Age | Commit message (Collapse) | Author |
|
Allowing `_kea` to be a member of `vyattacfg` group allows
kea-dhcp{4,6}-server to have access to DHCP lease directory under
`/config/` and thus have ability to manipupate the leases files.
|
|
Move the kea lease file to a separate directory `/config/dhcp` that `kea`
process can write to so that subprocesses spawned by `kea` process can
operate on the lease files.
To allow `kea` process to write to `/config/dhcp`, add `_kea` user to
`vyattacfg` group. And the lease files are owned completely by `_kea`
user to play well with `kea-lfc` process.
Specifically, this is necessary for `kea-lfc` which is spawned by `kea`
process to clean up expired leases. Since `kea-lfc` creates additional
backup lease files, it needs write access to the lease file directory.
Additionally, change the extension of the lease file from `.leases` to
`.csv` to reflect the actual file format.
|
|
ddclient: T5852: add missing priority
|
|
Running ddclient on a VLAN interface will fail during reboot as there is no
discrete priority to tell that the dynamic DNS service needs to be started
after the interfaces.
|
|
container: T5867: disable healthchecks due to upstream issue
|
|
op-mode: T5866: Add command to restart IPv6 RA daemon
|
|
conmon 402de34b31388b5a2e1c <error>: Unable to send container stderr message to parent Broken pipe
https://github.com/containers/conmon/issues/438
|
|
vyos@vyos:~$ restart router-advert
|
|
|
|
|
|
T5801: Rewritten L2TP to get_config_dict
|
|
T5842: Rewritten PPTP to get_config_dict
|
|
dhcp: T3316: Support hostname, DUID and MAC address in reservation
|
|
Rewritten PPTP to get_config_dict
Fixed 'dynamic-author' commands. These commands did not create
anything in accel-ppp config.
|
|
T5859: Fixed format of pool range in the accel-ppp config
|
|
firewall: T5834: Rename 'enable-default-log' to 'default-log'
|
|
Fixed format of ipv4 pool range from 'x.x.x.x-x.x.x.y'
to 'x.x.x.x-y'
|
|
`include/firewall/rule-log-options.xml.i` is now more aptly renamed to
`include/firewall/log-options.xml.i`.
|
|
This file is a left over from previous refactoring and no longer
referenced anywhere in the interface definitions.
|
|
One can now do `set policy route foo default-log` which will add log
to the policy route chain.
|
|
|
|
Rename chain level defaults log option from `enable-default-log` to
`default-log` for consistency.
|
|
ddclient: T5144: Warn against configuration with broken IP lookup service
|
|
We always enable HTTPS in ddclient configuration, however
`http://checkip.dyndns.org` is HTTP only and does not support HTTPS.
Warn the user if they are using this service.
Also, make `url` in `web-options` mandatory.
|
|
ddclient: T5144: Migrate web-options url to stricter format
|
|
ethernet: T5566: disable energy efficient ethernet (EEE) for interfaces
|
|
VyOS is a routing (packet pushing) platform, thus supporting EEE which
potentially causes issues is not a good idea. Some recent Intel drivers enable
EEE by default, thus we will disable this for every NIC supporting EEE.
|
|
snmp: T5855: migrate "set service lldp snmp enable" to "set service lldp snmp"
|
|
|
|
|
|
Legacy ddclient allowed arbitrary URLs in web-options, but the new
has stricter validations. Apply migration to the old URLs.
Also migrate checkip.dyndns.org to https://domains.google.com/checkip
for better TLS support.
|
|
|
|
configdict: T5837: add support to return added nodes when calling node_changed()
|
|
snmp: 5856: fix service removal error
|
|
When deleting SNMP from CLI the 'delete' key was not honored in the config
dictionary, leading to a false process startup causing the following error:
Job for snmpd.service failed because the control process exited with error code.
See "systemctl status snmpd.service" and "journalctl -xeu snmpd.service" for details.
|
|
In the past, node_changed() suggested it would also return nodes that got added
(function comment) but in reality only deleted keys got accounted for.
This commit changes the signature and adds an argument expand_nodes to specify
the users interest of a node was deleted (default), added (expand_nodes=Diff.ADD)
or even both (expand_nodes=Diff.ADD|Diff.DELETE).
|
|
node_changed() will return a list of changed keys under "path". We are not
always interested what changed, sometimes we are only interested if something
changed at all, that what vyos.configdict.is_node_changed() is for.
|
|
T160: NAT64 add match firewall mark feature
|
|
Match mark allows to use firewall marks of packet to use
a specific pool
Example of instance config /run/jool/instance-100.json
```
...
"pool4": [
{
"protocol": "TCP",
"prefix": "192.0.2.10",
"port range": "1-65535",
"mark": 23
},
...
```
|
|
|
|
xml: T5854: clear empty paths left by embedded override of defaultValue
|
|
|
|
T5840: Add override for systemd kea-ctrl-agent.service
|
|
After update KEA to 2.4.x in the bf04cd8fea44d375fb7d93d75a1f31c220730c88
there is a file that expects ConditionFileNotEmpty=/etc/kea/kea-api-password
It cause the unit `kea-ctrl-agent.service` cannot start
systemd[1]: kea-ctrl-agent.service - Kea Control Agent was skipped because of an unmet condition check (ConditionFileNotEmpty=/etc/kea/kea-api-password)
Override systemd kea-ctrl-agent.service do not check this file
|
|
Also, have the smoketest start with a clean CLI instance.
|
|
|
|
Reinstate support for hostname in DHCP reservation. Having `hostname` in
allows for server-side assignment of hostname. This is useful for static
lookup of hostname.
Ensure that hostname is a valid FQDN (doesn't have underscore, etc.)
Additionally, support using either of DUID or MAC address for
reservation. While MAC address is typically used for IPv4, and DUID is
typically used for IPv6, either of them can be used in IPv4 and IPv6
reservations in Kea.
|
|
Updated image_installer.py to try and validate image with all
minisign public keys in /usr/share/vyos/keys/
|
|
srv6: T591: enable SR enabled packet processing on defined interfaces
|
|
T2898: add ndp-proxy service
|