summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2020-10-30openvpn: T2994: migrate to get_config_dict()Christian Poessinger
2020-10-30vyos.util: T2995: change comment style for "make test" outputChristian Poessinger
2020-10-30ssh: T2635: reuse common verify_vrf() functionChristian Poessinger
2020-10-28vyos.util: T2995: rename vyos_dict_search() -> dict_search()Christian Poessinger
Renamed using snippet below: ---------------------------- for file in $(find . -name "*.py") do sed -i "s/vyos_dict_search/dict_search/" $file done
2020-10-28qat: T2968: adjust to C200xx PCI ID from Intel driversChristian Poessinger
2020-10-27Merge pull request #584 from sever-sever/T2387_octChristian Poessinger
bgp: T2387: Fix XML sheme for new bgp and bgp.py handler
2020-10-27Merge pull request #581 from sever-sever/T2631Christian Poessinger
accel: T2631: Add option for radius disable-accounting
2020-10-27bgp: T2387: Fix XML sheme for new bgp and bgp.py handlersever-sever
2020-10-27accel: T2631: Add option for radius disable-accountingsever-sever
2020-10-25test: vyos.template: add testcase for vyos_*_from_cidr() convertersChristian Poessinger
2020-10-25test: import cleanupChristian Poessinger
2020-10-24Revert "test: vyos.util: add testcase for process_named_running()"Christian Poessinger
This reverts commit 9939139ba4ad18dc4b62a827d8ab7b74d0c28124. Unfortunately this test does not work within the CI system. It fails with: 17:21:35 ====================================================================== 17:21:35 FAIL: test_process_named_running (test_util.TestVyOSUtil) 17:21:35 ---------------------------------------------------------------------- 17:21:35 Traceback (most recent call last): 17:21:35 File "/var/lib/jenkins/jenkins_slave/workspace/vyos-1x_current/build/src/tests/test_util.py", line 34, in test_process_named_running 17:21:35 self.assertTrue(isinstance(pid, int)) 17:21:35 AssertionError: False is not true As process_named_running() returns None on non existing bash process
2020-10-24vpn: l2tp: T3009: fix non effective "authentication require" optionChristian Poessinger
The CLI node was read in incorrect (wrong path). In addtition the list was not reset to [] when authentication was specified on the CLI.
2020-10-24test: vyos.util: add testcase for process_named_running()Christian Poessinger
2020-10-24test: vyos.util: add testcase for find_device_file()Christian Poessinger
2020-10-21http-api: T3007: use ConfigSession config load script, not backend loadJohn Estabrook
2020-10-21load-config: T2138: support loading gzipped (local) config filesJohn Estabrook
2020-10-19unittests: T2995: vyos_dict_search() must return None on non-existing keysChristian Poessinger
The current wversion unfortunately will raise a KeyError: >>> data = {} >>> vyos_dict_search('foo', data) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3/dist-packages/vyos/util.py", line 685, in vyos_dict_search return dict[path] KeyError: 'foo'
2020-10-19unittests: cleanup unused importsChristian Poessinger
2020-10-18openvpn: T2969: ensure interface is always removedChristian Poessinger
2020-10-18openvpn: T2969: force creation of tunnel interfacesChristian Poessinger
A lot of VyOS code requires the Kernel interface to be present in order to properly work and adjust the interface to the users CLI intends (alias, ipv6, vrf - just to name a few). OpenVPN - when run in client mode - only creates the interface (e.g. vtun1) when the connection to the OpenVPN server was successful. This can't be always the case due to e.g. software-updates or routing issues to the remote side. This will in the end result in a zombie OpenVPN client interface where some config items might not have been set when the interface finally comes up - imagine a wrong assigned VRF instance. By always creating the OpenVPN interface manuall we ensure that all the CLI settings are properly configured in the OS kernel.
2020-10-18op-mode: lldp: T2993: Fixup 'show lldp neighbors'Benjamin M. Hughes
Check that interfaces have been returned from lldpcli to prevent trace when no interfaces are enabled for lldp.
2020-10-18Merge pull request #577 from bmhughes/fix-show-lldp-neighborsDaniil Baturin
op-mode: lldp: T2993: Fix 'show lldp neighbors'
2020-10-18op-mode: lldp: T2993: Fix 'show lldp neighbors'Benjamin M. Hughes
'show lldp neighbors' fails with: Traceback (most recent call last): File "./lldp_op.py", line 122, in <module> config_text = tmpl.render(parse_data(neighbors)) File "./lldp_op.py", line 51, in parse_data for local_if, values in tmp.items(): AttributeError: 'str' object has no attribute 'items' `parse_data` was expecting data to be provided as a dict within an array which doesn't match the format from the parsed json output of lldpcli. Change `parse_data` and `main` to use a dict alone for passing interface neighbors for rendering.
2020-10-17ifconfig: T2985: support on demand bridge creationChristian Poessinger
The current implementation for bridge based interfaces has an issue which is caused by priority inheritance. We always assumed that the bridge interface will be created last, but this may not be true in all cases, where some interfaces will be created "on demand" - e.g. OpenVPN or late (VXLAN, GENEVE). As we already have a bunch of verify steps in place we should not see a bridge interface leak to the underlaying infrastructure code. This means, whenever an interface will be member of a bridge, and the bridge does yet not exist, we will create it in advance in the interface context, as the bridge code will be run in the same commit but maybe sooner or later. This will also be the solution for T2924.
