summaryrefslogtreecommitdiff
path: root/smoketest/scripts/cli
AgeCommit message (Collapse)Author
2024-02-02Merge pull request #2889 from sarthurdev/kea-hooksChristian Breunig
dhcpv6: T3771: Installation of routes for delegated prefixes, add excluded-prefix to PD
2024-02-02Merge pull request #2927 from ishioni/T5955Christian Breunig
container: T5955: add uid/gid settings
2024-02-02smoketest: T5955: verify container uid/gid settingChristian Breunig
2024-02-02Merge pull request #2891 from aapostoliuk/T5971-circinusViacheslav Hletenko
T5971: Rewritten ppp options in accel-ppp services
2024-02-01Merge pull request #2756 from nicolas-fort/T4839Christian Breunig
T4839: firewall: Add dynamic address group in firewall configuration
2024-02-01Merge pull request #2860 from indrajitr/ddclient-update-20240119Christian Breunig
ddclient: T5966: Adjust dynamic dns config address subpath
2024-02-01smoketest: T5687: simplify "dns forwarding" test setupChristian Breunig
Commit eb76729d6324 ("dns forwarding: T5687: Implement ECS settings for PowerDNS recursor") added a helper "_set_required_options()" method to reduce duplicate code when setting up the base interface test. This refactors the test class to call this code always in setUp() so we have it written only once.
2024-01-30dns forwarding: T5687: Implement ECS settings for PowerDNS recursorkhramshinr
2024-01-29T5971: Rewritten ppp options in accel-ppp servicesaapostoliuk
Rewritten 'ppp-options' to the same view in all accel-ppp services. Adding IPv6 support to PPTP.
2024-01-25T4839: firewall: Add dynamic address group in firewall configuration, and ↵Nicolas Fort
appropiate commands to populate such groups using source and destination address of the packet.
2024-01-24dhcpv6: T3316: Add support for excluded-prefix in prefix delegationsarthurdev
2024-01-23bfd: T5967: add minimum-ttl optionChristian Breunig
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254> * set protocols bfd profile <name> minimum-ttl <1-254>
2024-01-22dhcp: T5787: Allow disabled duplicates on static-mappingsarthurdev
2024-01-22Merge pull request #2867 from c-po/ethernet-T4638Christian Breunig
ethernet: T4638: add smoketests verifying there are no stale VLAN interfaces left
2024-01-22Merge pull request #2869 from c-po/sflow-t5968Viacheslav Hletenko
sflow: T5968: add VRF support
2024-01-22sflow: T5968: add VRF supportChristian Breunig
Add support to run hsflowd in a dedicated (e.g. management) VRF. Command will be "set system sflow vrf <name>" like with any other service
2024-01-21ddclient: T5966: Update smoketest for dynamic dns config subpath changeIndrajit Raychaudhuri
2024-01-21dns: T5959: Avoid using reserved ports for testingIndrajit Raychaudhuri
For example, port 5353 is reserved for multicast DNS, this means tests will fail if the host running the tests is also running a mDNS server.
2024-01-21dns: T5959: Streamline dns forwarding serviceIndrajit Raychaudhuri
Streamline configuration and operation of dns forwarding service in following ways: - Remove `dns_forwarding_reset.py` as its functionality is now covered by `dns.py` - Adjust function names in `dns.py` to disambiguate between DNS forwarding and dynamic DNS - Remove `dns_forwarding_restart.sh` as its functionality is inlined in `dns-forwarding.xml` - Templatize systemd override for `pdns-recursor.service` and move the generated override files in /run. This ensures that the override files are always generated afresh after boot - Simplify the systemd override file by removing the redundant overrides - Relocate configuration path for pdns-recursor to `/run/pdns-recursor` and utilize the `RuntimeDirectory` default that pdns-recursor expects - We do not need to use custom `--socket-dir` path anymore, the default path (viz., `/run/pdns-recursor` is fine)
2024-01-21ethernet: T4638: add smoketests verifying there are no stale VLAN interfaces ↵Christian Breunig
left This extends commit 7ba47f027 ("ethernet: T4638: deleting parent interface does not delete underlying VIFs") with a smoketests ensure no VIFs are left behind.
