summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interface-bonding.py51
-rwxr-xr-xsrc/conf_mode/interface-bridge.py41
-rwxr-xr-xsrc/conf_mode/interface-dummy.py23
-rwxr-xr-xsrc/conf_mode/interface-ethernet.py40
-rwxr-xr-xsrc/conf_mode/interface-loopback.py23
-rwxr-xr-xsrc/conf_mode/interface-openvpn.py16
-rwxr-xr-xsrc/conf_mode/interface-vxlan.py18
-rwxr-xr-xsrc/conf_mode/interface-wireguard.py16
8 files changed, 111 insertions, 117 deletions
diff --git a/src/conf_mode/interface-bonding.py b/src/conf_mode/interface-bonding.py
index 9049913e6..4d5009c73 100755
--- a/src/conf_mode/interface-bonding.py
+++ b/src/conf_mode/interface-bonding.py
@@ -13,8 +13,6 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#
import os
@@ -86,20 +84,20 @@ def apply_vlan_config(vlan, config):
raise TypeError()
# update interface description used e.g. within SNMP
- vlan.ifalias = config['description']
+ vlan.set_alias(config['description'])
# ignore link state changes
- vlan.link_detect = config['disable_link_detect']
+ vlan.set_link_detect(config['disable_link_detect'])
# Maximum Transmission Unit (MTU)
- vlan.mtu = config['mtu']
+ vlan.set_mtu(config['mtu'])
# Change VLAN interface MAC address
if config['mac']:
- vlan.mac = config['mac']
+ vlan.set_mac(config['mac'])
# enable/disable VLAN interface
if config['disable']:
- vlan.state = 'down'
+ vlan.set_state('down')
else:
- vlan.state = 'up'
+ vlan.set_state('up')
# Configure interface address(es)
# - not longer required addresses get removed first
@@ -339,7 +337,7 @@ def apply(bond):
else:
# Some parameters can not be changed when the bond is up.
# Always disable the bond prior changing anything
- b.state = 'down'
+ b.set_state('down')
# The bonding mode can not be changed when there are interfaces enslaved
# to this bond, thus we will free all interfaces from the bond first!
@@ -347,11 +345,8 @@ def apply(bond):
b.del_port(intf)
# ARP link monitoring frequency, reset miimon when arp-montior is inactive
- if bond['arp_mon_intvl'] == 0:
- # reset miimon to default
- b.miimon = 250
- else:
- b.arp_interval = bond['arp_mon_intvl']
+ # this is done inside BondIf automatically
+ b.set_arp_interval(bond['arp_mon_intvl'])
# ARP monitor targets need to be synchronized between sysfs and CLI.
# Unfortunately an address can't be send twice to sysfs as this will
@@ -362,44 +357,44 @@ def apply(bond):
# from the kernel side this looks valid to me. We won't run into an error
# when a user added manual adresses which would result in having more
# then 16 adresses in total.
- arp_tgt_addr = list(map(str, b.arp_ip_target.split()))
+ arp_tgt_addr = list(map(str, b.get_arp_ip_target().split()))
for addr in arp_tgt_addr:
- b.arp_ip_target = '-' + addr
+ b.set_arp_ip_target('-' + addr)
# Add configured ARP target addresses
for addr in bond['arp_mon_tgt']:
- b.arp_ip_target = '+' + addr
+ b.set_arp_ip_target('+' + addr)
# update interface description used e.g. within SNMP
- b.ifalias = bond['description']
+ b.set_alias(bond['description'])
#
# missing DHCP/DHCPv6 options go here
#
# ignore link state changes
- b.link_detect = bond['disable_link_detect']
+ b.set_link_detect(bond['disable_link_detect'])
# Bonding transmit hash policy
- b.xmit_hash_policy = bond['hash_policy']
+ b.set_hash_policy(bond['hash_policy'])
# configure ARP cache timeout in milliseconds
- b.arp_cache_tmp = bond['ip_arp_cache_tmo']
+ b.set_arp_cache_tmo(bond['ip_arp_cache_tmo'])
# Enable proxy-arp on this interface
- b.proxy_arp = bond['ip_proxy_arp']
+ b.set_proxy_arp(bond['ip_proxy_arp'])
