diff options
| -rw-r--r-- | .github/workflows/package-smoketest.yml | 2 | ||||
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | CODEOWNERS | 3 | ||||
| -rw-r--r-- | Makefile | 2 | ||||
| -rwxr-xr-x | debian/rules | 3 | ||||
| -rw-r--r-- | debian/vyos-1x.install | 1 | ||||
| -rw-r--r-- | interface-definitions/container.xml.in | 1 | ||||
| -rw-r--r-- | interface-definitions/include/interface/default-route-distance.xml.i | 2 | ||||
| -rw-r--r-- | interface-definitions/interfaces_pppoe.xml.in | 3 | ||||
| -rw-r--r-- | interface-definitions/pki.xml.in | 2 | ||||
| -rw-r--r-- | python/vyos/configsession.py | 4 | ||||
| -rw-r--r-- | python/vyos/configtree.py | 6 | ||||
| -rw-r--r-- | python/vyos/utils/misc.py | 2 | ||||
| -rwxr-xr-x | python/vyos/xml_ref/generate_cache.py | 6 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_container.py | 25 | ||||
| -rwxr-xr-x | src/conf_mode/container.py | 10 | ||||
| -rwxr-xr-x | src/init/vyos-router | 14 | ||||
| -rw-r--r-- | src/systemd/vyconfd.service | 21 |
18 files changed, 96 insertions, 12 deletions
diff --git a/.github/workflows/package-smoketest.yml b/.github/workflows/package-smoketest.yml index 91c968c82..d352bd3cb 100644 --- a/.github/workflows/package-smoketest.yml +++ b/.github/workflows/package-smoketest.yml @@ -17,6 +17,7 @@ env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed for PR comments BUILD_BY: autobuild@vyos.net DEBIAN_MIRROR: http://deb.debian.org/debian/ + DEBIAN_SECURITY_MIRROR: http://deb.debian.org/debian-security VYOS_MIRROR: https://packages.vyos.net/repositories/current/ jobs: @@ -56,6 +57,7 @@ jobs: --build-type release \ --custom-package vyos-1x-smoketest \ --debian-mirror $DEBIAN_MIRROR \ + --debian-security-mirror $DEBIAN_SECURITY_MIRROR \ --version ${{ steps.version.outputs.build_version }} \ --vyos-mirror $VYOS_MIRROR \ generic diff --git a/.gitignore b/.gitignore index c597d9c84..d1bfc91d7 100644 --- a/.gitignore +++ b/.gitignore @@ -147,6 +147,7 @@ python/vyos/xml_ref/cache.py python/vyos/xml_ref/pkg_cache/*_cache.py python/vyos/xml_ref/op_cache.py python/vyos/xml_ref/pkg_cache/*_op_cache.py +data/reftree.cache # autogenerated vyos-configd JSON definition data/configd-include.json diff --git a/CODEOWNERS b/CODEOWNERS index 191394298..4891a0325 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1,2 @@ -* @vyos/reviewers
\ No newline at end of file +# Users from reviewers github team +* @dmbaturin @sarthurdev @jestabro @sever-sever @c-po @fett0 @nicolas-fort @zdc @@ -28,7 +28,7 @@ interface_definitions: $(config_xml_obj) find $(BUILD_DIR)/interface-definitions -type f -name "*.xml" | xargs -I {} $(CURDIR)/scripts/build-command-templates {} $(CURDIR)/schema/interface_definition.rng $(TMPL_DIR) || exit 1 - $(CURDIR)/python/vyos/xml_ref/generate_cache.py --xml-dir $(BUILD_DIR)/interface-definitions || exit 1 + $(CURDIR)/python/vyos/xml_ref/generate_cache.py --xml-dir $(BUILD_DIR)/interface-definitions --internal-cache $(DATA_DIR)/reftree.cache || exit 1 # XXX: delete top level node.def's that now live in other packages # IPSec VPN EAP-RADIUS does not support source-address diff --git a/debian/rules b/debian/rules index df1d9e7f3..c15fcab11 100755 --- a/debian/rules +++ b/debian/rules @@ -9,6 +9,7 @@ VYOS_CFG_TMPL_DIR := opt/vyatta/share/vyatta-cfg/templates VYOS_OP_TMPL_DIR := opt/vyatta/share/vyatta-op/templates VYOS_MIBS_DIR := usr/share/snmp/mibs VYOS_LOCALUI_DIR := srv/localui +VYCONF_CONFIG_DIR := $(VYOS_LIBEXEC_DIR)/vyconf/config MIGRATION_SCRIPTS_DIR := opt/vyatta/etc/config-migrate/migrate