From e59da2923cbbb21258cc9769b6a152d6af78abe6 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Thu, 18 Jun 2020 23:04:46 +0200
Subject: console-server: T2490: add SSH support

A user can define a port under the SSH node per device. WHen connecting to that
port and authenticating using regular credentials we will immediately drop to
the serial console. This is the same as executing "connect serial-proxy <name>".
---
 src/systemd/dropbear@.service | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 src/systemd/dropbear@.service

(limited to 'src/systemd/dropbear@.service')

diff --git a/src/systemd/dropbear@.service b/src/systemd/dropbear@.service
new file mode 100644
index 000000000..a4df6ad41
--- /dev/null
+++ b/src/systemd/dropbear@.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Dropbear SSH per-connection server
+Requires=dropbearkey.service
+Wants=conserver-server.service
+After=mongodb.service
+After=dropbearkey.service vyos-router.service conserver-server.service
+
+[Service]
+Type=forking
+ExecStartPre=/usr/bin/bash -c '/usr/bin/systemctl set-environment PORT=$(cli-shell-api returnValue service serial-proxy device "%I" ssh port)'
+ExecStart=-/usr/sbin/dropbear -w -j -k -r /etc/dropbear/dropbear_rsa_host_key -c "/usr/bin/console %I" -P /run/conserver/dropbear.%I.pid -p ${PORT}
+PIDFile=/run/conserver/dropbear.%I.pid
+KillMode=process
+
-- 
cgit v1.2.3


From b509bbf0c0bf33f39e67f0aa8df481ef15d6bae9 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Thu, 18 Jun 2020 23:09:58 +0200
Subject: console-server: T2490: rename CLI to console-server

---
 data/templates/conserver/conserver.conf.tmpl       |   2 +-
 .../service_console-server.xml.in                  |  90 +++++++++++++++++
 interface-definitions/service_serial-proxy.xml.in  |  90 -----------------
 op-mode-definitions/connect-disconnect.xml         |   6 +-
 src/conf_mode/service_console-server.py            | 108 +++++++++++++++++++++
 src/conf_mode/service_serial-proxy.py              | 108 ---------------------
 src/systemd/dropbear@.service                      |   2 +-
 7 files changed, 203 insertions(+), 203 deletions(-)
 create mode 100644 interface-definitions/service_console-server.xml.in
 delete mode 100644 interface-definitions/service_serial-proxy.xml.in
 create mode 100755 src/conf_mode/service_console-server.py
 delete mode 100755 src/conf_mode/service_serial-proxy.py

(limited to 'src/systemd/dropbear@.service')

diff --git a/data/templates/conserver/conserver.conf.tmpl b/data/templates/conserver/conserver.conf.tmpl
index 329a9b4ae..5fffaf31e 100644
--- a/data/templates/conserver/conserver.conf.tmpl
+++ b/data/templates/conserver/conserver.conf.tmpl
@@ -1,4 +1,4 @@
-### Autogenerated by service_serial-proxy.py ###
+### Autogenerated by service_console-server.py ###
 
