Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T4576: Accel-ppp logging level configuration #3510

Merged
merged 1 commit into from
May 30, 2024
Merged

T4576: Accel-ppp logging level configuration #3510

merged 1 commit into from
May 30, 2024

Conversation

HollyGurza
Copy link
Contributor

@HollyGurza HollyGurza commented May 23, 2024
edited
Loading

add ability to change logging level config for:

  • VPN L2TP
  • VPN PPTP
  • VPN SSTP
  • IPoE Server
  • PPPoE Serve

Change Summary

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Related PR(s)

Component(s) name

Proposed changes

How to test

Configure service e.g. VPN L2TP:

set vpn ipsec interface 'eth0'
set vpn l2tp remote-access authentication local-users username test password 'test'
set vpn l2tp remote-access authentication mode 'local'
set vpn l2tp remote-access client-ip-pool L2TP-POOL range '192.168.255.2-192.168.255.254'
set vpn l2tp remote-access default-pool 'L2TP-POOL'
set vpn l2tp remote-access gateway-address '192.168.255.1'
set vpn l2tp remote-access ipsec-settings authentication mode 'pre-shared-secret'
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret 'test'
set vpn l2tp remote-access outside-address '192.168.122.166'

and connect to service:

vyos@vyos:~$ show l2tp-server sessions
 ifname | username |      ip       | ip6 | ip6-dp |  calling-sid  | rate-limit | state  |  uptime  | rx-bytes | tx-bytes 
--------+----------+---------------+-----+--------+---------------+------------+--------+----------+----------+----------
 l2tp0  | test     | 192.168.255.2 |     |        | 192.168.122.1 |            | active | 00:00:29 | 52 B     | 208 B

log level = 5

vyos@vyos:~$ journalctl --unit [email protected]
May 23 12:06:14 vyos systemd[1]: Stopping [email protected] - Accel-PPP - >
May 23 12:06:14 vyos accel-l2tp[2883]: terminate, sig = 15
May 23 12:06:15 vyos systemd[1]: [email protected]: Deactivated successful>
May 23 12:06:15 vyos systemd[1]: Stopped [email protected] - Accel-PPP - H>
May 23 12:06:15 vyos systemd[1]: Starting [email protected] - Accel-PPP - >
May 23 12:06:15 vyos systemd[1]: Started [email protected] - Accel-PPP - H>
May 23 12:06:15 vyos accel-l2tp[3925]: l2tp: iprange module disabled, improper >
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp: recv [L2TP tid=0 sid=0 Ns=0 Nr=0 <>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp: handling SCCRQ from 192.168.122.1
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp: new tunnel 48754-6741 created foll>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp session 48754-6741, 54439-63018: se>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp session 48754-6741, 54439-63018: ha>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: l2tp tunnel 48754-6741 (192.168.122.1:17>
May 23 12:06:45 vyos accel-l2tp[3925]: :: starting data channel for l2tp(192.16>
May 23 12:06:45 vyos accel-l2tp[3925]: :: lcp_layer_init
May 23 12:06:45 vyos accel-l2tp[3925]: :: auth_layer_init
May 23 12:06:45 vyos accel-l2tp[3925]: :: ccp_layer_init
May 23 12:06:45 vyos accel-l2tp[3925]: :: ipcp_layer_init
May 23 12:06:45 vyos accel-l2tp[3925]: :: ipv6cp_layer_init
May 23 12:06:45 vyos accel-l2tp[3925]: :: ppp establishing
May 23 12:06:45 vyos accel-l2tp[3925]: :: lcp_layer_start
May 23 12:06:45 vyos accel-l2tp[3925]: :: send [LCP ConfReq id=61 <auth PAP> <m>
May 23 12:06:45 vyos accel-l2tp[3925]: :: recv [LCP ConfReq id=1 <mru 1400> < 2>
May 23 12:06:45 vyos accel-l2tp[3925]: :: send [LCP ConfRej id=1 < 2 6 0 0 0 0 >
May 23 12:06:45 vyos accel-l2tp[3925]: :: recv [LCP ConfReq id=2 <mru 1400> <ma>
May 23 12:06:45 vyos accel-l2tp[3925]: :: send [LCP ConfAck id=2]
May 23 12:06:48 vyos accel-l2tp[3925]: :: fsm timeout 9

log level 0:

vyos@vyos# set vpn l2tp remote-access log level 0
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# journalctl --unit [email protected]
May 23 12:10:10 vyos systemd[1]: Stopping [email protected] - Accel-PPP - >
May 23 12:10:10 vyos accel-l2tp[3925]: terminate, sig = 15
May 23 12:10:11 vyos systemd[1]: [email protected]: Deactivated successful>
May 23 12:10:11 vyos systemd[1]: Stopped [email protected] - Accel-PPP - H>
May 23 12:10:11 vyos systemd[1]: Starting [email protected] - Accel-PPP - >
May 23 12:10:11 vyos systemd[1]: [email protected]: Can't open PID file /r>
May 23 12:10:11 vyos systemd[1]: Started [email protected] - Accel-PPP - H>

