diff options
| -rw-r--r-- | data/templates/ntp/ntp.conf.tmpl | 41 | ||||
| -rw-r--r-- | python/vyos/template.py | 8 | ||||
| -rwxr-xr-x | src/conf_mode/ntp.py | 71 |
3 files changed, 39 insertions, 81 deletions
diff --git a/data/templates/ntp/ntp.conf.tmpl b/data/templates/ntp/ntp.conf.tmpl index 52042d218..1c51929fd 100644 --- a/data/templates/ntp/ntp.conf.tmpl +++ b/data/templates/ntp/ntp.conf.tmpl @@ -13,26 +13,35 @@ restrict -6 ::1 # # Configurable section # - -{% if servers -%} -{% for s in servers -%} -# Server configuration for: {{ s.name }} -server {{ s.name }} iburst {{ s.options | join(" ") }} -{% endfor -%} +{% if server %} +{% for srv in server %} +{% set options = '' %} +{% set options = options + 'noselect ' if server[srv].noselect is defined else '' %} +{% set options = options + 'preempt ' if server[srv].preempt is defined else '' %} +{% set options = options + 'prefer ' if server[srv].prefer is defined else '' %} +server {{ srv }} iburst {{ options }} +{% endfor %} {% endif %} -{% if allowed_networks -%} -{% for n in allowed_networks -%} -# Client configuration for network: {{ n.network }} -restrict {{ n.address }} mask {{ n.netmask }} nomodify notrap nopeer - -{% endfor -%} +{% if allow_clients is defined and allow_clients.address is defined %} +# Allowed clients configuration +{% if allow_clients.address is string %} +restrict {{ allow_clients.address|address_from_cidr }} mask {{ allow_clients.address|netmask_from_cidr }} nomodify notrap nopeer +{% else %} +{% for address in allow_clients.address %} +restrict {{ address|address_from_cidr }} mask {{ address|netmask_from_cidr }} nomodify notrap nopeer +{% endfor %} +{% endif %} {% endif %} -{% if listen_address -%} +{% if listen_address %} # NTP should listen on configured addresses only interface ignore wildcard -{% for a in listen_address -%} -interface listen {{ a }} -{% endfor -%} +{% if listen_address is string %} +interface listen {{ listen_address }} +{% else %} +{% for address in listen_address %} +interface listen {{ address }} +{% endfor %} +{% endif %} {% endif %} diff --git a/python/vyos/template.py b/python/vyos/template.py index 85a0143c0..d9b0c749d 100644 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -31,10 +31,18 @@ _templates_mem = { } def vyos_address_from_cidr(text): + """ Take an IPv4/IPv6 CIDR prefix and convert the network to an "address". + Example: + 192.0.2.0/24 -> 192.0.2.0, 2001:db8::/48 -> 2001:db8:: + """ from ipaddress import ip_network return ip_network(text).network_address def vyos_netmask_from_cidr(text): + """ Take an IPv4/IPv6 CIDR prefix and convert the prefix length to a "subnet mask". + Example: + 192.0.2.0/24 -> 255.255.255.0, 2001:db8::/48 -> ffff:ffff:ffff:: + """ from ipaddress import ip_network return ip_network(text).netmask diff --git a/src/conf_mode/ntp.py b/src/conf_mode/ntp.py index 9180998aa..bba8f87a4 100755 --- a/src/conf_mode/ntp.py +++ b/src/conf_mode/ntp.py @@ -16,77 +16,22 @@ import os -from copy import deepcopy -from ipaddress import ip_network -from netifaces import interfaces -from sys import exit - from vyos.config import Config +from vyos.configverify import verify_vrf +from vyos import ConfigError from vyos.util import call from vyos.template import render -from vyos import ConfigError - from vyos import airbag airbag.enable() config_file = r'/etc/ntp.conf' systemd_override = r'/etc/systemd/system/ntp.service.d/override.conf' -default_config_data = { - 'servers': [], - 'allowed_networks': [], - 'listen_address': [], - 'vrf': '' -} - def get_config(): - ntp = deepcopy(default_config_data) conf = Config() base = ['system', 'ntp'] - if not conf.exists(base): - return None - else: - conf.set_level(base) - - node = ['allow-clients', 'address'] - if conf.exists(node): - networks = conf.return_values(node) - for n in networks: - addr = ip_network(n) - net = { - "network" : n, - "address" : addr.network_address, - "netmask" : addr.netmask - } - - ntp['allowed_networks'].append(net) - - node = ['listen-address'] - if conf.exists(node): - ntp['listen_address'] = conf.return_values(node) - - node = ['server'] - if conf.exists(node): - for node in conf.list_nodes(node): - options = [] - server = { - "name": node, - "options": [] - } - if conf.exists('server {0} noselect'.format(node)): - options.append('noselect') - if conf.exists('server {0} preempt'.format(node)): - options.append('preempt') - if conf.exists('server {0} prefer'.format(node)): - options.append('prefer') - - server['options'] = options - ntp['servers'].append(server) - - node = ['vrf'] - if conf.exists(node): - ntp['vrf'] = conf.return_value(node) + ntp = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) return ntp def verify(ntp): @@ -94,13 +39,10 @@ def verify(ntp): if not ntp: return None - # Configuring allowed clients without a server makes no sense - if len(ntp['allowed_networks']) and not len(ntp['servers']): + if len(ntp.get('allow_clients', {})) and not (len(ntp.get('server', {})) > 0): raise ConfigError('NTP server not configured') - if ntp['vrf'] and ntp['vrf'] not in interfaces(): - raise ConfigError('VRF "{vrf}" does not exist'.format(**ntp)) - + verify_vrf(ntp) return None def generate(ntp): @@ -108,7 +50,7 @@ def generate(ntp): if not ntp: return None - render(config_file, 'ntp/ntp.conf.tmpl', ntp) + render(config_file, 'ntp/ntp.conf.tmpl', ntp, trim_blocks=True) render(systemd_override, 'ntp/override.conf.tmpl', ntp, trim_blocks=True) return None @@ -124,7 +66,6 @@ def apply(ntp): # Reload systemd manager configuration call('systemctl daemon-reload') - if ntp: call('systemctl restart ntp.service') |