Age | Commit message (Collapse) | Author |
|
Fix multiple syntax errors.
Restart rsyslog after update since it uses the hostname.
Write the 127.0 entry to /etc/hosts, since sudo complains when it cannot resolve it.
|
|
T574: Add new style scripts and definitions for system host-name
|
|
* remove-ssh-allow-root:
T634: Remove 'service ssh allow-root'
|
|
|
|
* t632-ssh-multi-nodes:
T632: allow multiple algoorithms for: Ciper, KEX, MACs
T632: use multi node for SSH allow/deny users and groups
|
|
When generating a configuration for DNS domain forward to a local server
with 'set service dns forwarding domain foo.com server 1.1.1.1' this resulted in
# domain ... server ...
forward-zones=bar.com = 2.1.1.1;2.1.1.2
forward-zones=foo.com = 1.1.1.1;1.1.1.2
On PowerDNS recursor restart the last line won and it totally forgot about
'bar.com'. This could be seen from the logfiles that only one domain was loaded:
Redirecting queries for zone 'foo.com.' to: 1.1.1.1:53, 1.1.1.2:53
The manual at https://doc.powerdns.com/3/recursor/settings/#forward-zones shows
that all domains have to be configured on one 'forward-zones=' line. In the above
example this has to result in:
forward-zones=bar.com=2.1.1.1;2.1.1.2, foo.com=1.1.1.1;1.1.1.2
A subsequent check within the logfiles reveal that it's now working:
Redirecting queries for zone 'bar.com.' to: 2.2.2.2:53, 2.2.2.1:53
Redirecting queries for zone 'foo.com.' to: 1.1.1.1:53, 1.1.1.2:53
|
|
* upstream/current:
Do not try to decode data read from /sys files in the show version script, it's already an str.
Dependencies on file and pystache, for install and show version scripts..
Add dependency on hvinfo, too.
T637, T638: add dependencies on tcpdump and bmon.
T638: new op mode CLI for the bandwidth monitor commands.
T637: new op mode for traffic dumps based on tcpdump.
Correct the logic of generating tag nodes for op mode.
Add missing vyos.base module
Fix cron interval regex to allow single digit values.
Fix misplaces ConfigError exception.
Some more valueless fixes.
Mark nodes in SSH and NTP valueless (related to T602).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* ssh-rewrite:
T631: small bugfix in config parsind for deny-users
T631: improve help for access-control
T631: refactor SSH script and switch to jinja2
T631: first full generated config file with XML and Python
T631: use completionHelp for SSH rather then valueHelp
T631: Rewrite SSH configuration as XML interface definition
|
|
|
|
|
|
Commit f1bbc20716 ("Add jinja2 and ipaddrcheck to dependencies.")
introduced access to a NoneType object when the service was removed.
This happened after:
$ delete service dns forwarding
$ commit
File "/opt/vyatta/sbin/vyos-config-dns-forwarding.py", line 201, in <module>
verify(c)
File "/opt/vyatta/sbin/vyos-config-dns-forwarding.py", line 164, in verify
if not dns['interfaces']:
TypeError: 'NoneType' object is not subscriptable
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If a user configures 'set service dns forwarding dhcp <if>' and <if> is not a
DHCP interface, this won't corrupt the recursor.conf.
The missconfiguration is simply ignored.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Using 'service' as wrapper to start system services is no longer necessary,
hence use the full systemd command.
|
|
|
|
|
|
|
|
VyOSError is now only raised on improper config operations and internal errors,
such as trying to use a function on a wrong kind of node.
ConfigError should be used by scripts to indicate configuration mistakes
and error conditions.
|
|
Check if crontab exists before trying to delete it. Fail commit if
executable is not defined in the task.
|
|
|
|
Do not inherit from the Config class, it only made things more complicated.
Remove the sys.path.append that was made necessary by using partial paths where full
paths are expected.
Exit with 1 (to make commit fail properly) if VyOSError is raised.
Replace the OO representation of cron jobs with simple hashes: the format is not expected
to grow any more complex and encapsulation will hardly be necessary (though if one can think of
a good OO design for this, it's welcome).
Do not mix config reading and validation to enable changing the syntax without changing any of the
code but get_config()
|
|
|
|
|