summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--data/templates/frr/daemons.frr.tmpl2
-rw-r--r--data/templates/high-availability/10-override.conf.j22
-rw-r--r--interface-definitions/high-availability.xml.in4
-rw-r--r--op-mode-definitions/ntp.xml.in49
-rw-r--r--op-mode-definitions/show-ntp.xml.in21
-rwxr-xr-xsrc/conf_mode/dns_dynamic.py2
-rwxr-xr-xsrc/conf_mode/high-availability.py2
-rwxr-xr-xsrc/conf_mode/system-ip.py28
-rwxr-xr-xsrc/conf_mode/system-ipv6.py25
-rw-r--r--src/etc/sysctl.d/30-vyos-router.conf10
-rwxr-xr-xsrc/init/vyos-router2
11 files changed, 90 insertions, 57 deletions
diff --git a/data/templates/frr/daemons.frr.tmpl b/data/templates/frr/daemons.frr.tmpl
index 3aad8e8dd..b137ba23a 100644
--- a/data/templates/frr/daemons.frr.tmpl
+++ b/data/templates/frr/daemons.frr.tmpl
@@ -8,7 +8,7 @@ isisd=yes
pimd=no
ldpd=yes
nhrpd=no
-eigrpd=yes
+eigrpd=no
babeld=yes
sharpd=no
pbrd=no
diff --git a/data/templates/high-availability/10-override.conf.j2 b/data/templates/high-availability/10-override.conf.j2
index d1cb25581..c153f09b4 100644
--- a/data/templates/high-availability/10-override.conf.j2
+++ b/data/templates/high-availability/10-override.conf.j2
@@ -1,5 +1,5 @@
### Autogenerated by ${vyos_conf_scripts_dir}/high-availability.py ###
-{% set snmp = '' if vrrp.disable_snmp is vyos_defined else '--snmp' %}
+{% set snmp = '--snmp' if vrrp.snmp is vyos_defined else '' %}
[Unit]
After=vyos-router.service
# Only start if there is our configuration file - remove Debian default
diff --git a/interface-definitions/high-availability.xml.in b/interface-definitions/high-availability.xml.in
index 47a772d04..aa23888a4 100644
--- a/interface-definitions/high-availability.xml.in
+++ b/interface-definitions/high-availability.xml.in
@@ -12,10 +12,10 @@
<help>Virtual Router Redundancy Protocol settings</help>
</properties>
<children>
- <leafNode name="disable-snmp">
+ <leafNode name="snmp">
<properties>
<valueless/>
- <help>Disable SNMP</help>
+ <help>Enable SNMP</help>
</properties>
</leafNode>
<node name="global-parameters">
diff --git a/op-mode-definitions/ntp.xml.in b/op-mode-definitions/ntp.xml.in
new file mode 100644
index 000000000..b8d0c43ec
--- /dev/null
+++ b/op-mode-definitions/ntp.xml.in
@@ -0,0 +1,49 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="show">
+ <children>
+ <node name="ntp">
+ <properties>
+ <help>Show peer status of NTP daemon</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/show_ntp.sh --sourcestats</command>
+ <children>
+ <node name="system">
+ <properties>
+ <help>Show parameters about the system clock performance</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/show_ntp.sh --tracking</command>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+ <node name="force">
+ <children>
+ <node name="ntp">
+ <properties>
+ <help>NTP (Network Time Protocol) operations</help>
+ </properties>
+ <children>
+ <node name="synchronization">
+ <properties>
+ <help>Force NTP time synchronization</help>
+ </properties>
+ <children>
+ <tagNode name="vrf">
+ <properties>
+ <help>Force NTP time synchronization in given VRF</help>
+ <completionHelp>
+ <path>vrf name</path>
+ </completionHelp>
+ </properties>
+ <command>sudo ip vrf exec $5 chronyc makestep</command>
+ </tagNode>
+ </children>
+ <command>sudo chronyc makestep</command>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/op-mode-definitions/show-ntp.xml.in b/op-mode-definitions/show-ntp.xml.in
deleted file mode 100644
index 0907722af..000000000
