Age | Commit message (Collapse) | Author |
|
After commit 209ce3d9 ("container: T3769: when container networks are used,
always bridge the networks") IP masquerading (NAT) was disabled. No need to
keep the haipin flag.
|
|
Commit a30d74f4 (container: op-mode: T3765: add "connect container mysql-server")
added a CLI op-mode command to attach to a container - users typically not want
to attach and consume stdout (can be done via logs) but rather wan't to debug
inside the container image.
vyos@vyos:~$ connect container unifi
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 202 0.0 0.0 4640 828 pts/1 Ss 21:06 0:00 /bin/sh
root 203 0.0 0.0 34416 2872 pts/1 R+ 21:06 0:00 \_ ps faux
root 187 0.0 0.0 18388 3124 ? S 21:03 0:00 /bin/bash
root 186 0.0 0.0 4640 788 ? S 21:03 0:00 /bin/sh
root 185 0.0 0.0 4640 824 ? S 21:03 0:00 /bin/sh
root 184 0.0 0.0 4640 836 ? S 21:03 0:00 /bin/sh
root 1 0.0 0.0 18520 3228 pts/0 Ss+ 20:50 0:00 bash /usr/local/bin/docker-entrypoint.sh unifi
root 12 4.8 14.2 3688080 572756 pts/0 Sl+ 20:50 0:48 java -Dunifi.datadir=/unifi/data -Dunifi.logdir=/unifi/log -Dunifi.rundir=/var/run/unifi -
root 35 0.7 3.4 1102700 139752 pts/0 Sl+ 20:50 0:07 \_ bin/mongod --dbpath /usr/lib/unifi/data/db --port 27117 --unixSocketPrefix /usr/lib/un
Linux 57c689f739ed 5.10.60-amd64-vyos #1 SMP Fri Aug 20 14:44:59 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
|
|
As VyOS is a network operation system with bridging and NATing available from
the VyOS CLI, it makes no sense to let podman do it's own sort of "NAT".
If one really want's to NAT into a container, use the VyOS CLI to do so. If you
wan't to bridge your networks, use the VyOS CLI to do so.
|
|
redistributed routes
|
|
|
|
|
|
Volumes must have both a source and destination path specified. Also the
source path must exist on the current system.
|
|
|
|
A call to .items() was missing that triggered the following error:
ValueError: too many values to unpack (expected 2)
|
|
As VyOS CLI is the only truth for dealing with containers we do not need to
query if a container is running, exists or what so ever. We simply always
restart it if something changes and do not rely on the underlaying Linux
status.
If a users does container stuff under the hood - it will be overridden.
|
|
hyphen
|
|
|
|
|
|
|
|
|
|
|
|
A container is limited to 256MB memory by default and will always restart on
failure.
|
|
|
|
An environment variable passed to podman can only consist out of alphanumeric
characters, a hypend and an underscore.
|
|
|
|
A environment variable MUST always have a value specified. Non existing
values will cause the following error:
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/containers.py", line 269, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/containers.py", line 224, in apply
env_opt += " -e ".join(f"{k}={v['value']}" for k, v in container_config['environment'].items())
File "/usr/libexec/vyos/conf_mode/containers.py", line 224, in <genexpr>
env_opt += " -e ".join(f"{k}={v['value']}" for k, v in container_config['environment'].items())
KeyError: 'value'
|
|
Commit 99440fc0 ("Makefile: fix logic to detect empty "node.def" files")
disabled the detection of empty node.def files for op-mode commands. The
generation of a duplicate and thus empty node.def file is not prohibited
by commit 17b5ac14 ("T3165: op-mode: prevent override of populated node.def file
with empty content") and thus the check is re-enabled!
|
|
|
|
|
|
|
|
That nasty workaround to always specify the same value for the node.def file
as the help text is no longer necessary after commit 17b5ac14 ("T3165: op-mode:
prevent override of populated node.def file with empty content".
The redundant definitions are no longer necessary.
|
|
|
|
This is an extension to commit b4fdcebe ("T3165: prevent override of populated
node.def file with empty content") which implemented the same thing for the
configuration mode commands.
|
|
|
|
|
|
|
|
container.xml.in file
|
|
|
|
|
|
|
|
Now that the PPPoE interface also makes use of the vyos.ifconfig.interface
class, we need to adjust the smoketests to reflect all those changes.
TODO:
Start a local PPPoE server in a namespace and connect locally for deeper
testing.
|
|
|
|
|
|
|
|
interfaces
|
|
|
|
vyos@vyos# show interfaces pppoe
pppoe pppoe10 {
+ access-concentrator asdfg
authentication {
password bar
user foo
}
default-route force
no-peer-dns
source-interface eth0.202
}
vyos@vyos# python3
Python 3.9.2 (default, Feb 28 2021, 17:03:44)
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from vyos.config import Config
>>> from vyos.configdict import get_interface_dict
>>> from vyos.configdict import leaf_node_changed
>>> conf = Config()
>>> base = ['interfaces', 'pppoe']
>>> tmp = get_interface_dict(conf, base, 'pppoe10')
>>> leaf_node_changed(conf, ['access-concentrator'])
>>> ['']
|
|
Now that MSS clamping is done on the "per-interface" level the entire PPPoE
stuff would have needed to get a full copy in GNU BASH for this or, participate
in the common library.
Add a new PPP ip-up script named 99-vyos-pppoe-callback which will call the
vyos.ifconfig.PPPoEIf.update() function to configure everything as done with
all other interfaces. This removes duplicated code for VRF assignment and route
installation when a PPPoE interface is brought up or down.
|
|
|
|
WireGuard, Tunnel and also PPPoE all need a ways to calculate a synthetic MAC
address used for the EUI64 link-local addresses. Instead of copying the code
from Tunnel to WireGuard to PPPoE, use a generic implementation.
|
|
|
|
|
|
|
|
|
|
WWAN does no londer need to render any configuration files.
|