diff options
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf-mode/vyos-config-bcast-relay.py | 2 | ||||
| -rwxr-xr-x | src/conf-mode/vyos-config-dns-forwarding.py | 18 | ||||
| -rwxr-xr-x | src/conf-mode/vyos-config-mdns-repeater.py | 2 | ||||
| -rwxr-xr-x | src/conf-mode/vyos-config-ntp.py | 2 | ||||
| -rwxr-xr-x | src/conf-mode/vyos-config-ssh.py | 82 | ||||
| -rwxr-xr-x | src/conf-mode/vyos-update-crontab.py | 2 | ||||
| -rwxr-xr-x | src/op-mode/vyos-list-dumpable-interfaces.py | 14 | ||||
| -rwxr-xr-x | src/op-mode/vyos-list-interfaces.py | 8 | ||||
| -rwxr-xr-x | src/op-mode/vyos-show-version.py | 2 |
9 files changed, 58 insertions, 74 deletions
diff --git a/src/conf-mode/vyos-config-bcast-relay.py b/src/conf-mode/vyos-config-bcast-relay.py index f60664051..785690d9c 100755 --- a/src/conf-mode/vyos-config-bcast-relay.py +++ b/src/conf-mode/vyos-config-bcast-relay.py @@ -23,7 +23,7 @@ import time import subprocess from vyos.config import Config -from vyos.util import ConfigError +from vyos import ConfigError config_file = r'/etc/default/udp-broadcast-relay' diff --git a/src/conf-mode/vyos-config-dns-forwarding.py b/src/conf-mode/vyos-config-dns-forwarding.py index df273b321..be48cde60 100755 --- a/src/conf-mode/vyos-config-dns-forwarding.py +++ b/src/conf-mode/vyos-config-dns-forwarding.py @@ -23,7 +23,7 @@ import netifaces import jinja2 from vyos.config import Config -from vyos.util import ConfigError +from vyos import ConfigError config_file = r'/etc/powerdns/recursor.conf' @@ -31,7 +31,6 @@ config_file = r'/etc/powerdns/recursor.conf' # especially in the semicolon-separated lists of name servers. # Please be careful if you edit the template. config_tmpl = """ - ### Autogenerated by vyos-config-dns-forwarding.py ### # Non-configurable defaults @@ -47,19 +46,20 @@ max-cache-entries={{ cache_size }} export-etc-hosts={{ export_hosts_file }} # listen-on -local-address= {{ listen_on | join(',') }} +local-address={{ listen_on | join(',') }} # domain ... server ... {% if domains -%} -{% for d in domains -%} -forward-zones = {{ d.name }} = {{ d.servers | join(";") }} -{% endfor -%} +forward-zones={% for d in domains %} +{{ d.name }}={{ d.servers | join(";") }} +{%- if loop.first %}, {% endif %} +{% endfor %} {% endif %} # name-server -forward-zones-recurse=.= {{ name_servers | join(';') }} +forward-zones-recurse=.={{ name_servers | join(';') }} """ @@ -113,7 +113,7 @@ def get_config(): if conf.exists('name-server'): name_servers = conf.return_values('name-server') - dns.setdefault('name_servers', name_servers) + dns['name_servers'] = dns['name_servers'] + name_servers if conf.exists('system'): conf.set_level('system') @@ -185,7 +185,7 @@ def generate(dns): if dns is None: return None - tmpl = jinja2.Template(config_tmpl) + tmpl = jinja2.Template(config_tmpl, trim_blocks=True) config_text = tmpl.render(dns) with open(config_file, 'w') as f: diff --git a/src/conf-mode/vyos-config-mdns-repeater.py b/src/conf-mode/vyos-config-mdns-repeater.py index 3b8ca26ad..e648fd64f 100755 --- a/src/conf-mode/vyos-config-mdns-repeater.py +++ b/src/conf-mode/vyos-config-mdns-repeater.py @@ -22,7 +22,7 @@ import netifaces import time from vyos.config import Config -from vyos.util import ConfigError +from vyos import ConfigError config_file = r'/etc/default/mdns-repeater' diff --git a/src/conf-mode/vyos-config-ntp.py b/src/conf-mode/vyos-config-ntp.py index 061e8760e..8be12e44e 100755 --- a/src/conf-mode/vyos-config-ntp.py +++ b/src/conf-mode/vyos-config-ntp.py @@ -23,7 +23,7 @@ import jinja2 import ipaddress from vyos.config import Config -from vyos.util import ConfigError +from vyos import ConfigError config_file = r'/etc/ntp.conf' diff --git a/src/conf-mode/vyos-config-ssh.py b/src/conf-mode/vyos-config-ssh.py index 86b81366f..a4857bba9 100755 --- a/src/conf-mode/vyos-config-ssh.py +++ b/src/conf-mode/vyos-config-ssh.py @@ -22,7 +22,7 @@ import os import jinja2 from vyos.config import Config -from vyos.util import ConfigError +from vyos import ConfigError config_file = r'/etc/ssh/sshd_config' @@ -87,7 +87,7 @@ ListenAddress {{ a }} # Specifies the ciphers allowed. Multiple ciphers must be comma-separated. # # NOTE: As of now, there is no 'multi' node for 'ciphers', thus we have only one :/ -Ciphers {{ ciphers }} +Ciphers {{ ciphers | join(",") }} {% endif %} {% if mac -%} @@ -96,7 +96,7 @@ Ciphers {{ ciphers }} # comma-separated. # # NOTE: As of now, there is no 'multi' node for 'mac', thus we have only one :/ -MACs {{ mac }} +MACs {{ mac | join(",") }} {% endif %} {% if key_exchange -%} @@ -104,7 +104,7 @@ MACs {{ mac }} # be comma-separated. # # NOTE: As of now, there is no 'multi' node for 'key-exchange', thus we have only one :/ -KexAlgorithms {{ key_exchange }} +KexAlgorithms {{ key_exchange | join(",") }} {% endif %} {% if allow_users -%} @@ -152,58 +152,24 @@ def get_config(): else: conf.set_level('service ssh') - if conf.exists('access-control allow-users'): - # Retrieve ',' separated list for allowed users and convert it to a list. - # The current VyOS CLI