# Enable private VLAN proxy ARP on this interface
- b.proxy_arp_pvlan = bond['ip_proxy_arp_pvlan']
+ b.set_proxy_arp_pvlan(bond['ip_proxy_arp_pvlan'])
# Change interface MAC address
if bond['mac']:
- b.mac = bond['mac']
+ b.set_mac(bond['mac'])
# Bonding policy
- b.mode = bond['mode']
+ b.set_mode(bond['mode'])
# Maximum Transmission Unit (MTU)
- b.mtu = bond['mtu']
+ b.set_mtu(bond['mtu'])
# Primary device interface
if bond['primary']:
- b.primary = bond['primary']
+ b.set_primary(bond['primary'])
# Add (enslave) interfaces to bond
for intf in bond['member']:
@@ -409,7 +404,7 @@ def apply(bond):
# parameters we will only re-enable the interface if it is not
# administratively disabled
if not bond['disable']:
- b.state = 'up'
+ b.set_state('up')
# Configure interface address(es)
# - not longer required addresses get removed first
diff --git a/src/conf_mode/interface-bridge.py b/src/conf_mode/interface-bridge.py
index 62589c798..37b5c4979 100755
--- a/src/conf_mode/interface-bridge.py
+++ b/src/conf_mode/interface-bridge.py
@@ -13,8 +13,6 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#
import os
@@ -22,7 +20,7 @@ from copy import deepcopy
from sys import exit
from netifaces import interfaces
-from vyos.ifconfig import BridgeIf, Interface
+from vyos.ifconfig import BridgeIf, STPIf
from vyos.configdict import list_diff
from vyos.config import Config
from vyos import ConfigError
@@ -187,27 +185,27 @@ def apply(bridge):
br.remove()
else:
# enable interface
- br.state = 'up'
+ br.set_state('up')
# set ageing time
- br.ageing_time = bridge['aging']
+ br.set_ageing_time(bridge['aging'])
# set bridge forward delay
- br.forward_delay = bridge['forwarding_delay']
+ br.set_forward_delay(bridge['forwarding_delay'])
# set hello time
- br.hello_time = bridge['hello_time']
+ br.set_hello_time(bridge['hello_time'])
# set max message age
- br.max_age = bridge['max_age']
+ br.set_max_age(bridge['max_age'])
# set bridge priority
- br.priority = bridge['priority']
+ br.set_priority(bridge['priority'])
# turn stp on/off
- br.stp_state = bridge['stp']
+ br.set_stp(bridge['stp'])
# enable or disable IGMP querier
- br.multicast_querier = bridge['igmp_querier']
+ br.set_multicast_querier(bridge['igmp_querier'])
# update interface description used e.g. within SNMP
- br.ifalias = bridge['description']
+ br.set_alias(bridge['description'])
# Change interface MAC address
if bridge['mac']:
- br.mac = bridge['mac']
+ br.set_mac(bridge['mac'])
# remove interface from bridge
for intf in bridge['member_remove']:
@@ -219,7 +217,7 @@ def apply(bridge):
# up/down interface
if bridge['disable']:
- br.state = 'down'
+ br.set_state('down')
# Configure interface address(es)
# - not longer required addresses get removed first
@@ -231,16 +229,15 @@ def apply(bridge):
# configure additional bridge member options
for member in bridge['member']:
- # set bridge port cost
- br.set_cost(member['name'], member['cost'])
- # set bridge port priority
- br.set_priority(member['name'], member['priority'])
-
- i = Interface(member['name'])
+ i = STPIf(member['name'])
# configure ARP cache timeout
- i.arp_cache_tmo = bridge['arp_cache_tmo']
+ i.set_arp_cache_tmo(bridge['arp_cache_tmo'])
# ignore link state changes
- i.link_detect = bridge['disable_link_detect']
+ i.set_link_detect(bridge['disable_link_detect'])
+ # set bridge port path cost
+ i.set_path_cost(member['cost'])
+ # set bridge port path priority
+ i.set_path_priority(member['priority'])
return None
diff --git a/src/conf_mode/interface-dummy.py b/src/conf_mode/interface-dummy.py
index 614fe08db..16b716e61 100755
--- a/src/conf_mode/interface-dummy.py
