Age | Commit message (Collapse) | Author |
|
This fixes (for and ACME generated certificate)
vyos@vyos:~$ show pki certificate vyos fingerprint sha512
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module>
show_certificate_fingerprint(args.certificate, args.fingerprint)
File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint
print(get_certificate_fingerprint(cert, hash))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint
fp = cert.fingerprint(hash_algorithm)
^^^^^^^^^^^^^^^^
AttributeError: 'bool' object has no attribute 'fingerprint'
After the fix:
vyos@vyos# run show pki certificate vyos fingerprint sha256
10:2C:EF:2C:DA:7A:EE:C6:D7:8E:53:12:F0:F5:DE:B9:E9:D0:6C:B4:49:1C:8B:70:2B:D9:AF:FC:9B:75:A3:D2
(cherry picked from commit b6ee07c7efbb818787deba20116f4289853fb5c9)
|
|
This fixes the error:
vyos@vyos:~$ show pki certificate
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/vyos/config.py", line 111, in config_dict_mangle_acme
tmp = read_file(f'{vyos_certbot_dir}/live/{name}/cert.pem')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 44, in read_file
raise e
File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 38, in read_file
with open(fname, 'r') as f:
^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/vyos/cert.pem'
(cherry picked from commit 65fba1cd27af67c543e120effc12882bd0191f03)
|
|
T3493: dhcpv6-server does not have prefix range validation
|
|
address
ISC DHCP server expects a string: "prefix6 2001:db8:290:: 2001:db8:29f:: /64;"
where the IPv6 prefix/range must be :: terminaated with a delegated prefix
length at the end.
This commit changes the validator that the IPv6 address defined on the CLI must
always end with ::. In addition a verify() step is added to check that the
stop address is greater than start address.
|
|
This reverts the prefix start/stop address must be inside network part from
commit 4cde0b8ce778d269d3fe1d4f33ba5b2caf424181.
|
|
$ touch /tmp/vyos.smoketest.debug
will enable dynamic debugging of the smoketests - showing the appropriate CLI
commands on stdout
(cherry picked from commit 0cb4294fdfe5ae0e0e8fd06436f38b67f16413a2)
|
|
|
|
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de>
(cherry picked from commit 609563d6acfeafbed46b1ac5e6bd497ce097e3bc)
Co-authored-by: Gregor Michels <gregor.michels@web.de>
|
|
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses (backport #3487)
|
|
(cherry picked from commit e1450096b4c667a4c33a3fcd8f67ebf6a39d441d)
|
|
nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel >=5.0 (backport #3507)
|
|
>=5.0
random - In kernel 5.0 and newer this is the same as fully-random. In earlier
kernels the port mapping will be randomized using a seeded MD5 hash mix using
source and destination address and destination port.
https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454
(cherry picked from commit 7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070)
|
|
nat66: T6365: remove warnings for negated interface selections by name (backport #3505)
|
|
(cherry picked from commit 59781ff365a5e1b15ef6c4c2481f3d3815548b9d)
|
|
nat: T6365: remove warnings for negated interface selections by name (backport #3482)
|
|
vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_no (backport #3502)
|
|
and return False if the user interrupts the prompt with Ctrl-C
(cherry picked from commit 5a5dda14fd3d472680568f1792e9fbdb030f3995)
|
|
(cherry picked from commit 645c43ba60d29ca676a4323ccc5ca16c6bd8127a)
|
|
(cherry picked from commit 3870247517741ce23e2fcee8aaa1d194f0ad621b)
|
|
(cherry picked from commit 03eae30b27433055ddc10f09fc134b83e9bd6cec)
|
|
rollback-soft: T6384: tell the user to compare or commit (backport #3501)
|
|
after applying the diff
