diff --git a/python/vyos/frr.py b/python/vyos/frr.py index 668489636..de3dbe6e9 100644 --- a/python/vyos/frr.py +++ b/python/vyos/frr.py @@ -1,528 +1,515 @@ # Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with this library. If not, see <http://www.gnu.org/licenses/>. r""" A Library for interracting with the FRR daemon suite. It supports simple configuration manipulation and loading using the official tools supplied with FRR (vtysh and frr-reload) All configuration management and manipulation is done using strings and regex. Example Usage ##### # Reading configuration from frr: ``` >>> original_config = get_configuration() >>> repr(original_config) '!\nfrr version 7.3.1\nfrr defaults traditional\nhostname debian\n...... ``` # Modify a configuration section: ``` >>> new_bgp_section = 'router bgp 65000\n neighbor 192.0.2.1 remote-as 65000\n' >>> modified_config = replace_section(original_config, new_bgp_section, replace_re=r'router bgp \d+') >>> repr(modified_config) '............router bgp 65000\n neighbor 192.0.2.1 remote-as 65000\n...........' ``` Remove a configuration section: ``` >>> modified_config = remove_section(original_config, r'router ospf') ``` Test the new configuration: ``` >>> try: >>> mark_configuration(modified configuration) >>> except ConfigurationNotValid as e: >>> print('resulting configuration is not valid') >>> sys.exit(1) ``` Apply the new configuration: ``` >>> try: >>> replace_configuration(modified_config) >>> except CommitError as e: >>> print('Exception while commiting the supplied configuration') >>> print(e) >>> exit(1) ``` """ import tempfile import re from vyos import util from vyos.util import chown +from vyos.util import cmd import logging from logging.handlers import SysLogHandler import os LOG = logging.getLogger(__name__) DEBUG = os.path.exists('/tmp/vyos.frr.debug') if DEBUG: LOG.setLevel(logging.DEBUG) ch = SysLogHandler(address='/dev/log') ch2 = logging.StreamHandler() LOG.addHandler(ch) LOG.addHandler(ch2) _frr_daemons = ['zebra', 'bgpd', 'fabricd', 'isisd', 'ospf6d', 'ospfd', 'pbrd', 'pimd', 'ripd', 'ripngd', 'sharpd', 'staticd', 'vrrpd', 'ldpd'] path_vtysh = '/usr/bin/vtysh' path_frr_reload = '/usr/lib/frr/frr-reload.py' path_config = '/run/frr' class FrrError(Exception): pass class ConfigurationNotValid(FrrError): """ The configuratioin supplied to vtysh is not valid """ pass class CommitError(FrrError): """ Commiting the supplied configuration failed to commit by a unknown reason see commit error and/or run mark_configuration on the specified configuration to se error generated used by: reload_configuration() """ pass class ConfigSectionNotFound(FrrError): """ Removal of configuration failed because it is not existing in the supplied configuration """ pass def get_configuration(daemon=None, marked=False): """ Get current running FRR configuration daemon: Collect only configuration for the specified FRR daemon, supplying daemon=None retrieves the complete configuration marked: Mark the configuration with "end" tags return: string containing the running configuration from frr """ if daemon and daemon not in _frr_daemons: raise ValueError(f'The specified daemon type is not supported {repr(daemon)}') cmd = f"{path_vtysh} -c 'show run'" if daemon: cmd += f' -d {daemon}' output, code = util.popen(cmd, stderr=util.STDOUT) if code: raise OSError(code, output) config = output.replace('\r', '') # Remove first header lines from FRR config config = config.split("\n", 3)[-1] # Mark the configuration with end tags if marked: config = mark_configuration(config) return config def mark_configuration(config): """ Add end marks and Test the configuration for syntax faults If the configuration is valid a marked version of the configuration is returned, or else it failes with a ConfigurationNotValid Exception config: The configuration string to mark/test return: The marked configuration from FRR """ output, code = util.popen(f"{path_vtysh} -m -f -", stderr=util.STDOUT, input=config) if code == 2: raise ConfigurationNotValid(str(output)) elif code: raise OSError(code, output) config = output.replace('\r', '') return config def reload_configuration(config, daemon=None): """ Execute frr-reload with the new configuration This will try to reapply the supplied configuration inside FRR. The configuration needs to be a complete configuration from the integrated config or from a daemon. config: The configuration to apply daemon: Apply the conigutaion to the specified FRR daemon, supplying daemon=None applies to the integrated configuration return: None """ if daemon and daemon not in _frr_daemons: raise ValueError(f'The specified daemon type is not supported {repr(daemon)}') f = tempfile.NamedTemporaryFile('w') f.write(config) f.flush() LOG.debug(f'reload_configuration: Reloading config using temporary file: {f.name}') cmd = f'{path_frr_reload} --reload' if daemon: cmd += f' --daemon {daemon}' if DEBUG: cmd += f' --debug --stdout' cmd += f' {f.name}' LOG.debug(f'reload_configuration: Executing command against frr-reload: "{cmd}"') output, code = util.popen(cmd, stderr=util.STDOUT) f.close() for i, e in enumerate(output.split('\n')): LOG.debug(f'frr-reload output: {i:3} {e}') if code == 1: raise CommitError(f'Configuration FRR failed while commiting code, please enabling debugging to examine logs') elif code: raise OSError(code, output) return output -def save_configuration(daemon=None): - """Save FRR configuration to /run/frr/{daemon}.conf - It save configuration on each commit. +def save_configuration(): + """Save FRR configuration to /run/frr/config/frr.conf + It save configuration on each commit. T3217 """ - if daemon and daemon not in _frr_daemons: - raise ValueError(f'The specified daemon type is not supported {repr(daemon)}') - - cmd = f"{path_vtysh} -d {daemon} -c 'show run no-header'" - output, code = util.popen(cmd, stderr=util.STDOUT) - if code: - raise OSError(code, output) - daemon_conf = f'{path_config}/{daemon}.conf' + cmd(f'{path_vtysh} -n -w') - with open(daemon_conf, "w") as f: - f.write(output) - # Set permissions (frr:frr) for /run/frr/{daemon}.conf - if os.path.exists(daemon_conf): - chown(daemon_conf, 'frr', 'frr') - config = output - - return config + return def execute(command): """ Run commands inside vtysh command: str containing commands to execute inside a vtysh session """ if not isinstance(command, str): raise ValueError(f'command needs to be a string: {repr(command)}') cmd = f"{path_vtysh} -c '{command}'" output, code = util.popen(cmd, stderr=util.STDOUT) if code: raise OSError(code, output) config = output.replace('\r', '') return config def