Age | Commit message (Collapse) | Author |
|
T775: Add service config-sync between 2 routers
|
|
|
|
|
|
* set protocols ospf aggregation timer <seconds>
* set protocols ospf summary-address x.x.x.x/x [tag 1-4294967295]
* set protocols ospf summary-address x.x.x.x/x no-advertise
|
|
|
|
After an interface is added/removed from VPP, it will be reinitialized, which
allows reconfiguring IP addresses on it.
Also modified VPP load priority to start before interfaces, and avoid
reconfiguration during boot.
|
|
|
|
Service config-sync allows synchronizing a section of
the configuration.
As PoC allow only nat, nat66 and firewall sections
Rertreive the configuration for a section from self node and
send this configuration to the section of the 'secondary' node.
This feature adds a symlink from helper 'vyos_config_sync.py'
to '/config/scripts/commit/post-hooks.d' and config that is
located in '/run/config_sync_conf.conf'
It will synchronyze the config only if the setcion
was changed.
set service config-sync secondary address 192.0.2.11
set service config-sync secondary key xxx
set service config-sync section nat
set service config-sync section nat66
set service config-sync section firewall
set service config-sync mode load
|
|
T1797: Add initial vpp configuration
|
|
The previous implementation did not iterate over the communit list, so only
one match criteria was supported.
set policy route-map FOO rule 10 action 'permit'
set policy route-map FOO rule 10 set extcommunity rt '1111:2222222'
worked but on the other hand this failed:
set policy route-map FOO rule 20 action 'permit'
set policy route-map FOO rule 20 set extcommunity rt '6500:24 6500:23 192.168.0.1:111 192.168.0.1:222'
|
|
T5304: Container add volume bind propagation option
|
|
set container name c1 volume myvlm propagation rshared
|
|
Add initial configuration mode for VPP (PoC)
set vpp cpu corelist-workers '2'
set vpp cpu main-core '1'
set vpp interface eth1 num-rx-desc '256'
set vpp interface eth1 num-rx-queues '512'
set vpp interface eth1 num-tx-desc '256'
set vpp interface eth1 num-tx-queues '512'
set vpp interface eth1 pci '0000:02:00.0'
set vpp interface eth1 rx-mode 'polling'
set vpp interface eth2 pci '0000:08:00.0'
Limitation:
- 'set vpp interface ethX pci auto' works only per first
commit, then interface detached from default stack and creates
tun interface 'ethX' to communicate with default stack. In this
case we can't get PCI address via ethtool for 'tun' interfaces.
But we can set pci address manualy.
- Interface sync between default stack and VPP-DPDK stack
After vpp change it doesn't trigger iproute2 for changes
(should be written later)
I.e. if we change something in vpp per each commit it restarts
vpp.service it gets empty interface config as we don't configure vpp
directly and it should be configured via iproute2
But then if we do any change on interface (for example description)
it gets IP address, MTU, state, etc.
|
|
|
|
set high-availability vrrp group <name> version 2|3
|
|
|
|
|
|
|
|
T5283: ipoe-server: add more flexibility in subnet parameter.
|
|
... this is a step towards a new and better implementation that will utilize
VPP.
|
|
|
|
|
|
This should make the help messages more consistent for DNS related
CLI subtree.
|
|
mdns: T5227: Refactor smoke tests for mdns-repeater
|
|
|
|
Add meaningful constraint message for service name format
|
|
|
|
Create migration and bump package version from 0 -> 1 for dynamic dns
|
|
Apply next round of configuration tree updates to 'service dns dynamic'
with the following changes:
- Migrate `service dns dynamic interface <interface> [use-web]`
to `service dns dynamic address <interface>`
or `service dns dynamic address web [web-options]`
This communicates the intent that dynamic dns IP address is detected
in only one way - using the `<interface>` or using an external web
request, not both.
- When using external web request, (`service dns dynamic address web`),
external url is optional (`web-options url`). Ddclient defaults are
used when unspecified,
- Rename all config `login` to `username` for consistency and also to
align better with alternative ddclient backends in consideration.
- Apply global 'ipv6-enable' to per service 'ip-version: ipv6'. Selecting
usage of IPv4 or IPv6 (or both simultaneously) is now at per service
(protocol) level instead of global level. This allows more control on
the ability to select IPv4 in some cases and IPv6 in some other cases
wherever supported by the underlying ddclient protocol.
- While the IP address (and by extension, the detection mechanism) is
global, the way it is applied to a particular ddclient protocol depends
on whether it supports IPv4 or IPv6 or both.
