Age | Commit message (Collapse) | Author |
|
Rules without a translation address are also valid, they'll modify just
the port and leave the address intact.
This also used to be a valid syntax and it caused an error on upgrade.
|
|
Improve readability of the port validation. Also fixes T2708.
|
|
Add additional verify() stage to check that the relaying interface actually
exists on the system.
|
|
Since it is not impossible to change MACVLAN interface mode on the fly, this fix adds a new one trigger to recreate it from scratch if the mode changed in system config
|
|
|
|
If flow records contain entries with skipped details, this does not allow preparing it for the output table. This fix use safe .get() function to return empty values instead crashing.
Also, added several small formatting fixes.
|
|
Please note that either interface or address can be configured.
system {
options {
http-client {
source-interface eth0
source-address 1.1.1.1
}
}
}
|
|
The 3rd party library used for calculating the SNMP hashes in advance only
worked for SHA and nod for MD5 as SHA was hardcoded [1]. The code has been
replaced by a class-less implementation providing only the required
functionality.
[1]: https://github.com/TheMysteriousX/SNMPv3-Hash-Generator/issues/2
|
|
|
|
As of now when adding new credentials for any SNMPv3 user we submit the
credential either plaintext or encrypted. A plaintext credential will be hashed
by SNMPd in the background and then passed back into the CLI so it's not stored
in cleartext. This feels like the wrong way in changing the CLI content with
data produced by a 3rd party daemon which implements the service.
It feels like the tail wiggles the entire dog.
This should be changed in the following way:
- After retrieving the plaintext password from CLI, use Python to hash the key
in advance
- Re-populate the encrypted key into the CLI and drop the plaintext one
- Generate service configuration and continue startup of SNMPd
This also fixes a race condition when SNMPd started up but not properly
provided the hasehd keys in the configuration resulting in a ConfigurationError.
Now as we also support binding SNMPd to a VRF this fixes a deadlock situation
on bootup as we can only bind late to the VRF and require up to 5 restarts of
the service - but the service will never start.
|
|
When migrating the conf from VyOS 1.2 to 1.3 a configuration error could appear
if the user specified "info" as loglevel instead of "INFO". There was no input
validation done in 1.2 but this is now enforced in 1.3.
In VyOS 1.3 loglevel will be always lowercase on the CLI and when migrating the
config this is transformed. Also VyOS 1.2 accpeted any arbitrary loglevel. If
an invalid loglevel is found it will be set to info.
|
|
* src/conf_mode/system-display.py added get_first_key to dictionary call
|
|
* src/conf_mode/system-display.py conf files to /run
+ src/systemd/LCDd@.service lo
- src/systemd/lcdproc.service
+ src/systemd/lcdproc@.service lo
|
|
* src/conf_mode/system-display.py cleanup use of dictionary
* data/templates/system-display/lcdproc.conf.tmpl cleanup, removed extra DateTime
|
|
disabled"
* interface-definitions/system-display.xml.in system disply disabled
* src/conf_mode/system-display.py system display disabled
|
|
Added support for system LCDs under CLI system display
+data/templates/system-display/LCDd.conf.tmpl template for LCDd server configuration file
+data/templates/system-display/lcdproc.conf.tmpl template for lcdproc client configuration file
+interface-definitions/system-display.xml.in CLI for system display
+src/conf_mode/system-display.py processing code for system display
+src/systemd/lcdproc.service systemd service definition file for lcdproc client
CLI:
system display model (SDEC|EZIO)
system display config (enabled|disabled)
system display show host (cpu|cpu-all|cpu-hist|disk|load-hist|memory|proc|uptime)
network interface <intName> alias <alias>
units (bps|Bps|pps)
clock (big|mini|date-time)
title <name>
system display duration <s>
system display hello <string>
system display bye <string>
|
|
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary
reason. After restarting SSH to often (rate-limiting) it is blocked by systemd.
Using Restart/RestartSec is not enough - systemd services use start rate
limiting (enabled by default). If service is started more than StartLimitBurst
times in StartLimitIntervalSec seconds is it not permitted to start any more.
Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and
DefaultStartLimitBurst (default 5).
|
|
|
|
|
|
ids: T2659: Implement fastnetmon support
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ifconfig: T2653: move macsec interface to get_config_dict()
|
|
|
|
|
|
|
|
While moving towards a general interface abstraction based on get_config_dict()
and the use of vyos.ifconfig.Interfaces().update() it also makes sense, to
split out common verification code to a common util file - instead of
duplicating the code, which is infact one of the main forces drivind this
transition.
vyos.configverify will hold common functions called via verify() from our
src/conf_mode scripts so we do not need to copy/paste general verifications
methods.
|
|
By implementation misstake we exited the migrationscript if no VXLAN interface
was found but this was wrong as the same loop is used on pseudo-ethernet
interfaces. The Migrator previously only worked on pseudo-ethernet when
also a VXLAN interface was present. This has been corrected.
|
|
|
|
This changes the dummy interface implementation to make use of get_config_dict()
and also implement a new vyos.ifconfig.Interface().update() function to gather
all the scattered calls to update common interface configuration options.
Derived classes of Interface() should extend update() to their needs for their
special interface type - e.g. bond or bridge.
|
|
vyos-router may/is requiring access to the service, make sure
it starts before, if not is has no consequence to do so anyway.
|
|
WantedBy is about the service installation and is not related
to the boot order, linking to vyos.target instead
|
|
The PreExec is making sure that the vyos-config-status file exists
and blocks until it does.
This file is created on boot completion and I can see no reason
why the http service has to wait for the end of boot to start.
Any barrier to start should be done with systemd itself.
|
|
The install section determine if the package should be enabled.
vyos-hostd should be install if vyos.target is enabled.
|
|
|
|
|
|
Notify systemd via the notify API when the python daemon are
ready to take connection
https://github.com/torfsen/python-systemd-tutorial
|
|
systemd is setup with Restart=on-failure thereforer the service
will only be restarted if the daemon died and reported an error.
Previously any OsError would cause a exit(0) and therefore the
API would not have been restarted.
https://www.freedesktop.org/software/systemd/man/systemd.service.html
|
|
|
|
|