| Age | Commit message (Collapse) | Author |
|---|
|
T7038: T7039: fix broken RADIUS IPv6 source address and add smoketests
|
|
nhrp: T2326: NHRP migration to FRR
|
|
RADIUS is pretty sensible to its configuration. Instead of manual testing,
extend the smoketest platform to ship a freeradius container and perform logins
against a locally running freeradius server in a container.
|
|
NHRP migration to FRR
|
|
When setting up vyos-1x-smoketest package, the required container images will
be fetched from the appropriate registry. During development one will re-install
the vyos-1x generated packages periodically. In the past this triggered a
re-download of the container images for every set-up of the package.
Getting image source signatures
Copying blob sha256:d3a4026919f923f4e0bb9a23a1e5c2d3c5593d31cbac8d2d6d032285b4852945
Copying config sha256:c1f39daffdeffeb97987901406e2ecef0fb2c2ca236fdfaf570d088426294d91
Writing manifest to image destination
Storing signatures
Getting image source signatures
Copying blob sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e
Copying blob sha256:064e2154c8ec1ddeb114ebc9db9a3876ee8883e9a14fe8622c31cb6f17b759f6
Copying blob sha256:7e3fbb46165bc5a98b12c136087a13992e30fe00ab4fab2bbe6c7edd657d8c5b
Copying blob sha256:80a416511ac029206f3f824a15b1c94845c410242a1e463c466a1b3081f7e20f
Copying blob sha256:339be6688c410f9851f6f09cf0c9d63819f8ca5f2bb09d93ce8c42714842f5ed
Copying config sha256:6950ba3bd4492642b6c6c0c5f5bb88a5f2a48f700974a2bdba74333a65d9324e
Writing manifest to image destination
Storing signatures
This change will download the container images only if the image is not present
on the system.
|
|
* smoketest: T7023: unify container image loading
* smoketest: T7023: add tac_plus container to live validate login
TACACS is pretty sensible to its configuration. Instead of manual testing,
extend the smoketest platform to ship a tac_plus container and perform logins
against a locally running tac_plus server in a container.
The login username/password and TACACS shared secret is generated randomly on
the fly for every testcase.
|
|
on libnss-mapuser (#4281)
Upstream 2.0.0 version from Debian has issues
|
|
* T6949: adds blackbox exporter
* T6949: adds basic config generation
* T6949: extract shared module config options
* T6949: switch to ipv4/6 literals
* T6949: moves config file to /run
* T6949: adds dns query name option
* T6949: adds dns query type values
* T6949: adds blackbox exporter to debian/control
|
|
|
|
|
|
|
|
Drop newlines added by macro statement and Jinja2 comments. Jinja2 comments
will be removed during package build on the shipped files.
|
|
|
|
As we are generating the reference tree from the XML definitions during
build, save an internal representation for vyconfd to load on startup.
|
|
|
|
|
|
cli: T6740: add a converter from set commands to config
|
|
Extend commit a0c15a159 ("T973: add basic node_exporter implementation") by
adding the required dependency to install node-exporter binary.
|
|
T973: add basic node_exporter implementation
|
|
|
|
|
|
Recent ethtool 6.10 supports JSON output for the base driver features. Remove
our old text based processing code and use the machine readable output of
ethtool.
|
|
|
|
|
|
During podman upgrade and a build from the original source the UNIX socket
definition for systemd got lost in translation.
This commit re-adds the UNIX socket which is started on boot to interact with
Podman.
Example:
curl --unix-socket /run/podman/podman.sock -H 'content-type: application/json' \
-sf http://localhost/containers/json
|
|
|
|
T6362: Create conntrack logger daemon
|
|
|
|
|
|
This fixes an error during ISO assembly:
update-alternatives: error: no alternatives for regulatory.db
dpkg: error processing archive /tmp/apt-dpkg-install-PJplR3/00-vyos-1x_1.5dev0-1880-gecaa44498_amd64.deb (--unpack):
new vyos-1x package pre-installation script subprocess returned error exit status 2
|
|
Most likely b/c of our non signed Kernel binary we do not trust the Debian
signed wireless regulatory database. Fallback to the upstream database instead.
|
|
|
|
Rather then waiting for a fully assembled ISO image to validate if there is no
incompatibility with vyos-configd - like more then one instance of Config(),
make this a build time test case for "make test"
|
|
|
|
suricata: T751: Initial support for suricata
|
|
Remove `service upnp` as it never worked as expected, nft rules do
not integrated and custom patches do not seem like a suitable
solution for now.
Security:
UPnP has been historically associated with security risks due to its automatic
and potentially unauthenticated nature.
UPnP devices might be vulnerable to unauthorized access or exploitation.
|
|
|
|
|
|
|
|
|
|
|
|
Currently VyOS only supports binding a service to one individual VRF. It might
become handy to have the services (initially it will be VRF, NTP and SNMP) be
bound to multiple VRFs.
Changed VRF from leafNode to multi leafNode with defaultValue: default - which
is the name of the default VRF.
|
|
Also raise op-mode error when unable to fetch data from Kea socket
|
|
|
|
|
|
This extends commit 2c3e4696b3e22 ("T2267: Versioning: Update version tag from
GIT repo") to also include release tags.
|
|
|
|
The "idea" of this PR is to add new CLI nodes under the pki subsystem to
activate ACME for any given certificate.
vyos@vyos# set pki certificate NAME acme
Possible completions:
+ domain-name Domain Name
email Email address to associate with certificate
listen-address Local IPv4 addresses to listen on
rsa-key-size Size of the RSA key (default: 2048)
url Remote URL (default:
https://acme-v02.api.letsencrypt.org/directory)
Users choose if the CLI based custom certificates are used
set pki certificate EXAMPLE acme certificate <base64>
or if it should be generated via ACME.
The ACME server URL defaults to LetsEncrypt but can be changed to their staging
API for testing to not get blacklisted.
set pki certificate EXAMPLE acme url https://acme-staging-v02.api.letsencrypt.org/directory
Certificate retrieval has a certbot --dry-run stage in verify() to see if it
can be generated.
After successful generation, the certificate is stored in under
/config/auth/letsencrypt. Once a certificate is referenced in the CLI (e.g. set
interfaces ethernet eth0 eapol certificate EXAMPLE) we call
vyos.config.get_config_dict() which will (if with_pki=True is set) blend in the
base64 encoded certificate into the JSON data structure normally used when
using a certificate set by the CLI.
Using this "design" does not need any change to any other code referencing the
PKI system, as the base64 encoded certificate is already there.
certbot renewal will call the PKI python script to trigger dependency updates.
|
|
dhcp: T3316: Adjust kea lease files' location and permissions
|
|
|
