| Age | Commit message (Collapse) | Author |
|---|
|
Commits f37194604 and 0cbad2850 migrated isc-dhcp-server(6) from
SysVInit to SystemD, changing the user and group dhcpd is started as.
This caused a permission error when dhcpd tried to write to lease files:
dhcpd[2829]: Can't create new lease file: Permission denied
As dhcpd is started as nobody:nogroup, setting the permissions on the
lease files to 664 root:vyattacfg would make dhcpd unable to write to
them. We can't make the files other-writable, as that would be a big
security issue, so we need to set either the owner or group of the files
to be dhcpd writeble. There should be no harm in changing both to
nobody:nogroup, as they were previously root:root.
If some other VyOS code doesn't like the ownership of these files in
/config, they can be either excluded from the check (possibly moved into
their own directory), or changed back to root:vyattacfg and vyattacfg added
to nogroup.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
New command added:
* set vpn sstp network-settings name-server 2001:db8::1111
|
|
New commands added:
* set vpn sstp network-settings client-ipv6-pool prefix 2001:db8::/64 mask 112
* set vpn sstp network-settings client-ipv6-pool delegate 2001:db8:100::/48 delegation-prefix 64
|
|
|
|
|
|
|
|
We've already verified that all member interfaces don't have any
addresses configured, so it should be safe to simply call 'ip addr flush' on
them to flush the remaining addresses (e.g. IPv6 link-local)
|
|
We've already verified that all member interfaces don't have any
addresses configured, so it should be safe to simply call 'ip addr flush' on
them to flush the remaining addresses (e.g. IPv6 link-local)
|
|
- make error output more user friendly
- replace .format with f-strings
- split into lines less than ~80 characters long
|
|
Previously, the interface was always deleted and recreated, which
removed it from the bridge.
- always re-add the interface back to any bridge it is part of
|
|
Bridge members should not have any addresses assigned.
|
|
|
|
- make error output more user friendly
- replace .format with f-strings
- split into lines less than ~80 characters long
|
|
Previously, set_vrf was always called, which uses the same master and nomaster
commands as bridge, so it removed the interface from the bridge.
- add checks to make VRF and bridge membership mutually exclusive
|
|
Bridge members should not have any addresses assigned.
|
|
|
|
- make error output more user friendly
- replace .format with f-strings
- split into lines less than ~80 characters long
|
|
Previously, set_vrf was always called, which uses the same master and nomaster
commands as bridge, so it removed the interface from the bridge.
- add checks to make VRF and bridge membership mutually exclusive
|
|
Bridge members should not have any addresses assigned.
|
|
|
|
- make error output more user friendly
- replace .format with f-strings
- split into lines less than ~80 characters long
|
|
Previously, the interface was always deleted and recreated, which
removed it from the bridge.
- always re-add the interface back to any bridge it is part of
|
|
Bridge members should not have any addresses assigned.
|
|
- make error output more user friendly
- replace .format with f-strings
- split into lines less than ~80 characters long
|
|
Previously, set_vrf was always called, which uses the same master and nomaster
commands as bridge, so it removed the interface from the bridge.
- add checks to make VRF and bridge membership mutually exclusive
|
|
Bridge members should not have any addresses assigned.
|
|
|
|
- make error output more user friendly
- replace .format with f-strings
- split into lines less than ~80 characters long
|
|
Previously, the interface was always deleted and recreated, which removed it
from the bridge.
- add checks to make VRF and bridge membership mutually exclusive
- always re-add the interface back to any bridge it is part of
|
|
Bridge members should not have any addresses assigned.
|
|
|
|
- make error output more user friendly
- replace .format with f-strings
- split into lines less than ~80 characters long
|
|
Previously, the interface was always deleted and recreated, which
removed it from the bridge.
- always re-add the interface back to any bridge it is part of in
case it is deleted and recreated
|
|
Bridge members should not have any addresses assigned.
|
|
|
|
- make error output more user friendly
- replace .format with f-strings
- split into lines less than ~80 characters long
|
|
Previously, the interface was always deleted and recreated, which
removed it from the bridge.
- always re-add the interface back to any bridge it is part of in
case it is deleted and recreated
|
|
Bridge members should not have any addresses assigned.
|
|
Previously, set_vrf was always called, which uses the same master and nomaster
commands as bridge, so it removed the interface from the bridge.
- add checks to make VRF and bridge membership mutually exclusive
- always re-add the interface back to any bridge it is part of
|
|
Bond members should not have any addresses assigned.
|
|
|
|
|
|
- make error output more user friendly
- replace .format with f-strings
- split into lines less than ~80 characters long
|
|
Previously, set_vrf was always called, which uses the same master and nomaster
commands as bridge, so it removed the interface from the bridge.
- add checks to make VRF and bridge membership mutually exclusive
|
