summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2023-07-12debian: T5003: add power management userspace toolsChristian Breunig
2023-07-12container: T5352: Fix missing dependency for netavarkYouyuan
There is a missing dependency iptables for netavark . Debian marked it as optional but should be a dependency. If not installed, container cannot be created with assigned network. The rolling release is built with package iptables so there is no bug. But if users build iso on their own, container will not work if container network is assigned.
2023-07-09T3355: import startup scripts from vyatta-cfg repo for vyos-routerChristian Breunig
2023-07-08vpp: T1797:: support re-installation of vyos-1x packageChristian Breunig
2023-07-01T1797: Divert sysctl 80-vpp.confViacheslav Hletenko
2023-06-29vpp: T1797: disable CLI in rolling releasesChristian Breunig
2023-06-29Merge pull request #2059 from sever-sever/T1797-vppChristian Breunig
T1797: Add initial vpp configuration
2023-06-29tacacs: T141: tacacs is not available for arm64 (yet)Christian Breunig
2023-06-27VPP: T1797: Replaced CLI with APIViacheslav Hletenko
2023-06-27T1797: Add initial vpp configurationViacheslav Hletenko
Add initial configuration mode for VPP (PoC) set vpp cpu corelist-workers '2' set vpp cpu main-core '1' set vpp interface eth1 num-rx-desc '256' set vpp interface eth1 num-rx-queues '512' set vpp interface eth1 num-tx-desc '256' set vpp interface eth1 num-tx-queues '512' set vpp interface eth1 pci '0000:02:00.0' set vpp interface eth1 rx-mode 'polling' set vpp interface eth2 pci '0000:08:00.0' Limitation: - 'set vpp interface ethX pci auto' works only per first commit, then interface detached from default stack and creates tun interface 'ethX' to communicate with default stack. In this case we can't get PCI address via ethtool for 'tun' interfaces. But we can set pci address manualy. - Interface sync between default stack and VPP-DPDK stack After vpp change it doesn't trigger iproute2 for changes (should be written later) I.e. if we change something in vpp per each commit it restarts vpp.service it gets empty interface config as we don't configure vpp directly and it should be configured via iproute2 But then if we do any change on interface (for example description) it gets IP address, MTU, state, etc.
2023-06-22tacacs: T141: initial implementationChristian Breunig
2023-06-21tacacs: T141: create new UNIX group for aaaChristian Breunig
2023-06-21tacacs: T141: add debian package dependenciesChristian Breunig
2023-06-12Debian: T5286: cleanup dependenciesChristian Breunig
2023-06-12T5286: drop XDP support for ethernet and bonding interfacesChristian Breunig
... this is a step towards a new and better implementation that will utilize VPP.
2023-05-21T5234: add bash prompt identifier for given VRF instanceChristian Breunig
2023-05-17T5222: Add load-balancing for web trafficViacheslav Hletenko
2023-05-09Merge pull request #1978 from zdc/T5190-sagittaChristian Breunig
cloud-init: T5190: Added Cloud-init pre-configurator
2023-05-08syslog: T2778: migrate to get_config_dict()Christian Breunig
2023-05-04cloud-init: T5190: Added Cloud-init pre-configuratorzsdc
Added a new service that starts before Cloud-init, waits for all network interfaces initialization, and if requested by config, checks which interfaces can get configuration via DHCP server and creates a corresponding Cloud-init network configuration. This protects from two situations: * when Cloud-init tries to get meta-data via eth0 (default and fallback variant for any data source which depends on network), but the real network is connected to another interface * when Cloud-init starts simultaneously with udev and initializes the first interface to get meta-data before it is renamed to eth0 by udev
2023-04-21debian packaging: T5172: set minimum Python version to 3.10Daniil Baturin
since it's required for match statements and for op mode introspection
2023-04-14container: T5082: enable aardvark-dns supportChristian Breunig
With commit 0ea3e1420 ("container: T5082: switch to netavark network stack") moving to a new network stack we should also enable the new DNS plugin provided by default. TODO: add CLI nodes to manually disable DNS and/or supply external DNS servers to the container.
2023-04-04T5142: Add audit tool to monitor security-relevant eventsViacheslav Hletenko
2023-04-01container: T5082: switch to netavark network stackChristian Breunig
We now support assigning discrete IPv6 addresses to a container.
