summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/dhcp_server.py13
-rwxr-xr-xsrc/conf_mode/host_name.py6
-rwxr-xr-xsrc/conf_mode/snmp.py4
-rwxr-xr-xsrc/conf_mode/wireguard.py14
-rwxr-xr-xsrc/migration-scripts/ipsec/4-to-533
-rwxr-xr-xsrc/migration-scripts/pppoe-server/0-to-14
-rwxr-xr-xsrc/migration-scripts/quagga/2-to-317
-rwxr-xr-xsrc/op_mode/show_ipsec_sa.py21
8 files changed, 95 insertions, 17 deletions
diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py
index 560c80e7f..22ada72a8 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/dhcp_server.py
@@ -150,6 +150,12 @@ shared-network {{ network.name }} {
{%- if subnet.domain_name %}
option domain-name "{{ subnet.domain_name }}";
{%- endif -%}
+ {%- if subnet.subnet_parameters %}
+ # The following {{ subnet.subnet_parameters | length }} line(s) were added as subnet-parameters in the CLI and have not been validated
+ {%- for param in subnet.subnet_parameters %}
+ {{ param }}
+ {%- endfor -%}
+ {%- endif %}
{%- if subnet.tftp_server %}
option tftp-server-name "{{ subnet.tftp_server }}";
{%- endif -%}
@@ -570,7 +576,7 @@ def get_config():
#
# deprecate this and issue a warning like we do for DNS forwarding?
if conf.exists('subnet-parameters'):
- config['subnet_parameters'] = conf.return_values('subnet-parameters')
+ subnet['subnet_parameters'] = conf.return_values('subnet-parameters')
# This option is used to identify a TFTP server and, if supported by the client, should have
# the same effect as the server-name declaration. BOOTP clients are unlikely to support this
@@ -767,6 +773,11 @@ def generate(dhcp):
tmpl = jinja2.Template(config_tmpl)
config_text = tmpl.render(dhcp)
+
+ # Please see: https://phabricator.vyos.net/T1129 for quoting of the raw parameters
+ # we can pass to ISC DHCPd
+ config_text = config_text.replace(""",'"')
+
with open(config_file, 'w') as f:
f.write(config_text)
diff --git a/src/conf_mode/host_name.py b/src/conf_mode/host_name.py
index 3b3958f7f..030735215 100755
--- a/src/conf_mode/host_name.py
+++ b/src/conf_mode/host_name.py
@@ -100,9 +100,13 @@ def apply(config):
"""Apply configuration"""
os.system("hostnamectl set-hostname --static {0}".format(config["fqdn"]))
- # restart services that use the hostname
+ # Restart services that use the hostname
os.system("systemctl restart rsyslog.service")
+ # If SNMP is running, restart it too
+ if os.system("pgrep snmpd > /dev/null") == 0:
+ os.system("systemctl restart snmpd.service")
+
return None
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py
index 026f6d2f7..d21a2b603 100755
--- a/src/conf_mode/snmp.py
+++ b/src/conf_mode/snmp.py
@@ -21,6 +21,7 @@ import os
import shutil
import stat
import pwd
+import time
import jinja2
import random
@@ -793,6 +794,9 @@ def apply(snmp):
