summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2023-07-15Merge pull request #2091 from jvoss/policy_bgp_communitiesChristian Breunig
policy: T5357: only delete migrated BGP community rules
2023-07-14T5195: vyos.util -> vyos.utils package refactoring (#2093)Christian Breunig
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io
2023-07-14Merge pull request #2089 from nicolas-fort/T5059Christian Breunig
T5059: relay: add disable options for dhcp-relay and dhcpv6-relay
2023-07-14Merge pull request #2090 from srividya0208/T5355Christian Breunig
T5355:IPSec:op cmd:"sh vpn ike status" not working
2023-07-14Merge pull request #2092 from darinkuo/currentChristian Breunig
dhclient: T5358: Use return in 99-ipsec-dhclient-hook
2023-07-14dhclient: T5358: Use return in 99-ipsec-dhclient-hookDarin Kuo
Use return instead of exit in 99-dhclient-exit-hook to allow subsequent unnumbered hooks to run (like rfc3442-classless-routes). Hooks are sourced, not executed.
2023-07-14bgp: T5338: bugfix MPLS VRF error handlingChristian Breunig
Commit 6e621e42f ("bgp: T5338: simplify XML and code handling") hat a wrong if branch when handling the check if an interface belongs to the proper VRF when MPLS forwarding is used. This has been fixed.
2023-07-13policy: T5357: only delete migrated BGP community rulesJonathan Voss
2023-07-13T5355:IPSec:op cmd:"sh vpn ike status" not workingsrividya0208
2023-07-13T5059: relay: add disable options for dhcp-relay and dhcpv6-relay. Also add ↵Nicolas Fort
validor for dhcpv6-relay which was missing.
2023-07-12T5195: drop sysctl_* implementation from vyos.util - prefer vyos.utils.systemChristian Breunig
2023-07-12T5195: move boot_* helpers to vyos.utils.bootChristian Breunig
2023-07-12bgp: T5338: simplify XML and code handlingChristian Breunig
2023-07-12Merge pull request #2085 from aapostoliuk/T5338-sagittaChristian Breunig
bgp: T5338: Added 'protocols bgp interface <int> mpls forwarding' feature
2023-07-11pki: T5275: Add op-mode output options for PEM formatsarthurdev
2023-07-11bgp: T5338: Added 'protocols bgp interface <int> mpls forwarding' featureaapostoliuk
Added 'protocols bgp interface <int> mpls forwarding' feature. It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected.
2023-07-11T5341: HA migrate virtual-server tag to node addressViacheslav Hletenko
Migrate: high-availability virtual-server 203.0.113.1 to: high-availability virtual-server <name> address 203.0.113.1
2023-07-09Merge pull request #2082 from sever-sever/T775-v6Christian Breunig
T775: Config-sync bracketize IPv6 secondary address
2023-07-09T3355: import startup scripts from vyatta-cfg repo for vyos-routerChristian Breunig
2023-07-09T775: Config-sync bracketize IPv6 secondary addressViacheslav Hletenko
bracketize IPv6 remote address to avoid Failed to parse: https://2001:db8::2/configure-section
2023-07-07Merge pull request #2042 from sever-sever/T775Viacheslav Hletenko
T775: Add service config-sync between 2 routers
2023-07-06Merge pull request #2074 from zdc/T1797-sagittaChristian Breunig
VPP: T1797: Optimizations for VPP memory allocation during startup
2023-07-06VPP: T1797: Optimized memory allocation during startupzsdc
- changed memory requirement from total to available. This allows to start on systems with less total memory and protects from startup on systems with overloaded memory. - prevent startup if sysctl settings were not applied. This protects from situations when the system cannot allocate enough hugepages or apply other sysctl settings.
2023-07-05T5340: snmp: add checks while configuring snmp listen-address with and ↵Nicolas Fort
without vrf
2023-07-03Merge pull request #2070 from jvoss/isis-merge-configChristian Breunig
isis: T5335: fix invalid isis config base in migration script
2023-07-03ospf: T5334: add support for external route summarisation Type-5 and Type-7 LSAsChristian Breunig
* set protocols ospf aggregation timer <seconds> * set protocols ospf summary-address x.x.x.x/x [tag 1-4294967295] * set protocols ospf summary-address x.x.x.x/x no-advertise
2023-07-03VPP: T1797: Added interfaces reinitializationzsdc
After an interface is added/removed from VPP, it will be reinitialized, which allows reconfiguring IP addresses on it. Also modified VPP load priority to start before interfaces, and avoid reconfiguration during boot.
