diff options
Diffstat (limited to 'src/conf_mode')
37 files changed, 142 insertions, 132 deletions
diff --git a/src/conf_mode/arp.py b/src/conf_mode/arp.py index 3daa892d7..fde7dc521 100755 --- a/src/conf_mode/arp.py +++ b/src/conf_mode/arp.py @@ -22,7 +22,7 @@ import re import syslog as sl from vyos.config import Config -from vyos.util import run +from vyos.util import call from vyos import ConfigError arp_cmd = '/usr/sbin/arp' @@ -82,12 +82,12 @@ def generate(c): def apply(c): for ip_addr in c['remove']: sl.syslog(sl.LOG_NOTICE, "arp -d " + ip_addr) - run(f'{arp_cmd} -d {ip_addr} >/dev/null 2>&1') + call(f'{arp_cmd} -d {ip_addr} >/dev/null 2>&1') for ip_addr in c['update']: sl.syslog(sl.LOG_NOTICE, "arp -s " + ip_addr + " " + c['update'][ip_addr]) updated = c['update'][ip_addr] - run(f'{arp_cmd} -s {ip_addr} {updated}') + call(f'{arp_cmd} -s {ip_addr} {updated}') if __name__ == '__main__': diff --git a/src/conf_mode/bcast_relay.py b/src/conf_mode/bcast_relay.py index f6d90776c..8d4c4a89a 100755 --- a/src/conf_mode/bcast_relay.py +++ b/src/conf_mode/bcast_relay.py @@ -24,7 +24,7 @@ from jinja2 import FileSystemLoader, Environment from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/etc/default/udp-broadcast-relay' @@ -155,7 +155,7 @@ def generate(relay): def apply(relay): # first stop all running services - run('sudo systemctl stop udp-broadcast-relay@{1..99}') + call('sudo systemctl stop udp-broadcast-relay@{1..99}') if (relay is None) or relay['disabled']: return None @@ -165,7 +165,7 @@ def apply(relay): # Don't start individual instance when it's disabled if r['disabled']: continue - run('sudo systemctl start udp-broadcast-relay@{0}'.format(r['id'])) + call('sudo systemctl start udp-broadcast-relay@{0}'.format(r['id'])) return None diff --git a/src/conf_mode/dhcp_relay.py b/src/conf_mode/dhcp_relay.py index 1d6d4c6e3..c92d6a4e1 100755 --- a/src/conf_mode/dhcp_relay.py +++ b/src/conf_mode/dhcp_relay.py @@ -22,7 +22,7 @@ from sys import exit from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/etc/default/isc-dhcp-relay' @@ -113,10 +113,10 @@ def generate(relay): def apply(relay): if relay is not None: - run('sudo systemctl restart isc-dhcp-relay.service') + call('sudo systemctl restart isc-dhcp-relay.service') else: # DHCP relay support is removed in the commit - run('sudo systemctl stop isc-dhcp-relay.service') + call('sudo systemctl stop isc-dhcp-relay.service') os.unlink(config_file) return None diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py index 69aebe2f4..553247b88 100755 --- a/src/conf_mode/dhcp_server.py +++ b/src/conf_mode/dhcp_server.py @@ -26,7 +26,7 @@ from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos.validate import is_subnet_connected from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/etc/dhcp/dhcpd.conf' @@ -628,7 +628,7 @@ def generate(dhcp): def apply(dhcp): if (dhcp is None) or dhcp['disabled']: # DHCP server is removed in the commit - run('sudo systemctl stop isc-dhcpv4-server.service') + call('sudo systemctl stop isc-dhcpv4-server.service') if os.path.exists(config_file): os.unlink(config_file) if os.path.exists(daemon_config_file): @@ -638,7 +638,7 @@ def apply(dhcp): if not os.path.exists(lease_file): os.mknod(lease_file) - run('sudo systemctl restart isc-dhcpv4-server.service') + call('sudo systemctl restart isc-dhcpv4-server.service') return None diff --git a/src/conf_mode/dhcpv6_relay.py b/src/conf_mode/dhcpv6_relay.py index a67deb6c7..9355d9794 100755 --- a/src/conf_mode/dhcpv6_relay.py +++ b/src/conf_mode/dhcpv6_relay.py @@ -23,7 +23,7 @@ from jinja2 import FileSystemLoader, Environment from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/etc/default/isc-dhcpv6-relay' @@ -100,10 +100,10 @@ def generate(relay): def apply(relay): if relay is not None: - run('sudo systemctl restart isc-dhcpv6-relay.service') + call('sudo systemctl restart isc-dhcpv6-relay.service') else: # DHCPv6 relay support is removed in the commit - run('sudo systemctl stop isc-dhcpv6-relay.service') + call('sudo systemctl stop isc-dhcpv6-relay.service') os.unlink(config_file) return None diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py index 003e80915..950ca1ce2 100755 --- a/src/conf_mode/dhcpv6_server.py +++ b/src/conf_mode/dhcpv6_server.py @@ -25,7 +25,7 @@ from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos.validate import