummy['is_bridge_member']: - raise ConfigError(( - f'Interface "{dummy["intf"]}" cannot be member of VRF ' - f'"{dummy["vrf"]}" and bridge "{dummy["is_bridge_member"]}" ' - f'at the same time!')) - - if dummy['is_bridge_member'] and dummy['address']: - raise ConfigError(( - f'Cannot assign address to interface "{dummy["intf"]}" ' - f'as it is a member of bridge "{dummy["is_bridge_member"]}"!')) + verify_bridge_vrf(dummy) + verify_bridge_address(dummy) return None @@ -115,33 +70,13 @@ def generate(dummy): return None def apply(dummy): - d = DummyIf(dummy['intf']) + d = DummyIf(dummy['ifname']) # Remove dummy interface - if dummy['deleted']: + if 'deleted' in dummy.keys(): d.remove() else: - # update interface description used e.g. within SNMP - d.set_alias(dummy['description']) - - # Configure interface address(es) - # - not longer required addresses get removed first - # - newly addresses will be added second - for addr in dummy['address_remove']: - d.del_addr(addr) - for addr in dummy['address']: - d.add_addr(addr) - - # assign/remove VRF (ONLY when not a member of a bridge, - # otherwise 'nomaster' removes it from it) - if not dummy['is_bridge_member']: - d.set_vrf(dummy['vrf']) - - # disable interface on demand - if dummy['disable']: - d.set_admin_state('down') - else: - d.set_admin_state('up') + d.update(dummy) return None diff --git a/src/conf_mode/interfaces-loopback.py b/src/conf_mode/interfaces-loopback.py index df268cec2..7c3d8663d 100755 --- a/src/conf_mode/interfaces-loopback.py +++ b/src/conf_mode/interfaces-loopback.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019 VyOS maintainers and contributors +# Copyright (C) 2019-2020 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -17,54 +17,31 @@ import os from sys import exit -from copy import deepcopy from vyos.ifconfig import LoopbackIf -from vyos.configdict import list_diff from vyos.config import Config -from vyos import ConfigError - -from vyos import airbag +from vyos import ConfigError, airbag airbag.enable() -default_config_data = { - 'address': [], - 'address_remove': [], - 'deleted': False, - 'description': '', -} - - def get_config(): - loopback = deepcopy(default_config_data) + """ Retrive CLI config as dictionary. Dictionary can never be empty, + as at least the interface name will be added or a deleted flag """ conf = Config() # determine tagNode instance if 'VYOS_TAGNODE_VALUE' not in os.environ: raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified') - loopback['intf'] = os.environ['VYOS_TAGNODE_VALUE'] + ifname = os.environ['VYOS_TAGNODE_VALUE'] + base = ['interfaces', 'loopback', ifname] + loopback = conf.get_config_dict(base, key_mangling=('-', '_')) # Check if interface has been removed - if not conf.exists('interfaces loopback ' + loopback['intf']): - loopback['deleted'] = True - - # set new configuration level - conf.set_level('interfaces loopback ' + loopback['intf']) + if loopback == {}: + loopback.update({'deleted' : ''}) - # retrieve configured interface addresses - if conf.exists('address'): - loopback['address'] = conf.return_values('address') - - # retrieve interface description - if conf.exists('description'): - loopback['description'] = conf.return_value('description') - - # Determine interface addresses (currently effective) - to determine which - # address is no longer valid and needs to be removed from the interface - eff_addr = conf.return_effective_values('address') - act_addr = conf.return_values('address') - loopback['address_remove'] = list_diff(eff_addr, act_addr) + # store interface instance name in dictionary + loopback.update({'ifname': ifname}) return loopback @@ -75,20 +52,11 @@ def generate(loopback): return None def apply(loopback): - l = LoopbackIf(loopback['intf']) - if loopback['deleted']: + l = LoopbackIf(loopback['ifname']) + if 'deleted' in loopback.keys(): l.remove() else: - # update interface description used e.g. within SNMP - l.set_alias(loopback['description']) - - # Configure interface address(es) - # - not longer required addresses get removed first - # - newly addresses will be added second - for addr in loopback['address_remove']: - l.del_addr(addr) - for addr in loopback['address']: - l.add_addr(addr) + l.update(loopback) return None diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py index a8966148f..6f4e90169 100755 --- a/src/conf_mode/interfaces-macsec.py +++ b/src/conf_mode/interfaces-macsec.py @@ -18,177 +18,108 @@ import os from copy import deepcopy from sys import exit -from netifaces import interfaces from vyos.config import Config -from vyos.configdict import list_diff +from vyos.configdict import dict_merge from vyos.ifconfig import MACsecIf from vyos.template import render from vyos.util import call from vyos.validate import is_member +from vyos.configverify import verify_bridge_vrf +from vyos.configverify import verify_bridge_address +from vyos.configverify import verify_bridge_delete +from vyos.configverify import verify_source_interface +from vyos.xml import defaults from vyos import ConfigError - from vyos import airbag airbag.enable() -default_config_data = { - 'address': [], - 'address_remove': [], - 'deleted': False, - 'description': '', - 'disable': False, - 'security_cipher': '', - 'security_encrypt': False, - 'security_mka_cak': '', - 'security_mka_ckn': '', - 'security_mka_priority': '255', - 'security_replay_window': '', - 'intf': '', - 'source_interface': '', - 'is_bridge_member': False, - 'vrf': '' -} - # XXX: wpa_supplicant works on the source interface wpa_suppl_conf = '/run/wpa_supplicant/{source_interface}.conf' - def get_config(): - macsec = deepcopy(default_config_data) + """ Retrive CLI config as dictionary. Dictionary can never be empty, + as at least the interface name will be added or a deleted flag """ conf = Config() # determine tagNode instance if 'VYOS_TAGNODE_VALUE' not in os.environ: raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified') - macsec['intf'] = os.environ['VYOS_TAGNODE_VALUE'] - base_path = ['interfaces', 'macsec', macsec['intf']] + # retrieve interface default values + base = ['interfaces', 'macsec'] + default_values = defaults(base) - # check if we are a member of any bridge - macsec['is_bridge_member'] = is_member(conf, macsec['intf'], 'bridge') + ifname = os.environ['VYOS_TAGNODE_VALUE'] + base = base + [ifname] + macsec = conf.get_config_dict(base, key_mangling=('-', '_')) # Check if interface has been removed - if not conf.exists(base_path): - macsec['deleted'] = True - # When stopping wpa_supplicant we need to stop it via the physical - # interface - thus we need to retrieve ir from the effective config - if conf.exists_effective(base_path + ['source-interface']): - macsec['source_interface'] = conf.return_effective_value( - base_path + ['source-interface']) - - return macsec - - # set new configuration level - conf.set_level(base_path) - - # retrieve configured interface addresses - if conf.exists(['address']): - macsec['address'] = conf.return_values(['address']) - - # retrieve interface description - if conf.exists(['description']): - macsec['description'] = conf.return_value(['description']) - - # Disable this interface - if conf.exists(['disable']): - macsec['disable'] = True - - # retrieve interface cipher - if conf.exists(['security', 'cipher']): - macsec['security_cipher'] = conf.return_value(['security', 'cipher']) - - # Enable optional MACsec encryption - if conf.exists(['security', 'encrypt']): - macsec['security_encrypt'] = True - - # Secure Connectivity Association Key - if conf.exists(['security', 'mka', 'cak']): - macsec['security_mka_cak'] = conf.return_value( - ['security', 