| Age | Commit message (Collapse) | Author |
|---|
|
T7386: firewall: Allow IPv6 member in firewall remote-groups
|
|
utils: T7095: make `vrf` and `netns` arguments aware of the shell
|
|
remote groups
|
|
frr: T7431: missing logging options after rewrite to frrender class
|
|
In src/etc/systemd/system/frr.service.d/override.conf#L6-L11 the log entry is
added on restart - but not during normal operation of frrender.py
Logging should be added persistent when rendering the FRR configuration
using FRRender class.
|
|
When both the CLI PKI node for an ACME-issued certificate and HAProxy are
configured during initial setup, the certbot challenge cannot be served via the
reverse proxy because HAProxy has not yet been configured at all.
This commit introduces a special case to handle this bootstrap scenario,
ensuring that the certbot challenge can still be served correctly in standalone
mode on port 80 despite initial config dependencies/priorities between PKI
and HAProxy.
|
|
This will wrap the messages at 72 characters in the same way as Warning() and
DeprecationWarning() would do. We now have simple wrappers for it!
Example:
vyos@vyos# commit
[ pki ]
Updating configuration: "load-balancing haproxy service frontend ssl
certificate LE_cloud"
Add/replace automatically imported CA certificate for "LE_cloud"
|
|
Add a new category if Jinja2 operands. We already have filters and tests, but
sometimes we would like to call a Python function without and data "|" piped
to it - that's what they call a clever-function.
{{ get_default_port(NAME) }} can be used to retrieve the value from
vyos.defaults.internal_ports[NAME] within Jinja2. We no longer need to extend
the dictionary with arbitrary data retrieved from vyos.defaults, we can now
simply register another clever-function to the Jinja2 backend.
|
|
If we detect that an ACME issued certificate is consumed by haproxy service,
we will move the certbot webserver to localhost and a highport, to proxy the
request via haproxy which is already using port 80.
|
|
|
|
Commit 4523e9c897b3 ("wireguard: T3763: Added check for listening port
availability") added a function to check if a port is free to use or already
occupied by a different running service. This has been done by trying to bind a
socket to said given port.
Unfortunately there is no support for IPv6 address-fdamily in both
socketserver.TCPServer or socketserver.UDPServer. This must be done manually by
deriving TCPServer and setting self.address_family for IPv6.
The new implementation gets rid of both TCPServer and UDPServer and replaces it
with a simple socket binding to a given IPv4/IPv6 address or any interface/
address if unspecified.
In addition build time tests are added for the function to check for proper
behavior during build time of vyos-1x.
|
|
T7316: Add MTU validation for interfaces with MTU less then 1200
|
|
syslog: T7367: ensure rsyslog is registered as default systemd syslog service
|
|
interface: T7375: cleanup SLAAC assigned address and default route after removing SLAAC CLI configuration
|
|
geoip: T5636: Add geoip for policy route/route6
|
|
interface: T4627: support setting of IPv6 Interface Identifier(Token)
|
|
bridge: T7322: fix slow performance of allowed vlan
|
|
ospf: T7383: Fixed unconfigured redistribution of nhrp into ospf
|
|
|
|
When an interface runs in DHCPv6 only mode, there is no reason to have a
default installed that was received via SLAAC. If SLAAC is needed, it should
be turned on explicitly.
This bug was only triggered during system boot where a DHCPv6 client address
and a default route to a link-local address was shown in the system. If DHCPv6
was enabled only on an interface while VyOS was already running - no default
route got installed.
|
|
When using SLAAC for IPv6 addresses we will also receive a default route via a
RA (Router Advertisement). When we disable SLAAC on a interface the Linux
Kernel does not automatically flush all addresses nor the routes received.
The Kernel wait's until the addresses/prefixes/routes expire using their
lifestime setting.
When removing SLAAC from an interface, also remove the auto generated IPv6
address and both the default router received and the connected IP prefix of the
SLAAC advertisement.
|
|
We can reference "self.ifname" in any Python f-ormatted string directly. No
need for an interim temporary variable.
|
|
|
|
Fixed unconfigured redistribution of nhrp into ospf.
|
|
Add common IPv6 CLI option (use ethernet as example):
set interfaces ethernet eth0 ipv6 address interface-identifier
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
|
|
grub: T7327: honor "system option kernel" settings during image upgrade
|
|
When performing an image upgrade and Linux Kernel command-line option that
should be passed via GRUB to the Linux Kernel are missing on the first boot.
This is because when generating the GRUB command-line via the op-mode scripts
the CLI nodes defining the options are not honored.
This commit re-implements the code-path in op-mode which generates the strings
passed via GRUB to the Linux Kernel command-line.
NOTE: If (for a yet unknown reason) a Kernel command-line option string changes
during a major - or minor - upgrade of the Linux Kernel, we will need to adapt
that logic and possibly call a helper from within the NEW updated image rootfs.
Thus we can ship future information back into the past like the "Grays Sports
Almanac" from Back to the Future Part II.
|
|
kea: T7281: Add ping-check, use built-in option for classless static routes
|
|
T7321: Replace legacy operations in configsession.py with vyconf client operations
|
|
* dhcp-server: T7310: add support for option 138 CAPWAP AC to KEA
* kea: T7310: Update data/templates/dhcp-server/kea-dhcp4.conf.j2
Co-authored-by: Simon <965089+sarthurdev@users.noreply.github.com>
* kea: T7310: Update python/vyos/kea.py
Co-authored-by: Simon <965089+sarthurdev@users.noreply.github.com>
* kea: T7310: add smoketest for capwap-ac-v4
* kea: T7310: Update python/vyos/kea.py
Co-authored-by: Simon <965089+sarthurdev@users.noreply.github.com>
---------
Co-authored-by: David Vølker <davvol@davvol.dk>
Co-authored-by: Simon <965089+sarthurdev@users.noreply.github.com>
|
|
|
|
Remove legacy windows static route on option 249
|
|
|
|
|
|
Encapsulation of standard config session functions, to replace legacy
versions in configsession.py.
|
|
|
|
|
|
|
|
Fix indentation error in get_vlans_ids_and_range function.
|
|
Allowed VLAN ranges are unnecessarily deconstructed into individual vlans, and then added one by one to the bridge. This can take a long time if a large range like 1-4084 is used.
- python/vyos/configdict.py - Added get_vlans_ids_and_range function to return configured ranges
- python/vyos/ifconfig/bridge.py - Modified add and delete vlan section to not loop unnecessarily
|
|
|
|
|
|
T7292: add Python module client library for vyconfd
|
|
|
|
Working on T7273 revealed that when committing the following CLI config
"set interfaces vxlan vxlan0 parameters neighbor-suppress" the CLI level
queried via conf.get_level() was at ['interfaces', 'vxlan'].
This had the side effect that queries on the configuration like:
conf.exists(['protocols', 'bgp']) returned False, as it would look accidently
at the level: ['interfaces', 'vxlan', 'protocols', 'bgp']
This error was there from the beginning of the FRRender class implementation.
|
|
|
|
|
|
|
|
|