2020-10-17syslog: T2938: Add format octet-counted for syslog conf-modesever-sever
2020-10-15conf-mode: T915: Add mpls ldp explicit and holdtime commandssever-sever
2020-10-12smoketest: tftp-server: listen on dummy interface address rather then loopbackChristian Poessinger
2020-10-11tftp-server: T2974: migrate to get_config_dict()Christian Poessinger
2020-10-11broadcast-relay: T2712: enable render trim_blocksChristian Poessinger
2020-10-11tftp-server: T2973: bugfix IPv6 listen address/port combinationChristian Poessinger
The mandatory colon for separating the IPv6 address and port was missing.
2020-10-09QAT: T2968: add support for Intel Atom C2000 processorChristian Poessinger
2020-10-09login: T2492: remove empty plaintext-password nodeChristian Poessinger
2020-10-08configd: T2931: workaround for suspected zmq bugJohn Estabrook
2020-10-07Merge pull request #563 from lucasec/dns-source-addressChristian Poessinger
pdns_recursor: T2964: Expose query-local-address to dns config.
2020-10-06pdns_recursor: T2964: Expose query-local-address to dns config.Lucas Christian
In certain split DNS configurations, there is a need for more fine-grained control over the local address DNS forwarding uses to issue queries. The current pdns_recursor configuration allows the recursor to send queries from any available address on the interface the OS selects for the query, with no option to limit queries to a particular address or set of addresses. This commit exposes the `query-local-address` option in `recursor.conf` to users via the `service` `dns` `forwarding` `source-address` config node. If the parameter is unspecified, the default value of 0.0.0.0 (any IPv4 address) and :: (any IPv6 address) are used to match current behavior. Users who want more control can specify one or more IPv4 and IPv6 addresses to issue queries from. Per pdns_recursor docs, the recursor will load balance queries between any available addresses in the pools. Since IPv4 and IPv6 are different pools, note that specifying only one type of address will disable issuing queries for the other address family.
2020-10-06conf-mode: T2782: Restart rsyslog after changing timezonesever-sever
2020-10-05wireless: T2963: remove default wpa mode key if passphares or RADIUS is unsetChristian Poessinger
Required to not trigger the "Misssing WPA key or RADIUS server" exception due to the new default value added in commit 2a0428bf ("wireless: T2963: set default 'both' on 'security wpa mode'").
2020-10-05Merge pull request #562 from lucasec/dhcpv6-statelessChristian Poessinger
dhcpv6: T2961: support stateless dhcpv6 clients
2020-10-04dhcpv6: T2961: support stateless dhcpv6 clientsLucas Christian
This commit adds support for configuring the DHCPv6 server to serve "stateless" DHCPv6 clients (those that send an information-request message and do not request an address). The change introduces a `common-options` node at the `shared-network-name` level, which allows specifying options applicable to clients regardless of subnet assigned (or in the case of stateless clients, when no subnet is assigned). Parameters specified at the subnet level take precedence over those set at the shared-network level. Presently, only parameters that are meaningful to stateless clients have been exposed under `common-options`, as there is no precedent of exposing parameters at multiple levels under the current DHCPv4 or DHCPv6 configuration syntax. If desired, additional parameters could certainly be added with relative ease.
2020-10-04sstp: T2960: migrate to get_config_dict() and reusable templatesChristian Poessinger
2020-10-04pppoe-server: T2953: prepare common chap-secrets fileChristian Poessinger
2020-10-04pppoe-server: T2829: shift config migrators by oneChristian Poessinger
As VyOS vrux (1.2.7) requires a mirgator (1-to-2) for the MPPE node change (T2829) we need to shift all other migrators in 1.3 by one. As migrators probe the existance of nodes no negative side-effects are expected.
2020-10-04pppoe-server: migrators: fix python styleChristian Poessinger
2020-10-04pppoe-server: T2829: fix broken migration script (exit called)Christian Poessinger
A test statement was still present in the production code introduced in commit efeac80f8 ("pppoe-server: T2829: migrate 'ppp-options mppe' to leafNode"). This has been fixed.
2020-10-04pppoe-server: T2953: rename CLI local-ip to gateway-addressChristian Poessinger
Required to get a common CLI for all services provided by Accel-PPP. Once the CLI for each service is consitent - Jinja2 templates can be reused together with get_config_dict().
2020-10-04sstp: T2953: migrate gateway-address, client-ip-settings to common levelChristian Poessinger
* move "network-settings gateway-address" to "gateway-address" * move "network-settings client-ip-settings" to "client-ip-pool"
2020-10-03sstp: T2953: migrate mtu to common levelChristian Poessinger
Preparation before using get_config_dict() and common Jinja2 templates.
2020-10-03vpn: sstp: T2008: set DA/CoA default port 1700Christian Poessinger
2020-10-03sstp: T2953: migrate name-server settions to common levelChristian Poessinger
In order to reuse as much as possible before migrationg to get_config_dict() and re-use Jinja2 snippets the name-server node must be moved one level up to 'set vpn sstp name-server'.