summaryrefslogtreecommitdiff
path: root/src/op_mode
AgeCommit message (Collapse)Author
2024-06-24pki: T4026: Only emit private keys when available (#3667)mergify[bot]
* install_certificate() code path handles private_key=None & key_passphrase=None OK already * file and console output paths will error trying to encode None as a key * This is only an issue for a couple of the generate_*_sign() functions, where having a null private key is possible * Self-signing and CA creation always generate a private key * Certreqs will generate a private key if not already provided * Do not prompt for a private key passphrase if we aren't giving back a private key (cherry picked from commit d2cf8eeee9053d04f34c5e8a22373290d078ab37) Co-authored-by: Andrew Topp <andrewt@telekinetica.net>
2024-06-22Merge pull request #3650 from vyos/mergify/bp/sagitta/pr-3646Christian Breunig
op-mode: T6407: "generate pki" missed to mangle in ACME certificates when required (backport #3646)
2024-06-21op-mode: T5514: Allow safe reboots to config defaults when config.boot is ↵Andrew Topp
deleted * Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances * Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot (cherry picked from commit 8281383a09f12da20a1c9b4864b38ac3f541b48f)
2024-06-14op-mode: T6407: "generate pki" missed to mangle in ACME certificates when ↵Christian Breunig
required If the requested certificate to generate an Apple IOS profile was based on an ACME certificate, we also need to mangle in the ACME certs content to retrieve the certificates issuer name. (cherry picked from commit 1bc67d498c4d71da78aa46d1d2f9fe9752f59860)
2024-06-10vyos.utils: T5195: import vyos.cpu to this packageChristian Breunig
The intention of vyos.utils package is to have a common ground for repeating actions/helpers. This is also true for number of CPUs and their respective core count. Move vyos.cpu to vyos.utils.cpu (cherry picked from commit e318eb33446de47835480d4b8f1646b39fb5c388)
2024-06-10op-mode: T6424: ipsec: filter out duplicate CA certificates in Apple IOS profileChristian Breunig
(cherry picked from commit 4e51569013b3f78abea9c18e5a6ecb9ff5ae4687)
2024-06-10op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵Christian Breunig
generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile. (cherry picked from commit d65f43589612c30dfaa5ce30aca5b8b48bf73211)
2024-06-09T6460: fixes duid formattingNicolas Vollmar
2024-05-31op-mode: T683: remove superfluous debug print in snmpv3 display codeChristian Breunig
This was a leftover from the early days. (cherry picked from commit d5271e084cca8af54f425816916a821b0eab1a5a)
2024-05-30op-mode: ipsec: T6407: fix profile generationChristian Breunig
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates") added support for multiple CA certificates which broke the OP mode command to generate the IPSec profiles as it did not expect a list and was rather working on a string. Now multiple CAs can be rendered into the Apple IOS profile. (cherry picked from commit e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671)
2024-05-29nat: T6371: fix op mode display of configured ports when comma separated ↵Ginko
list of ports/ranges exists Before: Issuing the op mode command "show nat source rules" will throw an exception if the user has configured NAT rules using a list of ports as a comma-separated list (e.g. '!22,telnet,http,123,1001-1005'). Also there was no handling for the "!" rule and so '!53' would display as '53'. With this PR: Introduced iteration to capture all configured ports and append to the appropriate string for display to the user as well as handling of '!' if present in user's configuration. (cherry picked from commit b7595ee9d328778105c70e3d4399ac45f555b304)
2024-05-26op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificatesChristian Breunig
This fixes (for and ACME generated certificate) vyos@vyos:~$ show pki certificate vyos fingerprint sha512 Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module> show_certificate_fingerprint(args.certificate, args.fingerprint) File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint print(get_certificate_fingerprint(cert, hash)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint fp = cert.fingerprint(hash_algorithm) ^^^^^^^^^^^^^^^^ AttributeError: 'bool' object has no attribute 'fingerprint' After the fix: vyos@vyos# run show pki certificate vyos fingerprint sha256 10:2C:EF:2C:DA:7A:EE:C6:D7:8E:53:12:F0:F5:DE:B9:E9:D0:6C:B4:49:1C:8B:70:2B:D9:AF:FC:9B:75:A3:D2 (cherry picked from commit b6ee07c7efbb818787deba20116f4289853fb5c9)
2024-05-17op mode: T6348: SNAT op-mode fails with flowtable offload entriesNataliia Solomko
(cherry picked from commit 1cba74f91a67348bc8e8ad3e2ef4325dc9f9d6e0)
2024-05-16T6335: Add/Update EVPN op commandsl0crian1
