diff options
19 files changed, 51 insertions, 30 deletions
diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2 index c6027e09b..c18a998b8 100644 --- a/data/templates/load-balancing/haproxy.cfg.j2 +++ b/data/templates/load-balancing/haproxy.cfg.j2 @@ -67,25 +67,23 @@ frontend {{ front }} {% if front_config.redirect_http_to_https is vyos_defined %} http-request redirect scheme https unless { ssl_fc } {% endif %} -{% if front_config.mode is vyos_defined %} mode {{ front_config.mode }} -{% if front_config.tcp_request.inspect_delay is vyos_defined %} +{% if front_config.tcp_request.inspect_delay is vyos_defined %} tcp-request inspect-delay {{ front_config.tcp_request.inspect_delay }} -{% endif %} -{# add tcp-request related directive if ssl is configed #} -{% if front_config.mode is vyos_defined('tcp') and front_config.rule is vyos_defined %} -{% for rule, rule_config in front_config.rule.items() %} -{% if rule_config.ssl is vyos_defined %} +{% endif %} +{# add tcp-request related directive if ssl is configured #} +{% if front_config.mode == 'tcp' and front_config.rule is vyos_defined %} +{% for rule, rule_config in front_config.rule.items() %} +{% if rule_config.ssl is vyos_defined %} tcp-request content accept if { req_ssl_hello_type 1 } -{% break %} -{% endif %} -{% endfor %} -{% endif %} -{% if front_config.http_response_headers is vyos_defined %} -{% for header, header_config in front_config.http_response_headers.items() %} +{% break %} +{% endif %} +{% endfor %} +{% endif %} +{% if front_config.http_response_headers is vyos_defined %} +{% for header, header_config in front_config.http_response_headers.items() %} http-response set-header {{ header }} '{{ header_config['value'] }}' -{% endfor %} -{% endif %} +{% endfor %} {% endif %} {% if front_config.rule is vyos_defined %} {% for rule, rule_config in front_config.rule.items() %} @@ -162,19 +160,17 @@ backend {{ back }} {% set balance_translate = {'least-connection': 'leastconn', 'round-robin': 'roundrobin', 'source-address': 'source'} %} balance {{ balance_translate[back_config.balance] }} {% endif %} -{# If mode is not TCP skip Forwarded #} -{% if back_config.mode is not vyos_defined('tcp') %} +{# If mode is HTTP add X-Forwarded headers #} +{% if back_config.mode == 'http' %} option forwardfor http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } {% endif %} -{% if back_config.mode is vyos_defined %} mode {{ back_config.mode }} -{% if back_config.http_response_headers is vyos_defined %} -{% for header, header_config in back_config.http_response_headers.items() %} +{% if back_config.http_response_headers is vyos_defined %} +{% for header, header_config in back_config.http_response_headers.items() %} http-response set-header {{ header }} '{{ header_config['value'] }}' -{% endfor %} -{% endif %} +{% endfor %} {% endif %} {% if back_config.rule is vyos_defined %} {% for rule, rule_config in back_config.rule.items() %} diff --git a/interface-definitions/include/haproxy/mode.xml.i b/interface-definitions/include/haproxy/mode.xml.i index 672ea65b4..d013e027d 100644 --- a/interface-definitions/include/haproxy/mode.xml.i +++ b/interface-definitions/include/haproxy/mode.xml.i @@ -18,5 +18,6 @@ <regex>(http|tcp)</regex> </constraint> </properties> + <defaultValue>http</defaultValue> </leafNode> <!