From 30edcba594ebc07412c903a8e7896235cbc3d11f Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Tue, 11 Jan 2022 19:12:00 +0100
Subject: policy: T2199: Update op-mode syntax to `route6`
---
op-mode-definitions/policy-route.xml.in | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
(limited to 'op-mode-definitions')
diff --git a/op-mode-definitions/policy-route.xml.in b/op-mode-definitions/policy-route.xml.in
index c998e5487..bd4a61dc9 100644
--- a/op-mode-definitions/policy-route.xml.in
+++ b/op-mode-definitions/policy-route.xml.in
@@ -84,17 +84,17 @@
Show policy information
-
+
Show IPv6 policy chain
sudo ${vyos_op_scripts_dir}/policy_route.py --action show_all --ipv6
-
+
Show IPv6 policy chains
- policy ipv6-route
+ policy route6
@@ -102,7 +102,7 @@
Show summary of IPv6 policy rules
- policy ipv6-route ${COMP_WORDS[4]} rule
+ policy route6 ${COMP_WORDS[4]} rule
sudo ${vyos_op_scripts_dir}/policy_route.py --action show --name $4 --rule $6 --ipv6
--
cgit v1.2.3
From d63cabb18649149084bc3d385feaa20ddbb2f870 Mon Sep 17 00:00:00 2001
From: Viacheslav
Date: Thu, 13 Jan 2022 19:10:38 +0000
Subject: op-mode: T4179: Add op-mode CLI show virtual-server
---
op-mode-definitions/show-virtual-server.xml.in | 13 ++++++++++
src/op_mode/show_virtual_server.py | 33 ++++++++++++++++++++++++++
2 files changed, 46 insertions(+)
create mode 100644 op-mode-definitions/show-virtual-server.xml.in
create mode 100755 src/op_mode/show_virtual_server.py
(limited to 'op-mode-definitions')
diff --git a/op-mode-definitions/show-virtual-server.xml.in b/op-mode-definitions/show-virtual-server.xml.in
new file mode 100644
index 000000000..5dbd3c759
--- /dev/null
+++ b/op-mode-definitions/show-virtual-server.xml.in
@@ -0,0 +1,13 @@
+
+
+
+
+
+
+ Show virtual server information
+
+ ${vyos_op_scripts_dir}/show_virtual_server.py
+
+
+
+
diff --git a/src/op_mode/show_virtual_server.py b/src/op_mode/show_virtual_server.py
new file mode 100755
index 000000000..377180dec
--- /dev/null
+++ b/src/op_mode/show_virtual_server.py
@@ -0,0 +1,33 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2022 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+from vyos.configquery import ConfigTreeQuery
+from vyos.util import call
+
+def is_configured():
+ """ Check if high-availability virtual-server is configured """
+ config = ConfigTreeQuery()
+ if not config.exists(['high-availability', 'virtual-server']):
+ return False
+ return True
+
+if __name__ == '__main__':
+
+ if is_configured() == False:
+ print('Virtual server not configured!')
+ exit(0)
+
+ call('sudo ipvsadm --list --numeric')
--
cgit v1.2.3
From 7f7be911b749b6c65ac3c6e57192e9e4ce2dcd24 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko
Date: Thu, 10 Feb 2022 22:05:19 +0000
Subject: openvpn: T4236: Add generator for ovpn configurations in op-mode
This generator generates client .ovpn files with required initial
configuration
It gets information from interface vtun, pki ca and certificates
---
.../generate-openvpn-config-client.xml.in | 58 +++++++++
src/op_mode/generate_ovpn_client_file.py | 145 +++++++++++++++++++++
2 files changed, 203 insertions(+)
create mode 100644 op-mode-definitions/generate-openvpn-config-client.xml.in
create mode 100755 src/op_mode/generate_ovpn_client_file.py
(limited to 'op-mode-definitions')
diff --git a/op-mode-definitions/generate-openvpn-config-client.xml.in b/op-mode-definitions/generate-openvpn-config-client.xml.in
new file mode 100644
index 000000000..4f9f31bfe
--- /dev/null
+++ b/op-mode-definitions/generate-openvpn-config-client.xml.in
@@ -0,0 +1,58 @@
+
+
+
+
+
+
+ Generate OpenVPN client configuration ovpn file
+
+
+
+
+ Generate Client config
+
+
+
+
+ Local interface used for connection
+
+
+
+
+
+
+
+ CA certificate
+
+ pki ca
+
+
+
+
+
+ Cerificate used by client
+
+ pki certificate
+
+
+
+
+
+ Certificate key used by client
+
+ sudo ${vyos_op_scripts_dir}/generate_ovpn_client_file.py --interface "$5" --ca "$7" --cert "$9" --key "${11}"
+
+
+ sudo ${vyos_op_scripts_dir}/generate_ovpn_client_file.py --interface "$5" --ca "$7" --cert "$9"
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/op_mode/generate_ovpn_client_file.py b/src/op_mode/generate_ovpn_client_file.py
