Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-08-23 | container: T2216: add option to "disable" a container | Christian Poessinger | |
2021-08-23 | container: T2216: verify() volume paths | Christian Poessinger | |
Volumes must have both a source and destination path specified. Also the source path must exist on the current system. | |||
2021-08-23 | container: T2216: bugfix ValueError when assembling volumes | Christian Poessinger | |
A call to .items() was missing that triggered the following error: ValueError: too many values to unpack (expected 2) | |||
2021-08-23 | container: T2216: no need to query container status | Christian Poessinger | |
As VyOS CLI is the only truth for dealing with containers we do not need to query if a container is running, exists or what so ever. We simply always restart it if something changes and do not rely on the underlaying Linux status. If a users does container stuff under the hood - it will be overridden. | |||
2021-08-23 | ipsec: T1210: use ConfigTreeQuery() instead of Config() from op-mode | Christian Poessinger | |
2021-08-23 | pki: T3642: use ConfigTreeQuery() instead of Config() from op-mode | Christian Poessinger | |
2021-08-23 | container: T2216: op-mode now supports updating the image for a given container | Christian Poessinger | |
2021-08-23 | container: T2216: increase sysctl inotify watchers | Christian Poessinger | |
2021-08-23 | containers: T2216: restructure container_base_cmd to have image name at the end | Christian Poessinger | |
2021-08-23 | containers: T2216: add CLI commands to specify restart behavior and memory usage | Christian Poessinger | |
A container is limited to 256MB memory by default and will always restart on failure. | |||
2021-08-23 | containers: T2216: xml: impove help string for address command | Christian Poessinger | |
2021-08-23 | containers: T2216: add missing verify() step on environment variables | Christian Poessinger | |
A environment variable MUST always have a value specified. Non existing values will cause the following error: Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/containers.py", line 269, in <module> apply(c) File "/usr/libexec/vyos/conf_mode/containers.py", line 224, in apply env_opt += " -e ".join(f"{k}={v['value']}" for k, v in container_config['environment'].items()) File "/usr/libexec/vyos/conf_mode/containers.py", line 224, in <genexpr> env_opt += " -e ".join(f"{k}={v['value']}" for k, v in container_config['environment'].items()) KeyError: 'value' | |||
2021-08-21 | pppoe: T3090: migrate to vyos.ifconfig library to use the full potential | Christian Poessinger | |
Now that MSS clamping is done on the "per-interface" level the entire PPPoE stuff would have needed to get a full copy in GNU BASH for this or, participate in the common library. Add a new PPP ip-up script named 99-vyos-pppoe-callback which will call the vyos.ifconfig.PPPoEIf.update() function to configure everything as done with all other interfaces. This removes duplicated code for VRF assignment and route installation when a PPPoE interface is brought up or down. | |||
2021-08-21 | wwan: T3620: remove superfluous import statement | Christian Poessinger | |
WWAN does no londer need to render any configuration files. | |||
2021-08-21 | interfaces: T3090: migrate adjust-mss from "firewall options" to "interface" ↵ | Christian Poessinger | |
level Getting rid of "set firewall options" and move it from: set firewall options interface ethX adjust-mss 1400 set firewall options interface ethX adjust-mss6 1400 to: set interfaces ethernet ethX ip adjust-mss 1400 set interfaces ethernet ethX ipv6 adjust-mss 1400 In addition add an extra option called clamp-mss-to-pmtu instead of a value. | |||
2021-08-21 | udev: T2490: fix substitution error reported by udev | Christian Poessinger | |
2021-08-21 | nhrp: T3599: move PID file to /run/opennhrp | Christian Poessinger | |
2021-08-20 | bgp: T3759: add IPv4/IPv6 unicast AFI route-map for VPN import/export | Christian Poessinger | |
This adds the following new commands: set protocols bgp address-family ipv4-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv4-unicast route-map vpn import foo-map-in set protocols bgp address-family ipv6-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv6-unicast route-map vpn import foo-map-in | |||
2021-08-18 | bgp: evpn: T1513: VNI rt and rd are only supported under EVPN VRF | Christian Poessinger | |
2021-08-18 | nat: T2198: remove superfluous else clause on missing outbound-interface | Christian Poessinger | |
2021-08-18 | nptv6: T2518: remove superfluous else clause on missing outbound-interface | Christian Poessinger | |
