Merge pull request #2605 from vyos/mergify/bp/sagitta/pr-2601

migration: T5413: re-sequence interfaces migration scripts (backport #2601)
vyos · Dec 10, 2023 · e099dd7 · e099dd7
2 parents 5ff7613 + da79067
commit e099dd7
Show file tree

Hide file tree

Showing 8 changed files with 602 additions and 602 deletions.
diff --git a/src/migration-scripts/interfaces/22-to-23 b/src/migration-scripts/interfaces/22-to-23
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -13,133 +13,45 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-from sys import argv
-from sys import exit
+#
+# Deletes Wireguard peers if they have the same public key as the router has.
+import sys
 from vyos.configtree import ConfigTree
-
-def migrate_ospf(config, path, interface):
-    path = path + ['ospf']
-    if config.exists(path):
-        new_base = ['protocols', 'ospf', 'interface']
-        config.set(new_base)
-        config.set_tag(new_base)
-        config.copy(path, new_base + [interface])
-        config.delete(path)
-
-        # if "ip ospf" was the only setting, we can clean out the empty
-        # ip node afterwards
-        if len(config.list_nodes(path[:-1])) == 0:
-            config.delete(path[:-1])
-
-def migrate_ospfv3(config, path, interface):
-    path = path + ['ospfv3']
-    if config.exists(path):
-        new_base = ['protocols', 'ospfv3', 'interface']
-        config.set(new_base)
-        config.set_tag(new_base)
-        config.copy(path, new_base + [interface])
-        config.delete(path)
-
-        # if "ipv6 ospfv3" was the only setting, we can clean out the empty
-        # ip node afterwards
-        if len(config.list_nodes(path[:-1])) == 0:
-            config.delete(path[:-1])
-
-def migrate_rip(config, path, interface):
-    path = path + ['rip']
-    if config.exists(path):
-        new_base = ['protocols', 'rip', 'interface']
-        config.set(new_base)
-        config.set_tag(new_base)
-        config.copy(path, new_base + [interface])
-        config.delete(path)
-
-        # if "ip rip" was the only setting, we can clean out the empty
-        # ip node afterwards
-        if len(config.list_nodes(path[:-1])) == 0:
-            config.delete(path[:-1])
-
-def migrate_ripng(config, path, interface):
-    path = path + ['ripng']
-    if config.exists(path):
-        new_base = ['protocols', 'ripng', 'interface']
-        config.set(new_base)
-        config.set_tag(new_base)
-        config.copy(path, new_base + [interface])
-        config.delete(path)
-
-        # if "ipv6 ripng" was the only setting, we can clean out the empty
-        # ip node afterwards
-        if len(config.list_nodes(path[:-1])) == 0:
-            config.delete(path[:-1])
+from vyos.utils.network import is_wireguard_key_pair
 
 if __name__ == '__main__':
-    if len(argv) < 2:
+    if len(sys.argv) < 2:
         print("Must specify file name!")
-        exit(1)
+        sys.exit(1)
+
+    file_name = sys.argv[1]
 
-    file_name = argv[1]
     with open(file_name, 'r') as f:
         config_file = f.read()
 
