summaryrefslogtreecommitdiff
path: root/src/migration-scripts
AgeCommit message (Collapse)Author
2024-09-29http-api: T6736: add migration script and update versionJohn Estabrook
2024-08-15T6649: Accel-ppp separate vlan-mon from listen interfacesNataliia Solomko
2024-08-12T6648: dhcpv6-server: align stateless DHCPv6 options with statefulLucas Christian
2024-07-29vyos.configtree: T6620: allow list_nodes() to work on non-existent pathsDaniil Baturin
and return an empty list in that case (handy for migration scripts and the like)
2024-07-29Merge pull request #3823 from srividya0208/T6571Daniil Baturin
OpenVPN CLI-option: T6571: rename ncp-ciphers with data-ciphers
2024-07-30firewall: T4694: incomplete node checks in migration scriptAndrew Topp
This patch on #3616 will only attempt to fix ipsec matches in rules if the firewall config tree passed to migrate_chain() has rules attached.
2024-07-28firewall: T4694: Adding rt ipsec exists/missing match to firewall configs ↵talmakion
(#3616) * Change ipsec match-ipsec/none to match-ipsec-in and match-none-in for fw rules * Add ipsec match-ipsec-out and match-none-out * Change all the points where the match-ipsec.xml.i include was used before, making sure the new includes (match-ipsec-in/out.xml.i) are used appropriately. There were a handful of spots where match-ipsec.xml.i had snuck back in for output hooked chains already (the common-rule-* includes) * Add the -out generators to rendered templates * Heavy modification to firewall config validators: * I needed to check for ipsec-in matches no matter how deeply nested under an output-hook chain(via jump-target) - this always generates an error. * Ended up retrofitting the jump-targets validator from root chains and for named custom chains. It checks for recursive loops and improper IPsec matches. * Added "test_ipsec_metadata_match" and "test_cyclic_jump_validation" smoketests
2024-07-25OpenVPN CLI-option: T6571: rename ncp-ciphers with data-cipherssrividya0208
2024-07-18openvpn: T6591: deprecate OpenVPN server net30 topology (#3825)Daniil Baturin
2024-07-03T6536: change wildcard character from + to * - extend fix to interfaces ↵Nicolas Fort
defined in zone policy.
2024-07-03T6536: nat: add migration script that replaces wildcard charater supported ↵Nicolas Fort
in 1.3 <+> with character supported in latest version <*>
2024-06-26migration: T6007: convert all migration scripts to load as moduleJohn Estabrook
2024-06-26interfaces: T6519: harden config migration if ethernet interface is missingChristian Breunig
During a corner case where the configuration is migrated to a different system with fewer ethernet interfaces, migration will fail during an image upgrade. vyos.ethtool.Ethtool() is instantiated with an invalid interface leading to an exception that kills the migrator
2024-06-17Merge pull request #3656 from c-po/wireless-regdomainDaniil Baturin
wireless: T6318: move country-code to a system wide configuration
2024-06-16wireless: T6318: move country-code to a system wide configurationChristian Breunig
Wireless devices are subject to regulations issued by authorities. For any given AP or router, there will most likely be no case where one wireless NIC is located in one country and another wireless NIC in the same device is located in another country, resulting in different regulatory domains to apply to the same box. Currently, wireless regulatory domains in VyOS need to be configured per-NIC: set interfaces wireless wlan0 country-code us This leads to several side-effects: * When operating multiple WiFi NICs, they all can have different regulatory domains configured which might offend legislation. * Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US" This is true for the Compex WLE600VX. This setting cannot be done per-interface. Migrate the first found wireless module country-code from the wireless interface CLI to: "system wireless country-code"
2024-06-15openvpn: T5487: make migration script executableChristian Breunig
Migration script introduced in commit 0f669a226 ("openvpn: T5487: Remove eprecated option --cipher for server and client mode") lacked executable permission.
2024-06-13Merge pull request #3639 from natali-rs1985/T5487-currentDaniil Baturin
openvpn: T5487: Remove deprecated option --cipher for server and client mode
2024-06-11openvpn: T5487: Remove eprecated option --cipher for server and client modeNataliia Solomko
2024-06-11firewall: T3900: fix migration and smoketestsChristian Breunig
Commit 770edf016838523 ("T3900: T6394: extend functionalities in firewall") changed the position in the CLI for conntrack timeout. This lead to failing smoketests because of a regression in the migrator.
2024-06-06Merge pull request #3578 from nicolas-fort/raw-hookDaniil Baturin
T3900: Add support for raw tables in firewall
2024-06-04T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵Nicolas Fort
timeout parameters defined in conntrack to firewall global-opton section.
2024-05-30reverse-proxy: T6409: unindent migration script code pathChristian Breunig
2024-05-27reverse-proxy: T6409: Remove unused backend parametersAlex W
2024-05-22nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵Christian Breunig
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454
2024-05-01pppoe-server: T6234: fix permissions on migration scriptJohn Estabrook
2024-05-01Merge pull request #3364 from natali-rs1985/T6234-currentDaniil Baturin
pppoe-server: T6234: PPPoE-server pado-delay refactoring
2024-04-29openconnect: T4982: Support defining minimum TLS version in openconnect VPNAlex W
2024-04-25pppoe-server: T6234: PPPoE-server pado-delay refactoringNataliia Solomko
2024-04-15T5535: firewall: migrate command <set system ip disable-directed-broadcast> ↵Nicolas Fort
to firewall global-optinos
2024-04-12Merge pull request #3291 from aapostoliuk/T6100-circinusChristian Breunig
T6100: Added NAT migration from IP/Netmask to Network/Netmask
2024-04-12T6100: Added NAT migration from IP/Netmask to Network/Netmaskaapostoliuk
Added NAT migration from IP/Netmask to Network/Netmask. In 1.3 allowed using IP/Netmask in Nat rules. In 1.4 and 1.5 it is prohibited. Allowed Network/Netmask.
2024-04-11T6216: firewall: add patch while migrating from 1.3 to 1.4 in order to avoid ↵Nicolas Fort
errors when using character <+> in 1.3 in firewall groups and custom firewall chains.
2024-04-07ipoe: T6205: fix conditional branch error in config migratorChristian Breunig
Commit a5ccc06c0 ("ipoe: T6205: error in migration script logic while renaming mac-address to mac node") added a conditional path into the config which could result in the migrated config not beeing written if precondition was not met.
2024-04-06container: T6208: rename "cap-add" CLI node to "capability"Christian Breunig
Containers have the ability to add Linux system capabilities to them, this is done using the "set container name <name> cap-add" command. The CLI node sounds off and rather should be "set container name <name> capability" instead as we use and pass a capability to a container and not add/invent new ones.
2024-04-06ipoe: T6205: error in migration script logic while renaming mac-address to ↵Christian Breunig
mac node The problem was introduced in [1] but the config migrator part unfortunately was added to the wrong version [2]. As IPoE config version 0 was only active during the 1.3 development cycle and VyOS 1.3.0 was already released with config version 1 we can safely drop the migrator 0-to-1 and move the code to 1-to-2 to properly support upgrades from VyOS 1.3 -> 1.4 or newer. 1: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-08291bf77870abe3af8bbe3e8ce4bbf344fd0498b2c5c75a75aa7235d381c88eL168 2: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-b8bb58b75607d3653e74d82eff02442f9f3ab82698f160ba37858f7cdf6c79ccR44-R46
2024-04-06T6199: remove unused Python imports from migration scriptsChristian Breunig
2024-04-04ospf: T6089: fix invalid "ospf passive-interface default"Christian Breunig
The option "passive-interface default" was set even if it was not present in the previous version we are migrating from. Fix migration script to handle this with a conditional path.
2024-03-25T6171: migrate <set service dhcp-server failover> to <set service ↵Nicolas Fort
dhcp-server high-availability>.
2024-03-19policy: T6130: Revert commit 960caceaapostoliuk
This reverts commit 960cace189d7ace2bea0968646b1348b415e0363. All community rules syntax was changed. T5357 is invalid bug report. VyOS cannot use new configuration syntax in the previous versions.
2024-03-15T6090: fix policy route migration script. Ensure that tcp flags migration ↵Nicolas Fort
occurs also if only <policy route> is defined.
2024-03-10T6114: fix broken migration dhcpv6-server 4-to-5Lucas Christian
2024-03-10firewall: T6071: truncate rule description field to 255 charactersChristian Breunig
2024-03-01smoketest: T6079: probe for duplicate IP address static-mappingChristian Breunig
2024-02-29dhcp-server: T6079: Disable duplicate static-mappings on migrationsarthurdev
2024-02-28dhcp-server: T6079: Increment Kea migrator versionssarthurdev
2024-02-15Merge pull request #3012 from sarthurdev/T5993Christian Breunig
dhcpv6-server: T5993: Extend interface migrator to check VLAN/QinQ
2024-02-15Merge pull request #3004 from aapostoliuk/T6029-circinusDaniil Baturin
T6029: Rewritten Accel-PPP services to an identical feature set
2024-02-15T6029: Rewritten Accel-PPP services to an identical feature setaapostoliuk
Removed dhcp-interface option (l2tp) Added wins-server (sstp) Added description (ipoe, pppoe, sstp, pptp) Added exteded-script (l2tp, sstp, pptp) Added shaper (ipoe, pptp, sstp, l2tp) Added limits (ipoe, pptp, sstp, l2tp) Added snmp ( ipoe, pptp,sstp, l2tp) Refactoring and reformated code.
2024-02-14dhcpv6-server: T5993: Extend interface migrator to check VLAN/QinQsarthurdev
Updates smoketest config to test migrator change
2024-02-13Merge pull request #2988 from c-po/pki-rpki-t6034Christian Breunig
rpki: T6034: move file based SSH keys for authentication to PKI subsystem