Age | Commit message (Collapse) | Author |
|
The environment variable SUDO_USER is checked by system_login.py so as
to prevent deleting the current user. Provide from config session and
set within configd environment.
(cherry picked from commit 7016f840f1193399f6ac59fab7faa721049229e8)
|
|
|
|
|
|
|
|
Package path/section data in single command containing a tree (dict) of
section paths and the accompanying config data. This drops the call to
get_config_dict and the need for a list of commands in request.
|
|
|
|
|
|
|
|
Streamline configuration and operation of dns forwarding service in
following ways:
- Remove `dns_forwarding_reset.py` as its functionality is now covered
by `dns.py`
- Adjust function names in `dns.py` to disambiguate between DNS
forwarding and dynamic DNS
- Remove `dns_forwarding_restart.sh` as its functionality is inlined in
`dns-forwarding.xml`
- Templatize systemd override for `pdns-recursor.service` and move the
generated override files in /run. This ensures that the override files
are always generated afresh after boot
- Simplify the systemd override file by removing the redundant overrides
- Relocate configuration path for pdns-recursor to `/run/pdns-recursor`
and utilize the `RuntimeDirectory` default that pdns-recursor expects
- We do not need to use custom `--socket-dir` path anymore, the default
path (viz., `/run/pdns-recursor` is fine)
|
|
We have not seen the adoption of the https virtual-host CLI option.
What it did?
* Create multiple webservers each listening on a different IP/port
(but in the same VRF)
* All webservers shared one common document root
* All webservers shared the same SSL certificates
* All webservers could have had individual allow-client configurations
* API could be enabled for a particular virtual-host but was always enabled on
the default host
This configuration tried to provide a full webserver via the CLI but VyOS is a
router and the Webserver is there for an API or to serve files for a local-ui.
Changes
Remove support for virtual-hosts as it's an incomplete and thus mostly useless
"thing". Migrate all allow-client statements to one top-level allow statement.
|
|
and use only PAM auth and JWT
|
|
|
|
|
|
Add ability to reboot and poweroff the system via API
curl -k --location --request POST 'https://vyos/reboot' \
--form data='{"op": "reboot", "path": ["now"]}' \
--form key='apikey'
curl -k --location --request POST 'https://vyos/poweroff' \
--form data='{"op": "poweroff", "path": ["now"]}' \
--form key='apikey'
|
|
Why: Smoketests fail as they can not establish IPv6 connection to uvicorn
backend server.
https://github.com/vyos/vyos-1x/pull/2481 added a bunch of new smoketests.
While debugging those failing, it was uncovered, that uvicorn only listens on
IPv4 connections
vyos@vyos# netstat -tulnp | grep 8080
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN -
As the CLI already has an option to move the API communication from an IP to a
UNIX domain socket, the best idea is to make this the default way of
communication, as we never directly talk to the API server but rather use the
NGINX reverse proxy.
|
|
|
|
|
|
|
|
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process
* T5195: use read_file and write_file implementation from vyos.utils.file
Changed code automatically using:
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} +
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} +
* T5195: move chmod* helpers to vyos.utils.permission
* T5195: use colon_separated_to_dict from vyos.utils.dict
* T5195: move is_systemd_service_* to vyos.utils.process
* T5195: fix boot issues with missing imports
* T5195: move dict_search_* helpers to vyos.utils.dict
* T5195: move network helpers to vyos.utils.network
* T5195: move commit_* helpers to vyos.utils.commit
* T5195: move user I/O helpers to vyos.utils.io
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
FastAPI v0.92.0 (starlette v0.24.0) sets default attribute
Request._form; check for value == None instead of existence when
overriding Request class.
|
|
This would allow using custom ports in name server operating on non-
default port for forwarding zones.
This is a follow-up to T5113 for sake of completeness and having
consistent treatment of all name servers configured in PowerDNS recursor.
Additionally, migrate `service dns forwarding domain example.com server`
to `service dns forwarding domain foo3.com name-server` for consistency
and reusability.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Schema had been dynamically generated, based on configuration setting
for authentication. Add nullable field 'key' for static generation of
schema regardless of key/token use.
|
|
|
|
|
|
|
|
Commit b5e90197 ("op mode: T4951: add InsufficientResources error") missed out
a comma when extending the op_mode_err_msg dictionary.
|
|
op mode: T4951: add InsufficientResources error
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Catch expiration error and return error-specific message instead of
general 'not authenticated'.
|