--- a/op-mode-definitions/show-ntp.xml.in
+++ /dev/null
@@ -1,21 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
- <node name="show">
- <children>
- <node name="ntp">
- <properties>
- <help>Show peer status of NTP daemon</help>
- </properties>
- <command>${vyos_op_scripts_dir}/show_ntp.sh --sourcestats</command>
- <children>
- <node name="system">
- <properties>
- <help>Show parameters about the system clock performance</help>
- </properties>
- <command>${vyos_op_scripts_dir}/show_ntp.sh --tracking</command>
- </node>
- </children>
- </node>
- </children>
- </node>
-</interfaceDefinition>
diff --git a/src/conf_mode/dns_dynamic.py b/src/conf_mode/dns_dynamic.py
index ab80defe8..4b1aed742 100755
--- a/src/conf_mode/dns_dynamic.py
+++ b/src/conf_mode/dns_dynamic.py
@@ -104,7 +104,7 @@ def generate(dyndns):
if not dyndns or 'address' not in dyndns:
return None
- render(config_file, 'dns-dynamic/ddclient.conf.j2', dyndns)
+ render(config_file, 'dns-dynamic/ddclient.conf.j2', dyndns, permission=0o600)
render(systemd_override, 'dns-dynamic/override.conf.j2', dyndns)
return None
diff --git a/src/conf_mode/high-availability.py b/src/conf_mode/high-availability.py
index 70f43ab52..b3b27b14e 100755
--- a/src/conf_mode/high-availability.py
+++ b/src/conf_mode/high-availability.py
@@ -59,7 +59,7 @@ def get_config(config=None):
if conf.exists(conntrack_path):
ha['conntrack_sync_group'] = conf.return_value(conntrack_path)
- if leaf_node_changed(conf, base + ['vrrp', 'disable-snmp']):
+ if leaf_node_changed(conf, base + ['vrrp', 'snmp']):
ha.update({'restart_required': {}})
return ha
diff --git a/src/conf_mode/system-ip.py b/src/conf_mode/system-ip.py
index 5e4e5ec28..7612e2c0d 100755
--- a/src/conf_mode/system-ip.py
+++ b/src/conf_mode/system-ip.py
@@ -20,10 +20,12 @@ from vyos.config import Config
from vyos.configdict import dict_merge
from vyos.configverify import verify_route_map
from vyos.template import render_to_string
-from vyos.utils.process import call
from vyos.utils.dict import dict_search
from vyos.utils.file import write_file
+from vyos.utils.process import call
+from vyos.utils.process import is_systemd_service_active
from vyos.utils.system import sysctl_write
+
from vyos import ConfigError
from vyos import frr
from vyos import airbag
@@ -115,16 +117,20 @@ def apply(opt):
value = '48' if (tmp is None) else tmp
sysctl_write('net.ipv4.tcp_mtu_probe_floor', value)
- zebra_daemon = 'zebra'
- # Save original configuration prior to starting any commit actions
- frr_cfg = frr.FRRConfig()
-
- # The route-map used for the FIB (zebra) is part of the zebra daemon
- frr_cfg.load_configuration(zebra_daemon)
- frr_cfg.modify_section(r'ip protocol \w+ route-map [-a-zA-Z0-9.]+', stop_pattern='(\s|!)')
- if 'frr_zebra_config' in opt:
- frr_cfg.add_before(frr.default_add_before, opt['frr_zebra_config'])
- frr_cfg.commit_configuration(zebra_daemon)
+ # During startup of vyos-router that brings up FRR, the service is not yet
+ # running when this script is called first. Skip this part and wait for initial
+ # commit of the configuration to trigger this statement
+ if is_systemd_service_active('frr.service'):
+ zebra_daemon = 'zebra'
+ # Save original configuration prior to starting any commit actions
+ frr_cfg = frr.FRRConfig()
+
+ # The route-map used for the FIB (zebra) is part of the zebra daemon
+ frr_cfg.load_configuration(zebra_daemon)
+ frr_cfg.modify_section(r'ip protocol \w+ route-map [-a-zA-Z0-9.]+', stop_pattern='(\s|!)')