- Related to the above, this also prevents generating incorrect config
file (`ddclient.conf`) with multiple global sections leading to an
unpredictable behavior of ddclient.
- Implement provider (protocol) specific custom tweaks whenever possible
(e.g., `zone`, `username`, `server` are not necessary in all cases).
- Move service name from a combination of 'protocol' (with protocol
config autodetected) and custom (with protocol config specified) to a
single 'service' key. This allows for consisent setup of multiple
config for the same ddclient protocol (with different options and
credentials). This also avoid ambiguity with usual networking term
'protocol' and ddclient specific term 'protocol' (and can change with
a move to a different backend).
- Apply upfront XML constraints and validations consistently wherever
applicable.
- RFC2136 specific change: Rename rfc2136 config `record` to `host-name`
for consistency.
- Cloudflare specific change: While ddclient still supports authenticating
with email and global auth key, skipping `username` in config will
indicate the intent to use API token authentication (with special
'token' literal as `username`).
|
|
|
|
|
|
Ability to use 'vif' and 'vif-s' for virtual-ethernet "vethX" interfaces
set interfaces virtual-ethernet veth10 vif 50
|
|
T5230: Added missing enforce-first-as option to bgp protocol common c…
|
|
and frr bgp jinja template.
|
|
To accept a Proxy Protocol header on incoming TCP connections,
add an accept-proxy parameter to the bind line in a frontend section.
This parameter detects both Proxy Protocol version 1 (text format)
and Proxy Protocol version 2 (binary format).
set load-balancing reverse-proxy backend <tag> server <tag> send-proxy
|
|
Improve and refactoring "load-balancing reverse-proxy"
- replace 'reverse-proxy server <tag>'
=> 'reverse-proxy service <tag>'
- replace 'reverse-proxy global-parameters tls <xxx>'
=> 'reverse-proxy global-parameters tls-version-min xxx'
=> 'reverse-proxy global-parameters ssl-bind-ciphers xxx'
- replace 'reverse-proxy service https rule <tag> set server 'xxx'
=> 'reverse-proxy service https rule <tag> set backend 'xxx'
'service https rule <tag> domain-name xxx' set as multinode
|
|
Relax allow service pattern to allow for '.' as well for SRV records.
|
|
|
|
Sync up with commit 96d846d27ac ("T5226: Combine ipv4-address and ipv6-address
validators")
|
|
constraint
|
|
T5222: Add load-balancing for web traffic
|
|
T5226: Standardize hostname and IP address validators and constraints
|
|
|
|
Allow listing additional browse domains (in addition to the default
'local') so that custom domains can be reflected.
Additionally, allow filtering the services that are allowed to be
reflected across multiple (V)LANs.
|
|
|
|
Make host-name constraints consistent across all definitions
|
|
Use a single ip-address validator to combine and replace ipv4-address
and ipv6-address validators.
|
|
Revert "veth: T3829: Allow moving veth into netns"
|
|
netns management for any Vyos interfaces doesn't work past the initial
creation, because Vyos always tries to recreate it/move it into the
netns even though it already exists. Until this is fixed, don't let
anyone even attempt to use this:
set interfaces virtual-ethernet veth10 peer-name 'veth100'
set interfaces virtual-ethernet veth100 netns 'ns01'
set interfaces virtual-ethernet veth100 peer-name 'veth10'
set netns name ns01
commit
vyos@r14# sudo ip netns exec ns01 ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
12: veth100@if13: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether ee:8f:0b:bd:a2:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[edit]
vyos@r14#
set interfaces virtual-ethernet veth100 description MyNetns
commit
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 111, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 101, in apply
p.update(veth)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1413, in update
self.set_netns(config.get('netns', ''))
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 552, in set_netns
self.set_interface('netns', netns)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 183, in set_interface
return self._set_command(self.config, name, value)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 110, in _set_command
return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd))
^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 52, in _cmd
return cmd(command, self.debug)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: ip link set dev veth100 netns ns01
returned:
exit code: 1
noteworthy:
cmd 'ip link set dev veth100 netns ns01'
returned (out):
returned (err):
Cannot find device "veth100"
This reverts commit f5cc8453860568351cd9b3b7a05d06e1462460e8.
|
|
When enabling identity-based-config, users can add arbitrary config keys
that are processed by ocserv. The user "must know" what he is been doing, as
invalid config option will make the ocserv daemon go ... whoop!
Thus add a warning and inform the user about this setting.
|