summaryrefslogtreecommitdiff
path: root/src/migration-scripts
AgeCommit message (Collapse)Author
2019-11-23wireless: T1627: change RADIUS CLI syntaxChristian Poessinger
Adopt RADIUS configuration and harmonize it with the rest of VyOS. Move the following configuration block: security { wpa { cipher CCMP mode wpa2 radius-server 172.16.100.10 { port 1812 secret secretkey } radius-server 172.16.100.11 { port 1812 secret secretkey } } } to the harmonized version of: security { wpa { cipher CCMP mode wpa2 radius { server 172.16.100.10 { port 1812 secret secretkey } server 172.16.100.11 { port 1812 secret secretkey } } } } And add the new "set interfaces wireless wlan0 security wpa radius source-address" CLI command to specify the origin of any RADIUS query on systems having multiple IP addresses.
2019-11-23wireless: T1627: config migrator does not support camel casingChristian Poessinger
convert all nodes to lowercase
2019-11-23wireless: T1627: initial rewrite in XML/Python styleChristian Poessinger
Working: - Wireless modes b, g, n, ac - WPA/WPA2 psk and RADIUS (tested using Microsoft NPS)
2019-11-11[OpenVPN]: T1704: Added function for ncp-ciphers, and ability to disable it.vindenesen
[OpenVPN]: T1704: Changed config structure for OpenVPN encryption to support ncp-ciphers. [OpenVPN]: T1704: Added migration scripts for interface 2-to-3
2019-10-27snmp: T1769: remove TSM (Transport Security Mode) supportChristian Poessinger
The SNMPv3 TSM is very complex and I know 0 users of it. Also this is untested and I know no way how it could be tested. Instead of carrying on dead and unused code we should favour a drop of it using a proper config migration script.
2019-10-27snmp: T818: T1738: remove per user/trap engine idChristian Poessinger
As of the SNMP specification an SNMP engine ID should be unique per device. To not make it more complicated for users - only use the global SNMP engine ID.
2019-10-17bgp: T1490: fix migrator file permissionsChristian Poessinger
2019-10-08[BGP] T1490: Added migration for obsoleted 'bgp scan-time' parameterzsdc
2019-09-04bonding: T1614: T532: new commit validatorsChristian Poessinger
As in the past during the priority race of the bash script invalid configuration could appear in the CLI and are de-synced from the kernle state, e.g. some bonding modes do not support arp_interval. This is no longer allowed and added to the migration script so that the config again represents the truth.
2019-09-04bonding: T1614: Initial version in new style XML/Python interfaceChristian Poessinger
The node 'interfaces ethernet eth0 bond-group' has been changed and de-nested. Bond members are now configured in the bond interface itself. set interfaces bonding bond0 member interface eth0
2019-08-24T1611: check if config node exists before getting valueJernej Jakob
2019-08-20powerdns: T1595: add config migrator to remove 'listen-on'Christian Poessinger
2019-08-20powerdns: T1524: support setting allow-from networkChristian Poessinger
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. https://docs.powerdns.com/recursor/settings.html#allow-from Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor. As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open resolver. If there is no allow-from statement a config-migrator will add the appropriate nodes to the configuration, resulting in: service { dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 0 ignore-hosts-file listen-address 192.0.2.1 } } }
2019-08-07[bridge] T1156: add missing if statement in config-migrationChristian Poessinger
Fixes: Traceback (most recent call last): File "/opt/vyatta/etc/config-migrate/migrate/interfaces/0-to-1", line 27, in <module> for br in config.list_nodes(base): File "/usr/lib/python3/dist-packages/vyos/configtree.py", line 255, in list_nodes raise ConfigTreeError("Path [{}] doesn't exist".format(path_str)) vyos.configtree.ConfigTreeError: Path [b'interfaces bridge'] doesn't exist
2019-08-04[bridge] T1156: rename igmp-snooping node to igmpChristian Poessinger
2019-08-03[bridge] T1156: support adding and removing bridge member interfacesChristian Poessinger
This is the new syntax bridge br0 { member { interface eth0 { cost 10 } interface eth1 { cost 11 } } }
2019-08-02[bridge] T1156: add configuration migration scriptChristian Poessinger
2019-07-08[PPPoE] - T1489: vlan_mon config optionshagbard
2019-06-16Revert "T849: move BGP peer-group node to ipv4 address family"Christian Poessinger
This reverts commit 685b1e0d050c7883303733d710327161fe046b60.
2019-06-16T849: move BGP peer-group node to ipv4 address familyChristian Poessinger
To have a consitent IPv4/IPv6 CLI a lot of BGP neighbor nodes have been migrated. The IPv4 peer-group has been forgotten, leaving a non consistent CLI. Previously: ----------- neighbor 2001:DB8:FFFF::1 { address-family { ipv6-unicast { peer-group iBGP } } peer-group iBGP } Now: ---- neighbor 2001:DB8:FFFF::1 { address-family { ipv6-unicast { peer-group iBGP } } address-family { ipv4-unicast { peer-group iBGP } } }
2019-05-08T805: Drop config compatibility with Vyatta Core older than 6.5John Estabrook
Rewrite vyatta-config-migrate/migrate/system/6-to-7 in the canonical style and add to vyos-1x migration-scripts. This completes the collection of scripts needed to drop compatability with Vyatta Core older than 6.5.
2019-04-26[dhcp-server]: bugfix on wrong exit code caused due to wrong indentionChristian Poessinger
2019-04-23[migration] T1344: extend migration script for radius-source-addressChristian Poessinger
radius-source-address was backported to vyOS 1.2.2 so also migrate this node.
2019-04-20[dhcp-server] T1335: bugfix when migrating authoritative sectionChristian Poessinger
2019-04-20Revert "[hostname] T1336: trailing dots in system domain-name are invalid"Christian Poessinger
This reverts commit 05c539ea5595790b297904569cbe13089ce79e18.
2019-04-20[hostname] T1336: trailing dots in system domain-name are invalidChristian Poessinger
Debian/Systemd provides hostnamectl which disabllows setting a FQDN when there is a trailing (.) in the provided hostname. Extend regex when setting "system domain-name" that there can't be a trailing (.). Provide migration script for current installations to remove the dot.
2019-04-19[migration] T1344: unclutter 'system login radius-server' configuration nodesChristian Poessinger
2019-04-04T1323 - migrate operator accounts to admin accountshagbard
2019-01-26[webproxy] T1203: do not attempt to migrate proxy-bypass if it doesn't exist.Daniil Baturin
2019-01-07Fix: T1168 - Upgrade: 1,1,7 -> 1.2.0-epa2 (command conversion)hagbard
2018-12-31T1112: migrate BGP redistribute metric and route-map options too.Daniil Baturin
2018-12-31T1112: migrate BGP redistribute options (patch by Merijn).Daniil Baturin
2018-12-07T1060: build fix for wrong config-version numberChristian Poessinger
Commit 9d35610c173 ("T1060: add missing version file for webproxy") assumed that there is a webproxy config version of 0 but we already have 1. This lead to duplicate files detected by apt.
2018-12-02T1060: Add webproxy migration script (proxy-bypass -> whitelist).Dirk Steinkopf
2018-11-19T835: migration script for radius' secret vs. key, rolled back thehagbard
change to 'mode local|radius'
2018-11-17T1018: remove obsoleted 'dynamic' option from NTPChristian Poessinger
Increase NTP config version from 0 to 1. For more information see [1]. ntpd: Warning: the "dynamic" keyword has been obsoleted and will be removed in the next release [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553976
2018-11-12migration/l2tp: fix file commentChristian Poessinger
2018-11-12T987: Unclutter PPTP/IPSec RADIUS configuration nodesChristian Poessinger
In other words, remove top level tag nodes from radius-server and introduce a regular "radius" node, thus we can add additional features, too. A migration script is provided in vyos-1x which takes care of this config migration. Change VyOS CLI from: vyos@vyos# show vpn pptp remote-access { authentication { mode radius radius-server 172.16.100.10 { key barbarbar } radius-server 172.16.100.20 { key foofoofoo } } To: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius { server 172.16.100.10 { key barbarbar } server 172.16.100.20 { key foofoofoo } } }
2018-11-11T987: Unclutter L2TP/IPSec RADIUS configuration nodesChristian Poessinger
In other words, remove top level tag nodes from radius-server and introduce a regular "radius" node, thus we can add additional features, too. A migration script is provided in vyos-1x which takes care of this config migration. Change VyOS CLI from: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius-server 172.16.100.10 { key barbarbar } radius-server 172.16.100.20 { key foofoofoo } radius-source-address 172.16.254.100 } To: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius { server 172.16.100.10 { key barbarbar } server 172.16.100.20 { key foofoofoo } source-address 172.16.254.100 } }
2018-11-02T939: Remove possibility to specify DHCP relay portChristian Poessinger
2018-10-21T634: remove 'service ssh allow-root'Christian Poessinger
2018-09-19T849: fix quagga 2-to-3 migration script permissions.Daniil Baturin
2018-09-19T849: remove stray debug prints.Daniil Baturin
2018-09-18T849: add a migration script for the new IPv4 BGP syntax.Daniil Baturin
2018-09-02T825: add system 8-to-9 migration scriptChristian Poessinger
2018-08-27T778: T782: dhcp-server: XML and Python rewriteChristian Poessinger
This commit changes in addtion the DHCP server config syntax as defined in "T782: Cleanup dhcp-server configuration". Replace boolean parameter from the folowing nodes and make it valueless. This requires a migration script which is tracked with this task * set service dhcp-server shared-network-name <xyz> subnet 172.31.0.0/24 ip-forwarding enable (true|false) * set service dhcp-server shared-network-name <xyz> authoritative (true|false) * set service dhcp-server disabled (true|false) * set service dhcp-server dynamic-dns-update enable (true|fals) * set service dhcp-server hostfile-update (enable|disable) Replace the nested start/stop ip address from "subnet 172.31.0.0/24 start 172.31.0.101 stop 172.31.0.149" to "subnet 172.31.0.0/24 range <foo> start" and "subnet 172.31.0.0/24 range <foo> stop" where foo can be any character or number. In addition the vyatta-cfg-dhcp-server package used it's own init/config file for service startup. This has been migrated to the vanilla Debian files. Copy 'on-dhcp-event.sh' from vyatta-cfg-shcp-server package commit 4749e648bca6.
2018-07-27T666, T616: new implementation of the VRRP CLI.Daniil Baturin
2018-05-31T629: replace the config-management migration script.Daniil Baturin
2018-05-29T667: add a migration script for converting "system gateway-address" to ↵Daniil Baturin
"protocols static route 0.0.0.0". Code-wise that option was in vyatta-cfg-quagga, but the syntax is inside "system", so let's keep the script under system too.