summaryrefslogtreecommitdiff
path: root/op-mode-definitions
AgeCommit message (Collapse)Author
2024-01-21dns: T5959: Streamline dns forwarding serviceIndrajit Raychaudhuri
Streamline configuration and operation of dns forwarding service in following ways: - Remove `dns_forwarding_reset.py` as its functionality is now covered by `dns.py` - Adjust function names in `dns.py` to disambiguate between DNS forwarding and dynamic DNS - Remove `dns_forwarding_restart.sh` as its functionality is inlined in `dns-forwarding.xml` - Templatize systemd override for `pdns-recursor.service` and move the generated override files in /run. This ensures that the override files are always generated afresh after boot - Simplify the systemd override file by removing the redundant overrides - Relocate configuration path for pdns-recursor to `/run/pdns-recursor` and utilize the `RuntimeDirectory` default that pdns-recursor expects - We do not need to use custom `--socket-dir` path anymore, the default path (viz., `/run/pdns-recursor` is fine)
2024-01-19op-mode: xml: remove executable bit from XML definitionChristian Breunig
2024-01-11T5919: firewall: fix <show firewall ipv6 ..> commandNicolas Fort
2024-01-10T5915:firewall: re-add opmode command for zone based firewallNicolas Fort
2024-01-07Merge pull request #2758 from c-po/certbot-T5886Christian Breunig
pki: T5886: add support for ACME protocol (LetsEncrypt)
2024-01-06op-mode: T5904: add "show ipv6 route vrf <name> <prefix>" commandChristian Breunig
We've always had a command to display discrete IPv6 routes/prefixes within the global VRF. This commit also adds support for a discrete VRF. vyos@vyos:~$ show ipv6 route vrf <name> Possible completions: <Enter> Execute the current command <h:h:h:h:h:h:h:h> Show IPv6 routes of given address or prefix <h:h:h:h:h:h:h:h/x>
2024-01-06pki: T5886: add op-mode commands for log and renewalChristian Breunig
* show log certbot * monitor log certbot * renew certbot
2024-01-03op-mode: T5890: Fix arguments passed to generate_system_login_user.pyMatthew Kobayashi
2024-01-02op-mode: T5884: correct "generate wireguard" help stringhwlnx
2023-12-30T3476: Add option latest to add system imageViacheslav Hletenko
Add option `latest` for op-mode command `add system image` If the update check is configured we can get the remote `latest` version from conrfgure URL ``` set system update-check url 'https://example.com/version.json' ``` This way we can use "latest" option for image update: ``` add system image latest ```
2023-12-28op-mode: T5866: Add command to restart IPv6 RA daemonChristian Breunig
vyos@vyos:~$ restart router-advert
2023-12-20T2898: add ndp-proxy serviceChristian Breunig
VyOS CLI command set service ndp-proxy interface eth0 prefix 2001:db8::/64 mode 'static' Will generate the following NDP proxy configuration $ cat /run/ndppd/ndppd.conf # autogenerated by service_ndp-proxy.py # This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route route-ttl 30000 # This sets up a listener, that will listen for any Neighbor Solicitation # messages, and respond to them according to a set of rules proxy eth0 { # Turn on or off the router flag for Neighbor Advertisements router no # Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds) timeout 500 # Control how long a valid or invalid entry remains in the cache (milliseconds) ttl 30000 # This is a rule that the target address is to match against. If no netmask # is provided, /128 is assumed. You may have several rule sections, and the # addresses may or may not overlap. rule 2001:db8::/64 { static } }
2023-12-11srv6: T591: initial implementation to support locator definitionChristian Breunig
VyOS CLI set protocols segment-routing srv6 locator bar prefix '2001:b::/64' set protocols segment-routing srv6 locator foo behavior-usid set protocols segment-routing srv6 locator foo prefix '2001:a::/64' Will generate in FRR segment-routing srv6 locators locator bar prefix 2001:b::/64 block-len 40 node-len 24 func-bits 16 exit ! locator foo prefix 2001:a::/64 block-len 40 node-len 24 func-bits 16 behavior usid exit ! exit ! exit ! exit
2023-12-11bgp: T591: add SRv6 support from FRRChristian Breunig
set protocols bgp sid vpn per-vrf export '99' set protocols bgp srv6 locator 'foo' set protocols bgp system-as '100' Will generate in FRR config router bgp 100 no bgp ebgp-requires-policy no bgp default ipv4-unicast no bgp network import-check ! segment-routing srv6 locator foo exit sid vpn per-vrf export 99 exit
2023-12-09Merge pull request #1960 from sarthurdev/keaChristian Breunig
dhcp: T3316: Migrate dhcp/dhcpv6 server to Kea
2023-12-08git: T5803: Adjust git configuration for baseline defaultsIndrajit Raychaudhuri
Apply baseline defaults for `.gitattributes` and `.vscode/settings.json` for improved developer experience. The `.gitattrbutes` settings are based on: Git documentation (https://git-scm.com/docs/gitattributes#_effects) GitHub documentation (https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings) Community templates (https://github.com/gitattributes/gitattributes) Since editor-agnostic line-ending specific settings are applied to `.gitattributes`, they can be removed from `.vscode/settings.json`. The global VSCode defaults have also been removed to avoid duplication.
2023-12-08Merge pull request #2584 from c-po/T4943-google-authenticatorChristian Breunig
login: T4943: use pam-auth-update to enable/disable Google authenticator
2023-12-08login: T4943: use pam-auth-update to enable/disable Google authenticatorChristian Breunig
The initial version always enabled Google authenticator (2FA/MFA) support by hardcoding the PAM module for sshd and login. This change only enables the PAM module on demand if any use has 2FA/MFA configured. Enabling the module is done system wide via pam-auth-update by using a predefined template. Can be tested using: set system login user vyos authentication plaintext-password vyos set system login user vyos authentication otp key 'QY735IG5HDHBFHS5W7Y2A4EM274SMT3O' See https://docs.vyos.io/en/latest/configuration/system/login.html for additional details.
2023-12-08dhcp: T3316: Migrate dhcp/dhcpv6 server to Keasarthurdev
2023-12-07Merge pull request #2583 from srividya0208/ipv6_ospfv3Christian Breunig
op-mode: T5808: Correction of description for ipv6 ospfv3 graceful-restart
2023-12-07op-mode: T5808: Correction of description for ipv6 ospfv3 graceful-restartsrividya0208
2023-12-07Merge pull request #2551 from nicolas-fort/T5778Daniil Baturin
T5778: dhcp server: fix op-mode command
2023-11-30T5778: dhcp server: fix op-mode command <show dhcp server leases ...>.Nicolas Fort
2023-11-27image-tools: T5751: normalize args using hyphen instead of underscoreJohn Estabrook
2023-11-22Merge pull request #2499 from c-po/t5753-vxlan-vnifilterChristian Breunig
vxlan: T5753: add support for VNI filtering
2023-11-18vxlan: T5753: add support for VNI filteringChristian Breunig
In a service provider network a service provider typically supports multiple bridge domains with overlapping vlans. One bridge domain per customer. Vlans in each bridge domain are mapped to globally unique VXLAN VNI ranges assigned to each customer. Without the ability of VNI filtering, we can not provide VXLAN tunnels with multiple tenants all requiring e.g. VLAN 10. To Test: set interfaces vxlan vxlan987 parameters external set interfaces vxlan vxlan987 source-interface eth0 set interfaces vxlan vxlan987 parameters vni-filter set interfaces vxlan vxlan987 vlan-to-vni 50 vni 10050 set interfaces vxlan vxlan987 vlan-to-vni 51 vni 10051 set interfaces vxlan vxlan987 vlan-to-vni 52 vni 10052 set interfaces vxlan vxlan987 vlan-to-vni 53 vni 10053 set interfaces vxlan vxlan987 vlan-to-vni 54 vni 10054 set interfaces vxlan vxlan987 vlan-to-vni 60 vni 10060 set interfaces vxlan vxlan987 vlan-to-vni 69 vni 10069 set interfaces bridge br0 member interface vxlan987 Add new op-mode command: show bridge vni Interface VNI ----------- ----------- vxlan987 10050-10054 vxlan987 10060 vxlan987 10069
2023-11-18Merge pull request #2500 from sever-sever/T5749Christian Breunig
T5749: Swap show interfaces and show interfaces summary
2023-11-17T5749: Swap show interfaces and show interfaces summaryViacheslav Hletenko
By default show VRF, MAC, MTU for `show interfaces` The original `show interfaces` moved to `show interfacces summary`
2023-11-16Merge pull request #1768 from zdc/T4516-sagittaJohn Estabrook
image: T4516: Added system image tools
2023-11-16image: T4516: restore select entry to set/delete imageJohn Estabrook
2023-11-16Merge pull request #2491 from sever-sever/T5747Christian Breunig
T5747: op-mode add show interfaces summary
2023-11-16T5747: op-mode add MAC and MTU for show interfaces summaryViacheslav Hletenko
Add op-mode "show interfaces summary" Add MAC, VRF and MTU options: vyos@r4# run show interfaces summary Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1 eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2 eth3 - 52:54:00:09:a4:b4 default 1500 A/D
2023-11-15op-mode: vrf: T5150: add "show vrf vni" and "show vrf <name> vni" commandsChristian Breunig
vyos@vyos:~$ show vrf vni VRF VNI VxLAN IF L3-SVI State Rmac blue 2000 None None Down None green 3000 None None Down None red 1000 None None Down None vyos@vyos:~$ show vrf blue vni VRF VNI VxLAN IF L3-SVI State Rmac blue 2000 None None Down None
2023-11-15image: T4516: Added system image toolszsdc
This commit adds the whole set of system image tools written from the scratch in Python that allows performing all the operations on images: * check information * perform installation and deletion * versions management Also, it contains a new service that will update the GRUB menu and keep tracking its version in the future. WARNING: The commit contains non-reversible changes. Because of boot menu changes, it will not be possible to manage images from older VyOS versions after an update.
2023-11-13pim6: T5733: add missing FRR PIM6 related featuresChristian Breunig
2023-11-13pim: T5733: fix CLI level of global PIM commandsChristian Breunig
2023-11-13igmp: T5736: migrate "protocols igmp" to "protocols pim"Christian Breunig
IGMP and PIM are two different but related things. FRR has both combined in pimd. As we use get_config_dict() and FRR reload it is better to have both centrally stored under the same CLI node (as FRR does, too) to just "fire and forget" the commit to the daemon. "set protocols igmp interface eth1" -> "set protocols pim interface eth1 igmp"
2023-11-13pim: T5733: add missing FRR PIM related featuresChristian Breunig
Migrate CLI configuration retrival to common get_config_dict(). In addition add new functionality to VyOS that is PIM related and already available in FRR.
2023-11-12op-mode: T5658: fix "monitor traceroute" completion helperChristian Breunig
2023-11-09op-mode: T5658: adjust "monitor traceroute" CLI argument indexChristian Breunig
2023-11-09op-mode: T5658: add VRF support for "monitor traceroute"bbabich
2023-11-09T1797: Remove vpp packages and mentionsViacheslav Hletenko
2023-11-06mdns: T5719: Add op-mode commands to mDNS repeaterIndrajit Raychaudhuri
The following ones are available now: - restart mdns repeater - show log mdns repeater - monitor log mdns repeater
2023-11-06op-mode: bgp: T5698: add "es-vrf" and "next-hops" CLI commandsChristian Breunig
show bgp l2vpn evpn es-vrf show bgp l2vpn evpn next-hops
2023-11-06op-mode: bgp: T5698: fix "rd" route-distinguisher help stringChristian Breunig
2023-10-29Merge pull request #2408 from nicolas-fort/T5513-show-fwallChristian Breunig
T5513: firewall: update op-mode command show firewall.
2023-10-29op-mode: T5661: add "monitor ssh dynamic-protection" command to follow the ↵Christian Breunig
logfile
2023-10-29op-mode: T5661: remove call to sudo in ssh.py and move it to XML definitionChristian Breunig
Try to have as few calls to sudo in the op-mode scripts as possible. The XML definitions can deal with it.
2023-10-29op-mode: T5661: use common journalctl syntax for sshguardChristian Breunig
This makes the code more easy to maintain in the future if everyone uses the same structure when calling journalctl.
2023-10-26Merge pull request #2369 from JeffWDH/currentDaniil Baturin
T5661: Add show show ssh dynamic-protection attacker and show log ssh…