2023-03-29T5110: Fix op-mode FRR vtysh_pam account validationViacheslav Hletenko
With FRR 8.5 there is exists file /etc/pam.d/frr With this file by default we have cosmtetic error for any op-mode command $ show ip bgp vtysh_pam: Failed in account validation: Success(0)No BGP prefixes displayed, 0 exist Fix it
2023-03-16T5086: Add sFlow feature based on hsflowdViacheslav Hletenko
Add sFlow feature based on hsflowd According to user reviews, it works more stable and more productive than pmacct I haven't deleted 'pmacct' 'system flow-accounting sflow' yet It could be migrated or deprecated later set system sflow agent-address '192.0.2.14' set system sflow interface 'eth0' set system sflow interface 'eth1' set system sflow polling '30' set system sflow sampling-rate '100' set system sflow server 192.0.2.1 port '6343' set system sflow server 192.0.2.11 port '6343'
2023-03-12Debian: bump compat (debian helper) version 10 -> 12Christian Breunig
2023-03-12Revert "Debian: T2216: add netavark dependency for podman containers"Christian Breunig
This reverts commit 9ed4113d6c4809a0126d04c99d60eaa76a7b6b15.
2023-03-11container: T5003: add dependency on fuse-overlayfsChristian Breunig
Fix podman error about invalid storage: [graphdriver] prior storage driver overlay failed: 'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver" Error: 'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver.
2023-03-11Debian: T2216: add netavark dependency for podman containersChristian Breunig
2023-03-11Debian: remove python3-pyhumps from build dependencies, provided via pip in ↵Christian Breunig
container
2023-03-01graphql: T5040: generate schema in vyos-1x.postinstJohn Estabrook
2023-02-25python: T5026: Replace deprecated Python modules crypt, spwdsarthurdev
DeprecationWarning: 'crypt' is deprecated and slated for removal in Python 3.13 DeprecationWarning: 'spwd' is deprecated and slated for removal in Python 3.13
2023-02-24Merge pull request #1851 from zdc/T4943-sagittaChristian Breunig
login: T4943: Fixed 2FA + RADIUS compatibility
2023-02-24login: T4943: Fixed 2FA + RADIUS compatibilityzsdc
MFA requires KbdInteractiveAuthentication to ask a second factor, and the RADIUS module for PAM does not like it, which makes them incompatible. This commit: * disables KbdInteractiveAuthentication * changes order for PAM modules - make it first, before `pam_unix` or `pam_radius_auth` * enables the `forward_pass` option for `pam_google_authenticator` to accept both password and MFA in a single input As a result, local, RADIUS, and MFA work together. Important change: MFA should be entered together with a password. Before: ``` vyos login: <USERNAME> Password: <PASSWORD> Verification code: <MFA> ``` Now: ``` vyos login: <USERNAME> Password & verification code: <PASSWORD><MFA> ```
2023-02-24T5029: Change nginx default root directoryViacheslav Hletenko
2023-02-15Merge pull request #1817 from sarthurdev/bookwormChristian Breunig
debian: T5003: Upgrade base system to Debian 12 "Bookworm"
2023-02-14strongSwan: T4593: move to charon-systemdChristian Breunig
2023-02-13debian: T5003: Build tests require iproute2sarthurdev
2023-02-13debian: T5003: Remove obsolete crda packagesarthurdev
Kernel now performs this function internally
2023-02-13debian: T5003: Update XDP for latest libbpfsarthurdev
2023-02-04T4975: always sync() filesystem after commitChristian Breunig
2023-01-20config-mgmt: T4942: add config_mgmt module and console scriptJohn Estabrook
2023-01-17ifb: T4938: add Python implementation for input function block interfacesChristian Breunig
2023-01-14ntp: T3008: migrate from ntpd to chronyChristian Breunig
* Move CLI from "system ntp" -> "service ntp" * Drop NTP server option preempt as not supported by chrony
2023-01-09Revert "strongSwan: T4593: add charon-systemd runtime dependency"Christian Poessinger
This reverts commit 36d16f531236a62b5afc6cdd5f04d20c2b1883e6.
2023-01-01qos: T4284: first implementation introducing a new vyos.qos moduleChristian Poessinger
2022-12-27strongSwan: T4593: add charon-systemd runtime dependencyChristian Poessinger
2022-12-11sstp: T4792: add sstp-client package dependencyChristian Poessinger
2022-11-16containers: T2216: support re-install via dpkg of vyos-1x-smoketest packageChristian Poessinger
skopeo does not support overwriting an image - simply remove and readd it.