| Age | Commit message (Collapse) | Author |
|---|
|
|
|
l2tp: T2602: Delete excess characters
|
|
For an unknown reason snmpd not always starts after reboot.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Only IP prefixes are allowed to be added by the CLI thus we can drop the
same check inside the Python script to validate the prefix.
|
|
|
|
Commit 5deb12c509be ("ssh: T2321: add VRF support") restructured the Port
assignment (cleanup from the early days) but it accesses a string with methods
used for a list, resulting in the funny default port 2.
|
|
- vyos-hostsd-client syntax changed
- track changes in changes variable
- call apply only once at the end if any changes were made
- remove 'cli-shell-api existsEffective system disable-dhcp-nameservers'
condition check as the functionality was moved into vyos-hostsd
- remove comparison between old_ and new_ variables as it caused a bug
as the nameservers didn't get updated on renew or system restart,
the dhclient lease file persists across reboots, so on boot the old
variables will contain the values from previous dhclient run so they
will usually be equal to the new variables.
|
|
|
|
- remove already existing entry check in /etc/hosts as vyos-hostsd will handle it
- vyos-hostsd-client syntax changed
- change tag "DHCP-$client_ip" to "dhcp-server-$client_ip" to make it more
distinct from dhcp client tag "dhcp-$intf"
|
|
- add new commands as arguments
- change boolean options with extra required string options to a single
string option that supports multiple arguments (makes a list)
- track done operations in an extra ops variable (required for apply option)
|
|
Add new nodes for 'service dns forwarding domain':
'addnta': adds addNTA to lua-config-file
'recursion-desired': sets '+' before the zone in forward-zones-file
The migrator sets both options for all configured domains. This is
usually the desired config.
|
|
The previous implementation only supported disabling DHCP nameservers for
all interfaces, and was implemented improperly so it didn't work anyway.
This migrates it to name-servers-dhcp <interface>, which allows us to enable
just the interfaces we want to use for system DNS, identical in syntax to
'service dns forwarding dhcp <interface>'.
The migrator searches through all interfaces that have address 'dhcp(v6)?'
and adds them to the name-servers-dhcp list if disable-dhcp-nameservers is
not set, else it does nothing.
|
|
It shouldn't be required, if necessary it should be added to
vyos-hostsd apply command.
|
|
Removes and adds all required settings.
|
|
The getter methods will return empty values if config nodes don't exist,
so there's no point in checking if they exist before.
|
|
Init Config once in main() and pass it to both get_config() and verify().
|
|
The previous implementation only supported disabling DHCP nameservers for all
interfaces, and was implemented improperly so it didn't work anyway.
It's safe to remove it completely.
This adds support for a new config node name-servers-dhcp <interface>, which
allows us to enable just the interfaces we want to use for system DNS,
identical in syntax to 'service dns forwarding dhcp <interface>'.
The new option works by adding tags to vyos-hostsd that we want to use to add
nameservers to resolv.conf, same as adding tags for dns forwarding but for a
different destination file.
A config migrator will be added in a separate commit.
|
|
Debian Buster doesn't have the length and character limitations of
/etc/resolv.conf 'search' any more, it is unlimited.
https://sourceware.org/bugzilla/show_bug.cgi?id=19569
(glibc >2.26)
|
|
Change internal representation to the one required by vyos-hostsd.
|
|
Removes and adds all required settings.
|
|
- generate recursor.conf, recursor.conf.lua
- if recursor.vyos-hostsd.conf.lua and recursor.forward-zones.conf don't exist,
create empty ones (they are/will be generated by vyos-hostsd)
|
|
Add warning that forwarding will operate as a recursor in case there are no
nameservers configured.
|
|
Remove the old solution that retrieved dhcp tagged nameservers from hostsd
and added it to nameservers, as it didn't work anyway (only once during
configuration but it didn't update them later). This is now handled by
vyos-hostsd, just retrieve the configured interfaces and send it the list
of tags to use.
|
|
Remove manual retrieval of 'system name-server' from config and adding it to
the name servers list, as this is now handled by simply adding a 'system' tag
in vyos-hostsd.
|
|
|
|
Change internal representation to the new one expected by vyos-hostsd.
|
|
As Config is required in both get_config and verify, init it once
and pass it to both functions.
|
|
The functionality was moved to vyos-hostsd.
|
|
|
|
Add a 'dhcpd' system user that is a member of hostsd group and can
connect to vyos-hostsd.
Run dhcpd as this user.
|
|
To better control access from other daemons that may not be running as root,
create a new group 'hostsd' to which the other daemons running users can be
added.
