Age | Commit message (Collapse) | Author |
|
(cherry picked from commit 74b00c1f6961d1bd3a59768021f154bdb64c154e)
|
|
This commit adds the whole set of system image tools written from the scratch in
Python that allows performing all the operations on images:
* check information
* perform installation and deletion
* versions management
Also, it contains a new service that will update the GRUB menu and keep tracking
its version in the future.
WARNING: The commit contains non-reversible changes. Because of boot menu
changes, it will not be possible to manage images from older VyOS versions after
an update.
(cherry picked from commit 8f94262e8fa2477700c50303ea6e2c6ddad72adb)
|
|
ocserv: T5796: add CLI knob "http-security-headers" (backport #2644)
|
|
(cherry picked from commit 1c82e661e04e0979e09e487a58a801ffa9f438e8)
|
|
OCserv manual recommended HTTP headers tobe included in the configuration.
(cherry picked from commit ad65d37ddf92ec8416c84707d7d41e63346b550c)
(cherry picked from commit 24f449cc099703df95646c719e9d3f308ed1a3f0)
|
|
T5775: firewall: re-add state-policy to firewall. (manual backport #2539)
|
|
|
|
|
|
included in <set firewall global-options state-policy> node.
|
|
firewall: T4502: add offload to firewall table actions (backport #2638)
|
|
|
|
frr: T4020: add option to define number of open file descriptors (backport #2639)
|
|
This allows the operator to control the number of open file descriptors each
daemon is allowed to start with. The current assumed value on most operating
systems is 1024.
If the operator plans to run bgp with several thousands of peers then this is
where we would modify FRR to allow this to happen.
set system frr descriptors <n>
(cherry picked from commit 892c28ccf634173d4c4952c248cb03974c560793)
|
|
T5749: Add a more scrict search for get_vrf method (backport #2635)
|
|
The current implementation is wrong as it searches `master` in the
iproute2 JSON output. It is a worng as it could include bridges
or bonding interfaces
Add the more strict search `info_slave_kind == vrf`
(cherry picked from commit 2ebac5af10a36668ed3b8cfa6e5a9f61cf5d1068)
|
|
T5826: ensure dmidecode is installed as a dependency of vyos-1x (backport #2631)
|
|
dmicode is used in the "show hardware dmi" and to derive
synthetic MAC addresses (see python/vyos/ifconfig/interface.py).
On non-x86 platforms like arm64 it may not be pulled in explictly
by other packages (like libparted2) so add it as an explicit dependency.
(cherry picked from commit 46c929a99b7d507451d8385b315ae7ef9e7cbed5)
|
|
T5774: fix regression in remote.upload (backport #2628)
|
|
(cherry picked from commit 6b325962a4b8b3e67d7976bf161aed34a9fe6cce)
|
|
T5803: Migrate vscode settings to new value and clean up .gitattributes (backport #2609)
|
|
SRv6: T591: initial implementation to support locator definition (backport #2606)
|
|
VyOS CLI
set protocols segment-routing srv6 locator bar prefix '2001:b::/64'
set protocols segment-routing srv6 locator foo behavior-usid
set protocols segment-routing srv6 locator foo prefix '2001:a::/64'
Will generate in FRR
segment-routing
srv6
locators
locator bar
prefix 2001:b::/64 block-len 40 node-len 24 func-bits 16
exit
!
locator foo
prefix 2001:a::/64 block-len 40 node-len 24 func-bits 16
behavior usid
exit
!
exit
!
exit
!
exit
(cherry picked from commit ca301cdd4746187f96ff84e411fda6a84e33f237)
|
|
set protocols bgp sid vpn per-vrf export '99'
set protocols bgp srv6 locator 'foo'
set protocols bgp system-as '100'
Will generate in FRR config
router bgp 100
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
no bgp network import-check
!
segment-routing srv6
locator foo
exit
sid vpn per-vrf export 99
exit
(cherry picked from commit af46fe54e56cf85d13b62ee771bec3d80f225ac5)
|
|
validator: T5816: large community validator should only allos character set and basic format (backport #2618)
|
|
load-config: T5815: provide a variety of load config methods (backport #2608)
|
|
and basic format
(cherry picked from commit 5acc655c316216122ba975f30df7b76f161cbf02)
|
|
Collect in a module several versions of a 'load config' function.
