summaryrefslogtreecommitdiff
path: root/src/op_mode
AgeCommit message (Collapse)Author
2024-08-13T5743: HTTPS API ability to import PKI certificatesNataliia Solomko
2024-08-02T6486: generate OpenVPN use data-ciphers instead of ncp-ciphers (#3930)Viacheslav Hletenko
In the PR https://github.com/vyos/vyos-1x/pull/3823 the ncp-ciphers were replaced with `data-ciphers` fix template for "generate openvpn client-config"
2024-08-01Merge pull request #3903 from lucasec/ipsec-remote-access-profileChristian Breunig
T6617: T6618: vpn ipsec remote-access: fix profile generators
2024-07-31ipsec: T6148: Removed unused imports (#3915)aapostoliuk
Removed unused pprint module
2024-07-30Merge pull request #3747 from sever-sever/T6486Christian Breunig
T6486: T6379: Rewrite generate openvpn client-config
2024-07-30Merge pull request #3698 from talmakion/bugfix/T3334Christian Breunig
system: op-mode: T3334: allow delayed getty restart when configuring serial ports
2024-07-30system: op-mode: T3334: allow delayed getty restart when configuring serial ↵Andrew Topp
ports * Created op-mode command "restart serial console" * Relocated service control to vyos.utils.serial helpers, used by conf- and op-mode serial console handling * Checking for logged-in serial sessions that may be affected by getty reconfig * Warning the user when changes are committed and serial sessions are active, otherwise restart services as normal. No prompts issued during commit, all config gen/commit steps still occur except for the service restarts (everything remains consistent) * To apply committed changes, user will need to run "restart serial console" to complete the process or reboot the whole router * Added additional flags and target filtering for generic use of helpers.
2024-07-30T6617: T6618: vpn ipsec remote-access: fix profile generatorsLucas Christian
2024-07-28ipsec: T6148: Fixed reset command by adding init after terminating (#3763)aapostoliuk
Strongswan does not initiate session after termination via vici. Added an CHILD SAs initialization on the initiator side of the tunnel.
2024-07-25op_mode: T5744: PKI import OpenVPN shared key includess unexpected BEGIN and ENDNataliia Solomko
2024-07-24op_mode: T6596: pppoe operation command failedNataliia Solomko
2024-07-22T6587: Raise an error when trying to get information about network ↵khramshinr
interfaces that don't exist
2024-07-22T6589: Return a dict when querying information about a single interfacekhramshinr
2024-07-19Merge pull request #3828 from HollyGurza/T6578Christian Breunig
T6578: Fix unhandled exception in "show openconnect-server sessions"
2024-07-18Merge pull request #3818 from dmbaturin/T6586-unconfigured-objectJohn Estabrook
op-mode: T6586: add a distinct exception for unconfigured objects (as opposed to entire subsystems)
2024-07-18T6578: Fix unhandled exception in "show openconnect-server sessions"khramshinr
2024-07-17op-mode: T6586: add a distinct exception for unconfigured objectsDaniil Baturin
as opposed to entire subsystems
2024-07-16op-mode: T6577: create generic service restart helper to work with the APIChristian Breunig
Right now we have multiple restart helpers (e.g. dhcp server, ssh, ntp) that all do the same (more or less): * Check if service is configured on CLI * Restart if configured * Error out if unconfigured This is not available via the op-mode API. Create a new restart.py op-mode helper that takes the service name and possible VRF as argument so it's also exposed via API.
2024-07-05op-mode: T6537: remove unused cmd imported from vyos.utils.processChristian Breunig
Commit dc60fe99350 ("op-mode: T6537: include hostname in the reboot/shutdown warning message") added a more local import of vyos.utils.process.cmd() that made the fglobal import obsolete and trigger a linter warning. $ make unused-imports -------------------------------------------------------------------- Your code has been rated at 10.00/10 (previous run: 10.00/10, +0.00)
2024-07-03op-mode: T6371: fix output of NAT rules with single port rangeGiggum
2024-07-03op-mode: T6537: include hostname in the reboot/shutdown warning messageDaniil Baturin
2024-07-03Merge pull request #3746 from ↵Daniil Baturin
dmbaturin/T6498-machine-readable-tech-support-report op-mode: T6498: add machine-readable tech support report script
2024-07-03op-mode: T6498: add machine-readable tech support report scriptDaniil Baturin
2024-07-02T6486: T6379: Rewrite generate openvpn client-configViacheslav Hletenko
This command helps to generate users `.ovpn` files Rewrite `generate openvpn client-config` to use Config() It needs to get the default values as `ConfigTreeQuery` is not supporting default values. Fixed "ignores configured protocol type" if TCP is used Fixed lzo, was used even if lzo not configured Fixed encryption is not parse the dict
2024-07-02Merge pull request #3745 from c-po/no-legacyDaniil Baturin
T6527: add legacy Vyatta interpreter files still in use
2024-06-30T6527: add legacy Vyatta interpreter files still in useChristian Breunig
2024-06-29Merge pull request #3733 from c-po/T6524-release-dhcpChristian Breunig
op-mode: T6524: rewrite "release dhcp(v6) interface" to new op-mode format
2024-06-28T6452: Add QoS Op Commands (#3591)l0crian1
* T6452: Add QoS Op Commands Added the following commands: show qos shaping show qos shaping detail show qos shaping interface <int name> show qos shaping interface <int name> detail show qos shaping interface <int name> class <class name> show qos shaping interface <int name> class <class name> detail show qos cake interface <int name>
2024-06-28Fixes error generated when op cmd interrupted, updates show system calls to ↵Ginko
new cli syntax (#3731)
2024-06-28T6488: firewall: extend op-mode command to show global state-policy counters ↵Nicolás Fort
(#3681) * T6488: firewall: extend op-mode command to show global state-policy counters.
