summaryrefslogtreecommitdiff
path: root/data/templates/snmp
AgeCommit message (Collapse)Author
2021-01-13ssh: T3212: do not make /run/sshd directory disappear on failureChristian Poessinger
(cherry picked from commit 57fca79636b783dc4be2df1bc1ff12a0ce79d988)
2020-11-28vyos.template: T2720: fix remaining in-line time_block syntaxChristian Poessinger
Commit a2ac9fac ("vyos.template: T2720: always enable Jinja2 trim_blocks feature") globally enabled the trim_blocks feature. Some templates still used in-line trim_blocks "{%"- or "-%}" which caused miss-placed line endings. This is fixed by removing all in-line trim_block statememnts of Jinja2 templates.
2020-07-11snmp: T2687: precalculate snmpv3 encrypted keysChristian Poessinger
As of now when adding new credentials for any SNMPv3 user we submit the credential either plaintext or encrypted. A plaintext credential will be hashed by SNMPd in the background and then passed back into the CLI so it's not stored in cleartext. This feels like the wrong way in changing the CLI content with data produced by a 3rd party daemon which implements the service. It feels like the tail wiggles the entire dog. This should be changed in the following way: - After retrieving the plaintext password from CLI, use Python to hash the key in advance - Re-populate the encrypted key into the CLI and drop the plaintext one - Generate service configuration and continue startup of SNMPd This also fixes a race condition when SNMPd started up but not properly provided the hasehd keys in the configuration resulting in a ConfigurationError. Now as we also support binding SNMPd to a VRF this fixes a deadlock situation on bootup as we can only bind late to the VRF and require up to 5 restarts of the service - but the service will never start.
2020-07-04snmp: vrf: T2682: support restart on failure indefinitely.Christian Poessinger
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
2020-06-13snmp: T2321: add VRF supportChristian Poessinger
2020-04-05snmp: T2230: move inlined templates to dedicated filesChristian Poessinger