is_subnet_connected from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/etc/dhcp/dhcpdv6.conf' @@ -364,7 +364,7 @@ def generate(dhcpv6): def apply(dhcpv6): if (dhcpv6 is None) or dhcpv6['disabled']: # DHCP server is removed in the commit - run('sudo systemctl stop isc-dhcpv6-server.service') + call('sudo systemctl stop isc-dhcpv6-server.service') if os.path.exists(config_file): os.unlink(config_file) if os.path.exists(daemon_config_file): @@ -374,7 +374,7 @@ def apply(dhcpv6): if not os.path.exists(lease_file): os.mknod(lease_file) - run('sudo systemctl restart isc-dhcpv6-server.service') + call('sudo systemctl restart isc-dhcpv6-server.service') return None diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py index 5dc599425..4071c05c9 100755 --- a/src/conf_mode/dns_forwarding.py +++ b/src/conf_mode/dns_forwarding.py @@ -26,7 +26,7 @@ from vyos.defaults import directories as vyos_data_dir from vyos.hostsd_client import Client as hostsd_client from vyos.util import wait_for_commit_lock from vyos import ConfigError -from vyos.util import run +from vyos.util import call parser = argparse.ArgumentParser() parser.add_argument("--dhclient", action="store_true", @@ -167,11 +167,11 @@ def generate(dns): def apply(dns): if dns is None: # DNS forwarding is removed in the commit - run("systemctl stop pdns-recursor") + call("systemctl stop pdns-recursor") if os.path.isfile(config_file): os.unlink(config_file) else: - run("systemctl restart pdns-recursor") + call("systemctl restart pdns-recursor") if __name__ == '__main__': args = parser.parse_args() diff --git a/src/conf_mode/dynamic_dns.py b/src/conf_mode/dynamic_dns.py index b9163f7b3..b54d76b06 100755 --- a/src/conf_mode/dynamic_dns.py +++ b/src/conf_mode/dynamic_dns.py @@ -24,7 +24,7 @@ from stat import S_IRUSR, S_IWUSR from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/etc/ddclient/ddclient.conf' @@ -257,11 +257,11 @@ def apply(dyndns): os.unlink('/etc/ddclient.conf') if dyndns['deleted']: - run('/etc/init.d/ddclient stop') + call('/etc/init.d/ddclient stop') if os.path.exists(dyndns['pid_file']): os.unlink(dyndns['pid_file']) else: - run('/etc/init.d/ddclient restart') + call('/etc/init.d/ddclient restart') return None diff --git a/src/conf_mode/firewall_options.py b/src/conf_mode/firewall_options.py index 90f004bc4..0b800f48f 100755 --- a/src/conf_mode/firewall_options.py +++ b/src/conf_mode/firewall_options.py @@ -21,7 +21,7 @@ import copy from vyos.config import Config from vyos import ConfigError -from vyos.util import run +from vyos.util import call default_config_data = { @@ -87,19 +87,19 @@ def apply(tcp): target = 'VYOS_FW_OPTIONS' # always cleanup iptables - run('iptables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) - run('iptables --table mangle --flush {} >&/dev/null'.format(target)) - run('iptables --table mangle --delete-chain {} >&/dev/null'.format(target)) + call('iptables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) + call('iptables --table mangle --flush {} >&/dev/null'.format(target)) + call('iptables --table mangle --delete-chain {} >&/dev/null'.format(target)) # always cleanup ip6tables - run('ip6tables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) - run('ip6tables --table mangle --flush {} >&/dev/null'.format(target)) - run('ip6tables --table mangle --delete-chain {} >&/dev/null'.format(target)) + call('ip6tables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) + call('ip6tables --table mangle --flush {} >&/dev/null'.format(target)) + call('ip6tables --table mangle --delete-chain {} >&/dev/null'.format(target)) # Setup new iptables rules if tcp['new_chain4']: - run('iptables --table mangle --new-chain {} >&/dev/null'.format(target)) - run('iptables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) + call('iptables --table mangle --new-chain {} >&/dev/null'.format(target)) + call('iptables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) for opts in tcp['intf_opts']: intf = opts['intf'] @@ -111,13 +111,13 @@ def apply(tcp): # adjust TCP MSS per interface if mss: - run('iptables --table mangle --append {} --out-interface {} --protocol tcp ' \ + call('iptables --table mangle --append {} --out-interface {} --protocol tcp ' '--tcp-flags SYN,RST SYN --jump TCPMSS --set-mss {} >&/dev/null'.format(target, intf, mss)) # Setup new ip6tables rules if tcp['new_chain6']: - run('ip6tables --table mangle --new-chain {} >&/dev/null'.format(target)) - run('ip6tables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) + call('ip6tables --table mangle --new-chain {} >&/dev/null'.format(target)) + call('ip6tables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) for opts in tcp['intf_opts']: intf = opts['intf'] @@ -129,7 +129,7 @@ def apply(tcp): # adjust TCP MSS per interface if mss: - run('ip6tables --table mangle --append {} --out-interface {} --protocol tcp ' + call('ip6tables --table mangle --append {} --out-interface {} --protocol tcp ' '--tcp-flags SYN,RST SYN --jump TCPMSS --set-mss {} >&/dev/null'.format(target, intf, mss)) return None diff --git a/src/conf_mode/host_name.py b/src/conf_mode/host_name.py index 690d1e030..7c2f79abc 100755 --- a/src/conf_mode/host_name.py +++ b/src/conf_mode/host_name.py @@ -33,7 +33,9 @@ import vyos.hostsd_client from vyos.config import Config from vyos import ConfigError -from vyos.util import cmd, run +from vyos.util import cmd +from vyos.util import call +from vyos.util import run default_config_data = { @@ -157,21 +159,21 @@ def apply(config): # rsyslog runs into a race condition at boot time with systemd # restart rsyslog only if the hostname changed. hostname_old = cmd('hostnamectl --static') - cmd(f'hostnamectl set-hostname --static {hostname_new}') + call(f'hostnamectl set-hostname --static {hostname_new}') # Restart services that use the hostname if hostname_new != hostname_old: - run("systemctl restart rsyslog.service") + call("systemctl restart rsyslog.service") # If SNMP is running, restart it too - ret = run("pgrep snmpd > /dev/null") + ret = run("pgrep snmpd") if ret == 0: - run("systemctl restart snmpd.service") + call("systemctl restart snmpd.service") # restart pdns if it is used - ret = run('/usr/bin/rec_control ping >/dev/null 2>&1') + ret = run('/usr/bin/rec_control ping') if ret == 0: - run('/etc/init.d/pdns-recursor restart >/dev/null') + call('/etc/init.d/pdns-recursor restart >/dev/null') return None diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py index 91b8aa34b..26f4aea7f 100755 --- a/src/conf_mode/http-api.py +++ b/src/conf_mode/http-api.py @@ -24,7 +24,8 @@ from copy import deepcopy import vyos.defaults from vyos.config import Config from vyos import ConfigError -from vyos.util import cmd, run +from vyos.util import cmd +from vyos.util import call config_file = '/etc/vyos/http-api.conf' @@ -91,9 +92,9 @@ def generate(http_api): def apply(http_api): if http_api is not None: - run('sudo systemctl restart vyos-http-api.service') + call('sudo systemctl restart vyos-http-api.service') else: - run('sudo systemctl stop vyos-http-api.service') + call('sudo systemctl stop vyos-http-api.service') for dep in dependencies: cmd(f'{vyos_conf_scripts_dir}/{dep}', raising=ConfigError) diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index 777792229..da7193c9b 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -26,7 +26,7 @@ import vyos.certbot_util from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = '/etc/nginx/sites-available/default' @@ -150,9 +150,9 @@ def generate(https): def apply(https): if https is not None: - run('sudo systemctl restart nginx.service') + call('sudo systemctl restart nginx.service') else: - run('sudo systemctl stop nginx.service') + call('sudo systemctl stop nginx.service') if __name__ == '__main__': try: diff --git a/src/conf_mode/igmp_proxy.py b/src/conf_mode/igmp_proxy.py index abe473530..77e2bb150 100755 --- a/src/conf_mode/igmp_proxy.py +++ b/src/conf_mode/igmp_proxy.py @@ -24,7 +24,7 @@ from netifaces import interfaces from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/etc/igmpproxy.conf' @@ -131,11 +131,11 @@ def generate(igmp_proxy): def apply(igmp_proxy): if igmp_proxy is None or igmp_proxy['disable']: # IGMP Proxy support is removed in the commit - run('sudo systemctl stop igmpproxy.service') + call('sudo systemctl stop igmpproxy.service') if os.path.exists(config_file): os.unlink(config_file) else: - run('systemctl restart igmpproxy.service') + call('systemctl restart igmpproxy.service') return None diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index 6a002bc06..32aa2826b 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -24,7 +24,8 @@ from vyos.ifconfig import BondIf from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config