summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-12-25container: T2216: use defaultValue XML definition to define port protocolChristian Poessinger
Instead of hardcoding the default protocol as TCP in the Python script we shall use the XML based defaultValue approach instead. This also automatically exports the default to the CLI completion helper.
2022-12-25container: T2216: add verify() for port definitionChristian Poessinger
If port is specified on the CLI so must be source and destination under the port node.
2022-12-24container: T4870: remove manual user interaction during storage migrationChristian Poessinger
Commit 60c80df4 ("container: T4870: bump package version 0 -> 1 for filesystem change") introduced a fundamental change in the container storage driver that required a manual migration step from the user to not loose any data. This commit removes the manual user interaction and temporary exports the container images and re-imports them after the filesystem got changed. The only things that get lost are orphaned container images no longer referenced by the CLI - thats an adequate trade-off as those images can always be re-added to the system.
2022-12-24container: T4870: update to overlay2 driverChristian Poessinger
overlay2 is the preferred storage driver for all currently supported Linux distributions, and requires no extra configuration.
2022-12-23Merge pull request #1724 from sarthurdev/fw_macChristian Poessinger
firewall: T2199: Add mac-address match to destination side
2022-12-23firewall: T2199: Fix typo in `rule-log-level.xml.i` headersarthurdev
2022-12-23firewall: T2199: Add mac-address match to `destination` sidesarthurdev
2022-12-23container: T4870: bump package version 0 -> 1 for filesystem changeChristian Poessinger
move from vfs to overlay driver The following pre iage upgrade script must be executed to have containers after the reboot: for pod in $(cli-shell-api listActiveNodes container name); do systemctl stop vyos-container-${pod//\'}.service done sed -i 's/vfs/overlay/g' /etc/containers/storage.conf /usr/share/vyos/templates/container/storage.conf.j2 rm -rf /usr/lib/live/mount/persistence/container/storage/libpod for pod in $(cli-shell-api listActiveNodes container name); do image=$(cli-shell-api returnActiveValue container name ${pod//\'} image) podman image pull $image systemctl start vyos-container-${pod//\'}.service done for dir in vfs vfs-containers vfs-images vfs-layers; do rm -rf /usr/lib/live/mount/persistence/container/storage/$dir done
2022-12-23Merge pull request #1702 from TGNThump/patch-1Christian Poessinger
container: T4870: Update podman to use overlay storage driver
2022-12-23ipsec: T4594: drop old show_ipsec_sa.py in favor of new implementation in ↵Christian Poessinger
ipsec.py
2022-12-23containers: T4585: remove redundant sudo calls in op-mode scriptChristian Poessinger
2022-12-23ipsec: T2816: do not explicitly call intepreter for python scriptChristian Poessinger
Our python scripts use the shebang logic to set an intepreter - we should rely on this and not use an external interpreter in front of the helper.
2022-12-23wireguard: T3642: drop deprecated CLI commandsChristian Poessinger
2022-12-23pki: T4847: extend dependency on sstpc client interfaceChristian Poessinger
2022-12-23dhcp: T4758: implement missing functionality from old script to new op-mode ↵Christian Poessinger
script Sorting DHCP pools and filtering for state can now be done using the new op-mode mode scripts in DHCP. This allows us to drop the old helpers show_dhcp.py and show_dhcpv6.py.
2022-12-23nat: T4545: implement missing functionality from old script to new op-mode ↵Christian Poessinger
script Remaining functionality to filter NAT translations for a given address got implemented to nat.py - with this cahnge we can drop the old files show_nat*.py
2022-12-23Merge pull request #1723 from aapostoliuk/T4890-sagittaChristian Poessinger
T4890: Fixed op_mode show conntrack table ipv4
2022-12-23T4890: Fixed op_mode show conntrack table ipv4aapostoliuk
Fixed op_mode show conntrack table ipv4 Created check on empty column "mark"
2022-12-22Merge pull request #1720 from jestabro/op-mode-interfacesJohn Estabrook
T4866: rewrite show_interfaces.py show* functions to standardized op-mode
2022-12-21interfaces: T4866: add interfaces.py to op-mode-standardized listJohn Estabrook
2022-12-21interfaces: T4866: call interfaces.py in op-mode-definitionsJohn Estabrook
2022-12-21interfaces: T4866: add standardized op-mode interfaces.pyJohn Estabrook
2022-12-20smoketest: radvd: T4809: add test case for RA source addressChristian Poessinger
2022-12-20op-mode: radvd: T4809: add CLI commands for log displayChristian Poessinger
- show log router-advert - monitor log router-advert
2022-12-20radvd: T4809: fix AdvRASrcAddress missing semicolonChristian Poessinger
Commit 13071a4a ("T4809: radvd: Allow the use of AdvRASrcAddress") added a new feature to set the RA source-address. Unfortunately it missed a semicolon.
