diff options
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/interface-bonding.py | 51 | ||||
-rwxr-xr-x | src/conf_mode/interface-bridge.py | 41 | ||||
-rwxr-xr-x | src/conf_mode/interface-dummy.py | 23 | ||||
-rwxr-xr-x | src/conf_mode/interface-ethernet.py | 40 | ||||
-rwxr-xr-x | src/conf_mode/interface-loopback.py | 23 | ||||
-rwxr-xr-x | src/conf_mode/interface-openvpn.py | 16 | ||||
-rwxr-xr-x | src/conf_mode/interface-vxlan.py | 18 | ||||
-rwxr-xr-x | src/conf_mode/interface-wireguard.py | 16 |
8 files changed, 111 insertions, 117 deletions
diff --git a/src/conf_mode/interface-bonding.py b/src/conf_mode/interface-bonding.py index 9049913e6..4d5009c73 100755 --- a/src/conf_mode/interface-bonding.py +++ b/src/conf_mode/interface-bonding.py @@ -13,8 +13,6 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# -# import os @@ -86,20 +84,20 @@ def apply_vlan_config(vlan, config): raise TypeError() # update interface description used e.g. within SNMP - vlan.ifalias = config['description'] + vlan.set_alias(config['description']) # ignore link state changes - vlan.link_detect = config['disable_link_detect'] + vlan.set_link_detect(config['disable_link_detect']) # Maximum Transmission Unit (MTU) - vlan.mtu = config['mtu'] + vlan.set_mtu(config['mtu']) # Change VLAN interface MAC address if config['mac']: - vlan.mac = config['mac'] + vlan.set_mac(config['mac']) # enable/disable VLAN interface if config['disable']: - vlan.state = 'down' + vlan.set_state('down') else: - vlan.state = 'up' + vlan.set_state('up') # Configure interface address(es) # - not longer required addresses get removed first @@ -339,7 +337,7 @@ def apply(bond): else: # Some parameters can not be changed when the bond is up. # Always disable the bond prior changing anything - b.state = 'down' + b.set_state('down') # The bonding mode can not be changed when there are interfaces enslaved # to this bond, thus we will free all interfaces from the bond first! @@ -347,11 +345,8 @@ def apply(bond): b.del_port(intf) # ARP link monitoring frequency, reset miimon when arp-montior is inactive - if bond['arp_mon_intvl'] == 0: - # reset miimon to default - b.miimon = 250 - else: - b.arp_interval = bond['arp_mon_intvl'] + # this is done inside BondIf automatically + b.set_arp_interval(bond['arp_mon_intvl']) # ARP monitor targets need to be synchronized between sysfs and CLI. # Unfortunately an address can't be send twice to sysfs as this will @@ -362,44 +357,44 @@ def apply(bond): # from the kernel side this looks valid to me. We won't run into an error # when a user added manual adresses which would result in having more # then 16 adresses in total. - arp_tgt_addr = list(map(str, b.arp_ip_target.split())) + arp_tgt_addr = list(map(str, b.get_arp_ip_target().split())) for addr in arp_tgt_addr: - b.arp_ip_target = '-' + addr + b.set_arp_ip_target('-' + addr) # Add configured ARP target addresses for addr in bond['arp_mon_tgt']: - b.arp_ip_target = '+' + addr + b.set_arp_ip_target('+' + addr) # update interface description used e.g. within SNMP - b.ifalias = bond['description'] + b.set_alias(bond['description']) # # missing DHCP/DHCPv6 options go here # # ignore link state changes - b.link_detect = bond['disable_link_detect'] + b.set_link_detect(bond['disable_link_detect']) # Bonding transmit hash policy - b.xmit_hash_policy = bond['hash_policy'] + b.set_hash_policy(bond['hash_policy']) # configure ARP cache timeout in milliseconds - b.arp_cache_tmp = bond['ip_arp_cache_tmo'] + b.set_arp_cache_tmo(bond['ip_arp_cache_tmo']) # Enable proxy-arp on this interface - b.proxy_arp = bond['ip_proxy_arp'] + b.set_proxy_arp(bond['ip_proxy_arp']) # Enable private VLAN proxy ARP on this interface - b.proxy_arp_pvlan = bond['ip_proxy_arp_pvlan'] + b.set_proxy_arp_pvlan(bond['ip_proxy_arp_pvlan']) # Change interface MAC address if bond['mac']: - b.mac = bond['mac'] + b.set_mac(bond['mac']) # Bonding policy - b.mode = bond['mode'] + b.set_mode(bond['mode']) # Maximum Transmission Unit (MTU) - b.mtu = bond['mtu'] + b.set_mtu(bond['mtu']) # Primary device interface if bond['primary']: - b.primary = bond['primary'] + b.set_primary(bond['primary']) # Add (enslave) interfaces to bond for intf in bond['member']: @@ -409,7 +404,7 @@ def apply(bond): # parameters we will only re-enable the interface if it is not # administratively disabled if not bond['disable']: - b.state = 'up' + b.set_state('up') # Configure interface address(es) # - not longer required addresses get removed first diff --git a/src/conf_mode/interface-bridge.py b/src/conf_mode/interface-bridge.py index 62589c798..37b5c4979 100755 --- a/src/conf_mode/interface-bridge.py +++ b/src/conf_mode/interface-bridge.py @@ -13,8 +13,6 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# -# import os @@ -22,7 +20,7 @@ from copy import deepcopy from sys import exit from netifaces import interfaces -from vyos.ifconfig import BridgeIf, Interface +from vyos.ifconfig import BridgeIf, STPIf from vyos.configdict import list_diff from vyos.config import Config from vyos import ConfigError @@ -187,27 +185,27 @@ def apply(bridge): br.remove() else: # enable interface - br.state = 'up' + br.set_state('up') # set ageing time - br.ageing_time = bridge['aging'] + br.set_ageing_time(bridge['aging']) # set bridge forward delay - br.forward_delay = bridge['forwarding_delay'] + br.set_forward_delay(bridge['forwarding_delay']) # set hello time - br.hello_time = bridge['hello_time'] + br.set_hello_time(bridge['hello_time']) # set max message age - br.max_age = bridge['max_age'] + br.set_max_age(bridge['max_age']) # set bridge priority - br.priority = bridge['priority'] + br.set_priority(bridge['priority']) # turn stp on/off - br.stp_state = bridge['stp'] + br.set_stp(bridge['stp']) # enable or disable IGMP querier - br.multicast_querier = bridge['igmp_querier'] + br.set_multicast_querier(bridge['igmp_querier']) # update interface description used e.g. within SNMP - br.ifalias = bridge['description'] + br.set_alias(bridge['description']) # Change interface MAC address if bridge['mac']: - br.mac = bridge['mac'] + br.set_mac(bridge['mac']) # remove interface from bridge for intf in bridge['member_remove']: @@ -219,7 +217,7 @@ def apply(bridge): # up/down interface if bridge['disable']: - br.state = 'down' + br.set_state('down') # Configure interface address(es) # - not longer required addresses get removed first @@ -231,16 +229,15 @@ def apply(bridge): # configure additional bridge member options for member in bridge['member']: - # set bridge port cost - br.set_cost(member['name'], member['cost']) - # set bridge port priority - br.set_priority(member['name'], member['priority']) - - i = Interface(member['name']) + i = STPIf(member['name']) # configure ARP cache timeout - i.arp_cache_tmo = bridge['arp_cache_tmo'] + i.set_arp_cache_tmo(bridge['arp_cache_tmo']) # ignore link state changes - i.link_detect = bridge['disable_link_detect'] + i.set_link_detect(bridge['disable_link_detect']) + # set bridge port path cost + i.set_path_cost(member['cost']) + # set bridge port path priority + i.set_path_priority(member['priority']) return None diff --git a/src/conf_mode/interface-dummy.py b/src/conf_mode/interface-dummy.py