Age | Commit message (Collapse) | Author |
|
(cherry picked from commit 5ade35255b3d8438aa6082fe56ae459d50cdc0a5)
|
|
* install_certificate() code path handles private_key=None &
key_passphrase=None OK already
* file and console output paths will error trying to encode None as a key
* This is only an issue for a couple of the generate_*_sign() functions,
where having a null private key is possible
* Self-signing and CA creation always generate a private key
* Certreqs will generate a private key if not already provided
* Do not prompt for a private key passphrase if we aren't giving back a
private key
(cherry picked from commit d2cf8eeee9053d04f34c5e8a22373290d078ab37)
Co-authored-by: Andrew Topp <andrewt@telekinetica.net>
|
|
op-mode: T6407: "generate pki" missed to mangle in ACME certificates when required (backport #3646)
|
|
deleted
* Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances
* Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot
(cherry picked from commit 8281383a09f12da20a1c9b4864b38ac3f541b48f)
|
|
required
If the requested certificate to generate an Apple IOS profile was based on an
ACME certificate, we also need to mangle in the ACME certs content to retrieve
the certificates issuer name.
(cherry picked from commit 1bc67d498c4d71da78aa46d1d2f9fe9752f59860)
|
|
The intention of vyos.utils package is to have a common ground for repeating
actions/helpers. This is also true for number of CPUs and their respective
core count.
Move vyos.cpu to vyos.utils.cpu
(cherry picked from commit e318eb33446de47835480d4b8f1646b39fb5c388)
|
|
(cherry picked from commit 4e51569013b3f78abea9c18e5a6ecb9ff5ae4687)
|
|
generation
In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed
support for multiple CAs when dealing with the generation of Apple IOS profiles.
This commit extends support to properly include the common name of the server
certificate issuer and all it's paren't CAs. A list of parent CAs is
automatically generated from the "PKI" subsystem content and embedded into the
resulting profile.
(cherry picked from commit d65f43589612c30dfaa5ce30aca5b8b48bf73211)
|
|
|
|
This was a leftover from the early days.
(cherry picked from commit d5271e084cca8af54f425816916a821b0eab1a5a)
|
|
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates")
added support for multiple CA certificates which broke the OP mode command
to generate the IPSec profiles as it did not expect a list and was rather
working on a string.
Now multiple CAs can be rendered into the Apple IOS profile.
(cherry picked from commit e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671)
|
|
list of ports/ranges exists
Before: Issuing the op mode command "show nat source rules" will throw an
exception if the user has configured NAT rules using a list of ports as a
comma-separated list (e.g. '!22,telnet,http,123,1001-1005'). Also there was
no handling for the "!" rule and so '!53' would display as '53'.
With this PR: Introduced iteration to capture all configured ports and append
to the appropriate string for display to the user as well as handling of '!' if
present in user's configuration.
