diff options
| -rw-r--r-- | .gitmodules | 4 | ||||
| -rw-r--r-- | CODEOWNERS | 2 | ||||
| -rw-r--r-- | Makefile | 14 | ||||
| -rw-r--r-- | data/templates/frr/ldpd.frr.j2 | 10 | ||||
| -rw-r--r-- | data/templates/rsyslog/rsyslog.conf.j2 | 4 | ||||
| -rw-r--r-- | debian/control | 3 | ||||
| -rw-r--r-- | interface-definitions/interfaces_virtual-ethernet.xml.in | 4 | ||||
| -rw-r--r-- | interface-definitions/protocols_mpls.xml.in | 24 | ||||
| -rw-r--r-- | interface-definitions/system_syslog.xml.in | 4 | ||||
| m--------- | libvyosconfig | 0 | ||||
| -rw-r--r-- | smoketest/scripts/cli/base_interfaces_test.py | 2 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_protocols_mpls.py | 71 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_system_syslog.py | 4 | ||||
| -rwxr-xr-x | src/conf_mode/pki.py | 12 | ||||
| -rwxr-xr-x | src/op_mode/image_installer.py | 2 |
15 files changed, 138 insertions, 22 deletions
diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 000000000..4e9a691c0 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "libvyosconfig"] + path = libvyosconfig + url = ../libvyosconfig.git + branch = current diff --git a/CODEOWNERS b/CODEOWNERS index 72ddbde91..0bf2e6d79 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,2 +1,2 @@ # Users from reviewers github team -* @vyos/reviewers +# * @vyos/reviewers @@ -9,6 +9,7 @@ BUILD_ARCH := $(shell dpkg-architecture -q DEB_BUILD_ARCH) J2LINT := $(shell command -v j2lint 2> /dev/null) PYLINT_FILES := $(shell git ls-files *.py src/migration-scripts) LIBVYOSCONFIG_BUILD_PATH := /tmp/libvyosconfig/_build/libvyosconfig.so +LIBVYOSCONFIG_STATUS := $(shell git submodule status) config_xml_src = $(wildcard interface-definitions/*.xml.in) config_xml_obj = $(config_xml_src:.xml.in=.xml) @@ -23,12 +24,13 @@ op_xml_obj = $(op_xml_src:.xml.in=.xml) .PHONY: libvyosconfig .ONESHELL: libvyosconfig: - if ! [ -f $(LIBVYOSCONFIG_BUILD_PATH) ]; then - rm -rf /tmp/libvyosconfig && \ - git clone https://github.com/vyos/libvyosconfig.git /tmp/libvyosconfig || exit 1 - cd /tmp/libvyosconfig && \ - git checkout 55b2d352333e3cfcb54d2057b73cef6ebe8331f9 || exit 1 - eval $$(opam env --root=/opt/opam --set-root) && ./build.sh + if test ! -f $(LIBVYOSCONFIG_BUILD_PATH); then + if ! echo $(firstword $(LIBVYOSCONFIG_STATUS))|grep -Eq '^[a-z0-9]'; then + git submodule sync; git submodule update --init --remote + fi + rm -rf /tmp/libvyosconfig && mkdir /tmp/libvyosconfig + cp -r libvyosconfig /tmp && cd /tmp/libvyosconfig && \ + eval $$(opam env --root=/opt/opam --set-root) && ./build.sh || exit 1 fi .PHONY: interface_definitions diff --git a/data/templates/frr/ldpd.frr.j2 b/data/templates/frr/ldpd.frr.j2 index 9a893cc55..b8fb0cfc7 100644 --- a/data/templates/frr/ldpd.frr.j2 +++ b/data/templates/frr/ldpd.frr.j2 @@ -82,8 +82,11 @@ mpls ldp {% endfor %} {% endif %} {% if ldp.interface is vyos_defined %} -{% for interface in ldp.interface %} +{% for interface, iface_config in ldp.interface.items() %} interface {{ interface }} +{% if iface_config.disable_establish_hello is vyos_defined %} + disable-establish-hello +{% endif %} exit {% endfor %} {% endif %} @@ -135,8 +138,11 @@ mpls ldp {% endfor %} {% endif %} {% if ldp.interface is vyos_defined %} -{% for interface in ldp.interface %} +{% for interface, iface_config in ldp.interface.items() %} interface {{ interface }} +{% if iface_config.disable_establish_hello is vyos_defined %} + disable-establish-hello +{% endif %} {% endfor %} {% endif %} exit-address-family diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2 index 68e34f3f8..a67e596fc 100644 --- a/data/templates/rsyslog/rsyslog.conf.j2 +++ b/data/templates/rsyslog/rsyslog.conf.j2 @@ -103,9 +103,9 @@ if prifilt("{{ tmp | join(',') }}") then { port="{{ remote_options.port }}" protocol="{{ remote_options.protocol }}" {% if remote_options.format.include_timezone is vyos_defined %} - template="SyslogProtocol23Format" + template="RSYSLOG_SyslogProtocol23Format" {% endif %} - TCP_Framing="{{ 'octed-counted' if remote_options.format.octet_counted is vyos_defined else 'traditional' }}" + TCP_Framing="{{ 'octet-counted' if remote_options.format.octet_counted is vyos_defined else 'traditional' }}" {% if remote_options.source_address is vyos_defined %} Address="{{ remote_options.source_address }}" {% endif %} diff --git a/debian/control b/debian/control index 20b1a228c..4186dfb3b 