From 949a4babb3daf1c585125fa71942fc7fa7832cdf Mon Sep 17 00:00:00 2001 From: Yun Zheng Hu Date: Sat, 18 Nov 2023 21:34:15 +0100 Subject: T2405: add Git support to commit-archive (cherry picked from commit a89243cfbfc90854a8cddd53c0ffc987f75abcee) --- debian/control | 1 + interface-definitions/system-config-mgmt.xml.in | 1 + python/vyos/config_mgmt.py | 20 +++- python/vyos/remote.py | 131 ++++++++++++++++++++++-- 4 files changed, 143 insertions(+), 10 deletions(-) diff --git a/debian/control b/debian/control index f31c5a510..42c0b580b 100644 --- a/debian/control +++ b/debian/control @@ -62,6 +62,7 @@ Depends: frr-snmp, fuse-overlayfs, libpam-google-authenticator, + git, grc, haproxy, hostapd, diff --git a/interface-definitions/system-config-mgmt.xml.in b/interface-definitions/system-config-mgmt.xml.in index de5a8cc16..794f9f1a0 100644 --- a/interface-definitions/system-config-mgmt.xml.in +++ b/interface-definitions/system-config-mgmt.xml.in @@ -22,6 +22,7 @@ + (ssh|git|git\+(\w+)):\/\/.* diff --git a/python/vyos/config_mgmt.py b/python/vyos/config_mgmt.py index 654a8d698..df7240c88 100644 --- a/python/vyos/config_mgmt.py +++ b/python/vyos/config_mgmt.py @@ -22,10 +22,11 @@ import logging from typing import Optional, Tuple, Union from filecmp import cmp from datetime import datetime -from textwrap import dedent +from textwrap import dedent, indent from pathlib import Path from tabulate import tabulate from shutil import copy, chown +from urllib.parse import urlsplit, urlunsplit from vyos.config import Config from vyos.configtree import ConfigTree, ConfigTreeError, show_diff @@ -377,9 +378,22 @@ Proceed ?''' remote_file = f'config.boot-{hostname}.{timestamp}' source_address = self.source_address + if self.effective_locations: + print("Archiving config...") for location in self.effective_locations: - upload(archive_config_file, f'{location}/{remote_file}', - source_host=source_address) + url = urlsplit(location) + _, _, netloc = url.netloc.rpartition("@") + redacted_location = urlunsplit(url._replace(netloc=netloc)) + print(f" {redacted_location}", end=" ", flush=True) + try: + upload(archive_config_file, f'{location}/{remote_file}', + source_host=source_address, raise_error=True) + print("OK") + except Exception as e: + print("FAILED!") + print() + print(indent(str(e), " > ")) + print() # op-mode functions # diff --git a/python/vyos/remote.py b/python/vyos/remote.py index 4be477d24..8b90e4530 100644 --- a/python/vyos/remote.py +++ b/python/vyos/remote.py @@ -14,6 +14,7 @@ # License along with this library. If not, see . import os +import pwd import shutil import socket import ssl @@ -22,6 +23,9 @@ import sys import tempfile import urllib.parse +from contextlib import contextmanager +from pathlib import Path + from ftplib import FTP from ftplib import FTP_TLS @@ -37,11 +41,22 @@ from vyos.utils.io import ask_yes_no from vyos.utils.io import is_interactive from vyos.utils.io import print_error from vyos.utils.misc import begin -from vyos.utils.process import cmd +from vyos.utils.process import cmd, rc_cmd from vyos.version import get_version CHUNK_SIZE = 8192 +@contextmanager +def umask(mask: int): + """ + Context manager that temporarily sets the process umask. + """ + oldmask = os.umask(mask) + try: + yield + finally: + os.umask(oldmask) + class InteractivePolicy(MissingHostKeyPolicy): """ Paramiko policy for interactively querying the user on whether to proceed @@ -310,35 +325,137 @@ class TftpC: with open(location, 'rb') as f: cmd(f'{self.command} -T - "{self.urlstring}"', input=f.read()) +class GitC: + def __init__(self, + url, + progressbar=False, + check_space=False, + source_host=None, + source_port=0, + timeout=10, + ): + self.command = 'git' + self.url = url + self.urlstring = urllib.parse.urlunsplit(url) + if self.urlstring.startswith("git+"): + self.urlstring = self.urlstring.replace("git+", "", 1) + + def download(self, location: str): + raise NotImplementedError("not supported") + + @umask(0o077) + def upload(self, location: str): + scheme = self.url.scheme + _, _, scheme = scheme.partition("+") + netloc = self.url.netloc + url = Path(self.url.path).parent + with tempfile.TemporaryDirectory(prefix="git-commit-archive-") as directory: + # Determine username, fullname, email for Git commit + pwd_entry = pwd.getpwuid(os.getuid()) + user = pwd_entry.pw_name + name = pwd_entry.pw_gecos.split(",")[0] or user + fqdn = socket.getfqdn() + email = f"{user}@{fqdn}" + + # environment vars for our git commands + env = { + "GIT_TERMINAL_PROMPT": "0", + "GIT_AUTHOR_NAME": name, + "GIT_AUTHOR_EMAIL": email, + "GIT_COMMITTER_NAME": name, + "GIT_COMMITTER_EMAIL": email, + } + + # build ssh command for git + ssh_command = ["ssh"] + + # if we are not interactive, we use StrictHostKeyChecking=yes to avoid any prompts + if not sys.stdout.isatty(): + ssh_command += ["-o", "StrictHostKeyChecking=yes"] + + env["GIT_SSH_COMMAND"] = " ".join(ssh_command) + + # git clone + path_repository = Path(directory) / "repository" + scheme = f"{scheme}://" if scheme else "" + rc, out = rc_cmd( + [self.command, "clone", f"{scheme}{netloc}{url}", str(path_repository), "--depth=1"], + env=env, + shell=False, + ) + if