Age | Commit message (Collapse) | Author |
|
firewall ..> in order to match all chains/priorities
|
|
T861: op-mode: initial parts for UEFI secure boot CLI
|
|
Deploy VyOS Secure Boot CA MOK (Machine Owner Key) into UEFI variables of
the running machine.
|
|
Support getting current system secure boot state.
In addition add optional suppor tto list all enrolled MOK (Machine Owner Keys)
in the UEFI variable store.
|
|
When not using NTP and adjusting the current system time/date using set date
the time is not saved across a reboot into the hardware RTC. This commit
explicitly syncs the current time after a change into the systems RTC.
Most routers do not run without NTP (which is even a VyOS default) so the
priority is pretty low.
|
|
op-mode: T6694: Add op-mode command "execute ssh"
|
|
openfabric: T6652: Add support for OpenFabric protocol
|
|
execute ssh host [host] user [username]
|
|
op-mode: T6694: Move some op-mode commands to the "execute" family
|
|
op_mode: T6181: A feature for checking ports
|
|
'force netns' — move to 'execute shell netns'.
'force vrf'— move to 'execute shell vrf'.
'force owping' — move to 'execute owping'.
'force twping' — move to 'execute twping'.
'monitor bandwidth-test' — move to 'execute bandwidth-test`.
'telnet' — move to 'execute telnet'
|
|
|
|
|
|
OpenFabric is a routing protocol providing link-state routing with efficient flooding for topologies like spine-leaf networks.
FRR implements OpenFabric in a daemon called fabricd
|
|
|
|
|
|
|
|
system: op-mode: T3334: allow delayed getty restart when configuring serial ports
|
|
ports
* Created op-mode command "restart serial console"
* Relocated service control to vyos.utils.serial helpers, used by conf- and
op-mode serial console handling
* Checking for logged-in serial sessions that may be affected by getty reconfig
* Warning the user when changes are committed and serial sessions are active,
otherwise restart services as normal. No prompts issued during commit,
all config gen/commit steps still occur except for the service restarts
(everything remains consistent)
* To apply committed changes, user will need to run "restart serial console"
to complete the process or reboot the whole router
* Added additional flags and target filtering for generic use of helpers.
|
|
op-mode: T6577: create generic service restart helper to work with the API
|
|
Right now we have multiple restart helpers (e.g. dhcp server, ssh, ntp) that
all do the same (more or less):
* Check if service is configured on CLI
* Restart if configured
* Error out if unconfigured
This is not available via the op-mode API. Create a new restart.py op-mode
helper that takes the service name and possible VRF as argument so it's also
exposed via API.
|
|
op-mode: T6575: add support for NTP service restart via CLI
|
|
|
|
This seemed to be arround in the early days, but is not available since at
least VyOS 1.3.3. Add CLI helper to restart the NTP process (chrony).
|
|
Right now we can only monitor the bandwidth for one individual interface, but
not all at once. This adds support to monitor all interfaces.
|
|
dmbaturin/T6498-machine-readable-tech-support-report
op-mode: T6498: add machine-readable tech support report script
|
|
|
|
T6527: add legacy Vyatta interpreter files still in use
|
|
|
|
op-mode: T6524: rewrite "release dhcp(v6) interface" to new op-mode format
|
|
* T6452: Add QoS Op Commands
Added the following commands:
show qos shaping
show qos shaping detail
show qos shaping interface <int name>
show qos shaping interface <int name> detail
show qos shaping interface <int name> class <class name>
show qos shaping interface <int name> class <class name> detail
show qos cake interface <int name>
|
|
|
|
T6313: Add "NAT" to "generate" command for rule resequence
|
|
|
|
op mode: T6501: add "run show kernel modules"
|
|
Commit e5af1f090 ("ssh: T6192: allow binding to multiple VRF instances")
switched the systemd unit file from ssh.service to ssh@*.service, this change
was not reflected in the "restart ssh" op-mode command.
|
|
|
|
op-mode: T6480: must call pki.py helper as root to work with ACME certificates
|
|
op-mode: T6407: "generate pki" missed to mangle in ACME certificates when required
|
|
required
If the requested certificate to generate an Apple IOS profile was based on an
ACME certificate, we also need to mangle in the ACME certs content to retrieve
the certificates issuer name.
|
|
This is an addition to commit 65fba1cd2 ("op-mode: T6377: must call pki.py
helper as root to work with ACME certificates") which missed out the basic
"show pki" command, as the <command> XML node was deep down in the view.
|
|
T6456: Convert "monitor traffic" to modern op-mode wrapper
|
|
The old "monitor traffic" definition had misaligned arguments under the verbose node
and manually offered the same parameter keyword in multiple positions to emulate
flexible parameters.
I've wrapped tcpdump for op-mode and replicated the "varargs" style from mtr.py/mtr.xml.in
to present a few more parameters in a more flexible manner.
Changes to the Makefile were required for recursive varargs lookup.
|
|
If the remote device has explicitly sent the interface name as the portID,
we should use that first as the interface name, before working through
the previous priority order.
I've brought back LLDP detail views directly calling lldpcli. This can be
extended to render a template from op_mode/lldp.py, but lldpcli isn't bad
at rendering readable info. Raw mode (including detailed raw) is still
accessible for programmatic access.
|
|
* monitor log wireless hostapd [interface <name>]
* monitor log wireless wpa-supplicant [interface <name>]
* show log wireless hostapd [interface <name>]
* show log wireless wpa-supplicant [interface <name>]
|
|
Likely this was copied from mtr in the past but the symlink wasn't added
to the Makefile.
I've also swapped the completion help text around to match the commands.
|
|
|
|
This fixes the error:
vyos@vyos:~$ show pki certificate
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/vyos/config.py", line 111, in config_dict_mangle_acme
tmp = read_file(f'{vyos_certbot_dir}/live/{name}/cert.pem')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 44, in read_file
raise e
File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 38, in read_file
with open(fname, 'r') as f:
^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/vyos/cert.pem'
|
|
suricata: T751: Initial support for suricata
|
|
T6366: CGNAT add ability to get external and internal allocations
|