2022-12-19graphql: T4887: interpret all boolean options as nullableJohn Estabrook
2022-12-19Merge pull request #1718 from nicolas-fort/T4886_conn_markChristian Poessinger
T4886: Firewall and route policy: Add connection-mark feature to vyos.
2022-12-19Merge pull request #1719 from sever-sever/T4879Christian Poessinger
T4879: IPsec migration script remote-id for peer name eq address
2022-12-19T4879: IPsec migration script remote-id for peer name eq addressViacheslav Hletenko
Migration for "remote-id" where peer is IPv4 or IPv6 address was missed It was only migration if peer starts with "@" It cause that you must manualy set 'remote-id' to get it working correctly replace 'vpn ipsec site-to-site peer 192.0.2.2' => 'vpn ipsec site-to-site peer peer_192-0-2-2 authentication remote-id 192.0.2.2'
2022-12-19dhcp: T4832: fix TypeError in smoketestChristian Poessinger
Commit cca7ec3e ("T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)") extended the smoketests but used int over str when calilng the CLI wrapper. This led to: TypeError: sequence item 7: expected str instance, int found
2022-12-19T4886: Firewall and route policy: Add connection-mark feature to vyos.Nicolas Fort
2022-12-17sstp: T4384: disable compression and creacke exclusive lock fileChristian Poessinger
2022-12-17sstp: T4384: remote server is mandatory in client modeChristian Poessinger
2022-12-17Merge pull request #1669 from vfreex/dhcp-v6-only-option-1.4Christian Poessinger
T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)
2022-12-17Merge pull request #1715 from c-po/currentChristian Poessinger
op-mode: T707: remove dedicated calls to sudo in vpn_ipsec
2022-12-17op-mode: T707: remove dedicated calls to sudo in vpn_ipsecChristian Poessinger
As the script itself (vpn_ipsec.py) is already invoked using sudo, there is no further need to also call sudo inside the script again.
2022-12-17Merge pull request #1714 from c-po/currentChristian Poessinger
op-mode: T707: explicitly use sudo when working with RAID devices
2022-12-17op-mode: T707: explicitly use sudo when working with RAID devicesChristian Poessinger
2022-12-17Merge pull request #1713 from c-po/currentChristian Poessinger
op-mode: T4767: drop sudo calls when working with QAT/acceleration subsystem
2022-12-17op-mode: T4767: drop sudo calls when working with QAT/acceleration subsystemChristian Poessinger
As the API daemon has the proper permissions and also the CLI op-mode calls the script already with "sudo", there is no need to call "sudo" inside this script, again.
2022-12-17GitHub: use private access token for review assignmentChristian Poessinger
2022-12-17GitHub: update access tokenChristian Poessinger
Required to solve Use of team reviewers results in: "Could not resolve to a node with the global id of..." error as mentioned by: https://github.com/shufo/auto-assign-reviewer-by-files
2022-12-17GitHub: fix team reviewer assignmentChristian Poessinger
Unfortunately we always used the wrong syntax. According to https://github.com/shufo/auto-assign-reviewer-by-files we should use: ` - team: baz`
2022-12-17bonding: T4878: use more is_node_changed() over leaf_node_changed()Christian Poessinger
The implementation of is_node_changed() is less error prone and should always be favoured.
2022-12-17Merge pull request #1626 from nicolas-fort/fwall_group_interfaceChristian Poessinger
T4780: Firewall: add firewall groups in firewall. Extend matching cri…
2022-12-17Merge pull request #1599 from goodNETnick/goodnetnick-loginotpgenerator-T4751Christian Poessinger
login: T4751: 2FA OTP key generator in VyOS CLI
2022-12-17Merge pull request #1711 from roedie/T4884Christian Poessinger
T4884: snmpd: add community6 fallback
2022-12-17Merge pull request #1709 from initramfs/current-T4882Christian Poessinger
firewall: T4882: add missing ICMPv6 type names
2022-12-17webproxy: T3810: multiple squidGuard fixesaapostoliuk
1. Added in script update webproxy blacklists generation of all DBs 2. Fixed: if the blacklist category does not have generated db, the template generates an empty dest category in squidGuard.conf and a Warning message. 3. Added template generation for local's categories in the rule section. 4. Changed syntax in the generation dest section for blacklist's categories 4. Fixed generation dest local sections in squidGuard.conf 5. Fixed bug in syntax. The word 'allow' changed to the word 'any' in acl squidGuard.conf
2022-12-17Merge pull request #1712 from roedie/T4809-2Christian Poessinger
T4809: radvd: Allow the use of AdvRASrcAddress