def get_config(): loopback = deepcopy(default_config_data) conf = Config() # determine tagNode instance if 'VYOS_TAGNODE_VALUE' not in os.environ: raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified') loopback['intf'] = os.environ['VYOS_TAGNODE_VALUE'] # Check if interface has been removed if not conf.exists('interfaces loopback ' + loopback['intf']): loopback['deleted'] = True # set new configuration level conf.set_level('interfaces loopback ' + loopback['intf']) # retrieve configured interface addresses if conf.exists('address'): loopback['address'] = conf.return_values('address') # retrieve interface description if conf.exists('description'): loopback['description'] = conf.return_value('description') # Determine interface addresses (currently effective) - to determine which # address is no longer valid and needs to be removed from the interface eff_addr = conf.return_effective_values('address') act_addr = conf.return_values('address') loopback['address_remove'] = list_diff(eff_addr, act_addr) return loopback
def get_config(): salt = deepcopy(default_config_data) conf = Config() base = ['service', 'salt-minion'] if not conf.exists(base): return None else: conf.set_level(base) if conf.exists(['hash']): salt['hash'] = conf.return_value(['hash']) if conf.exists(['master']): salt['master'] = conf.return_values(['master']) if conf.exists(['id']): salt['salt_id'] = conf.return_value(['id']) if conf.exists(['user']): salt['user'] = conf.return_value(['user']) if conf.exists(['interval']): salt['interval'] = conf.return_value(['interval']) if conf.exists(['master-key']): salt['master_key'] = conf.return_value(['master-key']) salt['verify_master_pubkey_sign'] = 'true' return salt
def get_config(): conf = Config() conf.set_level("service broadcast-relay id") relay_id = conf.list_nodes("") relays = [] for id in relay_id: interface_list = [] address = conf.return_value("{0} address".format(id)) description = conf.return_value("{0} description".format(id)) port = conf.return_value("{0} port".format(id)) # split the interface name listing and form a list if conf.exists("{0} interface".format(id)): intfs_names = conf.return_values("{0} interface".format(id)) intfs_names = intfs_names.replace("'", "") intfs_names = intfs_names.split() for name in intfs_names: interface_list.append(name) relay = { "id": id, "address": address, "description": description, "interfaces": interface_list, "port": port } relays.append(relay) return relays
def get_config(): relay = default_config_data conf = Config() if not conf.exists(['service', 'dhcp-relay']): return None else: conf.set_level(['service', 'dhcp-relay']) # Network interfaces to listen on if conf.exists(['interface']): relay['interface'] = conf.return_values(['interface']) # Servers equal to the address of the DHCP server(s) if conf.exists(['server']): relay['server'] = conf.return_values(['server']) conf.set_level(['service', 'dhcp-relay', 'relay-options']) if conf.exists(['hop-count']): count = '-c ' + conf.return_value(['hop-count']) relay['options'].append(count) # Specify the maximum packet size to send to a DHCPv4/BOOTP server. # This might be done to allow sufficient space for addition of relay agent # options while still fitting into the Ethernet MTU size. # # Available in DHCPv4 mode only: if conf.exists(['max-size']): size = '-A ' + conf.return_value(['max-size']) relay['options'].append(size) # Control the handling of incoming DHCPv4 packets which already contain # relay agent options. If such a packet does not have giaddr set in its # header, the DHCP standard requires that the packet be discarded. However, # if giaddr is set, the relay agent may handle the situation in four ways: # It may append its own set of relay options to the packet, leaving the # supplied option field intact; it may replace the existing agent option # field; it may forward the packet unchanged; or, it may discard it. # # Available in DHCPv4 mode only: if conf.exists(['relay-agents-packets']): pkt = '-a -m ' + conf.return_value(['relay-agents-packets']) relay['options'].append(pkt) return relay
def get_config(): dummy = deepcopy(default_config_data) conf = Config() # determine tagNode instance if 'VYOS_TAGNODE_VALUE' not in os.environ: raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified') dummy['intf'] = os.environ['VYOS_TAGNODE_VALUE'] # check if we are a member of any bridge dummy['is_bridge_member'] = is_member(conf, dummy['intf'], 'bridge') # Check if interface has been removed if not conf.exists('interfaces dummy ' + dummy['intf']): dummy['deleted'] = True return dummy # set new configuration level conf.set_level('interfaces dummy ' + dummy['intf']) # retrieve configured interface addresses if conf.exists('address'): dummy['address'] = conf.return_values('address') # retrieve interface description if conf.exists('description'): dummy['description'] = conf.return_value('description') # Disable this interface if conf.exists('disable'): dummy['disable'] = True # Determine interface addresses (currently effective) - to determine which # address is no longer valid and needs to be removed from the interface eff_addr = conf.return_effective_values('address') act_addr = conf.return_values('address') dummy['address_remove'] = list_diff(eff_addr, act_addr) # retrieve VRF instance if conf.exists('vrf'): dummy['vrf'] = conf.return_value('vrf') return dummy
def get_config(): config = Config() data = {"install_routes": "yes"} if config.exists("vpn ipsec options disable-route-autoinstall"): data["install_routes"] = "no" if config.exists("vpn ipsec ipsec-interfaces interface"): data["ipsec_interfaces"] = config.return_values("vpn ipsec ipsec-interfaces interface") # Init config variables data["delim_ipsec_l2tp_begin"] = delim_ipsec_l2tp_begin data["delim_ipsec_l2tp_end"] = delim_ipsec_l2tp_end data["ipsec_ra_conn_file"] = ipsec_ra_conn_file data["ra_conn_name"] = ra_conn_name # Get l2tp ipsec settings data["ipsec_l2tp"] = False conf_ipsec_command = "vpn l2tp remote-access ipsec-settings " #last space is useful if config.exists(conf_ipsec_command): data["ipsec_l2tp"] = True # Authentication params if config.exists(conf_ipsec_command + "authentication mode"): data["ipsec_l2tp_auth_mode"] = config.return_value(conf_ipsec_command + "authentication mode") if config.exists(conf_ipsec_command + "authentication pre-shared-secret"): data["ipsec_l2tp_secret"] = config.return_value(conf_ipsec_command + "authentication pre-shared-secret") # mode x509 if config.exists(conf_ipsec_command + "authentication x509 ca-cert-file"): data["ipsec_l2tp_x509_ca_cert_file"] = config.return_value(conf_ipsec_command + "authentication x509 ca-cert-file") if config.exists(conf_ipsec_command + "authentication x509 crl-file"): data["ipsec_l2tp_x509_crl_file"] = config.return_value(conf_ipsec_command + "authentication x509 crl-file") if config.exists(conf_ipsec_command + "authentication x509 server-cert-file"): data["ipsec_l2tp_x509_server_cert_file"] = config.return_value(conf_ipsec_command + "authentication x509 server-cert-file") data["server_cert_file_copied"] = server_cert_path+"/"+re.search('\w+(?:\.\w+)*$', config.return_value(conf_ipsec_command + "authentication x509 server-cert-file")).group(0) if config.exists(conf_ipsec_command + "authentication x509 server-key-file"): data["ipsec_l2tp_x509_server_key_file"] = config.return_value(conf_ipsec_command + "authentication x509 server-key-file") data["server_key_file_copied"] = server_key_path+"/"+re.search('\w+(?:\.\w+)*$', config.return_value(conf_ipsec_command + "authentication x509 server-key-file")).group(0) if config.exists(conf_ipsec_command + "authentication x509 server-key-password"): data["ipsec_l2tp_x509_server_key_password"] = config.return_value(conf_ipsec_command + "authentication x509 server-key-password") # Common l2tp ipsec params if config.exists(conf_ipsec_command + "ike-lifetime"): data["ipsec_l2tp_ike_lifetime"] = config.return_value(conf_ipsec_command + "ike-lifetime") else: data["ipsec_l2tp_ike_lifetime"] = "3600" if config.exists(conf_ipsec_command + "lifetime"): data["ipsec_l2tp_lifetime"] = config.return_value(conf_ipsec_command + "lifetime") else: data["ipsec_l2tp_lifetime"] = "3600" if config.exists("vpn l2tp remote-access outside-address"): data['outside_addr'] = config.return_value('vpn l2tp remote-access outside-address') return data
def get_config(): igmp_proxy = deepcopy(default_config_data) conf = Config() base = ['protocols', 'igmp-proxy'] if not conf.exists(base): return None else: conf.set_level(base) # Network interfaces to listen on if conf.exists(['disable']): igmp_proxy['disable'] = True # Option to disable "quickleave" if conf.exists(['disable-quickleave']): igmp_proxy['disable_quickleave'] = True for intf in conf.list_nodes(['interface']): conf.set_level(base + ['interface', intf]) interface = { 'name': intf, 'alt_subnet': [], 'role': 'downstream', 'threshold': '1', 'whitelist': [] } if conf.exists(['alt-subnet']): interface['alt_subnet'] = conf.return_values(['alt-subnet']) if conf.exists(['role']): interface['role'] = conf.return_value(['role']) if conf.exists(['threshold']): interface['threshold'] = conf.return_value(['threshold']) if conf.exists(['whitelist']): interface['whitelist'] = conf.return_values(['whitelist']) # Append interface configuration to global configuration list igmp_proxy['interfaces'].append(interface) return igmp_proxy
def get_config(): conf = Config() igmp_conf = {'igmp_conf': False, 'old_ifaces': {}, 'ifaces': {}} if not (conf.exists('protocols igmp') or conf.exists_effective('protocols igmp')): return None if conf.exists('protocols igmp'): igmp_conf['igmp_conf'] = True conf.set_level('protocols igmp') # # Get interfaces for iface in conf.list_effective_nodes('interface'): igmp_conf['old_ifaces'].update({ iface: { 'version': conf.return_effective_value( 'interface {0} version'.format(iface)), 'query_interval': conf.return_effective_value( 'interface {0} query-interval'.format(iface)), 'query_max_resp_time': conf.return_effective_value( 'interface {0} query-max-response-time'.format(iface)), 'gr_join': {} } }) for gr_join in conf.list_effective_nodes( 'interface {0} join'.format(iface)): igmp_conf['old_ifaces'][iface]['gr_join'][ gr_join] = conf.return_effective_values( 'interface {0} join {1} source'.format(iface, gr_join)) for iface in conf.list_nodes('interface'): igmp_conf['ifaces'].update({ iface: { 'version': conf.return_value('interface {0} version'.format(iface)), 'query_interval': conf.return_value( 'interface {0} query-interval'.format(iface)), 'query_max_resp_time': conf.return_value( 'interface {0} query-max-response-time'.format(iface)), 'gr_join': {} } }) for gr_join in conf.list_nodes('interface {0} join'.format(iface)): igmp_conf['ifaces'][iface]['gr_join'][ gr_join] = conf.return_values( 'interface {0} join {1} source'.format(iface, gr_join)) return igmp_conf
def get_config(): ntp = deepcopy(default_config_data) conf = Config() if not conf.exists('system ntp'): return None else: conf.set_level('system ntp') if conf.exists('allow-clients address'): networks = conf.return_values('allow-clients address') for n in networks: addr = ip_network(n) net = { "network" : n, "address" : addr.network_address, "netmask" : addr.netmask } ntp['allowed_networks'].append(net) if conf.exists('listen-address'): ntp['listen_address'] = conf.return_values('listen-address') if conf.exists('server'): for node in conf.list_nodes('server'): options = [] server = { "name": node, "options": [] } if conf.exists('server {0} noselect'.format(node)): options.append('noselect') if conf.exists('server {0} preempt'.format(node)): options.append('preempt') if conf.exists('server {0} prefer'.format(node)): options.append('prefer') server['options'] = options ntp['servers'].append(server) return ntp
def get_config(): geneve = deepcopy(default_config_data) conf = Config() # determine tagNode instance if 'VYOS_TAGNODE_VALUE' not in os.environ: raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified') geneve['intf'] = os.environ['VYOS_TAGNODE_VALUE'] # Check if interface has been removed if not conf.exists('interfaces geneve ' + geneve['intf']): geneve['deleted'] = True return geneve # set new configuration level conf.set_level('interfaces geneve ' + geneve['intf']) # retrieve configured interface addresses if conf.exists('address'): geneve['address'] = conf.return_values('address') # retrieve interface description if conf.exists('description'): geneve['description'] = conf.return_value('description') # Disable this interface if conf.exists('disable'): geneve['disable'] = True # ARP cache entry timeout in seconds if conf.exists('ip arp-cache-timeout'): geneve['ip_arp_cache_tmo'] = int( conf.return_value('ip arp-cache-timeout')) # Enable proxy-arp on this interface if conf.exists('ip enable-proxy-arp'): geneve['ip_proxy_arp'] = 1 # Maximum Transmission Unit (MTU) if conf.exists('mtu'): geneve['mtu'] = int(conf.return_value('mtu')) # Remote address of GENEVE tunnel if conf.exists('remote'): geneve['remote'] = conf.return_value('remote') # Virtual Network Identifier if conf.exists('vni'): geneve['vni'] = conf.return_value('vni') return geneve
def get_config(): relay = deepcopy(default_config_data) conf = Config() base = ['service', 'broadcast-relay'] if not conf.exists(base): return None else: conf.set_level(base) # Service can be disabled by user if conf.exists('disable'): relay['disabled'] = True return relay # Parse configuration of each individual instance if conf.exists('id'): for id in conf.list_nodes('id'): conf.set_level(base + ['id', id]) config = { 'id': id, 'disabled': False, 'address': '', 'description': '', 'interfaces': [], 'port': '' } # Check if individual broadcast relay service is disabled if conf.exists(['disable']): config['disabled'] = True # Source IP of forwarded packets, if empty original senders address is used if conf.exists(['address']): config['address'] = conf.return_value(['address']) # A description for each individual broadcast relay service if conf.exists(['description']): config['description'] = conf.return_value(['description']) # UDP port to listen on for broadcast frames if conf.exists(['port']): config['port'] = conf.return_value(['port']) # Network interfaces to listen on for broadcast frames to be relayed if conf.exists(['interface']): config['interfaces'] = conf.return_values(['interface']) relay['instances'].append(config) return relay
def get_config(): conf = Config() hosts = copy.deepcopy(default_config_data) if conf.exists("system host-name"): hosts['hostname'] = conf.return_value("system host-name") # This may happen if the config is not loaded yet, # e.g. if run by cloud-init if not hosts['hostname']: hosts['hostname'] = default_config_data['hostname'] if conf.exists("system domain-name"): hosts['domain_name'] = conf.return_value("system domain-name") hosts['domain_search'].append(hosts['domain_name']) for search in conf.return_values("system domain-search domain"): hosts['domain_search'].append(search) if conf.exists("system name-server"): hosts['nameserver'] = conf.return_values("system name-server") if conf.exists("system disable-dhcp-nameservers"): hosts['no_dhcp_ns'] = True # system static-host-mapping hosts['static_host_mapping'] = [] if conf.exists('system static-host-mapping host-name'): for hn in conf.list_nodes('system static-host-mapping host-name'): mapping = {} mapping['host'] = hn mapping['address'] = conf.return_value( 'system static-host-mapping host-name {0} inet'.format(hn)) mapping['aliases'] = conf.return_values( 'system static-host-mapping host-name {0} alias'.format(hn)) hosts['static_host_mapping'].append(mapping) return hosts
def get_config(): interface_list = [] conf = Config() conf.set_level('service mdns repeater') if not conf.exists(''): return interface_list if conf.exists('interface'): intfs_names = [] intfs_names = conf.return_values('interface') for name in intfs_names: interface_list.append(name) return interface_list
def get_config(): conf = Config() if not conf.exists('service https certificates certbot'): return None else: conf.set_level('service https certificates certbot') cert = {} if conf.exists('domain-name'): cert['domains'] = conf.return_values('domain-name') if conf.exists('email'): cert['email'] = conf.return_value('email') return cert
def verify(bridge): if bridge['dhcpv6_prm_only'] and bridge['dhcpv6_temporary']: raise ConfigError( 'DHCPv6 temporary and parameters-only options are mutually exclusive!' ) vrf_name = bridge['vrf'] if vrf_name and vrf_name not in interfaces(): raise ConfigError(f'VRF "{vrf_name}" does not exist') conf = Config() for br in conf.list_nodes('interfaces bridge'): # it makes no sense to verify ourself in this case if br == bridge['intf']: continue for intf in bridge['member']: tmp = conf.list_nodes( 'interfaces bridge {} member interface'.format(br)) if intf['name'] in tmp: raise ConfigError( 'Interface "{}" belongs to bridge "{}" and can not be enslaved.' .format(intf['name'], bridge['intf'])) # the interface must exist prior adding it to a bridge for intf in bridge['member']: if intf['name'] not in interfaces(): raise ConfigError( 'Can not add non existing interface "{}" to bridge "{}"'. format(intf['name'], bridge['intf'])) if intf['name'] == 'lo': raise ConfigError( 'Loopback interface "lo" can not be added to a bridge') # bridge members are not allowed to be bond members, too for intf in bridge['member']: for bond in conf.list_nodes('interfaces bonding'): if conf.exists('interfaces bonding ' + bond + ' member interface'): if intf['name'] in conf.return_values('interfaces bonding ' + bond + ' member interface'): raise ConfigError( 'Interface {} belongs to bond {}, can not add it to {}' .format(intf['name'], bond, bridge['intf'])) return None
def get_config(): mdns = deepcopy(default_config_data) conf = Config() base = ['service', 'mdns', 'repeater'] if not conf.exists(base): return None else: conf.set_level(base) # Service can be disabled by user if conf.exists(['disable']): mdns['disabled'] = True return mdns # Interface to repeat mDNS advertisements if conf.exists(['interface']): mdns['interfaces'] = conf.return_values(['interface']) return mdns
def verify(eth): if eth['deleted']: return None if eth['intf'] not in interfaces(): raise ConfigError(f"Interface ethernet {eth['intf']} does not exist") if eth['speed'] == 'auto': if eth['duplex'] != 'auto': raise ConfigError( 'If speed is hardcoded, duplex must be hardcoded, too') if eth['duplex'] == 'auto': if eth['speed'] != 'auto': raise ConfigError( 'If duplex is hardcoded, speed must be hardcoded, too') if eth['dhcpv6_prm_only'] and eth['dhcpv6_temporary']: raise ConfigError( 'DHCPv6 temporary and parameters-only options are mutually exclusive!' ) vrf_name = eth['vrf'] if vrf_name and vrf_name not in interfaces(): raise ConfigError(f'VRF "{vrf_name}" does not exist') conf = Config() # some options can not be changed when interface is enslaved to a bond for bond in conf.list_nodes('interfaces bonding'): if conf.exists('interfaces bonding ' + bond + ' member interface'): bond_member = conf.return_values('interfaces bonding ' + bond + ' member interface') if eth['intf'] in bond_member: if eth['address']: raise ConfigError( f"Can not assign address to interface {eth['intf']} which is a member of {bond}" ) # use common function to verify VLAN configuration verify_vlan_config(eth) return None
def get_config(): tftpd = deepcopy(default_config_data) conf = Config() base = ['service', 'tftp-server'] if not conf.exists(base): return None else: conf.set_level(base) if conf.exists(['directory']): tftpd['directory'] = conf.return_value(['directory']) if conf.exists(['allow-upload']): tftpd['allow_upload'] = True if conf.exists(['port']): tftpd['port'] = conf.return_value(['port']) if conf.exists(['listen-address']): tftpd['listen'] = conf.return_values(['listen-address']) return tftpd
def get_config(): relay = deepcopy(default_config_data) conf = Config() if not conf.exists('service dhcpv6-relay'): return None else: conf.set_level('service dhcpv6-relay') # Network interfaces/address to listen on for DHCPv6 query(s) if conf.exists('listen-interface'): interfaces = conf.list_nodes('listen-interface') for intf in interfaces: if conf.exists('listen-interface {0} address'.format(intf)): addr = conf.return_value( 'listen-interface {0} address'.format(intf)) listen = addr + '%' + intf relay['listen_addr'].append(listen) # Upstream interface/address for remote DHCPv6 server if conf.exists('upstream-interface'): interfaces = conf.list_nodes('upstream-interface') for intf in interfaces: addresses = conf.return_values( 'upstream-interface {0} address'.format(intf)) for addr in addresses: server = addr + '%' + intf relay['upstream_addr'].append(server) # Maximum hop count. When forwarding packets, dhcrelay discards packets # which have reached a hop count of COUNT. Default is 10. Maximum is 255. if conf.exists('max-hop-count'): count = '-c ' + conf.return_value('max-hop-count') relay['options'].append(count) if conf.exists('use-interface-id-option'): relay['options'].append('-I') return relay
def get_config(): salt = default_config_data conf = Config() if not conf.exists('service salt-minion'): return None else: conf.set_level('service salt-minion') if conf.exists('hash_type'): salt['hash_type'] = conf.return_value('hash_type') if conf.exists('log_file'): salt['log_file'] = conf.return_value('log_file') if conf.exists('log_level'): salt['log_level'] = conf.return_value('log_level') if conf.exists('master'): master = conf.return_values('master') salt['master'] = master if conf.exists('ID'): salt['salt_id'] = conf.return_value('ID') if conf.exists('user'): salt['user'] = conf.return_value('user') if conf.exists('mine_interval'): salt['mine_interval'] = conf.return_value('mine_interval') salt['master-key'] = None if conf.exists('master-key'): salt['master-key'] = conf.return_value('master-key') salt['verify_master_pubkey_sign'] = 'true' return salt
def get_config(): vc = Config() vc.set_level('') # Convert the VyOS config to an abstract internal representation flow_config = { 'flow-accounting-configured': vc.exists('system flow-accounting'), 'buffer-size': vc.return_value('system flow-accounting buffer-size'), 'disable-imt': _node_exists('system flow-accounting disable-imt'), 'syslog-facility': vc.return_value('system flow-accounting syslog-facility'), 'interfaces': None, 'sflow': { 'configured': vc.exists('system flow-accounting sflow'), 'agent-address': vc.return_value('system flow-accounting sflow agent-address'), 'sampling-rate': vc.return_value('system flow-accounting sflow sampling-rate'), 'servers': None }, 'netflow': { 'configured': vc.exists('system flow-accounting netflow'), 'engine-id': vc.return_value('system flow-accounting netflow engine-id'), 'max-flows': vc.return_value('system flow-accounting netflow max-flows'), 'sampling-rate': vc.return_value('system flow-accounting netflow sampling-rate'), 'source-ip': vc.return_value('system flow-accounting netflow source-ip'), 'version': vc.return_value('system flow-accounting netflow version'), 'timeout': { 'expint': vc.return_value( 'system flow-accounting netflow timeout expiry-interval'), 'general': vc.return_value( 'system flow-accounting netflow timeout flow-generic'), 'icmp': vc.return_value('system flow-accounting netflow timeout icmp'), 'maxlife': vc.return_value( 'system flow-accounting netflow timeout max-active-life'), 'tcp.fin': vc.return_value( 'system flow-accounting netflow timeout tcp-fin'), 'tcp': vc.return_value( 'system flow-accounting netflow timeout tcp-generic'), 'tcp.rst': vc.return_value( 'system flow-accounting netflow timeout tcp-rst'), 'udp': vc.return_value('system flow-accounting netflow timeout udp') }, 'servers': None } } # get interfaces list if vc.exists('system flow-accounting interface'): flow_config['interfaces'] = vc.return_values( 'system flow-accounting interface') # get sFlow collectors list if vc.exists('system flow-accounting sflow server'): flow_config['sflow']['servers'] = [] sflow_collectors = vc.list_nodes('system flow-accounting sflow server') for collector in sflow_collectors: port = default_sflow_server_port if vc.return_value( "system flow-accounting sflow server {} port".format( collector)): port = vc.return_value( "system flow-accounting sflow server {} port".format( collector)) flow_config['sflow']['servers'].append({ 'address': collector, 'port': port }) # get NetFlow collectors list if vc.exists('system flow-accounting netflow server'): flow_config['netflow']['servers'] = [] netflow_collectors = vc.list_nodes( 'system flow-accounting netflow server') for collector in netflow_collectors: port = default_netflow_server_port if vc.return_value( "system flow-accounting netflow server {} port".format( collector)): port = vc.return_value( "system flow-accounting netflow server {} port".format( collector)) flow_config['netflow']['servers'].append({ 'address': collector, 'port': port }) # get sflow agent-id if flow_config['sflow']['agent-address'] == None or flow_config['sflow'][ 'agent-address'] == 'auto': flow_config['sflow']['agent-address'] = _sflow_default_agentip(vc) # get NetFlow version if not flow_config['netflow']['version']: flow_config['netflow']['version'] = default_netflow_version # convert NetFlow engine-id format, if this is necessary if flow_config['netflow']['engine-id'] and flow_config['netflow'][ 'version'] == '5': regex_filter = re.compile('^\d+$') if regex_filter.search(flow_config['netflow']['engine-id']): flow_config['netflow']['engine-id'] = "{}:0".format( flow_config['netflow']['engine-id']) # return dict with flow-accounting configuration return flow_config
def get_config(): conf = Config() pim_conf = { 'pim_conf': False, 'old_pim': { 'ifaces': {}, 'rp': {} }, 'pim': { 'ifaces': {}, 'rp': {} } } if not (conf.exists('protocols pim') or conf.exists_effective('protocols pim')): return None if conf.exists('protocols pim'): pim_conf['pim_conf'] = True conf.set_level('protocols pim') # Get interfaces for iface in conf.list_effective_nodes('interface'): pim_conf['old_pim']['ifaces'].update({ iface: { 'hello': conf.return_effective_value( 'interface {0} hello'.format(iface)), 'dr_prio': conf.return_effective_value( 'interface {0} dr-priority'.format(iface)) } }) for iface in conf.list_nodes('interface'): pim_conf['pim']['ifaces'].update({ iface: { 'hello': conf.return_value('interface {0} hello'.format(iface)), 'dr_prio': conf.return_value('interface {0} dr-priority'.format(iface)), } }) conf.set_level('protocols pim rp') # Get RPs addresses for rp_addr in conf.list_effective_nodes('address'): pim_conf['old_pim']['rp'][rp_addr] = conf.return_effective_values( 'address {0} group'.format(rp_addr)) for rp_addr in conf.list_nodes('address'): pim_conf['pim']['rp'][rp_addr] = conf.return_values( 'address {0} group'.format(rp_addr)) # Get RP keep-alive-timer if conf.exists_effective('rp keep-alive-timer'): pim_conf['old_pim']['rp_keep_alive'] = conf.return_effective_value( 'rp keep-alive-timer') if conf.exists('rp keep-alive-timer'): pim_conf['pim']['rp_keep_alive'] = conf.return_value( 'rp keep-alive-timer') return pim_conf
def get_config(): server_block_list = [] conf = Config() if not conf.exists('service https'): return None else: conf.set_level('service https') if not conf.exists('virtual-host'): server_block_list.append(default_server_block) else: for vhost in conf.list_nodes('virtual-host'): server_block = deepcopy(default_server_block) server_block['id'] = vhost if conf.exists(f'virtual-host {vhost} listen-address'): addr = conf.return_value( f'virtual-host {vhost} listen-address') server_block['address'] = addr if conf.exists(f'virtual-host {vhost} listen-port'): port = conf.return_value(f'virtual-host {vhost} listen-port') server_block['port'] = port if conf.exists(f'virtual-host {vhost} server-name'): names = conf.return_values(f'virtual-host {vhost} server-name') server_block['name'] = names[:] server_block_list.append(server_block) vyos_cert_data = {} if conf.exists('certificates system-generated-certificate'): vyos_cert_data = vyos.defaults.vyos_cert_data if vyos_cert_data: for block in server_block_list: block['vyos_cert'] = vyos_cert_data certbot = False certbot_domains = [] if conf.exists('certificates certbot domain-name'): certbot_domains = conf.return_values( 'certificates certbot domain-name') if certbot_domains: certbot = True for domain in certbot_domains: sub_list = vyos.certbot_util.choose_server_block( server_block_list, domain) if sub_list: for sb in sub_list: sb['certbot'] = True # certbot organizes certificates by first domain sb['certbot_dir'] = certbot_domains[0] api_somewhere = False api_data = {} if conf.exists('api'): api_somewhere = True api_data = vyos.defaults.api_data if conf.exists('api port'): port = conf.return_value('api port') api_data['port'] = port if conf.exists('api-restrict virtual-host'): vhosts = conf.return_values('api-restrict virtual-host') api_data['vhost'] = vhosts[:] if api_data: # we do not want to include 'vhost' key as part of # vyos.defaults.api_data, so check for key existence vhost_list = api_data.get('vhost') if vhost_list is None: for block in server_block_list: block['api'] = api_data else: for block in server_block_list: if block['id'] in vhost_list: block['api'] = api_data https = { 'server_block_list': server_block_list, 'api_somewhere': api_somewhere, 'certbot': certbot } return https
def get_config(): dyndns = deepcopy(default_config_data) conf = Config() base_level = ['service', 'dns', 'dynamic'] if not conf.exists(base_level): dyndns['deleted'] = True return dyndns for interface in conf.list_nodes(base_level + ['interface']): node = { 'interface': interface, 'rfc2136': [], 'service': [], 'web_skip': '', 'web_url': '' } # set config level to e.g. "service dns dynamic interface eth0" conf.set_level(base_level + ['interface', interface]) # Handle RFC2136 - Dynamic Updates in the Domain Name System for rfc2136 in conf.list_nodes(['rfc2136']): rfc = { 'name': rfc2136, 'keyfile': '', 'record': [], 'server': '', 'ttl': '600', 'zone': '' } # set config level conf.set_level(base_level + ['interface', interface, 'rfc2136', rfc2136]) if conf.exists(['key']): rfc['keyfile'] = conf.return_value(['key']) if conf.exists(['record']): rfc['record'] = conf.return_values(['record']) if conf.exists(['server']): rfc['server'] = conf.return_value(['server']) if conf.exists(['ttl']): rfc['ttl'] = conf.return_value(['ttl']) if conf.exists(['zone']): rfc['zone'] = conf.return_value(['zone']) node['rfc2136'].append(rfc) # set config level to e.g. "service dns dynamic interface eth0" conf.set_level(base_level + ['interface', interface]) # Handle DynDNS service providers for service in conf.list_nodes(['service']): srv = { 'provider': service, 'host': [], 'login': '', 'password': '', 'protocol': '', 'server': '', 'custom' : False, 'zone' : '' } # set config level conf.set_level(base_level + ['interface', interface, 'service', service]) # preload protocol from default service mapping if service in default_service_protocol.keys(): srv['protocol'] = default_service_protocol[service] else: srv['custom'] = True if conf.exists(['login']): srv['login'] = conf.return_value(['login']) if conf.exists(['host-name']): srv['host'] = conf.return_values(['host-name']) if conf.exists(['protocol']): srv['protocol'] = conf.return_value(['protocol']) if conf.exists(['password']): srv['password'] = conf.return_value(['password']) if conf.exists(['server']): srv['server'] = conf.return_value(['server']) if conf.exists(['zone']): srv['zone'] = conf.return_value(['zone']) elif srv['provider'] == 'cloudflare': # default populate zone entry with bar.tld if # host-name is foo.bar.tld srv['zone'] = srv['host'][0].split('.',1)[1] node['service'].append(srv) # Set config back to appropriate level for these options conf.set_level(base_level + ['interface', interface]) # Additional settings in CLI if conf.exists(['use-web', 'skip']): node['web_skip'] = conf.return_value(['use-web', 'skip']) if conf.exists(['use-web', 'url']): node['web_url'] = conf.return_value(['use-web', 'url']) # set config level back to top level conf.set_level(base_level) dyndns['interfaces'].append(node) return dyndns
def get_config(): vxlan = deepcopy(default_config_data) conf = Config() # determine tagNode instance if 'VYOS_TAGNODE_VALUE' not in os.environ: raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified') vxlan['intf'] = os.environ['VYOS_TAGNODE_VALUE'] # check if interface is member if a bridge vxlan['is_bridge_member'] = is_member(conf, vxlan['intf'], 'bridge') # Check if interface has been removed if not conf.exists('interfaces vxlan ' + vxlan['intf']): vxlan['deleted'] = True return vxlan # set new configuration level conf.set_level('interfaces vxlan ' + vxlan['intf']) # retrieve configured interface addresses if conf.exists('address'): vxlan['address'] = conf.return_values('address') # retrieve interface description if conf.exists('description'): vxlan['description'] = conf.return_value('description') # Disable this interface if conf.exists('disable'): vxlan['disable'] = True # VXLAN multicast grou if conf.exists('group'): vxlan['group'] = conf.return_value('group') # ARP cache entry timeout in seconds if conf.exists('ip arp-cache-timeout'): vxlan['ip_arp_cache_tmo'] = int( conf.return_value('ip arp-cache-timeout')) # ARP filter configuration if conf.exists('ip disable-arp-filter'): vxlan['ip_disable_arp_filter'] = 0 # ARP enable accept if conf.exists('ip enable-arp-accept'): vxlan['ip_enable_arp_accept'] = 1 # ARP enable announce if conf.exists('ip enable-arp-announce'): vxlan['ip_enable_arp_announce'] = 1 # ARP enable ignore if conf.exists('ip enable-arp-ignore'): vxlan['ip_enable_arp_ignore'] = 1 # Enable proxy-arp on this interface if conf.exists('ip enable-proxy-arp'): vxlan['ip_proxy_arp'] = 1 # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) if conf.exists('ipv6 address autoconf'): vxlan['ipv6_autoconf'] = 1 # Get prefixes for IPv6 addressing based on MAC address (EUI-64) if conf.exists('ipv6 address eui64'): vxlan['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64') # Remove the default link-local address if set. if not (conf.exists('ipv6 address no-default-link-local') or vxlan['is_bridge_member']): # add the link-local by default to make IPv6 work vxlan['ipv6_eui64_prefix'].append('fe80::/64') # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): vxlan['ipv6_forwarding'] = 0 # IPv6 Duplicate Address Detection (DAD) tries if conf.exists('ipv6 dup-addr-detect-transmits'): vxlan['ipv6_dup_addr_detect'] = int( conf.return_value('ipv6 dup-addr-detect-transmits')) # to make IPv6 SLAAC and DHCPv6 work with forwarding=1, # accept_ra must be 2 if vxlan['ipv6_autoconf'] or 'dhcpv6' in vxlan['address']: vxlan['ipv6_accept_ra'] = 2 # VXLAN source address if conf.exists('source-address'): vxlan['source_address'] = conf.return_value('source-address') # VXLAN underlay interface if conf.exists('source-interface'): vxlan['source_interface'] = conf.return_value('source-interface') # Maximum Transmission Unit (MTU) if conf.exists('mtu'): vxlan['mtu'] = int(conf.return_value('mtu')) # Remote address of VXLAN tunnel if conf.exists('remote'): vxlan['remote'] = conf.return_value('remote') # Remote port of VXLAN tunnel if conf.exists('port'): vxlan['remote_port'] = int(conf.return_value('port')) # Virtual Network Identifier if conf.exists('vni'): vxlan['vni'] = conf.return_value('vni') return vxlan
def get_config(): sstp = deepcopy(default_config_data) base_path = ['vpn', 'sstp'] conf = Config() if not conf.exists(base_path): return None conf.set_level(base_path) cpu = os.cpu_count() if cpu > 1: sstp['thread_cnt'] = int(cpu/2) if conf.exists(['authentication', 'mode']): sstp['auth_mode'] = conf.return_value(['authentication', 'mode']) # # local auth if conf.exists(['authentication', 'local-users']): for username in conf.list_nodes(['authentication', 'local-users', 'username']): user = { 'name' : username, 'password' : '', 'state' : 'enabled', 'ip' : '*', 'upload' : None, 'download' : None } conf.set_level(base_path + ['authentication', 'local-users', 'username', username]) if conf.exists(['password']): user['password'] = conf.return_value(['password']) if conf.exists(['disable']): user['state'] = 'disable' if conf.exists(['static-ip']): user['ip'] = conf.return_value(['static-ip']) if conf.exists(['rate-limit', 'download']): user['download'] = conf.return_value(['rate-limit', 'download']) if conf.exists(['rate-limit', 'upload']): user['upload'] = conf.return_value(['rate-limit', 'upload']) sstp['local_users'].append(user) # # RADIUS auth and settings conf.set_level(base_path + ['authentication', 'radius']) if conf.exists(['server']): for server in conf.list_nodes(['server']): radius = { 'server' : server, 'key' : '', 'fail_time' : 0, 'port' : '1812' } conf.set_level(base_path + ['authentication', 'radius', 'server', server]) if conf.exists(['fail-time']): radius['fail-time'] = conf.return_value(['fail-time']) if conf.exists(['port']): radius['port'] = conf.return_value(['port']) if conf.exists(['key']): radius['key'] = conf.return_value(['key']) if not conf.exists(['disable']): sstp['radius_server'].append(radius) # # advanced radius-setting conf.set_level(base_path + ['authentication', 'radius']) if conf.exists(['acct-timeout']): sstp['radius_acct_tmo'] = conf.return_value(['acct-timeout']) if conf.exists(['max-try']): sstp['radius_max_try'] = conf.return_value(['max-try']) if conf.exists(['timeout']): sstp['radius_timeout'] = conf.return_value(['timeout']) if conf.exists(['nas-identifier']): sstp['radius_nas_id'] = conf.return_value(['nas-identifier']) if conf.exists(['nas-ip-address']): sstp['radius_nas_ip'] = conf.return_value(['nas-ip-address']) if conf.exists(['source-address']): sstp['radius_source_address'] = conf.return_value(['source-address']) # Dynamic Authorization Extensions (DOA)/Change Of Authentication (COA) if conf.exists(['dynamic-author']): dae = { 'port' : '', 'server' : '', 'key' : '' } if conf.exists(['dynamic-author', 'server']): dae['server'] = conf.return_value(['dynamic-author', 'server']) if conf.exists(['dynamic-author', 'port']): dae['port'] = conf.return_value(['dynamic-author', 'port']) if conf.exists(['dynamic-author', 'key']): dae['key'] = conf.return_value(['dynamic-author', 'key']) sstp['radius_dynamic_author'] = dae if conf.exists(['rate-limit', 'enable']): sstp['radius_shaper_attr'] = 'Filter-Id' c_attr = ['rate-limit', 'enable', 'attribute'] if conf.exists(c_attr): sstp['radius_shaper_attr'] = conf.return_value(c_attr) c_vendor = ['rate-limit', 'enable', 'vendor'] if conf.exists(c_vendor): sstp['radius_shaper_vendor'] = conf.return_value(c_vendor) # # authentication protocols conf.set_level(base_path + ['authentication']) if conf.exists(['protocols']): auth_mods = { 'pap': 'auth_pap', 'chap': 'auth_chap_md5', 'mschap': 'auth_mschap_v1', 'mschap-v2': 'auth_mschap_v2' } for proto in conf.return_values(['protocols']): sstp['auth_proto'].append(auth_mods[proto]) # # read in SSL certs conf.set_level(base_path + ['ssl']) if conf.exists(['ca-cert-file']): sstp['ssl_ca'] = conf.return_value(['ca-cert-file']) if conf.exists(['cert-file']): sstp['ssl_cert'] = conf.return_value(['cert-file']) if conf.exists(['key-file']): sstp['ssl_key'] = conf.return_value(['key-file']) # # read in client ip pool settings conf.set_level(base_path + ['network-settings', 'client-ip-settings']) if conf.exists(['subnet']): sstp['client_ip_pool'] = conf.return_values(['subnet']) if conf.exists(['gateway-address']): sstp['client_gateway'] = conf.return_value(['gateway-address']) # # read in network settings conf.set_level(base_path + ['network-settings']) if conf.exists(['name-server']): sstp['dnsv4'] = conf.return_values(['name-server']) if conf.exists(['mtu']): sstp['mtu'] = conf.return_value(['mtu']) # # read in PPP stuff conf.set_level(base_path + ['ppp-settings']) if conf.exists('mppe'): sstp['ppp_mppe'] = conf.return_value(['ppp-settings', 'mppe']) if conf.exists(['lcp-echo-failure']): sstp['ppp_echo_failure'] = conf.return_value(['lcp-echo-failure']) if conf.exists(['lcp-echo-interval']): sstp['ppp_echo_interval'] = conf.return_value(['lcp-echo-interval']) if conf.exists(['lcp-echo-timeout']): sstp['ppp_echo_timeout'] = conf.return_value(['lcp-echo-timeout']) return sstp
def get_config(): l2tpv3 = deepcopy(default_config_data) conf = Config() # determine tagNode instance if 'VYOS_TAGNODE_VALUE' not in os.environ: raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified') l2tpv3['intf'] = os.environ['VYOS_TAGNODE_VALUE'] # check if interface is member of a bridge l2tpv3['is_bridge_member'] = is_member(conf, l2tpv3['intf'], 'bridge') # Check if interface has been removed if not conf.exists('interfaces l2tpv3 ' + l2tpv3['intf']): l2tpv3['deleted'] = True interface = l2tpv3['intf'] # to delete the l2tpv3 interface we need the current tunnel_id and session_id if conf.exists_effective(f'interfaces l2tpv3 {interface} tunnel-id'): l2tpv3['tunnel_id'] = conf.return_effective_value( f'interfaces l2tpv3 {interface} tunnel-id') if conf.exists_effective(f'interfaces l2tpv3 {interface} session-id'): l2tpv3['session_id'] = conf.return_effective_value( f'interfaces l2tpv3 {interface} session-id') return l2tpv3 # set new configuration level conf.set_level('interfaces l2tpv3 ' + l2tpv3['intf']) # retrieve configured interface addresses if conf.exists('address'): l2tpv3['address'] = conf.return_values('address') # retrieve interface description if conf.exists('description'): l2tpv3['description'] = conf.return_value('description') # get tunnel destination port if conf.exists('destination-port'): l2tpv3['remote_port'] = int(conf.return_value('destination-port')) # Disable this interface if conf.exists('disable'): l2tpv3['disable'] = True # get tunnel encapsulation type if conf.exists('encapsulation'): l2tpv3['encapsulation'] = conf.return_value('encapsulation') # get tunnel local ip address if conf.exists('local-ip'): l2tpv3['local_address'] = conf.return_value('local-ip') # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) if conf.exists('ipv6 address autoconf'): l2tpv3['ipv6_autoconf'] = 1 # Get prefixes for IPv6 addressing based on MAC address (EUI-64) if conf.exists('ipv6 address eui64'): l2tpv3['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64') # Remove the default link-local address if set. if not (conf.exists('ipv6 address no-default-link-local') or l2tpv3['is_bridge_member']): # add the link-local by default to make IPv6 work l2tpv3['ipv6_eui64_prefix'].append('fe80::/64') # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): l2tpv3['ipv6_forwarding'] = 0 # IPv6 Duplicate Address Detection (DAD) tries if conf.exists('ipv6 dup-addr-detect-transmits'): l2tpv3['ipv6_dup_addr_detect'] = int( conf.return_value('ipv6 dup-addr-detect-transmits')) # to make IPv6 SLAAC and DHCPv6 work with forwarding=1, # accept_ra must be 2 if l2tpv3['ipv6_autoconf'] or 'dhcpv6' in l2tpv3['address']: l2tpv3['ipv6_accept_ra'] = 2 # Maximum Transmission Unit (MTU) if conf.exists('mtu'): l2tpv3['mtu'] = int(conf.return_value('mtu')) # Remote session id if conf.exists('peer-session-id'): l2tpv3['peer_session_id'] = conf.return_value('peer-session-id') # Remote tunnel id if conf.exists('peer-tunnel-id'): l2tpv3['peer_tunnel_id'] = conf.return_value('peer-tunnel-id') # Remote address of L2TPv3 tunnel if conf.exists('remote-ip'): l2tpv3['remote_address'] = conf.return_value('remote-ip') # Local session id if conf.exists('session-id'): l2tpv3['session_id'] = conf.return_value('session-id') # get local tunnel port if conf.exists('source-port'): l2tpv3['local_port'] = conf.return_value('source-port') # get local tunnel id if conf.exists('tunnel-id'): l2tpv3['tunnel_id'] = conf.return_value('tunnel-id') return l2tpv3
def get_config(): dhcpv6 = deepcopy(default_config_data) conf = Config() if not conf.exists('service dhcpv6-server'): return None else: conf.set_level('service dhcpv6-server') # Check for global disable of DHCPv6 service if conf.exists('disable'): dhcpv6['disabled'] = True return dhcpv6 # Preference of this DHCPv6 server compared with others if conf.exists('preference'): dhcpv6['preference'] = conf.return_value('preference') # check for multiple, shared networks served with DHCPv6 addresses if conf.exists('shared-network-name'): for network in conf.list_nodes('shared-network-name'): conf.set_level( 'service dhcpv6-server shared-network-name {0}'.format( network)) config = {'name': network, 'disabled': False, 'subnet': []} # If disabled, the shared-network configuration becomes inactive if conf.exists('disable'): config['disabled'] = True # check for multiple subnet configurations in a shared network if conf.exists('subnet'): for net in conf.list_nodes('subnet'): conf.set_level( 'service dhcpv6-server shared-network-name {0} subnet {1}' .format(network, net)) subnet = { 'network': net, 'range6_prefix': [], 'range6': [], 'default_router': '', 'dns_server': [], 'domain_name': '', 'domain_search': [], 'lease_def': '', 'lease_min': '', 'lease_max': '', 'nis_domain': '', 'nis_server': [], 'nisp_domain': '', 'nisp_server': [], 'sip_address': [], 'sip_hostname': [], 'sntp_server': [], 'static_mapping': [] } # For any subnet on which addresses will be assigned dynamically, there must be at # least one address range statement. The range statement gives the lowest and highest # IP addresses in a range. All IP addresses in the range should be in the subnet in # which the range statement is declared. if conf.exists('address-range prefix'): for prefix in conf.list_nodes('address-range prefix'): range = {'prefix': prefix, 'temporary': False} # Address range will be used for temporary addresses if conf.exists( 'address-range prefix {0} temporary'. format(range['prefix'])): range['temporary'] = True # Append to subnet temporary range6 list subnet['range6_prefix'].append(range) if conf.exists('address-range start'): for range in conf.list_nodes('address-range start'): range = { 'start': range, 'stop': conf.return_value( 'address-range start {0} stop'.format( range)) } # Append to subnet range6 list subnet['range6'].append(range) # The domain-search option specifies a 'search list' of Domain Names to be used # by the client to locate not-fully-qualified domain names. if conf.exists('domain-search'): for domain in conf.return_values('domain-search'): subnet['domain_search'].append('"' + domain + '"') # IPv6 address valid lifetime # (at the end the address is no longer usable by the client) # (set to 30 days, the usual IPv6 default) if conf.exists('lease-time default'): subnet['lease_def'] = conf.return_value( 'lease-time default') # Time should be the maximum length in seconds that will be assigned to a lease. # The only exception to this is that Dynamic BOOTP lease lengths, which are not # specified by the client, are not limited by this maximum. if conf.exists('lease-time maximum'): subnet['lease_max'] = conf.return_value( 'lease-time maximum') # Time should be the minimum length in seconds that will be assigned to a lease if conf.exists('lease-time minimum'): subnet['lease_min'] = conf.return_value( 'lease-time minimum') # Specifies a list of Domain Name System name servers available to the client. # Servers should be listed in order of preference. if conf.exists('name-server'): subnet['dns_server'] = conf.return_values( 'name-server') # Ancient NIS (Network Information Service) domain name if conf.exists('nis-domain'): subnet['nis_domain'] = conf.return_value('nis-domain') # Ancient NIS (Network Information Service) servers if conf.exists('nis-server'): subnet['nis_server'] = conf.return_values('nis-server') # Ancient NIS+ (Network Information Service) domain name if conf.exists('nisplus-domain'): subnet['nisp_domain'] = conf.return_value( 'nisplus-domain') # Ancient NIS+ (Network Information Service) servers if conf.exists('nisplus-server'): subnet['nisp_server'] = conf.return_values( 'nisplus-server') # Prefix Delegation (RFC 3633) if conf.exists('prefix-delegation'): print( 'TODO: This option is actually not implemented right now!' ) # Local SIP server that is to be used for all outbound SIP requests - IPv6 address if conf.exists('sip-server-address'): subnet['sip_address'] = conf.return_values( 'sip-server-address') # Local SIP server that is to be used for all outbound SIP requests - hostname if conf.exists('sip-server-name'): for hostname in conf.return_values('sip-server-name'): subnet['sip_hostname'].append('"' + hostname + '"') # List of local SNTP servers available for the client to synchronize their clocks if conf.exists('sntp-server'): subnet['sntp_server'] = conf.return_values( 'sntp-server') # # Static DHCP v6 leases # if conf.exists('static-mapping'): for mapping in conf.list_nodes('static-mapping'): conf.set_level( 'service dhcpv6-server shared-network-name {0} subnet {1} static-mapping {2}' .format(network, net, mapping)) mapping = { 'name': mapping, 'disabled': False, 'ipv6_address': '', 'client_identifier': '', } # This static lease is disabled if conf.exists('disable'): mapping['disabled'] = True # IPv6 address used for this DHCP client if conf.exists('ipv6-address'): mapping['ipv6_address'] = conf.return_value( 'ipv6-address') # This option specifies the client’s DUID identifier. DUIDs are similar but different from DHCPv4 client identifiers if conf.exists('identifier'): mapping[ 'client_identifier'] = conf.return_value( 'identifier') # append static mapping configuration tu subnet list subnet['static_mapping'].append(mapping) # append subnet configuration to shared network subnet list config['subnet'].append(subnet) # append shared network configuration to config dictionary dhcpv6['shared_network'].append(config) return dhcpv6
def get_config(): l2tpv3 = deepcopy(default_config_data) conf = Config() # determine tagNode instance if 'VYOS_TAGNODE_VALUE' not in os.environ: raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified') l2tpv3['intf'] = os.environ['VYOS_TAGNODE_VALUE'] # Check if interface has been removed if not conf.exists('interfaces l2tpv3 ' + l2tpv3['intf']): l2tpv3['deleted'] = True # to delete the l2tpv3 interface we need to current # tunnel_id and session_id if conf.exists_effective('interfaces l2tpv3 {} tunnel-id'.format( l2tpv3['intf'])): l2tpv3['tunnel_id'] = conf.return_effective_value( 'interfaces l2tpv3 {} tunnel-id'.format(l2tpv3['intf'])) if conf.exists_effective('interfaces l2tpv3 {} session-id'.format( l2tpv3['intf'])): l2tpv3['session_id'] = conf.return_effective_value( 'interfaces l2tpv3 {} session-id'.format(l2tpv3['intf'])) return l2tpv3 # set new configuration level conf.set_level('interfaces l2tpv3 ' + l2tpv3['intf']) # retrieve configured interface addresses if conf.exists('address'): l2tpv3['address'] = conf.return_values('address') # retrieve interface description if conf.exists('description'): l2tpv3['description'] = conf.return_value('description') # get tunnel destination port if conf.exists('destination-port'): l2tpv3['remote_port'] = int(conf.return_value('destination-port')) # Disable this interface if conf.exists('disable'): l2tpv3['disable'] = True # get tunnel encapsulation type if conf.exists('encapsulation'): l2tpv3['encapsulation'] = conf.return_value('encapsulation') # get tunnel local ip address if conf.exists('local-ip'): l2tpv3['local_address'] = conf.return_value('local-ip') # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) if conf.exists('ipv6 address autoconf'): l2tpv3['ipv6_autoconf'] = 1 # Get prefix for IPv6 addressing based on MAC address (EUI-64) if conf.exists('ipv6 address eui64'): l2tpv3['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): l2tpv3['ipv6_forwarding'] = 0 # IPv6 Duplicate Address Detection (DAD) tries if conf.exists('ipv6 dup-addr-detect-transmits'): l2tpv3['ipv6_dup_addr_detect'] = int( conf.return_value('ipv6 dup-addr-detect-transmits')) # Maximum Transmission Unit (MTU) if conf.exists('mtu'): l2tpv3['mtu'] = int(conf.return_value('mtu')) # Remote session id if conf.exists('peer-session-id'): l2tpv3['peer_session_id'] = conf.return_value('peer-session-id') # Remote tunnel id if conf.exists('peer-tunnel-id'): l2tpv3['peer_tunnel_id'] = conf.return_value('peer-tunnel-id') # Remote address of L2TPv3 tunnel if conf.exists('remote-ip'): l2tpv3['remote_address'] = conf.return_value('remote-ip') # Local session id if conf.exists('session-id'): l2tpv3['session_id'] = conf.return_value('session-id') # get local tunnel port if conf.exists('source-port'): l2tpv3['local_port'] = conf.return_value('source-port') # get local tunnel id if conf.exists('tunnel-id'): l2tpv3['tunnel_id'] = conf.return_value('tunnel-id') return l2tpv3
def get_config(arguments): dns = deepcopy(default_config_data) conf = Config() base = ['service', 'dns', 'forwarding'] if arguments.dhclient: conf.exists = conf.exists_effective conf.return_value = conf.return_effective_value conf.return_values = conf.return_effective_values if not conf.exists(base): return None conf.set_level(base) if conf.exists(['allow-from']): dns['allow_from'] = conf.return_values(['allow-from']) if conf.exists(['cache-size']): cache_size = conf.return_value(['cache-size']) dns['cache_size'] = cache_size if conf.exists('negative-ttl'): negative_ttl = conf.return_value(['negative-ttl']) dns['negative_ttl'] = negative_ttl if conf.exists(['domain']): for node in conf.list_nodes(['domain']): servers = conf.return_values(['domain', node, 'server']) domain = {"name": node, "servers": bracketize_ipv6_addrs(servers)} dns['domains'].append(domain) if conf.exists(['ignore-hosts-file']): dns['export_hosts_file'] = "no" if conf.exists(['name-server']): name_servers = conf.return_values(['name-server']) dns['name_servers'] = dns['name_servers'] + name_servers if conf.exists(['system']): conf.set_level(['system']) system_name_servers = [] system_name_servers = conf.return_values(['name-server']) if not system_name_servers: print( "DNS forwarding warning: No name-servers set under 'system name-server'\n" ) else: dns['name_servers'] = dns['name_servers'] + system_name_servers conf.set_level(base) dns['name_servers'] = bracketize_ipv6_addrs(dns['name_servers']) if conf.exists(['listen-address']): dns['listen_on'] = conf.return_values(['listen-address']) if conf.exists(['dnssec']): dns['dnssec'] = conf.return_value(['dnssec']) # Add name servers received from DHCP if conf.exists(['dhcp']): interfaces = [] interfaces = conf.return_values(['dhcp']) hc = hostsd_client() for interface in interfaces: dhcp_resolvers = hc.get_name_servers(f'dhcp-{interface}') dhcpv6_resolvers = hc.get_name_servers(f'dhcpv6-{interface}') if dhcp_resolvers: dns['name_servers'] = dns['name_servers'] + dhcp_resolvers if dhcpv6_resolvers: dns['name_servers'] = dns['name_servers'] + dhcpv6_resolvers return dns