index 614fe08db..16b716e61 100755 --- a/src/conf_mode/interface-dummy.py +++ b/src/conf_mode/interface-dummy.py @@ -13,10 +13,9 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# -# -from os import environ +import os + from copy import deepcopy from sys import exit @@ -40,7 +39,7 @@ def get_config(): # determine tagNode instance try: - dummy['intf'] = environ['VYOS_TAGNODE_VALUE'] + dummy['intf'] = os.environ['VYOS_TAGNODE_VALUE'] except KeyError as E: print("Interface not specified") @@ -79,28 +78,28 @@ def generate(dummy): return None def apply(dummy): - du = DummyIf(dummy['intf']) + d = DummyIf(dummy['intf']) # Remove dummy interface if dummy['deleted']: - du.remove() + d.remove() else: - # enable interface - du.state = 'up' # update interface description used e.g. within SNMP - du.ifalias = dummy['description'] + d.set_alias(dummy['description']) # Configure interface address(es) # - not longer required addresses get removed first # - newly addresses will be added second for addr in dummy['address_remove']: - du.del_addr(addr) + d.del_addr(addr) for addr in dummy['address']: - du.add_addr(addr) + d.add_addr(addr) # disable interface on demand if dummy['disable']: - du.state = 'down' + d.set_state('down') + else + d.set_state('up') return None diff --git a/src/conf_mode/interface-ethernet.py b/src/conf_mode/interface-ethernet.py index f82105847..99450b19e 100755 --- a/src/conf_mode/interface-ethernet.py +++ b/src/conf_mode/interface-ethernet.py @@ -67,20 +67,20 @@ def apply_vlan_config(vlan, config): raise TypeError() # update interface description used e.g. within SNMP - vlan.ifalias = config['description'] + vlan.set_alias(config['description']) # ignore link state changes - vlan.link_detect = config['disable_link_detect'] + vlan.set_link_detect(config['disable_link_detect']) # Maximum Transmission Unit (MTU) - vlan.mtu = config['mtu'] + vlan.set_mtu(config['mtu']) # Change VLAN interface MAC address if config['mac']: - vlan.mac = config['mac'] + vlan.set_mac(config['mac']) # enable/disable VLAN interface if config['disable']: - vlan.state = 'down' + vlan.set_state('down') else: - vlan.state = 'up' + vlan.set_state('up') # Configure interface address(es) # - not longer required addresses get removed first @@ -271,32 +271,32 @@ def apply(eth): e.remove() else: # update interface description used e.g. within SNMP - e.ifalias = eth['description'] + e.set_alias(eth['description']) # # missing DHCP/DHCPv6 options go here # # ignore link state changes - e.link_detect = eth['disable_link_detect'] + e.set_link_detect(eth['disable_link_detect']) # disable ethernet flow control (pause frames) e.set_flow_control(eth['flow_control']) # configure ARP cache timeout in milliseconds - e.arp_cache_tmo = eth['ip_arp_cache_tmo'] + e.set_arp_cache_tmo(eth['ip_arp_cache_tmo']) # Enable proxy-arp on this interface - e.proxy_arp = eth['ip_proxy_arp'] + e.set_proxy_arp(eth['ip_proxy_arp']) # Enable private VLAN proxy ARP on this interface - e.proxy_arp_pvlan = eth['ip_proxy_arp_pvlan'] + e.set_proxy_arp_pvlan(eth['ip_proxy_arp_pvlan']) # Change interface MAC address - re-set to real hardware address (hw-id) # if custom mac is removed if eth['mac']: - e.mac = eth['mac'] + e.set_mac(eth['mac']) else: - e.mac = eth['hw_id'] + e.set_mac(eth['hw_id']) # Maximum Transmission Unit (MTU) - e.mtu = eth['mtu'] + e.set_mtu(eth['mtu']) # GRO (generic receive offload) e.set_gro(eth['offload_gro']) @@ -316,6 +316,12 @@ def apply(eth): # Set physical interface speed and duplex e.set_speed_duplex(eth['speed'], eth['duplex']) + # Enable/Disable interface + if