 # See https://www.conserver.com/docs/conserver.cf.man.html for additional options
 
diff --git a/interface-definitions/service_console-server.xml.in b/interface-definitions/service_console-server.xml.in
new file mode 100644
index 000000000..679ea32a2
--- /dev/null
+++ b/interface-definitions/service_console-server.xml.in
@@ -0,0 +1,90 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="service">
+    <children>
+      <node name="console-server" owner="${vyos_conf_scripts_dir}/service_console-server.py">
+        <properties>
+          <help>Serial Console Server</help>
+        </properties>
+        <children>
+          <tagNode name="device">
+            <properties>
+              <help>System serial interface name (ttyS or ttyUSB)</help>
+              <completionHelp>
+                <script>ls -1 /dev | grep ttyS</script>
+                <script>ls -1 /dev/serial/by-bus</script>
+              </completionHelp>
+              <valueHelp>
+                <format>ttySxxx</format>
+                <description>Regular serial interface</description>
+              </valueHelp>
+              <valueHelp>
+                <format>usbxbxpx</format>
+                <description>USB based serial interface</description>
+              </valueHelp>
+              <constraint>
+                <regex>^(ttyS\d+|usb\d+b.*p.*)$</regex>
+              </constraint>
+            </properties>
+            <children>
+              #include <include/interface-description.xml.i>
+              #include <include/port-number.xml.i>
+              <leafNode name="speed">
+                <properties>
+                  <help>Serial port baud rate</help>
+                  <completionHelp>
+                    <list>300 1200 2400 4800 9600 19200 38400 57600 115200</list>
+                  </completionHelp>
+                  <constraint>
+                    <regex>(300|1200|2400|4800|9600|19200|38400|57600|115200)</regex>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="data-bits">
+                <properties>
+                  <help>Serial port data bits (default: 8)</help>
+                  <completionHelp>
+                    <list>7 8</list>
+                  </completionHelp>
+                  <constraint>
+                    <regex>(7|8)</regex>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="stop-bits">
+                <properties>
+                  <help>Serial port stop bits (default: 1)</help>
+                  <completionHelp>
+                    <list>1 2</list>
+                  </completionHelp>
+                  <constraint>
+                    <regex>(1|2)</regex>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="parity">
+                <properties>
+                  <help>Parity setting (default: none)</help>
+                  <completionHelp>
+                    <list>even odd none</list>
+                  </completionHelp>
+                  <constraint>
+                    <regex>(even|odd|none)</regex>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <node name="ssh">
+                <properties>
+                  <help>SSH remote access to this console</help>
+                </properties>
+                <children>
+                  #include <include/port-number.xml.i>
+                </children>
+              </node>
+            </children>
+          </tagNode>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/service_serial-proxy.xml.in b/interface-definitions/service_serial-proxy.xml.in
deleted file mode 100644
index 917af0122..000000000
--- a/interface-definitions/service_serial-proxy.xml.in
+++ /dev/null
@@ -1,90 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="service">
-    <children>
-      <node name="serial-proxy" owner="${vyos_conf_scripts_dir}/service_serial-proxy.py">
-        <properties>
-          <help>Serial to Network</help>
-        </properties>
-        <children>
-          <tagNode name="device">
-            <properties>
-              <help>System serial interface name (ttyS or ttyUSB)</help>
-              <completionHelp>
-                <script>ls -1 /dev | grep ttyS</script>
-                <script>ls -1 /dev/serial/by-bus</script>
-              </completionHelp>
-              <valueHelp>
-                <format>ttySxxx</format>
-                <description>Regular serial interface</description>
-              </valueHelp>
-              <valueHelp>
-                <format>usbxbxpx</format>
-                <description>USB based serial interface</description>
-              </valueHelp>
-              <constraint>
