Age | Commit message (Collapse) | Author |
|
Instead of hardcoding the default protocol as TCP in the Python script we shall
use the XML based defaultValue approach instead. This also automatically exports
the default to the CLI completion helper.
|
|
If port is specified on the CLI so must be source and destination under
the port node.
|
|
Commit 60c80df4 ("container: T4870: bump package version 0 -> 1 for filesystem
change") introduced a fundamental change in the container storage driver that
required a manual migration step from the user to not loose any data.
This commit removes the manual user interaction and temporary exports the
container images and re-imports them after the filesystem got changed. The only
things that get lost are orphaned container images no longer referenced by the
CLI - thats an adequate trade-off as those images can always be re-added to the
system.
|
|
overlay2 is the preferred storage driver for all currently supported Linux
distributions, and requires no extra configuration.
|
|
firewall: T2199: Add mac-address match to destination side
|
|
|
|
|
|
move from vfs to overlay driver
The following pre iage upgrade script must be executed to have containers after
the reboot:
for pod in $(cli-shell-api listActiveNodes container name); do
systemctl stop vyos-container-${pod//\'}.service
done
sed -i 's/vfs/overlay/g' /etc/containers/storage.conf /usr/share/vyos/templates/container/storage.conf.j2
rm -rf /usr/lib/live/mount/persistence/container/storage/libpod
for pod in $(cli-shell-api listActiveNodes container name); do
image=$(cli-shell-api returnActiveValue container name ${pod//\'} image)
podman image pull $image
systemctl start vyos-container-${pod//\'}.service
done
for dir in vfs vfs-containers vfs-images vfs-layers; do
rm -rf /usr/lib/live/mount/persistence/container/storage/$dir
done
|
|
container: T4870: Update podman to use overlay storage driver
|
|
ipsec.py
|
|
|
|
Our python scripts use the shebang logic to set an intepreter - we should
rely on this and not use an external interpreter in front of the helper.
|
|
|
|
|
|
script
Sorting DHCP pools and filtering for state can now be done using the new op-mode
mode scripts in DHCP. This allows us to drop the old helpers show_dhcp.py and
show_dhcpv6.py.
|
|
script
Remaining functionality to filter NAT translations for a given address
got implemented to nat.py - with this cahnge we can drop the old files
show_nat*.py
|
|
T4890: Fixed op_mode show conntrack table ipv4
|
|
Fixed op_mode show conntrack table ipv4
Created check on empty column "mark"
|
|
T4866: rewrite show_interfaces.py show* functions to standardized op-mode
|
|
|
|
|
|
|
|
|
|
- show log router-advert
- monitor log router-advert
|
|
Commit 13071a4a ("T4809: radvd: Allow the use of AdvRASrcAddress") added a new
feature to set the RA source-address. Unfortunately it missed a semicolon.
|
|
|
|
T4886: Firewall and route policy: Add connection-mark feature to vyos.
|
|
T4879: IPsec migration script remote-id for peer name eq address
|
|
Migration for "remote-id" where peer is IPv4 or IPv6 address
was missed
It was only migration if peer starts with "@"
It cause that you must manualy set 'remote-id' to get it working
correctly
replace 'vpn ipsec site-to-site peer 192.0.2.2'
=> 'vpn ipsec site-to-site peer peer_192-0-2-2 authentication remote-id 192.0.2.2'
|
|
Commit cca7ec3e ("T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)")
extended the smoketests but used int over str when calilng the CLI wrapper.
This led to:
TypeError: sequence item 7: expected str instance, int found
|
|
|
|
|
|
|
|
T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)
|
|
op-mode: T707: remove dedicated calls to sudo in vpn_ipsec
|
|
As the script itself (vpn_ipsec.py) is already invoked using sudo, there is no
further need to also call sudo inside the script again.
|
|
op-mode: T707: explicitly use sudo when working with RAID devices
|
|
|
|
op-mode: T4767: drop sudo calls when working with QAT/acceleration subsystem
|
|
As the API daemon has the proper permissions and also the CLI op-mode calls the
script already with "sudo", there is no need to call "sudo" inside this script,
again.
|
|
|
|
Required to solve Use of team reviewers results in: "Could not resolve to a
node with the global id of..." error as mentioned by:
https://github.com/shufo/auto-assign-reviewer-by-files
|
|
Unfortunately we always used the wrong syntax.
According to https://github.com/shufo/auto-assign-reviewer-by-files
we should use: ` - team: baz`
|
|
The implementation of is_node_changed() is less error prone and should always
be favoured.
|
|
T4780: Firewall: add firewall groups in firewall. Extend matching cri…
|
|
login: T4751: 2FA OTP key generator in VyOS CLI
|
|
T4884: snmpd: add community6 fallback
|
|
firewall: T4882: add missing ICMPv6 type names
|
|
1. Added in script update webproxy blacklists generation of all DBs
2. Fixed: if the blacklist category does not have generated db,
the template generates an empty dest category
in squidGuard.conf and a Warning message.
3. Added template generation for local's categories
in the rule section.
4. Changed syntax in the generation dest section for blacklist's
categories
4. Fixed generation dest local sections in squidGuard.conf
5. Fixed bug in syntax. The word 'allow' changed to the word 'any'
in acl squidGuard.conf
|
|
T4809: radvd: Allow the use of AdvRASrcAddress
|