T6732: added same as vyos 1x

3 files changed, 128 insertions, 0 deletions

diff --git a/src/migration-scripts/ntp/0-to-1 b/src/migration-scripts/ntp/0-to-1
new file mode 100644
index 0000000..01f5a46
--- /dev/null
+++ b/src/migration-scripts/ntp/0-to-1
@@ -0,0 +1,32 @@
+#!/usr/bin/env python3
+
+# Copyright 2018-2024 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library.  If not, see <http://www.gnu.org/licenses/>.
+
+# Delete "set system ntp server <n> dynamic" option
+
+from vyos.configtree import ConfigTree
+
+def migrate(config: ConfigTree) -> None:
+    if not config.exists(['system', 'ntp', 'server']):
+        # Nothing to do
+        return
+
+    # Delete abandoned leaf node if found inside tag node for
+    # "set system ntp server <n> dynamic"
+    base = ['system', 'ntp', 'server']
+    for server in config.list_nodes(base):
+        if config.exists(base + [server, 'dynamic']):
+            config.delete(base + [server, 'dynamic'])
diff --git a/src/migration-scripts/ntp/1-to-2 b/src/migration-scripts/ntp/1-to-2
new file mode 100644
index 0000000..fd7b082
--- /dev/null
+++ b/src/migration-scripts/ntp/1-to-2
@@ -0,0 +1,53 @@
+# Copyright 2023-2024 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library.  If not, see <http://www.gnu.org/licenses/>.
+
+# T3008: move from ntpd to chrony and migrate "system ntp" to "service ntp"
+
+from vyos.configtree import ConfigTree
+
+base_path = ['system', 'ntp']
+new_base_path = ['service', 'ntp']
+
+def migrate(config: ConfigTree) -> None:
+    if not config.exists(base_path):
+        # Nothing to do
+        return
+
+    # config.copy does not recursively create a path, so create ['service'] if
+    # it doesn't yet exist, such as for config.boot.default
+    if not config.exists(['service']):
+        config.set(['service'])
+
+    # copy "system ntp" to "service ntp"
+    config.copy(base_path, new_base_path)
+    config.delete(base_path)
+
+    # chrony does not support the preempt option, drop it
+    for server in config.list_nodes(new_base_path + ['server']):
+        server_base =  new_base_path + ['server', server]
+        if config.exists(server_base + ['preempt']):
+            config.delete(server_base + ['preempt'])
+
+    # Rename "allow-clients" -> "allow-client"
+    if config.exists(new_base_path + ['allow-clients']):
+        config.rename(new_base_path + ['allow-clients'], 'allow-client')
+
+    # By default VyOS 1.3 allowed NTP queries for all networks - in chrony we
+    # explicitly disable this behavior and clients need to be specified using the
+    # allow-client CLI option. In order to be fully backwards compatible, we specify
+    # 0.0.0.0/0 and ::/0 as allow networks if not specified otherwise explicitly.
+    if not config.exists(new_base_path + ['allow-client']):
+        config.set(new_base_path + ['allow-client', 'address'], value='0.0.0.0/0', replace=False)
+        config.set(new_base_path + ['allow-client', 'address'], value='::/0', replace=False)
diff --git a/src/migration-scripts/ntp/2-to-3 b/src/migration-scripts/ntp/2-to-3
new file mode 100644
index 0000000..bbda903
--- /dev/null
+++ b/src/migration-scripts/ntp/2-to-3
@@ -0,0 +1,43 @@
+# Copyright 2023-2024 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library.  If not, see <http://www.gnu.org/licenses/>.
+
+# T5154: allow only one ip address per family for parameter 'listen-address'
+# Allow only one interface for parameter 'interface'
+# If more than one are specified, remove such entries
+
+from vyos.configtree import ConfigTree
+from vyos.template import is_ipv4
+from vyos.template import is_ipv6
+
+base_path = ['service', 'ntp']
+
+def migrate(config: ConfigTree) -> None:
+    if not config.exists(base_path):
+        # Nothing to do
+        return
+
+    if config.exists(base_path + ['listen-address']) and (len([addr for addr in config.return_values(base_path + ['listen-address']) if is_ipv4(addr)]) > 1):
+        for addr in config.return_values(base_path + ['listen-address']):
+            if is_ipv4(addr):
+                config.delete_value(base_path + ['listen-address'], addr)
+
+    if config.exists(base_path + ['listen-address']) and (len([addr for addr in config.return_values(base_path + ['listen-address']) if is_ipv6(addr)]) > 1):
+        for addr in config.return_values(base_path + ['listen-address']):
+            if is_ipv6(addr):
+                config.delete_value(base_path + ['listen-address'], addr)
+
+    if config.exists(base_path + ['interface']):
+        if len(config.return_values(base_path + ['interface'])) > 1:
+            config.delete(base_path + ['interface'])