| Age | Commit message (Collapse) | Author |
|---|
|
cli: T6740: add a converter from set commands to config
|
|
Signed-off-by: Daniil Baturin <daniil@baturin.org>
|
|
pbr: T6430: Local IP rules targeting VRFs by name as well as route table IDs
|
|
|
|
* This is the `policy local-route*` part of T6430, manipulating ip rules,
another PR covers firewall-backed `policy route*` for similar functionality
* Local PBR (policy local-route*) can only target table IDs up to 200 and
the previous PR to extend the range was rejected
* PBR with this PR can now also target VRFs directly by name, working around
targeting problems for VRF table IDs outside the overlapping 100-200 range
* Validation ensures rules can't target both a table ID and a VRF name
(internally they are handled the same)
* Relocated TestPolicyRoute.verify_rules() into VyOSUnitTestSHIM.TestCase,
extended to allow lookups in other address families (IPv6 in the new tests).
verify_rules() is used by original pbr and new lpbr smoketests in this PR.
|
|
pki: T6481: auto import ACME certificate chain into CLI
|
|
GitHub: T6494: add parallel step to run interface based smoketests
|
|
When using an ACME based certificate with VyOS we provide the necessary PEM
files opaque in the background when using the internal tools. This however will
not properly work with the CA chain portion, as the system is based on the
"pki certificate <name> acme" CLI node of a certificate but CA chains reside
under "pki ca".
This adds support for importing the PEM data of a CA chain issued via ACME into
the "pki ca AUTOCHAIN_<name> certificate" subsystem so it can be queried by
other daemons. Importing the chain only happens, when the chain was not already
added manually by the user.
ACME certificate chains that are automatically added to the CLI are all prefixed
using AUTOCHAIN_certname so they can be consumed by any daemon. This also adds
a safeguard when the intermediate CA changes, the referenced name on the CLI
stays consitent for any pending daemon updates.
|
|
T6759: add support for italian keymap
|
|
static: T4283: fix missing f'ormat string
|
|
|
|
set system option keyboard-layout it
|
|
|
|
This fixes the error message:
Can not use both blackhole and reject for prefix "{prefix}"!
Added in commit bb78f3a9ad28 ("static: T4283: support "reject" routes - emit an
ICMP unreachable when matched")
|
|
Debian: T973: add missing dependency on node-exporter package
|
|
Extend commit a0c15a159 ("T973: add basic node_exporter implementation") by
adding the required dependency to install node-exporter binary.
|
|
Systemd comes with a default of 5 restarts in 10 seconds policy, this limit can
be hit by this reastart sequence, slow down a bit.
|
|
Commit-confirm will restore a previous configuration if a confirmation
is not received in N minutes. Traditionally, this was restored by a
reboot into the last configuration on disk; add a configurable option to
reload the last completed commit without a reboot. The default setting
is to reboot.
|
|
|
|
http-api: T6736: move REST API to a node distinct from GraphQL API
|
|
ipsec: T6101: Add validation for proposal option used in IKE group
|
|
T6755: Change vyos mirror URL for smoketest
|
|
T973: add basic node_exporter implementation
|
|
T6760: firewall: add packet modifications existing in policy route to regular firewall ruleset.
|
|
T6763: Delete Jenkins file
|
|
|
|
T6761: Add timeout for OSPF smoketest fail
|
|
|
|
|
|
From time to time the smoektest script checks frrconfig to early.
I.e. FRR does not fully load the config during checking or the OSPF
daemon is not started at the time of checking.
|
|
|
|
regular firewall ruleset.
|
|
|
|
(#4109)
|
|
T6757: Openconnect: fix template for correct config parsing while configuring source address for radius authentication.
|
|
|
|
configuring source address for radius authentication.
|
|
Change vyos mirror URL
|
|
|
|
validators: T6743: use native ipaddrcheck validator options for ranges
|
|
policy: T6751: add missing completion helpers for community-list
|
|
T6687: add fqdn support to nat rules.
|
|
Add all missing, well-known values for the community-list regex.
|
|
T6749: fix PR commenting permission issue with integration test workflow
|
|
|
|
|
|
|
|
|
|
Avoid duplicate entries in the list of routes when adding/deleting
endpoints.
|
|
The GraphQL API was implemented as an addition to the existing REST API.
As there is no necessary dependency, separate the initialization of the
respective endpoints. Factor out the REST Pydantic models and FastAPI
routes for symmetry and clarity.
|