-                <regex>^(ttyS\d+|usb\d+b.*p.*)$</regex>
-              </constraint>
-            </properties>
-            <children>
-              #include <include/interface-description.xml.i>
-              #include <include/port-number.xml.i>
-              <leafNode name="speed">
-                <properties>
-                  <help>Serial port baud rate</help>
-                  <completionHelp>
-                    <list>300 1200 2400 4800 9600 19200 38400 57600 115200</list>
-                  </completionHelp>
-                  <constraint>
-                    <regex>(300|1200|2400|4800|9600|19200|38400|57600|115200)</regex>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="data-bits">
-                <properties>
-                  <help>Serial port data bits (default: 8)</help>
-                  <completionHelp>
-                    <list>7 8</list>
-                  </completionHelp>
-                  <constraint>
-                    <regex>(7|8)</regex>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="stop-bits">
-                <properties>
-                  <help>Serial port stop bits (default: 1)</help>
-                  <completionHelp>
-                    <list>1 2</list>
-                  </completionHelp>
-                  <constraint>
-                    <regex>(1|2)</regex>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="parity">
-                <properties>
-                  <help>Parity setting (default: none)</help>
-                  <completionHelp>
-                    <list>even odd none</list>
-                  </completionHelp>
-                  <constraint>
-                    <regex>(even|odd|none)</regex>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <node name="ssh">
-                <properties>
-                  <help>SSH remote access to this console</help>
-                </properties>
-                <children>
-                  #include <include/port-number.xml.i>
-                </children>
-              </node>
-            </children>
-          </tagNode>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/op-mode-definitions/connect-disconnect.xml b/op-mode-definitions/connect-disconnect.xml
index a394e9b91..69afe6db0 100644
--- a/op-mode-definitions/connect-disconnect.xml
+++ b/op-mode-definitions/connect-disconnect.xml
@@ -15,11 +15,11 @@
         </properties>
         <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --connect "$3"</command>
       </tagNode>
-      <tagNode name="serial-proxy">
+      <tagNode name="console-server">
         <properties>
-          <help>Connect to serial proxy port</help>
+          <help>Connect to port of serial console server</help>
           <completionHelp>
-            <path>service serial-proxy device</path>
+            <path>service console-server device</path>
           </completionHelp>
         </properties>
         <command>/usr/bin/console "$3"</command>
diff --git a/src/conf_mode/service_console-server.py b/src/conf_mode/service_console-server.py
new file mode 100755
index 000000000..087b13c04
--- /dev/null
+++ b/src/conf_mode/service_console-server.py
@@ -0,0 +1,108 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2018-2020 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+
+from sys import exit
+
+from vyos.config import Config
+from vyos.configdict import dict_merge
+from vyos.template import render
+from vyos.util import call
+from vyos import ConfigError
+
+config_file = r'/run/conserver/conserver.cf'
+
+# Default values are necessary until the implementation of T2588 is completed
+default_values = {
+    'data_bits': '8',
+    'parity': 'none',
+    'stop_bits': '1'
+}
+
+def get_config():
+    conf = Config()
+    base = ['service', 'console-server']
+
+    if not conf.exists(base):
+        return None
+
+    # Retrieve CLI representation as dictionary
+    proxy = conf.get_config_dict(base, key_mangling=('-', '_'))
+    # The retrieved dictionary will look something like this:
+    #
+    # {'device': {'usb0b2.4p1.0': {'speed': '9600'},
+    #             'usb0b2.4p1.1': {'data_bits': '8',
+    #                              'parity': 'none',
+    #                              'speed': '115200',
+    #                              'stop_bits': '2'}}}
+
+    # We have gathered the dict representation of the CLI, but there are default
+    # options which we need to update into the dictionary retrived.
+    for device in proxy['device'].keys():
+        tmp = dict_merge(default_values, proxy['device'][device])