from vyos.configdict import list_diff, vlan_to_dict from vyos.config import Config -from vyos.util import run, is_bridge_member +from vyos.util import is_bridge_member +from vyos.util import call from vyos import ConfigError default_config_data = { @@ -91,7 +92,7 @@ def get_config(): if not os.path.isfile('/sys/class/net/bonding_masters'): import syslog syslog.syslog(syslog.LOG_NOTICE, "loading bonding kernel module") - if run('modprobe bonding max_bonds=0 miimon=250') != 0: + if call('modprobe bonding max_bonds=0 miimon=250') != 0: syslog.syslog(syslog.LOG_NOTICE, "failed loading bonding kernel module") raise ConfigError("failed loading bonding kernel module") diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index 0400cb849..11ba9acdd 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -22,7 +22,8 @@ from copy import deepcopy from vyos.config import Config from vyos.ifconfig import L2TPv3If, Interface from vyos import ConfigError -from vyos.util import run, is_bridge_member +from vyos.util import call +from vyos.util import is_bridge_member from netifaces import interfaces default_config_data = { @@ -51,7 +52,7 @@ def check_kmod(): modules = ['l2tp_eth', 'l2tp_netlink', 'l2tp_ip', 'l2tp_ip6'] for module in modules: if not os.path.exists(f'/sys/module/{module}'): - if run(f'modprobe {module}') != 0: + if call(f'modprobe {module}') != 0: raise ConfigError(f'Loading Kernel module {module} failed') def get_config(): diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 8e80a85a2..8bf81c747 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -24,7 +24,8 @@ from netifaces import interfaces from vyos.config import Config from vyos.configdict import list_diff from vyos.ifconfig import WireGuardIf -from vyos.util import chown, run, is_bridge_member, chmod_750 +from vyos.util import chown, is_bridge_member, chmod_750 +from vyos.util import call from vyos import ConfigError kdir = r'/config/auth/wireguard' @@ -49,7 +50,7 @@ def _check_kmod(): modules = ['wireguard'] for module in modules: if not os.path.exists(f'/sys/module/{module}'): - if run(f'modprobe {module}') != 0: + if call(f'modprobe {module}') != 0: raise ConfigError(f'Loading Kernel module {module} failed') diff --git a/src/conf_mode/interfaces-wirelessmodem.py b/src/conf_mode/interfaces-wirelessmodem.py index e5af37b8f..c44a993c4 100755 --- a/src/conf_mode/interfaces-wirelessmodem.py +++ b/src/conf_mode/interfaces-wirelessmodem.py @@ -23,7 +23,9 @@ from netifaces import interfaces from vyos.config import Config from vyos.defaults import directories as vyos_data_dir -from vyos.util import chown, chmod_x, cmd, run, is_bridge_member +from vyos.util import chown, chmod_x, is_bridge_member +from vyos.util import cmd +from vyos.util import call from vyos import ConfigError default_config_data = { @@ -48,7 +50,7 @@ def check_kmod(): modules = ['option', 'usb_wwan', 'usbserial'] for module in modules: if not os.path.exists(f'/sys/module/{module}'): - if run(f'modprobe {module}') != 0: + if call(f'modprobe {module}') != 0: raise ConfigError(f'Loading Kernel module {module} failed') def get_config(): diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py index c2f5c8e07..dc04e9131 100755 --- a/src/conf_mode/ipsec-settings.py +++ b/src/conf_mode/ipsec-settings.py @@ -24,7 +24,7 @@ from sys import exit from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import run +from vyos.util import call ra_conn_name = "remote-access" charon_conf_file = "/etc/strongswan.d/charon.conf" @@ -99,7 +99,7 @@ def get_config(): ### Remove config from file by delimiter def remove_confs(delim_begin, delim_end, conf_file): - run("sed -i '/"+delim_begin+"/,/"+delim_end+"/d' "+conf_file) + call("sed -i '/"+delim_begin+"/,/"+delim_end+"/d' "+conf_file) ### Checking certificate storage and notice if certificate not in /config directory @@ -112,7 +112,7 @@ def check_cert_file_store(cert_name, file_path, dts_path): else: ### Cpy file to /etc/ipsec.d/certs/ /etc/ipsec.d/cacerts/ # todo make check - ret = run('cp -f '+file_path+' '+dts_path) + ret = call('cp -f '+file_path+' '+dts_path) if ret: raise ConfigError("L2TP VPN configuration error: Cannot copy "+file_path) @@ -193,12 +193,12 @@ def generate(data): remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_conf_flie) def restart_ipsec(): - run('ipsec restart >&/dev/null') + call('ipsec restart >&/dev/null') # counter for apply swanctl config counter = 10 while counter <= 10: if os.path.exists(charon_pidfile): - run('swanctl -q >&/dev/null') + call('swanctl -q >&/dev/null') break counter -=1 sleep(1) diff --git a/src/conf_mode/le_cert.py b/src/conf_mode/le_cert.py index a4dbecbaa..4b365a566 100755 --- a/src/conf_mode/le_cert.py +++ b/src/conf_mode/le_cert.py @@ -22,7 +22,8 @@ import os import vyos.defaults from vyos.config import Config from vyos import ConfigError -from vyos.util import cmd, run +from vyos.util import cmd +from vyos.util import call vyos_conf_scripts_dir = vyos.defaults.directories['conf_mode'] @@ -85,17 +86,17 @@ def generate(cert): # certbot will attempt to reload nginx, even with 'certonly'; # start nginx if not active - ret = run('systemctl is-active --quiet nginx.ervice') + ret = call('systemctl is-active --quiet nginx.ervice') if ret: - run('sudo systemctl start nginx.service') + call('sudo systemctl start nginx.service') request_certbot(cert) def apply(cert): if cert is not None: - run('sudo systemctl restart certbot.timer') + call('sudo systemctl restart certbot.timer') else: - run('sudo systemctl stop certbot.timer') + call('sudo systemctl stop certbot.timer') return None for dep in dependencies: diff --git a/src/conf_mode/lldp.py b/src/conf_mode/lldp.py index c090bba83..ec59c68d0 100755 --- a/src/conf_mode/lldp.py +++ b/src/conf_mode/lldp.py @@ -26,7 +26,7 @@ from vyos.validate import is_addr_assigned,is_loopback_addr from vyos.defaults import directories as vyos_data_dir from vyos.version import get_version_data from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = "/etc/default/lldpd" @@ -241,10 +241,10 @@ def generate(lldp): def apply(lldp): if lldp: # start/restart lldp service - run('sudo systemctl restart lldpd.service') + call('sudo systemctl restart lldpd.service') else: # LLDP service has been terminated - run('sudo systemctl stop lldpd.service') + call('sudo systemctl stop lldpd.service') os.unlink(config_file) os.unlink(vyos_config_file) diff --git a/src/conf_mode/mdns_repeater.py b/src/conf_mode/mdns_repeater.py index 2bccd9153..9230aaf61 100755 --- a/src/conf_mode/mdns_repeater.py +++ b/src/conf_mode/mdns_repeater.py @@ -24,7 +24,7 @@ from netifaces import ifaddresses, AF_INET from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/etc/default/mdns-repeater' @@ -96,11 +96,11 @@ def generate(mdns): def apply(mdns): if (mdns is None) or mdns['disabled']: - run('sudo systemctl stop mdns-repeater') + call('sudo systemctl stop mdns-repeater') if os.path.exists(config_file): os.unlink(config_file) else: - run('sudo systemctl restart mdns-repeater') + call('sudo systemctl restart mdns-repeater') return None diff --git a/src/conf_mode/ntp.py b/src/conf_mode/ntp.py index 998022a8c..75328dfd7 100755 --- a/src/conf_mode/ntp.py +++ b/src/conf_mode/ntp.py @@ -24,7 +24,7 @@ from sys import exit from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/etc/ntp.conf' @@ -114,10 +114,10 @@ def generate(ntp): def apply(ntp): if ntp is not None: - run('sudo systemctl restart ntp.service') + call('sudo systemctl restart ntp.service') else: # NTP support is removed in the commit - run('sudo systemctl stop ntp.service') + call('sudo systemctl stop ntp.service') os.unlink(config_file) return None diff --git a/src/conf_mode/protocols_bfd.py b/src/conf_mode/protocols_bfd.py index a62d2158e..cf4db5f54 100755 --- a/src/conf_mode/protocols_bfd.py +++ b/src/conf_mode/protocols_bfd.py @@ -24,7 +24,7 @@ from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos.validate import is_ipv6_link_local, is_ipv6 from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/tmp/bfd.frr' @@ -207,7 +207,7 @@ def apply(bfd): if bfd is None: return None - run("vtysh -d bfdd -f " + config_file) + call("vtysh -d bfdd -f " + config_file) if os.path.exists(config_file): os.remove(config_file) diff --git a/src/conf_mode/protocols_igmp.py b/src/conf_mode/protocols_igmp.py index 6e819a15a..141b1950d 100755 --- a/src/conf_mode/protocols_igmp.py +++ b/src/conf_mode/protocols_igmp.py @@ -23,7 +23,7 @@ from sys import exit from vyos import ConfigError from vyos.config import Config from vyos.defaults import directories as vyos_data_dir -from vyos.util import run +from vyos.util import call config_file = r'/tmp/igmp.frr' @@ -105,7 +105,7 @@ def apply(igmp): return None if