summaryrefslogtreecommitdiff
path: root/op-mode-definitions
AgeCommit message (Collapse)Author
2024-07-30Merge pull request #3698 from talmakion/bugfix/T3334Christian Breunig
system: op-mode: T3334: allow delayed getty restart when configuring serial ports
2024-07-30system: op-mode: T3334: allow delayed getty restart when configuring serial ↵Andrew Topp
ports * Created op-mode command "restart serial console" * Relocated service control to vyos.utils.serial helpers, used by conf- and op-mode serial console handling * Checking for logged-in serial sessions that may be affected by getty reconfig * Warning the user when changes are committed and serial sessions are active, otherwise restart services as normal. No prompts issued during commit, all config gen/commit steps still occur except for the service restarts (everything remains consistent) * To apply committed changes, user will need to run "restart serial console" to complete the process or reboot the whole router * Added additional flags and target filtering for generic use of helpers.
2024-07-17Merge pull request #3817 from c-po/op-mode-restartChristian Breunig
op-mode: T6577: create generic service restart helper to work with the API
2024-07-16op-mode: T6577: create generic service restart helper to work with the APIChristian Breunig
Right now we have multiple restart helpers (e.g. dhcp server, ssh, ntp) that all do the same (more or less): * Check if service is configured on CLI * Restart if configured * Error out if unconfigured This is not available via the op-mode API. Create a new restart.py op-mode helper that takes the service name and possible VRF as argument so it's also exposed via API.
2024-07-15Merge pull request #3810 from c-po/restart-ntpChristian Breunig
op-mode: T6575: add support for NTP service restart via CLI
2024-07-14firewall: T6581: fix completion for "show firewall ... rule"Daniil Baturin
2024-07-13op-mode: T6575: add support for NTP service restart via CLIChristian Breunig
This seemed to be arround in the early days, but is not available since at least VyOS 1.3.3. Add CLI helper to restart the NTP process (chrony).
2024-07-10op-mode: T6566: add support for listing all interfaces in "monitor bandwidth"Christian Breunig
Right now we can only monitor the bandwidth for one individual interface, but not all at once. This adds support to monitor all interfaces.
2024-07-03Merge pull request #3746 from ↵Daniil Baturin
dmbaturin/T6498-machine-readable-tech-support-report op-mode: T6498: add machine-readable tech support report script
2024-07-03op-mode: T6498: add machine-readable tech support report scriptDaniil Baturin
2024-07-02Merge pull request #3745 from c-po/no-legacyDaniil Baturin
T6527: add legacy Vyatta interpreter files still in use
2024-06-30T6527: add legacy Vyatta interpreter files still in useChristian Breunig
2024-06-29Merge pull request #3733 from c-po/T6524-release-dhcpChristian Breunig
op-mode: T6524: rewrite "release dhcp(v6) interface" to new op-mode format
2024-06-28T6452: Add QoS Op Commands (#3591)l0crian1
* T6452: Add QoS Op Commands Added the following commands: show qos shaping show qos shaping detail show qos shaping interface <int name> show qos shaping interface <int name> detail show qos shaping interface <int name> class <class name> show qos shaping interface <int name> class <class name> detail show qos cake interface <int name>
2024-06-27op-mode: T6524: rewrite "release dhcp(v6) interface" to new op-mode formatChristian Breunig
2024-06-27Merge pull request #3715 from HollyGurza/T6313Christian Breunig
T6313: Add "NAT" to "generate" command for rule resequence
2024-06-27T6313: Add "NAT" to "generate" command for rule resequencekhramshinr
2024-06-24Merge pull request #3683 from dmbaturin/T6501-lsmod-on-steroidsJohn Estabrook
op mode: T6501: add "run show kernel modules"
2024-06-21op-mode: T6503: "restart ssh" command not workingChristian Breunig
Commit e5af1f090 ("ssh: T6192: allow binding to multiple VRF instances") switched the systemd unit file from ssh.service to ssh@*.service, this change was not reflected in the "restart ssh" op-mode command.
2024-06-19op mode: T6501: add "run show kernel modules"Daniil Baturin
2024-06-14Merge pull request #3645 from c-po/pki-T6480Christian Breunig
op-mode: T6480: must call pki.py helper as root to work with ACME certificates
2024-06-14Merge pull request #3646 from c-po/pki-T6407Christian Breunig
op-mode: T6407: "generate pki" missed to mangle in ACME certificates when required
2024-06-14op-mode: T6407: "generate pki" missed to mangle in ACME certificates when ↵Christian Breunig
required If the requested certificate to generate an Apple IOS profile was based on an ACME certificate, we also need to mangle in the ACME certs content to retrieve the certificates issuer name.
