summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-12-29dhcp: T3316: Add `_kea` user as vyattacfg group memberIndrajit Raychaudhuri
Allowing `_kea` to be a member of `vyattacfg` group allows kea-dhcp{4,6}-server to have access to DHCP lease directory under `/config/` and thus have ability to manipupate the leases files.
2023-12-29dhcp: T3316: Adjust kea lease files' location and permissionsIndrajit Raychaudhuri
Move the kea lease file to a separate directory `/config/dhcp` that `kea` process can write to so that subprocesses spawned by `kea` process can operate on the lease files. To allow `kea` process to write to `/config/dhcp`, add `_kea` user to `vyattacfg` group. And the lease files are owned completely by `_kea` user to play well with `kea-lfc` process. Specifically, this is necessary for `kea-lfc` which is spawned by `kea` process to clean up expired leases. Since `kea-lfc` creates additional backup lease files, it needs write access to the lease file directory. Additionally, change the extension of the lease file from `.leases` to `.csv` to reflect the actual file format.
2023-12-28Merge pull request #2703 from c-po/ddclient-t5852Daniil Baturin
ddclient: T5852: add missing priority
2023-12-28ddclient: T5852: add missing priorityChristian Breunig
Running ddclient on a VLAN interface will fail during reboot as there is no discrete priority to tell that the dynamic DNS service needs to be started after the interfaces.
2023-12-28Merge pull request #2699 from c-po/container-t5867Christian Breunig
container: T5867: disable healthchecks due to upstream issue
2023-12-28Merge pull request #2698 from c-po/t5866-radvdChristian Breunig
op-mode: T5866: Add command to restart IPv6 RA daemon
2023-12-28container: T5867: disable healthchecks due to upstream issueChristian Breunig
conmon 402de34b31388b5a2e1c <error>: Unable to send container stderr message to parent Broken pipe https://github.com/containers/conmon/issues/438
2023-12-28op-mode: T5866: Add command to restart IPv6 RA daemonChristian Breunig
vyos@vyos:~$ restart router-advert
2023-12-28container: T5829: fix base key "container" re-use in for loopChristian Breunig
2023-12-28container: T5829: verify container network used supports the given AFIChristian Breunig
2023-12-28Merge pull request #2658 from aapostoliuk/T5801-circinusChristian Breunig
T5801: Rewritten L2TP to get_config_dict
2023-12-28Merge pull request #2695 from aapostoliuk/T5842-circinusChristian Breunig
T5842: Rewritten PPTP to get_config_dict
2023-12-28Merge pull request #2650 from indrajitr/kea-reservation-fixChristian Breunig
dhcp: T3316: Support hostname, DUID and MAC address in reservation
2023-12-27T5842: Rewritten PPTP to get_config_dictaapostoliuk
Rewritten PPTP to get_config_dict Fixed 'dynamic-author' commands. These commands did not create anything in accel-ppp config.
2023-12-27Merge pull request #2693 from aapostoliuk/T5859-circinusChristian Breunig
T5859: Fixed format of pool range in the accel-ppp config
2023-12-27Merge pull request #2651 from indrajitr/firewal-rename-enable-default-logChristian Breunig
firewall: T5834: Rename 'enable-default-log' to 'default-log'
2023-12-27T5859: Fixed format of pool range in the accel-ppp configaapostoliuk
Fixed format of ipv4 pool range from 'x.x.x.x-x.x.x.y' to 'x.x.x.x-y'
2023-12-26firewall: T5834: Improve log message and simplify log-option includeIndrajit Raychaudhuri
`include/firewall/rule-log-options.xml.i` is now more aptly renamed to `include/firewall/log-options.xml.i`.
2023-12-26firewall: T5834: Remove vestigial include fileIndrajit Raychaudhuri
This file is a left over from previous refactoring and no longer referenced anywhere in the interface definitions.
2023-12-26firewall: T5834: Add support for default log for route policyIndrajit Raychaudhuri
One can now do `set policy route foo default-log` which will add log to the policy route chain.
2023-12-26firewall: T5834: Migration for 'enable-default-log' to 'default-log'Indrajit Raychaudhuri
2023-12-26firewall: T5834: Rename 'enable-default-log' to 'default-log'Indrajit Raychaudhuri
Rename chain level defaults log option from `enable-default-log` to `default-log` for consistency.
2023-12-26Merge pull request #2691 from indrajitr/ddclient-update-20231224-02Christian Breunig
ddclient: T5144: Warn against configuration with broken IP lookup service
2023-12-26ddclient: T5144: Warn against configuration with broken IP lookup serviceIndrajit Raychaudhuri
We always enable HTTPS in ddclient configuration, however `http://checkip.dyndns.org` is HTTP only and does not support HTTPS. Warn the user if they are using this service. Also, make `url` in `web-options` mandatory.
2023-12-26Merge pull request #2686 from indrajitr/ddclient-update-20231224-01Christian Breunig
ddclient: T5144: Migrate web-options url to stricter format
2023-12-25Merge pull request #2689 from c-po/eee-t5311-t5566Daniil Baturin
ethernet: T5566: disable energy efficient ethernet (EEE) for interfaces
2023-12-25ethernet: T5566: disable energy efficient ethernet (EEE) for interfacesChristian Breunig
VyOS is a routing (packet pushing) platform, thus supporting EEE which potentially causes issues is not a good idea. Some recent Intel drivers enable EEE by default, thus we will disable this for every NIC supporting EEE.
