summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-06-03dns: T5144: Modernize dynamic dns operationIndrajit Raychaudhuri
Apply next round of configuration tree updates to 'service dns dynamic' with the following changes: - Migrate `service dns dynamic interface <interface> [use-web]` to `service dns dynamic address <interface>` or `service dns dynamic address web [web-options]` This communicates the intent that dynamic dns IP address is detected in only one way - using the `<interface>` or using an external web request, not both. - When using external web request, (`service dns dynamic address web`), external url is optional (`web-options url`). Ddclient defaults are used when unspecified, - Rename all config `login` to `username` for consistency and also to align better with alternative ddclient backends in consideration. - Apply global 'ipv6-enable' to per service 'ip-version: ipv6'. Selecting usage of IPv4 or IPv6 (or both simultaneously) is now at per service (protocol) level instead of global level. This allows more control on the ability to select IPv4 in some cases and IPv6 in some other cases wherever supported by the underlying ddclient protocol. - While the IP address (and by extension, the detection mechanism) is global, the way it is applied to a particular ddclient protocol depends on whether it supports IPv4 or IPv6 or both. - Related to the above, this also prevents generating incorrect config file (`ddclient.conf`) with multiple global sections leading to an unpredictable behavior of ddclient. - Implement provider (protocol) specific custom tweaks whenever possible (e.g., `zone`, `username`, `server` are not necessary in all cases). - Move service name from a combination of 'protocol' (with protocol config autodetected) and custom (with protocol config specified) to a single 'service' key. This allows for consisent setup of multiple config for the same ddclient protocol (with different options and credentials). This also avoid ambiguity with usual networking term 'protocol' and ddclient specific term 'protocol' (and can change with a move to a different backend). - Apply upfront XML constraints and validations consistently wherever applicable. - RFC2136 specific change: Rename rfc2136 config `record` to `host-name` for consistency. - Cloudflare specific change: While ddclient still supports authenticating with email and global auth key, skipping `username` in config will indicate the intent to use API token authentication (with special 'token' literal as `username`).
2023-06-03T5257: add verify_vrf() check for flow-accountingChristian Breunig
2023-06-03T5257: import cleanup for flow-accountingChristian Breunig
2023-06-03netns: xml: T3829: fix format stringChristian Breunig
2023-06-03Merge pull request #2024 from ServerForge/currentChristian Breunig
T5257: Fix netflow VRF and bracketize v6 source addresses for netflow…
2023-06-03T5257: Fix netflow VRF and bracketize v6 source addresses for netflow/sflowWered
2023-06-02Merge pull request #2023 from jestabro/error-passingViacheslav Hletenko
configtree: T5251: catch/raise errors in functions delete and delete_value
2023-05-31migration: T5251: fix incorrect logic in calling configtree.deleteJohn Estabrook
The node was already deleted in the 'if path exists' branch; attempt to delete in 'else' branch will now raise an error.
2023-05-31configtree: T5251: catch/raise error in delete and delete_valueJohn Estabrook
Configtree functions delete/delete_value do not check return value of libvyosconfig functions; raise error on non-zero return value.
2023-05-31Merge pull request #2021 from blank0608/T5210Christian Breunig
T5210:VPN:Fix typo in Warning
2023-05-31T5210: VPN: Fix typo in WarningJohn Landicho
2023-05-29smoketest: wifi: T5242: T5245: temporary disable IPv6 and VLAN testsChristian Breunig
2023-05-29smoketest: adjust to new process_named_running() implementationChristian Breunig
After commit 9c677c81b ("vyos.util: extend process_named_running() signature with cmdline") we need an exact match for the process name. In the past we used a in b and now we test for a == b.
