| Age | Commit message (Collapse) | Author |
|---|
|
ifconfig: T2653: move macsec interface to get_config_dict()
|
|
|
|
|
|
|
|
|
|
T2654: Remove overzealous error checking
|
|
|
|
While moving towards a general interface abstraction based on get_config_dict()
and the use of vyos.ifconfig.Interfaces().update() it also makes sense, to
split out common verification code to a common util file - instead of
duplicating the code, which is infact one of the main forces drivind this
transition.
vyos.configverify will hold common functions called via verify() from our
src/conf_mode scripts so we do not need to copy/paste general verifications
methods.
|
|
By implementation misstake we exited the migrationscript if no VXLAN interface
was found but this was wrong as the same loop is used on pseudo-ethernet
interfaces. The Migrator previously only worked on pseudo-ethernet when
also a VXLAN interface was present. This has been corrected.
|
|
|
|
This changes the dummy interface implementation to make use of get_config_dict()
and also implement a new vyos.ifconfig.Interface().update() function to gather
all the scattered calls to update common interface configuration options.
Derived classes of Interface() should extend update() to their needs for their
special interface type - e.g. bond or bridge.
|
|
|
|
Commit 1d7f88b459d ("ssh: T2635: migrate to get_config_dict()") used a wrong
loop iterator on the rendered ListenAddress statement.
|
|
xml: T2528: fix defaults
|
|
|
|
xml: T2528: fix to work with named tags (edit mode)
|
|
vyos-router may/is requiring access to the service, make sure
it starts before, if not is has no consequence to do so anyway.
|
|
WantedBy is about the service installation and is not related
to the boot order, linking to vyos.target instead
|
|
The PreExec is making sure that the vyos-config-status file exists
and blocks until it does.
This file is created on boot completion and I can see no reason
why the http service has to wait for the end of boot to start.
Any barrier to start should be done with systemd itself.
|
|
The install section determine if the package should be enabled.
vyos-hostd should be install if vyos.target is enabled.
|
|
|
|
|
|
Notify systemd via the notify API when the python daemon are
ready to take connection
https://github.com/torfsen/python-systemd-tutorial
|
|
systemd is setup with Restart=on-failure thereforer the service
will only be restarted if the daemon died and reported an error.
Previously any OsError would cause a exit(0) and therefore the
API would not have been restarted.
https://www.freedesktop.org/software/systemd/man/systemd.service.html
|
|
|
|
|
|
Commit 289f513 ("wireguard: T2632: support PSK on multiple peers") introduced
a regression when multiple allowed-ips have been configured. They were not
properly quoted when passing them down to the wg binary.
|
|
dictconfig: T2637: identify sub-interfaces (vif) to delete
|
|
|
|
Commit 9390988709 ("vxlan: T2629: fix multiple configuration issues") called
append() on a list and passed two arguments which is invalid.
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/interfaces-vxlan.py", line 300, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/interfaces-vxlan.py", line 245, in apply
v = VXLANIf(vxlan['intf'], **conf)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 221, in __init__
self._create()
File "/usr/lib/python3/dist-packages/vyos/ifconfig/vxlan.py", line 84, in _create
cmdline.append('group', 'src_interface')
TypeError: append() takes exactly one argument (2 given)
|
|
|
|
This reverts commit 45c81add25e71230f1aa20ed0971a9ce061f33ec.
|
|
|
|
validation: T2630: bound to interface mtu if available
|
|
|
|
Jinja template contains some workarounds like {% if port is string %}, this
depends of the resolution of https://phabricator.vyos.net/T2636
|
|
tunnel: T2633: add support for ip (arp) commands
|
|
vxlan: T2629: fix multiple configuration issues
|
|
|
|
SSH mac, ciper and key exchange algorithms are not ynamically and only change
on distro upgrades. Thus it is easier to have them in a list and use a regex
based constraint. In the past users could have entered anything here!
|
|
It was not possible to configure two WG peers with both utilized a pre-shared
key. This has been corrected.
WG psk can only be read from a file when starting the interface. The code for
creating this temporary file has been moved into the ifconfig.WireGuardIf()
class.
Tested with:
============
set interfaces wireguard wg0 address '192.0.2.0/31'
set interfaces wireguard wg0 peer one allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer one preshared-key 'e+SIIUcrnrSDHhbTtpjwKhSlSdUALA5ZvoCjfQXcvmA='
set interfaces wireguard wg0 peer one pubkey '/qQGAQ2HfLSZBSCpdgps04r9wRlK7bSFraCH9+MScmw='
set interfaces wireguard wg0 peer two allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer two pubkey '/qQGAQ2HfLSZBSCpdgfooor9wRlK7bSFraCH9+MScmw='
|
|
|
|
xml: T2588: fix mistake when determining if a node is multi
|
|
|
|
xml: T2588: allow multiple values in defaults
|
|
|
|
|
|
|
|
|
|
|
