summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/firewall.py3
-rwxr-xr-xsrc/conf_mode/interfaces_bonding.py (renamed from src/conf_mode/interfaces-bonding.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_bridge.py (renamed from src/conf_mode/interfaces-bridge.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_dummy.py (renamed from src/conf_mode/interfaces-dummy.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_ethernet.py (renamed from src/conf_mode/interfaces-ethernet.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_geneve.py (renamed from src/conf_mode/interfaces-geneve.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_input.py (renamed from src/conf_mode/interfaces-input.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_l2tpv3.py (renamed from src/conf_mode/interfaces-l2tpv3.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_loopback.py (renamed from src/conf_mode/interfaces-loopback.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_macsec.py (renamed from src/conf_mode/interfaces-macsec.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_openvpn.py (renamed from src/conf_mode/interfaces-openvpn.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_pppoe.py (renamed from src/conf_mode/interfaces-pppoe.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_pseudo-ethernet.py (renamed from src/conf_mode/interfaces-pseudo-ethernet.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_sstpc.py (renamed from src/conf_mode/interfaces-sstpc.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_tunnel.py (renamed from src/conf_mode/interfaces-tunnel.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_virtual-ethernet.py (renamed from src/conf_mode/interfaces-virtual-ethernet.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_vti.py (renamed from src/conf_mode/interfaces-vti.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_vxlan.py (renamed from src/conf_mode/interfaces-vxlan.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_wireguard.py (renamed from src/conf_mode/interfaces-wireguard.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_wireless.py (renamed from src/conf_mode/interfaces-wireless.py)0
-rwxr-xr-xsrc/conf_mode/interfaces_wwan.py (renamed from src/conf_mode/interfaces-wwan.py)0
-rwxr-xr-xsrc/conf_mode/load-balancing_reverse-proxy.py (renamed from src/conf_mode/load-balancing-haproxy.py)0
-rwxr-xr-xsrc/conf_mode/load-balancing_wan.py (renamed from src/conf_mode/load-balancing-wan.py)0
-rwxr-xr-xsrc/conf_mode/pki.py8
-rwxr-xr-xsrc/conf_mode/policy_local-route.py (renamed from src/conf_mode/policy-local-route.py)0
-rwxr-xr-xsrc/conf_mode/policy_route.py (renamed from src/conf_mode/policy-route.py)0
-rwxr-xr-xsrc/conf_mode/protocols_igmp-proxy.py (renamed from src/conf_mode/igmp_proxy.py)0
-rwxr-xr-xsrc/conf_mode/protocols_segment-routing.py (renamed from src/conf_mode/protocols_segment_routing.py)0
-rwxr-xr-xsrc/conf_mode/protocols_static_arp.py (renamed from src/conf_mode/arp.py)0
-rwxr-xr-xsrc/conf_mode/service_broadcast-relay.py (renamed from src/conf_mode/bcast_relay.py)0
-rwxr-xr-xsrc/conf_mode/service_config-sync.py (renamed from src/conf_mode/service_config_sync.py)0
-rwxr-xr-xsrc/conf_mode/service_conntrack-sync.py (renamed from src/conf_mode/conntrack_sync.py)0
-rwxr-xr-xsrc/conf_mode/service_dhcp-relay.py (renamed from src/conf_mode/dhcp_relay.py)0
-rwxr-xr-xsrc/conf_mode/service_dhcp-server.py (renamed from src/conf_mode/dhcp_server.py)25
-rwxr-xr-xsrc/conf_mode/service_dhcpv6-relay.py (renamed from src/conf_mode/dhcpv6_relay.py)0
-rwxr-xr-xsrc/conf_mode/service_dhcpv6-server.py (renamed from src/conf_mode/dhcpv6_server.py)17
-rwxr-xr-xsrc/conf_mode/service_dns_dynamic.py (renamed from src/conf_mode/dns_dynamic.py)0
-rwxr-xr-xsrc/conf_mode/service_dns_forwarding.py (renamed from src/conf_mode/dns_forwarding.py)0
-rwxr-xr-xsrc/conf_mode/service_event-handler.py (renamed from src/conf_mode/service_event_handler.py)0
-rwxr-xr-xsrc/conf_mode/service_https.py (renamed from src/conf_mode/https.py)0
-rwxr-xr-xsrc/conf_mode/service_https_certificates_certbot.py (renamed from src/conf_mode/le_cert.py)3
