From aceb0817a65bf01669cada3ceb60d65b81607bc3 Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 14:36:29 +0100 Subject: util: T2226: covert most calls from os.system to util As little change a possible but the function call The behaviour should be totally unchanged. --- src/conf_mode/bcast_relay.py | 5 +++-- src/conf_mode/dhcp_relay.py | 5 +++-- src/conf_mode/dhcp_server.py | 6 ++++-- src/conf_mode/dhcpv6_relay.py | 6 ++++-- src/conf_mode/dhcpv6_server.py | 6 ++++-- src/conf_mode/dns_forwarding.py | 5 +++-- src/conf_mode/dynamic_dns.py | 6 ++++-- src/conf_mode/firewall_options.py | 28 +++++++++++++++------------- src/conf_mode/http-api.py | 6 +++--- src/conf_mode/https.py | 6 ++++-- src/conf_mode/igmp_proxy.py | 6 ++++-- src/conf_mode/interfaces-bonding.py | 4 +++- src/conf_mode/interfaces-l2tpv3.py | 3 ++- src/conf_mode/interfaces-wirelessmodem.py | 4 ++-- src/conf_mode/ipsec-settings.py | 9 +++++---- src/conf_mode/le_cert.py | 6 ++++-- src/conf_mode/lldp.py | 6 ++++-- src/conf_mode/mdns_repeater.py | 6 ++++-- src/conf_mode/ntp.py | 6 ++++-- src/conf_mode/protocols_bfd.py | 11 +++++++++++ src/conf_mode/protocols_igmp.py | 4 +++- src/conf_mode/protocols_mpls.py | 6 ++++-- src/conf_mode/protocols_pim.py | 6 ++++++ src/conf_mode/salt-minion.py | 6 ++++-- src/conf_mode/service-router-advert.py | 6 ++++-- src/conf_mode/snmp.py | 18 ++++++++++-------- src/conf_mode/ssh.py | 6 ++++-- src/conf_mode/system-ip.py | 4 +++- src/conf_mode/system-ipv6.py | 4 +++- src/conf_mode/system-options.py | 5 +++-- src/conf_mode/system-timezone.py | 6 +++--- src/conf_mode/tftp_server.py | 6 ++++-- 32 files changed, 141 insertions(+), 76 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/bcast_relay.py b/src/conf_mode/bcast_relay.py index 96576ddd4..f6d90776c 100755 --- a/src/conf_mode/bcast_relay.py +++ b/src/conf_mode/bcast_relay.py @@ -24,6 +24,7 @@ from jinja2 import FileSystemLoader, Environment from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run config_file = r'/etc/default/udp-broadcast-relay' @@ -154,7 +155,7 @@ def generate(relay): def apply(relay): # first stop all running services - os.system('sudo systemctl stop udp-broadcast-relay@{1..99}') + run('sudo systemctl stop udp-broadcast-relay@{1..99}') if (relay is None) or relay['disabled']: return None @@ -164,7 +165,7 @@ def apply(relay): # Don't start individual instance when it's disabled if r['disabled']: continue - os.system('sudo systemctl start udp-broadcast-relay@{0}'.format(r['id'])) + run('sudo systemctl start udp-broadcast-relay@{0}'.format(r['id'])) return None diff --git a/src/conf_mode/dhcp_relay.py b/src/conf_mode/dhcp_relay.py index 6f8d66e7b..1d6d4c6e3 100755 --- a/src/conf_mode/dhcp_relay.py +++ b/src/conf_mode/dhcp_relay.py @@ -22,6 +22,7 @@ from sys import exit from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run config_file = r'/etc/default/isc-dhcp-relay' @@ -112,10 +113,10 @@ def generate(relay): def apply(relay): if relay is not None: - os.system('sudo systemctl restart isc-dhcp-relay.service') + run('sudo systemctl restart isc-dhcp-relay.service') else: # DHCP relay support is removed in the commit - os.system('sudo systemctl stop isc-dhcp-relay.service') + run('sudo systemctl stop isc-dhcp-relay.service') os.unlink(config_file) return None diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py index 3d75414f5..69aebe2f4 100755 --- a/src/conf_mode/dhcp_server.py +++ b/src/conf_mode/dhcp_server.py @@ -26,6 +26,8 @@ from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos.validate import is_subnet_connected from vyos import ConfigError +from vyos.util import run + config_file = r'/etc/dhcp/dhcpd.conf' lease_file = r'/config/dhcpd.leases' @@ -626,7 +628,7 @@ def generate(dhcp): def apply(dhcp): if (dhcp is None) or dhcp['disabled']: # DHCP server is removed in the commit - os.system('sudo systemctl stop isc-dhcpv4-server.service') + run('sudo systemctl stop isc-dhcpv4-server.service') if os.path.exists(config_file): os.unlink(config_file) if os.path.exists(daemon_config_file): @@ -636,7 +638,7 @@ def apply(dhcp): if not os.path.exists(lease_file): os.mknod(lease_file) - os.system('sudo systemctl restart isc-dhcpv4-server.service') + run('sudo systemctl restart isc-dhcpv4-server.service') return None diff --git a/src/conf_mode/dhcpv6_relay.py b/src/conf_mode/dhcpv6_relay.py index d942daf37..a67deb6c7 100755 --- a/src/conf_mode/dhcpv6_relay.py +++ b/src/conf_mode/dhcpv6_relay.py @@ -23,6 +23,8 @@ from jinja2 import FileSystemLoader, Environment from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run + config_file = r'/etc/default/isc-dhcpv6-relay' @@ -98,10 +100,10 @@ def generate(relay): def apply(relay): if relay is not None: - os.system('sudo systemctl restart isc-dhcpv6-relay.service') + run('sudo systemctl restart isc-dhcpv6-relay.service') else: # DHCPv6 relay support is removed in the commit - os.system('sudo systemctl stop isc-dhcpv6-relay.service') + run('sudo systemctl stop isc-dhcpv6-relay.service') os.unlink(config_file) return None diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py index 10b40baa4..003e80915 100755 --- a/src/conf_mode/dhcpv6_server.py +++ b/src/conf_mode/dhcpv6_server.py @@ -25,6 +25,8 @@ from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos.validate import is_subnet_connected from vyos import ConfigError +from vyos.util import run + config_file = r'/etc/dhcp/dhcpdv6.conf' lease_file = r'/config/dhcpdv6.leases' @@ -362,7 +364,7 @@ def generate(dhcpv6): def apply(dhcpv6): if (dhcpv6 is None) or dhcpv6['disabled']: # DHCP server is removed in the commit - os.system('sudo systemctl stop isc-dhcpv6-server.service') + run('sudo systemctl stop isc-dhcpv6-server.service') if os.path.exists(config_file): os.unlink(config_file) if os.path.exists(daemon_config_file): @@ -372,7 +374,7 @@ def apply(dhcpv6): if not os.path.exists(lease_file): os.mknod(lease_file) - os.system('sudo systemctl restart isc-dhcpv6-server.service') + run('sudo systemctl restart isc-dhcpv6-server.service') return None diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py index bbb69cdf7..5dc599425 100755 --- a/src/conf_mode/dns_forwarding.py +++ b/src/conf_mode/dns_forwarding.py @@ -26,6 +26,7 @@ from vyos.defaults import directories as vyos_data_dir from vyos.hostsd_client import Client as hostsd_client from vyos.util import wait_for_commit_lock from vyos import ConfigError +from vyos.util import run parser = argparse.ArgumentParser() parser.add_argument("--dhclient", action="store_true", @@ -166,11 +167,11 @@ def generate(dns): def apply(dns): if dns is None: # DNS forwarding is removed in the commit - os.system("systemctl stop pdns-recursor") + run("systemctl stop pdns-recursor") if os.path.isfile(config_file): os.unlink(config_file) else: - os.system("systemctl restart pdns-recursor") + run("systemctl restart pdns-recursor") if __name__ == '__main__': args = parser.parse_args() diff --git a/src/conf_mode/dynamic_dns.py b/src/conf_mode/dynamic_dns.py index 56ce4fedc..b9163f7b3 100755 --- a/src/conf_mode/dynamic_dns.py +++ b/src/conf_mode/dynamic_dns.py @@ -24,6 +24,8 @@ from stat import S_IRUSR, S_IWUSR from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run + config_file = r'/etc/ddclient/ddclient.conf' cache_file = r'/var/cache/ddclient/ddclient.cache' @@ -255,11 +257,11 @@ def apply(dyndns): os.unlink('/etc/ddclient.conf') if dyndns['deleted']: - os.system('/etc/init.d/ddclient stop') + run('/etc/init.d/ddclient stop') if os.path.exists(dyndns['pid_file']): os.unlink(dyndns['pid_file']) else: - os.system('/etc/init.d/ddclient restart') + run('/etc/init.d/ddclient restart') return None diff --git a/src/conf_mode/firewall_options.py b/src/conf_mode/firewall_options.py index 2be80cdbf..90f004bc4 100755 --- a/src/conf_mode/firewall_options.py +++ b/src/conf_mode/firewall_options.py @@ -21,6 +21,8 @@ import copy from vyos.config import Config from vyos import ConfigError +from vyos.util import run + default_config_data = { 'intf_opts': [], @@ -85,19 +87,19 @@ def apply(tcp): target = 'VYOS_FW_OPTIONS' # always cleanup iptables - os.system('iptables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) - os.system('iptables --table mangle --flush {} >&/dev/null'.format(target)) - os.system('iptables --table mangle --delete-chain {} >&/dev/null'.format(target)) + run('iptables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) + run('iptables --table mangle --flush {} >&/dev/null'.format(target)) + run('iptables --table mangle --delete-chain {} >&/dev/null'.format(target)) # always cleanup ip6tables - os.system('ip6tables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) - os.system('ip6tables --table mangle --flush {} >&/dev/null'.format(target)) - os.system('ip6tables --table mangle --delete-chain {} >&/dev/null'.format(target)) + run('ip6tables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) + run('ip6tables --table mangle --flush {} >&/dev/null'.format(target)) + run('ip6tables --table mangle --delete-chain {} >&/dev/null'.format(target)) # Setup new iptables rules if tcp['new_chain4']: - os.system('iptables --table mangle --new-chain {} >&/dev/null'.format(target)) - os.system('iptables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) + run('iptables --table mangle --new-chain {} >&/dev/null'.format(target)) + run('iptables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) for opts in tcp['intf_opts']: intf = opts['intf'] @@ -109,13 +111,13 @@ def apply(tcp): # adjust TCP MSS per interface if mss: - os.system('iptables --table mangle --append {} --out-interface {} --protocol tcp ' \ + run('iptables --table mangle --append {} --out-interface {} --protocol tcp ' \ '--tcp-flags SYN,RST SYN --jump TCPMSS --set-mss {} >&/dev/null'.format(target, intf, mss)) # Setup new ip6tables rules if tcp['new_chain6']: - os.system('ip6tables --table mangle --new-chain {} >&/dev/null'.format(target)) - os.system('ip6tables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) + run('ip6tables --table mangle --new-chain {} >&/dev/null'.format(target)) + run('ip6tables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) for opts in tcp['intf_opts']: intf = opts['intf'] @@ -127,8 +129,8 @@ def apply(tcp): # adjust TCP MSS per interface if mss: - os.system('ip6tables --table mangle --append {} --out-interface {} --protocol tcp ' \ - '--tcp-flags SYN,RST SYN --jump TCPMSS --set-mss {} >&/dev/null'.format(target, intf, mss)) + run('ip6tables --table mangle --append {} --out-interface {} --protocol tcp ' + '--tcp-flags SYN,RST SYN --jump TCPMSS --set-mss {} >&/dev/null'.format(target, intf, mss)) return None diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py index 0c2e029e9..ffa68af55 100755 --- a/src/conf_mode/http-api.py +++ b/src/conf_mode/http-api.py @@ -18,13 +18,13 @@ import sys import os -import subprocess import json from copy import deepcopy import vyos.defaults from vyos.config import Config from vyos import ConfigError +from vyos.util import cmd, run config_file = '/etc/vyos/http-api.conf' @@ -91,9 +91,9 @@ def generate(http_api): def apply(http_api): if http_api is not None: - os.system('sudo systemctl restart vyos-http-api.service') + run('sudo systemctl restart vyos-http-api.service') else: - os.system('sudo systemctl stop vyos-http-api.service') + run('sudo systemctl stop vyos-http-api.service') for dep in dependencies: cmd = '{0}/{1}'.format(vyos_conf_scripts_dir, dep) diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index 83a5f3602..e46f1a4e7 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -26,6 +26,8 @@ import vyos.certbot_util from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run + config_file = '/etc/nginx/sites-available/default' @@ -144,9 +146,9 @@ def generate(https): def apply(https): if https is not None: - os.system('sudo systemctl restart nginx.service') + run('sudo systemctl restart nginx.service') else: - os.system('sudo systemctl stop nginx.service') + run('sudo systemctl stop nginx.service') if __name__ == '__main__': try: diff --git a/src/conf_mode/igmp_proxy.py b/src/conf_mode/igmp_proxy.py index aa46f2c4e..abe473530 100755 --- a/src/conf_mode/igmp_proxy.py +++ b/src/conf_mode/igmp_proxy.py @@ -24,6 +24,8 @@ from netifaces import interfaces from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run + config_file = r'/etc/igmpproxy.conf' @@ -129,11 +131,11 @@ def generate(igmp_proxy): def apply(igmp_proxy): if igmp_proxy is None or igmp_proxy['disable']: # IGMP Proxy support is removed in the commit - os.system('sudo systemctl stop igmpproxy.service') + run('sudo systemctl stop igmpproxy.service') if os.path.exists(config_file): os.unlink(config_file) else: - os.system('systemctl restart igmpproxy.service') + run('systemctl restart igmpproxy.service') return None diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index cc119b91a..19f43f725 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -25,6 +25,8 @@ from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config from vyos.configdict import list_diff, vlan_to_dict from vyos.config import Config from vyos import ConfigError +from vyos.util import run + default_config_data = { 'address': [], @@ -90,7 +92,7 @@ def get_config(): if not os.path.isfile('/sys/class/net/bonding_masters'): import syslog syslog.syslog(syslog.LOG_NOTICE, "loading bonding kernel module") - if os.system('modprobe bonding max_bonds=0 miimon=250') != 0: + if run('modprobe bonding max_bonds=0 miimon=250') != 0: syslog.syslog(syslog.LOG_NOTICE, "failed loading bonding kernel module") raise ConfigError("failed loading bonding kernel module") diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index af1d3f482..4b5fc8306 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -22,6 +22,7 @@ from copy import deepcopy from vyos.config import Config from vyos.ifconfig import L2TPv3If, Interface from vyos import ConfigError +from vyos.util import run from netifaces import interfaces default_config_data = { @@ -50,7 +51,7 @@ def check_kmod(): modules = ['l2tp_eth', 'l2tp_netlink', 'l2tp_ip', 'l2tp_ip6'] for module in modules: if not os.path.exists(f'/sys/module/{module}'): - if os.system(f'modprobe {module}') != 0: + if run(f'modprobe {module}') != 0: raise ConfigError(f'Loading Kernel module {module} failed') def get_config(): diff --git a/src/conf_mode/interfaces-wirelessmodem.py b/src/conf_mode/interfaces-wirelessmodem.py index da33d54e4..4df459768 100755 --- a/src/conf_mode/interfaces-wirelessmodem.py +++ b/src/conf_mode/interfaces-wirelessmodem.py @@ -23,7 +23,7 @@ from netifaces import interfaces from vyos.config import Config from vyos.defaults import directories as vyos_data_dir -from vyos.util import chown_file, chmod_x, subprocess_cmd +from vyos.util import chown_file, chmod_x, cmd, run from vyos import ConfigError default_config_data = { @@ -48,7 +48,7 @@ def check_kmod(): modules = ['option', 'usb_wwan', 'usbserial'] for module in modules: if not os.path.exists(f'/sys/module/{module}'): - if os.system(f'modprobe {module}') != 0: + if run(f'modprobe {module}') != 0: raise ConfigError(f'Loading Kernel module {module} failed') def get_config(): diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py index 90b6b0d57..c2f5c8e07 100755 --- a/src/conf_mode/ipsec-settings.py +++ b/src/conf_mode/ipsec-settings.py @@ -24,6 +24,7 @@ from sys import exit from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run ra_conn_name = "remote-access" charon_conf_file = "/etc/strongswan.d/charon.conf" @@ -98,7 +99,7 @@ def get_config(): ### Remove config from file by delimiter def remove_confs(delim_begin, delim_end, conf_file): - os.system("sed -i '/"+delim_begin+"/,/"+delim_end+"/d' "+conf_file) + run("sed -i '/"+delim_begin+"/,/"+delim_end+"/d' "+conf_file) ### Checking certificate storage and notice if certificate not in /config directory @@ -111,7 +112,7 @@ def check_cert_file_store(cert_name, file_path, dts_path): else: ### Cpy file to /etc/ipsec.d/certs/ /etc/ipsec.d/cacerts/ # todo make check - ret = os.system('cp -f '+file_path+' '+dts_path) + ret = run('cp -f '+file_path+' '+dts_path) if ret: raise ConfigError("L2TP VPN configuration error: Cannot copy "+file_path) @@ -192,12 +193,12 @@ def generate(data): remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_conf_flie) def restart_ipsec(): - os.system('ipsec restart >&/dev/null') + run('ipsec restart >&/dev/null') # counter for apply swanctl config counter = 10 while counter <= 10: if os.path.exists(charon_pidfile): - os.system('swanctl -q >&/dev/null') + run('swanctl -q >&/dev/null') break counter -=1 sleep(1) diff --git a/src/conf_mode/le_cert.py b/src/conf_mode/le_cert.py index c657098e1..c0df77710 100755 --- a/src/conf_mode/le_cert.py +++ b/src/conf_mode/le_cert.py @@ -23,6 +23,8 @@ import subprocess import vyos.defaults from vyos.config import Config from vyos import ConfigError +from vyos.util import cmd, run + vyos_conf_scripts_dir = vyos.defaults.directories['conf_mode'] @@ -84,9 +86,9 @@ def generate(cert): # certbot will attempt to reload nginx, even with 'certonly'; # start nginx if not active - ret = os.system('systemctl is-active --quiet nginx.ervice') + ret = run('systemctl is-active --quiet nginx.ervice') if ret: - os.system('sudo systemctl start nginx.service') + run('sudo systemctl start nginx.service') ret = request_certbot(cert) if ret: diff --git a/src/conf_mode/lldp.py b/src/conf_mode/lldp.py index 4e3dfc0b6..c090bba83 100755 --- a/src/conf_mode/lldp.py +++ b/src/conf_mode/lldp.py @@ -26,6 +26,8 @@ from vyos.validate import is_addr_assigned,is_loopback_addr from vyos.defaults import directories as vyos_data_dir from vyos.version import get_version_data from vyos import ConfigError +from vyos.util import run + config_file = "/etc/default/lldpd" vyos_config_file = "/etc/lldpd.d/01-vyos.conf" @@ -239,10 +241,10 @@ def generate(lldp): def apply(lldp): if lldp: # start/restart lldp service - os.system('sudo systemctl restart lldpd.service') + run('sudo systemctl restart lldpd.service') else: # LLDP service has been terminated - os.system('sudo systemctl stop lldpd.service') + run('sudo systemctl stop lldpd.service') os.unlink(config_file) os.unlink(vyos_config_file) diff --git a/src/conf_mode/mdns_repeater.py b/src/conf_mode/mdns_repeater.py index f738cc6a6..2bccd9153 100755 --- a/src/conf_mode/mdns_repeater.py +++ b/src/conf_mode/mdns_repeater.py @@ -24,6 +24,8 @@ from netifaces import ifaddresses, AF_INET from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run + config_file = r'/etc/default/mdns-repeater' @@ -94,11 +96,11 @@ def generate(mdns): def apply(mdns): if (mdns is None) or mdns['disabled']: - os.system('sudo systemctl stop mdns-repeater') + run('sudo systemctl stop mdns-repeater') if os.path.exists(config_file): os.unlink(config_file) else: - os.system('sudo systemctl restart mdns-repeater') + run('sudo systemctl restart mdns-repeater') return None diff --git a/src/conf_mode/ntp.py b/src/conf_mode/ntp.py index 0f635556b..998022a8c 100755 --- a/src/conf_mode/ntp.py +++ b/src/conf_mode/ntp.py @@ -24,6 +24,8 @@ from sys import exit from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run + config_file = r'/etc/ntp.conf' @@ -112,10 +114,10 @@ def generate(ntp): def apply(ntp): if ntp is not None: - os.system('sudo systemctl restart ntp.service') + run('sudo systemctl restart ntp.service') else: # NTP support is removed in the commit - os.system('sudo systemctl stop ntp.service') + run('sudo systemctl stop ntp.service') os.unlink(config_file) return None diff --git a/src/conf_mode/protocols_bfd.py b/src/conf_mode/protocols_bfd.py index 9940c80c5..52a9e54c2 100755 --- a/src/conf_mode/protocols_bfd.py +++ b/src/conf_mode/protocols_bfd.py @@ -24,6 +24,8 @@ from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos.validate import is_ipv6_link_local, is_ipv6 from vyos import ConfigError +from vyos.util import run + config_file = r'/tmp/bfd.frr' @@ -205,7 +207,16 @@ def apply(bfd): if bfd is None: return None +<<<<<<< HEAD os.system(f'vtysh -d bfdd -f {config_file}') +======= + tmpl = jinja2.Template(config_tmpl) + config_text = tmpl.render(bfd) + with open(config_file, 'w') as f: + f.write(config_text) + + run("sudo vtysh -d bfdd -f " + config_file) +>>>>>>> util: T2226: covert most calls from os.system to util if os.path.exists(config_file): os.remove(config_file) diff --git a/src/conf_mode/protocols_igmp.py b/src/conf_mode/protocols_igmp.py index 0148b5dac..6e819a15a 100755 --- a/src/conf_mode/protocols_igmp.py +++ b/src/conf_mode/protocols_igmp.py @@ -23,6 +23,8 @@ from sys import exit from vyos import ConfigError from vyos.config import Config from vyos.defaults import directories as vyos_data_dir +from vyos.util import run + config_file = r'/tmp/igmp.frr' @@ -103,7 +105,7 @@ def apply(igmp): return None if os.path.exists(config_file): - os.system("sudo vtysh -d pimd -f " + config_file) + run("sudo vtysh -d pimd -f " + config_file) os.remove(config_file) return None diff --git a/src/conf_mode/protocols_mpls.py b/src/conf_mode/protocols_mpls.py index 514fe5efb..6e5d08397 100755 --- a/src/conf_mode/protocols_mpls.py +++ b/src/conf_mode/protocols_mpls.py @@ -21,11 +21,13 @@ from jinja2 import FileSystemLoader, Environment from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run + config_file = r'/tmp/ldpd.frr' def sysctl(name, value): - os.system('sysctl -wq {}={}'.format(name, value)) + run('sysctl -wq {}={}'.format(name, value)) def get_config(): conf = Config() @@ -160,7 +162,7 @@ def apply(mpls): operate_mpls_on_intfc(diactive_ifaces, 0) if os.path.exists(config_file): - os.system("sudo vtysh -d ldpd -f " + config_file) + run("sudo vtysh -d ldpd -f " + config_file) os.remove(config_file) return None diff --git a/src/conf_mode/protocols_pim.py b/src/conf_mode/protocols_pim.py index 7b360d62c..0e22d3a6b 100755 --- a/src/conf_mode/protocols_pim.py +++ b/src/conf_mode/protocols_pim.py @@ -23,6 +23,8 @@ from sys import exit from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run + config_file = r'/tmp/pimd.frr' @@ -130,7 +132,11 @@ def apply(pim): return None if os.path.exists(config_file): +<<<<<<< HEAD os.system("vtysh -d pimd -f " + config_file) +======= + run("sudo vtysh -d pimd -f " + config_file) +>>>>>>> util: T2226: covert most calls from os.system to util os.remove(config_file) return None diff --git a/src/conf_mode/salt-minion.py b/src/conf_mode/salt-minion.py index bc1767454..bd1d44bc8 100755 --- a/src/conf_mode/salt-minion.py +++ b/src/conf_mode/salt-minion.py @@ -26,6 +26,8 @@ from urllib3 import PoolManager from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run + config_file = r'/etc/salt/minion' @@ -124,10 +126,10 @@ def generate(salt): def apply(salt): if salt is not None: - os.system("sudo systemctl restart salt-minion") + run("sudo systemctl restart salt-minion") else: # Salt access is removed in the commit - os.system("sudo systemctl stop salt-minion") + run("sudo systemctl stop salt-minion") os.unlink(config_file) return None diff --git a/src/conf_mode/service-router-advert.py b/src/conf_mode/service-router-advert.py index 38c5cb2dc..0173b7242 100755 --- a/src/conf_mode/service-router-advert.py +++ b/src/conf_mode/service-router-advert.py @@ -23,6 +23,8 @@ from sys import exit from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run + config_file = r'/etc/radvd.conf' @@ -156,13 +158,13 @@ def generate(rtradv): def apply(rtradv): if not rtradv['interfaces']: # bail out early - looks like removal from running config - os.system('systemctl stop radvd.service') + run('systemctl stop radvd.service') if os.path.exists(config_file): os.unlink(config_file) return None - os.system('systemctl restart radvd.service') + run('systemctl restart radvd.service') return None if __name__ == '__main__': diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index ed8c1d7e1..414236c88 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -27,6 +27,8 @@ from vyos.defaults import directories as vyos_data_dir from vyos.validate import is_ipv4, is_addr_assigned from vyos.version import get_version_data from vyos import ConfigError +from vyos.util import run + config_file_client = r'/etc/snmp/snmp.conf' config_file_daemon = r'/etc/snmp/snmpd.conf' @@ -507,7 +509,7 @@ def generate(snmp): # # As we are manipulating the snmpd user database we have to stop it first! # This is even save if service is going to be removed - os.system("systemctl stop snmpd.service") + run('systemctl stop snmpd.service') config_files = [config_file_client, config_file_daemon, config_file_access, config_file_user] for file in config_files: @@ -552,7 +554,7 @@ def apply(snmp): return None # start SNMP daemon - os.system("systemctl restart snmpd.service") + run("systemctl restart snmpd.service") # Passwords are not available immediately in the configuration file, # after daemon startup - we wait until they have been processed by @@ -593,15 +595,15 @@ def apply(snmp): # Now update the running configuration # - # Currently when executing os.system() the environment does not + # Currently when executing run() the environment does not # have the vyos_libexec_dir variable set, see Phabricator T685. - os.system('/opt/vyatta/sbin/my_set service snmp v3 user "{0}" auth encrypted-key "{1}" > /dev/null'.format(cfg['user'], cfg['auth_pw'])) - os.system('/opt/vyatta/sbin/my_set service snmp v3 user "{0}" privacy encrypted-key "{1}" > /dev/null'.format(cfg['user'], cfg['priv_pw'])) - os.system('/opt/vyatta/sbin/my_delete service snmp v3 user "{0}" auth plaintext-key > /dev/null'.format(cfg['user'])) - os.system('/opt/vyatta/sbin/my_delete service snmp v3 user "{0}" privacy plaintext-key > /dev/null'.format(cfg['user'])) + run('/opt/vyatta/sbin/my_set service snmp v3 user "{0}" auth encrypted-key "{1}" > /dev/null'.format(cfg['user'], cfg['auth_pw'])) + run('/opt/vyatta/sbin/my_set service snmp v3 user "{0}" privacy encrypted-key "{1}" > /dev/null'.format(cfg['user'], cfg['priv_pw'])) + run('/opt/vyatta/sbin/my_delete service snmp v3 user "{0}" auth plaintext-key > /dev/null'.format(cfg['user'])) + run('/opt/vyatta/sbin/my_delete service snmp v3 user "{0}" privacy plaintext-key > /dev/null'.format(cfg['user'])) # Enable AgentX in FRR - os.system('vtysh -c "configure terminal" -c "agentx" >/dev/null') + run('vtysh -c "configure terminal" -c "agentx" >/dev/null') return None diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index 014045796..a85dcd7f2 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -21,6 +21,8 @@ from sys import exit from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run + config_file = r'/etc/ssh/sshd_config' @@ -131,10 +133,10 @@ def generate(ssh): def apply(ssh): if ssh is not None and 'port' in ssh.keys(): - os.system("sudo systemctl restart ssh.service") + run("sudo systemctl restart ssh.service") else: # SSH access is removed in the commit - os.system("sudo systemctl stop ssh.service") + run("sudo systemctl stop ssh.service") if os.path.isfile(config_file): os.unlink(config_file) diff --git a/src/conf_mode/system-ip.py b/src/conf_mode/system-ip.py index 335507411..66f563939 100755 --- a/src/conf_mode/system-ip.py +++ b/src/conf_mode/system-ip.py @@ -20,6 +20,8 @@ from sys import exit from copy import deepcopy from vyos.config import Config from vyos import ConfigError +from vyos.util import run + default_config_data = { 'arp_table': 8192, @@ -29,7 +31,7 @@ default_config_data = { } def sysctl(name, value): - os.system('sysctl -wq {}={}'.format(name, value)) + run('sysctl -wq {}={}'.format(name, value)) def get_config(): ip_opt = deepcopy(default_config_data) diff --git a/src/conf_mode/system-ipv6.py b/src/conf_mode/system-ipv6.py index bd28ec357..4e3de6fe9 100755 --- a/src/conf_mode/system-ipv6.py +++ b/src/conf_mode/system-ipv6.py @@ -21,6 +21,8 @@ from sys import exit from copy import deepcopy from vyos.config import Config from vyos import ConfigError +from vyos.util import run + ipv6_disable_file = '/etc/modprobe.d/vyos_disable_ipv6.conf' @@ -35,7 +37,7 @@ default_config_data = { } def sysctl(name, value): - os.system('sysctl -wq {}={}'.format(name, value)) + run('sysctl -wq {}={}'.format(name, value)) def get_config(): ip_opt = deepcopy(default_config_data) diff --git a/src/conf_mode/system-options.py