summaryrefslogtreecommitdiff
path: root/src/migration-scripts
AgeCommit message (Collapse)Author
2019-10-27snmp: T1769: remove TSM (Transport Security Mode) supportChristian Poessinger
The SNMPv3 TSM is very complex and I know 0 users of it. Also this is untested and I know no way how it could be tested. Instead of carrying on dead and unused code we should favour a drop of it using a proper config migration script. (cherry picked from commit 556b528ef9cc1eca9d142ebe1f8f88cd02d536da)
2019-10-27snmp: T818: T1738: remove per user/trap engine idChristian Poessinger
As of the SNMP specification an SNMP engine ID should be unique per device. To not make it more complicated for users - only use the global SNMP engine ID. (cherry picked from commit d523111279b3a9a5266b442db5f04049a31685f7)
2019-08-25powerdns: T1524: support setting allow-from networkChristian Poessinger
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. https://docs.powerdns.com/recursor/settings.html#allow-from Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor. As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open resolver. If there is no allow-from statement a config-migrator will add the appropriate nodes to the configuration, resulting in: service { dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 0 ignore-hosts-file listen-address 192.0.2.1 } } } (cherry picked from commit dc0f641956d002fa8588ef8d1213791cf36e92f2)
2019-04-26[dhcp-server]: bugfix on wrong exit code caused due to wrong indentionChristian Poessinger
(cherry picked from commit d46523b92a2e5959da66973343092c819fea6285)
2019-04-20[dhcp-server] T1335: bugfix when migrating authoritative sectionChristian Poessinger
(cherry picked from commit f8b7e3b2b20d143643bfac72db68943dfc9046f1)
2019-01-26Merge branch 'current' into cruxDaniil Baturin
2019-01-26[webproxy] T1203: do not attempt to migrate proxy-bypass if it doesn't exist.Daniil Baturin
2019-01-07Fix: T1168 - Upgrade: 1,1,7 -> 1.2.0-epa2 (command conversion)hagbard
2018-12-31Merge branch 'current' into cruxDaniil Baturin
2018-12-31T1112: migrate BGP redistribute metric and route-map options too.Daniil Baturin
2018-12-31T1112: migrate BGP redistribute options (patch by Merijn).Daniil Baturin
2018-12-16Merge branch 'current' into cruxDaniil Baturin
2018-12-07T1060: build fix for wrong config-version numberChristian Poessinger
Commit 9d35610c173 ("T1060: add missing version file for webproxy") assumed that there is a webproxy config version of 0 but we already have 1. This lead to duplicate files detected by apt.
2018-12-02T1060: Add webproxy migration script (proxy-bypass -> whitelist).Dirk Steinkopf
2018-11-19Merge branch 'current' into cruxDaniil Baturin
2018-11-19T835: migration script for radius' secret vs. key, rolled back thehagbard
change to 'mode local|radius'
2018-11-17T1018: remove obsoleted 'dynamic' option from NTPChristian Poessinger
Increase NTP config version from 0 to 1. For more information see [1]. ntpd: Warning: the "dynamic" keyword has been obsoleted and will be removed in the next release [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553976 (cherry picked from commit 7a615ab169a7f6141fd9b6e84ac1ea415216d9bb)
2018-11-17T1018: remove obsoleted 'dynamic' option from NTPChristian Poessinger
Increase NTP config version from 0 to 1. For more information see [1]. ntpd: Warning: the "dynamic" keyword has been obsoleted and will be removed in the next release [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553976
2018-11-12migration/l2tp: fix file commentChristian Poessinger
(cherry picked from commit 2375e0876abeff26ba875419b62f974d0ff6122a)
2018-11-12T987: Unclutter PPTP/IPSec RADIUS configuration nodesChristian Poessinger
In other words, remove top level tag nodes from radius-server and introduce a regular "radius" node, thus we can add additional features, too. A migration script is provided in vyos-1x which takes care of this config migration. Change VyOS CLI from: vyos@vyos# show vpn pptp remote-access { authentication { mode radius radius-server 172.16.100.10 { key barbarbar } radius-server 172.16.100.20 { key foofoofoo } } To: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius { server 172.16.100.10 { key barbarbar } server 172.16.100.20 { key foofoofoo } } } (cherry picked from commit 2b8af944d60de2fca8370a108e422ccc6b3d006d)
2018-11-12migration/l2tp: fix file commentChristian Poessinger
2018-11-12T987: Unclutter PPTP/IPSec RADIUS configuration nodesChristian Poessinger
In other words, remove top level tag nodes from radius-server and introduce a regular "radius" node, thus we can add additional features, too. A migration script is provided in vyos-1x which takes care of this config migration. Change VyOS CLI from: vyos@vyos# show vpn pptp remote-access { authentication { mode radius radius-server 172.16.100.10 { key barbarbar } radius-server 172.16.100.20 { key foofoofoo } } To: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius { server 172.16.100.10 { key barbarbar } server 172.16.100.20 { key foofoofoo } } }
2018-11-12Merge branch 'current' into cruxDaniil Baturin
2018-11-11T987: Unclutter L2TP/IPSec RADIUS configuration nodesChristian Poessinger
In other words, remove top level tag nodes from radius-server and introduce a regular "radius" node, thus we can add additional features, too. A migration script is provided in vyos-1x which takes care of this config migration. Change VyOS CLI from: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius-server 172.16.100.10 { key barbarbar } radius-server 172.16.100.20 { key foofoofoo } radius-source-address 172.16.254.100 } To: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius { server 172.16.100.10 { key barbarbar } server 172.16.100.20 { key foofoofoo } source-address 172.16.254.100 } }
2018-11-02T939: Remove possibility to specify DHCP relay portChristian Poessinger
(cherry picked from commit c4c183a16fe2ddc612ed947fc5513c87f30c7c27)
2018-11-02T939: Remove possibility to specify DHCP relay portChristian Poessinger
2018-10-21T634: remove 'service ssh allow-root'Christian Poessinger
2018-10-21T634: remove 'service ssh allow-root'Christian Poessinger
(cherry picked from commit 9cf0514668b1461d3b74076b99c9edabafa10418)
2018-10-02T414: remove "service telnet" from configs on upgrade.Daniil Baturin
2018-09-19T849: fix quagga 2-to-3 migration script permissions.Daniil Baturin
2018-09-19T849: remove stray debug prints.Daniil Baturin
2018-09-18T849: add a migration script for the new IPv4 BGP syntax.Daniil Baturin
2018-09-02T825: add system 8-to-9 migration scriptChristian Poessinger
2018-08-27T778: T782: dhcp-server: XML and Python rewriteChristian Poessinger
This commit changes in addtion the DHCP server config syntax as defined in "T782: Cleanup dhcp-server configuration". Replace boolean parameter from the folowing nodes and make it valueless. This requires a migration script which is tracked with this task * set service dhcp-server shared-network-name <xyz> subnet 172.31.0.0/24 ip-forwarding enable (true|false) * set service dhcp-server shared-network-name <xyz> authoritative (true|false) * set service dhcp-server disabled (true|false) * set service dhcp-server dynamic-dns-update enable (true|fals) * set service dhcp-server hostfile-update (enable|disable) Replace the nested start/stop ip address from "subnet 172.31.0.0/24 start 172.31.0.101 stop 172.31.0.149" to "subnet 172.31.0.0/24 range <foo> start" and "subnet 172.31.0.0/24 range <foo> stop" where foo can be any character or number. In addition the vyatta-cfg-dhcp-server package used it's own init/config file for service startup. This has been migrated to the vanilla Debian files. Copy 'on-dhcp-event.sh' from vyatta-cfg-shcp-server package commit 4749e648bca6.
2018-07-27T666, T616: new implementation of the VRRP CLI.Daniil Baturin
2018-05-31T629: replace the config-management migration script.Daniil Baturin
2018-05-29T667: add a migration script for converting "system gateway-address" to ↵Daniil Baturin
"protocols static route 0.0.0.0". Code-wise that option was in vyatta-cfg-quagga, but the syntax is inside "system", so let's keep the script under system too.