From 28ba0ef32425ee458293a37a4a5ba664dfe577b2 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Wed, 6 Jul 2022 15:32:42 +0000
Subject: op-mode: T4503: Prevent restart service if commit in progress

Prevent op-mode scripts from restarting services if commit in
progress
---
 src/op_mode/clear_dhcp_lease.py        | 5 +++++
 src/op_mode/connect_disconnect.py      | 4 ++++
 src/op_mode/conntrack_sync.py          | 4 ++++
 src/op_mode/flow_accounting_op.py      | 7 ++++++-
 src/op_mode/generate_ssh_server_key.py | 5 +++++
 src/op_mode/openconnect-control.py     | 9 ++++++++-
 src/op_mode/reset_openvpn.py           | 4 ++++
 src/op_mode/restart_dhcp_relay.py      | 7 +++++++
 8 files changed, 43 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/op_mode/clear_dhcp_lease.py b/src/op_mode/clear_dhcp_lease.py
index 6ac3d4c1c..250dbcce1 100755
--- a/src/op_mode/clear_dhcp_lease.py
+++ b/src/op_mode/clear_dhcp_lease.py
@@ -9,6 +9,7 @@ from isc_dhcp_leases import IscDhcpLeases
 from vyos.configquery import ConfigTreeQuery
 from vyos.util import ask_yes_no
 from vyos.util import call
+from vyos.util import commit_in_progress
 
 
 config = ConfigTreeQuery()
@@ -66,6 +67,10 @@ if __name__ == '__main__':
     if not is_ip_in_leases(address):
         exit(1)
 
+    if commit_in_progress():
+        print('Cannot clear DHCP lease while a commit is in progress')
+        exit(1)
+
     if not ask_yes_no(f'This will restart DHCP server.\nContinue?'):
         exit(1)
     else:
diff --git a/src/op_mode/connect_disconnect.py b/src/op_mode/connect_disconnect.py
index ffc574362..936c20bcb 100755
--- a/src/op_mode/connect_disconnect.py
+++ b/src/op_mode/connect_disconnect.py
@@ -20,6 +20,7 @@ import argparse
 from psutil import process_iter
 
 from vyos.util import call
+from vyos.util import commit_in_progress
 from vyos.util import DEVNULL
 from vyos.util import is_wwan_connected
 
@@ -87,6 +88,9 @@ def main():
     args = parser.parse_args()
 
     if args.connect:
+        if commit_in_progress():
+            print('Cannot connect while a commit is in progress')
+            exit(1)
         connect(args.connect)
     elif args.disconnect:
         disconnect(args.disconnect)
diff --git a/src/op_mode/conntrack_sync.py b/src/op_mode/conntrack_sync.py
index e45c38f07..54ecd6d0e 100755
--- a/src/op_mode/conntrack_sync.py
+++ b/src/op_mode/conntrack_sync.py
@@ -22,6 +22,7 @@ from argparse import ArgumentParser
 from vyos.configquery import CliShellApiConfigQuery
 from vyos.configquery import ConfigTreeQuery
 from vyos.util import call
+from vyos.util import commit_in_progress
 from vyos.util import cmd
 from vyos.util import run
 from vyos.template import render_to_string
@@ -86,6 +87,9 @@ if __name__ == '__main__':
 
     if args.restart:
         is_configured()
+        if commit_in_progress():
+            print('Cannot restart conntrackd while a commit is in progress')
+            exit(1)
 
         syslog.syslog('Restarting conntrack sync service...')
         cmd('systemctl restart conntrackd.service')
diff --git a/src/op_mode/flow_accounting_op.py b/src/op_mode/flow_accounting_op.py
index 6586cbceb..514143cd7 100755
--- a/src/op_mode/flow_accounting_op.py
+++ b/src/op_mode/flow_accounting_op.py
@@ -22,7 +22,9 @@ import ipaddress
 import os.path
 from tabulate import tabulate
 from json import loads
-from vyos.util import cmd, run
+from vyos.util import cmd
+from vyos.util import commit_in_progress
+from vyos.util import run
 from vyos.logger import syslog
 
 # some default values
@@ -224,6 +226,9 @@ if not _uacctd_running():
 
 # restart pmacct daemon
 if cmd_args.action == 'restart':
+    if commit_in_progress():
+        print('Cannot restart flow-accounting while a commit is in progress')
+        exit(1)
     # run command to restart flow-accounting
     cmd('systemctl restart uacctd.service',
         message='Failed to restart flow-accounting')
diff --git a/src/op_mode/generate_ssh_server_key.py b/src/op_mode/generate_ssh_server_key.py
index cbc9ef973..43e94048d 100755
--- a/src/op_mode/generate_ssh_server_key.py
+++ b/src/op_mode/generate_ssh_server_key.py
@@ -17,10 +17,15 @@
 from sys import exit
 from vyos.util import ask_yes_no
 from vyos.util import cmd
+from vyos.util import commit_in_progress
 
 if not ask_yes_no('Do you really want to remove the existing SSH host keys?'):
     exit(0)
 
+if commit_in_progress():
+    print('Cannot restart SSH while a commit is in progress')
+    exit(1)
+
 cmd('rm -v /etc/ssh/ssh_host_*')
 cmd('dpkg-reconfigure openssh-server')
 cmd('systemctl restart ssh.service')
diff --git a/src/op_mode/openconnect-control.py b/src/op_mode/openconnect-control.py
index c3cd25186..a128cc011 100755
--- a/src/op_mode/openconnect-control.py
+++ b/src/op_mode/openconnect-control.py
@@ -19,7 +19,10 @@ import argparse
 import json
 
 from vyos.config import Config
-from vyos.util import popen, run, DEVNULL
+from vyos.util import commit_in_progress
+from vyos.util import popen
+from vyos.util import run
+from vyos.util import DEVNULL
 from tabulate import tabulate
 
 occtl        = '/usr/bin/occtl'
@@ -57,6 +60,10 @@ def main():
     # Check is Openconnect server configured
     is_ocserv_configured()
 
+    if commit_in_progress():
+        print('Cannot restart openconnect while a commit is in progress')
+        exit(1)
+
     if args.action == "restart":
         run("sudo systemctl restart ocserv.service")
         sys.exit(0)
diff --git a/src/op_mode/reset_openvpn.py b/src/op_mode/reset_openvpn.py
index dbd3eb4d1..efbf65083 100755
--- a/src/op_mode/reset_openvpn.py
+++ b/src/op_mode/reset_openvpn.py
@@ -17,6 +17,7 @@
 import os
 from sys import argv, exit
 from vyos.util import call
+from vyos.util import commit_in_progress
 
 if __name__ == '__main__':
     if (len(argv) < 1):
@@ -25,6 +26,9 @@ if __name__ == '__main__':
 
     interface = argv[1]
     if os.path.isfile(f'/run/openvpn/{interface}.conf'):
+        if commit_in_progress():
+            print('Cannot restart OpenVPN while a commit is in progress')
+            exit(1)
         call(f'systemctl restart openvpn@{interface}.service')
     else:
         print(f'OpenVPN interface "{interface}" does not exist!')
diff --git a/src/op_mode/restart_dhcp_relay.py b/src/op_mode/restart_dhcp_relay.py
index af4fb2d15..db5a48970 100755
--- a/src/op_mode/restart_dhcp_relay.py
+++ b/src/op_mode/restart_dhcp_relay.py
@@ -24,6 +24,7 @@ import os
 
 import vyos.config
 from vyos.util import call
+from vyos.util import commit_in_progress
 
 
 parser = argparse.ArgumentParser()
@@ -39,6 +40,9 @@ if __name__ == '__main__':
         if not c.exists_effective('service dhcp-relay'):
             print("DHCP relay service not configured")
         else:
+            if commit_in_progress():
+                print('Cannot restart DHCP relay while a commit is in progress')
+                exit(1)
             call('systemctl restart isc-dhcp-server.service')
 
         sys.exit(0)
@@ -47,6 +51,9 @@ if __name__ == '__main__':
         if not c.exists_effective('service dhcpv6-relay'):
             print("DHCPv6 relay service not configured")
         else:
+            if commit_in_progress():
+                print('Cannot restart DHCPv6 relay while commit is in progress')
+                exit(1)
             call('systemctl restart isc-dhcp-server6.service')
 
         sys.exit(0)
-- 
cgit v1.2.3