os.path.exists(config_file): - run("sudo vtysh -d pimd -f " + config_file) + call("sudo vtysh -d pimd -f " + config_file) os.remove(config_file) return None diff --git a/src/conf_mode/protocols_mpls.py b/src/conf_mode/protocols_mpls.py index 6e5d08397..b5753aea8 100755 --- a/src/conf_mode/protocols_mpls.py +++ b/src/conf_mode/protocols_mpls.py @@ -21,13 +21,13 @@ from jinja2 import FileSystemLoader, Environment from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/tmp/ldpd.frr' def sysctl(name, value): - run('sysctl -wq {}={}'.format(name, value)) + call('sysctl -wq {}={}'.format(name, value)) def get_config(): conf = Config() @@ -162,7 +162,7 @@ def apply(mpls): operate_mpls_on_intfc(diactive_ifaces, 0) if os.path.exists(config_file): - run("sudo vtysh -d ldpd -f " + config_file) + call("sudo vtysh -d ldpd -f " + config_file) os.remove(config_file) return None diff --git a/src/conf_mode/protocols_pim.py b/src/conf_mode/protocols_pim.py index 9b74fe992..44fc9293b 100755 --- a/src/conf_mode/protocols_pim.py +++ b/src/conf_mode/protocols_pim.py @@ -23,7 +23,7 @@ from sys import exit from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/tmp/pimd.frr' @@ -132,7 +132,7 @@ def apply(pim): return None if os.path.exists(config_file): - run("vtysh -d pimd -f " + config_file) + call("vtysh -d pimd -f " + config_file) os.remove(config_file) return None diff --git a/src/conf_mode/salt-minion.py b/src/conf_mode/salt-minion.py index bd1d44bc8..bfc3a707e 100755 --- a/src/conf_mode/salt-minion.py +++ b/src/conf_mode/salt-minion.py @@ -26,7 +26,7 @@ from urllib3 import PoolManager from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/etc/salt/minion' @@ -126,10 +126,10 @@ def generate(salt): def apply(salt): if salt is not None: - run("sudo systemctl restart salt-minion") + call("sudo systemctl restart salt-minion") else: # Salt access is removed in the commit - run("sudo systemctl stop salt-minion") + call("sudo systemctl stop salt-minion") os.unlink(config_file) return None diff --git a/src/conf_mode/service-router-advert.py b/src/conf_mode/service-router-advert.py index 0173b7242..75a324260 100755 --- a/src/conf_mode/service-router-advert.py +++ b/src/conf_mode/service-router-advert.py @@ -23,7 +23,7 @@ from sys import exit from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/etc/radvd.conf' @@ -158,13 +158,13 @@ def generate(rtradv): def apply(rtradv): if not rtradv['interfaces']: # bail out early - looks like removal from running config - run('systemctl stop radvd.service') + call('systemctl stop radvd.service') if os.path.exists(config_file): os.unlink(config_file) return None - run('systemctl restart radvd.service') + call('systemctl restart radvd.service') return None if __name__ == '__main__': diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index 414236c88..4a69e8742 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -27,7 +27,7 @@ from vyos.defaults import directories as vyos_data_dir from vyos.validate import is_ipv4, is_addr_assigned from vyos.version import get_version_data from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file_client = r'/etc/snmp/snmp.conf' @@ -509,7 +509,7 @@ def generate(snmp): # # As we are manipulating the snmpd user database we have to stop it first! # This is even save if service is going to be removed - run('systemctl stop snmpd.service') + call('systemctl stop snmpd.service') config_files = [config_file_client, config_file_daemon, config_file_access, config_file_user] for file in config_files: @@ -554,7 +554,7 @@ def apply(snmp): return None # start SNMP daemon - run("systemctl restart snmpd.service") + call("systemctl restart snmpd.service") # Passwords are not available immediately in the configuration file, # after daemon startup - we wait until they have been processed by @@ -595,15 +595,15 @@ def apply(snmp): # Now update the running configuration # - # Currently when executing run() the environment does not + # Currently when executing call() the environment does not # have the vyos_libexec_dir variable set, see Phabricator T685. - run('/opt/vyatta/sbin/my_set service snmp v3 user "{0}" auth encrypted-key "{1}" > /dev/null'.format(cfg['user'], cfg['auth_pw'])) - run('/opt/vyatta/sbin/my_set service snmp v3 user "{0}" privacy encrypted-key "{1}" > /dev/null'.format(cfg['user'], cfg['priv_pw'])) - run('/opt/vyatta/sbin/my_delete service snmp