diff --git a/interface-definitions/ntp.xml b/interface-definitions/ntp.xml
index d324404da..945345898 100644
--- a/interface-definitions/ntp.xml
+++ b/interface-definitions/ntp.xml
@@ -1,89 +1,83 @@
<?xml version="1.0"?>
<!-- NTP configuration -->
<interfaceDefinition>
<node name="system">
<children>
<node name="ntp" owner="${vyos_conf_scripts_dir}/ntp.py">
<properties>
<help>Network Time Protocol (NTP) configuration</help>
<priority>400</priority>
</properties>
<children>
<tagNode name="server">
<properties>
<help>Network Time Protocol (NTP) server</help>
</properties>
<children>
- <leafNode name="dynamic">
- <properties>
- <help>Allow server to be configured even if not reachable</help>
- <valueless/>
- </properties>
- </leafNode>
<leafNode name="noselect">
<properties>
<help>Marks the server as unused</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="preempt">
<properties>
<help>Specifies the association as preemptable rather than the default persistent</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="prefer">
<properties>
<help>Marks the server as preferred</help>
<valueless/>
</properties>
</leafNode>
</children>
</tagNode>
<node name="allow-clients">
<properties>
<help>Network Time Protocol (NTP) server options</help>
</properties>
<children>
<leafNode name="address">
<properties>
<help>IP address</help>
<valueHelp>
<format>ipv4net</format>
<description>IP address and prefix length</description>
</valueHelp>
<valueHelp>
<format>ipv6net</format>
<description>IPv6 address and prefix length</description>
</valueHelp>
<multi/>
<constraint>
<validator name="ip-prefix"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
<leafNode name="listen-address">
<properties>
<help>Addresses to listen for NTP queries</help>
<valueHelp>
<format>ipv4</format>
<description>Network Time Protocol (NTP) IPv4 address</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
<description>Network Time Protocol (NTP) IPv6 address</description>
</valueHelp>
<multi/>
<constraint>
<validator name="ipv4-address"/>
<validator name="ipv6-address"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/src/conf_mode/ntp.py b/src/conf_mode/ntp.py
index 0abb2746a..68a046939 100755
--- a/src/conf_mode/ntp.py
+++ b/src/conf_mode/ntp.py
@@ -1,173 +1,171 @@
#!/usr/bin/env python3
#
# Copyright (C) 2018 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
import sys
import os
import jinja2
import ipaddress
from vyos.config import Config
from vyos import ConfigError
config_file = r'/etc/ntp.conf'
# Please be careful if you edit the template.
config_tmpl = """
### Autogenerated by ntp.py ###
#
# Non-configurable defaults
#
driftfile /var/lib/ntp/ntp.drift
# By default, only allow ntpd to query time sources, ignore any incoming requests
restrict default noquery nopeer notrap nomodify
# Local users have unrestricted access, allowing reconfiguration via ntpdc
restrict 127.0.0.1
restrict -6 ::1
#
# Configurable section
#
{% if servers -%}
{% for s in servers -%}
# Server configuration for: {{ s.name }}
server {{ s.name }} iburst {{ s.options | join(" ") }}
{% endfor -%}
{% endif %}
{% if allowed_networks -%}
{% for n in allowed_networks -%}
# Client configuration for network: {{ n.network }}
restrict {{ n.address }} mask {{ n.netmask }} nomodify notrap nopeer
{% endfor -%}
{% endif %}
{% if listen_address -%}
# NTP should listen on configured addresses only
interface ignore wildcard
{% for a in listen_address -%}
interface listen {{ a }}
{% endfor -%}
{% endif %}
"""
default_config_data = {
'servers': [],
'allowed_networks': [],
'listen_address': []
}
def get_config():
ntp = default_config_data
conf = Config()
if not conf.exists('system ntp'):
return None
else:
conf.set_level('system ntp')
if conf.exists('allow-clients address'):
networks = conf.return_values('allow-clients address')
for n in networks:
addr = ipaddress.ip_network(n)
net = {
"network" : n,
"address" : addr.network_address,
"netmask" : addr.netmask
}
ntp['allowed_networks'].append(net)
if conf.exists('listen-address'):
ntp['listen_address'] = conf.return_values('listen-address')
if conf.exists('server'):
for node in conf.list_nodes('server'):
options = []
server = {
"name": node,
"options": []
}
- if conf.exists('server {0} dynamic'.format(node)):
- options.append('dynamic')
if conf.exists('server {0} noselect'.format(node)):
options.append('noselect')
if conf.exists('server {0} preempt'.format(node)):
options.append('preempt')
if conf.exists('server {0} prefer'.format(node)):
options.append('prefer')
server['options'] = options
ntp['servers'].append(server)
return ntp
def verify(ntp):
# bail out early - looks like removal from running config
if ntp is None:
return None
# Configuring allowed clients without a server makes no sense
if len(ntp['allowed_networks']) and not len(ntp['servers']):
raise ConfigError('NTP server not configured')
for n in ntp['allowed_networks']:
try:
addr = ipaddress.ip_network( n['network'] )
break
except ValueError:
raise ConfigError("{0} does not appear to be a valid IPv4 or IPv6 network, check host bits!".format(n['network']))
return None
def generate(ntp):
# bail out early - looks like removal from running config
if ntp is None:
return None
tmpl = jinja2.Template(config_tmpl)
config_text = tmpl.render(ntp)
with open(config_file, 'w') as f:
f.write(config_text)
return None
def apply(ntp):
if ntp is not None:
os.system('sudo systemctl restart ntp.service')
else:
# NTP support is removed in the commit
os.system('sudo systemctl stop ntp.service')
os.unlink(config_file)
return None
if __name__ == '__main__':
try:
c = get_config()
verify(c)
generate(c)
apply(c)
except ConfigError as e:
print(e)
sys.exit(1)
diff --git a/src/migration-scripts/ntp/0-to-1 b/src/migration-scripts/ntp/0-to-1
new file mode 100755
index 000000000..9c66f3109
--- /dev/null
+++ b/src/migration-scripts/ntp/0-to-1
@@ -0,0 +1,36 @@
+#!/usr/bin/env python3
+
+# Delete "set system ntp server <n> dynamic" option
+
+import sys
+
+from vyos.configtree import ConfigTree
+
+if (len(sys.argv) < 1):
+ print("Must specify file name!")
+ sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+config = ConfigTree(config_file)
+
+if not config.exists(['system', 'ntp']):
+ # Nothing to do
+ sys.exit(0)
+else:
+ # Delete abandoned leaf node if found inside tag node for
+ # "set system ntp server <n> dynamic"
+ base = ['system', 'ntp', 'server']
+ for server in config.list_nodes(base):
+ if config.exists(base + [server, 'dynamic']):
+ config.delete(base + [server, 'dynamic'])
+
+ try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+ except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ sys.exit(1)