+++ b/src/conf_mode/interface-dummy.py
@@ -13,10 +13,9 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#
-from os import environ
+import os
+
from copy import deepcopy
from sys import exit
@@ -40,7 +39,7 @@ def get_config():
# determine tagNode instance
try:
- dummy['intf'] = environ['VYOS_TAGNODE_VALUE']
+ dummy['intf'] = os.environ['VYOS_TAGNODE_VALUE']
except KeyError as E:
print("Interface not specified")
@@ -79,28 +78,28 @@ def generate(dummy):
return None
def apply(dummy):
- du = DummyIf(dummy['intf'])
+ d = DummyIf(dummy['intf'])
# Remove dummy interface
if dummy['deleted']:
- du.remove()
+ d.remove()
else:
- # enable interface
- du.state = 'up'
# update interface description used e.g. within SNMP
- du.ifalias = dummy['description']
+ d.set_alias(dummy['description'])
# Configure interface address(es)
# - not longer required addresses get removed first
# - newly addresses will be added second
for addr in dummy['address_remove']:
- du.del_addr(addr)
+ d.del_addr(addr)
for addr in dummy['address']:
- du.add_addr(addr)
+ d.add_addr(addr)
# disable interface on demand
if dummy['disable']:
- du.state = 'down'
+ d.set_state('down')
+ else
+ d.set_state('up')
return None
diff --git a/src/conf_mode/interface-ethernet.py b/src/conf_mode/interface-ethernet.py
index f82105847..99450b19e 100755
--- a/src/conf_mode/interface-ethernet.py
+++ b/src/conf_mode/interface-ethernet.py
@@ -67,20 +67,20 @@ def apply_vlan_config(vlan, config):
raise TypeError()
# update interface description used e.g. within SNMP
- vlan.ifalias = config['description']
+ vlan.set_alias(config['description'])
# ignore link state changes
- vlan.link_detect = config['disable_link_detect']
+ vlan.set_link_detect(config['disable_link_detect'])
# Maximum Transmission Unit (MTU)
- vlan.mtu = config['mtu']
+ vlan.set_mtu(config['mtu'])
# Change VLAN interface MAC address
if config['mac']:
- vlan.mac = config['mac']
+ vlan.set_mac(config['mac'])
# enable/disable VLAN interface
if config['disable']:
- vlan.state = 'down'
+ vlan.set_state('down')
else:
- vlan.state = 'up'
+ vlan.set_state('up')
# Configure interface address(es)
# - not longer required addresses get removed first
@@ -271,32 +271,32 @@ def apply(eth):
e.remove()
else:
# update interface description used e.g. within SNMP
- e.ifalias = eth['description']
+ e.set_alias(eth['description'])
#
# missing DHCP/DHCPv6 options go here
#
# ignore link state changes
- e.link_detect = eth['disable_link_detect']
+ e.set_link_detect(eth['disable_link_detect'])
# disable ethernet flow control (pause frames)
e.set_flow_control(eth['flow_control'])
# configure ARP cache timeout in milliseconds
- e.arp_cache_tmo = eth['ip_arp_cache_tmo']
+ e.set_arp_cache_tmo(eth['ip_arp_cache_tmo'])
# Enable proxy-arp on this interface
- e.proxy_arp = eth['ip_proxy_arp']
+ e.set_proxy_arp(eth['ip_proxy_arp'])
# Enable private VLAN proxy ARP on this interface
- e.proxy_arp_pvlan = eth['ip_proxy_arp_pvlan']
+ e.set_proxy_arp_pvlan(eth['ip_proxy_arp_pvlan'])
# Change interface MAC address - re-set to real hardware address (hw-id)
# if custom mac is removed
if eth['mac']:
- e.mac = eth['mac']
+ e.set_mac(eth['mac'])
else:
- e.mac = eth['hw_id']
+ e.set_mac(eth['hw_id'])
# Maximum Transmission Unit (MTU)
- e.mtu = eth['mtu']
+ e.set_mtu(eth['mtu'])
# GRO (generic receive offload)
e.set_gro(eth['offload_gro'])
@@ -316,6 +316,12 @@ def apply(eth):
# Set physical interface speed and duplex
e.set_speed_duplex(eth['speed'], eth['duplex'])
+ # Enable/Disable interface
+ if eth['disable']:
+ e.set_state('down')
+ else:
+ e.set_state('up')
+
# Configure interface address(es)
# - not longer required addresses get removed first
# - newly addresses will be added second
@@ -324,12 +330,6 @@ def apply(eth):
for addr in eth['address']:
e.add_addr(addr)
- # Enable/Disable interface
- if eth['disable']:
- e.state = 'down'
- else:
- e.state = 'up'
-
# remove no longer required service VLAN interfaces (vif-s)
for vif_s in eth['vif_s_remove']:
e.del_vlan(vif_s)
diff --git a/src/conf_mode/interface-loopback.py b/src/conf_mode/interface-loopback.py
index a1a807868..10722d137 100755
--- a/src/conf_mode/interface-loopback.py
+++ b/src/conf_mode/interface-loopback.py
@@ -13,9 +13,9 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-from os import environ
+import os
+
from sys import exit
from copy import deepcopy
@@ -38,7 +38,7 @@ def get_config():
# determine tagNode instance
try:
- loopback['intf'] = environ['VYOS_TAGNODE_VALUE']
+ loopback['intf'] = os.environ['VYOS_TAGNODE_VALUE']
except KeyError as E:
print("Interface not specified")
@@ -72,21 +72,20 @@ def generate(loopback):
return None
def apply(loopback):
- lo = LoopbackIf(loopback['intf'])
- if not loopback['deleted']:
+ l = LoopbackIf(loopback['intf'])
+ if loopback['deleted']:
+ l.remove()
+ else:
# update interface description used e.g. within SNMP
- # update interface description used e.g. within SNMP
- lo.ifalias = loopback['description']
+ l.set_alias(loopback['description'])
# Configure interface address(es)
# - not longer required addresses get removed first
# - newly addresses will be added second
+ for addr in loopback['address_remove']:
+ l.del_addr(addr)
for addr in loopback['address']:
- lo.add_addr(addr)
-
- # remove interface address(es)
- for addr in loopback['address_remove']:
- lo.del_addr(addr)
+ l.add_addr(addr)
return None
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py
index 35e7928c2..57d565749 100755
--- a/src/conf_mode/interface-openvpn.py
+++ b/src/conf_mode/interface-openvpn.py
@@ -13,8 +13,6 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#
import os
import re
@@ -31,8 +29,9 @@ from pwd import getpwnam
from subprocess import Popen, PIPE
from time import sleep
-from vyos.config import Config
from vyos import ConfigError
+from vyos.config import Config
+from vyos.ifconfig import Interface
from vyos.validate import is_addr_assigned
user = 'openvpn'
@@ -580,7 +579,7 @@ def get_config():
# Minimum required TLS version
if conf.exists('tls tls-version-min'):
openvpn['tls_version_min'] = conf.return_value('tls tls-version-min')
-
+
if conf.exists('shared-secret-key-file'):
openvpn['shared_secret_file'] = conf.return_value('shared-secret-key-file')
@@ -736,7 +735,7 @@ def verify(openvpn):
if openvpn['tls_auth']:
if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['tls_auth']):
raise ConfigError('Specified auth-file "{}" is invalid'.format(openvpn['tls_auth']))
-
+
if openvpn['tls_cert']:
if not checkCertHeader('-----BEGIN CERTIFICATE-----', openvpn['tls_cert']):
raise ConfigError('Specified cert-file "{}" is invalid'.format(openvpn['tls_cert']))
@@ -901,6 +900,13 @@ def apply(openvpn):
# execute assembled command
subprocess_cmd(cmd)
+
+ # better late then sorry ... but we can only set interface alias after
+ # OpenVPN has been launched and created the interface
+ while openvpn['intf'] not in interfaces():
+ sleep(0.250) # 250ms
+ Interface(openvpn['intf']).set_alias(openvpn['description'])
+
return None
diff --git a/src/conf_mode/interface-vxlan.py b/src/conf_mode/interface-vxlan.py
index e97b4bf99..1097ae4d0 100755
--- a/src/conf_mode/interface-vxlan.py
