Age | Commit message (Collapse) | Author |
|
During a corner case where the configuration is migrated to a different system
with fewer ethernet interfaces, migration will fail during an image upgrade.
vyos.ethtool.Ethtool() is instantiated with an invalid interface leading to an
exception that kills the migrator
(cherry picked from commit e47d4fd385631236da6882233b09f6364cbb077b)
|
|
T3202: Enable wireguard debug messages (backport #3679)
|
|
snmp: T6489: use new Python wrapper to interact with config filesystem (backport #3694)
|
|
configd: T6504: send sudo_user on session init and set env variable (backport #3701)
|
|
(cherry picked from commit 4c7719efa27d9d2966b70b924c90aa2c90022388)
|
|
get_current_user()
(cherry picked from commit 710bb184045baa85897d589ffbc8af14b0fce629)
|
|
The environment variable SUDO_USER is checked by system_login.py so as
to prevent deleting the current user. Provide from config session and
set within configd environment.
(cherry picked from commit 7016f840f1193399f6ac59fab7faa721049229e8)
|
|
T6489: Add support for CLI config scripts that change the underlaying working configuration (backport #3652)
|
|
filesystem
(cherry picked from commit d7a18a3da949bfa3df89661cc0871e8f23b18a10)
|
|
(cherry picked from commit e1a34e661d3e5f0090550796ac266dac15e1e337)
|
|
my_set/my_delete
(cherry picked from commit da29c9b3ab7b0cc23d64c8b033fc5a79c1b09174)
|
|
(cherry picked from commit f0923acffbef04c1f8cf2a6c8a9e2afd66c4a494)
|
|
Do no longer use my_set and my_delete as this prevents scripts beeing run under
supervision of vyos-configd.
(cherry picked from commit 7e0e8101998a6c8de6cb93c42bfbf1278c13f226)
|
|
T6511: add circinus branch to workflow (backport #3710)
|
|
(cherry picked from commit d78779715c02b0f46c569865aea9b01bac03228e)
|
|
(cherry picked from commit 9495f904fcc157521ca001ee21cf31be28a6b3a0)
|
|
(cherry picked from commit d818788932e3c57d020cca9236df7275da452fce)
|
|
T5949: Add option to disable USB autosuspend (backport #3677)
|
|
op-mode: T5514: Allow safe reboots to config defaults when config.boot is deleted (backport #3654)
|
|
op-mode: T6503: "restart ssh" command not working (backport #3702)
|
|
(cherry picked from commit c0b2693cebc3429e1974a9cec5946fa88ffc0205)
|
|
T6415: Add action repo-sync for circinus-stream
|
|
Commit e5af1f090 ("ssh: T6192: allow binding to multiple VRF instances")
switched the systemd unit file from ssh.service to ssh@*.service, this change
was not reflected in the "restart ssh" op-mode command.
(cherry picked from commit 059eb3a137a75d502632174cc028b81f49152782)
|
|
deleted
* Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances
* Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot
(cherry picked from commit 8281383a09f12da20a1c9b4864b38ac3f541b48f)
|
|
Add possibility to provide a full CA chain to the openconnect server.
* Support multiple CA certificates
* For every CA certificate specified, always determine the full certificate
chain in the background and add the necessary SSL certificates
(cherry picked from commit 973f06c00b902c43dfea34bdf01bdec7c599c452)
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
macsec: T5447: fix error message syntax - there is no tx and rx key, only key (backport #3685)
|
|
(cherry picked from commit f29caa824c02c833a3978b9236391e4277c1a6ba)
|
|
Commit 9f9891a2099 ("pki: T6241: Fix dependency updates on PKI changes") added
a print() statement which notified the users about the subsystems which got
supplied with an updated certificate.
Example:
> PKI: Updating config: interfaces openvpn vtun0 tls certificate openvpn_vtun0
> PKI: Updating config: interfaces openvpn vtun0 tls ca_certificate openvpn_vtun0_1
This is an informational message which should maybe (if needed) be sent to
syslog. But the main issue is that CLI paths are mangled (- to _) which makes
the about print output wrong and could potentially confuse users.
Statement has been commented to be re-enabled for debugging.
(cherry picked from commit a4d49a96918c0f0dac3d17f9cf3a5b8f3a9505c0)
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
* install_certificate() code path handles private_key=None &
key_passphrase=None OK already
* file and console output paths will error trying to encode None as a key
* This is only an issue for a couple of the generate_*_sign() functions,
where having a null private key is possible
* Self-signing and CA creation always generate a private key
* Certreqs will generate a private key if not already provided
* Do not prompt for a private key passphrase if we aren't giving back a
private key
(cherry picked from commit d2cf8eeee9053d04f34c5e8a22373290d078ab37)
Co-authored-by: Andrew Topp <andrewt@telekinetica.net>
|
|
|
|
T6494: sonarcloud settings for circinus-stream
|
|
T6494: sonarcloud settings for circinus-stream
|
|
openvpn: T5487: make migration script executable
|
|
Migration script introduced in commit 0f669a226 ("openvpn: T5487: Remove
eprecated option --cipher for server and client mode") lacked executable
permission.
|
|
op-mode: T6480: must call pki.py helper as root to work with ACME certificates
|
|
op-mode: T6407: "generate pki" missed to mangle in ACME certificates when required
|
|
T6487: updated central workflows to use current branch
|
|
|
|
required
If the requested certificate to generate an Apple IOS profile was based on an
ACME certificate, we also need to mangle in the ACME certs content to retrieve
the certificates issuer name.
|
|
This is an addition to commit 65fba1cd2 ("op-mode: T6377: must call pki.py
helper as root to work with ACME certificates") which missed out the basic
"show pki" command, as the <command> XML node was deep down in the view.
|
|
openvpn: T5487: Remove deprecated option --cipher for server and client mode
|
|
T6456: Convert "monitor traffic" to modern op-mode wrapper
|
|
T6045: Recreate show lldp detail views & improve remote port selection
|
|
op_mode: T6227: Rewrite show conntrack-sync cache internal to use tabulate output
|
|
T6476: added sonarcloud workflow
|
|
output
|
|
|
|
bgp: T6473: missing completion helper for peer-groups inside a VRF
|
|
Using BGP peer-groups inside a VRF instance will make use if the global VRFs
peer-group list during tab-completion and not the peer-groups defined within
the BGP instance of the given VRF.
|
|
|