Age | Commit message (Collapse) | Author |
|
|
|
|
|
As of now when adding new credentials for any SNMPv3 user we submit the
credential either plaintext or encrypted. A plaintext credential will be hashed
by SNMPd in the background and then passed back into the CLI so it's not stored
in cleartext. This feels like the wrong way in changing the CLI content with
data produced by a 3rd party daemon which implements the service.
It feels like the tail wiggles the entire dog.
This should be changed in the following way:
- After retrieving the plaintext password from CLI, use Python to hash the key
in advance
- Re-populate the encrypted key into the CLI and drop the plaintext one
- Generate service configuration and continue startup of SNMPd
This also fixes a race condition when SNMPd started up but not properly
provided the hasehd keys in the configuration resulting in a ConfigurationError.
Now as we also support binding SNMPd to a VRF this fixes a deadlock situation
on bootup as we can only bind late to the VRF and require up to 5 restarts of
the service - but the service will never start.
|
|
Match the full input string in regex validation. Previosly "sha123456" was
allowed by the validator but we only support "sha".
|
|
|
|
Commit 65fa21f5e ("ifconfig: T2653: move pppoe interface to get_config_dict()")
directly takes the configuration keys from the CLI config and thus the keys
used for template generation have not been updated appropriately.
|
|
pppoe: ipv6: T2693: Fix a bug in dhcp6c for PPPoE
|
|
Commit 03fb97 (pppoe: ipv6: T2681: script bugfix after get_config_dict() migration )
After the PPPoE link is reset, dhcp6c cannot be restarted,
which may cause the prefix delegation of IPv6 to fail to restart.
This submission will restart dhcp6c after the IPv6 of PPPoE is up again
|
|
When migrating the conf from VyOS 1.2 to 1.3 a configuration error could appear
if the user specified "info" as loglevel instead of "INFO". There was no input
validation done in 1.2 but this is now enforced in 1.3.
In VyOS 1.3 loglevel will be always lowercase on the CLI and when migrating the
config this is transformed. Also VyOS 1.2 accpeted any arbitrary loglevel. If
an invalid loglevel is found it will be set to info.
|
|
xml: T2582: rename xml tags
|
|
The current use of () does not allow to use found()
Converting to [] like all other tags
|
|
Commit 65fa21f5 ("ifconfig: T2653: move pppoe interface to get_config_dict()")
did not rename the Jinja2 template vars as required as they are not retrieved
directly as dict from the config backend.
|
|
ids: T2659: Add priority after bgp for correct service starting
|
|
|
|
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary
reason. After restarting SSH to often (rate-limiting) it is blocked by systemd.
Using Restart/RestartSec is not enough - systemd services use start rate
limiting (enabled by default). If service is started more than StartLimitBurst
times in StartLimitIntervalSec seconds is it not permitted to start any more.
Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and
DefaultStartLimitBurst (default 5).
|
|
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary
reason. After restarting SSH to often (rate-limiting) it is blocked by systemd.
Using Restart/RestartSec is not enough - systemd services use start rate
limiting (enabled by default). If service is started more than StartLimitBurst
times in StartLimitIntervalSec seconds is it not permitted to start any more.
Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and
DefaultStartLimitBurst (default 5).
|
|
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary
reason. After restarting SSH to often (rate-limiting) it is blocked by systemd.
Using Restart/RestartSec is not enough - systemd services use start rate
limiting (enabled by default). If service is started more than StartLimitBurst
times in StartLimitIntervalSec seconds is it not permitted to start any more.
Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and
DefaultStartLimitBurst (default 5).
|
|
VRFs should be created as early as possible.
|
|
|
|
|
|
ids: T2659: Add get_first_key to get_config_dict
|
|
|
|
ids: T2659: Implement fastnetmon support
|
|
|
|
|
|
|
|
|
|
NTP configuration file requires the IP address and a netmask for client
subnets but the CLI will only provide a prefix based ntoation. Use custom,
reusable JInja2 template to transform a CIDR based prefix into its address
and netmask portion for IPv4 and IPv6.
Jinja2 custom filters are regular python functions - thus they can be re-used
directly when e.g. verifying the configuration in vyos-smoketests.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
T2638: FRR: New framework for configuring FRR
|
|
tunnel: T2649: ConfigurationState, do not inherit from Config
|
|
|
|
|
|
This commit adds the python module vyos.frr that support reading and modifying the frr cofiguration.
Functions
get_configuration() :
Collects the configuration from FRR and returns it as a string
reload_configuration() :
uses frr-reload.py to activate a new configuration.
The configuration applied will overwrite the current configuration.
mark_configuration() :
Does syntax check/validation and add "end" tags to the configuration
The marked configuration will be returned as a string
A syntax fault will render an Exception
execute() :
Execute a command inside vtysh
configure() :
Executes a command in vtysh config mode
replace_section() / _replace_section() :
Adds the ability to replace a section of frr code
remove_section() :
Removes the specified configuration block from the config
For now this supports replacing complete config sub-blocks of configuration and selecting the daemon
to replace inside. This should work for most daemons, but static routing will still be an issue because
this is not a separate sub-config mode
|
|
|
|
|
|
xml: T2660: do replace - with _ for defaults when not flattening
|
|
|
|
|
|
|
|
|