| Age | Commit message (Collapse) | Author |
|---|
|
Mark 'dns dynamic name' as tag node to avoid unexpected nesting.
Also, fix file exec permission for migration script.
|
|
|
|
|
|
As followup to interface definition change, remove XML snippets that
aren't used anymore. They were there because they were 'include'-ed
multiple times in the interface definition `dynamic-dns.xml.in`. Since
that's not the case anymore, they can be removed.
|
|
Modify the configuration path to be consistent with the usual dialects
of VyoS configuration (wireguard, dns, firewall, etc.)
This would also shorten the configuration path and have a unified
treatment for RFC2136-based updates and other 'web-service' based updates.
While at it, add support for per-service web-options. This would allow
for probing different external URLs on a per-service basis.
|
|
vti: T5769: restore interface settings on down -> up event (backport #2566)
|
|
On VTI interface link down the link-local IPv6 address is removed. As soon as
the IPSec tunnel is online again, vti-up-down helper is called which only places
the interface in up state using iproute2 command
sudo ip link set vti0 up
This does not restore the IPv6 LL address. Instead use vyos.ifconfig to properly
re-initialize the VTI interface using the generic update() method.
(cherry picked from commit d90ca4415bed8ce99c854243dca3036e76497270)
|
|
T5796:add/fixed OCSERV HTTP security headers (backport #2564)
|
|
(cherry picked from commit db51546edd653d3637cb26d6957ce5222d44d395)
|
|
mdns: T5793: Cleanup avahi-daemon configuration in `/etc` [followup] (backport #2562)
|
|
`/etc/avahi` technically can be deleted since we operate with
avahi-daemon configuration in `/run/avahi-daemon`.
But we still need to keep `/etc/avahi/services` because avahi-daemon
`chroot` to that location at startup. This is setup at build time via
`AVAHI_CONFIG_DIR` and there is no way to change it at runtime.
(cherry picked from commit 2b57ca6c3f9ff98cd6d4dd2a101a8b72ed2d94f4)
|
|
http-api: T5782: simplifications for config mode http-api
|
|
mdns: T5793: Cleanup avahi-daemon configuration in `/etc` (backport #2559)
|
|
|
|
|
|
`/etc/avahi` can be deleted since we operate with avahi-daemon
configuration in `/run/avahi-daemon`.
(cherry picked from commit 33c96654f485a13fe3475bb89dec3ad26107058e)
|
|
T5727: Use native URL validator instead of regex-based validator (backport #2467)
|
|
policy: T4704: Allowed to set metric (MED) to (+/-)rtt (backport #2547)
|
|
Allowed to set metric (MED) to (+/-)rtt in the route-map.
(cherry picked from commit 5d98e806ef4edb4439620eff60215aaf30b5a592)
|
|
ddclient: T5573,T5574,T5612,T5708: Backport ddclient related changes
|
|
mdns: T5723: Always reload systemd daemon before applying changes (backport #2459)
|
|
Replace regex-based URL validator with native validator from vyos-utils.
Also, move `include/url.xml.i` to `include/url-http-https.xml.i` to
reflect the fact that it is used only for HTTP(S) URLs.
(cherry picked from commit 64322b19d6968195a6dc7c82e7e22126072377f5)
|
|
Additionally, templatize system service override and move it to the
runtime path.
(cherry picked from commit eb906739047187c322b6ce9efe7c9479bed9a024)
|
|
Ensure that the random VRF table name is 4 digits long, not 5 and stays
within the the range of 100 - 65535.
|
|
Add additional smoketests for web-options validation.
Also, format error messages to optionally include protocol name.
|
|
Fix execution bit for migration script
|
|
- Migrate to ddclient 3.11.1 and enforce debian/control dependency
- Add dual stack support for additional protocols
- Restrict usage of `porkbun` protocol, VyOS configuration structure
isn't compatible with porkbun yet
- Improve and cleanup error messages
|
|
`web-options` is only applicable when using HTTP(S) web request to
obtain the IP address. Apply guard for that.
|
|
Migration to 3.11.1 follow-up: This should make `ddclient.conf` parsing
more resilient to edge cases (particularly when `password` isn't the
last option right before the host parameter).
ddclient config parser applies special treatment to the password field
and would unwrap the quotes automatically.