2024-06-14op-mode: T6480: must call pki.py helper as root to work with ACME certificatesChristian Breunig
This is an addition to commit 65fba1cd2 ("op-mode: T6377: must call pki.py helper as root to work with ACME certificates") which missed out the basic "show pki" command, as the <command> XML node was deep down in the view.
2024-06-13Merge pull request #3601 from talmakion/bugfix/T6456Daniil Baturin
T6456: Convert "monitor traffic" to modern op-mode wrapper
2024-06-11T6456: Convert "monitor traffic" to modern op-mode wrapperAndrew Topp
The old "monitor traffic" definition had misaligned arguments under the verbose node and manually offered the same parameter keyword in multiple positions to emulate flexible parameters. I've wrapped tcpdump for op-mode and replicated the "varargs" style from mtr.py/mtr.xml.in to present a few more parameters in a more flexible manner. Changes to the Makefile were required for recursive varargs lookup.
2024-06-11T6045: Recreate show lldp detail views & improve remote port selectionAndrew Topp
If the remote device has explicitly sent the interface name as the portID, we should use that first as the interface name, before working through the previous priority order. I've brought back LLDP detail views directly calling lldpcli. This can be extended to render a template from op_mode/lldp.py, but lldpcli isn't bad at rendering readable info. Raw mode (including detailed raw) is still accessible for programmatic access.
2024-06-10wireless: T6462: add op-mode command for hostapd and wpa_supplicant logsChristian Breunig
* monitor log wireless hostapd [interface <name>] * monitor log wireless wpa-supplicant [interface <name>] * show log wireless hostapd [interface <name>] * show log wireless wpa-supplicant [interface <name>]
2024-06-04T6431: op-mode command monitor traceroute missing recursive symlinkAndrew Topp
Likely this was copied from mtr in the past but the symlink wasn't added to the Makefile. I've also swapped the completion help text around to match the commands.
2024-05-29op-mode: T5231: add command to restart reverse-proxyChristian Breunig
2024-05-25op-mode: T6377: must call pki.py helper as root to work with ACME certificatesChristian Breunig
This fixes the error: vyos@vyos:~$ show pki certificate Traceback (most recent call last): File "/usr/lib/python3/dist-packages/vyos/config.py", line 111, in config_dict_mangle_acme tmp = read_file(f'{vyos_certbot_dir}/live/{name}/cert.pem') ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 44, in read_file raise e File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 38, in read_file with open(fname, 'r') as f: ^^^^^^^^^^^^^^^^ PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/vyos/cert.pem'
2024-05-23Merge pull request #3399 from 0xThiebaut/suricataChristian Breunig
suricata: T751: Initial support for suricata
2024-05-21Merge pull request #3490 from sever-sever/T6366Christian Breunig
T6366: CGNAT add ability to get external and internal allocations
2024-05-21T6375: Fix/Update NAT loggingl0crian1
Fixed broken logging for "show log nat" Added the following commands: show log nat source show log nat source rule <ruleNum> show log nat destination nat show log nat destination nat rule <ruleNum> show log nat static show log nat static rule <ruleNum>
2024-05-21Merge pull request #3489 from c-po/commit-archiveDaniil Baturin
op-mode: T6367: fix "force commit-archive" TypeError
2024-05-21T6366: CGNAT add ability to get external and internal allocationsViacheslav Hletenko
Add the ability to show port allocation per external or internal address With huge entries, it is necessary to filter it by specific external/internal IP address
2024-05-20op-mode: T6367: fix "force commit-archive" TypeErrorChristian Breunig
/usr/bin/config-mgmt requires an argument OR to be symbolically linked to *commit-revision or *commit-archive, for which it interprets argv[0] through the useful trickery: https://github.com/vyos/vyos-1x/blob/current/python/vyos/config_mgmt.py#L693-L700 Traceback (most recent call last): File "/usr/bin/config-mgmt", line 33, in <module> sys.exit(load_entry_point('vyos==1.3.0', 'console_scripts', 'config-mgmt')()) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/config_mgmt.py", line 746, in run func = getattr(config_mgmt, args['subcommand']) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TypeError: attribute name must be string, not 'NoneType'
2024-05-17Merge pull request #3466 from sever-sever/T6350Daniil Baturin
T6350: CGNAT add op-mode to show allocation
2024-05-16T6350: CGNAT add op-mode to show allocationViacheslav Hletenko
Add op-mode command `show nat cgnat allocation` to get CGNAT allocations (internal address, external address, port-range)
2024-05-16T6335: Add/Update EVPN op commandsl0crian1
