| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
In addition to the rewrite to make use of get_config_dict() the CLI is
slightly adjusted as specified in T4703.
* Rename vlan-id and vlan-range to simply vlan
* Rename network-mode to simply mode
* Re-use existing common Jinja2 template for Accel-PPP which are shared
with PPPoE and SSTP server.
* Retrieve default values via defaultValue XML node
|
|
A macsec interface requires a dedicated source interface, it can not be
shared with another macsec or a pseudo-ethernet interface.
set interfaces macsec macsec10 address '192.168.2.1/30'
set interfaces macsec macsec10 security cipher 'gcm-aes-256'
set interfaces macsec macsec10 security encrypt
set interfaces macsec macsec10 security mka cak '232e44b7fda6f8e2d88a07bf78a7aff4232e44b7fda6f8e2d88a07bf78a7aff4'
set interfaces macsec macsec10 security mka ckn '09924585a6f3010208cf5222ef24c821405b0e34f4b4f63b1f0ced474b9bb6e6'
set interfaces macsec macsec10 source-interface 'eth1'
commit
set interfaces pseudo-ethernet peth0 source-interface eth1
commit
Reuslts in
FileNotFoundError: [Errno 2] failed to run command: ip link add peth0 link eth1 type macvlan mode private
returned:
exit code: 2
noteworthy:
cmd 'ip link add peth0 link eth1 type macvlan mode private'
returned (out):
returned (err):
RTNETLINK answers: Device or resource busy
[[interfaces pseudo-ethernet peth0]] failed
Commit failed
|
|
on error
|
|
... otherwise functionality like bridge VLANs will loose configuration
on membe rinterface update (e.g. description)
|
|
This reverts commit fdeae251431cb747e8f60d96269b4365b7401807.
|
|
This extends commit 39157912 ("vyos.configdict(): T4228: is_member() must use
the "real" hardware interface") and returns the config dict of the used member
interfaces.
|
|
Commit 39157912 ("vyos.configdict(): T4228: is_member() must use the "real"
hardware interface") added a bugfix on calling is_member() to retrieve the real
physical information about an interface. It did not include a code path to also
split up VLAN interfaces.
This has been fixed.
|
|
When is_member() is inspecting the bridge/Bond member interfaces it must work
with the real interface (e.g. eth1) under the "ethernet" node and not work on
the "member interface eth1" CLI tree, that makes no sense at all.
|
|
Error introduced by commit 85d6c8f7c ("vyos.configdict: T4391: enable
get_interface_dict() ti be used with ConfigTreeQuery()"). Reason was the
still in use relative path on calls to node_changed(), these got
replaced with absolute config paths and the new implementation if
is_node_changed().
|
|
Commit a2ab95ff68b ("pppoe: T4384: replace default-route CLI option with common
CLI nodes already present for DHCP") had an issue as the PPPoE interface options
and also DHCP interface options did not honor the no-default-route option.
This has been fixed.
|
|
ConfigTreeQuery()
When VyOS is booting and an interface is brought up (PPPoE) which requires a
user callback script that is executed asynchronously when the interface is up
we can not use Config(). The problem is, Config() is not available when
the system starts and the initial commit is still processed.
We need to move to ConfigTreeQuery() which was build for this exact same
purpose. TO reduce side effects and also dependencies on the entire
vyos.configdict library the set_level()/get_level() calls got eliminated
from within the library. All calls to functions like:
* get_removed_vlans()
* is_node_changed()
* leaf_node_changed()
* is_mirror_intf()
* ...
Now require that the full config path to the node is passed.
|
|
present for DHCP
VyOS 1.4 still leverages PPPd internals on the CLI.
pppd supports three options for a default route, none, auto, force.
* none: No default route is installed on interface up
* auto: Default route is only installed if there is yet no default route
* force: overwrite any default route
There are several drawbacks in this design for VyOS and the users. If auto is
specified, this only counted for static default routes - but what about dynamic
ones? Same for force, only a static default route got replaced but dynamic ones
did not got taken into account.
The CLI is changed and we now re-use already existing nodes from the DHCP
interface configuration:
* no-default-route:
On link up no default route is installed, same as the previous
default-route none
* default-route-distance:
We can now specify the distance of this route for the routing table on the
system. This defaults to 210 as we have for DHCP interfaces. All this will be
migrated using a CLI migration script.
|
|
|
|
node is added"
This reverts commit c685c0f762ea054c7a220bde625fdab549bbbdd2.
|
|
leaf_node_changed()"
This reverts commit 1a1094c28e32c3d6d072cf14a38aa631d51b8aee.
|
|
|
|
static routes
Issue is identical to the problem in T3680 (05aa22dcb4ce) which was for DHCP
based routes. Once a static route is added to the system, the PPPoE
auto-installed default route is lost.
|
|
Commit c685c0f7 ("vyos.configdict(): T4369: leaf_node_changed() must return True
when node is added") added a code path then a node was newly added to the CLI.
Unfortunately it turned out that this introduced a regression:
File "/usr/lib/python3/dist-packages/vyos/ifconfig/wireguard.py", line 230, in update
super().update(config)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1428, in update
for addr in list_diff(config['address_old'], new_addr):
File "/usr/lib/python3/dist-packages/vyos/configdict.py", line 105, in list_diff
return [item for item in first if item not in second]
TypeError: 'bool' object is not iterable
The execution order of the if statements is essential and the new check was
moved to the bottom to not interfere with the existing logic.
|
|
added
|
|
Commit 0e23fc10 ("interface: T4203: switch to new recursive node_changed()
implementation") switched to a new implementation to retrieve nested changes
under a CLI node. Unfortunately the new API was not called - instead the
old one was used.
|
|
|
|
If a valueLess node is added or removed from the CLI, a call to
leaf_node_changed() will not detect it.
If node is valueLess, on change old or new (depending on addition or deletion)
will be {} and is treated as None.
Add handler for this special case where old or new is an instance of a
dictionary but empty.
|
|
Commit 05aa22dc ("protocols: static: T3680: do not delete DHCP received routes")
added a bug whenever a static route is modified - the DHCP interface will
always end up with metric 210 - if there was a default route over a DHCP
interface.
|
|
In the past whenever a change happened to any interface and it was configured
as a DHCP client, VyOS always had a breif outage as DHCP released the old lease
and re-aquired a new one - bad!
This commit changes the behavior that DHCP client is only restarted if any one
of the possible options one can set for DHCP client under the "dhcp-options"
node is altered.
|
|
|
|
Commit ee80d0aebd ("vyos.ifconfig: T2738: do not remove OS assigned IP
addresses from interface") addressed an issue with IP addresses added to
interfaces by daemons and not by the CLI. The solution in this commit for IP
address removal unfortunately did not cover VLAN (802.1q and 802.1ad) IP address
removal in the same way as it is done for non VLAN interfaces. The code was
missing.
(cherry picked from commit 91898b8bd876af6b4d7fae54981e78400f57e008)
|
|
This fixes an indention bug and a wrong if-statememnt from commit 05aa22dc
("protocols: static: T3680: do not delete DHCP received routes")
|
|
An ISC DHCP hook script is used to install the received default route into FRR
by simple calls to vtysh. By moving to frr-reload.py the DHCP default route
was deleted as it was not found in the running config.
This commit checks all interfaces if DHCP is enabled and if so - will dynamically
add the route to the generated FRR configuration.
|
|
Generic get_removed_vlans() function replaced the entire config dict when any
QinQ vif-c subinterface was deleted.
|
|
(cherry picked from commit 01ed77040ec9493e4ca1cf868ff3c22847da4487)
|
|
It makes less to zero sense to blend in the default values of an interface when
it is about to be deleted from the system anyways - this makes the entire dict
just cleaner and easier to debug.
|
|
When using VRRP on any given interface and performing an action against that
interface - be it even only changing the alias - will trigger a removal of the
VRRP IP address.
The issue is caused by:
# determine IP addresses which are assigned to the interface and build a
# list of addresses which are no longer in the dict so they can be removed
cur_addr = self.get_addr()
for addr in list_diff(cur_addr, new_addr):
When the script calls into the library - we will drop all IP addresses set on
the adapter but not available in the config dict.
We should only remove the IP addresses marked by the CLI to be deleted!
|
|
node is added
Commit f476e456 ("vyos.configdict: leaf_node_changed() must return empty dict
when node is added") returned [''] as "empty" dict - but this is not empty.
>>> if ['']:
... print('foo')
...
foo
It should rather be: []
|
|
This change is required and currently only impacts WireGuards peer configuration,
so that the peers name is not mangled.
|
|
vyos@vyos# show interfaces pppoe
pppoe pppoe10 {
+ access-concentrator asdfg
authentication {
password bar
user foo
}
default-route force
no-peer-dns
source-interface eth0.202
}
vyos@vyos# python3
Python 3.9.2 (default, Feb 28 2021, 17:03:44)
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from vyos.config import Config
>>> from vyos.configdict import get_interface_dict
>>> from vyos.configdict import leaf_node_changed
>>> conf = Config()
>>> base = ['interfaces', 'pppoe']
>>> tmp = get_interface_dict(conf, base, 'pppoe10')
>>> leaf_node_changed(conf, ['access-concentrator'])
>>> ['']
|
|
|
|
|
|
|
|
|
|
- remove redundant code paths apply_mirror() / apply_mirror_of_monitor()
- have single source available
|
|
Since the dependency problem has not been solved before,
if the monitoring interface does not exist when the
mirror rule is created, the execution will be abnormal
|
|
setting and streamline the code
|
|
|
|
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined.
All places now have been converged into vyos.template as they are used both
in the Jinja2 templates and also in our scripts.
|
|
|
|
Renamed using snippet below:
----------------------------
for file in $(find . -name "*.py")
do
sed -i "s/vyos_dict_search/dict_search/" $file
done
|
|
|
|
The current implementation for bridge based interfaces has an issue which is
caused by priority inheritance. We always assumed that the bridge interface will
be created last, but this may not be true in all cases, where some interfaces
will be created "on demand" - e.g. OpenVPN or late (VXLAN, GENEVE).
As we already have a bunch of verify steps in place we should not see a bridge
interface leak to the underlaying infrastructure code. This means, whenever an
interface will be member of a bridge, and the bridge does yet not exist, we will
create it in advance in the interface context, as the bridge code will be run
in the same commit but maybe sooner or later.
This will also be the solution for T2924.
|