-- include end --> diff --git a/interface-definitions/load-balancing_reverse-proxy.xml.in b/interface-definitions/load-balancing_reverse-proxy.xml.in index ce757a5d6..1a432be6d 100644 --- a/interface-definitions/load-balancing_reverse-proxy.xml.in +++ b/interface-definitions/load-balancing_reverse-proxy.xml.in @@ -5,6 +5,7 @@ <node name="reverse-proxy" owner="${vyos_conf_scripts_dir}/load-balancing_reverse-proxy.py"> <properties> <help>Configure reverse-proxy</help> + <priority>900</priority> </properties> <children> <tagNode name="service"> diff --git a/interface-definitions/load-balancing_wan.xml.in b/interface-definitions/load-balancing_wan.xml.in index e117fd1b2..310aa0343 100644 --- a/interface-definitions/load-balancing_wan.xml.in +++ b/interface-definitions/load-balancing_wan.xml.in @@ -3,12 +3,12 @@ <node name="load-balancing"> <properties> <help>Configure load-balancing</help> - <priority>900</priority> </properties> <children> <node name="wan" owner="${vyos_conf_scripts_dir}/load-balancing_wan.py"> <properties> <help>Configure Wide Area Network (WAN) load-balancing</help> + <priority>900</priority> </properties> <children> <leafNode name="disable-source-nat"> diff --git a/interface-definitions/protocols_static_arp.xml.in b/interface-definitions/protocols_static_arp.xml.in index 05c69f1ed..0c5d6e4ed 100644 --- a/interface-definitions/protocols_static_arp.xml.in +++ b/interface-definitions/protocols_static_arp.xml.in @@ -7,6 +7,7 @@ <node name="arp" owner="${vyos_conf_scripts_dir}/protocols_static_arp.py"> <properties> <help>Static ARP translation</help> + <priority>481</priority> </properties> <children> <tagNode name="interface"> diff --git a/interface-definitions/protocols_static_multicast.xml.in b/interface-definitions/protocols_static_multicast.xml.in index c8e28ed35..caf95ed7c 100644 --- a/interface-definitions/protocols_static_multicast.xml.in +++ b/interface-definitions/protocols_static_multicast.xml.in @@ -7,6 +7,7 @@ <node name="multicast" owner="${vyos_conf_scripts_dir}/protocols_static_multicast.py"> <properties> <help>Multicast static route</help> + <priority>481</priority> </properties> <children> <tagNode name="route"> diff --git a/interface-definitions/protocols_static_neighbor-proxy.xml.in b/interface-definitions/protocols_static_neighbor-proxy.xml.in index 1c8433a39..7347976f9 100644 --- a/interface-definitions/protocols_static_neighbor-proxy.xml.in +++ b/interface-definitions/protocols_static_neighbor-proxy.xml.in @@ -7,6 +7,7 @@ <node name="neighbor-proxy" owner="${vyos_conf_scripts_dir}/protocols_static_neighbor-proxy.py"> <properties> <help>Neighbor proxy parameters</help> + <priority>481</priority> </properties> <children> <tagNode name="arp"> diff --git a/interface-definitions/service_config-sync.xml.in b/interface-definitions/service_config-sync.xml.in index 648c14aee..af4e8ed51 100644 --- a/interface-definitions/service_config-sync.xml.in +++ b/interface-definitions/service_config-sync.xml.in @@ -5,6 +5,7 @@ <node name="config-sync" owner="${vyos_conf_scripts_dir}/service_config-sync.py"> <properties> <help>Configuration synchronization</help> + <priority>10000</priority> </properties> <children> <node name="secondary"> diff --git a/interface-definitions/service_console-server.xml.in b/interface-definitions/service_console-server.xml.in index fc6dbe954..68835dafd 100644 --- a/interface-definitions/service_console-server.xml.in +++ b/interface-definitions/service_console-server.xml.in @@ -5,6 +5,7 @@ <node name="console-server" owner="${vyos_conf_scripts_dir}/service_console-server.py"> <properties> <help>Serial Console