def get_config():
c = Config()
interfaces = dict()
for intf in c.list_effective_nodes('interfaces ethernet'):
# skip interfaces that are disabled or is configured for dhcp
check_disable = "interfaces ethernet {} disable".format(intf)
check_dhcp = "interfaces ethernet {} address dhcp".format(intf)
if c.exists_effective(check_disable) or c.exists_effective(check_dhcp):
continue
# get addresses configured on the interface
intf_addresses = c.return_effective_values(
"interfaces ethernet {} address".format(intf))
interfaces[intf] = [addr.strip("'") for addr in intf_addresses]
return interfaces
def get_config():
conf = Config()
mroute = {'old_mroute': {}, 'mroute': {}}
base_path = "protocols static multicast"
if not (conf.exists(base_path) or conf.exists_effective(base_path)):
return None
conf.set_level(base_path)
# Get multicast effective routes
for route in conf.list_effective_nodes('route'):
mroute['old_mroute'][route] = {}
for next_hop in conf.list_effective_nodes(
'route {0} next-hop'.format(route)):
mroute['old_mroute'][route].update({
next_hop:
conf.return_value('route {0} next-hop {1} distance'.format(
route, next_hop))
})
# Get multicast effective interface-routes
for route in conf.list_effective_nodes('interface-route'):
if not route in mroute['old_mroute']:
mroute['old_mroute'][route] = {}
for next_hop in conf.list_effective_nodes(
'interface-route {0} next-hop-interface'.format(route)):
mroute['old_mroute'][route].update({
next_hop:
conf.return_value(
'interface-route {0} next-hop-interface {1} distance'.
format(route, next_hop))
})
# Get multicast routes
for route in conf.list_nodes('route'):
mroute['mroute'][route] = {}
for next_hop in conf.list_nodes('route {0} next-hop'.format(route)):
mroute['mroute'][route].update({
next_hop:
conf.return_value('route {0} next-hop {1} distance'.format(
route, next_hop))
})
# Get multicast interface-routes
for route in conf.list_nodes('interface-route'):
if not route in mroute['mroute']:
mroute['mroute'][route] = {}
for next_hop in conf.list_nodes(
'interface-route {0} next-hop-interface'.format(route)):
mroute['mroute'][route].update({
next_hop:
conf.return_value(
'interface-route {0} next-hop-interface {1} distance'.
format(route, next_hop))
})
return mroute
def get_config():
c = Config()
if not c.exists_effective('interfaces ethernet'):
return None
interfaces = {}
for intf in c.list_effective_nodes('interfaces ethernet'):
if not c.exists_effective('interfaces ethernet ' + intf +
' disable') and c.exists_effective(
'interfaces ethernet ' + intf +
' address'):
interfaces[intf] = re.sub(
"\'", "",
c.return_effective_values('interfaces ethernet ' + intf +
' address')).split()
return interfaces
def get_config():
conf = Config()
igmp_conf = {'igmp_conf': False, 'old_ifaces': {}, 'ifaces': {}}
if not (conf.exists('protocols igmp')
or conf.exists_effective('protocols igmp')):
return None
if conf.exists('protocols igmp'):
igmp_conf['igmp_conf'] = True
conf.set_level('protocols igmp')
# # Get interfaces
for iface in conf.list_effective_nodes('interface'):
igmp_conf['old_ifaces'].update({
iface: {
'version':
conf.return_effective_value(
'interface {0} version'.format(iface)),
'query_interval':
conf.return_effective_value(
'interface {0} query-interval'.format(iface)),
'query_max_resp_time':
conf.return_effective_value(
'interface {0} query-max-response-time'.format(iface)),
'gr_join': {}
}
})
for gr_join in conf.list_effective_nodes(
'interface {0} join'.format(iface)):
igmp_conf['old_ifaces'][iface]['gr_join'][
gr_join] = conf.return_effective_values(
'interface {0} join {1} source'.format(iface, gr_join))
for iface in conf.list_nodes('interface'):
igmp_conf['ifaces'].update({
iface: {
'version':
conf.return_value('interface {0} version'.format(iface)),
'query_interval':
conf.return_value(
'interface {0} query-interval'.format(iface)),
'query_max_resp_time':
conf.return_value(
'interface {0} query-max-response-time'.format(iface)),
'gr_join': {}
}
})
for gr_join in conf.list_nodes('interface {0} join'.format(iface)):
igmp_conf['ifaces'][iface]['gr_join'][
gr_join] = conf.return_values(
'interface {0} join {1} source'.format(iface, gr_join))
return igmp_conf
def show_status():
# Do nothing if service is not configured
c = Config()
if not c.exists_effective('service dns dynamic'):
print("Dynamic DNS not configured")
sys.exit(0)
data = {
'hosts': []
}
with open(cache_file, 'r') as f:
for line in f:
if line.startswith('#'):
continue
outp = {
'host': '',
'ip': '',
'time': ''
}
if 'host=' in line:
host = line.split('host=')[1]
if host:
outp['host'] = host.split(',')[0]
if 'ip=' in line:
ip = line.split('ip=')[1]
if ip:
outp['ip'] = ip.split(',')[0]
if 'atime=' in line:
atime = line.split('atime=')[1]
if atime:
tmp = atime.split(',')[0]
outp['time'] = time.strftime("%Y-%m-%d %H:%M:%S", time.gmtime(int(tmp, base=10)))
if 'status=' in line:
status = line.split('status=')[1]
if status:
outp['status'] = status.split(',')[0]
data['hosts'].append(outp)
tmpl = jinja2.Template(OUT_TMPL_SRC)
print(tmpl.render(data))
def get_config():
ip_opt = deepcopy(default_config_data)
conf = Config()
conf.set_level('system ipv6')
if conf.exists(''):
ip_opt['disable_addr_assignment'] = conf.exists('disable')
if conf.exists_effective('disable') != conf.exists('disable'):
ip_opt['reboot_message'] = True
if conf.exists('disable-forwarding'):
ip_opt['ipv6_forward'] = '0'
if conf.exists('multipath layer4-hashing'):
ip_opt['mp_layer4_hashing'] = '1'
if conf.exists('neighbor table-size'):
ip_opt['neighbor_cache'] = int(
conf.return_value('neighbor table-size'))
if conf.exists('strict-dad'):
ip_opt['strict_dad'] = 2
return ip_opt
def get_config():
bfd = deepcopy(default_config_data)
conf = Config()
if not (conf.exists('protocols bfd')
or conf.exists_effective('protocols bfd')):
return None
else:
conf.set_level('protocols bfd')
# as we have to use vtysh to talk to FRR we also need to know
# which peers are gone due to a config removal - thus we read in
# all peers (active or to delete)
for peer in conf.list_effective_nodes('peer'):
bfd['old_peers'].append(get_bfd_peer_config(peer, "effective"))
for peer in conf.list_nodes('peer'):
bfd['new_peers'].append(get_bfd_peer_config(peer))
# find deleted peers
set_new_peers = set(conf.list_nodes('peer'))
set_old_peers = set(conf.list_effective_nodes('peer'))
bfd['deleted_peers'] = set_old_peers - set_new_peers
return bfd
def get_config():
l2tpv3 = deepcopy(default_config_data)
conf = Config()
# determine tagNode instance
if 'VYOS_TAGNODE_VALUE' not in os.environ:
raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified')
l2tpv3['intf'] = os.environ['VYOS_TAGNODE_VALUE']
# Check if interface has been removed
if not conf.exists('interfaces l2tpv3 ' + l2tpv3['intf']):
l2tpv3['deleted'] = True
# to delete the l2tpv3 interface we need to current
# tunnel_id and session_id
if conf.exists_effective('interfaces l2tpv3 {} tunnel-id'.format(
l2tpv3['intf'])):
l2tpv3['tunnel_id'] = conf.return_effective_value(
'interfaces l2tpv3 {} tunnel-id'.format(l2tpv3['intf']))
if conf.exists_effective('interfaces l2tpv3 {} session-id'.format(
l2tpv3['intf'])):
l2tpv3['session_id'] = conf.return_effective_value(
'interfaces l2tpv3 {} session-id'.format(l2tpv3['intf']))