+ if 'frr_zebra_config' in opt:
+ frr_cfg.add_before(frr.default_add_before, opt['frr_zebra_config'])
+ frr_cfg.commit_configuration(zebra_daemon)
if __name__ == '__main__':
try:
diff --git a/src/conf_mode/system-ipv6.py b/src/conf_mode/system-ipv6.py
index e40ed38e2..90a1a8087 100755
--- a/src/conf_mode/system-ipv6.py
+++ b/src/conf_mode/system-ipv6.py
@@ -22,8 +22,9 @@ from vyos.configdict import dict_merge
from vyos.configverify import verify_route_map
from vyos.template import render_to_string
from vyos.utils.dict import dict_search
-from vyos.utils.system import sysctl_write
from vyos.utils.file import write_file
+from vyos.utils.process import is_systemd_service_active
+from vyos.utils.system import sysctl_write
from vyos import ConfigError
from vyos import frr
from vyos import airbag
@@ -93,16 +94,20 @@ def apply(opt):
if name == 'accept_dad':
write_file(os.path.join(root, name), value)
- zebra_daemon = 'zebra'
- # Save original configuration prior to starting any commit actions
- frr_cfg = frr.FRRConfig()
+ # During startup of vyos-router that brings up FRR, the service is not yet
+ # running when this script is called first. Skip this part and wait for initial
+ # commit of the configuration to trigger this statement
+ if is_systemd_service_active('frr.service'):
+ zebra_daemon = 'zebra'
+ # Save original configuration prior to starting any commit actions
+ frr_cfg = frr.FRRConfig()
- # The route-map used for the FIB (zebra) is part of the zebra daemon
- frr_cfg.load_configuration(zebra_daemon)
- frr_cfg.modify_section(r'ipv6 protocol \w+ route-map [-a-zA-Z0-9.]+', stop_pattern='(\s|!)')
- if 'frr_zebra_config' in opt:
- frr_cfg.add_before(frr.default_add_before, opt['frr_zebra_config'])
- frr_cfg.commit_configuration(zebra_daemon)
+ # The route-map used for the FIB (zebra) is part of the zebra daemon
+ frr_cfg.load_configuration(zebra_daemon)
+ frr_cfg.modify_section(r'ipv6 protocol \w+ route-map [-a-zA-Z0-9.]+', stop_pattern='(\s|!)')
+ if 'frr_zebra_config' in opt:
+ frr_cfg.add_before(frr.default_add_before, opt['frr_zebra_config'])
+ frr_cfg.commit_configuration(zebra_daemon)
if __name__ == '__main__':
try:
diff --git a/src/etc/sysctl.d/30-vyos-router.conf b/src/etc/sysctl.d/30-vyos-router.conf
index ad43390bb..fcdc1b21d 100644
--- a/src/etc/sysctl.d/30-vyos-router.conf
+++ b/src/etc/sysctl.d/30-vyos-router.conf
@@ -98,15 +98,6 @@ net.ipv6.route.skip_notify_on_dev_down=1
# Default value of 20 seems to interfere with larger OSPF and VRRP setups
net.ipv4.igmp_max_memberships = 512
-# Increase default garbage collection thresholds
-net.ipv4.neigh.default.gc_thresh1 = 1024
-net.ipv4.neigh.default.gc_thresh2 = 4096
-net.ipv4.neigh.default.gc_thresh3 = 8192
-#
-net.ipv6.neigh.default.gc_thresh1 = 1024
-net.ipv6.neigh.default.gc_thresh2 = 4096
-net.ipv6.neigh.default.gc_thresh3 = 8192
-
# Enable global RFS (Receive Flow Steering) configuration. RFS is inactive
# until explicitly configured at the interface level
net.core.rps_sock_flow_entries = 32768
@@ -114,3 +105,4 @@ net.core.rps_sock_flow_entries = 32768
# Congestion control
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
+
diff --git a/src/init/vyos-router b/src/init/vyos-router
index 8572f53fc..cc69fae5a 100755
--- a/src/init/vyos-router
+++ b/src/init/vyos-router
@@ -343,6 +343,8 @@ start ()
${vyos_conf_scripts_dir}/system-login.py || log_failure_msg "could not reset system login"
${vyos_conf_scripts_dir}/system-login-banner.py || log_failure_msg "could not reset motd and issue files"
${vyos_conf_scripts_dir}/system-option.py || log_failure_msg "could not reset system option files"
+ ${vyos_conf_scripts_dir}/system-ip.py || log_failure_msg "could not reset system IPv4 options"
+ ${vyos_conf_scripts_dir}/system-ipv6.py || log_failure_msg "could not reset system IPv6 options"
${vyos_conf_scripts_dir}/conntrack.py || log_failure_msg "could not reset conntrack subsystem"
${vyos_conf_scripts_dir}/container.py || log_failure_msg "could not reset container subsystem"
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-14 09:31:45 +0000