# snmpd, which we see when a magic line appears in this file.
snmpReady = False
while not snmpReady:
+ while not os.path.exists(config_file_user):
+ time.sleep(1)
+
with open(config_file_user, 'r') as f:
for line in f:
# Search for our magic string inside the file
diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py
index f5452579e..c88e9085a 100755
--- a/src/conf_mode/wireguard.py
+++ b/src/conf_mode/wireguard.py
@@ -124,7 +124,6 @@ def get_config():
if c.exists(cnf + ' peer ' + p + ' preshared-key'):
config_data['interfaces'][intfc]['peer'][p]['psk'] = c.return_value(cnf + ' peer ' + p + ' preshared-key')
-
return config_data
def verify(c):
@@ -166,12 +165,13 @@ def apply(c):
### link status up/down aka interface disable
for intf in c['interfaces']:
- if c['interfaces'][intf]['state'] == 'disable':
- sl.syslog(sl.LOG_NOTICE, "disable interface " + intf)
- subprocess.call(['ip l s dev ' + intf + ' down ' + ' &>/dev/null'], shell=True)
- else:
- sl.syslog(sl.LOG_NOTICE, "enable interface " + intf)
- subprocess.call(['ip l s dev ' + intf + ' up ' + ' &>/dev/null'], shell=True)
+ if not c['interfaces'][intf]['status'] == 'delete':
+ if c['interfaces'][intf]['state'] == 'disable':
+ sl.syslog(sl.LOG_NOTICE, "disable interface " + intf)
+ subprocess.call(['ip l s dev ' + intf + ' down ' + ' &>/dev/null'], shell=True)
+ else:
+ sl.syslog(sl.LOG_NOTICE, "enable interface " + intf)
+ subprocess.call(['ip l s dev ' + intf + ' up ' + ' &>/dev/null'], shell=True)
### deletion of a specific interface
for intf in c['interfaces']:
diff --git a/src/migration-scripts/ipsec/4-to-5 b/src/migration-scripts/ipsec/4-to-5
new file mode 100755
index 000000000..b64aa8462
--- /dev/null
+++ b/src/migration-scripts/ipsec/4-to-5
@@ -0,0 +1,33 @@
+#!/usr/bin/env python3
+
+# log-modes have changed, keyword all to any
+
+import sys
+
+from vyos.configtree import ConfigTree
+
+if (len(sys.argv) < 1):
+ print("Must specify file name!")
+ sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+ctree = ConfigTree(config_file)
+
+if not ctree.exists(['vpn', 'ipsec', 'logging','log-modes']):
+ # Nothing to do
+ sys.exit(0)
+else:
+ lmodes = ctree.return_values(['vpn', 'ipsec', 'logging','log-modes'])
+ for mode in lmodes:
+ if mode == 'all':
+ ctree.set(['vpn', 'ipsec', 'logging','log-modes'], value='any', replace=True)
+
+ try:
+ open(file_name,'w').write(ctree.to_string())
+ except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ sys.exit(1)
diff --git a/src/migration-scripts/pppoe-server/0-to-1 b/src/migration-scripts/pppoe-server/0-to-1
index df816a321..bb24211b6 100755
--- a/src/migration-scripts/pppoe-server/0-to-1
+++ b/src/migration-scripts/pppoe-server/0-to-1
@@ -1,6 +1,8 @@
#!/usr/bin/env python3
-# Delete "service ssh allow-root" option
+# Convert "service pppoe-server authentication radius-server node key"
+# to:
+# "service pppoe-server authentication radius-server node secret"
import sys
diff --git a/src/migration-scripts/quagga/2-to-3 b/src/migration-scripts/quagga/2-to-3
index 99d96a0aa..4c1cd86a3 100755
--- a/src/migration-scripts/quagga/2-to-3
+++ b/src/migration-scripts/quagga/2-to-3
@@ -178,6 +178,23 @@ else:
for peer_group in peer_groups:
migrate_neighbor(config, peer_group_path, peer_group)
+ ## Migrate redistribute statements
+ redistribute_path = ['protocols', 'bgp', asn, 'redistribute']
+ if config.exists(redistribute_path):
+ config.set(bgp_path + af_path + ['redistribute'])
+