b/src/conf_mode/system-options.py index a893e98b3..063a82463 100755 --- a/src/conf_mode/system-options.py +++ b/src/conf_mode/system-options.py @@ -20,6 +20,7 @@ from sys import exit from copy import deepcopy from vyos.config import Config from vyos import ConfigError +from vyos.util import run systemd_ctrl_alt_del = '/lib/systemd/system/ctrl-alt-del.target' @@ -51,9 +52,9 @@ def generate(opt): def apply(opt): # Beep action if opt['beep_if_fully_booted']: - os.system('systemctl enable vyos-beep.service >/dev/null 2>&1') + run('systemctl enable vyos-beep.service >/dev/null 2>&1') else: - os.system('systemctl disable vyos-beep.service >/dev/null 2>&1') + run('systemctl disable vyos-beep.service >/dev/null 2>&1') # Ctrl-Alt-Delete action if opt['ctrl_alt_del'] == 'ignore': diff --git a/src/conf_mode/system-timezone.py b/src/conf_mode/system-timezone.py index d715bd27e..2f8dc9e89 100755 --- a/src/conf_mode/system-timezone.py +++ b/src/conf_mode/system-timezone.py @@ -20,6 +20,8 @@ import os from copy import deepcopy from vyos.config import Config from vyos import ConfigError +from vyos.util import run + default_config_data = { 'name': 'UTC' @@ -40,9 +42,7 @@ def generate(tz): pass def apply(tz): - cmd = '/usr/bin/timedatectl set-timezone {}'.format(tz['name']) - os.system(cmd) - pass + run('/usr/bin/timedatectl set-timezone {}'.format(tz['name'])) if __name__ == '__main__': try: diff --git a/src/conf_mode/tftp_server.py b/src/conf_mode/tftp_server.py index fe2da8455..df8155084 100755 --- a/src/conf_mode/tftp_server.py +++ b/src/conf_mode/tftp_server.py @@ -27,6 +27,8 @@ from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos.validate import is_ipv4, is_addr_assigned from vyos import ConfigError +from vyos.util import run + config_file = r'/etc/default/tftpd' @@ -113,7 +115,7 @@ def generate(tftpd): def apply(tftpd): # stop all services first - then we will decide - os.system('systemctl stop tftpd@{0..20}') + run('systemctl stop tftpd@{0..20}') # bail out early - e.g. service deletion if tftpd is None: @@ -138,7 +140,7 @@ def apply(tftpd): idx = 0 for listen in tftpd['listen']: - os.system('systemctl restart tftpd@{0}.service'.format(idx)) + run('systemctl restart tftpd@{0}.service'.format(idx)) idx = idx + 1 return None -- cgit v1.2.3 From eaa28ee365310d17833602462b88a239a6924e57 Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 16:38:59 +0100 Subject: util: T2226: rewrite system host-name to use cmd Previously any failure to set the hostname would have been ignored. Part of the convertion, if the change fail, the commit will fail too. --- src/conf_mode/host_name.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/host_name.py b/src/conf_mode/host_name.py index 47cf232e9..690d1e030 100755 --- a/src/conf_mode/host_name.py +++ b/src/conf_mode/host_name.py @@ -25,7 +25,6 @@ import re import sys import copy import glob -import subprocess import argparse import jinja2 @@ -34,6 +33,7 @@ import vyos.hostsd_client from vyos.config import Config from vyos import ConfigError +from vyos.util import cmd, run default_config_data = { @@ -156,21 +156,22 @@ def apply(config): # rsyslog runs into a race condition at boot time with systemd # restart rsyslog only if the hostname changed. - hostname_old = subprocess.check_output(['hostnamectl', '--static']).decode().strip() - - os.system("hostnamectl set-hostname --static {0}".format(hostname_new)) + hostname_old = cmd('hostnamectl --static') + cmd(f'hostnamectl set-hostname --static {hostname_new}') # Restart services that use the hostname if hostname_new != hostname_old: - os.system("systemctl restart rsyslog.service") + run("systemctl restart rsyslog.service") # If SNMP is running, restart it too - if os.system("pgrep snmpd > /dev/null") == 0: - os.system("systemctl restart snmpd.service") + ret = run("pgrep snmpd > /dev/null") + if ret == 0: + run("systemctl restart snmpd.service") # restart pdns if it is used - if os.system("/usr/bin/rec_control ping >/dev/null 2>&1") == 0: - os.system("/etc/init.d/pdns-recursor restart >/dev/null") + ret = run('/usr/bin/rec_control ping >/dev/null 2>&1') + if ret == 0: + run('/etc/init.d/pdns-recursor restart >/dev/null') return None -- cgit v1.2.3 From c51b8f3e2fe1a8425fba2d3eb9c07049ef9b22bb Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 16:56:41 +0100 Subject: util: T2226: rewrite conf accel-ppp commands to use cmd --- src/conf_mode/accel_l2tp.py | 24 ++++++++------------ src/conf_mode/service-ipoe.py | 16 ++++--------- src/conf_mode/service-pppoe.py | 16 ++++--------- src/conf_mode/vpn-pptp.py | 17 ++++---------- src/conf_mode/vpn_sstp.py | 51 ++++++++++++++++++------------------------ 5 files changed, 43 insertions(+), 81 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/accel_l2tp.py b/src/conf_mode/accel_l2tp.py index 77e1ee874..4ca5a858a 100755 --- a/src/conf_mode/accel_l2tp.py +++ b/src/conf_mode/accel_l2tp.py @@ -17,7 +17,7 @@ import sys import os import re -import subprocess +import jinja2 import socket import time @@ -26,6 +26,8 @@ from jinja2 import FileSystemLoader, Environment from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run + pidfile = r'/var/run/accel_l2tp.pid' l2tp_cnf_dir = r'/etc/accel-ppp/l2tp' @@ -61,17 +63,10 @@ def chk_con(): break -def accel_cmd(cmd=''): - if not cmd: - return None - try: - ret = subprocess.check_output( - ['/usr/bin/accel-cmd', '-p', '2004', cmd]).decode().strip() - return ret - except: - return 1 +def _accel_cmd(command): + return run(f'/usr/bin/accel-cmd -p 2004 {command}') -### +### # inline helper functions end ### @@ -375,21 +370,20 @@ def generate(c): def apply(c): if c == None: if os.path.exists(pidfile): - accel_cmd('shutdown hard') + _accel_cmd('shutdown hard') if os.path.exists(pidfile): os.remove(pidfile) return None if not os.path.exists(pidfile): - ret = subprocess.call( - ['/usr/sbin/accel-pppd', '-c', l2tp_conf, '-p', pidfile, '-d']) + ret = run(f'/usr/sbin/accel-pppd -c {l2tp_conf} -p {pidfile} -d') chk_con() if ret != 0 and os.path.exists(pidfile): os.remove(pidfile) raise ConfigError('accel-pppd failed to start') else: # if gw ip changes, only restart doesn't work - accel_cmd('restart') + _accel_cmd('restart') if __name__ == '__main__': diff --git a/src/conf_mode/service-ipoe.py b/src/conf_mode/service-ipoe.py index dd9616a62..5bd4aea2e 100755 --- a/src/conf_mode/service-ipoe.py +++ b/src/conf_mode/service-ipoe.py @@ -16,7 +16,6 @@ import os import re -import subprocess from jinja2 import FileSystemLoader, Environment from socket import socket, AF_INET, SOCK_STREAM @@ -26,6 +25,7 @@ from time import sleep from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run ipoe_cnf_dir = r'/etc/accel-ppp/ipoe' ipoe_cnf = ipoe_cnf_dir + r'/ipoe.config' @@ -64,15 +64,8 @@ def _chk_con(): break -def _accel_cmd(cmd=''): - if not cmd: - return None - try: - ret = subprocess.check_output( - ['/usr/bin/accel-cmd', '-p', cmd_port, cmd]).decode().strip() - return ret - except: - return 1 +def _accel_cmd(command): + return run('/usr/bin/accel-cmd -p {cmd_port} {command}') ##### Inline functions end #### @@ -306,8 +299,7 @@ def apply(c): return None if not os.path.exists(pidfile): - ret = subprocess.call( - ['/usr/sbin/accel-pppd', '-c', ipoe_cnf, '-p', pidfile, '-d']) + ret = run(f'/usr/sbin/accel-pppd -c {ipoe_cnf} -p {pidfile} -d') _chk_con() if ret != 0 and os.path.exists(pidfile): os.remove(pidfile) diff --git a/src/conf_mode/service-pppoe.py b/src/conf_mode/service-pppoe.py index afcc5ba99..d3fc82406 100755 --- a/src/conf_mode/service-pppoe.py +++ b/src/conf_mode/service-pppoe.py @@ -16,7 +16,6 @@ import os import re -import subprocess from jinja2 import FileSystemLoader, Environment from socket import socket, AF_INET, SOCK_STREAM @@ -26,6 +25,7 @@ from time import sleep from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run pidfile = r'/var/run/accel_pppoe.pid' pppoe_cnf_dir = r'/etc/accel-ppp/pppoe' @@ -57,15 +57,8 @@ def _chk_con(): raise("failed to start pppoe server") -def _accel_cmd(cmd=''): - if not cmd: - return None - try: - ret = subprocess.check_output( - ['/usr/bin/accel-cmd', cmd]).decode().strip() - return ret - except: - return 1 +def _accel_cmd(command): + return run(f'/usr/bin/accel-cmd {command}') def get_config(): @@ -426,8 +419,7 @@ def apply(c): return None if not os.path.exists(pidfile): - ret = subprocess.call( - ['/usr/sbin/accel-pppd', '-c', pppoe_conf, '-p', pidfile, '-d']) + ret = run(f'/usr/sbin/accel-pppd -c {pppoe_conf} -p {pidfile} -d') _chk_con() if ret != 0 and os.path.exists(pidfile): os.remove(pidfile) diff --git a/src/conf_mode/vpn-pptp.py b/src/conf_mode/vpn-pptp.py index b1204a505..45b2c4b40 100755 --- a/src/conf_mode/vpn-pptp.py +++ b/src/conf_mode/vpn-pptp.py @@ -16,7 +16,6 @@ import os import re -import subprocess from jinja2 import FileSystemLoader, Environment from socket import socket, AF_INET, SOCK_STREAM @@ -26,6 +25,7 @@ from time import sleep from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run pidfile = r'/var/run/accel_pptp.pid' pptp_cnf_dir = r'/etc/accel-ppp/pptp' @@ -50,17 +50,9 @@ def _chk_con(): raise("failed to start pptp server") break -# chap_secrets file if auth mode local -def _accel_cmd(cmd=''): - if not cmd: - return None - try: - ret = subprocess.check_output( - ['/usr/bin/accel-cmd', '-p', '2003', cmd]).decode().strip() - return ret - except: - return 1 +def _accel_cmd(command): + return run('/usr/bin/accel-cmd -p 2003 {command}') ### # inline helper functions end @@ -256,8 +248,7 @@ def apply(c): return None if not os.path.exists(pidfile): - ret = subprocess.call( - ['/usr/sbin/accel-pppd', '-c', pptp_conf, '-p', pidfile, '-d']) + ret = run(f'/usr/sbin/accel-pppd -c {pptp_conf} -p {pidfile} -d') _chk_con() if ret != 0 and os.path.exists(pidfile): os.remove(pidfile) diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py index 66b1822df..d4fd0f4a3 100755 --- a/src/conf_mode/vpn_sstp.py +++ b/src/conf_mode/vpn_sstp.py @@ -18,16 +18,16 @@ import os from time import sleep from sys import exit -from subprocess import check_output from socket import socket, AF_INET, SOCK_STREAM from copy import deepcopy from stat import S_IRUSR, S_IWUSR, S_IRGRP from jinja2 import FileSystemLoader, Environment from vyos.config import Config +from vyos import ConfigError from vyos.defaults import directories as vyos_data_dir from vyos.util import process_running, subprocess_cmd -from vyos import ConfigError +from vyos.util import process_running, cmd, run pidfile = r'/var/run/accel_sstp.pid' sstp_cnf_dir = r'/etc/accel-ppp/sstp' @@ -53,16 +53,9 @@ def chk_con(): raise("failed to start sstp server") break -def accel_cmd(cmd): - if not cmd: - return None - - try: - ret = check_output(['/usr/bin/accel-cmd', '-p', '2005', cmd]) - return ret.decode().strip() - except: - return 1 +def _accel_cmd(command): + return run(f'/usr/bin/accel-cmd -p 2005 {command}') default_config_data = { 'local_users' : [], @@ -363,12 +356,12 @@ def generate(sstp): def apply(sstp): if sstp is None: if process_running(pidfile): - cmd = 'start-stop-daemon' - cmd += ' --stop ' - cmd += ' --quiet' - cmd += ' --oknodo' - cmd += ' --pidfile ' + pidfile - subprocess_cmd(cmd) + command = 'start-stop-daemon' + command += ' --stop ' + command += ' --quiet' + command += ' --oknodo' + command += ' --pidfile ' + pidfile + cmd(command) if os.path.exists(pidfile): os.remove(pidfile) @@ -379,23 +372,23 @@ def apply(sstp): if os.path.exists(pidfile): os.remove(pidfile) - cmd = 'start-stop-daemon' - cmd += ' --start ' - cmd += ' --quiet' - cmd += ' --oknodo' - cmd += ' --pidfile ' + pidfile - cmd += ' --exec /usr/sbin/accel-pppd' + command = 'start-stop-daemon' + command += ' --start ' + command += ' --quiet' + command += ' --oknodo' + command += ' --pidfile ' + pidfile + command += ' --exec /usr/sbin/accel-pppd' # now pass arguments to accel-pppd binary - cmd += ' --' - cmd += ' -c ' + sstp_conf - cmd += ' -p ' + pidfile - cmd += ' -d' - subprocess_cmd(cmd) + command += ' --' + command += ' -c ' + sstp_conf + command += ' -p ' + pidfile + command += ' -d' + cmd(command) chk_con() else: - accel_cmd('restart') + _accel_cmd('restart') if __name__ == '__main__': -- cgit v1.2.3 From 9ec2ebe444686fb4fd8d2a37bb1ef7c29eab65e4 Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 16:59:39 +0100 Subject: util: T2226: rewrite arp to use cmd --- src/conf_mode/arp.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/arp.py b/src/conf_mode/arp.py index aeca08432..3daa892d7 100755 --- a/src/conf_mode/arp.py +++ b/src/conf_mode/arp.py @@ -20,9 +20,9 @@ import sys import os import re import syslog as sl -import subprocess from vyos.config import Config +from vyos.util import run from vyos import ConfigError arp_cmd = '/usr/sbin/arp' @@ -82,11 +82,12 @@ def generate(c): def apply(c): for ip_addr in c['remove']: sl.syslog(sl.LOG_NOTICE, "arp -d " + ip_addr) - subprocess.call([arp_cmd + ' -d ' + ip_addr + ' >/dev/null 2>&1'], shell=True) + run(f'{arp_cmd} -d {ip_addr} >/dev/null 2>&1') for ip_addr in c['update']: sl.syslog(sl.LOG_NOTICE, "arp -s " + ip_addr + " " + c['update'][ip_addr]) - subprocess.call([arp_cmd + ' -s ' + ip_addr + ' ' + c['update'][ip_addr] ], shell=True) + updated = c['update'][ip_addr] + run(f'{arp_cmd} -s {ip_addr} {updated}') if __name__ == '__main__': -- cgit v1.2.3 From 7c56a3655f972898768b0cea5e579f451fe6e848 Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 17:02:14 +0100 Subject: util: T2226: rewrite flow accounting to use cmd The failure are now reported slightly differently using the cmd "raising" feature which will allow down the line to intercept the issue and present them better to the user --- src/conf_mode/flow_accounting_conf.py | 37 +++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 17 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py index b040c8b64..1008f3fae 100755 --- a/src/conf_mode/flow_accounting_conf.py +++ b/src/conf_mode/flow_accounting_conf.py @@ -16,7 +16,7 @@ import os import re -import subprocess +import ipaddress from ipaddress import ip_address from jinja2 import FileSystemLoader, Environment @@ -26,6 +26,8 @@ from vyos.ifconfig import Interface from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import cmd + # default values default_sflow_server_port = 6343 @@ -80,11 +82,7 @@ def _iptables_get_nflog(): for iptables_variant in ['iptables', 'ip6tables']: # run iptables, save output and split it by lines iptables_command = "sudo {0} -t {1} -S {2}".format(iptables_variant, iptables_nflog_table, iptables_nflog_chain) - process = subprocess.Popen(iptables_command, stdout=subprocess.PIPE, shell=True, universal_newlines=True) - stdout, stderr = process.communicate() - if not process.returncode == 0: - print("Failed to get flows list: command \"{}\" returned exit code: {}\nError: {}".format(command, process.returncode, stderr)) - exit(1) + cmd(iptables_command, universal_newlines=True, message='Failed to get flows list') iptables_out = stdout.splitlines() # parse each line and add information to list @@ -113,10 +111,17 @@ def _iptables_config(configured_ifaces): # compare current active list with configured one and delete excessive interfaces, add missed active_nflog_ifaces = [] for rule in active_nflog_rules: - if rule['interface'] not in configured_ifaces: - iptable_commands.append("sudo {0} -t {1} -D {2}".format(rule['iptables_variant'], rule['table'], rule['rule_definition'])) + iptables = rule['iptables_variant'] + interface = rule['interface'] + if interface not in configured_ifaces: + table = rule['table'] + rule = rule['rule_definition'] + iptable_commands.append(f'sudo {iptables} -t {table} -D {rule}') else: - active_nflog_ifaces.append({ 'iface': rule['interface'], 'iptables_variant': rule['iptables_variant'] }) + active_nflog_ifaces.append({ + 'iface': interface, + 'iptables_variant': iptables, + }) # do not create new rules for already configured interfaces for iface in active_nflog_ifaces: @@ -125,14 +130,14 @@ def _iptables_config(configured_ifaces): # create missed rules for iface_extended in configured_ifaces_extended: - rule_definition = "{0} -i {1} -m comment --comment FLOW_ACCOUNTING_RULE -j NFLOG --nflog-group 2 --nflog-size {2} --nflog-threshold 100".format(iptables_nflog_chain, iface_extended['iface'], default_captured_packet_size) - iptable_commands.append("sudo {0} -t {1} -I {2}".format(iface_extended['iptables_variant'], iptables_nflog_table, rule_definition)) + iface = iface_extended['iface'] + iptables = iface_extended['iptables_variant'] + rule_definition = f'{iptables_nflog_chain} -i {iface} -m comment --comment FLOW_ACCOUNTING_RULE -j NFLOG --nflog-group 2 --nflog-size {default_captured_packet_size} --nflog-threshold 100' + iptable_commands.append(f'sudo {iptables} -t {iptables_nflog_table} -I {rule_definition}') # change iptables for command in iptable_commands: - return_code = subprocess.call(command.split(' ')) - if not return_code == 0: - raise ConfigError("Failed to run command: {}\nExit code {}".format(command, return_code)) + cmd(command, raising=ConfigError) def get_config(): @@ -351,9 +356,7 @@ def apply(config): command = '/usr/bin/sudo /bin/systemctl restart uacctd' # run command to start or stop flow-accounting - return_code = subprocess.call(command.split(' ')) - if not return_code == 0: - raise ConfigError("Failed to start/stop flow-accounting: command {} returned exit code {}".format(command, return_code)) + cmd(command, raising=ConfigError, message='Failed to start/stop flow-accounting') # configure iptables rules for defined interfaces if config['interfaces']: -- cgit v1.2.3 From 9e920477511d6d6286767597e17d09bd66aae70b Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 17:08:35 +0100 Subject: util: T2226: rewrite http to use cmd --- src/conf_mode/http-api.