new file mode 100755
index 000000000..29db41e37
--- /dev/null
+++ b/src/op_mode/generate_ovpn_client_file.py
@@ -0,0 +1,145 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2022 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+import argparse
+import os
+
+from jinja2 import Template
+
+from vyos.configquery import ConfigTreeQuery
+from vyos.ifconfig import Section
+from vyos.util import cmd
+
+
+client_config = """
+
+client
+nobind
+remote {{ remote_host }} {{ port }}
+remote-cert-tls server
+proto {{ 'tcp-client' if protocol == 'tcp-active' else 'udp' }}
+dev {{ device }}
+dev-type {{ device }}
+persist-key
+persist-tun
+verb 3
+
+# Encryption options
+{% if encryption is defined and encryption is not none %}
+{% if encryption.cipher is defined and encryption.cipher is not none %}
+cipher {{ encryption.cipher }}
+{% if encryption.cipher == 'bf128' %}
+keysize 128
+{% elif encryption.cipher == 'bf256' %}
+keysize 256
+{% endif %}
+{% endif %}
+{% if encryption.ncp_ciphers is defined and encryption.ncp_ciphers is not none %}
+data-ciphers {{ encryption.ncp_ciphers }}
+{% endif %}
+{% endif %}
+
+{% if hash is defined and hash is not none %}
+auth {{ hash }}
+{% endif %}
+keysize 256
+comp-lzo {{ '' if use_lzo_compression is defined else 'no' }}
+
+
+-----BEGIN CERTIFICATE-----
+{{ ca }}
+-----END CERTIFICATE-----
+
+
+
+
+-----BEGIN CERTIFICATE-----
+{{ cert }}
+-----END CERTIFICATE-----
+
+
+
+
+-----BEGIN PRIVATE KEY-----
+{{ key }}
+-----END PRIVATE KEY-----
+
+
+
+"""
+
+config = ConfigTreeQuery()
+base = ['interfaces', 'openvpn']
+
+if not config.exists(base):
+ print('OpenVPN not configured')
+ exit(0)
+
+
+if __name__ == '__main__':
+ parser = argparse.ArgumentParser()
+ parser.add_argument("-i", "--interface", type=str, help='OpenVPN interface the client is connecting to', required=True)
+ parser.add_argument("-a", "--ca", type=str, help='OpenVPN CA cerificate', required=True)
+ parser.add_argument("-c", "--cert", type=str, help='OpenVPN client cerificate', required=True)
+ parser.add_argument("-k", "--key", type=str, help='OpenVPN client cerificate key', action="store")
+ args = parser.parse_args()
+
+ interface = args.interface
+ ca = args.ca
+ cert = args.cert
+ key = args.key
+ if not key:
+ key = args.cert
+
+ if interface not in Section.interfaces('openvpn'):
+ exit(f'OpenVPN interface "{interface}" does not exist!')
+
+ if not config.exists(['pki', 'ca', ca, 'certificate']):
+ exit(f'OpenVPN CA certificate "{ca}" does not exist!')
+
+ if not config.exists(['pki', 'certificate', cert, 'certificate']):
+ exit(f'OpenVPN certificate "{cert}" does not exist!')
+
+ if not config.exists(['pki', 'certificate', cert, 'private', 'key']):
+ exit(f'OpenVPN certificate key "{key}" does not exist!')
+
+ ca = config.value(['pki', 'ca', ca, 'certificate'])
+ cert = config.value(['pki', 'certificate', cert, 'certificate'])
+ key = config.value(['pki', 'certificate', key, 'private', 'key'])
+ remote_host = config.value(base + [interface, 'local-host'])
+
+ ovpn_conf = config.get_config_dict(base + [interface], key_mangling=('-', '_'), get_first_key=True)
+
+ port = '1194' if 'local_port' not in ovpn_conf else ovpn_conf['local_port']
+ proto = 'udp' if 'protocol' not in ovpn_conf else ovpn_conf['protocol']
+ device = 'tun' if 'device_type' not in ovpn_conf else ovpn_conf['device_type']
+
+ config = {
+ 'interface' : interface,
+ 'ca' : ca,
+ 'cert' : cert,
+ 'key' : key,
+ 'device' : device,
+ 'port' : port,
+ 'proto' : proto,
+ 'remote_host' : remote_host,
+ 'address' : [],
+ }
+
+# Clear out terminal first
+print('\x1b[2J\x1b[H')
+client = Template(client_config, trim_blocks=True).render(config)
+print(client)
--
cgit v1.2.3
From f23040a0f7d425550350f91410272196f842308e Mon Sep 17 00:00:00 2001
From: srividya0208
Date: Sun, 20 Feb 2022 15:06:21 -0500
Subject: T4115:Reboot:Options "in" and "at" are not working
When reboot is executed with "in" option it only accepts minutes till 99 value
and does not accept greater values and "at" is also working same like in option
where as it should work with exact timings.
