Age | Commit message (Collapse) | Author |
|
One can not always ensure that "interface" is of type list, add safeguard.
E.G. Juniper Networks, Inc. ex2300-c-12t only has a dict, not a list of dicts
So this is actually an upstream lldpd bug where the output depends on the amount
of data transmitted.
|
|
Whenever a container is used and a folder is mounted, this happenes as
read-write which is the default in Docker/Podman - so is the default in VyOS.
A new option is added "set container name foo volume mode <ro|rw>" to specify
explicitly if rw (default) or ro should be used for this mounted folder.
|
|
|
|
One can not always ensure that "capability" is of type list, add a safeguard.
E.G. Unify US-24-250W only has a dict, not a list of dicts.
|
|
config-mgmt: T4942: rewrite vyatta-config-mgmt to Python/XML
|
|
|
|
|
|
T4857: SNMP: Implement FRR SNMP Recomendations
|
|
warning message
|
|
|
|
firewall: T4864: Fixed show zone-policy command output
|
|
|
|
|
|
1. Fixed "show zone-policy" command output
2. Rewritten zone-policy op-mode to new style
|
|
opmode: T4837: add family and table arguments for ShowRoute
|
|
|
|
ntp: T3008: migrate from ntpd to chrony
|
|
This prevents any stale override files when the system is beeing rebooted,
but the actual configuration was not saved. /run is a tmpfs and thus
always fresh after boot.
|
|
* Move CLI from "system ntp" -> "service ntp"
* Drop NTP server option preempt as not supported by chrony
|
|
Commit 1fc7e30f ('T4935: ospfv3: "not-advertise" and "advertise" conflict')
added a check for not-advertive and advertise in the same area but lacked a
test if the key really exists in the dict which is to be validated.
|
|
T4911: op-mode: rewrite LLDP in standardised op-mode format
|
|
|
|
T4118: Add default value any for connection remote-id
|
|
|
|
If IPsec "peer <tag> authentication remote-id" is not set
it should be "%any" by default
https://docs.strongswan.org/docs/5.9/swanctl/swanctlConf.html#_connections_conn_remote
Set XML default value in use it in the python vpn_ipsec.py script
|
|
They can't be set at the same time.
|
|
Changed restart to reload-or-restart in commit.
It allows to reload the config and not restart webporxy service
during commit.
|
|
|
|
container: T4880: expose 'add/delete container image' in HTTP-API
|
|
We get incorrect data when shows connections
As we get list of all connections we should compare the connection
name with entries in list and set correct data if they match
|
|
|
|
Encapsulating the add/delete image commands in the op-mode script allows
automatic generation of corresponding API schema definitions.
|
|
|
|
This reverts commit 6857447bf6acba3537d5e5372cd320aef078b81e.
|
|
T4877: Added more checks if "import vrf" is used in bgp
|
|
1. Fixed: If rd and route-target are used in VRF, can not use "import vrf"
in the same VRF in the same AFI/SAFI.
2. Fixed: If rd and route-target is used in VRF, this VRF can not be in
the list of command "import vrf" in the same AFI/SAFI but in
other VRFs.
3. Fixed: Do not allow to delete vrf if it is used in import list
of other vrfs.
4. Added smoketests to check "import vrf" issues.
|
|
Commit dafb0da2 ("static: T4883: add a description field for routing tables")
added an iproute2 description table but lacked checking if the key exists.
This has been fixed and also converted to Jinja2 to keep the "common" style
inside the routing protocols. It might feel overengineered indeed.
|
|
|
|
T1237: Fix failover route install route with diff metrics
|
|
T4883: add a description field for routing tables
|
|
used
We need to ensure that source-address is assigned on source-interface before
applying the configuration, else SSH client will have a hard time talking to
someone.
|
|
|
|
Commit 846e306700a ("ssh: T2651: add cli options for source address") added
support for a basic SSH client option, but it grabbed the entire
/etc/ssh/ssh_config file without the ability to make custom user
adjustments via the /etc/ssh/ssh_config.d/ folder.
This vommit places the VyOS SSH options under /etc/ssh/ssh_config.d/ leaving
the common override system alive.
|
|
This makes transitions/updates faster and less error prone
|
|
|
|
If there is no route in the routing table (requires install route)
it checks routing table and returns best route None
But if we have 2 routes to the same dest ip but with different
metrics it doesn't get None (not first route install)
It cause that bast metric route cannot be installed (wrong logic)
Add func "is_route_exists" and check route/gateway/metric for
the required route
|
|
T4904: keepalived virtual-server allow multiple ports with fwmark
|
|
Add missing option "verbose" for op-mode NAT
|
|
|
|
Allow multiple ports for high-availability virtual-server
The current implementation allows balance only one "virtual" address
and port between between several "real servers"
Allow matching "fwmark" to set traffic which should be balanced
Allow to set port 0 (all traffic) if we use "fwmark"
Add health-check script
set high-availability virtual-server 203.0.113.1 fwmark '111'
set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 health-check script '/bin/true'
set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '0'
|