summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/control1
-rw-r--r--python/vyos/ifconfig_vlan.py2
-rwxr-xr-xscripts/build-command-templates2
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py2
-rwxr-xr-xsrc/conf_mode/interfaces-pseudo-ethernet.py4
-rwxr-xr-xsrc/conf_mode/interfaces-vxlan.py2
-rwxr-xr-xsrc/helpers/validate-value.py45
-rw-r--r--src/systemd/isc-dhcp-relay.service8
-rw-r--r--src/systemd/isc-dhcp-relay6.service8
-rw-r--r--src/systemd/isc-dhcp-server.service19
-rw-r--r--src/systemd/isc-dhcp-server6.service18
-rwxr-xr-xsrc/validators/numeric78
12 files changed, 45 insertions, 144 deletions
diff --git a/debian/control b/debian/control
index 32c0286a4..ab0fc0b29 100644
--- a/debian/control
+++ b/debian/control
@@ -91,6 +91,7 @@ Depends: python3,
python3-certbot-nginx,
pppoe,
salt-minion,
+ vyos-utils,
${shlibs:Depends},
${misc:Depends}
Description: VyOS configuration scripts and data
diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py
index 09fb8c802..bb93121e7 100644
--- a/python/vyos/ifconfig_vlan.py
+++ b/python/vyos/ifconfig_vlan.py
@@ -185,7 +185,7 @@ def verify_vlan_config(config):
if vif_id == vif_s_id:
raise ConfigError((
f'Cannot use identical ID on vif "{vif["intf"]}" '
- f'and vif-s "{vif_s}"'))
+ f'and vif-s "{vif_s["intf"]}"'))
# DHCPv6 parameters-only and temporary address are mutually exclusive
if vif_s['dhcpv6_prm_only'] and vif_s['dhcpv6_temporary']:
diff --git a/scripts/build-command-templates b/scripts/build-command-templates
index c6534a6d8..767517b29 100755
--- a/scripts/build-command-templates
+++ b/scripts/build-command-templates
@@ -149,7 +149,7 @@ def get_properties(p):
regex_args = " ".join(map(lambda s: "--regex \\\'{0}\\\'".format(s), regexes))
validator_args = " ".join(map(lambda s: "--exec \\\"{0}\\\"".format(s), validators))
- validator_script = '${vyos_libexec_dir}/validate-value.py'
+ validator_script = '${vyos_libexec_dir}/validate-value'
validator_string = "exec \"{0} {1} {2} --value \\\'$VAR(@)\\\'\"; \"{3}\"".format(validator_script, regex_args, validator_args, error_msg)
props["constraint"] = validator_string
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index c0678764f..bd69e4d4b 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -632,7 +632,7 @@ def verify(openvpn):
raise ConfigError((
f'Cannot delete interface "{openvpn["intf"]}" as it is a '
f'member of bridge "{openvpn["is_bridge_menber"]}"!'))
- return None
+ return None
if not openvpn['mode']:
diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py
index 4063b85b0..ec2f1146e 100755
--- a/src/conf_mode/interfaces-pseudo-ethernet.py
+++ b/src/conf_mode/interfaces-pseudo-ethernet.py
@@ -122,7 +122,7 @@ def verify(peth):
if not peth['source_interface'] in interfaces():
raise ConfigError((
- f'Pseudo-ethernet "{peth["intf"]}" link device does not exist')
+ f'Pseudo-ethernet "{peth["intf"]}" link device does not exist'))
if ( peth['is_bridge_member']
and ( peth['address']
@@ -254,7 +254,7 @@ def apply(peth):
p.add_to_bridge(peth['is_bridge_member'])
# apply all vlans to interface
- apply_all_vlans(b, bond)
+ apply_all_vlans(p, peth)
return None
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index fabfaa9df..91682a540 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -167,7 +167,7 @@ def verify(vxlan):
if vxlan['is_bridge_member']:
raise ConfigError((
f'Cannot delete interface "{vxlan["intf"]}" as it is a '
- f'member of bridge "{vxlan["is_bridge_member"]}"!')
+ f'member of bridge "{vxlan["is_bridge_member"]}"!'))
return None
diff --git a/src/helpers/validate-value.py b/src/helpers/validate-value.py
deleted file mode 100755
index a58ba61d1..000000000
--- a/src/helpers/validate-value.py
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/usr/bin/env python3
-
-import re
-import os
-import sys
-import argparse
-
-from vyos.util import call
-
-parser = argparse.ArgumentParser()
-parser.add_argument('--regex', action='append')
-parser.add_argument('--exec', action='append')
-parser.add_argument('--value', action='store')
-
-args = parser.parse_args()
-
-debug = False
-
-# Multiple arguments work like logical OR
-
-try:
- for r in args.regex:
- if re.fullmatch(r, args.value):
- sys.exit(0)
-except Exception as exn:
- if debug:
- print(exn)
- else:
- pass
-
-try:
- for cmd in args.exec:
- cmd = "{0} {1}".format(cmd, args.value)
- if debug:
- print(cmd)
- res = call(cmd)
- if res == 0:
- sys.exit(0)
-except Exception as exn:
- if debug:
- print(exn)
- else:
- pass
-
-sys.exit(1)
diff --git a/src/systemd/isc-dhcp-relay.service b/src/systemd/isc-dhcp-relay.service
index ebf4d234e..56bcec840 100644
--- a/src/systemd/isc-dhcp-relay.service
+++ b/src/systemd/isc-dhcp-relay.service
@@ -2,13 +2,19 @@
Description=ISC DHCP IPv4 relay
Documentation=man:dhcrelay(8)
Wants=network-online.target
+RequiresMountsFor=/run
ConditionPathExists=/run/dhcp-relay/dhcp.conf
After=vyos-router.service
[Service]
+Type=forking
WorkingDirectory=/run/dhcp-relay
+RuntimeDirectory=dhcp-relay
+RuntimeDirectoryPreserve=yes
EnvironmentFile=/run/dhcp-relay/dhcp.conf
-ExecStart=/usr/sbin/dhcrelay -d -4 $OPTIONS
+PIDFile=/run/dhcp-relay/dhcrelay.pid
+ExecStart=/usr/sbin/dhcrelay -4 -pf /run/dhcp-relay/dhcrelay.pid $OPTIONS
+Restart=always
[Install]
WantedBy=multi-user.target
diff --git a/src/systemd/isc-dhcp-relay6.service b/src/systemd/isc-dhcp-relay6.service
index a477618b1..85ff16e41 100644
--- a/src/systemd/isc-dhcp-relay6.service
+++ b/src/systemd/isc-dhcp-relay6.service
@@ -2,13 +2,19 @@
Description=ISC DHCP IPv6 relay
Documentation=man:dhcrelay(8)
Wants=network-online.target
+RequiresMountsFor=/run
ConditionPathExists=/run/dhcp-relay/dhcpv6.conf
After=vyos-router.service
[Service]
+Type=forking
WorkingDirectory=/run/dhcp-relay
+RuntimeDirectory=dhcp-relay
+RuntimeDirectoryPreserve=yes
EnvironmentFile=/run/dhcp-relay/dhcpv6.conf
-ExecStart=/usr/sbin/dhcrelay -d -6 $OPTIONS
+PIDFile=/run/dhcp-relay/dhcrelayv6.pid
+ExecStart=/usr/sbin/dhcrelay -6 -pf /run/dhcp-relay/dhcrelayv6.pid $OPTIONS
+Restart=always
[Install]
WantedBy=multi-user.target
diff --git a/src/systemd/isc-dhcp-server.service b/src/systemd/isc-dhcp-server.service
index d848e3df1..e13c66dc6 100644
--- a/src/systemd/isc-dhcp-server.service
+++ b/src/systemd/isc-dhcp-server.service
@@ -6,14 +6,19 @@ ConditionPathExists=/run/dhcp-server/dhcpd.conf
After=vyos-router.service
[Service]
+Type=forking
WorkingDirectory=/run/dhcp-server
-# The leases files need to be root:vyattacfg even when dropping privileges
-ExecStart=/bin/sh -ec '\
- CONFIG_FILE=/run/dhcp-server/dhcpd.conf; \
- [ -e /config/dhcpd.leases ] || touch /config/dhcpd.leases; \
- chown root:vyattacfg /config/dhcpd.leases; \
- chmod 664 /config/dhcpd.leases; \
- exec /usr/sbin/dhcpd -user nobody -group nogroup -f -4 -pf /run/dhcp-server/dhcpd.pid -cf $CONFIG_FILE -lf /config/dhcpd.leases'
+RuntimeDirectory=dhcp-server
+RuntimeDirectoryPreserve=yes
+Environment=PID_FILE=/run/dhcp-server/dhcpd.pid CONFIG_FILE=/run/dhcp-server/dhcpd.conf LEASE_FILE=/config/dhcpd.leases
+PIDFile=/run/dhcp-server/dhcpd.pid
+ExecStartPre=/bin/sh -ec '\
+touch ${LEASE_FILE}; \
+chown nobody:nogroup ${LEASE_FILE}* ; \
+chmod 664 ${LEASE_FILE}* ; \
+/usr/sbin/dhcpd -4 -t -T -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} '
+ExecStart=/usr/sbin/dhcpd -4 -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE}
+Restart=always
[Install]
WantedBy=multi-user.target
diff --git a/src/systemd/isc-dhcp-server6.service b/src/systemd/isc-dhcp-server6.service
index 27bebc57f..8ac861d7a 100644
--- a/src/systemd/isc-dhcp-server6.service
+++ b/src/systemd/isc-dhcp-server6.service
@@ -6,13 +6,19 @@ ConditionPathExists=/run/dhcp-server/dhcpdv6.conf
After=vyos-router.service
[Service]
+Type=forking
WorkingDirectory=/run/dhcp-server
-# The leases files need to be root:vyattacfg even when dropping privileges
-ExecStart=/bin/sh -ec '\
- [ -e /config/dhcpdv6.leases ] || touch /config/dhcpdv6.leases; \
- chown root:vyattacfg /config/dhcpdv6.leases; \
- chmod 664 /config/dhcpdv6.leases; \
- exec /usr/sbin/dhcpd -user nobody -group nogroup -f -6 -pf /run/dhcp-server/dhcpdv6.pid -cf /run/dhcp-server/dhcpdv6.conf -lf /config/dhcpdv6.leases'
+RuntimeDirectory=dhcp-server
+RuntimeDirectoryPreserve=yes
+Environment=PID_FILE=/run/dhcp-server/dhcpdv6.pid CONFIG_FILE=/run/dhcp-server/dhcpdv6.conf LEASE_FILE=/config/dhcpdv6.leases
+PIDFile=/run/dhcp-server/dhcpdv6.pid
+ExecStartPre=/bin/sh -ec '\
+touch ${LEASE_FILE}; \
+chown nobody:nogroup ${LEASE_FILE}* ; \
+chmod 664 ${LEASE_FILE}* ; \
+/usr/sbin/dhcpd -6 -t -T -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} '
+ExecStart=/usr/sbin/dhcpd -6 -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE}
+Restart=always
[Install]
WantedBy=multi-user.target
diff --git a/src/validators/numeric b/src/validators/numeric
deleted file mode 100755
index 2cd5178b9..000000000
--- a/src/validators/numeric
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/usr/bin/env python3
-#
-# numeric value validator
-#
-# Copyright (C) 2017 VyOS maintainers and contributors
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; If not, see <http://www.gnu.org/licenses/>.
-
-import sys
-import argparse
-
-parser = argparse.ArgumentParser()
-parser.add_argument("-f", "--float", action="store_true", help="Accept floating point values")
-group = parser.add_mutually_exclusive_group()
-group.add_argument("-r", "--range", type=str, help="Check if the number is within range (inclusive), example: 1024-65535", action='append')
-group.add_argument("-n", "--non-negative", action="store_true", help="Check if the number is non-negative (>= 0)")
-group.add_argument("-p", "--positive", action="store_true", help="Check if the number is positive (> 0)")
-parser.add_argument("number", type=str, help="Number to validate")
-
-args = parser.parse_args()
-
-# Try to load the argument
-number = None
-if args.float:
- try:
- number = float(args.number)
- except:
- print("{0} is not a valid floating point number".format(args.number), file=sys.stderr)
- sys.exit(1)
-else:
- try:
- number = int(args.number)
- except:
- print("{0} is not a valid integer number".format(args.number), file=sys.stderr)
- sys.exit(1)
-
-if args.range:
- valid = False
- for r in args.range:
- try:
- list = r.split('-')
- lower = int(list[0])
- upper = int(list[1])
- except:
- print("{0} is not a valid number range",format(args.range), file=sys.stderr)
- sys.exit(1)
-
- if (number >= lower) and (number <= upper):
- valid = True
- # end for
-
- if not valid:
- if len(args.range) > 1:
- err_msg = "Number {0} is not in any of the ranges {1}".format(number, args.range)
- else:
- err_msg = "Number {0} is not in the range {1}".format(number, args.range[0])
- print(err_msg, file=sys.stderr)
- sys.exit(1)
-elif args.non_negative:
- if number < 0:
- print("Number should be non-negative", file=sys.stderr)
- sys.exit(1)
-elif args.positive:
- if number <= 0:
- print("Number should be positive", file=sys.stderr)
- sys.exit(1)
-