Smoketest result

vyos@vyos:~$ python3 /usr/libexec/vyos/tests/smoke/cli/test_vpn_l2tp.py 
test_accel_ipv4_pool (__main__.TestVPNL2TPServer.test_accel_ipv4_pool) ... ok
test_accel_ipv6_pool (__main__.TestVPNL2TPServer.test_accel_ipv6_pool) ... 
WARNING: IPv4 Server requires gateway-address to be configured!


WARNING: 'default-ipv6-pool' is not defined

ok
test_accel_limits (__main__.TestVPNL2TPServer.test_accel_limits) ... ok
test_accel_local_authentication (__main__.TestVPNL2TPServer.test_accel_local_authentication) ... 
User "test" has rate-limit configured for only one direction but both
upload and download must be given!

ok
test_accel_log_level (__main__.TestVPNL2TPServer.test_accel_log_level) ... ok
test_accel_name_servers (__main__.TestVPNL2TPServer.test_accel_name_servers) ... ok
test_accel_next_pool (__main__.TestVPNL2TPServer.test_accel_next_pool) ... 
WARNING: 'default-pool' is not defined

ok
test_accel_ppp_options (__main__.TestVPNL2TPServer.test_accel_ppp_options) ... ok
test_accel_radius_authentication (__main__.TestVPNL2TPServer.test_accel_radius_authentication) ... ok
test_accel_shaper (__main__.TestVPNL2TPServer.test_accel_shaper) ... ok
test_accel_snmp (__main__.TestVPNL2TPServer.test_accel_snmp) ... ok
test_accel_wins_server (__main__.TestVPNL2TPServer.test_accel_wins_server) ... ok
test_l2tp_radius_server (__main__.TestVPNL2TPServer.test_l2tp_radius_server) ... ok
test_l2tp_server_authentication_protocols (__main__.TestVPNL2TPServer.test_l2tp_server_authentication_protocols) ... ok
test_vpn_l2tp_dependence_ipsec_swanctl (__main__.TestVPNL2TPServer.test_vpn_l2tp_dependence_ipsec_swanctl) ... 
WARNING: 'default-pool' is not defined

ok

----------------------------------------------------------------------
Ran 15 tests in 81.208s

OK

vyos@vyos:~$ python3 /usr/libexec/vyos/tests/smoke/cli/test_vpn_pptp.py 
test_accel_ipv4_pool (__main__.TestVPNPPTPServer.test_accel_ipv4_pool) ... ok
test_accel_ipv6_pool (__main__.TestVPNPPTPServer.test_accel_ipv6_pool) ... 
WARNING: IPv4 Server requires gateway-address to be configured!


WARNING: 'default-ipv6-pool' is not defined

ok
test_accel_limits (__main__.TestVPNPPTPServer.test_accel_limits) ... ok
test_accel_local_authentication (__main__.TestVPNPPTPServer.test_accel_local_authentication) ... 
User "test" has rate-limit configured for only one direction but both
upload and download must be given!

ok
test_accel_log_level (__main__.TestVPNPPTPServer.test_accel_log_level) ... ok
test_accel_name_servers (__main__.TestVPNPPTPServer.test_accel_name_servers) ... ok
test_accel_next_pool (__main__.TestVPNPPTPServer.test_accel_next_pool) ... 
WARNING: 'default-pool' is not defined

ok
test_accel_ppp_options (__main__.TestVPNPPTPServer.test_accel_ppp_options) ... ok
test_accel_radius_authentication (__main__.TestVPNPPTPServer.test_accel_radius_authentication) ... ok
test_accel_shaper (__main__.TestVPNPPTPServer.test_accel_shaper) ... ok
test_accel_snmp (__main__.TestVPNPPTPServer.test_accel_snmp) ... ok
test_accel_wins_server (__main__.TestVPNPPTPServer.test_accel_wins_server) ... ok

----------------------------------------------------------------------
Ran 12 tests in 62.968s

OK

vyos@vyos:~$ python3 /usr/libexec/vyos/tests/smoke/cli/test_vpn_sstp.py 
test_accel_ipv4_pool (__main__.TestVPNSSTPServer.test_accel_ipv4_pool) ... PKI: Updating config: vpn sstp ssl certificate sstp
PKI: Updating config: vpn sstp ssl ca_certificate sstp
ok
test_accel_ipv6_pool (__main__.TestVPNSSTPServer.test_accel_ipv6_pool) ... 
WARNING: IPv4 Server requires gateway-address to be configured!


