summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/flow_accounting_conf.py6
-rwxr-xr-xsrc/conf_mode/intel_qat.py10
-rwxr-xr-xsrc/conf_mode/protocols_igmp.py2
-rwxr-xr-xsrc/conf_mode/protocols_mpls.py2
-rwxr-xr-xsrc/conf_mode/protocols_rip.py2
-rwxr-xr-xsrc/conf_mode/protocols_static_multicast.py2
-rwxr-xr-xsrc/conf_mode/snmp.py21
-rwxr-xr-xsrc/conf_mode/vrf.py4
8 files changed, 28 insertions, 21 deletions
diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py
index a9ebab53e..b7e73eaeb 100755
--- a/src/conf_mode/flow_accounting_conf.py
+++ b/src/conf_mode/flow_accounting_conf.py
@@ -84,7 +84,7 @@ def _iptables_get_nflog():
for iptables_variant in ['iptables', 'ip6tables']:
# run iptables, save output and split it by lines
- iptables_command = "sudo {0} -t {1} -S {2}".format(iptables_variant, iptables_nflog_table, iptables_nflog_chain)
+ iptables_command = f'{iptables_variant} -t {iptables_nflog_table} -S {iptables_nflog_chain}'
tmp = cmd(iptables_command, message='Failed to get flows list')
# parse each line and add information to list
@@ -118,7 +118,7 @@ def _iptables_config(configured_ifaces):
if interface not in configured_ifaces:
table = rule['table']
rule = rule['rule_definition']
- iptable_commands.append(f'sudo {iptables} -t {table} -D {rule}')
+ iptable_commands.append(f'{iptables} -t {table} -D {rule}')
else:
active_nflog_ifaces.append({
'iface': interface,
@@ -135,7 +135,7 @@ def _iptables_config(configured_ifaces):
iface = iface_extended['iface']
iptables = iface_extended['iptables_variant']
rule_definition = f'{iptables_nflog_chain} -i {iface} -m comment --comment FLOW_ACCOUNTING_RULE -j NFLOG --nflog-group 2 --nflog-size {default_captured_packet_size} --nflog-threshold 100'
- iptable_commands.append(f'sudo {iptables} -t {iptables_nflog_table} -I {rule_definition}')
+ iptable_commands.append(f'{iptables} -t {iptables_nflog_table} -I {rule_definition}')
# change iptables
for command in iptable_commands:
diff --git a/src/conf_mode/intel_qat.py b/src/conf_mode/intel_qat.py
index 0b2d318fd..742f09a54 100755
--- a/src/conf_mode/intel_qat.py
+++ b/src/conf_mode/intel_qat.py
@@ -54,8 +54,8 @@ def get_config():
def vpn_control(action):
# XXX: Should these commands report failure
if action == 'restore' and gl_ipsec_conf:
- return run('sudo ipsec start')
- return run(f'sudo ipsec {action}')
+ return run('ipsec start')
+ return run(f'ipsec {action}')
def verify(c):
# Check if QAT service installed
@@ -66,7 +66,7 @@ def verify(c):
return
# Check if QAT device exist
- output, err = popen('sudo lspci -nn', decode='utf-8')
+ output, err = popen('lspci -nn', decode='utf-8')
if not err:
data = re.findall('(8086:19e2)|(8086:37c8)|(8086:0435)|(8086:6f54)', output)
#If QAT devices found
@@ -81,13 +81,13 @@ def apply(c):
# Disable QAT service
if c['qat_conf'] == None:
- run('sudo /etc/init.d/qat_service stop')
+ run('/etc/init.d/qat_service stop')
if c['ipsec_conf']:
vpn_control('start')
return
# Run qat init.d script
- run('sudo /etc/init.d/qat_service start')
+ run('/etc/init.d/qat_service start')
if c['ipsec_conf']:
# Recovery VPN service
vpn_control('start')
diff --git a/src/conf_mode/protocols_igmp.py b/src/conf_mode/protocols_igmp.py
index 6f0e2010f..ca148fd6a 100755
--- a/src/conf_mode/protocols_igmp.py
+++ b/src/conf_mode/protocols_igmp.py
@@ -97,7 +97,7 @@ def apply(igmp):
return None
if os.path.exists(config_file):
- call("sudo vtysh -d pimd -f " + config_file)
+ call(f'vtysh -d pimd -f {config_file}')
os.remove(config_file)
return None
diff --git a/src/conf_mode/protocols_mpls.py b/src/conf_mode/protocols_mpls.py
index 15785a801..72208ffa1 100755
--- a/src/conf_mode/protocols_mpls.py
+++ b/src/conf_mode/protocols_mpls.py
@@ -153,7 +153,7 @@ def apply(mpls):
operate_mpls_on_intfc(diactive_ifaces, 0)
if os.path.exists(config_file):
