summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-08-28Merge pull request #980 from zdc/T3763-sagittaChristian Poessinger
wireguard: T3763: Added check for listening port availability
2021-08-27vyos.ifconfig: pppoe: T3778: bugfix assignemnt of cached configChristian Poessinger
We need to copy the configuration before this is done in super().update() as we utilize self.set_dhcpv6() before this is done by the base class.
2021-08-27ipsec: T1210: Jinj2 template did not honor inactivity/timeout settingChristian Poessinger
2021-08-26vyos.util: T3763: Optimized the check_port_availability functionzsdc
`print` was removed or replaced to `ValueError`, where possible.
2021-08-26Merge pull request #965 from c-po/t3739-evpn-route-mapChristian Poessinger
bgp: evpn: T3739: add route-map match support
2021-08-26ipsec: T1210: support road-warrior IP assignment via RADIUS Framed-IP-AddressChristian Poessinger
Extended CLI command: "set vpn ipsec remote-access connection rw pool" with a "radius" option.
2021-08-26op-mode: frr: T1514: add possibility to restart isis daemonChristian Poessinger
(cherry picked from commit b4b2c91127289c7b62afb24304054d57357a48c5)
2021-08-26op-mode: T3776: drop "frr" level from "restart frr ospfd|bgpd|staticd" commandsChristian Poessinger
The current command to restart any of the FRR processes is: vyos@vyos:~$ restart frr Possible completions: <Enter> Execute the current command bfdd Restart Bidirectional Forwarding Detection daemon bgpd Restart Border Gateway Protocol daemon ospf6d Restart OSPFv3 daemon ospfd Restart OSPFv2 daemon ripd Restart Routing Information Protocol daemon ripngd Restart RIPng daemon staticd Restart Static Route daemon zebra Restart IP routing manager daemon From a real-life example: Two engineers needed 5 minutes to figure it is under "restart frr" - that is why this commit drops the artificial "frr" level on the op-mode commands to restart routing protocol daemons. It's less intuitive to have "restart frr ospfd" or "restart frr bgpd" compared to "restart ospf" and "restart bgp" - we have the same for "restart ssh" or "restart snmp" and not "restart openssh sshd". This commit also drops the d (daemon) suffix of the op-mode comamands so the commands align with the VyOS CLI, else there would be a miss-understanding from ospf6d to ospfv3. (cherry picked from commit 8ad8b0d51bf21c583e6d687576cb1a61195e7215)
2021-08-26wireguard: T3763: Added check for listening port availabilityzsdc
Each wireguard interface requires a unique port for in and out connections. This commit adds the new `vyos.util` function - `check_port_availability`, and uses it to be sure that a port that is planned to be used for wireguard interface is truly available and not used by any other services (not only other wireguard interfaces).
2021-08-26Merge pull request #979 from krox2/currentChristian Poessinger
ipsec: T3780: shutting down vti when tunnel is down
2021-08-26ipsec: T3780: shutting down vti when tunnel is downkrox2
2021-08-26smoketest: config: drop empty newline at EOF for "isis-small" testChristian Poessinger
2021-08-25Merge pull request #977 from dmbaturin/no-system-integrityChristian Poessinger
T3773: delete the original "show system integrity" command
2021-08-25ipsec: T3775: Diffie Hellman Group 21 uses NIST Elliptic Curve "ecp521"Christian Poessinger
... there was a type setting ecp512 instead of ecp521.
