summaryrefslogtreecommitdiff
path: root/src/migration-scripts
AgeCommit message (Collapse)Author
2019-12-30l2tp: T1858: Delete deprecated outside-nexthopDmitriyEshenko
2019-12-28ipv6: T1915: remove 'system ipv6 blacklist'Christian Poessinger
2019-12-26time-zone: T1906: migrate unknown timezones to UTCChristian Poessinger
If - for whatever reason - a timezone specified is invalid ... migrate it to UTC, just in case!
2019-12-26time-zone: T1906: migrate to XML/PythonChristian Poessinger
The current node.def based implementtion should be migrated from vyatta-cfg-system to vyos-1x. During the migration also provide a migration script which transforms some ole timezones like "Los_Angeles" into a proper IANA assigned timezone which should be "America/Los_Angeles".
2019-12-06syslog: T1845: syslog host no longer accepts a porthagbard
- migrates 'system syslog host <ip_address:port>' to system syslog host <ip_address> port <port>
2019-12-05Revert "syslog: T1845: syslog host no longer accepts a port"hagbard
This reverts commit a93a1dbd7d18ff82246b4f7fb9a3757c14e6a9c7.
2019-12-04syslog: T1845: syslog host no longer accepts a porthagbard
- renamed interface xml - renamed syslog.py to system-syslog.py - moved protocol out of the facility node (bug) - node port created - migration script included
2019-11-24bridge: T1673: re-use "base" variableChristian Poessinger
2019-11-24bridge: T1673: add missing VLAN bridge member migrationChristian Poessinger
VLAN interfaces assigned to a bridge as member have not been migrated so far. This was the case for vif, vif-s and vif-c interfaces. The migration code has been generalized in migrate_bridge() so it is re-usable for regular interfaces, vif, vif-s and vif-c interfaces - all now use the same code.
2019-11-23Merge branch 't1627-wireless' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 't1627-wireless' of github.com:c-po/vyos-1x: wireless: T1627: support station mode wireless: T1627: support DHCP(v6) addresses wireless: T1627: add support for RADIUS source-address wireless: T1627: RADIUS servers must have a key specified wireless: T1627: change RADIUS CLI syntax l2tp: harmonize RADIUS wording wireless: T1627: re-order WPA key in hostapd config wireless: T1627: change priority from 318 to 400 wireless: T1627: fix generated ht_capab and vht_capab wireless: T1627: fix regex for 'ht channel-set-width' wireless: T1627: config migrator does not support camel casing wireless: T1627: initial rewrite of show-wireless.pl in Python wireless: T1627: add op-mode commands wireless: T1627: initial rewrite in XML/Python style
2019-11-23wireless: T1627: change RADIUS CLI syntaxChristian Poessinger
Adopt RADIUS configuration and harmonize it with the rest of VyOS. Move the following configuration block: security { wpa { cipher CCMP mode wpa2 radius-server 172.16.100.10 { port 1812 secret secretkey } radius-server 172.16.100.11 { port 1812 secret secretkey } } } to the harmonized version of: security { wpa { cipher CCMP mode wpa2 radius { server 172.16.100.10 { port 1812 secret secretkey } server 172.16.100.11 { port 1812 secret secretkey } } } } And add the new "set interfaces wireless wlan0 security wpa radius source-address" CLI command to specify the origin of any RADIUS query on systems having multiple IP addresses.
2019-11-23wireless: T1627: config migrator does not support camel casingChristian Poessinger
convert all nodes to lowercase
2019-11-23wireless: T1627: initial rewrite in XML/Python styleChristian Poessinger
Working: - Wireless modes b, g, n, ac - WPA/WPA2 psk and RADIUS (tested using Microsoft NPS)
2019-11-18migration-scripts: l2tp: T1811: add missing check on server existenceEshenko Dmitriy
2019-11-11[OpenVPN]: T1704: Added function for ncp-ciphers, and ability to disable it.vindenesen
[OpenVPN]: T1704: Changed config structure for OpenVPN encryption to support ncp-ciphers. [OpenVPN]: T1704: Added migration scripts for interface 2-to-3
2019-10-27snmp: T1769: remove TSM (Transport Security Mode) supportChristian Poessinger
The SNMPv3 TSM is very complex and I know 0 users of it. Also this is untested and I know no way how it could be tested. Instead of carrying on dead and unused code we should favour a drop of it using a proper config migration script.
2019-10-27snmp: T818: T1738: remove per user/trap engine idChristian Poessinger
As of the SNMP specification an SNMP engine ID should be unique per device. To not make it more complicated for users - only use the global SNMP engine ID.
2019-10-17bgp: T1490: fix migrator file permissionsChristian Poessinger
2019-10-08[BGP] T1490: Added migration for obsoleted 'bgp scan-time' parameterzsdc
2019-09-04bonding: T1614: T532: new commit validatorsChristian Poessinger
As in the past during the priority race of the bash script invalid configuration could appear in the CLI and are de-synced from the kernle state, e.g. some bonding modes do not support arp_interval. This is no longer allowed and added to the migration script so that the config again represents the truth.
2019-09-04bonding: T1614: Initial version in new style XML/Python interfaceChristian Poessinger
The node 'interfaces ethernet eth0 bond-group' has been changed and de-nested. Bond members are now configured in the bond interface itself. set interfaces bonding bond0 member interface eth0
2019-08-24T1611: check if config node exists before getting valueJernej Jakob
2019-08-20powerdns: T1595: add config migrator to remove 'listen-on'Christian Poessinger
2019-08-20powerdns: T1524: support setting allow-from networkChristian Poessinger
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. https://docs.powerdns.com/recursor/settings.html#allow-from Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor. As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open resolver. If there is no allow-from statement a config-migrator will add the appropriate nodes to the configuration, resulting in: service { dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 0 ignore-hosts-file listen-address 192.0.2.1 } } }
2019-08-07[bridge] T1156: add missing if statement in config-migrationChristian Poessinger
Fixes: Traceback (most recent call last): File "/opt/vyatta/etc/config-migrate/migrate/interfaces/0-to-1", line 27, in <module> for br in config.list_nodes(base): File "/usr/lib/python3/dist-packages/vyos/configtree.py", line 255, in list_nodes raise ConfigTreeError("Path [{}] doesn't exist".format(path_str)) vyos.configtree.ConfigTreeError: Path [b'interfaces bridge'] doesn't exist
2019-08-04[bridge] T1156: rename igmp-snooping node to igmpChristian Poessinger
2019-08-03[bridge] T1156: support adding and removing bridge member interfacesChristian Poessinger
This is the new syntax bridge br0 { member { interface eth0 { cost 10 } interface eth1 { cost 11 } } }
2019-08-02[bridge] T1156: add configuration migration scriptChristian Poessinger
2019-07-08[PPPoE] - T1489: vlan_mon config optionshagbard
2019-06-16Revert "T849: move BGP peer-group node to ipv4 address family"Christian Poessinger
This reverts commit 685b1e0d050c7883303733d710327161fe046b60.
2019-06-16T849: move BGP peer-group node to ipv4 address familyChristian Poessinger
To have a consitent IPv4/IPv6 CLI a lot of BGP neighbor nodes have been migrated. The IPv4 peer-group has been forgotten, leaving a non consistent CLI. Previously: ----------- neighbor 2001:DB8:FFFF::1 { address-family { ipv6-unicast { peer-group iBGP } } peer-group iBGP } Now: ---- neighbor 2001:DB8:FFFF::1 { address-family { ipv6-unicast { peer-group iBGP } } address-family { ipv4-unicast { peer-group iBGP } } }
2019-05-08T805: Drop config compatibility with Vyatta Core older than 6.5John Estabrook
Rewrite vyatta-config-migrate/migrate/system/6-to-7 in the canonical style and add to vyos-1x migration-scripts. This completes the collection of scripts needed to drop compatability with Vyatta Core older than 6.5.
2019-04-26[dhcp-server]: bugfix on wrong exit code caused due to wrong indentionChristian Poessinger
2019-04-23[migration] T1344: extend migration script for radius-source-addressChristian Poessinger
radius-source-address was backported to vyOS 1.2.2 so also migrate this node.
2019-04-20[dhcp-server] T1335: bugfix when migrating authoritative sectionChristian Poessinger
2019-04-20Revert "[hostname] T1336: trailing dots in system domain-name are invalid"Christian Poessinger
This reverts commit 05c539ea5595790b297904569cbe13089ce79e18.
2019-04-20[hostname] T1336: trailing dots in system domain-name are invalidChristian Poessinger
Debian/Systemd provides hostnamectl which disabllows setting a FQDN when there is a trailing (.) in the provided hostname. Extend regex when setting "system domain-name" that there can't be a trailing (.). Provide migration script for current installations to remove the dot.
2019-04-19[migration] T1344: unclutter 'system login radius-server' configuration nodesChristian Poessinger
2019-04-04T1323 - migrate operator accounts to admin accountshagbard
2019-01-26[webproxy] T1203: do not attempt to migrate proxy-bypass if it doesn't exist.Daniil Baturin
2019-01-07Fix: T1168 - Upgrade: 1,1,7 -> 1.2.0-epa2 (command conversion)hagbard
2018-12-31T1112: migrate BGP redistribute metric and route-map options too.Daniil Baturin
2018-12-31T1112: migrate BGP redistribute options (patch by Merijn).Daniil Baturin
2018-12-07T1060: build fix for wrong config-version numberChristian Poessinger
Commit 9d35610c173 ("T1060: add missing version file for webproxy") assumed that there is a webproxy config version of 0 but we already have 1. This lead to duplicate files detected by apt.
2018-12-02T1060: Add webproxy migration script (proxy-bypass -> whitelist).Dirk Steinkopf
2018-11-19T835: migration script for radius' secret vs. key, rolled back thehagbard
change to 'mode local|radius'
2018-11-17T1018: remove obsoleted 'dynamic' option from NTPChristian Poessinger
Increase NTP config version from 0 to 1. For more information see [1]. ntpd: Warning: the "dynamic" keyword has been obsoleted and will be removed in the next release [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553976
2018-11-12migration/l2tp: fix file commentChristian Poessinger
2018-11-12T987: Unclutter PPTP/IPSec RADIUS configuration nodesChristian Poessinger
In other words, remove top level tag nodes from radius-server and introduce a regular "radius" node, thus we can add additional features, too. A migration script is provided in vyos-1x which takes care of this config migration. Change VyOS CLI from: vyos@vyos# show vpn pptp remote-access { authentication { mode radius radius-server 172.16.100.10 { key barbarbar } radius-server 172.16.100.20 { key foofoofoo } } To: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius { server 172.16.100.10 { key barbarbar } server 172.16.100.20 { key foofoofoo } } }
2018-11-11T987: Unclutter L2TP/IPSec RADIUS configuration nodesChristian Poessinger
In other words, remove top level tag nodes from radius-server and introduce a regular "radius" node, thus we can add additional features, too. A migration script is provided in vyos-1x which takes care of this config migration. Change VyOS CLI from: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius-server 172.16.100.10 { key barbarbar } radius-server 172.16.100.20 { key foofoofoo } radius-source-address 172.16.254.100 } To: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius { server 172.16.100.10 { key barbarbar } server 172.16.100.20 { key foofoofoo } source-address 172.16.254.100 } }