+        proxy['device'][device] = tmp
+
+    return proxy
+
+def verify(proxy):
+    if not proxy:
+        return None
+
+    for tmp in proxy['device']:
+        device = proxy['device'][tmp]
+        if not device['speed']:
+            raise ConfigError(f'Serial port speed must be defined for "{tmp}"!')
+
+        if 'ssh' in device.keys():
+            if 'port' not in device['ssh'].keys():
+                raise ConfigError(f'SSH port must be defined for "{tmp}"!')
+
+    return None
+
+def generate(proxy):
+    if not proxy:
+        return None
+
+    render(config_file, 'conserver/conserver.conf.tmpl', proxy)
+    return None
+
+def apply(proxy):
+    call('systemctl stop conserver-server.service')
+    call('systemctl stop dropbear@*.service')
+
+    if not proxy:
+        if os.path.isfile(config_file):
+            os.unlink(config_file)
+        return None
+
+    call('systemctl restart conserver-server.service')
+
+    for device in proxy['device']:
+        if 'ssh' in proxy['device'][device].keys():
+            call('systemctl restart dropbear@{device}.service')
+
+    return None
+
+if __name__ == '__main__':
+    try:
+        c = get_config()
+        verify(c)
+        generate(c)
+        apply(c)
+    except ConfigError as e:
+        print(e)
+        exit(1)
diff --git a/src/conf_mode/service_serial-proxy.py b/src/conf_mode/service_serial-proxy.py
deleted file mode 100755
index 5f510d311..000000000
--- a/src/conf_mode/service_serial-proxy.py
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/usr/bin/env python3
-#
-# Copyright (C) 2018-2020 VyOS maintainers and contributors
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 or later as
-# published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-import os
-
-from sys import exit
-
-from vyos.config import Config
-from vyos.configdict import dict_merge
-from vyos.template import render
-from vyos.util import call
-from vyos import ConfigError
-
-config_file = r'/run/conserver/conserver.cf'
-
-# Default values are necessary until the implementation of T2588 is completed
-default_values = {
-    'data_bits': '8',
-    'parity': 'none',
-    'stop_bits': '1'
-}
-
-def get_config():
-    conf = Config()
-    base = ['service', 'serial-proxy']
-
-    if not conf.exists(base):
-        return None
-
-    # Retrieve CLI representation as dictionary
-    proxy = conf.get_config_dict(base, key_mangling=('-', '_'))
-    # The retrieved dictionary will look something like this:
-    #
-    # {'device': {'usb0b2.4p1.0': {'speed': '9600'},
-    #             'usb0b2.4p1.1': {'data_bits': '8',
-    #                              'parity': 'none',
-    #                              'speed': '115200',
-    #                              'stop_bits': '2'}}}
-
-    # We have gathered the dict representation of the CLI, but there are default
-    # options which we need to update into the dictionary retrived.
-    for device in proxy['device'].keys():
-        tmp = dict_merge(default_values, proxy['device'][device])
-        proxy['device'][device] = tmp
-
-    return proxy
-
-def verify(proxy):
-    if not proxy:
-        return None
-
-    for tmp in proxy['device']:
-        device = proxy['device'][tmp]
-        if not device['speed']:
-            raise ConfigError(f'Serial port speed must be defined for "{tmp}"!')
-
-        if 'ssh' in device.keys():
-            if 'port' not in device['ssh'].keys():
-                raise ConfigError(f'SSH port must be defined for "{tmp}"!')
-
-    return None
-
-def generate(proxy):
-    if not proxy:
-        return None
-
-    render(config_file, 'conserver/conserver.conf.tmpl', proxy)
-    return None
-
-def apply(proxy):
-    call('systemctl stop conserver-server.service')
-    call('systemctl stop dropbear@*.service')
-
-    if not proxy:
-        if os.path.isfile(config_file):
-            os.unlink(config_file)
-        return None
-
-    call('systemctl restart conserver-server.service')
-
-    for device in proxy['device']:
-        if 'ssh' in proxy['device'][device].keys():
-            call('systemctl restart dropbear@{device}.service')
-
-    return None
-
-if __name__ == '__main__':
-    try:
-        c = get_config()
-        verify(c)
-        generate(c)
-        apply(c)
-    except ConfigError as e:
-        print(e)
-        exit(1)
diff --git a/src/systemd/dropbear@.service b/src/systemd/dropbear@.service
index a4df6ad41..a7057ffe1 100644
--- a/src/systemd/dropbear@.service
+++ b/src/systemd/dropbear@.service
@@ -7,7 +7,7 @@ After=dropbearkey.service vyos-router.service conserver-server.service
 
