summaryrefslogtreecommitdiff
path: root/smoketest/scripts/cli
AgeCommit message (Collapse)Author
2023-09-19isis: T5597: add new features from FRR 9Christian Breunig
* Add support for IS-IS advertise-high-metrics set protocols isis advertise-high-metrics * Add support for IS-IS advertise-passive-only set protocols isis advertise-passive-only (cherry picked from commit f7d35c15256ea74ab32c9b978a5c6fdbd659a7a0)
2023-09-14T5561: nat: defining inbound|outbound interface should not be mandatory ↵Nicolas Fort
while configuring dNAT|sNAT rule (cherry picked from commit ec5437913e489f40fea6bab89a6bb5f565cd1ab7)
2023-09-12T5562: Cleanup netns for smoketest load-balancing wanViacheslav Hletenko
Cleanup nets for the smoketest load-balancing Remove deleting container interfaces from default netns as those interfaces leave inly in netns. (cherry picked from commit 849499f44f6e50c591e250cf40b5ab0115839b53)
2023-09-09vxlan: T3700: support VLAN tunnel mapping of VLAN aware bridgesChristian Breunig
FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a VNI is configured against a container VXLAN interface which is referred to as a 'Single VXLAN device (SVD)'. Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI. Sample configuration of SVD with VLAN to VNI mappings is shown below. set interfaces bridge br0 member interface vxlan0 set interfaces vxlan vxlan0 external set interfaces vxlan vxlan0 source-interface 'dum0' set interfaces vxlan vxlan0 vlan-to-vni 10 vni '10010' set interfaces vxlan vxlan0 vlan-to-vni 11 vni '10011' set interfaces vxlan vxlan0 vlan-to-vni 30 vni '10030' set interfaces vxlan vxlan0 vlan-to-vni 31 vni '10031' (cherry picked from commit 7f6624f5a6f8bd1749b54103ea5ec9f010adf778)
2023-09-06firewall: T3509: Split IPv4 and IPv6 reverse path filtering like on interfacessarthurdev
2023-09-06interface: T5550: Interface source-validation priority over global valuesarthurdev
- Migrate IPv4 source-validation to nftables - Interface source-validation value takes priority, fallback to global value
2023-09-03wireless: T5540: fix smoketests after adjusting VHT channel widthChristian Breunig
Commit 6896aabb6 ("wireless: T5540: fix VHT capability settings for 802.11ac" changed how the VHT channel-sidth is configured in hostapd - but smoketests did not get adjusted.
2023-08-31eapol: T4782: Support multiple CA chainssarthurdev
2023-08-26firewall: T5080: Disable conntrack unless required by rulessarthurdev
2023-08-25interface: T3509: Add per-interface IPv6 source validationsarthurdev
2023-08-25firewall: T3509: Add support for IPv6 return path filteringsarthurdev
2023-08-24smoketest: T5447: wpa_supplicant is only run if requiredChristian Breunig
2023-08-24system: T5505: fix zebra route-map is not removed from FRRChristian Breunig
Configuring "set system ip protocol ospf|bgp route-map foo" and commit it installs the route-map into FRR. Removing the CLI configuration "delete system ip protocol" does not remove the route-map from FRR - it stays active. This commit adds the fix and appropriate smoketests extenstion.
2023-08-23Merge pull request #2159 from c-po/t5491-wifiChristian Breunig
wifi: T5491: allow white-/blacklisting station MAC addresses for security
2023-08-23Merge pull request #2160 from sever-sever/T5448Christian Breunig
T5448: Add configuration host-name for zabbix-agent
2023-08-23Merge pull request #2162 from nicolas-fort/T5472Christian Breunig
T5472: nat redirect: allow redirection without defining redirected port
2023-08-23Merge pull request #2142 from nicolas-fort/T5450Christian Breunig
T5450: allow inverted matcher for interface and interface-group
2023-08-23T5472: nat redirect: allow redirection without defining redirected portNicolas Fort
2023-08-23T5450: update smoketest and interface definition in order to work with new ↵Nicolas Fort
firewall cli
2023-08-23T5448: Add configuration host-name for zabbix-agentViacheslav Hletenko
Ability to configure host-name for zabbix-agent set service monitoring zabbix-agent host-name 'r-vyos'
2023-08-23Merge pull request #2156 from giga1699/T5447Christian Breunig
T5447: Initial support for MACsec static keys
2023-08-20T5447: Implement maintainer feedbackGiga Murphy
2023-08-20wifi: T5491: allow white-/blacklisting station MAC addresses for securityChristian Breunig
Station MAC address-based authentication means: * 'allow' accept all clients except the one on the deny list * 'deny' accept only clients listed on the accept list New CLI commands: * set interfaces wireless wlan0 security station-address mode <accept|deny> * set interfaces wireless wlan0 security station-address accept mac <mac> * set interfaces wireless wlan0 security station-address deny mac <mac>
2023-08-19bgp: T5466: rename type on CLI per-nexhop -> per-nexthop for l3vpn MPLS labelsChristian Breunig
This fixes a CLI typo added in commit 77ef9f800 ("T5466: L3VPN label allocation mode").
2023-08-18T5447: Add smoketest for MACsec static keysGiga Murphy
2023-08-18smoketest: bgp: T5466: remove trailing whitespaceChristian Breunig
Commit 77ef9f800 ("T5466: L3VPN label allocation mode") added support for a new CLI node that is added "label vpn export allocation-mode per-nexthop" to FRRs running configuration. Unfortunately the smoketest contained a trailing whitespace and the above mentioned line could not be evaluated to true.
2023-08-17Merge pull request #2130 from aapostoliuk/T5409-sagittaChristian Breunig
wireguard: T5409: Added 'set interfaces wireguard wgX threaded'
2023-08-17wireguard: T5409: rename threaded CLI not to per-client-threadChristian Breunig
Using threaded as CLI node is a very deep term used by kernel threads. To make this more understandable to users, rename the node to per-client-thread. It's also not necessary to test if any one peer is configured and probing if the option is set. There is a base test which requires at least one peer to be configured.
2023-08-16 T5466: L3VPN label allocation modefett0
2023-08-13smoketest: T5467: verify OSPF(v3) interface removal in VRF contextChristian Breunig
Testcases after the bugfix in commit 011697508 ("T5467: removing ospf(v3) or isis interface in VRF context did not clear FRR config"). For ISIS change in the tests - do not run self_commit() in a for loop if not really necessary, this will slow down the tests.
2023-08-13smoketest: openvpn: T5270:Christian Breunig
This fixes the smoketest after the change in commit e7d7bd20b ("openvpn: T5270: do not require classic DH params in any more Generate 'dh none' instead and let OpenVPN use ECDH") ... as there is no exception raised 05:47:26 DEBUG - ====================================================================== 05:47:26 DEBUG - FAIL: test_openvpn_server_verify (__main__.TestInterfacesOpenVPN.test_openvpn_server_verify) 05:47:26 DEBUG - ---------------------------------------------------------------------- 05:47:26 DEBUG - Traceback (most recent call last): 05:47:26 DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_interfaces_openvpn.py", line 342, in test_openvpn_server_verify 05:47:26 DEBUG - with self.assertRaises(ConfigSessionError): 05:47:26 DEBUG - AssertionError: ConfigSessionError not raised
2023-08-11ipv6: T5464: add support for per-interface dad (duplicate address detection) ↵Christian Breunig
setting
2023-08-11Merge pull request #2016 from nicolas-fort/T5160Christian Breunig
T5160: Firewall refactor
2023-08-11T5160: firewall refactor: change default value for <default-action> from ↵Nicolas Fort
<drop> to <accept> if default-action is not specified in base chains
2023-08-11T5160: firewall refactor: move <set firewall ipv6 ipv6-name ...> to <set ↵Nicolas Fort
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip.
2023-08-11T5160: firewal refactor: fix tabulation for geo-ip parsing code. Typo fix in ↵Nicolas Fort
firewall smoketest
2023-08-11T5160: firewall refactor: change firewall ip to firewall ipv4Nicolas Fort
2023-08-11T5160: firewall refactor: re-add missing code in template.py which was ↵Nicolas Fort
accidentaly removed. Update smokestest: remove zone test and fix test_sysfs test
2023-08-11T5160: firewall refactor: new cli structure. Add migration script and update ↵Nicolas Fort
smoketest
2023-08-11T5448: Move zabbix-agent to node monitoringViacheslav Hletenko
Move 'service zabbix-agent' => 'service monitoring zabbix-agent'
2023-08-09T5448: Add service zabbix-agent version 2Viacheslav Hletenko
Add service zabbix-agent set service zabbix-agent directory '/config/zabbix/' set service zabbix-agent limits buffer-flush-interval '8' set service zabbix-agent limits buffer-size '120' set service zabbix-agent log debug-level 'warning' set service zabbix-agent log size '1' set service zabbix-agent server '192.0.2.5' set service zabbix-agent server-active 192.0.2.5 port '10051' set service zabbix-agent server-active 2001:db8::123
2023-08-08Merge pull request #2119 from nicolas-fort/T5014-dnatChristian Breunig
T5014: nat: add source and destination nat options for configuring lo…
2023-08-07smoketest: remove duplicate CLI option for base interface testChristian Breunig
2023-08-07smoketest: make use of vlan=False API when calling Section.interfacesChristian Breunig
2023-08-07wireguard: T5409: Added 'set interfaces wireguard wgX threaded'aapostoliuk
Added 'set interfaces wireguard wgX threaded' command. Process traffic from each peer in a dedicated thread.
2023-08-06smoketest: T5428: check for process running in designated VRFChristian Breunig
Start IPv4/IPv6 DHCP clients on an interface bound to a given VRF. Verify that the client process runs in the VRF context.
2023-08-06T5195: move helpers from vyos.validate to vyos.utils packageChristian Breunig
2023-08-06dyndns: T5445: add possibility to specify update interval (timeout)Christian Breunig
set service dns dynamic timeout <60-3600>
2023-08-05smoketest: T5428: remove hardcoded dhcp6c config pathsChristian Breunig
2023-08-02Merge pull request #2122 from aapostoliuk/T5413Christian Breunig
wireguard: T5413: Blocked adding the peer with the router's public key