Age | Commit message (Collapse) | Author |
|
After migrating from ISC DHCLIENT for IPv6 to wide-dhcp-client the logic which
was present to update /etc/resolv.conf with the DHCP specified nameservers and
also the search domain list was no longer present.
This commit adds a per interface rendered script to inform vyos-hostsd about
the received IPv6 nameservers and search domains.
(cherry picked from commit ece425f0191762638b7c967097accd8739e9103d)
|
|
T6178: Check that certificate exists during reverse-proxy commit (backport #3222)
|
|
(cherry picked from commit 320fe827b4842b0c0da1ec5fee3d41a5730334d5)
|
|
accel-ppp: T6187: use correct CPU counts adjusted for SMT (backport #3218)
|
|
(cherry picked from commit 6927c0b622c8feaece907944bae3d4724f1e55a0)
|
|
bgp: T6106: Valid commit error for route-reflector-client option defined in peer-group (backport #3213)
|
|
image-tools: T6186: simplify image annotations fixing regression (backport #3215)
|
|
(cherry picked from commit 1f0c33c00118c42fc2796d99aff94c428f434d4a)
|
|
peer-group
changed exception condition
Improved route_reflector_client test
(cherry picked from commit 84f05b1dd41bea5de16d707aa77a467f8d499323)
|
|
dhcp-server: T4718: Listen-address is not commited if the IP address is on the interface with a VRF
|
|
openvpn: T6159: Openvpn Server Op-cmd adds heading "OpenVPN status on vtunx" for every client connection (backport #3198)
|
|
for every client connection
Don't show duplicate info of vtunx
show header when clints is not connected but server is configured
(cherry picked from commit 66a009f367f8bf274eac9a4d4e1f4f8911c85872)
|
|
T6121: Extend config-sync for QoS and system options (backport #3193)
|
|
T5832: VRRP allow set interface for exluded-address (backport #3200)
|
|
Ability to set interface for `excluded-address`
The excluded-addresses are not listed in the VRRP packet (adverts packets).
We have this ability for `address`, add the same feature for the
excluded-address
```
set high-availability vrrp group GRP-01 excluded-address 192.0.2.202 interface 'dum2'
set high-availability vrrp group GRP-01 excluded-address 192.0.2.203 interface 'dum3'
```
(cherry picked from commit 0daf445abcd00446da21fe0220d41d5fdde95ebd)
|
|
T5872: ipsec remote access VPN: support dhcp-interface. (backport #2965)
|
|
ipsec: T5606: T5871: Use multi node for CA certificates (backport #3202)
|
|
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates.
Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended.
(cherry picked from commit 952b1656f5164f6cfc601e040b48384859e7a222)
|
|
(cherry picked from commit 679b78356cbda4de15f96a7f22d4a98037dbeea4)
|
|
(cherry picked from commit 92012a0b3db8e93b10db4137414073f0371ed8cc)
|
|
(cherry picked from commit cd8ef21f280f726955f537132e3fab2bcb3c286f)
|
|
(cherry picked from commit f7834324d3d9edd7e161e7f2f3868452997c9c81)
|
|
grub: T4516: correct a format string (backport #3201)
|
|
(cherry picked from commit 74e502c16109b8d6d197751fc63ac5a32ff44404)
|
|
op-mode: T6175: "renew dhcp interface <name>" does not check for DHCP interface (backport #3194)
|
|
The current op-mode script simply calls sudo systemctl restart "dhclient@$4.service"
with no additional information about a client interface at all.
This results in useless dhclient processes
root 47812 4.7 0.0 5848 3584 ? Ss 00:30 0:00 /sbin/dhclient -4 -d
root 48121 0.0 0.0 4188 3072 ? S 00:30 0:00 \_ /bin/sh /sbin/dhclient-script
root 48148 50.0 0.2 18776 11264 ? R 00:30 0:00 \_ python3 -
Which also assign client leases to all local interfaces, if we receive one
valid DHCPOFFER
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address MAC VRF MTU S/L Description
----------- ----------------- ----------------- ------- ----- ----- -------------
eth0 - 00:50:56:bf:c5:6d default 1500 u/u
eth0.10 172.16.33.102/24 00:50:56:bf:c5:6d default 1500 u/u
eth1 172.16.33.131/24 00:50:56:b3:38:c5 default 1500 u/u
172.16.33.102/24 and 172.16.33.131/24 are stray DHCP addresses.
This commit moved the renew command to the DHCP op-mode script to properly
validate if the interface we request a renew for, has actually a dhcp address
configured. In additional this exposes the renew feature to the API.