return l2tpv3
# set new configuration level
conf.set_level('interfaces l2tpv3 ' + l2tpv3['intf'])
# retrieve configured interface addresses
if conf.exists('address'):
l2tpv3['address'] = conf.return_values('address')
# retrieve interface description
if conf.exists('description'):
l2tpv3['description'] = conf.return_value('description')
# get tunnel destination port
if conf.exists('destination-port'):
l2tpv3['remote_port'] = int(conf.return_value('destination-port'))
# Disable this interface
if conf.exists('disable'):
l2tpv3['disable'] = True
# get tunnel encapsulation type
if conf.exists('encapsulation'):
l2tpv3['encapsulation'] = conf.return_value('encapsulation')
# get tunnel local ip address
if conf.exists('local-ip'):
l2tpv3['local_address'] = conf.return_value('local-ip')
# Enable acquisition of IPv6 address using stateless autoconfig (SLAAC)
if conf.exists('ipv6 address autoconf'):
l2tpv3['ipv6_autoconf'] = 1
# Get prefix for IPv6 addressing based on MAC address (EUI-64)
if conf.exists('ipv6 address eui64'):
l2tpv3['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64')
# Disable IPv6 forwarding on this interface
if conf.exists('ipv6 disable-forwarding'):
l2tpv3['ipv6_forwarding'] = 0
# IPv6 Duplicate Address Detection (DAD) tries
if conf.exists('ipv6 dup-addr-detect-transmits'):
l2tpv3['ipv6_dup_addr_detect'] = int(
conf.return_value('ipv6 dup-addr-detect-transmits'))
# Maximum Transmission Unit (MTU)
if conf.exists('mtu'):
l2tpv3['mtu'] = int(conf.return_value('mtu'))
# Remote session id
if conf.exists('peer-session-id'):
l2tpv3['peer_session_id'] = conf.return_value('peer-session-id')
# Remote tunnel id
if conf.exists('peer-tunnel-id'):
l2tpv3['peer_tunnel_id'] = conf.return_value('peer-tunnel-id')
# Remote address of L2TPv3 tunnel
if conf.exists('remote-ip'):
l2tpv3['remote_address'] = conf.return_value('remote-ip')
# Local session id
if conf.exists('session-id'):
l2tpv3['session_id'] = conf.return_value('session-id')
# get local tunnel port
if conf.exists('source-port'):
l2tpv3['local_port'] = conf.return_value('source-port')
# get local tunnel id
if conf.exists('tunnel-id'):
l2tpv3['tunnel_id'] = conf.return_value('tunnel-id')
return l2tpv3
from vyos.config import Config
PDNS_CMD = '/usr/bin/rec_control'
OUT_TMPL_SRC = """
DNS forwarding statistics:
Cache entries: {{ cache_entries -}}
Cache size: {{ cache_size }} kbytes
"""
if __name__ == '__main__':
# Do nothing if service is not configured
c = Config()
if not c.exists_effective('service dns forwarding'):
print("DNS forwarding is not configured")
sys.exit(0)
data = {}
data['cache_entries'] = subprocess.check_output(
[PDNS_CMD, 'get cache-entries']).decode()
data['cache_size'] = "{0:.2f}".format(
int(subprocess.check_output([PDNS_CMD, 'get cache-bytes']).decode()) /
1024)
tmpl = jinja2.Template(OUT_TMPL_SRC)
print(tmpl.render(data))
if args.mode == mode:
interfaces.append(intf)
for intf in interfaces:
data = get_status(args.mode, intf)
local_host = config.return_effective_value(
'interfaces openvpn {} local-host'.format(intf))
local_port = config.return_effective_value(
'interfaces openvpn {} local-port'.format(intf))
if local_host and local_port:
data['local'] = local_host + ':' + local_port
if args.mode in ['client', 'site-to-site']:
for client in data['clients']:
if config.exists_effective(
'interfaces openvpn {} shared-secret-key-file'.format(
intf)):
client['name'] = "None (PSK)"
remote_host = config.return_effective_values(
'interfaces openvpn {} remote-host'.format(intf))
remote_port = config.return_effective_value(
'interfaces openvpn {} remote-port'.format(intf))
if not remote_port:
remote_port = '1194'
if len(remote_host) >= 1:
client['remote'] = str(remote_host[0]) + ':' + remote_port
tmpl = jinja2.Template(outp_tmpl)
def get_config():
conf = Config()
pim_conf = {
'pim_conf': False,
'old_pim': {
'ifaces': {},
'rp': {}
},
'pim': {
'ifaces': {},
'rp': {}
}
}
if not (conf.exists('protocols pim')
or conf.exists_effective('protocols pim')):
return None
if conf.exists('protocols pim'):
pim_conf['pim_conf'] = True
conf.set_level('protocols pim')
# Get interfaces
for iface in conf.list_effective_nodes('interface'):
pim_conf['old_pim']['ifaces'].update({
iface: {
'hello':
conf.return_effective_value(
'interface {0} hello'.format(iface)),
'dr_prio':
conf.return_effective_value(
'interface {0} dr-priority'.format(iface))
}
})
for iface in conf.list_nodes('interface'):
pim_conf['pim']['ifaces'].update({
iface: {
'hello':
conf.return_value('interface {0} hello'.format(iface)),
'dr_prio':
conf.return_value('interface {0} dr-priority'.format(iface)),
}
})
conf.set_level('protocols pim rp')
# Get RPs addresses
for rp_addr in conf.list_effective_nodes('address'):
pim_conf['old_pim']['rp'][rp_addr] = conf.return_effective_values(
'address {0} group'.format(rp_addr))
for rp_addr in conf.list_nodes('address'):
pim_conf['pim']['rp'][rp_addr] = conf.return_values(
'address {0} group'.format(rp_addr))
# Get RP keep-alive-timer
if conf.exists_effective('rp keep-alive-timer'):
pim_conf['old_pim']['rp_keep_alive'] = conf.return_effective_value(
'rp keep-alive-timer')
if conf.exists('rp keep-alive-timer'):
pim_conf['pim']['rp_keep_alive'] = conf.return_value(
'rp keep-alive-timer')
return pim_conf
type=str,
nargs="+",
choices=lease_valid_states,
default="active",
help="Lease state to show (can specify multiple with spaces)")
parser.add_argument("-j",
"--json",
action="store_true",
default=False,
help="Produce JSON output")
args = parser.parse_args()
# Do nothing if service is not configured
c = Config()
if not c.exists_effective('service dhcpv6-server'):
print("DHCPv6 service is not configured")
sys.exit(0)
# if dhcp server is down, inactive leases may still be shown as active, so warn the user.
if call('systemctl -q is-active isc-dhcpv6-server.service') != 0:
print(
"WARNING: DHCPv6 server is configured but not started. Data may be stale."
)
if args.leases:
leases = get_leases(lease_file, args.state, args.pool, args.sort)
if args.json:
print(json.dumps(leases, indent=4))
else:
from sys import exit
from vyos.config import Config
from vyos.util import call
parser = argparse.ArgumentParser()
parser.add_argument("-a", "--all", action="store_true", help="Reset all cache")
parser.add_argument("domain",
type=str,
nargs="?",
help="Domain to reset cache entries for")
if __name__ == '__main__':
args = parser.parse_args()
# Do nothing if service is not configured
c = Config()
if not c.exists_effective(['service', 'dns', 'forwarding']):
print("DNS forwarding is not configured")
exit(0)
if args.all:
call("rec_control wipe-cache \'.$\'")
exit(0)
elif args.domain:
call("rec_control wipe-cache \'{0}$\'".format(args.domain))
else:
parser.print_help()
exit(1)
def get_config():
conf = Config()
mpls_conf = {
'router_id' : None,
'mpls_ldp' : False,
'old_ldp' : {
'interfaces' : [],
'neighbors' : {},
'd_transp_ipv4' : None,
'd_transp_ipv6' : None
},
'ldp' : {
'interfaces' : [],
'neighbors' : {},
'd_transp_ipv4' : None,
'd_transp_ipv6' : None
}
}
if not (conf.exists('protocols mpls') or conf.exists_effective('protocols mpls')):
return None
if conf.exists('protocols mpls ldp'):
mpls_conf['mpls_ldp'] = True
conf.set_level('protocols mpls ldp')
# Get router-id
if conf.exists_effective('router-id'):
mpls_conf['old_router_id'] = conf.return_effective_value('router-id')
if conf.exists('router-id'):
mpls_conf['router_id'] = conf.return_value('router-id')
# Get discovery transport-ipv4-address
if conf.exists_effective('discovery transport-ipv4-address'):
mpls_conf['old_ldp']['d_transp_ipv4'] = conf.return_effective_value('discovery transport-ipv4-address')
if conf.exists('discovery transport-ipv4-address'):
mpls_conf['ldp']['d_transp_ipv4'] = conf.return_value('discovery transport-ipv4-address')
# Get discovery transport-ipv6-address
if conf.exists_effective('discovery transport-ipv6-address'):
mpls_conf['old_ldp']['d_transp_ipv6'] = conf.return_effective_value('discovery transport-ipv6-address')
if conf.exists('discovery transport-ipv6-address'):
mpls_conf['ldp']['d_transp_ipv6'] = conf.return_value('discovery transport-ipv6-address')
# Get interfaces
if conf.exists_effective('interface'):
mpls_conf['old_ldp']['interfaces'] = conf.return_effective_values('interface')
if conf.exists('interface'):
mpls_conf['ldp']['interfaces'] = conf.return_values('interface')
# Get neighbors
for neighbor in conf.list_effective_nodes('neighbor'):
mpls_conf['old_ldp']['neighbors'].update({
neighbor : {
'password' : conf.return_effective_value('neighbor {0} password'.format(neighbor))
}
})
for neighbor in conf.list_nodes('neighbor'):
mpls_conf['ldp']['neighbors'].update({
neighbor : {
'password' : conf.return_value('neighbor {0} password'.format(neighbor))
}
})
return mpls_conf
def get_config():
l2tpv3 = deepcopy(default_config_data)
conf = Config()
# determine tagNode instance
if 'VYOS_TAGNODE_VALUE' not in os.environ:
raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified')
l2tpv3['intf'] = os.environ['VYOS_TAGNODE_VALUE']
# check if interface is member of a bridge
l2tpv3['is_bridge_member'] = is_member(conf, l2tpv3['intf'], 'bridge')
# Check if interface has been removed
if not conf.exists('interfaces l2tpv3 ' + l2tpv3['intf']):
l2tpv3['deleted'] = True
interface = l2tpv3['intf']
# to delete the l2tpv3 interface we need the current tunnel_id and session_id
if conf.exists_effective(f'interfaces l2tpv3 {interface} tunnel-id'):
l2tpv3['tunnel_id'] = conf.return_effective_value(
f'interfaces l2tpv3 {interface} tunnel-id')
if conf.exists_effective(f'interfaces l2tpv3 {interface} session-id'):
l2tpv3['session_id'] = conf.return_effective_value(
f'interfaces l2tpv3 {interface} session-id')
return l2tpv3
# set new configuration level
conf.set_level('interfaces l2tpv3 ' + l2tpv3['intf'])
# retrieve configured interface addresses
if conf.exists('address'):
l2tpv3['address'] = conf.return_values('address')
# retrieve interface description
if conf.exists('description'):
l2tpv3['description'] = conf.return_value('description')
# get tunnel destination port
if conf.exists('destination-port'):
l2tpv3['remote_port'] = int(conf.return_value('destination-port'))
# Disable this interface
if conf.exists('disable'):
l2tpv3['disable'] = True
# get tunnel encapsulation type
if conf.exists('encapsulation'):
l2tpv3['encapsulation'] = conf.return_value('encapsulation')
# get tunnel local ip address
if conf.exists('local-ip'):
l2tpv3['local_address'] = conf.return_value('local-ip')
# Enable acquisition of IPv6 address using stateless autoconfig (SLAAC)
if conf.exists('ipv6 address autoconf'):
l2tpv3['ipv6_autoconf'] = 1
# Get prefixes for IPv6 addressing based on MAC address (EUI-64)
if conf.exists('ipv6 address eui64'):
l2tpv3['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64')
# Remove the default link-local address if set.
if not (conf.exists('ipv6 address no-default-link-local')
or l2tpv3['is_bridge_member']):
# add the link-local by default to make IPv6 work
l2tpv3['ipv6_eui64_prefix'].append('fe80::/64')
# Disable IPv6 forwarding on this interface
if conf.exists('ipv6 disable-forwarding'):
l2tpv3['ipv6_forwarding'] = 0
# IPv6 Duplicate Address Detection (DAD) tries
if conf.exists('ipv6 dup-addr-detect-transmits'):
l2tpv3['ipv6_dup_addr_detect'] = int(
conf.return_value('ipv6 dup-addr-detect-transmits'))
# to make IPv6 SLAAC and DHCPv6 work with forwarding=1,
# accept_ra must be 2
if l2tpv3['ipv6_autoconf'] or 'dhcpv6' in l2tpv3['address']:
l2tpv3['ipv6_accept_ra'] = 2
# Maximum Transmission Unit (MTU)
if conf.exists('mtu'):
l2tpv3['mtu'] = int(conf.return_value('mtu'))
# Remote session id
if conf.exists('peer-session-id'):
l2tpv3['peer_session_id'] = conf.return_value('peer-session-id')
# Remote tunnel id
if conf.exists('peer-tunnel-id'):
l2tpv3['peer_tunnel_id'] = conf.return_value('peer-tunnel-id')
# Remote address of L2TPv3 tunnel
if conf.exists('remote-ip'):
l2tpv3['remote_address'] = conf.return_value('remote-ip')
# Local session id
if conf.exists('session-id'):
l2tpv3['session_id'] = conf.return_value('session-id')
# get local tunnel port
if conf.exists('source-port'):
l2tpv3['local_port'] = conf.return_value('source-port')
# get local tunnel id
if conf.exists('tunnel-id'):
l2tpv3['tunnel_id'] = conf.return_value('tunnel-id')
return l2tpv3
data['hosts'].append(outp)
tmpl = jinja2.Template(OUT_TMPL_SRC)
print(tmpl.render(data))
def update_ddns():
call('systemctl stop ddclient.service')
if os.path.exists(cache_file):
os.remove(cache_file)
call('systemctl start ddclient.service')
if __name__ == '__main__':
parser = argparse.ArgumentParser()
group = parser.add_mutually_exclusive_group()
group.add_argument("--status", help="Show DDNS status", action="store_true")
group.add_argument("--update", help="Update DDNS on a given interface", action="store_true")
args = parser.parse_args()
# Do nothing if service is not configured
c = Config()
if not c.exists_effective('service dns dynamic'):
print("Dynamic DNS not configured")
sys.exit(1)
if args.status:
show_status()
elif args.update:
update_ddns()
def get_config():
macsec = deepcopy(default_config_data)
conf = Config()
# determine tagNode instance
if 'VYOS_TAGNODE_VALUE' not in os.environ:
raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified')
macsec['intf'] = os.environ['VYOS_TAGNODE_VALUE']
base_path = ['interfaces', 'macsec', macsec['intf']]
# check if we are a member of any bridge
macsec['is_bridge_member'] = is_member(conf, macsec['intf'], 'bridge')
# Check if interface has been removed
if not conf.exists(base_path):
macsec['deleted'] = True
# When stopping wpa_supplicant we need to stop it via the physical
# interface - thus we need to retrieve ir from the effective config
if conf.exists_effective(base_path + ['source-interface']):
macsec['source_interface'] = conf.return_effective_value(
base_path + ['source-interface'])
return macsec
# set new configuration level
conf.set_level(base_path)
# retrieve configured interface addresses
if conf.exists(['address']):
macsec['address'] = conf.return_values(['address'])
# retrieve interface description
if conf.exists(['description']):
macsec['description'] = conf.return_value(['description'])
# Disable this interface
if conf.exists(['disable']):
macsec['disable'] = True
# retrieve interface cipher
if conf.exists(['security', 'cipher']):
macsec['security_cipher'] = conf.return_value(['security', 'cipher'])
# Enable optional MACsec encryption
if conf.exists(['security', 'encrypt']):
macsec['security_encrypt'] = True
# Secure Connectivity Association Key
if conf.exists(['security', 'mka', 'cak']):
macsec['security_mka_cak'] = conf.return_value(
['security', 'mka', 'cak'])
# Secure Connectivity Association Name
if conf.exists(['security', 'mka', 'ckn']):
macsec['security_mka_ckn'] = conf.return_value(
['security', 'mka', 'ckn'])
# MACsec Key Agreement protocol (MKA) actor priority
if conf.exists(['security', 'mka', 'priority']):
macsec['security_mka_priority'] = conf.return_value(
['security', 'mka', 'priority'])
# IEEE 802.1X/MACsec replay protection
if conf.exists(['security', 'replay-window']):
macsec['security_replay_window'] = conf.return_value(
['security', 'replay-window'])
# Physical interface
if conf.exists(['source-interface']):
macsec['source_interface'] = conf.return_value(['source-interface'])
# Determine interface addresses (currently effective) - to determine which
# address is no longer valid and needs to be removed from the interface
eff_addr = conf.return_effective_values(['address'])
act_addr = conf.return_values(['address'])
macsec['address_remove'] = list_diff(eff_addr, act_addr)
# retrieve VRF instance
if conf.exists(['vrf']):
macsec['vrf'] = conf.return_value(['vrf'])
return macsec
type=str,
nargs="+",
choices=lease_valid_states,
default="active",
help="Lease state to show (can specify multiple with spaces)")
parser.add_argument("-j",
"--json",
action="store_true",
default=False,
help="Produce JSON output")
args = parser.parse_args()
# Do nothing if service is not configured
config = Config()
if not config.exists_effective('service dhcp-server'):
print("DHCP service is not configured.")
sys.exit(0)
# if dhcp server is down, inactive leases may still be shown as active, so warn the user.
if call('systemctl -q is-active isc-dhcpv4-server.service') != 0:
print(
"WARNING: DHCP server is configured but not started. Data may be stale."
)
if args.leases:
leases = get_leases(lease_file, args.state, args.pool, args.sort)
if args.json:
print(json.dumps(leases, indent=4))
else:
def get_bfd_peer_config(peer, conf_mode="proposed"):
conf = Config()
conf.set_level('protocols bfd peer {0}'.format(peer))
bfd_peer = {
'remote': peer,
'shutdown': False,
'src_if': '',
'src_addr': '',
'multiplier': '3',
'rx_interval': '300',
'tx_interval': '300',
'multihop': False,
'echo_interval': '',
'echo_mode': False,
}
# Check if individual peer is disabled
if conf_mode == "effective" and conf.exists_effective('shutdown'):
bfd_peer['shutdown'] = True
if conf_mode == "proposed" and conf.exists('shutdown'):
bfd_peer['shutdown'] = True
# Check if peer has a local source interface configured
if conf_mode == "effective" and conf.exists_effective('source interface'):
bfd_peer['src_if'] = conf.return_effective_value('source interface')
if conf_mode == "proposed" and conf.exists('source interface'):
bfd_peer['src_if'] = conf.return_value('source interface')
# Check if peer has a local source address configured - this is mandatory for IPv6
if conf_mode == "effective" and conf.exists_effective('source address'):
bfd_peer['src_addr'] = conf.return_effective_value('source address')
if conf_mode == "proposed" and conf.exists('source address'):
bfd_peer['src_addr'] = conf.return_value('source address')
# Tell BFD daemon that we should expect packets with TTL less than 254
# (because it will take more than one hop) and to listen on the multihop
# port (4784)
if conf_mode == "effective" and conf.exists_effective('multihop'):
bfd_peer['multihop'] = True
if conf_mode == "proposed" and conf.exists('multihop'):
bfd_peer['multihop'] = True
# Configures the minimum interval that this system is capable of receiving
# control packets. The default value is 300 milliseconds.
if conf_mode == "effective" and conf.exists_effective('interval receive'):
bfd_peer['rx_interval'] = conf.return_effective_value(
'interval receive')
if conf_mode == "proposed" and conf.exists('interval receive'):
bfd_peer['rx_interval'] = conf.return_value('interval receive')
# The minimum transmission interval (less jitter) that this system wants
# to use to send BFD control packets.
if conf_mode == "effective" and conf.exists_effective('interval transmit'):
bfd_peer['tx_interval'] = conf.return_effective_value(
'interval transmit')
if conf_mode == "proposed" and conf.exists('interval transmit'):
bfd_peer['tx_interval'] = conf.return_value('interval transmit')
# Configures the detection multiplier to determine packet loss. The remote
# transmission interval will be multiplied by this value to determine the
# connection loss detection timer. The default value is 3.
if conf_mode == "effective" and conf.exists_effective(
'interval multiplier'):
bfd_peer['multiplier'] = conf.return_effective_value(
'interval multiplier')
if conf_mode == "proposed" and conf.exists('interval multiplier'):
bfd_peer['multiplier'] = conf.return_value('interval multiplier')
# Configures the minimal echo receive transmission interval that this system is capable of handling
if conf_mode == "effective" and conf.exists_effective(
'interval echo-interval'):
bfd_peer['echo_interval'] = conf.return_effective_value(
'interval echo-interval')
if conf_mode == "proposed" and conf.exists('interval echo-interval'):
bfd_peer['echo_interval'] = conf.return_value('interval echo-interval')
# Enables or disables the echo transmission mode
if conf_mode == "effective" and conf.exists_effective('echo-mode'):
bfd_peer['echo_mode'] = True
if conf_mode == "proposed" and conf.exists('echo-mode'):
bfd_peer['echo_mode'] = True
return bfd_peer
(out, err) = proc.communicate()
# convert output to string
string = out.decode("utf-8").split('"')
vendor = string[3]
device = string[5]
ret = 'ifDescr = {0} {1}'.format(vendor, device)
return ret.replace('\n', '')
if __name__ == '__main__':
args = parser.parse_args()
# Do nothing if service is not configured
c = Config()
if not c.exists_effective('service snmp'):
print("SNMP service is not configured")
sys.exit(0)
if args.ifindex:
if args.ifindex == 'all':
for i in netifaces.interfaces():
print('{0}: {1}'.format(i, show_ifindex(i)))
else:
print('{0}: {1}'.format(args.ifindex, show_ifindex(args.ifindex)))
elif args.ifalias:
if args.ifalias == 'all':
for i in netifaces.interfaces():
print('{0}: {1}'.format(i, show_ifalias(i)))
else:
device['cap'] += 'O'
# first change to <port> node and then retrieve <descr>
port = neighbor.getElementsByTagName('port')
port = port[0].getElementsByTagName('descr')[0].firstChild.data
device['port'] = port
return device
if __name__ == '__main__':
args = parser.parse_args()
tmp = {'neighbors': []}
c = Config()
if not c.exists_effective(['service', 'lldp']):
print('Service LLDP is not configured')
exit(0)
if args.all:
neighbors = minidom.parseString(_get_neighbors())
for neighbor in neighbors.getElementsByTagName('interface'):
tmp['neighbors'].append(extract_neighbor(neighbor))
elif args.interface:
neighbors = minidom.parseString(_get_neighbors())
for neighbor in neighbors.getElementsByTagName('interface'):
# check if neighbor appeared on proper interface
if neighbor.getAttribute('name') == args.interface:
tmp['neighbors'].append(extract_neighbor(neighbor))
"""
VIEW_OUTP_TMPL_SRC = """
SNMPv3 Views:
{% if view -%}{% for v in view %}
View : {{ v.name }}
OIDs : .{{ v.oids | join("\n .")}}
{% endfor %}{% endif %}
"""
if __name__ == '__main__':
args = parser.parse_args()
# Do nothing if service is not configured
c = Config()
if not c.exists_effective('service snmp v3'):
print("SNMP v3 is not configured")
sys.exit(0)
data = {
'group': [],
'trap': [],
'user': [],
'view': []
}
if c.exists_effective('service snmp v3 group'):
for g in c.list_effective_nodes('service snmp v3 group'):
group = {
'name': g,
'mode': '',
type=str,
nargs="+",
default=["active"],
help="Lease state to show (can specify multiple with spaces)")
parser.add_argument("-j",
"--json",
action="store_true",
default=False,
help="Produce JSON output")
args = parser.parse_args()
conf = Config()
if args.allowed == 'pool':
if conf.exists_effective('service dhcpv6-server'):
print(' '.join(
conf.list_effective_nodes(
"service dhcpv6-server shared-network-name")))
exit(0)
elif args.allowed == 'sort':
print(' '.join(lease_display_fields.keys()))
exit(0)
elif args.allowed == 'state':
print(' '.join(lease_valid_states))
exit(0)
elif args.allowed:
parser.print_help()
exit(1)
if args.sort not in lease_display_fields.keys():