configure(lines, daemon=False): """ run commands inside config mode vtysh lines: list or str conaining commands to execute inside a configure session only one command executed on each configure() Executing commands inside a subcontext uses the list to describe the context ex: ['router bgp 6500', 'neighbor 192.0.2.1 remote-as 65000'] return: None """ if isinstance(lines, str): lines = [lines] elif not isinstance(lines, list): raise ValueError('lines needs to be string or list of commands') if daemon and daemon not in _frr_daemons: raise ValueError(f'The specified daemon type is not supported {repr(daemon)}') cmd = f'{path_vtysh}' if daemon: cmd += f' -d {daemon}' cmd += " -c 'configure terminal'" for x in lines: cmd += f" -c '{x}'" output, code = util.popen(cmd, stderr=util.STDOUT) if code == 1: raise ConfigurationNotValid(f'Configuration FRR failed: {repr(output)}') elif code: raise OSError(code, output) config = output.replace('\r', '') return config def _replace_section(config, replacement, replace_re, before_re): r"""Replace a section of FRR config config: full original configuration replacement: replacement configuration section replace_re: The regex to replace example: ^router bgp \d+$.?*^!$ this will replace everything between ^router bgp X$ and ^!$ before_re: When replace_re is not existant, the config will be added before this tag example: ^line vty$ return: modified configuration as a text file """ # DEPRECATED, this is replaced by a new implementation # Check if block is configured, remove the existing instance else add a new one if re.findall(replace_re, config, flags=re.MULTILINE | re.DOTALL): # Section is in the configration, replace it return re.sub(replace_re, replacement, config, count=1, flags=re.MULTILINE | re.DOTALL) if before_re: if not re.findall(before_re, config, flags=re.MULTILINE | re.DOTALL): raise ConfigSectionNotFound(f"Config section {before_re} not found in config") # If no section is in the configuration, add it before the line vty line return re.sub(before_re, rf'{replacement}\n\g<1>', config, count=1, flags=re.MULTILINE | re.DOTALL) raise ConfigSectionNotFound(f"Config section {replacement} not found in config") def replace_section(config, replacement, from_re, to_re=r'!', before_re=r'line vty'): r"""Replace a section of FRR config config: full original configuration replacement: replacement configuration section from_re: Regex for the start of section matching example: 'router bgp \d+' to_re: Regex for stop of section matching default: '!' example: '!' or 'end' before_re: When from_re/to_re does not return a match, the config will be added before this tag default: ^line vty$ startline and endline tags will be automatically added to the resulting from_re/to_re and before_re regex'es """ # DEPRECATED, this is replaced by a new implementation return _replace_section(config, replacement, replace_re=rf'^{from_re}$.*?^{to_re}$', before_re=rf'^({before_re})$') def remove_section(config, from_re, to_re='!'): # DEPRECATED, this is replaced by a new implementation return _replace_section(config, '', replace_re=rf'^{from_re}$.*?^{to_re}$', before_re=None) def _find_first_block(config, start_pattern, stop_pattern, start_at=0): '''Find start and stop line numbers for a config block config: (list) A list conaining the configuration that is searched start_pattern: (raw-str) The pattern searched for a a start of block tag stop_pattern: (raw-str) The pattern searched for to signify the end of the block start_at: (int) The index to start searching at in the <config> Returns: None: No complete block could be found set(int, int): A complete block found between the line numbers returned in the set The object <config> is searched from the start for the regex <start_pattern> until the first match is found. On a successful match it continues the search for the regex <stop_pattern> until it is found. After a successful run a set is returned containing the start and stop line numbers. ''' LOG.debug(f'_find_first_block: find start={repr(start_pattern)} stop={repr(stop_pattern)} start_at={start_at}') _start = None for i, element in enumerate(config[start_at:], start=start_at): # LOG.debug(f'_find_first_block: running line {i:3} "{element}"') if not _start: if not re.match(start_pattern, element): LOG.debug(f'_find_first_block: no match {i:3} "{element}"') continue _start = i LOG.debug(f'_find_first_block: Found start {i:3} "{element}"') continue if not re.match(stop_pattern, element): LOG.debug(f'_find_first_block: no match {i:3} "{element}"') continue LOG.debug(f'_find_first_block: Found stop {i:3} "{element}"') return (_start, i) LOG.debug('_find_first_block: exit start={repr(start_pattern)} stop={repr(stop_pattern)} start_at={start_at}') return None def _find_first_element(config, pattern, start_at=0): '''Find the first element that matches the current pattern in config config: (list) A list containing the configuration that is searched start_pattern: (raw-str) The pattern searched for start_at: (int) The index to start searching at in the <config> return: Line index of the line containing the searched pattern TODO: for now it returns -1 on a no-match because 0 also returns as False TODO: that means that we can not use False matching to tell if its ''' LOG.debug(f'_find_first_element: find start="{pattern}" start_at={start_at}') for i, element in enumerate(config[start_at:], start=0): if re.match(pattern + '$', element): LOG.debug(f'_find_first_element: Found stop {i:3} "{element}"') return i LOG.debug(f'_find_first_element: no match {i:3} "{element}"') LOG.debug(f'_find_first_element: Did not find any match, exiting') return -1 def _find_elements(config, pattern, start_at=0): '''Find all instances of pattern and return a list containing all element indexes config: (list) A list containing the configuration that is searched start_pattern: (raw-str) The pattern searched for start_at: (int) The index to start searching at in the <config> return: A list of line indexes containing the searched pattern TODO: refactor this to return a generator instead ''' return [i for i, element in enumerate(config[start_at:], start=0) if re.match(pattern + '$', element)] class FRRConfig: '''Main FRR Configuration manipulation object Using this object the user could load, manipulate and commit the configuration to FRR ''' def __init__(self, config=[]): self.imported_config = '' if isinstance(config, list): self.config = config.copy() self.original_config = config.copy() elif isinstance(config, str): self.config = config.split('\n') self.original_config = self.config.copy() else: raise ValueError( 'The config element