From fe1d2377fe1169d7e13012295036935447ccfed1 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 29 Jul 2020 21:28:21 +0200 Subject: wireguard: T2743: move key migration from config script to migration script Migration files on the storage should be done one time by a migration script instead of every time the configuration changes. Moving this to an older migration script is fine as this is around for a long time and all rolling releases are already up2date. It only affects updates from VyOS 1.2 series. --- src/conf_mode/interfaces-wireguard.py | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) (limited to 'src/conf_mode/interfaces-wireguard.py') diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 6325a8b05..8b64cde4d 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -28,27 +28,11 @@ from vyos.configverify import verify_vrf from vyos.configverify import verify_address from vyos.configverify import verify_bridge_delete from vyos.ifconfig import WireGuardIf -from vyos.util import chown, chmod_750 from vyos.util import check_kmod from vyos import ConfigError from vyos import airbag airbag.enable() -k_mod = 'wireguard' - -def _migrate_default_keys(): - kdir = r'/config/auth/wireguard' - if os.path.exists(f'{kdir}/private.key') and not os.path.exists(f'{kdir}/default/private.key'): - location = f'{kdir}/default' - if not os.path.exists(location): - os.makedirs(location) - - chown(location, 'root', 'vyattacfg') - chmod_750(location) - os.rename(f'{kdir}/private.key', f'{location}/private.key') - os.rename(f'{kdir}/public.key', f'{location}/public.key') - - def get_config(): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the @@ -79,7 +63,6 @@ def get_config(): return wireguard - def verify(wireguard): if 'deleted' in wireguard: verify_bridge_delete(wireguard) @@ -123,8 +106,7 @@ def apply(wireguard): if __name__ == '__main__': try: - check_kmod(k_mod) - _migrate_default_keys() + check_kmod('wireguard') c = get_config() verify(c) apply(c) -- cgit v1.2.3