summaryrefslogtreecommitdiff
path: root/op-mode-definitions
AgeCommit message (Collapse)Author
2024-07-31Merge pull request #3907 from vyos/mergify/bp/sagitta/pr-3715fett0
T6313: Add "NAT" to "generate" command for rule resequence (backport #3715)
2024-07-30system: op-mode: T3334: allow delayed getty restart when configuring serial ↵Andrew Topp
ports * Created op-mode command "restart serial console" * Relocated service control to vyos.utils.serial helpers, used by conf- and op-mode serial console handling * Checking for logged-in serial sessions that may be affected by getty reconfig * Warning the user when changes are committed and serial sessions are active, otherwise restart services as normal. No prompts issued during commit, all config gen/commit steps still occur except for the service restarts (everything remains consistent) * To apply committed changes, user will need to run "restart serial console" to complete the process or reboot the whole router * Added additional flags and target filtering for generic use of helpers. (cherry picked from commit bc9049ebd76576d727fa87b10b96d1616950237c)
2024-07-30T6313: Add "NAT" to "generate" command for rule resequencekhramshinr
(cherry picked from commit 142545b0535d0a994182389c99b7bcd6d7c37c24)
2024-07-15op-mode: T6575: add support for NTP service restart via CLIChristian Breunig
This seemed to be arround in the early days, but is not available since at least VyOS 1.3.3. Add CLI helper to restart the NTP process (chrony). (cherry picked from commit ca4f4343999bdbd8450ef952f42062877d6f3bab)
2024-07-11op-mode: T6566: add support for listing all interfaces in "monitor bandwidth"Christian Breunig
Right now we can only monitor the bandwidth for one individual interface, but not all at once. This adds support to monitor all interfaces. (cherry picked from commit 7704af0c4454725e8c67138e5cabab3328bde0f8)
2024-06-29op-mode: T6524: rewrite "release dhcp(v6) interface" to new op-mode formatChristian Breunig
(cherry picked from commit 5ade35255b3d8438aa6082fe56ae459d50cdc0a5)
2024-06-24Merge pull request #3651 from vyos/mergify/bp/sagitta/pr-3645Christian Breunig
op-mode: T6480: must call pki.py helper as root to work with ACME certificates (backport #3645)
2024-06-22Merge pull request #3704 from vyos/mergify/bp/sagitta/pr-3702Christian Breunig
op-mode: T6503: "restart ssh" command not working (backport #3702)
2024-06-22op-mode: T6503: "restart ssh" command not workingChristian Breunig
Commit e5af1f090 ("ssh: T6192: allow binding to multiple VRF instances") switched the systemd unit file from ssh.service to ssh@*.service, this change was not reflected in the "restart ssh" op-mode command. (cherry picked from commit 059eb3a137a75d502632174cc028b81f49152782)
2024-06-14op-mode: T6480: must call pki.py helper as root to work with ACME certificatesChristian Breunig
This is an addition to commit 65fba1cd2 ("op-mode: T6377: must call pki.py helper as root to work with ACME certificates") which missed out the basic "show pki" command, as the <command> XML node was deep down in the view. (cherry picked from commit 9456113a202f98a777d44c756f7f51c95b1df027)
2024-06-14op-mode: T6407: "generate pki" missed to mangle in ACME certificates when ↵Christian Breunig
required If the requested certificate to generate an Apple IOS profile was based on an ACME certificate, we also need to mangle in the ACME certs content to retrieve the certificates issuer name. (cherry picked from commit 1bc67d498c4d71da78aa46d1d2f9fe9752f59860)
2024-06-11wireless: T6462: add op-mode command for hostapd and wpa_supplicant logsChristian Breunig
* monitor log wireless hostapd [interface <name>] * monitor log wireless wpa-supplicant [interface <name>] * show log wireless hostapd [interface <name>] * show log wireless wpa-supplicant [interface <name>] (cherry picked from commit 7ed4abe6cb3886889190f1f7a80c0229fd3a9c78)
2024-06-05T6431: op-mode command monitor traceroute missing recursive symlinkAndrew Topp