 [Service]
 Type=forking
-ExecStartPre=/usr/bin/bash -c '/usr/bin/systemctl set-environment PORT=$(cli-shell-api returnValue service serial-proxy device "%I" ssh port)'
+ExecStartPre=/usr/bin/bash -c '/usr/bin/systemctl set-environment PORT=$(cli-shell-api returnValue service console-server device "%I" ssh port)'
 ExecStart=-/usr/sbin/dropbear -w -j -k -r /etc/dropbear/dropbear_rsa_host_key -c "/usr/bin/console %I" -P /run/conserver/dropbear.%I.pid -p ${PORT}
 PIDFile=/run/conserver/dropbear.%I.pid
 KillMode=process
-- 
cgit v1.2.3


From 587416ef606827c5cbf6ac49834fc65283794fbb Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Fri, 19 Jun 2020 16:12:27 +0200
Subject: console-server: T2490: add SSH support for direct device access

---
 src/conf_mode/service_console-server.py                 | 17 +++++++++--------
 .../system/conserver-server.service.d/override.conf     |  3 ++-
 src/systemd/dropbear@.service                           |  6 +++---
 3 files changed, 14 insertions(+), 12 deletions(-)

(limited to 'src/systemd/dropbear@.service')

diff --git a/src/conf_mode/service_console-server.py b/src/conf_mode/service_console-server.py
index 087b13c04..7f6967983 100755
--- a/src/conf_mode/service_console-server.py
+++ b/src/conf_mode/service_console-server.py
@@ -62,13 +62,14 @@ def verify(proxy):
     if not proxy:
         return None
 
-    for tmp in proxy['device']:
-        device = proxy['device'][tmp]
-        if not device['speed']:
+    for device in proxy['device']:
+        keys = proxy['device'][device].keys()
+        if 'speed' not in keys:
             raise ConfigError(f'Serial port speed must be defined for "{tmp}"!')
 
-        if 'ssh' in device.keys():
-            if 'port' not in device['ssh'].keys():
+        if 'ssh' in keys:
+            ssh_keys = proxy['device'][device]['ssh'].keys()
+            if 'port' not in ssh_keys:
                 raise ConfigError(f'SSH port must be defined for "{tmp}"!')
 
     return None
@@ -81,8 +82,7 @@ def generate(proxy):
     return None
 
 def apply(proxy):
-    call('systemctl stop conserver-server.service')
-    call('systemctl stop dropbear@*.service')
+    call('systemctl stop dropbear@*.service conserver-server.service')
 
     if not proxy:
         if os.path.isfile(config_file):
@@ -93,7 +93,8 @@ def apply(proxy):
 
     for device in proxy['device']:
         if 'ssh' in proxy['device'][device].keys():
-            call('systemctl restart dropbear@{device}.service')
+            port = proxy['device'][device]['ssh']['port']
+            call(f'systemctl restart dropbear@{device}.service')
 
     return None
 
diff --git a/src/etc/systemd/system/conserver-server.service.d/override.conf b/src/etc/systemd/system/conserver-server.service.d/override.conf
index 5301b38ce..828d0bc4b 100644
--- a/src/etc/systemd/system/conserver-server.service.d/override.conf
+++ b/src/etc/systemd/system/conserver-server.service.d/override.conf
@@ -1,9 +1,10 @@
 [Unit]
 After=
 After=vyos-router.service
+ConditionPathExists=/run/conserver/conserver.cf
 
 [Service]
 Type=simple
 ExecStart=
 ExecStart=/usr/sbin/conserver -C /run/conserver/conserver.cf
-
+Restart=on-failure
diff --git a/src/systemd/dropbear@.service b/src/systemd/dropbear@.service
index a7057ffe1..606a7ea6d 100644
--- a/src/systemd/dropbear@.service
+++ b/src/systemd/dropbear@.service
@@ -2,13 +2,13 @@
 Description=Dropbear SSH per-connection server
 Requires=dropbearkey.service
 Wants=conserver-server.service
-After=mongodb.service
+ConditionPathExists=/run/conserver/conserver.cf
 After=dropbearkey.service vyos-router.service conserver-server.service
 
 [Service]
 Type=forking
-ExecStartPre=/usr/bin/bash -c '/usr/bin/systemctl set-environment PORT=$(cli-shell-api returnValue service console-server device "%I" ssh port)'
+ExecStartPre=/usr/bin/bash -c '/usr/bin/systemctl set-environment PORT=$(cli-shell-api returnActiveValue service console-server device "%I" ssh port)'
 ExecStart=-/usr/sbin/dropbear -w -j -k -r /etc/dropbear/dropbear_rsa_host_key -c "/usr/bin/console %I" -P /run/conserver/dropbear.%I.pid -p ${PORT}
 PIDFile=/run/conserver/dropbear.%I.pid
 KillMode=process
-
+Restart=on-failure
-- 
cgit v1.2.3