Age | Commit message (Collapse) | Author |
|
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary
reason. After restarting SSH to often (rate-limiting) it is blocked by systemd.
Using Restart/RestartSec is not enough - systemd services use start rate
limiting (enabled by default). If service is started more than StartLimitBurst
times in StartLimitIntervalSec seconds is it not permitted to start any more.
Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and
DefaultStartLimitBurst (default 5).
|
|
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary
reason. After restarting SSH to often (rate-limiting) it is blocked by systemd.
Using Restart/RestartSec is not enough - systemd services use start rate
limiting (enabled by default). If service is started more than StartLimitBurst
times in StartLimitIntervalSec seconds is it not permitted to start any more.
Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and
DefaultStartLimitBurst (default 5).
|
|
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary
reason. After restarting SSH to often (rate-limiting) it is blocked by systemd.
Using Restart/RestartSec is not enough - systemd services use start rate
limiting (enabled by default). If service is started more than StartLimitBurst
times in StartLimitIntervalSec seconds is it not permitted to start any more.
Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and
DefaultStartLimitBurst (default 5).
|
|
VRFs should be created as early as possible.
|
|
|
|
|
|
ids: T2659: Add get_first_key to get_config_dict
|
|
|
|
ids: T2659: Implement fastnetmon support
|
|
|
|
|
|
|
|
|
|
NTP configuration file requires the IP address and a netmask for client
subnets but the CLI will only provide a prefix based ntoation. Use custom,
reusable JInja2 template to transform a CIDR based prefix into its address
and netmask portion for IPv4 and IPv6.
Jinja2 custom filters are regular python functions - thus they can be re-used
directly when e.g. verifying the configuration in vyos-smoketests.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
T2638: FRR: New framework for configuring FRR
|
|
tunnel: T2649: ConfigurationState, do not inherit from Config
|
|
|
|
|
|
This commit adds the python module vyos.frr that support reading and modifying the frr cofiguration.
Functions
get_configuration() :
Collects the configuration from FRR and returns it as a string
reload_configuration() :
uses frr-reload.py to activate a new configuration.
The configuration applied will overwrite the current configuration.
mark_configuration() :
Does syntax check/validation and add "end" tags to the configuration
The marked configuration will be returned as a string
A syntax fault will render an Exception
execute() :
Execute a command inside vtysh
configure() :
Executes a command in vtysh config mode
replace_section() / _replace_section() :
Adds the ability to replace a section of frr code
remove_section() :
Removes the specified configuration block from the config
For now this supports replacing complete config sub-blocks of configuration and selecting the daemon
to replace inside. This should work for most daemons, but static routing will still be an issue because
this is not a separate sub-config mode
|
|
|
|
|
|
xml: T2660: do replace - with _ for defaults when not flattening
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* 'T2656' of https://github.com/thomas-mangin/vyos-1x:
xml: T2656: option to not flatten the default dict
|
|
ifconfig: T2653: move macsec interface to get_config_dict()
|
|
|
|
|
|
|
|
|
|
T2654: Remove overzealous error checking
|
|
|
|
While moving towards a general interface abstraction based on get_config_dict()
and the use of vyos.ifconfig.Interfaces().update() it also makes sense, to
split out common verification code to a common util file - instead of
duplicating the code, which is infact one of the main forces drivind this
transition.
vyos.configverify will hold common functions called via verify() from our
src/conf_mode scripts so we do not need to copy/paste general verifications
methods.
|
|
By implementation misstake we exited the migrationscript if no VXLAN interface
was found but this was wrong as the same loop is used on pseudo-ethernet
interfaces. The Migrator previously only worked on pseudo-ethernet when
also a VXLAN interface was present. This has been corrected.
|
|
|
|
This changes the dummy interface implementation to make use of get_config_dict()
and also implement a new vyos.ifconfig.Interface().update() function to gather
all the scattered calls to update common interface configuration options.
Derived classes of Interface() should extend update() to their needs for their
special interface type - e.g. bond or bridge.
|