---
op-mode-definitions/reboot.xml.in | 4 ++--
src/op_mode/powerctrl.py | 25 +++++++++++++++++++++----
2 files changed, 23 insertions(+), 6 deletions(-)
(limited to 'op-mode-definitions')
diff --git a/op-mode-definitions/reboot.xml.in b/op-mode-definitions/reboot.xml.in
index 2c8daec5d..6414742d9 100644
--- a/op-mode-definitions/reboot.xml.in
+++ b/op-mode-definitions/reboot.xml.in
@@ -25,7 +25,7 @@
<Minutes>
- sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --reboot $3 $4
+ sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --reboot_in $3 $4
@@ -40,7 +40,7 @@
Reboot at a specific date
- <DDMMYYYY> <DD/MM/YYYY> <DD.MM.YYYY> <DD:MM:YYYY>
+ <DD/MM/YYYY> <DD.MM.YYYY> <DD:MM:YYYY>
sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --reboot $3 $5
diff --git a/src/op_mode/powerctrl.py b/src/op_mode/powerctrl.py
index 679b03c0b..fd4f86d88 100755
--- a/src/op_mode/powerctrl.py
+++ b/src/op_mode/powerctrl.py
@@ -33,10 +33,12 @@ def utc2local(datetime):
def parse_time(s):
try:
- if re.match(r'^\d{1,2}$', s):
- if (int(s) > 59):
+ if re.match(r'^\d{1,9999}$', s):
+ if (int(s) > 59) and (int(s) < 1440):
s = str(int(s)//60) + ":" + str(int(s)%60)
return datetime.strptime(s, "%H:%M").time()
+ if (int(s) >= 1440):
+ return s.split()
else:
return datetime.strptime(s, "%M").time()
else:
@@ -141,7 +143,7 @@ def execute_shutdown(time, reboot=True, ask=True):
cmd(f'/usr/bin/wall "{wall_msg}"')
else:
if not ts:
- exit(f'Invalid time "{time[0]}". The valid format is HH:MM')
+ exit(f'Invalid time "{time[0]}". Uses 24 Hour Clock format')
else:
exit(f'Invalid date "{time[1]}". A valid format is YYYY-MM-DD [HH:MM]')
else:
@@ -172,7 +174,12 @@ def main():
action.add_argument("--reboot", "-r",
help="Reboot the system",
nargs="*",
- metavar="Minutes|HH:MM")
+ metavar="HH:MM")
+
+ action.add_argument("--reboot_in", "-i",
+ help="Reboot the system",
+ nargs="*",
+ metavar="Minutes")
action.add_argument("--poweroff", "-p",
help="Poweroff the system",
@@ -190,7 +197,17 @@ def main():
try:
if args.reboot is not None:
+ for r in args.reboot:
+ if ':' not in r and '/' not in r and '.' not in r:
+ print("Incorrect format! Use HH:MM")
+ exit(1)
execute_shutdown(args.reboot, reboot=True, ask=args.yes)
+ if args.reboot_in is not None:
+ for i in args.reboot_in:
+ if ':' in i:
+ print("Incorrect format! Use Minutes")
+ exit(1)
+ execute_shutdown(args.reboot_in, reboot=True, ask=args.yes)
if args.poweroff is not None:
execute_shutdown(args.poweroff, reboot=False, ask=args.yes)
if args.cancel:
--
cgit v1.2.3
From b1d4be53cd133e9a63f8e29e400f1d7bf18b8384 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko
Date: Fri, 11 Mar 2022 18:11:44 +0000
Subject: bgp: T4265: Add op-mode for bgp flowspec routes
---
.../include/bgp/afi-ipv4-ipv6-flowspec.xml.i | 25 ++++++++++++++++++++++
.../include/bgp/show-bgp-common.xml.i | 1 +
2 files changed, 26 insertions(+)
create mode 100644 op-mode-definitions/include/bgp/afi-ipv4-ipv6-flowspec.xml.i
(limited to 'op-mode-definitions')
diff --git a/op-mode-definitions/include/bgp/afi-ipv4-ipv6-flowspec.xml.i b/op-mode-definitions/include/bgp/afi-ipv4-ipv6-flowspec.xml.i
new file mode 100644
index 000000000..34228fdd1
--- /dev/null
