| Age | Commit message (Collapse) | Author |
|---|
|
When MACsec was bound to an ethernet interface and the underlaying
source-interface got changed (even description only) this terminated the
MACsec session running on top of it.
The root cause is when EAPoL was implemented in commit d59354e52a8a7f we
re-used the same systemd unit which is responsible for MACsec. That indeed lead
to the fact that wpa_supplicant was always stopped when anything happened on
the underlaying source-interface that was not related to EAPoL.
|
|
|
|
|
|
|
|
|
|
After discussion with @zsdc this was decided the better long term fix
* Removes hourly logrotate cron in favour of systemd timer override
|
|
does not terminate"
This reverts commit dda1b02932a5108ef257f59323dcfcf82582b805.
|
|
not terminate
|
|
It should be possible to send the gathered data via a VRF bound interface to
the collector. This is somehow related to T3981 but it's the opposite side of
the netflow process.
set system flow-accounting vrf <name>
|
|
|
|
Without this option systemd startup will hit a timeout and the kill keepalived
again.
|
|
|
|
|
|
The systemd unit for atop service is changed, so the log file name and
location will be always the same. It also adds the logrotate
configuration to conditionally rotate a log file.
Hardcoded values:
- maximum log file size: 10 MB
- maximum count of files: 10
These values can be easily changed within the
`/etc/logrotate.d/vyos-atop`, no additional configuration is required.
Rotation will be done hourly, if necessary, according to
`/etc/cron.hourly/vyos-logrotate-hourly`.
This change has two benefits:
- rotation strategy control can be done via logrotate, and can be
exposed to CLI now;
- the total size of all logs is now controlled more aggressively, so
the chance to get a situation when atop logs took all the space on a
drive is significantly lower. Also, if this will be necessary, rotation
may be done even each minute what reduces risks related to logs size
even more.
|
|
|
|
|
|
Custom OpenVPN options moved back to the command line from a
configuration file. This should keep full compatibility with the
`crux` branch, and allows to avoid mistakes with parsing options
that contain `--` in the middle.
The only smart part of this - handling a `push` option. Because
of internal changes in OpenVPN, previously it did not require an
argument in the double-quotes, but after version update in
`equuleus` and `sagitta` old syntax became invalid. So, all the
`push` options are processed to add quotes. The solution is still
not complete, because if a single config line contains `push` with
other options, it will not work, but it is better than nothing.
|
|
|
|
Move keepalived configuration from /etc/keepalived to /run/keepalived.
|
|
|
|
This reverts commit 95bbbb8bed92a60a320ff255c8b8656145f3c540.
|
|
This is the completion of commit 50a742b5 ("IPSec: T3643: Fix path for
swanctl.conf file") that moves the generated swanctl file from non-volatile to
a volatile (tmpfs backed) storage like we do for all out configuration files.
Thus it is ensured after a reboot or service deprecation there are no accidential
leftovers from previous configurations stored on the system.
|
|
Debian Bullseye ships an upstream version of lcdproc.service which infact will
start LCDd instead of the lcdproc client.
Divert the Debian Upstream service file and use the ones provided by vyos-1x.
|
|
The variable ConditionPathExists is now set in the upstream systemd unit file,
thus the VyOS generated unit file is located under /run/radvd/radvd.conf and
the condition won't match.
This can be solved by first clearing the upstream value for ConditionPathExists
and the set the new path.
|
|
|
|
|
|
|
|
Commit b082a6fb21 ("lcd: T2564: flatten CLI interface") by accident replaced
the template for hostapd which an LCD configuration during implementation of
T2564.
This has been corrected by restoring the content of the service configuration
from commit 8efb8ba1e (one commit earlier).
|
|
|
|
* set system lcd device <device>
* set system lcd model <modeml>
Both device and model have completion helpers for supported interfaces and LCD
displays.
|
|
|
|
T2486: DNS, vyos-hostsd fixes
|
|
|
|
|
|
|
|
For more examples on the new get_config_dict() approach migrate this
implementation as it is not yet in production use. Also this serves as proof of
concept code for further migrations.
|
|
|
|
|
|
|
|
|
|
|
|
After migrating PowerDNS to systemd and also its configuration files to a
volatile directory in commit 77d725f ("dns-forwarding: T2185: move configuration
files to volatile /run directory") the path for the control file has not
been altered and pushed to the client rec_control binary"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This reduces the amount of self written code to start-stop-daemon and also kill
the process if it has no connection yet (there won't be a PID file in this case)
and getting the proper PID for multiple processes would require me to walk the
/proc/<pid>/cmdline for every binary involved.
|