Also, switch from now deprecated `use=no` to `use=disabled`.
|
|
Time interval in seconds to wait between DNS updates would be a bit
more intuitive as `interval` than `timeout`.
|
|
Add support for per-service cache management for ddclient providers
via `wait-time` and `expiry-time` options. This allows for finer-grained
control over how often a service is updated and how long the hostname
will be cached before being marked expired in ddclient's cache.
More specifically, `wait-time` controls how often ddclient will attempt
to check for a change in the hostname's IP address, and `expiry-time`
controls how often ddclient to a forced update of the hostname's IP
address.
These options intentionally don't have any default values because they
are provider-specific. They get treated similar to the other provider-
specific options in that they are only used if defined.
|
|
Additional cleanup and refactoring for ddclient scripts including the
smotektests.
|
|
Adjust the validator and completion for ddclient to remove unsupported
or superfluous protocols.
Specifically,
- remove 'nsupdate' protocol from the list because there is a separate
config path for that protocol (rfc2136)
- remove 'cloudns' protocol from the list because it has non standard
configuration and is not supported by our configurator at this time
|
|
Refactor zone configuration to use shared XML snippet for all cases.
|
|
dyndns2 protocol in ddclient honors dual stack for selective servers
because of the way it is implemented in ddclient.
We formalize the well known servers that support dual stack in a list
and check against it when validating the configuration.
|
|
Adjust the jinja template to avoid generating incorrect ddclient.conf in
some cases. The template is reformatted to guarantee whitespacing and
empty line separation.
|
|
Some porvides (like 'namecheap') allow to use '@' or '*' as hostname
prefix for apex and wildcard records. This commit relaxes the hostname
validation to allow these prefixes.
|
|
Enable TTL support for web-service based protocols in addition to
RFC2136 based (nsupdate) protocol.
Since TTL is not supported by all protocols, and thus cannot have a
configuration default, the existing XML snippet `include/dns/time-to-live.xml.i`
does not have common `<defaultValue>300</defaultValue>` anymore and is
instead added explicitly whenever necessary.
|
|
Fix VRF support interface definition and configuration mode for ddclient
to actually capture the VRF name and pass it to the template.
|
|
|
|
Now that the caching fixes are in place, we can update the config to
remove legacy treatment of ipv4 related properties.
|
|
vxlan: T5759: change default MTU from 1450 -> 1500 bytes (backport #2503)
|
|
vyos.utils: T5749: fix get_vrf_members() call to iproute2 (backport #2546)
|
|
The iproute2 master argument is used for both a VRF and a bridge device. Using
this in the VRF context would retrieve and report back the wrong interfaces:
Old implementation:
===================
>>> from vyos.utils.network import get_vrf_members
>>> get_vrf_members('br1')
['eth1', 'eth2', 'vxlan1']
>>> get_vrf_members('black')
['br1.3002', 'br1.4000', 'pim6reg10200']
The new implementation:
=======================
>>> from vyos.utils.network import get_vrf_members
>>> get_vrf_members('br1')
[]
>>> get_vrf_members('black')
['br1.3002', 'br1.4000', 'pim6reg10200']
(cherry picked from commit e02546655adefe1a6fb3660402e697f872d3ffe7)
|
|
smoketest: T5783: check for any abnormal daemon termination (backport #2544)
|
|
We need to ensure when stressing FRR with the smoketests that no unexpected
crash happens. We simply verify the PID of the individual FRR daemons.
(cherry picked from commit 080e117884196136cd63e5d312ff43fba15f7182)
|
|
https api: T5772: check if keys are configured unless PAM auth is enabled for GraphQL (backport #2522)
|
|
unless PAM auth is enabled for GraphQL
(cherry picked from commit 8c450ea7f538beb0b2cd21d35c05d18db49a1802)
|
|
pppoe: T5630: make MRU default to MTU if unspecified (backport #2527)
|
|
This fixes the implementation in e062a8c11 ("pppoe: T5630: allow to specify MRU
in addition to already configurable MTU") and restores the bahavior that MRU
defaults to MTU if MRU is not explicitly set.
This was the behavior in VyOS 1.3.3 and below before we added ability to define
the MRU value.
(cherry picked from commit ffd7339e2ea3eafdd97ac0763ca4a3913fe71bf3)
|