WARNING: 'default-ipv6-pool' is not defined

ok
test_accel_limits (__main__.TestVPNSSTPServer.test_accel_limits) ... ok
test_accel_local_authentication (__main__.TestVPNSSTPServer.test_accel_local_authentication) ... 
User "test" has rate-limit configured for only one direction but both
upload and download must be given!

ok
test_accel_log_level (__main__.TestVPNSSTPServer.test_accel_log_level) ... ok
test_accel_name_servers (__main__.TestVPNSSTPServer.test_accel_name_servers) ... ok
test_accel_next_pool (__main__.TestVPNSSTPServer.test_accel_next_pool) ... 
WARNING: 'default-pool' is not defined

ok
test_accel_ppp_options (__main__.TestVPNSSTPServer.test_accel_ppp_options) ... ok
test_accel_radius_authentication (__main__.TestVPNSSTPServer.test_accel_radius_authentication) ... ok
test_accel_shaper (__main__.TestVPNSSTPServer.test_accel_shaper) ... ok
test_accel_snmp (__main__.TestVPNSSTPServer.test_accel_snmp) ... ok
test_accel_wins_server (__main__.TestVPNSSTPServer.test_accel_wins_server) ... ok
test_sstp_host_name (__main__.TestVPNSSTPServer.test_sstp_host_name) ... ok

----------------------------------------------------------------------
Ran 13 tests in 60.533s

OK

vyos@vyos:~$ python3 /usr/libexec/vyos/tests/smoke/cli/test_service_pppoe-server.py 
test_accel_ipv4_pool (__main__.TestServicePPPoEServer.test_accel_ipv4_pool) ... ok
test_accel_ipv6_pool (__main__.TestServicePPPoEServer.test_accel_ipv6_pool) ... 
WARNING: IPv4 Server requires gateway-address to be configured!


WARNING: 'default-ipv6-pool' is not defined

ok
test_accel_limits (__main__.TestServicePPPoEServer.test_accel_limits) ... ok
test_accel_local_authentication (__main__.TestServicePPPoEServer.test_accel_local_authentication) ... 
User "test" has rate-limit configured for only one direction but both
upload and download must be given!

ok
test_accel_log_level (__main__.TestServicePPPoEServer.test_accel_log_level) ... ok
test_accel_name_servers (__main__.TestServicePPPoEServer.test_accel_name_servers) ... ok
test_accel_next_pool (__main__.TestServicePPPoEServer.test_accel_next_pool) ... 
WARNING: 'default-pool' is not defined

ok
test_accel_ppp_options (__main__.TestServicePPPoEServer.test_accel_ppp_options) ... ok
test_accel_radius_authentication (__main__.TestServicePPPoEServer.test_accel_radius_authentication) ... ok
test_accel_shaper (__main__.TestServicePPPoEServer.test_accel_shaper) ... ok
test_accel_snmp (__main__.TestServicePPPoEServer.test_accel_snmp) ... ok
test_accel_wins_server (__main__.TestServicePPPoEServer.test_accel_wins_server) ... ok
test_pppoe_limits (__main__.TestServicePPPoEServer.test_pppoe_limits) ... ok
test_pppoe_server_authentication_protocols (__main__.TestServicePPPoEServer.test_pppoe_server_authentication_protocols) ... ok
test_pppoe_server_pado_delay (__main__.TestServicePPPoEServer.test_pppoe_server_pado_delay) ... ok
test_pppoe_server_shaper (__main__.TestServicePPPoEServer.test_pppoe_server_shaper) ... ok
test_pppoe_server_vlan (__main__.TestServicePPPoEServer.test_pppoe_server_vlan) ... ok

----------------------------------------------------------------------
Ran 17 tests in 80.276s

OK

vyos@vyos:~$ python3 /usr/libexec/vyos/tests/smoke/cli/test_service_ipoe-server.py 
test_accel_ipv4_pool (__main__.TestServiceIPoEServer.test_accel_ipv4_pool) ... ok
test_accel_ipv6_pool (__main__.TestServiceIPoEServer.test_accel_ipv6_pool) ... 
WARNING: IPv4 Server requires gateway-address to be configured!