+++ b/op-mode-definitions/include/bgp/afi-ipv4-ipv6-flowspec.xml.i
@@ -0,0 +1,25 @@
+
+
+
+ Network in the BGP routing table to display
+
+ <x.x.x.x> <x.x.x.x/x> <h:h:h:h:h:h:h:h> <h:h:h:h:h:h:h:h/x>
+
+
+
+ #include
+
+ ${vyos_op_scripts_dir}/vtysh_wrapper.sh $@
+
+
+
+ Flowspec Address Family modifier
+
+
+ #include
+ #include
+ #include
+
+ ${vyos_op_scripts_dir}/vtysh_wrapper.sh $@
+
+
diff --git a/op-mode-definitions/include/bgp/show-bgp-common.xml.i b/op-mode-definitions/include/bgp/show-bgp-common.xml.i
index e81b26b3e..c9a112fca 100644
--- a/op-mode-definitions/include/bgp/show-bgp-common.xml.i
+++ b/op-mode-definitions/include/bgp/show-bgp-common.xml.i
@@ -20,6 +20,7 @@
#include
#include
+ #include
#include
${vyos_op_scripts_dir}/vtysh_wrapper.sh $@
--
cgit v1.2.3
From d14102856387fb74de16f6305de7482443d561d0 Mon Sep 17 00:00:00 2001
From: srividya0208
Date: Mon, 28 Mar 2022 13:42:11 -0400
Subject: logging: T4308: log options for routing protocol
It will be more convenient if there is a seperate option to debug the
protocol
---
op-mode-definitions/show-log.xml.in | 73 +++++++++++++++++++++++++++++++++++++
1 file changed, 73 insertions(+)
(limited to 'op-mode-definitions')
diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in
index 4c0a7913b..2d75f119d 100644
--- a/op-mode-definitions/show-log.xml.in
+++ b/op-mode-definitions/show-log.xml.in
@@ -212,6 +212,79 @@
+
+
+ Show log for Routing Protocols
+
+
+
+
+ Show log for OSPF
+
+ journalctl -b /usr/lib/frr/ospfd
+
+
+
+ Show log for OSPF for IPv6
+
+ journalctl -b /usr/lib/frr/ospf6d
+
+
+
+ Show log for BGP
+
+ journalctl -b /usr/lib/frr/bgpd
+
+
+
+ Show log for RIP
+
+ journalctl -b /usr/lib/frr/ripd
+
+
+
+ Show log for RIPng
+
+ journalctl -b /usr/lib/frr/ripngd
+
+
+
+ Show log for static route
+
+ journalctl -b /usr/lib/frr/staticd
+
+
+
+ Show log for Multicast protocol
+
+ journalctl -b /usr/lib/frr/pimd
+
+
+
+ Show log for ISIS
+
+ journalctl -b /usr/lib/frr/isisd
+
+
+
+ Show log for NHRP
+
+ journalctl -b /usr/lib/frr/nhrpd
+
+
+
+ Show log for BFD
+
+ journalctl -b /usr/lib/frr/bfdd
+
+
+
+ Show log for MPLS
+
+ journalctl -b /usr/lib/frr/ldpd
+
+
+
Show log for Simple Network Monitoring Protocol (SNMP)
--
cgit v1.2.3
From 4e09be0cd9ad18a8b2af5789a9bf2814b8702c61 Mon Sep 17 00:00:00 2001
From: Christian Poessinger
Date: Fri, 1 Apr 2022 21:24:47 +0200
Subject: op-mode: logging: T4308: use full option name (--boot)
---
op-mode-definitions/show-log.xml.in | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
(limited to 'op-mode-definitions')
diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in
index 2d75f119d..15bbc7f42 100644
--- a/op-mode-definitions/show-log.xml.in
+++ b/op-mode-definitions/show-log.xml.in
@@ -221,67 +221,67 @@
Show log for OSPF
- journalctl -b /usr/lib/frr/ospfd
+ journalctl --boot /usr/lib/frr/ospfd
Show log for OSPF for IPv6
- journalctl -b /usr/lib/frr/ospf6d
+ journalctl --boot /usr/lib/frr/ospf6d
Show log for BGP
- journalctl -b /usr/lib/frr/bgpd
+ journalctl --boot /usr/lib/frr/bgpd
Show log for RIP
- journalctl -b /usr/lib/frr/ripd
+ journalctl --boot /usr/lib/frr/ripd
Show log for RIPng
- journalctl -b /usr/lib/frr/ripngd