2021-08-18 | nptv6: T2518: add missing verify() stage for mandatory translation address | Christian Poessinger | |
2021-08-18 | nat66: ndppd: T2518: rename Jinja2 template folder to match common naming ↵ | Christian Poessinger | |
convention | |||
2021-08-18 | policy: T2425: import exact Perl match criteria for large-community-list | Christian Poessinger | |
2021-08-17 | bgp: T3759: add l3vpn "import vrf" commands | Christian Poessinger | |
2021-08-17 | bgp: T2771: adjust verify() logic to common coding style for validation | Christian Poessinger | |
2021-08-17 | policy: T2425: add missing validator for large-community-lists | Christian Poessinger | |
without the validators FRR commit errors would happen. | |||
2021-08-16 | conntrack: T3579: bugfix when deleting non existent iptable rules | Christian Poessinger | |
We only delete iptables rules if they really exist - if we try to delete a non- existing rule a PermissionError exception is thrown. We could either ignore the error code (that is what the old Vyatta code did), or we check what we are doing beforehand. | |||
2021-08-16 | conntrack: T3579: remove debug print() | Christian Poessinger | |
2021-08-16 | ospf: T3757: verify() bugfix for interface area | Christian Poessinger | |
Commit 6f87d8c9 ("ospf: T3757: support to configure area at an interface level") did not allow the old way an area and netwokr was set-up as the if expression was missing a check if 'area' was set in both the interface and the ospf process. | |||
2021-08-15 | pbr: T3702: Fix incorrect splits for fwmark | Viacheslav | |
2021-08-15 | ospf: T3757: support to configure area at an interface level | Christian Poessinger | |
FRR supports configuring either network prefixes per area, or assign an interface to an area to participate in the routing process. This is already well known from other venders and supported by FRR. A valid VyOS OSPF configuration would then look like: vyos@vyos# show protocols ospf { interface dum0 { area 0 } interface eth0.201 { area 0 authentication { md5 { key-id 10 { md5-key vyos } } } dead-interval 40 hello-interval 10 priority 1 retransmit-interval 5 transmit-delay 1 } log-adjacency-changes { detail } parameters { abr-type cisco router-id 172.18.254.201 } passive-interface default passive-interface-exclude eth0.201 } | |||
2021-08-15 | wireguard: T3756: fix generated qr code header | Boris Manojlovic | |
2021-08-15 | Merge pull request #944 from sever-sever/T3702 | Christian Poessinger | |
pbr: T3702: Add rules match fwmark | |||
2021-08-15 | Merge pull request #970 from jack9603301/T3648 | Christian Poessinger | |
op-mode: nat: T3648: Modify the operation mode script implementation of NAT to fix the existing problem | |||
2021-08-15 | conntrack: T3275: migrate 'disable' syntax to 'enable' syntax for the new ↵ | Lulu Cathrinus Grimalkin | |
default behavior | |||
2021-08-14 | op-mode: ipsec: T3745: "show vpn ipse sa" improve sorting | Christian Poessinger | |
2021-08-14 | ospf: T3236: use proper daemon named template file | Christian Poessinger | |
2021-08-14 | op-mode: nat: T3648: Modify the operation mode script implementation of NAT ↵ | jack9603301 | |
to fix the existing problem | |||
2021-08-13 | vrf: T3734: T3728: vni must be configured with a higher priority then bgpd | Christian Poessinger | |
When removing bgp (vrf) instances the assigned VRF vni must be deleted from FRR prior the removal of the bgp settings (T3734). This is now done by moving the CLI command "set vrf name red vni 1000" to a dedicated Python script with a priority higher then bgp. | |||
2021-08-13 | Merge pull request #969 from sarthurdev/T3752 | Christian Poessinger | |
pki: T3752: Fix file output for certificate requests | |||
2021-08-13 | pki: T3752: Fix file output for certificate requests | sarthurdev | |
2021-08-13 | openvpn: T3738: Disable authentication option for server mode | Viacheslav | |
2021-08-13 | Merge pull request #967 from sever-sever/T3708-curr | Christian Poessinger | |
isis: T3708: Fix errors in MTU calculation | |||
2021-08-13 | isis: T3708: Fix errors in MTU calculation | Viacheslav | |
2021-08-12 | T3749: Moving some counters into the proper loop | Kroy | |
2021-08-12 | login: T3746: inform users about pending reboots | Christian Poessinger | |
2021-08-12 | Merge pull request #963 from FileGo/T3744 | Christian Poessinger | |
dns: T3744: fixed dns fwd statistics formatting | |||
2021-08-12 | dns: T3744: fixed dns fwd statistics formatting | FileGo | |
2021-08-10 | snmp: T3709: Allow enable oid ipCidrRouteTable | Viacheslav | |