v3 user "{0}" auth plaintext-key > /dev/null'.format(cfg['user'])) - run('/opt/vyatta/sbin/my_delete service snmp v3 user "{0}" privacy plaintext-key > /dev/null'.format(cfg['user'])) + call('/opt/vyatta/sbin/my_set service snmp v3 user "{0}" auth encrypted-key "{1}" > /dev/null'.format(cfg['user'], cfg['auth_pw'])) + call('/opt/vyatta/sbin/my_set service snmp v3 user "{0}" privacy encrypted-key "{1}" > /dev/null'.format(cfg['user'], cfg['priv_pw'])) + call('/opt/vyatta/sbin/my_delete service snmp v3 user "{0}" auth plaintext-key > /dev/null'.format(cfg['user'])) + call('/opt/vyatta/sbin/my_delete service snmp v3 user "{0}" privacy plaintext-key > /dev/null'.format(cfg['user'])) # Enable AgentX in FRR - run('vtysh -c "configure terminal" -c "agentx" >/dev/null') + call('vtysh -c "configure terminal" -c "agentx" >/dev/null') return None diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index a85dcd7f2..a6cdb7ccc 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -21,7 +21,7 @@ from sys import exit from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/etc/ssh/sshd_config' @@ -133,10 +133,10 @@ def generate(ssh): def apply(ssh): if ssh is not None and 'port' in ssh.keys(): - run("sudo systemctl restart ssh.service") + call("sudo systemctl restart ssh.service") else: # SSH access is removed in the commit - run("sudo systemctl stop ssh.service") + call("sudo systemctl stop ssh.service") if os.path.isfile(config_file): os.unlink(config_file) diff --git a/src/conf_mode/system-ip.py b/src/conf_mode/system-ip.py index 66f563939..8a1ac8411 100755 --- a/src/conf_mode/system-ip.py +++ b/src/conf_mode/system-ip.py @@ -20,7 +20,7 @@ from sys import exit from copy import deepcopy from vyos.config import Config from vyos import ConfigError -from vyos.util import run +from vyos.util import call default_config_data = { @@ -31,7 +31,7 @@ default_config_data = { } def sysctl(name, value): - run('sysctl -wq {}={}'.format(name, value)) + call('sysctl -wq {}={}'.format(name, value)) def get_config(): ip_opt = deepcopy(default_config_data) diff --git a/src/conf_mode/system-ipv6.py b/src/conf_mode/system-ipv6.py index 4e3de6fe9..04a063564 100755 --- a/src/conf_mode/system-ipv6.py +++ b/src/conf_mode/system-ipv6.py @@ -21,7 +21,7 @@ from sys import exit from copy import deepcopy from vyos.config import Config from vyos import ConfigError -from vyos.util import run +from vyos.util import call ipv6_disable_file = '/etc/modprobe.d/vyos_disable_ipv6.conf' @@ -37,7 +37,7 @@ default_config_data = { } def sysctl(name, value): - run('sysctl -wq {}={}'.format(name, value)) + call('sysctl -wq {}={}'.format(name, value)) def get_config(): ip_opt = deepcopy(default_config_data) diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 7c99fce39..43732cfae 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -26,7 +26,8 @@ from vyos.config import Config from vyos.configdict import list_diff from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import cmd, run +from vyos.util import cmd +from vyos.util import call radius_config_file = "/etc/pam_radius_auth.conf" @@ -207,8 +208,8 @@ def generate(login): # remove old plaintext password # and set new encrypted password - run("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication plaintext-password '' >/dev/null".format(user['name'])) - run("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication encrypted-password '{}' >/dev/null".format(user['name'], user['password_encrypted'])) + os.system("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication plaintext-password '' >/dev/null".format(user['name'])) + os.system("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication encrypted-password '{}' >/dev/null".format(user['name'], user['password_encrypted'])) if len(login['radius_server']) > 0: # Prepare Jinja2 template loader from files @@ -255,7 +256,7 @@ def apply(login): command += " {}".format(user['name']) try: - run(command) + call(command) uid = getpwnam(user['name']).pw_uid gid = getpwnam(user['name']).pw_gid @@ -295,10 +296,10 @@ def apply(login): # Logout user if he is logged in if user in list(set([tmp[0] for tmp in users()])): print('{} is logged in, forcing logout'.format(user)) - run('pkill -HUP -u {}'.format(user)) + call('pkill -HUP -u {}'.format(user)) # Remove user account but leave home directory to be safe - run('userdel -r {} 