Age | Commit message (Collapse) | Author |
|
(cherry picked from commit 52d08b1ec5b2943744daac7123e35fd415f85db2)
|
|
(cherry picked from commit 7249d10f1fbb3f90a4bdbcd0223926d0380ddd3a)
|
|
Package path/section data in single command containing a tree (dict) of
section paths and the accompanying config data. This drops the call to
get_config_dict and the need for a list of commands in request.
(cherry picked from commit 30a530839cdbd934ea62369e385dc33fa50ab6de)
|
|
(cherry picked from commit 9438f1f8394b7c90bb536292882571c88556ce87)
|
|
(cherry picked from commit 70e1df1b5fcb3b1791cca320ed45b71e01e1ffda)
|
|
(cherry picked from commit 9b4a3bc54ec6d2ff8e435add5e2de995a54dfc6a)
|
|
(cherry picked from commit 50e9364575481335520f50dac834c74ef02ccfab)
|
|
(cherry picked from commit 7503e419d0dbc9ba81f7299d9df173c0a82f20da)
|
|
Streamline configuration and operation of dns forwarding service in
following ways:
- Remove `dns_forwarding_reset.py` as its functionality is now covered
by `dns.py`
- Adjust function names in `dns.py` to disambiguate between DNS
forwarding and dynamic DNS
- Remove `dns_forwarding_restart.sh` as its functionality is inlined in
`dns-forwarding.xml`
- Templatize systemd override for `pdns-recursor.service` and move the
generated override files in /run. This ensures that the override files
are always generated afresh after boot
- Simplify the systemd override file by removing the redundant overrides
- Relocate configuration path for pdns-recursor to `/run/pdns-recursor`
and utilize the `RuntimeDirectory` default that pdns-recursor expects
- We do not need to use custom `--socket-dir` path anymore, the default
path (viz., `/run/pdns-recursor` is fine)
(cherry picked from commit 1c1fb5fb4bd7c0d205b28caf90357ad56423464f)
|
|
We have not seen the adoption of the https virtual-host CLI option.
What it did?
* Create multiple webservers each listening on a different IP/port
(but in the same VRF)
* All webservers shared one common document root
* All webservers shared the same SSL certificates
* All webservers could have had individual allow-client configurations
* API could be enabled for a particular virtual-host but was always enabled on
the default host
This configuration tried to provide a full webserver via the CLI but VyOS is a
router and the Webserver is there for an API or to serve files for a local-ui.
Changes
Remove support for virtual-hosts as it's an incomplete and thus mostly useless
"thing". Migrate all allow-client statements to one top-level allow statement.
(cherry picked from commit d0d3071e99eb65edb888c26ef2fdc9e038438887)
|
|
and use only PAM auth and JWT
(cherry picked from commit 495bf4732439ebd55edfbf6050af8b2064993d86)
|
|
|
|
|
|
Add ability to reboot and poweroff the system via API
curl -k --location --request POST 'https://vyos/reboot' \
--form data='{"op": "reboot", "path": ["now"]}' \
--form key='apikey'
curl -k --location --request POST 'https://vyos/poweroff' \
--form data='{"op": "poweroff", "path": ["now"]}' \
--form key='apikey'
(cherry picked from commit 36f3c329c2df0e78f2f5da933d9729a872fb2a11)
|
|
Why: Smoketests fail as they can not establish IPv6 connection to uvicorn
backend server.
https://github.com/vyos/vyos-1x/pull/2481 added a bunch of new smoketests.
While debugging those failing, it was uncovered, that uvicorn only listens on
IPv4 connections
vyos@vyos# netstat -tulnp | grep 8080
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN -
As the CLI already has an option to move the API communication from an IP to a
UNIX domain socket, the best idea is to make this the default way of
communication, as we never directly talk to the API server but rather use the
NGINX reverse proxy.
(cherry picked from commit f5e43b1361fb59a9c260739bdb28729d5119507c)
|
|
(cherry picked from commit 93d2ea7d635c7aa5acf3000654393ea48b7c6405)
|
|
(cherry picked from commit 7d597a6dca15cb592230b349ef7ef565f258cf43)
|
|
|
|
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process
* T5195: use read_file and write_file implementation from vyos.utils.file
Changed code automatically using:
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} +
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} +
* T5195: move chmod* helpers to vyos.utils.permission
* T5195: use colon_separated_to_dict from vyos.utils.dict
* T5195: move is_systemd_service_* to vyos.utils.process
* T5195: fix boot issues with missing imports
* T5195: move dict_search_* helpers to vyos.utils.dict
* T5195: move network helpers to vyos.utils.network
* T5195: move commit_* helpers to vyos.utils.commit
* T5195: move user I/O helpers to vyos.utils.io
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
FastAPI v0.92.0 (starlette v0.24.0) sets default attribute
Request._form; check for value == None instead of existence when
overriding Request class.
|
|
This would allow using custom ports in name server operating on non-
default port for forwarding zones.
This is a follow-up to T5113 for sake of completeness and having
consistent treatment of all name servers configured in PowerDNS recursor.
Additionally, migrate `service dns forwarding domain example.com server`
to `service dns forwarding domain foo3.com name-server` for consistency
and reusability.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Schema had been dynamically generated, based on configuration setting
for authentication. Add nullable field 'key' for static generation of
schema regardless of key/token use.
|
|
|
|
|
|
|
|
Commit b5e90197 ("op mode: T4951: add InsufficientResources error") missed out
a comma when extending the op_mode_err_msg dictionary.
|
|
op mode: T4951: add InsufficientResources error
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Catch expiration error and return error-specific message instead of
general 'not authenticated'.
|