| Age | Commit message (Collapse) | Author |
|---|
|
Co-authored-by: Simon <965089+sarthurdev@users.noreply.github.com>
|
|
|
|
local and remote CA keys
|
|
T6953: merges node and frr exporter under prometheus section
|
|
|
|
frrender: T6746: runtime improvements
|
|
|
|
Keep all FRRender stuff in one place.
|
|
T6934: Add preshared key for zabbix-agent monitoring service
|
|
|
|
|
|
|
|
VNI was always retrieved via effective configuration and not active
configuration.
|
|
FRR 10.2 will use "[no] ip forwarding" and "[no] ipv6 forwarding" to enable or
disable IP(v6) forwarding. We no longer rely on sysctl as this was overridden
by FRR later on.
Remove code path for sysctl setting and solely rely on FRR.
|
|
|
|
When running under vyos-configd only a single apply() is done as last step in
the commit algorithm. FRRender class address is provided via an attribute from
vyos-configd process.
|
|
With FRR 10.0 daemons started to be migrated to integrated FRR mgmtd and a
northbound interface. This led to some drawbacks in the current state how
changes to FRR are handled. The current implementation will use frr-reload.py
and specifies excatly WHICH daemon needs a config update and will only replace
this part inside FRR.
With FRR10 and mgmtd when a partial configuration is sent to mgmtd, it will
remove configuration parts from other daemons like bgpd or ospfd which have
not yet been migrated to mgmtd.
It's not possible to call frr-reload.py with daemon mgmtd - it will error out.
This commit will also change the CLI for static routes:
CLI command "set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop
source 1.1.1.1" will be split into:
* set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd source-address 1.1.1.1
* set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop
To make the XML blocks reusable, and comply with the FRR CLI - this was actually
a wrong implementation from the beginning as you can not have multiple BFD
source addresses.
CLI command "set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop
source 1.1.1.1 profile bar" is changed to:
* set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd profile bar
CLI commands "set protocols static multicast interface-route" is moved to:
* set protocols static multicast route <x.x.x.x/x> interface
To have an identical look and feel with regular static routes.
|
|
|
|
|
|
|
|
|
|
- Allow configure preshared key for zabbix-agent
- Added op mode command for generatre random psk secret
- Removed duplicate xml definition for psk settings
Configure authentication mode:
```
# set service monitoring zabbix-agent authentication mode
Possible completions:
pre-shared-secret Use a pre-shared secret key
```
Configure PSK Settings:
```
# set service monitoring zabbix-agent authentication psk
Possible completions:
id ID for authentication
secret pre-shared secret key
```
Generate Random PSK:
```
$ generate psk random
Possible completions:
<Enter> Execute the current command
size Key size in bytes
```
|
|
There is no need to send local base OS accounts like root or daemon to the
tacacs server. This will only make the CLI experience sluggish.
Build up a dynamic list of user accounts to exclude from TACACS lookup.
|
|
|
|
|
|
|
|
|
|
|
|
ipoe_server: T6872: Add the ability to configure LUA scripts and username
|
|
dhcp: T6692: Fix range options not present when `exclude` is used
|
|
|
|
|
|
Add smoketest to verify range options are present with `exclude`
|
|
|
|
- Removed default `m1` and `m2` values from interface definitions
- Adjusted filter priorities for shapers
- Fixed SFQ qdisc and HFSC class creation to fully support `m1`, `d`, and `m2` parameters
- Added validation logic similar to VyOS 1.3 to improve error handling and user experience
|
|
|
|
* T6490: Allow creation of wireguard interfaces without requiring peers
|
|
|
|
T6801: QoS: Policy rate-control is broken by default
|
|
|
|
- Fixed unhandled exception for policy rate-control without params
|
|
|
|
|
|
(cherry picked from commit 3abe7c72c95c3d9b825db08b092c555786e9fbcf)
Co-authored-by: Viacheslav Hletenko <v.gletenko@vyos.io>
|
|
|
|
config-mgmt: T5976: add option for commit-confirm to use 'soft' rollback
|
|
|
|
pbr: T6430: Local IP rules targeting VRFs by name as well as route table IDs
|
|
* This is the `policy local-route*` part of T6430, manipulating ip rules,
another PR covers firewall-backed `policy route*` for similar functionality
* Local PBR (policy local-route*) can only target table IDs up to 200 and
the previous PR to extend the range was rejected
* PBR with this PR can now also target VRFs directly by name, working around
targeting problems for VRF table IDs outside the overlapping 100-200 range
* Validation ensures rules can't target both a table ID and a VRF name
(internally they are handled the same)
* Relocated TestPolicyRoute.verify_rules() into VyOSUnitTestSHIM.TestCase,
extended to allow lookups in other address families (IPv6 in the new tests).
verify_rules() is used by original pbr and new lpbr smoketests in this PR.
|
|
pki: T6481: auto import ACME certificate chain into CLI
|
