summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-05-19T5222: load-balancing reverse-proxy add smoketest domainsViacheslav Hletenko
2023-05-19T5222: reverse-proxy add send-proxy option for backend serverViacheslav Hletenko
To accept a Proxy Protocol header on incoming TCP connections, add an accept-proxy parameter to the bind line in a frontend section. This parameter detects both Proxy Protocol version 1 (text format) and Proxy Protocol version 2 (binary format). set load-balancing reverse-proxy backend <tag> server <tag> send-proxy
2023-05-19T5222: reverse-proxy fix template for listen-addressViacheslav Hletenko
Load-balancing reverse-proxy listen-address is multi-value node Use bracketize for correct set bind config for IPv6 addresses Listen by default IPv4 and IPv6 if listen-address is not defined
2023-05-19Merge pull request #2012 from sever-sever/T5222-modChristian Breunig
T5222: Refactoring load-balancing reverse-proxy
2023-05-19T5222: Refactoring load-balancing reverse-proxyViacheslav Hletenko
Improve and refactoring "load-balancing reverse-proxy" - replace 'reverse-proxy server <tag>' => 'reverse-proxy service <tag>' - replace 'reverse-proxy global-parameters tls <xxx>' => 'reverse-proxy global-parameters tls-version-min xxx' => 'reverse-proxy global-parameters ssl-bind-ciphers xxx' - replace 'reverse-proxy service https rule <tag> set server 'xxx' => 'reverse-proxy service https rule <tag> set backend 'xxx' 'service https rule <tag> domain-name xxx' set as multinode
2023-05-18wwan: op-mode: T5196: fix interface type when calling python backendChristian Breunig
2023-05-18Merge pull request #2011 from indrajitr/mdns-improvements-2Christian Breunig
mdns: T5227: Relax 'allow-service' pattern
2023-05-18mdns: T5227: Relax 'allow-service' patternIndrajit Raychaudhuri
Relax allow service pattern to allow for '.' as well for SRV records.
2023-05-17reverse-proxy: T5222: improve help stringsChristian Breunig
2023-05-17reverse-proxy: T5222: combine ipv4/ipv6-address validatorsChristian Breunig
Sync up with commit 96d846d27ac ("T5226: Combine ipv4-address and ipv6-address validators")
2023-05-17reverse-proxy: T5222: use common XML building blocks for alpha numeric ↵Christian Breunig
constraint
2023-05-17Merge pull request #2004 from sever-sever/T5222Christian Breunig
T5222: Add load-balancing for web traffic
2023-05-17Merge pull request #2008 from indrajitr/misc-conf-mode-fixesChristian Breunig
T5226: Standardize hostname and IP address validators and constraints
2023-05-17Merge pull request #2009 from indrajitr/mdns-improvementsChristian Breunig
mdns: T5227: Add support for browse domains and service filters
2023-05-17T5222: Add load-balancing for web trafficViacheslav Hletenko
2023-05-17mdns: T5227: Add support for browse domains and service filtersIndrajit Raychaudhuri
Allow listing additional browse domains (in addition to the default 'local') so that custom domains can be reflected. Additionally, allow filtering the services that are allowed to be reflected across multiple (V)LANs.
2023-05-16T5226: Fix typo in XML include headersIndrajit Raychaudhuri
2023-05-16T5226: Make host-name constraints to consistent everywhereIndrajit Raychaudhuri
Make host-name constraints consistent across all definitions
2023-05-16T5226: Combine ipv4-address and ipv6-address validatorsIndrajit Raychaudhuri
Use a single ip-address validator to combine and replace ipv4-address and ipv6-address validators.
2023-05-14Merge pull request #2006 from frebib/frebib/T5224Christian Breunig
T5224: Fix `del system syslog`
2023-05-14Merge pull request #2007 from frebib/veth-netns-revertChristian Breunig
Revert "veth: T3829: Allow moving veth into netns"
2023-05-14Revert "veth: T3829: Allow moving veth into netns"Joe Groocock
netns management for any Vyos interfaces doesn't work past the initial creation, because Vyos always tries to recreate it/move it into the netns even though it already exists. Until this is fixed, don't let anyone even attempt to use this: set interfaces virtual-ethernet veth10 peer-name 'veth100' set interfaces virtual-ethernet veth100 netns 'ns01' set interfaces virtual-ethernet veth100 peer-name 'veth10' set netns name ns01 commit vyos@r14# sudo ip netns exec ns01 ip link show 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 12: veth100@if13: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether ee:8f:0b:bd:a2:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 0 [edit] vyos@r14# set interfaces virtual-ethernet veth100 description MyNetns commit Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 111, in <module> apply(c) File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 101, in apply p.update(veth) File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1413, in update self.set_netns(config.get('netns', '')) File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 552, in set_netns self.set_interface('netns', netns) File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 183, in set_interface return self._set_command(self.config, name, value) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 110, in _set_command return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd)) ^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 52, in _cmd return cmd(command, self.debug) ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd raise OSError(code, feedback) PermissionError: [Errno 1] failed to run command: ip link set dev veth100 netns ns01 returned: exit code: 1 noteworthy: cmd 'ip link set dev veth100 netns ns01' returned (out): returned (err): Cannot find device "veth100" This reverts commit f5cc8453860568351cd9b3b7a05d06e1462460e8.
