11 files changed, 85 insertions, 30 deletions

diff --git a/src/migration-scripts/container/0-to-1 b/src/migration-scripts/container/0-to-1
index d0461389b..86f89ee04 100755
--- a/src/migration-scripts/container/0-to-1
+++ b/src/migration-scripts/container/0-to-1
@@ -21,7 +21,7 @@ import shutil
 import sys
 
 from vyos.configtree import ConfigTree
-from vyos.util import call
+from vyos.utils.process import call
 
 if (len(sys.argv) < 1):
     print("Must specify file name!")
@@ -39,12 +39,12 @@ config = ConfigTree(config_file)
 if config.exists(base):
     for container in config.list_nodes(base):
         # Stop any given container first
-        call(f'systemctl stop vyos-container-{container}.service')
+        call(f'sudo systemctl stop vyos-container-{container}.service')
         # Export container image for later re-import to new filesystem. We store
         # the backup on a real disk as a tmpfs (like /tmp) could probably lack
         # memory if a host has too many containers stored.
         image_name = config.return_value(base + [container, 'image'])
-        call(f'podman image save --quiet --output /root/{container}.tar --format oci-archive {image_name}')
+        call(f'sudo podman image save --quiet --output /root/{container}.tar --format oci-archive {image_name}')
 
 # No need to adjust the strage driver online (this is only used for testing and
 # debugging on a live system) - it is already overlay2 when the migration script
@@ -66,10 +66,10 @@ if config.exists(base):
         # Export container image for later re-import to new filesystem
         image_name = config.return_value(base + [container, 'image'])
         image_path = f'/root/{container}.tar'
-        call(f'podman image load --quiet --input {image_path}')
+        call(f'sudo podman image load --quiet --input {image_path}')
 
         # Start any given container first
-        call(f'systemctl start vyos-container-{container}.service')
+        call(f'sudo systemctl start vyos-container-{container}.service')
 
         # Delete temporary container image
         if os.path.exists(image_path):
diff --git a/src/migration-scripts/interfaces/24-to-25 b/src/migration-scripts/interfaces/24-to-25
index 4095f2a3e..f3a1dc464 100755
--- a/src/migration-scripts/interfaces/24-to-25
+++ b/src/migration-scripts/interfaces/24-to-25
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -19,6 +19,7 @@
 
 import os
 import sys
+
 from vyos.configtree import ConfigTree
 from vyos.pki import CERT_BEGIN
 from vyos.pki import load_certificate
@@ -29,7 +30,7 @@ from vyos.pki import encode_certificate
 from vyos.pki import encode_dh_parameters
 from vyos.pki import encode_private_key
 from vyos.pki import verify_crl
-from vyos.util import run
+from vyos.utils.process import run
 
 def wrapped_pem_to_config_value(pem):
     out = []
@@ -241,7 +242,7 @@ if config.exists(base):
                 config.set(pki_base + ['certificate', pki_name, 'private', 'key'], value=wrapped_pem_to_config_value(key_pem))
             else:
                 print(f'Failed to migrate private key on openvpn interface {interface}')
-                
+
             config.delete(x509_base + ['key-file'])
 
         if config.exists(x509_base + ['dh-file']):
@@ -276,7 +277,7 @@ base = ['interfaces', 'wireguard']
 if config.exists(base):
     for interface in config.list_nodes(base):
         private_key_path = base + [interface, 'private-key']
-        
+
         key_file = 'default'
         if config.exists(private_key_path):
             key_file = config.return_value(private_key_path)
@@ -375,7 +376,7 @@ if config.exists(base):
                 config.set(pki_base + ['certificate', pki_name, 'private', 'key'], value=wrapped_pem_to_config_value(key_pem))
             else:
                 print(f'Failed to migrate private key on eapol config for interface {interface}')
-                
+
             config.delete(x509_base + ['key-file'])
 