100644 --- a/debian/control +++ b/debian/control @@ -42,7 +42,8 @@ Pre-Depends: libnss-tacplus [amd64], libpam-tacplus [amd64], libpam-radius-auth (= 1.5.0-cl3u7) [amd64], - libnss-mapuser (= 1.1.0-cl3u3) [amd64] + libnss-mapuser (= 1.1.0-cl3u3) [amd64], + tzdata (>= 2025b) Depends: ## Fundamentals ${python3:Depends} (>= 3.10), diff --git a/interface-definitions/interfaces_virtual-ethernet.xml.in b/interface-definitions/interfaces_virtual-ethernet.xml.in index c4610feec..2dfbd50b8 100644 --- a/interface-definitions/interfaces_virtual-ethernet.xml.in +++ b/interface-definitions/interfaces_virtual-ethernet.xml.in @@ -21,6 +21,10 @@ #include <include/interface/dhcp-options.xml.i> #include <include/interface/dhcpv6-options.xml.i> #include <include/interface/disable.xml.i> + #include <include/interface/mtu-68-16000.xml.i> + <leafNode name="mtu"> + <defaultValue>1500</defaultValue> + </leafNode> #include <include/interface/netns.xml.i> #include <include/interface/vif-s.xml.i> #include <include/interface/vif.xml.i> diff --git a/interface-definitions/protocols_mpls.xml.in b/interface-definitions/protocols_mpls.xml.in index 831601fc6..fc1864f38 100644 --- a/interface-definitions/protocols_mpls.xml.in +++ b/interface-definitions/protocols_mpls.xml.in @@ -524,7 +524,29 @@ </node> </children> </node> - #include <include/generic-interface-multi.xml.i> + <tagNode name="interface"> + <properties> + <help>Interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + <leafNode name="disable-establish-hello"> + <properties> + <help>Disable response to hello packet with an additional hello LDP packet</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> </children> </node> <node name="parameters"> diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in index 8b2d9cab7..116cbde73 100644 --- a/interface-definitions/system_syslog.xml.in +++ b/interface-definitions/system_syslog.xml.in @@ -46,13 +46,13 @@ <children> <leafNode name="octet-counted"> <properties> - <help>Allows for the transmission of all characters inside a syslog message</help> + <help>Allows for the transmission of multi-line messages (TCP only)</help> <valueless/> </properties> </leafNode> <leafNode name="include-timezone"> <properties> - <help>Include system timezone in syslog message</help> + <help>Use RFC 5424 format (with RFC 3339 timestamp and timezone)</help> <valueless/> </properties> </leafNode> diff --git a/libvyosconfig b/libvyosconfig new file mode 160000 +Subproject 74d884d7f383aa570fa00b7f3b222ea8b18bb45 diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py index 80d200e97..a9b758802 100644 --- a/smoketest/scripts/cli/base_interfaces_test.py +++ b/smoketest/scripts/cli/base_interfaces_test.py @@ -613,7 +613,7 @@ class BasicInterfaceTest: def test_mtu_1200_no_ipv6_interface(self): # Testcase if MTU can be changed to 1200 on non IPv6 # enabled interfaces - if not self._test_mtu: + if not self._test_mtu or not self._test_ipv6: self.skipTest('not supported') old_mtu = self._mtu diff --git a/smoketest/scripts/cli/test_protocols_mpls.py b/smoketest/scripts/cli/test_protocols_mpls.py index 654f2f099..3840c24f4 100755 --- a/smoketest/scripts/cli/test_protocols_mpls.py +++ b/smoketest/scripts/cli/test_protocols_mpls.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021-2024 VyOS maintainers and contributors +# Copyright (C) 2021-2025 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -121,5 +121,74 @@ class TestProtocolsMPLS(VyOSUnitTestSHIM.TestCase): for interface in interfaces: self.assertIn(f' interface {interface}', afiv4_config) + def test_02_mpls_disable_establish_hello(self): + router_id = '1.2.3.4' + transport_ipv4_addr = '5.6.7.8' + transport_ipv6_addr = '2001:db8:1111::1111' + interfaces = Section.interfaces('ethernet') + + self.cli_set(base_path + ['router-id', router_id]) + + # At least one LDP interface must be configured + with self.assertRaises(ConfigSessionError): + self.cli_commit() + for interface in interfaces: + self.cli_set(base_path + ['interface', interface, 'disable-establish-hello']) + + # LDP transport address missing + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_set(base_path + ['discovery', 'transport-ipv4-address', transport_ipv4_addr]) + self.cli_set(base_path + ['discovery', 'transport-ipv6-address', transport_ipv6_addr]) + + # Commit changes + self.cli_commit() + + # Validate configuration + frrconfig = self.getFRRconfig('mpls ldp', endsection='^exit') + self.assertIn(f'mpls ldp', frrconfig) + self.assertIn(f' router-id {router_id}', frrconfig) + + # Validate AFI IPv4 + afiv4_config = self.getFRRconfig('mpls ldp', endsection='^exit', + substring=' address-family ipv4', + endsubsection='^ exit-address-family') + self.assertIn(f' discovery transport-address {transport_ipv4_addr}', afiv4_config) + for interface in interfaces: + self.assertIn(f' interface {interface}', afiv4_config) + self.assertIn(f' disable-establish-hello', afiv4_config) + + # Validate AFI IPv6 + afiv6_config = self.getFRRconfig('mpls ldp', endsection='^exit', + substring=' address-family ipv6', + endsubsection='^ exit-address-family') + self.assertIn(f' discovery transport-address {transport_ipv6_addr}', afiv6_config) + for interface in interfaces: + self.assertIn(f' interface {interface}', afiv6_config) + self.assertIn(f' disable-establish-hello', afiv6_config) + + # Delete disable-establish-hello + for interface in interfaces: + self.cli_delete(base_path + ['interface', interface, 'disable-establish-hello']) + + # Commit changes + self.cli_commit() + + # Validate AFI IPv4 + afiv4_config = self.getFRRconfig('mpls ldp', endsection='^exit', + substring=' address-family ipv4', + endsubsection='^ exit-address-family') + # Validate AFI IPv6 + afiv6_config = self.getFRRconfig('mpls ldp', endsection='^exit', + substring=' address-family ipv6', + endsubsection='^ exit-address-family') + # Check deleted 'disable-establish-hello' option per interface + for interface in interfaces: + self.assertIn(f' interface {interface}', afiv4_config) + self.assertNotIn(f' disable-establish-hello', afiv4_config) + self.assertIn(f' interface {interface}', afiv6_config) + self.assertNotIn(f' disable-establish-hello', afiv6_config) + + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py index ba325ced8..6eae3f19d 100755 --- a/smoketest/scripts/cli/test_system_syslog.py +++ b/smoketest/scripts/cli/test_system_syslog.py @@ -223,10 +223,10 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): if 'format' in remote_options: if 'include-timezone' in remote_options['format']: - self.assertIn( ' template="SyslogProtocol23Format"', config) + self.assertIn( ' template="RSYSLOG_SyslogProtocol23Format"', config) if 'octet-counted' in remote_options['format']: - self.assertIn( ' TCP_Framing="octed-counted"', config) + self.assertIn( ' TCP_Framing="octet-counted"', config) else: self.assertIn( ' TCP_Framing="traditional"', config) diff --git a/src/conf_mode/pki.py b/src/conf_mode/pki.py index acea2c9be..724f97555 100755 --- a/src/conf_mode/pki.py +++ b/src/conf_mode/pki.py @@ -440,13 +440,21 @@ def generate(pki): for name, cert_conf in pki['certificate'].items(): if 'acme' in cert_conf: certbot_list.append(name) - # generate certificate if not found on disk + # There is no ACME/certbot managed certificate presend on the + # system, generate it if name not in certbot_list_on_disk: certbot_request(name, cert_conf['acme'], dry_run=False) + # Now that the certificate was properly generated we have + # the PEM files on disk. We need to add the certificate to + # certbot_list_on_disk to automatically import the CA chain + certbot_list_on_disk.append(name) + # We alredy had an ACME managed certificate on the system, but + # something changed in the configuration elif changed_certificates != None and name in changed_certificates: - # when something for the certificate changed, we should delete it + # Delete old ACME certificate first if name in certbot_list_on_disk: certbot_delete(name) + # Request new certificate via certbot certbot_request(name, cert_conf['acme'], dry_run=False) # Cleanup certbot configuration and certificates if no longer in use by CLI diff --git a/src/op_mode/image_installer.py b/src/op_mode/image_installer.py index 82756daec..3fe9737da 100755 --- a/src/op_mode/image_installer.py +++ b/src/op_mode/image_installer.py @@ -1007,7 +1007,7 @@ def add_image(image_path: str, vrf: str = None, username: str = '', Path(target_config_dir).mkdir(parents=True) chown(target_config_dir, group='vyattacfg') chmod_2775(target_config_dir) - copytree('/opt/vyatta/etc/config/', target_config_dir, + copytree('/opt/vyatta/etc/config/', target_config_dir, symlinks=True, copy_function=copy_preserve_owner, dirs_exist_ok=True) else: Path(target_config_dir).mkdir(parents=True) |