Age | Commit message (Collapse) | Author |
|
frr: upgrade to 10.2 and migrate protocols to unified FRRender class
|
|
As vyos-configd will take care about the commit via FRRender class, and FRR
needs to internally process the configuration we might read it back via vtysh
"to fast". Add a 5 seconds guard timer after each cli_commit() and before
calling getFRRconfig().
Guard timer is reset every time, cli_commit() is called.
|
|
|
|
Do not use custom daemon definitions like bgpd - re-use them from e.g.
vyos.frrender.bgp_daemon
|
|
|
|
Sometimes FRR needs some time after reloading the configuration to appear in
vtysh. This is a workaround addiung a 2 second guard timer.
|
|
Consolidate "multicast interface-route" and "multicast route" under common
"mroute <x.x.x.x/y>" CLI node.
|
|
|
|
|
|
VNI was always retrieved via effective configuration and not active
configuration.
|
|
Migrate "set protocols static route <x.x.x.x/x> next-hop <y.y.y.y> bfd multi-hop
source <z.z.z.z> profile <NAME>" to: "set protocols static route <x.x.x.x/x>
next-hop <y.y.y.y> bfd profile bar"
FRR supports only one source IP address per BFD multi-hop session. VyOS
had CLI cupport for multiple source addresses which made no sense.
|
|
FRR 10.2 will use "[no] ip forwarding" and "[no] ipv6 forwarding" to enable or
disable IP(v6) forwarding. We no longer rely on sysctl as this was overridden
by FRR later on.
Remove code path for sysctl setting and solely rely on FRR.
|
|
|
|
When running under vyos-configd only a single apply() is done as last step in
the commit algorithm. FRRender class address is provided via an attribute from
vyos-configd process.
|
|
A lot of services have dynamic debug capabilities which will be turned on by
creating a file in /tmp. These scripts have the path hardcoded and sometimes
accross multiple places (bad).
This commit introduces vyos.defaults.frr_debug_enable to get the path for the
debug file from a single location.
|
|
This is pretty usefull to monitor what's going on under the hood
Dec 08 15:27:34 vyos-configd[4324]: Received message: {"type": "init"}
Dec 08 15:27:34 vyos-configd[4324]: config session pid is 4400
Dec 08 15:27:34 vyos-configd[4324]: config session sudo_user is cpo
Dec 08 15:27:34 vyos-configd[4324]: commit_scripts: ['protocols_babel', 'protocols_bfd', 'protocols_bgp']
Dec 08 15:27:34 vyos-configd[4324]: Received message: {"type": "node", "last": false, "data": "/usr/libexec/vyos/conf_mode/protocols_babel.py"}
Dec 08 15:27:34 vyos-configd[4324]: Sending reply: error_code 1 with output
Dec 08 15:27:34 vyos-configd[4324]: Received message: {"type": "node", "last": false, "data": "/usr/libexec/vyos/conf_mode/protocols_bgp.py"}
Dec 08 15:27:34 vyos-configd[4324]: Sending reply: error_code 1 with output
Dec 08 15:27:34 vyos-configd[4324]: Received message: {"type": "node", "last": true, "data": "/usr/libexec/vyos/conf_mode/protocols_bfd.py"}
Dec 08 15:27:34 vyos-configd[4324]: Sending reply: error_code 1 with output
Dec 08 15:27:34 vyos-configd[4324]: scripts_called: ['protocols_babel', 'protocols_bgp', 'protocols_bfd']
Dec 08 15:27:34 vyos-configd[4324]: FRR: Reloading configuration - tries: 1 Python class ID: 139842739583248
Debugging the new FRRender/vyos-config integration
|
|
|
|
tagNode
This will save an entire level for the configuration and there is no need for a
parent "multicast" node, as it will only have "route" as tagNode below.
Move set protocols static multicast route <x.x.x.x/y> to:
* set protocols static mroute <x.x.x.x/y>
|
|
With FRR 10.0 daemons started to be migrated to integrated FRR mgmtd and a
northbound interface. This led to some drawbacks in the current state how
changes to FRR are handled. The current implementation will use frr-reload.py
and specifies excatly WHICH daemon needs a config update and will only replace
this part inside FRR.
With FRR10 and mgmtd when a partial configuration is sent to mgmtd, it will
remove configuration parts from other daemons like bgpd or ospfd which have
not yet been migrated to mgmtd.
It's not possible to call frr-reload.py with daemon mgmtd - it will error out.
This commit will also change the CLI for static routes:
CLI command "set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop
source 1.1.1.1" will be split into:
* set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd source-address 1.1.1.1
* set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop
To make the XML blocks reusable, and comply with the FRR CLI - this was actually
a wrong implementation from the beginning as you can not have multiple BFD
source addresses.
CLI command "set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop
source 1.1.1.1 profile bar" is changed to:
* set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd profile bar
CLI commands "set protocols static multicast interface-route" is moved to:
* set protocols static multicast route <x.x.x.x/x> interface
To have an identical look and feel with regular static routes.
|
|
Drop newlines added by macro statement and Jinja2 comments. Jinja2 comments
will be removed during package build on the shipped files.
|
|
|
|
|
|
|
|
Honor ospfd deferred shutdown when "max-metric router-lsa on-shutdown" is
defined.
https://github.com/FRRouting/frr/issues/17011
|
|
|
|
|
|
|
|
|
|
|
|
tacacs: T6613: dynamically build exclude_users list to avoid TACACS traffic
|
|
static: T4214: Allow several dhcp-interfaces to the same static rote
|
|
ipoe_server: T6628: Add option to assign static IP address to end users with local auth
|
|
- Allow configure preshared key for zabbix-agent
- Added op mode command for generatre random psk secret
- Removed duplicate xml definition for psk settings
Configure authentication mode:
```
# set service monitoring zabbix-agent authentication mode
Possible completions:
pre-shared-secret Use a pre-shared secret key
```
Configure PSK Settings:
```
# set service monitoring zabbix-agent authentication psk
Possible completions:
id ID for authentication
secret pre-shared secret key
```
Generate Random PSK:
```
$ generate psk random
Possible completions:
<Enter> Execute the current command
size Key size in bytes
```
|
|
T6940: added pr mirror sync caller workflows (revised)
|
|
workflows
|
|
There is no need to send local base OS accounts like root or daemon to the
tacacs server. This will only make the CLI experience sluggish.
Build up a dynamic list of user accounts to exclude from TACACS lookup.
|
|
op_mode: T6860: Display the EULA in "run show license"
|
|
T6718: use the vyconf daemon for validation of set commands
|
|
|
|
T6927: adds option to set container name server
|
|
set `default-route-distance` to 1
|
|
image latest vrf <name>"
|
|
- Fixed handling of flow isolation parameters.
- Corrected support for `nat` and `nonat` in flow isolation.
- Extended RTT values to cover the full range supported by `tc`.
|
|
|
|
|
|
|
|
Start vyconfd after migration.
|
|
As we are generating the reference tree from the XML definitions during
build, save an internal representation for vyconfd to load on startup.
|
|
Add current config and failsafe for vyconfd to load on startup.
|
|
pki: T6368: Add ability for acme to listen on IPv6 addresses
|