summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--data/templates/frr/bgpd.frr.j23
-rw-r--r--interface-definitions/include/bgp/protocol-common-config.xml.i6
-rw-r--r--op-mode-definitions/pki.xml.in16
-rw-r--r--python/vyos/config.py1
-rw-r--r--python/vyos/defaults.py4
-rwxr-xr-xsmoketest/scripts/cli/test_protocols_bgp.py2
-rwxr-xr-xsrc/conf_mode/nat.py1
-rwxr-xr-xsrc/conf_mode/pki.py4
-rw-r--r--src/etc/systemd/system/certbot.service.d/10-override.conf7
-rwxr-xr-xsrc/helpers/teardown-config-session.py3
-rwxr-xr-xsrc/op_mode/pki.py15
11 files changed, 42 insertions, 20 deletions
diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2
index e153dd4e8..e5a75090f 100644
--- a/data/templates/frr/bgpd.frr.j2
+++ b/data/templates/frr/bgpd.frr.j2
@@ -638,6 +638,9 @@ bgp route-reflector allow-outbound-policy
{% if parameters.no_fast_external_failover is vyos_defined %}
no bgp fast-external-failover
{% endif %}
+{% if parameters.no_ipv6_auto_ra is vyos_defined %}
+ no bgp ipv6-auto-ra
+{% endif %}
{% if parameters.no_suppress_duplicates is vyos_defined %}
no bgp suppress-duplicates
{% endif %}
diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i
index 31c8cafea..ab016884e 100644
--- a/interface-definitions/include/bgp/protocol-common-config.xml.i
+++ b/interface-definitions/include/bgp/protocol-common-config.xml.i
@@ -1596,6 +1596,12 @@
<valueless/>
</properties>
</leafNode>
+ <leafNode name="no-ipv6-auto-ra">
+ <properties>
+ <help>Disable IPv6 automatic router advertisement</help>
+ <valueless/>
+ </properties>
+ </leafNode>
<leafNode name="no-suppress-duplicates">
<properties>
<help>Disable suppress duplicate updates if the route actually not changed</help>
diff --git a/op-mode-definitions/pki.xml.in b/op-mode-definitions/pki.xml.in
index 43fb1fe2b..542b15e9d 100644
--- a/op-mode-definitions/pki.xml.in
+++ b/op-mode-definitions/pki.xml.in
@@ -576,12 +576,20 @@
</node>
<node name="renew">
<children>
- <leafNode name="certbot">
+ <node name="certbot">
<properties>
- <help>Start manual certbot renewal</help>
+ <help>Manual certbot renewal</help>
</properties>
- <command>systemctl start certbot.service</command>
- </leafNode>
+ <command>${vyos_op_scripts_dir}/pki.py renew_certbot</command>
+ <children>
+ <leafNode name="force">
+ <properties>
+ <help>Force manual certbot renewal</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/pki.py renew_certbot --force</command>
+ </leafNode>
+ </children>
+ </node>
</children>
</node>
</interfaceDefinition>
diff --git a/python/vyos/config.py b/python/vyos/config.py
index 9ae0467d4..f1086cd6e 100644
--- a/python/vyos/config.py
+++ b/python/vyos/config.py
@@ -62,7 +62,6 @@ while functions prefixed "effective" return values from the running config.
In operational mode, all functions return values from the running config.
