summaryrefslogtreecommitdiff
path: root/smoketest/scripts/cli
AgeCommit message (Collapse)Author
2024-05-01vrf: T6189: render FRR L3VNI configuration when creating VRF instanceChristian Breunig
When adding and removing VRF instances on the fly it was noticed that the vni statement under the VRF instance in FRR vanishes. This was caused by a race condition which was previously designed to fix another bug. The wierd design of a Python helper below the VRF tree to only generate the VNI configuration nodes is now gone and all is rendered in the proper place.
2024-04-22Merge pull request #3337 from Embezzle/T6237Christian Breunig
T6237: IPSec remote access VPN: ability to set EAP ID of clients
2024-04-21T6237: IPSec remote access VPN: ability to set EAP ID of clientsAlex W
2024-04-21smoketest: support dynamic enable of smoketest debuggingChristian Breunig
$ touch /tmp/vyos.smoketest.debug will enable dynamic debugging of the smoketests - showing the appropriate CLI commands on stdout
2024-04-21T6246: improve haproxy http check configurationNicolas Vollmar
2024-04-17T6246: adds basic haproxy http-check configurationNicolas Vollmar
2024-04-15T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify ↵Alex W
server certificates
2024-04-15T5535: firewall: migrate command <set system ip disable-directed-broadcast> ↵Nicolas Fort
to firewall global-optinos
2024-04-13Merge pull request #3297 from HollyGurza/T6035Daniil Baturin
qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt
2024-04-12qos: T6035: QoS policy shaper queue-type random-detect requires limit avpktkhramshinr
Added params for configuration red on the shaper policy
2024-04-12pppoe-server: T6141: T5364: PPPoE-server add pado-delay without sessions ↵Nataliia Solomko
fails (#3296)
2024-04-11T5871: ipsec remote access VPN: specify "cacerts" for client auth.Lucas Christian
2024-04-07Merge pull request #3265 from c-po/ethernet-mtu-T5862Daniil Baturin
ethernet: T5862: default MTU is not acceptable in some environments
2024-04-06T6199: start validating smoketests against real CLI defaultValuesChristian Breunig
Use vyos.xml_ref.default_value to query XML default values and take them into account when validating properly applied defaults in individual smoketests instead of using hardcoded values like 443 for https port.
2024-04-06ethernet: T5862: default MTU is not acceptable in some environmentsChristian Breunig
There are cloud environments available where the maximum supported ethernet MTU is e.g. 1450 bytes, thus we clamp this to the adapters maximum MTU value or 1500 bytes - whatever is lower.
2024-04-04Merge pull request #3238 from HollyGurza/T5943Daniil Baturin
bgp: T5943: BGP Peer-group members must be all internal or all external
2024-04-04Merge pull request #3214 from nicolas-fort/T6068-keaDaniil Baturin
T6068: dhcp-server: add command <set service dhcp-server high-availability mode>
2024-04-04bgp: T5943: BGP Peer-group members must be all internal or all externalkhramshinr
2024-04-03T6068: dhcp-server: add command <set service dhcp-server high-availability ↵Nicolas Fort
mode> so user can define what type of ha use: active-active or active-passive
2024-04-03T6199: drop unused Python importsChristian Breunig
found using "git ls-files *.py | xargs pylint | grep W0611"
2024-04-02Merge pull request #3236 from c-po/pki-verifyChristian Breunig
configverify: T6198: add common helper for PKI certificate validation
2024-04-02configverify: T6198: add common helper for PKI certificate validationChristian Breunig
The next evolutional step after adding get_config_dict(..., with_pki=True) is to add a common verification function for the recurring task of validating SSL certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS.
2024-04-02Merge pull request #3229 from c-po/multi-vrfChristian Breunig
T6192: allow binding SSH to multiple VRF instances
2024-04-02T6196: Fixed applying parameters for aggregation in BGPaapostoliuk
Fixed using 'route-map', 'as-set' and 'summary-only' together in aggregation in BGP
2024-04-01Merge pull request #3212 from fett0/T6151fett0
bgp: T6151: Allow configuration of disable-ebgp-connected-route-check
2024-04-01ssh: T6192: allow binding to multiple VRF instancesChristian Breunig
Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF.
2024-04-01Merge pull request #3222 from HollyGurza/T6178Christian Breunig
T6178: Check that certificate exists during reverse-proxy commit
2024-04-01T6178: Check that certificate exists during reverse-proxy commitkhramshinr
2024-03-30Merge pull request #3195 from HollyGurza/T4718-currentChristian Breunig
dhcp-server: T4718: Listen-address is not commit if the ip address is on the interface with vrf
2024-03-30accel-ppp: T6187: use correct CPU counts adjusted for SMTDaniil Baturin
2024-03-29bgp: T6106: Valid commit error for route-reflector-client option defined in ↵khramshinr
peer-group changed exception condition Improved route_reflector_client test
2024-03-29bgp: T6010: Allow configuration of disable-ebgp-connected-route-checkfett0
2024-03-28Merge pull request #3202 from sarthurdev/T5606_1Daniil Baturin
ipsec: T5606: T5871: Use multi node for CA certificates
2024-03-28Merge pull request #2965 from lucasec/t5872Daniil Baturin
T5872: ipsec remote access VPN: support dhcp-interface.
2024-03-28ipsec: T5606: T5871: Use multi node for CA certificatessarthurdev
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates. Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended.
2024-03-28dhcp-server: T4718: Listen-address is not commit if the ip address is on the ↵khramshinr
interface with vrf
2024-03-26bgp: T6106: fix test and verify()khramshinr
2024-03-25T6171: migrate <set service dhcp-server failover> to <set service ↵Nicolas Fort
dhcp-server high-availability>.
2024-03-24ospf: T6066: can not define the same network in different areasChristian Breunig
Users can not (FRR fails) commit the same network belonging to different OSPF areas. Add verify() check to prevent this.
2024-03-23Merge pull request #3151 from HollyGurza/T6106Daniil Baturin
bgp: T6106: Valid commit error for route-reflector-client option defi…
2024-03-22isis: T6160: NameError: name 'process' is not definedChristian Breunig
This is a leftover after commit 0e050cb35 (isis: T3417: drop artificial "domain" node identifying the IS-IS process name). Drop all references to "process" variable. Specifying: set protocols isis interface eth1 set protocols isis net '49.0001.1921.6825.5255.00' set protocols isis redistribute ipv4 bgp Triggered an exception Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 309, in <module> verify(c) File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 158, in verify f'"protocols isis {process} redistribute {afi} {proto}"!') ^^^^^^^ NameError: name 'process' is not defined
2024-03-21Merge pull request #3157 from c-po/vti-T6085Daniil Baturin
vti: T6085: interface is always down and only enabled by IPSec daemon
2024-03-21Merge pull request #3158 from c-po/bridge-T6125Daniil Baturin
bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filtering
2024-03-20conntrack: T6147: Enable conntrack when firewall state-policy is definedsarthurdev
* Move global state-policy smoketest to it's own test, verify conntrack
2024-03-20bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filteringChristian Breunig
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType value of 0x88A8 is required. Reusing CLI command from VIF-S (QinQ) interfaces: set interfaces bridge br0 protocol 802.1ad
2024-03-20vti: T6085: interface is always down and only enabled by IPSec daemonChristian Breunig
When a VTI interface is just created, it is in ADMIN UP state by default, even if an IPSec peer is not connected. After the peer is disconnected the interface goes to DOWN state as expected. This breaks routing logic - for example, static routes through VTI interfaces will be active even if a peer is not connected. This changes to logic so ADMIN UP/DOWN state can only be changed by the vti-up-down helper script. Error was introduced during the Perl -> Python migration and move to the generic vyos.ifconfig abstraction during the 1.4 development cycle.
2024-03-20bgp: T6106: Valid commit error for route-reflector-client option defined in ↵khramshinr
peer-group handle vtysh bgp error
2024-03-19Merge pull request #3131 from HollyGurza/T1871Christian Breunig
qos: T1871: add MTU option when configure limiter traffic-policy
2024-03-19Merge pull request #3035 from jestabro/replace-backslashJohn Estabrook
T5996: selectively escape and restore single backslashes in config
2024-03-18T5996: add smoketest to check translation of backslash characterJohn Estabrook