Age | Commit message (Collapse) | Author |
|
Also add ipv6-next-hop peer-address
|
|
|
|
|
|
|
|
ipsec prefix: T4275: Fix for prefix val_help of remote-access and s2s vpn
|
|
* Removed `/var/log/auth.log` and `/var/log/messages` from
`/etc/logrotate.d/rsyslog`, because they conflict with VyOS-controlled
items what leads to service error.
* Removed generation config file for `/var/log/messages` from
`system-syslog.py` - this should be done from `syslom logs` now.
* Generate each logfile from `system syslog file` to a dedicated
logrotate config file.
* Fixed logrotate config file names in
`/etc/rsyslog.d/vyos-rsyslog.conf`.
* Added default logrotate settins for `/var/log/messages`
|
|
It accepts network as the input value but the completion help is showing
ip address, continuation of previous commit
|
|
|
|
|
|
|
|
|
|
|
|
Commit 0e23fc10 ("interface: T4203: switch to new recursive node_changed()
implementation") switched to a new implementation to retrieve nested changes
under a CLI node. Unfortunately the new API was not called - instead the
old one was used.
|
|
|
|
|
|
|
|
|
|
configdiff: T4260: add support for diff_tree class
|
|
Add support for the configtree diff algorithm. A new function
ConfigDiff().is_node_changed(path) -> bool
is added to recursively detect changes in the tree below the node at
path; existing functions take the keyword argument 'recursive: bool' to
apply the algorithm in place of the existing, non-recursive, comparison.
|
|
T4235: changes to interface of diff_tree class
|
|
It should be possible to send the gathered data via a VRF bound interface to
the collector. This is somehow related to T3981 but it's the opposite side of
the netflow process.
set system flow-accounting vrf <name>
|
|
ipsec prefix: T4275: Incorrect val_help for local/remote prefix in site-to-site ipsec vpn
|
|
The DiffTree class maintains both the 'sub'(-tract) configtree,
containing all paths in the LHS of the comparison that are not in the
RHS, and the 'delete' configtree: the delete tree is the minimal subtree
containing only the first node of a path not present in the RHS. It is
the delete tree that is needed to produce 'delete' commands for config
mode, whereas the 'sub' tree contains full information, needed for
recursively detecting changes to a node.
|
|
|
|
The return value of diff_tree is now a single config_tree, with initial
children of names: ["add", "delete", "inter"] containing the config
sub-trees of added paths; deleted paths; and intersection, respectively.
The simplifies dumping to json, and checking existence of paths, hence,
of node changes.
|
|
|
|
It accepts network as the input value but the completion help is showing
ip address
|
|
RADIUS authentication can be handled by a variety of mechanisms,
including proxy for 2FA systems requiring user interaction with a
separate device, token acquisition, or other time-consuming action.
Given the delays required for certain 2FA implementations, a thirty
second timeout can range from onerous to untenable. Accomodate the
2FA time requirements by extending the hard-coded RADIUS time limit
from 30 seconds to 240.
Co-authored-by: RageLtMan <rageltman [at] sempervictus>
|
|
After hardning the regex validator to be preceeded with ^ and ending with $
it was no longer possible to have a comma separated list as SSH ciphers. The
migrations cript is altered to migrate the previous comma separated list
to individual multi node entries - cipher and key-exchange always had been
multinodes - so this just re-arranges some values and does not break CLI
compatibility
|
|
|
|
(cherry picked from commit 2fd5eea801bb524c12217c26d98c44a819b2086e)
|
|
|
|
|
|
|
|
Instead of hardcoding the default behavior inside the Jinaj2 template, all
defaults are required to be specified inside teh XML definition. This is
required to automatically render the appropriate CLI tab completion commands.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Since introducing the XML <defaultValue> node it was common, but redundant,
practice to also add a help string indicating which value would be used as
default if the node is unset.
This makes no sense b/c it's duplicated code/value/characters and prone to
error. The node.def scripts should be extended to automatically render the
appropriate default value into the CLI help string.
For e.g. SSH the current PoC renders:
$ cat templates-cfg/service/ssh/port/node.def
multi:
type: txt
help: Port for SSH service (default: 22)
val_help: u32:1-65535; Numeric IP port
...
Not all subsystems are already migrated to get_config_dict() and make use of
the defaults() call - those subsystems need to be migrated, first before the new
default is added to the CLI help.
|
|
|
|
|
|
When changing "general" parameters like:
- interface IP address
- MTU
- description
the interface is destroyed and recreated ... this should not happen!
|
|
If a valueLess node is added or removed from the CLI, a call to
leaf_node_changed() will not detect it.
If node is valueLess, on change old or new (depending on addition or deletion)
will be {} and is treated as None.
Add handler for this special case where old or new is an instance of a
dictionary but empty.
|
|
ipsec: T1856: Ability to set SA life bytes and packets
|
|
T2719: initial batch of standardized structure op mode scripts
|
|
T4115:Reboot:Options "in" and "at" are not working as expected
|
|
ipsec: T3948: Add CLI site-to-site peer connection-type none
|