"""
-import os
import re
import json
from typing import Union
diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py
index f84b14040..63f3b5358 100644
--- a/python/vyos/defaults.py
+++ b/python/vyos/defaults.py
@@ -15,10 +15,10 @@
import os
-base_dir = '/usr/libexec/vyos/'
+base_dir = '/usr/libexec/vyos'
directories = {
- 'base' : base_dir,
+ 'base' : f'{base_dir}',
'data' : '/usr/share/vyos/',
'conf_mode' : f'{base_dir}/conf_mode',
'op_mode' : f'{base_dir}/op_mode',
diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py
index 8403dcc37..0717c0ca6 100755
--- a/smoketest/scripts/cli/test_protocols_bgp.py
+++ b/smoketest/scripts/cli/test_protocols_bgp.py
@@ -358,6 +358,7 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase):
self.cli_set(base_path + ['parameters', 'no-suppress-duplicates'])
self.cli_set(base_path + ['parameters', 'reject-as-sets'])
self.cli_set(base_path + ['parameters', 'route-reflector-allow-outbound-policy'])
+ self.cli_set(base_path + ['parameters', 'no-ipv6-auto-ra'])
self.cli_set(base_path + ['parameters', 'shutdown'])
self.cli_set(base_path + ['parameters', 'suppress-fib-pending'])
self.cli_set(base_path + ['parameters', 'tcp-keepalive', 'idle', tcp_keepalive_idle])
@@ -396,6 +397,7 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase):
self.assertIn(f' bgp minimum-holdtime {min_hold_time}', frrconfig)
self.assertIn(f' bgp reject-as-sets', frrconfig)
self.assertIn(f' bgp route-reflector allow-outbound-policy', frrconfig)
+ self.assertIn(f' no bgp ipv6-auto-ra', frrconfig)
self.assertIn(f' bgp shutdown', frrconfig)
self.assertIn(f' bgp suppress-fib-pending', frrconfig)
self.assertIn(f' bgp tcp-keepalive {tcp_keepalive_idle} {tcp_keepalive_interval} {tcp_keepalive_probes}', frrconfig)
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index a938021ba..564438237 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -23,7 +23,6 @@ from vyos.base import Warning
from vyos.config import Config
from vyos.configdep import set_dependents, call_dependents
from vyos.template import render
-from vyos.template import is_ip_network
from vyos.utils.kernel import check_kmod
from vyos.utils.dict import dict_search
from vyos.utils.dict import dict_search_args
diff --git a/src/conf_mode/pki.py b/src/conf_mode/pki.py
index 7d01b6642..6522a3897 100755
--- a/src/conf_mode/pki.py
+++ b/src/conf_mode/pki.py
@@ -144,7 +144,7 @@ def certbot_request(name: str, config: dict, dry_run: bool=True):
# When ACME is used behind a reverse proxy, we always bind to localhost
# whatever the CLI listen-address is configured for.
- if ('haproxy' in dict_search('used_by', config) and
+ if ('used_by' in config and 'haproxy' in config['used_by'] and
is_systemd_service_running(systemd_services['haproxy']) and
not check_port_availability(listen_address, 80)):
tmp += f' --http-01-address 127.0.0.1 --http-01-port {internal_ports["certbot_haproxy"]}'
@@ -551,7 +551,7 @@ def generate(pki):
if not ca_cert_present:
tmp = dict_search_args(pki, 'ca', f'{autochain_prefix}{cert}', 'certificate')
if not bool(tmp) or tmp != cert_chain_base64:
- Message(f'Add/replace automatically imported CA certificate for "{cert}"...')
+ Message(f'Add/replace automatically imported CA certificate for "{cert}" ...')
add_cli_node(['pki', 'ca', f'{autochain_prefix}{cert}', 'certificate'], value=cert_chain_base64)
return None
diff --git a/src/etc/systemd/system/certbot.service.d/10-override.conf b/src/etc/systemd/system/certbot.service.d/10-override.conf
deleted file mode 100644
index 542f77eb2..000000000
--- a/src/etc/systemd/system/certbot.service.d/10-override.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-[Unit]
-After=
-After=vyos-router.service
-
-[Service]
-ExecStart=
-ExecStart=/usr/bin/certbot renew --config-dir /config/auth/letsencrypt --no-random-sleep-on-renew --post-hook "/usr/libexec/vyos/vyos-certbot-renew-pki.sh"
diff --git a/src/helpers/teardown-config-session.py b/src/helpers/teardown-config-session.py
index c94876924..8d13e34cb 100755
--- a/src/helpers/teardown-config-session.py
+++ b/src/helpers/teardown-config-session.py
@@ -13,11 +13,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#
import sys
-import os
from vyos.vyconf_session import VyconfSession
diff --git a/src/op_mode/pki.py b/src/op_mode/pki.py
index 49a461e9e..d928bd325 100755
--- a/src/op_mode/pki.py
+++ b/src/op_mode/pki.py
@@ -1373,6 +1373,21 @@ def show_all(raw: bool):
print('\n')
show_crl(raw)
+def renew_certbot(raw: bool, force: typing.Optional[bool] = False):
+ from vyos.defaults import directories
+
+ certbot_config = directories['certbot']
+ hook_dir = directories['base']
+
+ tmp = f'/usr/bin/certbot renew --no-random-sleep-on-renew ' \
+ f'--config-dir "{certbot_config}" ' \
+ f'--post-hook "{hook_dir}/vyos-certbot-renew-pki.sh"'
+ if force:
+ tmp += ' --force-renewal'
+
+ out = cmd(tmp)
+ if not raw:
+ print(out)
if __name__ == '__main__':
try:
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-16 00:05:56 +0000