| Age | Commit message (Collapse) | Author |
|---|
|
xml: T7029: allow wildcard in include directive
|
|
vrf: T7024: instance name "up" and "down" are reserved and should not be used
|
|
|
|
T7016: Simplify logic for force deleting dynamic IPv4 address from interface
|
|
This complements commit dda428fc4 ("T6841: firewall: migrate existing VRF in
zone based firewall") which provides the new configuration files after CLI
was migrated.
|
|
This complements commit dda428fc4 ("T6841: firewall: migrate existing VRF in
zone based firewall") which provides the new configuration files after CLI
was migrated.
|
|
|
|
Deprecated as per https://docs.python.org/3/library/datetime.html#datetime.datetime.utcfromtimestamp
Fixes: TypeError: can't subtract offset-naive and offset-aware datetimes
Co-authored-by: Erkki Eilonen <erkki@bearmetal.eu>
|
|
Under very rare cases we can run into a race condition where interfaces are
still in creation phase but are already referenced..
This can trigger:
File "/usr/libexec/vyos/conf_mode/system_conntrack.py", line 270, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/system_conntrack.py", line 249, in apply
call_dependents()
File "/usr/lib/python3/dist-packages/vyos/configdep.py", line 147, in call_dependents
f()
File "/usr/lib/python3/dist-packages/vyos/configdep.py", line 118, in func_impl
run_config_mode_script(script, config)
File "/usr/lib/python3/dist-packages/vyos/configdep.py", line 106, in run_config_mode_script
mod.verify(c)
File "/usr/libexec/vyos//conf_mode/service_conntrack-sync.py", line 72, in verify
if len(get_ipv4(interface)) < 1:
^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/template.py", line 458, in get_ipv4
return Interface(interface).get_addr_v4()
^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 334, in __init__
if not self.iftype:
^^^^^^^^^^^
AttributeError: 'Interface' object has no attribute 'iftype'
This commit removes the code path in question and the class attribute check.
The reason for the iftype attribute in the past was a common _create() method
serving for all interface types. As we already have a lot of derived
implementations and not all honor the classes iftype/type member - or even
worse honor it only in 50% of the occurrences it's time to drop it.
|
|
* smoketest: T7023: unify container image loading
* smoketest: T7023: add tac_plus container to live validate login
TACACS is pretty sensible to its configuration. Instead of manual testing,
extend the smoketest platform to ship a tac_plus container and perform logins
against a locally running tac_plus server in a container.
The login username/password and TACACS shared secret is generated randomly on
the fly for every testcase.
|
|
utils: T6975: Add 'vrf' and 'netns' arguments to functions in 'vyos.utils.process'
|
|
on libnss-mapuser (#4281)
Upstream 2.0.0 version from Debian has issues
|
|
|
|
* smoketest: T6747: call wait after commit() only for FRR related tests
Commit 702a60a8de28 ("smoketest: T6746: wait after commit() until frr-reload
is no longer running") added a guard timeout for every commit executed via CLI
smoketests. This commit changes the bahavior to only add the guard timeout
for FRR related testscases.
This improves the overall smoketest time.
* configd: T6747: use one long-lived instance of FRRender
Previously there was one FRRender() instance per config session. This resulted
in re-rendering the FRR configuration every time a new config session was
created.
Example:
vyos@vyos:~$ configure
vyos@vyos# set interfaces dummy dum0 description foo
vyos@vyos# commit
vyos@vyos# exit
vyos@vyos:~$ configure
vyos@vyos# set interfaces dummy dum0 description bar
vyos@vyos# commit
vyos@vyos# exit
In the past this caused a re-render of the FRR configuration as the delta check
added in commit ec80c75d6776 ("frrender: T6746: only re-render FRR config if
config_dict did change") evaluated to false, as it operated on a new instance
of the FRRender class.
With this change there is no FRR re-render, as there is nothing to update
in FRR.
|
|
ddclient: T5791: Keep ddclient.service in foreground
|
|
'vyos.utils.process'
|
|
T6841: firewall: improve config parsing for ZBF when using VRFs and interfaces attached to VRFs
|
|
VRF support was introduced in VyOS 1.4.0. If a VRF is added as an interface in
the zone based firewall, it will be migrated to the new syntax.
OLD:
set firewall zone FOO interface RED
set firewall zone FOO interface eth0
NEW:
set firewall zone FOO member vrf RED
set firewall zone FOO member interface eth0
|
|
block
|
|
Improve config parsing for ZBF when using VRFs and interfaces attached to VRFs
|
|
interfaces attached to VRFs
|
|
|
|
Since the distributed ddclient.service is of type 'exec' now, avoid using
process forking and let systemd manage the process directly.
|
|
T7016: force delete only dynamic IPv4 address from interface
|
|
|
|
GitHub: T7007: add build/manifest.json to build artifacts
|
|
Integrated per PR smoketests require the build/manifest.json file to retrieve
additional information to be validated inside the runnning image under test.
|
|
T5791: ddclient: Adjust process handling
|
|
T6994: Add textfile collector config option
|
|
|
|
srv6: T6984: add locator format configuration
|
|
|
|
frrender: T6991: do not loose DHCP default route when no static route is defined
|
|
* T6949: adds blackbox exporter
* T6949: adds basic config generation
* T6949: extract shared module config options
* T6949: switch to ipv4/6 literals
* T6949: moves config file to /run
* T6949: adds dns query name option
* T6949: adds dns query type values
* T6949: adds blackbox exporter to debian/control
|
|
The reason is that DHCP routes are not re-generated during FRRrender as long
as there is no protocols static entry in the configuration at all. Move out the
DHCP configuration read-in from the static section.
|
|
Do not restart service when changed only CRL.
Service still restart when cert revoke first time
|
|
GitHub: adjust PR template to our current needs/workflow
|
|
|
|
* smoketest: T6746: add substring search in getFRRconfig()
Some daemons (e.g. bgpd) have several nested substrings/sections like
router bgp 100
address-family ipv4 unicast
..
exit-address-family
exit
We can now use getFRRconfig() with the substring option to extract only
address-family ipv4 unicast
..
exit-address-family
Making config validation more granular
* frrender: T6746: only re-render FRR config if config_dict did change
* frrender: T6746: fix naming glitch isis/eigrp
* frrender: T6746: add --stdout option when running with debug flags
* smoketest: T6746: remove unneeded commit_guard time
It was an invalid workarround as the underlaying issue seems to be a race
condition in CStore.
The commit process is not finished until all pending files from
VYATTA_CHANGES_ONLY_DIR are copied to VYATTA_ACTIVE_CONFIGURATION_DIR. This is
done inside libvyatta-cfg1 and the FUSE UnionFS part. On large non-interactive
commits FUSE UnionFS might not replicate the real state in time, leading to
errors when querying the working and effective configuration.
TO BE DELETED AFTER SWITCH TO IN MEMORY CONFIG
|
|
* op-mode: T6983: add "show log" and "monitor log" commands for vyos-domain-resolver
* firewall: T6983: drop unused variable domain_resolver_usage_nat
* T6983: introduce Python logging module in vyos-domain-resolver
* T6983: treat vyos-domain-resolver as a real service
|
|
xml: T5738: De-duplicate 'openssh' tagNode
|
|
op_mode: T6956: Fix for "generate tech-support archive" if /config contains directories
|
|
Interface definition for pki has redundant `tagNode`
for `openssh`. Remove the redundant one.
|
|
|
|
directories
|
|
geoip: T6986: add missing cron installation path
|
|
udev: T6985: Fix udev rule to also register ttyACM serial devices
|
|
|
|
|
|
|