needs to be a string or list type object') if config: LOG.debug(f'__init__: frr library initiated with initial config') for i, e in enumerate(self.config): LOG.debug(f'__init__: initial {i:3} {e}') def load_configuration(self, daemon=None): '''Load the running configuration from FRR into the config object daemon: str with name of the FRR Daemon to load configuration from or None to load the consolidated config Using this overwrites the current loaded config objects and replaces the original loaded config ''' self.imported_config = get_configuration(daemon=daemon) if daemon: LOG.debug(f'load_configuration: Configuration loaded from FRR daemon {daemon}') else: LOG.debug(f'load_configuration: Configuration loaded from FRR integrated config') self.original_config = self.imported_config.split('\n') self.config = self.original_config.copy() for i, e in enumerate(self.imported_config.split('\n')): LOG.debug(f'load_configuration: loaded {i:3} {e}') return def test_configuration(self): '''Test the current configuration against FRR This will exception if FRR failes to load the current configuration object ''' LOG.debug('test_configation: Testing configuration') mark_configuration('\n'.join(self.config)) def commit_configuration(self, daemon=None): '''Commit the current configuration to FRR daemon: str with name of the FRR daemon to commit to or None to use the consolidated config ''' LOG.debug('commit_configuration: Commiting configuration') for i, e in enumerate(self.config): LOG.debug(f'commit_configuration: new_config {i:3} {e}') reload_configuration('\n'.join(self.config), daemon=daemon) def modify_section(self, start_pattern, replacement=[], stop_pattern=r'\S+', remove_stop_mark=False, count=0): if isinstance(replacement, str): replacement = replacement.split('\n') elif not isinstance(replacement, list): return ValueError("The replacement element needs to be a string or list type object") LOG.debug(f'modify_section: starting search for {repr(start_pattern)} until {repr(stop_pattern)}') _count = 0 _next_start = 0 while True: if count and count <= _count: # Break out of the loop after specified amount of matches LOG.debug(f'modify_section: reached limit ({_count}), exiting loop at line {_next_start}') break # While searching, always assume that the user wants to search for the exact pattern he entered # To be more specific the user needs a override, eg. a "pattern.*" _w = _find_first_block( self.config, start_pattern+'$', stop_pattern, start_at=_next_start) if not _w: # Reached the end, no more elements to remove LOG.debug(f'modify_section: No more config sections found, exiting') break start_element, end_element = _w LOG.debug(f'modify_section: found match between {start_element} and {end_element}') for i, e in enumerate(self.config[start_element:end_element+1 if remove_stop_mark else end_element], start=start_element): LOG.debug(f'modify_section: remove {i:3} {e}') del self.config[start_element:end_element + 1 if remove_stop_mark else end_element] if replacement: # Append the replacement config at the current position for i, e in enumerate(replacement, start=start_element): LOG.debug(f'modify_section: add {i:3} {e}') self.config[start_element:start_element] = replacement _count += 1 _next_start = start_element + len(replacement) return _count def add_before(self, before_pattern, addition): '''Add config block before this element in the configuration''' if isinstance(addition, str): addition = addition.split('\n') elif not isinstance(addition, list): return ValueError("The replacement element needs to be a string or list type object") start = _find_first_element(self.config, before_pattern) if start < 0: return False for i, e in enumerate(addition, start=start): LOG.debug(f'add_before: add {i:3} {e}') self.config[start:start] = addition return True def __str__(self): return '\n'.join(self.config) def __repr__(self): return f'frr({repr(str(self))})' diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py index 6770865ff..73cfa9b83 100755 --- a/src/conf_mode/protocols_bgp.py +++ b/src/conf_mode/protocols_bgp.py @@ -1,229 +1,229 @@ #!/usr/bin/env python3 # # Copyright (C) 2020-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import os from sys import exit from sys import argv from vyos.config import Config from vyos.configdict import dict_merge from vyos.template import is_ip from vyos.template import render_to_string from vyos.util import call from vyos.util import dict_search from vyos.validate import is_addr_assigned from vyos import ConfigError from vyos import frr from vyos import airbag airbag.enable() frr_daemon = 'bgpd' def get_config(config=None): if config: conf = config else: conf = Config() vrf = None if len(argv) > 1: vrf = argv[1] base_path = ['protocols', 'bgp'] # eqivalent of the C foo ? 'a' : 'b' statement base = vrf and ['vrf', 'name', vrf, 'protocols', 'bgp'] or base_path bgp = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) # Assign the name of our VRF context. This MUST be done before the return # statement below, else on deletion we will delete the default instance # instead of the VRF instance. if vrf: bgp.update({'vrf' : vrf}) if not conf.exists(base): bgp.update({'deleted' : ''}) return bgp # We also need some additional information from the config, # prefix-lists and route-maps for instance. base = ['policy'] tmp = conf.get_config_dict(base, key_mangling=('-', '_')) # Merge policy dict into bgp dict bgp = dict_merge(tmp, bgp) return bgp def verify_remote_as(peer_config, bgp_config): if 'remote_as' in peer_config: return peer_config['remote_as'] if 'peer_group' in peer_config: peer_group_name = peer_config['peer_group'] tmp = dict_search(f'peer_group.{peer_group_name}.remote_as', bgp_config) if tmp: return tmp if 'interface' in peer_config: if 'remote_as' in peer_config['interface']: return peer_config['interface']['remote_as'] if 'peer_group' in peer_config['interface']: peer_group_name = peer_config['interface']['peer_group'] tmp = dict_search(f'peer_group.