(cherry picked from commit b7595ee9d328778105c70e3d4399ac45f555b304)
|
|
This fixes (for and ACME generated certificate)
vyos@vyos:~$ show pki certificate vyos fingerprint sha512
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module>
show_certificate_fingerprint(args.certificate, args.fingerprint)
File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint
print(get_certificate_fingerprint(cert, hash))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint
fp = cert.fingerprint(hash_algorithm)
^^^^^^^^^^^^^^^^
AttributeError: 'bool' object has no attribute 'fingerprint'
After the fix:
vyos@vyos# run show pki certificate vyos fingerprint sha256
10:2C:EF:2C:DA:7A:EE:C6:D7:8E:53:12:F0:F5:DE:B9:E9:D0:6C:B4:49:1C:8B:70:2B:D9:AF:FC:9B:75:A3:D2
(cherry picked from commit b6ee07c7efbb818787deba20116f4289853fb5c9)
|
|
(cherry picked from commit 1cba74f91a67348bc8e8ad3e2ef4325dc9f9d6e0)
|
|
Added the following commands:
show evpn
show evpn es
show evpn es <es-id>
show evpn es detail
show evpn es-evi
show evpn es-evi detail
show evpn es-evi vni <num>
show evpn vni
show evpn vni detail
show evpn vni <num>
Updated the following commands:
show evpn access-vlan
show evpn arp-cache
show evpn mac
show evpn next-hops
show evpn rmac
(cherry picked from commit c6be441c86bc8fe2e938e2bd3c85f99071cbfb49)
|
|
op mode: T4519: Show DUID instead of IAID_DUID
|
|
|
|
(cherry picked from commit cc0573a78aac4d6ac4479fdf951d151a36b88cbc)
|
|
(cherry picked from commit b705adc40b761e338026b938d80398fdb281a197)
|
|
(cherry picked from commit 72c95ec1df8ad7be8a715b3338001349684cafa9)
|
|
(cherry picked from commit 0eb09b81f763a62684a7be905267f081f9d6aeb1)
|
|
(cherry picked from commit 428d03e47e7d01b08ccb8cf1acc0ab8a53275286)
|
|
(cherry picked from commit eb281199ba35de52a8a97146dfc063e557755648)
|
|
(cherry picked from commit 32658e981babffb5b7149534bd50a64d11f7c74f)
|
|
(cherry picked from commit 40b9085171ecf97f791b5f3b5cb32dd5f46d0f21)
|
|
show interfaces bonding lacp detail
show interfaces bonding <bondif> lacp detail
show interfaces bonding <bondif> lacp neighbors
Co-authored-by: l0crian1 <ryan.claridge13@gmail.com>
(cherry picked from commit 0c2bf3192382cffc5ed2dcead3889c332a48820f)
|
|
ntp: T4909: Rewrite NTP op mode in new format
Adapts ntp.xml.in to reference new ntp.py file
Add ntp.py
Adds a check to ntp.py to verify if the ntp service is configured
Adds raw mode to ntp.py
For raw output, replaces the original method of parsing the command line output FROM re.split+regex TO csv.reader.
Separates chrony commands into equivalent functions show_tracking, show_sources, source_sourcestats and show_activity
Revises the names of raw dictionary keys variables to be lowercase
Corrects a comment typo and renames function name used for raw mode
(cherry picked from commit d2a82c30695c2f4265dc5ca2165d27d5aa3e2cef)
|
|
(cherry picked from commit 456419c7930405b80d322586736734f707affaed)
|
|
image-tools: T6260: remove persistence image directory if no space error (backport #3346)
|
|
(cherry picked from commit c2fc2dba32ba861684f5e34635f810c56d551d51)
|
|
Connect_disconnect: T6261: correction to typo in check_ppp_running function
Changes include:
1. Replaces "beeing" -> being in print statement for check_ppp_running
2. Replaces "can not" -> cannot in print statement on lines 61 and 93
(cherry picked from commit 19e0d3b74f66e082c3f131b9044e7ca2371b1d85)
|
|
(cherry picked from commit 31b21d26751b7db7ab784486da5b8690ddd4a058)
|
|
(cherry picked from commit a43f1c00bdc5047eb20840ebb274418362612526)
|
|
(cherry picked from commit f43edbd7cd36f52a0cd9c475b53f317882f4a6f9)
|
|
T6166: Tech support generation error for custom output location (backport #3242)
|
|
(cherry picked from commit 13ed4f9d489dd5b8ee80c5f2fdebf1b0565e9137)
|
|
(cherry picked from commit 619e2262e77621c6110164712fed0a42f16715e3)
|
|
T6203: remove obsoleted xml lib (backport #3255)
|
|
T6188: add description to show firewall (backport #3219)
|
|
For readability in console sessions, moved the description column to only be shown in the detail view.
Changed wrapping in the detail view for description to 65 characters to prevent full line wrapping in console sessions.
