summaryrefslogtreecommitdiff
path: root/src/op_mode
AgeCommit message (Collapse)Author
2024-08-02T6486: T6379: Rewrite generate openvpn client-config (#3926)mergify[bot]
This command helps to generate users `.ovpn` files Rewrite `generate openvpn client-config` to use Config() It needs to get the default values as `ConfigTreeQuery` is not supporting default values. Fixed "ignores configured protocol type" if TCP is used Fixed lzo, was used even if lzo not configured Fixed encryption is not parse the dict (cherry picked from commit fe50f1a9292b34e168b35453f2cfc2aee2ca4843) Co-authored-by: Viacheslav Hletenko <v.gletenko@vyos.io>
2024-08-01T6617: T6618: vpn ipsec remote-access: fix profile generatorsLucas Christian
(cherry picked from commit e97d86e619e134f4dfda06efb7df4a3296d17b95)
2024-08-01Merge pull request #3918 from vyos/mergify/bp/sagitta/pr-3915Christian Breunig
ipsec: T6148: Removed unused imports (backport #3915)
2024-07-31Merge pull request #3907 from vyos/mergify/bp/sagitta/pr-3715fett0
T6313: Add "NAT" to "generate" command for rule resequence (backport #3715)
2024-07-31ipsec: T6148: Removed unused imports (#3915)aapostoliuk
Removed unused pprint module (cherry picked from commit cb1834742f4ed01d99d6396af8339dd59788ef65)
2024-07-31ipsec: T6148: Fixed reset command by adding init after terminating (#3763) ↵mergify[bot]
(#3909) Strongswan does not initiate session after termination via vici. Added an CHILD SAs initialization on the initiator side of the tunnel. (cherry picked from commit 8838b29180ccc26d2aca0c22c9c8ca5e274825b2) Co-authored-by: aapostoliuk <108394744+aapostoliuk@users.noreply.github.com>
2024-07-30system: op-mode: T3334: allow delayed getty restart when configuring serial ↵Andrew Topp
ports * Created op-mode command "restart serial console" * Relocated service control to vyos.utils.serial helpers, used by conf- and op-mode serial console handling * Checking for logged-in serial sessions that may be affected by getty reconfig * Warning the user when changes are committed and serial sessions are active, otherwise restart services as normal. No prompts issued during commit, all config gen/commit steps still occur except for the service restarts (everything remains consistent) * To apply committed changes, user will need to run "restart serial console" to complete the process or reboot the whole router * Added additional flags and target filtering for generic use of helpers. (cherry picked from commit bc9049ebd76576d727fa87b10b96d1616950237c)
2024-07-30T6313: Add "NAT" to "generate" command for rule resequencekhramshinr
(cherry picked from commit 142545b0535d0a994182389c99b7bcd6d7c37c24)
2024-07-19T6578: Fix unhandled exception in "show openconnect-server sessions"khramshinr
(cherry picked from commit e858d96a3fbc1ae4719a50ee67df02b2f256b40f)
2024-07-06op-mode: T6537: remove unused cmd imported from vyos.utils.processChristian Breunig
Commit dc60fe99350 ("op-mode: T6537: include hostname in the reboot/shutdown warning message") added a more local import of vyos.utils.process.cmd() that made the fglobal import obsolete and trigger a linter warning. $ make unused-imports -------------------------------------------------------------------- Your code has been rated at 10.00/10 (previous run: 10.00/10, +0.00) (cherry picked from commit 6b2e45c073eeef62bbb5905e1bff98e20199b6b0)
2024-07-03op-mode: T6537: include hostname in the reboot/shutdown warning messageDaniil Baturin
(cherry picked from commit dc60fe993505d1adca60f9b6e0f47f565c459331)
2024-07-01Merge pull request #3735 from vyos/mergify/bp/sagitta/pr-3731Christian Breunig
op-mode: T5633, T6465: fix error when op cmd interrupted, updates some system call syntax (backport #3731)
2024-06-29op-mode: T6524: rewrite "release dhcp(v6) interface" to new op-mode formatChristian Breunig
(cherry picked from commit 5ade35255b3d8438aa6082fe56ae459d50cdc0a5)
2024-06-28Fixes error generated when op cmd interrupted, updates show system calls to ↵Ginko
new cli syntax (#3731) (cherry picked from commit a095a3c7b3dd4459dc8626f0e5adecda855580e0)
2024-06-24pki: T4026: Only emit private keys when available (#3667)mergify[bot]
* install_certificate() code path handles private_key=None & key_passphrase=None OK already * file and console output paths will error trying to encode None as a key * This is only an issue for a couple of the generate_*_sign() functions, where having a null private key is possible * Self-signing and CA creation always generate a private key * Certreqs will generate a private key if not already provided * Do not prompt for a private key passphrase if we aren't giving back a private key (cherry picked from commit d2cf8eeee9053d04f34c5e8a22373290d078ab37) Co-authored-by: Andrew Topp <andrewt@telekinetica.net>
