vyos-1x.git/src/op_mode, branch current

Merge pull request #4582 from hedrok/T7545-fix-show-vpn-debug-peer

2025-07-10T14:09:56+00:00

ipsec: T7545: Fix show vpn debug peer

wlb: T7622: fix the op mode "run show wan-load-balance" command

2025-07-09T19:04:12+00:00

ipsec: T7545: Fix show vpn debug peer

2025-07-08T14:26:38+00:00

Fix re for searching of peers in /etc/swanctl/swanctl.conf ``` search = rf'^[\s]*(peer_{peer}_(tunnel_[\d]+|vti)).*' ``` Changed to ``` search = rf'^[\s]*({peer}-(tunnel-[\d]+|vti))[\s]*{{' ``` Added message ``` print(f'\n### {command} ###') ``` so that output is not empty when `/usr/sbin/ipsec statusall` shows nothing

T7591: remove copyright years from source files

2025-06-28T21:16:52+00:00

The legal team says years are not necessary so we can go ahead with it, since it will simplify backporting. Automatically removed using: git ls-files | grep -v libvyosconfig | xargs sed -i -E \ 's/^# Copyright (19|20)[0-9]{2}(-[0-9]{4})? VyOS maintainers.*/# Copyright VyOS maintainers and contributors /g' In addition we will error-out during "make" if someone re-adds a legacy copyright notice

wan-load-balancing: T7567: Write health-status on first run

2025-06-24T16:03:14+00:00

Write the health-status on the very first run of the script, without waiting for any change in status, to show the current state to the show command. In show command use the same api to get the now timestamp as used in state change timestamp.

pki: T7574: add optional force argument to renew certbot-issued certificates

2025-06-23T20:45:32+00:00

Certbot renewal command in op-mode "renew certbot" only works if any of the certificates is up for renewal. There is no CLI option to forcefully renew a certificate. This is about adding a force option to the CLI and with this addition move the entire certbot renew handling to new-style op-mode commands. vyos@vyos:~$ renew certbot force - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /config/auth/letsencrypt/renewal/vyos.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Renewing an existing certificate for vyos.io - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded: /config/auth/letsencrypt/live/vyos/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Hook 'post-hook' ran with output: Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.

installer: T6144: require at least 2GB of free space for image upgrade

2025-06-20T12:50:45+00:00

container: T7473: fix show/monitor container log failed when log-driver is journald

2025-06-17T15:02:07+00:00

op-mode: T7527: move assorted embedded shel snippets to script files

2025-06-10T13:57:14+00:00

T1771: automatic reboot of system into previous image

2025-05-17T14:05:38+00:00

If any part of the system boot fails, we set overall_status=1 in the vyos-router startup script. When an error during the image upgrade is detected, the system will automatically revert the default boot image to the previously used version, if the CLI option "system option reboot-on-upgrade-failure" is set. The user is informed via console messages: Booting failed, reverting to previous image Automatic reboot in 5 minutes Use "reboot cancel" to cancel The user has time to log in and run reboot cancel to remain in the faulty image for troubleshooting. Reboot timeout is defined by CLI: "system option reboot-on-upgrade-failure" Once the system boots into the previous image, the MOTD will display a persistent warning message - cleared during next reboot. WARNING: Image update to "VyOS 1.5.xxxx" failed Please check the logs: /usr/lib/live/mount/persistence/boot/NAME/rw/var/log Message is cleared on next reboot! Upgrade failure can be synthetically injected by booting with Kernel command line option: vyos-fail-migration