+++ b/src/conf_mode/interface-vxlan.py
@@ -13,9 +13,9 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-from os import environ
+import os
+
from sys import exit
from copy import deepcopy
@@ -48,7 +48,7 @@ def get_config():
# determine tagNode instance
try:
- vxlan['intf'] = environ['VYOS_TAGNODE_VALUE']
+ vxlan['intf'] = os.environ['VYOS_TAGNODE_VALUE']
except KeyError as E:
print("Interface not specified")
@@ -127,7 +127,7 @@ def verify(vxlan):
if vxlan['link']:
# VXLAN adds a 50 byte overhead - we need to check the underlaying MTU
# if our configured MTU is at least 50 bytes less
- underlay_mtu = int(Interface(vxlan['link']).mtu)
+ underlay_mtu = int(Interface(vxlan['link']).get_mtu())
if underlay_mtu < (vxlan['mtu'] + 50):
raise ConfigError('VXLAN has a 50 byte overhead, underlaying device ' \
'MTU is to small ({})'.format(underlay_mtu))
@@ -163,14 +163,14 @@ def apply(vxlan):
# Finally create the new interface
v = VXLANIf(vxlan['intf'], config=conf)
# update interface description used e.g. by SNMP
- v.ifalias = vxlan['description']
+ v.set_alias(vxlan['description'])
# Maximum Transfer Unit (MTU)
- v.mtu = vxlan['mtu']
+ v.set_mtu(vxlan['mtu'])
# configure ARP cache timeout in milliseconds
- v.arp_cache_tmp = vxlan['ip_arp_cache_tmo']
+ v.set_arp_cache_tmo(vxlan['ip_arp_cache_tmo'])
# Enable proxy-arp on this interface
- v.proxy_arp = vxlan['ip_proxy_arp']
+ v.set_proxy_arp(vxlan['ip_proxy_arp'])
# Configure interface address(es) - no need to implicitly delete the
# old addresses as they have already been removed by deleting the
@@ -182,7 +182,7 @@ def apply(vxlan):
# parameters we will only re-enable the interface if it is not
# administratively disabled
if not vxlan['disable']:
- v.state='up'
+ v.set_state('up')
return None
diff --git a/src/conf_mode/interface-wireguard.py b/src/conf_mode/interface-wireguard.py
index 4ae3251fe..3fd29ad4d 100755
--- a/src/conf_mode/interface-wireguard.py
+++ b/src/conf_mode/interface-wireguard.py
@@ -13,8 +13,6 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#
import sys
import os
@@ -97,7 +95,7 @@ def get_config():
if c.exists(ifname + ' mtu'):
config_data[ifname]['mtu'] = c.return_value(ifname + ' mtu')
if c.exists(ifname + ' private-key'):
- config_data[ifname]['pk'] = "{0}/{1}/private.key".format(kdir,c.return_value(ifname + ' private-key'))
+ config_data[ifname]['pk'] = "{0}/{1}/private.key".format(kdir,c.return_value(ifname + ' private-key'))
if c.exists(ifname + ' peer'):
for p in c.list_nodes(ifname + ' peer'):
if not c.exists(ifname + ' peer ' + p + ' disable'):
@@ -175,11 +173,11 @@ def apply(c):
# interface state
if c[ifname]['state'] == 'disable':
sl.syslog(sl.LOG_NOTICE, "disable interface " + ifname)
- intfc.state = 'down'
+ intfc.set_state('down')
else:
- if not intfc.state == 'up':
+ if not intfc.get_state() == 'up':
sl.syslog(sl.LOG_NOTICE, "enable interface " + ifname)
- intfc.state = 'up'
+ intfc.set_state('up')
# IP address
if not c_eff.exists_effective(ifname + ' address'):
@@ -204,15 +202,15 @@ def apply(c):
# interface MTU
if c[ifname]['mtu'] != 1420:
- intfc.mtu = int(c[ifname]['mtu'])
+ intfc.set_mtu(int(c[ifname]['mtu']))
else:
# default is set to 1420 in config_data
- intfc.mtu = int(c[ifname]['mtu'])
+ intfc.set_mtu(int(c[ifname]['mtu']))
# ifalias for snmp from description
descr_eff = c_eff.return_effective_value(ifname + ' description')
if descr_eff != c[ifname]['descr']:
- intfc.ifalias = str(c[ifname]['descr'])
+ intfc.set_alias(str(c[ifname]['descr']))
# peer deletion
peer_eff = c_eff.list_effective_nodes(ifname + ' peer')