2024-06-27op-mode: T6524: rewrite "release dhcp(v6) interface" to new op-mode formatChristian Breunig
2024-06-27Merge pull request #3715 from HollyGurza/T6313Christian Breunig
T6313: Add "NAT" to "generate" command for rule resequence
2024-06-27T6313: Add "NAT" to "generate" command for rule resequencekhramshinr
2024-06-24op-mode: T6514: rework the "show system storage" codeDaniil Baturin
to handle live CD systems correctly and allow reusing the functions from other scripts
2024-06-24Merge pull request #3683 from dmbaturin/T6501-lsmod-on-steroidsJohn Estabrook
op mode: T6501: add "run show kernel modules"
2024-06-21Merge pull request #3684 from dmbaturin/T6498-uptime-helpersJohn Estabrook
op mode: T6498: move uptime helpers to vyos.utils.system
2024-06-21op mode: T6498: move uptime helpers to vyos.utils.systemDaniil Baturin
to be able to call them from the new tech-support script
2024-06-19op mode: T6501: add "run show kernel modules"Daniil Baturin
2024-06-19op-mode: T5514: Allow safe reboots to config defaults when config.boot is ↵Andrew Topp
deleted * Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances * Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot
2024-06-16pki: T4026: Only emit private keys when availableAndrew Topp
* install_certificate() code path handles private_key=None & key_passphrase=None OK already * file and console output paths will error trying to encode None as a key * This is only an issue for a couple of the generate_*_sign() functions, where having a null private key is possible * Self-signing and CA creation always generate a private key * Certreqs will generate a private key if not already provided * Do not prompt for a private key passphrase if we aren't giving back a private key
2024-06-14Merge pull request #3646 from c-po/pki-T6407Christian Breunig
op-mode: T6407: "generate pki" missed to mangle in ACME certificates when required
2024-06-14op-mode: T6407: "generate pki" missed to mangle in ACME certificates when ↵Christian Breunig
required If the requested certificate to generate an Apple IOS profile was based on an ACME certificate, we also need to mangle in the ACME certs content to retrieve the certificates issuer name.
2024-06-13Merge pull request #3601 from talmakion/bugfix/T6456Daniil Baturin
T6456: Convert "monitor traffic" to modern op-mode wrapper
2024-06-13Merge pull request #3590 from talmakion/feature/T6045Daniil Baturin
T6045: Recreate show lldp detail views & improve remote port selection
2024-06-12op_mode: T6227: Rewrite show conntrack-sync cache internal to use tabulate ↵Nataliia Solomko
output
2024-06-11T6456: Convert "monitor traffic" to modern op-mode wrapperAndrew Topp
The old "monitor traffic" definition had misaligned arguments under the verbose node and manually offered the same parameter keyword in multiple positions to emulate flexible parameters. I've wrapped tcpdump for op-mode and replicated the "varargs" style from mtr.py/mtr.xml.in to present a few more parameters in a more flexible manner. Changes to the Makefile were required for recursive varargs lookup.
2024-06-11T6045: Recreate show lldp detail views & improve remote port selectionAndrew Topp
If the remote device has explicitly sent the interface name as the portID, we should use that first as the interface name, before working through the previous priority order. I've brought back LLDP detail views directly calling lldpcli. This can be extended to render a template from op_mode/lldp.py, but lldpcli isn't bad at rendering readable info. Raw mode (including detailed raw) is still accessible for programmatic access.
2024-06-10vyos.utils: T5195: import vyos.cpu to this packageChristian Breunig
The intention of vyos.utils package is to have a common ground for repeating actions/helpers. This is also true for number of CPUs and their respective core count. Move vyos.cpu to vyos.utils.cpu
2024-06-09op-mode: T6424: ipsec: filter out duplicate CA certificates in Apple IOS profileChristian Breunig
2024-06-09op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵Christian Breunig
generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile.