Age | Commit message (Collapse) | Author |
|
The removal of interfaces loopback lo results in all address being
removed from the loopback interface. (also not cli controlled addresses)
In this process 127.0.0.1/8 and ::1/128 are also removed witch results
in error for services that are dependent on these adresses, this includes
eg. snmp and ssh
Removal of these addresses needs to be disallowed by the config backend
and removal of the whole config block interfaces loopback lo needs to
result in removal of all non-default addresses only.
|
|
|
|
Without this override the keepalived stop transaction script won't work
as systemd will just wipe the process.
|
|
Commit e39f2ea ("dhclient-script: T1987: Multiple fixes in dhclient-script")
added the dhclient script but it missed the dependency.
|
|
dhclient-script: T1987: Multiple fixes in dhclient-script
|
|
|
|
|
|
If there is no zone option given it will be "guessed" as in the past.
This means (hostname -> resulting zone entry)
domain.com -> com
foo.domain.com -> domain.com
bar.foo.domain.com -> foo.domain.com
I have zero experience in the CloudFlare zone option what it is and what
it does. SO maybe we still have a chance to auto render this setting.
|
|
This changeset contains multiple changes in structure, logic, and bugfixes for dhclient-script. It should provide better compatibility with new Debian versions and flexibility in controlling and changing VyOS-related functions.
1. Structure change:
* All VyOS-related functionality was moved from dhclient-script itself to separated hook files.
* Old vyatta-dhclient-hook was moved from vyatta-cfg to vyos-1x.
* This change allows discard dhclient-script replacing and use the original one from Debian without any changes. So, we do not need to track all changes in upstream so carefully.
* To provide compatibility between original dhclient-script and VyOS, two internal commands/functions are repaced in hooks: ip and make_resolv_conf. So, in all places where used ${ip} or make_resolv_conf, actually using VyOS-tuned functions instead original.
* `ip` function is a wrapper, which automatically chooses what to use: transparently pass a command to /usr/sbin/ip, change a route in kernel table or FRRouting config via vtysh.
* `make_resolv_conf` function main logic was copied from current VyOS implementation and use vyos-hostsd-client for making changes
2. Added:
* Logging. Now is possible to log all changes, what is doing by dhclient-script. Logs can be saved to the journal and displayed in stderr (for debugging purposes). By default, logging to the journal is enabled (at least for some time) to provide a way to collect enough information in case if some bug in this new implementation will be found. This can be changed in the 01-vyos-logging file.
3. Fixed/Changed:
* If DHCP lease was expired, released or dhclient was stopped, dhclient-script will try to delete default route from this lease.
* Instead of blindly killing all dhclients in case if FRRouting daemon is not running, now used more intelligent logic:
* dhclients are stopping natively (with all triggers processing), instead of killing;
* dhclient-script will not kill parent dhclient process. This allows to fix the problem when systemd inform about failing to rise up interfaces at early boot stages (used in Cloud-init images);
* dhclient-script will not touch dhclients, which are not related to the current interface or IP protocol version.
* For getting FRRouting daemon status used native way via watchfrr.sh, instead of the previous trick with vtysh accessibility.
* before adding a new route to FRRouting configuration, this route will be deleted from the kernel (if it is presented there). This allows to properly replace routes, added at early boot stages, when FRR not available.
* Routes in FRRouting are adding with "tag 210". This allows protecting static routes, added via CLI, from deletion when old routes are deleting by DHCP.
* DNS servers will be reconfigured only when $new_domain_name_servers are not the same as $old_domain_name_servers. Previously, this was done during each RENEW procedure.
* Replacing MTU for preconfigured one was changed to Python (via vyos.config). The previous version with vyatta-interfaces.pl was obsoleted and seems to be broken.
|
|
"make deb" to build the debian package
|
|
Adding an option to make to build the debian package
|
|
|
|
|
|
|
|
|
|
As we need to operate with usmUser, we can search for it directly if its
present or not. There is always one usmUser entry for the system user.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
service lldp: T2019: modify handling of interface 'all'
|
|
Modify lldpd config template in './src/conf_mode/lldp.py'.
conf_mode uses 'all' to specify all interfaces.
lldpd config file uses '*' to specify all interfaces.
Both use an exclamation mark ('!') as prefix to disable lldp on an interface, eg. '!eth1' or '!all'.
Add jinja2 template filters to create and merge following sub-lists
a) take list of conf_mode lldp interfaces, remove every interface except 'all', replace 'all' with '*'
-> support interface all
b) take list of conf_mode lldp interfaces, remove every interface except '!all', replace '!all' with '!*'
-> support interface all disabled
c) take list of conf_mode lldp interfaces, remove every interface named 'all' or '!all'
-> support any other interface
|
|
|
|
|
|
|
|
- in preparation for a wireguard cli test case, generate
is used to create the keys later used in the config
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* 't1948-system-login' of github.com:c-po/vyos-1x:
radius: T1948: add libnss-mapname support
radius: T1948: rename server dictionary
radius: T1948: supply PAM configuration template
user: T1948: fix system user creation
ogin: user: radius: T1948: use discrete configuration for each system
login: T1948: remove obsolete config nodes "group" and "level"
login: T1948: SSH keys can only be added after user has been created
login: T1948: initial support for RADIUS configuration
login: T1948: support for SSH keys
login: T1948: add/remove local users
login: T1948: initial rewrite in XML/Python
options: T1919: remove broken comment
|
|
|
|
|
|
|
|
|
|
Split combined XML/Python code to individual code for local user accounts
and RADIUS authenticated accounts.
|
|
fix typo in interfaces l2tpv3 encapsulation property
|
|
|
|
service https: T1585: add support for letsencrypt certificates
service https: T1443: reorder elements for clarity
|
|
|
|
|
|
|
|
|
|
|
|
|