2023-07-03isis: T5335: fix invalid isis config base in migration scriptJonathan Voss
2023-07-02T5332: Fix show policy route without attahed interfaceViacheslav Hletenko
Interface may not be present in the op-mode dictionary, it cause KeyError: 'interface' for policy route
2023-07-01Merge pull request #2064 from sever-sever/T1797Christian Breunig
T1797: VPP verify minimal installed memory and apply sysctl
2023-07-01T1797: VPP verify minimal installed memory and apply sysctlViacheslav Hletenko
Do not allow configure VPP if on the systems with low amount installed memory Add sysctl VPP parameters (hugepages, kernel.shmmax)
2023-06-30bcast-relay: T5313: capitalize UDP protocol nameChristian Breunig
2023-06-30T775: Add service config-sync between 2 routersViacheslav Hletenko
Service config-sync allows synchronizing a section of the configuration. As PoC allow only nat, nat66 and firewall sections Rertreive the configuration for a section from self node and send this configuration to the section of the 'secondary' node. This feature adds a symlink from helper 'vyos_config_sync.py' to '/config/scripts/commit/post-hooks.d' and config that is located in '/run/config_sync_conf.conf' It will synchronyze the config only if the setcion was changed. set service config-sync secondary address 192.0.2.11 set service config-sync secondary key xxx set service config-sync section nat set service config-sync section nat66 set service config-sync section firewall set service config-sync mode load
2023-06-29Merge pull request #2059 from sever-sever/T1797-vppChristian Breunig
T1797: Add initial vpp configuration
2023-06-29VPP: T1797: Optimized interfaces add/removezsdc
- added extra renaming operation to be sure that interface has the same name as before in the system after it was moved from VPP to kernel - added extra check after PCI device removal/adding - added check for proper `retval` for CPI calls where it is available - replaced empty return with an error in `_get_pci_address_by_interface()` because not resolved address will lead to inconsistency of the system later
2023-06-29policy: T4329: Fix regex for extcommunity rt #2Christian Breunig
The previous implementation did not iterate over the communit list, so only one match criteria was supported. set policy route-map FOO rule 10 action 'permit' set policy route-map FOO rule 10 set extcommunity rt '1111:2222222' worked but on the other hand this failed: set policy route-map FOO rule 20 action 'permit' set policy route-map FOO rule 20 set extcommunity rt '6500:24 6500:23 192.168.0.1:111 192.168.0.1:222'
2023-06-28T5320: check if unsaved commits are due to boot config errorJohn Estabrook
2023-06-28VPP: T1797: Improved VPP supportzsdc
- added ability to add/remove interfaces without system reboot - added `attempts` and `interval` to the VPP API connection. This is helpful in case of high system load or when VPP was just started and API is not yet available. - added exceptions to API calls. This allows handling errors in communication with API properly in conf-mode scripts. - fixed PCI address search in VPP to match Linux kernel and ethtool style - fixed systemd daemons control - first reload, then restart - removed debug prints - removed `vm.nr_hugepages` configuration. It is not required now but increases RAM requirements a lot.
2023-06-27VPP: T1797: Improved PCI address searchzsdc
Use info from both ethtool and VPP to find PCI address for an interface.
2023-06-27Merge pull request #2051 from sever-sever/T5304Christian Breunig
T5304: Container add volume bind propagation option
2023-06-27VPP: T1797: Replaced CLI with APIzsdc
Replaced CLI commands with API calls. CLI commands still can be used via: ``` vpp_control = VPPControl() vpp_control.cli_cmd('command_here') ```
2023-06-27T5304: Container add volume bind propagation optionViacheslav Hletenko
set container name c1 volume myvlm propagation rshared
2023-06-27T1797: Add initial vpp configurationViacheslav Hletenko
Add initial configuration mode for VPP (PoC) set vpp cpu corelist-workers '2' set vpp cpu main-core '1' set vpp interface eth1 num-rx-desc '256' set vpp interface eth1 num-rx-queues '512' set vpp interface eth1 num-tx-desc '256' set vpp interface eth1 num-tx-queues '512' set vpp interface eth1 pci '0000:02:00.0' set vpp interface eth1 rx-mode 'polling' set vpp interface eth2 pci '0000:08:00.0' Limitation: - 'set vpp interface ethX pci auto' works only per first commit, then interface detached from default stack and creates tun interface 'ethX' to communicate with default stack. In this case we can't get PCI address via ethtool for 'tun' interfaces. But we can set pci address manualy. - Interface sync between default stack and VPP-DPDK stack After vpp change it doesn't trigger iproute2 for changes (should be written later) I.e. if we change something in vpp per each commit it restarts vpp.service it gets empty interface config as we don't configure vpp directly and it should be configured via iproute2 But then if we do any change on interface (for example description) it gets IP address, MTU, state, etc.
2023-06-25bcast-relay: T5313: verify() relay interfaces have IPv4 address configuredChristian Breunig
2023-06-24tacacs: T141: check upper bound on dynamically allocated user accountsJohn Estabrook
Check upper bound as defined in Debian Policy Manual. Without this check, user 'nobody' will not be available.
2023-06-22tacacs: T141: initial implementationChristian Breunig
2023-06-21op-mode: containers: T4585: fix grammar in user messageChristian Breunig
2023-06-21tacacs: T141: create new UNIX group for aaaChristian Breunig
2023-06-21tacacs: T141: support calling system-login.py from vyos-router startup scriptChristian Breunig
2023-06-20http-api: T5305: configure operations should not be defined asyncJohn Estabrook