Added the following commands: show evpn show evpn es show evpn es <es-id> show evpn es detail show evpn es-evi show evpn es-evi detail show evpn es-evi vni <num> show evpn vni show evpn vni detail show evpn vni <num> Updated the following commands: show evpn access-vlan show evpn arp-cache show evpn mac show evpn next-hops show evpn rmac (cherry picked from commit c6be441c86bc8fe2e938e2bd3c85f99071cbfb49)
2024-05-16Merge pull request #3462 from nvollmar/T4519Christian Breunig
op mode: T4519: Show DUID instead of IAID_DUID
2024-05-16T4519: Switch to display DUIDNicolas Vollmar
2024-05-16op mode: T6339: display build flavor and comment in "show version"Daniil Baturin
(cherry picked from commit cc0573a78aac4d6ac4479fdf951d151a36b88cbc)
2024-05-12T6329: firewall: use isinstance() in op-mode scriptChristian Breunig
(cherry picked from commit b705adc40b761e338026b938d80398fdb281a197)
2024-05-12T6329: firewall: add a patch for op-mode command <show firewall group>Nicolas Fort
(cherry picked from commit 72c95ec1df8ad7be8a715b3338001349684cafa9)
2024-05-11image-tools: T6176: use console_hint as defaultJohn Estabrook
(cherry picked from commit 0eb09b81f763a62684a7be905267f081f9d6aeb1)
2024-05-10image-tools: T6176: add console hint during image installJohn Estabrook
(cherry picked from commit 428d03e47e7d01b08ccb8cf1acc0ab8a53275286)
2024-05-10image-tools: T6184: add op-mode set boot-consoleJohn Estabrook
(cherry picked from commit eb281199ba35de52a8a97146dfc063e557755648)
2024-05-10image-tools: T6327: drop boot console type ttyUSBJohn Estabrook
(cherry picked from commit 32658e981babffb5b7149534bd50a64d11f7c74f)
2024-05-07op-mode: T6284: IPoE-server op-mode does not show IPv6 address fieldNataliia Solomko
(cherry picked from commit 40b9085171ecf97f791b5f3b5cb32dd5f46d0f21)
2024-05-04op-mode: T6291: add LACP related commandsl0crian1
show interfaces bonding lacp detail show interfaces bonding <bondif> lacp detail show interfaces bonding <bondif> lacp neighbors Co-authored-by: l0crian1 <ryan.claridge13@gmail.com> (cherry picked from commit 0c2bf3192382cffc5ed2dcead3889c332a48820f)
2024-05-02ntp: T4909: Rewrite NTP op mode in new formatGinko
ntp: T4909: Rewrite NTP op mode in new format Adapts ntp.xml.in to reference new ntp.py file Add ntp.py Adds a check to ntp.py to verify if the ntp service is configured Adds raw mode to ntp.py For raw output, replaces the original method of parsing the command line output FROM re.split+regex TO csv.reader. Separates chrony commands into equivalent functions show_tracking, show_sources, source_sourcestats and show_activity Revises the names of raw dictionary keys variables to be lowercase Corrects a comment typo and renames function name used for raw mode (cherry picked from commit d2a82c30695c2f4265dc5ca2165d27d5aa3e2cef)
2024-05-01firewall: T6257: Show member information for dynamic groups in op-modesarthurdev
(cherry picked from commit 456419c7930405b80d322586736734f707affaed)
2024-04-23Merge pull request #3350 from vyos/mergify/bp/sagitta/pr-3346Christian Breunig
image-tools: T6260: remove persistence image directory if no space error (backport #3346)
2024-04-23image-tools: T6260: remove persistence image directory if no space errorJohn Estabrook
(cherry picked from commit c2fc2dba32ba861684f5e34635f810c56d551d51)
2024-04-23connect_disconnect: T6261: correction to typo in check_ppp_running functionGinko
Connect_disconnect: T6261: correction to typo in check_ppp_running function Changes include: 1. Replaces "beeing" -> being in print statement for check_ppp_running 2. Replaces "can not" -> cannot in print statement on lines 61 and 93 (cherry picked from commit 19e0d3b74f66e082c3f131b9044e7ca2371b1d85)
2024-04-22op-mode: T6244: add whitespace after time unit in "show system uptime"Christian Breunig
(cherry picked from commit 31b21d26751b7db7ab784486da5b8690ddd4a058)
2024-04-18openvpn: T6245: return 'n/a' if client info not availableJohn Estabrook
(cherry picked from commit a43f1c00bdc5047eb20840ebb274418362612526)
2024-04-17image-tools: T6154: installer prompts to confirm a non-default passwdJohn Estabrook
(cherry picked from commit f43edbd7cd36f52a0cd9c475b53f317882f4a6f9)
2024-04-12Merge pull request #3243 from vyos/mergify/bp/sagitta/pr-3242Daniil Baturin
T6166: Tech support generation error for custom output location (backport #3242)
2024-04-09T5858: Fix op-mode format for show conntrack statisticsViacheslav Hletenko
(cherry picked from commit 13ed4f9d489dd5b8ee80c5f2fdebf1b0565e9137)
2024-04-08image-tools: T6207: restore choice of config.boot.default as boot configJohn Estabrook
(cherry picked from commit 619e2262e77621c6110164712fed0a42f16715e3)
2024-04-06Merge pull request #3258 from vyos/mergify/bp/sagitta/pr-3255Daniil Baturin
T6203: remove obsoleted xml lib (backport #3255)
2024-04-06Merge pull request #3264 from vyos/mergify/bp/sagitta/pr-3219Daniil Baturin
