Age | Commit message (Collapse) | Author |
|
Right now we have multiple restart helpers (e.g. dhcp server, ssh, ntp) that
all do the same (more or less):
* Check if service is configured on CLI
* Restart if configured
* Error out if unconfigured
This is not available via the op-mode API. Create a new restart.py op-mode
helper that takes the service name and possible VRF as argument so it's also
exposed via API.
|
|
Right now we can only monitor the bandwidth for one individual interface, but
not all at once. This adds support to monitor all interfaces.
|
|
dmbaturin/T6498-machine-readable-tech-support-report
op-mode: T6498: add machine-readable tech support report script
|
|
|
|
T6527: add legacy Vyatta interpreter files still in use
|
|
|
|
op-mode: T6524: rewrite "release dhcp(v6) interface" to new op-mode format
|
|
* T6452: Add QoS Op Commands
Added the following commands:
show qos shaping
show qos shaping detail
show qos shaping interface <int name>
show qos shaping interface <int name> detail
show qos shaping interface <int name> class <class name>
show qos shaping interface <int name> class <class name> detail
show qos cake interface <int name>
|
|
|
|
T6313: Add "NAT" to "generate" command for rule resequence
|
|
|
|
op mode: T6501: add "run show kernel modules"
|
|
Commit e5af1f090 ("ssh: T6192: allow binding to multiple VRF instances")
switched the systemd unit file from ssh.service to ssh@*.service, this change
was not reflected in the "restart ssh" op-mode command.
|
|
|
|
op-mode: T6480: must call pki.py helper as root to work with ACME certificates
|
|
op-mode: T6407: "generate pki" missed to mangle in ACME certificates when required
|
|
required
If the requested certificate to generate an Apple IOS profile was based on an
ACME certificate, we also need to mangle in the ACME certs content to retrieve
the certificates issuer name.
|
|
This is an addition to commit 65fba1cd2 ("op-mode: T6377: must call pki.py
helper as root to work with ACME certificates") which missed out the basic
"show pki" command, as the <command> XML node was deep down in the view.
|
|
T6456: Convert "monitor traffic" to modern op-mode wrapper
|
|
The old "monitor traffic" definition had misaligned arguments under the verbose node
and manually offered the same parameter keyword in multiple positions to emulate
flexible parameters.
I've wrapped tcpdump for op-mode and replicated the "varargs" style from mtr.py/mtr.xml.in
to present a few more parameters in a more flexible manner.
Changes to the Makefile were required for recursive varargs lookup.
|
|
If the remote device has explicitly sent the interface name as the portID,
we should use that first as the interface name, before working through
the previous priority order.
I've brought back LLDP detail views directly calling lldpcli. This can be
extended to render a template from op_mode/lldp.py, but lldpcli isn't bad
at rendering readable info. Raw mode (including detailed raw) is still
accessible for programmatic access.
|
|
* monitor log wireless hostapd [interface <name>]
* monitor log wireless wpa-supplicant [interface <name>]
* show log wireless hostapd [interface <name>]
* show log wireless wpa-supplicant [interface <name>]
|
|
Likely this was copied from mtr in the past but the symlink wasn't added
to the Makefile.
I've also swapped the completion help text around to match the commands.
|
|
|
|
This fixes the error:
vyos@vyos:~$ show pki certificate
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/vyos/config.py", line 111, in config_dict_mangle_acme
tmp = read_file(f'{vyos_certbot_dir}/live/{name}/cert.pem')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 44, in read_file
raise e
File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 38, in read_file
with open(fname, 'r') as f:
^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/vyos/cert.pem'
|
|
suricata: T751: Initial support for suricata
|
|
T6366: CGNAT add ability to get external and internal allocations
|
|
Fixed broken logging for "show log nat"
Added the following commands:
show log nat source
show log nat source rule <ruleNum>
show log nat destination nat
show log nat destination nat rule <ruleNum>
show log nat static
show log nat static rule <ruleNum>
|
|
op-mode: T6367: fix "force commit-archive" TypeError
|
|
Add the ability to show port allocation per external or internal address
With huge entries, it is necessary to filter it by specific
external/internal IP address
|
|
/usr/bin/config-mgmt requires an argument OR to be symbolically linked to
*commit-revision or *commit-archive, for which it interprets argv[0] through
the useful trickery:
https://github.com/vyos/vyos-1x/blob/current/python/vyos/config_mgmt.py#L693-L700
Traceback (most recent call last):
File "/usr/bin/config-mgmt", line 33, in <module>
sys.exit(load_entry_point('vyos==1.3.0', 'console_scripts', 'config-mgmt')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/config_mgmt.py", line 746, in run