(cherry picked from commit 7bba95c8052af5b0cc5908cb9e740caa01b44161)
|
|
dhcpv6-server: T3493: adds prefix range validation and fixes typos in…
|
|
T6375: Fix/Update NAT logging (backport #3493)
|
|
T6373: QoS Policy Limiter - classes for marked traffic do not work (backport #3494)
|
|
ConfigError messages
|
|
(cherry picked from commit e50b7afc9d5b727d04933116ccf364a2b9a48c30)
|
|
Fixed broken logging for "show log nat"
Added the following commands:
show log nat source
show log nat source rule <ruleNum>
show log nat destination nat
show log nat destination nat rule <ruleNum>
show log nat static
show log nat static rule <ruleNum>
(cherry picked from commit 5cb9b84bd9ce909460d8da7f039d9371143ede6c)
|
|
op-mode: T6367: fix "force commit-archive" TypeError (backport #3489)
|
|
/usr/bin/config-mgmt requires an argument OR to be symbolically linked to
*commit-revision or *commit-archive, for which it interprets argv[0] through
the useful trickery:
https://github.com/vyos/vyos-1x/blob/current/python/vyos/config_mgmt.py#L693-L700
Traceback (most recent call last):
File "/usr/bin/config-mgmt", line 33, in <module>
sys.exit(load_entry_point('vyos==1.3.0', 'console_scripts', 'config-mgmt')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/config_mgmt.py", line 746, in run
func = getattr(config_mgmt, args['subcommand'])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: attribute name must be string, not 'NoneType'
(cherry picked from commit 0d6e44179bae5f73d37502884194656b34b1c4f9)
|
|
T6354: do an explicit read from version file to avoid circular reference (backport #3480)
|
|
(cherry picked from commit e0105ef380f1575613982f3b43c8ea3856654208)
|
|
op mode: T6348: SNAT op-mode fails with flowtable offload entries (backport #3471)
|
|
T6354: Get rid of the custom boot type check in version.py (backport #3474)
|
|
T6358: Container config option to enable host pid (backport #3472)
|
|
(cherry picked from commit 1cba74f91a67348bc8e8ad3e2ef4325dc9f9d6e0)
|
|
(cherry picked from commit 783edc98f82f8718ccc856976d9a8f59bc6822e9)
|
|
(cherry picked from commit f5051de4fc034bd95677ef142423e59eae47cd2f)
|
|
(cherry picked from commit 240f199cdfadbc12ce713dae74c8db3af44a398c)
|
|
T6335: Add/Update EVPN op commands (backport #3458)
|
|
Converted completion helpers from python to bash for performance
Previous commit:
Added the following commands:
show evpn
show evpn es
show evpn es <es-id>
show evpn es detail
show evpn es-evi
show evpn es-evi detail
show evpn es-evi vni <num>
show evpn vni
show evpn vni detail
show evpn vni <num>
Updated the following commands:
show evpn access-vlan
show evpn arp-cache
show evpn mac
show evpn next-hops
show evpn rmac
(cherry picked from commit 3917e3e9f985063ab7419c903f6019116224f640)
|
|
Added the following commands:
show evpn
show evpn es
show evpn es <es-id>
show evpn es detail
show evpn es-evi
show evpn es-evi detail
show evpn es-evi vni <num>
show evpn vni
show evpn vni detail
show evpn vni <num>
Updated the following commands:
show evpn access-vlan
show evpn arp-cache
show evpn mac
show evpn next-hops
show evpn rmac
(cherry picked from commit c6be441c86bc8fe2e938e2bd3c85f99071cbfb49)
|
|
op mode: T4519: Show DUID instead of IAID_DUID
|
|
T5756: L2TP RADIUS backup and weight settings (backport #3450)
|
|
op mode: T6339: display build flavor and comment in "show version" (backport #3456)
|
|
op mode: T3355: remove the mention of legacy non-image installations (backport #3457)
|
|
|
|
They were never supported by VyOS,
that was just for very old systens upgraded from Vyatta Core
(cherry picked from commit d8223d50ab627d2b58e14101891bf8ffb8111234)
|
|
(cherry picked from commit 75d553932504c55e710265776e4865a238223e1f)
|
|
(cherry picked from commit cc0573a78aac4d6ac4479fdf951d151a36b88cbc)
|