{peer_group_name}.remote_as', bgp_config) if tmp: return tmp return None def verify(bgp): if not bgp or 'deleted' in bgp: return None if 'local_as' not in bgp: raise ConfigError('BGP local-as number must be defined!') # Common verification for both peer-group and neighbor statements for neighbor in ['neighbor', 'peer_group']: # bail out early if there is no neighbor or peer-group statement # this also saves one indention level if neighbor not in bgp: continue for peer, peer_config in bgp[neighbor].items(): # Only regular "neighbor" statement can have a peer-group set # Check if the configure peer-group exists if 'peer_group' in peer_config: peer_group = peer_config['peer_group'] if 'peer_group' not in bgp or peer_group not in bgp['peer_group']: raise ConfigError(f'Specified peer-group "{peer_group}" for '\ f'neighbor "{neighbor}" does not exist!') # ttl-security and ebgp-multihop can't be used in the same configration if 'ebgp_multihop' in peer_config and 'ttl_security' in peer_config: raise ConfigError('You can\'t set both ebgp-multihop and ttl-security hops') # Check spaces in the password if 'password' in peer_config and ' ' in peer_config['password']: raise ConfigError('You can\'t use spaces in the password') # Some checks can/must only be done on a neighbor and not a peer-group if neighbor == 'neighbor': # remote-as must be either set explicitly for the neighbor # or for the entire peer-group if not verify_remote_as(peer_config, bgp): raise ConfigError(f'Neighbor "{peer}" remote-as must be set!') # Only checks for ipv4 and ipv6 neighbors # Check if neighbor address is assigned as system interface address if is_ip(peer) and is_addr_assigned(peer): raise ConfigError(f'Can\'t configure local address as neighbor "{peer}"') for afi in ['ipv4_unicast', 'ipv6_unicast', 'l2vpn_evpn']: # Bail out early if address family is not configured if 'address_family' not in peer_config or afi not in peer_config['address_family']: continue afi_config = peer_config['address_family'][afi] # Validate if configured Prefix list exists if 'prefix_list' in afi_config: for tmp in ['import', 'export']: if tmp not in afi_config['prefix_list']: # bail out early continue # get_config_dict() mangles all '-' characters to '_' this is legitimate, thus all our # compares will run on '_' as also '_' is a valid name for a prefix-list prefix_list = afi_config['prefix_list'][tmp].replace('-', '_') if afi == 'ipv4_unicast': if dict_search(f'policy.prefix_list.{prefix_list}', bgp) == None: raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!') elif afi == 'ipv6_unicast': if dict_search(f'policy.prefix_list6.{prefix_list}', bgp) == None: raise ConfigError(f'prefix-list6 "{prefix_list}" used for "{tmp}" does not exist!') if 'route_map' in afi_config: for tmp in ['import', 'export']: if tmp in afi_config['route_map']: # get_config_dict() mangles all '-' characters to '_' this is legitim, thus all our # compares will run on '_' as also '_' is a valid name for a route-map route_map = afi_config['route_map'][tmp].replace('-', '_') if dict_search(f'policy.route_map.{route_map}', bgp) == None: raise ConfigError(f'route-map "{route_map}" used for "{tmp}" does not exist!') if 'route_reflector_client' in afi_config: if 'remote_as' in peer_config and bgp['local_as'] != peer_config['remote_as']: raise ConfigError('route-reflector-client only supported for iBGP peers') else: if 'peer_group' in peer_config: peer_group_as = dict_search(f'peer_group.{peer_group}.remote_as', bgp) if peer_group_as != None and peer_group_as != bgp['local_as']: raise ConfigError('route-reflector-client only supported for iBGP peers') # Throw an error if a peer group is not configured for allow range for prefix in dict_search('listen.range', bgp) or []: # we can not use dict_search() here as prefix contains dots ... if 'peer_group' not in bgp['listen']['range'][prefix]: raise ConfigError(f'Listen range for prefix "{prefix}" has no peer group configured.') peer_group = bgp['listen']['range'][prefix]['peer_group'] if 'peer_group' not in bgp or peer_group not in bgp['peer_group']: raise ConfigError(f'Peer-group "{peer_group}" for listen range "{prefix}" does not exist!') if not verify_remote_as(bgp['listen']['range'][prefix], bgp): raise ConfigError(f'Peer-group "{peer_group}" requires remote-as to be set!') return None def generate(bgp): if not bgp or 'deleted' in bgp: bgp['new_frr_config'] = '' return None bgp['new_frr_config'] = render_to_string('frr/bgp.frr.tmpl', bgp) return None def apply(bgp): # Save original configuration prior to starting any commit actions frr_cfg = frr.FRRConfig() frr_cfg.load_configuration(frr_daemon) if 'vrf' in bgp: vrf = bgp['vrf'] frr_cfg.modify_section(f'^router bgp \d+ vrf {vrf}$', '') else: frr_cfg.modify_section('^router bgp \d+$', '') frr_cfg.add_before(r'(ip prefix-list .*|route-map .*|line vty)', bgp['new_frr_config']) frr_cfg.commit_configuration(frr_daemon) # If FRR config is blank, rerun the blank commit x times due to frr-reload # behavior/bug not properly clearing out on one commit. if bgp['new_frr_config'] == '': for a in range(5): frr_cfg.commit_configuration(frr_daemon) - # Save configuration to /run/frr/{daemon}.conf - frr.save_configuration(frr_daemon) + # Save configuration to /run/frr/config/frr.conf + frr.save_configuration() return None if __name__ == '__main__': try: c = get_config() verify(c) generate(c) apply(c) except ConfigError as e: print(e) exit(1) diff --git a/src/conf_mode/protocols_isis.py b/src/conf_mode/protocols_isis.py index 02cf9970c..571520cfe 100755 --- a/src/conf_mode/protocols_isis.py +++ b/src/conf_mode/protocols_isis.py @@ -1,225 +1,225 @@ #!/usr/bin/env python3 # # Copyright (C) 2020-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import os from sys import exit from sys import argv from vyos.config import Config from vyos.configdict import dict_merge from vyos.configdict import node_changed from vyos.configverify import verify_interface_exists from vyos.util import call from vyos.util import dict_search from vyos.util import get_interface_config from vyos.template import render_to_string from vyos import ConfigError from vyos import frr from vyos import airbag airbag.enable() frr_daemon = 'isisd' def get_config(config=None): if config: conf = config else: conf = Config() vrf = None if len(argv) > 1: vrf = argv[1] base_path = ['protocols', 'isis'] # eqivalent of the C foo ? 