Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-10-18 | pki: T4914: Rewrite the PKI op mode in the new style | Nataliia Solomko | |
2024-10-11 | T6712: Add nonproduction banner (#4149) | mergify[bot] | |
(cherry picked from commit 3abe7c72c95c3d9b825db08b092c555786e9fbcf) Co-authored-by: Viacheslav Hletenko <v.gletenko@vyos.io> | |||
2024-10-10 | Merge pull request #4146 from sarthurdev/pki_ec | Daniil Baturin | |
pki: T6766: Add support for ECDSA private keys | |||
2024-10-10 | Merge pull request #4147 from sarthurdev/haproxy | Daniil Baturin | |
haproxy: T6745: Rename reverse-proxy to haproxy | |||
2024-10-09 | haproxy: T6745: Add haproxy migration to config test | sarthurdev | |
2024-10-09 | haproxy: T6745: Rename `reverse-proxy` to `haproxy` | sarthurdev | |
2024-10-09 | pki: T6766: Add support for ECDSA private keys | sarthurdev | |
2024-10-08 | Merge pull request #4128 from jestabro/commit-confirm-soft-rollback | John Estabrook | |
config-mgmt: T5976: add option for commit-confirm to use 'soft' rollback | |||
2024-10-08 | config-mgmt: T5976: display message when reverting to previous config | John Estabrook | |
2024-10-07 | Merge pull request #4138 from natali-rs1985/T4318-current | John Estabrook | |
vyos.configtree: T4318: Allow set tag flag to true or false | |||
2024-10-07 | vyos.configtree: T4318: Allow set tag flag to true or false | Nataliia Solomko | |
2024-10-07 | Merge pull request #4129 from c-po/accel-smoketest | Christian Breunig | |
smoketest: T4576: add guard timeout for systemd in log level tests | |||
2024-10-07 | config-mgmt: T5976: move commit-confirm revert action to subnode | John Estabrook | |
2024-10-07 | Merge pull request #4124 from dmbaturin/T6740-set-to-config-converter | John Estabrook | |
cli: T6740: add a converter from set commands to config | |||
2024-10-07 | cli: T6740: set_tag on created paths and add parse step for ordering | John Estabrook | |
Signed-off-by: Daniil Baturin <daniil@baturin.org> | |||
2024-10-07 | Merge pull request #3938 from talmakion/feature/T6430-local-pbr | Christian Breunig | |
pbr: T6430: Local IP rules targeting VRFs by name as well as route table IDs | |||
2024-10-07 | xml: T6430: add re-usable vrf CLI node for firewall and pbr | Christian Breunig | |
2024-10-07 | pbr: T6430: Local IP rules routing into VRFs by name | Andrew Topp | |
* This is the `policy local-route*` part of T6430, manipulating ip rules, another PR covers firewall-backed `policy route*` for similar functionality * Local PBR (policy local-route*) can only target table IDs up to 200 and the previous PR to extend the range was rejected * PBR with this PR can now also target VRFs directly by name, working around targeting problems for VRF table IDs outside the overlapping 100-200 range * Validation ensures rules can't target both a table ID and a VRF name (internally they are handled the same) * Relocated TestPolicyRoute.verify_rules() into VyOSUnitTestSHIM.TestCase, extended to allow lookups in other address families (IPv6 in the new tests). verify_rules() is used by original pbr and new lpbr smoketests in this PR. | |||
2024-10-07 | Merge pull request #4118 from c-po/acme-ca-cert | Daniil Baturin | |
pki: T6481: auto import ACME certificate chain into CLI | |||
2024-10-07 | Merge pull request #4133 from c-po/parallel-smoketests | Christian Breunig | |
GitHub: T6494: add parallel step to run interface based smoketests | |||
2024-10-06 | pki: T6481: auto import ACME certificate chain into CLI | Christian Breunig | |
When using an ACME based certificate with VyOS we provide the necessary PEM files opaque in the background when using the internal tools. This however will not properly work with the CA chain portion, as the system is based on the "pki certificate <name> acme" CLI node of a certificate but CA chains reside under "pki ca". This adds support for importing the PEM data of a CA chain issued via ACME into the "pki ca AUTOCHAIN_<name> certificate" subsystem so it can be queried by other daemons. Importing the chain only happens, when the chain was not already added manually by the user. ACME certificate chains that are automatically added to the CLI are all prefixed using AUTOCHAIN_certname so they can be consumed by any daemon. This also adds a safeguard when the intermediate CA changes, the referenced name on the CLI stays consitent for any pending daemon updates. | |||
2024-10-06 | Merge pull request #4132 from c-po/keyboard-layout | Christian Breunig | |
T6759: add support for italian keymap | |||
2024-10-06 | Merge pull request #4131 from c-po/static-error-msg | Christian Breunig | |
static: T4283: fix missing f'ormat string | |||
2024-10-06 | GitHub: T6494: add parallel step to run interface based smoketests | Christian Breunig | |
2024-10-06 | T6759: add support for italian keymap | Christian Breunig | |
set system option keyboard-layout it | |||
2024-10-05 | op-mode: T6753: Fix json output for mtr / monitor traceroute (#4122) | Nataliia S. | |
2024-10-05 | static: T4283: fix missing f'ormat string | Christian Breunig | |
This fixes the error message: Can not use both blackhole and reject for prefix "{prefix}"! Added in commit bb78f3a9ad28 ("static: T4283: support "reject" routes - emit an ICMP unreachable when matched") | |||
2024-10-05 | Merge pull request #4130 from c-po/node-exporter-fix | Christian Breunig | |
Debian: T973: add missing dependency on node-exporter package | |||
2024-10-05 | Debian: T973: add missing dependency on node-exporter package | Christian Breunig | |
Extend commit a0c15a159 ("T973: add basic node_exporter implementation") by adding the required dependency to install node-exporter binary. | |||
2024-10-05 | smoketest: T4576: add guard timeout for systemd in log level tests | Christian Breunig | |
Systemd comes with a default of 5 restarts in 10 seconds policy, this limit can be hit by this reastart sequence, slow down a bit. | |||
2024-10-05 | config-mgmt: T5976: add option for commit-confirm to use 'soft' rollback | John Estabrook | |
Commit-confirm will restore a previous configuration if a confirmation is not received in N minutes. Traditionally, this was restored by a reboot into the last configuration on disk; add a configurable option to reload the last completed commit without a reboot. The default setting is to reboot. | |||
2024-10-05 | config-mgmt: T5976: normalize formatting | John Estabrook | |
2024-10-04 | Merge pull request #4110 from jestabro/distinct-api | Christian Breunig | |
http-api: T6736: move REST API to a node distinct from GraphQL API | |||
2024-10-04 | Merge pull request #4121 from natali-rs1985/T6101-current | Christian Breunig | |
ipsec: T6101: Add validation for proposal option used in IKE group | |||
2024-10-04 | Merge pull request #4119 from sever-sever/T6755 | Christian Breunig | |
T6755: Change vyos mirror URL for smoketest | |||
2024-10-04 | Merge pull request #4048 from rebortg/node_exporter | Christian Breunig | |
T973: add basic node_exporter implementation | |||
2024-10-04 | Merge pull request #4123 from nicolas-fort/fwall_set_commands | Daniil Baturin | |
T6760: firewall: add packet modifications existing in policy route to regular firewall ruleset. | |||
2024-10-04 | Merge pull request #4126 from sever-sever/T6763 | Daniil Baturin | |
T6763: Delete Jenkins file | |||
2024-10-04 | T6763: Delete Jenkins file | Viacheslav Hletenko | |
2024-10-04 | Merge pull request #4125 from sever-sever/T6761 | Christian Breunig | |
T6761: Add timeout for OSPF smoketest fail | |||
2024-10-03 | T973: remove irrelevant standard values | rebortg | |
2024-10-03 | cli: T6752: add a wrapper for the show command (#4111) | Daniil Baturin | |
2024-10-03 | T6761: Add timeout for OSPF smoketest fail | Viacheslav Hletenko | |
From time to time the smoektest script checks frrconfig to early. I.e. FRR does not fully load the config during checking or the OSPF daemon is not started at the time of checking. | |||
2024-10-03 | cli: T6740: add a converter from set commands to config | Daniil Baturin | |
2024-10-03 | T6760: firewall: add packet modifications existing in policy route to ↵ | Nicolas Fort | |
regular firewall ruleset. | |||
2024-10-03 | http-api: T6736: sanitize error message containing user input | John Estabrook | |
2024-10-03 | vyos.configtree: T6742: add bindings for create_node and is_leaf/set_leaf ↵ | Daniil Baturin | |
(#4109) | |||
2024-10-03 | Merge pull request #4120 from nicolas-fort/T6757-ocserv-radius | Daniil Baturin | |
T6757: Openconnect: fix template for correct config parsing while configuring source address for radius authentication. | |||
2024-10-02 | ipsec: T6101: Add validation for proposal option used in IKE group | Nataliia Solomko | |
2024-10-02 | T6757: Openconnect: fix template for correct config parsing while ↵ | Nicolas Fort | |
configuring source address for radius authentication. |