Age | Commit message (Collapse) | Author |
|
Templatize systemd override for ddclient service and move the generated
override files in /run. This ensures that the override files are always
generated afresh after boot.
Additionally, simplify the systemd override file by removing the
redundant/superfluous overrides.
|
|
This is a radvd limitation.
|
|
Debian's `debian/2%2.10-12` update of the hostap packaging added a
ConditionFileNotEmpty directive for `/etc/hostapd/<...>` paths, which
doesn't match the `/run/hostapd/<...>` paths that VyOS uses. This commit
updates the override file to use the proper VyOS paths.
https://salsa.debian.org/debian/wpa/-/commit/d204ceb5a2dc33db888eb55b5fee542a1005e69c
Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
|
|
Commit cb872efb ("frr: T5045: lift LimitNOFILE 1024 -> 4096") added both
LimitNOFILE and LimitNOFILESoft parameters for FRR, as "systemctl cat frr.service"
showed both versions.
During daemon startup systemd complains:
Unknown key name 'LimitNOFILESoft' in section 'Service', ignoring.
So the key got removed again.
|
|
Also ExecReload is a duplicate of the base service file
|
|
|
|
Lift the amount of allowed open file descriptors for the FRR process tree.
Required if there are hundreds to thousands interfaces on a system.
|
|
|
|
When MACsec was bound to an ethernet interface and the underlaying
source-interface got changed (even description only) this terminated the
MACsec session running on top of it.
The root cause is when EAPoL was implemented in commit d59354e52a8a7f we
re-used the same systemd unit which is responsible for MACsec. That indeed lead
to the fact that wpa_supplicant was always stopped when anything happened on
the underlaying source-interface that was not related to EAPoL.
|
|
|
|
|
|
|
|
|
|
After discussion with @zsdc this was decided the better long term fix
* Removes hourly logrotate cron in favour of systemd timer override
|
|
does not terminate"
This reverts commit dda1b02932a5108ef257f59323dcfcf82582b805.
|
|
not terminate
|
|
It should be possible to send the gathered data via a VRF bound interface to
the collector. This is somehow related to T3981 but it's the opposite side of
the netflow process.
set system flow-accounting vrf <name>
|
|
|
|
Without this option systemd startup will hit a timeout and the kill keepalived
again.
|
|
|
|
|
|
The systemd unit for atop service is changed, so the log file name and
location will be always the same. It also adds the logrotate
configuration to conditionally rotate a log file.
Hardcoded values:
- maximum log file size: 10 MB
- maximum count of files: 10
These values can be easily changed within the
`/etc/logrotate.d/vyos-atop`, no additional configuration is required.
Rotation will be done hourly, if necessary, according to
`/etc/cron.hourly/vyos-logrotate-hourly`.
This change has two benefits:
- rotation strategy control can be done via logrotate, and can be
exposed to CLI now;
- the total size of all logs is now controlled more aggressively, so
the chance to get a situation when atop logs took all the space on a
drive is significantly lower. Also, if this will be necessary, rotation
may be done even each minute what reduces risks related to logs size
even more.
|
|
|
|
|
|
Custom OpenVPN options moved back to the command line from a
configuration file. This should keep full compatibility with the
`crux` branch, and allows to avoid mistakes with parsing options
that contain `--` in the middle.
The only smart part of this - handling a `push` option. Because
of internal changes in OpenVPN, previously it did not require an
argument in the double-quotes, but after version update in
`equuleus` and `sagitta` old syntax became invalid. So, all the
`push` options are processed to add quotes. The solution is still
not complete, because if a single config line contains `push` with
other options, it will not work, but it is better than nothing.
|
|
|
|
Move keepalived configuration from /etc/keepalived to /run/keepalived.
|
|
|
|
This reverts commit 95bbbb8bed92a60a320ff255c8b8656145f3c540.
|
|
This is the completion of commit 50a742b5 ("IPSec: T3643: Fix path for
swanctl.conf file") that moves the generated swanctl file from non-volatile to
a volatile (tmpfs backed) storage like we do for all out configuration files.
Thus it is ensured after a reboot or service deprecation there are no accidential
leftovers from previous configurations stored on the system.
|
|
Debian Bullseye ships an upstream version of lcdproc.service which infact will
start LCDd instead of the lcdproc client.
Divert the Debian Upstream service file and use the ones provided by vyos-1x.
|
|
The variable ConditionPathExists is now set in the upstream systemd unit file,
thus the VyOS generated unit file is located under /run/radvd/radvd.conf and
the condition won't match.
This can be solved by first clearing the upstream value for ConditionPathExists
and the set the new path.
|
|
|
|
|
|
|
|
Commit b082a6fb21 ("lcd: T2564: flatten CLI interface") by accident replaced
the template for hostapd which an LCD configuration during implementation of
T2564.
This has been corrected by restoring the content of the service configuration
from commit 8efb8ba1e (one commit earlier).
|
|
|
|
* set system lcd device <device>
* set system lcd model <modeml>
Both device and model have completion helpers for supported interfaces and LCD
displays.
|
|
|
|
T2486: DNS, vyos-hostsd fixes
|
|
|
|
|
|
|
|
For more examples on the new get_config_dict() approach migrate this
implementation as it is not yet in production use. Also this serves as proof of
concept code for further migrations.
|
|
|
|
|
|
|
|
|
|
|
|
After migrating PowerDNS to systemd and also its configuration files to a
volatile directory in commit 77d725f ("dns-forwarding: T2185: move configuration
files to volatile /run directory") the path for the control file has not
been altered and pushed to the client rec_control binary"
|