+ journalctl --boot /usr/lib/frr/ripngd
Show log for static route
- journalctl -b /usr/lib/frr/staticd
+ journalctl --boot /usr/lib/frr/staticd
Show log for Multicast protocol
- journalctl -b /usr/lib/frr/pimd
+ journalctl --boot /usr/lib/frr/pimd
Show log for ISIS
- journalctl -b /usr/lib/frr/isisd
+ journalctl --boot /usr/lib/frr/isisd
Show log for NHRP
- journalctl -b /usr/lib/frr/nhrpd
+ journalctl --boot /usr/lib/frr/nhrpd
Show log for BFD
- journalctl -b /usr/lib/frr/bfdd
+ journalctl --boot /usr/lib/frr/bfdd
Show log for MPLS
- journalctl -b /usr/lib/frr/ldpd
+ journalctl --boot /usr/lib/frr/ldpd
--
cgit v1.2.3
From ff908b7d766ddfc0db5d728b531f0a9db89f1890 Mon Sep 17 00:00:00 2001
From: Christian Poessinger
Date: Fri, 1 Apr 2022 21:25:11 +0200
Subject: op-mode: monitor: T4308: support following FRR daemon logs
---
op-mode-definitions/monitor-log.xml.in | 73 ++++++++++++++++++++++++++++++++++
1 file changed, 73 insertions(+)
(limited to 'op-mode-definitions')
diff --git a/op-mode-definitions/monitor-log.xml.in b/op-mode-definitions/monitor-log.xml.in
index 352c84ff1..cbdf76fc3 100644
--- a/op-mode-definitions/monitor-log.xml.in
+++ b/op-mode-definitions/monitor-log.xml.in
@@ -14,6 +14,79 @@
grc tail --follow=name /var/log/messages
+
+
+ Monitor log for Routing Protocols
+
+
+
+
+ Monitor log for OSPF
+
+ journalctl --follow --boot /usr/lib/frr/ospfd
+
+
+
+ Monitor log for OSPF for IPv6
+
+ journalctl --follow --boot /usr/lib/frr/ospf6d
+
+
+
+ Monitor log for BGP
+
+ journalctl --follow --boot /usr/lib/frr/bgpd
+
+
+
+ Monitor log for RIP
+
+ journalctl --follow --boot /usr/lib/frr/ripd
+
+
+
+ Monitor log for RIPng
+
+ journalctl --follow --boot /usr/lib/frr/ripngd
+
+
+
+ Monitor log for static route
+
+ journalctl --follow --boot /usr/lib/frr/staticd
+
+
+
+ Monitor log for Multicast protocol
+
+ journalctl --follow --boot /usr/lib/frr/pimd
+
+
+
+ Monitor log for ISIS
+
+ journalctl --follow --boot /usr/lib/frr/isisd
+
+
+
+ Monitor log for NHRP
+
+ journalctl --follow --boot /usr/lib/frr/nhrpd
+
+
+
+ Monitor log for BFD
+
+ journalctl --follow --boot /usr/lib/frr/bfdd
+
+
+
+ Monitor log for MPLS
+
+ journalctl --follow --boot /usr/lib/frr/ldpd
+
+
+
--
cgit v1.2.3
From 8626a7b8602ea67e1286f054509a4d0dd69f363e Mon Sep 17 00:00:00 2001
From: srividya0208
Date: Wed, 6 Apr 2022 06:25:28 -0400
Subject: op-comm: ospf : error for ospf neighbor address command
Error received when executed the sh ip ospf neighbor address 33.33.33.33
% Unknown command: sh ip ospf neighbor address 33.33.33.33
---
op-mode-definitions/include/ospf-common.xml.i | 9 ---------
1 file changed, 9 deletions(-)
(limited to 'op-mode-definitions')
diff --git a/op-mode-definitions/include/ospf-common.xml.i b/op-mode-definitions/include/ospf-common.xml.i
index 0edc3c37f..23769c8ba 100644
--- a/op-mode-definitions/include/ospf-common.xml.i
+++ b/op-mode-definitions/include/ospf-common.xml.i
@@ -523,15 +523,6 @@
${vyos_op_scripts_dir}/vtysh_wrapper.sh $@
-
-
- Show IPv4 OSPF neighbor information for specified IP address
-
- <x.x.x.x>
-
-
- ${vyos_op_scripts_dir}/vtysh_wrapper.sh $@
-
Show detailed IPv4 OSPF neighbor information
--
cgit v1.2.3