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py index ffa68af55..91b8aa34b 100755 --- a/src/conf_mode/http-api.py +++ b/src/conf_mode/http-api.py @@ -96,11 +96,7 @@ def apply(http_api): run('sudo systemctl stop vyos-http-api.service') for dep in dependencies: - cmd = '{0}/{1}'.format(vyos_conf_scripts_dir, dep) - try: - subprocess.check_call(cmd, shell=True) - except subprocess.CalledProcessError as err: - raise ConfigError("{}.".format(err)) + cmd(f'{vyos_conf_scripts_dir}/{dep}', raising=ConfigError) if __name__ == '__main__': try: -- cgit v1.2.3 From dade749c3bc170e038ab676022e9ee8870753aa8 Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 17:12:50 +0100 Subject: util: T2226: rewrite qat to use run vyos.util --- src/conf_mode/intel_qat.py | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/intel_qat.py b/src/conf_mode/intel_qat.py index a1abd5e81..cc7d4a915 100755 --- a/src/conf_mode/intel_qat.py +++ b/src/conf_mode/intel_qat.py @@ -19,10 +19,10 @@ import sys import os import re -import subprocess from vyos.config import Config from vyos import ConfigError +from vyos.util import popen, run # Define for recovering gl_ipsec_conf = None @@ -49,13 +49,10 @@ def get_config(): # Control configured VPN service which can use QAT def vpn_control(action): + # XXX: Should these commands report failure if action == 'restore' and gl_ipsec_conf: - ret = subprocess.Popen(['sudo', 'ipsec', 'start'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) - (output, err) = ret.communicate() - return - - ret = subprocess.Popen(['sudo', 'ipsec', action], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) - (output, err) = ret.communicate() + return run('sudo ipsec start') + return run(f'sudo ipsec {action}') def verify(c): # Check if QAT service installed @@ -66,10 +63,9 @@ def verify(c): return # Check if QAT device exist - ret = subprocess.Popen(['sudo', 'lspci', '-nn'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) - (output, err) = ret.communicate() + output, err = popen('sudo lspci -nn', decode='utf-8') if not err: - data = re.findall('(8086:19e2)|(8086:37c8)|(8086:0435)|(8086:6f54)', output.decode("utf-8")) + data = re.findall('(8086:19e2)|(8086:37c8)|(8086:0435)|(8086:6f54)', output) #If QAT devices found if not data: print("\t No QAT acceleration device found") @@ -82,17 +78,13 @@ def apply(c): # Disable QAT service if c['qat_conf'] == None: - ret = subprocess.Popen(['sudo', '/etc/init.d/vyos-qat-utilities', 'stop'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) - (output, err) = ret.communicate() + run('sudo /etc/init.d/vyos-qat-utilities stop') if c['ipsec_conf']: vpn_control('start') - return # Run qat init.d script - ret = subprocess.Popen(['sudo', '/etc/init.d/vyos-qat-utilities', 'start'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) - (output, err) = ret.communicate() - + run('sudo /etc/init.d/vyos-qat-utilities start') if c['ipsec_conf']: # Recovery VPN service vpn_control('start') -- cgit v1.2.3 From d5cb5352a6dd82cdd7b1d20718c92afb1ff31f28 Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 17:19:51 +0100 Subject: util: T2226: rewrite openvpn to use cmd --- src/conf_mode/interfaces-openvpn.py | 38 +++++++++++++++++-------------------- 1 file changed, 17 insertions(+), 21 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index faaee9ac0..1fe1143cd 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -25,14 +25,13 @@ from grp import getgrnam from ipaddress import ip_address,ip_network,IPv4Interface from netifaces import interfaces from pwd import getpwnam -from subprocess import Popen, PIPE from time import sleep from shutil import rmtree from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos.ifconfig import VTunIf -from vyos.util import process_running +from vyos.util import process_running, cmd from vyos.validate import is_addr_assigned from vyos import ConfigError @@ -96,9 +95,6 @@ default_config_data = { 'gid': group, } -def subprocess_cmd(command): - p = Popen(command, stdout=PIPE, shell=True) - p.communicate() def get_config_name(intf): cfg_file = r'/opt/vyatta/etc/openvpn/openvpn-{}.conf'.format(intf) @@ -744,12 +740,12 @@ def apply(openvpn): # service as the configuration is not re-read. Stop daemon only if it's # running - it could have died or killed by someone evil if process_running(pidfile): - cmd = 'start-stop-daemon' - cmd += ' --stop ' - cmd += ' --quiet' - cmd += ' --oknodo' - cmd += ' --pidfile ' + pidfile - subprocess_cmd(cmd) + command = 'start-stop-daemon' + command += ' --stop ' + command += ' --quiet' + command += ' --oknodo' + command += ' --pidfile ' + pidfile + cmd(command) # cleanup old PID file if os.path.isfile(pidfile): @@ -780,19 +776,19 @@ def apply(openvpn): # No matching OpenVPN process running - maybe it got killed or none # existed - nevertheless, spawn new OpenVPN process - cmd = 'start-stop-daemon' - cmd += ' --start ' - cmd += ' --quiet' - cmd += ' --oknodo' - cmd += ' --pidfile ' + pidfile - cmd += ' --exec /usr/sbin/openvpn' + command = 'start-stop-daemon' + command += ' --start ' + command += ' --quiet' + command += ' --oknodo' + command += ' --pidfile ' + pidfile + command += ' --exec /usr/sbin/openvpn' # now pass arguments to openvpn binary - cmd += ' --' - cmd += ' --daemon openvpn-' + openvpn['intf'] - cmd += ' --config ' + get_config_name(openvpn['intf']) + command += ' --' + command += ' --daemon openvpn-' + openvpn['intf'] + command += ' --config ' + get_config_name(openvpn['intf']) # execute assembled command - subprocess_cmd(cmd) + cmd(command) # better late then sorry ... but we can only set interface alias after # OpenVPN has been launched and created the interface -- cgit v1.2.3 From 1aac8325237b78980721e5f44ab2b9ad81ab7055 Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 17:20:26 +0100 Subject: util: T2226: rewrite pppoe to use cmd --- src/conf_mode/interfaces-pppoe.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/interfaces-pppoe.py b/src/conf_mode/interfaces-pppoe.py index a396af4ea..407547175 100755 --- a/src/conf_mode/interfaces-pppoe.py +++ b/src/conf_mode/interfaces-pppoe.py @@ -24,7 +24,7 @@ from netifaces import interfaces from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos.ifconfig import Interface -from vyos.util import chown_file, chmod_x, subprocess_cmd +from vyos.util import chown_file, chmod_x, cmd from vyos import ConfigError default_config_data = { @@ -182,8 +182,7 @@ def generate(pppoe): os.mkdir(dirname) # Always hang-up PPPoE connection prior generating new configuration file - cmd = f'systemctl stop ppp@{intf}.service' - subprocess_cmd(cmd) + cmd(f'systemctl stop ppp@{intf}.service') if pppoe['deleted']: # Delete PPP configuration files @@ -238,8 +237,7 @@ def apply(pppoe): if not pppoe['disable']: # "dial" PPPoE connection intf = pppoe['intf'] - cmd = f'systemctl start ppp@{intf}.service' - subprocess_cmd(cmd) + cmd(f'systemctl start ppp@{intf}.service') # make logfile owned by root / vyattacfg chown_file(pppoe['logfile'], 'root', 'vyattacfg') -- cgit v1.2.3 From 88ea32297b9b2634a380d667a2edeef3dd59cdff Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 17:21:27 +0100 Subject: util: T2226: rewrite wireguard to use cmd --- src/conf_mode/interfaces-wireguard.py | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 5c0c07dc4..4fa0dd8c0 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -17,7 +17,6 @@ import sys import os import re -import subprocess from copy import deepcopy from netifaces import interfaces @@ -25,27 +24,26 @@ from netifaces import interfaces from vyos import ConfigError from vyos.config import Config from vyos.configdict import list_diff +from vyos.util import run from vyos.ifconfig import WireGuardIf kdir = r'/config/auth/wireguard' def _check_kmod(): if not os.path.exists('/sys/module/wireguard'): - if os.system('modprobe wireguard') != 0: + if run('modprobe wireguard') != 0: raise ConfigError("modprobe wireguard failed") def _migrate_default_keys(): - if os.path.exists('{}/private.key'.format(kdir)) and not os.path.exists('{}/default/private.key'.format(kdir)): + if os.path.exists(f'{kdir}/private.key') and not os.path.exists(f'{kdir}/default/private.key'): old_umask = os.umask(0o027) - location = '{}/default'.format(kdir) - subprocess.call(['sudo mkdir -p ' + location], shell=True) - subprocess.call(['sudo chgrp vyattacfg ' + location], shell=True) - subprocess.call(['sudo chmod 750 ' + location], shell=True) - os.rename('{}/private.key'.format(kdir), - '{}/private.key'.format(location)) - os.rename('{}/public.key'.format(kdir), - '{}/public.key'.format(location)) + location = f'{kdir}/default' + run(f'sudo mkdir -p {location}') + run(f'sudo chgrp vyattacfg {location}') + run(f'sudo chmod 750 {location}') + os.rename(f'{kdir}/private.key', f'{location}/private.key') + os.rename(f'{kdir}/public.key', f'{location}/public.key') os.umask(old_umask) @@ -208,8 +206,8 @@ def apply(c): if re.search("DEVTYPE=wireguard", buf, re.I | re.M): wg_intf = re.sub("INTERFACE=", "", re.search( "INTERFACE=.*", buf, re.I | re.M).group(0)) - subprocess.call( - ['ip l d dev ' + wg_intf + ' >/dev/null'], shell=True) + # XXX: we are ignoring any errors here + run(f'ip l d dev {wg_intf} >/dev/null') return None # init wg class -- cgit v1.2.3 From 07401961dd6b391e1a8ee8123d30940811210bfa Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 17:22:36 +0100 Subject: util: T2226: rewrite wireless to use run (should be cmd) cmd is not used as with not wireless adaptor wireless testing fails --- src/conf_mode/interfaces-wireless.py | 77 +++++++++++++++++------------------- 1 file changed, 37 insertions(+), 40 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index da8470f7e..188d0ee22 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -21,7 +21,6 @@ from re import findall from copy import deepcopy from jinja2 import FileSystemLoader, Environment -from subprocess import Popen, PIPE from netifaces import interfaces from netaddr import EUI, mac_unix_expanded @@ -30,7 +29,7 @@ from vyos.configdict import list_diff, vlan_to_dict from vyos.defaults import directories as vyos_data_dir from vyos.ifconfig import WiFiIf from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config -from vyos.util import process_running, chmod_x, chown_file +from vyos.util import process_running, chmod_x, chown_file, run from vyos import ConfigError user = 'root' @@ -152,9 +151,6 @@ def get_wpa_suppl_config_name(intf): cfg_file = cfg_dir + r'/{}.cfg'.format(intf) return cfg_file -def subprocess_cmd(command): - p = Popen(command, stdout=PIPE, shell=True) - p.communicate() def get_config(): wifi = deepcopy(default_config_data) @@ -631,22 +627,22 @@ def generate(wifi): # always stop hostapd service first before reconfiguring it pidfile = get_pid('hostapd', wifi['intf']) if process_running(pidfile): - cmd = 'start-stop-daemon' - cmd += ' --stop ' - cmd += ' --quiet' - cmd += ' --oknodo' - cmd += ' --pidfile ' + pidfile - subprocess_cmd(cmd) + command = 'start-stop-daemon' + command += ' --stop ' + command += ' --quiet' + command += ' --oknodo' + command += ' --pidfile ' + pidfile + run(command) # always stop wpa_supplicant service first before reconfiguring it pidfile = get_pid('wpa_supplicant', wifi['intf']) if process_running(pidfile): - cmd = 'start-stop-daemon' - cmd += ' --stop ' - cmd += ' --quiet' - cmd += ' --oknodo' - cmd += ' --pidfile ' + pidfile - subprocess_cmd(cmd) + command = 'start-stop-daemon' + command += ' --stop ' + command += ' --quiet' + command += ' --oknodo' + command += ' --pidfile ' + pidfile + run(command) # Delete config files if interface is removed if wifi['deleted']: @@ -807,37 +803,38 @@ def apply(wifi): # Physical interface is now configured. Proceed by starting hostapd or # wpa_supplicant daemon. When type is monitor we can just skip this. if wifi['op_mode'] == 'ap': - cmd = 'start-stop-daemon' - cmd += ' --start ' - cmd += ' --quiet' - cmd += ' --oknodo' - cmd += ' --pidfile ' + get_pid('hostapd', wifi['intf']) - cmd += ' --exec /usr/sbin/hostapd' + command = 'start-stop-daemon' + command += ' --start ' + command += ' --quiet' + command += ' --oknodo' + command += ' --pidfile ' + get_pid('hostapd', wifi['intf']) + command += ' --exec /usr/sbin/hostapd' # now pass arguments to hostapd binary - cmd += ' -- ' - cmd += ' -B' - cmd += ' -P ' + get_pid('hostapd', wifi['intf']) - cmd += ' ' + get_conf_file('hostapd', wifi['intf']) + command += ' -- ' + command += ' -B' + command += ' -P ' + get_pid('hostapd', wifi['intf']) + command += ' ' + get_conf_file('hostapd', wifi['intf']) # execute assembled command - subprocess_cmd(cmd) + run(command) elif wifi['op_mode'] == 'station': - cmd = 'start-stop-daemon' - cmd += ' --start ' - cmd += ' --quiet' - cmd += ' --oknodo' - cmd += ' --pidfile ' + get_pid('hostapd', wifi['intf']) - cmd += ' --exec /sbin/wpa_supplicant' + command = 'start-stop-daemon' + command += ' --start ' + command += ' --quiet' + command += ' --oknodo' + command += ' --pidfile ' + get_pid('hostapd', wifi['intf']) + command += ' --exec /sbin/wpa_supplicant' # now pass arguments to hostapd binary - cmd += ' -- ' - cmd += ' -s -B -D nl80211' - cmd += ' -P ' + get_pid('wpa_supplicant', wifi['intf']) - cmd += ' -i ' + wifi['intf'] - cmd += ' -c ' + get_conf_file('wpa_supplicant', wifi['intf']) + command += ' -- ' + command += ' -s -B -D nl80211' + command += ' -P ' + get_pid('wpa_supplicant', wifi['intf']) + command += ' -i ' + wifi['intf'] + command += ' -c ' + \ + get_conf_file('wpa_supplicant', wifi['intf']) # execute assembled command - subprocess_cmd(cmd) + run(command) return None -- cgit v1.2.3 From 928a136b0978411b551a5ae13232dac785daf53f Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 17:23:03 +0100 Subject: util: T2226: rewrite wirelessmodem to use cmd --- src/conf_mode/interfaces-wirelessmodem.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/interfaces-wirelessmodem.py b/src/conf_mode/interfaces-wirelessmodem.py index 4df459768..5e10cfce7 100755 --- a/src/conf_mode/interfaces-wirelessmodem.py +++ b/src/conf_mode/interfaces-wirelessmodem.py @@ -156,8 +156,7 @@ def generate(wwan): os.mkdir(dirname) # Always hang-up WWAN connection prior generating new configuration file - cmd = f'systemctl stop ppp@{intf}.service' - subprocess_cmd(cmd) + cmd(f'systemctl stop ppp@{intf}.service') if wwan['deleted']: # Delete PPP configuration files @@ -211,9 +210,7 @@ def apply(wwan): if not wwan['disable']: # "dial" WWAN connection intf = wwan['intf'] - cmd = f'systemctl start ppp@{intf}.service' - subprocess_cmd(cmd) - + cmd(f'systemctl start ppp@{intf}.service') # make logfile owned by root / vyattacfg chown_file(wwan['logfile'], 'root', 'vyattacfg') -- cgit v1.2.3 From 35183754914db6e5a783734c6d655a66a6168988 Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 17:30:28 +0100 Subject: util: T2226: rewrite certbot to use cmd --- src/conf_mode/le_cert.py | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/le_cert.py b/src/conf_mode/le_cert.py index c0df77710..a4dbecbaa 100755 --- a/src/conf_mode/le_cert.py +++ b/src/conf_mode/le_cert.py @@ -18,7 +18,6 @@ import sys import os -import subprocess import vyos.defaults from vyos.config import Config @@ -47,9 +46,9 @@ def request_certbot(cert): certbot_cmd = 'certbot certonly -n --nginx --agree-tos --no-eff-email --expand {0} {1}'.format(email_flag, domain_flag) - completed = subprocess.run(certbot_cmd, shell=True) - - return completed.returncode + cmd(certbot_cmd, + raising=ConfigError, + message="The certbot request failed for the specified domains.") def get_config(): conf = Config() @@ -90,24 +89,17 @@ def generate(cert): if ret: run('sudo systemctl start nginx.service') - ret = request_certbot(cert) - if ret: - raise ConfigError("The certbot request failed for the" - " specified domains.") + request_certbot(cert) def apply(cert): if cert is not None: - os.system('sudo systemctl restart certbot.timer') + run('sudo systemctl restart certbot.timer') else: - os.system('sudo systemctl stop certbot.timer') + run('sudo systemctl stop certbot.timer') return None for dep in dependencies: - cmd = '{0}/{1}'.format(vyos_conf_scripts_dir, dep) - try: - subprocess.check_call(cmd, shell=True) - except subprocess.CalledProcessError as err: - raise ConfigError(str(err)) + cmd(f'{vyos_conf_scripts_dir}/{dep}', raising=ConfigError) if __name__ == '__main__': try: -- cgit v1.2.3 From 7a13deeb0c7eee6691c831f354c6661a53f7bfe3 Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 17:32:35 +0100 Subject: util: T2226: rewrite certbot to use cmd Previously failures of mkpasswd would not be reported to users --- src/conf_mode/system-login.py | 45 ++++++++++++++++++++----------------------- 1 file changed, 21 insertions(+), 24 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 7acb0a9a2..7c99fce39 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -20,13 +20,13 @@ from jinja2 import FileSystemLoader, Environment from psutil import users from pwd import getpwall, getpwnam from stat import S_IRUSR, S_IWUSR, S_IRWXU, S_IRGRP, S_IXGRP -from subprocess import Popen, PIPE, STDOUT from sys import exit from vyos.config import Config from vyos.configdict import list_diff from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import cmd, run radius_config_file = "/etc/pam_radius_auth.conf" @@ -52,10 +52,7 @@ def get_local_users(): def get_crypt_pw(password): - command = '/usr/bin/mkpasswd --method=sha-512 {}'.format(password) - p = Popen(command, stdout=PIPE, stderr=STDOUT, shell=True) - tmp = p.communicate()[0].strip() - return tmp.decode() + return cmd(f'/usr/bin/mkpasswd --method=sha-512 {password}') def get_config(): @@ -210,8 +207,8 @@ def generate(login): # remove old plaintext password # and set new encrypted password - os.system("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication plaintext-password '' >/dev/null".format(user['name'])) - os.system("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication encrypted-password '{}' >/dev/null".format(user['name'], user['password_encrypted'])) + run("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication plaintext-password '' >/dev/null".format(user['name'])) + run("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication encrypted-password '{}' >/dev/null".format(user['name'], user['password_encrypted'])) if len(login['radius_server']) > 0: # Prepare Jinja2 template loader from files @@ -238,27 +235,27 @@ def apply(login): for user in login['add_users']: # make new user using vyatta shell and make home directory (-m), # default group of 100 (users) - cmd = "useradd -m -N" + command = "useradd -m -N" # check if user already exists: if user['name'] in get_local_users(): # update existing account - cmd = "usermod" + command = "usermod" # we need to use '' quotes when passing formatted data to the shell # else it will not work as some data parts are lost in translation - cmd += " -p '{}'".format(user['password_encrypted']) - cmd += " -s /bin/vbash" + command += " -p '{}'".format(user['password_encrypted']) + command += " -s /bin/vbash" if user['full_name']: - cmd += " -c '{}'".format(user['full_name']) + command += " -c '{}'".format(user['full_name']) if user['home_dir']: - cmd += " -d '{}'".format(user['home_dir']) + command += " -d '{}'".format(user['home_dir']) - cmd += " -G frrvty,vyattacfg,sudo,adm,dip,disk" - cmd += " {}".format(user['name']) + command += " -G frrvty,vyattacfg,sudo,adm,dip,disk" + command += " {}".format(user['name']) try: - os.system(cmd) + run(command) uid = getpwnam(user['name']).pw_uid gid = getpwnam(user['name']).pw_gid @@ -298,10 +295,10 @@ def apply(login): # Logout user if he is logged in if user in list(set([tmp[0] for tmp in users()])): print('{} is logged in, forcing logout'.format(user)) - os.system('pkill -HUP -u {}'.format(user)) + run('pkill -HUP -u {}'.format(user)) # Remove user account but leave home directory to be safe - os.system('userdel -r {} 2>/dev/null'.format(user)) + run('userdel -r {} 2>/dev/null'.format(user)) except Exception as e: raise ConfigError('Deleting user "{}" raised an exception: {}'.format(user, e)) @@ -312,10 +309,10 @@ def apply(login): if len(login['radius_server']) > 0: try: # Enable RADIUS in PAM - os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --enable radius") + run("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --enable radius") # Make NSS system aware of RADIUS, too - cmd = "sed -i -e \'/\smapname/b\' \ + command = "sed -i -e \'/\smapname/b\' \ -e \'/^passwd:/s/\s\s*/&mapuid /\' \ -e \'/^passwd:.