Converted completion helpers from python to bash for performance Previous commit: Added the following commands: show evpn show evpn es show evpn es <es-id> show evpn es detail show evpn es-evi show evpn es-evi detail show evpn es-evi vni <num> show evpn vni show evpn vni detail show evpn vni <num> Updated the following commands: show evpn access-vlan show evpn arp-cache show evpn mac show evpn next-hops show evpn rmac
2024-05-15T6335: Add/Update EVPN op commandsl0crian1
Added the following commands: show evpn show evpn es show evpn es <es-id> show evpn es detail show evpn es-evi show evpn es-evi detail show evpn es-evi vni <num> show evpn vni show evpn vni detail show evpn vni <num> Updated the following commands: show evpn access-vlan show evpn arp-cache show evpn mac show evpn next-hops show evpn rmac
2024-05-12suricata: T751: Initial support for suricataMaxime THIEBAUT
2024-05-10image-tools: T6184: add op-mode set boot-consoleJohn Estabrook
2024-05-04op-mode: T6291: add LACP related commandsl0crian1
show interfaces bonding lacp detail show interfaces bonding <bondif> lacp detail show interfaces bonding <bondif> lacp neighbors Co-authored-by: l0crian1 <ryan.claridge13@gmail.com>
2024-04-22ntp: T4909: Rewrite NTP op mode in new formatGinko
ntp: T4909: Rewrite NTP op mode in new format Adapts ntp.xml.in to reference new ntp.py file Add ntp.py Adds a check to ntp.py to verify if the ntp service is configured Adds raw mode to ntp.py For raw output, replaces the original method of parsing the command line output FROM re.split+regex TO csv.reader. Separates chrony commands into equivalent functions show_tracking, show_sources, source_sourcestats and show_activity Revises the names of raw dictionary keys variables to be lowercase Corrects a comment typo and renames function name used for raw mode
2024-04-01 modified: op-mode-definitions/firewall.xml.inl0crian1
- Added show firewall <sections> detail paths modified: src/op_mode/firewall.py - Added Description as a header to normal "show firewall" commands - Added 'detail' view which shows the output in a list key-pair format Description column was added for these commands and their subsections: show firewall statistics show firewall groups show firewall <family> Detail view was added for these commands: show firewall bridge forward filter detail show firewall bridge forward filter rule <rule#> detail show firewall bridge name <chain> detail show firewall bridge name <chain> rule <rule#> detail show firewall ipv4 forward filter detail show firewall ipv4 forward filter rule <rule#> detail show firewall ipv4 input filter detail show firewall ipv4 input filter rule <rule#> detail show firewall ipv4 output filter detail show firewall ipv4 output filter rule <rule#> detail show firewall ipv4 name <chain> detail show firewall ipv4 name <chain> rule <rule#> detail show firewall ipv6 forward filter detail show firewall ipv6 forward filter rule <rule#> detail show firewall ipv6 input filter detail show firewall ipv6 input filter rule <rule#> detail show firewall ipv6 output filter detail show firewall ipv6 output filter rule <rule#> detail show firewall ipv6 name <chain> detail show firewall ipv6 name <chain> rule <rule#> detail show firewall group detail show firewall group <group> detail
2024-03-28op-mode: T6175: "renew dhcp interface <name>" does not check for DHCP interfaceChristian Breunig
The current op-mode script simply calls sudo systemctl restart "dhclient@$4.service" with no additional information about a client interface at all. This results in useless dhclient processes root 47812 4.7 0.0 5848 3584 ? Ss 00:30 0:00 /sbin/dhclient -4 -d root 48121 0.0 0.0 4188 3072 ? S 00:30 0:00 \_ /bin/sh /sbin/dhclient-script root 48148 50.0 0.2 18776 11264 ? R 00:30 0:00 \_ python3 - Which also assign client leases to all local interfaces, if we receive one valid DHCPOFFER vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- eth0 - 00:50:56:bf:c5:6d default 1500 u/u eth0.10 172.16.33.102/24 00:50:56:bf:c5:6d default 1500 u/u eth1 172.16.33.131/24 00:50:56:b3:38:c5 default 1500 u/u 172.16.33.102/24 and 172.16.33.131/24 are stray DHCP addresses. This commit moved the renew command to the DHCP op-mode script to properly validate if the interface we request a renew for, has actually a dhcp address configured. In additional this exposes the renew feature to the API.
2024-03-23op-mode: T6161: Show container details in JSON formatAdrian L Lange
I made some assumptions about node types, and I expanded the initial request to also work for networks and containers. I found that the "raw" versions of these commands already existed in the python scripts, so I just used the existing flags.
2024-03-18show log: T6127 - Fixed egrep regex for IPv6l0crian1
2024-03-18show log: T6127 - Fixed egrep regexl0crian1