def apply(mpls):
if mpls is None:
return None
# Set number of entries in the platform label table
if mpls['mpls_ldp']:
sysctl('net.mpls.platform_labels', '1048575')
else:
sysctl('net.mpls.platform_labels', '0')
# Do not copy IP TTL to MPLS header
sysctl('net.mpls.ip_ttl_propagate', '0')
# Allow mpls on interfaces
operate_mpls_on_intfc(mpls['ldp']['interfaces'], 1)
# Disable mpls on deleted interfaces
diactive_ifaces = set(mpls['old_ldp']['interfaces']).difference(mpls['ldp']['interfaces'])
operate_mpls_on_intfc(diactive_ifaces, 0)
if os.path.exists(config_file):
call("sudo vtysh -d ldpd -f " + config_file)
os.remove(config_file)
return None
def generate(snmp):
#
# As we are manipulating the snmpd user database we have to stop it first!
# This is even save if service is going to be removed
call('systemctl stop snmpd.service')
config_files = [
config_file_client, config_file_daemon, config_file_access,
config_file_user
]
for file in config_files:
rmfile(file)
if snmp is None:
return None
# Write client config file
render(config_file_client, 'snmp/etc.snmp.conf.tmpl', snmp)
# Write server config file
render(config_file_daemon, 'snmp/etc.snmpd.conf.tmpl', snmp)
# Write access rights config file
render(config_file_access, 'snmp/usr.snmpd.conf.tmpl', snmp)
# Write access rights config file
render(config_file_user, 'snmp/var.snmpd.conf.tmpl', snmp)
return None
def apply(data):
vrrp_groups, sync_groups = data
if vrrp_groups:
# safely rename a temporary file with configuration dict
try:
dict_file = Path("{}.temp".format(VRRP.location['vyos']))
dict_file.rename(Path(VRRP.location['vyos']))
except Exception as err:
print("Unable to rename the file with keepalived config for FIFO pipe: {}".format(err))
if not VRRP.is_running():
print("Starting the VRRP process")
ret = call("systemctl restart keepalived.service")
else:
print("Reloading the VRRP process")
ret = call("systemctl reload keepalived.service")
if ret != 0:
raise ConfigError("keepalived failed to start")
else:
# VRRP is removed in the commit
print("Stopping the VRRP process")
call("systemctl stop keepalived.service")
os.unlink(VRRP.location['daemon'])
return None
def apply(tftpd):
# stop all services first - then we will decide
call('systemctl stop tftpd@{0..20}.service')
# bail out early - e.g. service deletion
if tftpd is None:
return None
tftp_root = tftpd['directory']
if not os.path.exists(tftp_root):
os.makedirs(tftp_root)
os.chmod(
tftp_root, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR
| stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH)
# get UNIX uid for user 'tftp'
tftp_uid = pwd.getpwnam('tftp').pw_uid
tftp_gid = pwd.getpwnam('tftp').pw_gid
# get UNIX uid for tftproot directory
dir_uid = os.stat(tftp_root).st_uid
dir_gid = os.stat(tftp_root).st_gid
# adjust uid/gid of tftproot directory if files don't belong to user tftp
if (tftp_uid != dir_uid) or (tftp_gid != dir_gid):
os.chown(tftp_root, tftp_uid, tftp_gid)
idx = 0
for listen in tftpd['listen']:
call('systemctl restart tftpd@{0}.service'.format(idx))
idx = idx + 1
return None
def apply(http_api):
if http_api is not None:
call('sudo systemctl restart vyos-http-api.service')
else:
call('sudo systemctl stop vyos-http-api.service')
for dep in dependencies:
cmd(f'{vyos_conf_scripts_dir}/{dep}', raising=ConfigError)
def apply(dns):
if dns is None:
# DNS forwarding is removed in the commit
call("systemctl stop pdns-recursor.service")
if os.path.isfile(config_file):
os.unlink(config_file)
else:
call("systemctl restart pdns-recursor.service")
def apply(lldp):
if lldp:
# start/restart lldp service
call('systemctl restart lldpd.service')
else:
# LLDP service has been terminated
call('systemctl stop lldpd.service')
os.unlink(config_file)
os.unlink(vyos_config_file)
def apply(ntp):
if ntp is not None:
call('systemctl restart ntp.service')
else:
# NTP support is removed in the commit
call('systemctl stop ntp.service')
os.unlink(config_file)
return None
def apply(relay):
if relay is not None:
call('sudo systemctl restart isc-dhcp-relay.service')
else:
# DHCP relay support is removed in the commit
call('sudo systemctl stop isc-dhcp-relay.service')
os.unlink(config_file)
return None
def apply(salt):
if salt is not None:
call("sudo systemctl restart salt-minion")
else:
# Salt access is removed in the commit
call("sudo systemctl stop salt-minion")
os.unlink(config_file)
return None
def apply(mroute):
if mroute is None:
return None
if os.path.exists(config_file):
call("sudo vtysh -d staticd -f " + config_file)
os.remove(config_file)
return None
def apply(bfd):
if bfd is None:
return None
call("vtysh -d bfdd -f " + config_file)
if os.path.exists(config_file):
os.remove(config_file)
return None
def apply(mdns):
if (mdns is None) or mdns['disabled']:
call('systemctl stop mdns-repeater.service')
if os.path.exists(config_file):
os.unlink(config_file)
else:
call('systemctl restart mdns-repeater.service')
return None
def apply(igmp):
if igmp is None:
return None
if os.path.exists(config_file):
call("sudo vtysh -d pimd -f " + config_file)
os.remove(config_file)
return None
def apply(pim):
if pim is None:
return None
if os.path.exists(config_file):
call("vtysh -d pimd -f " + config_file)
os.remove(config_file)
return None
def apply(cert):
if cert is not None:
call('systemctl restart certbot.timer')
else:
call('systemctl stop certbot.timer')
return None
for dep in dependencies:
cmd(f'{vyos_conf_scripts_dir}/{dep}', raising=ConfigError)
def apply(relay):
if relay is not None:
call('systemctl restart isc-dhcp-relay6.service')
else:
# DHCPv6 relay support is removed in the commit
call('systemctl stop isc-dhcp-relay6.service')
if os.path.exists(config_file):
os.unlink(config_file)
return None
def apply(igmp_proxy):
if igmp_proxy is None or igmp_proxy['disable']:
# IGMP Proxy support is removed in the commit
call('sudo systemctl stop igmpproxy.service')
if os.path.exists(config_file):
os.unlink(config_file)
else:
call('systemctl restart igmpproxy.service')
return None
def apply(sstp):
if not sstp:
call('systemctl stop [email protected]')
for file in [sstp_chap_secrets, sstp_conf]:
if os.path.exists(file):
os.unlink(file)
return None
call('systemctl restart [email protected]')
def apply(ipoe):
if ipoe == None:
call('systemctl stop [email protected]')
for file in [ipoe_conf, ipoe_chap_secrets]:
if os.path.exists(file):
os.unlink(file)
return None
call('systemctl restart [email protected]')
def apply(pppoe):
if pppoe['deleted']:
# bail out early
return None
if not pppoe['disable']:
# Dial PPPoE connection
call('systemctl restart ppp@{intf}.service'.format(**pppoe))
return None
def apply(salt):
if not salt:
# Salt removed from running config
call('systemctl stop salt-minion.service')
if os.path.exists(config_file):
os.unlink(config_file)
else:
call('systemctl restart salt-minion.service')
return None
def apply(c):
for ip_addr in c['remove']:
sl.syslog(sl.LOG_NOTICE, "arp -d " + ip_addr)
call(f'{arp_cmd} -d {ip_addr} >/dev/null 2>&1')
for ip_addr in c['update']:
sl.syslog(sl.LOG_NOTICE,
"arp -s " + ip_addr + " " + c['update'][ip_addr])
updated = c['update'][ip_addr]
call(f'{arp_cmd} -s {ip_addr} {updated}')
def apply(dhcp):
if not dhcp or dhcp['disabled']:
# DHCP server is removed in the commit
call('systemctl stop isc-dhcp-server.service')
if os.path.exists(config_file):
os.unlink(config_file)
return None
call('systemctl restart isc-dhcp-server.service')
return None
def apply(ssh):
if ssh is not None and 'port' in ssh.keys():
call("systemctl restart ssh.service")
else:
# SSH access is removed in the commit
call("systemctl stop ssh.service")
if os.path.isfile(config_file):
os.unlink(config_file)
return None
def apply(dyndns):
if dyndns['deleted']:
call('systemctl stop ddclient.service')
if os.path.exists(config_file):
os.unlink(config_file)
else:
call('systemctl restart ddclient.service')
return None
def show_qat_status():
detect_qat_dev()
# Check QAT service
if not os.path.exists('/etc/init.d/qat_service'):
print("\t QAT service not installed")
sys.exit(1)
# Show QAT service
call('sudo /etc/init.d/qat_service status')
def apply(rtradv):
if not rtradv['interfaces']:
# bail out early - looks like removal from running config
call('systemctl stop radvd.service')
if os.path.exists(config_file):
os.unlink(config_file)
return None
call('systemctl restart radvd.service')
return None
def generate(cert):
if cert is None:
return None
# certbot will attempt to reload nginx, even with 'certonly';
# start nginx if not active
ret = call('systemctl is-active --quiet nginx.service')
if ret:
call('systemctl start nginx.service')
request_certbot(cert)
def chk_vyatta_based_reboots():
# T870 commit-confirm is still using the vyatta code base, once gone, the code below can be removed
# legacy scheduled reboot s are using at and store the is as /var/run/<name>.job
# name is the node of scheduled the job, commit-confirm checks for that
f = r'/var/run/confirm.job'
if os.path.exists(f):
jid = open(f).read().strip()
if jid != 0:
call(f'sudo atrm {jid}')
os.remove(f)
