| Age | Commit message (Collapse) | Author |
|---|
|
The PCEngines APU2 systems with mSATA disks tend to be very slow. This results
in a service startup error:
$ systemctl status vyos-grub-update
× vyos-grub-update.service - Update GRUB loader configuration structure
Loaded: loaded (/lib/systemd/system/vyos-grub-update.service; enabled; preset: enabled)
Active: failed (Result: timeout) since Sun 2024-03-24 08:48:10 UTC; 14min ago
Main PID: 779 (code=killed, signal=TERM)
CPU: 869ms
Mar 24 08:48:05 LR4.wue3 systemd[1]: Starting vyos-grub-update.service - Update GRUB loader configuration structure...
Mar 24 08:48:10 LR4.wue3 systemd[1]: vyos-grub-update.service: start operation timed out. Terminating.
Mar 24 08:48:10 LR4.wue3 systemd[1]: vyos-grub-update.service: Main process exited, code=killed, status=15/TERM
Mar 24 08:48:10 LR4.wue3 systemd[1]: vyos-grub-update.service: Failed with result 'timeout'.
Mar 24 08:48:10 LR4.wue3 systemd[1]: Failed to start vyos-grub-update.service - Update GRUB loader configuration structure.
Measunring on an APU2 system after boot and memory is "hot", it still needs
almost 17 seconds to complete the job
cpo@LR4.wue3:~$ time sudo /usr/libexec/vyos/system/grub_update.py
real 0m16.803s
user 0m0.018s
sys 0m0.028s
|
|
isis: T6160: NameError: name 'process' is not defined
|
|
This is a leftover after commit 0e050cb35 (isis: T3417: drop artificial "domain"
node identifying the IS-IS process name). Drop all references to "process"
variable.
Specifying:
set protocols isis interface eth1
set protocols isis net '49.0001.1921.6825.5255.00'
set protocols isis redistribute ipv4 bgp
Triggered an exception
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 309, in <module>
verify(c)
File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 158, in verify
f'"protocols isis {process} redistribute {afi} {proto}"!')
^^^^^^^
NameError: name 'process' is not defined
|
|
xml: T6146: add utils and helper to provide priority data
|
|
Github: PR Template: make related tasks optional
|
|
|
|
|
|
vti: T6085: interface is always down and only enabled by IPSec daemon
|
|
policy: T6130: Revert commit 960cace
|
|
bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filtering
|
|
conntrack: T6147: Enable conntrack when firewall state-policy is defined
|
|
* Move global state-policy smoketest to it's own test, verify conntrack
|
|
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType
value of 0x88A8 is required.
Reusing CLI command from VIF-S (QinQ) interfaces:
set interfaces bridge br0 protocol 802.1ad
|
|
When a VTI interface is just created, it is in ADMIN UP state by default, even
if an IPSec peer is not connected. After the peer is disconnected the interface
goes to DOWN state as expected.
This breaks routing logic - for example, static routes through VTI interfaces
will be active even if a peer is not connected.
This changes to logic so ADMIN UP/DOWN state can only be changed by the
vti-up-down helper script.
Error was introduced during the Perl -> Python migration and move to the generic
vyos.ifconfig abstraction during the 1.4 development cycle.
|
|
T6143: Increase configuratble timeout range for service config-sync
|
|
The maximum timeout for the `service config-sync` is 300 seconds
(Connection API timeout). It could not be enough for the real massive
configurations.
Increase the maximum value to 3600
```
set service config-sync secondary address 192.0.2.1
set service config-sync secondary timeout 3600
```
|
|
qos: T1871: add MTU option when configure limiter traffic-policy
|
|
T5996: selectively escape and restore single backslashes in config
|
|
This reverts commit 960cace189d7ace2bea0968646b1348b415e0363.
All community rules syntax was changed.
T5357 is invalid bug report.
VyOS cannot use new configuration syntax in the previous versions.
|
|
T6138: Fix op-mode show conntrack table with flowtable offloads
|
|
The op-mode command `show conntrack table ipv4` fails if gets a
conntrack entrie with `flowtable` offload. Those entries do not
have key `timeout`
```
File "/usr/libexec/vyos/op_mode/conntrack.py", line 115, in get_formatted_output
timeout = meta['timeout']
~~~~^^^^^^^^^^^
```
Use the timeout `n/a` for those offload conntrack entries
|
|
T6127: Fixed show log firewall for rule with offload
|
|
T6136: add error checks when using dynamic firewall groups
|
|
|
|
|
|
|
|
|
|
|
|
add mtu to default and specified class
update smoke test
|
|
op-mode: T6133: add support to manually trigger commit-archive update
|
|
Automatic update of the remote commit-archive could fail under certian
circumstances, add an op-mode command to manually trigger the update:
cpo@LR1.wue3# run force commit-archive
Archiving config...
git+https://git.FOOO.de/cpo/vyos-config-backup [edit]
|
|
policy: T6129: add route-map option "as-path exclude all"
|
|
T6133: append domain-name to commit-archive if defined
|
|
|
|
Remove all AS numbers from the AS_PATH of the BGP path's NLRI.
set policy route-map <name> rule <rule> set as-path exclude all
|
|
conntrack: T4022: add RTSP conntrack helper
|
|
T6121: Extend service config-sync to new sections
|
|
T6090: policy: fix migration script
|
|
occurs also if only <policy route> is defined.
|
|
Extend `service config-sync` with new sections:
- LeafNodes: pki, policy, vpn, vrf (syncs the whole sections)
- Nodes: interfaces, protocols, service (syncs subsections)
In this cae the Node allows to uses the next level section
i.e subsection
For example any of the subsection of the node `interfaces`:
- set service config-sync section interfaces pseudo-ethernet
- set service config-sync section interfaces virtual-ethernet
Example of the config:
```
set service config-sync mode 'load'
set service config-sync secondary address '192.0.2.1'
set service config-sync secondary key 'xxx'
set service config-sync section firewall
set service config-sync section interfaces pseudo-ethernet
set service config-sync section interfaces virtual-ethernet
set service config-sync section nat
set service config-sync section nat66
set service config-sync section protocols static
set service config-sync section pki
set service config-sync section vrf
```
|
|
xml: T2518: T160: improve NAT66/NPTv6 and NAT64 help string s
|
|
|
|
|
|
xml: T3642: improve PKI CLI help string
|
|
|
|
radvd: T6118: add nat64prefix support RFC8781
|
|
grub: T4548: Fixed GRUB configuration files order
|
|
To iterate files on ext* file systems GRUB reads their inodes one by one,
ignoring names. This breaks our configuration logic that relies on proper
loading order.
This commit adds a helper `sort_inodes()` that needs to be used whenever GRUB
configuration files are created. It recreates files, changing their inodes in a
way where inodes order matches alphabetical order.
|
|
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime
must not be smaller than the "interface interval max" definition which defaults
to 600.
set service router-advert interface eth1 nat64prefix 64:ff9b::/96
|
|
|
