summaryrefslogtreecommitdiff
path: root/src/etc
AgeCommit message (Collapse)Author
2022-04-16salt-minion: T4364: use systemd FinalKillSignal as process sometimes does ↵Christian Poessinger
not terminate
2022-04-02wwan: T4324: cronjob is setup via interfaces-wwan.py - drop dedicated cron fileChristian Poessinger
2022-03-28Revert "openvpn: T4230: globally enable ip_nonlocal_bind"Daniil Baturin
This reverts commit 1cbcbf40b7721849f9696c05fac65db010a66b7c.
2022-03-07logrotate: T4250: Fixed logrotate config generationzsdc
* Removed `/var/log/auth.log` and `/var/log/messages` from `/etc/logrotate.d/rsyslog`, because they conflict with VyOS-controlled items what leads to service error. * Removed generation config file for `/var/log/messages` from `system-syslog.py` - this should be done from `syslom logs` now. * Generate each logfile from `system syslog file` to a dedicated logrotate config file. * Fixed logrotate config file names in `/etc/rsyslog.d/vyos-rsyslog.conf`. * Added default logrotate settins for `/var/log/messages`
2022-03-05conntrackd: T4259: prevent startup of multiple daemon instancesChristian Poessinger
2022-03-01flow-accounting: T4277: support sending flow-data via VRF interfaceChristian Poessinger
It should be possible to send the gathered data via a VRF bound interface to the collector. This is somehow related to T3981 but it's the opposite side of the netflow process. set system flow-accounting vrf <name>
2022-02-17openvpn: T4230: globally enable ip_nonlocal_bindChristian Poessinger
2022-02-08monitoring: T3872: Add input filter for firewall InfluxDB2Viacheslav Hletenko
Input filter for firewall allows to get bytes/counters from nftables in format, required for InfluxDB2
2022-02-01Revert "dhclient: T3392: remove /usr/sbin prefix from iproute2 ip command"Christian Poessinger
This reverts commit 78b247b724f74bdabab0706aaa7f5b00e5809bc1.
2022-01-28dhclient: T3392: remove /usr/sbin prefix from iproute2 ip commandChristian Poessinger
2022-01-13monitoring: T3872: Rewrite input filter custom_scriptViacheslav
Rewrite and improve the custom input filter telegraf script "show_interfaces_input_filter.py" to more readable and clear format Fix bug when it failed with configured tunnel "tunX" interfaces
2022-01-03keepalived: T4128: add missing keepalived.service fileChristian Poessinger
2022-01-03keepalived: T4128: add systemd option Type=simpleChristian Poessinger
Without this option systemd startup will hit a timeout and the kill keepalived again.
2022-01-03Merge pull request #1018 from sever-sever/T3872Christian Poessinger
monitoring: T3872: Add a new feature service monitoring
2022-01-03monitoring: T3872: Add a new feature service monitoring telegrafViacheslav
2021-12-30dhclient: T4121: Fixed resolv.conf generation at early boot stagezsdc
In case if a CLI configuration is not available, dhclient cannot add nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that an interface be listed in the `set system name-server` option. This commit introduces two changes: * `vyos-hostsd` service will not be started before Cloud-Init fetch all remote data. This is required because all meta-data should be available for Cloud-Init before any of VyOS-related services start since it is used for configuration generation. * the `vyos-hostsd-client` in the `dhclient-script` will be used only if the `vyos-hostsd` is running. In other words - if VyOS services already started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other cases - does this directly. These changes should protect us from problems with DHCP during system boot if DHCP is required by third-party utils.
2021-12-26flow-accounting: T4097: move configuration file to /runChristian Poessinger
2021-11-18wwan: T3795: periodically check if WWAN connection needs a reconnectChristian Poessinger
(cherry picked from commit eb6247e4b464c36fa7441627b221d0db39429251)
2021-11-15openvpn: T3995: implement systemd reload supportChristian Poessinger
2021-11-10Merge pull request #1068 from zdc/T3774-sagittaChristian Poessinger
atop: T3774: Atop log file rotation fix
2021-11-09interface-names: T3871: Add temporary interface names to properly renamingDmitriyEshenko
2021-11-09atop: T3774: Atop log file rotation fixzsdc
The systemd unit for atop service is changed, so the log file name and location will be always the same. It also adds the logrotate configuration to conditionally rotate a log file. Hardcoded values: - maximum log file size: 10 MB - maximum count of files: 10 These values can be easily changed within the `/etc/logrotate.d/vyos-atop`, no additional configuration is required. Rotation will be done hourly, if necessary, according to `/etc/cron.hourly/vyos-logrotate-hourly`. This change has two benefits: - rotation strategy control can be done via logrotate, and can be exposed to CLI now; - the total size of all logs is now controlled more aggressively, so the chance to get a situation when atop logs took all the space on a drive is significantly lower. Also, if this will be necessary, rotation may be done even each minute what reduces risks related to logs size even more.
2021-11-01Merge branch 'current' into T3350-sagittazdc
2021-10-31console: udev: T3954: adjust rule script to new systemd-udev versionChristian Poessinger
We can no longer use bash veriable string code vor string manipulation. Move to a more robust "cut" implementation.
2021-10-25dhclient: T3940: Added lease file argument to the `dhclient -x` callzsdc
When `dhclient` with the `-x` option is used to stop running DHCP client with a lease file that is not the same as in the new `dhclient` process, it requires a `-lf` argument with a path to the old lease file to find information about old/active leases and process them according to instructions and config. This commit adds the option to the `02-vyos-stopdhclient` hook, which allows to properly process `dhclient` instances started in different ways.
2021-10-21dhclient hooks: T3920: avoid 'too many args' error when no vrfRoss Dougherty
(cherry picked from commit 67b3dd6b4715fef266eb47e68623944f8be617e0)
2021-10-20mdns: T3917: move avahi configuration file to /runChristian Poessinger
2021-10-04OpenVPN: T3350: Changed custom options for OpenVPN processingzsdc
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing.
2021-09-30interface-names: T3869: update udev rulesJohn Estabrook
2021-09-25ipsec: T2816: ipsec-dhclient-hook should only run if swanctl.conf existsChristian Poessinger
2021-09-25ipsec: T2816: ipsec-dhclient-hook should use exit(0)Christian Poessinger
2021-09-25ipsec: T2816: ipsec-dhclient-hook should use vyos.util.read_file() / ↵Christian Poessinger
write_file()
2021-09-21vrrp: keepalived: T3847: migrate to get_config_dict()Christian Poessinger
2021-09-21vrrp: keepalived: T616: move configuration to volatile /run directoryChristian Poessinger
Move keepalived configuration from /etc/keepalived to /run/keepalived.
2021-09-19ipsec: T1441: Clean up vti-up-down script for XFRM interfacesLucas Christian
2021-09-08openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
2021-08-26ipsec: T3780: shutting down vti when tunnel is downkrox2
2021-08-23container: T2216: increase sysctl inotify watchersChristian Poessinger
2021-08-21pppoe: T3090: migrate to vyos.ifconfig library to use the full potentialChristian Poessinger
Now that MSS clamping is done on the "per-interface" level the entire PPPoE stuff would have needed to get a full copy in GNU BASH for this or, participate in the common library. Add a new PPP ip-up script named 99-vyos-pppoe-callback which will call the vyos.ifconfig.PPPoEIf.update() function to configure everything as done with all other interfaces. This removes duplicated code for VRF assignment and route installation when a PPPoE interface is brought up or down.
2021-08-21udev: T2490: fix substitution error reported by udevChristian Poessinger
2021-08-12login: T3746: inform users about pending rebootsChristian Poessinger
2021-08-09ipsec: T3720: assigning vti secondary address caused interface in A/D stateChristian Poessinger
2021-07-31sysctl: T3716: remove IPv4/6 routes from FIB when link goes downChristian Poessinger
For more information see: * https://programmersought.com/article/62242485344/ * https://www.spinics.net/lists/netdev/msg332453.html * https://github.com/FRRouting/frr/blob/master/doc/user/Useful_Sysctl_Settings.md
2021-07-31sysctl: T671: add missing net.ipv6.route.skip_notify_on_dev_down settingChristian Poessinger
Recommended by FRR best deafults https://github.com/FRRouting/frr/blob/master/doc/user/Useful_Sysctl_Settings.md
2021-07-15vyos-1x-vmware: T3682: remove dhclient from ether-resume.pyYun Zheng Hu
dhclient is already handled by netplug so it's removed to avoid double renewing of dhcp leases.
2021-06-26Import configuration files from vyatta-cfg-systemChristian Poessinger
2021-06-26Import sudoers configuration from vyatta-cfg-systemChristian Poessinger
2021-06-26Revert "ipsec: T3643: move swanctl.conf to /run"Christian Poessinger
This reverts commit 95bbbb8bed92a60a320ff255c8b8656145f3c540.
2021-06-24ipsec: T3643: move swanctl.conf to /runChristian Poessinger
This is the completion of commit 50a742b5 ("IPSec: T3643: Fix path for swanctl.conf file") that moves the generated swanctl file from non-volatile to a volatile (tmpfs backed) storage like we do for all out configuration files. Thus it is ensured after a reboot or service deprecation there are no accidential leftovers from previous configurations stored on the system.
2021-06-24systemd: lcdproc: T3641: override upstream filesChristian Poessinger
Debian Bullseye ships an upstream version of lcdproc.service which infact will start LCDd instead of the lcdproc client. Divert the Debian Upstream service file and use the ones provided by vyos-1x.