2024-01-21ntp: T5692: add support to configure leap second behaviorChristian Breunig
* set service ntp leap-second [ignore|smear|system|timezone] Where timezone is the new and old default resulting in adding "leapsectz right/UTC" to chrony.conf. The most prominent new option is "smear" which will add leapsecmode slew maxslewrate 1000 smoothtime 400 0.001 leaponly to chrony. See https://chrony-project.org/doc/4.3/chrony.conf.html leapsecmode for additional information
2024-01-18smoketest: T5779: clear conntrack config on test startupChristian Breunig
2024-01-18Merge pull request #2839 from josephillips85/currentChristian Breunig
dhcp: T5952: Fix validate duplicate MAC Address on same subnet
2024-01-18dhcp: T5952: validate duplicate DUID in static-mappings incl. smoketestsChristian Breunig
2024-01-17Merge pull request #2832 from aapostoliuk/T5865-circinusChristian Breunig
T5865: Moved ipv6 pools to named ipv6 pools in accel-ppp
2024-01-16T5865: Moved ipv6 pools to named ipv6 pools in accel-pppaapostoliuk
Moved ipv6 pools to named ipv6 pools in accel-ppp services
2024-01-14bgp: T591: add VPN nexthop support per address-familyChristian Breunig
set protocols bgp address-family ipv4-unicast nexthop vpn export <ipv4-address|ipv6-address> set protocols bgp address-family ipv6-unicast nexthop vpn export <ipv4-address|ipv6-address>
2024-01-14bgp: T591: add SRv6 per address-family SID supportChristian Breunig
set protocols bgp address-family ipv4-unicast sid vpn export <auto|1-1048575> set protocols bgp address-family ipv6-unicast sid vpn export <auto|1-1048575>
2024-01-13Merge pull request #2817 from sarthurdev/kea6-optionsChristian Breunig
dhcpv6: T3316: Extend scope of DHCP options, bugfixes
2024-01-13dhcpv6: T3316: Move options to separate node and extend scopessarthurdev
* Also migrate `address-range` to `range` tag node for consistency with dhcpv4 server syntax
2024-01-12T5922: firewall: fix intra-zone filtering parsing rules; update firewall ↵Nicolas Fort
smoketest
2024-01-11dhcp: dhcpv6: T3316: Add `subnet-id` so leases remain mapped to entries in ↵Simon
the lease file (#2796)
2024-01-10Merge pull request #2787 from c-po/bgp-5913Viacheslav Hletenko
bgp: T5913: allow peer-group support for ipv4|6-labeled-unicast SAFI
2024-01-10bgp: T5913: allow peer-group support for ipv4|6-labeled-unicast SAFIChristian Breunig
2024-01-10Merge pull request #2785 from sarthurdev/kea-optionsChristian Breunig
dhcp: T3316: T5787: T5912: Extend scope of DHCP options, bugfixes
2024-01-10dhcp: T5787: Prevent duplicate IP addresses on static mappingssarthurdev
2024-01-10dhcp: T3316: Fix `listen-address` handling and add `listen-interface` as ↵sarthurdev
supported by Kea
2024-01-10dhcp: T3316: Move options to separate node and extend scopessarthurdev
2024-01-09pki: T5911: fix service update algorithm if certificate name contains a ↵Christian Breunig
hyphen (-) When testing for changed PKI certificates using node_changed(), we should not use key_mangling=('-', '_'), as this will make certificate updates with a hypen not possible.
2024-01-09https: T5902: remove virtual-host configurationChristian Breunig
We have not seen the adoption of the https virtual-host CLI option. What it did? * Create multiple webservers each listening on a different IP/port (but in the same VRF) * All webservers shared one common document root * All webservers shared the same SSL certificates * All webservers could have had individual allow-client configurations * API could be enabled for a particular virtual-host but was always enabled on the default host This configuration tried to provide a full webserver via the CLI but VyOS is a router and the Webserver is there for an API or to serve files for a local-ui. Changes Remove support for virtual-hosts as it's an incomplete and thus mostly useless "thing". Migrate all allow-client statements to one top-level allow statement.
2024-01-07Merge pull request #2768 from c-po/pki-ipsec-T5905Christian Breunig
pki: T5905: do not use expand_nodes=Diff.ADD|Diff.DELETE) in node_changed()
2024-01-07smoketest: T5195: fix BasicInterfaceTest tearDown() timeout penaltyChristian Breunig
Commit ad9bdfc24 ("T5195: add timeout argument to process_named_running()") added a 2*10 seconds penalty for every interface test (dhcp and dhcpv6). This leads to long runs of "make test" after an ISO build. There is no need to wait 10 seconds for a test that checks for a process not running. The timeout is there to give the process some time to startup.
2024-01-07smoketest: T5905: always delete pki in ipsec test startupChristian Breunig
2024-01-06T5195: add timeout argument to process_named_running()Christian Breunig
Smoketests heavily rely on process_named_running() so in order to "relax" system constraints during a test we will add a timeout of 10 seconds for every testcase provided by base_interfaces_test.py
2024-01-06dns: T5900: fix smoketests for serve-stale-extension and ↵Christian Breunig
exclude-throttle-address This fixes commit 199ceb1f0a ("dns: T5900: add dont-throttle-netmasks and serve-stale-extensions powerdns features") where after the latest review round the Jinja2 template was inconsitently changed and smoketests were not re-run.
2024-01-06dns: T5900: add dont-throttle-netmasks and serve-stale-extensions powerdns ↵fvlaicu
features
2024-01-04T5159: nat: add option to map network and ports. Feature used for large ↵Nicolás Fort
deployments in cgnat. (#2694)
2024-01-04configdict: T5894: add get_config_dict() flag with_pkiChristian Breunig
VyOS has several services relaying on the PKI CLI tree to retrieve certificates. Consuming services like ethernet, openvpn or ipsec all re-implemented the same code to retrieve the certificates from the CLI. This commit extends the signature of get_config_dict() with a new option with_pki that defaults to false. If this option is set, the PKI CLI tree will be blended into the resulting dictionary.
2024-01-02pki: T3642: add missing base64 constraint on PEM keysChristian Breunig
2024-01-01tunnel: T5879: properly verify source-interface used for tunnelsChristian Breunig
A tunnel interface can not properly be sourced from a pppoe0 interface when such interface is not (yet) connected to the BRAS. It might work on a running system, but subsequent reboots will fail as the source-interface most likely does not yet exist.