summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-05-26op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificatesChristian Breunig
This fixes (for and ACME generated certificate) vyos@vyos:~$ show pki certificate vyos fingerprint sha512 Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module> show_certificate_fingerprint(args.certificate, args.fingerprint) File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint print(get_certificate_fingerprint(cert, hash)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint fp = cert.fingerprint(hash_algorithm) ^^^^^^^^^^^^^^^^ AttributeError: 'bool' object has no attribute 'fingerprint' After the fix: vyos@vyos# run show pki certificate vyos fingerprint sha256 10:2C:EF:2C:DA:7A:EE:C6:D7:8E:53:12:F0:F5:DE:B9:E9:D0:6C:B4:49:1C:8B:70:2B:D9:AF:FC:9B:75:A3:D2 (cherry picked from commit b6ee07c7efbb818787deba20116f4289853fb5c9)
2024-05-26op-mode: T6377: must call pki.py helper as root to work with ACME certificatesChristian Breunig
This fixes the error: vyos@vyos:~$ show pki certificate Traceback (most recent call last): File "/usr/lib/python3/dist-packages/vyos/config.py", line 111, in config_dict_mangle_acme tmp = read_file(f'{vyos_certbot_dir}/live/{name}/cert.pem') ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 44, in read_file raise e File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 38, in read_file with open(fname, 'r') as f: ^^^^^^^^^^^^^^^^ PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/vyos/cert.pem' (cherry picked from commit 65fba1cd27af67c543e120effc12882bd0191f03)
2024-05-26Merge pull request #3519 from c-po/dhcpv6-T3493Christian Breunig
T3493: dhcpv6-server does not have prefix range validation
2024-05-26dhcpv6-server: T3493: add proper validation for prefix-delegation start/stop ↵Christian Breunig
address ISC DHCP server expects a string: "prefix6 2001:db8:290:: 2001:db8:29f:: /64;" where the IPv6 prefix/range must be :: terminaated with a delegated prefix length at the end. This commit changes the validator that the IPv6 address defined on the CLI must always end with ::. In addition a verify() step is added to check that the stop address is greater than start address.
2024-05-26Revert "dhcpv6-server: T3493: adds prefix range validation"Christian Breunig
This reverts the prefix start/stop address must be inside network part from commit 4cde0b8ce778d269d3fe1d4f33ba5b2caf424181.
2024-05-26smoketest: support dynamic enable of smoketest debuggingChristian Breunig
$ touch /tmp/vyos.smoketest.debug will enable dynamic debugging of the smoketests - showing the appropriate CLI commands on stdout (cherry picked from commit 0cb4294fdfe5ae0e0e8fd06436f38b67f16413a2)
2024-05-25T6399: added reusable workflows codeowners file to sagitta (#3515)Vijayakumar A
2024-05-24load-balancing haproxy: T6391: fix typo in timeout help (#3513) (#3514)mergify[bot]
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de> (cherry picked from commit 609563d6acfeafbed46b1ac5e6bd497ce097e3bc) Co-authored-by: Gregor Michels <gregor.michels@web.de>
2024-05-24Merge pull request #3512 from vyos/mergify/bp/sagitta/pr-3487Daniil Baturin
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses (backport #3487)
2024-05-23reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responsesAlex W
(cherry picked from commit e1450096b4c667a4c33a3fcd8f67ebf6a39d441d)
2024-05-23Merge pull request #3511 from vyos/mergify/bp/sagitta/pr-3507Daniil Baturin
nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel >=5.0 (backport #3507)
2024-05-23nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵Christian Breunig
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454 (cherry picked from commit 7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070)