     config = ConfigTree(config_file)
-
-    #
-    # Migrate "interface ethernet eth0 ip ospf" to "protocols ospf interface eth0"
-    #
-    for type in config.list_nodes(['interfaces']):
-        for interface in config.list_nodes(['interfaces', type]):
-            ip_base = ['interfaces', type, interface, 'ip']
-            ipv6_base = ['interfaces', type, interface, 'ipv6']
-            migrate_rip(config, ip_base, interface)
-            migrate_ripng(config, ipv6_base, interface)
-            migrate_ospf(config, ip_base, interface)
-            migrate_ospfv3(config, ipv6_base, interface)
-
-            vif_path = ['interfaces', type, interface, 'vif']
-            if config.exists(vif_path):
-                for vif in config.list_nodes(vif_path):
-                    vif_ip_base = vif_path + [vif, 'ip']
-                    vif_ipv6_base = vif_path + [vif, 'ipv6']
-                    ifname = f'{interface}.{vif}'
-
-                    migrate_rip(config, vif_ip_base, ifname)
-                    migrate_ripng(config, vif_ipv6_base, ifname)
-                    migrate_ospf(config, vif_ip_base, ifname)
-                    migrate_ospfv3(config, vif_ipv6_base, ifname)
-
-
-            vif_s_path = ['interfaces', type, interface, 'vif-s']
-            if config.exists(vif_s_path):
-                for vif_s in config.list_nodes(vif_s_path):
-                    vif_s_ip_base = vif_s_path + [vif_s, 'ip']
-                    vif_s_ipv6_base = vif_s_path + [vif_s, 'ipv6']
-
-                    # vif-c interfaces MUST be migrated before their parent vif-s
-                    # interface as the migrate_*() functions delete the path!
-                    vif_c_path = ['interfaces', type, interface, 'vif-s', vif_s, 'vif-c']
-                    if config.exists(vif_c_path):
-                        for vif_c in config.list_nodes(vif_c_path):
-                            vif_c_ip_base = vif_c_path + [vif_c, 'ip']
-                            vif_c_ipv6_base = vif_c_path + [vif_c, 'ipv6']
-                            ifname = f'{interface}.{vif_s}.{vif_c}'
-
-                            migrate_rip(config, vif_c_ip_base, ifname)
-                            migrate_ripng(config, vif_c_ipv6_base, ifname)
-                            migrate_ospf(config, vif_c_ip_base, ifname)
-                            migrate_ospfv3(config, vif_c_ipv6_base, ifname)
-
-
-                    ifname = f'{interface}.{vif_s}'
-                    migrate_rip(config, vif_s_ip_base, ifname)
-                    migrate_ripng(config, vif_s_ipv6_base, ifname)
-                    migrate_ospf(config, vif_s_ip_base, ifname)
-                    migrate_ospfv3(config, vif_s_ipv6_base, ifname)
+    base = ['interfaces', 'wireguard']
+    if not config.exists(base):
+        # Nothing to do
+        sys.exit(0)
+    for interface in config.list_nodes(base):
+        if not config.exists(base + [interface, 'private-key']):
+            continue
+        private_key = config.return_value(base + [interface, 'private-key'])
+        interface_base = base + [interface]
+        if config.exists(interface_base + ['peer']):
+            for peer in config.list_nodes(interface_base + ['peer']):
+                peer_base = interface_base + ['peer', peer]
+                if not config.exists(peer_base + ['public-key']):
+                    continue
+                peer_public_key = config.return_value(peer_base + ['public-key'])
+                if not config.exists(peer_base + ['disable']) \
+                        and is_wireguard_key_pair(private_key, peer_public_key):
+                    config.set(peer_base + ['disable'])
 
     try:
         with open(file_name, 'w') as f:
             f.write(config.to_string())
     except OSError as e:
         print("Failed to save the modified config: {}".format(e))
-        exit(1)
+        sys.exit(1)
diff --git a/src/migration-scripts/interfaces/23-to-24 b/src/migration-scripts/interfaces/23-to-24
@@ -14,47 +14,132 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-# A VTI interface also requires an IPSec configuration - VyOS 1.2 supported
-# having a VTI interface in the CLI but no IPSec configuration - drop VTI
-# configuration if this is the case for VyOS 1.4
-
-import sys
+from sys import argv
+from sys import exit
 from vyos.configtree import ConfigTree
 
+def migrate_ospf(config, path, interface):
+    path = path + ['ospf']
+    if config.exists(path):
+        new_base = ['protocols', 'ospf', 'interface']
+        config.set(new_base)
+        config.set_tag(new_base)
+        config.copy(path, new_base + [interface])
+        config.delete(path)
+
+        # if "ip ospf" was the only setting, we can clean out the empty
+        # ip node afterwards
+        if len(config.list_nodes(path[:-1])) == 0:
+            config.delete(path[:-1])
+
+def migrate_ospfv3(config, path, interface):
+    path = path + ['ospfv3']
+    if config.exists(path):
+        new_base = ['protocols', 'ospfv3', 'interface']
+        config.set(new_base)
+        config.set_tag(new_base)
+        config.copy(path, new_base + [interface])
+        config.delete(path)
+
+        # if "ipv6 ospfv3" was the only setting, we can clean out the empty
+        # ip node afterwards
+        if len(config.list_nodes(path[:-1])) == 0:
+            config.delete(path[:-1])
+
+def migrate_rip(config, path, interface):
+    path = path + ['rip']
+    if config.exists(path):
+        new_base = ['protocols', 'rip', 'interface']
+        config.set(new_base)
+        config.set_tag(new_base)
+        config.copy(path, new_base + [interface])
+        config.delete(path)
+
+        # if "ip rip" was the only setting, we can clean out the empty
+        # ip node afterwards
+        if len(config.list_nodes(path[:-1])) == 0:
+            config.delete(path[:-1])
+
+def migrate_ripng(config, path, interface):
+    path = path + ['ripng']
+    if config.exists(path):
+        new_base = ['protocols', 'ripng', 'interface']
+        config.set(new_base)
+        config.set_tag(new_base)
+        config.copy(path, new_base + [interface])
+        config.delete(path)
+
+        # if "ipv6 ripng" was the only setting, we can clean out the empty
+        # ip node afterwards
+        if len(config.list_nodes(path[:-1])) == 0:
+            config.delete(path[:-1])
+
 if __name__ == '__main__':
-    if len(sys.argv) < 2:
+    if len(argv) < 2:
         print("Must specify file name!")
-        sys.exit(1)
-
-    file_name = sys.argv[1]
+        exit(1)
 