2023-12-25Merge pull request #2687 from c-po/lldp-snmp-t5855Christian Breunig
snmp: T5855: migrate "set service lldp snmp enable" to "set service lldp snmp"
2023-12-25snmp: T5855: migrate "set service lldp snmp enable" to "set service lldp snmp"Christian Breunig
2023-12-25snmp: T5855: add GPL license headerChristian Breunig
2023-12-25ddclient: T5144: Migrate web-options url to stricter formatIndrajit Raychaudhuri
Legacy ddclient allowed arbitrary URLs in web-options, but the new has stricter validations. Apply migration to the old URLs. Also migrate checkip.dyndns.org to https://domains.google.com/checkip for better TLS support.
2023-12-24ddclient: T5791: Adjust migration to normalize underscore in config namesIndrajit Raychaudhuri
2023-12-24Merge pull request #2682 from c-po/node-changed-t5837Christian Breunig
configdict: T5837: add support to return added nodes when calling node_changed()
2023-12-24Merge pull request #2683 from c-po/snmp-T5865Viacheslav Hletenko
snmp: 5856: fix service removal error
2023-12-24snmp: 5856: fix service removal errorChristian Breunig
When deleting SNMP from CLI the 'delete' key was not honored in the config dictionary, leading to a false process startup causing the following error: Job for snmpd.service failed because the control process exited with error code. See "systemctl status snmpd.service" and "journalctl -xeu snmpd.service" for details.
2023-12-24configdict: T5837: add support to return added nodes when calling node_changed()Christian Breunig
In the past, node_changed() suggested it would also return nodes that got added (function comment) but in reality only deleted keys got accounted for. This commit changes the signature and adds an argument expand_nodes to specify the users interest of a node was deleted (default), added (expand_nodes=Diff.ADD) or even both (expand_nodes=Diff.ADD|Diff.DELETE).
2023-12-24T5837: cleanup use of calls to vyos.configdict.node_changed()Christian Breunig
node_changed() will return a list of changed keys under "path". We are not always interested what changed, sometimes we are only interested if something changed at all, that what vyos.configdict.is_node_changed() is for.
2023-12-24Merge pull request #2677 from sever-sever/T160Christian Breunig
T160: NAT64 add match firewall mark feature
2023-12-24T160: NAT64 add match firewall mark featureViacheslav Hletenko
Match mark allows to use firewall marks of packet to use a specific pool Example of instance config /run/jool/instance-100.json ``` ... "pool4": [ { "protocol": "TCP", "prefix": "192.0.2.10", "port range": "1-65535", "mark": 23 }, ... ```
2023-12-24veth: T5853: fix typo in constraintErrorMessagezero13th
2023-12-24Merge pull request #2679 from jestabro/allow-embedded-overrideChristian Breunig
xml: T5854: clear empty paths left by embedded override of defaultValue
2023-12-23xml: T5854: clear empty paths left by embedded override of defaultValueJohn Estabrook
2023-12-22Merge pull request #2676 from sever-sever/T5840Christian Breunig
T5840: Add override for systemd kea-ctrl-agent.service
2023-12-22T5840: Add override for systemd kea-ctrl-agent.serviceViacheslav Hletenko
After update KEA to 2.4.x in the bf04cd8fea44d375fb7d93d75a1f31c220730c88 there is a file that expects ConditionFileNotEmpty=/etc/kea/kea-api-password It cause the unit `kea-ctrl-agent.service` cannot start systemd[1]: kea-ctrl-agent.service - Kea Control Agent was skipped because of an unmet condition check (ConditionFileNotEmpty=/etc/kea/kea-api-password) Override systemd kea-ctrl-agent.service do not check this file
2023-12-21dhcp: T3316: Update smoketest for hostname, DUID, MAC in reservationIndrajit Raychaudhuri
Also, have the smoketest start with a clean CLI instance.
2023-12-21dhcp: T3316: Apply migration for valid hostname, and identifier (DUID)Indrajit Raychaudhuri
2023-12-21dhcp: T3316: Support hostname, DUID and MAC address in reservationIndrajit Raychaudhuri
Reinstate support for hostname in DHCP reservation. Having `hostname` in allows for server-side assignment of hostname. This is useful for static lookup of hostname. Ensure that hostname is a valid FQDN (doesn't have underscore, etc.) Additionally, support using either of DUID or MAC address for reservation. While MAC address is typically used for IPv4, and DUID is typically used for IPv6, either of them can be used in IPv4 and IPv6 reservations in Kea.
2023-12-21T5781: use dynamic minisign key listKyleM
Updated image_installer.py to try and validate image with all minisign public keys in /usr/share/vyos/keys/
2023-12-21Merge pull request #2663 from c-po/srv6-part2Christian Breunig
srv6: T591: enable SR enabled packet processing on defined interfaces
2023-12-21Merge pull request #2665 from c-po/ndp-proxyChristian Breunig
T2898: add ndp-proxy service