summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2023-06-30T775: Add service config-sync between 2 routersViacheslav Hletenko
Service config-sync allows synchronizing a section of the configuration. As PoC allow only nat, nat66 and firewall sections Rertreive the configuration for a section from self node and send this configuration to the section of the 'secondary' node. This feature adds a symlink from helper 'vyos_config_sync.py' to '/config/scripts/commit/post-hooks.d' and config that is located in '/run/config_sync_conf.conf' It will synchronyze the config only if the setcion was changed. set service config-sync secondary address 192.0.2.11 set service config-sync secondary key xxx set service config-sync section nat set service config-sync section nat66 set service config-sync section firewall set service config-sync mode load
2023-06-29policy: T4329: Fix regex for extcommunity rt #2Christian Breunig
The previous implementation did not iterate over the communit list, so only one match criteria was supported. set policy route-map FOO rule 10 action 'permit' set policy route-map FOO rule 10 set extcommunity rt '1111:2222222' worked but on the other hand this failed: set policy route-map FOO rule 20 action 'permit' set policy route-map FOO rule 20 set extcommunity rt '6500:24 6500:23 192.168.0.1:111 192.168.0.1:222'
2023-06-28T5320: check if unsaved commits are due to boot config errorJohn Estabrook
2023-06-27Merge pull request #2051 from sever-sever/T5304Christian Breunig
T5304: Container add volume bind propagation option
2023-06-27T5304: Container add volume bind propagation optionViacheslav Hletenko
set container name c1 volume myvlm propagation rshared
2023-06-25bcast-relay: T5313: verify() relay interfaces have IPv4 address configuredChristian Breunig
2023-06-24tacacs: T141: check upper bound on dynamically allocated user accountsJohn Estabrook
Check upper bound as defined in Debian Policy Manual. Without this check, user 'nobody' will not be available.
2023-06-22tacacs: T141: initial implementationChristian Breunig
2023-06-21op-mode: containers: T4585: fix grammar in user messageChristian Breunig
2023-06-21tacacs: T141: create new UNIX group for aaaChristian Breunig
2023-06-21tacacs: T141: support calling system-login.py from vyos-router startup scriptChristian Breunig
2023-06-20http-api: T5305: configure operations should not be defined asyncJohn Estabrook
2023-06-20T5303: Rsyslog.service is not workingcuongdt1994
warning: ~ action is deprecated, consider using the 'stop' statement instead [v8.24.0 try http://www.rsyslog.com/e/2307 ]
2023-06-12Merge pull request #2037 from jestabro/api-config-sectionChristian Breunig
http-api: T5248: set/load config sections as JSON via API
2023-06-12T5286: drop XDP support for ethernet and bonding interfacesChristian Breunig
... this is a step towards a new and better implementation that will utilize VPP.
2023-06-12T5282: remove systemd management directive for frr.serviceJohn Estabrook
frr.service startup and shutdown is now explicitly managed by vyos-router, so remove the systemd management directive.
2023-06-10http-api: T5248: add endpoint /configure-sectionJohn Estabrook
2023-06-10http-api: T5263: add base model for generalizationJohn Estabrook
2023-06-10http-api: T5263: factor out function _configure_op for generalizationJohn Estabrook
2023-06-10http-api: T5263: consistent string formattingJohn Estabrook
2023-06-10http-api: T5263: simplify form errorsJohn Estabrook
2023-06-10http-api: T5263: path validator should provide messageJohn Estabrook
2023-06-10Merge pull request #2015 from sever-sever/T5231Christian Breunig
T5231: Add op-mode for show reverse-proxy
2023-06-10Merge pull request #2034 from erkin/currentChristian Breunig
T3472: Print warning when commit-confirm is run as regular user
2023-06-10Merge pull request #2035 from indrajitr/ddclient-improvement-round-4Christian Breunig
dns: T5144: Improve dynamic dns monitor and log and miscellaneous updates
2023-06-10dhcpv6-relay: T5277: service does not start on bootJohn
2023-06-09dns: T5144: Force systemd daemon-reload on ddclient config changeIndrajit Raychaudhuri
2023-06-09T3472: Print warning when commit-confirm is run as regular usererkin
2023-06-07Merge pull request #2029 from indrajitr/ddclient-improvement-round-3Christian Breunig
dns: T5144: Refactor smoke tests for dynamic dns operation
2023-06-06dns: T5144: Update copyright yearIndrajit Raychaudhuri
2023-06-06dns: T5144: Handle partial conf mode CLI gracefullyIndrajit Raychaudhuri
Prevent failure when the user enters a partial CLI command without any address specified. Also, apply some minor formatting changes.
