Age | Commit message (Collapse) | Author |
|
This commit allows management of system images with either new or legacy
tools: 'add/delete/rename system image' and 'set default' are translated
appropriately on booting between images with the old and new tools.
Consequently, the warning of the initial commit of T4516 is dropped.
(cherry picked from commit 96b65e90fbfa1fe63d97929ac86fc910abb0caa9)
|
|
(cherry picked from commit 8efab9ee8cdb0e65dddb9d3ba97de8ddcf3666dc)
|
|
(cherry picked from commit fcded7930b5426193e8490c6df2a70e300a60e31)
|
|
(cherry picked from commit 9e3b769f8402a816f6c7fa80ff12c9579c3f5243)
|
|
(cherry picked from commit 74b00c1f6961d1bd3a59768021f154bdb64c154e)
|
|
This commit adds the whole set of system image tools written from the scratch in
Python that allows performing all the operations on images:
* check information
* perform installation and deletion
* versions management
Also, it contains a new service that will update the GRUB menu and keep tracking
its version in the future.
WARNING: The commit contains non-reversible changes. Because of boot menu
changes, it will not be possible to manage images from older VyOS versions after
an update.
(cherry picked from commit 8f94262e8fa2477700c50303ea6e2c6ddad72adb)
|
|
included in <set firewall global-options state-policy> node.
|
|
The current implementation is wrong as it searches `master` in the
iproute2 JSON output. It is a worng as it could include bridges
or bonding interfaces
Add the more strict search `info_slave_kind == vrf`
(cherry picked from commit 2ebac5af10a36668ed3b8cfa6e5a9f61cf5d1068)
|
|
(cherry picked from commit 6b325962a4b8b3e67d7976bf161aed34a9fe6cce)
|
|
Collect in a module several versions of a 'load config' function.
They have different use cases according to performance and error
reporting, and allow comparison of non-legacy and legacy variants.
(cherry picked from commit 7e4caa118692d9b6fd798783596bd018f805e5eb)
|
|
(cherry picked from commit ccbf03f1a87ac37eef78aeb29420ceea9a730a90)
|
|
(cherry picked from commit f019ed91b5444d2f446ca4f7332602c03a074190)
|
|
(cherry picked from commit 63bbd1afdd21563cf673ee34b47156889bd5e349)
|
|
(cherry picked from commit 020410a1e2009cb47d72bd18d360b9dc4b9c764f)
|
|
|
|
|
|
The iproute2 master argument is used for both a VRF and a bridge device. Using
this in the VRF context would retrieve and report back the wrong interfaces:
Old implementation:
===================
>>> from vyos.utils.network import get_vrf_members
>>> get_vrf_members('br1')
['eth1', 'eth2', 'vxlan1']
>>> get_vrf_members('black')
['br1.3002', 'br1.4000', 'pim6reg10200']
The new implementation:
=======================
>>> from vyos.utils.network import get_vrf_members
>>> get_vrf_members('br1')
[]
>>> get_vrf_members('black')
['br1.3002', 'br1.4000', 'pim6reg10200']
(cherry picked from commit e02546655adefe1a6fb3660402e697f872d3ffe7)
|
|
In a service provider network a service provider typically supports multiple
bridge domains with overlapping vlans. One bridge domain per customer. Vlans in
each bridge domain are mapped to globally unique VXLAN VNI ranges assigned to
each customer.
Without the ability of VNI filtering, we can not provide VXLAN tunnels
with multiple tenants all requiring e.g. VLAN 10.
To Test:
set interfaces vxlan vxlan987 parameters external
set interfaces vxlan vxlan987 source-interface eth0
set interfaces vxlan vxlan987 parameters vni-filter
set interfaces vxlan vxlan987 vlan-to-vni 50 vni 10050
set interfaces vxlan vxlan987 vlan-to-vni 51 vni 10051
set interfaces vxlan vxlan987 vlan-to-vni 52 vni 10052
set interfaces vxlan vxlan987 vlan-to-vni 53 vni 10053
set interfaces vxlan vxlan987 vlan-to-vni 54 vni 10054
set interfaces vxlan vxlan987 vlan-to-vni 60 vni 10060
set interfaces vxlan vxlan987 vlan-to-vni 69 vni 10069
set interfaces bridge br0 member interface vxlan987
Add new op-mode command: show bridge vni
Interface VNI
----------- -----------
vxlan987 10050-10054
vxlan987 10060
vxlan987 10069
(cherry picked from commit 35f6033d21053fa420e837f157cd9377a4ccd26a)
|
|
This complements commit f5e43b136 ("http: T5762: api: make API socket backend
communication the one and only default") so we have a consistent port CLI node
across VyOS components.
(cherry picked from commit 0e885f1bf01424130b6876e769cc42612b19351b)
|
|
T5767: HTTPS API add reboot and poweroff endpoints (backport #2516)
|
|
T5770 Enable MACsec encryption stanza (backport #2518)
|
|
Add ability to reboot and poweroff the system via API
curl -k --location --request POST 'https://vyos/reboot' \
--form data='{"op": "reboot", "path": ["now"]}' \
--form key='apikey'
curl -k --location --request POST 'https://vyos/poweroff' \
--form data='{"op": "poweroff", "path": ["now"]}' \
--form key='apikey'
(cherry picked from commit 36f3c329c2df0e78f2f5da933d9729a872fb2a11)
|
|
(cherry picked from commit a7a90e81ad03ec33acb32beeab71dbd5f27a2044)
|
|
|
|
(cherry picked from commit a89243cfbfc90854a8cddd53c0ffc987f75abcee)
|
|
T4072: firewall: backport bridge firewall to sagitta
|
|
|
|
Remove stray whitespace in sed script and call Section.interfaces with
vlan=False instead of a custom filter.
This extends commit f19c92f25 ("tunnel: T3894: fix design when building
synthetic MAC addresses")
(cherry picked from commit c8ba5dccfa9b02533c6536903ecacd3ddb04351e)
|
|
pim(6): T5733: add missing FRR related features (backport #2476)
|
|
Add op-mode "show interfaces summary"
Add MAC, VRF and MTU options:
vyos@r4# run show interfaces summary
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address MAC VRF MTU S/L Description
----------- ----------------- ----------------- ------- ----- ----- -------------
dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u
eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN
eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1
eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2
eth3 - 52:54:00:09:a4:b4 default 1500 A/D
(cherry picked from commit dc3906f04fbfe8014531e092a77c1c8c2d10dfe0)
|
|
Migrate CLI configuration retrival to common get_config_dict(). In addition
add new functionality to VyOS that is PIM related and already available in FRR.
(cherry picked from commit 9abc02edcc237760f1f8aa1b3f08d7f4d18f866c)
# Conflicts:
# python/vyos/frr.py
# src/op_mode/restart_frr.py
|
|
mtr: T5658: Add VRF support for mtr (+ op_mode wrapper) (backport #2435)
|
|
remote: T5726: Disable the progressbar if the shell is noninteractive or the terminal is missing capabilities (backport #2483)
|
|
terminal is missing capabilities
(cherry picked from commit 59b432b97e361f3f5670302f51881ee596afe2f8)
|
|
parsing, and migration to valueless node for log and state matchers
|
|
Reduce amount of duplicated (3 times) code in op-mode scripts for ping,
traceroute and mtr.
(cherry picked from commit 7b27a20c8664460482301cc8d7554048f152485e)
|
|
(cherry picked from commit 59c8d5febb2b1333643372f8956fa8f219d022cb)
|
|
Changing the public key of a peer (updating the key material) left the old
WireGuard peer in place, as the key removal command used the new key.
WireGuard only supports peer removal based on the configured public-key, by
deleting the entire interface this is the shortcut instead of parsing out all
peers and removing them one by one.
Peer reconfiguration will always come with a short downtime while the WireGuard
interface is recreated.
(cherry picked from commit 2fc8738bc9c2fb6364a22d86079e8635cee91949)
|
|
firewal, nat and nat66.
(cherry picked from commit 51abbc0f1b2ccf4785cf7f29f1fe6f4af6007ee6)
|
|
In order to minimize the flooding of ARP and ND messages in the VXLAN network,
EVPN includes provisions [1] that allow participating VTEPs to suppress such
messages in case they know the MAC-IP binding and can reply on behalf of the
remote host. In Linux, the above is implemented in the bridge driver using a
per-port option called "neigh_suppress" that was added in kernel version 4.15.
[1] https://www.rfc-editor.org/rfc/rfc7432#section-10
(cherry picked from commit ec9a95502daa88b9632af12524e7cefebf86bab6)
|
|
As we have a bunch of options under "paramteres" already and "external" is
clearly one of them it should be migrated under that node as well.
(cherry picked from commit cc7ba8824a5e9ec818f0bbe7fb85e1713a591527)
|
|
T5643: nat: add interface-groups to nat. Use same cli structure for i… (backport #2355)
|
|
T5637: Firewall: add new rule at the end of base chains for default-a…
|
|
interface-name|interface-group as in firewall.
(cherry picked from commit 2f2c3fa22478c7ba2e116486d655e07df878cdf4)
|
|
This enables logs capabilities for default-action in base chains.
|
|
(cherry picked from commit 0c046a1f5a020af30c9522011aa5c86524874a47)
|
|
T5299: Add missed option ceiling for QoS shaper (backport #2391)
|
|
Add missed option `ceil` for QoS class 'trafficshaper'
(cherry picked from commit 5218241e6293317f8837b3f7c3893d653d960993)
|
|
If ethernet interface is a bond memeber:
1. Allow for changing only specific parameters which are specified
in EthernetIf.get_bond_member_allowed_options function.
2. Added inheritable parameters from bond interface to ethernet
interface which are scpecified
in BondIf.get_inherit_bond_options.
Users can change inheritable options under ethernet interface
but in commit it will be copied from bond interface.
3. All other parameters are denied for changing.
Added migration script. It deletes all denied parameters under
ethernet interface if it is a bond member.
(cherry picked from commit aa0282ceb379df1ab3cc93e4bd019134d37f0d89)
|
|
We have had a mix of both string and list arguments to conf.exists(),
stremaline this to only make use of list calls.
(cherry picked from commit 3f17de7c32621353b51f782ca889a83cad7a6cfd)
|