2023-05-14T5224: Stop syslog.socket alongside syslog.serviceJoe Groocock
Avoids the following warning, and any external service from re-activating syslog via systemd socket activation: frebib@vyos# commit [ system syslog ] DEBUG/COMMAND returned (err): Warning: Stopping syslog.service, but it can still be activated by: syslog.socket DEBUG/COMMAND cmd 'systemctl stop syslog.service' Signed-off-by: Joe Groocock <me@frebib.net>
2023-05-14T5224: Fix `del system syslog`Joe Groocock
os.unlink() is the correct function: Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 146, in <module> generate(c) File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 114, in generate os.path.unlink(rsyslog_conf) ^^^^^^^^^^^^^^ AttributeError: module 'posixpath' has no attribute 'unlink' Signed-off-by: Joe Groocock <me@frebib.net>
2023-05-12ethernet: T3891: add conditional code-path when doing speed/duplex changesChristian Breunig
There is no need for the backend code to call ethtool and try to change speed or duplex settings every time there is a change in the interface configuration, but no change for the speed/duplex subnodes. This also makes the commit itself faster when working with ethernet interfaces. Bonus: no repeating CLI messages that the driver does not support speed/duplex changes, as we do not change anything here. Extension to commit f2ecc9710 ("ethernet: T3891: honor auto-negotiation support per NIC")
2023-05-12Revert "T4819: remove additional newline from vyos.base.Warning()"Christian Breunig
This reverts commit dd59e375bee722c220c58b047ff5c6e533cc7a00.
2023-05-12ocserv: T3896: improve XML definition and add warning about 3rd party configsChristian Breunig
When enabling identity-based-config, users can add arbitrary config keys that are processed by ocserv. The user "must know" what he is been doing, as invalid config option will make the ocserv daemon go ... whoop! Thus add a warning and inform the user about this setting.
2023-05-12Merge pull request #2003 from bjw-s/octet_countedChristian Breunig
T2778: Fix syslog octet_counted format
2023-05-12T2778: Fix syslog octet_counted formatBᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs
2023-05-12Merge pull request #1783 from PeppyH/T3896-ocserv-config-per-xChristian Breunig
ocserv: T3896: add CLI options to configure ocserv config-per-user/group
2023-05-12Merge pull request #2002 from Zen3515/fix-cloudflare-ddnsChristian Breunig
T5219: ddclient: Allow not set login for Cloudflare API token
2023-05-12T5219: ddclient: Cloudflare doesn't require loginZen3515
2023-05-11Merge pull request #1999 from dmbaturin/T5251-vrrp-group-ping-fixJohn Estabrook
vrrp: T5215: fix the commit error when health check is not configured
2023-05-12vrrp: T5215: fix VRRP commit error when health check is not configuredDaniil Baturin
2023-05-11Merge pull request #1998 from sever-sever/T5171Christian Breunig
T5171: Set default value ping for load-balancing test check
2023-05-11Merge pull request #2000 from dmbaturin/T5195-remove-snake-case-functionJohn Estabrook
vyos.util: T5195: remove the unused camel case to snake case function
2023-05-11vyos.util: T5195: remove the unused camel case to snake case functionDaniil Baturin
that was replaced with Humps in all sciprts
2023-05-11vyos.utils: T5195: fix option list output in ↵Daniil Baturin
vyos.utils.dict.check_mutually_exclusive_options on missing options error
2023-05-11T5171: Set default value icmp for load-balancing test checkViacheslav Hletenko
Use 'ICMP' type check as default
2023-05-11Merge pull request #1956 from mkorobeinikov/currentChristian Breunig
T5158: Refactoring the commad sh interfaces counters
2023-05-11T5158: Refactoring the commad '$ sh interfaces counters'mkorobeinikov
For more detailed information it's necessary to add information about drops and error counters.
2023-05-10Merge pull request #1996 from frebib/veth-netnsChristian Breunig
veth: T3829: Allow moving veth into netns
2023-05-10veth: T3829: Allow moving veth into netnsJoe Groocock
This makes netns infinitely more useful as they can be chained together in many ways to build complex network structures all on the host. Signed-off-by: Joe Groocock <me@frebib.net>
2023-05-10Merge pull request #1989 from dmbaturin/T5195-file-utilsChristian Breunig
vyos.utils: T5195: add vyos.utils.file
2023-05-10Merge pull request #1990 from dmbaturin/T5195-conversion-utilsChristian Breunig
vyos.utils: T5195: add vyos.utils.convert
2023-05-10Merge pull request #1991 from dmbaturin/T5195-io-utilsChristian Breunig
vyos.utils: T5195: add vyos.utils.io
2023-05-10Merge pull request #1987 from dmbaturin/T5251-vrrp-group-pingChristian Breunig
T5215: add a built-in ping check for VRRP groups
2023-05-10Merge pull request #1988 from sever-sever/T5213Christian Breunig
T5213: Add accounting-interim-interval option for L2TP/PPTP servers
2023-05-10Merge pull request #1992 from sever-sever/T5217Christian Breunig
T5217: Add smoketest for CONFIG_NFT_SYNPROXY kernel option
2023-05-10vyos.utils: T5195: add vyos.utils.fileDaniil Baturin