2021-08-24vyos.ifconfig: T3772: bugfix missing VRRP interfacesChristian Poessinger
When the interface name was stripped down from "eth0.201" to "eth" to determine the appropriate interface section, VRRP interfaces got left out on the call to rstrip(). VRRP interfaces now show up in "show interfaces" as they did in VyOS 1.2. vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- dum0 172.18.254.201/32 u/u eth0 - u/u eth0.10 172.16.33.8/24 u/u eth0.201 172.18.201.10/24 u/u eth1 10.1.1.2/24 u/u eth1v10 10.1.1.1/24 u/u eth2 - u/u lo 127.0.0.1/8 u/u ::1/128
2021-08-24op-mode: T2223: drop dead code "get_vrrp_intf()"Christian Poessinger
2021-08-24T3773: delete the original "show system integrity" commandDaniil Baturin
2021-08-24smoketest: bgp: extend ipv4/ipv6 safi route-target testsChristian Poessinger
Commit 474db49a ("bgp: T3759: "l2vpn evpn" and ipv4/ipv6 safi route-targets differ") made it possible to specify a whitelist separated list of route-targets, this is now validated through the smoketests.
2021-08-24bgp: T3759: "l2vpn evpn" and ipv4/ipv6 safi route-targets differChristian Poessinger
The "l2vpn evpn" address-family route-target command only accepts a single route-target value consisting of (A.B.C.D:MN|EF:OPQR|GHJK:MN). The "ipv4-unicast or ipv6-unicast" address-family route-target command for VPNs support multiple, whitespace separated route-target values. This commit adds a new custom validator named "bgp-route-target" with a --single and a --multi option to pass one or more route-target values.
2021-08-24container: T3769: remove container when marked as "disable"Christian Poessinger
2021-08-24policy: T2425: rename validator large-community-list -> bgp-large-community-listChristian Poessinger
... as we will get another bgp route-target validator soon.
2021-08-24container: T3769: disable bridge "hairpinMode" modeChristian Poessinger
After commit 209ce3d9 ("container: T3769: when container networks are used, always bridge the networks") IP masquerading (NAT) was disabled. No need to keep the haipin flag.
2021-08-23container: op-mode: T3765: "connect container" will now drop you to a shellChristian Poessinger
Commit a30d74f4 (container: op-mode: T3765: add "connect container mysql-server") added a CLI op-mode command to attach to a container - users typically not want to attach and consume stdout (can be done via logs) but rather wan't to debug inside the container image. vyos@vyos:~$ connect container unifi USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 202 0.0 0.0 4640 828 pts/1 Ss 21:06 0:00 /bin/sh root 203 0.0 0.0 34416 2872 pts/1 R+ 21:06 0:00 \_ ps faux root 187 0.0 0.0 18388 3124 ? S 21:03 0:00 /bin/bash root 186 0.0 0.0 4640 788 ? S 21:03 0:00 /bin/sh root 185 0.0 0.0 4640 824 ? S 21:03 0:00 /bin/sh root 184 0.0 0.0 4640 836 ? S 21:03 0:00 /bin/sh root 1 0.0 0.0 18520 3228 pts/0 Ss+ 20:50 0:00 bash /usr/local/bin/docker-entrypoint.sh unifi root 12 4.8 14.2 3688080 572756 pts/0 Sl+ 20:50 0:48 java -Dunifi.datadir=/unifi/data -Dunifi.logdir=/unifi/log -Dunifi.rundir=/var/run/unifi - root 35 0.7 3.4 1102700 139752 pts/0 Sl+ 20:50 0:07 \_ bin/mongod --dbpath /usr/lib/unifi/data/db --port 27117 --unixSocketPrefix /usr/lib/un Linux 57c689f739ed 5.10.60-amd64-vyos #1 SMP Fri Aug 20 14:44:59 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
2021-08-23container: T3769: when container networks are used, always bridge the networksChristian Poessinger
As VyOS is a network operation system with bridging and NATing available from the VyOS CLI, it makes no sense to let podman do it's own sort of "NAT". If one really want's to NAT into a container, use the VyOS CLI to do so. If you wan't to bridge your networks, use the VyOS CLI to do so.
2021-08-23smoketest: ospf: "metric-type" also works for kernel and static ↵Christian Poessinger
redistributed routes
2021-08-23container: T2216: add option to "disable" a containerChristian Poessinger
2021-08-23container: T2216: use common "generic-description.xml.i" building blockChristian Poessinger
2021-08-23container: T2216: verify() volume pathsChristian Poessinger
Volumes must have both a source and destination path specified. Also the source path must exist on the current system.