(cherry picked from commit 4dba82c7517f4a93b9727d22104e4a339bad127a)
|
|
- modified: src/op_mode/firewall.py
Changed behavior of "show firewall" for specific rule to only show rule and not also default-action
(cherry picked from commit a7c5205ab12e767c6c60887033694c597e01f21b)
|
|
- Added show firewall <sections> detail paths
modified: src/op_mode/firewall.py
- Added Description as a header to normal "show firewall" commands
- Added 'detail' view which shows the output in a list key-pair format
Description column was added for these commands and their subsections:
show firewall statistics
show firewall groups
show firewall <family>
Detail view was added for these commands:
show firewall bridge forward filter detail
show firewall bridge forward filter rule <rule#> detail
show firewall bridge name <chain> detail
show firewall bridge name <chain> rule <rule#> detail
show firewall ipv4 forward filter detail
show firewall ipv4 forward filter rule <rule#> detail
show firewall ipv4 input filter detail
show firewall ipv4 input filter rule <rule#> detail
show firewall ipv4 output filter detail
show firewall ipv4 output filter rule <rule#> detail
show firewall ipv4 name <chain> detail
show firewall ipv4 name <chain> rule <rule#> detail
show firewall ipv6 forward filter detail
show firewall ipv6 forward filter rule <rule#> detail
show firewall ipv6 input filter detail
show firewall ipv6 input filter rule <rule#> detail
show firewall ipv6 output filter detail
show firewall ipv6 output filter rule <rule#> detail
show firewall ipv6 name <chain> detail
show firewall ipv6 name <chain> rule <rule#> detail
show firewall group detail
show firewall group <group> detail
(cherry picked from commit 025438ccacc654274efbd3bea8b13fcc73ae08b6)
|
|
(cherry picked from commit b2ced47bdc547ada59b37e6617422188e150282c)
|
|
(cherry picked from commit 489e6fababa60d9c0fbfdb421305cbe563432499)
# Conflicts:
# src/migration-scripts/dhcp-server/9-to-10
# src/migration-scripts/dhcpv6-server/3-to-4
|
|
(cherry picked from commit aa1fb0733f18dfb0ccdfb37df36839c6a358d8ee)
|
|
(cherry picked from commit bec23808af82b0f84e8a7707bbd56839da2c48b0)
|
|
found using "git ls-files *.py | xargs pylint | grep W0611"
(cherry picked from commit 274b2da242acd1f1f64ff1dee471e34295137c5f)
|
|
(cherry picked from commit 1f0c33c00118c42fc2796d99aff94c428f434d4a)
|
|
for every client connection
Don't show duplicate info of vtunx
show header when clints is not connected but server is configured
(cherry picked from commit 66a009f367f8bf274eac9a4d4e1f4f8911c85872)
|
|
The current op-mode script simply calls sudo systemctl restart "dhclient@$4.service"
with no additional information about a client interface at all.
This results in useless dhclient processes
root 47812 4.7 0.0 5848 3584 ? Ss 00:30 0:00 /sbin/dhclient -4 -d
root 48121 0.0 0.0 4188 3072 ? S 00:30 0:00 \_ /bin/sh /sbin/dhclient-script
root 48148 50.0 0.2 18776 11264 ? R 00:30 0:00 \_ python3 -
Which also assign client leases to all local interfaces, if we receive one
valid DHCPOFFER
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address MAC VRF MTU S/L Description
----------- ----------------- ----------------- ------- ----- ----- -------------
eth0 - 00:50:56:bf:c5:6d default 1500 u/u
eth0.10 172.16.33.102/24 00:50:56:bf:c5:6d default 1500 u/u
eth1 172.16.33.131/24 00:50:56:b3:38:c5 default 1500 u/u
172.16.33.102/24 and 172.16.33.131/24 are stray DHCP addresses.
This commit moved the renew command to the DHCP op-mode script to properly
validate if the interface we request a renew for, has actually a dhcp address
configured. In additional this exposes the renew feature to the API.
(cherry picked from commit 7dbaa25a199a781aaa9f269741547e576410cb11)
|