vyos-1x.git/src/migration-scripts/https, branch mergify/bp/sagitta/pr-3838

https: T5902: fix migration of virtual-host port

2024-02-09T08:05:14+00:00

CLI source node is port and not listen-port. (cherry picked from commit 63d53a17274349fd68defdbf9f7ce16be63fc9b1)

https: T6000: fix error in migration of path https certbot

2024-01-30T10:43:17+00:00

(cherry picked from commit f057075409b024a18ea8a39b5e128fcde988c00e)

https: T5902: remove virtual-host configuration

2024-01-10T07:11:39+00:00

We have not seen the adoption of the https virtual-host CLI option. What it did? * Create multiple webservers each listening on a different IP/port (but in the same VRF) * All webservers shared one common document root * All webservers shared the same SSL certificates * All webservers could have had individual allow-client configurations * API could be enabled for a particular virtual-host but was always enabled on the default host This configuration tried to provide a full webserver via the CLI but VyOS is a router and the Webserver is there for an API or to serve files for a local-ui. Changes Remove support for virtual-hosts as it's an incomplete and thus mostly useless "thing". Migrate all allow-client statements to one top-level allow statement. (cherry picked from commit d0d3071e99eb65edb888c26ef2fdc9e038438887)

https: T5886: migrate https certbot to new "pki certificate" CLI tree

2024-01-08T20:11:13+00:00

(cherry picked from commit 9ab6665c80c30bf446d94620fc9d85b052d48072)

T5474: establish common file name pattern for XML conf mode commands

2024-01-01T08:25:32+00:00

We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in (cherry picked from commit 4ef110fd2c501b718344c72d495ad7e16d2bd465)

http: T5762: rename "virtual-host listen-port" -> "virtual-host port"

2023-11-22T05:51:05+00:00

This complements commit f5e43b136 ("http: T5762: api: make API socket backend communication the one and only default") so we have a consistent port CLI node across VyOS components. (cherry picked from commit 0e885f1bf01424130b6876e769cc42612b19351b)

http: T5762: api: make API socket backend communication the one and only default

2023-11-20T18:22:08+00:00

Why: Smoketests fail as they can not establish IPv6 connection to uvicorn backend server. https://github.com/vyos/vyos-1x/pull/2481 added a bunch of new smoketests. While debugging those failing, it was uncovered, that uvicorn only listens on IPv4 connections vyos@vyos# netstat -tulnp | grep 8080 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN - As the CLI already has an option to move the API communication from an IP to a UNIX domain socket, the best idea is to make this the default way of communication, as we never directly talk to the API server but rather use the NGINX reverse proxy. (cherry picked from commit f5e43b1361fb59a9c260739bdb28729d5119507c)

T5427: Fix migration script arguments len expects 2 args

2023-08-02T09:12:23+00:00

The script's name is always provided as the first argument sys.argv[0] Expected length for argv is 2 (script itself + config file) Change: 'if (len(argv) < 1)' to 'if len(argv) < 2'

graphql: T4768: change name of api child node from 'gql' to 'graphql'

2022-10-21T13:46:25+00:00

pki: https: T3642: Migrate HTTPS to use PKI configuration

2021-07-22T14:55:10+00:00