2024-05-23Merge pull request #3509 from vyos/mergify/bp/sagitta/pr-3505Christian Breunig
nat66: T6365: remove warnings for negated interface selections by name (backport #3505)
2024-05-23nat66: T6365: remove warnings for negated interface selections by nameChristian Breunig
(cherry picked from commit 59781ff365a5e1b15ef6c4c2481f3d3815548b9d)
2024-05-23Merge pull request #3504 from vyos/mergify/bp/sagitta/pr-3482Daniil Baturin
nat: T6365: remove warnings for negated interface selections by name (backport #3482)
2024-05-22Merge pull request #3506 from vyos/mergify/bp/sagitta/pr-3502Christian Breunig
vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_no (backport #3502)
2024-05-22vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_noDaniil Baturin
and return False if the user interrupts the prompt with Ctrl-C (cherry picked from commit 5a5dda14fd3d472680568f1792e9fbdb030f3995)
2024-05-22nat: T6365: use interface_exists() over netifaces.interfaces()Christian Breunig
(cherry picked from commit 645c43ba60d29ca676a4323ccc5ca16c6bd8127a)
2024-05-22nat: T6365: use string startswith() over [0] index accessChristian Breunig
(cherry picked from commit 3870247517741ce23e2fcee8aaa1d194f0ad621b)
2024-05-22nat: T6365: remove warnings for negated interface selections by nameRyazanov Alexander Mihailovich
(cherry picked from commit 03eae30b27433055ddc10f09fc134b83e9bd6cec)
2024-05-22Merge pull request #3503 from vyos/mergify/bp/sagitta/pr-3501John Estabrook
rollback-soft: T6384: tell the user to compare or commit (backport #3501)
2024-05-22rollback-soft: T6384: tell the user to compare or commitDaniil Baturin
after applying the diff (cherry picked from commit 7bba95c8052af5b0cc5908cb9e740caa01b44161)
2024-05-22Merge pull request #3499 from Giggum/sagittaChristian Breunig
dhcpv6-server: T3493: adds prefix range validation and fixes typos in…
2024-05-22Merge pull request #3495 from vyos/mergify/bp/sagitta/pr-3493Christian Breunig
T6375: Fix/Update NAT logging (backport #3493)
2024-05-22Merge pull request #3496 from vyos/mergify/bp/sagitta/pr-3494Christian Breunig
T6373: QoS Policy Limiter - classes for marked traffic do not work (backport #3494)
2024-05-21dhcpv6-server: T3493: adds prefix range validation and fixes typos in select ↵Giggum
ConfigError messages
2024-05-21T6373: QoS Policy Limiter - classes for marked traffic do not workkhramshinr
(cherry picked from commit e50b7afc9d5b727d04933116ccf364a2b9a48c30)
2024-05-21T6375: Fix/Update NAT loggingl0crian1
Fixed broken logging for "show log nat" Added the following commands: show log nat source show log nat source rule <ruleNum> show log nat destination nat show log nat destination nat rule <ruleNum> show log nat static show log nat static rule <ruleNum> (cherry picked from commit 5cb9b84bd9ce909460d8da7f039d9371143ede6c)
2024-05-21Merge pull request #3491 from vyos/mergify/bp/sagitta/pr-3489Christian Breunig
op-mode: T6367: fix "force commit-archive" TypeError (backport #3489)
2024-05-21op-mode: T6367: fix "force commit-archive" TypeErrorChristian Breunig
/usr/bin/config-mgmt requires an argument OR to be symbolically linked to *commit-revision or *commit-archive, for which it interprets argv[0] through the useful trickery: https://github.com/vyos/vyos-1x/blob/current/python/vyos/config_mgmt.py#L693-L700 Traceback (most recent call last): File "/usr/bin/config-mgmt", line 33, in <module> sys.exit(load_entry_point('vyos==1.3.0', 'console_scripts', 'config-mgmt')()) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/config_mgmt.py", line 746, in run func = getattr(config_mgmt, args['subcommand']) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TypeError: attribute name must be string, not 'NoneType' (cherry picked from commit 0d6e44179bae5f73d37502884194656b34b1c4f9)
