summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-05-28vyos.util: extend process_named_running() signature with cmdlineChristian Breunig
process_named_running() was introduced in commit 16b2fc8fc4ca ("dns-forwarding: T2298: fix path to control file") and thus remained more or less unchanged. Smoketests use process_named_running() heavily and might spawn multiple processes with the same name but ifferent options (e.g. dhcp6c or dhclient) and it was yet not possible to properly filter on the "real-deal" like the process bound to a given interface. One can now optionally specify a string that is searched inside the command line argument list of the process. Example: >>> process_named_running('dhcp6c', 'veth0') ['/usr/sbin/dhcp6c', '-D', '-k', '/run/dhcp6c/dhcp6c.veth0.sock', '-c', '/run/dhcp6c/dhcp6c.veth0.conf', '-p', '/run/dhcp6c/dhcp6c.veth0.pid', 'veth0'] 4215 >>> process_named_running('dhcp6c', 'veth1') ['/usr/sbin/dhcp6c', '-D', '-k', '/run/dhcp6c/dhcp6c.veth1.sock', '-c', '/run/dhcp6c/dhcp6c.veth1.conf', '-p', '/run/dhcp6c/dhcp6c.veth1.pid', 'veth1'] 4253 Where the debug list returned is the commandline searched.
2023-05-28ipsec: T5042: fix remote-access "Tunnel IP" columnChristian Breunig
Connection ID Username Protocol State Uptime Tunnel IP --------------- ---------- ---------- ------- -------- ----------------- 27 cpo IKEv2 UP 11s ['172.16.222.17'] "Tunnel IP" should be a string over list.
2023-05-28router-advert: T5240: verify() that no more then 3 IPv6 name-servers configuredChristian Breunig
This is a radvd limitation.
2023-05-28container: T5003: add new mandatory option runrootChristian Breunig
2023-05-27Merge branch 't5242-smoketest-dynamic' into currentChristian Breunig
* t5242-smoketest-dynamic: smoketest: T5242: automatically detect interface "capabilities" geneve: T2630: change lower limit MTU to 1200 bytes gitignore: T5242: add XML dict cache file bridge: T4579: fix error message for bridge and bond membership T5242: example use of cli_defined xml: T5242: add cli_defined boolean test for node existing under path
2023-05-27smoketest: T5242: automatically detect interface "capabilities"Christian Breunig
Current state of vyos-1x smoketests have hardcoded features to test. The feature support is inside the base class BasicInterfaceTest class BasicInterfaceTest: class TestCase(VyOSUnitTestSHIM.TestCase): _test_dhcp = False _test_ip = False _test_mtu = False _test_vlan = False _test_qinq = False _test_ipv6 = False _test_ipv6_pd = False _test_ipv6_dhcpc6 = False _test_mirror = False All derived classes need to enable the tests that are supported on this interface type. Adding new feature to a given interface (like vif support in T5237) require manually enabling those tests for the given interface. It would make much more sense, if we can query the config backend for supported interface options - or in other words - is there a CLI node available that corresponds to set interfaces ethernet <name> vif - if that's the case, _test_vlan = True.
2023-05-26geneve: T2630: change lower limit MTU to 1200 bytesChristian Breunig
2023-05-26gitignore: T5242: add XML dict cache fileChristian Breunig
2023-05-26bridge: T4579: fix error message for bridge and bond membershipChristian Breunig
2023-05-26Merge branch 'cli-defined' of https://github.com/jestabro/vyos-1x into ↵Christian Breunig
t5242-smoketest-dynamic * 'cli-defined' of https://github.com/jestabro/vyos-1x: T5242: example use of cli_defined xml: T5242: add cli_defined boolean test for node existing under path
2023-05-26T5242: example use of cli_definedJohn Estabrook
2023-05-26xml: T5242: add cli_defined boolean test for node existing under pathJohn Estabrook
If non_local=False (default), cli_defined returns True if the node is a child of the path in interface-definitions; otherwise True if node is a descendent of the path.