2021-08-23container: T2216: increase default memory limit to 512MBChristian Poessinger
2021-08-23container: T2216: bugfix ValueError when assembling volumesChristian Poessinger
A call to .items() was missing that triggered the following error: ValueError: too many values to unpack (expected 2)
2021-08-23container: T2216: no need to query container statusChristian Poessinger
As VyOS CLI is the only truth for dealing with containers we do not need to query if a container is running, exists or what so ever. We simply always restart it if something changes and do not rely on the underlaying Linux status. If a users does container stuff under the hood - it will be overridden.
2021-08-23container: T2216: name of container must be alphanumeric and can contain a ↵Christian Poessinger
hyphen
2021-08-23ipsec: T1210: use ConfigTreeQuery() instead of Config() from op-modeChristian Poessinger
2021-08-23pki: T3642: use ConfigTreeQuery() instead of Config() from op-modeChristian Poessinger
2021-08-23container: T2216: op-mode now supports updating the image for a given containerChristian Poessinger
2021-08-23container: T2216: increase sysctl inotify watchersChristian Poessinger
2021-08-23containers: T2216: restructure container_base_cmd to have image name at the endChristian Poessinger
2021-08-23containers: T2216: add CLI commands to specify restart behavior and memory usageChristian Poessinger
A container is limited to 256MB memory by default and will always restart on failure.
2021-08-23containers: T2216: xml: impove help string for address commandChristian Poessinger
2021-08-23containers: T2216: add environmnet variable constraintChristian Poessinger
An environment variable passed to podman can only consist out of alphanumeric characters, a hypend and an underscore.
2021-08-23container: T2216: add completion helper for "delete container image"Christian Poessinger
2021-08-23containers: T2216: add missing verify() step on environment variablesChristian Poessinger
A environment variable MUST always have a value specified. Non existing values will cause the following error: Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/containers.py", line 269, in <module> apply(c) File "/usr/libexec/vyos/conf_mode/containers.py", line 224, in apply env_opt += " -e ".join(f"{k}={v['value']}" for k, v in container_config['environment'].items()) File "/usr/libexec/vyos/conf_mode/containers.py", line 224, in <genexpr> env_opt += " -e ".join(f"{k}={v['value']}" for k, v in container_config['environment'].items()) KeyError: 'value'
2021-08-22Makefile: T3165: do not allow empty node.def files for op-mode commandsChristian Poessinger
Commit 99440fc0 ("Makefile: fix logic to detect empty "node.def" files") disabled the detection of empty node.def files for op-mode commands. The generation of a duplicate and thus empty node.def file is not prohibited by commit 17b5ac14 ("T3165: op-mode: prevent override of populated node.def file with empty content") and thus the check is re-enabled!
2021-08-22logChristian Poessinger
2021-08-22xml: op-mode: add missing help test for "reset openvpn" commandChristian Poessinger
2021-08-22xml: op-mode: add missing help test for "monitor protocol ospf" commandsChristian Poessinger
2021-08-22xml: op-mode: remove multiple "Reset a service" help definitionsChristian Poessinger
That nasty workaround to always specify the same value for the node.def file as the help text is no longer necessary after commit 17b5ac14 ("T3165: op-mode: prevent override of populated node.def file with empty content". The redundant definitions are no longer necessary.
2021-08-22container: op-mode: T3765: add "show log container" commandChristian Poessinger
2021-08-22T3165: op-mode: prevent override of populated node.def file with empty contentChristian Poessinger
This is an extension to commit b4fdcebe ("T3165: prevent override of populated node.def file with empty content") which implemented the same thing for the configuration mode commands.
2021-08-22scripts: op-mode: use Python 'f'ormat strings on debug messagesChristian Poessinger