From 7a79dd77fa11fac4030e66057dde2d51f063b934 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Tue, 5 Sep 2023 10:52:41 +0000
Subject: T5480: Ability to disable SNMP for keepalived service VRRP

By default we enable `--snmp` for keepalived unit service
Add ability to disable it

set high-availability vrrp disable-snmp

(cherry picked from commit 5ae730a52de2f284e45cd433bb0cf66c8508f2f7)
---
 src/conf_mode/high-availability.py | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'src/conf_mode')

diff --git a/src/conf_mode/high-availability.py b/src/conf_mode/high-availability.py
index 0121df11c..e24670417 100755
--- a/src/conf_mode/high-availability.py
+++ b/src/conf_mode/high-availability.py
@@ -15,6 +15,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 
+import os
 import time
 
 from sys import exit
@@ -24,6 +25,7 @@ from ipaddress import IPv6Interface
 
 from vyos.base import Warning
 from vyos.config import Config
+from vyos.configdict import leaf_node_changed
 from vyos.ifconfig.vrrp import VRRP
 from vyos.template import render
 from vyos.template import is_ipv4
@@ -35,6 +37,9 @@ from vyos import airbag
 airbag.enable()
 
 
+systemd_override = r'/run/systemd/system/keepalived.service.d/10-override.conf'
+
+
 def get_config(config=None):
     if config:
         conf = config
@@ -54,6 +59,9 @@ def get_config(config=None):
     if conf.exists(conntrack_path):
         ha['conntrack_sync_group'] = conf.return_value(conntrack_path)
 
+    if leaf_node_changed(conf, base + ['vrrp', 'disable-snmp']):
+        ha.update({'restart_required': {}})
+
     return ha
 
 def verify(ha):
@@ -164,13 +172,17 @@ def verify(ha):
 
 def generate(ha):
     if not ha or 'disable' in ha:
+        if os.path.isfile(systemd_override):
+            os.unlink(systemd_override)
         return None
 
     render(VRRP.location['config'], 'high-availability/keepalived.conf.j2', ha)
+    render(systemd_override, 'high-availability/10-override.conf.j2', ha)
     return None
 
 def apply(ha):
     service_name = 'keepalived.service'
+    call('systemctl daemon-reload')
     if not ha or 'disable' in ha:
         call(f'systemctl stop {service_name}')
         return None
@@ -187,7 +199,11 @@ def apply(ha):
                     if is_ipv6_tentative(interface, ipv6_address):
                         time.sleep(interval)
 
-    call(f'systemctl reload-or-restart {service_name}')
+    systemd_action = 'reload-or-restart'
+    if 'restart_required' in ha:
+        systemd_action = 'restart'
+
+    call(f'systemctl {systemd_action} {service_name}')
     return None
 
 if __name__ == '__main__':
-- 
cgit v1.2.3