T6188: add description to show firewall (backport #3219)
2024-04-06T6188: Add description to detail view onlyl0crian1
For readability in console sessions, moved the description column to only be shown in the detail view. Changed wrapping in the detail view for description to 65 characters to prevent full line wrapping in console sessions. (cherry picked from commit 4dba82c7517f4a93b9727d22104e4a339bad127a)
2024-04-06 T6188:l0crian1
- modified: src/op_mode/firewall.py Changed behavior of "show firewall" for specific rule to only show rule and not also default-action (cherry picked from commit a7c5205ab12e767c6c60887033694c597e01f21b)
2024-04-06 modified: op-mode-definitions/firewall.xml.inl0crian1
- Added show firewall <sections> detail paths modified: src/op_mode/firewall.py - Added Description as a header to normal "show firewall" commands - Added 'detail' view which shows the output in a list key-pair format Description column was added for these commands and their subsections: show firewall statistics show firewall groups show firewall <family> Detail view was added for these commands: show firewall bridge forward filter detail show firewall bridge forward filter rule <rule#> detail show firewall bridge name <chain> detail show firewall bridge name <chain> rule <rule#> detail show firewall ipv4 forward filter detail show firewall ipv4 forward filter rule <rule#> detail show firewall ipv4 input filter detail show firewall ipv4 input filter rule <rule#> detail show firewall ipv4 output filter detail show firewall ipv4 output filter rule <rule#> detail show firewall ipv4 name <chain> detail show firewall ipv4 name <chain> rule <rule#> detail show firewall ipv6 forward filter detail show firewall ipv6 forward filter rule <rule#> detail show firewall ipv6 input filter detail show firewall ipv6 input filter rule <rule#> detail show firewall ipv6 output filter detail show firewall ipv6 output filter rule <rule#> detail show firewall ipv6 name <chain> detail show firewall ipv6 name <chain> rule <rule#> detail show firewall group detail show firewall group <group> detail (cherry picked from commit 025438ccacc654274efbd3bea8b13fcc73ae08b6)
2024-04-06T6188: add description to show firewalll0crian1
(cherry picked from commit b2ced47bdc547ada59b37e6617422188e150282c)
2024-04-06T6199: remove unused Python imports from migration scriptsChristian Breunig
(cherry picked from commit 489e6fababa60d9c0fbfdb421305cbe563432499) # Conflicts: # src/migration-scripts/dhcp-server/9-to-10 # src/migration-scripts/dhcpv6-server/3-to-4
2024-04-05op-mode: T6203: replace use of vyos.xml.defaults with automatic defaultsJohn Estabrook
(cherry picked from commit aa1fb0733f18dfb0ccdfb37df36839c6a358d8ee)
2024-04-04T6166: Tech support generation error for custom output locationkhramshinr
(cherry picked from commit bec23808af82b0f84e8a7707bbd56839da2c48b0)
2024-04-03T6199: drop unused Python importsChristian Breunig
found using "git ls-files *.py | xargs pylint | grep W0611" (cherry picked from commit 274b2da242acd1f1f64ff1dee471e34295137c5f)
2024-03-30image-tools: T6186: simplify image annotations fixing regressionJohn Estabrook
(cherry picked from commit 1f0c33c00118c42fc2796d99aff94c428f434d4a)
2024-03-28openvpn: T6159: Openvpn Server Op-cmd adds heading "OpenVPN status on vtunx" ↵khramshinr
for every client connection Don't show duplicate info of vtunx show header when clints is not connected but server is configured (cherry picked from commit 66a009f367f8bf274eac9a4d4e1f4f8911c85872)
2024-03-28op-mode: T6175: "renew dhcp interface <name>" does not check for DHCP interfaceChristian Breunig
The current op-mode script simply calls sudo systemctl restart "dhclient@$4.service" with no additional information about a client interface at all. This results in useless dhclient processes root 47812 4.7 0.0 5848 3584 ? Ss 00:30 0:00 /sbin/dhclient -4 -d root 48121 0.0 0.0 4188 3072 ? S 00:30 0:00 \_ /bin/sh /sbin/dhclient-script root 48148 50.0 0.2 18776 11264 ? R 00:30 0:00 \_ python3 - Which also assign client leases to all local interfaces, if we receive one valid DHCPOFFER vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- eth0 - 00:50:56:bf:c5:6d default 1500 u/u eth0.10 172.16.33.102/24 00:50:56:bf:c5:6d default 1500 u/u eth1 172.16.33.131/24 00:50:56:b3:38:c5 default 1500 u/u 172.16.33.102/24 and 172.16.33.131/24 are stray DHCP addresses. This commit moved the renew command to the DHCP op-mode script to properly validate if the interface we request a renew for, has actually a dhcp address configured. In additional this exposes the renew feature to the API. (cherry picked from commit 7dbaa25a199a781aaa9f269741547e576410cb11)
2024-03-21dhcp: T5164: op cmd: "show dhcp server leases state" with available options ↵khramshinr
does not show any result