 try:
diff --git a/src/migration-scripts/interfaces/7-to-8 b/src/migration-scripts/interfaces/7-to-8
index a4051301f..9845098a7 100755
--- a/src/migration-scripts/interfaces/7-to-8
+++ b/src/migration-scripts/interfaces/7-to-8
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2020 VyOS maintainers and contributors
+# Copyright (C) 2020-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -21,7 +21,8 @@ import os
 
 from sys import exit, argv
 from vyos.configtree import ConfigTree
-from vyos.util import chown, chmod_750
+from vyos.utils.permission import chown
+from vyos.utils.permission import chmod_750
 
 def migrate_default_keys():
     kdir = r'/config/auth/wireguard'
diff --git a/src/migration-scripts/ipsec/6-to-7 b/src/migration-scripts/ipsec/6-to-7
index 788a87095..649a18cb3 100755
--- a/src/migration-scripts/ipsec/6-to-7
+++ b/src/migration-scripts/ipsec/6-to-7
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -27,7 +27,7 @@ from vyos.pki import load_crl
 from vyos.pki import load_private_key
 from vyos.pki import encode_certificate
 from vyos.pki import encode_private_key
-from vyos.util import run
+from vyos.utils.process import run
 
 if (len(argv) < 1):
     print("Must specify file name!")
@@ -127,7 +127,7 @@ if config.exists(ipsec_site_base):
                 config.set(pki_base + ['ca', pki_name, 'crl'], value=wrapped_pem_to_config_value(crl_pem))
             else:
                 print(f'Failed to migrate CRL on peer "{peer}"')
-            
+
             config.delete(peer_x509_base + ['crl-file'])
 
         if config.exists(peer_x509_base + ['key', 'file']):
@@ -157,7 +157,7 @@ if config.exists(ipsec_site_base):
                     config.set(peer_x509_base + ['private-key-passphrase'], value=key_passphrase)
             else:
                 print(f'Failed to migrate private key on peer "{peer}"')
-                
+
             config.delete(peer_x509_base + ['key'])
 
 if changes_made:
diff --git a/src/migration-scripts/l2tp/3-to-4 b/src/migration-scripts/l2tp/3-to-4
index 18eabadec..ee6079864 100755
--- a/src/migration-scripts/l2tp/3-to-4
+++ b/src/migration-scripts/l2tp/3-to-4
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -27,7 +27,7 @@ from vyos.pki import load_crl
 from vyos.pki import load_private_key
 from vyos.pki import encode_certificate
 from vyos.pki import encode_private_key
-from vyos.util import run
+from vyos.utils.process import run
 
 if (len(argv) < 1):
     print("Must specify file name!")
@@ -156,7 +156,7 @@ if config.exists(x509_base + ['server-key-file']):
             config.set(x509_base + ['private-key-passphrase'], value=key_passphrase)
     else:
         print(f'Failed to migrate private key on l2tp remote-access config')
-        
+
     config.delete(x509_base + ['server-key-file'])
     if config.exists(x509_base + ['server-key-password']):
         config.delete(x509_base + ['server-key-password'])
diff --git a/src/migration-scripts/openconnect/0-to-1 b/src/migration-scripts/openconnect/0-to-1
index 83cd09143..b26023a5b 100755
--- a/src/migration-scripts/openconnect/0-to-1
+++ b/src/migration-scripts/openconnect/0-to-1
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -26,7 +26,7 @@ from vyos.pki import load_crl
 from vyos.pki import load_private_key
 from vyos.pki import encode_certificate
 from vyos.pki import encode_private_key
-from vyos.util import run
+from vyos.utils.process import run
 
 if (len(argv) < 1):
     print("Must specify file name!")
@@ -125,7 +125,7 @@ if config.exists(x509_base + ['key-file']):
         config.set(pki_base + ['certificate', pki_name, 'private', 'key'], value=wrapped_pem_to_config_value(key_pem))
     else:
         print(f'Failed to migrate private key on openconnect config')
-        
+
     config.delete(x509_base + ['key-file'])
 
 try:
diff --git a/src/migration-scripts/policy/3-to-4 b/src/migration-scripts/policy/3-to-4
index bae30cffc..49e0b4c38 100755
--- a/src/migration-scripts/policy/3-to-4
+++ b/src/migration-scripts/policy/3-to-4
@@ -51,7 +51,7 @@ def community_migrate(config: ConfigTree, rule: list[str]) -> bool:
     :rtype: bool
     """
     community_list = list((config.return_value(rule)).split(" "))
-    config.delete(rule)
+
     if 'none' in community_list:
         config.set(rule + ['none'])
         return False
@@ -61,8 +61,10 @@ def community_migrate(config: ConfigTree, rule: list[str]) -> bool:
             community_action = 'add'
             community_list.remove('additive')
         for community in community_list:
-            config.set(rule + [community_action], value=community,
-                       replace=False)
+            if len(community):
+                config.set(rule + [community_action], value=community,
+                        replace=False)
+                config.delete(rule)
         if community_action == 'replace':
             return False
         else:
diff --git a/src/migration-scripts/qos/1-to-2 b/src/migration-scripts/qos/1-to-2
index 14d3a6e0a..a689bacc5 100755
--- a/src/migration-scripts/qos/1-to-2
+++ b/src/migration-scripts/qos/1-to-2
@@ -18,7 +18,7 @@ from sys import argv,exit
 
 from vyos.base import Warning
 from vyos.configtree import ConfigTree
-from vyos.util import read_file
+from vyos.utils.file import read_file
 
 def bandwidth_percent_to_val(interface, percent) -> int:
     speed = read_file(f'/sys/class/net/{interface}/speed')
diff --git a/src/migration-scripts/sstp/3-to-4 b/src/migration-scripts/sstp/3-to-4
index 0568f043f..ea814fdc5 100755
--- a/src/migration-scripts/sstp/3-to-4
+++ b/src/migration-scripts/sstp/3-to-4
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -26,7 +26,7 @@ from vyos.pki import load_crl
 from vyos.pki import load_private_key
 from vyos.pki import encode_certificate
 from vyos.pki import encode_private_key
-from vyos.util import run
+from vyos.utils.process import run
 
 if (len(argv) < 1):
     print("Must specify file name!")
@@ -125,7 +125,7 @@ if config.exists(x509_base + ['key-file']):
         config.set(pki_base + ['certificate', pki_name, 'private', 'key'], value=wrapped_pem_to_config_value(key_pem))
     else:
         print(f'Failed to migrate private key on sstp config')
-        
+
     config.delete(x509_base + ['key-file'])
 
 try:
diff --git a/src/migration-scripts/system/13-to-14 b/src/migration-scripts/system/13-to-14
index 5b068f4fc..1751f1865 100755
--- a/src/migration-scripts/system/13-to-14
+++ b/src/migration-scripts/system/13-to-14
@@ -12,7 +12,7 @@ import re
 import sys
 
 from vyos.configtree import ConfigTree
-from vyos.util import cmd
+from vyos.utils.process import cmd
 
 
 if (len(sys.argv) < 1):
diff --git a/src/migration-scripts/vrrp/3-to-4 b/src/migration-scripts/vrrp/3-to-4
new file mode 100755
index 000000000..b0a6975c2
--- /dev/null
+++ b/src/migration-scripts/vrrp/3-to-4
@@ -0,0 +1,51 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from sys import argv
+from vyos.configtree import ConfigTree
+
+if (len(argv) < 1):
+    print('Must specify file name!')
+    exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+base = ['high-availability', 'virtual-server']
+config = ConfigTree(config_file)
+
+if not config.exists(base):
+    # Nothing to do
+    exit(0)
+
+if config.exists(base):
+    for vs in config.list_nodes(base):
+        vs_base = base + [vs]
+
+        # If the fwmark is used, the address is not required
+        if not config.exists(vs_base + ['fwmark']):
+            # add option: 'virtual-server <tag> address x.x.x.x'
+            config.set(vs_base + ['address'], value=vs)
+
+
+try:
+    with open(file_name, 'w') as f:
+        f.write(config.to_string())
+except OSError as e:
+    print(f'Failed to save the modified config: {e}')
+    exit(1)