summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2024-05-08xml: T6319: add util for ancestor owner/priorityJohn Estabrook
2024-05-06vyos.template: T3664: use a module-level global variable for the default ↵Daniil Baturin
template directory as a more convenient and secure alternative to environment variable
2024-05-06T6298: Fix TPM incorrect path for rc_cmdViacheslav Hletenko
Fix import for `rc_cmd`
2024-05-02qos: T6225: Fix qos random-detect policykhramshinr
Fix default values for random-detect Remove dsmakr qdisc from gred cofig because dsmark was deleted from kernel
2024-04-26T6269: policy: ensure correct rule parsing when using, and when not using ↵Nicolas Fort
<set table> option in policy route.
2024-04-25Merge pull request #3316 from HollyGurza/T4248Daniil Baturin
qos: T4248: Allow to remove the only rule from the qos class
2024-04-25T6258: Add sysctl base-reachable-time for IPv6Viacheslav Hletenko
Add abiilty to change `base_reachable_time_ms` option /proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms
2024-04-22PKI: T6259: Support RFC822 names in certificate generationAlex W
2024-04-21vyos.utils: T6244: add support for year timebase in seconds_to_human()Christian Breunig
We only supported calculating seconds to weeks but not seconds to years. This has been added. Testcase: from vyos.utils.convert import seconds_to_human minute = 60 hour = minute * 60 day = hour * 24 week = day * 7 year = day * 365.25 for separator in ['', ' ', '-', '/']: print(f'----- Using separator "{separator}" -----') print(seconds_to_human(10, separator)) print(seconds_to_human(5* minute, separator)) print(seconds_to_human(3* hour, separator)) print(seconds_to_human(4* day, separator)) print(seconds_to_human(7 * week, separator)) print(seconds_to_human(10 * year, separator)) print(seconds_to_human(5*year + 4*week + 3*day + 2*hour + minute + 5, separator)) print() cpo@LR1.wue3:~$ ./foo.py ----- Using separator "" ----- 10s 5m 3h 4d 7w 10y 5y4w3d2h1m5s ----- Using separator " " ----- 10s 5m 3h 4d 7w 10y 5y 4w 3d 2h 1m 5s ----- Using separator "-" ----- 10s 5m 3h 4d 7w 10y 5y-4w-3d-2h-1m-5s ----- Using separator "/" ----- 10s 5m 3h 4d 7w 10y 5y/4w/3d/2h/1m/5s
2024-04-21vyos.utils: T6244: use list to build up result stringChristian Breunig
When handling optional separators rather build up a list and join the list with the requested delimiter to form the resulting human readable time string.
2024-04-17Merge pull request #3320 from nicolas-fort/T6191Christian Breunig
T6191: do not append action policy route|route6 when its not specified
2024-04-16image-tools: T6154: installer prompts to confirm a non-default passwdJohn Estabrook
2024-04-16T6191: do not append action to firewall and policy route|route6 when its not ↵Nicolas Fort
specified, in order to ensure same behavior as in Equuleus
2024-04-16qos: T4248: Allow to remove the only rule from the qos classkhramshinr
2024-04-13Merge pull request #3297 from HollyGurza/T6035Daniil Baturin
qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt
2024-04-12qos: T6035: QoS policy shaper queue-type random-detect requires limit avpktkhramshinr
Added params for configuration red on the shaper policy
2024-04-11T6222: VRRP show prefix for long rfc3768-compatibility interfacesViacheslav Hletenko
If we use rfc3768-compatibility with long interface names like eth1.100.200 it converts the VRRP interface name name to `<interface>v<VRID><IP version>` For example `eth2.100.200v10v4` The limit for interface name is 15 symbols and it causes that interface name is ignoring by keepalived VMAC interface name 'eth2.100.200v10v4' too long or invalid characters - ignoring And it uses the default prefix `vrrp` for such cases. It works fine, but such interfaces are not displayed in the op-mode Allow prefix `vrrp` for the op-mode for `show interfaces`
2024-04-07utils.io: T6207: allow default in select_entryJohn Estabrook
2024-04-06ethernet: T5862: default MTU is not acceptable in some environmentsChristian Breunig
There are cloud environments available where the maximum supported ethernet MTU is e.g. 1450 bytes, thus we clamp this to the adapters maximum MTU value or 1500 bytes - whatever is lower.
2024-04-05Merge pull request #3255 from jestabro/remove-xml-libChristian Breunig
T6203: remove obsoleted xml lib
2024-04-05T6203: remove obsoleted xml libJohn Estabrook
The vyos.xml functionality is replaced with vyos.xml_ref.
2024-04-05T6204: cleanup shebang lineskhramshinr
2024-04-04Merge pull request #3244 from aapostoliuk/T6197-circinusChristian Breunig
T6197: Fixed usage ipoe interface client-subnet without pools
2024-04-04Merge pull request #3214 from nicolas-fort/T6068-keaDaniil Baturin
T6068: dhcp-server: add command <set service dhcp-server high-availability mode>
2024-04-04T6197: Fixed usage ipoe interface client-subnet without poolsaapostoliuk
Allowed using ipoe interface client-subnet without client pools configuration.
2024-04-03T6068: dhcp-server: add command <set service dhcp-server high-availability ↵Nicolas Fort
mode> so user can define what type of ha use: active-active or active-passive
2024-04-03T6199: drop unused Python importsChristian Breunig
found using "git ls-files *.py | xargs pylint | grep W0611"
2024-04-03T6199: replace netifaces.interfaces() with common custom helpersChristian Breunig
* Use interface_exists() outside of verify() * Use verify_interface_exists() in verify() to drop common error message
2024-04-02Merge pull request #3236 from c-po/pki-verifyChristian Breunig
configverify: T6198: add common helper for PKI certificate validation
2024-04-02configverify: T6198: add common helper for PKI certificate validationChristian Breunig
The next evolutional step after adding get_config_dict(..., with_pki=True) is to add a common verification function for the recurring task of validating SSL certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS.
2024-04-02Merge pull request #3229 from c-po/multi-vrfChristian Breunig
T6192: allow binding SSH to multiple VRF instances
2024-04-01vrf: T3655: always use full nft command name (e.g. --check over -c)Christian Breunig
2024-04-01firewall: T2199: always use full nft command name (e.g. --file over -f)Christian Breunig
2024-04-01ssh: T6192: allow binding to multiple VRF instancesChristian Breunig
Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF.
2024-04-01utils: T5738: always use vyos.utils.network.interface_exists over os.path.existsChristian Breunig
2024-04-01Merge pull request #3224 from c-po/T2590-dhcpv6-clientDaniil Baturin
dhcpv6-client: T2590: fix vyos-hostsd update for nameserver and search domains
2024-04-01dhcpv6-client: T2590: fix vyos-hostsd update for nameserver and search domainsChristian Breunig
After migrating from ISC DHCLIENT for IPv6 to wide-dhcp-client the logic which was present to update /etc/resolv.conf with the DHCP specified nameservers and also the search domain list was no longer present. This commit adds a per interface rendered script to inform vyos-hostsd about the received IPv6 nameservers and search domains.
2024-03-31Merge pull request #3211 from jestabro/tree-maskViacheslav Hletenko
T6185: simplify marshalling of section and config data for config-sync
2024-03-30Merge pull request #3195 from HollyGurza/T4718-currentChristian Breunig
dhcp-server: T4718: Listen-address is not commit if the ip address is on the interface with vrf
2024-03-30accel-ppp: T6187: use correct CPU counts adjusted for SMTDaniil Baturin
2024-03-28config-sync: T6185: combine data for sections/configs in one commandJohn Estabrook
Package path/section data in single command containing a tree (dict) of section paths and the accompanying config data. This drops the call to get_config_dict and the need for a list of commands in request.
2024-03-28configtree: T6180: add masking function mask_inclusiveJohn Estabrook
2024-03-28Merge pull request #3207 from dmbaturin/T3664-grub-chrootChristian Breunig
vyos.system.grub: T3664: add chroot argument to the GRUB install function
2024-03-28vyos.template: T3664: add an environment variable for template locationDaniil Baturin
to allow unmodified code to be executed from anywhere, even outside of VyOS installations
2024-03-28vyos.system.grub: T3664: add chroot argument to the GRUB install functionDaniil Baturin
to faciliate running it outside of a VyOS installation
2024-03-28grub: T4516: correct a format stringDaniil Baturin
2024-03-28Merge pull request #3194 from c-po/dhclient-T6175Christian Breunig
op-mode: T6175: "renew dhcp interface <name>" does not check for DHCP interface
2024-03-28dhcp-server: T4718: Listen-address is not commit if the ip address is on the ↵khramshinr
interface with vrf
2024-03-28op-mode: T6175: "renew dhcp interface <name>" does not check for DHCP interfaceChristian Breunig
The current op-mode script simply calls sudo systemctl restart "dhclient@$4.service" with no additional information about a client interface at all. This results in useless dhclient processes root 47812 4.7 0.0 5848 3584 ? Ss 00:30 0:00 /sbin/dhclient -4 -d root 48121 0.0 0.0 4188 3072 ? S 00:30 0:00 \_ /bin/sh /sbin/dhclient-script root 48148 50.0 0.2 18776 11264 ? R 00:30 0:00 \_ python3 - Which also assign client leases to all local interfaces, if we receive one valid DHCPOFFER vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- eth0 - 00:50:56:bf:c5:6d default 1500 u/u eth0.10 172.16.33.102/24 00:50:56:bf:c5:6d default 1500 u/u eth1 172.16.33.131/24 00:50:56:b3:38:c5 default 1500 u/u 172.16.33.102/24 and 172.16.33.131/24 are stray DHCP addresses. This commit moved the renew command to the DHCP op-mode script to properly validate if the interface we request a renew for, has actually a dhcp address configured. In additional this exposes the renew feature to the API.
2024-03-26image-tools: T6168: compat mode update should preserve console typeJohn Estabrook
Add system image in compatibility mode would set the default boot without reference to console_type; fix the translation of default to the correct index in compat grub.cfg.