2024-05-18Merge pull request #3481 from vyos/mergify/bp/sagitta/pr-3480John Estabrook
T6354: do an explicit read from version file to avoid circular reference (backport #3480)
2024-05-18T6354: do an explicit read from version file to avoid circular referenceJohn Estabrook
(cherry picked from commit e0105ef380f1575613982f3b43c8ea3856654208)
2024-05-17Merge pull request #3478 from vyos/mergify/bp/sagitta/pr-3471John Estabrook
op mode: T6348: SNAT op-mode fails with flowtable offload entries (backport #3471)
2024-05-17Merge pull request #3477 from vyos/mergify/bp/sagitta/pr-3474John Estabrook
T6354: Get rid of the custom boot type check in version.py (backport #3474)
2024-05-17Merge pull request #3476 from vyos/mergify/bp/sagitta/pr-3472John Estabrook
T6358: Container config option to enable host pid (backport #3472)
2024-05-17op mode: T6348: SNAT op-mode fails with flowtable offload entriesNataliia Solomko
(cherry picked from commit 1cba74f91a67348bc8e8ad3e2ef4325dc9f9d6e0)
2024-05-17T6354: Get rid of the custom boot type check in version.pykhramshinr
(cherry picked from commit 783edc98f82f8718ccc856976d9a8f59bc6822e9)
2024-05-17T6358: Add config option for host process namespaceNicolas Vollmar
(cherry picked from commit f5051de4fc034bd95677ef142423e59eae47cd2f)
2024-05-17T6358: Remove duplicate host name handlingNicolas Vollmar
(cherry picked from commit 240f199cdfadbc12ce713dae74c8db3af44a398c)
2024-05-16Merge pull request #3465 from vyos/mergify/bp/sagitta/pr-3458Christian Breunig
T6335: Add/Update EVPN op commands (backport #3458)
2024-05-16T6335: Add/Update EVPN op commandsl0crian1
Converted completion helpers from python to bash for performance Previous commit: Added the following commands: show evpn show evpn es show evpn es <es-id> show evpn es detail show evpn es-evi show evpn es-evi detail show evpn es-evi vni <num> show evpn vni show evpn vni detail show evpn vni <num> Updated the following commands: show evpn access-vlan show evpn arp-cache show evpn mac show evpn next-hops show evpn rmac (cherry picked from commit 3917e3e9f985063ab7419c903f6019116224f640)
2024-05-16T6335: Add/Update EVPN op commandsl0crian1
Added the following commands: show evpn show evpn es show evpn es <es-id> show evpn es detail show evpn es-evi show evpn es-evi detail show evpn es-evi vni <num> show evpn vni show evpn vni detail show evpn vni <num> Updated the following commands: show evpn access-vlan show evpn arp-cache show evpn mac show evpn next-hops show evpn rmac (cherry picked from commit c6be441c86bc8fe2e938e2bd3c85f99071cbfb49)
2024-05-16Merge pull request #3462 from nvollmar/T4519Christian Breunig
op mode: T4519: Show DUID instead of IAID_DUID
2024-05-16Merge pull request #3460 from vyos/mergify/bp/sagitta/pr-3450Daniil Baturin
T5756: L2TP RADIUS backup and weight settings (backport #3450)
2024-05-16Merge pull request #3459 from vyos/mergify/bp/sagitta/pr-3456Daniil Baturin
op mode: T6339: display build flavor and comment in "show version" (backport #3456)
2024-05-16Merge pull request #3461 from vyos/mergify/bp/sagitta/pr-3457Daniil Baturin
op mode: T3355: remove the mention of legacy non-image installations (backport #3457)
2024-05-16T4519: Switch to display DUIDNicolas Vollmar
2024-05-16op mode: T3355: remove the mention of legacy non-image installationsDaniil Baturin
They were never supported by VyOS, that was just for very old systens upgraded from Vyatta Core (cherry picked from commit d8223d50ab627d2b58e14101891bf8ffb8111234)
2024-05-16T5756: L2TP RADIUS backup and weight settingskhramshinr
(cherry picked from commit 75d553932504c55e710265776e4865a238223e1f)
2024-05-16op mode: T6339: display build flavor and comment in "show version"Daniil Baturin
(cherry picked from commit cc0573a78aac4d6ac4479fdf951d151a36b88cbc)