+    file_name = argv[1]
     with open(file_name, 'r') as f:
         config_file = f.read()
 
     config = ConfigTree(config_file)
-    base = ['interfaces', 'vti']
-    if not config.exists(base):
-        # Nothing to do
-        sys.exit(0)
-
-    ipsec_base = ['vpn', 'ipsec', 'site-to-site', 'peer']
-    for interface in config.list_nodes(base):
-        found = False
-        if config.exists(ipsec_base):
-            for peer in config.list_nodes(ipsec_base):
-                if config.exists(ipsec_base + [peer, 'vti', 'bind']):
-                    tmp = config.return_value(ipsec_base + [peer, 'vti', 'bind'])
-                    if tmp == interface:
-                        # Interface was found and we no longer need to search
-                        # for it in our IPSec peers
-                        found = True
-                        break
-        if not found:
-            config.delete(base + [interface])
+
+    #
+    # Migrate "interface ethernet eth0 ip ospf" to "protocols ospf interface eth0"
+    #
+    for type in config.list_nodes(['interfaces']):
+        for interface in config.list_nodes(['interfaces', type]):
+            ip_base = ['interfaces', type, interface, 'ip']
+            ipv6_base = ['interfaces', type, interface, 'ipv6']
+            migrate_rip(config, ip_base, interface)
+            migrate_ripng(config, ipv6_base, interface)
+            migrate_ospf(config, ip_base, interface)
+            migrate_ospfv3(config, ipv6_base, interface)
+
+            vif_path = ['interfaces', type, interface, 'vif']
+            if config.exists(vif_path):
+                for vif in config.list_nodes(vif_path):
+                    vif_ip_base = vif_path + [vif, 'ip']
+                    vif_ipv6_base = vif_path + [vif, 'ipv6']
+                    ifname = f'{interface}.{vif}'
+
+                    migrate_rip(config, vif_ip_base, ifname)
+                    migrate_ripng(config, vif_ipv6_base, ifname)
+                    migrate_ospf(config, vif_ip_base, ifname)
+                    migrate_ospfv3(config, vif_ipv6_base, ifname)
+
+
+            vif_s_path = ['interfaces', type, interface, 'vif-s']
+            if config.exists(vif_s_path):
+                for vif_s in config.list_nodes(vif_s_path):
+                    vif_s_ip_base = vif_s_path + [vif_s, 'ip']
+                    vif_s_ipv6_base = vif_s_path + [vif_s, 'ipv6']
+
+                    # vif-c interfaces MUST be migrated before their parent vif-s
+                    # interface as the migrate_*() functions delete the path!
+                    vif_c_path = ['interfaces', type, interface, 'vif-s', vif_s, 'vif-c']
+                    if config.exists(vif_c_path):
+                        for vif_c in config.list_nodes(vif_c_path):
+                            vif_c_ip_base = vif_c_path + [vif_c, 'ip']
+                            vif_c_ipv6_base = vif_c_path + [vif_c, 'ipv6']
+                            ifname = f'{interface}.{vif_s}.{vif_c}'
+
+                            migrate_rip(config, vif_c_ip_base, ifname)
+                            migrate_ripng(config, vif_c_ipv6_base, ifname)
+                            migrate_ospf(config, vif_c_ip_base, ifname)
+                            migrate_ospfv3(config, vif_c_ipv6_base, ifname)
+
+
+                    ifname = f'{interface}.{vif_s}'
+                    migrate_rip(config, vif_s_ip_base, ifname)
+                    migrate_ripng(config, vif_s_ipv6_base, ifname)
+                    migrate_ospf(config, vif_s_ip_base, ifname)
+                    migrate_ospfv3(config, vif_s_ipv6_base, ifname)
 
     try:
         with open(file_name, 'w') as f:
             f.write(config.to_string())
     except OSError as e:
         print("Failed to save the modified config: {}".format(e))
-        sys.exit(1)
+        exit(1)