They have different use cases according to performance and error
reporting, and allow comparison of non-legacy and legacy variants.
(cherry picked from commit 7e4caa118692d9b6fd798783596bd018f805e5eb)
|
|
T5812: report actual number of revisions instead of max (backport #2613)
|
|
(cherry picked from commit ccbf03f1a87ac37eef78aeb29420ceea9a730a90)
|
|
T5812: Fix for rollback check max revision number (backport #2598)
|
|
T5807: fix op-mode command <show nat66> (backport #2612)
|
|
(cherry picked from commit f019ed91b5444d2f446ca4f7332602c03a074190)
|
|
configured. In this commit, check is fixed and rules are printed as expected.
(cherry picked from commit 3d3418d1585cbb6d3c2d1d81d310a3107e16c4aa)
|
|
Update VSCode settings for "editor.wordBasedSuggestions". It has
changed from boolean to enum. The value "off" is the same as previous
value of `false`.
Also remove stray duplicate entries in .gitattributes.
(cherry picked from commit 75e914c4dff0359988e5f500ae63f882ae6813e7)
|
|
T5773: API add smoketest for load config via HTTP URL (backport #2600)
|
|
migration: T5413: re-sequence interfaces migration scripts (backport #2601)
|
|
PR https://github.com/vyos/vyos-1x/pull/2540 backported a migration script from
current to the equuleus LTS branch. As migration scripts are executed in order
to adjust the CLI for necessary improvements in future LTS releases we need to
change the versioning of the migration files to match the new "base" version
from the previous LTS release.
In theory this could break very ancient 1.4 rolling releases (from the early
days of the OSPF refactoring) - but those versions are considered very much
unstable.
Now this is the last chance to sync up the migration scripts before the 1.4 LTS
release.
(cherry picked from commit 98ca0984312257a09b57d4aac60ff4abf7f84e66)
|
|
Use a custom NGINX config to load config via URL
(cherry picked from commit db0df8e75b85d39ab61bf900f211d589f6cb8506)
|
|
T5791: DNS dynamic exclude check for dynamic interfaces PPPoE (backport #2602)
|
|
Dynamic interfaces such as PPPoE/sstpc can not exist during
verification dns dynamic. As they added and removed dynamically.
Add interface_filter to exclude them from checks
(cherry picked from commit 0a1c9bc38440c86cbbc016fb6d8f7d6f36993652)
|
|
remote: T5773: Fix for broken config download (backport #2541)
|
|
(cherry picked from commit 63bbd1afdd21563cf673ee34b47156889bd5e349)
|
|
Apply baseline defaults for `.gitattributes` and `.vscode/settings.json`
for improved developer experience.
The `.gitattrbutes` settings are based on:
Git documentation (https://git-scm.com/docs/gitattributes#_effects)
GitHub documentation (https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings)
Community templates (https://github.com/gitattributes/gitattributes)
Since editor-agnostic line-ending specific settings are applied to
`.gitattributes`, they can be removed from `.vscode/settings.json`.
The global VSCode defaults have also been removed to avoid duplication.
(cherry picked from commit c30002208d392177cb1ffc1a5c714f7ad6d573b6)
|
|
op-cmd: T5802: bug fix for "ping x.x.x.x interface" completion options (backport #2594)
|
|
(cherry picked from commit 020410a1e2009cb47d72bd18d360b9dc4b9c764f)
|
|
login: T4943: use pam-auth-update to enable/disable Google authenticator (backport #2584)
|
|
The initial version always enabled Google authenticator (2FA/MFA) support by
hardcoding the PAM module for sshd and login.
This change only enables the PAM module on demand if any use has 2FA/MFA
configured. Enabling the module is done system wide via pam-auth-update by
using a predefined template.
Can be tested using:
set system login user vyos authentication plaintext-password vyos
set system login user vyos authentication otp key 'QY735IG5HDHBFHS5W7Y2A4EM274SMT3O'
See https://docs.vyos.io/en/latest/configuration/system/login.html for additional
details.
(cherry picked from commit e134dc4171b051d0f98c7151ef32a347bc4f87e2)
|
|
op-mode: T5808: Correction of description for ipv6 ospfv3 graceful-restart (backport #2583)
|
|
ddclient: T5791: use a fixed VRF table ID in smoketests (backport #2591)
|
|
|