summaryrefslogtreecommitdiff
path: root/src/migration-scripts
AgeCommit message (Collapse)Author
2021-09-11Merge pull request #1001 from erkin/equuleusDaniil Baturin
T3275: conntrack: Backport XML/Python implementation of conntrack CLI
2021-09-10T3275: conntrack: Backport XML/Python implementation of conntrack CLIerkin
2021-09-05name-server: T3804: merge "system name-servers-dhcp" into "system name-server"Christian Poessinger
We have "set system name-server <ipv4|ipv6>" to specify a name-server IP address we wan't to use. We also have "set system name-servers-dhcp <interface>" which does the same, but the name-server in question is retrieved via DHCP. Both CLI nodes are combined under "set system name-server <ipv4|ipv6|interface>" to keep things as they are in real life - we need a name-server.
2021-08-31vyos.ethtool: T3163: purify code to read and change flow-control settingsChristian Poessinger
It makes no sense to have a parser for the ethtool values in ethtool.py and ethernet.py - one instance ios more then enough! (cherry picked from commit 0229645c8248decb5664056df8aa5cd5dff41802)
2021-08-31ethernet: T2241: check if interface supports changing speed/duplex settingsChristian Poessinger
Not all interface drivers have the ability to change the speed and duplex settings. Known drivers with this limitation are vmxnet3, virtio_net and xen_netfront. If this driver is detected, an error will be presented to the user. (cherry picked from commit cc742d48579e4f76e5d3230d87e22f71f76f9301)
2021-08-30ethernet: T3787: remove deprecated UDP fragmentation offloading optionChristian Poessinger
Deprecated in the Linux Kernel by commit 08a00fea6de277df12ccfadc21 ("net: Remove references to NETIF_F_UFO from ethtool.").
2021-08-30ethernet: T3619: fix VyOS 1.2 -> 1.3 performance degradationChristian Poessinger
An analysis of the code base from VyOS 1.2 -> 1.3 -> 1.4 revealed the following "root-cause" VyOS 1.2 uses the "old" node.def file format for: * Generic Segmentation Offloading * Generic Receive Offloading So if any of the above settings is available on the configuration CLI, the node.def file will be executed - this is how it works. By default, this CLI option is not enabled in VyOS 1.2 - but the Linux Kernel enables offloading "under the hood" by default for GRO, GSO... which will boost the performance for users magically. With the rewrite in VyOS 1.3 of all the interface related code T1579, and especially T1637 this was moved to a new approach. There is now only one handler script which is called whenever a user changes something under the interfaces ethernet tree. The Full CLI configuration is assembled by get_interface_dict() - a wrapper for get_config_dict() which abstracts and works for all of our interface types - single source design. The problem now comes into play when the gathered configuration is actually written to the hardware, as there is no GSO, GRO or foo-offloading setting defined - we behave as instructed and disable the offloading. So the real bug originates from VyOS 1.2 and the old Vyatta codebase, but the recent XML Python rewrites brought that one up to light. Solution: A configuration migration script will be provided starting with VyOS 1.3 which will read in the CLI configuration of the ethernet interfaces and if not enabled, will query the adapter if offloading is supported at all, and if so, will enable the CLI nodes. One might say that this will "blow" the CLI configuration but it only represents the truth - which was masked in VyOS 1.2.
2021-08-25isis: T3779: backport entire 1.4 (current) featuresetChristian Poessinger
As IS-IS is a new feature and the CLI configuration changed from 1.3 -> 1.4 (required by T3417) it makes sense to synchronize the CLI configuration for both versions. This means backporting the CLI from 1.4 -> 1.3 to not confuse the userbase already with a brand new feature. As 1.3.0-epa1 is on the way and should not contain any CLI changes afterwards, this is the perfect time.
2021-08-05bgp: T548: Migrate maximum-paths to afi ipv4 maximum-pathsViacheslav
2021-07-25ifconfig: backport ifconfig framework from 1.4 to support new tunnel optionsChristian Poessinger
It is easier to backport the entire vyos.ifconfig library from 1.4 instead of backporting single pieces which are required to add new feature to the tunnel interface section. In addition that both libraries are now back in sync it will become much easier to backport any other new feature introduced in VyOS 1.4!
2021-07-02conntrack-sync: T3535: Rewrite conf and op modes to XML python styleViacheslav
2021-06-13wwan: T3620: adjust NAT inbound/outbound interfaces on config migrationChristian Poessinger
(cherry picked from commit e24e35e1ac11a0771b15417af191694fd0b88022)
2021-06-13wwan: T3620: fix backup route metric in migration scriptChristian Poessinger
(cherry picked from commit d20dd7a0e6af08a80c7c911e7b151f28e4666173)
2021-06-13wwan: T3620: rename "wirelessmodem wlm" interfaces to new wwan interface treeChristian Poessinger
(cherry picked from commit c2a1c071e7d0a9ca754d7f5016eed7db188b3d1a)
2021-05-24router-advert: T3561: fix inconsistent use of tabs and spaces in indentationChristian Poessinger
Commit c17f259d ("router-advert: T3561: add support for specific routes") used tabs over spaces in the Migration script which triggered a TabError (inconsistent use of tabs and spaces in indentation"). (cherry picked from commit acc701bac3483a3242c77a2e00c076890e27eea9)
2021-05-24router-advert: T3561: add support for specific routesMark Royds
Co-authored-by: Mark Royds <mark.royds@vitaminit.co.uk> (cherry picked from commit c17f259d09abd2bf632d09400fe8deb4c2781d32)
2021-05-14ntp: T2809: Fix migration script if server not existsever-sever
(cherry picked from commit d96336a808e500934fc4fd9423345d0b965d35ac)
2021-04-20conntrack: T3290: remove references to removed GRE pluginsBrandon Stepler
(cherry picked from commit 91130ca7c386ecba291694ff08e521438d352e78)
2021-02-22T3346: handle the case of empty nodes when migrating NAT to syntax version 5Daniil Baturin
2021-02-07system: T2486: bugfix name-servers-dhcp NameError on vif-c interfacesChristian Poessinger
Commit 0f8beae7426 ("system: T2486: migrate disable-dhcp-nameservers to name-servers-dhcp") added a migration script for moving the name-servers. A small glitch was introduced when referencing vif-c interfaces unter a vif-s interface where a variable got referenced which was not defined. (cherry picked from commit 89108f629ec8cc6990473468c1c67ffa8742b884)
2021-02-07rpki: T3293: bugfix for config migration when cache and address name matchChristian Poessinger
If the RPKI cache name equals the configured address, renaming is not possible, as rename expects the new path to not exist. (cherry picked from commit af2a22fb114b7d00f50fb32dc64b49e132ccca61)
2021-02-02rpki: T3255: backport new implementation from current branchChristian Poessinger
2021-01-30bgp: T3037: add migration scriptChristian Poessinger
(cherry picked from commit 32822d5e1831dff5cd904c0cb5886f7d737afab6)
2020-12-20ethernet: T3140: relax "ethernet offload-options" CLI definitionChristian Poessinger
Migrate from ethernet eth1 { offload-options { generic-receive on generic-segmentation on scatter-gather on tcp-segmentation on udp-fragmentation on } } to ethernet eth1 { offload { ufo tso sg gso gro } }
2020-12-20wifi: T3043: country-code should be lower caseChristian Poessinger
2020-12-08mirror: T3089: support two-way traffic mirroringjack9603301
2020-12-06migration: interfaces: remove superfluous importsChristian Poessinger
2020-12-04pppoe: T3112: drop "ipv6 enable" optionChristian Poessinger
IPv6 enable can be considered once the ipv6 node is present!
2020-11-21ethernet: T3048: fix migrator to also support a plain configChristian Poessinger
When VyOS boots the first time with the default configuration there it actually no "interface ethernet" node present in the config, thus we must exit the migrator. Without this change vyos.configtree.ConfigTreeError: Path [b'interfaces ethernet'] doesn't exist will be thrown.
2020-11-21system: T3078: rename "system options" -> "system option"Christian Poessinger
By design a CLI node should not be named by its plural but rather describe it as singular.
2020-11-21ethernet: T3048: drop static smp-affinity for dynamic performance tuningChristian Poessinger
After migrating the ethernet interfaces from the good old Perl days the smp-affinity node yet has no effect anymore as the code is still missing (my bad, sorry). Drop the smp-affinity node and rather use tuned instead with the network-throughput or network-latency profile. - network-throughput: Profile for throughput network tuning. It is based on the throughput-performance profile. It additionaly increases kernel network buffers. - network-latency: Profile for low latency network tuning. It is based on the latency-performance profile. It additionaly disables transparent hugepages, NUMA balancing and tunes several other network related sysctl parameters. I'd set network-throughput as the default on a new set system option performance <throughput | latency> CLI node which is present in the default configuration. https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf
2020-11-03wireless: T3042: move wifi-regulatory-domain into individual interface ↵Christian Poessinger
definition
2020-11-03wireless: T3043: rename "wpa mode both" to "wpa+wpa2"Christian Poessinger
2020-10-04pppoe-server: T2829: shift config migrators by oneChristian Poessinger
As VyOS vrux (1.2.7) requires a mirgator (1-to-2) for the MPPE node change (T2829) we need to shift all other migrators in 1.3 by one. As migrators probe the existance of nodes no negative side-effects are expected.
2020-10-04pppoe-server: migrators: fix python styleChristian Poessinger
2020-10-04pppoe-server: T2829: fix broken migration script (exit called)Christian Poessinger
A test statement was still present in the production code introduced in commit efeac80f8 ("pppoe-server: T2829: migrate 'ppp-options mppe' to leafNode"). This has been fixed.
2020-10-04pppoe-server: T2953: rename CLI local-ip to gateway-addressChristian Poessinger
Required to get a common CLI for all services provided by Accel-PPP. Once the CLI for each service is consitent - Jinja2 templates can be reused together with get_config_dict().
2020-10-04sstp: T2953: migrate gateway-address, client-ip-settings to common levelChristian Poessinger
* move "network-settings gateway-address" to "gateway-address" * move "network-settings client-ip-settings" to "client-ip-pool"
2020-10-03sstp: T2953: migrate mtu to common levelChristian Poessinger
Preparation before using get_config_dict() and common Jinja2 templates.
2020-10-03sstp: T2953: migrate name-server settions to common levelChristian Poessinger
In order to reuse as much as possible before migrationg to get_config_dict() and re-use Jinja2 snippets the name-server node must be moved one level up to 'set vpn sstp name-server'.
2020-10-02sstp: T2953: migrate ppp-settings to ppp-options nodeChristian Poessinger
2020-09-26login: migration: T2929: add missing if condition when probing for radius-serverChristian Poessinger
2020-09-25syslog: T2899: shift system migration files +1 to allow for cruxJohn Estabrook
2020-09-25syslog: T1845: fix indentation levelJohn Estabrook
2020-09-20wwan: ifconfig: T2905: sync CLI nodes in dialup interfacesChristian Poessinger
Both PPPoE and WWAN interfaces are dialer interfaces handled by ppp, but use different CLI nodes for the same functionality. PPPoE has "connect-on-demand" to initiate an "on-demand" dialing and WWAN uses "ondemand" for this purpose. Rename WWAN "ondemand" node to "connect-on-demand".
2020-09-20vif-s: ifconfig: T2903: use explicit VLAN protocol over raw numbersChristian Poessinger
In the past we had to provide the ethertype value used for the VLAN protocol (0x88A8 -> 802.1ad or 0x8100 -> 802.1q). This should be changed to a more user friendly CLI node (protocol over ethertype) and 802.1ad over it's raw value 0x88A8. There is no need in presenting RAW information from the ethernet header to the user. Also iproute2 calls it protocol which makes way more sense over the "raw" value.
2020-08-26pppoe-server: T2829: migrate 'ppp-options mppe' to leafNodeChristian Poessinger
2020-08-22dhcpv6-pd: T2677: optimize CLI interface for PD configurationChristian Poessinger
The current CLI did not support multiple prefix-delegations per interface. Some ISPs only send one /64 to a client per prefix-delegation request, but they allow the customer to request multiple prefixes. The 'dhcpv6-options prefix-delegation' node has been renamed and converted to a tag node named 'dhcpv6-options pd'. The tag node specifies a PD request (>=0). In the past the user needed to know what prefix will be assigned and required to calculate the sla-len by himself. The 'sla-len' node was dropped and is now calculated in the background from the 'dhcpv6-options pd 0 length' node. It is no longer mandatory to supply the 'sla-id' node, if sla-id is not specified it is 'guessed' by counting upwards. Example configuration: ---------------------- ethernet eth1 { address dhcpv6 dhcpv6-options { pd 0 { length 56 interface eth2 { address 1 } } } } This will request a /56 assignment from the ISP and will delegate a /64 network to interface eth2. VyOS will use the interface address ::1 on the delegate interface (eth2) as its local address.
2020-07-29wireguard: T2743: move key migration from config script to migration scriptChristian Poessinger
Migration files on the storage should be done one time by a migration script instead of every time the configuration changes. Moving this to an older migration script is fine as this is around for a long time and all rolling releases are already up2date. It only affects updates from VyOS 1.2 series.
2020-07-11snmp: T2687: precalculate snmpv3 encrypted keysChristian Poessinger
As of now when adding new credentials for any SNMPv3 user we submit the credential either plaintext or encrypted. A plaintext credential will be hashed by SNMPd in the background and then passed back into the CLI so it's not stored in cleartext. This feels like the wrong way in changing the CLI content with data produced by a 3rd party daemon which implements the service. It feels like the tail wiggles the entire dog. This should be changed in the following way: - After retrieving the plaintext password from CLI, use Python to hash the key in advance - Re-populate the encrypted key into the CLI and drop the plaintext one - Generate service configuration and continue startup of SNMPd This also fixes a race condition when SNMPd started up but not properly provided the hasehd keys in the configuration resulting in a ConfigurationError. Now as we also support binding SNMPd to a VRF this fixes a deadlock situation on bootup as we can only bind late to the VRF and require up to 5 restarts of the service - but the service will never start.