2024-06-22Merge pull request #3650 from vyos/mergify/bp/sagitta/pr-3646Christian Breunig
op-mode: T6407: "generate pki" missed to mangle in ACME certificates when required (backport #3646)
2024-06-21op-mode: T5514: Allow safe reboots to config defaults when config.boot is ↵Andrew Topp
deleted * Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances * Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot (cherry picked from commit 8281383a09f12da20a1c9b4864b38ac3f541b48f)
2024-06-14op-mode: T6407: "generate pki" missed to mangle in ACME certificates when ↵Christian Breunig
required If the requested certificate to generate an Apple IOS profile was based on an ACME certificate, we also need to mangle in the ACME certs content to retrieve the certificates issuer name. (cherry picked from commit 1bc67d498c4d71da78aa46d1d2f9fe9752f59860)
2024-06-10vyos.utils: T5195: import vyos.cpu to this packageChristian Breunig
The intention of vyos.utils package is to have a common ground for repeating actions/helpers. This is also true for number of CPUs and their respective core count. Move vyos.cpu to vyos.utils.cpu (cherry picked from commit e318eb33446de47835480d4b8f1646b39fb5c388)
2024-06-10op-mode: T6424: ipsec: filter out duplicate CA certificates in Apple IOS profileChristian Breunig
(cherry picked from commit 4e51569013b3f78abea9c18e5a6ecb9ff5ae4687)
2024-06-10op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵Christian Breunig
generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile. (cherry picked from commit d65f43589612c30dfaa5ce30aca5b8b48bf73211)
2024-06-09T6460: fixes duid formattingNicolas Vollmar
2024-05-31op-mode: T683: remove superfluous debug print in snmpv3 display codeChristian Breunig
This was a leftover from the early days. (cherry picked from commit d5271e084cca8af54f425816916a821b0eab1a5a)
2024-05-30op-mode: ipsec: T6407: fix profile generationChristian Breunig
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates") added support for multiple CA certificates which broke the OP mode command to generate the IPSec profiles as it did not expect a list and was rather working on a string. Now multiple CAs can be rendered into the Apple IOS profile. (cherry picked from commit e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671)
2024-05-29nat: T6371: fix op mode display of configured ports when comma separated ↵Ginko
list of ports/ranges exists Before: Issuing the op mode command "show nat source rules" will throw an exception if the user has configured NAT rules using a list of ports as a comma-separated list (e.g. '!22,telnet,http,123,1001-1005'). Also there was no handling for the "!" rule and so '!53' would display as '53'. With this PR: Introduced iteration to capture all configured ports and append to the appropriate string for display to the user as well as handling of '!' if present in user's configuration. (cherry picked from commit b7595ee9d328778105c70e3d4399ac45f555b304)
2024-05-26op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificatesChristian Breunig
This fixes (for and ACME generated certificate) vyos@vyos:~$ show pki certificate vyos fingerprint sha512 Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module> show_certificate_fingerprint(args.certificate, args.fingerprint) File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint print(get_certificate_fingerprint(cert, hash)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint fp = cert.fingerprint(hash_algorithm) ^^^^^^^^^^^^^^^^ AttributeError: 'bool' object has no attribute 'fingerprint' After the fix: vyos@vyos# run show pki certificate vyos fingerprint sha256 10:2C:EF:2C:DA:7A:EE:C6:D7:8E:53:12:F0:F5:DE:B9:E9:D0:6C:B4:49:1C:8B:70:2B:D9:AF:FC:9B:75:A3:D2 (cherry picked from commit b6ee07c7efbb818787deba20116f4289853fb5c9)
2024-05-17op mode: T6348: SNAT op-mode fails with flowtable offload entriesNataliia Solomko
(cherry picked from commit 1cba74f91a67348bc8e8ad3e2ef4325dc9f9d6e0)
2024-05-16T6335: Add/Update EVPN op commandsl0crian1
