From c3d536f77d62da7c37406dd831dae8d22cb9bd1a Mon Sep 17 00:00:00 2001
From: DmitriyEshenko <dmitriy.eshenko@vyos.io>
Date: Mon, 9 Aug 2021 09:55:11 +0000
Subject: openconnect: T3695: Add systemd service checker on commit

---
 python/vyos/util.py              |  6 ++++++
 src/conf_mode/vpn_openconnect.py | 20 +++++++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/python/vyos/util.py b/python/vyos/util.py
index be7c53438..28f0c9bd1 100644
--- a/python/vyos/util.py
+++ b/python/vyos/util.py
@@ -702,3 +702,9 @@ def get_interface_config(interface):
     from json import loads
     tmp = loads(cmd(f'ip -d -j link show {interface}'))[0]
     return tmp
+
+def is_systemd_service_running(service):
+    """ Test is a specified systemd service is actually running.
+    Returns True if service is running, false otherwise. """
+    tmp = run(f'systemctl is-active --quiet {service}')
+    return bool((tmp == 0))
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index 2986c3458..021ee7046 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -21,9 +21,10 @@ from vyos.config import Config
 from vyos.configdict import dict_merge
 from vyos.xml import defaults
 from vyos.template import render
-from vyos.util import call
+from vyos.util import call, is_systemd_service_running
 from vyos import ConfigError
 from crypt import crypt, mksalt, METHOD_SHA512
+from time import sleep
 
 from vyos import airbag
 airbag.enable()
@@ -82,6 +83,20 @@ def verify(ocserv):
 
     # Check network settings
     if "network_settings" in ocserv:
+        # IPv4 or IPv6 pool must be defined
+        ipv4_net_conf = 0
+        if "client_ip_settings" in ocserv["network_settings"]:
+             if "subnet" in ocserv["network_settings"]["client_ip_settings"]:
+                ipv4_net_conf = 1
+
+        ipv6_net_conf = 0
+        if 'client_ipv6_pool' in ocserv["network_settings"]:
+            if 'prefix' in ocserv["network_settings"]["client_ipv6_pool"]:
+                ipv6_net_conf = 1
+
+        if not ipv4_net_conf and not ipv6_net_conf:
+            raise ConfigError('openconnect client-ip-settings or client-ipv6-pool required')
+
         if "push_route" in ocserv["network_settings"]:
             # Replace default route
             if "0.0.0.0/0" in ocserv["network_settings"]["push_route"]:
@@ -121,6 +136,9 @@ def apply(ocserv):
                 os.unlink(file)
     else:
         call('systemctl restart ocserv.service')
+        sleep(1)
+        if not is_systemd_service_running("ocserv.service"):
+            raise ConfigError('openconnect is not started. Check log output')
 
 
 if __name__ == '__main__':
-- 
cgit v1.2.3