Age | Commit message (Collapse) | Author |
|
Mandatory FRR options for spf-delay-ietf did not get rendered in the Jinja2
template.
|
|
In the past we always told ethtool to change the offloading settings, even if
this was not supported by the underlaying driver.
This commit will only change the offloading options if they differ from the
current state of the NIC and only if it's supported by the NIC. If the NIC does
not support setting the offloading options, a message will be displayed
for the user:
vyos@vyos# set interfaces ethernet eth2 offload gro
vyos@vyos# commit
[ interfaces ethernet eth2 ]
Adapter does not support changing large-receive-offload settings!
|
|
|
|
wireguard: T3763: Added check for listening port availability
|
|
We need to copy the configuration before this is done in super().update() as we
utilize self.set_dhcpv6() before this is done by the base class.
|
|
|
|
`print` was removed or replaced to `ValueError`, where possible.
|
|
bgp: evpn: T3739: add route-map match support
|
|
Extended CLI command: "set vpn ipsec remote-access connection rw pool" with a
"radius" option.
|
|
(cherry picked from commit b4b2c91127289c7b62afb24304054d57357a48c5)
|
|
The current command to restart any of the FRR processes is:
vyos@vyos:~$ restart frr
Possible completions:
<Enter> Execute the current command
bfdd Restart Bidirectional Forwarding Detection daemon
bgpd Restart Border Gateway Protocol daemon
ospf6d Restart OSPFv3 daemon
ospfd Restart OSPFv2 daemon
ripd Restart Routing Information Protocol daemon
ripngd Restart RIPng daemon
staticd Restart Static Route daemon
zebra Restart IP routing manager daemon
From a real-life example: Two engineers needed 5 minutes to figure it is under
"restart frr" - that is why this commit drops the artificial "frr" level on the
op-mode commands to restart routing protocol daemons.
It's less intuitive to have "restart frr ospfd" or "restart frr bgpd" compared
to "restart ospf" and "restart bgp" - we have the same for "restart ssh" or
"restart snmp" and not "restart openssh sshd".
This commit also drops the d (daemon) suffix of the op-mode comamands so the
commands align with the VyOS CLI, else there would be a miss-understanding from
ospf6d to ospfv3.
(cherry picked from commit 8ad8b0d51bf21c583e6d687576cb1a61195e7215)
|
|
Each wireguard interface requires a unique port for in and out
connections. This commit adds the new `vyos.util` function -
`check_port_availability`, and uses it to be sure that a port
that is planned to be used for wireguard interface is truly
available and not used by any other services (not only other
wireguard interfaces).
|
|
ipsec: T3780: shutting down vti when tunnel is down
|
|
|
|
|
|
T3773: delete the original "show system integrity" command
|
|
... there was a type setting ecp512 instead of ecp521.
|
|
When the interface name was stripped down from "eth0.201" to "eth" to determine
the appropriate interface section, VRRP interfaces got left out on the call
to rstrip().
VRRP interfaces now show up in "show interfaces" as they did in VyOS 1.2.
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
dum0 172.18.254.201/32 u/u
eth0 - u/u
eth0.10 172.16.33.8/24 u/u
eth0.201 172.18.201.10/24 u/u
eth1 10.1.1.2/24 u/u
eth1v10 10.1.1.1/24 u/u
eth2 - u/u
lo 127.0.0.1/8 u/u
::1/128
|
|
|
|
|
|
Commit 474db49a ("bgp: T3759: "l2vpn evpn" and ipv4/ipv6 safi route-targets
differ") made it possible to specify a whitelist separated list of route-targets,
this is now validated through the smoketests.
|
|
The "l2vpn evpn" address-family route-target command only accepts a single
route-target value consisting of (A.B.C.D:MN|EF:OPQR|GHJK:MN). The
"ipv4-unicast or ipv6-unicast" address-family route-target command for VPNs
support multiple, whitespace separated route-target values.
