diff options
-rw-r--r-- | debian/control | 1 | ||||
-rw-r--r-- | python/vyos/ifconfig_vlan.py | 2 | ||||
-rwxr-xr-x | scripts/build-command-templates | 2 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 2 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-pseudo-ethernet.py | 4 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-vxlan.py | 2 | ||||
-rwxr-xr-x | src/helpers/validate-value.py | 45 | ||||
-rw-r--r-- | src/systemd/isc-dhcp-relay.service | 8 | ||||
-rw-r--r-- | src/systemd/isc-dhcp-relay6.service | 8 | ||||
-rw-r--r-- | src/systemd/isc-dhcp-server.service | 19 | ||||
-rw-r--r-- | src/systemd/isc-dhcp-server6.service | 18 | ||||
-rwxr-xr-x | src/validators/numeric | 78 |
12 files changed, 45 insertions, 144 deletions
diff --git a/debian/control b/debian/control index 32c0286a4..ab0fc0b29 100644 --- a/debian/control +++ b/debian/control @@ -91,6 +91,7 @@ Depends: python3, python3-certbot-nginx, pppoe, salt-minion, + vyos-utils, ${shlibs:Depends}, ${misc:Depends} Description: VyOS configuration scripts and data diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py index 09fb8c802..bb93121e7 100644 --- a/python/vyos/ifconfig_vlan.py +++ b/python/vyos/ifconfig_vlan.py @@ -185,7 +185,7 @@ def verify_vlan_config(config): if vif_id == vif_s_id: raise ConfigError(( f'Cannot use identical ID on vif "{vif["intf"]}" ' - f'and vif-s "{vif_s}"')) + f'and vif-s "{vif_s["intf"]}"')) # DHCPv6 parameters-only and temporary address are mutually exclusive if vif_s['dhcpv6_prm_only'] and vif_s['dhcpv6_temporary']: diff --git a/scripts/build-command-templates b/scripts/build-command-templates index c6534a6d8..767517b29 100755 --- a/scripts/build-command-templates +++ b/scripts/build-command-templates @@ -149,7 +149,7 @@ def get_properties(p): regex_args = " ".join(map(lambda s: "--regex \\\'{0}\\\'".format(s), regexes)) validator_args = " ".join(map(lambda s: "--exec \\\"{0}\\\"".format(s), validators)) - validator_script = '${vyos_libexec_dir}/validate-value.py' + validator_script = '${vyos_libexec_dir}/validate-value' validator_string = "exec \"{0} {1} {2} --value \\\'$VAR(@)\\\'\"; \"{3}\"".format(validator_script, regex_args, validator_args, error_msg) props["constraint"] = validator_string diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index c0678764f..bd69e4d4b 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -632,7 +632,7 @@ def verify(openvpn): raise ConfigError(( f'Cannot delete interface "{openvpn["intf"]}" as it is a ' f'member of bridge "{openvpn["is_bridge_menber"]}"!')) - return None + return None if not openvpn['mode']: diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index 4063b85b0..ec2f1146e 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -122,7 +122,7 @@ def verify(peth): if not peth['source_interface'] in interfaces(): raise ConfigError(( - f'Pseudo-ethernet "{peth["intf"]}" link device does not exist') + f'Pseudo-ethernet "{peth["intf"]}" link device does not exist')) if ( peth['is_bridge_member'] and ( peth['address'] @@ -254,7 +254,7 @@ def apply(peth): p.add_to_bridge(peth['is_bridge_member']) # apply all vlans to interface - apply_all_vlans(b, bond) + apply_all_vlans(p, peth) return None diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index fabfaa9df..91682a540 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -167,7 +167,7 @@ def verify(vxlan): if vxlan['is_bridge_member']: raise ConfigError(( f'Cannot delete interface "{vxlan["intf"]}" as it is a ' - f'member of bridge "{vxlan["is_bridge_member"]}"!') + f'member of bridge "{vxlan["is_bridge_member"]}"!')) return None diff --git a/src/helpers/validate-value.py b/src/helpers/validate-value.py