2023-05-24Merge pull request #2017 from sever-sever/T5237Christian Breunig
T5237: Add support VLANs and QinQ for virtual-ethernet interfaces
2023-05-24T5237: Add support VLANs and QinQ for virtual-ethernet interfacesViacheslav Hletenko
Ability to use 'vif' and 'vif-s' for virtual-ethernet "vethX" interfaces set interfaces virtual-ethernet veth10 vif 50
2023-05-21T5234: add op-mode command "force vrf" to change shell into any given VRFChristian Breunig
2023-05-21T5234: add bash prompt identifier for given VRF instanceChristian Breunig
2023-05-21Merge pull request #1997 from jestabro/reference-treeViacheslav Hletenko
xml: T5218: revise vyos xml lib for bug fixes and extensions
2023-05-19T5230: remove trailing tabs causing j2lint errorJohn Estabrook
2023-05-19xml: T5218: return defaults only for child leaf-nodes, unless recursiveJohn Estabrook
Operations get_defaults and get_config_defaults return default values only for nodes with parent in the config dict (get_config_defaults) or at the path (get_defaults). To include default values of decendent nodes, set option recursive=True.
2023-05-19Merge pull request #2014 from ServerForge/currentChristian Breunig
T5230: Added missing enforce-first-as option to bgp protocol common c…
2023-05-19Merge pull request #2013 from sever-sever/T5222Christian Breunig
T5222: reverse-proxy fix listen-address template and add smoketest
2023-05-19T5230: Added missing enforce-first-as option to bgp protocol common config ↵Wered
and frr bgp jinja template.
2023-05-19T5222: load-balancing reverse-proxy add smoketest domainsViacheslav Hletenko
2023-05-19T5222: reverse-proxy add send-proxy option for backend serverViacheslav Hletenko
To accept a Proxy Protocol header on incoming TCP connections, add an accept-proxy parameter to the bind line in a frontend section. This parameter detects both Proxy Protocol version 1 (text format) and Proxy Protocol version 2 (binary format). set load-balancing reverse-proxy backend <tag> server <tag> send-proxy
2023-05-19T5222: reverse-proxy fix template for listen-addressViacheslav Hletenko
Load-balancing reverse-proxy listen-address is multi-value node Use bracketize for correct set bind config for IPv6 addresses Listen by default IPv4 and IPv6 if listen-address is not defined
2023-05-19Merge pull request #2012 from sever-sever/T5222-modChristian Breunig
T5222: Refactoring load-balancing reverse-proxy
2023-05-19T5222: Refactoring load-balancing reverse-proxyViacheslav Hletenko
Improve and refactoring "load-balancing reverse-proxy" - replace 'reverse-proxy server <tag>' => 'reverse-proxy service <tag>' - replace 'reverse-proxy global-parameters tls <xxx>' => 'reverse-proxy global-parameters tls-version-min xxx' => 'reverse-proxy global-parameters ssl-bind-ciphers xxx' - replace 'reverse-proxy service https rule <tag> set server 'xxx' => 'reverse-proxy service https rule <tag> set backend 'xxx' 'service https rule <tag> domain-name xxx' set as multinode
2023-05-18wwan: op-mode: T5196: fix interface type when calling python backendChristian Breunig
2023-05-18Merge pull request #2011 from indrajitr/mdns-improvements-2Christian Breunig
mdns: T5227: Relax 'allow-service' pattern
2023-05-18mdns: T5227: Relax 'allow-service' patternIndrajit Raychaudhuri
Relax allow service pattern to allow for '.' as well for SRV records.
2023-05-17xml: T5218: add operations on xml cacheJohn Estabrook
2023-05-17reverse-proxy: T5222: improve help stringsChristian Breunig
2023-05-17reverse-proxy: T5222: combine ipv4/ipv6-address validatorsChristian Breunig
Sync up with commit 96d846d27ac ("T5226: Combine ipv4-address and ipv6-address validators")
2023-05-17reverse-proxy: T5222: use common XML building blocks for alpha numeric ↵Christian Breunig
constraint
2023-05-17Merge pull request #2004 from sever-sever/T5222Christian Breunig
T5222: Add load-balancing for web traffic
2023-05-17Merge pull request #2008 from indrajitr/misc-conf-mode-fixesChristian Breunig
T5226: Standardize hostname and IP address validators and constraints
2023-05-17Merge pull request #2009 from indrajitr/mdns-improvementsChristian Breunig
mdns: T5227: Add support for browse domains and service filters
2023-05-17T5222: Add load-balancing for web trafficViacheslav Hletenko
2023-05-17mdns: T5227: Add support for browse domains and service filtersIndrajit Raychaudhuri
Allow listing additional browse domains (in addition to the default 'local') so that custom domains can be reflected. Additionally, allow filtering the services that are allowed to be reflected across multiple (V)LANs.