eth['disable']: + e.set_state('down') + else: + e.set_state('up') + # Configure interface address(es) # - not longer required addresses get removed first # - newly addresses will be added second @@ -324,12 +330,6 @@ def apply(eth): for addr in eth['address']: e.add_addr(addr) - # Enable/Disable interface - if eth['disable']: - e.state = 'down' - else: - e.state = 'up' - # remove no longer required service VLAN interfaces (vif-s) for vif_s in eth['vif_s_remove']: e.del_vlan(vif_s) diff --git a/src/conf_mode/interface-loopback.py b/src/conf_mode/interface-loopback.py index a1a807868..10722d137 100755 --- a/src/conf_mode/interface-loopback.py +++ b/src/conf_mode/interface-loopback.py @@ -13,9 +13,9 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# -from os import environ +import os + from sys import exit from copy import deepcopy @@ -38,7 +38,7 @@ def get_config(): # determine tagNode instance try: - loopback['intf'] = environ['VYOS_TAGNODE_VALUE'] + loopback['intf'] = os.environ['VYOS_TAGNODE_VALUE'] except KeyError as E: print("Interface not specified") @@ -72,21 +72,20 @@ def generate(loopback): return None def apply(loopback): - lo = LoopbackIf(loopback['intf']) - if not loopback['deleted']: + l = LoopbackIf(loopback['intf']) + if loopback['deleted']: + l.remove() + else: # update interface description used e.g. within SNMP - # update interface description used e.g. within SNMP - lo.ifalias = loopback['description'] + l.set_alias(loopback['description']) # Configure interface address(es) # - not longer required addresses get removed first # - newly addresses will be added second + for addr in loopback['address_remove']: + l.del_addr(addr) for addr in loopback['address']: - lo.add_addr(addr) - - # remove interface address(es) - for addr in loopback['address_remove']: - lo.del_addr(addr) + l.add_addr(addr) return None diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py index 35e7928c2..57d565749 100755 --- a/src/conf_mode/interface-openvpn.py +++ b/src/conf_mode/interface-openvpn.py @@ -13,8 +13,6 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# -# import os import re @@ -31,8 +29,9 @@ from pwd import getpwnam from subprocess import Popen, PIPE from time import sleep -from vyos.config import Config from vyos import ConfigError +from vyos.config import Config +from vyos.ifconfig import Interface from vyos.validate import is_addr_assigned user = 'openvpn' @@ -580,7 +579,7 @@ def get_config(): # Minimum required TLS version if conf.exists('tls tls-version-min'): openvpn['tls_version_min'] = conf.return_value('tls tls-version-min') - + if conf.exists('shared-secret-key-file'): openvpn['shared_secret_file'] = conf.return_value('shared-secret-key-file') @@ -736,7 +735,7 @@ def verify(openvpn): if openvpn['tls_auth']: if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['tls_auth']): raise ConfigError('Specified auth-file "{}" is invalid'.format(openvpn['tls_auth'])) - + if openvpn['tls_cert']: if not checkCertHeader('-----BEGIN CERTIFICATE-----', openvpn['tls_cert']): raise ConfigError('Specified cert-file "{}" is invalid'.format(openvpn['tls_cert'])) @@ -901,6 +900,13 @@ def apply(openvpn): # execute assembled command subprocess_cmd(cmd) + + # better late then sorry ... but we can only set interface alias after + # OpenVPN has been launched and created the interface + while openvpn['intf'] not in interfaces(): + sleep(0.250) # 250ms + Interface(openvpn['intf']).set_alias(openvpn['description']) + return None diff --git a/src/conf_mode/interface-vxlan.py b/src/conf_mode/interface-vxlan.py index e97b4bf99..1097ae4d0 100755 --- a/src/conf_mode/interface-vxlan.py +++ b/src/conf_mode/interface-vxlan.py @@ -13,9 +13,9 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# -from os import environ +import os + from sys import exit from copy import deepcopy @@ -48,7 +48,7 @@ def get_config(): # determine tagNode instance try: - vxlan['intf'] = environ['VYOS_TAGNODE_VALUE'] + vxlan['intf'] = os.environ['VYOS_TAGNODE_VALUE'] except KeyError as E: print("Interface not specified") @@ -127,7 +127,7 @@ def verify(vxlan): if vxlan['link']: # VXLAN adds a 50 byte overhead - we need to check the underlaying MTU # if our configured MTU is at least 50 bytes less - underlay_mtu = int(Interface(vxlan['link']).mtu) + underlay_mtu = int(Interface(vxlan['link']).get_mtu()) if underlay_mtu < (vxlan['mtu'] + 50): raise ConfigError('VXLAN has a 50 byte overhead, underlaying device ' \ 'MTU is to small ({})'.format(underlay_mtu)) @@ -163,14 +163,14 @@ def apply(vxlan): # Finally create the new interface v = VXLANIf(vxlan['intf'], config=conf) # update interface description used e.g. by SNMP - v.ifalias = vxlan['description'] + v.set_alias(vxlan['description']) # Maximum Transfer Unit (MTU) - v.mtu = vxlan['mtu'] + v.set_mtu(vxlan['mtu']) # configure ARP cache timeout in milliseconds - v.arp_cache_tmp = vxlan['ip_arp_cache_tmo'] + v.set_arp_cache_tmo(vxlan['ip_arp_cache_tmo']) # Enable proxy-arp on this interface - v.proxy_arp = vxlan['ip_proxy_arp'] + v.set_proxy_arp(vxlan['ip_proxy_arp']) # Configure interface address(es) - no need to implicitly delete the # old addresses as they have already been removed by deleting the @@ -182,7 +182,7 @@ def apply(vxlan): # parameters we will only re-enable the interface if it is not # administratively disabled if not vxlan['disable']: - v.state='up' + v.set_state('up') return None diff --git a/src/conf_mode/interface-wireguard.py b/src/conf_mode/interface-wireguard.py index 4ae3251fe..3fd29ad4d 100755 --- a/src/conf_mode/interface-wireguard.py +++ b/src/conf_mode/interface-wireguard.py @@ -13,8 +13,6 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# -# import sys import os @@ -97,7 +95,7 @@ def get_config(): if c.exists(ifname + ' mtu'): config_data[ifname]['mtu'] = c.return_value(ifname + ' mtu') if c.exists(ifname + ' private-key'): - config_data[ifname]['pk'] = "{0}/{1}/private.key".format(kdir,c.return_value(ifname + ' private-key')) + config_data[ifname]['pk'] = "{0}/{1}/private.key".format(kdir,c.return_value(ifname + ' private-key')) if c.exists(ifname + ' peer'): for p in c.list_nodes(ifname + ' peer'): if not c.exists(ifname + ' peer ' + p + ' disable'): @@ -175,11 +173,11 @@ def apply(c): # interface state if c[ifname]['state'] == 'disable': sl.syslog(sl.LOG_NOTICE, "disable interface " + ifname) - intfc.state = 'down' + intfc.set_state('down') else: - if not intfc.state == 'up': + if not intfc.get_state() == 'up': sl.syslog(sl.LOG_NOTICE, "enable interface " + ifname) - intfc.state = 'up' + intfc.set_state('up') # IP address if not c_eff.exists_effective(ifname + ' address'): @@ -204,15 +202,15 @@ def apply(c): # interface MTU if c[ifname]['mtu'] != 1420: - intfc.mtu = int(c[ifname]['mtu']) + intfc.set_mtu(int(c[ifname]['mtu'])) else: # default is set to 1420 in config_data - intfc.mtu = int(c[ifname]['mtu']) + intfc.set_mtu(int(c[ifname]['mtu'])) # ifalias for snmp from description descr_eff = c_eff.return_effective_value(ifname + ' description') if descr_eff != c[ifname]['descr']: - intfc.ifalias = str(c[ifname]['descr']) + intfc.set_alias(str(c[ifname]['descr'])) # peer deletion peer_eff = c_eff.list_effective_nodes(ifname + ' peer') |