deleted file mode 100755 index a58ba61d1..000000000 --- a/src/helpers/validate-value.py +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/env python3 - -import re -import os -import sys -import argparse - -from vyos.util import call - -parser = argparse.ArgumentParser() -parser.add_argument('--regex', action='append') -parser.add_argument('--exec', action='append') -parser.add_argument('--value', action='store') - -args = parser.parse_args() - -debug = False - -# Multiple arguments work like logical OR - -try: - for r in args.regex: - if re.fullmatch(r, args.value): - sys.exit(0) -except Exception as exn: - if debug: - print(exn) - else: - pass - -try: - for cmd in args.exec: - cmd = "{0} {1}".format(cmd, args.value) - if debug: - print(cmd) - res = call(cmd) - if res == 0: - sys.exit(0) -except Exception as exn: - if debug: - print(exn) - else: - pass - -sys.exit(1) diff --git a/src/systemd/isc-dhcp-relay.service b/src/systemd/isc-dhcp-relay.service index ebf4d234e..56bcec840 100644 --- a/src/systemd/isc-dhcp-relay.service +++ b/src/systemd/isc-dhcp-relay.service @@ -2,13 +2,19 @@ Description=ISC DHCP IPv4 relay Documentation=man:dhcrelay(8) Wants=network-online.target +RequiresMountsFor=/run ConditionPathExists=/run/dhcp-relay/dhcp.conf After=vyos-router.service [Service] +Type=forking WorkingDirectory=/run/dhcp-relay +RuntimeDirectory=dhcp-relay +RuntimeDirectoryPreserve=yes EnvironmentFile=/run/dhcp-relay/dhcp.conf -ExecStart=/usr/sbin/dhcrelay -d -4 $OPTIONS +PIDFile=/run/dhcp-relay/dhcrelay.pid +ExecStart=/usr/sbin/dhcrelay -4 -pf /run/dhcp-relay/dhcrelay.pid $OPTIONS +Restart=always [Install] WantedBy=multi-user.target diff --git a/src/systemd/isc-dhcp-relay6.service b/src/systemd/isc-dhcp-relay6.service index a477618b1..85ff16e41 100644 --- a/src/systemd/isc-dhcp-relay6.service +++ b/src/systemd/isc-dhcp-relay6.service @@ -2,13 +2,19 @@ Description=ISC DHCP IPv6 relay Documentation=man:dhcrelay(8) Wants=network-online.target +RequiresMountsFor=/run ConditionPathExists=/run/dhcp-relay/dhcpv6.conf After=vyos-router.service [Service] +Type=forking WorkingDirectory=/run/dhcp-relay +RuntimeDirectory=dhcp-relay +RuntimeDirectoryPreserve=yes EnvironmentFile=/run/dhcp-relay/dhcpv6.conf -ExecStart=/usr/sbin/dhcrelay -d -6 $OPTIONS +PIDFile=/run/dhcp-relay/dhcrelayv6.pid +ExecStart=/usr/sbin/dhcrelay -6 -pf /run/dhcp-relay/dhcrelayv6.pid $OPTIONS +Restart=always [Install] WantedBy=multi-user.target diff --git a/src/systemd/isc-dhcp-server.service b/src/systemd/isc-dhcp-server.service index d848e3df1..e13c66dc6 100644 --- a/src/systemd/isc-dhcp-server.service +++ b/src/systemd/isc-dhcp-server.service @@ -6,14 +6,19 @@ ConditionPathExists=/run/dhcp-server/dhcpd.conf After=vyos-router.service [Service] +Type=forking WorkingDirectory=/run/dhcp-server -# The leases files need to be root:vyattacfg even when dropping privileges -ExecStart=/bin/sh -ec '\ - CONFIG_FILE=/run/dhcp-server/dhcpd.conf; \ - [ -e /config/dhcpd.leases ] || touch /config/dhcpd.leases; \ - chown root:vyattacfg /config/dhcpd.leases; \ - chmod 664 /config/dhcpd.leases; \ - exec /usr/sbin/dhcpd -user nobody -group nogroup -f -4 -pf /run/dhcp-server/dhcpd.pid -cf $CONFIG_FILE -lf /config/dhcpd.leases' +RuntimeDirectory=dhcp-server +RuntimeDirectoryPreserve=yes +Environment=PID_FILE=/run/dhcp-server/dhcpd.pid CONFIG_FILE=/run/dhcp-server/dhcpd.conf LEASE_FILE=/config/dhcpd.leases +PIDFile=/run/dhcp-server/dhcpd.pid +ExecStartPre=/bin/sh -ec '\ +touch ${LEASE_FILE}; \ +chown nobody:nogroup ${LEASE_FILE}* ; \ +chmod 664 ${LEASE_FILE}* ; \ +/usr/sbin/dhcpd -4 -t -T -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} ' +ExecStart=/usr/sbin/dhcpd -4 -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} +Restart=always [Install] WantedBy=multi-user.target diff --git a/src/systemd/isc-dhcp-server6.service b/src/systemd/isc-dhcp-server6.service index 27bebc57f..8ac861d7a 100644 --- a/src/systemd/isc-dhcp-server6.service +++ b/src/systemd/isc-dhcp-server6.service @@ -6,13 +6,19 @@ ConditionPathExists=/run/dhcp-server/dhcpdv6.conf After=vyos-router.service [Service] +Type=forking WorkingDirectory=/run/dhcp-server -# The leases files need to be root:vyattacfg even when dropping privileges -ExecStart=/bin/sh -ec '\ - [ -e /config/dhcpdv6.leases ] || touch /config/dhcpdv6.leases; \ - chown root:vyattacfg /config/dhcpdv6.leases; \ - chmod 664 /config/dhcpdv6.leases; \ - exec /usr/sbin/dhcpd -user nobody -group nogroup -f -6 -pf /run/dhcp-server/dhcpdv6.pid -cf /run/dhcp-server/dhcpdv6.conf -lf /config/dhcpdv6.leases' +RuntimeDirectory=dhcp-server +RuntimeDirectoryPreserve=yes +Environment=PID_FILE=/run/dhcp-server/dhcpdv6.pid CONFIG_FILE=/run/dhcp-server/dhcpdv6.conf LEASE_FILE=/config/dhcpdv6.leases +PIDFile=/run/dhcp-server/dhcpdv6.pid +ExecStartPre=/bin/sh -ec '\ +touch ${LEASE_FILE}; \ +chown nobody:nogroup ${LEASE_FILE}* ; \ +chmod 664 ${LEASE_FILE}* ; \ +/usr/sbin/dhcpd -6 -t -T -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} ' +ExecStart=/usr/sbin/dhcpd -6 -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} +Restart=always [Install] WantedBy=multi-user.target diff --git a/src/validators/numeric b/src/validators/numeric deleted file mode 100755 index 2cd5178b9..000000000 --- a/src/validators/numeric +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/env python3 -# -# numeric value validator -# -# Copyright (C) 2017 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; If not, see <http://www.gnu.org/licenses/>. - -import sys -import argparse - -parser = argparse.ArgumentParser() -parser.add_argument("-f", "--float", action="store_true", help="Accept floating point values") -group = parser.add_mutually_exclusive_group() -group.add_argument("-r", "--range", type=str, help="Check if the number is within range (inclusive), example: 1024-65535", action='append') -group.add_argument("-n", "--non-negative", action="store_true", help="Check if the number is non-negative (>= 0)") -group.add_argument("-p", "--positive", action="store_true", help="Check if the number is positive (> 0)") -parser.add_argument("number", type=str, help="Number to validate") - -args = parser.parse_args() - -# Try to load the argument -number = None -if args.float: - try: - number = float(args.number) - except: - print("{0} is not a valid floating point number".format(args.number), file=sys.stderr) - sys.exit(1) -else: - try: - number = int(args.number) - except: - print("{0} is not a valid integer number".format(args.number), file=sys.stderr) - sys.exit(1) - -if args.range: - valid = False - for r in args.range: - try: - list = r.split('-') - lower = int(list[0]) - upper = int(list[1]) - except: - print("{0} is not a valid number range",format(args.range), file=sys.stderr) - sys.exit(1) - - if (number >= lower) and (number <= upper): - valid = True - # end for - - if not valid: - if len(args.range) > 1: - err_msg = "Number {0} is not in any of the ranges {1}".format(number, args.range) - else: - err_msg = "Number {0} is not in the range {1}".format(number, args.range[0]) - print(err_msg, file=sys.stderr) - sys.exit(1) -elif args.non_negative: - if number < 0: - print("Number should be non-negative", file=sys.stderr) - sys.exit(1) -elif args.positive: - if number <= 0: - print("Number should be positive", file=sys.stderr) - sys.exit(1) - |