2023-05-29netns: T3829: remove debug print() statemementChristian Breunig
2023-05-29T5234: add bash prompt identifier for given Network namespaceChristian Breunig
2023-05-29smoketest: T5242: fix precondition check for VLAN MTU testcaseChristian Breunig
2023-05-29ifconfig: T2104: use link_local_prefix literal for fe80::/64Christian Breunig
2023-05-29T5234: add op-mode command "force netns" to change shell into any given ↵Christian Breunig
namespace
2023-05-29T5234: extend color prompt with VRF instance nameChristian Breunig
2023-05-28smoketest: T5242: improve base class test cases for virtual-ethernet interfacesChristian Breunig
2023-05-28vyos.util: extend process_named_running() signature with cmdlineChristian Breunig
process_named_running() was introduced in commit 16b2fc8fc4ca ("dns-forwarding: T2298: fix path to control file") and thus remained more or less unchanged. Smoketests use process_named_running() heavily and might spawn multiple processes with the same name but ifferent options (e.g. dhcp6c or dhclient) and it was yet not possible to properly filter on the "real-deal" like the process bound to a given interface. One can now optionally specify a string that is searched inside the command line argument list of the process. Example: >>> process_named_running('dhcp6c', 'veth0') ['/usr/sbin/dhcp6c', '-D', '-k', '/run/dhcp6c/dhcp6c.veth0.sock', '-c', '/run/dhcp6c/dhcp6c.veth0.conf', '-p', '/run/dhcp6c/dhcp6c.veth0.pid', 'veth0'] 4215 >>> process_named_running('dhcp6c', 'veth1') ['/usr/sbin/dhcp6c', '-D', '-k', '/run/dhcp6c/dhcp6c.veth1.sock', '-c', '/run/dhcp6c/dhcp6c.veth1.conf', '-p', '/run/dhcp6c/dhcp6c.veth1.pid', 'veth1'] 4253 Where the debug list returned is the commandline searched.
2023-05-28ipsec: T5042: fix remote-access "Tunnel IP" columnChristian Breunig
Connection ID Username Protocol State Uptime Tunnel IP --------------- ---------- ---------- ------- -------- ----------------- 27 cpo IKEv2 UP 11s ['172.16.222.17'] "Tunnel IP" should be a string over list.
2023-05-28router-advert: T5240: verify() that no more then 3 IPv6 name-servers configuredChristian Breunig
This is a radvd limitation.
2023-05-28container: T5003: add new mandatory option runrootChristian Breunig
2023-05-27Merge branch 't5242-smoketest-dynamic' into currentChristian Breunig
* t5242-smoketest-dynamic: smoketest: T5242: automatically detect interface "capabilities" geneve: T2630: change lower limit MTU to 1200 bytes gitignore: T5242: add XML dict cache file bridge: T4579: fix error message for bridge and bond membership T5242: example use of cli_defined xml: T5242: add cli_defined boolean test for node existing under path
2023-05-27smoketest: T5242: automatically detect interface "capabilities"Christian Breunig
Current state of vyos-1x smoketests have hardcoded features to test. The feature support is inside the base class BasicInterfaceTest class BasicInterfaceTest: class TestCase(VyOSUnitTestSHIM.TestCase): _test_dhcp = False _test_ip = False _test_mtu = False _test_vlan = False _test_qinq = False _test_ipv6 = False _test_ipv6_pd = False _test_ipv6_dhcpc6 = False _test_mirror = False All derived classes need to enable the tests that are supported on this interface type. Adding new feature to a given interface (like vif support in T5237) require manually enabling those tests for the given interface. It would make much more sense, if we can query the config backend for supported interface options - or in other words - is there a CLI node available that corresponds to set interfaces ethernet <name> vif - if that's the case, _test_vlan = True.
2023-05-26geneve: T2630: change lower limit MTU to 1200 bytesChristian Breunig
2023-05-26gitignore: T5242: add XML dict cache fileChristian Breunig
2023-05-26bridge: T4579: fix error message for bridge and bond membershipChristian Breunig
2023-05-26Merge branch 'cli-defined' of https://github.com/jestabro/vyos-1x into ↵Christian Breunig
t5242-smoketest-dynamic * 'cli-defined' of https://github.com/jestabro/vyos-1x: T5242: example use of cli_defined xml: T5242: add cli_defined boolean test for node existing under path
2023-05-26T5242: example use of cli_definedJohn Estabrook
2023-05-26xml: T5242: add cli_defined boolean test for node existing under pathJohn Estabrook
If non_local=False (default), cli_defined returns True if the node is a child of the path in interface-definitions; otherwise True if node is a descendent of the path.