'a' : 'b' statement base = vrf and ['vrf', 'name', vrf, 'protocols', 'isis'] or base_path isis = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) # Assign the name of our VRF context. This MUST be done before the return # statement below, else on deletion we will delete the default instance # instead of the VRF instance. if vrf: isis['vrf'] = vrf # As we no re-use this Python handler for both VRF and non VRF instances for # IS-IS we need to find out if any interfaces changed so properly adjust # the FRR configuration and not by acctident change interfaces from a # different VRF. interfaces_removed = node_changed(conf, base + ['interface']) if interfaces_removed: isis['interface_removed'] = list(interfaces_removed) # Bail out early if configuration tree does not exist if not conf.exists(base): isis.update({'deleted' : ''}) return isis # We also need some additional information from the config, prefix-lists # and route-maps for instance. They will be used in verify() base = ['policy'] tmp = conf.get_config_dict(base, key_mangling=('-', '_')) # Merge policy dict into OSPF dict isis = dict_merge(tmp, isis) return isis def verify(isis): # bail out early - looks like removal from running config if not isis or 'deleted' in isis: return None if 'net' not in isis: raise ConfigError('Network entity is mandatory!') # last byte in IS-IS area address must be 0 tmp = isis['net'].split('.') if int(tmp[-1]) != 0: raise ConfigError('Last byte of IS-IS network entity title must always be 0!') # If interface not set if 'interface' not in isis: raise ConfigError('Interface used for routing updates is mandatory!') for interface in isis['interface']: verify_interface_exists(interface) if 'vrf' in isis: # If interface specific options are set, we must ensure that the # interface is bound to our requesting VRF. Due to the VyOS # priorities the interface is bound to the VRF after creation of # the VRF itself, and before any routing protocol is configured. vrf = isis['vrf'] tmp = get_interface_config(interface) if 'master' not in tmp or tmp['master'] != vrf: raise ConfigError(f'Interface {interface} is not a member of VRF {vrf}!') # If md5 and plaintext-password set at the same time if 'area_password' in isis: if {'md5', 'plaintext_password'} <= set(isis['encryption']): raise ConfigError('Can not use both md5 and plaintext-password for ISIS area-password!') # If one param from delay set, but not set others if 'spf_delay_ietf' in isis: required_timers = ['holddown', 'init_delay', 'long_delay', 'short_delay', 'time_to_learn'] exist_timers = [] for elm_timer in required_timers: if elm_timer in isis['spf_delay_ietf']: exist_timers.append(elm_timer) exist_timers = set(required_timers).difference(set(exist_timers)) if len(exist_timers) > 0: raise ConfigError('All types of delay must be specified: ' + ', '.join(exist_timers).replace('_', '-')) # If Redistribute set, but level don't set if 'redistribute' in isis: proc_level = isis.get('level','').replace('-','_') for afi in ['ipv4']: if afi not in isis['redistribute']: continue for proto, proto_config in isis['redistribute'][afi].items(): if 'level_1' not in proto_config and 'level_2' not in proto_config: raise ConfigError(f'Redistribute level-1 or level-2 should be specified in ' \ f'"protocols isis {process} redistribute {afi} {proto}"!') for redistr_level, redistr_config in proto_config.items(): if proc_level and proc_level != 'level_1_2' and proc_level != redistr_level: raise ConfigError(f'"protocols isis {process} redistribute {afi} {proto} {redistr_level}" ' \ f'can not be used with \"protocols isis {process} level {proc_level}\"') if 'route_map' in redistr_config: name = redistr_config['route_map'] tmp = name.replace('-', '_') if dict_search(f'policy.route_map.{tmp}', isis) == None: raise ConfigError(f'Route-map {name} does not exist!') # Segment routing checks if dict_search('segment_routing.global_block', isis): high_label_value = dict_search('segment_routing.global_block.high_label_value', isis) low_label_value = dict_search('segment_routing.global_block.low_label_value', isis) # If segment routing global block high value is blank, throw error if (low_label_value and not high_label_value) or (high_label_value and not low_label_value): raise ConfigError('Segment routing global block requires both low and high value!') # If segment routing global block low value is higher than the high value, throw error if int(low_label_value) > int(high_label_value): raise ConfigError('Segment routing global block low value must be lower than high value') if dict_search('segment_routing.local_block', isis): high_label_value = dict_search('segment_routing.local_block.high_label_value', isis) low_label_value = dict_search('segment_routing.local_block.low_label_value', isis) # If segment routing local block high value is blank, throw error if (low_label_value and not high_label_value) or (high_label_value and not low_label_value): raise ConfigError('Segment routing local block requires both high and low value!') # If segment routing local block low value is higher than the high value, throw error if int(low_label_value) > int(high_label_value): raise ConfigError('Segment routing local block low value must be lower than high value') return None def generate(isis): if not isis or 'deleted' in isis: isis['new_frr_config'] = '' return None isis['new_frr_config'] = render_to_string('frr/isis.frr.tmpl', isis) return None def apply(isis): # Save original configuration prior to starting any commit actions frr_cfg = frr.FRRConfig() frr_cfg.load_configuration(frr_daemon) # Generate empty helper string which can be ammended to FRR commands, # it will be either empty (default VRF) or contain the "vrf <name" statement vrf = '' if 'vrf' in isis: vrf = ' vrf ' + isis['vrf'] frr_cfg.modify_section(f'^router isis VyOS{vrf}$', '') for key in ['interface', 'interface_removed']: if key not in isis: continue for interface in isis[key]: frr_cfg.modify_section(f'^interface {interface}{vrf}$', '') frr_cfg.add_before(r'(ip prefix-list .*|route-map .*|line vty)', isis['new_frr_config']) frr_cfg.commit_configuration(frr_daemon) # If FRR config is blank, rerun the blank commit x times due to frr-reload # behavior/bug not properly clearing out on one commit. if isis['new_frr_config'] == '': for a in range(5): frr_cfg.commit_configuration(frr_daemon) - # Save configuration to /run/frr/{daemon}.conf - frr.save_configuration(frr_daemon) + # Save configuration to /run/frr/config/frr.conf + frr.save_configuration() return None if __name__ == '__main__': try: c = get_config() verify(c) generate(c) apply(c) except ConfigError as e: print(e) exit(1) diff --git a/src/conf_mode/protocols_ospf.py b/src/conf_mode/protocols_ospf.py index b4ee8659a..30cc33dcf 100755 --- a/src/conf_mode/protocols_ospf.py +++ b/src/conf_mode/protocols_ospf.py @@ -1,216 +1,216 @@ #!/usr/bin/env python3 # # Copyright (C) 2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import os from sys import exit from sys import argv from vyos.config import Config from vyos.configdict import dict_merge from vyos.configdict import node_changed from vyos.configverify import verify_route_maps from vyos.configverify import verify_interface_exists from vyos.template import render_to_string from vyos.util import call from vyos.util import dict_search from vyos.util import get_interface_config from vyos.xml import defaults from vyos import ConfigError from vyos import frr from vyos import airbag airbag.enable() frr_daemon = 'ospfd' def get_config(config=None): if config: conf = config else: conf = Config() vrf = None if len(argv) > 1: vrf = argv[1] base_path = ['protocols', 'ospf'] # eqivalent of the C foo ? 