rc: + raise Exception(out) + + # git add + filename = Path(Path(self.url.path).name).stem + dst = path_repository / filename + shutil.copy2(location, dst) + rc, out = rc_cmd( + [self.command, "-C", str(path_repository), "add", filename], + env=env, + shell=False, + ) + + # git commit -m + commit_message = os.environ.get("COMMIT_COMMENT", "commit") + rc, out = rc_cmd( + [self.command, "-C", str(path_repository), "commit", "-m", commit_message], + env=env, + shell=False, + ) + + # git push + rc, out = rc_cmd( + [self.command, "-C", str(path_repository), "push"], + env=env, + shell=False, + ) + if rc: + raise Exception(out) + def urlc(urlstring, *args, **kwargs): """ Dynamically dispatch the appropriate protocol class. """ - url_classes = {'http': HttpC, 'https': HttpC, 'ftp': FtpC, 'ftps': FtpC, \ - 'sftp': SshC, 'ssh': SshC, 'scp': SshC, 'tftp': TftpC} + url_classes = { + "http": HttpC, + "https": HttpC, + "ftp": FtpC, + "ftps": FtpC, + "sftp": SshC, + "ssh": SshC, + "scp": SshC, + "tftp": TftpC, + "git": GitC, + } url = urllib.parse.urlsplit(urlstring) + scheme, _, _ = url.scheme.partition("+") try: - return url_classes[url.scheme](url, *args, **kwargs) + return url_classes[scheme](url, *args, **kwargs) except KeyError: - raise ValueError(f'Unsupported URL scheme: "{url.scheme}"') + raise ValueError(f'Unsupported URL scheme: "{scheme}"') -def download(local_path, urlstring, progressbar=False, check_space=False, +def download(local_path, urlstring, progressbar=False, raise_error=False, check_space=False, source_host='', source_port=0, timeout=10.0): try: progressbar = progressbar and is_interactive() urlc(urlstring, progressbar, check_space, source_host, source_port, timeout).download(local_path) except Exception as err: + if raise_error: + raise print_error(f'Unable to download "{urlstring}": {err}') except KeyboardInterrupt: print_error('\nDownload aborted by user.') -def upload(local_path, urlstring, progressbar=False, +def upload(local_path, urlstring, progressbar=False, raise_error=False, source_host='', source_port=0, timeout=10.0): try: progressbar = progressbar and is_interactive() urlc(urlstring, progressbar, source_host, source_port, timeout).upload(local_path) except Exception as err: + if raise_error: + raise print_error(f'Unable to upload "{urlstring}": {err}') except KeyboardInterrupt: print_error('\nUpload aborted by user.') -- cgit v1.2.3 From e6c1f1ed512e969ff3d4b11692e35b4d0293c3eb Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 18 Nov 2023 21:53:35 +0100 Subject: config-mgmt: T4957: T2405: add proper valueHelp strings for remote URL vyos@vyos# set system config-management commit-archive location Possible completions: uri Uniform Resource Identifier Unfortunately URI is a bit "less" specific - add proper help strings: vyos@vyos# set system config-management commit-archive location Possible completions: http://:@/ https://:@/ ftp://:@/ sftp://:@/ scp://:@/ tftp://:@/ git+https://:@/ (cherry picked from commit dcb277ba0aed4a02f48572d10d3ba242942b8639) --- interface-definitions/system-config-mgmt.xml.in | 28 +++++++++++++++++++++++-- scripts/build-command-templates | 2 ++ 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/interface-definitions/system-config-mgmt.xml.in b/interface-definitions/system-config-mgmt.xml.in index 794f9f1a0..b01b44bf9 100644 --- a/interface-definitions/system-config-mgmt.xml.in +++ b/interface-definitions/system-config-mgmt.xml.in @@ -17,8 +17,32 @@ Commit archive location - uri - Uniform Resource Identifier + http://<user>:<passwd>@<host>/<path> + + + + https://<user>:<passwd>@<host>/<path> + + + + ftp://<user>:<passwd>@<host>/<path> + + + + sftp://<user>:<passwd>@<host>/<path> + + + + scp://<user>:<passwd>@<host>/<path> + + + + tftp://<user>:<passwd>@<host>/<path> + + + + git+https://<user>:<passwd>@<host>/<path> + diff --git a/scripts/build-command-templates b/scripts/build-command-templates index c8ae83d9d..2e7f8b994 100755 --- a/scripts/build-command-templates +++ b/scripts/build-command-templates @@ -145,6 +145,8 @@ def get_properties(p, default=None): description = v.find("description").text if default != None and default.text == format: description += f' (default)' + # Is no description was specified, keep it empty + if not description: description = '' vh.append( (format, description) ) props["val_help"] = vh except: -- cgit v1.2.3 From d87dfa557c962b9ac1bb7483a3b419095ae5fccf Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sun, 19 Nov 2023 22:20:07 +0100 Subject: config-mgmt: T4957: remove TFTP user/pass from completion helper (cherry picked from commit e92667504e0c503b7c0d125d89d8795d6b6d5876) --- interface-definitions/system-config-mgmt.xml.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interface-definitions/system-config-mgmt.xml.in b/interface-definitions/system-config-mgmt.xml.in index b01b44bf9..61089ce34 100644 --- a/interface-definitions/system-config-mgmt.xml.in +++ b/interface-definitions/system-config-mgmt.xml.in @@ -37,7 +37,7 @@ - tftp://<user>:<passwd>@<host>/<path> + tftp://<host>/<path> -- cgit v1.2.3