def apply(mpls): if mpls is None: return None # Set number of entries in the platform label table if mpls['mpls_ldp']: sysctl('net.mpls.platform_labels', '1048575') else: sysctl('net.mpls.platform_labels', '0') # Do not copy IP TTL to MPLS header sysctl('net.mpls.ip_ttl_propagate', '0') # Allow mpls on interfaces operate_mpls_on_intfc(mpls['ldp']['interfaces'], 1) # Disable mpls on deleted interfaces diactive_ifaces = set(mpls['old_ldp']['interfaces']).difference(mpls['ldp']['interfaces']) operate_mpls_on_intfc(diactive_ifaces, 0) if os.path.exists(config_file): call("sudo vtysh -d ldpd -f " + config_file) os.remove(config_file) return None
def generate(snmp): # # As we are manipulating the snmpd user database we have to stop it first! # This is even save if service is going to be removed call('systemctl stop snmpd.service') config_files = [ config_file_client, config_file_daemon, config_file_access, config_file_user ] for file in config_files: rmfile(file) if snmp is None: return None # Write client config file render(config_file_client, 'snmp/etc.snmp.conf.tmpl', snmp) # Write server config file render(config_file_daemon, 'snmp/etc.snmpd.conf.tmpl', snmp) # Write access rights config file render(config_file_access, 'snmp/usr.snmpd.conf.tmpl', snmp) # Write access rights config file render(config_file_user, 'snmp/var.snmpd.conf.tmpl', snmp) return None
def apply(data): vrrp_groups, sync_groups = data if vrrp_groups: # safely rename a temporary file with configuration dict try: dict_file = Path("{}.temp".format(VRRP.location['vyos'])) dict_file.rename(Path(VRRP.location['vyos'])) except Exception as err: print("Unable to rename the file with keepalived config for FIFO pipe: {}".format(err)) if not VRRP.is_running(): print("Starting the VRRP process") ret = call("systemctl restart keepalived.service") else: print("Reloading the VRRP process") ret = call("systemctl reload keepalived.service") if ret != 0: raise ConfigError("keepalived failed to start") else: # VRRP is removed in the commit print("Stopping the VRRP process") call("systemctl stop keepalived.service") os.unlink(VRRP.location['daemon']) return None
def apply(tftpd): # stop all services first - then we will decide call('systemctl stop tftpd@{0..20}.service') # bail out early - e.g. service deletion if tftpd is None: return None tftp_root = tftpd['directory'] if not os.path.exists(tftp_root): os.makedirs(tftp_root) os.chmod( tftp_root, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR | stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH) # get UNIX uid for user 'tftp' tftp_uid = pwd.getpwnam('tftp').pw_uid tftp_gid = pwd.getpwnam('tftp').pw_gid # get UNIX uid for tftproot directory dir_uid = os.stat(tftp_root).st_uid dir_gid = os.stat(tftp_root).st_gid # adjust uid/gid of tftproot directory if files don't belong to user tftp if (tftp_uid != dir_uid) or (tftp_gid != dir_gid): os.chown(tftp_root, tftp_uid, tftp_gid) idx = 0 for listen in tftpd['listen']: call('systemctl restart tftpd@{0}.service'.format(idx)) idx = idx + 1 return None
def apply(http_api): if http_api is not None: call('sudo systemctl restart vyos-http-api.service') else: call('sudo systemctl stop vyos-http-api.service') for dep in dependencies: cmd(f'{vyos_conf_scripts_dir}/{dep}', raising=ConfigError)
def apply(dns): if dns is None: # DNS forwarding is removed in the commit call("systemctl stop pdns-recursor.service") if os.path.isfile(config_file): os.unlink(config_file) else: call("systemctl restart pdns-recursor.service")
def apply(lldp): if lldp: # start/restart lldp service call('systemctl restart lldpd.service') else: # LLDP service has been terminated call('systemctl stop lldpd.service') os.unlink(config_file) os.unlink(vyos_config_file)
def apply(ntp): if ntp is not None: call('systemctl restart ntp.service') else: # NTP support is removed in the commit call('systemctl stop ntp.service') os.unlink(config_file) return None
def apply(relay): if relay is not None: call('sudo systemctl restart isc-dhcp-relay.service') else: # DHCP relay support is removed in the commit call('sudo systemctl stop isc-dhcp-relay.service') os.unlink(config_file) return None
def apply(salt): if salt is not None: call("sudo systemctl restart salt-minion") else: # Salt access is removed in the commit call("sudo systemctl stop salt-minion") os.unlink(config_file) return None
def apply(mroute): if mroute is None: return None if os.path.exists(config_file): call("sudo vtysh -d staticd -f " + config_file) os.remove(config_file) return None
