1 files changed, 17 insertions, 10 deletions

diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py
index fec4456fb..b49c945cd 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces-ethernet.py
@@ -31,6 +31,7 @@ from vyos.configverify import verify_mtu
 from vyos.configverify import verify_mtu_ipv6
 from vyos.configverify import verify_vlan_config
 from vyos.configverify import verify_vrf
+from vyos.configverify import verify_bond_bridge_member
 from vyos.ethtool import Ethtool
 from vyos.ifconfig import EthernetIf
 from vyos.pki import find_chain
@@ -83,6 +84,7 @@ def verify(ethernet):
     verify_dhcpv6(ethernet)
     verify_address(ethernet)
     verify_vrf(ethernet)
+    verify_bond_bridge_member(ethernet)
     verify_eapol(ethernet)
     verify_mirror_redirect(ethernet)
 
@@ -151,11 +153,20 @@ def verify(ethernet):
     return None
 
 def generate(ethernet):
-    if 'eapol' in ethernet:
-        render(wpa_suppl_conf.format(**ethernet),
-               'ethernet/wpa_supplicant.conf.j2', ethernet)
+    # render real configuration file once
+    wpa_supplicant_conf = wpa_suppl_conf.format(**ethernet)
+
+    if 'deleted' in ethernet:
+        # delete configuration on interface removal
+        if os.path.isfile(wpa_supplicant_conf):
+            os.unlink(wpa_supplicant_conf)
+        return None
 
+    if 'eapol' in ethernet:
         ifname = ethernet['ifname']
+
+        render(wpa_supplicant_conf, 'ethernet/wpa_supplicant.conf.j2', ethernet)
+
         cert_file_path = os.path.join(cfg_dir, f'{ifname}_cert.pem')
         cert_key_path = os.path.join(cfg_dir, f'{ifname}_cert.key')
 
@@ -164,7 +175,7 @@ def generate(ethernet):
 
         loaded_pki_cert = load_certificate(pki_cert['certificate'])
         loaded_ca_certs = {load_certificate(c['certificate'])
-            for c in ethernet['pki']['ca'].values()}
+            for c in ethernet['pki']['ca'].values()} if 'ca' in ethernet['pki'] else {}
 
         cert_full_chain = find_chain(loaded_pki_cert, loaded_ca_certs)
 
@@ -182,10 +193,6 @@ def generate(ethernet):
 
             write_file(ca_cert_file_path,
                        '\n'.join(encode_certificate(c) for c in ca_full_chain))
-    else:
-        # delete configuration on interface removal
-        if os.path.isfile(wpa_suppl_conf.format(**ethernet)):
-            os.unlink(wpa_suppl_conf.format(**ethernet))
 
     return None
 
@@ -201,9 +208,9 @@ def apply(ethernet):
     else:
         e.update(ethernet)
         if 'eapol' in ethernet:
-            eapol_action='restart'
+            eapol_action='reload-or-restart'
 
-    call(f'systemctl {eapol_action} wpa_supplicant-macsec@{ifname}')
+    call(f'systemctl {eapol_action} wpa_supplicant-wired@{ifname}')
 
 if __name__ == '__main__':
     try: