summaryrefslogtreecommitdiff
path: root/src/op_mode
AgeCommit message (Collapse)Author
2024-01-06pki: T5886: add support for ACME protocol (LetsEncrypt)Christian Breunig
The "idea" of this PR is to add new CLI nodes under the pki subsystem to activate ACME for any given certificate. vyos@vyos# set pki certificate NAME acme Possible completions: + domain-name Domain Name email Email address to associate with certificate listen-address Local IPv4 addresses to listen on rsa-key-size Size of the RSA key (default: 2048) url Remote URL (default: https://acme-v02.api.letsencrypt.org/directory) Users choose if the CLI based custom certificates are used set pki certificate EXAMPLE acme certificate <base64> or if it should be generated via ACME. The ACME server URL defaults to LetsEncrypt but can be changed to their staging API for testing to not get blacklisted. set pki certificate EXAMPLE acme url https://acme-staging-v02.api.letsencrypt.org/directory Certificate retrieval has a certbot --dry-run stage in verify() to see if it can be generated. After successful generation, the certificate is stored in under /config/auth/letsencrypt. Once a certificate is referenced in the CLI (e.g. set interfaces ethernet eth0 eapol certificate EXAMPLE) we call vyos.config.get_config_dict() which will (if with_pki=True is set) blend in the base64 encoded certificate into the JSON data structure normally used when using a certificate set by the CLI. Using this "design" does not need any change to any other code referencing the PKI system, as the base64 encoded certificate is already there. certbot renewal will call the PKI python script to trigger dependency updates.
2024-01-01Merge pull request #2731 from jestabro/copy-preserve-ownerJohn Estabrook
image-tools: T5883: preserve file owner in /config on add system update
2024-01-01Merge pull request #2724 from sever-sever/T3476Christian Breunig
T3476: Add option latest to add system image
2023-12-31image-tools: T5883: preserve file owner in /config on add system updateJohn Estabrook
2023-12-31T5474: establish common file name pattern for XML conf mode commandsChristian Breunig
We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in
2023-12-30T3476: Add option latest to add system imageViacheslav Hletenko
Add option `latest` for op-mode command `add system image` If the update check is configured we can get the remote `latest` version from conrfgure URL ``` set system update-check url 'https://example.com/version.json' ``` This way we can use "latest" option for image update: ``` add system image latest ```
2023-12-29dhcp: T3316: Adjust kea lease files' location and permissionsIndrajit Raychaudhuri
Move the kea lease file to a separate directory `/config/dhcp` that `kea` process can write to so that subprocesses spawned by `kea` process can operate on the lease files. To allow `kea` process to write to `/config/dhcp`, add `_kea` user to `vyattacfg` group. And the lease files are owned completely by `_kea` user to play well with `kea-lfc` process. Specifically, this is necessary for `kea-lfc` which is spawned by `kea` process to clean up expired leases. Since `kea-lfc` creates additional backup lease files, it needs write access to the lease file directory. Additionally, change the extension of the lease file from `.leases` to `.csv` to reflect the actual file format.
2023-12-21T5781: use dynamic minisign key listKyleM
Updated image_installer.py to try and validate image with all minisign public keys in /usr/share/vyos/keys/
2023-12-14image-tools: T5825: restore authentication for add system imageJohn Estabrook
2023-12-14Merge pull request #2624 from jestabro/vrf-aware-add-imageChristian Breunig
image-tools: T5821: restore vrf-aware add system image
2023-12-13image-tools: T5821: restore vrf-aware add system imageJohn Estabrook
2023-12-13Merge pull request #2621 from jestabro/clear-raid-on-installJohn Estabrook
image-tools: T5806: clear previous raid configs on install
2023-12-13image-tools: T5806: deactive raid arraysJohn Estabrook
2023-12-13Merge pull request #2622 from jestabro/obscure-passwd-on-installChristian Breunig
image-tools: T5819: do not echo password on image install
2023-12-12dhcp: T3316: Fix dhcp op-mode state 'all' matchingsarthurdev
2023-12-12dhcp: T3316: Fix raw op-mode lease outputsarthurdev
2023-12-12image-tools: T5819: do not echo password on image installJohn Estabrook
2023-12-11T5807: fix op-mode command <show nat66>, which only display rules if nat was ↵Nicolas Fort
configured. In this commit, check is fixed and rules are printed as expected.
2023-12-08dhcp: T3316: Migrate dhcp/dhcpv6 server to Keasarthurdev
2023-12-07Merge pull request #2551 from nicolas-fort/T5778Daniil Baturin
T5778: dhcp server: fix op-mode command
2023-12-07image-tools: T5758: restore saving previous data on installJohn Estabrook
Restore scanning previous installations for config data and ssh host keys on install.
2023-11-30T5778: dhcp server: fix op-mode command <show dhcp server leases ...>.Nicolas Fort
2023-11-29image-tools: T5789: copy ssh host keys on image updateJohn Estabrook
2023-11-27image-tools: T5751: restore arg raise_error for non-interactive useJohn Estabrook
2023-11-27image-tools: T5751: add arg no_prompt for non-interactive callsJohn Estabrook
2023-11-27image-tools: T5751: normalize args using hyphen instead of underscoreJohn Estabrook
2023-11-27T5778: dhcp server: patch op-mode command <show dhcp server leases>. If ↵Nicolas Fort
*pool* empty, this means that lease was granted by fail-over server. Also fix issue that <show dhcp server leases state all> print nothing.
2023-11-22Merge pull request #2528 from nicolas-fort/T5637-Extend-bridgeChristian Breunig
T5637: firewall: extend rule for default-action to firewall bridge
2023-11-22T5637: firewall: extend rule for default-action to firewall bridge, in order ↵Nicolas Fort
to be able to catch logs using separte rule for default-action
2023-11-22Merge pull request #2499 from c-po/t5753-vxlan-vnifilterChristian Breunig
vxlan: T5753: add support for VNI filtering
2023-11-18vxlan: T5753: add support for VNI filteringChristian Breunig
In a service provider network a service provider typically supports multiple bridge domains with overlapping vlans. One bridge domain per customer. Vlans in each bridge domain are mapped to globally unique VXLAN VNI ranges assigned to each customer. Without the ability of VNI filtering, we can not provide VXLAN tunnels with multiple tenants all requiring e.g. VLAN 10. To Test: set interfaces vxlan vxlan987 parameters external set interfaces vxlan vxlan987 source-interface eth0 set interfaces vxlan vxlan987 parameters vni-filter set interfaces vxlan vxlan987 vlan-to-vni 50 vni 10050 set interfaces vxlan vxlan987 vlan-to-vni 51 vni 10051 set interfaces vxlan vxlan987 vlan-to-vni 52 vni 10052 set interfaces vxlan vxlan987 vlan-to-vni 53 vni 10053 set interfaces vxlan vxlan987 vlan-to-vni 54 vni 10054 set interfaces vxlan vxlan987 vlan-to-vni 60 vni 10060 set interfaces vxlan vxlan987 vlan-to-vni 69 vni 10069 set interfaces bridge br0 member interface vxlan987 Add new op-mode command: show bridge vni Interface VNI ----------- ----------- vxlan987 10050-10054 vxlan987 10060 vxlan987 10069
2023-11-18Merge pull request #2500 from sever-sever/T5749Christian Breunig
T5749: Swap show interfaces and show interfaces summary
2023-11-17T5749: Swap show interfaces and show interfaces summaryViacheslav Hletenko
By default show VRF, MAC, MTU for `show interfaces` The original `show interfaces` moved to `show interfacces summary`
2023-11-16Merge pull request #1768 from zdc/T4516-sagittaJohn Estabrook
image: T4516: Added system image tools
2023-11-16image: T4516: add raid-1 install supportJohn Estabrook
2023-11-16image: T4516: variable name spellingJohn Estabrook
2023-11-16image: T4516: restore select entry to set/delete imageJohn Estabrook
2023-11-16image: T4516: do not prompt for confirmation when setting defaultJohn Estabrook
2023-11-16image: T4516: reword some messages and promptsJohn Estabrook
2023-11-16image: T4516: add clearer error msg on attempt to upgrade to 1.2.xJohn Estabrook
An attempt to upgrade to 1.2.x is caught, but error is of failed checksum verification; add check and message.
2023-11-16T3983: show pki certificate Doesnt show x509 certificatesJeffWDH
2023-11-16T5747: op-mode add MAC and MTU for show interfaces summaryViacheslav Hletenko
Add op-mode "show interfaces summary" Add MAC, VRF and MTU options: vyos@r4# run show interfaces summary Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1 eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2 eth3 - 52:54:00:09:a4:b4 default 1500 A/D
2023-11-15image: T4516: support for interoperability of legacy/new image toolsJohn Estabrook
This commit allows management of system images with either new or legacy tools: 'add/delete/rename system image' and 'set default' are translated appropriately on booting between images with the old and new tools. Consequently, the warning of the initial commit of T4516 is dropped.
2023-11-15image: T4516: improve format of 'show system image details'John Estabrook
2023-11-15image: T5195: vyos.util -> vyos.utils package refactoringJohn Estabrook
2023-11-15image: T4516: restore reboot reminder messageJohn Estabrook
2023-11-15image: T4516: set op-mode files executableJohn Estabrook
2023-11-15image: T4516: do not prompt for config copy on live installJohn Estabrook
2023-11-15image: T4516: correct implementation of configure_authenticationJohn Estabrook
2023-11-15image: T4516: correct permissions on creation of config directoryJohn Estabrook