-rwxr-xr-xsrc/conf_mode/service_ids_ddos-protection.py (renamed from src/conf_mode/service_ids_fastnetmon.py)0
-rwxr-xr-xsrc/conf_mode/service_lldp.py (renamed from src/conf_mode/lldp.py)0
-rwxr-xr-xsrc/conf_mode/service_mdns_repeater.py (renamed from src/conf_mode/service_mdns-repeater.py)0
-rwxr-xr-xsrc/conf_mode/service_ntp.py (renamed from src/conf_mode/ntp.py)0
-rwxr-xr-xsrc/conf_mode/service_salt-minion.py (renamed from src/conf_mode/salt-minion.py)0
-rwxr-xr-xsrc/conf_mode/service_snmp.py (renamed from src/conf_mode/snmp.py)0
-rwxr-xr-xsrc/conf_mode/service_ssh.py (renamed from src/conf_mode/ssh.py)0
-rwxr-xr-xsrc/conf_mode/service_tftp-server.py (renamed from src/conf_mode/tftp_server.py)0
-rwxr-xr-xsrc/conf_mode/system_acceleration.py (renamed from src/conf_mode/intel_qat.py)0
-rwxr-xr-xsrc/conf_mode/system_config-management.py (renamed from src/conf_mode/config_mgmt.py)0
-rwxr-xr-xsrc/conf_mode/system_conntrack.py (renamed from src/conf_mode/conntrack.py)0
-rwxr-xr-xsrc/conf_mode/system_flow-accounting.py (renamed from src/conf_mode/flow_accounting_conf.py)0
-rwxr-xr-xsrc/conf_mode/system_host-name.py (renamed from src/conf_mode/host_name.py)0
-rwxr-xr-xsrc/conf_mode/system_ip.py (renamed from src/conf_mode/system-ip.py)0
-rwxr-xr-xsrc/conf_mode/system_ipv6.py (renamed from src/conf_mode/system-ipv6.py)0
-rwxr-xr-xsrc/conf_mode/system_login.py (renamed from src/conf_mode/system-login.py)0
-rwxr-xr-xsrc/conf_mode/system_login_banner.py (renamed from src/conf_mode/system-login-banner.py)0
-rwxr-xr-xsrc/conf_mode/system_logs.py (renamed from src/conf_mode/system-logs.py)0
-rwxr-xr-xsrc/conf_mode/system_option.py (renamed from src/conf_mode/system-option.py)0
-rwxr-xr-xsrc/conf_mode/system_proxy.py (renamed from src/conf_mode/system-proxy.py)0
-rwxr-xr-xsrc/conf_mode/system_syslog.py (renamed from src/conf_mode/system-syslog.py)0
-rwxr-xr-xsrc/conf_mode/system_task-scheduler.py (renamed from src/conf_mode/task_scheduler.py)0
-rwxr-xr-xsrc/conf_mode/system_timezone.py (renamed from src/conf_mode/system-timezone.py)0
-rwxr-xr-xsrc/conf_mode/system_update-check.py (renamed from src/conf_mode/system_update_check.py)0
-rwxr-xr-xsrc/etc/ppp/ip-down.d/98-vyos-pppoe-cleanup-nameservers1
-rwxr-xr-xsrc/etc/ppp/ip-up.d/98-vyos-pppoe-setup-nameservers1
-rwxr-xr-xsrc/init/vyos-router10
-rwxr-xr-xsrc/migration-scripts/https/1-to-22
-rwxr-xr-xsrc/op_mode/clear_dhcp_lease.py3
-rwxr-xr-xsrc/op_mode/connect_disconnect.py2
-rwxr-xr-xsrc/op_mode/dhcp.py9
-rwxr-xr-xsrc/system/keepalived-fifo.py2
-rw-r--r--src/tests/test_task_scheduler.py8
74 files changed, 51 insertions, 43 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index da6724fde..acb7dfa41 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -42,9 +42,6 @@ from vyos import airbag
airbag.enable()
-nat_conf_script = 'nat.py'
-policy_route_conf_script = 'policy-route.py'
-
nftables_conf = '/run/nftables.conf'
sysfs_config = {
diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces_bonding.py
index 8184d8415..8184d8415 100755
--- a/src/conf_mode/interfaces-bonding.py
+++ b/src/conf_mode/interfaces_bonding.py
diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces_bridge.py
index 29991e2da..29991e2da 100755
--- a/src/conf_mode/interfaces-bridge.py
+++ b/src/conf_mode/interfaces_bridge.py
diff --git a/src/conf_mode/interfaces-dummy.py b/src/conf_mode/interfaces_dummy.py
index db768b94d..db768b94d 100755
--- a/src/conf_mode/interfaces-dummy.py
+++ b/src/conf_mode/interfaces_dummy.py
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces_ethernet.py
index 7374a29f7..7374a29f7 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces_ethernet.py
diff --git a/src/conf_mode/interfaces-geneve.py b/src/conf_mode/interfaces_geneve.py
index f6694ddde..f6694ddde 100755
--- a/src/conf_mode/interfaces-geneve.py
+++ b/src/conf_mode/interfaces_geneve.py
diff --git a/src/conf_mode/interfaces-input.py b/src/conf_mode/interfaces_input.py
index ad248843d..ad248843d 100755
--- a/src/conf_mode/interfaces-input.py
+++ b/src/conf_mode/interfaces_input.py
diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces_l2tpv3.py
index e1db3206e..e1db3206e 100755
--- a/src/conf_mode/interfaces-l2tpv3.py
+++ b/src/conf_mode/interfaces_l2tpv3.py
diff --git a/src/conf_mode/interfaces-loopback.py b/src/conf_mode/interfaces_loopback.py
index 08d34477a..08d34477a 100755
--- a/src/conf_mode/interfaces-loopback.py
+++ b/src/conf_mode/interfaces_loopback.py
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces_macsec.py
index 0a927ac88..0a927ac88 100755
--- a/src/conf_mode/interfaces-macsec.py
+++ b/src/conf_mode/interfaces_macsec.py
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces_openvpn.py
index bdeb44837..bdeb44837 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces_openvpn.py
diff --git a/src/conf_mode/interfaces-pppoe.py b/src/conf_mode/interfaces_pppoe.py
index 42f084309..42f084309 100755
--- a/src/conf_mode/interfaces-pppoe.py
+++ b/src/conf_mode/interfaces_pppoe.py
diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces_pseudo-ethernet.py
index dce5c2358..dce5c2358 100755
--- a/src/conf_mode/interfaces-pseudo-ethernet.py
+++ b/src/conf_mode/interfaces_pseudo-ethernet.py
diff --git a/src/conf_mode/interfaces-sstpc.py b/src/conf_mode/interfaces_sstpc.py
index b588910dc..b588910dc 100755
--- a/src/conf_mode/interfaces-sstpc.py
+++ b/src/conf_mode/interfaces_sstpc.py
diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces_tunnel.py
index 91aed9cc3..91aed9cc3 100755
--- a/src/conf_mode/interfaces-tunnel.py
+++ b/src/conf_mode/interfaces_tunnel.py
diff --git a/src/conf_mode/interfaces-virtual-ethernet.py b/src/conf_mode/interfaces_virtual-ethernet.py
index 8efe89c41..8efe89c41 100755
--- a/src/conf_mode/interfaces-virtual-ethernet.py
+++ b/src/conf_mode/interfaces_virtual-ethernet.py
diff --git a/src/conf_mode/interfaces-vti.py b/src/conf_mode/interfaces_vti.py
index 9871810ae..9871810ae 100755
--- a/src/conf_mode/interfaces-vti.py
+++ b/src/conf_mode/interfaces_vti.py
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces_vxlan.py
index 4251e611b..4251e611b 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces_vxlan.py
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces_wireguard.py
index 79e5d3f44..79e5d3f44 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces_wireguard.py
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces_wireless.py
index 02b4a2500..02b4a2500 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces_wireless.py
diff --git a/src/conf_mode/interfaces-wwan.py b/src/conf_mode/interfaces_wwan.py
index 2515dc838..2515dc838 100755
--- a/src/conf_mode/interfaces-wwan.py
+++ b/src/conf_mode/interfaces_wwan.py
diff --git a/src/conf_mode/load-balancing-haproxy.py b/src/conf_mode/load-balancing_reverse-proxy.py
index 333ebc66c..333ebc66c 100755
--- a/src/conf_mode/load-balancing-haproxy.py
+++ b/src/conf_mode/load-balancing_reverse-proxy.py
diff --git a/src/conf_mode/load-balancing-wan.py b/src/conf_mode/load-balancing_wan.py
index 5da0b906b..5da0b906b 100755
--- a/src/conf_mode/load-balancing-wan.py
+++ b/src/conf_mode/load-balancing_wan.py
diff --git a/src/conf_mode/pki.py b/src/conf_mode/pki.py
index 34ba2fe69..f7e14aa16 100755
--- a/src/conf_mode/pki.py
+++ b/src/conf_mode/pki.py
@@ -36,22 +36,22 @@ sync_search = [
{
'keys': ['certificate'],
'path': ['service', 'https'],
- 'script': '/usr/libexec/vyos/conf_mode/https.py'
+ 'script': '/usr/libexec/vyos/conf_mode/service_https.py'
},
{
'keys': ['certificate', 'ca_certificate'],
'path': ['interfaces', 'ethernet'],
- 'script': '/usr/libexec/vyos/conf_mode/interfaces-ethernet.py'
+ 'script': '/usr/libexec/vyos/conf_mode/interfaces_ethernet.py'
},
{
'keys': ['certificate', 'ca_certificate', 'dh_params', 'shared_secret_key', 'auth_key', 'crypt_key'],
'path': ['interfaces', 'openvpn'],
- 'script': '/usr/libexec/vyos/conf_mode/interfaces-openvpn.py'
+ 'script': '/usr/libexec/vyos/conf_mode/interfaces_openvpn.py'
},
{
'keys': ['ca_certificate'],
'path': ['interfaces', 'sstpc'],
- 'script': '/usr/libexec/vyos/conf_mode/interfaces-sstpc.py'
+ 'script': '/usr/libexec/vyos/conf_mode/interfaces_sstpc.py'
},
{