def apply(bfd): if bfd is None: return None call("vtysh -d bfdd -f " + config_file) if os.path.exists(config_file): os.remove(config_file) return None
def apply(mdns): if (mdns is None) or mdns['disabled']: call('systemctl stop mdns-repeater.service') if os.path.exists(config_file): os.unlink(config_file) else: call('systemctl restart mdns-repeater.service') return None
def apply(igmp): if igmp is None: return None if os.path.exists(config_file): call("sudo vtysh -d pimd -f " + config_file) os.remove(config_file) return None
def apply(pim): if pim is None: return None if os.path.exists(config_file): call("vtysh -d pimd -f " + config_file) os.remove(config_file) return None
def apply(cert): if cert is not None: call('systemctl restart certbot.timer') else: call('systemctl stop certbot.timer') return None for dep in dependencies: cmd(f'{vyos_conf_scripts_dir}/{dep}', raising=ConfigError)
def apply(relay): if relay is not None: call('systemctl restart isc-dhcp-relay6.service') else: # DHCPv6 relay support is removed in the commit call('systemctl stop isc-dhcp-relay6.service') if os.path.exists(config_file): os.unlink(config_file) return None
def apply(igmp_proxy): if igmp_proxy is None or igmp_proxy['disable']: # IGMP Proxy support is removed in the commit call('sudo systemctl stop igmpproxy.service') if os.path.exists(config_file): os.unlink(config_file) else: call('systemctl restart igmpproxy.service') return None
def apply(sstp): if not sstp: call('systemctl stop [email protected]') for file in [sstp_chap_secrets, sstp_conf]: if os.path.exists(file): os.unlink(file) return None call('systemctl restart [email protected]')
def apply(ipoe): if ipoe == None: call('systemctl stop [email protected]') for file in [ipoe_conf, ipoe_chap_secrets]: if os.path.exists(file): os.unlink(file) return None call('systemctl restart [email protected]')
def apply(pppoe): if pppoe['deleted']: # bail out early return None if not pppoe['disable']: # Dial PPPoE connection call('systemctl restart ppp@{intf}.service'.format(**pppoe)) return None
def apply(salt): if not salt: # Salt removed from running config call('systemctl stop salt-minion.service') if os.path.exists(config_file): os.unlink(config_file) else: call('systemctl restart salt-minion.service') return None
def apply(c): for ip_addr in c['remove']: sl.syslog(sl.LOG_NOTICE, "arp -d " + ip_addr) call(f'{arp_cmd} -d {ip_addr} >/dev/null 2>&1') for ip_addr in c['update']: sl.syslog(sl.LOG_NOTICE, "arp -s " + ip_addr + " " + c['update'][ip_addr]) updated = c['update'][ip_addr] call(f'{arp_cmd} -s {ip_addr} {updated}')
def apply(dhcp): if not dhcp or dhcp['disabled']: # DHCP server is removed in the commit call('systemctl stop isc-dhcp-server.service') if os.path.exists(config_file): os.unlink(config_file) return None call('systemctl restart isc-dhcp-server.service') return None
def apply(ssh): if ssh is not None and 'port' in ssh.keys(): call("systemctl restart ssh.service") else: # SSH access is removed in the commit call("systemctl stop ssh.service") if os.path.isfile(config_file): os.unlink(config_file) return None
def apply(dyndns): if dyndns['deleted']: call('systemctl stop ddclient.service') if os.path.exists(config_file): os.unlink(config_file) else: call('systemctl restart ddclient.service') return None
def show_qat_status(): detect_qat_dev() # Check QAT service if not os.path.exists('/etc/init.d/qat_service'): print("\t QAT service not installed") sys.exit(1) # Show QAT service call('sudo /etc/init.d/qat_service status')
def apply(rtradv): if not rtradv['interfaces']: # bail out early - looks like removal from running config call('systemctl stop radvd.service') if os.path.exists(config_file): os.unlink(config_file) return None call('systemctl restart radvd.service') return None
def generate(cert): if cert is None: return None # certbot will attempt to reload nginx, even with 'certonly'; # start nginx if not active ret = call('systemctl is-active --quiet nginx.service') if ret: call('systemctl start nginx.service') request_certbot(cert)
def chk_vyatta_based_reboots(): # T870 commit-confirm is still using the vyatta code base, once gone, the code below can be removed # legacy scheduled reboot s are using at and store the is as /var/run/<name>.job # name is the node of scheduled the job, commit-confirm checks for that f = r'/var/run/confirm.job' if os.path.exists(f): jid = open(f).read().strip() if jid != 0: call(f'sudo atrm {jid}') os.remove(f)