| Age | Commit message (Collapse) | Author |
|---|
|
T7278: Remove cracklib hack from postconfig script template
|
|
|
|
|
|
|
|
T6058: Fix popen command wrapper handling
|
|
Ensure `wrapper` is only prepended to `command` when it is non-empty
|
|
|
|
The 'hybrid' mode of vyconfd validation and Cstore commit is no longer
needed, in preparation for full vyconfd support.
Revert "vyconf: T6718: use vy_set/delete in configsession and util"
This reverts commit 6999f85b2fc1c6e2421242e30e3810bd19250f3e.
|
|
WireGuard performs a handshake every WIREGUARD_REKEY_AFTER_TIME if data is
being transmitted between the peers. If no data is transmitted, the handshake
will not be initiated unless new data begins to flow. Each handshake generates
a new session key, and the key is rotated at least every 120 seconds or upon
data transmission after a prolonged silence.
|
|
utils: T6975: Add 'vrf' and 'netns' arguments to functions in 'vyos.utils.process'
|
|
'vyos.utils.process'
|
|
interfaces attached to VRFs
|
|
op_mode: T6767: Check latest image version in VRF context for "add system image latest vrf <name>"
|
|
image latest vrf <name>"
|
|
|
|
Add the ability to configure base64 encoded passwords for
VPN IPSec site-to-site peers
authentication psk PSK secret 'xxxxx=='
authentication psk PSK secret-type <base64|plaintext>
|
|
Signed-off-by: Date Huang <tjjh89017@hotmail.com>
|
|
`mokutil --sb-state` will output "This system doesn't support Secure Boot" to stderr.
and return error code 255 if the UEFI system doesn't support secure boot.
Signed-off-by: Date Huang <tjjh89017@hotmail.com>
|
|
Signed-off-by: Daniil Baturin <daniil@baturin.org>
|
|
|
|
vyos@vyos:~$ show ver
...
Architecture: x86_64
Boot via: installed image
System type: KVM guest
Secure Boot: enabled
...
|
|
|
|
|
|
|
|
T5873: ipsec remote access VPN: support VTI interfaces.
|
|
system: op-mode: T3334: allow delayed getty restart when configuring serial ports
|
|
Make it more obvious for the user aber the severity of his action.
|
|
ports
* Created op-mode command "restart serial console"
* Relocated service control to vyos.utils.serial helpers, used by conf- and
op-mode serial console handling
* Checking for logged-in serial sessions that may be affected by getty reconfig
* Warning the user when changes are committed and serial sessions are active,
otherwise restart services as normal. No prompts issued during commit,
all config gen/commit steps still occur except for the service restarts
(everything remains consistent)
* To apply committed changes, user will need to run "restart serial console"
to complete the process or reboot the whole router
* Added additional flags and target filtering for generic use of helpers.
|
|
|
|
deletion
Now that interfaces are deleted from ct_iface_map during deletion it's time to
also add a smoketest ensuring there is no entry in the ct_iface_map once an
interface was deleted from the CLI.
|
|
wireless: T6597: improve hostapd startup and corresponding smoketests
|
|
To reproduce:
set vrf name mgmt table '150'
set vrf name no-mgmt table '151'
set interfaces ethernet eth2 vrf 'mgmt'
commit
set interfaces ethernet eth2 vrf no-mgmt
commit
This resulted in an error while interacting with nftables:
[Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 }
The reason is that the old mapping entry still exists and was not removed.
This commit adds a new utility function get_vrf_tableid() and compares the
current and new VRF table IDs assigned to an interface. If the IDs do not
match, the nftables ct_iface_map entry is removed before the new entry is added.
|
|
|
|
Sometimes we need a reliable way to lock an execution until some other operation
is not done.
This commit introduces locking util, which can be used as a common lock, even
between different processes.
Usage example:
```
from vyos.utils.locking import Lock
lock = Lock('my_lock_id')
lock.acquire(timeout=10)
print(f'Lock acquired: {lock.is_locked}')
lock.release()
```
|
|
|
|
|
|
|
|
|
|
|
|
op-mode: T6514: rework the "show system storage" code to handle live CD systems correctly
|
|
to handle live CD systems correctly
and allow reusing the functions from other scripts
|
|
configd: T6504: send sudo_user on session init and set env variable
|
|
op mode: T6501: add "run show kernel modules"
|
|
get_current_user()
|
|
to be able to call them from the new tech-support script
|
|
|
|
filesystem
|
|
|
|
|
|
The intention of vyos.utils package is to have a common ground for repeating
actions/helpers. This is also true for number of CPUs and their respective
core count.
Move vyos.cpu to vyos.utils.cpu
|
