Age | Commit message (Collapse) | Author |
|
We have not seen the adoption of the https virtual-host CLI option.
What it did?
* Create multiple webservers each listening on a different IP/port
(but in the same VRF)
* All webservers shared one common document root
* All webservers shared the same SSL certificates
* All webservers could have had individual allow-client configurations
* API could be enabled for a particular virtual-host but was always enabled on
the default host
This configuration tried to provide a full webserver via the CLI but VyOS is a
router and the Webserver is there for an API or to serve files for a local-ui.
Changes
Remove support for virtual-hosts as it's an incomplete and thus mostly useless
"thing". Migrate all allow-client statements to one top-level allow statement.
|
|
|
|
|
|
dhcp: T3316: Migrate dhcp/dhcpv6 server to Kea
|
|
(cherry picked from commit 1f304a5b3b3698e11f3a497ca9c61b69ef94b26b)
|
|
|
|
This complements commit f5e43b136 ("http: T5762: api: make API socket backend
communication the one and only default") so we have a consistent port CLI node
across VyOS components.
|
|
Why: Smoketests fail as they can not establish IPv6 connection to uvicorn
backend server.
https://github.com/vyos/vyos-1x/pull/2481 added a bunch of new smoketests.
While debugging those failing, it was uncovered, that uvicorn only listens on
IPv4 connections
vyos@vyos# netstat -tulnp | grep 8080
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN -
As the CLI already has an option to move the API communication from an IP to a
UNIX domain socket, the best idea is to make this the default way of
communication, as we never directly talk to the API server but rather use the
NGINX reverse proxy.
|
|
IGMP and PIM are two different but related things.
FRR has both combined in pimd. As we use get_config_dict() and FRR reload it
is better to have both centrally stored under the same CLI node (as FRR does,
too) to just "fire and forget" the commit to the daemon.
"set protocols igmp interface eth1" -> "set protocols pim interface eth1 igmp"
|
|
vxlan: T5671: change port to IANA assigned default port
|
|
|
|
Currently VyOS VXLAN implementation uses the Linux assigned port 8472 that
predates the IANA assignment. As Most other vendors use the IANA assigned port,
follow this guideline and use the new default port 4789.
Existing configuration not defining an explicit port number will be migrated
to the old default port number of 8472, keeping existing configurations work!
|
|
add IPv6 support and firewall groups
|
|
|
|
|
|
|
|
|
|
Commit 0a802d20c - ("smoketest: add config with VRF BGP instance") added a
config from a VMware VM. When moving to QEmu we must reduce the network card
ring-bufer size from 4096 -> 256, as the tests failed with:
> Driver only supports a maximum RX ring-buffer size of "256" bytes!
|
|
Replica of a real network. BGP is realised inside a VRF. The BGP peering to the
outside world is done via WireGuard that is backed by a PPPoE link - shiver!
|
|
|
|
tc acccepts the bandwidth value/unit pairs as lowercase - so does the VyOS CLI
validator work, too.
|
|
|
|
|
|
|
|
qos config migration is tested using qos-basic example config file.
|
|
|
|
|
|
|
|
In addition to the rewrite to make use of get_config_dict() the CLI is
slightly adjusted as specified in T4703.
* Rename vlan-id and vlan-range to simply vlan
* Rename network-mode to simply mode
* Re-use existing common Jinja2 template for Accel-PPP which are shared
with PPPoE and SSTP server.
* Retrieve default values via defaultValue XML node
|
|
The initial Accel-PPP PPPoE implementation used:
set service pppoe-server interface <name> vlan-id <id>
set service pppoe-server interface <name> vlan-range <start-stop>
This is actually a duplicated CLI node.
|
|
|
|
|
|
|
|
This reverts commit fa91f567b7b5f009aaaed569b3f5e5db4b638d39.
|
|
This reverts commit c2fc87c02dd556dd1569ff2fd81c9e2485a80459.
|
|
HTTP and sstp cannot work together and in the test config
1.4-rolling-202106290839 we didnot have configurable port for
such services
So we shoud delete sstp from this smoketest config test
In fact it is never working at all 'smoketest/configs/pki-misc'
It commits without errors before but in the real life we get 3
services (https openconnect sstp) that bound the same port
|
|
Change openconnect port as both ocserv and sstp bind
by default the same port 443
|
|
After discussion with @zsdc this was decided the better long term fix
* Removes hourly logrotate cron in favour of systemd timer override
|
|
|
|
|
|
* Also determines and maps to correct CA for migrated CRL
|
|
|
|
The migration script bgp/0-to-1 did not address
'protocols bgp ASN' -> 'protocols bgp local-as ASN'
under a vrf. Move to configs.no-load for review on extending/adding a
migration script.
|
|
The config vrf-basic reveals a missing block in the migration script
vrf/0-to-1, moving 'next-hop-vrf' to 'vrf'. As this only exists in
Sagitta, modify script 0-to-1. Also, fix the 'system nt' typo seen in
vrf-ospf.
|
|
The pki-ipsec sagitta-era config contains
'vpn ipsec ipsec-interfaces interface eth0'
with ipsec component version ipsec@6, however, this construction is
successfully moved by migration script ipsec/5-to-6. Consequently, this
must have been an error in translation of the config file. Note that
this is unrelated to the corrected error regarding an empty
'ipsec-interfaces' node. Move config to configs.no-load for review.
|
|
bgp_small_as contains set commands such as:
'protocols static route 10.0.0.0/8 MY-NAS distance 254'
which would appear to have no meaning, in any VyOS version.
Move to config.no-load for analysis.
|
|
The component version in bgp-dmvpn-spoke is nat@5, however, 4-to-5
removes the boolean argument. It is confirmed that the migration script
works correctly, hence, it must be a typo in translation; remove
argument 'enable'.
|
|
The config file isis-small has system@20, but 'user level' which was
migrated in system/16-to-17; remove the line in the config, as there is
no problem with the migration script in question.
|
|
This is a typo in vrf-ospf: 'system nt' on the line before 'system ntp'.
|
|
This takes a very long time, but keep the config for manual runs
|