'keys': ['certificate', 'ca_certificate', 'local_key', 'remote_key'],
diff --git a/src/conf_mode/policy-local-route.py b/src/conf_mode/policy_local-route.py
index 91e4fce2c..91e4fce2c 100755
--- a/src/conf_mode/policy-local-route.py
+++ b/src/conf_mode/policy_local-route.py
diff --git a/src/conf_mode/policy-route.py b/src/conf_mode/policy_route.py
index adad012de..adad012de 100755
--- a/src/conf_mode/policy-route.py
+++ b/src/conf_mode/policy_route.py
diff --git a/src/conf_mode/igmp_proxy.py b/src/conf_mode/protocols_igmp-proxy.py
index 40db417dd..40db417dd 100755
--- a/src/conf_mode/igmp_proxy.py
+++ b/src/conf_mode/protocols_igmp-proxy.py
diff --git a/src/conf_mode/protocols_segment_routing.py b/src/conf_mode/protocols_segment-routing.py
index d865c2ac0..d865c2ac0 100755
--- a/src/conf_mode/protocols_segment_routing.py
+++ b/src/conf_mode/protocols_segment-routing.py
diff --git a/src/conf_mode/arp.py b/src/conf_mode/protocols_static_arp.py
index b141f1141..b141f1141 100755
--- a/src/conf_mode/arp.py
+++ b/src/conf_mode/protocols_static_arp.py
diff --git a/src/conf_mode/bcast_relay.py b/src/conf_mode/service_broadcast-relay.py
index 31c552f5a..31c552f5a 100755
--- a/src/conf_mode/bcast_relay.py
+++ b/src/conf_mode/service_broadcast-relay.py
diff --git a/src/conf_mode/service_config_sync.py b/src/conf_mode/service_config-sync.py
index 4b8a7f6ee..4b8a7f6ee 100755
--- a/src/conf_mode/service_config_sync.py
+++ b/src/conf_mode/service_config-sync.py
diff --git a/src/conf_mode/conntrack_sync.py b/src/conf_mode/service_conntrack-sync.py
index 4fb2ce27f..4fb2ce27f 100755
--- a/src/conf_mode/conntrack_sync.py
+++ b/src/conf_mode/service_conntrack-sync.py
diff --git a/src/conf_mode/dhcp_relay.py b/src/conf_mode/service_dhcp-relay.py
index 37d708847..37d708847 100755
--- a/src/conf_mode/dhcp_relay.py
+++ b/src/conf_mode/service_dhcp-relay.py
diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/service_dhcp-server.py
index c1308cda7..7ebc560ba 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/service_dhcp-server.py
@@ -27,9 +27,10 @@ from vyos.pki import wrap_private_key
from vyos.template import render
from vyos.utils.dict import dict_search
from vyos.utils.dict import dict_search_args
+from vyos.utils.file import chmod_775
+from vyos.utils.file import makedir
from vyos.utils.file import write_file
from vyos.utils.process import call
-from vyos.utils.process import run
from vyos.utils.network import is_subnet_connected
from vyos.utils.network import is_addr_assigned
from vyos import ConfigError
@@ -39,8 +40,9 @@ airbag.enable()
ctrl_config_file = '/run/kea/kea-ctrl-agent.conf'
ctrl_socket = '/run/kea/dhcp4-ctrl-socket'
config_file = '/run/kea/kea-dhcp4.conf'
-lease_file = '/config/dhcp4.leases'
+lease_file = '/config/dhcp/dhcp4-leases.csv'
systemd_override = r'/run/systemd/system/kea-ctrl-agent.service.d/10-override.conf'
+user_group = '_kea'
ca_cert_file = '/run/kea/kea-failover-ca.pem'
cert_file = '/run/kea/kea-failover.pem'
@@ -308,8 +310,15 @@ def generate(dhcp):
dhcp['lease_file'] = lease_file
dhcp['machine'] = os.uname().machine
+ # Create directory for lease file if necessary
+ lease_dir = os.path.dirname(lease_file)
+ if not os.path.isdir(lease_dir):
+ makedir(lease_dir, group='vyattacfg')
+ chmod_775(lease_dir)
+
+ # Create lease file if necessary and let kea own it - 'kea-lfc' expects it that way
if not os.path.exists(lease_file):
- write_file(lease_file, '', user='_kea', group='vyattacfg', mode=0o755)
+ write_file(lease_file, '', user=user_group, group=user_group, mode=0o644)
for f in [cert_file, cert_key_file, ca_cert_file]:
if os.path.exists(f):
@@ -320,8 +329,8 @@ def generate(dhcp):
cert_name = dhcp['failover']['certificate']
cert_data = dhcp['pki']['certificate'][cert_name]['certificate']
key_data = dhcp['pki']['certificate'][cert_name]['private']['key']
- write_file(cert_file, wrap_certificate(cert_data), user='_kea', mode=0o600)
- write_file(cert_key_file, wrap_private_key(key_data), user='_kea', mode=0o600)
+ write_file(cert_file, wrap_certificate(cert_data), user=user_group, mode=0o600)
+ write_file(cert_key_file, wrap_private_key(key_data), user=user_group, mode=0o600)
dhcp['failover']['cert_file'] = cert_file
dhcp['failover']['cert_key_file'] = cert_key_file
@@ -329,14 +338,14 @@ def generate(dhcp):
if 'ca_certificate' in dhcp['failover']:
ca_cert_name = dhcp['failover']['ca_certificate']
ca_cert_data = dhcp['pki']['ca'][ca_cert_name]['certificate']
- write_file(ca_cert_file, wrap_certificate(ca_cert_data), user='_kea', mode=0o600)
+ write_file(ca_cert_file, wrap_certificate(ca_cert_data), user=user_group, mode=0o600)
dhcp['failover']['ca_cert_file'] = ca_cert_file
render(systemd_override, 'dhcp-server/10-override.conf.j2', dhcp)
- render(ctrl_config_file, 'dhcp-server/kea-ctrl-agent.conf.j2', dhcp)
- render(config_file, 'dhcp-server/kea-dhcp4.conf.j2', dhcp)
+ render(ctrl_config_file, 'dhcp-server/kea-ctrl-agent.conf.j2', dhcp, user=user_group, group=user_group)
+ render(config_file, 'dhcp-server/kea-dhcp4.conf.j2', dhcp, user=user_group, group=user_group)
return None
diff --git a/src/conf_mode/dhcpv6_relay.py b/src/conf_mode/service_dhcpv6-relay.py
index 6537ca3c2..6537ca3c2 100755
--- a/src/conf_mode/dhcpv6_relay.py
+++ b/src/conf_mode/service_dhcpv6-relay.py
diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/service_dhcpv6-server.py
index f9da3d84a..9cc57dbcf 100755
--- a/src/conf_mode/dhcpv6_server.py
+++ b/src/conf_mode/service_dhcpv6-server.py
@@ -22,8 +22,9 @@ from sys import exit
from vyos.config import Config
from vyos.template import render
-from vyos.template import is_ipv6
from vyos.utils.process import call
+from vyos.utils.file import chmod_775
+from vyos.utils.file import makedir
from vyos.utils.file import write_file
from vyos.utils.dict import dict_search
from vyos.utils.network import is_subnet_connected
@@ -33,7 +34,8 @@ airbag.enable()
config_file = '/run/kea/kea-dhcp6.conf'
ctrl_socket = '/run/kea/dhcp6-ctrl-socket'
-lease_file = '/config/dhcp6.leases'
+lease_file = '/config/dhcp/dhcp6-leases.csv'
+user_group = '_kea'
def get_config(config=None):
if config:
@@ -182,10 +184,17 @@ def generate(dhcpv6):
dhcpv6['lease_file'] = lease_file
dhcpv6['machine'] = os.uname().machine
+ # Create directory for lease file if necessary
+ lease_dir = os.path.dirname(lease_file)
+ if not os.path.isdir(lease_dir):
+ makedir(lease_dir, group='vyattacfg')
+ chmod_775(lease_dir)
+
+ # Create lease file if necessary and let kea own it - 'kea-lfc' expects it that way
if not os.path.exists(lease_file):
- write_file(lease_file, '', user='_kea', group='vyattacfg', mode=0o755)
+ write_file(lease_file, '', user=user_group, group=user_group, mode=0o644)
- render(config_file, 'dhcp-server/kea-dhcp6.conf.j2', dhcpv6)
+ render(config_file, 'dhcp-server/kea-dhcp6.conf.j2', dhcpv6, user=user_group, group=user_group)
return None
def apply(dhcpv6):
diff --git a/src/conf_mode/dns_dynamic.py b/src/conf_mode/service_dns_dynamic.py
index 99fa8feee..99fa8feee 100755
--- a/src/conf_mode/dns_dynamic.py
+++ b/src/conf_mode/service_dns_dynamic.py
diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/service_dns_forwarding.py
index c186f47af..c186f47af 100755
--- a/src/conf_mode/dns_forwarding.py
+++ b/src/conf_mode/service_dns_forwarding.py
diff --git a/src/conf_mode/service_event_handler.py b/src/conf_mode/service_event-handler.py
index 5028ef52f..5028ef52f 100755
--- a/src/conf_mode/service_event_handler.py
+++ b/src/conf_mode/service_event-handler.py
diff --git a/src/conf_mode/https.py b/src/conf_mode/service_https.py
index 3dc5dfc01..3dc5dfc01 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/service_https.py
diff --git a/src/conf_mode/le_cert.py b/src/conf_mode/service_https_certificates_certbot.py
index 06c7e7b72..1a6a498de 100755
--- a/src/conf_mode/le_cert.py
+++ b/src/conf_mode/service_https_certificates_certbot.py
@@ -31,7 +31,7 @@ vyos_conf_scripts_dir = vyos.defaults.directories['conf_mode']
vyos_certbot_dir = vyos.defaults.directories['certbot']
dependencies = [
- 'https.py',
+ 'service_https.py',
]
def request_certbot(cert):
@@ -112,4 +112,3 @@ if __name__ == '__main__':
except ConfigError as e:
print(e)
sys.exit(1)
-
diff --git a/src/conf_mode/service_ids_fastnetmon.py b/src/conf_mode/service_ids_ddos-protection.py
