Age | Commit message (Collapse) | Author |
|
|
|
|
|
T2638: FRR: New framework for configuring FRR
|
|
tunnel: T2649: ConfigurationState, do not inherit from Config
|
|
|
|
This commit adds the python module vyos.frr that support reading and modifying the frr cofiguration.
Functions
get_configuration() :
Collects the configuration from FRR and returns it as a string
reload_configuration() :
uses frr-reload.py to activate a new configuration.
The configuration applied will overwrite the current configuration.
mark_configuration() :
Does syntax check/validation and add "end" tags to the configuration
The marked configuration will be returned as a string
A syntax fault will render an Exception
execute() :
Execute a command inside vtysh
configure() :
Executes a command in vtysh config mode
replace_section() / _replace_section() :
Adds the ability to replace a section of frr code
remove_section() :
Removes the specified configuration block from the config
For now this supports replacing complete config sub-blocks of configuration and selecting the daemon
to replace inside. This should work for most daemons, but static routing will still be an issue because
this is not a separate sub-config mode
|
|
|
|
|
|
xml: T2660: do replace - with _ for defaults when not flattening
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* 'T2656' of https://github.com/thomas-mangin/vyos-1x:
xml: T2656: option to not flatten the default dict
|
|
ifconfig: T2653: move macsec interface to get_config_dict()
|
|
|
|
|
|
|
|
|
|
T2654: Remove overzealous error checking
|
|
|
|
While moving towards a general interface abstraction based on get_config_dict()
and the use of vyos.ifconfig.Interfaces().update() it also makes sense, to
split out common verification code to a common util file - instead of
duplicating the code, which is infact one of the main forces drivind this
transition.
vyos.configverify will hold common functions called via verify() from our
src/conf_mode scripts so we do not need to copy/paste general verifications
methods.
|
|
By implementation misstake we exited the migrationscript if no VXLAN interface
was found but this was wrong as the same loop is used on pseudo-ethernet
interfaces. The Migrator previously only worked on pseudo-ethernet when
also a VXLAN interface was present. This has been corrected.
|
|
|
|
This changes the dummy interface implementation to make use of get_config_dict()
and also implement a new vyos.ifconfig.Interface().update() function to gather
all the scattered calls to update common interface configuration options.
Derived classes of Interface() should extend update() to their needs for their
special interface type - e.g. bond or bridge.
|
|
|
|
Commit 1d7f88b459d ("ssh: T2635: migrate to get_config_dict()") used a wrong
loop iterator on the rendered ListenAddress statement.
|
|
xml: T2528: fix defaults
|
|
|
|
xml: T2528: fix to work with named tags (edit mode)
|
|
|
|
|
|
Commit 289f513 ("wireguard: T2632: support PSK on multiple peers") introduced
a regression when multiple allowed-ips have been configured. They were not
properly quoted when passing them down to the wg binary.
|
|
dictconfig: T2637: identify sub-interfaces (vif) to delete
|
|
|
|
Commit 9390988709 ("vxlan: T2629: fix multiple configuration issues") called
append() on a list and passed two arguments which is invalid.
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/interfaces-vxlan.py", line 300, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/interfaces-vxlan.py", line 245, in apply
v = VXLANIf(vxlan['intf'], **conf)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 221, in __init__
self._create()
File "/usr/lib/python3/dist-packages/vyos/ifconfig/vxlan.py", line 84, in _create
cmdline.append('group', 'src_interface')
TypeError: append() takes exactly one argument (2 given)
|
|
|
|
This reverts commit 45c81add25e71230f1aa20ed0971a9ce061f33ec.
|
|
|
|
validation: T2630: bound to interface mtu if available
|
|
|
|
Jinja template contains some workarounds like {% if port is string %}, this
depends of the resolution of https://phabricator.vyos.net/T2636
|
|
tunnel: T2633: add support for ip (arp) commands
|
|
vxlan: T2629: fix multiple configuration issues
|
|
|
|
SSH mac, ciper and key exchange algorithms are not ynamically and only change
on distro upgrades. Thus it is easier to have them in a list and use a regex
based constraint. In the past users could have entered anything here!
|
|
It was not possible to configure two WG peers with both utilized a pre-shared
key. This has been corrected.
WG psk can only be read from a file when starting the interface. The code for
creating this temporary file has been moved into the ifconfig.WireGuardIf()
class.
Tested with:
============
set interfaces wireguard wg0 address '192.0.2.0/31'
set interfaces wireguard wg0 peer one allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer one preshared-key 'e+SIIUcrnrSDHhbTtpjwKhSlSdUALA5ZvoCjfQXcvmA='
set interfaces wireguard wg0 peer one pubkey '/qQGAQ2HfLSZBSCpdgps04r9wRlK7bSFraCH9+MScmw='
set interfaces wireguard wg0 peer two allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer two pubkey '/qQGAQ2HfLSZBSCpdgfooor9wRlK7bSFraCH9+MScmw='
|
|
|