diff options
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/protocols_bgp.py | 44 | ||||
-rwxr-xr-x | src/conf_mode/system-ip.py | 79 |
2 files changed, 66 insertions, 57 deletions
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py index 642738b09..a3f32fd2d 100755 --- a/src/conf_mode/protocols_bgp.py +++ b/src/conf_mode/protocols_bgp.py @@ -60,12 +60,22 @@ def verify(bgp): if neigh not in asn_config: continue - for neighbor, config in asn_config[neigh].items(): - if 'remote_as' not in config and 'peer_group' not in config: - raise ConfigError(f'BGP remote-as must be specified for "{neighbor}"!') + #for neighbor, config in asn_config[neigh].items(): + ''' + # These checks need to be modified. Because peer-group can be declared without 'remote-as'. + # When 'remote-as' configured for specific neighbor in peer-group. For example + # - if 'remote_as' in config and 'peer_group' in config: - raise ConfigError(f'BGP peer-group member "{neighbor}" cannot override remote-as of peer-group!') + set protocols nbgp 65001 neighbor 100.64.0.2 peer-group 'FOO' + set protocols nbgp 65001 neighbor 100.64.0.2 remote-as '65002' + set protocols nbgp 65001 peer-group FOO + + ''' + #if 'remote_as' not in config and 'peer_group' not in config: + # raise ConfigError(f'BGP remote-as must be specified for "{neighbor}"!') + + #if 'remote_as' in config and 'peer_group' in config: + # raise ConfigError(f'BGP peer-group member "{neighbor}" cannot override remote-as of peer-group!') return None @@ -87,24 +97,26 @@ def generate(bgp): def apply(bgp): # Save original configuration prior to starting any commit actions - frr_cfg = {} - frr_cfg['original_config'] = frr.get_configuration(daemon='bgpd') - frr_cfg['modified_config'] = frr.replace_section(frr_cfg['original_config'], bgp['new_frr_config'], from_re='router bgp .*') + frr_cfg = frr.FRRConfig() + frr_cfg.load_configuration(daemon='bgpd') + frr_cfg.modify_section(f'router bgp \S+', '') + frr_cfg.add_before(r'(ip prefix-list .*|route-map .*|line vty)', bgp['new_frr_config']) + frr_cfg.commit_configuration(daemon='bgpd') + + # If FRR config is blank, rerun the blank commit x times due to frr-reload + # behavior/bug not properly clearing out on one commit. + if bgp['new_frr_config'] == '': + for a in range(5): + frr_cfg.commit_configuration(daemon='bgpd') # Debugging + ''' print('') print('--------- DEBUGGING ----------') print(f'Existing config:\n{frr_cfg["original_config"]}\n\n') print(f'Replacement config:\n{bgp["new_frr_config"]}\n\n') print(f'Modified config:\n{frr_cfg["modified_config"]}\n\n') - - # FRR mark configuration will test for syntax errors and throws an - # exception if any syntax errors is detected - frr.mark_configuration(frr_cfg['modified_config']) - - # Commit resulting configuration to FRR, this will throw CommitError - # on failure - frr.reload_configuration(frr_cfg['modified_config'], daemon='bgpd') + ''' return None diff --git a/src/conf_mode/system-ip.py b/src/conf_mode/system-ip.py index 64c9e6d05..190a0daca 100755 --- a/src/conf_mode/system-ip.py +++ b/src/conf_mode/system-ip.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019 VyOS maintainers and contributors +# Copyright (C) 2019-2020 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -14,68 +14,65 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import os - from sys import exit -from copy import deepcopy + from vyos.config import Config -from vyos import ConfigError +from vyos.configdict import dict_merge from vyos.util import call - +from vyos.util import dict_search +from vyos.xml import defaults +from vyos import ConfigError from vyos import airbag airbag.enable() -default_config_data = { - 'arp_table': 8192, - 'ipv4_forward': '1', - 'mp_unreach_nexthop': '0', - 'mp_layer4_hashing': '0' -} - def sysctl(name, value): - call('sysctl -wq {}={}'.format(name, value)) + call(f'sysctl -wq {name}={value}') def get_config(config=None): - ip_opt = deepcopy(default_config_data) if config: conf = config else: conf = Config() - conf.set_level('system ip') - if conf.exists(''): - if conf.exists('arp table-size'): - ip_opt['arp_table'] = int(conf.return_value('arp table-size')) - - if conf.exists('disable-forwarding'): - ip_opt['ipv4_forward'] = '0' + base = ['system', 'ip'] - if conf.exists('multipath ignore-unreachable-nexthops'): - ip_opt['mp_unreach_nexthop'] = '1' + opt = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) + # We have gathered the dict representation of the CLI, but there are default + # options which we need to update into the dictionary retrived. + default_values = defaults(base) + opt = dict_merge(default_values, opt) - if conf.exists('multipath layer4-hashing'): - ip_opt['mp_layer4_hashing'] = '1' + return opt - return ip_opt - -def verify(ip_opt): +def verify(opt): pass -def generate(ip_opt): +def generate(opt): pass -def apply(ip_opt): - # apply ARP threshold values - sysctl('net.ipv4.neigh.default.gc_thresh3', ip_opt['arp_table']) - sysctl('net.ipv4.neigh.default.gc_thresh2', ip_opt['arp_table'] // 2) - sysctl('net.ipv4.neigh.default.gc_thresh1', ip_opt['arp_table'] // 8) +def apply(opt): + size = int(dict_search('arp.table_size', opt)) + if size: + # apply ARP threshold values + sysctl('net.ipv4.neigh.default.gc_thresh3', str(size)) + sysctl('net.ipv4.neigh.default.gc_thresh2', str(size // 2)) + sysctl('net.ipv4.neigh.default.gc_thresh1', str(size // 8)) # enable/disable IPv4 forwarding - with open('/proc/sys/net/ipv4/conf/all/forwarding', 'w') as f: - f.write(ip_opt['ipv4_forward']) - - # configure multipath - sysctl('net.ipv4.fib_multipath_use_neigh', ip_opt['mp_unreach_nexthop']) - sysctl('net.ipv4.fib_multipath_hash_policy', ip_opt['mp_layer4_hashing']) + tmp = '1' + if 'disable_forwarding' in opt: + tmp = '0' + sysctl('net.ipv4.conf.all.forwarding', tmp) + + tmp = '0' + # configure multipath - dict_search() returns an empty dict if key was found + if isinstance(dict_search('multipath.ignore_unreachable_nexthops', opt), dict): + tmp = '1' + sysctl('net.ipv4.fib_multipath_use_neigh', tmp) + + tmp = '0' + if isinstance(dict_search('multipath.ignore_unreachable_nexthops', opt), dict): + tmp = '1' + sysctl('net.ipv4.fib_multipath_hash_policy', tmp) if __name__ == '__main__': try: |