'a' : 'b' statement base = vrf and ['vrf', 'name', vrf, 'protocols', 'ospf'] or base_path ospf = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) # Assign the name of our VRF context. This MUST be done before the return # statement below, else on deletion we will delete the default instance # instead of the VRF instance. if vrf: ospf['vrf'] = vrf # As we no re-use this Python handler for both VRF and non VRF instances for # OSPF we need to find out if any interfaces changed so properly adjust # the FRR configuration and not by acctident change interfaces from a # different VRF. interfaces_removed = node_changed(conf, base + ['interface']) if interfaces_removed: ospf['interface_removed'] = list(interfaces_removed) # Bail out early if configuration tree does not exist if not conf.exists(base): ospf.update({'deleted' : ''}) return ospf # We have gathered the dict representation of the CLI, but there are default # options which we need to update into the dictionary retrived. # XXX: Note that we can not call defaults(base), as defaults does not work # on an instance of a tag node. As we use the exact same CLI definition for # both the non-vrf and vrf version this is absolutely safe! default_values = defaults(base_path) # We have to cleanup the default dict, as default values could enable features # which are not explicitly enabled on the CLI. Example: default-information # originate comes with a default metric-type of 2, which will enable the # entire default-information originate tree, even when not set via CLI so we # need to check this first and probably drop that key. if dict_search('default_information.originate', ospf) is None: del default_values['default_information'] if dict_search('area.area_type.nssa', ospf) is None: del default_values['area']['area_type']['nssa'] if 'mpls_te' not in ospf: del default_values['mpls_te'] for protocol in ['bgp', 'connected', 'isis', 'kernel', 'rip', 'static']: if dict_search(f'redistribute.{protocol}', ospf) is None: del default_values['redistribute'][protocol] # XXX: T2665: we currently have no nice way for defaults under tag nodes, # clean them out and add them manually :( del default_values['neighbor'] del default_values['area']['virtual_link'] del default_values['interface'] # merge in remaining default values ospf = dict_merge(default_values, ospf) if 'neighbor' in ospf: default_values = defaults(base + ['neighbor']) for neighbor in ospf['neighbor']: ospf['neighbor'][neighbor] = dict_merge(default_values, ospf['neighbor'][neighbor]) if 'area' in ospf: default_values = defaults(base + ['area', 'virtual-link']) for area, area_config in ospf['area'].items(): if 'virtual_link' in area_config: print(default_values) for virtual_link in area_config['virtual_link']: ospf['area'][area]['virtual_link'][virtual_link] = dict_merge( default_values, ospf['area'][area]['virtual_link'][virtual_link]) if 'interface' in ospf: for interface in ospf['interface']: # We need to reload the defaults on every pass b/c of # hello-multiplier dependency on dead-interval default_values = defaults(base + ['interface']) # If hello-multiplier is set, we need to remove the default from # dead-interval. if 'hello_multiplier' in ospf['interface'][interface]: del default_values['dead_interval'] ospf['interface'][interface] = dict_merge(default_values, ospf['interface'][interface]) # We also need some additional information from the config, prefix-lists # and route-maps for instance. They will be used in verify() base = ['policy'] tmp = conf.get_config_dict(base, key_mangling=('-', '_')) # Merge policy dict into OSPF dict ospf = dict_merge(tmp, ospf) return ospf def verify(ospf): if not ospf: return None verify_route_maps(ospf) if 'interface' in ospf: for interface in ospf['interface']: verify_interface_exists(interface) # One can not use dead-interval and hello-multiplier at the same # time. FRR will only activate the last option set via CLI. if {'hello_multiplier', 'dead_interval'} <= set(ospf['interface'][interface]): raise ConfigError(f'Can not use hello-multiplier and dead-interval ' \ f'concurrently for {interface}!') if 'vrf' in ospf: # If interface specific options are set, we must ensure that the # interface is bound to our requesting VRF. Due to the VyOS # priorities the interface is bound to the VRF after creation of # the VRF itself, and before any routing protocol is configured. vrf = ospf['vrf'] tmp = get_interface_config(interface) if 'master' not in tmp or tmp['master'] != vrf: raise ConfigError(f'Interface {interface} is not a member of VRF {vrf}!') return None def generate(ospf): if not ospf or 'deleted' in ospf: ospf['new_frr_config'] = '' return None ospf['new_frr_config'] = render_to_string('frr/ospf.frr.tmpl', ospf) return None def apply(ospf): # Save original configuration prior to starting any commit actions frr_cfg = frr.FRRConfig() frr_cfg.load_configuration(frr_daemon) # Generate empty helper string which can be ammended to FRR commands, # it will be either empty (default VRF) or contain the "vrf <name" statement vrf = '' if 'vrf' in ospf: vrf = ' vrf ' + ospf['vrf'] frr_cfg.modify_section(f'^router ospf{vrf}$', '') for key in ['interface', 'interface_removed']: if key not in ospf: continue for interface in ospf[key]: frr_cfg.modify_section(f'^interface {interface}{vrf}$', '') frr_cfg.add_before(r'(ip prefix-list .*|route-map .*|line vty)', ospf['new_frr_config']) frr_cfg.commit_configuration(frr_daemon) # If FRR config is blank, rerun the blank commit x times due to frr-reload # behavior/bug not properly clearing out on one commit. if ospf['new_frr_config'] == '': for a in range(5): frr_cfg.commit_configuration(frr_daemon) - # Save configuration to /run/frr/{daemon}.conf - frr.save_configuration(frr_daemon) + # Save configuration to /run/frr/config/frr.conf + frr.save_configuration() return None if __name__ == '__main__': try: c = get_config() verify(c) generate(c) apply(c) except ConfigError as e: print(e) exit(1) diff --git a/src/conf_mode/protocols_ospfv3.py b/src/conf_mode/protocols_ospfv3.py index f3beab204..42b6462e3 100755 --- a/src/conf_mode/protocols_ospfv3.py +++ b/src/conf_mode/protocols_ospfv3.py @@ -1,107 +1,107 @@ #!