+ redistributes = config.list_nodes(redistribute_path)
+ for redistribute in redistributes:
+ config.set(bgp_path + af_path + ['redistribute', redistribute])
+ if config.exists(redistribute_path + [redistribute, 'metric']):
+ redist_metric = config.return_value(redistribute_path + [redistribute, 'metric'])
+ config.set(bgp_path + af_path + ['redistribute', redistribute, 'metric'], value=redist_metric)
+ if config.exists(redistribute_path + [redistribute, 'route-map']):
+ redist_route_map = config.return_value(redistribute_path + [redistribute, 'route-map'])
+ config.set(bgp_path + af_path + ['redistribute', redistribute, 'route-map'], value=redist_route_map)
+
+ config.delete(redistribute_path)
+
try:
with open(file_name, 'w') as f:
f.write(config.to_string())
diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py
index 8240c4fd3..792c27dad 100755
--- a/src/op_mode/show_ipsec_sa.py
+++ b/src/op_mode/show_ipsec_sa.py
@@ -1,23 +1,30 @@
#!/usr/bin/env python3
import re
+import sys
import subprocess
import tabulate
import hurry.filesize
def parse_conn_spec(s):
- # Example: ESTABLISHED 14 seconds ago, 10.0.0.2[foo]...10.0.0.1[10.0.0.1]
- return re.search(r'.*ESTABLISHED\s+(.*)ago,\s(.*)\[(.*)\]\.\.\.(.*)\[(.*)\].*', s).groups()
+ try:
+ # Example: ESTABLISHED 14 seconds ago, 10.0.0.2[foo]...10.0.0.1[10.0.0.1]
+ return re.search(r'.*ESTABLISHED\s+(.*)ago,\s(.*)\[(.*)\]\.\.\.(.*)\[(.*)\].*', s).groups()
+ except AttributeError:
+ # No active SAs found, so we have nothing to display
+ print("No established security associations found.")
+ print("Use \"show vpn ipsec sa\" to view inactive and connecting tunnels.")
+ sys.exit(0)
def parse_ike_line(s):
try:
# Example with traffic: AES_CBC_256/HMAC_SHA2_256_128/ECP_521, 2382660 bytes_i (1789 pkts, 2s ago), 2382660 bytes_o ...
- return re.search(r'.*:\s+(.*)\/(.*)\/(.*),\s+(\d+)\s+bytes_i\s\(.*pkts,.*\),\s+(\d+)\s+bytes_o', s).groups()
+ return re.search(r'.*:\s+(.*\/.*(?:\/.*)?),\s+(\d+)\s+bytes_i\s\(.*pkts,.*\),\s+(\d+)\s+bytes_o', s).groups()
except AttributeError:
try:
# Example without traffic: 3DES_CBC/HMAC_MD5_96/MODP_1024, 0 bytes_i, 0 bytes_o, rekeying in 45 minutes
- return re.search(r'.*:\s+(.*)\/(.*)\/(.*),\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups()
+ return re.search(r'.*:\s+(.*\/.*(?:\/.*)?),\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups()
except AttributeError:
return (None, None, None, None, None)
@@ -25,7 +32,7 @@ def parse_ike_line(s):
# Get a list of all configured connections
with open('/etc/ipsec.conf', 'r') as f:
config = f.read()
- connections = re.findall(r'conn\s([^\s]+)\s*\n', config)
+ connections = set(re.findall(r'conn\s([^\s]+)\s*\n', config))
connections = list(filter(lambda s: s != '%default', connections))
status_data = []
@@ -39,13 +46,13 @@ for conn in connections:
time, _, _, ip, id = parse_conn_spec(status)
if ip == id:
id = None
- enc, hash, dh, bytes_in, bytes_out = parse_ike_line(status)
+ enc, bytes_in, bytes_out = parse_ike_line(status)
# Convert bytes to human-readable units
bytes_in = hurry.filesize.size(int(bytes_in))
bytes_out = hurry.filesize.size(int(bytes_out))
- status_line = [conn, "up", time, "{0}/{1}".format(bytes_in, bytes_out), ip, id, "{0}/{1}/{2}".format(enc, hash, dh)]
+ status_line = [conn, "up", time, "{0}/{1}".format(bytes_in, bytes_out), ip, id, enc]
except Exception as e:
print(status)
raise e
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-25 10:38:35 +0000