Run vyos-hostsd as root:hostsd to create the socket file with correct user and
group.
|
|
- set RuntimeDirectory to vyos-hostsd
- set RuntimeDirectoryPreserve in order to not delete the state file between
service restarts (/run will be deleted across reboots as it's on a tmpfs but
the state doesn't need to be saved across reboots anyway)
- set WorkingDirectory to /run/vyos-hostsd
|
|
- update copyright date
- validate incoming JSON data against a schema with voluptuous
- add usage help describing internal messages syntax at top of vyos-hostsd
- move socket and state file to directory /run/vyos-hostsd
- replace jinja2 rendering with vyos.template
- move all templates out of the executable into dedicated data/templates dirs
- move recursor.conf forward-zones-recurse to forward-zones-file
- generate lua-config-file for pdns-recursor with addNTA
- support adding custom forward zones for pdns-recursor with optional added NTA and/or recursion-desired
- move search_domains from set_host_name to separate add/delete/get commands
- unify functions to support abstracting them in the future
- track number of internal changes in "changes" variable saved in state file (informational in apply function)
- do not apply changes immediately, add apply function that applies all changes (to not reload pdns-recursor excessively for a large set of changes, users must call the apply function once at the end)
- add pdns_rec_control function that supports sending arbitrary commands to rec_control (fix pdns-recursor process name that caused the old function to think pdns-recursor was never running)
- create /run/powerdns if it doesn't exist (on boot vyos-hostsd starts before pdns-recursor but we need to put our generated conf files there)
- abstract specific command functions (add_*/del_*) into general functions to manipulate various types of data in the state variable
- add command types:
- forward_zones (generate custom forward zones for pdns-recursor)
- search_domains (move from set_host_name as dhcp client needs to change them too)
- name_server_tags_recursor (to set tags whose nameservers are added to pdns-recursor)
- name_server_tags_system (to set tags whose nameservers and search domains are added to /etc/resolv.conf)
- change hosts data format to make more sense (move tag from within each host dict to the key for a list of host dicts)
- do not remove state file when shut down cleanly, to not lose state when restarting vyos-hostsd service that's then impossible to restore without restarting the whole router - a reboot will remove the state file as it lives in a tmpfs (/run)
- remove too verbose info log on every received message
- set mode of socket to 770 to secure it against processes not in hostsd group
|
|
As part of T1595 listen-on was removed and migrated to listen-address,
but some references to it stayed in the variable names and validator
error message.
|
|
tested using:
set nat destination rule 399 description 'Redirect DNS iot VLAN'
set nat destination rule 399 destination address '!192.168.67.243-192.168.67.244'
set nat destination rule 399 destination port '53'
set nat destination rule 399 inbound-interface bond10.204
set nat destination rule 399 log
set nat destination rule 399 protocol 'tcp_udp'
set nat destination rule 399 translation address '192.168.67.243'
set nat destination rule 399 translation port '53'
set nat destination rule 400 description 'Redirect DNS lan VLAN'
set nat destination rule 400 destination address '!192.168.67.243-192.168.67.244'
set nat destination rule 400 destination port '53'
set nat destination rule 400 inbound-interface bond10.204
set nat destination rule 400 log
set nat destination rule 400 protocol 'tcp_udp'
set nat destination rule 400 translation address '192.168.67.243'
set nat destination rule 400 translation port '53'
set nat destination rule 401 description 'Redirect DNS guest VLAN'
set nat destination rule 401 destination address '!192.168.67.243-192.168.67.244'
set nat destination rule 401 destination port '53'
set nat destination rule 401 inbound-interface bond10.204
set nat destination rule 401 log
set nat destination rule 401 protocol 'tcp_udp'
set nat destination rule 401 translation address '192.168.67.243'
set nat destination rule 401 translation port '53'
|
|
|
|
|
|
|
|
|
|
|
|
Only start console if it exists on the running system. If a user detaches a
USB serial console and reboots - it should not fail!
|
|
During testing it was discovered that there is a well known problem (we had for
ethernet interfaces) also in the serial port world. They will be enumerated and
mapped to /dev/ttyUSBxxx differently from boot to boot. This is especially
painful on my development APU4 board which also has a Sierra Wireless MC7710
LTE module installed.
The serial port will toggle between ttyUSB2 and ttyUSB5 depending on the
amount of serial port extenders attached (FT4232H).
The shipped udev rule (/usr/lib/udev/rules.d/60-serial.rules) partly solves
this by enumerating the devices into /dev/serial/by-id folder with their name
and serial number - it's a very good idea but I've found that not all of the
FT4232H dongles have a serial number programmed - this leads to the situation
that when you plug in two cables with both having serial number 0 - only one
device symlink will appear - the previous one is always overwritten by the
latter one.
Derive /usr/lib/udev/rules.d/60-serial.rules and create a /dev/serial/by-bus
directory and group devices by attached USB root port.
|
