Age | Commit message (Collapse) | Author |
|
T4402: fix ifconfig-pool generation logic
|
|
T4405: Fix administrative distance of DHCP routes
|
|
T4361: equuleus backport vyos.config fix
|
|
Extend bonding smoketest
Add descriptions to bonding members
We encountered a situation where adding any configuration for
member of bonding interface excludes the interface from bonding
(cherry picked from commit ae815d1b11a4c17df6aea45e3fc87772a0e40e6a)
|
|
(cherry-picked from commit 63fee7ab0c082f3c614bb140de1e7482399dff2b)
|
|
- Default dhclient script only uses value of `$IF_MERIC` envvar for default route recived via `router` option.
- This variable has no effect on rotes received via `rfc3442-classless-static-routes` option
- Considering that Vyos overrrides `ip` command originating from `dhclient` this can be easily fixed in `iptovtysh()` function by using the `$IF_METRIC` envvar directly in the dhclient hook.
|
|
T4363: salt-minion: default mine_interval option is not set
|
|
|
|
openvpn: T4369: enforce daemon-restart on openvpn-option CLI change (equuleus)
|
|
(cherry picked from commit e36efa6b5df764982678a470b7aa82a33c1c369c)
|
|
(cherry picked from commit 714346e2ee0c61a08a9d17fdb962f2fbea9f73c9)
|
|
(cherry picked from commit 3081705175da8eb4ee7c1264e64d06f30b175fdb)
|
|
geneve: T4366: prevent interface re-creation when not required
|
|
dhcp: T4388: missing constraint on tftp-server-name option
|
|
op-mode: T4395: Extend show vpn debug for IPSec add vpn_ipsec.py
|
|
Add python script for op-mode 'show vpn debug'
|
|
T4235: Add support for config tree diff algorithm
|
|
(cherry picked from commit 0b466f7a54cfedaf53edec5f3d58676113ece391)
|
|
Add support for the configtree diff algorithm. A new function
ConfigDiff().is_node_changed(path) -> bool
is added to recursively detect changes in the tree below the node at
path; existing functions take the keyword argument 'recursive: bool' to
apply the algorithm in place of the existing, non-recursive, comparison.
(cherry picked from commit e5d04b20be0ef270d20f1d5ac9203b3a03649135)
|
|
The DiffTree class maintains both the 'sub'(-tract) configtree,
containing all paths in the LHS of the comparison that are not in the
RHS, and the 'delete' configtree: the delete tree is the minimal subtree
containing only the first node of a path not present in the RHS. It is
the delete tree that is needed to produce 'delete' commands for config
mode, whereas the 'sub' tree contains full information, needed for
recursively detecting changes to a node.
(cherry picked from commit 193cbd15ba39a41614c63b997e6a62254589158a)
|
|
(cherry picked from commit 4625fd41f99ddf77c104a657cd90a1ddf5449dd8)
|
|
The return value of diff_tree is now a single config_tree, with initial
children of names: ["add", "delete", "inter"] containing the config
sub-trees of added paths; deleted paths; and intersection, respectively.
The simplifies dumping to json, and checking existence of paths, hence,
of node changes.
(cherry picked from commit 3d28528ff84b4e874faf80028709bd08b2956933)
|
|
(cherry picked from commit ff7e2cd622cf3679cd9265b2cb766395a1830f50)
|
|
(cherry picked from commit 2ee94418ce24429dbf6a52c2a327ed08a1935958)
|
|
T4268: monitoring: Fixed unnatural LA elevation
|
|
|
|
dhcp-server: T4344: Fix underscores for shared network name
|
|
Shared network name should not be handled by tag node mangling
I.e. should not replace underscores with dashed
set service dhcp-server shared-network-name NET_01
shared-network NET_01 {
authoritative;
...
on commit {
set shared-networkname = "NET_01";
}
}
(cherry picked from commit b75b351b7dd2ec87407f98668468b1fc146428bf)
|
|
Changing the geneve interface description does destroy the interface on the
kernel level - this should be avoided as it's ... stupid!
(cherry picked from commit 3cbe7878bcadc0f3ecbaeab46d745b5510c26b0d)
|
|
(cherry picked from commit 3ec3c7f5b523b464a3bc7168b2362611d9c2c153)
|
|
T4324, T4338, T4339 WWAN interface bugfixes
|
|
T4331: IPv6 link local addresses are not configured when an interface is in a VRF (equuleus)
|
|
T4346 Deprecate "system ipv6 disable" option to disable address family within OS kernel (equuleus)
|
|
(cherry picked from commit 0f7e5371e702d4e2389f6fa6dfbda11bc9da6257)
|
|
(cherry picked from commit 957f73ed8c2c22afd5e56adc36b4d032b3f1a5f1)
|
|
isis: T4336: add support for MD5 authentication password on a circuit (equuleus)
|
|
T4341 SSH and system login fixes + smoketests
|
|
T4319: bugfixes for disabled IPv6 (equuleus)
|
|
(cherry picked from commit 16a88f6b86e4ab920178701f6b3c02e893f337e8)
|
|
(cherry picked from commit a6c936997611de85dc73152297679d0b53095713)
|
|
T4337: isis: IETF SPF delay algorithm cannot be configured - results in vyos.frr.CommitError (equuleus)
|
|
dns: forwarding: T3804: bugfix DHCP name-servers used for recursion
|
|
If we have link-local static address and vrf, for example:
set interfaces ethernet eth2 address 'fe80::5200:ff:fe55:222/64'
set interfaces ethernet eth2 vrf 'foo'
This IPv6 address was assigned before vrf, as result after
attaching the intreface to vrf we lose this static linklocal
address
DEBUG/IFCONFIG cmd 'ip addr add fe80::5200:ff:fe55:222/64 dev eth2'
DEBUG/IFCONFIG cmd 'ip link set dev eth2 master foo'
DEBUG/IFCONFIG cmd 'ip addr add fe80::5208:ff:fe13:2/64 dev eth2'
This commit fixes this, the address is assigned after vrf assign
(cherry picked from commit d6e22b28887c7a3f7d2f8b955c2e90bcadaeeeba)
|
|
interface in VRF
(cherry picked from commit 5b57c536b5f599deea2106aad7aea95c465bc0c0)
|
|
Commit 2ecf7a9f9c ('name-server: T3804: merge "system name-servers-dhcp" into
"system name-server"') missed out an old dictionary key "system_name_server_dhcp"
and thus system nameservers configured via DHCP did not get used for the DNS
forwar recursor.
(cherry picked from commit 806ff50bf1a970d731c2227f9d2cd2342b8a1b4e)
|
|
(cherry picked from commit 796178f69ce09e28ab9f20c7b5e1ce97ef00a1ff)
|
|
(cherry picked from commit 6a04ff2840dfcfcad7a1cb93baf210370fa8871e)
|
|
(cherry picked from commit efa753bc661d04967237e7ec3d72d3757230aaf9)
|
|
(cherry picked from commit 4bb0adf535e12dc962a0ebea0f5a96f612a76a5d)
|
|
In order to test for proper system authentication and security setup a new
testcase is added which performs an SSH login and command execution with a
predefined user. The result (output of uname -a) must match the output if the
command is run natively.
We also try to login as an invalid user - this is not allowed to work.
(cherry picked from commit e66c45ce7a664ecb26d21a215975777bef0fcd71)
|