2>/dev/null'.format(user)) + call('userdel -r {} 2>/dev/null'.format(user)) except Exception as e: raise ConfigError('Deleting user "{}" raised an exception: {}'.format(user, e)) @@ -309,7 +310,7 @@ def apply(login): if len(login['radius_server']) > 0: try: # Enable RADIUS in PAM - run("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --enable radius") + os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --enable radius") # Make NSS system aware of RADIUS, too command = "sed -i -e \'/\smapname/b\' \ @@ -320,7 +321,7 @@ def apply(login): -e \'/^group:[^#]*$/s/: */&mapname /\' \ /etc/nsswitch.conf" - run(command) + call(command) except Exception as e: raise ConfigError('RADIUS configuration failed: {}'.format(e)) @@ -328,7 +329,7 @@ def apply(login): else: try: # Disable RADIUS in PAM - run("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --remove radius") + os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --remove radius") command = "sed -i -e \'/^passwd:.*mapuid[ \t]/s/mapuid[ \t]//\' \ -e \'/^passwd:.*[ \t]mapname/s/[ \t]mapname//\' \ @@ -336,7 +337,7 @@ def apply(login): -e \'s/[ \t]*$//\' \ /etc/nsswitch.conf" - run(command) + call(command) except Exception as e: raise ConfigError('Removing RADIUS configuration failed'.format(e)) diff --git a/src/conf_mode/system-options.py b/src/conf_mode/system-options.py index 063a82463..b3dbc82fb 100755 --- a/src/conf_mode/system-options.py +++ b/src/conf_mode/system-options.py @@ -52,9 +52,9 @@ def generate(opt): def apply(opt): # Beep action if opt['beep_if_fully_booted']: - run('systemctl enable vyos-beep.service >/dev/null 2>&1') + run('systemctl enable vyos-beep.service') else: - run('systemctl disable vyos-beep.service >/dev/null 2>&1') + run('systemctl disable vyos-beep.service') # Ctrl-Alt-Delete action if opt['ctrl_alt_del'] == 'ignore': diff --git a/src/conf_mode/system-timezone.py b/src/conf_mode/system-timezone.py index 2f8dc9e89..25b949a79 100755 --- a/src/conf_mode/system-timezone.py +++ b/src/conf_mode/system-timezone.py @@ -20,7 +20,7 @@ import os from copy import deepcopy from vyos.config import Config from vyos import ConfigError -from vyos.util import run +from vyos.util import call default_config_data = { @@ -42,7 +42,7 @@ def generate(tz): pass def apply(tz): - run('/usr/bin/timedatectl set-timezone {}'.format(tz['name'])) + call('/usr/bin/timedatectl set-timezone {}'.format(tz['name'])) if __name__ == '__main__': try: diff --git a/src/conf_mode/tftp_server.py b/src/conf_mode/tftp_server.py index df8155084..7a7246783 100755 --- a/src/conf_mode/tftp_server.py +++ b/src/conf_mode/tftp_server.py @@ -27,7 +27,7 @@ from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos.validate import is_ipv4, is_addr_assigned from vyos import ConfigError -from vyos.util import run +from vyos.util import call config_file = r'/etc/default/tftpd' @@ -115,7 +115,7 @@ def generate(tftpd): def apply(tftpd): # stop all services first - then we will decide - run('systemctl stop tftpd@{0..20}') + call('systemctl stop tftpd@{0..20}') # bail out early - e.g. service deletion if tftpd is None: @@ -140,7 +140,7 @@ def apply(tftpd): idx = 0 for listen in tftpd['listen']: - run('systemctl restart tftpd@{0}.service'.format(idx)) + call('systemctl restart tftpd@{0}.service'.format(idx)) idx = idx + 1 return None diff --git a/src/conf_mode/vrrp.py b/src/conf_mode/vrrp.py index d3e3710d1..3f1b73385 100755 --- a/src/conf_mode/vrrp.py +++ b/src/conf_mode/vrrp.py @@ -27,7 +27,7 @@ import vyos.keepalived from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError -from vyos.util import run +from vyos.util import call daemon_file = "/etc/default/keepalived" config_file = "/etc/keepalived/keepalived.conf" @@ -242,17 +242,17 @@ def apply(data): if not vyos.keepalived.vrrp_running(): print("Starting the VRRP process") - ret = run("sudo systemctl restart keepalived.service") + ret = call("sudo systemctl restart keepalived.service") else: print("Reloading the VRRP process") - ret = run("sudo systemctl reload keepalived.service") + ret = call("sudo systemctl reload keepalived.service") if ret != 0: raise ConfigError("keepalived failed to start") else: # VRRP is removed in the commit print("Stopping the VRRP process") - run("sudo systemctl stop keepalived.service") + call("sudo systemctl stop keepalived.service") os.unlink(config_file) return None |