Age | Commit message (Collapse) | Author |
|
|
|
To accept a Proxy Protocol header on incoming TCP connections,
add an accept-proxy parameter to the bind line in a frontend section.
This parameter detects both Proxy Protocol version 1 (text format)
and Proxy Protocol version 2 (binary format).
set load-balancing reverse-proxy backend <tag> server <tag> send-proxy
|
|
Load-balancing reverse-proxy listen-address is multi-value node
Use bracketize for correct set bind config for IPv6 addresses
Listen by default IPv4 and IPv6 if listen-address is not defined
|
|
T5222: Refactoring load-balancing reverse-proxy
|
|
Improve and refactoring "load-balancing reverse-proxy"
- replace 'reverse-proxy server <tag>'
=> 'reverse-proxy service <tag>'
- replace 'reverse-proxy global-parameters tls <xxx>'
=> 'reverse-proxy global-parameters tls-version-min xxx'
=> 'reverse-proxy global-parameters ssl-bind-ciphers xxx'
- replace 'reverse-proxy service https rule <tag> set server 'xxx'
=> 'reverse-proxy service https rule <tag> set backend 'xxx'
'service https rule <tag> domain-name xxx' set as multinode
|
|
|
|
mdns: T5227: Relax 'allow-service' pattern
|
|
Relax allow service pattern to allow for '.' as well for SRV records.
|
|
|
|
Sync up with commit 96d846d27ac ("T5226: Combine ipv4-address and ipv6-address
validators")
|
|
constraint
|
|
T5222: Add load-balancing for web traffic
|
|
T5226: Standardize hostname and IP address validators and constraints
|
|
mdns: T5227: Add support for browse domains and service filters
|
|
|
|
Allow listing additional browse domains (in addition to the default
'local') so that custom domains can be reflected.
Additionally, allow filtering the services that are allowed to be
reflected across multiple (V)LANs.
|
|
|
|
Make host-name constraints consistent across all definitions
|
|
Use a single ip-address validator to combine and replace ipv4-address
and ipv6-address validators.
|
|
T5224: Fix `del system syslog`
|
|
Revert "veth: T3829: Allow moving veth into netns"
|
|
netns management for any Vyos interfaces doesn't work past the initial
creation, because Vyos always tries to recreate it/move it into the
netns even though it already exists. Until this is fixed, don't let
anyone even attempt to use this:
set interfaces virtual-ethernet veth10 peer-name 'veth100'
set interfaces virtual-ethernet veth100 netns 'ns01'
set interfaces virtual-ethernet veth100 peer-name 'veth10'
set netns name ns01
commit
vyos@r14# sudo ip netns exec ns01 ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
12: veth100@if13: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether ee:8f:0b:bd:a2:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[edit]
vyos@r14#
set interfaces virtual-ethernet veth100 description MyNetns
commit
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 111, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 101, in apply
p.update(veth)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1413, in update
self.set_netns(config.get('netns', ''))
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 552, in set_netns
self.set_interface('netns', netns)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 183, in set_interface
return self._set_command(self.config, name, value)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 110, in _set_command
return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd))
^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 52, in _cmd
return cmd(command, self.debug)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: ip link set dev veth100 netns ns01
returned:
exit code: 1
noteworthy:
cmd 'ip link set dev veth100 netns ns01'
returned (out):
returned (err):
Cannot find device "veth100"
This reverts commit f5cc8453860568351cd9b3b7a05d06e1462460e8.
|
|
Avoids the following warning, and any external service from
re-activating syslog via systemd socket activation:
frebib@vyos# commit
[ system syslog ]
DEBUG/COMMAND returned (err):
Warning: Stopping syslog.service, but it can still be activated by:
syslog.socket
DEBUG/COMMAND cmd 'systemctl stop syslog.service'
Signed-off-by: Joe Groocock <me@frebib.net>
|
|
os.unlink() is the correct function:
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 146, in <module>
generate(c)
File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 114, in generate
os.path.unlink(rsyslog_conf)
^^^^^^^^^^^^^^
AttributeError: module 'posixpath' has no attribute 'unlink'
Signed-off-by: Joe Groocock <me@frebib.net>
|
|
There is no need for the backend code to call ethtool and try to change speed or
duplex settings every time there is a change in the interface configuration,
but no change for the speed/duplex subnodes. This also makes the commit itself
faster when working with ethernet interfaces.
Bonus: no repeating CLI messages that the driver does not support speed/duplex
changes, as we do not change anything here.
Extension to commit f2ecc9710 ("ethernet: T3891: honor auto-negotiation support
per NIC")
|
|
This reverts commit dd59e375bee722c220c58b047ff5c6e533cc7a00.
|
|
When enabling identity-based-config, users can add arbitrary config keys
that are processed by ocserv. The user "must know" what he is been doing, as
invalid config option will make the ocserv daemon go ... whoop!
Thus add a warning and inform the user about this setting.
|
|
T2778: Fix syslog octet_counted format
|
|
|
|
ocserv: T3896: add CLI options to configure ocserv config-per-user/group
|
|
T5219: ddclient: Allow not set login for Cloudflare API token
|
|
|
|
vrrp: T5215: fix the commit error when health check is not configured
|
|
|
|
T5171: Set default value ping for load-balancing test check
|
|
vyos.util: T5195: remove the unused camel case to snake case function
|
|
that was replaced with Humps in all sciprts
|
|
vyos.utils.dict.check_mutually_exclusive_options
on missing options error
|
|
Use 'ICMP' type check as default
|
|
T5158: Refactoring the commad sh interfaces counters
|
|
For more detailed information it's necessary to add information about drops and error counters.
|
|
veth: T3829: Allow moving veth into netns
|
|
This makes netns infinitely more useful as they can be chained together
in many ways to build complex network structures all on the host.
Signed-off-by: Joe Groocock <me@frebib.net>
|
|
vyos.utils: T5195: add vyos.utils.file
|
|
vyos.utils: T5195: add vyos.utils.convert
|
|
vyos.utils: T5195: add vyos.utils.io
|
|
T5215: add a built-in ping check for VRRP groups
|
|
T5213: Add accounting-interim-interval option for L2TP/PPTP servers
|
|
T5217: Add smoketest for CONFIG_NFT_SYNPROXY kernel option
|
|
|