WARNING: 'default-ipv6-pool' is not defined

ok
test_accel_limits (__main__.TestServiceIPoEServer.test_accel_limits) ... ok
test_accel_local_authentication (__main__.TestServiceIPoEServer.test_accel_local_authentication) ... 
No IPoE interface configured

ok
test_accel_log_level (__main__.TestServiceIPoEServer.test_accel_log_level) ... ok
test_accel_name_servers (__main__.TestServiceIPoEServer.test_accel_name_servers) ... ok
test_accel_next_pool (__main__.TestServiceIPoEServer.test_accel_next_pool) ... 
WARNING: 'default-pool' is not defined

ok
test_accel_ppp_options (__main__.TestServiceIPoEServer.test_accel_ppp_options) ... skipped 'PPP is not a part of IPoE'
test_accel_radius_authentication (__main__.TestServiceIPoEServer.test_accel_radius_authentication) ... ok
test_accel_shaper (__main__.TestServiceIPoEServer.test_accel_shaper) ... ok
test_accel_snmp (__main__.TestServiceIPoEServer.test_accel_snmp) ... ok
test_accel_wins_server (__main__.TestServiceIPoEServer.test_accel_wins_server) ... skipped 'WINS server is not used in IPoE'

----------------------------------------------------------------------
Ran 12 tests in 45.621s

OK (skipped=2)

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@HollyGurza HollyGurza requested a review from a team as a code owner May 23, 2024 12:13
@HollyGurza
Copy link
Contributor Author

Our log level is set to 5 by default, but in accel-ppp documentation, default log level is 0
https://docs.accel-ppp.org/configuration/log.html
should we change our default level to 0 or continue to keep 5?

dmbaturin
dmbaturin requested changes May 23, 2024
View reviewed changes
interface-definitions/service_ipoe-server.xml.in Outdated
@@ -189,6 +189,14 @@
#include <include/accel-ppp/snmp.xml.i>
#include <include/generic-description.xml.i>
#include <include/name-server-ipv4-ipv6.xml.i>
<node name="log">
<properties>
<help>Logging IPoE Server</help>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't a good grammar. I'd say "IPoE server logging". This applies to all instances of that string.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By removing the service name (IPoE) from the help string, you can generalize this. As this is under service ipoe-server we can safely assume the user knows he is working under IPoE node.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

interface-definitions/include/accel-ppp/log-level.xml.i Outdated
<validator name="numeric" argument="--range 0-5"/>
</constraint>
</properties>
<defaultValue>5</defaultValue>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Our log level is set to 5 by default, but in accel-ppp documentation, default log level is 0

I don't think either of those extremes is a good idea. Level 3 sounds like a good default for me.

interface-definitions/vpn_l2tp.xml.in Outdated
@@ -142,6 +142,14 @@
#include <include/name-server-ipv4-ipv6.xml.i>
</children>
</node>
<node name="log">
<properties>
<help>Logging L2TP VPN</help>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Arguably, it should be "L2TP server logging" as well.

@HollyGurza HollyGurza requested a review from dmbaturin May 24, 2024 06:48
c-po
c-po requested changes May 24, 2024
View reviewed changes
src/conf_mode/vpn_pptp.py Outdated Show resolved Hide resolved
@HollyGurza
T4576: Accel-ppp logging level configuration
4d84f78 
add ability to change logging level config for:
* VPN L2TP
* VPN PPTP
* VPN SSTP
* IPoE Server
* PPPoE Serve
@HollyGurza HollyGurza requested a review from c-po May 27, 2024 12:29
@dmbaturin
Copy link
Member

@Mergifyio backport sagitta

@dmbaturin dmbaturin merged commit 2250653 into vyos:current May 30, 2024
8 checks passed
@mergify Mergify
Copy link
Contributor

mergify bot commented May 30, 2024
edited
Loading

backport sagitta

✅ Backports have been created

@mergify mergify bot mentioned this pull request May 30, 2024
Merged
12 tasks
dmbaturin added a commit that referenced this pull request May 30, 2024
@dmbaturin
Merge pull request #3558 from vyos/mergify/bp/sagitta/pr-3510
1220c66 
T4576: Accel-ppp logging level configuration (backport #3510)
@c-po c-po mentioned this pull request Oct 5, 2024
Merged
12 tasks
This was referenced Oct 7, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c-po c-po c-po approved these changes

@dmbaturin dmbaturin dmbaturin approved these changes

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev was automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc was automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro was automatically assigned from vyos/reviewers

@sever-sever sever-sever Awaiting requested review from sever-sever sever-sever was automatically assigned from vyos/reviewers

Assignees

@HollyGurza HollyGurza

Labels
backport current
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@HollyGurza @dmbaturin @c-po