Added the following commands: show evpn show evpn es show evpn es <es-id> show evpn es detail show evpn es-evi show evpn es-evi detail show evpn es-evi vni <num> show evpn vni show evpn vni detail show evpn vni <num> Updated the following commands: show evpn access-vlan show evpn arp-cache show evpn mac show evpn next-hops show evpn rmac (cherry picked from commit c6be441c86bc8fe2e938e2bd3c85f99071cbfb49)
2024-05-16Merge pull request #3462 from nvollmar/T4519Christian Breunig
op mode: T4519: Show DUID instead of IAID_DUID
2024-05-16T4519: Switch to display DUIDNicolas Vollmar
2024-05-16op mode: T6339: display build flavor and comment in "show version"Daniil Baturin
(cherry picked from commit cc0573a78aac4d6ac4479fdf951d151a36b88cbc)
2024-05-12T6329: firewall: use isinstance() in op-mode scriptChristian Breunig
(cherry picked from commit b705adc40b761e338026b938d80398fdb281a197)
2024-05-12T6329: firewall: add a patch for op-mode command <show firewall group>Nicolas Fort
(cherry picked from commit 72c95ec1df8ad7be8a715b3338001349684cafa9)
2024-05-11image-tools: T6176: use console_hint as defaultJohn Estabrook
(cherry picked from commit 0eb09b81f763a62684a7be905267f081f9d6aeb1)
2024-05-10image-tools: T6176: add console hint during image installJohn Estabrook
(cherry picked from commit 428d03e47e7d01b08ccb8cf1acc0ab8a53275286)
2024-05-10image-tools: T6184: add op-mode set boot-consoleJohn Estabrook
(cherry picked from commit eb281199ba35de52a8a97146dfc063e557755648)
2024-05-10image-tools: T6327: drop boot console type ttyUSBJohn Estabrook
(cherry picked from commit 32658e981babffb5b7149534bd50a64d11f7c74f)
2024-05-07op-mode: T6284: IPoE-server op-mode does not show IPv6 address fieldNataliia Solomko
(cherry picked from commit 40b9085171ecf97f791b5f3b5cb32dd5f46d0f21)
2024-05-04op-mode: T6291: add LACP related commandsl0crian1
show interfaces bonding lacp detail show interfaces bonding <bondif> lacp detail show interfaces bonding <bondif> lacp neighbors Co-authored-by: l0crian1 <ryan.claridge13@gmail.com> (cherry picked from commit 0c2bf3192382cffc5ed2dcead3889c332a48820f)
2024-05-02ntp: T4909: Rewrite NTP op mode in new formatGinko
ntp: T4909: Rewrite NTP op mode in new format Adapts ntp.xml.in to reference new ntp.py file Add ntp.py Adds a check to ntp.py to verify if the ntp service is configured Adds raw mode to ntp.py For raw output, replaces the original method of parsing the command line output FROM re.split+regex TO csv.reader. Separates chrony commands into equivalent functions show_tracking, show_sources, source_sourcestats and show_activity Revises the names of raw dictionary keys variables to be lowercase Corrects a comment typo and renames function name used for raw mode (cherry picked from commit d2a82c30695c2f4265dc5ca2165d27d5aa3e2cef)
2024-05-01firewall: T6257: Show member information for dynamic groups in op-modesarthurdev
(cherry picked from commit 456419c7930405b80d322586736734f707affaed)
2024-04-23Merge pull request #3350 from vyos/mergify/bp/sagitta/pr-3346Christian Breunig
image-tools: T6260: remove persistence image directory if no space error (backport #3346)
2024-04-23image-tools: T6260: remove persistence image directory if no space errorJohn Estabrook
(cherry picked from commit c2fc2dba32ba861684f5e34635f810c56d551d51)
2024-04-23connect_disconnect: T6261: correction to typo in check_ppp_running functionGinko
Connect_disconnect: T6261: correction to typo in check_ppp_running function Changes include: 1. Replaces "beeing" -> being in print statement for check_ppp_running 2. Replaces "can not" -> cannot in print statement on lines 61 and 93 (cherry picked from commit 19e0d3b74f66e082c3f131b9044e7ca2371b1d85)
2024-04-22op-mode: T6244: add whitespace after time unit in "show system uptime"Christian Breunig
(cherry picked from commit 31b21d26751b7db7ab784486da5b8690ddd4a058)
2024-04-18openvpn: T6245: return 'n/a' if client info not availableJohn Estabrook
(cherry picked from commit a43f1c00bdc5047eb20840ebb274418362612526)
2024-04-17image-tools: T6154: installer prompts to confirm a non-default passwdJohn Estabrook
(cherry picked from commit f43edbd7cd36f52a0cd9c475b53f317882f4a6f9)
2024-04-12Merge pull request #3243 from vyos/mergify/bp/sagitta/pr-3242Daniil Baturin
T6166: Tech support generation error for custom output location (backport #3242)
2024-04-09T5858: Fix op-mode format for show conntrack statisticsViacheslav Hletenko
(cherry picked from commit 13ed4f9d489dd5b8ee80c5f2fdebf1b0565e9137)
2024-04-08image-tools: T6207: restore choice of config.boot.default as boot configJohn Estabrook
(cherry picked from commit 619e2262e77621c6110164712fed0a42f16715e3)