'mka', 'cak']) - - # Secure Connectivity Association Name - if conf.exists(['security', 'mka', 'ckn']): - macsec['security_mka_ckn'] = conf.return_value( - ['security', 'mka', 'ckn']) - - # MACsec Key Agreement protocol (MKA) actor priority - if conf.exists(['security', 'mka', 'priority']): - macsec['security_mka_priority'] = conf.return_value( - ['security', 'mka', 'priority']) - - # IEEE 802.1X/MACsec replay protection - if conf.exists(['security', 'replay-window']): - macsec['security_replay_window'] = conf.return_value( - ['security', 'replay-window']) - - # Physical interface - if conf.exists(['source-interface']): - macsec['source_interface'] = conf.return_value(['source-interface']) - - # Determine interface addresses (currently effective) - to determine which - # address is no longer valid and needs to be removed from the interface - eff_addr = conf.return_effective_values(['address']) - act_addr = conf.return_values(['address']) - macsec['address_remove'] = list_diff(eff_addr, act_addr) - - # retrieve VRF instance - if conf.exists(['vrf']): - macsec['vrf'] = conf.return_value(['vrf']) + if macsec == {}: + tmp = { + 'deleted' : '', + 'source_interface' : conf.return_effective_value( + base + ['source-interface']) + } + macsec.update(tmp) + + # We have gathered the dict representation of the CLI, but there are + # default options which we need to update into the dictionary + # retrived. + macsec = dict_merge(default_values, macsec) + + # Add interface instance name into dictionary + macsec.update({'ifname': ifname}) + + # Check if we are a member of any bridge + bridge = is_member(conf, ifname, 'bridge') + if bridge: + tmp = {'is_bridge_member' : bridge} + macsec.update(tmp) return macsec def verify(macsec): - if macsec['deleted']: - if macsec['is_bridge_member']: - raise ConfigError( - 'Interface "{intf}" cannot be deleted as it is a ' - 'member of bridge "{is_bridge_member}"!'.format(**macsec)) - + if 'deleted' in macsec.keys(): + verify_bridge_delete(macsec) return None - if not macsec['source_interface']: - raise ConfigError('Physical source interface must be set for ' - 'MACsec "{intf}"'.format(**macsec)) + verify_source_interface(macsec) + verify_bridge_vrf(macsec) + verify_bridge_address(macsec) - if not macsec['security_cipher']: + if not (('security' in macsec.keys()) and + ('cipher' in macsec['security'].keys())): raise ConfigError( - 'Cipher suite must be set for MACsec "{intf}"'.format(**macsec)) - - if macsec['security_encrypt']: - if not (macsec['security_mka_cak'] and macsec['security_mka_ckn']): - raise ConfigError( - 'MACsec security keys mandartory when encryption is enabled') + 'Cipher suite must be set for MACsec "{ifname}"'.format(**macsec)) - if macsec['vrf']: - if macsec['vrf'] not in interfaces(): - raise ConfigError('VRF "{vrf}" does not exist'.format(**macsec)) + if (('security' in macsec.keys()) and + ('encrypt' in macsec['security'].keys())): + tmp = macsec.get('security') - if macsec['is_bridge_member']: - raise ConfigError('Interface "{intf}" cannot be member of VRF ' - '"{vrf}" and bridge "{is_bridge_member}" at ' - 'the same time!'.format(**macsec)) - - if macsec['is_bridge_member'] and macsec['address']: - raise ConfigError( - 'Cannot assign address to interface "{intf}" as it is' - 'a member of bridge "{is_bridge_member}"!'.format(**macsec)) + if not (('mka' in tmp.keys()) and + ('cak' in tmp['mka'].keys()) and + ('ckn' in tmp['mka'].keys())): + raise ConfigError('Missing mandatory MACsec security ' + 'keys as encryption is enabled!') return None def generate(macsec): render(wpa_suppl_conf.format(**macsec), - 'macsec/wpa_supplicant.conf.tmpl', macsec, permission=0o640) + 'macsec/wpa_supplicant.conf.tmpl', macsec) return None def apply(macsec): # Remove macsec interface - if macsec['deleted']: + if 'deleted' in macsec.keys(): call('systemctl stop wpa_supplicant-macsec@{source_interface}' .format(**macsec)) - MACsecIf(macsec['intf']).remove() + + MACsecIf(macsec['ifname']).remove() # delete configuration on interface removal if os.path.isfile(wpa_suppl_conf.format(**macsec)): @@ -198,35 +129,16 @@ def apply(macsec): # MACsec interfaces require a configuration when they are added using # iproute2. This static method will provide the configuration # dictionary used by this class. - conf = deepcopy(MACsecIf.get_config()) - # Assign MACsec instance configuration parameters to config dict + # XXX: subject of removal after completing T2653 + conf = deepcopy(MACsecIf.get_config()) conf['source_interface'] = macsec['source_interface'] - conf['security_cipher'] = macsec['security_cipher'] + conf['security_cipher'] = macsec['security']['cipher'] # It is safe to "re-create" the interface always, there is a sanity # check that the interface will only be create if its non existent - i = MACsecIf(macsec['intf'], **conf) - - # update interface description used e.g. within SNMP - i.set_alias(macsec['description']) - - # Configure interface address(es) - # - not longer required addresses get removed first - # - newly addresses will be added second - for addr in macsec['address_remove']: - i.del_addr(addr) - for addr in macsec['address']: - i.add_addr(addr) - - # assign/remove VRF (ONLY when not a member of a bridge, - # otherwise 'nomaster' removes it from it) - if not macsec['is_bridge_member']: - i.set_vrf(macsec['vrf']) - - # Interface is administratively down by default, enable if desired - if not macsec['disable']: - i.set_admin_state('up') + i = MACsecIf(macsec['ifname'], **conf) + i.update(macsec) call('systemctl restart wpa_supplicant-macsec@{source_interface}' .format(**macsec)) diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py index c13f77d91..ea15a7fb7 100755 --- a/src/conf_mode/interfaces-tunnel.py +++ b/src/conf_mode/interfaces-tunnel.py @@ -32,7 +32,8 @@ from vyos.dicts import FixedDict from vyos import airbag airbag.enable() -class ConfigurationState(Config): + +class ConfigurationState(object): """ The current API require a dict to be generated by get_config() which is then consumed by verify(), generate() and apply() @@ -40,7 +41,7 @@ class ConfigurationState(Config): ConfiguartionState is an helper class wrapping Config and providing an common API to this dictionary structure - Its to_dict() function return a dictionary containing three fields, + Its to_api() function return a dictionary containing three fields, each a dict, called options, changes, actions. options: @@ -84,16 +85,16 @@ class ConfigurationState(Config): which for each field represent how it was modified since the last commit """ - def __init__ (self, section, default): + def __init__(self, configuration, section, default): """ initialise the class for a given configuration path: - >>> conf = ConfigurationState('interfaces ethernet eth1') + >>> conf = ConfigurationState(conf, 'interfaces ethernet eth1') all further references to get_value(s) and get_effective(s) will be for this part of the configuration (eth1) """ - super().__init__() - self.section = section + self._conf = configuration + self.default = deepcopy(default) self.options = FixedDict(**default) self.actions = { @@ -104,13 +105,19 @@ class ConfigurationState(Config): 'delete': [], # the key was present and was deleted } self.changes = {} - if not self.exists(section): + if not self._conf.exists(section): self.changes['section'] = 'delete' - elif self.exists_effective(section): + elif self._conf.exists_effective(section): self.changes['section'] = 'modify' else: self.changes['section'] = 'create' + self.set_level(section) + + def set_level(self, lpath): + self.section = lpath + self._conf.set_level(lpath) + def _act(self, section): """ Returns for a given configuration field determine what happened to it @@ -121,18 +128,18 @@ class ConfigurationState(Config): 'delete': it was present but was removed from the configuration 'absent': it was not and is not present """ - if self.exists(section): - if self.exists_effective(section): - if self.return_value(section) != self.return_effective_value(section): + if self._conf.exists(section): + if self._conf.exists_effective(section): + if self._conf.return_value(section) != self._conf.return_effective_value(section): return 'modify' return 'static' return 'create' else: - if self.exists_effective(section): + if self._conf.exists_effective(section): return 'delete' return 'absent' - def _action (self, name, key): + def _action(self, name, key): action = self._act(key) self.changes[name] = action self.actions[action].append(name) @@ -157,18 +164,28 @@ class ConfigurationState(Config): """ if self._action(name, key) in ('delete', 'absent'): return - return self._get(name, key, default, self.return_value) + return self._get(name, key, default, self._conf.return_value) def get_values(self, name, key, default=None): """ - >>> conf.get_values('addresses-add', 'address') - will place a list made of the IP present in 'interface dummy dum1 address' - into the dictionnary entry 'addr' using Config.return_values - (the data in the configuration to apply) + >>> conf.get_values('addresses', 'address') + will place a list of the new IP present in 'interface dummy dum1 address' + into the dictionnary entry "-add" (here 'addresses-add') using + Config.return_values and will add the the one which were removed in into + the entry "-del" (here addresses-del') """ - if self._action(name, key) in ('delete', 'absent'): + add_name = f'{name}-add' + + if self._action(add_name, key) in ('delete', 'absent'): return - return self._get(name, key, default, self.return_values) + + self._get(add_name, key, default, self._conf.return_values) + + # get the effective values to determine which data is no longer valid + self.options['addresses-del'] = list_diff( + self._conf.return_effective_values('address'), + self.options['addresses-add'] + ) def get_effective(self, name, key, default=None): """ @@ -178,7 +195,7 @@ class ConfigurationState(Config): (the data in the configuration to apply) """ self._action(name, key) - return self._get(name, key, default, self.return_effective_value) + return self._get(name, key, default, self._conf.return_effective_value) def get_effectives(self, name, key, default=None): """ @@ -188,7 +205,7 @@ class ConfigurationState(Config): (the data in the un-modified configuration) """ self._action(name, key) - return self._get(name, key, default, self.return_effectives_value) + return self._get(name, key, default, self._conf.return_effectives_value) def load(self, mapping): """ @@ -220,16 +237,35 @@ class ConfigurationState(Config): else: self.get_value(local_name, config_name, default) - def remove_default (self,*options): + def remove_default(self,*options): """ remove all the values which were not changed from the default """ for option in options: - if self.exists(option) and self.self_return_value(option) != self.default[option]: + if not self._conf.exists(option): + del self.options[option] continue - del self.options[option] - def to_dict (self): + if self._conf.return_value(option) == self.default[option]: + del self.options[option] + continue + + if self._conf.return_values(option) == self.default[option]: + del self.options[option] + continue + + def as_dict(self, lpath): + l = self._conf.get_level() + self._conf.set_level([]) + d = self._conf.get_config_dict(lpath) + # XXX: that not what I would have expected from get_config_dict + if lpath: + d = d[lpath[-1]] + # XXX: it should have provided me the content and not the key + self._conf.set_level(l) + return d + + def to_api(self): """ provide a dictionary with the generated data for the configuration options: the configuration value for the key @@ -243,6 +279,7 @@ class ConfigurationState(Config): 'actions': self.actions, } + default_config_data = { # interface definition 'vrf': '', @@ -288,6 +325,7 @@ default_config_data = { '6rd-relay-prefix': '', } + # dict name -> config name, multiple values, default mapping = { 'type': ('encapsulation', False, None), @@ -310,7 +348,7 @@ mapping = { 'state': ('disable', False, 'down'), 'link_detect': ('disable-link-detect', False, 2), 'vrf': ('vrf', False, None), - 'addresses-add': ('address', True, None), + 'addresses': ('address', True, None), 'arp_filter': ('ip disable-arp-filter', False, 0), 'arp_accept': ('ip enable-arp-accept', False, 1), 'arp_announce': ('ip enable-arp-announce', False, 1), @@ -320,6 +358,7 @@ mapping = { 'ipv6_dad_transmits:': ('ipv6 dup-addr-detect-transmits', False, None) } + def get_class (options): dispatch = { 'gre': GREIf, @@ -363,19 +402,17 @@ def get_config(): if not ifname: raise ConfigError('Interface not specified') - conf = ConfigurationState('interfaces tunnel ' + ifname, default_config_data) + config = Config() + conf = ConfigurationState(config, ['interfaces', 'tunnel ', ifname], default_config_data) options = conf.options changes = conf.changes options['ifname'] = ifname - # set new configuration level - conf.set_level(conf.section) - if changes['section'] == 'delete': conf.get_effective('type', mapping['type'][0]) - conf.set_level('protocols nhrp tunnel') - options['nhrp'] = conf.list_nodes('') - return conf.to_dict() + config.set_level(['protocols', 'nhrp', 'tunnel']) + options['nhrp'] = config.list_nodes('') + return conf.to_api() # load all the configuration option according to the mapping conf.load(mapping) @@ -407,12 +444,6 @@ def get_config(): options['local'] = picked options['dhcp-interface'] = '' - # get interface addresses (currently effective) - to determine which - # address is no longer valid and needs to be removed - # could be done within ConfigurationState - eff_addr = conf.return_effective_values('address') - options['addresses-del'] = list_diff(eff_addr, options['addresses-add']) - # to make IPv6 SLAAC and DHCPv6 work with forwarding=1, # accept_ra must be 2 if options['ipv6_autoconf'] or 'dhcpv6' in options['addresses-add']: @@ -422,12 +453,11 @@ def get_config(): options['allmulticast'] = options['multicast'] # check that per encapsulation all local-remote pairs are unique - conf.set_level('interfaces tunnel') - ct = conf.get_config_dict()['tunnel'] + ct = conf.as_dict(['interfaces', 'tunnel']) options['tunnel'] = {} # check for bridges - options['bridge'] = is_member(conf, ifname, 'bridge') + options['bridge'] = is_member(config, ifname, 'bridge') options['interfaces'] = interfaces() for name in ct: @@ -440,7 +470,7 @@ def get_config(): pair = f'{local}-{remote}' options['tunnel'][encap][pair] = options['tunnel'].setdefault(encap, {}).get(pair, 0) + 1 - return conf.to_dict() + return conf.to_api() def verify(conf): diff --git a/src/conf_mode/interfaces-wirelessmodem.py b/src/conf_mode/interfaces-wirelessmodem.py index 35e3c583c..57f39760b 100755 --- a/src/conf_mode/interfaces-wirelessmodem.py +++ b/src/conf_mode/interfaces-wirelessmodem.py @@ -16,38 +16,19 @@ import os -from copy import deepcopy from fnmatch import fnmatch -from netifaces import interfaces from sys import exit from vyos.config import Config -from vyos.ifconfig import BridgeIf, Section +from vyos.configdict import dict_merge +from vyos.configverify import verify_bridge_vrf from vyos.template import render from vyos.util import call -from vyos.validate import is_member +from vyos.xml import defaults from vyos import ConfigError - from vyos import airbag airbag.enable() -default_config_data = { - 'apn': '', - 'chat_script': '', - 'deleted': False, - 'description': '', - 'device': '', - 'disable': False, - 'disable_link_detect': 1, - 'on_demand': False, - 'metric': '10', - 'mtu': '1500', - 'name_server': True, - 'is_bridge_member': False, - 'intf': '', - 'vrf': '' -} - def check_kmod(): modules = ['option', 'usb_wwan', 'usbserial'] for module in modules: @@ -66,115 +47,80 @@ def find_device_file(device): return None def get_config(): - wwan = deepcopy(default_config_data) + """ Retrive CLI config as dictionary. Dictionary can never be empty, + as at least the interface name will be added or a deleted flag """ conf = Config() # determine tagNode instance if 'VYOS_TAGNODE_VALUE' not in os.environ: raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified') - wwan['intf'] = os.environ['VYOS_TAGNODE_VALUE'] - wwan['chat_script'] = f"/etc/ppp/peers/chat.{wwan['intf']}" + # retrieve interface default values + base = ['interfaces', 'wirelessmodem'] + default_values = defaults(base) + + ifname = os.environ['VYOS_TAGNODE_VALUE'] + base = base + [ifname] + wwan = conf.get_config_dict(base, key_mangling=('-', '_')) # Check if interface has been removed - if not conf.exists('interfaces wirelessmodem ' + wwan['intf']): - wwan['deleted'] = True - return wwan - - # set new configuration level - conf.set_level('interfaces wirelessmodem ' + wwan['intf']) - - # get metrick for backup default route - if conf.exists(['apn']): - wwan['apn'] = conf.return_value(['apn']) - - # get metrick for backup default route - if conf.exists(['backup', 'distance']): - wwan['metric'] = conf.return_value(['backup', 'distance']) - - # Retrieve interface description - if conf.exists(['description']): - wwan['description'] = conf.return_value(['description']) - - # System device name - if conf.exists(['device']): - tmp = conf.return_value(['device']) - wwan['device'] = find_device_file(tmp) - # If device file was not found in /dev we will just re-use - # the plain device name, thus we can trigger the exception - # in verify() as it's a non existent file - if wwan['device'] == None: - wwan['device'] = tmp - - # disable interface - if conf.exists('disable'): - wwan['disable'] = True - - # ignore link state changes - if conf.exists('disable-link-detect'): - wwan['disable_link_detect'] = 2 - - # Do not use DNS servers provided by the peer - if conf.exists(['mtu']): - wwan['mtu'] = conf.return_value(['mtu']) - - # Do not use DNS servers provided by the peer - if conf.exists(['no-peer-dns']): - wwan['name_server'] = False - - # Access concentrator name (only connect to this concentrator) - if conf.exists(['ondemand']): - wwan['on_demand'] = True - - # retrieve VRF instance - if conf.exists('vrf'): - wwan['vrf'] = conf.return_value(['vrf']) + if wwan == {}: + wwan.update({'deleted' : ''}) + + # We have gathered the dict representation of the CLI, but there are + # default options which we need to update into the dictionary + # retrived. + wwan = dict_merge(default_values, wwan) + + # Add interface instance name into dictionary + wwan.update({'ifname': ifname}) return wwan def verify(wwan): - if wwan['deleted']: + if 'deleted' in wwan.keys(): return None - if not wwan['apn']: - raise ConfigError('No APN configured for "{intf}"'.format(**wwan)) + if not 'apn' in wwan.keys(): + raise ConfigError('No APN configured for "{ifname}"'.format(**wwan)) - if not wwan['device']: + if not 'device' in wwan.keys(): raise ConfigError('Physical "device" must be configured') # we can not use isfile() here as Linux device files are no regular files # thus the check will return False - if not os.path.exists('{device}'.format(**wwan)): + if not os.path.exists(find_device_file(wwan['device'])): raise