summaryrefslogtreecommitdiff
path: root/src/op_mode
AgeCommit message (Collapse)Author
2024-01-08pki: T5886: add support for ACME protocol (LetsEncrypt)Christian Breunig
The "idea" of this PR is to add new CLI nodes under the pki subsystem to activate ACME for any given certificate. vyos@vyos# set pki certificate NAME acme Possible completions: + domain-name Domain Name email Email address to associate with certificate listen-address Local IPv4 addresses to listen on rsa-key-size Size of the RSA key (default: 2048) url Remote URL (default: https://acme-v02.api.letsencrypt.org/directory) Users choose if the CLI based custom certificates are used set pki certificate EXAMPLE acme certificate <base64> or if it should be generated via ACME. The ACME server URL defaults to LetsEncrypt but can be changed to their staging API for testing to not get blacklisted. set pki certificate EXAMPLE acme url https://acme-staging-v02.api.letsencrypt.org/directory Certificate retrieval has a certbot --dry-run stage in verify() to see if it can be generated. After successful generation, the certificate is stored in under /config/auth/letsencrypt. Once a certificate is referenced in the CLI (e.g. set interfaces ethernet eth0 eapol certificate EXAMPLE) we call vyos.config.get_config_dict() which will (if with_pki=True is set) blend in the base64 encoded certificate into the JSON data structure normally used when using a certificate set by the CLI. Using this "design" does not need any change to any other code referencing the PKI system, as the base64 encoded certificate is already there. certbot renewal will call the PKI python script to trigger dependency updates. (cherry picked from commit b8db1a9d7baf91b70c1b735e58710f1e2bc9fc7a) # Conflicts: # debian/control
2024-01-01image-tools: T5883: preserve file owner in /config on add system updateJohn Estabrook
(cherry picked from commit 9f66b9ccfa25f56c209d90a0ad5ad779f3963bee)
2024-01-01T5474: establish common file name pattern for XML conf mode commandsChristian Breunig
We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in (cherry picked from commit 4ef110fd2c501b718344c72d495ad7e16d2bd465)
2023-12-16image-tools: T5825: restore authentication for add system imageJohn Estabrook
(cherry picked from commit 7ee9297a90625609e568394c9f5ea63e8c95a54b)
2023-12-16T5827: moved sys image sort to grub version_listTrae Santiago
(cherry picked from commit d01aba1f5055cdaa43c8429a2c13580679ec12f7)
2023-12-16T5827: made show system image alphabeticalTrae Santiago
(cherry picked from commit d2b29be237b790bb1a258647adf30c8b96c0b526)
2023-12-16T5827: made show system image alphabeticalTrae Santiago
(cherry picked from commit 2f8b22685065f25183133431502322decede6371)
2023-12-16image-tools: T5821: restore vrf-aware add system imageJohn Estabrook
(cherry picked from commit 90f2d9865051b00290dd5b7328a046e823b658dc)
2023-12-16image-tools: T5806: deactive raid arraysJohn Estabrook
(cherry picked from commit e3cd779d0bd8dd8be6231c7b2028326a03e6a06c)
2023-12-16image-tools: T5819: do not echo password on image installJohn Estabrook
(cherry picked from commit cf83979636c686a459d6dc75dcd98e342c70b1b3)
2023-12-16image-tools: T5758: restore saving previous data on installJohn Estabrook
Restore scanning previous installations for config data and ssh host keys on install. (cherry picked from commit 32551842bb0f710f590e8c030395a3a7902aa1df)
2023-12-16image-tools: T5789: copy ssh host keys on image updateJohn Estabrook
(cherry picked from commit 393b3ccf02902e765bd5cf603d770ba8cad22e75)
2023-12-16image-tools: T5751: restore arg raise_error for non-interactive useJohn Estabrook
(cherry picked from commit 35f69340ef189e27b380074bb687ad58f29e9433)
2023-12-16image-tools: T5751: add arg no_prompt for non-interactive callsJohn Estabrook
(cherry picked from commit 0fae5b412a359874f1d61a5330064e87a7e6b899)
2023-12-16image-tools: T5751: normalize args using hyphen instead of underscoreJohn Estabrook
(cherry picked from commit bb578a1cab177e8cee6e4d02144d21387ba13a93)
2023-12-16image: T4516: add raid-1 install supportJohn Estabrook