ACTIVATION_SCRIPTS_DIR := usr/libexec/vyos/activate @@ -89,6 +90,8 @@ override_dh_auto_install: cp -r templates-op/* $(DIR)/$(VYOS_OP_TMPL_DIR) # Install data files + mkdir -p $(DIR)/$(VYCONF_CONFIG_DIR) + cp -r data/reftree.cache $(DIR)/$(VYCONF_CONFIG_DIR) mkdir -p $(DIR)/$(VYOS_DATA_DIR) cp -r data/* $(DIR)/$(VYOS_DATA_DIR) diff --git a/debian/vyos-1x.install b/debian/vyos-1x.install index 502fc7aaa..d5dd3bcec 100644 --- a/debian/vyos-1x.install +++ b/debian/vyos-1x.install @@ -40,6 +40,7 @@ usr/libexec/vyos/op_mode usr/libexec/vyos/services usr/libexec/vyos/system usr/libexec/vyos/validators +usr/libexec/vyos/vyconf usr/libexec/vyos/*.py usr/libexec/vyos/*.sh usr/share diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in index bd2ff820d..ad1815604 100644 --- a/interface-definitions/container.xml.in +++ b/interface-definitions/container.xml.in @@ -275,6 +275,7 @@ </properties> <defaultValue>64</defaultValue> </leafNode> + #include <include/name-server-ipv4-ipv6.xml.i> <tagNode name="network"> <properties> <help>Attach user defined network to container</help> diff --git a/interface-definitions/include/interface/default-route-distance.xml.i b/interface-definitions/include/interface/default-route-distance.xml.i index 6eda52c91..7a226a538 100644 --- a/interface-definitions/include/interface/default-route-distance.xml.i +++ b/interface-definitions/include/interface/default-route-distance.xml.i @@ -4,7 +4,7 @@ <help>Distance for installed default route</help> <valueHelp> <format>u32:1-255</format> - <description>Distance for the default route from DHCP server</description> + <description>Distance for the default route received from the server</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-255"/> diff --git a/interface-definitions/interfaces_pppoe.xml.in b/interface-definitions/interfaces_pppoe.xml.in index 56660bc15..f24bc41d8 100644 --- a/interface-definitions/interfaces_pppoe.xml.in +++ b/interface-definitions/interfaces_pppoe.xml.in @@ -21,6 +21,9 @@ #include <include/interface/dial-on-demand.xml.i> #include <include/interface/no-default-route.xml.i> #include <include/interface/default-route-distance.xml.i> + <leafNode name="default-route-distance"> + <defaultValue>1</defaultValue> + </leafNode> #include <include/interface/dhcpv6-options.xml.i> #include <include/generic-description.xml.i> #include <include/interface/disable.xml.i> diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in index c69886a4b..5c0b735ef 100644 --- a/interface-definitions/pki.xml.in +++ b/interface-definitions/pki.xml.in @@ -80,7 +80,7 @@ </constraint> </properties> </leafNode> - #include <include/listen-address-ipv4-single.xml.i> + #include <include/listen-address-single.xml.i> <leafNode name="rsa-key-size"> <properties> <help>Size of the RSA key</help> diff --git a/python/vyos/configsession.py b/python/vyos/configsession.py index 90b96b88c..dd3ad1e3d 100644 --- a/python/vyos/configsession.py +++ b/python/vyos/configsession.py @@ -23,8 +23,8 @@ from vyos.utils.process import is_systemd_service_running from vyos.utils.dict import dict_to_paths CLI_SHELL_API = '/bin/cli-shell-api' -SET = '/opt/vyatta/sbin/my_set' -DELETE = '/opt/vyatta/sbin/my_delete' +SET = '/usr/libexec/vyos/vyconf/vy_set' +DELETE = '/usr/libexec/vyos/vyconf/vy_delete' COMMENT = '/opt/vyatta/sbin/my_comment' COMMIT = '/opt/vyatta/sbin/my_commit' DISCARD = '/opt/vyatta/sbin/my_discard' diff --git a/python/vyos/configtree.py b/python/vyos/configtree.py index 3e02fbba6..fb79e8459 100644 --- a/python/vyos/configtree.py +++ b/python/vyos/configtree.py @@ -469,15 +469,15 @@ def mask_inclusive(left, right, libpath=LIBPATH): return tree -def reference_tree_to_json(from_dir, to_file, libpath=LIBPATH): +def reference_tree_to_json(from_dir, to_file, internal_cache="", libpath=LIBPATH): try: __lib = cdll.LoadLibrary(libpath) __reference_tree_to_json = __lib.reference_tree_to_json - __reference_tree_to_json.argtypes = [c_char_p, c_char_p] + __reference_tree_to_json.argtypes = [c_char_p, c_char_p, c_char_p] __get_error = __lib.get_error __get_error.argtypes = [] __get_error.restype = c_char_p - res = __reference_tree_to_json(from_dir.encode(), to_file.encode()) + res = __reference_tree_to_json(internal_cache.encode(), from_dir.encode(), to_file.encode()) except Exception as e: raise ConfigTreeError(e) if res == 1: diff --git a/python/vyos/utils/misc.py b/python/vyos/utils/misc.py index d82655914..ac8011b8d 100644 --- a/python/vyos/utils/misc.py +++ b/python/vyos/utils/misc.py @@ -52,7 +52,7 @@ def install_into_config(conf, config_paths, override_prompt=True): continue try: - cmd(f'/opt/vyatta/sbin/my_set {path}') + cmd(f'/usr/libexec/vyos/vyconf/vy_set {path}') count += 1 except: failed.append(path) diff --git a/python/vyos/xml_ref/generate_cache.py b/python/vyos/xml_ref/generate_cache.py index 5f3f84dee..093697993 100755 --- a/python/vyos/xml_ref/generate_cache.py +++ b/python/vyos/xml_ref/generate_cache.py @@ -55,6 +55,8 @@ def main(): parser = ArgumentParser(description='generate and save dict from xml defintions') parser.add_argument('--xml-dir', type=str, required=True, help='transcluded xml interface-definition directory') + parser.add_argument('--internal-cache', type=str, required=True, + help='cache as unrendered json data for loading by vyconfd') parser.add_argument('--package-name', type=non_trivial, default='vyos-1x', help='name of current package') parser.add_argument('--output-path', help='path to generated cache') @@ -66,9 +68,11 @@ def main(): out_path = args['output_path'] path = out_path if out_path is not None else pkg_cache xml_cache = abspath(join(path, cache_name)) + internal_cache = args['internal_cache'] try: - reference_tree_to_json(xml_dir, xml_tmp) + reference_tree_to_json(xml_dir, xml_tmp, + internal_cache=internal_cache) except ConfigTreeError as e: print(e) sys.exit(1) diff --git a/smoketest/scripts/cli/test_container.py b/smoketest/scripts/cli/test_container.py index 0541384da..51559a7c6 100755 --- a/smoketest/scripts/cli/test_container.py +++ b/smoketest/scripts/cli/test_container.py @@ -96,6 +96,31 @@ class TestContainer(VyOSUnitTestSHIM.TestCase): tmp = cmd(f'sudo podman exec -it {cont_name} sysctl kernel.msgmax') self.assertEqual(tmp, 'kernel.msgmax = 4096') + def test_name_server(self): + cont_name = 'dns-test' + net_name = 'net-test' + name_server = '192.168.0.1' + prefix = '192.0.2.0/24' + + self.cli_set(base_path + ['network', net_name, 'prefix', prefix]) + + self.cli_set(base_path + ['name', cont_name, 'image', cont_image]) + self.cli_set(base_path + ['name', cont_name, 'name-server', name_server]) + self.cli_set(base_path + ['name', cont_name, 'network', net_name, 'address', str(ip_interface(prefix).ip + 2)]) + + # verify() - name server has no effect when container network has dns enabled + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + self.cli_set(base_path + ['network', net_name, 'no-name-server']) + self.cli_commit() + + n = cmd_to_json(f'sudo podman inspect {cont_name}') + self.assertEqual(n['HostConfig']['Dns'][0], name_server) + + tmp = cmd(f'sudo podman exec -it {cont_name} cat /etc/resolv.conf') + self.assertIn(name_server, tmp) + def test_cpu_limit(self): cont_name = 'c2' diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py index a7dc33d9d..594de3eb0 100755 --- a/src/conf_mode/container.py +++ b/src/conf_mode/container.py @@ -148,6 +148,9 @@ def verify(container): if network_name not in container.get('network', {}): raise ConfigError(f'Container network "{network_name}" does not exist!') + if 'name_server' in container_config and 'no_name_server' not in container['network'][network_name]: + raise ConfigError(f'Setting name server has no effect when attached container network has DNS enabled!') + if 'address' in container_config['network'][network_name]: cnt_ipv4 = 0 cnt_ipv6 = 0 @@ -363,9 +366,14 @@ def generate_run_arguments(name, container_config): if 'allow_host_pid' in container_config: host_pid = '--pid host' + name_server = '' + if 'name_server' in container_config: + for ns in container_config['name_server']: + name_server += f'--dns {ns}' + container_base_cmd = f'--detach --interactive --tty --replace {capabilities} --cpus {cpu_quota} {sysctl_opt} ' \ f'--memory {memory}m --shm-size {shared_memory}m --memory-swap 0 --restart {restart} ' \ - f'--name {name} {hostname} {device} {port} {volume} {env_opt} {label} {uid} {host_pid}' + f'--name {name} {hostname} {device} {port} {name_server} {volume} {env_opt} {label} {uid} {host_pid}' entrypoint = '' if 'entrypoint' in container_config: diff --git a/src/init/vyos-router b/src/init/vyos-router index f8cc87507..e2e964656 100755 --- a/src/init/vyos-router +++ b/src/init/vyos-router @@ -24,6 +24,8 @@ declare action=$1; shift declare -x BOOTFILE=$vyatta_sysconfdir/config/config.boot declare -x DEFAULT_BOOTFILE=$vyatta_sysconfdir/config.boot.default +declare -x VYCONF_CONFIG_DIR=/usr/libexec/vyos/vyconf/config + # If vyos-config= boot option is present, use that file instead for x in $(cat /proc/cmdline); do [[ $x = vyos-config=* ]] || continue @@ -146,6 +148,10 @@ init_bootfile () { chgrp ${GROUP} $BOOTFILE chmod 660 $BOOTFILE fi + if [ -d $VYCONF_CONFIG_DIR ] ; then + cp -f $BOOTFILE $VYCONF_CONFIG_DIR/config.boot + cp -f $DEFAULT_BOOTFILE $VYCONF_CONFIG_DIR/config.failsafe + fi } # if necessary, migrate initial config @@ -154,6 +160,10 @@ migrate_bootfile () if [ -x $vyos_libexec_dir/run-config-migration.py ]; then log_progress_msg migrate sg ${GROUP} -c "$vyos_libexec_dir/run-config-migration.py $BOOTFILE" + # update vyconf copy after migration + if [ -d $VYCONF_CONFIG_DIR ] ; then + cp -f $BOOTFILE $VYCONF_CONFIG_DIR/config.boot + fi fi } @@ -518,6 +528,8 @@ start () disabled system_config || system_config + systemctl start vyconfd.service + for s in ${subinit[@]} ; do if ! disabled $s; then log_progress_msg $s @@ -560,6 +572,8 @@ stop() umount ${vyatta_configdir} log_action_end_msg $? + systemctl stop vyconfd.service + systemctl stop frr.service unmount_encrypted_config diff --git a/src/systemd/vyconfd.service b/src/systemd/vyconfd.service new file mode 100644 index 000000000..ab2280263 --- /dev/null +++ b/src/systemd/vyconfd.service @@ -0,0 +1,21 @@ +[Unit] +Description=VyOS vyconf daemon + +# Without this option, lots of default dependencies are added, +# among them network.target, which creates a dependency cycle +DefaultDependencies=no + +After=systemd-remount-fs.service + +[Service] +ExecStart=/usr/libexec/vyos/vyconf/vyconfd --log-file /var/run/log/vyconfd.log +Type=exec +SyslogIdentifier=vyconfd +SyslogFacility=daemon +Restart=on-failure + +User=root +Group=vyattacfg + +[Install] +WantedBy=vyos.target |