func = getattr(config_mgmt, args['subcommand'])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: attribute name must be string, not 'NoneType'
|
|
T6350: CGNAT add op-mode to show allocation
|
|
Add op-mode command `show nat cgnat allocation` to get CGNAT
allocations (internal address, external address, port-range)
|
|
Converted completion helpers from python to bash for performance
Previous commit:
Added the following commands:
show evpn
show evpn es
show evpn es <es-id>
show evpn es detail
show evpn es-evi
show evpn es-evi detail
show evpn es-evi vni <num>
show evpn vni
show evpn vni detail
show evpn vni <num>
Updated the following commands:
show evpn access-vlan
show evpn arp-cache
show evpn mac
show evpn next-hops
show evpn rmac
|
|
Added the following commands:
show evpn
show evpn es
show evpn es <es-id>
show evpn es detail
show evpn es-evi
show evpn es-evi detail
show evpn es-evi vni <num>
show evpn vni
show evpn vni detail
show evpn vni <num>
Updated the following commands:
show evpn access-vlan
show evpn arp-cache
show evpn mac
show evpn next-hops
show evpn rmac
|
|
|
|
|
|
show interfaces bonding lacp detail
show interfaces bonding <bondif> lacp detail
show interfaces bonding <bondif> lacp neighbors
Co-authored-by: l0crian1 <ryan.claridge13@gmail.com>
|
|
ntp: T4909: Rewrite NTP op mode in new format
Adapts ntp.xml.in to reference new ntp.py file
Add ntp.py
Adds a check to ntp.py to verify if the ntp service is configured
Adds raw mode to ntp.py
For raw output, replaces the original method of parsing the command line output FROM re.split+regex TO csv.reader.
Separates chrony commands into equivalent functions show_tracking, show_sources, source_sourcestats and show_activity
Revises the names of raw dictionary keys variables to be lowercase
Corrects a comment typo and renames function name used for raw mode
|
|
- Added show firewall <sections> detail paths
modified: src/op_mode/firewall.py
- Added Description as a header to normal "show firewall" commands
- Added 'detail' view which shows the output in a list key-pair format
Description column was added for these commands and their subsections:
show firewall statistics
show firewall groups
show firewall <family>
Detail view was added for these commands:
show firewall bridge forward filter detail
show firewall bridge forward filter rule <rule#> detail
show firewall bridge name <chain> detail
show firewall bridge name <chain> rule <rule#> detail
show firewall ipv4 forward filter detail
show firewall ipv4 forward filter rule <rule#> detail
show firewall ipv4 input filter detail
show firewall ipv4 input filter rule <rule#> detail
show firewall ipv4 output filter detail
show firewall ipv4 output filter rule <rule#> detail
show firewall ipv4 name <chain> detail
show firewall ipv4 name <chain> rule <rule#> detail
show firewall ipv6 forward filter detail
show firewall ipv6 forward filter rule <rule#> detail
show firewall ipv6 input filter detail
show firewall ipv6 input filter rule <rule#> detail
show firewall ipv6 output filter detail
show firewall ipv6 output filter rule <rule#> detail
show firewall ipv6 name <chain> detail
show firewall ipv6 name <chain> rule <rule#> detail
show firewall group detail
show firewall group <group> detail
|
|
The current op-mode script simply calls sudo systemctl restart "dhclient@$4.service"
with no additional information about a client interface at all.
This results in useless dhclient processes
root 47812 4.7 0.0 5848 3584 ? Ss 00:30 0:00 /sbin/dhclient -4 -d
root 48121 0.0 0.0 4188 3072 ? S 00:30 0:00 \_ /bin/sh /sbin/dhclient-script
root 48148 50.0 0.2 18776 11264 ? R 00:30 0:00 \_ python3 -
Which also assign client leases to all local interfaces, if we receive one
valid DHCPOFFER
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address MAC VRF MTU S/L Description
----------- ----------------- ----------------- ------- ----- ----- -------------
eth0 - 00:50:56:bf:c5:6d default 1500 u/u
eth0.10 172.16.33.102/24 00:50:56:bf:c5:6d default 1500 u/u
eth1 172.16.33.131/24 00:50:56:b3:38:c5 default 1500 u/u
172.16.33.102/24 and 172.16.33.131/24 are stray DHCP addresses.
This commit moved the renew command to the DHCP op-mode script to properly
validate if the interface we request a renew for, has actually a dhcp address
configured. In additional this exposes the renew feature to the API.
|
|
I made some assumptions about node types, and I expanded the initial
request to also work for networks and containers.
I found that the "raw" versions of these commands already existed in
the python scripts, so I just used the existing flags.
|
|
|
|
|
|
|
|
Automatic update of the remote commit-archive could fail under certian
circumstances, add an op-mode command to manually trigger the update:
cpo@LR1.wue3# run force commit-archive
Archiving config...
git+https://git.FOOO.de/cpo/vyos-config-backup [edit]
|
|
|
|
dhcp: T6102: Fix clear DHCP lease op-mode
|
|
config: T4919: Add support for encrypted config with TPM
|
|
|