(cherry picked from commit 7dbaa25a199a781aaa9f269741547e576410cb11)
|
|
Extent the service config-sync for sections:
- qos interface
- qos policy
- system conntrack
- system flow-accounting
- system option
- system sflow
- system static-host-mapping
- system sysctl
(cherry picked from commit 9d5ad172034ae510288b11313d307f0a24bb4b7d)
|
|
interface with vrf
|
|
bgp: T6106: fix test and verify() (backport #3190)
|
|
(cherry picked from commit 2ba435fa4bc8a5c9b2285fb9215ebc582bfb5fdf)
|
|
xml: T5738: use common constraint include for container network (backport #3181)
|
|
config-sync: T6145: batch section requests for commit by priority (backport #3172)
|
|
(cherry picked from commit 50e9364575481335520f50dac834c74ef02ccfab)
|
|
ospf: T6066: can not define the same network in different areas (backport #3185)
|
|
container: T6062: add image name completion helper (backport #3182)
|
|
Users can not (FRR fails) commit the same network belonging to different OSPF
areas. Add verify() check to prevent this.
(cherry picked from commit c6d8d9c012da1a7566eec2dff70385457f073e64)
|
|
(cherry picked from commit 37a4fdf229a7ab74718655f1d6e35fd94e5ad69a)
|
|
(cherry picked from commit 6be463fcca574e051420ae7549bed72e74486470)
|
|
bgp: T6106: Show complete FRR output on internal errors (backport #3151)
|
|
grub: T6165: increase service TimeoutSec from 5 -> 60 (backport #3179)
|
|
The PCEngines APU2 systems with mSATA disks tend to be very slow. This results
in a service startup error:
$ systemctl status vyos-grub-update
× vyos-grub-update.service - Update GRUB loader configuration structure
Loaded: loaded (/lib/systemd/system/vyos-grub-update.service; enabled; preset: enabled)
Active: failed (Result: timeout) since Sun 2024-03-24 08:48:10 UTC; 14min ago
Main PID: 779 (code=killed, signal=TERM)
CPU: 869ms
Mar 24 08:48:05 LR4.wue3 systemd[1]: Starting vyos-grub-update.service - Update GRUB loader configuration structure...
Mar 24 08:48:10 LR4.wue3 systemd[1]: vyos-grub-update.service: start operation timed out. Terminating.
Mar 24 08:48:10 LR4.wue3 systemd[1]: vyos-grub-update.service: Main process exited, code=killed, status=15/TERM
Mar 24 08:48:10 LR4.wue3 systemd[1]: vyos-grub-update.service: Failed with result 'timeout'.
Mar 24 08:48:10 LR4.wue3 systemd[1]: Failed to start vyos-grub-update.service - Update GRUB loader configuration structure.
Measunring on an APU2 system after boot and memory is "hot", it still needs
almost 17 seconds to complete the job
cpo@LR4.wue3:~$ time sudo /usr/libexec/vyos/system/grub_update.py
real 0m16.803s
user 0m0.018s
sys 0m0.028s
(cherry picked from commit 5a12645cb25fb23f2195db1e2e977a69d0788d01)
|
|
vti: T6085: bring VTI interfaces up only when the IPsec tunnel is up (backport #3157)
|
|
Revert "ethernet: T5566: disable energy efficient ethernet (EEE) for interfaces" (backport #3177)
|
|
This reverts commit ab30509b25d54dac99294b76ba03fd49c3d2c946.
As in T6152 there seem to be some NICs that have a non working implementation
of reading the EEE registers. Remove this feature in the meantime until there
is a less exploding solution hindering boards to boot.
Return to Kernel defaults by removing this code path.
(cherry picked from commit 946f93778f15f4af9f31cd5b164efcd931693635)
|
|
dhcp: T5164: op cmd: "show dhcp server leases state" with available o…
|
|
op-mode: T6161: Show container details in JSON format (backport #3171)
|
|
I made some assumptions about node types, and I expanded the initial
request to also work for networks and containers.
I found that the "raw" versions of these commands already existed in
the python scripts, so I just used the existing flags.
(cherry picked from commit b5d10d11fc8535a95df1fce2ddb0a2a08567fa77)
|
|
peer-group
handle vtysh bgp error
(cherry picked from commit 6fa72591972618f02ac1c66c084a99e006ce18f3)
|
|
vyos.configverify: T6131: verify_interface_exists() checks CLI interfaces, too (backport #3173)
|
|
Extend the way how we determine if interfaces exist in VyOS. In the past we
only validated if the interface in question really exists at the OS level.
This has some drawbacks as services (like OSPF or OSPFv3) can also handle
interfaces dynamically which appear or leaf the OS.
This commit not only checks for OS interfaces but also if the interface in
question was configured at the CLI level, this is proof enough to pass the
check. If it does not exist at the CLI level, we continue searching it it's
maybe a Kernel interface - useful for container networks.
In addition we can now not only raise() an error but simply show a warning if
an interface does not exist.
(cherry picked from commit f7250ecf1d119f14d72f99ee379deaaae0790f0e)
|