implementation should be improved to rather use multi nodes - # instead of a ',' separated input. - allow_user = conf.return_value('access-control allow-users') - tmp = allow_user.split(',') - users = [] - for u in tmp: - users.append(u) - - ssh.setdefault('allow_users', users) - - if conf.exists('access-control allow-groups'): - # Retrieve ',' separated list for allowed groups and convert it to a list. - # The current VyOS CLI implementation should be improved to rather use multi nodes - # instead of a ',' separated input. - allow_group = conf.return_value('access-control allow-groups') - tmp = allow_group.split(',') - groups = [] - for g in tmp: - groups.append(g) - - ssh.setdefault('allow_groups', groups) - - if conf.exists('access-control deny-users'): - # Retrieve ',' separated list for denied users and convert it to a list. - # The current VyOS CLI implementation should be improved to rather use multi nodes - # instead of a ',' separated input. - deny_user = conf.return_value('access-control deny-users') - tmp = deny_user.split(',') - users = [] - for u in tmp: - users.append(u) - - ssh.setdefault('deny_users', users) - - if conf.exists('access-control deny-groups'): - # Retrieve ',' separated list for denied groups and convert it to a list. - # The current VyOS CLI implementation should be improved to rather use multi nodes - # instead of a ',' separated input. - deny_group = conf.return_value('access-control deny-groups') - tmp = deny_group.split(',') - groups = [] - for g in tmp: - groups.append(g) - - ssh.setdefault('deny_groups', groups) + if conf.exists('access-control allow user'): + allow_users = conf.return_values('access-control allow user') + ssh.setdefault('allow_users', allow_users) + + if conf.exists('access-control allow group'): + allow_groups = conf.return_values('access-control allow group') + ssh.setdefault('allow_groups', allow_groups) + + if conf.exists('access-control deny user'): + deny_users = conf.return_values('access-control deny user') + ssh.setdefault('deny_users', deny_users) + + if conf.exists('access-control deny group'): + deny_groups = conf.return_values('access-control deny group') + ssh.setdefault('deny_groups', deny_groups) if conf.exists('ciphers'): - # TODO: OpenSSH supports having multiple Ciphers configured. VyOS CLI - # yet has no multi node for this. See T632 in phabricator. - ciphers = conf.return_value('ciphers') + ciphers = conf.return_values('ciphers') ssh.setdefault('ciphers', ciphers) if conf.exists('disable-host-validation'): @@ -213,9 +179,7 @@ def get_config(): ssh['password_authentication'] = 'no' if conf.exists('key-exchange'): - # TODO: OpenSSH supports having multiple KEYX methods configured. VyOS CLI - # yet has no multi node for this. See T632 in phabricator. - kex = conf.return_value('key-exchange') + kex = conf.return_values('key-exchange') ssh.setdefault('key_exchange', kex) if conf.exists('listen-address'): @@ -234,9 +198,7 @@ def get_config(): ssh['log_level'] = conf.return_value('loglevel') if conf.exists('mac'): - # TODO: OpenSSH supports having multiple MACs configured. VyOS CLI - # yet has no multi node for this. See T632 in phabricator. - mac = conf.return_value('mac') + mac = conf.return_values('mac') ssh.setdefault('mac', mac) if conf.exists('port'): diff --git a/src/conf-mode/vyos-update-crontab.py b/src/conf-mode/vyos-update-crontab.py index 2d15de8ea..c19b88007 100755 --- a/src/conf-mode/vyos-update-crontab.py +++ b/src/conf-mode/vyos-update-crontab.py @@ -21,7 +21,7 @@ import re import sys from vyos.config import Config -from vyos.util import ConfigError +from vyos import ConfigError crontab_file = "/etc/cron.d/vyos-crontab" diff --git a/src/op-mode/vyos-list-dumpable-interfaces.py b/src/op-mode/vyos-list-dumpable-interfaces.py new file mode 100755 index 000000000..53ee89633 --- /dev/null +++ b/src/op-mode/vyos-list-dumpable-interfaces.py @@ -0,0 +1,14 @@ +#!/usr/bin/env python3 + +# Extract the list of interfaces available for traffic dumps from tcpdump -D + +import re +import subprocess + +if __name__ == '__main__': + out = subprocess.check_output(['/usr/sbin/tcpdump', '-D']).decode().strip() + out = out.split("\n") + + intfs = " ".join(map(lambda s: re.search(r'\d+\.(\S+)\s', s).group(1), out)) + + print(intfs) diff --git a/src/op-mode/vyos-list-interfaces.py b/src/op-mode/vyos-list-interfaces.py new file mode 100755 index 000000000..59c9dffad --- /dev/null +++ b/src/op-mode/vyos-list-interfaces.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python3 + +import netifaces + +if __name__ == '__main__': + interfaces = netifaces.interfaces() + + print(" ".join(interfaces)) diff --git a/src/op-mode/vyos-show-version.py b/src/op-mode/vyos-show-version.py index 0990dd648..ce3b3b54f 100755 --- a/src/op-mode/vyos-show-version.py +++ b/src/op-mode/vyos-show-version.py @@ -41,7 +41,7 @@ def read_file(name): try: with open (name, "r") as f: data = f.read() - return data.decode().strip() + return data.strip() except: # This works since we only read /sys/class/* stuff # with this function |