This commit adds a new custom validator named "bgp-route-target" with a --single
and a --multi option to pass one or more route-target values.
|
|
|
|
... as we will get another bgp route-target validator soon.
|
|
After commit 209ce3d9 ("container: T3769: when container networks are used,
always bridge the networks") IP masquerading (NAT) was disabled. No need to
keep the haipin flag.
|
|
Commit a30d74f4 (container: op-mode: T3765: add "connect container mysql-server")
added a CLI op-mode command to attach to a container - users typically not want
to attach and consume stdout (can be done via logs) but rather wan't to debug
inside the container image.
vyos@vyos:~$ connect container unifi
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 202 0.0 0.0 4640 828 pts/1 Ss 21:06 0:00 /bin/sh
root 203 0.0 0.0 34416 2872 pts/1 R+ 21:06 0:00 \_ ps faux
root 187 0.0 0.0 18388 3124 ? S 21:03 0:00 /bin/bash
root 186 0.0 0.0 4640 788 ? S 21:03 0:00 /bin/sh
root 185 0.0 0.0 4640 824 ? S 21:03 0:00 /bin/sh
root 184 0.0 0.0 4640 836 ? S 21:03 0:00 /bin/sh
root 1 0.0 0.0 18520 3228 pts/0 Ss+ 20:50 0:00 bash /usr/local/bin/docker-entrypoint.sh unifi
root 12 4.8 14.2 3688080 572756 pts/0 Sl+ 20:50 0:48 java -Dunifi.datadir=/unifi/data -Dunifi.logdir=/unifi/log -Dunifi.rundir=/var/run/unifi -
root 35 0.7 3.4 1102700 139752 pts/0 Sl+ 20:50 0:07 \_ bin/mongod --dbpath /usr/lib/unifi/data/db --port 27117 --unixSocketPrefix /usr/lib/un
Linux 57c689f739ed 5.10.60-amd64-vyos #1 SMP Fri Aug 20 14:44:59 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
|
|
As VyOS is a network operation system with bridging and NATing available from
the VyOS CLI, it makes no sense to let podman do it's own sort of "NAT".
If one really want's to NAT into a container, use the VyOS CLI to do so. If you
wan't to bridge your networks, use the VyOS CLI to do so.
|
|
redistributed routes
|
|
|
|
|
|
Volumes must have both a source and destination path specified. Also the
source path must exist on the current system.
|
|
|
|
A call to .items() was missing that triggered the following error:
ValueError: too many values to unpack (expected 2)
|
|
As VyOS CLI is the only truth for dealing with containers we do not need to
query if a container is running, exists or what so ever. We simply always
restart it if something changes and do not rely on the underlaying Linux
status.
If a users does container stuff under the hood - it will be overridden.
|
|
hyphen
|
|
|
|
|
|
|
|
|
|
|
|
A container is limited to 256MB memory by default and will always restart on
failure.
|
|
|
|
An environment variable passed to podman can only consist out of alphanumeric
characters, a hypend and an underscore.
|
|
|
|
A environment variable MUST always have a value specified. Non existing
values will cause the following error:
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/containers.py", line 269, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/containers.py", line 224, in apply
env_opt += " -e ".join(f"{k}={v['value']}" for k, v in container_config['environment'].items())
File "/usr/libexec/vyos/conf_mode/containers.py", line 224, in <genexpr>
env_opt += " -e ".join(f"{k}={v['value']}" for k, v in container_config['environment'].items())
KeyError: 'value'
|
|
Commit 99440fc0 ("Makefile: fix logic to detect empty "node.def" files")
disabled the detection of empty node.def files for op-mode commands. The
generation of a duplicate and thus empty node.def file is not prohibited
by commit 17b5ac14 ("T3165: op-mode: prevent override of populated node.def file
with empty content") and thus the check is re-enabled!
|
|
|
|
|
|
|
|
That nasty workaround to always specify the same value for the node.def file
as the help text is no longer necessary after commit 17b5ac14 ("T3165: op-mode:
prevent override of populated node.def file with empty content".
The redundant definitions are no longer necessary.
|