T4930: make wg dns retry configurable through `interfaces wireguard w…

…gX max-dns-retry`
vyos · Nov 21, 2024 · a6bd1c3 · a6bd1c3
1 parent fe4fcab
commit a6bd1c3
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/interface-definitions/interfaces_wireguard.xml.in b/interface-definitions/interfaces_wireguard.xml.in
@@ -40,6 +40,19 @@
             </properties>
             <defaultValue>0</defaultValue>
           </leafNode>
+          <leafNode name="max-dns-retry">
+            <properties>
+              <help>Max retry when DNS resolves failed.</help>
+              <valueHelp>
+                <format>u32:1-15</format>
+                <description>Max retry times</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-15"/>
+              </constraint>
+            </properties>
+            <defaultValue>3</defaultValue>
+          </leafNode>
           <leafNode name="private-key">
             <properties>
               <help>Base64 encoded private key</help>

diff --git a/python/vyos/ifconfig/wireguard.py b/python/vyos/ifconfig/wireguard.py
@@ -161,6 +161,7 @@ def reset_peer(self, interface, peer_name=None):
 
         c = Config()
         c.set_level(['interfaces', 'wireguard', self.config['ifname']])
+        max_dns_retry = c.return_effective_value(['max-dns-retry'], 3)
 
         for peer in c.list_effective_nodes(['peer']):
             if peer_name is None or peer == peer_name:
@@ -179,7 +180,7 @@ def reset_peer(self, interface, peer_name=None):
                         f'Resetting {self.config["ifname"]} peer {public_key} endpoint to {address}:{port} ... ',
                         end='',
                     )
-                    self._cmd(cmd, env={'WG_ENDPOINT_RESOLUTION_RETRIES': '5'})
+                    self._cmd(cmd, env={'WG_ENDPOINT_RESOLUTION_RETRIES': str(max_dns_retry)})
                     print('done')
                 except:
                     print(f'Error\nPlease try to run command manually:\n{cmd}')
@@ -216,6 +217,7 @@ def update(self, config):
 
         # Wireguard base command is identical for every peer
         base_cmd = 'wg set ' + config['ifname']
+        max_dns_retry = config['max_dns_retry']
 
         interface_cmd = base_cmd
         if 'port' in config:
@@ -277,7 +279,7 @@ def update(self, config):
 
                     self._cmd(
                         cmd.format(**peer_config),
-                        env={'WG_ENDPOINT_RESOLUTION_RETRIES': '5'},
+                        env={'WG_ENDPOINT_RESOLUTION_RETRIES': str(max_dns_retry)},
                     )
                 except:
                     # todo: logging