(cherry picked from commit e036f783bc85e4d2bad5f5cbfd688a03a352223e)
2023-12-16image: T4516: variable name spellingJohn Estabrook
(cherry picked from commit fc5dc00a3892fa26d03213854ea5091d6b0c2c18)
2023-12-16image: T4516: restore select entry to set/delete imageJohn Estabrook
(cherry picked from commit 9ffa3e82d951756696367578dd5e82ef0f690065)
2023-12-16image: T4516: do not prompt for confirmation when setting defaultJohn Estabrook
(cherry picked from commit 3d15cfd484e8c2732d9f10e4065f2282f1f5d334)
2023-12-16image: T4516: reword some messages and promptsJohn Estabrook
(cherry picked from commit cdc5fddfd796ccf7cfe35d2501cb1da380df53b2)
2023-12-16image: T4516: add clearer error msg on attempt to upgrade to 1.2.xJohn Estabrook
An attempt to upgrade to 1.2.x is caught, but error is of failed checksum verification; add check and message. (cherry picked from commit aae1247da61206d7a1b0b4d6ee20d36d194dbaba)
2023-12-16image: T4516: support for interoperability of legacy/new image toolsJohn Estabrook
This commit allows management of system images with either new or legacy tools: 'add/delete/rename system image' and 'set default' are translated appropriately on booting between images with the old and new tools. Consequently, the warning of the initial commit of T4516 is dropped. (cherry picked from commit 96b65e90fbfa1fe63d97929ac86fc910abb0caa9)
2023-12-16image: T4516: improve format of 'show system image details'John Estabrook
(cherry picked from commit 8efab9ee8cdb0e65dddb9d3ba97de8ddcf3666dc)
2023-12-16image: T5195: vyos.util -> vyos.utils package refactoringJohn Estabrook
(cherry picked from commit fcded7930b5426193e8490c6df2a70e300a60e31)
2023-12-16image: T4516: restore reboot reminder messageJohn Estabrook
(cherry picked from commit a604d5d56d93a6958d879b838066bbe2df131bc5)
2023-12-16image: T4516: set op-mode files executableJohn Estabrook
(cherry picked from commit d88168b8e26e46d512e3b175cd2eacecae0e596a)
2023-12-16image: T4516: do not prompt for config copy on live installJohn Estabrook
(cherry picked from commit b31092cc33685628c74845f2aa1e94f0e7879e87)
2023-12-16image: T4516: correct implementation of configure_authenticationJohn Estabrook
(cherry picked from commit 169c9ff01287cb558850479afb733dd53fb6ae5d)
2023-12-16image: T4516: correct permissions on creation of config directoryJohn Estabrook
(cherry picked from commit 74b00c1f6961d1bd3a59768021f154bdb64c154e)
2023-12-16image: T4516: Added system image toolszsdc
This commit adds the whole set of system image tools written from the scratch in Python that allows performing all the operations on images: * check information * perform installation and deletion * versions management Also, it contains a new service that will update the GRUB menu and keep tracking its version in the future. WARNING: The commit contains non-reversible changes. Because of boot menu changes, it will not be possible to manage images from older VyOS versions after an update. (cherry picked from commit 8f94262e8fa2477700c50303ea6e2c6ddad72adb)
2023-12-11T5807: fix op-mode command <show nat66>, which only display rules if nat was ↵Nicolas Fort
configured. In this commit, check is fixed and rules are printed as expected. (cherry picked from commit 3d3418d1585cbb6d3c2d1d81d310a3107e16c4aa)
2023-12-07T5778: dhcp server: fix op-mode command <show dhcp server leases ...>.Nicolas Fort
(cherry picked from commit 57761a370d2217eeb79827e8c20384f6de649c66)
2023-12-07T5778: dhcp server: patch op-mode command <show dhcp server leases>. If ↵Nicolas Fort
*pool* empty, this means that lease was granted by fail-over server. Also fix issue that <show dhcp server leases state all> print nothing. (cherry picked from commit da83b3f96dcedaa8e4d926d9f5bdc963abd9a813)
2023-11-22vxlan: T5753: add support for VNI filteringChristian Breunig