Likely this was copied from mtr in the past but the symlink wasn't added to the Makefile. I've also swapped the completion help text around to match the commands. (cherry picked from commit de1479b06cb9b292fe4919c5949f3d3599ea11c7)
2024-05-30op-mode: T5231: add command to restart reverse-proxyChristian Breunig
(cherry picked from commit 2980eb0ad527f0ef0f1527c0ea97842ca2a8ede5)
2024-05-26op-mode: T6377: must call pki.py helper as root to work with ACME certificatesChristian Breunig
This fixes the error: vyos@vyos:~$ show pki certificate Traceback (most recent call last): File "/usr/lib/python3/dist-packages/vyos/config.py", line 111, in config_dict_mangle_acme tmp = read_file(f'{vyos_certbot_dir}/live/{name}/cert.pem') ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 44, in read_file raise e File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 38, in read_file with open(fname, 'r') as f: ^^^^^^^^^^^^^^^^ PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/vyos/cert.pem' (cherry picked from commit 65fba1cd27af67c543e120effc12882bd0191f03)
2024-05-21T6375: Fix/Update NAT loggingl0crian1
Fixed broken logging for "show log nat" Added the following commands: show log nat source show log nat source rule <ruleNum> show log nat destination nat show log nat destination nat rule <ruleNum> show log nat static show log nat static rule <ruleNum> (cherry picked from commit 5cb9b84bd9ce909460d8da7f039d9371143ede6c)
2024-05-21op-mode: T6367: fix "force commit-archive" TypeErrorChristian Breunig
/usr/bin/config-mgmt requires an argument OR to be symbolically linked to *commit-revision or *commit-archive, for which it interprets argv[0] through the useful trickery: https://github.com/vyos/vyos-1x/blob/current/python/vyos/config_mgmt.py#L693-L700 Traceback (most recent call last): File "/usr/bin/config-mgmt", line 33, in <module> sys.exit(load_entry_point('vyos==1.3.0', 'console_scripts', 'config-mgmt')()) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/config_mgmt.py", line 746, in run func = getattr(config_mgmt, args['subcommand']) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TypeError: attribute name must be string, not 'NoneType' (cherry picked from commit 0d6e44179bae5f73d37502884194656b34b1c4f9)
2024-05-16T6335: Add/Update EVPN op commandsl0crian1
Converted completion helpers from python to bash for performance Previous commit: Added the following commands: show evpn show evpn es show evpn es <es-id> show evpn es detail show evpn es-evi show evpn es-evi detail show evpn es-evi vni <num> show evpn vni show evpn vni detail show evpn vni <num> Updated the following commands: show evpn access-vlan show evpn arp-cache show evpn mac show evpn next-hops show evpn rmac (cherry picked from commit 3917e3e9f985063ab7419c903f6019116224f640)
2024-05-16T6335: Add/Update EVPN op commandsl0crian1
Added the following commands: show evpn show evpn es show evpn es <es-id> show evpn es detail show evpn es-evi show evpn es-evi detail show evpn es-evi vni <num> show evpn vni show evpn vni detail show evpn vni <num> Updated the following commands: show evpn access-vlan show evpn arp-cache show evpn mac show evpn next-hops show evpn rmac (cherry picked from commit c6be441c86bc8fe2e938e2bd3c85f99071cbfb49)
2024-05-16T4519: Switch to display DUIDNicolas Vollmar
2024-05-10image-tools: T6184: add op-mode set boot-consoleJohn Estabrook
(cherry picked from commit eb281199ba35de52a8a97146dfc063e557755648)
2024-05-04op-mode: T6291: add LACP related commandsl0crian1
show interfaces bonding lacp detail show interfaces bonding <bondif> lacp detail show interfaces bonding <bondif> lacp neighbors Co-authored-by: l0crian1 <ryan.claridge13@gmail.com> (cherry picked from commit 0c2bf3192382cffc5ed2dcead3889c332a48820f)
2024-05-02netns: T6295: disable incomplete support in VyOS 1.4 sagittaChristian Breunig
The netns support currently available on the VyOS CLI is only a proof-of-technology, we have no real support for any service behind it. In order to not confuse anyone on the LTS branch we decided to remove the netns option for interfaces until there is a proper usecase and implementation available.
2024-05-02ntp: T4909: Rewrite NTP op mode in new formatGinko
ntp: T4909: Rewrite NTP op mode in new format Adapts ntp.xml.in to reference new ntp.py file Add ntp.py Adds a check to ntp.py to verify if the ntp service is configured Adds raw mode to ntp.py For raw output, replaces the original method of parsing the command line output FROM re.split+regex TO csv.reader. Separates chrony commands into equivalent functions show_tracking, show_sources, source_sourcestats and show_activity Revises the names of raw dictionary keys variables to be lowercase Corrects a comment typo and renames function name used for raw mode (cherry picked from commit d2a82c30695c2f4265dc5ca2165d27d5aa3e2cef)
2024-04-06 modified: op-mode-definitions/firewall.xml.inl0crian1
- Added show firewall <sections> detail paths modified: src/op_mode/firewall.py - Added Description as a header to normal "show firewall" commands - Added 'detail' view which shows the output in a list key-pair format Description column was added for these commands and their subsections: show firewall statistics show firewall groups show firewall <family> Detail view was added for these commands: show firewall bridge forward filter detail show firewall bridge forward filter rule <rule#> detail show firewall bridge name <chain> detail show firewall bridge name <chain> rule <rule#> detail show firewall ipv4 forward filter detail show firewall ipv4 forward filter rule <rule#> detail show firewall ipv4 input filter detail show firewall ipv4 input filter rule <rule#> detail show firewall ipv4 output filter detail show firewall ipv4 output filter rule <rule#> detail show firewall ipv4 name <chain> detail show firewall ipv4 name <chain> rule <rule#> detail show firewall ipv6 forward filter detail show firewall ipv6 forward filter rule <rule#> detail show firewall ipv6 input filter detail show firewall ipv6 input filter rule <rule#> detail show firewall ipv6 output filter detail show firewall ipv6 output filter rule <rule#> detail show firewall ipv6 name <chain> detail show firewall ipv6 name <chain> rule <rule#> detail show firewall group detail show firewall group <group> detail (cherry picked from commit 025438ccacc654274efbd3bea8b13fcc73ae08b6)
2024-03-28op-mode: T6175: "renew dhcp interface <name>" does not check for DHCP interfaceChristian Breunig
The current op-mode script simply calls sudo systemctl restart "dhclient@$4.service" with no additional information about a client interface at all. This results in useless dhclient processes root 47812 4.7 0.0 5848 3584 ? Ss 00:30 0:00 /sbin/dhclient -4 -d root 48121 0.0 0.0 4188 3072 ? S 00:30 0:00 \_ /bin/sh /sbin/dhclient-script root 48148 50.0 0.2 18776 11264 ? R 00:30 0:00 \_ python3 - Which also assign client leases to all local interfaces, if we receive one valid DHCPOFFER vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- eth0 - 00:50:56:bf:c5:6d default 1500 u/u eth0.10 172.16.33.102/24 00:50:56:bf:c5:6d default 1500 u/u eth1 172.16.33.131/24 00:50:56:b3:38:c5 default 1500 u/u 172.16.33.102/24 and 172.16.33.131/24 are stray DHCP addresses. This commit moved the renew command to the DHCP op-mode script to properly validate if the interface we request a renew for, has actually a dhcp address configured. In additional this exposes the renew feature to the API. (cherry picked from commit 7dbaa25a199a781aaa9f269741547e576410cb11)
2024-03-23op-mode: T6161: Show container details in JSON formatAdrian L Lange
I made some assumptions about node types, and I expanded the initial request to also work for networks and containers. I found that the "raw" versions of these commands already existed in the python scripts, so I just used the existing flags. (cherry picked from commit b5d10d11fc8535a95df1fce2ddb0a2a08567fa77)
2024-03-19Merge pull request #3148 from vyos/mergify/bp/sagitta/pr-3145Viacheslav Hletenko
T6127: Fixed show log firewall for rule with offload (backport #3145)
2024-03-18show log: T6127 - Fixed egrep regex for IPv6l0crian1
(cherry picked from commit d1fb9eddd9017ffbcd9e0d43209700649da2cc57)
2024-03-18show log: T6127 - Fixed egrep regexl0crian1
(cherry picked from commit 326db209ab5c907ddb93f29b484c423c68f1ee36)
2024-03-18show log: T6127 - Fixed egrep regexl0crian1
(cherry picked from commit 1f3df2d63561ea9c6dd64d1d9292920274964ca3)
2024-03-18op-mode: T6133: add support to manually trigger commit-archive updateChristian Breunig
Automatic update of the remote commit-archive could fail under certian circumstances, add an op-mode command to manually trigger the update: cpo@LR1.wue3# run force commit-archive Archiving config... git+https://git.FOOO.de/cpo/vyos-config-backup [edit] (cherry picked from commit 09de453194e9f8e7aa5dcb2e5c8de5a89e82708d)
2024-03-14xml: T3642: improve PKI CLI help stringChristian Breunig
(cherry picked from commit d6226d60dce4a46c9fa63adbf85f2df86c7bd1b1)
2024-02-24container: T6060: support removing all container images at once via op-modeChristian Breunig
cpo@LR1.wue3:~$ show container image REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/busybox latest 3f57d9401f8d 5 weeks ago 4.5 MB docker.io/jacobalberty/unifi v7.5 f6df690d6c67 4 months ago 827 MB docker.io/jacobalberty/unifi v7.4 7838b75ef7b9 7 months ago 786 MB cpo@LR1.wue3:~$ delete container image Possible completions: 3f57d9401f8d Delete container image 7838b75ef7b9 all f6df690d6c67 cpo@LR1.wue3:~$ delete container image all cpo@LR1.wue3:~$ show container image REPOSITORY TAG IMAGE ID CREATED SIZE (cherry picked from commit 9e51a1661fac3e0d762cffdd28705e7e4bad76e9)
2024-02-23pki: T6055: Cleanup unnecessary sudo, preserve env when sudo is neededsarthurdev
(cherry picked from commit 1f22ac1bb0a32d3e7ef06713f42e7f6f1c3f3775)
2024-02-17op-mode: T5581: add "show ipv6 nht" commandChristian Breunig
This improves the implementation to support both IPv4 and IPv6 (cherry picked from commit e144e55d6360a92279167198928cbe24efd97f08)
2024-02-07xml: T302: replace references to Quagga with FRRoutingChristian Breunig
(cherry picked from commit 1c882769cc0627cfc1ebf5ab7c338c6c474456da)
2024-02-01op-mode: T5966: Ensure top level property to avoid empty nodeIndrajit Raychaudhuri
Since, we don't have op-mode operation for 'dns dynamic' anymore, we need to add a top level property to avoid empty `templates-op/update/node.def`.
2024-02-01ddclient: T5966: Streamline dynamic dns op-mode configurationIndrajit Raychaudhuri
Update op-mode for dynamic dns to standardize on `vyos.opmode`. All methods of `op_mode/dns_dynamic.py` are now available in standardized `op_mode/dns.py`. Move op-mode command `update dns dynamic` to `reset dns dynamic` to reflect that it is not an update but a reset of the dynamic dns service. Also, make the help texts more consistent for all op-mode commands for `dns dynamic` and `dns forwarding`.
2024-02-01dns: T5959: Streamline dns forwarding serviceIndrajit Raychaudhuri
Streamline configuration and operation of dns forwarding service in following ways: - Remove `dns_forwarding_reset.py` as its functionality is now covered by `dns.py` - Adjust function names in `dns.py` to disambiguate between DNS forwarding and dynamic DNS - Remove `dns_forwarding_restart.sh` as its functionality is inlined in `dns-forwarding.xml` - Templatize systemd override for `pdns-recursor.service` and move the generated override files in /run. This ensures that the override files are always generated afresh after boot - Simplify the systemd override file by removing the redundant overrides - Relocate configuration path for pdns-recursor to `/run/pdns-recursor` and utilize the `RuntimeDirectory` default that pdns-recursor expects - We do not need to use custom `--socket-dir` path anymore, the default path (viz., `/run/pdns-recursor` is fine) (cherry picked from commit 1c1fb5fb4bd7c0d205b28caf90357ad56423464f)
2024-01-30rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix'Jonathan Voss
(cherry picked from commit c23775d29fd3bebbfd6ae9483fd12f2fb643c9a2)
2024-01-22op-mode: T5975: add missing 2FA OTP commandsChristian Breunig
2024-01-22op-mode: T5969: list multicast group membershipChristian Breunig
cpo@LR1.wue3:~$ show ip multicast group interface eth0.201 Interface Family Address ----------- -------- --------- eth0.201 inet 224.0.0.6 eth0.201 inet 224.0.0.5 eth0.201 inet 224.0.0.1 cpo@LR1.wue3:~$ show ipv6 multicast group interface eth0 Interface Family Address ----------- -------- ----------------- eth0 inet6 ff02::1:ff00:0 eth0 inet6 ff02::1:ffbf:c56d eth0 inet6 ff05::2 eth0 inet6 ff01::2 eth0 inet6 ff02::2 eth0 inet6 ff02::1 eth0 inet6 ff01::1 (cherry picked from commit 3eea8dbed1bd201373eb8a452239d9565d468b33)
2024-01-22Merge pull request #2856 from c-po/firewall-backportsChristian Breunig
firewall: T5729: T5681: T5217: backport subsystem from current branch
2024-01-22firewall: T5729: T5681: T5217: backport subsystem from current branchChristian Breunig
This is a combined backport for all accumulated changes done to the firewall subsystem on the current branch.
2024-01-19op-mode: xml: remove executable bit from XML definitionChristian Breunig
(cherry picked from commit c7d35deb8ea2fb15796fb98b103f027b927a020f)
2024-01-16T671: call dmidecode directly in "show hardware dmi"Daniil Baturin
The old script isn't doing much, in fact, it's much less informative than actual dmidecode (cherry picked from commit 7f0a363c9034a3b1600efab7c30bf7ab06381816)
2024-01-11Merge pull request #2801 from vyos/mergify/bp/sagitta/pr-2799Daniil Baturin
T5919: firewall: fix <show firewall ipv6 ..> command (backport #2799)
2024-01-11T5919: firewall: fix <show firewall ipv6 ..> commandNicolas Fort
(cherry picked from commit 089280f82349cd7b77649eb71729be1e73714b52)
2024-01-11T5915:firewall: re-add opmode command for zone based firewallNicolas Fort
(cherry picked from commit 62f10e0ec8075634e1515d6cecc822d87053bccb)