diff options
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/pki.py | 4 | ||||
| -rwxr-xr-x | src/conf_mode/vrf.py | 4 | ||||
| -rw-r--r-- | src/etc/systemd/system/certbot.service.d/10-override.conf | 7 | ||||
| -rwxr-xr-x | src/helpers/vyos-load-balancer.py | 6 | ||||
| -rwxr-xr-x | src/op_mode/load-balancing_wan.py | 2 | ||||
| -rwxr-xr-x | src/op_mode/pki.py | 15 | ||||
| -rwxr-xr-x | src/services/vyos-commitd | 4 |
7 files changed, 30 insertions, 12 deletions
diff --git a/src/conf_mode/pki.py b/src/conf_mode/pki.py index 7d01b6642..6522a3897 100755 --- a/src/conf_mode/pki.py +++ b/src/conf_mode/pki.py @@ -144,7 +144,7 @@ def certbot_request(name: str, config: dict, dry_run: bool=True): # When ACME is used behind a reverse proxy, we always bind to localhost # whatever the CLI listen-address is configured for. - if ('haproxy' in dict_search('used_by', config) and + if ('used_by' in config and 'haproxy' in config['used_by'] and is_systemd_service_running(systemd_services['haproxy']) and not check_port_availability(listen_address, 80)): tmp += f' --http-01-address 127.0.0.1 --http-01-port {internal_ports["certbot_haproxy"]}' @@ -551,7 +551,7 @@ def generate(pki): if not ca_cert_present: tmp = dict_search_args(pki, 'ca', f'{autochain_prefix}{cert}', 'certificate') if not bool(tmp) or tmp != cert_chain_base64: - Message(f'Add/replace automatically imported CA certificate for "{cert}"...') + Message(f'Add/replace automatically imported CA certificate for "{cert}" ...') add_cli_node(['pki', 'ca', f'{autochain_prefix}{cert}', 'certificate'], value=cert_chain_base64) return None diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index 6e9d4147a..00a202df4 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -240,7 +240,7 @@ def apply(vrf): vrf_iface.set_dhcpv6(False) # Remove nftables conntrack zone map item - nft_del_element = f'delete element inet vrf_zones ct_iface_map {{ "{tmp}" }}' + nft_del_element = f'delete element inet vrf_zones ct_iface_map {{ \'"{tmp}"\' }}' # Check if deleting is possible first to avoid raising errors _, err = popen(f'nft --check {nft_del_element}') if not err: @@ -320,7 +320,7 @@ def apply(vrf): state = 'down' if 'disable' in config else 'up' vrf_if.set_admin_state(state) # Add nftables conntrack zone map item - nft_add_element = f'add element inet vrf_zones ct_iface_map {{ "{name}" : {table} }}' + nft_add_element = f'add element inet vrf_zones ct_iface_map {{ \'"{name}"\' : {table} }}' cmd(f'nft {nft_add_element}') # Only call into nftables as long as there is nothing setup to avoid wasting diff --git a/src/etc/systemd/system/certbot.service.d/10-override.conf b/src/etc/systemd/system/certbot.service.d/10-override.conf deleted file mode 100644 index 542f77eb2..000000000 --- a/src/etc/systemd/system/certbot.service.d/10-override.conf +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -After= -After=vyos-router.service - -[Service] -ExecStart= -ExecStart=/usr/bin/certbot renew --config-dir /config/auth/letsencrypt --no-random-sleep-on-renew --post-hook "/usr/libexec/vyos/vyos-certbot-renew-pki.sh" diff --git a/src/helpers/vyos-load-balancer.py b/src/helpers/vyos-load-balancer.py index 30329fd5c..5852dcdf4 100755 --- a/src/helpers/vyos-load-balancer.py +++ b/src/helpers/vyos-load-balancer.py @@ -246,6 +246,7 @@ if __name__ == '__main__': # Main loop + init = True; try: while True: ip_change = False @@ -273,6 +274,11 @@ if __name__ == '__main__': if state_changed and state['failure_count'] >= int(health_conf['failure_count']): state['state'] = False state['state_changed'] = True + + #Force state changed to trigger the first write + if init == True: + state['state_changed'] = True + init = False if state['state_changed']: state['if_addr'] = get_ipv4_address(ifname) diff --git a/src/op_mode/load-balancing_wan.py b/src/op_mode/load-balancing_wan.py index 9fa473802..e1e2e8109 100755 --- a/src/op_mode/load-balancing_wan.py +++ b/src/op_mode/load-balancing_wan.py @@ -62,7 +62,7 @@ def _get_formatted_output(raw_data): change_dt = datetime.fromtimestamp(latest_change) if latest_change > 0 else None success_dt = datetime.fromtimestamp(if_data['last_success']) if if_data['last_success'] > 0 else None failure_dt = datetime.fromtimestamp(if_data['last_failure']) if if_data['last_failure'] > 0 else None - now = datetime.utcnow() + now = datetime.fromtimestamp(time.time()) fmt_data = { 'ifname': ifname, diff --git a/src/op_mode/pki.py b/src/op_mode/pki.py index 49a461e9e..d928bd325 100755 --- a/src/op_mode/pki.py +++ b/src/op_mode/pki.py @@ -1373,6 +1373,21 @@ def show_all(raw: bool): print('\n') show_crl(raw) +def renew_certbot(raw: bool, force: typing.Optional[bool] = False): + from vyos.defaults import directories + + certbot_config = directories['certbot'] + hook_dir = directories['base'] + + tmp = f'/usr/bin/certbot renew --no-random-sleep-on-renew ' \ + f'--config-dir "{certbot_config}" ' \ + f'--post-hook "{hook_dir}/vyos-certbot-renew-pki.sh"' + if force: + tmp += ' --force-renewal' + + out = cmd(tmp) + if not raw: + print(out) if __name__ == '__main__': try: diff --git a/src/services/vyos-commitd b/src/services/vyos-commitd index e7f2d82c7..d67b44931 100755 --- a/src/services/vyos-commitd +++ b/src/services/vyos-commitd @@ -42,6 +42,7 @@ from vyos.defaults import directories from vyos.utils.boot import boot_configuration_complete from vyos.configsource import ConfigSourceCache from vyos.configsource import ConfigSourceError +from vyos.configdiff import get_commit_scripts from vyos.config import Config from vyos.frrender import FRRender from vyos.frrender import get_frrender_dict @@ -230,6 +231,9 @@ def initialization(session: Session) -> Session: dependent_func: dict[str, list[typing.Callable]] = {} setattr(config, 'dependent_func', dependent_func) + commit_scripts = get_commit_scripts(config) + logger.debug(f'commit_scripts: {commit_scripts}') + scripts_called = [] setattr(config, 'scripts_called', scripts_called) |