In a service provider network a service provider typically supports multiple bridge domains with overlapping vlans. One bridge domain per customer. Vlans in each bridge domain are mapped to globally unique VXLAN VNI ranges assigned to each customer. Without the ability of VNI filtering, we can not provide VXLAN tunnels with multiple tenants all requiring e.g. VLAN 10. To Test: set interfaces vxlan vxlan987 parameters external set interfaces vxlan vxlan987 source-interface eth0 set interfaces vxlan vxlan987 parameters vni-filter set interfaces vxlan vxlan987 vlan-to-vni 50 vni 10050 set interfaces vxlan vxlan987 vlan-to-vni 51 vni 10051 set interfaces vxlan vxlan987 vlan-to-vni 52 vni 10052 set interfaces vxlan vxlan987 vlan-to-vni 53 vni 10053 set interfaces vxlan vxlan987 vlan-to-vni 54 vni 10054 set interfaces vxlan vxlan987 vlan-to-vni 60 vni 10060 set interfaces vxlan vxlan987 vlan-to-vni 69 vni 10069 set interfaces bridge br0 member interface vxlan987 Add new op-mode command: show bridge vni Interface VNI ----------- ----------- vxlan987 10050-10054 vxlan987 10060 vxlan987 10069 (cherry picked from commit 35f6033d21053fa420e837f157cd9377a4ccd26a)
2023-11-18T5749: Swap show interfaces and show interfaces summaryViacheslav Hletenko
By default show VRF, MAC, MTU for `show interfaces` The original `show interfaces` moved to `show interfacces summary` (cherry picked from commit 056885c02b8671279808c226a759de6c5356f578)
2023-11-16T3983: show pki certificate Doesnt show x509 certificatesJeffWDH
(cherry picked from commit 36de14913e0f4370d7c4e2828032a5378d3bba77)
2023-11-16Merge pull request #2489 from vyos/mergify/bp/sagitta/pr-2476Christian Breunig
pim(6): T5733: add missing FRR related features (backport #2476)
2023-11-16T5747: op-mode add MAC and MTU for show interfaces summaryViacheslav Hletenko
Add op-mode "show interfaces summary" Add MAC, VRF and MTU options: vyos@r4# run show interfaces summary Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1 eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2 eth3 - 52:54:00:09:a4:b4 default 1500 A/D (cherry picked from commit dc3906f04fbfe8014531e092a77c1c8c2d10dfe0)
2023-11-15pim: T5733: add missing FRR PIM related featuresChristian Breunig
Migrate CLI configuration retrival to common get_config_dict(). In addition add new functionality to VyOS that is PIM related and already available in FRR. (cherry picked from commit 9abc02edcc237760f1f8aa1b3f08d7f4d18f866c) # Conflicts: # python/vyos/frr.py # src/op_mode/restart_frr.py
2023-11-15T5732: generate firewall rule-resequence drops geoip country-code from outputJeffWDH
(cherry picked from commit aa7a5131a5d1bd901ffdc7670a62bad8218147ab)
2023-11-12op-mode: T5658: fix "monitor traceroute" completion helperChristian Breunig
(cherry picked from commit c0de93d37354ec89f44dde7f1b5a4c8af550a019)
2023-11-12op-mode: T5658: reduce amount of exposed optionsChristian Breunig
Example: we should focus on JSON output and not expose XML and CSV. (cherry picked from commit b8e9daf12eaef46747e7379042f8acd575e5b1d6)
2023-11-12T5658: add common methods interface_list() and vrf_list() to vyos.utils.networkChristian Breunig
Reduce amount of duplicated (3 times) code in op-mode scripts for ping, traceroute and mtr. (cherry picked from commit 7b27a20c8664460482301cc8d7554048f152485e)
2023-11-12op-mode: T5658: add VRF support for "monitor traceroute"bbabich
(cherry picked from commit 07ecc0c33fb32878cac25ec84f2f3a977588f0dd)
2023-11-02T5513: opmode command show firewall - Manual backportNicolas Fort
2023-10-29op-mode: T5661: remove call to sudo in ssh.py and move it to XML definitionChristian Breunig
Try to have as few calls to sudo in the op-mode scripts as possible. The XML definitions can deal with it. (cherry picked from commit 428dee29d36cc3629990ec41afef887821886834)
2023-10-28T5661: Add show ssh dynamic-protection and show log ssh dynamic-protectionJeffWDH
2023-10-28T5653: Command to display SSH server fingerprintJeffWDH
2023-10-25T5497: Add ability to resequence rule numbers for firewallJeffWDH
Updated spacing. (cherry picked from commit f39a35338ac967381356f8b9b499ec1d730653fc)
2023-10-25T5497: Add ability to resequence rule numbers for firewallJeffWDH
(cherry picked from commit 5180622cd6c928812a644f427d65acae763c37cc)