*#/s/#.*/mapname &/\' \ -e \'/^passwd:[^#]*$/s/$/ mapname &/\' \ @@ -323,7 +320,7 @@ def apply(login): -e \'/^group:[^#]*$/s/: */&mapname /\' \ /etc/nsswitch.conf" - os.system(cmd) + run(command) except Exception as e: raise ConfigError('RADIUS configuration failed: {}'.format(e)) @@ -331,15 +328,15 @@ def apply(login): else: try: # Disable RADIUS in PAM - os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --remove radius") + run("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --remove radius") - cmd = "sed -i -e \'/^passwd:.*mapuid[ \t]/s/mapuid[ \t]//\' \ + command = "sed -i -e \'/^passwd:.*mapuid[ \t]/s/mapuid[ \t]//\' \ -e \'/^passwd:.*[ \t]mapname/s/[ \t]mapname//\' \ -e \'/^group:.*[ \t]mapname/s/[ \t]mapname//\' \ -e \'s/[ \t]*$//\' \ /etc/nsswitch.conf" - os.system(cmd) + run(command) except Exception as e: raise ConfigError('Removing RADIUS configuration failed'.format(e)) -- cgit v1.2.3 From 1c85a72fc338dab5266cff6faffd12f1505512c9 Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 17:34:33 +0100 Subject: util: T2226: rewrite syslog to use run --- src/conf_mode/system-syslog.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py index 8c0a6629c..915a631ec 100755 --- a/src/conf_mode/system-syslog.py +++ b/src/conf_mode/system-syslog.py @@ -24,6 +24,7 @@ from vyos.config import Config from vyos.defaults import directories as vyos_data_dir from vyos.util import subprocess_cmd from vyos import ConfigError +from vyos.util import run def get_config(): c = Config() @@ -253,10 +254,8 @@ def verify(c): def apply(c): if not c: - subprocess_cmd('systemctl stop syslog') - return None - - subprocess_cmd('systemctl restart syslog') + return run('systemctl stop syslog') + return run('systemctl restart syslog') if __name__ == '__main__': try: -- cgit v1.2.3 From 1f144f7d9a0a3f1cb6010632a5b3625435a17550 Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 17:35:20 +0100 Subject: util: T2226: rewrite vrrp to use run --- src/conf_mode/vrrp.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/vrrp.py b/src/conf_mode/vrrp.py index 8683faca7..d3e3710d1 100755 --- a/src/conf_mode/vrrp.py +++ b/src/conf_mode/vrrp.py @@ -15,7 +15,6 @@ # along with this program. If not, see . import os -import subprocess from sys import exit from ipaddress import ip_address, ip_interface, IPv4Interface, IPv6Interface, IPv4Address, IPv6Address @@ -28,6 +27,7 @@ import vyos.keepalived from vyos.defaults import directories as vyos_data_dir from vyos import ConfigError +from vyos.util import run daemon_file = "/etc/default/keepalived" config_file = "/etc/keepalived/keepalived.conf" @@ -242,17 +242,17 @@ def apply(data): if not vyos.keepalived.vrrp_running(): print("Starting the VRRP process") - ret = subprocess.call("sudo systemctl restart keepalived.service", shell=True) + ret = run("sudo systemctl restart keepalived.service") else: print("Reloading the VRRP process") - ret = subprocess.call("sudo systemctl reload keepalived.service", shell=True) + ret = run("sudo systemctl reload keepalived.service") if ret != 0: raise ConfigError("keepalived failed to start") else: # VRRP is removed in the commit print("Stopping the VRRP process") - subprocess.call("sudo systemctl stop keepalived.service", shell=True) + run("sudo systemctl stop keepalived.service") os.unlink(config_file) return None -- cgit v1.2.3 From 50586708c8088ea0eb543302707c9a0fb50acaa9 Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 17:41:31 +0100 Subject: util: T2226: rewrite cert to use cmd --- src/conf_mode/vyos_cert.py | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/vyos_cert.py b/src/conf_mode/vyos_cert.py index 4a44573ca..8b8953cb7 100755 --- a/src/conf_mode/vyos_cert.py +++ b/src/conf_mode/vyos_cert.py @@ -18,7 +18,6 @@ import sys import os -import subprocess import tempfile import pathlib import ssl @@ -26,6 +25,7 @@ import ssl import vyos.defaults from vyos.config import Config from vyos import ConfigError +from vyos.util import cmd vyos_conf_scripts_dir = vyos.defaults.directories['conf_mode'] @@ -49,16 +49,16 @@ def status_self_signed(cert_data): # check if certificate is 1/2 past lifetime, with openssl -checkend end_days = int(cert_data['lifetime']) end_seconds = int(0.5*60*60*24*end_days) - checkend_cmd = ('openssl x509 -checkend {end} -noout -in {crt}' - ''.format(end=end_seconds, **cert_data)) + checkend_cmd = 'openssl x509 -checkend {end} -noout -in {crt}'.format(end=end_seconds, **cert_data) try: - subprocess.check_call(checkend_cmd, shell=True) + cmd(checkend_cmd, message='Called process error') return True - except subprocess.CalledProcessError as err: - if err.returncode == 1: + except OSError as err: + if err.errno == 1: return False - else: - print("Called process error: {}.".format(err)) + print(err) + # XXX: This seems wrong to continue on failure + # implicitely returning None def generate_self_signed(cert_data): san_config = None @@ -86,9 +86,10 @@ def generate_self_signed(cert_data): ''.format(**cert_data)) try: - subprocess.check_call(openssl_req_cmd, shell=True) - except subprocess.CalledProcessError as err: - print("Called process error: {}.".format(err)) + cmd(openssl_req_cmd, message='Called process error') + except OSError as err: + print(err) + # XXX: seems wrong to ignore the failure os.chmod('{key}'.format(**cert_data), 0o400) @@ -126,11 +127,8 @@ def generate(vyos_cert): def apply(vyos_cert): for dep in dependencies: - cmd = '{0}/{1}'.format(vyos_conf_scripts_dir, dep) - try: - subprocess.check_call(cmd, shell=True) - except subprocess.CalledProcessError as err: - raise ConfigError("{}.".format(err)) + command = '{0}/{1}'.format(vyos_conf_scripts_dir, dep) + cmd(command, raising=ConfigError) if __name__ == '__main__': try: -- cgit v1.2.3 From 8a93f664238101a38dec02c73a1615bfcea09f2a Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 22:09:34 +0100 Subject: util: T2206: rewrite vrf to cmd --- src/conf_mode/vrf.py | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index 8cf4b72ae..07466f3aa 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -20,13 +20,12 @@ from sys import exit from copy import deepcopy from jinja2 import FileSystemLoader, Environment from json import loads -from subprocess import check_output, CalledProcessError from vyos.config import Config from vyos.configdict import list_diff from vyos.defaults import directories as vyos_data_dir from vyos.ifconfig import Interface -from vyos.util import read_file +from vyos.util import read_file, cmd from vyos import ConfigError config_file = r'/etc/iproute2/rt_tables.d/vyos-vrf.conf' @@ -40,14 +39,11 @@ default_config_data = { } def _cmd(command): - try: - check_output(command.split()) - except CalledProcessError as e: - raise ConfigError(f'Error changing VRF: {e}') + cmd(command, raising=ConfigError, message='Error changing VRF') def list_rules(): command = 'ip -j -4 rule show' - answer = loads(check_output(command.split()).decode()) + answer = loads(cmd(command)) return [_ for _ in answer if _] def vrf_interfaces(c, match): -- cgit v1.2.3 From 7256810914e6664bf92041dcd7c3daf649ce0001 Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sun, 5 Apr 2020 23:08:09 +0100 Subject: util: T2226: remove all references to subprocess_cmd --- python/vyos/util.py | 8 -------- src/conf_mode/system-syslog.py | 1 - src/conf_mode/vpn_sstp.py | 2 +- 3 files changed, 1 insertion(+), 10 deletions(-) (limited to 'src/conf_mode') diff --git a/python/vyos/util.py b/python/vyos/util.py index e0030d1bd..fa2b4dd99 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -89,14 +89,6 @@ def cmd(command, section='', shell=None, input=None, timeout=None, env=None, uni return decoded -# This is now deprecated -def subprocess_cmd(command): - """ execute arbitrary command via Popen """ - from subprocess import Popen, PIPE - p = Popen(command, stdout=PIPE, shell=True) - p.communicate() - - # file manipulation diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py index 915a631ec..25b9b5bed 100755 --- a/src/conf_mode/system-syslog.py +++ b/src/conf_mode/system-syslog.py @@ -22,7 +22,6 @@ from sys import exit from vyos.config import Config from vyos.defaults import directories as vyos_data_dir -from vyos.util import subprocess_cmd from vyos import ConfigError from vyos.util import run diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py index d4fd0f4a3..ca0844c50 100755 --- a/src/conf_mode/vpn_sstp.py +++ b/src/conf_mode/vpn_sstp.py @@ -26,7 +26,7 @@ from jinja2 import FileSystemLoader, Environment from vyos.config import Config from vyos import ConfigError from vyos.defaults import directories as vyos_data_dir -from vyos.util import process_running, subprocess_cmd +from vyos.util import process_running from vyos.util import process_running, cmd, run pidfile = r'/var/run/accel_sstp.pid' -- cgit v1.2.3