summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-07-05Merge pull request #489 from DmitriyEshenko/fix-fnm-07042020Christian Poessinger
ids: T2659: Add priority after bgp for correct service starting
2020-07-05ids: T2659: Add priority after bgp for correct service startingDmitriyEshenko
2020-07-04ntp: vrf: T2682: support restart on failure indefinitelyChristian Poessinger
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
2020-07-04snmp: vrf: T2682: support restart on failure indefinitely.Christian Poessinger
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
2020-07-04ssh: vrf: T2682: support restart on failure indefinitelyChristian Poessinger
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
2020-07-04vrf: T31: lower startup priority to 60Christian Poessinger
VRFs should be created as early as possible.
2020-07-04ssh: T2682: simplify VRF bindingChristian Poessinger
2020-07-04cleanup: no need to call sudo for configuration mode scriptsChristian Poessinger
2020-07-04Merge pull request #488 from DmitriyEshenko/fix-fnm-07042020John Estabrook
ids: T2659: Add get_first_key to get_config_dict
2020-07-04ids: T2659: Add get_first_key to get_config_dictDmitriyEshenko
2020-07-04Merge pull request #487 from DmitriyEshenko/1x-impl-fnmDaniil Baturin
ids: T2659: Implement fastnetmon support
2020-07-03config_dict: update docstringJohn Estabrook
2020-07-03config_dict: T2670: remove dependency on show_configJohn Estabrook
2020-07-03ids: T2659: Implement fastnetmon supportDmitriyEshenko
2020-07-03ntp: T2676: mive to get_config_dict()Christian Poessinger
2020-07-03vyos.template: T2676: add custom Jinja2 filter for IP handlingChristian Poessinger
NTP configuration file requires the IP address and a netmask for client subnets but the CLI will only provide a prefix based ntoation. Use custom, reusable JInja2 template to transform a CIDR based prefix into its address and netmask portion for IPv4 and IPv6. Jinja2 custom filters are regular python functions - thus they can be re-used directly when e.g. verifying the configuration in vyos-smoketests.
2020-07-01config_dict: T2668: move keyword arg get_first_key into get_sub_dictJohn Estabrook
2020-07-01config_dict: T2667: clarify docstringJohn Estabrook
2020-07-01config: T2667: add missing flagJohn Estabrook
2020-07-01config: T2667: add missing checkJohn Estabrook
2020-07-01Merge pull request #486 from jestabro/sub_dictChristian Poessinger
2020-07-01config: T2667: adapt for refinements to get_config_dictJohn Estabrook
2020-07-01config: T2667: use get_sub_dict for get_config_dict(path, ...)John Estabrook
2020-07-01config: T2667: add utility function get_sub_dictJohn Estabrook
2020-07-01ifconfig: T2653: use better names for vyos.configverify functionsChristian Poessinger
2020-07-01ifconfig: T2653: move pppoe interface to get_config_dict()Christian Poessinger
2020-07-01Merge pull request #483 from runborg/frr-modChristian Poessinger
T2638: FRR: New framework for configuring FRR
2020-06-30Merge pull request #484 from thomas-mangin/T2649Christian Poessinger
tunnel: T2649: ConfigurationState, do not inherit from Config
2020-06-29tunnel: T2649: ConfigurationState, do not inherit from ConfigThomas Mangin
2020-06-29ids: T2659: Fastnetmon conf_modesever-sever
2020-06-28T2638: FRR: New framework for configuring FRRRunar Borge
This commit adds the python module vyos.frr that support reading and modifying the frr cofiguration. Functions get_configuration() : Collects the configuration from FRR and returns it as a string reload_configuration() : uses frr-reload.py to activate a new configuration. The configuration applied will overwrite the current configuration. mark_configuration() : Does syntax check/validation and add "end" tags to the configuration The marked configuration will be returned as a string A syntax fault will render an Exception execute() : Execute a command inside vtysh configure() : Executes a command in vtysh config mode replace_section() / _replace_section() : Adds the ability to replace a section of frr code remove_section() : Removes the specified configuration block from the config For now this supports replacing complete config sub-blocks of configuration and selecting the daemon to replace inside. This should work for most daemons, but static routing will still be an issue because this is not a separate sub-config mode
2020-06-28wwan: T2660: remove workaround - use XML backed default dictChristian Poessinger
2020-06-28wwan: T1988: fix missing MTU assignmentChristian Poessinger
2020-06-27Merge pull request #482 from thomas-mangin/T2660Christian Poessinger
xml: T2660: do replace - with _ for defaults when not flattening
2020-06-27xml: T2660: do replace - with _ for defaults when not flatteningThomas Mangin
2020-06-27ifconfig: T2653: move wirelessmodem (WWAN) interface to get_config_dict()Christian Poessinger
2020-06-27xml: include: mtu: add default MTU 1500 bytesChristian Poessinger
2020-06-27pppoe: T1318: use MTU include fileChristian Poessinger
2020-06-27xml: T2656: do not flatten dict by defaultChristian Poessinger
2020-06-27ifconfig: T2653: macsec switch to default dictionaryChristian Poessinger
2020-06-27Merge branch 'T2656' of https://github.com/thomas-mangin/vyos-1x into currentChristian Poessinger
* 'T2656' of https://github.com/thomas-mangin/vyos-1x: xml: T2656: option to not flatten the default dict
2020-06-27Merge pull request #480 from c-po/t2653Christian Poessinger
ifconfig: T2653: move macsec interface to get_config_dict()
2020-06-27xml: T2656: option to not flatten the default dictThomas Mangin
2020-06-27ifconfig: T2653: dummy: loopback: use same get_config() structure as MACsecChristian Poessinger
2020-06-27ifconfig: T2653: move macsec interface to get_config_dict()Christian Poessinger
2020-06-27ifconfig: T2653: add vyos.configverify.verify_source_interface() helperChristian Poessinger
2020-06-27Merge pull request #478 from kroy-the-rabbit/fix_static_host_mappingDaniil Baturin
T2654: Remove overzealous error checking
2020-06-26T2654: Remove overzealous error checkingkroy
2020-06-26ifconfig: T2653: add common vyos.configverify helpersChristian Poessinger
While moving towards a general interface abstraction based on get_config_dict() and the use of vyos.ifconfig.Interfaces().update() it also makes sense, to split out common verification code to a common util file - instead of duplicating the code, which is infact one of the main forces drivind this transition. vyos.configverify will hold common functions called via verify() from our src/conf_mode scripts so we do not need to copy/paste general verifications methods.
2020-06-26migration: interfaces: T2622: fix pseudo-ethernet migrationChristian Poessinger
By implementation misstake we exited the migrationscript if no VXLAN interface was found but this was wrong as the same loop is used on pseudo-ethernet interfaces. The Migrator previously only worked on pseudo-ethernet when also a VXLAN interface was present. This has been corrected.