/usr/bin/env python3 # # Copyright (C) 2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import os from sys import exit from vyos.config import Config from vyos.configdict import dict_merge from vyos.configverify import verify_route_maps from vyos.template import render_to_string from vyos.util import call from vyos.ifconfig import Interface from vyos.xml import defaults from vyos import ConfigError from vyos import frr from vyos import airbag airbag.enable() frr_daemon = 'ospf6d' def get_config(config=None): if config: conf = config else: conf = Config() base = ['protocols', 'ospfv3'] ospfv3 = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) # Bail out early if configuration tree does not exist if not conf.exists(base): return ospfv3 # We also need some additional information from the config, prefix-lists # and route-maps for instance. They will be used in verify() base = ['policy'] tmp = conf.get_config_dict(base, key_mangling=('-', '_')) # Merge policy dict into OSPF dict ospfv3 = dict_merge(tmp, ospfv3) return ospfv3 def verify(ospfv3): if not ospfv3: return None verify_route_maps(ospfv3) if 'interface' in ospfv3: for ifname, if_config in ospfv3['interface'].items(): if 'ifmtu' in if_config: mtu = Interface(ifname).get_mtu() if int(if_config['ifmtu']) > int(mtu): raise ConfigError(f'OSPFv3 ifmtu cannot go beyond physical MTU of "{mtu}"') return None def generate(ospfv3): if not ospfv3: ospfv3['new_frr_config'] = '' return None ospfv3['new_frr_config'] = render_to_string('frr/ospfv3.frr.tmpl', ospfv3) return None def apply(ospfv3): # Save original configuration prior to starting any commit actions frr_cfg = frr.FRRConfig() frr_cfg.load_configuration(frr_daemon) frr_cfg.modify_section(r'^interface \S+', '') frr_cfg.modify_section('^router ospf6$', '') frr_cfg.add_before(r'(ip prefix-list .*|route-map .*|line vty)', ospfv3['new_frr_config']) frr_cfg.commit_configuration(frr_daemon) # If FRR config is blank, re-run the blank commit x times due to frr-reload # behavior/bug not properly clearing out on one commit. if ospfv3['new_frr_config'] == '': for a in range(5): frr_cfg.commit_configuration(frr_daemon) - # Save configuration to /run/frr/{daemon}.conf - frr.save_configuration(frr_daemon) + # Save configuration to /run/frr/config/frr.conf + frr.save_configuration() return None if __name__ == '__main__': try: c = get_config() verify(c) generate(c) apply(c) except ConfigError as e: print(e) exit(1) diff --git a/src/conf_mode/protocols_rip.py b/src/conf_mode/protocols_rip.py index 34d42d630..e7eafd059 100755 --- a/src/conf_mode/protocols_rip.py +++ b/src/conf_mode/protocols_rip.py @@ -1,132 +1,132 @@ #!/usr/bin/env python3 # # Copyright (C) 2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import os from sys import exit from vyos.config import Config from vyos.configdict import dict_merge from vyos.configverify import verify_route_maps from vyos.util import call from vyos.util import dict_search from vyos.xml import defaults from vyos.template import render_to_string from vyos import ConfigError from vyos import frr from vyos import airbag airbag.enable() frr_daemon = 'ripd' def get_config(config=None): if config: conf = config else: conf = Config() base = ['protocols', 'rip'] rip = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) # Bail out early if configuration tree does not exist if not conf.exists(base): return rip # We have gathered the dict representation of the CLI, but there are default # options which we need to update into the dictionary retrived. default_values = defaults(base) # merge in remaining default values rip = dict_merge(default_values, rip) # We also need some additional information from the config, prefix-lists # and route-maps for instance. They will be used in verify() base = ['policy'] tmp = conf.get_config_dict(base, key_mangling=('-', '_')) # Merge policy dict into OSPF dict rip = dict_merge(tmp, rip) return rip def verify(rip): if not rip: return None acl_in = dict_search('distribute_list.access_list.in', rip) if acl_in and acl_in not in (dict_search('policy.access_list', rip) or []): raise ConfigError(f'Inbound ACL "{acl_in}" does not exist!') acl_out = dict_search('distribute_list.access_list.out', rip) if acl_out and acl_out not in (dict_search('policy.access_list', rip) or []): raise ConfigError(f'Outbound ACL "{acl_out}" does not exist!') prefix_list_in = dict_search('distribute_list.prefix_list.in', rip) if prefix_list_in and prefix_list_in.replace('-','_') not in (dict_search('policy.prefix_list', rip) or []): raise ConfigError(f'Inbound prefix-list "{prefix_list_in}" does not exist!') prefix_list_out = dict_search('distribute_list.prefix_list.out', rip) if prefix_list_out and prefix_list_out.replace('-','_') not in (dict_search('policy.prefix_list', rip) or []): raise ConfigError(f'Outbound prefix-list "{prefix_list_out}" does not exist!') if 'interface' in rip: for interface, interface_options in rip['interface'].items(): if 'authentication' in interface_options: if {'md5', 'plaintext_password'} <= set(interface_options['authentication']): raise ConfigError('Can not use both md5 and plaintext-password at the same time!') if 'split_horizon' in interface_options: if {'disable', 'poison_reverse'} <= set(interface_options['split_horizon']): raise ConfigError(f'You can not have "split-horizon poison-reverse" enabled ' \ f'with "split-horizon disable" for "{interface}"!') verify_route_maps(rip) def generate(rip): if not rip: rip['new_frr_config'] = '' return None rip['new_frr_config'] = render_to_string('frr/rip.frr.tmpl', rip) return None def apply(rip): # Save original configuration prior to starting any commit actions frr_cfg = frr.FRRConfig() frr_cfg.load_configuration(frr_daemon) frr_cfg.modify_section(r'key chain \S+', '') frr_cfg.modify_section(r'interface \S+', '') frr_cfg.modify_section('router rip', '') frr_cfg.add_before(r'(ip prefix-list .*|route-map .*|line vty)', rip['new_frr_config']) frr_cfg.commit_configuration(frr_daemon) # If FRR config is blank, rerun the blank commit x times due to frr-reload # behavior/bug not properly clearing out on one commit. if rip['new_frr_config'] == '': for a in range(5): frr_cfg.commit_configuration(frr_daemon) - # Save configuration to /run/frr/{daemon}.conf - frr.save_configuration(frr_daemon) + # Save configuration to /run/frr/config/frr.conf + frr.save_configuration() return None if __name__ == '__main__': try: c = get_config() verify(c) generate(c) apply(c) except ConfigError as e: print(e) exit(1) diff --git a/src/conf_mode/protocols_ripng.py b/src/conf_mode/protocols_ripng.py index eff4297f9..140133bd0 100755 --- a/src/conf_mode/protocols_ripng.py +++ b/src/conf_mode/protocols_ripng.py @@ -1,131 +1,131 @@ #!