2023-06-06op-mode: T5262: use module function instead of methodJohn Estabrook
2023-06-06op mode: T5262: add a warning message about unsaved config changesDaniil Baturin
on reboot and shutdown attempts
2023-06-06Merge pull request #2027 from cuongdt1994/patch-1Daniil Baturin
T5260: Do not use deprecated python crypt module
2023-06-06T5260: Do not use deprecated python crypt modulecuongdt1994
Remove the quotes, this will always return the hash for string "password".
2023-06-06Don't use deprecated crypt module.cuongdt1994
2023-06-05Merge pull request #2005 from indrajitr/ddclient-improvement-round-2Christian Breunig
dns: T5144: Modernize dynamic dns operation (round 2)
2023-06-05openconnect: T5259: fix migration logic in delete_value radius|localJohn Estabrook
Incorrect logic of node deletion now raises error, after T5251.
2023-06-04dns: T5144: Streamline ddclient systemd service overrideIndrajit Raychaudhuri
Templatize systemd override for ddclient service and move the generated override files in /run. This ensures that the override files are always generated afresh after boot. Additionally, simplify the systemd override file by removing the redundant/superfluous overrides.
2023-06-04dns: T5144: Add pid and cache config as ddclient globalIndrajit Raychaudhuri
2023-06-04dns: T5144: Relocate ddclient op-mode config files for consistency with ↵Indrajit Raychaudhuri
config path
2023-06-04dns: T5144: Relocate ddclient template path for consistency with config pathIndrajit Raychaudhuri
2023-06-04dns: T5144: Apply migration for dynamic dns path updateIndrajit Raychaudhuri
Create migration and bump package version from 0 -> 1 for dynamic dns
2023-06-04dns: T5144: Restrict dualstack for dyndns2 protocol to dyn.comIndrajit Raychaudhuri
ddclient implementation of dualstack for dyndns2 protocol is targeted for dyn.com (dyndns.org) only. Dualstack won't work for other servers supporting dyndns2 protocol (for example, dyn.dns.he.net).
2023-06-03dns: T5144: Modernize dynamic dns operationIndrajit Raychaudhuri
Apply next round of configuration tree updates to 'service dns dynamic' with the following changes: - Migrate `service dns dynamic interface <interface> [use-web]` to `service dns dynamic address <interface>` or `service dns dynamic address web [web-options]` This communicates the intent that dynamic dns IP address is detected in only one way - using the `<interface>` or using an external web request, not both. - When using external web request, (`service dns dynamic address web`), external url is optional (`web-options url`). Ddclient defaults are used when unspecified, - Rename all config `login` to `username` for consistency and also to align better with alternative ddclient backends in consideration. - Apply global 'ipv6-enable' to per service 'ip-version: ipv6'. Selecting usage of IPv4 or IPv6 (or both simultaneously) is now at per service (protocol) level instead of global level. This allows more control on the ability to select IPv4 in some cases and IPv6 in some other cases wherever supported by the underlying ddclient protocol. - While the IP address (and by extension, the detection mechanism) is global, the way it is applied to a particular ddclient protocol depends on whether it supports IPv4 or IPv6 or both. - Related to the above, this also prevents generating incorrect config file (`ddclient.conf`) with multiple global sections leading to an unpredictable behavior of ddclient. - Implement provider (protocol) specific custom tweaks whenever possible (e.g., `zone`, `username`, `server` are not necessary in all cases). - Move service name from a combination of 'protocol' (with protocol config autodetected) and custom (with protocol config specified) to a single 'service' key. This allows for consisent setup of multiple config for the same ddclient protocol (with different options and credentials). This also avoid ambiguity with usual networking term 'protocol' and ddclient specific term 'protocol' (and can change with a move to a different backend). - Apply upfront XML constraints and validations consistently wherever applicable. - RFC2136 specific change: Rename rfc2136 config `record` to `host-name` for consistency. - Cloudflare specific change: While ddclient still supports authenticating with email and global auth key, skipping `username` in config will indicate the intent to use API token authentication (with special 'token' literal as `username`).
2023-06-03T5257: add verify_vrf() check for flow-accountingChristian Breunig
2023-06-03T5257: import cleanup for flow-accountingChristian Breunig
2023-06-03T5257: Fix netflow VRF and bracketize v6 source addresses for netflow/sflowWered
2023-06-02Merge pull request #2023 from jestabro/error-passingViacheslav Hletenko
configtree: T5251: catch/raise errors in functions delete and delete_value
2023-05-31migration: T5251: fix incorrect logic in calling configtree.deleteJohn Estabrook
The node was already deleted in the 'if path exists' branch; attempt to delete in 'else' branch will now raise an error.