summaryrefslogtreecommitdiff
path: root/data/templates/conntrackd/conntrackd.conf.j2
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-01-07 11:36:09 +0100
committerChristian Breunig <christian@breunig.cc>2024-01-07 11:36:09 +0100
commit9162631f12ade65392ea2fa53642ea4af39627c7 (patch)
tree13e2db8e3dceaf84e524ada23d5bb29f17922f66 /data/templates/conntrackd/conntrackd.conf.j2
parent410458c00e6202dd9a5c52b3c5ac00a90db5bc53 (diff)
downloadvyos-1x-9162631f12ade65392ea2fa53642ea4af39627c7.tar.gz
vyos-1x-9162631f12ade65392ea2fa53642ea4af39627c7.zip
pki: T5905: do not use expand_nodes=Diff.ADD|Diff.DELETE) in node_changed()
This fixes a priority inversion when doing initial certificate commits. * pki subsystem is executed with priority 300 * vti uses priority 381 * ipsec uses priority 901 On commit pki.py will be executed first, detecting a change in dependencies for vpn_ipsec.py which will be executed second. The VTI interface was yet not created leading to ConfigError('VTI interface XX for site-to-site peer YY does not exist!') The issue is caused by this new line of code in commit b8db1a9d7ba ("pki: T5886: add support for ACME protocol (LetsEncrypt)") file src/conf_mode/pki.py line 139 which triggers the dependency update even if a key is newly added. This commit changes the "detection" based on the cerbot configuration on disk.
Diffstat (limited to 'data/templates/conntrackd/conntrackd.conf.j2')
0 files changed, 0 insertions, 0 deletions