- call("sudo vtysh -d ldpd -f " + config_file)
+ call(f'vtysh -d ldpd -f {config_file}')
os.remove(config_file)
return None
diff --git a/src/conf_mode/protocols_rip.py b/src/conf_mode/protocols_rip.py
index c5ac26806..4f8816d61 100755
--- a/src/conf_mode/protocols_rip.py
+++ b/src/conf_mode/protocols_rip.py
@@ -297,7 +297,7 @@ def apply(rip):
return None
if os.path.exists(config_file):
- call("sudo vtysh -d ripd -f " + config_file)
+ call(f'vtysh -d ripd -f {config_file}')
os.remove(config_file)
else:
print("File {0} not found".format(config_file))
diff --git a/src/conf_mode/protocols_static_multicast.py b/src/conf_mode/protocols_static_multicast.py
index eeab26d4d..232d1e181 100755
--- a/src/conf_mode/protocols_static_multicast.py
+++ b/src/conf_mode/protocols_static_multicast.py
@@ -101,7 +101,7 @@ def apply(mroute):
return None
if os.path.exists(config_file):
- call("sudo vtysh -d staticd -f " + config_file)
+ call(f'vtysh -d staticd -f {config_file}')
os.remove(config_file)
return None
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py
index eb0d20654..bafd26edc 100755
--- a/src/conf_mode/snmp.py
+++ b/src/conf_mode/snmp.py
@@ -22,6 +22,7 @@ from time import sleep
from sys import exit
from vyos.config import Config
+from vyos.configverify import verify_vrf
from vyos.validate import is_ipv4, is_addr_assigned
from vyos.version import get_version_data
from vyos import ConfigError
@@ -67,8 +68,7 @@ default_config_data = {
'v3_traps': [],
'v3_users': [],
'v3_views': [],
- 'script_ext': [],
- 'vrf': ''
+ 'script_ext': []
}
def rmfile(file):
@@ -191,6 +191,9 @@ def get_config():
snmp['script_ext'].append(extension)
if conf.exists('vrf'):
+ # Append key to dict but don't place it in the default dictionary.
+ # This is required to make the override.conf.tmpl work until we
+ # migrate to get_config_dict().
snmp['vrf'] = conf.return_value('vrf')
@@ -416,8 +419,7 @@ def verify(snmp):
else:
print('WARNING: SNMP listen address {0} not configured!'.format(addr))
- if snmp['vrf'] and snmp['vrf'] not in interfaces():
- raise ConfigError('VRF "{vrf}" does not exist'.format(**snmp))
+ verify_vrf(snmp)
# bail out early if SNMP v3 is not configured
if not snmp['v3_enabled']:
@@ -550,15 +552,20 @@ def apply(snmp):
# start SNMP daemon
call("systemctl restart snmpd.service")
- while (call('systemctl -q is-active snmpd.service') != 0):
- print("service not yet started")
- sleep(0.5)
+ if 'vrf' not in snmp.keys():
+ # service will be restarted multiple times later on
+ while (call('systemctl -q is-active snmpd.service') != 0):
+ sleep(0.5)
# net-snmp is now regenerating the configuration file in the background
# thus we need to re-open and re-read the file as the content changed.
# After that we can no read the encrypted password from the config and
# replace the CLI plaintext password with its encrypted version.
os.environ["vyos_libexec_dir"] = "/usr/libexec/vyos"
+
+ # XXX: actually this whole logic makes less sense - why not calculate the
+ # password hashed on our own and write them back into the config? I see
+ # no valid reason in waiting for a third party process to do so.
with open(config_file_user, 'r') as f:
engineID = ''
for line in f:
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py
index d3327b3c7..56ca813ff 100755
--- a/src/conf_mode/vrf.py
+++ b/src/conf_mode/vrf.py
@@ -201,8 +201,8 @@ def apply(vrf_config):
for vrf in vrf_config['vrf_remove']:
name = vrf['name']
if os.path.isdir(f'/sys/class/net/{name}'):
- _cmd(f'sudo ip -4 route del vrf {name} unreachable default metric 4278198272')
- _cmd(f'sudo ip -6 route del vrf {name} unreachable default metric 4278198272')
+ _cmd(f'ip -4 route del vrf {name} unreachable default metric 4278198272')
+ _cmd(f'ip -6 route del vrf {name} unreachable default metric 4278198272')
_cmd(f'ip link delete dev {name}')
for vrf in vrf_config['vrf_add']: