Age | Commit message (Collapse) | Author |
|
(cherry picked from commit a9201e77110ce0695e2ba879304aef41b7ac9a0c)
|
|
When deleting SNMP from CLI the 'delete' key was not honored in the config
dictionary, leading to a false process startup causing the following error:
Job for snmpd.service failed because the control process exited with error code.
See "systemctl status snmpd.service" and "journalctl -xeu snmpd.service" for details.
(cherry picked from commit 20b98e780fda4131eb242921884d4955147ce51a)
|
|
|
|
|
|
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process
* T5195: use read_file and write_file implementation from vyos.utils.file
Changed code automatically using:
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} +
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} +
* T5195: move chmod* helpers to vyos.utils.permission
* T5195: use colon_separated_to_dict from vyos.utils.dict
* T5195: move is_systemd_service_* to vyos.utils.process
* T5195: fix boot issues with missing imports
* T5195: move dict_search_* helpers to vyos.utils.dict
* T5195: move network helpers to vyos.utils.network
* T5195: move commit_* helpers to vyos.utils.commit
* T5195: move user I/O helpers to vyos.utils.io
|
|
without vrf
|
|
Replace links to the phabricator site from https://phabricator.vyos.net to
https://vyos.dev
|
|
After the RESTRICTED view was introduced snmpd requires a network to be
specified. Before adding the RESTRICTED view snmpd always assumed the default
network 0.0.0.0/0.
This commit re-adds the build in default networks for IPv4 and IPv6 and
exposes it as a proper default to the CLI so the user is informed about it:
vyos@vyos# set service snmp community foooo
Possible completions:
authorization Authorization type (default: ro)
+ client IP address of SNMP client allowed to contact system
+ network Subnet of SNMP client(s) allowed to contact system (default:
0.0.0.0/0, ::/0)
|
|
T4857: SNMP: Implement FRR SNMP Recomendations
|
|
warning message
|
|
|
|
This prevents any stale override files when the system is beeing rebooted,
but the actual configuration was not saved. /run is a tmpfs and thus
always fresh after boot.
|
|
FRR: T4020: Added CLI options for FRR daemons
|
|
|
|
|
|
|
|
- Reverted changes from `python/vyos/util.py`. This may lead to
unnecessary FRR restart during each boot, depending on a default file
content and template, but makes this changeset cleaner.
- Fixed typos in node names (extra `>` characters).
- Added SNMP module for `isisd` and `ldpd`, since they have it compiled
now.
|
|
|
|
|
|
Added first CLI items for controlling FRR daemons parameters that
cannot be changed via vtysh and are available via arguments only. Now
it is possible to enable/disable modules: SNMP (for each daemon),
BMP (for BGP), IRDP (for Zebra).
|
|
We need to use a temporary variable when validating the tuple if address
is used. If not the else branch will always add the tuple to the list of
addresses used for listen-address.
|
|
|
|
|
|
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined.
All places now have been converged into vyos.template as they are used both
in the Jinja2 templates and also in our scripts.
|
|
|
|
The 3rd party library used for calculating the SNMP hashes in advance only
worked for SHA and nod for MD5 as SHA was hardcoded [1]. The code has been
replaced by a class-less implementation providing only the required
functionality.
[1]: https://github.com/TheMysteriousX/SNMPv3-Hash-Generator/issues/2
|
|
As of now when adding new credentials for any SNMPv3 user we submit the
credential either plaintext or encrypted. A plaintext credential will be hashed
by SNMPd in the background and then passed back into the CLI so it's not stored
in cleartext. This feels like the wrong way in changing the CLI content with
data produced by a 3rd party daemon which implements the service.
It feels like the tail wiggles the entire dog.
This should be changed in the following way:
- After retrieving the plaintext password from CLI, use Python to hash the key
in advance
- Re-populate the encrypted key into the CLI and drop the plaintext one
- Generate service configuration and continue startup of SNMPd
This also fixes a race condition when SNMPd started up but not properly
provided the hasehd keys in the configuration resulting in a ConfigurationError.
Now as we also support binding SNMPd to a VRF this fixes a deadlock situation
on bootup as we can only bind late to the VRF and require up to 5 restarts of
the service - but the service will never start.
|
|
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary
reason. After restarting SSH to often (rate-limiting) it is blocked by systemd.
Using Restart/RestartSec is not enough - systemd services use start rate
limiting (enabled by default). If service is started more than StartLimitBurst
times in StartLimitIntervalSec seconds is it not permitted to start any more.
Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and
DefaultStartLimitBurst (default 5).
|
|
For an unknown reason snmpd not always starts after reboot.
|
|
|
|
airbag must now be explicitly installed.
the patch also allow to fully disables the installation of the logging
code at setup (and not just installing and doing nothing)
|
|
After migrating PowerDNS to systemd and also its configuration files to a
volatile directory in commit 77d725f ("dns-forwarding: T2185: move configuration
files to volatile /run directory") the path for the control file has not
been altered and pushed to the client rec_control binary"
|
|
convert all call to jinja to use template.render
|
|
os.system does print the ouput of the command, run() does not.
A new function called call() does the printing and return the error code.
|
|
As little change a possible but the function call
The behaviour should be totally unchanged.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
A consistency check was missing to prevent deleting the SNMP configuration
but still setting "service lldp snmp enable".
|
|
As we need to operate with usmUser, we can search for it directly if its
present or not. There is always one usmUser entry for the system user.
|
|
|
|
|
|
|
|
|
|
This is actually an "upstream" bug, see [1] but it can be fixed via our own
scripts.
[1]: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1384122
|
|
This reverts commit 6945b2e3561cd76d193d41dd6ab5249661230460.
|