Age | Commit message (Collapse) | Author |
|
To reproduce:
set vrf name mgmt table '150'
set vrf name no-mgmt table '151'
set interfaces ethernet eth2 vrf 'mgmt'
commit
set interfaces ethernet eth2 vrf no-mgmt
commit
This resulted in an error while interacting with nftables:
[Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 }
The reason is that the old mapping entry still exists and was not removed.
This commit adds a new utility function get_vrf_tableid() and compares the
current and new VRF table IDs assigned to an interface. If the IDs do not
match, the nftables ct_iface_map entry is removed before the new entry is added.
(cherry picked from commit 452068ce78581bb6fba2df4dba197e95b9aeb33d)
# Conflicts:
# python/vyos/ifconfig/interface.py
# python/vyos/utils/network.py
|
|
T6578: Fix unhandled exception in "show openconnect-server sessions" (backport #3828)
|
|
(cherry picked from commit e858d96a3fbc1ae4719a50ee67df02b2f256b40f)
|
|
T6523: Telegraf use nft scripts only if the firewall configured (backport #3748)
|
|
configdep: T6559: fix regression in dependent script error under configd (backport #3813)
|
|
If a firewall is not configured there is no reason to get and
execute telegraf firewall custom scripts as there are no nft
chain in the firewall nftables configuration
(cherry picked from commit ebff0c481907ac0c2c0be9981c3c3d87caf3003b)
|
|
(cherry picked from commit ad43aa885a8ef689da212088d6ebb37c32d72883)
|
|
(cherry picked from commit 52d08b1ec5b2943744daac7123e35fd415f85db2)
|
|
(cherry picked from commit 7249d10f1fbb3f90a4bdbcd0223926d0380ddd3a)
|
|
op-mode: T6575: add support for NTP service restart via CLI (backport #3810)
|
|
This seemed to be arround in the early days, but is not available since at
least VyOS 1.3.3. Add CLI helper to restart the NTP process (chrony).
(cherry picked from commit ca4f4343999bdbd8450ef952f42062877d6f3bab)
|
|
op-mode: T6566: add support for listing all interfaces in "monitor bandwidth" (backport #3805)
|
|
Right now we can only monitor the bandwidth for one individual interface, but
not all at once. This adds support to monitor all interfaces.
(cherry picked from commit 7704af0c4454725e8c67138e5cabab3328bde0f8)
|
|
T6564: workflow trigger restriction for sagitta
|
|
|
|
op-mode: T6537: remove unused cmd imported from vyos.utils.process (backport #3791)
|
|
Commit dc60fe99350 ("op-mode: T6537: include hostname in the reboot/shutdown
warning message") added a more local import of vyos.utils.process.cmd() that
made the fglobal import obsolete and trigger a linter warning.
$ make unused-imports
--------------------------------------------------------------------
Your code has been rated at 10.00/10 (previous run: 10.00/10, +0.00)
(cherry picked from commit 6b2e45c073eeef62bbb5905e1bff98e20199b6b0)
|
|
T6556: pull_request to pull_request_target type for unused import
|
|
T6556: permission update for unused import check
|
|
|
|
wireless: T4287: use upstream regulatory database due to kernel signing (backport #3777)
|
|
|
|
This fixes an error during ISO assembly:
update-alternatives: error: no alternatives for regulatory.db
dpkg: error processing archive /tmp/apt-dpkg-install-PJplR3/00-vyos-1x_1.5dev0-1880-gecaa44498_amd64.deb (--unpack):
new vyos-1x package pre-installation script subprocess returned error exit status 2
(cherry picked from commit a414190447c32be0775a077cde13cef0cf2b8c54)
|
|
ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms option (backport #3721)
|
|
op-mode: T6537: include hostname in the reboot/shutdown warning message (backport #3767)
|
|
Most likely b/c of our non signed Kernel binary we do not trust the Debian
signed wireless regulatory database. Fallback to the upstream database instead.
(cherry picked from commit 9263965071289b6e51e22669b6d588a8d8fbcc1f)
|
|
syslog: T5366: remove reference to deprecated sysvinit rsyslog script (backport #3760)
|
|
(cherry picked from commit dc60fe993505d1adca60f9b6e0f47f565c459331)
|
|
T6536: nat: add migration script that replaces wildcard charater (backport #3749)
|
|
defined in zone policy.
(cherry picked from commit 66ec278393dbabe71f320c543816f27797d51140)
|
|
(cherry picked from commit 977d2fbf7a62a97d98b38cf28e62f08fc9e8d3a2)
|
|
in 1.3 <+> with character supported in latest version <*>
(cherry picked from commit 148af29b68416a5b8d0e025a16aef252fdf31e67)
# Conflicts:
# src/migration-scripts/nat/6-to-7
|
|
(cherry picked from commit 06e6e011cdf12e8d10cf1f6d4d848fd5db51720d)
|
|
T6538: Add the ability to set GENEVE interfaces to VRF (backport #3752)
|
|
(cherry picked from commit 5748db4ebb4f4023f8e33d45121ff24267941cc7)
|
|
op-mode: T5633, T6465: fix error when op cmd interrupted, updates some system call syntax (backport #3731)
|
|
T6477: Add telegraf loki output plugin (backport #3720)
|
|
op-mode: T6524: rewrite "release dhcp(v6) interface" to new op-mode format (backport #3733)
|
|
(cherry picked from commit 5ade35255b3d8438aa6082fe56ae459d50cdc0a5)
|
|
Add Loki plugin to telegraf
set service monitoring telegraf loki url xxx
(cherry picked from commit 3365eb7ab99fa9a259fe440eb51e82fc0a0a4dc6)
|
|
new cli syntax (#3731)
(cherry picked from commit a095a3c7b3dd4459dc8626f0e5adecda855580e0)
|
|
interfaces: T6519: harden config migration if ethernet interface is missing (backport #3724)
|
|
During a corner case where the configuration is migrated to a different system
with fewer ethernet interfaces, migration will fail during an image upgrade.
vyos.ethtool.Ethtool() is instantiated with an invalid interface leading to an
exception that kills the migrator
(cherry picked from commit e47d4fd385631236da6882233b09f6364cbb077b)
|
|
T3202: Enable wireguard debug messages (backport #3679)
|
|
(cherry picked from commit 9495f904fcc157521ca001ee21cf31be28a6b3a0)
|
|
(cherry picked from commit d818788932e3c57d020cca9236df7275da452fce)
|
|
T5949: Add option to disable USB autosuspend (backport #3677)
|
|
openconnect: T6500: add support for multiple ca-certificates (backport #3682)
|
|
Commit 9f9891a2099 ("pki: T6241: Fix dependency updates on PKI changes") added
a print() statement which notified the users about the subsystems which got
supplied with an updated certificate.
Example:
> PKI: Updating config: interfaces openvpn vtun0 tls certificate openvpn_vtun0
> PKI: Updating config: interfaces openvpn vtun0 tls ca_certificate openvpn_vtun0_1
This is an informational message which should maybe (if needed) be sent to
syslog. But the main issue is that CLI paths are mangled (- to _) which makes
the about print output wrong and could potentially confuse users.
Statement has been commented to be re-enabled for debugging.
(cherry picked from commit a4d49a96918c0f0dac3d17f9cf3a5b8f3a9505c0)
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
* install_certificate() code path handles private_key=None &
key_passphrase=None OK already
* file and console output paths will error trying to encode None as a key
* This is only an issue for a couple of the generate_*_sign() functions,
where having a null private key is possible
* Self-signing and CA creation always generate a private key
* Certreqs will generate a private key if not already provided
* Do not prompt for a private key passphrase if we aren't giving back a
private key
(cherry picked from commit d2cf8eeee9053d04f34c5e8a22373290d078ab37)
Co-authored-by: Andrew Topp <andrewt@telekinetica.net>
|