index 276a71fcb..276a71fcb 100755
--- a/src/conf_mode/service_ids_fastnetmon.py
+++ b/src/conf_mode/service_ids_ddos-protection.py
diff --git a/src/conf_mode/lldp.py b/src/conf_mode/service_lldp.py
index 3c647a0e8..3c647a0e8 100755
--- a/src/conf_mode/lldp.py
+++ b/src/conf_mode/service_lldp.py
diff --git a/src/conf_mode/service_mdns-repeater.py b/src/conf_mode/service_mdns_repeater.py
index 6526c23d1..6526c23d1 100755
--- a/src/conf_mode/service_mdns-repeater.py
+++ b/src/conf_mode/service_mdns_repeater.py
diff --git a/src/conf_mode/ntp.py b/src/conf_mode/service_ntp.py
index 1cc23a7df..1cc23a7df 100755
--- a/src/conf_mode/ntp.py
+++ b/src/conf_mode/service_ntp.py
diff --git a/src/conf_mode/salt-minion.py b/src/conf_mode/service_salt-minion.py
index a8fce8e01..a8fce8e01 100755
--- a/src/conf_mode/salt-minion.py
+++ b/src/conf_mode/service_salt-minion.py
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/service_snmp.py
index 6565ffd60..6565ffd60 100755
--- a/src/conf_mode/snmp.py
+++ b/src/conf_mode/service_snmp.py
diff --git a/src/conf_mode/ssh.py b/src/conf_mode/service_ssh.py
index ee5e1eca2..ee5e1eca2 100755
--- a/src/conf_mode/ssh.py
+++ b/src/conf_mode/service_ssh.py
diff --git a/src/conf_mode/tftp_server.py b/src/conf_mode/service_tftp-server.py
index 3ad346e2e..3ad346e2e 100755
--- a/src/conf_mode/tftp_server.py
+++ b/src/conf_mode/service_tftp-server.py
diff --git a/src/conf_mode/intel_qat.py b/src/conf_mode/system_acceleration.py
index e4b248675..e4b248675 100755
--- a/src/conf_mode/intel_qat.py
+++ b/src/conf_mode/system_acceleration.py
diff --git a/src/conf_mode/config_mgmt.py b/src/conf_mode/system_config-management.py
index c681a8405..c681a8405 100755
--- a/src/conf_mode/config_mgmt.py
+++ b/src/conf_mode/system_config-management.py
diff --git a/src/conf_mode/conntrack.py b/src/conf_mode/system_conntrack.py
index 7f6c71440..7f6c71440 100755
--- a/src/conf_mode/conntrack.py
+++ b/src/conf_mode/system_conntrack.py
diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/system_flow-accounting.py
index 206f513c8..206f513c8 100755
--- a/src/conf_mode/flow_accounting_conf.py
+++ b/src/conf_mode/system_flow-accounting.py
diff --git a/src/conf_mode/host_name.py b/src/conf_mode/system_host-name.py
index 6204cf247..6204cf247 100755
--- a/src/conf_mode/host_name.py
+++ b/src/conf_mode/system_host-name.py
diff --git a/src/conf_mode/system-ip.py b/src/conf_mode/system_ip.py
index 7612e2c0d..7612e2c0d 100755
--- a/src/conf_mode/system-ip.py
+++ b/src/conf_mode/system_ip.py
diff --git a/src/conf_mode/system-ipv6.py b/src/conf_mode/system_ipv6.py
index 90a1a8087..90a1a8087 100755
--- a/src/conf_mode/system-ipv6.py
+++ b/src/conf_mode/system_ipv6.py
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system_login.py
index f34575aff..f34575aff 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system_login.py
diff --git a/src/conf_mode/system-login-banner.py b/src/conf_mode/system_login_banner.py
index 65fa04417..65fa04417 100755
--- a/src/conf_mode/system-login-banner.py
+++ b/src/conf_mode/system_login_banner.py
diff --git a/src/conf_mode/system-logs.py b/src/conf_mode/system_logs.py
index 8ad4875d4..8ad4875d4 100755
--- a/src/conf_mode/system-logs.py
+++ b/src/conf_mode/system_logs.py
diff --git a/src/conf_mode/system-option.py b/src/conf_mode/system_option.py
index d92121b3d..d92121b3d 100755
--- a/src/conf_mode/system-option.py
+++ b/src/conf_mode/system_option.py
diff --git a/src/conf_mode/system-proxy.py b/src/conf_mode/system_proxy.py
index 079c43e7e..079c43e7e 100755
--- a/src/conf_mode/system-proxy.py
+++ b/src/conf_mode/system_proxy.py
diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system_syslog.py
index 07fbb0734..07fbb0734 100755
--- a/src/conf_mode/system-syslog.py
+++ b/src/conf_mode/system_syslog.py
diff --git a/src/conf_mode/task_scheduler.py b/src/conf_mode/system_task-scheduler.py
index 129be5d3c..129be5d3c 100755
--- a/src/conf_mode/task_scheduler.py
+++ b/src/conf_mode/system_task-scheduler.py
diff --git a/src/conf_mode/system-timezone.py b/src/conf_mode/system_timezone.py