2023-05-24Merge pull request #2017 from sever-sever/T5237Christian Breunig
T5237: Add support VLANs and QinQ for virtual-ethernet interfaces
2023-05-24T5237: Add support VLANs and QinQ for virtual-ethernet interfacesViacheslav Hletenko
Ability to use 'vif' and 'vif-s' for virtual-ethernet "vethX" interfaces set interfaces virtual-ethernet veth10 vif 50
2023-05-21T5234: add op-mode command "force vrf" to change shell into any given VRFChristian Breunig
2023-05-21T5234: add bash prompt identifier for given VRF instanceChristian Breunig
2023-05-21Merge pull request #1997 from jestabro/reference-treeViacheslav Hletenko
xml: T5218: revise vyos xml lib for bug fixes and extensions
2023-05-19T5230: remove trailing tabs causing j2lint errorJohn Estabrook
2023-05-19xml: T5218: return defaults only for child leaf-nodes, unless recursiveJohn Estabrook
Operations get_defaults and get_config_defaults return default values only for nodes with parent in the config dict (get_config_defaults) or at the path (get_defaults). To include default values of decendent nodes, set option recursive=True.
2023-05-19Merge pull request #2014 from ServerForge/currentChristian Breunig
T5230: Added missing enforce-first-as option to bgp protocol common c…
2023-05-19Merge pull request #2013 from sever-sever/T5222Christian Breunig
T5222: reverse-proxy fix listen-address template and add smoketest
2023-05-19T5230: Added missing enforce-first-as option to bgp protocol common config ↵Wered
and frr bgp jinja template.
2023-05-19T5222: load-balancing reverse-proxy add smoketest domainsViacheslav Hletenko
2023-05-19T5222: reverse-proxy add send-proxy option for backend serverViacheslav Hletenko
To accept a Proxy Protocol header on incoming TCP connections, add an accept-proxy parameter to the bind line in a frontend section. This parameter detects both Proxy Protocol version 1 (text format) and Proxy Protocol version 2 (binary format). set load-balancing reverse-proxy backend <tag> server <tag> send-proxy
2023-05-19T5222: reverse-proxy fix template for listen-addressViacheslav Hletenko
Load-balancing reverse-proxy listen-address is multi-value node Use bracketize for correct set bind config for IPv6 addresses Listen by default IPv4 and IPv6 if listen-address is not defined
2023-05-19Merge pull request #2012 from sever-sever/T5222-modChristian Breunig
T5222: Refactoring load-balancing reverse-proxy
2023-05-19T5222: Refactoring load-balancing reverse-proxyViacheslav Hletenko
Improve and refactoring "load-balancing reverse-proxy" - replace 'reverse-proxy server <tag>' => 'reverse-proxy service <tag>' - replace 'reverse-proxy global-parameters tls <xxx>' => 'reverse-proxy global-parameters tls-version-min xxx' => 'reverse-proxy global-parameters ssl-bind-ciphers xxx' - replace 'reverse-proxy service https rule <tag> set server 'xxx' => 'reverse-proxy service https rule <tag> set backend 'xxx' 'service https rule <tag> domain-name xxx' set as multinode
2023-05-18wwan: op-mode: T5196: fix interface type when calling python backendChristian Breunig
2023-05-18Merge pull request #2011 from indrajitr/mdns-improvements-2Christian Breunig
mdns: T5227: Relax 'allow-service' pattern
2023-05-18mdns: T5227: Relax 'allow-service' patternIndrajit Raychaudhuri
Relax allow service pattern to allow for '.' as well for SRV records.