summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2024-04-03T6199: drop unused Python importsChristian Breunig
found using "git ls-files *.py | xargs pylint | grep W0611"
2024-04-03T6199: replace netifaces.interfaces() with common custom helpersChristian Breunig
* Use interface_exists() outside of verify() * Use verify_interface_exists() in verify() to drop common error message
2024-04-02Merge pull request #3236 from c-po/pki-verifyChristian Breunig
configverify: T6198: add common helper for PKI certificate validation
2024-04-02configverify: T6198: add common helper for PKI certificate validationChristian Breunig
The next evolutional step after adding get_config_dict(..., with_pki=True) is to add a common verification function for the recurring task of validating SSL certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS.
2024-04-02Merge pull request #3229 from c-po/multi-vrfChristian Breunig
T6192: allow binding SSH to multiple VRF instances
2024-04-01vrf: T3655: always use full nft command name (e.g. --check over -c)Christian Breunig
2024-04-01firewall: T2199: always use full nft command name (e.g. --file over -f)Christian Breunig
2024-04-01ssh: T6192: allow binding to multiple VRF instancesChristian Breunig
Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF.
2024-04-01utils: T5738: always use vyos.utils.network.interface_exists over os.path.existsChristian Breunig
2024-04-01Merge pull request #3224 from c-po/T2590-dhcpv6-clientDaniil Baturin
dhcpv6-client: T2590: fix vyos-hostsd update for nameserver and search domains
2024-04-01dhcpv6-client: T2590: fix vyos-hostsd update for nameserver and search domainsChristian Breunig
After migrating from ISC DHCLIENT for IPv6 to wide-dhcp-client the logic which was present to update /etc/resolv.conf with the DHCP specified nameservers and also the search domain list was no longer present. This commit adds a per interface rendered script to inform vyos-hostsd about the received IPv6 nameservers and search domains.
2024-03-31Merge pull request #3211 from jestabro/tree-maskViacheslav Hletenko
T6185: simplify marshalling of section and config data for config-sync
2024-03-30Merge pull request #3195 from HollyGurza/T4718-currentChristian Breunig
dhcp-server: T4718: Listen-address is not commit if the ip address is on the interface with vrf
2024-03-30accel-ppp: T6187: use correct CPU counts adjusted for SMTDaniil Baturin
2024-03-28config-sync: T6185: combine data for sections/configs in one commandJohn Estabrook
Package path/section data in single command containing a tree (dict) of section paths and the accompanying config data. This drops the call to get_config_dict and the need for a list of commands in request.
2024-03-28configtree: T6180: add masking function mask_inclusiveJohn Estabrook
2024-03-28Merge pull request #3207 from dmbaturin/T3664-grub-chrootChristian Breunig
vyos.system.grub: T3664: add chroot argument to the GRUB install function
2024-03-28vyos.template: T3664: add an environment variable for template locationDaniil Baturin
to allow unmodified code to be executed from anywhere, even outside of VyOS installations
2024-03-28vyos.system.grub: T3664: add chroot argument to the GRUB install functionDaniil Baturin
to faciliate running it outside of a VyOS installation
2024-03-28grub: T4516: correct a format stringDaniil Baturin
2024-03-28Merge pull request #3194 from c-po/dhclient-T6175Christian Breunig
op-mode: T6175: "renew dhcp interface <name>" does not check for DHCP interface
2024-03-28dhcp-server: T4718: Listen-address is not commit if the ip address is on the ↵khramshinr
interface with vrf
2024-03-28op-mode: T6175: "renew dhcp interface <name>" does not check for DHCP interfaceChristian Breunig
The current op-mode script simply calls sudo systemctl restart "dhclient@$4.service" with no additional information about a client interface at all. This results in useless dhclient processes root 47812 4.7 0.0 5848 3584 ? Ss 00:30 0:00 /sbin/dhclient -4 -d root 48121 0.0 0.0 4188 3072 ? S 00:30 0:00 \_ /bin/sh /sbin/dhclient-script root 48148 50.0 0.2 18776 11264 ? R 00:30 0:00 \_ python3 - Which also assign client leases to all local interfaces, if we receive one valid DHCPOFFER vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- eth0 - 00:50:56:bf:c5:6d default 1500 u/u eth0.10 172.16.33.102/24 00:50:56:bf:c5:6d default 1500 u/u eth1 172.16.33.131/24 00:50:56:b3:38:c5 default 1500 u/u 172.16.33.102/24 and 172.16.33.131/24 are stray DHCP addresses. This commit moved the renew command to the DHCP op-mode script to properly validate if the interface we request a renew for, has actually a dhcp address configured. In additional this exposes the renew feature to the API.
2024-03-26image-tools: T6168: compat mode update should preserve console typeJohn Estabrook
Add system image in compatibility mode would set the default boot without reference to console_type; fix the translation of default to the correct index in compat grub.cfg.
2024-03-25T6171: migrate <set service dhcp-server failover> to <set service ↵Nicolas Fort
dhcp-server high-availability>.
2024-03-24Merge pull request #3177 from c-po/eee-T6152Christian Breunig
Revert "ethernet: T5566: disable energy efficient ethernet (EEE) for interfaces"
2024-03-24Revert "ethernet: T5566: disable energy efficient ethernet (EEE) for interfaces"Christian Breunig
This reverts commit ab30509b25d54dac99294b76ba03fd49c3d2c946. As in T6152 there seem to be some NICs that have a non working implementation of reading the EEE registers. Remove this feature in the meantime until there is a less exploding solution hindering boards to boot. Return to Kernel defaults by removing this code path.
2024-03-23Merge pull request #3151 from HollyGurza/T6106Daniil Baturin
bgp: T6106: Valid commit error for route-reflector-client option defi…
2024-03-23vyos.configverify: T6131: verify_interface_exists() checks CLI interfaces, tooChristian Breunig
Extend the way how we determine if interfaces exist in VyOS. In the past we only validated if the interface in question really exists at the OS level. This has some drawbacks as services (like OSPF or OSPFv3) can also handle interfaces dynamically which appear or leaf the OS. This commit not only checks for OS interfaces but also if the interface in question was configured at the CLI level, this is proof enough to pass the check. If it does not exist at the CLI level, we continue searching it it's maybe a Kernel interface - useful for container networks. In addition we can now not only raise() an error but simply show a warning if an interface does not exist.
2024-03-21xml: T6146: add utils and helper to provide priority dataJohn Estabrook
2024-03-21Merge pull request #3157 from c-po/vti-T6085Daniil Baturin
vti: T6085: interface is always down and only enabled by IPSec daemon
2024-03-20bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filteringChristian Breunig
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType value of 0x88A8 is required. Reusing CLI command from VIF-S (QinQ) interfaces: set interfaces bridge br0 protocol 802.1ad
2024-03-20vti: T6085: interface is always down and only enabled by IPSec daemonChristian Breunig
When a VTI interface is just created, it is in ADMIN UP state by default, even if an IPSec peer is not connected. After the peer is disconnected the interface goes to DOWN state as expected. This breaks routing logic - for example, static routes through VTI interfaces will be active even if a peer is not connected. This changes to logic so ADMIN UP/DOWN state can only be changed by the vti-up-down helper script. Error was introduced during the Perl -> Python migration and move to the generic vyos.ifconfig abstraction during the 1.4 development cycle.
2024-03-20bgp: T6106: Valid commit error for route-reflector-client option defined in ↵khramshinr
peer-group handle vtysh bgp error
2024-03-19Merge pull request #3131 from HollyGurza/T1871Christian Breunig
qos: T1871: add MTU option when configure limiter traffic-policy
2024-03-19Merge pull request #3035 from jestabro/replace-backslashJohn Estabrook
T5996: selectively escape and restore single backslashes in config
2024-03-18qos: T1871: add MTU option when configure limiter traffic-policykhramshinr
add mtu to default and specified class update smoke test
2024-03-17T6133: append domain-name to commit-archive if definedChristian Breunig
2024-03-13grub: T4548: Fixed configuration files orderzsdc
To iterate files on ext* file systems GRUB reads their inodes one by one, ignoring names. This breaks our configuration logic that relies on proper loading order. This commit adds a helper `sort_inodes()` that needs to be used whenever GRUB configuration files are created. It recreates files, changing their inodes in a way where inodes order matches alphabetical order.
2024-03-09Merge pull request #3106 from sarthurdev/T6102Daniil Baturin
dhcp: T6102: Fix clear DHCP lease op-mode
2024-03-08dhcp: T3316: De-duplicate Kea control socket variablesarthurdev
2024-03-07Merge pull request #1740 from sarthurdev/tpm_luksDaniil Baturin
config: T4919: Add support for encrypted config with TPM
2024-03-07config: T4919: Add support for encrypted config file with TPMsarthurdev
2024-03-06dhcp: T6102: Fix clear DHCP lease op-modesarthurdev
* Add `clear dhcpv6-server lease` * Standardize using vyos.opmode
2024-03-06remote: T6104: fix logic of failure case in MissingHostKeyPolicyJohn Estabrook
2024-03-05T6061: fix rule parsing when connection-status is usedNicolas Fort
2024-03-04Merge pull request #3068 from natali-rs1985/T5646-currentDaniil Baturin
qos: T5646: Skip add filter for qos policy limiter class without match
2024-03-04Merge pull request #3077 from c-po/ethtoolDaniil Baturin
vyos.ethtool: T6083: use JSON input data #2
2024-03-04T6086: NAT: fix nat rules when using source-groups and translation address ↵Nicolas Fort
is a network.
2024-03-03vyos.ethtool: T6083: use JSON input data for ethernet interface flow-control ↵Christian Breunig
settings