index cd3d4b229..cd3d4b229 100755
--- a/src/conf_mode/system-timezone.py
+++ b/src/conf_mode/system_timezone.py
diff --git a/src/conf_mode/system_update_check.py b/src/conf_mode/system_update-check.py
index 8d641a97d..8d641a97d 100755
--- a/src/conf_mode/system_update_check.py
+++ b/src/conf_mode/system_update-check.py
diff --git a/src/etc/ppp/ip-down.d/98-vyos-pppoe-cleanup-nameservers b/src/etc/ppp/ip-down.d/98-vyos-pppoe-cleanup-nameservers
index 222c75f21..5157469f4 100755
--- a/src/etc/ppp/ip-down.d/98-vyos-pppoe-cleanup-nameservers
+++ b/src/etc/ppp/ip-down.d/98-vyos-pppoe-cleanup-nameservers
@@ -1,5 +1,4 @@
#!/bin/bash
-### Autogenerated by interfaces-pppoe.py ###
interface=$6
if [ -z "$interface" ]; then
diff --git a/src/etc/ppp/ip-up.d/98-vyos-pppoe-setup-nameservers b/src/etc/ppp/ip-up.d/98-vyos-pppoe-setup-nameservers
index 0fcedbedc..4affaeb5c 100755
--- a/src/etc/ppp/ip-up.d/98-vyos-pppoe-setup-nameservers
+++ b/src/etc/ppp/ip-up.d/98-vyos-pppoe-setup-nameservers
@@ -1,5 +1,4 @@
#!/bin/bash
-### Autogenerated by interfaces-pppoe.py ###
interface=$6
if [ -z "$interface" ]; then
diff --git a/src/init/vyos-router b/src/init/vyos-router
index 711681a8e..aaecbf2a1 100755
--- a/src/init/vyos-router
+++ b/src/init/vyos-router
@@ -372,11 +372,11 @@ start ()
# As VyOS does not execute commands that are not present in the CLI we call
# the script by hand to have a single source for the login banner and MOTD
${vyos_conf_scripts_dir}/system_console.py || log_failure_msg "could not reset serial console"
- ${vyos_conf_scripts_dir}/system-login-banner.py || log_failure_msg "could not reset motd and issue files"
- ${vyos_conf_scripts_dir}/system-option.py || log_failure_msg "could not reset system option files"
- ${vyos_conf_scripts_dir}/system-ip.py || log_failure_msg "could not reset system IPv4 options"
- ${vyos_conf_scripts_dir}/system-ipv6.py || log_failure_msg "could not reset system IPv6 options"
- ${vyos_conf_scripts_dir}/conntrack.py || log_failure_msg "could not reset conntrack subsystem"
+ ${vyos_conf_scripts_dir}/system_login_banner.py || log_failure_msg "could not reset motd and issue files"
+ ${vyos_conf_scripts_dir}/system_option.py || log_failure_msg "could not reset system option files"
+ ${vyos_conf_scripts_dir}/system_ip.py || log_failure_msg "could not reset system IPv4 options"
+ ${vyos_conf_scripts_dir}/system_ipv6.py || log_failure_msg "could not reset system IPv6 options"
+ ${vyos_conf_scripts_dir}/system_conntrack.py || log_failure_msg "could not reset conntrack subsystem"
${vyos_conf_scripts_dir}/container.py || log_failure_msg "could not reset container subsystem"
clear_or_override_config_files || log_failure_msg "could not reset config files"
diff --git a/src/migration-scripts/https/1-to-2 b/src/migration-scripts/https/1-to-2
index b1cf37ea6..1a2cdc1e7 100755
--- a/src/migration-scripts/https/1-to-2
+++ b/src/migration-scripts/https/1-to-2
@@ -15,7 +15,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# * Move 'api virtual-host' list to 'api-restrict virtual-host' so it
-# is owned by https.py instead of http-api.py
+# is owned by service_https.py
import sys
diff --git a/src/op_mode/clear_dhcp_lease.py b/src/op_mode/clear_dhcp_lease.py
index 2c95a2b08..7d4b47104 100755
--- a/src/op_mode/clear_dhcp_lease.py
+++ b/src/op_mode/clear_dhcp_lease.py
@@ -28,7 +28,7 @@ from vyos.utils.commit import commit_in_progress
config = ConfigTreeQuery()
base = ['service', 'dhcp-server']
-lease_file = '/config/dhcp4.leases'
+lease_file = '/config/dhcp/dhcp4-leases.csv'
def del_lease_ip(address):
@@ -52,7 +52,6 @@ def is_ip_in_leases(address):
Return True if address found in the lease file
"""
leases = kea_parse_leases(lease_file)
- lease_ips = []
for lease in leases:
if address == lease['address']:
return True
diff --git a/src/op_mode/connect_disconnect.py b/src/op_mode/connect_disconnect.py
index 89f929be7..10034e499 100755
--- a/src/op_mode/connect_disconnect.py
+++ b/src/op_mode/connect_disconnect.py
@@ -55,7 +55,7 @@ def connect(interface):
if is_wwan_connected(interface):
print(f'Interface {interface}: already connected!')
