| Age | Commit message (Collapse) | Author |
|
Allow using bond interfaces in CGNAT. Improve interface cleanup to rely
on VPP API queries, as VPP config changes may modify interface indexes
|
|
|
|
Restrictions on writing an empty config file in T7709 lead to a
misleading log entry on first boot, in the absence of a baseline
archived config file; explicitly create.
|
|
before trying to use it for host identity generation
|
|
T7903: set airbag enable to default log=False
|
|
pki: T7885: check_port_availability() can't be used during system boot
|
|
The default setting for airbag enable redirects sys.stderr by way of a
singleton class. Though this construction is not unreasonable, it has
been implicated in recent bugs, and is disabled pending a full anaylsis.
|
|
This complements commit ae74a511e (pki: T7885: support full ACME setup via
renew certbot force). If /config/auth/letsencrypt is missing, ACME certificate
data can't be merged into the VyOS configuration, preventing interface (e.g.,
ethernet) setup during boot.
This change ensures basic IP connectivity is established, allowing remote
management instead of leaving the system entirely inaccessible.
This is not what we will expect but if a user deletes /config/auth/letsencrypt -
this is what will happen.
|
|
* kea: T7823: DHCP-server lease cannot be cleared
* Update smoketest/scripts/cli/test_service_dhcp-server.py
Co-authored-by: Christian Breunig <christian@breunig.cc>
---------
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
T7852: Switch to yescrypt password encryption
|
|
op-mode: T7871: add support for op mode command argument constraints
|
|
Ensures rendered FRR config passes sanity checks before applying.
Prevents issues like T7089 where bad template syntax broke routing.
Improves robustness and minimizes risk of config-induced outages.
|
|
|
|
T7709: Add file sync and atomic write to config save script
|
|
T7862: VPP: Enable support of ixgbevf driver for DPDK
|
|
l2tpv3: T7721: fix show l2tpv3 interface information
|
|
|
|
Take advantage of the helper script in the vyconf context.
|
|
Config save is provided by the helper script in both CLI and
configsession (hence also in the http api).
Use utilities write_file_sync and write_file_atomic, in accordance with
permissions and location:
If the target is in /opt/vyatta/etc/config or /config, use
write_file_sync; if, moreover, the caller has permissions, use
write_file_atomic. Otherwise, fall back to util write_file.
|
|
write_file_sync does an explicit fsync of file and directory on write.
write_file_atomic calls write_file_sync on a temp file and uses
os.rename to provide an 'atomic' write.
|
|
T7850: make op_mode_config_dict edit level aware
|
|
|
|
|
|
|
|
|
|
T7737: add vyconf-aware analogue of configfs
|
|
Accidentally slipped in 2 whitespace corrections
|
|
nose: T7825: Use nose2 for unit tests
|
|
|
|
T7805: VPP remove unused 'default-hugepage-size' from memory section and restrict page sizes in xml
|
|
T7787: add deprecation warning for ssh-dss keys
|
|
Fixed issue with podman and systemd sync when restarting
containers with 'podman restart' command.
- Placed podman storage directory in vyos/defaults.py
- Replaced repeated declarations with vyos.defaults.directories['podman_storage']
|
|
restrict page sizes in xml
|
|
|
|
|
|
Add methods to request auxiliary changes to the config file during a
commit. Used only for non-actionable updates, for example removing a
plaintext password and adding the encrypted password.
|
|
Provide env vars of config session for injection into the commitd
environment. This information is needed for certain config-mode scripts,
namely those that reference the module vyos.utils.auth.
|
|
|
|
|
|
T7796: PPPoE-server add mapping in vpp if vpp-cp is enabled
|
|
wlb: T114: Add firewall group support for WAN load balancer
|
|
OpenSSH in Debian Trixie has removed support for ssh-dss (DSA) keys, which will
prevent users with such keys from logging in after upgrade. To avoid lockouts,
add a loud deprecation warning when users log in using a DSA key. This warning
advises affected users to replace their keys with a supported algorithm (e.g.,
ed25519 or RSA) before the upgrade.
Deprecation warning will be displayed during "commit" but also as MOTD to inform
on this issue during every login.
DEPRECATION WARNING: Support for SSH-DSA keys is deprecated and will
be removed in VyOS 1.6. Please update affected keys to a supported
algorithm (e.g., RSA, ECDSA or ED25519) to avoid authentication
failures after the upgrade. The following hostkey-algorithms are in
use: ssh-dss, ssh-dss-cert-v01@openssh.com
|
|
|
|
We have to re-enable L3 mode for an interface after removing
the interface from a bridge.
From the VPP API
@param enable - Enable beige mode if not 0, else set to L3 mode
|
|
|
|
T7783: T7786: VPP clarify error messages for CPU requirements
|
|
|
|
* Change nft to iptables in system_flow-accounting.py as ipt_NETFLOW
is iptales plugin
* Remove specific and non-relevant pmacct options
* Add ipt_NETFLOW options
* Move 'interfaces' to 'netflow' tree
* Support more flexible 'source-address' and 'source-interface' for
each server instead of one source
* Add migration script
* Update op mode command 'show flow-accounting'
* Update op mode command 'restart flow-accounting'
|
|
ethernet: T7813: remove VLAN interfaces first on deletion
|
|
vyos.ifconfig: T7814: suppress unnecessary syslog noise from missing nftables rules
|