Server</help> + <priority>2</priority> </properties> <children> <tagNode name="device"> diff --git a/interface-definitions/service_event-handler.xml.in b/interface-definitions/service_event-handler.xml.in index 2cee4f595..41540816b 100644 --- a/interface-definitions/service_event-handler.xml.in +++ b/interface-definitions/service_event-handler.xml.in @@ -5,6 +5,7 @@ <node name="event-handler" owner="${vyos_conf_scripts_dir}/service_event-handler.py"> <properties> <help>Service event handler</help> + <priority>2</priority> </properties> <children> <tagNode name="event"> diff --git a/interface-definitions/service_monitoring_telegraf.xml.in b/interface-definitions/service_monitoring_telegraf.xml.in index 4d694114a..2624023ea 100644 --- a/interface-definitions/service_monitoring_telegraf.xml.in +++ b/interface-definitions/service_monitoring_telegraf.xml.in @@ -5,12 +5,12 @@ <node name="monitoring"> <properties> <help>Monitoring services</help> - <priority>1280</priority> </properties> <children> <node name="telegraf" owner="${vyos_conf_scripts_dir}/service_monitoring_telegraf.py"> <properties> <help>Telegraf metric collector</help> + <priority>1280</priority> </properties> <children> <node name="influxdb"> diff --git a/interface-definitions/service_monitoring_zabbix-agent.xml.in b/interface-definitions/service_monitoring_zabbix-agent.xml.in index 40f2df642..3754e9145 100644 --- a/interface-definitions/service_monitoring_zabbix-agent.xml.in +++ b/interface-definitions/service_monitoring_zabbix-agent.xml.in @@ -7,6 +7,7 @@ <node name="zabbix-agent" owner="${vyos_conf_scripts_dir}/service_monitoring_zabbix-agent.py"> <properties> <help>Zabbix-agent settings</help> + <priority>1280</priority> </properties> <children> <leafNode name="directory"> diff --git a/interface-definitions/service_sla.xml.in b/interface-definitions/service_sla.xml.in index 0c4f8a591..2cd68195a 100644 --- a/interface-definitions/service_sla.xml.in +++ b/interface-definitions/service_sla.xml.in @@ -5,6 +5,7 @@ <node name="sla" owner="${vyos_conf_scripts_dir}/service_sla.py"> <properties> <help>Service level agreement (SLA)</help> + <priority>2</priority> </properties> <children> <node name="owamp-server"> diff --git a/interface-definitions/system_login_banner.xml.in b/interface-definitions/system_login_banner.xml.in index 211505ae4..c90e38c3c 100644 --- a/interface-definitions/system_login_banner.xml.in +++ b/interface-definitions/system_login_banner.xml.in @@ -11,6 +11,7 @@ <node name="banner" owner="${vyos_conf_scripts_dir}/system_login_banner.py"> <properties> <help>System login banners</help> + <priority>410</priority> </properties> <children> <leafNode name="post-login"> diff --git a/interface-definitions/system_proxy.xml.in b/interface-definitions/system_proxy.xml.in index 214534dbb..5b0df5c70 100644 --- a/interface-definitions/system_proxy.xml.in +++ b/interface-definitions/system_proxy.xml.in @@ -5,6 +5,7 @@ <node name="proxy" owner="${vyos_conf_scripts_dir}/system_proxy.py"> <properties> <help>Sets a proxy for system wide use</help> + <priority>100</priority> </properties> <children> <leafNode name="url"> diff --git a/python/vyos/ifconfig/vxlan.py b/python/vyos/ifconfig/vxlan.py index bdb48e303..918aea202 100644 --- a/python/vyos/ifconfig/vxlan.py +++ b/python/vyos/ifconfig/vxlan.py @@ -138,10 +138,13 @@ class VXLANIf(Interface): raise ValueError('Value out of range') if 'vlan_to_vni_removed' in self.config: - cur_vni_filter = get_vxlan_vni_filter(self.ifname) + cur_vni_filter = None + if dict_search('parameters.vni_filter', self.config) != None: + cur_vni_filter = get_vxlan_vni_filter(self.ifname) + for vlan, vlan_config in self.config['vlan_to_vni_removed'].items(): # If VNI filtering is enabled, remove matching VNI filter - if dict_search('parameters.vni_filter', self.config) != None: + if cur_vni_filter != None: vni = vlan_config['vni'] if vni in cur_vni_filter: self._cmd(f'bridge vni delete dev {self.ifname} vni {vni}') diff --git a/python/vyos/system/grub.py b/python/vyos/system/grub.py index 0d9c1340b..6f3bbdaf6 100644 --- a/python/vyos/system/grub.py +++ b/python/vyos/system/grub.py @@ -49,7 +49,7 @@ TMPL_GRUB_COMMON: str = 'grub/grub_common.j2' BOOT_OPTS_STEM: str = 'boot=live rootdelay=5 noautologin net.ifnames=0 biosdevname=0 vyos-union=/boot/' # prepare regexes -REGEX_GRUB_VARS: str = r'^set (?P<variable_name>.+)=[\'"]?(?P<variable_value>.*)(?<![\'"])[\'"]?$' +REGEX_GRUB_VARS: str = r'^set (?P<variable_name>\w+)=[\'"]?(?P<variable_value>.*)(?<![\'"])[\'"]?$' REGEX_GRUB_MODULES: str = r'^insmod (?P<module_name>.+)$' REGEX_KERNEL_CMDLINE: str = r'^BOOT_IMAGE=/(?P<boot_type>boot|live)/((?P<image_version>.+)/)?vmlinuz.*$' REGEX_GRUB_BOOT_OPTS: str = r'^\s*set boot_opts="(?P<boot_opts>[^$]+)"$' diff --git a/scripts/build-command-templates b/scripts/build-command-templates index 2e7f8b994..36929abb2 100755 --- a/scripts/build-command-templates +++ b/scripts/build-command-templates @@ -287,6 +287,12 @@ def process_node(n, tmpl_dir): props = get_properties(props_elem, n.find("defaultValue")) if owner: props["owner"] = owner + # <priority> tag is mandatory if the parent node has an owner + if "priority" not in props: + raise ValueError( + f"<priority> tag should be set for the node <{name}> path '{' '.join(my_tmpl_dir[1:])}'" + ) + # Type should not be set for non-tag, non-leaf nodes # For non-valueless leaf nodes, set the type to txt: to make them have some type, # actual value validation is handled by constraints translated to syntax:expression: @@ -335,4 +341,8 @@ nodes = root.iterfind("*") for n in nodes: if n.tag == "syntaxVersion": continue - process_node(n, [output_dir]) + try: + process_node(n, [output_dir]) + except ValueError as e: + print(e) + sys.exit(1) diff --git a/src/conf_mode/load-balancing_reverse-proxy.py b/src/conf_mode/load-balancing_reverse-proxy.py index 09c68dadd..17226efe9 100755 --- a/src/conf_mode/load-balancing_reverse-proxy.py +++ b/src/conf_mode/load-balancing_reverse-proxy.py @@ -85,7 +85,7 @@ def verify(lb): raise ConfigError(f'"expect status" and "expect string" can not be configured together!') if 'health_check' in back_config: - if 'mode' not in back_config or back_config['mode'] != 'tcp': + if back_config['mode'] != 'tcp': raise ConfigError(f'backend "{back}" can only be configured with {back_config["health_check"]} ' + f'health-check whilst in TCP mode!') if 'http_check' in back_config: @@ -108,7 +108,7 @@ def verify(lb): # Check if http-response-headers are configured in any frontend/backend where mode != http for group in ['service', 'backend']: for config_name, config in lb[group].items(): - if 'http_response_headers' in config and ('mode' not in config or config['mode'] != 'http'): + if 'http_response_headers' in config and config['mode'] != 'http': raise ConfigError(f'{group} {config_name} must be set to http mode to use http_response_headers!') for front, front_config in lb['service'].items(): |