ConfigError('Device "{device}" does not exist'.format(**wwan)) - if wwan['vrf'] and wwan['vrf'] not in interfaces(): - raise ConfigError('VRF "{vrf}" does not exist'.format(**wwan)) + verify_bridge_vrf(wwan) return None def generate(wwan): # set up configuration file path variables where our templates will be # rendered into - intf = wwan['intf'] - config_wwan = f'/etc/ppp/peers/{intf}' - config_wwan_chat = wwan['chat_script'] - script_wwan_pre_up = f'/etc/ppp/ip-pre-up.d/1010-vyos-wwan-{intf}' - script_wwan_ip_up = f'/etc/ppp/ip-up.d/1010-vyos-wwan-{intf}' - script_wwan_ip_down = f'/etc/ppp/ip-down.d/1010-vyos-wwan-{intf}' + ifname = wwan['ifname'] + config_wwan = f'/etc/ppp/peers/{ifname}' + config_wwan_chat = f'/etc/ppp/peers/chat.{ifname}' + script_wwan_pre_up = f'/etc/ppp/ip-pre-up.d/1010-vyos-wwan-{ifname}' + script_wwan_ip_up = f'/etc/ppp/ip-up.d/1010-vyos-wwan-{ifname}' + script_wwan_ip_down = f'/etc/ppp/ip-down.d/1010-vyos-wwan-{ifname}' config_files = [config_wwan, config_wwan_chat, script_wwan_pre_up, script_wwan_ip_up, script_wwan_ip_down] # Always hang-up WWAN connection prior generating new configuration file - call(f'systemctl stop ppp@{intf}.service') + call(f'systemctl stop ppp@{ifname}.service') - if wwan['deleted']: + if 'deleted' in wwan: # Delete PPP configuration files for file in config_files: if os.path.exists(file): os.unlink(file) else: + wwan['device'] = find_device_file(wwan['device']) + # Create PPP configuration files render(config_wwan, 'wwan/peer.tmpl', wwan) # Create PPP chat script @@ -195,20 +141,13 @@ def generate(wwan): return None def apply(wwan): - if wwan['deleted']: + if 'deleted' in wwan.keys(): # bail out early return None - if not wwan['disable']: + if not 'disable' in wwan.keys(): # "dial" WWAN connection - intf = wwan['intf'] - call(f'systemctl start ppp@{intf}.service') - - # re-add ourselves to any bridge we might have fallen out of - # FIXME: wwan isn't under vyos.ifconfig so we can't call - # Interfaces.add_to_bridge() so STP settings won't get applied - if wwan['is_bridge_member'] in Section.interfaces('bridge'): - BridgeIf(wwan['is_bridge_member'], create=False).add_port(wwan['intf']) + call('systemctl start ppp@{ifname}.service'.format(**wwan)) return None diff --git a/src/migration-scripts/interfaces/8-to-9 b/src/migration-scripts/interfaces/8-to-9 index e0b9dd375..2d1efd418 100755 --- a/src/migration-scripts/interfaces/8-to-9 +++ b/src/migration-scripts/interfaces/8-to-9 @@ -16,7 +16,7 @@ # Rename link nodes to source-interface for the following interface types: # - vxlan -# - pseudo ethernet +# - pseudo-ethernet from sys import exit, argv from vyos.configtree import ConfigTree @@ -36,7 +36,7 @@ if __name__ == '__main__': base = ['interfaces', if_type] if not config.exists(base): # Nothing to do - exit(0) + continue # list all individual interface isntance for i in config.list_nodes(base): diff --git a/src/op_mode/vrrp.py b/src/op_mode/vrrp.py index e024d7f63..2c1db20bf 100755 --- a/src/op_mode/vrrp.py +++ b/src/op_mode/vrrp.py @@ -24,7 +24,7 @@ import tabulate import vyos.util from vyos.ifconfig.vrrp import VRRP -from vyos.ifconfig.vrrp import VRRPError +from vyos.ifconfig.vrrp import VRRPError, VRRPNoData parser = argparse.ArgumentParser() @@ -40,12 +40,16 @@ if not VRRP.is_running(): print('VRRP is not running') sys.exit(0) -if args.summary: - print(VRRP.format(VRRP.collect('json'))) -elif args.statistics: - print(VRRP.collect('stats')) -elif args.data: - print(VRRP.collect('state')) -else: - parser.print_help() +try: + if args.summary: + print(VRRP.format(VRRP.collect('json'))) + elif args.statistics: + print(VRRP.collect('stats')) + elif args.data: + print(VRRP.collect('state')) + else: + parser.print_help() + sys.exit(1) +except VRRPNoData as e: + print(e) sys.exit(1) |