Age | Commit message (Collapse) | Author |
|
The previous implementation only supported disabling DHCP nameservers for all
interfaces, and was implemented improperly so it didn't work anyway.
It's safe to remove it completely.
This adds support for a new config node name-servers-dhcp <interface>, which
allows us to enable just the interfaces we want to use for system DNS,
identical in syntax to 'service dns forwarding dhcp <interface>'.
The new option works by adding tags to vyos-hostsd that we want to use to add
nameservers to resolv.conf, same as adding tags for dns forwarding but for a
different destination file.
A config migrator will be added in a separate commit.
|
|
Debian Buster doesn't have the length and character limitations of
/etc/resolv.conf 'search' any more, it is unlimited.
https://sourceware.org/bugzilla/show_bug.cgi?id=19569
(glibc >2.26)
|
|
Change internal representation to the one required by vyos-hostsd.
|
|
Removes and adds all required settings.
|
|
- generate recursor.conf, recursor.conf.lua
- if recursor.vyos-hostsd.conf.lua and recursor.forward-zones.conf don't exist,
create empty ones (they are/will be generated by vyos-hostsd)
|
|
Add warning that forwarding will operate as a recursor in case there are no
nameservers configured.
|
|
Remove the old solution that retrieved dhcp tagged nameservers from hostsd
and added it to nameservers, as it didn't work anyway (only once during
configuration but it didn't update them later). This is now handled by
vyos-hostsd, just retrieve the configured interfaces and send it the list
of tags to use.
|
|
Remove manual retrieval of 'system name-server' from config and adding it to
the name servers list, as this is now handled by simply adding a 'system' tag
in vyos-hostsd.
|
|
|
|
Change internal representation to the new one expected by vyos-hostsd.
|
|
As Config is required in both get_config and verify, init it once
and pass it to both functions.
|
|
The functionality was moved to vyos-hostsd.
|
|
|
|
The file will be generated by vyos-hostsd to add NTAs for zones (domains)
from /etc/hosts and forward-zones.
|
|
Add a 'dhcpd' system user that is a member of hostsd group and can
connect to vyos-hostsd.
Run dhcpd as this user.
|
|
To better control access from other daemons that may not be running as root,
create a new group 'hostsd' to which the other daemons running users can be
added.
Run vyos-hostsd as root:hostsd to create the socket file with correct user and
group.
|
|
- set RuntimeDirectory to vyos-hostsd
- set RuntimeDirectoryPreserve in order to not delete the state file between
service restarts (/run will be deleted across reboots as it's on a tmpfs but
the state doesn't need to be saved across reboots anyway)
- set WorkingDirectory to /run/vyos-hostsd
|
|
Move templates out of the daemon and add new templates.
|
|
- update copyright date
- validate incoming JSON data against a schema with voluptuous
- add usage help describing internal messages syntax at top of vyos-hostsd
- move socket and state file to directory /run/vyos-hostsd
- replace jinja2 rendering with vyos.template
- move all templates out of the executable into dedicated data/templates dirs
- move recursor.conf forward-zones-recurse to forward-zones-file
- generate lua-config-file for pdns-recursor with addNTA
- support adding custom forward zones for pdns-recursor with optional added NTA and/or recursion-desired
- move search_domains from set_host_name to separate add/delete/get commands
- unify functions to support abstracting them in the future
- track number of internal changes in "changes" variable saved in state file (informational in apply function)
- do not apply changes immediately, add apply function that applies all changes (to not reload pdns-recursor excessively for a large set of changes, users must call the apply function once at the end)
- add pdns_rec_control function that supports sending arbitrary commands to rec_control (fix pdns-recursor process name that caused the old function to think pdns-recursor was never running)
- create /run/powerdns if it doesn't exist (on boot vyos-hostsd starts before pdns-recursor but we need to put our generated conf files there)
- abstract specific command functions (add_*/del_*) into general functions to manipulate various types of data in the state variable
- add command types:
- forward_zones (generate custom forward zones for pdns-recursor)
- search_domains (move from set_host_name as dhcp client needs to change them too)
- name_server_tags_recursor (to set tags whose nameservers are added to pdns-recursor)
- name_server_tags_system (to set tags whose nameservers and search domains are added to /etc/resolv.conf)
- change hosts data format to make more sense (move tag from within each host dict to the key for a list of host dicts)
- do not remove state file when shut down cleanly, to not lose state when restarting vyos-hostsd service that's then impossible to restore without restarting the whole router - a reboot will remove the state file as it lives in a tmpfs (/run)
- remove too verbose info log on every received message
- set mode of socket to 770 to secure it against processes not in hostsd group
|
|
As part of T1595 listen-on was removed and migrated to listen-address,
but some references to it stayed in the variable names and validator
error message.
|
|
|
|
tested using:
set nat destination rule 399 description 'Redirect DNS iot VLAN'
set nat destination rule 399 destination address '!192.168.67.243-192.168.67.244'
set nat destination rule 399 destination port '53'
set nat destination rule 399 inbound-interface bond10.204
set nat destination rule 399 log
set nat destination rule 399 protocol 'tcp_udp'
set nat destination rule 399 translation address '192.168.67.243'
set nat destination rule 399 translation port '53'
set nat destination rule 400 description 'Redirect DNS lan VLAN'
set nat destination rule 400 destination address '!192.168.67.243-192.168.67.244'
set nat destination rule 400 destination port '53'
set nat destination rule 400 inbound-interface bond10.204
set nat destination rule 400 log
set nat destination rule 400 protocol 'tcp_udp'
set nat destination rule 400 translation address '192.168.67.243'
set nat destination rule 400 translation port '53'
set nat destination rule 401 description 'Redirect DNS guest VLAN'
set nat destination rule 401 destination address '!192.168.67.243-192.168.67.244'
set nat destination rule 401 destination port '53'
set nat destination rule 401 inbound-interface bond10.204
set nat destination rule 401 log
set nat destination rule 401 protocol 'tcp_udp'
set nat destination rule 401 translation address '192.168.67.243'
set nat destination rule 401 translation port '53'
|
|
|
|
|
|
|
|
* 'serial-console' of github.com:c-po/vyos-1x:
console: T2569: run VGA console powersave on tty1
console: T2569: replicate console settings to grub.cfg
Debian: fix warning about undefined substitution variables
console: T2569: only start serial console if device exists
console: T2529: migrate from ttyUSB device to new device in /dev/serial/by-bus
console: T2570: remove support for Hayes Modems
netconsole: T2561: use migrator to delete config nodes
console: T2569: initial implementation with XML and Python
|
|
|
|
|
|
warning: Depends field of package vyos-1x: substitution variable
${shlibs:Depends} used, but is not defined
warning: Depends field of package vyos-1x-vmware: substitution variable
${shlibs:Depends} used, but is not defined
Remove variables from dependency list as we have explicit non architecture
dependend dependencies.
|
|
BFD: T2573: Fixed show command for BFD peers
|
|
As vtysh does not have a vrf option for "show bfd peer" command, the vrf part will be cut before passing a line to the vtysh.
|
|
1xppp09062020
|
|
|
|
|
|
Only start console if it exists on the running system. If a user detaches a
USB serial console and reboots - it should not fail!
|
|
During testing it was discovered that there is a well known problem (we had for
ethernet interfaces) also in the serial port world. They will be enumerated and
mapped to /dev/ttyUSBxxx differently from boot to boot. This is especially
painful on my development APU4 board which also has a Sierra Wireless MC7710
LTE module installed.
The serial port will toggle between ttyUSB2 and ttyUSB5 depending on the
amount of serial port extenders attached (FT4232H).
The shipped udev rule (/usr/lib/udev/rules.d/60-serial.rules) partly solves
this by enumerating the devices into /dev/serial/by-id folder with their name
and serial number - it's a very good idea but I've found that not all of the
FT4232H dongles have a serial number programmed - this leads to the situation
that when you plug in two cables with both having serial number 0 - only one
device symlink will appear - the previous one is always overwritten by the
latter one.
Derive /usr/lib/udev/rules.d/60-serial.rules and create a /dev/serial/by-bus
directory and group devices by attached USB root port.
|
|
Support for Hayes modems has been long gone (1.2.x) and nobody cared. It was
removed in commit d582bbaf3 ("update console settings for systemd") of
vyatta-cfg-system.
So as there have been zero complaints - cleanup the CLI.
|
|
The current implementation only works once the system has been fully booted
up and the config nodes have been process. So there is no "early" kernel
debugging. It is started with priority 400 (after all network stuff) - thus it
has a questionable at all for Kernel debugging.
It would only make sense if the entire system is changed to supply the config
stuff to the Kernel commandline and then send it to a dedicated MAC address
target as network will be initialized late.
As there are zero Phabricator tasks available and we do not know any user using
this - the "feature" will be removed.
|
|
Migrate the serial console subsystem to XML and Python.
|
|
|
|
T2559: Make the sensors automatically load necessary modules
|
|
|
|
l2tp: T2565: Add missing gw-ip-address
|
|
|
|
|
|
Instead of using "show version" as catch-all command for information rather
add "show system cpu" op-mode command which is analogous to "show system memory"
which deals with RAM.
|
|
|
|
Commit 1c7d7cbd39 ("wwan: T2529: migrate device from ttyUSB to usbXbY.YpZ.Z")
added a new completion helper path for USB based serial interfaces. If no USB
based serial port was available on the system this produced the following
error: "ls: cannot access '/dev/serial/by-bus': No such file or directory"
Only list USB based serial interfaces if there is at least one connected to
the system.
|
|
Commit 886a986a122e ("isis: T2495: exclude generated nodes from package") missed
calling rm -rf, instead only rm -f was called leaving the directory intact.
|
|
* 'udev' of github.com:c-po/vyos-1x:
usb: op-mode: T2560: display USB interface information
pppoe: op-mode: T2488: retrieve log info from journalctl
wwan: op-mode: T2488: retrieve log info from journalctl
wwan: T2241: interface is not bond- or bridgeable
wwan: T2488: remove generation of dedicated logfile
wwan: T2529: migrate device from ttyUSB to usbXbY.YpZ.Z
udev: T2490: add persistent USB device files
|