/usr/bin/env python3 # # Copyright (C) 2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import os from sys import exit from vyos.config import Config from vyos.configdict import dict_merge from vyos.configverify import verify_route_maps from vyos.util import call from vyos.util import dict_search from vyos.xml import defaults from vyos.template import render_to_string from vyos import ConfigError from vyos import frr from vyos import airbag airbag.enable() frr_daemon = 'ripngd' def get_config(config=None): if config: conf = config else: conf = Config() base = ['protocols', 'ripng'] ripng = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) # Bail out early if configuration tree does not exist if not conf.exists(base): return ripng # We have gathered the dict representation of the CLI, but there are default # options which we need to update into the dictionary retrived. default_values = defaults(base) # merge in remaining default values ripng = dict_merge(default_values, ripng) # We also need some additional information from the config, prefix-lists # and route-maps for instance. They will be used in verify() base = ['policy'] tmp = conf.get_config_dict(base, key_mangling=('-', '_')) # Merge policy dict into OSPF dict ripng = dict_merge(tmp, ripng) return ripng def verify(ripng): if not ripng: return None acl_in = dict_search('distribute_list.access_list.in', ripng) if acl_in and acl_in not in (dict_search('policy.access_list6', ripng) or []): raise ConfigError(f'Inbound access-list6 "{acl_in}" does not exist!') acl_out = dict_search('distribute_list.access_list.out', ripng) if acl_out and acl_out not in (dict_search('policy.access_list6', ripng) or []): raise ConfigError(f'Outbound access-list6 "{acl_out}" does not exist!') prefix_list_in = dict_search('distribute_list.prefix_list.in', ripng) if prefix_list_in and prefix_list_in.replace('-','_') not in (dict_search('policy.prefix_list6', ripng) or []): raise ConfigError(f'Inbound prefix-list6 "{prefix_list_in}" does not exist!') prefix_list_out = dict_search('distribute_list.prefix_list.out', ripng) if prefix_list_out and prefix_list_out.replace('-','_') not in (dict_search('policy.prefix_list6', ripng) or []): raise ConfigError(f'Outbound prefix-list6 "{prefix_list_out}" does not exist!') if 'interface' in ripng: for interface, interface_options in ripng['interface'].items(): if 'authentication' in interface_options: if {'md5', 'plaintext_password'} <= set(interface_options['authentication']): raise ConfigError('Can not use both md5 and plaintext-password at the same time!') if 'split_horizon' in interface_options: if {'disable', 'poison_reverse'} <= set(interface_options['split_horizon']): raise ConfigError(f'You can not have "split-horizon poison-reverse" enabled ' \ f'with "split-horizon disable" for "{interface}"!') verify_route_maps(ripng) def generate(ripng): if not ripng: ripng['new_frr_config'] = '' return None ripng['new_frr_config'] = render_to_string('frr/ripng.frr.tmpl', ripng) return None def apply(ripng): # Save original configuration prior to starting any commit actions frr_cfg = frr.FRRConfig() frr_cfg.load_configuration(frr_daemon) frr_cfg.modify_section(r'key chain \S+', '') frr_cfg.modify_section(r'interface \S+', '') frr_cfg.modify_section('router ripng', '') frr_cfg.add_before(r'(ip prefix-list .*|route-map .*|line vty)', ripng['new_frr_config']) frr_cfg.commit_configuration(frr_daemon) # If FRR config is blank, rerun the blank commit x times due to frr-reload # behavior/bug not properly clearing out on one commit. if ripng['new_frr_config'] == '': for a in range(5): frr_cfg.commit_configuration(frr_daemon) - # Save configuration to /run/frr/{daemon}.conf - frr.save_configuration(frr_daemon) + # Save configuration to /run/frr/config/frr.conf + frr.save_configuration() return None if __name__ == '__main__': try: c = get_config() verify(c) generate(c) apply(c) except ConfigError as e: print(e) exit(1) diff --git a/src/conf_mode/protocols_static.py b/src/conf_mode/protocols_static.py index 0de073a6d..7ae952af8 100755 --- a/src/conf_mode/protocols_static.py +++ b/src/conf_mode/protocols_static.py @@ -1,113 +1,113 @@ #!/usr/bin/env python3 # # Copyright (C) 2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import os from sys import exit from sys import argv from vyos.config import Config from vyos.configverify import verify_route_maps from vyos.configverify import verify_vrf from vyos.template import render_to_string from vyos.util import call from vyos import ConfigError from vyos import frr from vyos import airbag airbag.enable() frr_daemon = 'staticd' def get_config(config=None): if config: conf = config else: conf = Config() vrf = None if len(argv) > 1: vrf = argv[1] base_path = ['protocols', 'static'] # eqivalent of the C foo ? 'a' : 'b' statement base = vrf and ['vrf', 'name', vrf, 'protocols', 'static'] or base_path static = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) # Assign the name of our VRF context if vrf: static['vrf'] = vrf return static def verify(static): verify_route_maps(static) for route in ['route', 'route6']: # if there is no route(6) key in the dictionary we can immediately # bail out early if route not in static: continue # When leaking routes to other VRFs we must ensure that the destination # VRF exists for prefix, prefix_options in static[route].items(): # both the interface and next-hop CLI node can have a VRF subnode, # thus we check this using a for loop for type in ['interface', 'next_hop']: if type in prefix_options: for interface, interface_config in prefix_options[type].items(): verify_vrf(interface_config) return None def generate(static): static['new_frr_config'] = render_to_string('frr/static.frr.tmpl', static) return None def apply(static): # Save original configuration prior to starting any commit actions frr_cfg = frr.FRRConfig() frr_cfg.load_configuration(frr_daemon) if 'vrf' in static: vrf = static['vrf'] frr_cfg.modify_section(f'^vrf {vrf}$', '') else: frr_cfg.modify_section(r'^ip route .*', '') frr_cfg.modify_section(r'^ipv6 route .*', '') frr_cfg.add_before(r'(interface .*|line vty)', static['new_frr_config']) frr_cfg.commit_configuration(frr_daemon) # If FRR config is blank, rerun the blank commit x times due to frr-reload # behavior/bug not properly clearing out on one commit. if static['new_frr_config'] == '': for a in range(5): frr_cfg.commit_configuration(frr_daemon) - # Save configuration to /run/frr/{daemon}.conf - frr.save_configuration(frr_daemon) + # Save configuration to /run/frr/config/frr.conf + frr.save_configuration() return None if __name__ == '__main__': try: c = get_config() verify(c) generate(c) apply(c) except ConfigError as e: print(e) exit(1)