else:
- call(f'VYOS_TAGNODE_VALUE={interface} /usr/libexec/vyos/conf_mode/interfaces-wwan.py')
+ call(f'VYOS_TAGNODE_VALUE={interface} /usr/libexec/vyos/conf_mode/interfaces_wwan.py')
else:
print(f'Unknown interface {interface}, can not connect. Aborting!')
diff --git a/src/op_mode/dhcp.py b/src/op_mode/dhcp.py
index a9271ea79..02f4d5bbb 100755
--- a/src/op_mode/dhcp.py
+++ b/src/op_mode/dhcp.py
@@ -31,9 +31,6 @@ from vyos.configquery import ConfigTreeQuery
from vyos.kea import kea_get_active_config
from vyos.kea import kea_get_pool_from_subnet_id
from vyos.kea import kea_parse_leases
-from vyos.utils.dict import dict_search
-from vyos.utils.file import read_file
-from vyos.utils.process import cmd
from vyos.utils.process import is_systemd_service_running
time_string = "%a %b %d %H:%M:%S %Z %Y"
@@ -79,8 +76,8 @@ def _get_raw_server_leases(family='inet', pool=None, sorted=None, state=[], orig
Get DHCP server leases
:return list
"""
- lease_file = '/config/dhcp6.leases' if family == 'inet6' else '/config/dhcp4.leases'
- data = []
+ inet_suffix = '6' if family == 'inet6' else '4'
+ lease_file = f'/config/dhcp/dhcp{inet_suffix}-leases.csv'
leases = kea_parse_leases(lease_file)
if pool is None:
@@ -88,9 +85,9 @@ def _get_raw_server_leases(family='inet', pool=None, sorted=None, state=[], orig
else:
pool = [pool]
- inet_suffix = '6' if family == 'inet6' else '4'
active_config = kea_get_active_config(inet_suffix)
+ data = []
for lease in leases:
data_lease = {}
data_lease['ip'] = lease['address']
diff --git a/src/system/keepalived-fifo.py b/src/system/keepalived-fifo.py
index 5e19bdbad..6d33e372d 100755
--- a/src/system/keepalived-fifo.py
+++ b/src/system/keepalived-fifo.py
@@ -41,7 +41,7 @@ logger.addHandler(logs_handler_syslog)
logger.setLevel(logging.DEBUG)
mdns_running_file = '/run/mdns_vrrp_active'
-mdns_update_command = 'sudo /usr/libexec/vyos/conf_mode/service_mdns-repeater.py'
+mdns_update_command = 'sudo /usr/libexec/vyos/conf_mode/service_mdns_repeater.py'
# class for all operations
class KeepalivedFifo:
diff --git a/src/tests/test_task_scheduler.py b/src/tests/test_task_scheduler.py
index f15fcde88..130f825e6 100644
--- a/src/tests/test_task_scheduler.py
+++ b/src/tests/test_task_scheduler.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2018-2020 VyOS maintainers and contributors
+# Copyright (C) 2018-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -17,16 +17,16 @@
import os
import tempfile
import unittest
+import importlib
from vyos import ConfigError
try:
- from src.conf_mode import task_scheduler
+ task_scheduler = importlib.import_module("src.conf_mode.system_task-scheduler")
except ModuleNotFoundError: # for unittest.main()
import sys
sys.path.append(os.path.join(os.path.dirname(__file__), '../..'))
- from src.conf_mode import task_scheduler
-
+ task_scheduler = importlib.import_module("src.conf_mode.system_task-scheduler")
class TestUpdateCrontab(unittest.TestCase):
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-23 07:34:09 +0000