2023-05-16T5226: Fix typo in XML include headersIndrajit Raychaudhuri
2023-05-16T5226: Make host-name constraints to consistent everywhereIndrajit Raychaudhuri
Make host-name constraints consistent across all definitions
2023-05-16T5226: Combine ipv4-address and ipv6-address validatorsIndrajit Raychaudhuri
Use a single ip-address validator to combine and replace ipv4-address and ipv6-address validators.
2023-05-14Merge pull request #2006 from frebib/frebib/T5224Christian Breunig
T5224: Fix `del system syslog`
2023-05-14Merge pull request #2007 from frebib/veth-netns-revertChristian Breunig
Revert "veth: T3829: Allow moving veth into netns"
2023-05-14Revert "veth: T3829: Allow moving veth into netns"Joe Groocock
netns management for any Vyos interfaces doesn't work past the initial creation, because Vyos always tries to recreate it/move it into the netns even though it already exists. Until this is fixed, don't let anyone even attempt to use this: set interfaces virtual-ethernet veth10 peer-name 'veth100' set interfaces virtual-ethernet veth100 netns 'ns01' set interfaces virtual-ethernet veth100 peer-name 'veth10' set netns name ns01 commit vyos@r14# sudo ip netns exec ns01 ip link show 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 12: veth100@if13: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether ee:8f:0b:bd:a2:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 0 [edit] vyos@r14# set interfaces virtual-ethernet veth100 description MyNetns commit Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 111, in <module> apply(c) File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 101, in apply p.update(veth) File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1413, in update self.set_netns(config.get('netns', '')) File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 552, in set_netns self.set_interface('netns', netns) File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 183, in set_interface return self._set_command(self.config, name, value) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 110, in _set_command return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd)) ^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 52, in _cmd return cmd(command, self.debug) ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd raise OSError(code, feedback) PermissionError: [Errno 1] failed to run command: ip link set dev veth100 netns ns01 returned: exit code: 1 noteworthy: cmd 'ip link set dev veth100 netns ns01' returned (out): returned (err): Cannot find device "veth100" This reverts commit f5cc8453860568351cd9b3b7a05d06e1462460e8.
2023-05-14T5224: Stop syslog.socket alongside syslog.serviceJoe Groocock
Avoids the following warning, and any external service from re-activating syslog via systemd socket activation: frebib@vyos# commit [ system syslog ] DEBUG/COMMAND returned (err): Warning: Stopping syslog.service, but it can still be activated by: syslog.socket DEBUG/COMMAND cmd 'systemctl stop syslog.service' Signed-off-by: Joe Groocock <me@frebib.net>
2023-05-14T5224: Fix `del system syslog`Joe Groocock
os.unlink() is the correct function: Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 146, in <module> generate(c) File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 114, in generate os.path.unlink(rsyslog_conf) ^^^^^^^^^^^^^^ AttributeError: module 'posixpath' has no attribute 'unlink' Signed-off-by: Joe Groocock <me@frebib.net>
2023-05-12ethernet: T3891: add conditional code-path when doing speed/duplex changesChristian Breunig
There is no need for the backend code to call ethtool and try to change speed or duplex settings every time there is a change in the interface configuration, but no change for the speed/duplex subnodes. This also makes the commit itself faster when working with ethernet interfaces. Bonus: no repeating CLI messages that the driver does not support speed/duplex changes, as we do not change anything here. Extension to commit f2ecc9710 ("ethernet: T3891: honor auto-negotiation support per NIC")
2023-05-12Revert "T4819: remove additional newline from vyos.base.Warning()"Christian Breunig
This reverts commit dd59e375bee722c220c58b047ff5c6e533cc7a00.
2023-05-12ocserv: T3896: improve XML definition and add warning about 3rd party configsChristian Breunig
When enabling identity-based-config, users can add arbitrary config keys that are processed by ocserv. The user "must know" what he is been doing, as invalid config option will make the ocserv daemon go ... whoop! Thus add a warning and inform the user about this setting.